Make X509_SIG and X509_CERT_AUX opaque.
I meant to grab more interesting types this round, but I missed a few
spots. We should be able to get these out of the way though.
Update-Note: Direct access of these structs should be replaced by
accessors.
Change-Id: I43cb8f949d53754cfebef2f84be66e89d2b96f96
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47384
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index a5f31c2..1e5a7d9 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -42,6 +42,14 @@
STACK_OF(ASN1_TYPE) *set;
} /* X509_ATTRIBUTE */;
+struct x509_cert_aux_st {
+ STACK_OF(ASN1_OBJECT) *trust; // trusted uses
+ STACK_OF(ASN1_OBJECT) *reject; // rejected uses
+ ASN1_UTF8STRING *alias; // "friendly name"
+ ASN1_OCTET_STRING *keyid; // key id of private key
+ STACK_OF(X509_ALGOR) *other; // other unspecified info
+} /* X509_CERT_AUX */;
+
/* RSA-PSS functions. */
diff --git a/crypto/x509/t_x509a.c b/crypto/x509/t_x509a.c
index 5436828..7fbb47b 100644
--- a/crypto/x509/t_x509a.c
+++ b/crypto/x509/t_x509a.c
@@ -60,6 +60,9 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "internal.h"
+
+
/* X509_CERT_AUX and string set routines */
int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index d3002e8..c95d6fc 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -60,6 +60,8 @@
#include <openssl/x509v3.h>
#include "../x509v3/internal.h"
+#include "internal.h"
+
static int tr_cmp(const X509_TRUST **a, const X509_TRUST **b);
static void trtable_free(X509_TRUST *p);
diff --git a/crypto/x509/x_sig.c b/crypto/x509/x_sig.c
index ca08c64..8f9a5b7 100644
--- a/crypto/x509/x_sig.c
+++ b/crypto/x509/x_sig.c
@@ -61,6 +61,11 @@
#include <openssl/x509.h>
+struct X509_sig_st {
+ X509_ALGOR *algor;
+ ASN1_OCTET_STRING *digest;
+} /* X509_SIG */;
+
ASN1_SEQUENCE(X509_SIG) = {
ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c
index 823fa5c..fca02a6 100644
--- a/crypto/x509/x_x509a.c
+++ b/crypto/x509/x_x509a.c
@@ -61,6 +61,9 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "internal.h"
+
+
/*
* X509_CERT_AUX routines. These are used to encode additional user
* modifiable data about a certificate. This data is appended to the X509
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 67153c4..3e1435b 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -115,11 +115,6 @@
typedef STACK_OF(X509_ALGOR) X509_ALGORS;
-struct X509_sig_st {
- X509_ALGOR *algor;
- ASN1_OCTET_STRING *digest;
-} /* X509_SIG */;
-
struct X509_name_entry_st {
ASN1_OBJECT *object;
ASN1_STRING *value;
@@ -192,14 +187,6 @@
// stores and databases. When used this is tagged onto
// the end of the certificate itself
-struct x509_cert_aux_st {
- STACK_OF(ASN1_OBJECT) *trust; // trusted uses
- STACK_OF(ASN1_OBJECT) *reject; // rejected uses
- ASN1_UTF8STRING *alias; // "friendly name"
- ASN1_OCTET_STRING *keyid; // key id of private key
- STACK_OF(X509_ALGOR) *other; // other unspecified info
-} /* X509_CERT_AUX */;
-
DECLARE_STACK_OF(DIST_POINT)
DECLARE_STACK_OF(GENERAL_NAME)
