Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 5127db3b4d59066126a1f8c8f7fdf4841a8c58b9^! / . / include / openssl / pkcs8.h
commit5127db3b4d59066126a1f8c8f7fdf4841a8c58b9[log] [tgz]
authorAdam Langley <agl@google.com>Fri Sep 19 10:49:56 2014 -0700
committerAdam Langley <agl@google.com>Sat Sep 20 00:10:03 2014 +0000
tree7a31618dc3251d389cba75d20b71bafc52b3d307
parent588d2528d1e9e7d1c076563e47ecbfabc6e49cb1 [diff] [blame]
Provide compatibility functions for PKCS#12 parsing.

In order to minimise the upstream diffs needed for bits of Android to
build with BoringSSL, this change implements the old style PKCS#12
functions as wrappers around the modern parser.

The function to read all the contents of a BIO could almost be a utility
function but I'll wait until there are two uses for it first.

The important change from the original functions is that these will
always read the complete buffer/BIO/FILE passed in. Based on a survey of
uses of d2i_PKCS12 that I found, this appears to be universally what
callers want anyway.

Change-Id: I3f5b84e710b161d975f91f4d16c83d44371368d1
Reviewed-on: https://boringssl-review.googlesource.com/1791
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/pkcs8.h b/include/openssl/pkcs8.h
index 26f15e7..8735387 100644
--- a/include/openssl/pkcs8.h
+++ b/include/openssl/pkcs8.h

@@ -59,6 +59,8 @@
 
 #include <openssl/base.h>
 
+#include <stdio.h>
+
 #include <openssl/x509.h>
 
 #if defined(__cplusplus)
@@ -129,9 +131,42 @@
                                             STACK_OF(X509) *out_certs,
                                             CBS *in, const char *password);
 
+
+/* Deprecated functions. */
+
 /* PKCS12_PBE_add does nothing. It exists for compatibility with OpenSSL. */
 OPENSSL_EXPORT void PKCS12_PBE_add();
 
+/* d2i_PKCS12 is a dummy function that copies |*ber_bytes| into a
+ * |PKCS12| structure. The |out_p12| argument must be NULL. On exit,
+ * |*ber_bytes| will be advanced by |ber_len|. It returns a fresh |PKCS12|
+ * structure or NULL on error.
+ *
+ * Note: unlike other d2i functions, |d2i_PKCS12| will always consume |ber_len|
+ * bytes.*/
+OPENSSL_EXPORT PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes,
+                                  size_t ber_len);
+
+/* d2i_PKCS12_bio acts like |d2i_PKCS12| but reads from a |BIO|. */
+OPENSSL_EXPORT PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12);
+
+/* d2i_PKCS12_fp acts like |d2i_PKCS12| but reads from a |FILE|. */
+OPENSSL_EXPORT PKCS12* d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12);
+
+/* PKCS12_parse calls |PKCS12_get_key_and_certs| on the ASN.1 data stored in
+ * |p12|. The |out_pkey| and |out_cert| arguments must not be NULL and, on
+ * successful exit, the private key and first certificate will be stored in
+ * them. The |out_ca_certs| argument may be NULL but, if not, then any extra
+ * certificates will be appended to |*out_ca_certs|. If |*out_ca_certs| is NULL
+ * then it will be set to a freshly allocated stack containing the extra certs.
+ *
+ * It returns one on success and zero on error. */
+OPENSSL_EXPORT int PKCS12_parse(const PKCS12 *p12, const char *password,
+                                EVP_PKEY **out_pkey, X509 **out_cert,
+                                STACK_OF(X509) **out_ca_certs);
+
+/* PKCS12_free frees |p12| and its contents. */
+OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12);
 
 #if defined(__cplusplus)
 }  /* extern C */