diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-06-21 08:55:50 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-11-17 15:48:34 +0100 |
| commit | 2ff286c26c29b69b02ca99656d26d2f8cfd54682 (patch) | |
| tree | 71a01c51c47d0dd9528ff14357615d71420ba5a1 /crypto | |
| parent | a6838c8d52087f2b0494bbab8486e10944aff7f7 (diff) | |
| download | openssl-new-2ff286c26c29b69b02ca99656d26d2f8cfd54682.tar.gz | |
Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asn1/a_strnid.c | 6 | ||||
| -rw-r--r-- | crypto/asn1/asn1_gen.c | 10 | ||||
| -rw-r--r-- | crypto/asn1/asn_mime.c | 9 | ||||
| -rw-r--r-- | crypto/cmp/cmp_util.c | 3 | ||||
| -rw-r--r-- | crypto/conf/conf_def.c | 8 | ||||
| -rw-r--r-- | crypto/http/http_client.c | 11 | ||||
| -rw-r--r-- | crypto/params_from_text.c | 7 | ||||
| -rw-r--r-- | crypto/pem/pem_lib.c | 41 | ||||
| -rw-r--r-- | crypto/punycode.c | 4 | ||||
| -rw-r--r-- | crypto/store/store_lib.c | 2 | ||||
| -rw-r--r-- | crypto/x509/v3_conf.c | 9 | ||||
| -rw-r--r-- | crypto/x509/v3_cpols.c | 12 | ||||
| -rw-r--r-- | crypto/x509/v3_crld.c | 2 | ||||
| -rw-r--r-- | crypto/x509/v3_ncons.c | 4 | ||||
| -rw-r--r-- | crypto/x509/v3_pci.c | 13 |
15 files changed, 63 insertions, 78 deletions
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 9e54db9292..2c6cb919f7 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -50,10 +50,10 @@ int ASN1_STRING_set_default_mask_asc(const char *p) unsigned long mask; char *end; - if (strncmp(p, "MASK:", 5) == 0) { - if (p[5] == '\0') + if (CHECK_AND_SKIP_PREFIX(p, "MASK:")) { + if (*p == '\0') return 0; - mask = strtoul(p + 5, &end, 0); + mask = strtoul(p, &end, 0); if (*end) return 0; } else if (strcmp(p, "nombstr") == 0) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index ecff2be02e..bb0dcb2e09 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -325,13 +325,13 @@ static int asn1_cb(const char *elem, int len, void *bitstr) ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); return -1; } - if (strncmp(vstart, "ASCII", 5) == 0) + if (HAS_PREFIX(vstart, "ASCII")) arg->format = ASN1_GEN_FORMAT_ASCII; - else if (strncmp(vstart, "UTF8", 4) == 0) + else if (HAS_PREFIX(vstart, "UTF8")) arg->format = ASN1_GEN_FORMAT_UTF8; - else if (strncmp(vstart, "HEX", 3) == 0) + else if (HAS_PREFIX(vstart, "HEX")) arg->format = ASN1_GEN_FORMAT_HEX; - else if (strncmp(vstart, "BITLIST", 7) == 0) + else if (HAS_PREFIX(vstart, "BITLIST")) arg->format = ASN1_GEN_FORMAT_BITLIST; else { ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); @@ -765,7 +765,7 @@ static int mask_cb(const char *elem, int len, void *arg) int tag; if (elem == NULL) return 0; - if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) { + if (len == 3 && HAS_PREFIX(elem, "DIR")) { *pmask |= B_ASN1_DIRECTORYSTRING; return 1; } diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 1b8ac34106..a05e485c47 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -972,13 +972,8 @@ static int mime_bound_check(char *line, int linelen, const char *bound, int blen if (blen + 2 > linelen) return 0; /* Check for part boundary */ - if ((strncmp(line, "--", 2) == 0) - && strncmp(line + 2, bound, blen) == 0) { - if (strncmp(line + blen + 2, "--", 2) == 0) - return 2; - else - return 1; - } + if ((CHECK_AND_SKIP_PREFIX(line, "--")) && strncmp(line, bound, blen) == 0) + return HAS_PREFIX(line + blen, "--") ? 