Trim some undocumented symbols from asn1.h.
ASN1_ENCODING can be unexported because all types using it are now
hidden. This does mean external uses of <openssl/asn1t.h> can no longer
use ASN1_SEQUENCE_enc, but there do not seem to be any such uses.
ASN1_TLC and ASN1_TEMPLATE typedefs are only necessary for users of
asn1t.h. I'm hopeful we can do away with ASN1_TLC once I get to
reworking tasn_dec.c. ASN1_TEMPLATE is somewhat stuck, though all
references should be hidden behind macros.
ASN1_generate_* appear to only referenced within the library. Remove the
unused one and move the other to x509/internal.h. (asn1_gen.c is
currently in crypto/x509 rather than crypto/asn1, so I put it in
x509/internal.h to match. I'll leave figuring out that file to later.)
Annoyingly, asn1/internal.h now pulls in asn1t.h, but so it goes.
Change-Id: I8b43de3fa9647883103006e27907730d5531fd7d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/50106
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/asn1/internal.h b/crypto/asn1/internal.h
index 4190e61..5bdaac8 100644
--- a/crypto/asn1/internal.h
+++ b/crypto/asn1/internal.h
@@ -62,6 +62,7 @@
#include <time.h>
#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
#if defined(__cplusplus)
extern "C" {
@@ -108,6 +109,23 @@
ASN1_OBJECT *ASN1_OBJECT_new(void);
+// ASN1_ENCODING structure: this is used to save the received
+// encoding of an ASN1 type. This is useful to get round
+// problems with invalid encodings which can break signatures.
+typedef struct ASN1_ENCODING_st {
+ unsigned char *enc; // DER encoding
+ long len; // Length of encoding
+ int modified; // set to 1 if 'enc' is invalid
+ // alias_only is zero if |enc| owns the buffer that it points to
+ // (although |enc| may still be NULL). If one, |enc| points into a
+ // buffer that is owned elsewhere.
+ unsigned alias_only : 1;
+ // alias_only_on_next_parse is one iff the next parsing operation
+ // should avoid taking a copy of the input and rather set
+ // |alias_only|.
+ unsigned alias_only_on_next_parse : 1;
+} ASN1_ENCODING;
+
int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
diff --git a/crypto/x509/asn1_gen.c b/crypto/x509/asn1_gen.c
index f61fdde..f1a20e0 100644
--- a/crypto/x509/asn1_gen.c
+++ b/crypto/x509/asn1_gen.c
@@ -66,6 +66,7 @@
#include "../internal.h"
#include "../x509v3/internal.h"
+#include "internal.h"
/*
* Although this file is in crypto/x509 for layering purposes, it emits
@@ -136,17 +137,6 @@
static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
static int asn1_str2tag(const char *tagstr, int len);
-ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf)
-{
- X509V3_CTX cnf;
-
- if (!nconf)
- return ASN1_generate_v3(str, NULL);
-
- X509V3_set_nconf(&cnf, nconf);
- return ASN1_generate_v3(str, &cnf);
-}
-
ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
{
int err = 0;
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index 7bb97e1..4592087 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -63,6 +63,8 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
+#include "../asn1/internal.h"
+
#if defined(__cplusplus)
extern "C" {
#endif
@@ -356,6 +358,8 @@
CRYPTO_EX_DATA ex_data;
} /* X509_STORE_CTX */;
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+
/* RSA-PSS functions. */
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index 0c55816..ce1c6e5 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -64,6 +64,7 @@
#include <openssl/obj.h>
#include <openssl/x509v3.h>
+#include "../x509/internal.h"
#include "internal.h"
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index f216d65..da97e7b 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -1806,29 +1806,6 @@
//
// The following functions are not yet documented and organized.
-// ASN1_ENCODING structure: this is used to save the received
-// encoding of an ASN1 type. This is useful to get round
-// problems with invalid encodings which can break signatures.
-
-typedef struct ASN1_ENCODING_st {
- unsigned char *enc; // DER encoding
- long len; // Length of encoding
- int modified; // set to 1 if 'enc' is invalid
- // alias_only is zero if |enc| owns the buffer that it points to
- // (although |enc| may still be NULL). If one, |enc| points into a
- // buffer that is owned elsewhere.
- unsigned alias_only : 1;
- // alias_only_on_next_parse is one iff the next parsing operation
- // should avoid taking a copy of the input and rather set
- // |alias_only|.
- unsigned alias_only_on_next_parse : 1;
-} ASN1_ENCODING;
-
-// Declarations for template structures: for full definitions
-// see asn1t.h
-typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
-typedef struct ASN1_TLC_st ASN1_TLC;
-
// Declare ASN1 functions: the implement macro in in asn1t.h
#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
@@ -1867,11 +1844,6 @@
typedef void *d2i_of_void(void **, const unsigned char **, long);
typedef int i2d_of_void(const void *, unsigned char **);
-// ASN1 template functions
-
-OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
-OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
-
#if defined(__cplusplus)
} // extern C
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index 337bc40..dccbd1a 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -72,6 +72,9 @@
* |CBB| library in <openssl/bytestring.h> instead. */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_TLC_st ASN1_TLC;
+
/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
