Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / e99801b603dea8893dcc61c70b327ef2d00b652c^! / . / src / include / openssl / pkcs8.h
commite99801b603dea8893dcc61c70b327ef2d00b652c[log] [tgz]
authorKenny Root <kroot@google.com>Fri Nov 06 15:31:15 2015 -0800
committerKenny Root <kroot@google.com>Fri Nov 06 15:31:15 2015 -0800
tree37655d933cb72bcd7553af526581d3e24e051d7d
parent8cd47e1f90ee6c1dbedb462b252c8e1e7b079e38 [diff] [blame]
Revert "Revert "external/boringssl: sync with upstream.""

This reverts commit 03bcf618b7ed811b305845461fbb5497dfe55ac3.

No changes here. trusty build was fixed with the required rules.mk changes.

diff --git a/src/include/openssl/pkcs8.h b/src/include/openssl/pkcs8.h
index bb6b03c..6b51f85 100644
--- a/src/include/openssl/pkcs8.h
+++ b/src/include/openssl/pkcs8.h

@@ -106,6 +106,14 @@
                                                       const uint8_t *pass_raw,
                                                       size_t pass_raw_len);
 
+/* PKCS12_get_key_and_certs parses a PKCS#12 structure from |in|, authenticates
+ * and decrypts it using |password|, sets |*out_key| to the included private
+ * key and appends the included certificates to |out_certs|. It returns one on
+ * success and zero on error. The caller takes ownership of the outputs. */
+OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key,
+                                            STACK_OF(X509) *out_certs,
+                                            CBS *in, const char *password);
+
 
 /* Deprecated functions. */
 
@@ -127,17 +135,6 @@
                                                   const char *pass,
                                                   int pass_len);
 
-/* PKCS12_get_key_and_certs parses a PKCS#12 structure from |in|, authenticates
- * and decrypts it using |password|, sets |*out_key| to the included private
- * key and appends the included certificates to |out_certs|. It returns one on
- * success and zero on error. The caller takes ownership of the outputs. */
-OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key,
-                                            STACK_OF(X509) *out_certs,
-                                            CBS *in, const char *password);
-
-
-/* Deprecated functions. */
-
 /* PKCS12_PBE_add does nothing. It exists for compatibility with OpenSSL. */
 OPENSSL_EXPORT void PKCS12_PBE_add(void);
 
@@ -169,9 +166,21 @@
                                 EVP_PKEY **out_pkey, X509 **out_cert,
                                 STACK_OF(X509) **out_ca_certs);
 
+/* PKCS12_verify_mac returns one if |password| is a valid password for |p12|
+ * and zero otherwise. Since |PKCS12_parse| doesn't take a length parameter,
+ * it's not actually possible to use a non-NUL-terminated password to actually
+ * get anything from a |PKCS12|. Thus |password| and |password_len| may be
+ * |NULL| and zero, respectively, or else |password_len| may be -1, or else
+ * |password[password_len]| must be zero and no other NUL bytes may appear in
+ * |password|. If the |password_len| checks fail, zero is returned
+ * immediately. */
+OPENSSL_EXPORT int PKCS12_verify_mac(const PKCS12 *p12, const char *password,
+                                     int password_len);
+
 /* PKCS12_free frees |p12| and its contents. */
 OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12);
 
+
 #if defined(__cplusplus)
 }  /* extern C */
 #endif