root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix 

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)
This commit is contained in:
Dr. David von Oheimb 2021-06-21 08:55:50 +02:00
parent a6838c8d52
commit 2ff286c26c
36 changed files with 177 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/fipsinstall.c
View File

@ -7,7 +7,7 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#include <string.h> #include "internal/cryptlib.h"
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/provider.h> #include <openssl/provider.h>
@ -368,9 +368,9 @@ opthelp:
case OPT_MACOPT: case OPT_MACOPT:
if (!sk_OPENSSL_STRING_push(opts, opt_arg())) if (!sk_OPENSSL_STRING_push(opts, opt_arg()))
goto opthelp; goto opthelp;
if (strncmp(opt_arg(), "hexkey:", 7) == 0) if (HAS_PREFIX(opt_arg(), "hexkey:"))
gotkey = 1; gotkey = 1;
else if (strncmp(opt_arg(), "digest:", 7) == 0) else if (HAS_PREFIX(opt_arg(), "digest:"))
gotdigest = 1; gotdigest = 1;
break; break;
case OPT_VERIFY: case OPT_VERIFY:

1
apps/include/apps.h
View File

@ -11,6 +11,7 @@
# define OSSL_APPS_H # define OSSL_APPS_H
# include "e_os.h" /* struct timeval for DTLS */ # include "e_os.h" /* struct timeval for DTLS */
# include "internal/cryptlib.h" /* for HAS_PREFIX */
# include "internal/nelem.h" # include "internal/nelem.h"
# include "internal/sockets.h" /* for openssl_fdset() */ # include "internal/sockets.h" /* for openssl_fdset() */
# include <assert.h> # include <assert.h>

28
apps/lib/apps.c
View File

@ -260,21 +260,21 @@ static char *app_get_pass(const char *arg, int keepbio)
int i; int i;
/* PASS_SOURCE_SIZE_MAX = max number of chars before ':' in below strings */ /* PASS_SOURCE_SIZE_MAX = max number of chars before ':' in below strings */
if (strncmp(arg, "pass:", 5) == 0) if (CHECK_AND_SKIP_PREFIX(arg, "pass:"))
return OPENSSL_strdup(arg + 5); return OPENSSL_strdup(arg);
if (strncmp(arg, "env:", 4) == 0) { if (CHECK_AND_SKIP_PREFIX(arg, "env:")) {
tmp = getenv(arg + 4); tmp = getenv(arg);
if (tmp == NULL) { if (tmp == NULL) {
BIO_printf(bio_err, "No environment variable %s\n", arg + 4); BIO_printf(bio_err, "No environment variable %s\n", arg);
return NULL; return NULL;
} }
return OPENSSL_strdup(tmp); return OPENSSL_strdup(tmp);
} }
if (!keepbio || pwdbio == NULL) { if (!keepbio || pwdbio == NULL) {
if (strncmp(arg, "file:", 5) == 0) { if (CHECK_AND_SKIP_PREFIX(arg, "file:")) {
pwdbio = BIO_new_file(arg + 5, "r"); pwdbio = BIO_new_file(arg, "r");
if (pwdbio == NULL) { if (pwdbio == NULL) {
BIO_printf(bio_err, "Can't open file %s\n", arg + 5); BIO_printf(bio_err, "Can't open file %s\n", arg);
return NULL; return NULL;
} }
#if !defined(_WIN32) #if !defined(_WIN32)
@ -286,13 +286,13 @@ static char *app_get_pass(const char *arg, int keepbio)
* on real Windows descriptors, such as those obtained * on real Windows descriptors, such as those obtained
* with CreateFile. * with CreateFile.
*/ */
} else if (strncmp(arg, "fd:", 3) == 0) { } else if (CHECK_AND_SKIP_PREFIX(arg, "fd:")) {
BIO *btmp; BIO *btmp;
i = atoi(arg + 3); i = atoi(arg);
if (i >= 0) if (i >= 0)
pwdbio = BIO_new_fd(i, BIO_NOCLOSE); pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
if ((i < 0) || !pwdbio) { if ((i < 0) || !pwdbio) {
BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3); BIO_printf(bio_err, "Can't access file descriptor %s\n", arg);
return NULL; return NULL;
} }
/* /*
@ -450,10 +450,8 @@ CONF *app_load_config_modules(const char *configfile)
return conf; return conf;
} }
#define IS_HTTP(uri) ((uri) != NULL \ #define IS_HTTP(uri) ((uri) != NULL && HAS_PREFIX(uri, OSSL_HTTP_PREFIX))
&& strncmp(uri, OSSL_HTTP_PREFIX, strlen(OSSL_HTTP_PREFIX)) == 0) #define IS_HTTPS(uri) ((uri) != NULL && HAS_PREFIX(uri, OSSL_HTTPS_PREFIX))
#define IS_HTTPS(uri) ((uri) != NULL \
&& strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0)
X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, X509 *load_cert_pass(const char *uri, int format, int maybe_stdin,
const char *pass, const char *desc) const char *pass, const char *desc)

17
apps/lib/http_server.c
View File

@ -17,7 +17,6 @@
# define _POSIX_C_SOURCE 2 # define _POSIX_C_SOURCE 2
#endif #endif
#include <string.h>
#include <ctype.h> #include <ctype.h>
#include "http_server.h" #include "http_server.h"
#include "internal/sockets.h" #include "internal/sockets.h"
@ -37,6 +36,7 @@ static int verbosity = LOG_INFO;
#define HTTP_VERSION_PATT "1." /* allow 1.x */ #define HTTP_VERSION_PATT "1." /* allow 1.x */
#define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT #define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT
#define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */ #define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */
#define HTTP_VERSION_STR " "HTTP_PREFIX_VERSION
#ifdef HTTP_DAEMON #ifdef HTTP_DAEMON
@ -336,15 +336,12 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
*end = '\0'; *end = '\0';
log_message(prog, LOG_INFO, "Received request, 1st line: %s", reqbuf); log_message(prog, LOG_INFO, "Received request, 1st line: %s", reqbuf);
meth = reqbuf; url = meth = reqbuf;
url = meth + 3; if ((accept_get && CHECK_AND_SKIP_PREFIX(url, "GET "))
if ((accept_get && strncmp(meth, "GET ", 4) == 0) || CHECK_AND_SKIP_PREFIX(url, "POST ")) {
|| (url++, strncmp(meth, "POST ", 5) == 0)) {
static const char http_version_str[] = " "HTTP_PREFIX_VERSION;
static const size_t http_version_str_len = sizeof(http_version_str) - 1;
/* Expecting (GET|POST) {sp} /URL {sp} HTTP/1.x */ /* Expecting (GET|POST) {sp} /URL {sp} HTTP/1.x */
*(url++) = '\0'; url[-1] = '\0';
while (*url == ' ') while (*url == ' ')
url++; url++;
if (*url != '/') { if (*url != '/') {
@ -360,7 +357,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
for (end = url; *end != '\0'; end++) for (end = url; *end != '\0'; end++)
if (*end == ' ') if (*end == ' ')
break; break;
if (strncmp(end, http_version_str, http_version_str_len) != 0) { if (!HAS_PREFIX(end, HTTP_VERSION_STR)) {
log_message(prog, LOG_WARNING, log_message(prog, LOG_WARNING,
"Invalid %s -- bad HTTP/version string: %s", "Invalid %s -- bad HTTP/version string: %s",
meth, end + 1); meth, end + 1);
@ -370,7 +367,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
*end = '\0'; *end = '\0';
/* above HTTP 1.0, connection persistence is the default */ /* above HTTP 1.0, connection persistence is the default */
if (found_keep_alive != NULL) if (found_keep_alive != NULL)
*found_keep_alive = end[http_version_str_len] > '0'; *found_keep_alive = end[sizeof(HTTP_VERSION_STR) - 1] > '0';
/*- /*-
* Skip "GET / HTTP..." requests often used by load-balancers. * Skip "GET / HTTP..." requests often used by load-balancers.

