Merge crypto/x509v3 into crypto/x509

The public headers are not yet merged. That will be doen in the
subsequent CL. This required teaching make_errors.go that x509v3 are
found elsewhere, also to skip irrelevant OPENSSL_DECLARE_ERROR_REASON
calls.

Change-Id: Ic40de51f9a5325acd60262c614924dc3407b800c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64137
Commit-Queue: David Benjamin <[email protected]>
Reviewed-by: Bob Beck <[email protected]>
(cherry picked from commit 861cb31975b68abd0b6ed7d0dd37213b17385bab)

Author: davidben

crypto/CMakeLists.txt

@@ -460,7 +460,42 @@ add_library(
   x509/t_req.c
   x509/t_x509.c
   x509/t_x509a.c
-  x509/x509.c
+  x509/v3_akey.c
+  x509/v3_akeya.c
+  x509/v3_alt.c
+  x509/v3_bcons.c
+  x509/v3_bitst.c
+  x509/v3_conf.c
+  x509/v3_cpols.c
+  x509/v3_crld.c
+  x509/v3_enum.c
+  x509/v3_extku.c
+  x509/v3_genn.c
+  x509/v3_ia5.c
+  x509/v3_info.c
+  x509/v3_int.c
+  x509/v3_lib.c
+  x509/v3_ncons.c
+  x509/v3_ocsp.c
+  x509/v3_pcons.c
+  x509/v3_pmaps.c
+  x509/v3_prn.c
+  x509/v3_purp.c
+  x509/v3_skey.c
+  x509/v3_utl.c
+  x509/x_algor.c
+  x509/x_all.c
+  x509/x_attrib.c
+  x509/x_crl.c
+  x509/x_exten.c
+  x509/x_name.c
+  x509/x_pubkey.c
+  x509/x_req.c
+  x509/x_sig.c
+  x509/x_spki.c
+  x509/x_val.c
+  x509/x_x509.c
+  x509/x_x509a.c
   x509/x509_att.c
   x509/x509_cmp.c
   x509/x509_d2.c
@@ -475,46 +510,11 @@ add_library(
   x509/x509_v3.c
   x509/x509_vfy.c
   x509/x509_vpm.c
+  x509/x509.c
   x509/x509cset.c
   x509/x509name.c
   x509/x509rset.c
   x509/x509spki.c
-  x509/x_algor.c
-  x509/x_all.c
-  x509/x_attrib.c
-  x509/x_crl.c
-  x509/x_exten.c
-  x509/x_name.c
-  x509/x_pubkey.c
-  x509/x_req.c
-  x509/x_sig.c
-  x509/x_spki.c
-  x509/x_val.c
-  x509/x_x509.c
-  x509/x_x509a.c
-  x509v3/v3_akey.c
-  x509v3/v3_akeya.c
-  x509v3/v3_alt.c
-  x509v3/v3_bcons.c
-  x509v3/v3_bitst.c
-  x509v3/v3_conf.c
-  x509v3/v3_cpols.c
-  x509v3/v3_crld.c
-  x509v3/v3_enum.c
-  x509v3/v3_extku.c
-  x509v3/v3_genn.c
-  x509v3/v3_ia5.c
-  x509v3/v3_info.c
-  x509v3/v3_int.c
-  x509v3/v3_lib.c
-  x509v3/v3_ncons.c
-  x509v3/v3_ocsp.c
-  x509v3/v3_pcons.c
-  x509v3/v3_pmaps.c
-  x509v3/v3_prn.c
-  x509v3/v3_purp.c
-  x509v3/v3_skey.c
-  x509v3/v3_utl.c
   decrepit/bio/base64_bio.c
   decrepit/blowfish/blowfish.c
   decrepit/cast/cast.c
@@ -765,9 +765,9 @@ if(BUILD_TESTING)
     test/file_test_gtest.cc
     thread_test.cc
     trust_token/trust_token_test.cc
+    x509/tab_test.cc
     x509/x509_test.cc
     x509/x509_time_test.cc
-    x509v3/tab_test.cc
     decrepit/blowfish/blowfish_test.cc
     decrepit/cast/cast_test.cc
     decrepit/cfb/cfb_test.cc

crypto/x509/asn1_gen.c

@@ -69,7 +69,6 @@
 
 #include "../conf/internal.h"
 #include "../internal.h"
-#include "../x509v3/internal.h"
 #include "internal.h"
 
 

crypto/x509v3/ext_dat.h crypto/x509/ext_dat.h

@@ -62,6 +62,7 @@
 #include <openssl/base.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
 #include "../asn1/internal.h"
 
@@ -428,6 +429,118 @@ int X509_policy_check(const STACK_OF(X509) *certs,
 // one internal project and rust-openssl, who use it by mistake.
 int x509_check_issued_with_callback(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
 
