Google Git
Sign in
boringssl/boringssl/9f55d972854d0b34dae39c7cd3679d6ada3dfd5b^!/.
commit
9f55d972854d0b34dae39c7cd3679d6ada3dfd5b
[log]
author
David Benjamin <davidben@google.com>
Wed May 05 16:37:05 2021 -0400
committer
Adam Langley <agl@google.com>
Fri May 07 16:19:50 2021 +0000
tree
34f95a4d0dc3a42c47b938cb790edcd5ed6c258c
parent
9fc6174162473252e573a13ded1c2e644885b272 [diff]
Make X509_SIG and X509_CERT_AUX opaque.

I meant to grab more interesting types this round, but I missed a few
spots. We should be able to get these out of the way though.

Update-Note: Direct access of these structs should be replaced by
accessors.

Change-Id: I43cb8f949d53754cfebef2f84be66e89d2b96f96
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47384
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index a5f31c2..1e5a7d9 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h

@@ -42,6 +42,14 @@
   STACK_OF(ASN1_TYPE) *set;
 } /* X509_ATTRIBUTE */;
 
+struct x509_cert_aux_st {
+  STACK_OF(ASN1_OBJECT) *trust;   // trusted uses
+  STACK_OF(ASN1_OBJECT) *reject;  // rejected uses
+  ASN1_UTF8STRING *alias;         // "friendly name"
+  ASN1_OCTET_STRING *keyid;       // key id of private key
+  STACK_OF(X509_ALGOR) *other;    // other unspecified info
+} /* X509_CERT_AUX */;
+
 
 /* RSA-PSS functions. */
 

diff --git a/crypto/x509/t_x509a.c b/crypto/x509/t_x509a.c
index 5436828..7fbb47b 100644
--- a/crypto/x509/t_x509a.c
+++ b/crypto/x509/t_x509a.c

@@ -60,6 +60,9 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
 
+#include "internal.h"
+
+
 /* X509_CERT_AUX and string set routines */
 
 int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)

diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index d3002e8..c95d6fc 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c

@@ -60,6 +60,8 @@
 #include <openssl/x509v3.h>
 
 #include "../x509v3/internal.h"
+#include "internal.h"
+
 
 static int tr_cmp(const X509_TRUST **a, const X509_TRUST **b);
 static void trtable_free(X509_TRUST *p);

diff --git a/crypto/x509/x_sig.c b/crypto/x509/x_sig.c
index ca08c64..8f9a5b7 100644
--- a/crypto/x509/x_sig.c
+++ b/crypto/x509/x_sig.c

@@ -61,6 +61,11 @@
 #include <openssl/x509.h>
 
 
+struct X509_sig_st {
+  X509_ALGOR *algor;
+  ASN1_OCTET_STRING *digest;
+} /* X509_SIG */;
+
 ASN1_SEQUENCE(X509_SIG) = {
         ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
         ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)

diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c
index 823fa5c..fca02a6 100644
--- a/crypto/x509/x_x509a.c
+++ b/crypto/x509/x_x509a.c

@@ -61,6 +61,9 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
 
+#include "internal.h"
+
+
 /*
  * X509_CERT_AUX routines. These are used to encode additional user
  * modifiable data about a certificate. This data is appended to the X509

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 67153c4..3e1435b 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h

@@ -115,11 +115,6 @@
 
 typedef STACK_OF(X509_ALGOR) X509_ALGORS;
 
-struct X509_sig_st {
-  X509_ALGOR *algor;
-  ASN1_OCTET_STRING *digest;
-} /* X509_SIG */;
-
 struct X509_name_entry_st {
   ASN1_OBJECT *object;
   ASN1_STRING *value;
@@ -192,14 +187,6 @@
 // stores and databases. When used this is tagged onto
 // the end of the certificate itself
 
-struct x509_cert_aux_st {
-  STACK_OF(ASN1_OBJECT) *trust;   // trusted uses
-  STACK_OF(ASN1_OBJECT) *reject;  // rejected uses
-  ASN1_UTF8STRING *alias;         // "friendly name"
-  ASN1_OCTET_STRING *keyid;       // key id of private key
-  STACK_OF(X509_ALGOR) *other;    // other unspecified info
-} /* X509_CERT_AUX */;
-
 DECLARE_STACK_OF(DIST_POINT)
 DECLARE_STACK_OF(GENERAL_NAME)