Google Git
Sign in
boringssl / boringssl.git / 58abd2e6fa9cb8547f5a435c1a6921712a0578c5^! / .
commit58abd2e6fa9cb8547f5a435c1a6921712a0578c5[log] [tgz]
authorDavid Benjamin <davidben@google.com>Thu Jun 17 19:38:45 2021 -0400
committerAdam Langley <agl@google.com>Fri Jun 18 18:11:37 2021 +0000
tree60ea0509192f19380b8fbc3b3ce2f9ccb8afd36b
parent36ea4d11341182715e1dfe4e49cfb32219c2435b [diff]
Make X509_VERIFY_PARAM opaque.

Update-Note: Use setters instead of configuring X509_VERIFY_PARAM
directly.

Change-Id: I03ba0d17acc09604c1c20bf8f682e7bbc5642310
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48127
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index d556fe0..d984805 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h

@@ -112,7 +112,10 @@
   CRYPTO_refcount_t references;
 } /* X509_REQ */;
 
-struct X509_VERIFY_PARAM_ID_st {
+// TODO(davidben): This was historically a separate struct because
+// |X509_VERIFY_PARAM| used to be exported. Now that it is also opaque, embed it
+// directly.
+typedef struct {
   STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
   unsigned int hostflags;          /* Flags to control matching features */
   char *peername;                  /* Matching hostname in peer certificate */
@@ -121,7 +124,19 @@
   unsigned char *ip;    /* If not NULL IP address to match */
   size_t iplen;         /* Length of IP address */
   unsigned char poison; /* Fail all verifications */
-};
+} X509_VERIFY_PARAM_ID;
+
+struct X509_VERIFY_PARAM_st {
+  char *name;
+  time_t check_time;                // Time to use
+  unsigned long inh_flags;          // Inheritance flags
+  unsigned long flags;              // Various verify flags
+  int purpose;                      // purpose to check untrusted certificates
+  int trust;                        // trust setting to check
+  int depth;                        // Verify depth
+  STACK_OF(ASN1_OBJECT) *policies;  // Permissible policies
+  X509_VERIFY_PARAM_ID *id;         // opaque ID data
+} /* X509_VERIFY_PARAM */;
 
 
 /* RSA-PSS functions. */

diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 3bc5878..9b99f4a 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h

@@ -132,24 +132,6 @@
                       X509_OBJECT *ret);
 } X509_LOOKUP_METHOD;
 
-typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
-
-// This structure hold all parameters associated with a verify operation
-// by including an X509_VERIFY_PARAM structure in related structures the
-// parameters used can be customized
-
-struct X509_VERIFY_PARAM_st {
-  char *name;
-  time_t check_time;                // Time to use
-  unsigned long inh_flags;          // Inheritance flags
-  unsigned long flags;              // Various verify flags
-  int purpose;                      // purpose to check untrusted certificates
-  int trust;                        // trust setting to check
-  int depth;                        // Verify depth
-  STACK_OF(ASN1_OBJECT) *policies;  // Permissible policies
-  X509_VERIFY_PARAM_ID *id;         // opaque ID data
-};
-
 DEFINE_STACK_OF(X509_VERIFY_PARAM)
 
 typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);