From 453dbf18dd376a1c05b81cf9759c65ccb8194c14 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Wed, 6 Dec 2023 13:43:40 -0500
Subject: [PATCH] Move KU_* back to <openssl/x509v3.h>

It turns out NSS and OpenSSL defined the same constants! All this time,
Chromium has inadvertently relied on KU_* being defined in
<openssl/x509v3.h> and not <openssl/x509.h>. Once we merged the two
headers, this broke.

Since we just deprecated these in favor of X509v3_KU_*, just move these
back into <openssl/x509v3.h>.

Change-Id: I93453527f30eee6df7630dc68c052c814aaeda02
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64607
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
(cherry picked from commit 540fcce9a5a8d92e4686d5d266dc19c91724ea0b)
---
 include/openssl/x509v3.h | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index c8e52be185e..80edd940e2c 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -12,6 +12,28 @@
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
 
-// This header is provided in order to make compiling against code that expects
-// OpenSSL easier.
+#ifndef OPENSSL_HEADER_X509V3_H
+#define OPENSSL_HEADER_X509V3_H
+
+// This header primarily exists in order to make compiling against code that
+// expects OpenSSL easier. We have merged this header into <openssl/x509.h>.
+// However, due to conflicts, some deprecated symbols are defined here.
 #include <openssl/x509.h>
+
+// Deprecated constants.
+
+// The following constants are legacy aliases for |X509v3_KU_*|. They are
+// defined here instead of in <openssl/x509.h> because NSS's public headers use
+// the same symbols. Some callers have inadvertently relied on the conflicts
+// only being defined in this header.
+#define KU_DIGITAL_SIGNATURE X509v3_KU_DIGITAL_SIGNATURE
+#define KU_NON_REPUDIATION X509v3_KU_NON_REPUDIATION
+#define KU_KEY_ENCIPHERMENT X509v3_KU_KEY_ENCIPHERMENT
+#define KU_DATA_ENCIPHERMENT X509v3_KU_DATA_ENCIPHERMENT
+#define KU_KEY_AGREEMENT X509v3_KU_KEY_AGREEMENT
+#define KU_KEY_CERT_SIGN X509v3_KU_KEY_CERT_SIGN
+#define KU_CRL_SIGN X509v3_KU_CRL_SIGN
+#define KU_ENCIPHER_ONLY X509v3_KU_ENCIPHER_ONLY
+#define KU_DECIPHER_ONLY X509v3_KU_DECIPHER_ONLY
+
+#endif  // OPENSSL_HEADER_X509V3_H