6
apps/openssl.c
View File

@ -8,8 +8,8 @@
*/ */
#include <stdio.h> #include <stdio.h>
#include <string.h>
#include <stdlib.h> #include <stdlib.h>
#include "internal/cryptlib.h"
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/trace.h> #include <openssl/trace.h>
@ -417,12 +417,12 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
warn_deprecated(fp); warn_deprecated(fp);
return fp->func(argc, argv); return fp->func(argc, argv);
} }
if ((strncmp(argv[0], "no-", 3)) == 0) { f.name = argv[0];
if (CHECK_AND_SKIP_PREFIX(f.name, "no-")) {
/* /*
* User is asking if foo is unsupported, by trying to "run" the * User is asking if foo is unsupported, by trying to "run" the
* no-foo command. Strange. * no-foo command. Strange.
*/ */
f.name = argv[0] + 3;
if (lh_FUNCTION_retrieve(prog, &f) == NULL) { if (lh_FUNCTION_retrieve(prog, &f) == NULL) {
BIO_printf(bio_out, "%s\n", argv[0]); BIO_printf(bio_out, "%s\n", argv[0]);
return 0; return 0;

4
apps/s_client.c
View File

@ -2530,7 +2530,7 @@ int s_client_main(int argc, char **argv)
*/ */
if (mbuf_len > 1 && mbuf[0] == '"') { if (mbuf_len > 1 && mbuf[0] == '"') {
make_uppercase(mbuf); make_uppercase(mbuf);
if (strncmp(mbuf, "\"STARTTLS\"", 10) == 0) if (HAS_PREFIX(mbuf, "\"STARTTLS\""))
foundit = 1; foundit = 1;
} }
} while (mbuf_len > 1 && mbuf[0] == '"'); } while (mbuf_len > 1 && mbuf[0] == '"');
@ -2558,7 +2558,7 @@ int s_client_main(int argc, char **argv)
*/ */
strncpy(sbuf, mbuf, 2); strncpy(sbuf, mbuf, 2);
make_uppercase(sbuf); make_uppercase(sbuf);
if (strncmp(sbuf, "OK", 2) != 0) { if (!HAS_PREFIX(sbuf, "OK")) {
BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf); BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
goto shut; goto shut;
} }

24
apps/s_server.c
View File

@ -2985,7 +2985,7 @@ static void print_connection_info(SSL *con)
static int www_body(int s, int stype, int prot, unsigned char *context) static int www_body(int s, int stype, int prot, unsigned char *context)
{ {
char *buf = NULL; char *buf = NULL, *p;
int ret = 1; int ret = 1;
int i, j, k, dot; int i, j, k, dot;
SSL *con; SSL *con;
@ -3001,7 +3001,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
/* Set width for a select call if needed */ /* Set width for a select call if needed */
width = s + 1; width = s + 1;
buf = app_malloc(bufsize, "server www buffer"); p = buf = app_malloc(bufsize, "server www buffer");
io = BIO_new(BIO_f_buffer()); io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl()); ssl_bio = BIO_new(BIO_f_ssl());
if ((io == NULL) || (ssl_bio == NULL)) if ((io == NULL) || (ssl_bio == NULL))
@ -3093,15 +3093,14 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
} }
/* else we have data */ /* else we have data */
if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || if ((www == 1 && HAS_PREFIX(buf, "GET "))
((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { || (www == 2 && HAS_PREFIX(buf, "GET /stats "))) {
char *p;
X509 *peer = NULL; X509 *peer = NULL;
STACK_OF(SSL_CIPHER) *sk; STACK_OF(SSL_CIPHER) *sk;
static const char *space = " "; static const char *space = " ";
if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) { if (www == 1 && HAS_PREFIX(buf, "GET /reneg")) {
if (strncmp("GET /renegcert", buf, 14) == 0) if (HAS_PREFIX(buf, "GET /renegcert"))
SSL_set_verify(con, SSL_set_verify(con,
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
NULL); NULL);
@ -3142,6 +3141,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
BIO_puts(io, "\n"); BIO_puts(io, "\n");
for (i = 0; i < local_argc; i++) { for (i = 0; i < local_argc; i++) {
const char *myp; const char *myp;
for (myp = local_argv[i]; *myp; myp++) for (myp = local_argv[i]; *myp; myp++)
switch (*myp) { switch (*myp) {
case '<': case '<':
@ -3221,16 +3221,12 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
} }
BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n"); BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break; break;
} else if ((www == 2 || www == 3) } else if ((www == 2 || www == 3) && HAS_PREFIX(p, "GET /")) {
&& (strncmp("GET /", buf, 5) == 0)) {
BIO *file; BIO *file;
char *p, *e; char *e;
static const char *text = static const char *text =
"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
/* skip the '/' */
p = &(buf[5]);
dot = 1; dot = 1;
for (e = p; *e != '\0'; e++) { for (e = p; *e != '\0'; e++) {
if (e[0] == ' ') if (e[0] == ' ')
@ -3523,7 +3519,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
p--; p--;
i--; i--;
} }
if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) { if (!s_ign_eof && i == 5 && HAS_PREFIX(buf, "CLOSE")) {
ret = 1; ret = 1;
BIO_printf(bio_err, "CONNECTION CLOSED\n"); BIO_printf(bio_err, "CONNECTION CLOSED\n");
goto end; goto end;