2 : 1; return 0; } diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index ed611d64dd..b8e4558e0d 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -53,8 +53,7 @@ static OSSL_CMP_severity parse_level(const char *level) if (end_level == NULL) return -1; - if (strncmp(level, OSSL_CMP_LOG_PREFIX, - strlen(OSSL_CMP_LOG_PREFIX)) == 0) + if (HAS_PREFIX(level, OSSL_CMP_LOG_PREFIX)) level += strlen(OSSL_CMP_LOG_PREFIX); len = end_level - level; if (len > max_level_len) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index c05c3c6b10..26764dad00 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -389,8 +389,8 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) psection = section; } p = eat_ws(conf, end); - if (strncmp(pname, ".pragma", 7) == 0 - && (p != pname + 7 || *p == '=')) { + if (CHECK_AND_SKIP_PREFIX(pname, ".pragma") + && (p != pname || *p == '=')) { char *pval; if (*p == '=') { @@ -435,8 +435,8 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) * We *ignore* any unknown pragma. */ continue; - } else if (strncmp(pname, ".include", 8) == 0 - && (p != pname + 8 || *p == '=')) { + } else if (CHECK_AND_SKIP_PREFIX(pname, ".include") + && (p != pname || *p == '=')) { char *include = NULL; BIO *next; const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE"); diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index bb80836cd1..9d66d7b75b 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -23,7 +23,6 @@ #include "internal/sockets.h" #include "internal/cryptlib.h" /* for ossl_assert() */ -#define HAS_PREFIX(str, prefix) (strncmp(str, prefix, sizeof(prefix) - 1) == 0) #define HTTP_PREFIX "HTTP/" #define HTTP_VERSION_PATT "1." /* allow 1.x */ #define HTTP_VERSION_STR_LEN sizeof(HTTP_VERSION_PATT) /* == strlen("1.0") */ @@ -377,10 +376,10 @@ static int parse_http_line1(char *line, int *found_keep_alive) int i, retcode; char *code, *reason, *end; - if (!HAS_PREFIX(line, HTTP_PREFIX_VERSION)) + if (!CHECK_AND_SKIP_PREFIX(line, HTTP_PREFIX_VERSION)) goto err; /* above HTTP 1.0, connection persistence is the default */ - *found_keep_alive = line[strlen(HTTP_PREFIX_VERSION)] > '0'; + *found_keep_alive = *line > '0'; /* Skip to first whitespace (past protocol info) */ for (code = line; *code != '\0' && !ossl_isspace(*code); code++) @@ -1297,15 +1296,15 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, continue; /* Check for HTTP/1.x */ - if (!HAS_PREFIX(mbuf, HTTP_PREFIX) != 0) { + mbufp = mbuf; + if (!HAS_PREFIX(mbufp, HTTP_PREFIX)) { ERR_raise(ERR_LIB_HTTP, HTTP_R_HEADER_PARSE_ERROR); BIO_printf(bio_err, "%s: HTTP CONNECT failed, non-HTTP response\n", prog); /* Wrong protocol, not even HTTP, so stop reading headers */ goto end; } - mbufp = mbuf + strlen(HTTP_PREFIX); - if (!HAS_PREFIX(mbufp, HTTP_VERSION_PATT) != 0) { + if (!HAS_PREFIX(mbufp, HTTP_VERSION_PATT)) { ERR_raise(ERR_LIB_HTTP, HTTP_R_RECEIVED_WRONG_HTTP_VERSION); BIO_printf(bio_err, "%s: HTTP CONNECT failed, bad HTTP version %.