Some miscellaneous openssl/x509.h documentation fixes

davidben · dkostic · commit 659767495a8d · 2024-06-17T09:44:08.000-07:00
Bug: 426 Change-Id: Ie1ba74a940db1525926da1856bb98d350d977674 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65149 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com> (cherry picked from commit 2a88b4b65da2794378044be9d125ce987ffd39f3)
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
@@ -513,17 +513,17 @@ int X509_NAME_set(X509_NAME **xn, X509_NAME *name) {
 
 int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) { return ne->set; }
 
-int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
-                       size_t *pderlen) {
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **out_der,
+                       size_t *out_der_len) {
   // Make sure encoding is valid
   if (i2d_X509_NAME(nm, NULL) <= 0) {
     return 0;
   }
-  if (pder != NULL) {
-    *pder = (unsigned char *)nm->bytes->data;
+  if (out_der != NULL) {
+    *out_der = (unsigned char *)nm->bytes->data;
   }
-  if (pderlen != NULL) {
-    *pderlen = nm->bytes->length;
+  if (out_der_len != NULL) {
+    *out_der_len = nm->bytes->length;
   }
   return 1;
 }
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
@@ -277,7 +277,7 @@ OPENSSL_EXPORT uint32_t X509_get_extension_flags(X509 *x509);
 //
 // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
 // invalid extensions. To detect the error case, call
-// |X509_get_extensions_flags| and check the |EXFLAG_INVALID| bit.
+// |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
 OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
 
 // X509v3_KU_* are key usage bits returned from |X509_get_key_usage|.
@@ -336,7 +336,7 @@ OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x509);
 //
 // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
 // invalid extensions. To detect the error case, call
-// |X509_get_extensions_flags| and check the |EXFLAG_INVALID| bit.
+// |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
 OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509);
 
 // X509_get0_authority_key_id returns keyIdentifier of |x509|'s authority key
@@ -347,7 +347,7 @@ OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509);
 //
 // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
 // invalid extensions. To detect the error case, call
-// |X509_get_extensions_flags| and check the |EXFLAG_INVALID| bit.
+// |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
 OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x509);
 
 DEFINE_STACK_OF(GENERAL_NAME)
@@ -361,7 +361,7 @@ typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
 //
 // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
 // invalid extensions. To detect the error case, call
-// |X509_get_extensions_flags| and check the |EXFLAG_INVALID| bit.
+// |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
 OPENSSL_EXPORT const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509);
 
 // X509_get0_authority_serial returns the authorityCertSerialNumber of |x509|'s
@@ -372,7 +372,7 @@ OPENSSL_EXPORT const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509);
 //
 // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
 // invalid extensions. To detect the error case, call
-// |X509_get_extensions_flags| and check the |EXFLAG_INVALID| bit.
+// |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
 OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509);
 
 // X509_get0_extensions returns |x509|'s extension list, or NULL if |x509| omits
@@ -1427,12 +1427,17 @@ OPENSSL_EXPORT X509_NAME *X509_NAME_dup(X509_NAME *name);
 // Although even the library itself passes this to a sorting function.
 OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 
-// X509_NAME_get0_der sets |*out_der| and |*out_der_len|
+// X509_NAME_get0_der marshals |name| as a DER-encoded X.509 Name (RFC 5280). On
+// success, it returns one and sets |*out_der| and |*out_der_len| to a buffer
+// containing the result. Otherwise, it returns zero. |*out_der| is owned by
+// |name| and must not be freed by the caller. It is invalidated after |name| is
+// mutated or freed.
 //
 // Avoid this function and prefer |i2d_X509_NAME|. It is one of the reasons
-// these functions are not consistently thread-safe or const-correct. Depending
-// on the resolution of https://crbug.com/boringssl/407, this function may be
-// removed or cause poor performance.
+// |X509_NAME| functions, including this one, are not consistently thread-safe
+// or const-correct. Depending on the resolution of
+// https://crbug.com/boringssl/407, this function may be removed or cause poor
+// performance.
 OPENSSL_EXPORT int X509_NAME_get0_der(X509_NAME *name, const uint8_t **out_der,
                                       size_t *out_der_len);
 

Original file line number	Diff line number	Diff line change
`@@ -513,17 +513,17 @@ int X509_NAME_set(X509_NAME *xn, X509_NAME name) {`
`513`	`513`
`514`	`514`	`int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) { return ne->set; }`
`515`	`515`
`516`		`-int X509_NAME_get0_der(X509_NAME nm, const unsigned char *pder,`
`517`		`- size_t *pderlen) {`
	`516`	`+int X509_NAME_get0_der(X509_NAME nm, const unsigned char *out_der,`
	`517`	`+ size_t *out_der_len) {`
`518`	`518`	`// Make sure encoding is valid`
`519`	`519`	`if (i2d_X509_NAME(nm, NULL) <= 0) {`
`520`	`520`	`return 0;`
`521`	`521`	`}`
`522`		`- if (pder != NULL) {`
`523`		`- pder = (unsigned char )nm->bytes->data;`
	`522`	`+ if (out_der != NULL) {`
	`523`	`+ out_der = (unsigned char )nm->bytes->data;`
`524`	`524`	`}`
`525`		`- if (pderlen != NULL) {`
`526`		`- *pderlen = nm->bytes->length;`
	`525`	`+ if (out_der_len != NULL) {`
	`526`	`+ *out_der_len = nm->bytes->length;`
`527`	`527`	`}`
`528`	`528`	`return 1;`
`529`	`529`	`}`