47
apps/speed.c
View File

@ -1638,8 +1638,8 @@ int speed_main(int argc, char **argv)
if (strcmp(algo, "openssl") == 0) /* just for compatibility */ if (strcmp(algo, "openssl") == 0) /* just for compatibility */
continue; continue;
#endif #endif
if (strncmp(algo, "rsa", 3) == 0) { if (HAS_PREFIX(algo, "rsa")) {
if (algo[3] == '\0') { if (algo[sizeof("rsa") - 1] == '\0') {
memset(rsa_doit, 1, sizeof(rsa_doit)); memset(rsa_doit, 1, sizeof(rsa_doit));
continue; continue;
} }
@ -1649,8 +1649,8 @@ int speed_main(int argc, char **argv)
} }
} }
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
if (strncmp(algo, "ffdh", 4) == 0) { if (HAS_PREFIX(algo, "ffdh")) {
if (algo[4] == '\0') { if (algo[sizeof("ffdh") - 1] == '\0') {
memset(ffdh_doit, 1, sizeof(ffdh_doit)); memset(ffdh_doit, 1, sizeof(ffdh_doit));
continue; continue;
} }
@ -1660,8 +1660,8 @@ int speed_main(int argc, char **argv)
} }
} }
#endif #endif
if (strncmp(algo, "dsa", 3) == 0) { if (HAS_PREFIX(algo, "dsa")) {
if (algo[3] == '\0') { if (algo[sizeof("dsa") - 1] == '\0') {
memset(dsa_doit, 1, sizeof(dsa_doit)); memset(dsa_doit, 1, sizeof(dsa_doit));
continue; continue;
} }
@ -1678,8 +1678,8 @@ int speed_main(int argc, char **argv)
doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1; doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
continue; continue;
} }
if (strncmp(algo, "ecdsa", 5) == 0) { if (HAS_PREFIX(algo, "ecdsa")) {
if (algo[5] == '\0') { if (algo[sizeof("ecdsa") - 1] == '\0') {
memset(ecdsa_doit, 1, sizeof(ecdsa_doit)); memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
continue; continue;
} }
@ -1688,8 +1688,8 @@ int speed_main(int argc, char **argv)
continue; continue;
} }
} }
if (strncmp(algo, "ecdh", 4) == 0) { if (HAS_PREFIX(algo, "ecdh")) {
if (algo[4] == '\0') { if (algo[sizeof("ecdh") - 1] == '\0') {
memset(ecdh_doit, 1, sizeof(ecdh_doit)); memset(ecdh_doit, 1, sizeof(ecdh_doit));
continue; continue;
} }
@ -3458,20 +3458,19 @@ static int do_multi(int multi, int size_num)
continue; continue;
} }
printf("Got: %s from %d\n", buf, n); printf("Got: %s from %d\n", buf, n);
if (strncmp(buf, "+F:", 3) == 0) { p = buf;
if (CHECK_AND_SKIP_PREFIX(p, "+F:")) {
int alg; int alg;
int j; int j;
p = buf + 3;
alg = atoi(sstrsep(&p, sep)); alg = atoi(sstrsep(&p, sep));
sstrsep(&p, sep); sstrsep(&p, sep);
for (j = 0; j < size_num; ++j) for (j = 0; j < size_num; ++j)
results[alg][j] += atof(sstrsep(&p, sep)); results[alg][j] += atof(sstrsep(&p, sep));
} else if (strncmp(buf, "+F2:", 4) == 0) { } else if (CHECK_AND_SKIP_PREFIX(p, "+F2:")) {
int k; int k;
double d; double d;
p = buf + 4;
k = atoi(sstrsep(&p, sep)); k = atoi(sstrsep(&p, sep));
sstrsep(&p, sep); sstrsep(&p, sep);
@ -3480,11 +3479,10 @@ static int do_multi(int multi, int size_num)
d = atof(sstrsep(&p, sep)); d = atof(sstrsep(&p, sep));
rsa_results[k][1] += d; rsa_results[k][1] += d;
} else if (strncmp(buf, "+F3:", 4) == 0) { } else if (CHECK_AND_SKIP_PREFIX(p, "+F3:")) {
int k; int k;
double d; double d;
p = buf + 4;
k = atoi(sstrsep(&p, sep)); k = atoi(sstrsep(&p, sep));
sstrsep(&p, sep); sstrsep(&p, sep);
@ -3493,11 +3491,10 @@ static int do_multi(int multi, int size_num)
d = atof(sstrsep(&p, sep)); d = atof(sstrsep(&p, sep));
dsa_results[k][1] += d; dsa_results[k][1] += d;
} else if (strncmp(buf, "+F4:", 4) == 0) { } else if (CHECK_AND_SKIP_PREFIX(p, "+F4:")) {
int k; int k;
double d; double d;
p = buf + 4;
k = atoi(sstrsep(&p, sep)); k = atoi(sstrsep(&p, sep));
sstrsep(&p, sep); sstrsep(&p, sep);
@ -3506,21 +3503,19 @@ static int do_multi(int multi, int size_num)
d = atof(sstrsep(&p, sep)); d = atof(sstrsep(&p, sep));
ecdsa_results[k][1] += d; ecdsa_results[k][1] += d;
} else if (strncmp(buf, "+F5:", 4) == 0) { } else if (CHECK_AND_SKIP_PREFIX(p, "+F5:")) {
int k; int k;
double d; double d;
p = buf + 4;
k = atoi(sstrsep(&p, sep)); k = atoi(sstrsep(&p, sep));
sstrsep(&p, sep); sstrsep(&p, sep);
d = atof(sstrsep(&p, sep)); d = atof(sstrsep(&p, sep));
ecdh_results[k][0] += d; ecdh_results[k][0] += d;
} else if (strncmp(buf, "+F6:", 4) == 0) { } else if (CHECK_AND_SKIP_PREFIX(p, "+F6:")) {
int k; int k;
double d; double d;
p = buf + 4;
k = atoi(sstrsep(&p, sep)); k = atoi(sstrsep(&p, sep));
sstrsep(&p, sep); sstrsep(&p, sep);
sstrsep(&p, sep); sstrsep(&p, sep);
@ -3531,11 +3526,10 @@ static int do_multi(int multi, int size_num)
d = atof(sstrsep(&p, sep)); d = atof(sstrsep(&p, sep));
eddsa_results[k][1] += d; eddsa_results[k][1] += d;
# ifndef OPENSSL_NO_SM2 # ifndef OPENSSL_NO_SM2
} else if (strncmp(buf, "+F7:", 4) == 0) { } else if (CHECK_AND_SKIP_PREFIX(p, "+F7:")) {
int k; int k;
double d; double d;
p = buf + 4;
k = atoi(sstrsep(&p, sep)); k = atoi(sstrsep(&p, sep));
sstrsep(&p, sep); sstrsep(&p, sep);
sstrsep(&p, sep); sstrsep(&p, sep);
@ -3547,18 +3541,17 @@ static int do_multi(int multi, int size_num)
sm2_results[k][1] += d; sm2_results[k][1] += d;
# endif /* OPENSSL_NO_SM2 */ # endif /* OPENSSL_NO_SM2 */
# ifndef OPENSSL_NO_DH # ifndef OPENSSL_NO_DH
} else if (strncmp(buf, "+F8:", 4) == 0) { } else if (CHECK_AND_SKIP_PREFIX(p, "+F8:")) {
int k; int k;
double d; double d;
p = buf + 4;
k = atoi(sstrsep(&p, sep)); k = atoi(sstrsep(&p, sep));
sstrsep(&p, sep); sstrsep(&p, sep);
d = atof(sstrsep(&p, sep)); d = atof(sstrsep(&p, sep));
ffdh_results[k][0] += d; ffdh_results[k][0] += d;
# endif /* OPENSSL_NO_DH */ # endif /* OPENSSL_NO_DH */
} else if (strncmp(buf, "+H:", 3) == 0) { } else if (HAS_PREFIX(buf, "+H:")) {
; ;
} else { } else {
BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf, BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,

6
crypto/asn1/a_strnid.c
View File

@ -50,10 +50,10 @@ int ASN1_STRING_set_default_mask_asc(const char *p)
unsigned long mask; unsigned long mask;
char *end; char *end;
if (strncmp(p, "MASK:", 5) == 0) { if (CHECK_AND_SKIP_PREFIX(p, "MASK:")) {
if (p[5] == '\0') if (*p == '\0')
return 0; return 0;
mask = strtoul(p + 5, &end, 0); mask = strtoul(p, &end, 0);
if (*end) if (*end)
return 0; return 0;
} else if (strcmp(p, "nombstr") == 0) } else if (strcmp(p, "nombstr") == 0)

10
crypto/asn1/asn1_gen.c
View File

@ -325,13 +325,13 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT);
return -1; return -1;
} }
if (strncmp(vstart, "ASCII", 5) == 0) if (HAS_PREFIX(vstart, "ASCII"))
arg->format = ASN1_GEN_FORMAT_ASCII; arg->format = ASN1_GEN_FORMAT_ASCII;
else if (strncmp(vstart, "UTF8", 4) == 0) else if (HAS_PREFIX(vstart, "UTF8"))
arg->format = ASN1_GEN_FORMAT_UTF8; arg->format = ASN1_GEN_FORMAT_UTF8;
else if (strncmp(vstart, "HEX", 3) == 0) else if (HAS_PREFIX(vstart, "HEX"))
arg->format = ASN1_GEN_FORMAT_HEX; arg->format = ASN1_GEN_FORMAT_HEX;
else if (strncmp(vstart, "BITLIST", 7) == 0) else if (HAS_PREFIX(vstart, "BITLIST"))
arg->format = ASN1_GEN_FORMAT_BITLIST; arg->format = ASN1_GEN_FORMAT_BITLIST;
else { else {
ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT);
@ -765,7 +765,7 @@ static int mask_cb(const char *elem, int len, void *arg)
int tag; int tag;
if (elem == NULL) if (elem == NULL)
return 0; return 0;
if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) { if (len == 3 && HAS_PREFIX(elem, "DIR")) {
*pmask |= B_ASN1_DIRECTORYSTRING; *pmask |= B_ASN1_DIRECTORYSTRING;
return 1; return 1;
} }

