commit f8a8946841d2149dea1253fe3227d37313abdaaa
author Adam Langley <agl@google.com> Wed Oct 17 12:07:28 2018 -0700
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Oct 17 21:05:45 2018 +0000
tree 35fa935cd37c473355b2174313d4103c650f61e8
parent 4b968339e3ced2d498f4182cd725243bb6cca81b

Undo recent changes to |X509V3_EXT_conf_nid|.

cryptography.io wraps this function and so we have to keep the LHASH_OF
argument for now.

Change-Id: I4e071dee973c3931a4005678ce4135161a5861bd
Reviewed-on: https://boringssl-review.googlesource.com/c/32524
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>

decrepit/x509/x509_decrepit.c

diff --git a/decrepit/x509/x509_decrepit.c b/decrepit/x509/x509_decrepit.c
index 28015f3..5237754 100644
--- a/decrepit/x509/x509_decrepit.c
+++ b/decrepit/x509/x509_decrepit.c
@@ -12,11 +12,15 @@
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
 
-#include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
+#include <assert.h>
 
-X509_EXTENSION *X509V3_EXT_conf_nid(X509_MUST_BE_NULL *conf, X509V3_CTX *ctx,
+#include <openssl/conf.h>
+
+
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
                                     int ext_nid, char *value) {
+  assert(conf == NULL);
   return X509V3_EXT_nconf_nid(NULL, ctx, ext_nid, value);
 }

include/openssl/conf.h

diff --git a/include/openssl/conf.h b/include/openssl/conf.h
index 7aa76e1..ae71869 100644
--- a/include/openssl/conf.h
+++ b/include/openssl/conf.h
@@ -60,6 +60,7 @@
 #include <openssl/base.h>
 
 #include <openssl/stack.h>
+#include <openssl/lhash.h>
 
 #if defined(__cplusplus)
 extern "C" {
@@ -85,6 +86,7 @@
 };
 
 DEFINE_STACK_OF(CONF_VALUE)
+DECLARE_LHASH_OF(CONF_VALUE)
 
 
 // NCONF_new returns a fresh, empty |CONF|, or NULL on error. The |method|

include/openssl/x509v3.h

diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 7d1c306..4a654b5 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -58,6 +58,7 @@
 #include <openssl/bio.h>
 #include <openssl/conf.h>
 #include <openssl/x509.h>
+#include <openssl/lhash.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -611,8 +612,11 @@
 				  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
 OPENSSL_EXPORT void X509V3_conf_free(CONF_VALUE *val);
 
-typedef struct x509_must_be_null_st X509_MUST_BE_NULL;
-OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(X509_MUST_BE_NULL *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+// X509V3_EXT_conf_nid contains the only exposed instance of an LHASH in our
+// public headers. The |conf| pointer must be NULL but cryptography.io wraps
+// this function so we cannot, yet, replace the type with a dummy struct.
+OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+
 OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
 OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
 OPENSSL_EXPORT int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);