+// x509v3_bytes_to_hex encodes |len| bytes from |in| to hex and returns a
+// newly-allocated NUL-terminated string containing the result, or NULL on
+// allocation error.
+//
+// This function was historically named |hex_to_string| in OpenSSL. Despite the
+// name, |hex_to_string| converted to hex.
+OPENSSL_EXPORT char *x509v3_bytes_to_hex(const uint8_t *in, size_t len);
+
+// x509v3_hex_string_to_bytes decodes |str| in hex and returns a newly-allocated
+// array containing the result, or NULL on error. On success, it sets |*len| to
+// the length of the result. Colon separators between bytes in the input are
+// allowed and ignored.
+//
+// This function was historically named |string_to_hex| in OpenSSL. Despite the
+// name, |string_to_hex| converted from hex.
+unsigned char *x509v3_hex_to_bytes(const char *str, size_t *len);
+
+// x509v3_conf_name_matches returns one if |name| is equal to |cmp| or begins
+// with |cmp| followed by '.', and zero otherwise.
+int x509v3_conf_name_matches(const char *name, const char *cmp);
+
+// x509v3_looks_like_dns_name returns one if |in| looks like a DNS name and zero
+// otherwise.
+OPENSSL_EXPORT int x509v3_looks_like_dns_name(const unsigned char *in,
+                                              size_t len);
+
+// x509v3_cache_extensions fills in a number of fields relating to X.509
+// extensions in |x|. It returns one on success and zero if some extensions were
+// invalid.
+OPENSSL_EXPORT int x509v3_cache_extensions(X509 *x);
+
+// x509v3_a2i_ipadd decodes |ipasc| as an IPv4 or IPv6 address. IPv6 addresses
+// use colon-separated syntax while IPv4 addresses use dotted decimal syntax. If
+// it decodes an IPv4 address, it writes the result to the first four bytes of
+// |ipout| and returns four. If it decodes an IPv6 address, it writes the result
+// to all 16 bytes of |ipout| and returns 16. Otherwise, it returns zero.
+int x509v3_a2i_ipadd(unsigned char ipout[16], const char *ipasc);
+
+// A |BIT_STRING_BITNAME| is used to contain a list of bit names.
+typedef struct {
+  int bitnum;
+  const char *lname;
+  const char *sname;
+} BIT_STRING_BITNAME;
+
+// x509V3_add_value_asn1_string appends a |CONF_VALUE| with the specified name
+// and value to |*extlist|. if |*extlist| is NULL, it sets |*extlist| to a
+// newly-allocated |STACK_OF(CONF_VALUE)| first. It returns one on success and
+// zero on error.
+int x509V3_add_value_asn1_string(const char *name, const ASN1_STRING *value,
+                                 STACK_OF(CONF_VALUE) **extlist);
+
+// X509V3_NAME_from_section adds attributes to |nm| by interpreting the
+// key/value pairs in |dn_sk|. It returns one on success and zero on error.
+// |chtype|, which should be one of |MBSTRING_*| constants, determines the
+// character encoding used to interpret values.
+int X509V3_NAME_from_section(X509_NAME *nm, const STACK_OF(CONF_VALUE) *dn_sk,
+                             int chtype);
+
+// X509V3_bool_from_string decodes |str| as a boolean. On success, it returns
+// one and sets |*out_bool| to resulting value. Otherwise, it returns zero.
+int X509V3_bool_from_string(const char *str, ASN1_BOOLEAN *out_bool);
+
+// X509V3_get_value_bool decodes |value| as a boolean. On success, it returns
+// one and sets |*out_bool| to the resulting value. Otherwise, it returns zero.
+int X509V3_get_value_bool(const CONF_VALUE *value, ASN1_BOOLEAN *out_bool);
+
+// X509V3_get_value_int decodes |value| as an integer. On success, it returns
+// one and sets |*aint| to the resulting value. Otherwise, it returns zero. If
+// |*aint| was non-NULL at the start of the function, it frees the previous
+// value before writing a new one.
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
+
+// X509V3_get_section behaves like |NCONF_get_section| but queries |ctx|'s
+// config database.
+const STACK_OF(CONF_VALUE) *X509V3_get_section(const X509V3_CTX *ctx,
+                                               const char *section);
+
+// X509V3_add_value appends a |CONF_VALUE| containing |name| and |value| to
+// |*extlist|. It returns one on success and zero on error. If |*extlist| is
+// NULL, it sets |*extlist| to a newly-allocated |STACK_OF(CONF_VALUE)|
+// containing the result. Either |name| or |value| may be NULL to omit the
+// field.
+//
+// On failure, if |*extlist| was NULL, |*extlist| will remain NULL when the
+// function returns.
+int X509V3_add_value(const char *name, const char *value,
+                     STACK_OF(CONF_VALUE) **extlist);
+
+// X509V3_add_value_bool behaves like |X509V3_add_value| but stores the value
+// "TRUE" if |asn1_bool| is non-zero and "FALSE" otherwise.
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+                          STACK_OF(CONF_VALUE) **extlist);
+
+// X509V3_add_value_bool behaves like |X509V3_add_value| but stores a string
+// representation of |aint|. Note this string representation may be decimal or
+// hexadecimal, depending on the size of |aint|.
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
+                         STACK_OF(CONF_VALUE) **extlist);
+
+#define X509V3_conf_err(val)                                               \
+  ERR_add_error_data(6, "section:", (val)->section, ",name:", (val)->name, \
+                     ",value:", (val)->value);
+
+// GENERAL_NAME_cmp returns zero if |a| and |b| are equal and a non-zero
+// value otherwise. Note this function does not provide a comparison suitable
+// for sorting.
+//
+// This function is exported for testing.
+OPENSSL_EXPORT int GENERAL_NAME_cmp(const GENERAL_NAME *a,
+                                    const GENERAL_NAME *b);
+
 
