From 2d7706badf6975d236773a4ee6404c41f5cbd116 Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 31 Aug 2024 10:03:03 +0000 Subject: [PATCH] Make some more x509 conf stuff internal This internalizes a particularly scary layer of conf used for X.509 extensions. Again unused public API... ok beck jsing --- lib/libcrypto/Symbols.list | 11 ----------- lib/libcrypto/asn1/asn1_gen.c | 3 ++- lib/libcrypto/hidden/openssl/x509v3.h | 13 +------------ lib/libcrypto/x509/x509_akey.c | 4 +++- lib/libcrypto/x509/x509_bcons.c | 4 +++- lib/libcrypto/x509/x509_bitst.c | 4 +++- lib/libcrypto/x509/x509_conf.c | 6 +----- lib/libcrypto/x509/x509_extku.c | 4 +++- lib/libcrypto/x509/x509_local.h | 19 ++++++++++++++++++- lib/libcrypto/x509/x509_pcons.c | 4 +++- lib/libcrypto/x509/x509_pmaps.c | 4 +++- lib/libcrypto/x509/x509_utl.c | 18 +----------------- lib/libcrypto/x509/x509v3.h | 20 +------------------- 13 files changed, 42 insertions(+), 72 deletions(-) diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index d18a13410d1..9405613b186 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -2370,23 +2370,12 @@ X509V3_EXT_val_prn X509V3_NAME_from_section X509V3_add1_i2d X509V3_add_standard_extensions -X509V3_add_value -X509V3_add_value_bool -X509V3_add_value_bool_nf -X509V3_add_value_int -X509V3_add_value_uchar X509V3_conf_free X509V3_extensions_print X509V3_get_d2i -X509V3_get_section -X509V3_get_string -X509V3_get_value_bool -X509V3_get_value_int X509V3_parse_list -X509V3_section_free X509V3_set_ctx X509V3_set_nconf -X509V3_string_free X509_ALGORS_it X509_ALGOR_cmp X509_ALGOR_dup diff --git a/lib/libcrypto/asn1/asn1_gen.c b/lib/libcrypto/asn1/asn1_gen.c index 4b8d7051abf..0b4cfe00a9f 100644 --- a/lib/libcrypto/asn1/asn1_gen.c +++ b/lib/libcrypto/asn1/asn1_gen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_gen.c,v 1.23 2024/08/31 09:26:18 tb Exp $ */ +/* $OpenBSD: asn1_gen.c,v 1.24 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2002. */ @@ -64,6 +64,7 @@ #include "asn1_local.h" #include "conf_local.h" +#include "x509_local.h" #define ASN1_GEN_FLAG 0x10000 #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) diff --git a/lib/libcrypto/hidden/openssl/x509v3.h b/lib/libcrypto/hidden/openssl/x509v3.h index 6cdd932209d..9f5a1ffdbcf 100644 --- a/lib/libcrypto/hidden/openssl/x509v3.h +++ b/lib/libcrypto/hidden/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.14 2024/08/31 09:59:12 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.15 2024/08/31 10:03:03 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -139,19 +139,8 @@ LCRYPTO_USED(X509V3_EXT_REQ_add_nconf); LCRYPTO_USED(X509V3_EXT_CRL_add_nconf); LCRYPTO_USED(X509V3_EXT_conf_nid); LCRYPTO_USED(X509V3_EXT_conf); -LCRYPTO_USED(X509V3_add_value_bool_nf); -LCRYPTO_USED(X509V3_get_value_bool); -LCRYPTO_USED(X509V3_get_value_int); LCRYPTO_USED(X509V3_set_nconf); -LCRYPTO_UNUSED(X509V3_get_string); -LCRYPTO_USED(X509V3_get_section); -LCRYPTO_UNUSED(X509V3_string_free); -LCRYPTO_USED(X509V3_section_free); LCRYPTO_USED(X509V3_set_ctx); -LCRYPTO_USED(X509V3_add_value); -LCRYPTO_USED(X509V3_add_value_uchar); -LCRYPTO_USED(X509V3_add_value_bool); -LCRYPTO_USED(X509V3_add_value_int); LCRYPTO_USED(i2s_ASN1_INTEGER); LCRYPTO_USED(s2i_ASN1_INTEGER); LCRYPTO_USED(i2s_ASN1_ENUMERATED); diff --git a/lib/libcrypto/x509/x509_akey.c b/lib/libcrypto/x509/x509_akey.c index b052d95984f..926508c4cd4 100644 --- a/lib/libcrypto/x509/x509_akey.c +++ b/lib/libcrypto/x509/x509_akey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_akey.c,v 1.2 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_akey.c,v 1.3 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -65,6 +65,8 @@ #include #include +#include "x509_local.h" + static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist); static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, diff --git a/lib/libcrypto/x509/x509_bcons.c b/lib/libcrypto/x509/x509_bcons.c index e44ff4d1cb6..99cb5afe9a4 100644 --- a/lib/libcrypto/x509/x509_bcons.c +++ b/lib/libcrypto/x509/x509_bcons.