9
crypto/asn1/asn_mime.c
View File

@ -972,13 +972,8 @@ static int mime_bound_check(char *line, int linelen, const char *bound, int blen
if (blen + 2 > linelen) if (blen + 2 > linelen)
return 0; return 0;
/* Check for part boundary */ /* Check for part boundary */
if ((strncmp(line, "--", 2) == 0) if ((CHECK_AND_SKIP_PREFIX(line, "--")) && strncmp(line, bound, blen) == 0)
&& strncmp(line + 2, bound, blen) == 0) { return HAS_PREFIX(line + blen, "--") ? 2 : 1;
if (strncmp(line + blen + 2, "--", 2) == 0)
return 2;
else
return 1;
}
return 0; return 0;
} }

3
crypto/cmp/cmp_util.c
View File

@ -53,8 +53,7 @@ static OSSL_CMP_severity parse_level(const char *level)
if (end_level == NULL) if (end_level == NULL)
return -1; return -1;
if (strncmp(level, OSSL_CMP_LOG_PREFIX, if (HAS_PREFIX(level, OSSL_CMP_LOG_PREFIX))
strlen(OSSL_CMP_LOG_PREFIX)) == 0)
level += strlen(OSSL_CMP_LOG_PREFIX); level += strlen(OSSL_CMP_LOG_PREFIX);
len = end_level - level; len = end_level - level;
if (len > max_level_len) if (len > max_level_len)

8
crypto/conf/conf_def.c
View File

@ -389,8 +389,8 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
psection = section; psection = section;
} }
p = eat_ws(conf, end); p = eat_ws(conf, end);
if (strncmp(pname, ".pragma", 7) == 0 if (CHECK_AND_SKIP_PREFIX(pname, ".pragma")
&& (p != pname + 7 || *p == '=')) { && (p != pname || *p == '=')) {
char *pval; char *pval;
if (*p == '=') { if (*p == '=') {
@ -435,8 +435,8 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
* We *ignore* any unknown pragma. * We *ignore* any unknown pragma.
*/ */
continue; continue;
} else if (strncmp(pname, ".include", 8) == 0 } else if (CHECK_AND_SKIP_PREFIX(pname, ".include")
&& (p != pname + 8 || *p == '=')) { && (p != pname || *p == '=')) {
char *include = NULL; char *include = NULL;
BIO *next; BIO *next;
const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE"); const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE");

11
crypto/http/http_client.c
View File

@ -23,7 +23,6 @@
#include "internal/sockets.h" #include "internal/sockets.h"
#include "internal/cryptlib.h" /* for ossl_assert() */ #include "internal/cryptlib.h" /* for ossl_assert() */
#define HAS_PREFIX(str, prefix) (strncmp(str, prefix, sizeof(prefix) - 1) == 0)
#define HTTP_PREFIX "HTTP/" #define HTTP_PREFIX "HTTP/"
#define HTTP_VERSION_PATT "1." /* allow 1.x */ #define HTTP_VERSION_PATT "1." /* allow 1.x */
#define HTTP_VERSION_STR_LEN sizeof(HTTP_VERSION_PATT) /* == strlen("1.0") */ #define HTTP_VERSION_STR_LEN sizeof(HTTP_VERSION_PATT) /* == strlen("1.0") */
@ -377,10 +376,10 @@ static int parse_http_line1(char *line, int *found_keep_alive)
int i, retcode; int i, retcode;
char *code, *reason, *end; char *code, *reason, *end;
if (!HAS_PREFIX(line, HTTP_PREFIX_VERSION)) if (!CHECK_AND_SKIP_PREFIX(line, HTTP_PREFIX_VERSION))
goto err; goto err;
/* above HTTP 1.0, connection persistence is the default */ /* above HTTP 1.0, connection persistence is the default */
*found_keep_alive = line[strlen(HTTP_PREFIX_VERSION)] > '0'; *found_keep_alive = *line > '0';
/* Skip to first whitespace (past protocol info) */ /* Skip to first whitespace (past protocol info) */
for (code = line; *code != '\0' && !ossl_isspace(*code); code++) for (code = line; *code != '\0' && !ossl_isspace(*code); code++)
@ -1297,15 +1296,15 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
continue; continue;
/* Check for HTTP/1.x */ /* Check for HTTP/1.x */
if (!HAS_PREFIX(mbuf, HTTP_PREFIX) != 0) { mbufp = mbuf;
if (!HAS_PREFIX(mbufp, HTTP_PREFIX)) {
ERR_raise(ERR_LIB_HTTP, HTTP_R_HEADER_PARSE_ERROR); ERR_raise(ERR_LIB_HTTP, HTTP_R_HEADER_PARSE_ERROR);
BIO_printf(bio_err, "%s: HTTP CONNECT failed, non-HTTP response\n", BIO_printf(bio_err, "%s: HTTP CONNECT failed, non-HTTP response\n",
prog); prog);
/* Wrong protocol, not even HTTP, so stop reading headers */ /* Wrong protocol, not even HTTP, so stop reading headers */
goto end; goto end;
} }
mbufp = mbuf + strlen(HTTP_PREFIX); if (!HAS_PREFIX(mbufp, HTTP_VERSION_PATT)) {
if (!HAS_PREFIX(mbufp, HTTP_VERSION_PATT) != 0) {
ERR_raise(ERR_LIB_HTTP, HTTP_R_RECEIVED_WRONG_HTTP_VERSION); ERR_raise(ERR_LIB_HTTP, HTTP_R_RECEIVED_WRONG_HTTP_VERSION);
BIO_printf(bio_err, BIO_printf(bio_err,
"%s: HTTP CONNECT failed, bad HTTP version %.*s\n", "%s: HTTP CONNECT failed, bad HTTP version %.*s\n",

7
crypto/params_from_text.c
View File

@ -8,7 +8,7 @@
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#include <string.h> #include "internal/cryptlib.h" /* for HAS_PREFIX */
#include <openssl/ebcdic.h> #include <openssl/ebcdic.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/params.h> #include <openssl/params.h>
@ -35,10 +35,7 @@ static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key,
* ishex is used to translate legacy style string controls in hex format * ishex is used to translate legacy style string controls in hex format
* to octet string parameters. * to octet string parameters.
*/ */
*ishex = strncmp(key, "hex", 3) == 0; *ishex = CHECK_AND_SKIP_PREFIX(key, "hex");
if (*ishex)
key += 3;
p = *paramdef = OSSL_PARAM_locate_const(paramdefs, key); p = *paramdef = OSSL_PARAM_locate_const(paramdefs, key);
if (found != NULL) if (found != NULL)

