Unexport a couple internal PEM functions from pem.h
These aren't used externally. While I'm here, const-correct
PEM_do_header. Really we could have just made these file-local except
that PEM_X509_INFO_read_bio does something weird.
Bug: 42290574
Change-Id: I455b9c31da0efb854925bbe38797d3c0e221fcdf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/74807
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/build.json b/build.json
index 6ffa520..4d3fb4e 100644
--- a/build.json
+++ b/build.json
@@ -533,6 +533,7 @@
"crypto/lhash/internal.h",
"crypto/md5/internal.h",
"crypto/obj/obj_dat.h",
+ "crypto/pem/internal.h",
"crypto/pkcs7/internal.h",
"crypto/pkcs8/internal.h",
"crypto/poly1305/internal.h",
diff --git a/crypto/pem/internal.h b/crypto/pem/internal.h
new file mode 100644
index 0000000..3cfc8ac
--- /dev/null
+++ b/crypto/pem/internal.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_HEADER_PEM_INTERNAL_H
+#define OPENSSL_HEADER_PEM_INTERNAL_H
+
+#include <openssl/pem.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+// PEM_get_EVP_CIPHER_INFO decodes |header| as a PEM header block and writes the
+// specified cipher and IV to |cipher|. It returns one on success and zero on
+// error. |header| must be a NUL-terminated string. If |header| does not
+// specify encryption, this function will return success and set
+// |cipher->cipher| to NULL.
+//
+// WARNING: This function will internally write to the string pointed by
+// |header|. |header| must not point to constant storage.
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
+
+// PEM_do_header decrypts |*len| bytes from |data| in-place according to the
+// information in |cipher|. On success, it returns one and sets |*len| to the
+// length of the plaintext. Otherwise, it returns zero. If |cipher| specifies
+// encryption, the key is derived from a password returned from |callback|.
+int PEM_do_header(const EVP_CIPHER_INFO *cipher, uint8_t *data, long *len,
+ pem_password_cb *callback, void *u);
+
+
+#ifdef __cplusplus
+} // extern "C"
+#endif
+
+#endif // OPENSSL_HEADER_PEM_INTERNAL_H
diff --git a/crypto/pem/pem_info.cc b/crypto/pem/pem_info.cc
index 3c1d575..27d4edc 100644
--- a/crypto/pem/pem_info.cc
+++ b/crypto/pem/pem_info.cc
@@ -21,6 +21,8 @@
#include <openssl/rsa.h>
#include <openssl/x509.h>
+#include "internal.h"
+
static X509_PKEY *X509_PKEY_new(void) {
return reinterpret_cast<X509_PKEY *>(OPENSSL_zalloc(sizeof(X509_PKEY)));
diff --git a/crypto/pem/pem_lib.cc b/crypto/pem/pem_lib.cc
index a598010..6683bee 100644
--- a/crypto/pem/pem_lib.cc
+++ b/crypto/pem/pem_lib.cc
@@ -24,6 +24,7 @@
#include <openssl/x509.h>
#include "../internal.h"
+#include "internal.h"
#define MIN_LENGTH 4
@@ -326,8 +327,8 @@
return ret;
}
-int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
- pem_password_cb *callback, void *u) {
+int PEM_do_header(const EVP_CIPHER_INFO *cipher, unsigned char *data,
+ long *plen, pem_password_cb *callback, void *u) {
int i = 0, j, o, pass_len;
long len;
EVP_CIPHER_CTX ctx;
@@ -350,14 +351,14 @@
return 0;
}
- if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
+ if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), cipher->iv,
(unsigned char *)buf, pass_len, 1, key, NULL)) {
return 0;
}
j = (int)len;
EVP_CIPHER_CTX_init(&ctx);
- o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
+ o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, cipher->iv);
if (o) {
o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
}
diff --git a/gen/sources.bzl b/gen/sources.bzl
index 7a47551..f91b49e 100644
--- a/gen/sources.bzl
+++ b/gen/sources.bzl
@@ -633,6 +633,7 @@
"crypto/lhash/internal.h",
"crypto/md5/internal.h",
"crypto/obj/obj_dat.h",
+ "crypto/pem/internal.h",
"crypto/pkcs7/internal.h",
"crypto/pkcs8/internal.h",
"crypto/poly1305/internal.h",
diff --git a/gen/sources.cmake b/gen/sources.cmake
index 6d168c6..369a9e6 100644
--- a/gen/sources.cmake
+++ b/gen/sources.cmake
@@ -651,6 +651,7 @@
crypto/lhash/internal.h
crypto/md5/internal.h
crypto/obj/obj_dat.h
+ crypto/pem/internal.h
crypto/pkcs7/internal.h
crypto/pkcs8/internal.h
crypto/poly1305/internal.h
diff --git a/gen/sources.gni b/gen/sources.gni
index 1be0b74..d9862d9 100644
--- a/gen/sources.gni
+++ b/gen/sources.gni
@@ -633,6 +633,7 @@
"crypto/lhash/internal.h",
"crypto/md5/internal.h",
"crypto/obj/obj_dat.h",
+ "crypto/pem/internal.h",
"crypto/pkcs7/internal.h",
"crypto/pkcs8/internal.h",
"crypto/poly1305/internal.h",
diff --git a/gen/sources.json b/gen/sources.json
index c29dfcb..1b482e1 100644
--- a/gen/sources.json
+++ b/gen/sources.json
@@ -615,6 +615,7 @@
"crypto/lhash/internal.h",
"crypto/md5/internal.h",
"crypto/obj/obj_dat.h",
+ "crypto/pem/internal.h",
"crypto/pkcs7/internal.h",
"crypto/pkcs8/internal.h",
"crypto/poly1305/internal.h",
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 32fef2f..797e7f0 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -265,11 +265,6 @@
// "userdata": new with OpenSSL 0.9.4
typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
-OPENSSL_EXPORT int PEM_get_EVP_CIPHER_INFO(char *header,
- EVP_CIPHER_INFO *cipher);
-OPENSSL_EXPORT int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data,
- long *len, pem_password_cb *callback, void *u);
-
// PEM_read_bio reads from |bp|, until the next PEM block. If one is found, it
// returns one and sets |*name|, |*header|, and |*data| to newly-allocated
// buffers containing the PEM type, the header block, and the decoded data,
