Replace X509_LOOKUP_ctrl with real functions

Gain some type-checking. Change-Id: I21524e0507f2c6b12d9f431a8cc6e82e28c94e24 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64248 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com> (cherry picked from commit 2ff409e4bdca763654d68da147cef4fe572ee4f8)
aws · Apr 19, 2024 · 9826568 · 9826568
1 parent e47c056
commit 9826568
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 8 deletions.
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
@@ -397,3 +397,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
   BUF_MEM_free(b);
   return ok;
 }
+
+int X509_LOOKUP_add_dir(X509_LOOKUP *lookup, const char *name, int type) {
+  return X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, name, type, NULL);
+}
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
@@ -263,3 +263,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) {
   sk_X509_INFO_pop_free(inf, X509_INFO_free);
   return count;
 }
+
+int X509_LOOKUP_load_file(X509_LOOKUP *lookup, const char *name, int type) {
+  return X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, name, type, NULL);
+}
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
@@ -2742,10 +2742,6 @@ struct X509_algor_st {
 
 // Functions below this point have not yet been organized into sections.
 
-#define X509_FILETYPE_PEM 1
-#define X509_FILETYPE_ASN1 2
-#define X509_FILETYPE_DEFAULT 3
-
 #define X509v3_KU_DIGITAL_SIGNATURE 0x0080
 #define X509v3_KU_NON_REPUDIATION 0x0040
 #define X509v3_KU_KEY_ENCIPHERMENT 0x0020
@@ -2920,11 +2916,27 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define X509_L_FILE_LOAD 1
 #define X509_L_ADD_DIR 2
 
-#define X509_LOOKUP_load_file(x, name, type) \
-  X509_LOOKUP_ctrl((x), X509_L_FILE_LOAD, (name), (long)(type), NULL)
+// The following constants are used to specify the format of files in an
+// |X509_LOOKUP|.
+#define X509_FILETYPE_PEM 1
+#define X509_FILETYPE_ASN1 2
+#define X509_FILETYPE_DEFAULT 3
 
-#define X509_LOOKUP_add_dir(x, name, type) \
-  X509_LOOKUP_ctrl((x), X509_L_ADD_DIR, (name), (long)(type), NULL)
+// X509_LOOKUP_load_file configures |lookup| to load information from the file
+// at |path|. It returns one on success and zero on error. |type| should be one
+// of the |X509_FILETYPE_*| constants to determine if the contents are PEM or
+// DER. If |type| is |X509_FILETYPE_DEFAULT|, |path| is ignored and instead some
+// default system path is used.
+OPENSSL_EXPORT int X509_LOOKUP_load_file(X509_LOOKUP *lookup, const char *path,
+                                         int type);
+
+// X509_LOOKUP_add_dir configures |lookup| to load information from the
+// directory at |path|. It returns one on success and zero on error. |type|
+// should be one of the |X509_FILETYPE_*| constants to determine if the contents
+// are PEM or DER. If |type| is |X509_FILETYPE_DEFAULT|, |path| is ignored and
+// instead some default system path is used.
+OPENSSL_EXPORT int X509_LOOKUP_add_dir(X509_LOOKUP *lookup, const char *path,
+                                       int type);
 
 #define X509_V_OK 0
 #define X509_V_ERR_UNSPECIFIED 1