 #if defined(__cplusplus)
 }  // extern C

crypto/x509/internal.h

@@ -22,7 +22,6 @@
 #include <openssl/x509v3.h>
 
 #include "../internal.h"
-#include "../x509v3/internal.h"
 #include "internal.h"
 
 

crypto/x509/policy.c

@@ -63,7 +63,6 @@
 #include <openssl/obj.h>
 #include <openssl/x509v3.h>
 
-#include "../x509/internal.h"
 #include "internal.h"
 
 

crypto/x509v3/tab_test.cc crypto/x509/tab_test.cc

@@ -69,7 +69,6 @@
 #include <openssl/x509v3.h>
 
 #include "../internal.h"
-#include "../x509/internal.h"
 #include "internal.h"
 
 static int v3_check_critical(const char **value);

crypto/x509v3/v3_akey.c crypto/x509/v3_akey.c

@@ -65,7 +65,6 @@
 #include <openssl/obj.h>
 #include <openssl/x509v3.h>
 
-#include "../x509/internal.h"
 #include "internal.h"
 
 

crypto/x509v3/v3_akeya.c crypto/x509/v3_akeya.c

@@ -66,9 +66,10 @@
 #include <openssl/obj.h>
 #include <openssl/x509v3.h>
 
-#include "../x509/internal.h"
+#include "internal.h"
 
 #include "ext_dat.h"
+
 static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
 
 static int ext_stack_cmp(const X509V3_EXT_METHOD *const *a,

crypto/x509v3/v3_alt.c crypto/x509/v3_alt.c

@@ -65,7 +65,7 @@
 #include <openssl/x509v3.h>
 
 #include "../internal.h"
-#include "../x509/internal.h"
+#include "internal.h"
 
 
 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,

crypto/x509v3/v3_bcons.c crypto/x509/v3_bcons.c

@@ -66,7 +66,6 @@
 #include <openssl/x509v3.h>
 
 #include "../internal.h"
-#include "../x509/internal.h"
 #include "internal.h"
 
 #define V1_ROOT (EXFLAG_V1 | EXFLAG_SS)

crypto/x509v3/v3_bitst.c crypto/x509/v3_bitst.c

@@ -64,7 +64,6 @@
 #include <openssl/mem.h>
 #include <openssl/x509v3.h>
 
-#include "../x509/internal.h"
 #include "internal.h"
 
 

crypto/x509v3/v3_conf.c crypto/x509/v3_conf.c

@@ -66,7 +66,6 @@
 #include <openssl/x509v3.h>
 
 #include "../internal.h"
-#include "../x509v3/internal.h"
 #include "internal.h"
 
 

crypto/x509v3/v3_cpols.c crypto/x509/v3_cpols.c

@@ -60,7 +60,6 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
 
-#include "../x509v3/internal.h"
 #include "internal.h"
 #include "openssl/x509v3.h"
 

crypto/x509v3/v3_crld.c crypto/x509/v3_crld.c

@@ -38,7 +38,6 @@
 #include "../evp_extra/internal.h"
 #include "../internal.h"
 #include "../test/test_util.h"
-#include "../x509v3/internal.h"
 
 #if defined(OPENSSL_THREADS)
 #include <thread>

crypto/x509v3/v3_enum.c crypto/x509/v3_enum.c

@@ -59,7 +59,6 @@
 #include <openssl/obj.h>
 #include <openssl/x509v3.h>
 
-#include "../x509v3/internal.h"
 #include "internal.h"
 
 

crypto/x509v3/v3_extku.c crypto/x509/v3_extku.c

@@ -68,7 +68,6 @@
 #include <openssl/x509v3.h>
 
 #include "../internal.h"
-#include "../x509v3/internal.h"
 #include "internal.h"
 
 static CRYPTO_EX_DATA_CLASS g_ex_data_class =

crypto/x509v3/v3_genn.c crypto/x509/v3_genn.c

@@ -63,7 +63,6 @@
 #include <openssl/x509v3.h>
 
 #include "../internal.h"
-#include "../x509v3/internal.h"
 #include "internal.h"