41
crypto/pem/pem_lib.c
View File

@ -484,11 +484,11 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
* presumably we also parse rfc822-style headers for S/MIME, so a common * presumably we also parse rfc822-style headers for S/MIME, so a common
* abstraction might well be more generally useful. * abstraction might well be more generally useful.
*/ */
#define PROC_TYPE "Proc-Type:"
#define ENCRYPTED "ENCRYPTED"
#define DEK_INFO "DEK-Info:"
int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
{ {
static const char ProcType[] = "Proc-Type:";
static const char ENCRYPTED[] = "ENCRYPTED";
static const char DEKInfo[] = "DEK-Info:";
const EVP_CIPHER *enc = NULL; const EVP_CIPHER *enc = NULL;
int ivlen; int ivlen;
char *dekinfostart, c; char *dekinfostart, c;
@ -498,11 +498,10 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
if ((header == NULL) || (*header == '\0') || (*header == '\n')) if ((header == NULL) || (*header == '\0') || (*header == '\n'))
return 1; return 1;
if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) { if (!CHECK_AND_SKIP_PREFIX(header, PROC_TYPE)) {
ERR_raise(ERR_LIB_PEM, PEM_R_NOT_PROC_TYPE); ERR_raise(ERR_LIB_PEM, PEM_R_NOT_PROC_TYPE);
return 0; return 0;
} }
header += sizeof(ProcType)-1;
header += strspn(header, " \t"); header += strspn(header, " \t");
if (*header++ != '4' || *header++ != ',') if (*header++ != '4' || *header++ != ',')
@ -510,12 +509,11 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
header += strspn(header, " \t"); header += strspn(header, " \t");
/* We expect "ENCRYPTED" followed by optional white-space + line break */ /* We expect "ENCRYPTED" followed by optional white-space + line break */
if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 || if (!CHECK_AND_SKIP_PREFIX(header, ENCRYPTED) ||
strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) { strspn(header, " \t\r\n") == 0) {
ERR_raise(ERR_LIB_PEM, PEM_R_NOT_ENCRYPTED); ERR_raise(ERR_LIB_PEM, PEM_R_NOT_ENCRYPTED);
return 0; return 0;
} }
header += sizeof(ENCRYPTED)-1;
header += strspn(header, " \t\r"); header += strspn(header, " \t\r");
if (*header++ != '\n') { if (*header++ != '\n') {
ERR_raise(ERR_LIB_PEM, PEM_R_SHORT_HEADER); ERR_raise(ERR_LIB_PEM, PEM_R_SHORT_HEADER);
@ -526,11 +524,10 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
* https://tools.ietf.org/html/rfc1421#section-4.6.1.3 * https://tools.ietf.org/html/rfc1421#section-4.6.1.3
* We expect "DEK-Info: algo[,hex-parameters]" * We expect "DEK-Info: algo[,hex-parameters]"
*/ */
if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) { if (!CHECK_AND_SKIP_PREFIX(header, DEK_INFO)) {
ERR_raise(ERR_LIB_PEM, PEM_R_NOT_DEK_INFO); ERR_raise(ERR_LIB_PEM, PEM_R_NOT_DEK_INFO);
return 0; return 0;
} }
header += sizeof(DEKInfo)-1;
header += strspn(header, " \t"); header += strspn(header, " \t");
/* /*
@ -733,12 +730,12 @@ static int sanitize_line(char *linebuf, int len, unsigned int flags, int first_c
#define LINESIZE 255 #define LINESIZE 255
/* Note trailing spaces for begin and end. */ /* Note trailing spaces for begin and end. */
static const char beginstr[] = "-----BEGIN "; #define BEGINSTR "-----BEGIN "
static const char endstr[] = "-----END "; #define ENDSTR "-----END "
static const char tailstr[] = "-----\n"; #define TAILSTR "-----\n"
#define BEGINLEN ((int)(sizeof(beginstr) - 1)) #define BEGINLEN ((int)(sizeof(BEGINSTR) - 1))
#define ENDLEN ((int)(sizeof(endstr) - 1)) #define ENDLEN ((int)(sizeof(ENDSTR) - 1))
#define TAILLEN ((int)(sizeof(tailstr) - 1)) #define TAILLEN ((int)(sizeof(TAILSTR) - 1))
static int get_name(BIO *bp, char **name, unsigned int flags) static int get_name(BIO *bp, char **name, unsigned int flags)
{ {
char *linebuf; char *linebuf;
@ -769,9 +766,9 @@ static int get_name(BIO *bp, char **name, unsigned int flags)
first_call = 0; first_call = 0;
/* Allow leading empty or non-matching lines. */ /* Allow leading empty or non-matching lines. */
} while (strncmp(linebuf, beginstr, BEGINLEN) != 0 } while (!HAS_PREFIX(linebuf, BEGINSTR)
|| len < TAILLEN || len < TAILLEN
|| strncmp(linebuf + len - TAILLEN, tailstr, TAILLEN) != 0); || !HAS_PREFIX(linebuf + len - TAILLEN, TAILSTR));
linebuf[len - TAILLEN] = '\0'; linebuf[len - TAILLEN] = '\0';
len = len - BEGINLEN - TAILLEN + 1; len = len - BEGINLEN - TAILLEN + 1;
*name = pem_malloc(len, flags); *name = pem_malloc(len, flags);
@ -844,7 +841,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
if (memchr(linebuf, ':', len) != NULL) if (memchr(linebuf, ':', len) != NULL)
got_header = IN_HEADER; got_header = IN_HEADER;
} }
if (!strncmp(linebuf, endstr, ENDLEN) || got_header == IN_HEADER) if (HAS_PREFIX(linebuf, ENDSTR) || got_header == IN_HEADER)
flags_mask &= ~PEM_FLAG_ONLY_B64; flags_mask &= ~PEM_FLAG_ONLY_B64;
len = sanitize_line(linebuf, len, flags & flags_mask, 0); len = sanitize_line(linebuf, len, flags & flags_mask, 0);
@ -867,11 +864,11 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
} }
/* Check for end of stream (which means there is no header). */ /* Check for end of stream (which means there is no header). */
if (strncmp(linebuf, endstr, ENDLEN) == 0) { p = linebuf;
p = linebuf + ENDLEN; if (CHECK_AND_SKIP_PREFIX(p, ENDSTR)) {
namelen = strlen(name); namelen = strlen(name);
if (strncmp(p, name, namelen) != 0 || if (strncmp(p, name, namelen) != 0 ||
strncmp(p + namelen, tailstr, TAILLEN) != 0) { !HAS_PREFIX(p + namelen, TAILSTR)) {
ERR_raise(ERR_LIB_PEM, PEM_R_BAD_END_LINE); ERR_raise(ERR_LIB_PEM, PEM_R_BAD_END_LINE);
goto err; goto err;
} }

4
crypto/punycode.c
View File

@ -8,10 +8,10 @@
*/ */
#include <stddef.h> #include <stddef.h>
#include <string.h>
#include <stdio.h> #include <stdio.h>
#include <openssl/e_os2.h> #include <openssl/e_os2.h>
#include "crypto/punycode.h" #include "crypto/punycode.h"
#include "internal/cryptlib.h" /* for HAS_PREFIX */
static const unsigned int base = 36; static const unsigned int base = 36;
static const unsigned int tmin = 1; static const unsigned int tmin = 1;
@ -266,7 +266,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
char *tmpptr = strchr(inptr, '.'); char *tmpptr = strchr(inptr, '.');
size_t delta = (tmpptr) ? (size_t)(tmpptr - inptr) : strlen(inptr); size_t delta = (tmpptr) ? (size_t)(tmpptr - inptr) : strlen(inptr);
if (strncmp(inptr, "xn--", 4) != 0) { if (!HAS_PREFIX(inptr, "xn--")) {
size += delta + 1; size += delta + 1;
if (size >= *outlen - 1) if (size >= *outlen - 1)

2
crypto/store/store_lib.c
View File

@ -94,7 +94,7 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
if ((p = strchr(scheme_copy, ':')) != NULL) { if ((p = strchr(scheme_copy, ':')) != NULL) {
*p++ = '\0'; *p++ = '\0';
if (strcasecmp(scheme_copy, "file") != 0) { if (strcasecmp(scheme_copy, "file") != 0) {
if (strncmp(p, "//", 2) == 0) if (HAS_PREFIX(p, "//"))
schemes_n--; /* Invalidate the file scheme */ schemes_n--; /* Invalidate the file scheme */
schemes[schemes_n++] = scheme_copy; schemes[schemes_n++] = scheme_copy;
} }

9
crypto/x509/v3_conf.c
View File

@ -200,9 +200,8 @@ static int v3_check_critical(const char **value)
{ {
const char *p = *value; const char *p = *value;
if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) if (!CHECK_AND_SKIP_PREFIX(p, "critical,"))
return 0; return 0;
p += 9;
while (ossl_isspace(*p)) while (ossl_isspace(*p))
p++; p++;
*value = p; *value = p;
@ -215,11 +214,9 @@ static int v3_check_generic(const char **value)
int gen_type = 0; int gen_type = 0;
const char *p = *value; const char *p = *value;
if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { if (CHECK_AND_SKIP_PREFIX(p, "DER:")) {
p += 4;
gen_type = 1; gen_type = 1;
} else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { } else if (CHECK_AND_SKIP_PREFIX(p, "ASN1:")) {
p += 5;
gen_type = 2; gen_type = 2;
} else } else
return 0; return 0;

