Move X509_INFO back into x509.h and document
Although this is only used by <openssl/pem.h>, one existing caller
expects the free functions to be defined in <openssl/x509.h>. It's not
really worth it to put it in the other header, so just move it back.
Change-Id: I7e719d51110b567296fcd797f72d13aa41de73af
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64287
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 263b22b..351e3f6 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -347,28 +347,27 @@
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u);
-struct private_key_st {
- EVP_PKEY *dec_pkey;
-} /* X509_PKEY */;
-
-struct X509_info_st {
- X509 *x509;
- X509_CRL *crl;
- X509_PKEY *x_pkey;
-
- EVP_CIPHER_INFO enc_cipher;
- int enc_len;
- char *enc_data;
-} /* X509_INFO */;
-
-DEFINE_STACK_OF(X509_INFO)
-
-// X509_INFO_free releases memory associated with |info|.
-OPENSSL_EXPORT void X509_INFO_free(X509_INFO *info);
-
+// PEM_X509_INFO_read_bio reads PEM blocks from |bp| and decodes any
+// certificates, CRLs, and private keys found. It returns a
+// |STACK_OF(X509_INFO)| structure containing the results, or NULL on error.
+//
+// If |sk| is NULL, the result on success will be a newly-allocated
+// |STACK_OF(X509_INFO)| structure which should be released with
+// |sk_X509_INFO_pop_free| and |X509_INFO_free| when done.
+//
+// If |sk| is non-NULL, it appends the results to |sk| instead and returns |sk|
+// on success. In this case, the caller retains ownership of |sk| in both
+// success and failure.
OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(
BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
+// PEM_X509_INFO_read behaves like |PEM_X509_INFO_read_bio| but reads from a
+// |FILE|.
+OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp,
+ STACK_OF(X509_INFO) *sk,
+ pem_password_cb *cb,
+ void *u);
+
OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
OPENSSL_EXPORT int PEM_write(FILE *fp, const char *name, const char *hdr,
@@ -379,10 +378,6 @@
void *x, const EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *callback, void *u);
-OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp,
- STACK_OF(X509_INFO) *sk,
- pem_password_cb *cb,
- void *u);
// PEM_def_callback treats |userdata| as a string and copies it into |buf|,
// assuming its |size| is sufficient. Returns the length of the string, or 0
@@ -474,17 +469,6 @@
#ifdef __cplusplus
} // extern "C"
-
-#if !defined(BORINGSSL_NO_CXX)
-extern "C++" {
-BSSL_NAMESPACE_BEGIN
-
-BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free)
-
-BSSL_NAMESPACE_END
-} // extern "C++"
-#endif // !BORINGSSL_NO_CXX
-
#endif
#define PEM_R_BAD_BASE64_DECODE 100
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 6cbcd22..41305d8 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -2502,6 +2502,32 @@
EVP_MD_CTX *ctx);
+// X.509 information.
+//
+// |X509_INFO| is the return type for |PEM_X509_INFO_read_bio|, defined in
+// <openssl/pem.h>. It is used to store a certificate, CRL, or private key. This
+// type is defined in this header for OpenSSL compatibility.
+
+struct private_key_st {
+ EVP_PKEY *dec_pkey;
+} /* X509_PKEY */;
+
+struct X509_info_st {
+ X509 *x509;
+ X509_CRL *crl;
+ X509_PKEY *x_pkey;
+
+ EVP_CIPHER_INFO enc_cipher;
+ int enc_len;
+ char *enc_data;
+} /* X509_INFO */;
+
+DEFINE_STACK_OF(X509_INFO)
+
+// X509_INFO_free releases memory associated with |info|.
+OPENSSL_EXPORT void X509_INFO_free(X509_INFO *info);
+
+
// Deprecated functions.
// X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
@@ -3183,6 +3209,7 @@
BORINGSSL_MAKE_DELETER(X509_CRL, X509_CRL_free)
BORINGSSL_MAKE_UP_REF(X509_CRL, X509_CRL_up_ref)
BORINGSSL_MAKE_DELETER(X509_EXTENSION, X509_EXTENSION_free)
+BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free)
BORINGSSL_MAKE_DELETER(X509_LOOKUP, X509_LOOKUP_free)
BORINGSSL_MAKE_DELETER(X509_NAME, X509_NAME_free)
BORINGSSL_MAKE_DELETER(X509_NAME_ENTRY, X509_NAME_ENTRY_free)
