commit 3509dacc3c10846c1545e465670e7b1a52a848e3
author Adam Langley <agl@google.com> Wed Feb 01 11:59:18 2017 -0800
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Feb 09 18:30:35 2017 +0000
tree faa059a8834478cb8017de4e19ccf123047f23fa
parent 04540a7fa70d136e47d5da854b2b187e1b084207

Add |X509_METHOD| and, using it, move many functions to ssl_x509.c.

Change-Id: I266af0c2bdcebcc1dd1026f816b9ef6ece5a592f
Reviewed-on: https://boringssl-review.googlesource.com/13581
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index b3f3b0f..a53bd07 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1256,6 +1256,10 @@
    * operations. */
   const SSL_PRIVATE_KEY_METHOD *key_method;
 
+  /* x509_method contains pointers to functions that might deal with |X509|
+   * compatibility, or might be a no-op, depending on the application. */
+  const SSL_X509_METHOD *x509_method;
+
   DH *dh_tmp;
   DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
 
@@ -1287,6 +1291,9 @@
   /* method is the underlying SSL_PROTOCOL_METHOD that initializes the
    * SSL_CTX. */
   const SSL_PROTOCOL_METHOD *method;
+  /* x509_method contains pointers to functions that might deal with |X509|
+   * compatibility, or might be a no-op, depending on the application. */
+  const SSL_X509_METHOD *x509_method;
 };
 
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
@@ -1368,6 +1375,21 @@
   int (*set_write_state)(SSL *ssl, SSL_AEAD_CTX *aead_ctx);
 };
 
+struct ssl_x509_method_st {
+  /* cert_clear frees and NULLs all X509-related state. */
+  void (*cert_clear)(CERT *cert);
+  /* cert_flush_cached_chain drops any cached |X509|-based certificate chain
+   * from |cert|. */
+  void (*cert_flush_cached_chain)(CERT *cert);
+  /* cert_flush_cached_chain drops any cached |X509|-based leaf certificate
+   * from |cert|. */
+  void (*cert_flush_cached_leaf)(CERT *cert);
+};
+
+/* ssl_crypto_x509_method provides the |ssl_x509_method_st| functions using
+ * crypto/x509. */
+extern const struct ssl_x509_method_st ssl_crypto_x509_method;
+
 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
  * of a mess of functions, but hell, think of it as an opaque structure. */
 typedef struct ssl3_enc_method {
@@ -1855,13 +1877,11 @@
 #define SSL_KEY_UPDATE_NOT_REQUESTED 0
 #define SSL_KEY_UPDATE_REQUESTED 1
 
-CERT *ssl_cert_new(void);
+CERT *ssl_cert_new(const SSL_X509_METHOD *x509_method);
 CERT *ssl_cert_dup(CERT *cert);
 void ssl_cert_clear_certs(CERT *c);
 void ssl_cert_free(CERT *c);
-CRYPTO_BUFFER *x509_to_buffer(X509 *x509);
-void ssl_cert_flush_cached_x509_leaf(CERT *cert);
-int ssl_cert_cache_leaf_cert(CERT *cert);
+int ssl_set_cert(CERT *cert, CRYPTO_BUFFER *buffer);
 /* ssl_compare_public_and_private_key returns one if |pubkey| is the public
  * counterpart to |privkey|. Otherwise it returns zero and pushes a helpful
  * message on the error queue. */
@@ -1931,7 +1951,7 @@
     const SSL *ssl);
 
 int ssl_verify_cert_chain(SSL *ssl, long *out_verify_result,
-                          STACK_OF(X509) * cert_chain);
+                          STACK_OF(X509) *cert_chain);
 void ssl_update_cache(SSL_HANDSHAKE *hs, int mode);
 
 int ssl_verify_alarm_type(long type);