Google Git
Sign in
boringssl/boringssl.git/38c4bf10ce77ccabf50a61fb42edbad488ecffd8^!/.
commit
38c4bf10ce77ccabf50a61fb42edbad488ecffd8
[log]
author
David Benjamin <davidben@google.com>
Wed Nov 29 10:48:37 2023 -0500
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Wed Nov 29 16:04:55 2023 +0000
tree
1eda26d59e7779bd0b968898b38581639c710d17
parent
2139aba2e3e28cd1cdefbd9b48e2c31a75441203 [diff]
Move X509_INFO back into x509.h and document

Although this is only used by <openssl/pem.h>, one existing caller
expects the free functions to be defined in <openssl/x509.h>. It's not
really worth it to put it in the other header, so just move it back.

Change-Id: I7e719d51110b567296fcd797f72d13aa41de73af
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64287
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 263b22b..351e3f6 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h

@@ -347,28 +347,27 @@
                                       unsigned char *kstr, int klen,
                                       pem_password_cb *cb, void *u);
 
-struct private_key_st {
-  EVP_PKEY *dec_pkey;
-} /* X509_PKEY */;
-
-struct X509_info_st {
-  X509 *x509;
-  X509_CRL *crl;
-  X509_PKEY *x_pkey;
-
-  EVP_CIPHER_INFO enc_cipher;
-  int enc_len;
-  char *enc_data;
-} /* X509_INFO */;
-
-DEFINE_STACK_OF(X509_INFO)
-
-// X509_INFO_free releases memory associated with |info|.
-OPENSSL_EXPORT void X509_INFO_free(X509_INFO *info);
-
+// PEM_X509_INFO_read_bio reads PEM blocks from |bp| and decodes any
+// certificates, CRLs, and private keys found. It returns a
+// |STACK_OF(X509_INFO)| structure containing the results, or NULL on error.
+//
+// If |sk| is NULL, the result on success will be a newly-allocated
+// |STACK_OF(X509_INFO)| structure which should be released with
+// |sk_X509_INFO_pop_free| and |X509_INFO_free| when done.
+//
+// If |sk| is non-NULL, it appends the results to |sk| instead and returns |sk|
+// on success. In this case, the caller retains ownership of |sk| in both
+// success and failure.
 OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(
     BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
 
+// PEM_X509_INFO_read behaves like |PEM_X509_INFO_read_bio| but reads from a
+// |FILE|.
+OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp,
+                                                       STACK_OF(X509_INFO) *sk,
+                                                       pem_password_cb *cb,
+                                                       void *u);
+
 OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header,
                             unsigned char **data, long *len);
 OPENSSL_EXPORT int PEM_write(FILE *fp, const char *name, const char *hdr,
@@ -379,10 +378,6 @@
                                   void *x, const EVP_CIPHER *enc,
                                   unsigned char *kstr, int klen,
                                   pem_password_cb *callback, void *u);
-OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp,
-                                                       STACK_OF(X509_INFO) *sk,
-                                                       pem_password_cb *cb,
-                                                       void *u);
 
 // PEM_def_callback treats |userdata| as a string and copies it into |buf|,
 // assuming its |size| is sufficient. Returns the length of the string, or 0
@@ -474,17 +469,6 @@
 
 #ifdef __cplusplus
 }  // extern "C"
-
-#if !defined(BORINGSSL_NO_CXX)
-extern "C++" {
-BSSL_NAMESPACE_BEGIN
-
-BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free)
-
-BSSL_NAMESPACE_END
-}  // extern "C++"
-#endif  // !BORINGSSL_NO_CXX
-
 #endif
 
 #define PEM_R_BAD_BASE64_DECODE 100

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 6cbcd22..41305d8 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h

@@ -2502,6 +2502,32 @@
                                       EVP_MD_CTX *ctx);
 
 
+// X.509 information.
+//
+// |X509_INFO| is the return type for |PEM_X509_INFO_read_bio|, defined in
+// <openssl/pem.h>. It is used to store a certificate, CRL, or private key. This
+// type is defined in this header for OpenSSL compatibility.
+
+struct private_key_st {
+  EVP_PKEY *dec_pkey;
+} /* X509_PKEY */;
+
+struct X509_info_st {
+  X509 *x509;
+  X509_CRL *crl;
+  X509_PKEY *x_pkey;
+
+  EVP_CIPHER_INFO enc_cipher;
+  int enc_len;
+  char *enc_data;
+} /* X509_INFO */;
+
+DEFINE_STACK_OF(X509_INFO)
+
+// X509_INFO_free releases memory associated with |info|.
+OPENSSL_EXPORT void X509_INFO_free(X509_INFO *info);
+
+
 // Deprecated functions.
 
 // X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
@@ -3183,6 +3209,7 @@
 BORINGSSL_MAKE_DELETER(X509_CRL, X509_CRL_free)
 BORINGSSL_MAKE_UP_REF(X509_CRL, X509_CRL_up_ref)
 BORINGSSL_MAKE_DELETER(X509_EXTENSION, X509_EXTENSION_free)
+BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free)
 BORINGSSL_MAKE_DELETER(X509_LOOKUP, X509_LOOKUP_free)
 BORINGSSL_MAKE_DELETER(X509_NAME, X509_NAME_free)
 BORINGSSL_MAKE_DELETER(X509_NAME_ENTRY, X509_NAME_ENTRY_free)