12
crypto/x509/v3_cpols.c
View File

@ -261,17 +261,17 @@ static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len)
if (len == -1) if (len == -1)
return V_ASN1_VISIBLESTRING; return V_ASN1_VISIBLESTRING;
*tag_len = len; *tag_len = len;
if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0) if (len == sizeof("UTF8") - 1 && HAS_PREFIX(tagstr, "UTF8"))
return V_ASN1_UTF8STRING; return V_ASN1_UTF8STRING;
if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0) if (len == sizeof("UTF8String") - 1 && HAS_PREFIX(tagstr, "UTF8String"))
return V_ASN1_UTF8STRING; return V_ASN1_UTF8STRING;
if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0) if (len == sizeof("BMP") - 1 && HAS_PREFIX(tagstr, "BMP"))
return V_ASN1_BMPSTRING; return V_ASN1_BMPSTRING;
if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0) if (len == sizeof("BMPSTRING") - 1 && HAS_PREFIX(tagstr, "BMPSTRING"))
return V_ASN1_BMPSTRING; return V_ASN1_BMPSTRING;
if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0) if (len == sizeof("VISIBLE") - 1 && HAS_PREFIX(tagstr, "VISIBLE"))
return V_ASN1_VISIBLESTRING; return V_ASN1_VISIBLESTRING;
if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0) if (len == sizeof("VISIBLESTRING") - 1 && HAS_PREFIX(tagstr, "VISIBLESTRING"))
return V_ASN1_VISIBLESTRING; return V_ASN1_VISIBLESTRING;
*tag_len = 0; *tag_len = 0;
return V_ASN1_VISIBLESTRING; return V_ASN1_VISIBLESTRING;

2
crypto/x509/v3_crld.c
View File

@ -70,7 +70,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(GENERAL_NAME) *fnm = NULL;
STACK_OF(X509_NAME_ENTRY) *rnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
if (strncmp(cnf->name, "fullname", 9) == 0) { if (HAS_PREFIX(cnf->name, "fullname")) {
fnm = gnames_from_sectname(ctx, cnf->value); fnm = gnames_from_sectname(ctx, cnf->value);
if (!fnm) if (!fnm)
goto err; goto err;

4
crypto/x509/v3_ncons.c
View File

@ -138,10 +138,10 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
goto memerr; goto memerr;
for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
val = sk_CONF_VALUE_value(nval, i); val = sk_CONF_VALUE_value(nval, i);
if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) { if (HAS_PREFIX(val->name, "permitted") && val->name[9]) {
ptree = &ncons->permittedSubtrees; ptree = &ncons->permittedSubtrees;
tval.name = val->name + 10; tval.name = val->name + 10;
} else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) { } else if (HAS_PREFIX(val->name, "excluded") && val->name[8]) {
ptree = &ncons->excludedSubtrees; ptree = &ncons->excludedSubtrees;
tval.name = val->name + 9; tval.name = val->name + 9;
} else { } else {

13
crypto/x509/v3_pci.c
View File

@ -112,6 +112,7 @@ static int process_pci_value(CONF_VALUE *val,
return 0; return 0;
} }
} else if (strcmp(val->name, "policy") == 0) { } else if (strcmp(val->name, "policy") == 0) {
char *valp = val->value;
unsigned char *tmp_data = NULL; unsigned char *tmp_data = NULL;
long val_len; long val_len;
@ -124,9 +125,9 @@ static int process_pci_value(CONF_VALUE *val,
} }
free_policy = 1; free_policy = 1;
} }
if (strncmp(val->value, "hex:", 4) == 0) { if (CHECK_AND_SKIP_PREFIX(valp, "hex:")) {
unsigned char *tmp_data2 = unsigned char *tmp_data2 =
OPENSSL_hexstr2buf(val->value + 4, &val_len); OPENSSL_hexstr2buf(valp, &val_len);
if (!tmp_data2) { if (!tmp_data2) {
X509V3_conf_err(val); X509V3_conf_err(val);
@ -155,10 +156,10 @@ static int process_pci_value(CONF_VALUE *val,
goto err; goto err;
} }
OPENSSL_free(tmp_data2); OPENSSL_free(tmp_data2);
} else if (strncmp(val->value, "file:", 5) == 0) { } else if (CHECK_AND_SKIP_PREFIX(valp, "file:")) {
unsigned char buf[2048]; unsigned char buf[2048];
int n; int n;
BIO *b = BIO_new_file(val->value + 5, "r"); BIO *b = BIO_new_file(valp, "r");
if (!b) { if (!b) {
ERR_raise(ERR_LIB_X509V3, ERR_R_BIO_LIB); ERR_raise(ERR_LIB_X509V3, ERR_R_BIO_LIB);
X509V3_conf_err(val); X509V3_conf_err(val);
@ -194,8 +195,8 @@ static int process_pci_value(CONF_VALUE *val,
X509V3_conf_err(val); X509V3_conf_err(val);
goto err; goto err;
} }
} else if (strncmp(val->value, "text:", 5) == 0) { } else if (CHECK_AND_SKIP_PREFIX(valp, "text:")) {
val_len = strlen(val->value + 5); val_len = strlen(valp);
tmp_data = OPENSSL_realloc((*policy)->data, tmp_data = OPENSSL_realloc((*policy)->data,
(*policy)->length + val_len + 1); (*policy)->length + val_len + 1);
if (tmp_data) { if (tmp_data) {

6
include/internal/cryptlib.h
View File

@ -45,6 +45,12 @@ __owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr,
#endif #endif
/* Check if pre, which must be a string literal, is a prefix of str */
# define HAS_PREFIX(str, pre) (strncmp(str, pre "", sizeof(pre) - 1) == 0)
/* As before, and if check succeeds, advance the str ptr past the prefix */
# define CHECK_AND_SKIP_PREFIX(str, pre) \
(HAS_PREFIX(str, pre) ? ((str) += sizeof(pre) - 1, 1) : 0)
/* /*
* Use this inside a union with the field that needs to be aligned to a * Use this inside a union with the field that needs to be aligned to a
* reasonable boundary for the platform. The most pessimistic alignment * reasonable boundary for the platform. The most pessimistic alignment

10
providers/implementations/storemgmt/file_store.c
View File

@ -223,13 +223,11 @@ static void *file_open(void *provctx, const char *uri)
if (strncasecmp(uri, "file:", 5) == 0) { if (strncasecmp(uri, "file:", 5) == 0) {
const char *p = &uri[5]; const char *p = &uri[5];
if (strncmp(&uri[5], "//", 2) == 0) { if (CHECK_AND_SKIP_PREFIX(p, "//")) {
path_data_n--; /* Invalidate using the full URI */ path_data_n--; /* Invalidate using the full URI */
if (strncasecmp(&uri[7], "localhost/", 10) == 0) { if (strncasecmp(p, "localhost/", 10) == 0) {
p = &uri[16]; p += sizeof("localhost") - 1;
} else if (uri[7] == '/') { } else if (*p != '/') {
p = &uri[7];
} else {
ERR_clear_last_mark(); ERR_clear_last_mark();
ERR_raise(ERR_LIB_PROV, PROV_R_URI_AUTHORITY_UNSUPPORTED); ERR_raise(ERR_LIB_PROV, PROV_R_URI_AUTHORITY_UNSUPPORTED);
return NULL; return NULL;