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_bcons.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_bcons.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -65,6 +65,8 @@ #include #include +#include "x509_local.h" + static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, diff --git a/lib/libcrypto/x509/x509_bitst.c b/lib/libcrypto/x509/x509_bitst.c index 0328310f08c..479874ddb56 100644 --- a/lib/libcrypto/x509/x509_bitst.c +++ b/lib/libcrypto/x509/x509_bitst.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_bitst.c,v 1.6 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_bitst.c,v 1.7 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -63,6 +63,8 @@ #include #include +#include "x509_local.h" + static BIT_STRING_BITNAME ns_cert_type_table[] = { {0, "SSL Client", "client"}, {1, "SSL Server", "server"}, diff --git a/lib/libcrypto/x509/x509_conf.c b/lib/libcrypto/x509/x509_conf.c index ab78649453b..c8917f7ef7d 100644 --- a/lib/libcrypto/x509/x509_conf.c +++ b/lib/libcrypto/x509/x509_conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_conf.c,v 1.25 2024/08/31 09:59:12 tb Exp $ */ +/* $OpenBSD: x509_conf.c,v 1.26 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -411,7 +411,6 @@ X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) X509V3error(ERR_R_DISABLED); return NULL; } -LCRYPTO_ALIAS(X509V3_get_string); STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, const char *section) @@ -422,7 +421,6 @@ X509V3_get_section(X509V3_CTX *ctx, const char *section) } return NCONF_get_section(ctx->db, section); } -LCRYPTO_ALIAS(X509V3_get_section); /* XXX - remove in next bump. */ void @@ -430,14 +428,12 @@ X509V3_string_free(X509V3_CTX *ctx, char *str) { return; } -LCRYPTO_ALIAS(X509V3_string_free); void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) { return; } -LCRYPTO_ALIAS(X509V3_section_free); void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) diff --git a/lib/libcrypto/x509/x509_extku.c b/lib/libcrypto/x509/x509_extku.c index 6a69adabc61..da5036a09a2 100644 --- a/lib/libcrypto/x509/x509_extku.c +++ b/lib/libcrypto/x509/x509_extku.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_extku.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_extku.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -63,6 +63,8 @@ #include #include +#include "x509_local.h" + static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE( diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h index 81a237d860d..d232a54a213 100644 --- a/lib/libcrypto/x509/x509_local.h +++ b/lib/libcrypto/x509/x509_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_local.h,v 1.26 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_local.h,v 1.27 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2013. */ @@ -418,6 +418,23 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int X509_PURPOSE_get_by_id(int id); int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); +int X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); + +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); + +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); +void X509V3_string_free(X509V3_CTX *ctx, char *str); +void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); + const X509V3_EXT_METHOD *x509v3_ext_method_authority_key_identifier(void); const X509V3_EXT_METHOD *x509v3_ext_method_basic_constraints(void); const X509V3_EXT_METHOD *x509v3_ext_method_certificate_issuer(void); diff --git a/lib/libcrypto/x509/x509_pcons.c b/lib/libcrypto/x509/x509_pcons.c index d6ee9d7e2ca..66dc57abf6d 100644 --- a/lib/libcrypto/x509/x509_pcons.c +++ b/lib/libcrypto/x509/x509_pcons.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_pcons.