*s\n", diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c index 50f48fdb7e..889b654db9 100644 --- a/crypto/params_from_text.c +++ b/crypto/params_from_text.c @@ -8,7 +8,7 @@ * https://www.openssl.org/source/license.html */ -#include <string.h> +#include "internal/cryptlib.h" /* for HAS_PREFIX */ #include <openssl/ebcdic.h> #include <openssl/err.h> #include <openssl/params.h> @@ -35,10 +35,7 @@ static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key, * ishex is used to translate legacy style string controls in hex format * to octet string parameters. */ - *ishex = strncmp(key, "hex", 3) == 0; - - if (*ishex) - key += 3; + *ishex = CHECK_AND_SKIP_PREFIX(key, "hex"); p = *paramdef = OSSL_PARAM_locate_const(paramdefs, key); if (found != NULL) diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 3948021702..3d7e2f36a5 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -484,11 +484,11 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, * presumably we also parse rfc822-style headers for S/MIME, so a common * abstraction might well be more generally useful. */ +#define PROC_TYPE "Proc-Type:" +#define ENCRYPTED "ENCRYPTED" +#define DEK_INFO "DEK-Info:" int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) { - static const char ProcType[] = "Proc-Type:"; - static const char ENCRYPTED[] = "ENCRYPTED"; - static const char DEKInfo[] = "DEK-Info:"; const EVP_CIPHER *enc = NULL; int ivlen; char *dekinfostart, c; @@ -498,11 +498,10 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) if ((header == NULL) || (*header == '\0') || (*header == '\n')) return 1; - if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) { + if (!CHECK_AND_SKIP_PREFIX(header, PROC_TYPE)) { ERR_raise(ERR_LIB_PEM, PEM_R_NOT_PROC_TYPE); return 0; } - header += sizeof(ProcType)-1; header += strspn(header, " \t"); if (*header++ != '4' || *header++ != ',') @@ -510,12 +509,11 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) header += strspn(header, " \t"); /* We expect "ENCRYPTED" followed by optional white-space + line break */ - if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 || - strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) { + if (!CHECK_AND_SKIP_PREFIX(header, ENCRYPTED) || + strspn(header, " \t\r\n") == 0) { ERR_raise(ERR_LIB_PEM, PEM_R_NOT_ENCRYPTED); return 0; } - header += sizeof(ENCRYPTED)-1; header += strspn(header, " \t\r"); if (*header++ != '\n') { ERR_raise(ERR_LIB_PEM, PEM_R_SHORT_HEADER); @@ -526,11 +524,10 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) * https://tools.ietf.org/html/rfc1421#section-4.6.1.3 * We expect "DEK-Info: algo[,hex-parameters]" */ - if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) { + if (!CHECK_AND_SKIP_PREFIX(header, DEK_INFO)) { ERR_raise(ERR_LIB_PEM, PEM_R_NOT_DEK_INFO); return 0; } - header += sizeof(DEKInfo)-1; header += strspn(header, " \t"); /* @@ -733,12 +730,12 @@ static int sanitize_line(char *linebuf, int len, unsigned int flags, int first_c #define LINESIZE 255 /* Note trailing spaces for begin and end. */ -static const char beginstr[] = "-----BEGIN "; -static const char endstr[] = "-----END "; -static const char tailstr[] = "-----\n"; -#define BEGINLEN ((int)(sizeof(beginstr) - 1)) -#define ENDLEN ((int)(sizeof(endstr) - 1)) -#define TAILLEN ((int)(sizeof(tailstr) - 1)) +#define BEGINSTR "-----BEGIN " +#define ENDSTR "-----END " +#define TAILSTR "-----\n" +#define BEGINLEN ((int)(sizeof(BEGINSTR) - 1)) +#define ENDLEN ((int)(sizeof(ENDSTR) - 1)) +#define TAILLEN ((int)(sizeof(TAILSTR) - 1)) static int get_name(BIO *bp, char **name, unsigned int flags) { char *linebuf; @@ -769,9 +766,9 @@ static int get_name(BIO *bp, char **name, unsigned int flags) first_call = 0; /* Allow leading empty or non-matching lines. */ - } while (strncmp(linebuf, beginstr, BEGINLEN) != 0 + } while (!HAS_PREFIX(linebuf, BEGINSTR) || len < TAILLEN - || strncmp(linebuf + len - TAILLEN, tailstr, TAILLEN) != 0); + || !HAS_PREFIX(linebuf + len - TAILLEN, TAILSTR)); linebuf[len - TAILLEN] = '\0'; len = len - BEGINLEN - TAILLEN + 1; *name = pem_malloc(len, flags); @@ -844,7 +841,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, if (memchr(linebuf, ':', len) != NULL) got_header = IN_HEADER; } - if (!strncmp(linebuf, endstr, ENDLEN) || got_header == IN_HEADER) + if (HAS_PREFIX(linebuf, ENDSTR) || got_header == IN_HEADER) flags_mask &= ~PEM_FLAG_ONLY_B64; len = sanitize_line(linebuf, len, flags & flags_mask, 0); @@ -867,11 +864,11 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name, } /* Check for end of stream (which means there is no header). */ - if (strncmp(linebuf, endstr, ENDLEN) == 0) { - p = linebuf + ENDLEN; + p = linebuf; + if (CHECK_AND_SKIP_PREFIX(p, ENDSTR)) { namelen = strlen(name); if (strncmp(p, name, namelen) != 0 || - strncmp(p + namelen, tailstr, TAILLEN) != 0) { + !HAS_PREFIX(p + namelen, TAILSTR)) { ERR_raise(ERR_LIB_PEM, PEM_R_BAD_END_LINE); goto err; } diff --git a/crypto/punycode.c b/crypto/punycode.c index 385b4b1df4..4c534db0e1 100644 --- a/crypto/punycode.c +++ b/crypto/punycode.c @@ -8,10 +8,10 @@ */ #include <stddef.h> -#include <string.h> #include <stdio.h> #include <openssl/e_os2.h> #include "crypto/punycode.h" +#include "internal/cryptlib.h" /* for HAS_PREFIX */ static const unsigned int base = 36; static const unsigned int tmin = 1; @@ -266,7 +266,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen) char *tmpptr = strchr(inptr, '.'); size_t delta = (tmpptr) ? (size_t)(tmpptr - inptr) : strlen(inptr); - if (strncmp(inptr, "xn--", 4) != 0) { + if (!HAS_PREFIX(inptr, "xn--")) { size += delta + 1; if (size >= *outlen - 1) diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c index 833ec8ff9a..42722a2560 100644 --- a/crypto/store/store_lib.c +++ b/crypto/store/store_lib.c @@ -94,7 +94,7 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, if ((p = strchr(scheme_copy, ':')) != NULL) { *p++ = '\0'; if (strcasecmp(scheme_copy, "file") != 0) { - if (strncmp(p, "//", 2) == 0) + if (HAS_PREFIX(p, "//")) schemes_n--; /* Invalidate the file scheme */ schemes[schemes_n++] = scheme_copy; } diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.c index b95c652468..8201ba0d86 100644 --- a/crypto/x509/v3_conf.c +++ b/crypto/x509/v3_conf.c @@ -200,9 +200,8 @@ static int v3_check_critical(const char **value) { const char *p = *value; - if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) + if (!CHECK_AND_SKIP_PREFIX(p, "critical,")) return 0; - p += 9; while (ossl_isspace(*p)) p++; *value = p; @@ -215,11 +214,9 @@ static int v3_check_generic(const char **value) int gen_type = 0; const char *p = *value; - if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { - p += 4; + if (CHECK_AND_SKIP_PREFIX(p, "DER:")) { gen_type = 1; - } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { - p += 5; + } else if (CHECK_AND_SKIP_PREFIX(p, "ASN1:")) { gen_type = 2; } else return 0; diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c index 5353a69167..65fab71406 100644 --- a/crypto/x509/v3_cpols.c +++ b/crypto/x509/v3_cpols.c @@ -261,17 +261,17 @@ static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len) if (len == -1) return V_ASN1_VISIBLESTRING; *tag_len = len; - if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0) + if (len == sizeof("UTF8") - 1 && HAS_PREFIX(tagstr, "UTF8")) return V_ASN1_UTF8STRING; - if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0) + if (len == sizeof("UTF8String") - 1 && HAS_PREFIX(tagstr, "UTF8String")) return V_ASN1_UTF8STRING; - if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0) + if (len == sizeof("BMP") - 1 && HAS_PREFIX(tagstr, "BMP")) return V_ASN1_BMPSTRING; - if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0) + if (len == sizeof("BMPSTRING") - 1 && HAS_PREFIX(tagstr, "BMPSTRING")) return V_ASN1_BMPSTRING; - if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0) + if (len == sizeof("VISIBLE") - 1 && HAS_PREFIX(tagstr, "VISIBLE")) return V_ASN1_VISIBLESTRING; - if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0) + if (len == sizeof("VISIBLESTRING") - 1 && HAS_PREFIX(tagstr, "VISIBLESTRING")) return V_ASN1_VISIBLESTRING; *tag_len = 0; return V_ASN1_VISIBLESTRING; diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c index bc755f5f0d..b831f775db 100644 --- a/crypto/x509/v3_crld.c +++ b/crypto/x509/v3_crld.c @@ -70,7 +70,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL; - if (strncmp(cnf->name, "fullname", 9) == 0) { + if (HAS_PREFIX(cnf->name, "fullname")) { fnm = gnames_from_sectname(ctx, cnf->value); if (!fnm) goto err; diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c index c9e66a0f3b..7ffb88c4c0 100644 --- a/crypto/x509/v3_ncons.c +++ b/crypto/x509/v3_ncons.c @@ -138,10 +138,10 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, goto memerr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) { + if (HAS_PREFIX(val->name, "permitted") && val->name[9]) { ptree = &ncons->permittedSubtrees; tval.name = val->name + 10; - } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) { + } else if (HAS_PREFIX(val->name, "excluded") && val->name[8]) { ptree = &ncons->excludedSubtrees; tval.name = val->name + 9; } else { diff --git a/crypto/x509/v3_pci.c b/crypto/x509/v3_pci.c index a931e01a9c..79fe76d042 100644 --- a/crypto/x509/v3_pci.c +++ b/crypto/x509/v3_pci.c @@ -112,6 +112,7 @@ static int process_pci_value(CONF_VALUE *val, return 0; } } else if (strcmp(val->name, "policy") == 0) { + char *valp = val->value; unsigned char *tmp_data = NULL; long val_len; @@ -124,9 +125,9 @@ static int process_pci_value(CONF_VALUE *val, } free_policy = 1; } - if (strncmp(val->value, "hex:", 4) == 0) { + if (CHECK_AND_SKIP_PREFIX(valp, "hex:")) { unsigned char *tmp_data2 = - OPENSSL_hexstr2buf(val->value + 4, &val_len); + OPENSSL_hexstr2buf(valp, &val_len); if (!tmp_data2) { X509V3_conf_err(val); @@ -155,10 +156,10 @@ static int process_pci_value(CONF_VALUE *val, goto err; } OPENSSL_free(tmp_data2); - } else if (strncmp(val->value, "file:", 5) == 0) { + } else if (CHECK_AND_SKIP_PREFIX(valp, "file:")) { unsigned char buf[2048]; int n; - BIO *b = BIO_new_file(val->value + 5, "r"); + BIO *b = BIO_new_file(valp, "r"); if (!b) { ERR_raise(ERR_LIB_X509V3, ERR_R_BIO_LIB); X509V3_conf_err(val); @@ -194,8 +195,8 @@ static int process_pci_value(CONF_VALUE *val, X509V3_conf_err(val); goto err; } - } else if (strncmp(val->value, "text:", 5) == 0) { - val_len = strlen(val->value + 5); + } else if (CHECK_AND_SKIP_PREFIX(valp, "text:")) { + val_len = strlen(valp); tmp_data = OPENSSL_realloc((*policy)->data, (*policy)->length + val_len + 1); if (tmp_data) { |