10
ssl/record/ssl3_record.c
View File

@ -338,13 +338,13 @@ int ssl3_get_record(SSL *s)
/* Go back to start of packet, look at the five bytes /* Go back to start of packet, look at the five bytes
* that we have. */ * that we have. */
p = RECORD_LAYER_get_packet(&s->rlayer); p = RECORD_LAYER_get_packet(&s->rlayer);
if (strncmp((char *)p, "GET ", 4) == 0 || if (HAS_PREFIX((char *)p, "GET ") ||
strncmp((char *)p, "POST ", 5) == 0 || HAS_PREFIX((char *)p, "POST ") ||
strncmp((char *)p, "HEAD ", 5) == 0 || HAS_PREFIX((char *)p, "HEAD ") ||
strncmp((char *)p, "PUT ", 4) == 0) { HAS_PREFIX((char *)p, "PUT ")) {
SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST); SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_HTTP_REQUEST);
return -1; return -1;
} else if (strncmp((char *)p, "CONNE", 5) == 0) { } else if (HAS_PREFIX((char *)p, "CONNE")) {
SSLfatal(s, SSL_AD_NO_ALERT, SSLfatal(s, SSL_AD_NO_ALERT,
SSL_R_HTTPS_PROXY_REQUEST); SSL_R_HTTPS_PROXY_REQUEST);
return -1; return -1;

16
ssl/ssl_ciph.c
View File

@ -1216,10 +1216,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
*/ */
if (rule == CIPHER_SPECIAL) { /* special command */ if (rule == CIPHER_SPECIAL) { /* special command */
ok = 0; ok = 0;
if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) { if ((buflen == 8) && HAS_PREFIX(buf, "STRENGTH")) {
ok = ssl_cipher_strength_sort(head_p, tail_p); ok = ssl_cipher_strength_sort(head_p, tail_p);
} else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) { } else if (buflen == 10 && CHECK_AND_SKIP_PREFIX(buf, "SECLEVEL=")) {
int level = buf[9] - '0'; int level = *buf - '0';
if (level < 0 || level > 5) { if (level < 0 || level > 5) {
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_COMMAND); ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_COMMAND);
} else { } else {
@ -1259,14 +1259,14 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
const char **prule_str) const char **prule_str)
{ {
unsigned int suiteb_flags = 0, suiteb_comb2 = 0; unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) { if (HAS_PREFIX(*prule_str, "SUITEB128ONLY")) {
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
} else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) { } else if (HAS_PREFIX(*prule_str, "SUITEB128C2")) {
suiteb_comb2 = 1; suiteb_comb2 = 1;
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
} else if (strncmp(*prule_str, "SUITEB128", 9) == 0) { } else if (HAS_PREFIX(*prule_str, "SUITEB128")) {
suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
} else if (strncmp(*prule_str, "SUITEB192", 9) == 0) { } else if (HAS_PREFIX(*prule_str, "SUITEB192")) {
suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS; suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
} }
@ -1601,7 +1601,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
*/ */
ok = 1; ok = 1;
rule_p = rule_str; rule_p = rule_str;
if (strncmp(rule_str, "DEFAULT", 7) == 0) { if (HAS_PREFIX(rule_str, "DEFAULT")) {
ok = ssl_cipher_process_rulestr(OSSL_default_cipher_list(), ok = ssl_cipher_process_rulestr(OSSL_default_cipher_list(),
&head, &tail, ca_list, c); &head, &tail, ca_list, c);
rule_p += 7; rule_p += 7;

2
ssl/ssl_local.h
View File

@ -15,8 +15,8 @@
# include "e_os.h" /* struct timeval for DTLS */ # include "e_os.h" /* struct timeval for DTLS */
# include <stdlib.h> # include <stdlib.h>
# include <time.h> # include <time.h>
# include <string.h>
# include <errno.h> # include <errno.h>
# include "internal/cryptlib.h" /* for HAS_PREFIX */
# include <openssl/buffer.h> # include <openssl/buffer.h>
# include <openssl/comp.h> # include <openssl/comp.h>

13
ssl/ssl_rsa.c
View File

@ -25,6 +25,9 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
| SSL_EXT_TLS1_2_SERVER_HELLO \ | SSL_EXT_TLS1_2_SERVER_HELLO \
| SSL_EXT_IGNORE_ON_RESUMPTION) | SSL_EXT_IGNORE_ON_RESUMPTION)
#define NAME_PREFIX1 "SERVERINFO FOR "
#define NAME_PREFIX2 "SERVERINFOV2 FOR "
int SSL_use_certificate(SSL *ssl, X509 *x) int SSL_use_certificate(SSL *ssl, X509 *x)
{ {
int rv; int rv;
@ -760,8 +763,6 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
long extension_length = 0; long extension_length = 0;
char *name = NULL; char *name = NULL;
char *header = NULL; char *header = NULL;
static const char namePrefix1[] = "SERVERINFO FOR ";
static const char namePrefix2[] = "SERVERINFOV2 FOR ";
unsigned int name_len; unsigned int name_len;
int ret = 0; int ret = 0;
BIO *bin = NULL; BIO *bin = NULL;
@ -798,18 +799,18 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
} }
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */ /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
name_len = strlen(name); name_len = strlen(name);
if (name_len < sizeof(namePrefix1) - 1) { if (name_len < sizeof(NAME_PREFIX1) - 1) {
ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT); ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
goto end; goto end;
} }
if (strncmp(name, namePrefix1, sizeof(namePrefix1) - 1) == 0) { if (HAS_PREFIX(name, NAME_PREFIX1)) {
version = SSL_SERVERINFOV1; version = SSL_SERVERINFOV1;
} else { } else {
if (name_len < sizeof(namePrefix2) - 1) { if (name_len < sizeof(NAME_PREFIX2) - 1) {
ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT); ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_TOO_SHORT);
goto end; goto end;
} }
if (strncmp(name, namePrefix2, sizeof(namePrefix2) - 1) != 0) { if (!HAS_PREFIX(name, NAME_PREFIX2)) {
ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX); ERR_raise(ERR_LIB_SSL, SSL_R_PEM_NAME_BAD_PREFIX);
goto end; goto end;
} }

2
test/dtls_mtu_test.c
View File

@ -168,7 +168,7 @@ static int run_mtu_tests(void)
const char *cipher_name = SSL_CIPHER_get_name(cipher); const char *cipher_name = SSL_CIPHER_get_name(cipher);
/* As noted above, only one test for each enc/mac variant. */ /* As noted above, only one test for each enc/mac variant. */
if (strncmp(cipher_name, "PSK-", 4) != 0) if (!HAS_PREFIX(cipher_name, "PSK-"))
continue; continue;
if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 0), 0)) if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 0), 0))