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_pcons.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -65,6 +65,8 @@ #include #include +#include "x509_local.h" + static STACK_OF(CONF_VALUE) * i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons, STACK_OF(CONF_VALUE) *extlist); diff --git a/lib/libcrypto/x509/x509_pmaps.c b/lib/libcrypto/x509/x509_pmaps.c index 7a91917f652..5039f65f2e3 100644 --- a/lib/libcrypto/x509/x509_pmaps.c +++ b/lib/libcrypto/x509/x509_pmaps.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_pmaps.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */ +/* $OpenBSD: x509_pmaps.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -64,6 +64,8 @@ #include #include +#include "x509_local.h" + static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS( diff --git a/lib/libcrypto/x509/x509_utl.c b/lib/libcrypto/x509/x509_utl.c index e0e5a673861..6f5add482fe 100644 --- a/lib/libcrypto/x509/x509_utl.c +++ b/lib/libcrypto/x509/x509_utl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_utl.c,v 1.20 2024/08/31 09:26:18 tb Exp $ */ +/* $OpenBSD: x509_utl.c,v 1.21 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ @@ -122,7 +122,6 @@ X509V3_add_value(const char *name, const char *value, } return 0; } -LCRYPTO_ALIAS(X509V3_add_value); int X509V3_add_value_uchar(const char *name, const unsigned char *value, @@ -130,7 +129,6 @@ X509V3_add_value_uchar(const char *name, const unsigned char *value, { return X509V3_add_value(name, (const char *)value, extlist); } -LCRYPTO_ALIAS(X509V3_add_value_uchar); /* Free function for STACK_OF(CONF_VALUE) */ @@ -154,17 +152,6 @@ X509V3_add_value_bool(const char *name, int asn1_bool, return X509V3_add_value(name, "TRUE", extlist); return X509V3_add_value(name, "FALSE", extlist); } -LCRYPTO_ALIAS(X509V3_add_value_bool); - -int -X509V3_add_value_bool_nf(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist) -{ - if (asn1_bool) - return X509V3_add_value(name, "TRUE", extlist); - return 1; -} -LCRYPTO_ALIAS(X509V3_add_value_bool_nf); static char * bn_to_string(const BIGNUM *bn) @@ -307,7 +294,6 @@ X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, free(strtmp); return ret; } -LCRYPTO_ALIAS(X509V3_add_value_int); int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) @@ -333,7 +319,6 @@ X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) X509V3_conf_err(value); return 0; } -LCRYPTO_ALIAS(X509V3_get_value_bool); int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) @@ -347,7 +332,6 @@ X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) *aint = itmp; return 1; } -LCRYPTO_ALIAS(X509V3_get_value_int); #define HDR_NAME 1 #define HDR_VALUE 2 diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h index 6a18c1f153d..3c55987d47c 100644 --- a/lib/libcrypto/x509/x509v3.h +++ b/lib/libcrypto/x509/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.32 2024/08/31 09:59:12 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.33 2024/08/31 10:03:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -648,29 +648,12 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name, const char *value); -int X509V3_add_value_bool_nf(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); -int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); #endif -char *X509V3_get_string(X509V3_CTX *ctx, const char *name, - const char *section); -STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); -void X509V3_string_free(X509V3_CTX *ctx, char *str); -void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, X509_REQ *req, X509_CRL *crl, int flags); -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist); char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); @@ -685,7 +668,6 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext); void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); - X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); -- 2.20.1