Trim X509_INFO and move to crypto/pem

X509_INFO only exists to be a return value to PEM_X509_INFO_read. There
is no use in letting callers create these objects, since they cannot do
anything with it. Only X509_INFO_free is needed.

Also cut a ton of unused fields from X509_PKEY.

Change-Id: I322589f04883903e1fe5c23c3966ecf631e85b7f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64127
Commit-Queue: Bob Beck <[email protected]>
Auto-Submit: David Benjamin <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Reviewed-by: Bob Beck <[email protected]>

(cherry picked from commit fcd464ce97d96fd0278ad3082a8429022ae2c4d7)

Author: davidben

crypto/CMakeLists.txt

@@ -484,9 +484,7 @@ add_library(
   x509/x_attrib.c
   x509/x_crl.c
   x509/x_exten.c
-  x509/x_info.c
   x509/x_name.c
-  x509/x_pkey.c
   x509/x_pubkey.c
   x509/x_req.c
   x509/x_sig.c

crypto/pem/pem_info.c

@@ -69,6 +69,37 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 
+
+static X509_PKEY *X509_PKEY_new(void) {
+  return OPENSSL_zalloc(sizeof(X509_PKEY));
+}
+
+static void X509_PKEY_free(X509_PKEY *x) {
+  if (x == NULL) {
+    return;
+  }
+
+  EVP_PKEY_free(x->dec_pkey);
+  OPENSSL_free(x);
+}
+
+static X509_INFO *X509_INFO_new(void) {
+  return OPENSSL_zalloc(sizeof(X509_INFO));
+}
+
+void X509_INFO_free(X509_INFO *x) {
+  if (x == NULL) {
+    return;
+  }
+
+  X509_free(x->x509);
+  X509_CRL_free(x->crl);
+  X509_PKEY_free(x->x_pkey);
+  OPENSSL_free(x->enc_data);
+  OPENSSL_free(x);
+}
+
+
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                         pem_password_cb *cb, void *u) {
   BIO *b = BIO_new_fp(fp, BIO_NOCLOSE);

crypto/x509/x_info.c

@@ -1,94 +0,0 @@
-/* Copyright (C) 1995-1998 Eric Young ([email protected])
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young ([email protected]).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson ([email protected]).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young ([email protected])"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson ([email protected])"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.] */
-
-#include <openssl/x509.h>
-
-#include <openssl/asn1.h>
-#include <openssl/err.h>
-#include <openssl/mem.h>
-#include <openssl/thread.h>
-#include <assert.h>
-
-X509_INFO *X509_INFO_new(void) {
-  X509_INFO *ret = NULL;
-
-  ret = (X509_INFO *)OPENSSL_zalloc(sizeof(X509_INFO));
-  if (ret == NULL) {
-    return NULL;
-  }
-
-  return ret;
-}
-
-void X509_INFO_free(X509_INFO *x) {
-  if (x == NULL) {
-    return;
-  }
-
-  if (x->x509 != NULL) {
-    X509_free(x->x509);
-  }
-  if (x->crl != NULL) {
-    X509_CRL_free(x->crl);
-  }
-  if (x->x_pkey != NULL) {
-    X509_PKEY_free(x->x_pkey);
-  }
-  if (x->enc_data != NULL) {
-    OPENSSL_free(x->enc_data);
-  }
-  OPENSSL_free(x);
-}

crypto/x509/x_pkey.c

@@ -353,6 +353,25 @@ OPENSSL_EXPORT int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name,
                                       unsigned char *kstr, int klen,
                                       pem_password_cb *cb, void *u);
 
+struct private_key_st {
+  EVP_PKEY *dec_pkey;
+} /* X509_PKEY */;
+
+struct X509_info_st {
+  X509 *x509;
+  X509_CRL *crl;
+  X509_PKEY *x_pkey;
+
+  EVP_CIPHER_INFO enc_cipher;
+  int enc_len;
+  char *enc_data;
+} /* X509_INFO */;
+
+DEFINE_STACK_OF(X509_INFO)
+
+// X509_INFO_free releases memory associated with |info|.
+OPENSSL_EXPORT void X509_INFO_free(X509_INFO *info);
+
 OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(
     BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
 
@@ -460,7 +479,18 @@ OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x,
 
 
 #ifdef __cplusplus
-}
+}  // extern "C"
+
+#if !defined(BORINGSSL_NO_CXX)
+extern "C++" {
+BSSL_NAMESPACE_BEGIN
+
+BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free)
+
+BSSL_NAMESPACE_END
+}  // extern "C++"
+#endif  // !BORINGSSL_NO_CXX
+
 #endif
 
 #define PEM_R_BAD_BASE64_DECODE 100

include/openssl/pem.h

@@ -2737,37 +2737,6 @@ DEFINE_STACK_OF(X509_TRUST)
 
 DECLARE_STACK_OF(GENERAL_NAMES)
 
-struct private_key_st {
-  int version;
-  // The PKCS#8 data types
-  X509_ALGOR *enc_algor;
-  ASN1_OCTET_STRING *enc_pkey;  // encrypted pub key
-
-  // When decrypted, the following will not be NULL
-  EVP_PKEY *dec_pkey;
-
-  // used to encrypt and decrypt
-  int key_length;
-  char *key_data;
-  int key_free;  // true if we should auto free key_data
-
-  // expanded version of 'enc_algor'
-  EVP_CIPHER_INFO cipher;
-} /* X509_PKEY */;
-
-struct X509_info_st {
-  X509 *x509;
-  X509_CRL *crl;
-  X509_PKEY *x_pkey;
-
-  EVP_CIPHER_INFO enc_cipher;
-  int enc_len;
-  char *enc_data;
-
-} /* X509_INFO */;
-
-DEFINE_STACK_OF(X509_INFO)
-
 // X509_verify_cert_error_string returns |err| as a human-readable string, where
 // |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
 // a default description.
@@ -2783,12 +2752,6 @@ OPENSSL_EXPORT const char *X509_get_default_private_dir(void);
 
 OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);
 
-OPENSSL_EXPORT X509_PKEY *X509_PKEY_new(void);
-OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a);
-
-OPENSSL_EXPORT X509_INFO *X509_INFO_new(void);
-OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a);
-
 OPENSSL_EXPORT int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
 
 OPENSSL_EXPORT int X509_check_private_key(X509 *x509, const EVP_PKEY *pkey);
@@ -3400,12 +3363,10 @@ BORINGSSL_MAKE_DELETER(X509_ATTRIBUTE, X509_ATTRIBUTE_free)
 BORINGSSL_MAKE_DELETER(X509_CRL, X509_CRL_free)
 BORINGSSL_MAKE_UP_REF(X509_CRL, X509_CRL_up_ref)
 BORINGSSL_MAKE_DELETER(X509_EXTENSION, X509_EXTENSION_free)
-BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free)
 BORINGSSL_MAKE_DELETER(X509_LOOKUP, X509_LOOKUP_free)
 BORINGSSL_MAKE_DELETER(X509_OBJECT, X509_OBJECT_free)
 BORINGSSL_MAKE_DELETER(X509_NAME, X509_NAME_free)
 BORINGSSL_MAKE_DELETER(X509_NAME_ENTRY, X509_NAME_ENTRY_free)
-BORINGSSL_MAKE_DELETER(X509_PKEY, X509_PKEY_free)
 BORINGSSL_MAKE_DELETER(X509_PUBKEY, X509_PUBKEY_free)
 BORINGSSL_MAKE_DELETER(X509_REQ, X509_REQ_free)
 BORINGSSL_MAKE_DELETER(X509_REVOKED, X509_REVOKED_free)