30
test/evp_test.c
View File

@ -2382,33 +2382,27 @@ static int rand_test_parse(EVP_TEST *t,
if (n > rdata->n) if (n > rdata->n)
rdata->n = n; rdata->n = n;
item = rdata->data + n; item = rdata->data + n;
if (strncmp(keyword, "Entropy.", sizeof("Entropy")) == 0) if (HAS_PREFIX(keyword, "Entropy."))
return parse_bin(value, &item->entropy, &item->entropy_len); return parse_bin(value, &item->entropy, &item->entropy_len);
if (strncmp(keyword, "ReseedEntropy.", sizeof("ReseedEntropy")) == 0) if (HAS_PREFIX(keyword, "ReseedEntropy."))
return parse_bin(value, &item->reseed_entropy, return parse_bin(value, &item->reseed_entropy,
&item->reseed_entropy_len); &item->reseed_entropy_len);
if (strncmp(keyword, "Nonce.", sizeof("Nonce")) == 0) if (HAS_PREFIX(keyword, "Nonce."))
return parse_bin(value, &item->nonce, &item->nonce_len); return parse_bin(value, &item->nonce, &item->nonce_len);
if (strncmp(keyword, "PersonalisationString.", if (HAS_PREFIX(keyword, "PersonalisationString."))
sizeof("PersonalisationString")) == 0)
return parse_bin(value, &item->pers, &item->pers_len); return parse_bin(value, &item->pers, &item->pers_len);
if (strncmp(keyword, "ReseedAdditionalInput.", if (HAS_PREFIX(keyword, "ReseedAdditionalInput."))
sizeof("ReseedAdditionalInput")) == 0)
return parse_bin(value, &item->reseed_addin, return parse_bin(value, &item->reseed_addin,
&item->reseed_addin_len); &item->reseed_addin_len);
if (strncmp(keyword, "AdditionalInputA.", if (HAS_PREFIX(keyword, "AdditionalInputA."))
sizeof("AdditionalInputA")) == 0)
return parse_bin(value, &item->addinA, &item->addinA_len); return parse_bin(value, &item->addinA, &item->addinA_len);
if (strncmp(keyword, "AdditionalInputB.", if (HAS_PREFIX(keyword, "AdditionalInputB."))
sizeof("AdditionalInputB")) == 0)
return parse_bin(value, &item->addinB, &item->addinB_len); return parse_bin(value, &item->addinB, &item->addinB_len);
if (strncmp(keyword, "EntropyPredictionResistanceA.", if (HAS_PREFIX(keyword, "EntropyPredictionResistanceA."))
sizeof("EntropyPredictionResistanceA")) == 0)
return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len); return parse_bin(value, &item->pr_entropyA, &item->pr_entropyA_len);
if (strncmp(keyword, "EntropyPredictionResistanceB.", if (HAS_PREFIX(keyword, "EntropyPredictionResistanceB."))
sizeof("EntropyPredictionResistanceB")) == 0)
return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len); return parse_bin(value, &item->pr_entropyB, &item->pr_entropyB_len);
if (strncmp(keyword, "Output.", sizeof("Output")) == 0) if (HAS_PREFIX(keyword, "Output."))
return parse_bin(value, &item->output, &item->output_len); return parse_bin(value, &item->output, &item->output_len);
} else { } else {
if (strcmp(keyword, "Cipher") == 0) if (strcmp(keyword, "Cipher") == 0)
@ -2656,7 +2650,7 @@ static int kdf_test_parse(EVP_TEST *t,
if (strcmp(keyword, "Output") == 0) if (strcmp(keyword, "Output") == 0)
return parse_bin(value, &kdata->output, &kdata->output_len); return parse_bin(value, &kdata->output, &kdata->output_len);
if (strncmp(keyword, "Ctrl", 4) == 0) if (HAS_PREFIX(keyword, "Ctrl"))
return kdf_test_ctrl(t, kdata->ctx, value); return kdf_test_ctrl(t, kdata->ctx, value);
return 0; return 0;
} }
@ -2756,7 +2750,7 @@ static int pkey_kdf_test_parse(EVP_TEST *t,
if (strcmp(keyword, "Output") == 0) if (strcmp(keyword, "Output") == 0)
return parse_bin(value, &kdata->output, &kdata->output_len); return parse_bin(value, &kdata->output, &kdata->output_len);
if (strncmp(keyword, "Ctrl", 4) == 0) if (HAS_PREFIX(keyword, "Ctrl"))
return pkey_test_ctrl(t, kdata->ctx, value); return pkey_test_ctrl(t, kdata->ctx, value);
return 0; return 0;
} }

4
test/helpers/handshake.c
View File

@ -174,7 +174,7 @@ static int client_hello_select_server_ctx(SSL *s, void *arg, int ignore)
remaining = len; remaining = len;
servername = (const char *)p; servername = (const char *)p;
if (len == strlen("server2") && strncmp(servername, "server2", len) == 0) { if (len == strlen("server2") && HAS_PREFIX(servername, "server2")) {
SSL_CTX *new_ctx = arg; SSL_CTX *new_ctx = arg;
SSL_set_SSL_CTX(s, new_ctx); SSL_set_SSL_CTX(s, new_ctx);
/* /*
@ -188,7 +188,7 @@ static int client_hello_select_server_ctx(SSL *s, void *arg, int ignore)
ex_data->servername = SSL_TEST_SERVERNAME_SERVER2; ex_data->servername = SSL_TEST_SERVERNAME_SERVER2;
return 1; return 1;
} else if (len == strlen("server1") && } else if (len == strlen("server1") &&
strncmp(servername, "server1", len) == 0) { HAS_PREFIX(servername, "server1")) {
ex_data->servername = SSL_TEST_SERVERNAME_SERVER1; ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
return 1; return 1;
} else if (ignore) { } else if (ignore) {

16
test/http_test.c
View File

@ -41,15 +41,12 @@ static int mock_http_server(BIO *in, BIO *out, char version, int keep_alive,
const char *req, *path; const char *req, *path;
long count = BIO_get_mem_data(in, (unsigned char **)&req); long count = BIO_get_mem_data(in, (unsigned char **)&req);
const char *hdr = (char *)req; const char *hdr = (char *)req;
int is_get = count >= 4 && strncmp(hdr, "GET ", 4) == 0;
int len; int len;
int is_get = count >= 4 && CHECK_AND_SKIP_PREFIX(hdr, "GET ");
/* first line should contain "(GET|POST) <path> HTTP/1.x" */ /* first line should contain "(GET|POST) <path> HTTP/1.x" */
if (is_get) if (!is_get
hdr += 4; && !(TEST_true(count >= 5 && CHECK_AND_SKIP_PREFIX(hdr, "POST "))))
else if (TEST_true(count >= 5 && strncmp(hdr, "POST ", 5) == 0))
hdr += 5;
else
return 0; return 0;
path = hdr; path = hdr;
@ -69,7 +66,7 @@ static int mock_http_server(BIO *in, BIO *out, char version, int keep_alive,
if (count < 0 || out == NULL) if (count < 0 || out == NULL)
return 0; return 0;
if (strncmp(path, RPATH, strlen(RPATH)) != 0) { if (!HAS_PREFIX(path, RPATH)) {
if (!is_get) if (!is_get)
return 0; return 0;
return BIO_printf(out, "HTTP/1.%c 301 Moved Permanently\r\n" return BIO_printf(out, "HTTP/1.%c 301 Moved Permanently\r\n"
@ -94,10 +91,9 @@ static int mock_http_server(BIO *in, BIO *out, char version, int keep_alive,
return BIO_puts(out, txt); return BIO_puts(out, txt);
return ASN1_item_i2d_bio(it, out, rsp); return ASN1_item_i2d_bio(it, out, rsp);
} else { } else {
len = strlen("Connection: "); if (CHECK_AND_SKIP_PREFIX(hdr, "Connection: ")) {
if (strncmp(hdr, "Connection: ", len) == 0) {
/* skip req Connection header */ /* skip req Connection header */
hdr = strstr(hdr + len, "\r\n"); hdr = strstr(hdr, "\r\n");
if (hdr == NULL) if (hdr == NULL)
return 0; return 0;
hdr += 2; hdr += 2;

2
test/ssl_old_test.c
View File

@ -1009,7 +1009,7 @@ int main(int argc, char *argv[])
dtls12 = 1; dtls12 = 1;
} else if (strcmp(*argv, "-dtls") == 0) { } else if (strcmp(*argv, "-dtls") == 0) {
dtls = 1; dtls = 1;
} else if (strncmp(*argv, "-num", 4) == 0) { } else if (HAS_PREFIX(*argv, "-num")) {
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
number = atoi(*(++argv)); number = atoi(*(++argv));

1
test/testutil.h
View File

@ -11,6 +11,7 @@
# define OSSL_TESTUTIL_H # define OSSL_TESTUTIL_H
# include <stdarg.h> # include <stdarg.h>
# include "internal/cryptlib.h" /* for HAS_PREFIX */
# include <openssl/provider.h> # include <openssl/provider.h>
# include <openssl/err.h> # include <openssl/err.h>

2
test/testutil/stanza.c
View File

@ -54,7 +54,7 @@ static int read_key(STANZA *s)
s->curr++; s->curr++;
if (!TEST_int_gt(BIO_puts(s->key, tmpbuf), 0)) if (!TEST_int_gt(BIO_puts(s->key, tmpbuf), 0))
return 0; return 0;
if (strncmp(tmpbuf, "-----END", 8) == 0) if (HAS_PREFIX(tmpbuf, "-----END"))
return 1; return 1;
} }
TEST_error("Can't find key end"); TEST_error("Can't find key end");