Make the X509_VAL structure opaque.
We aim to eventually make the entire X509 structure opaque, but let's
start small.
Update-Note: I believe this is now safe to do. If there are compile
failures, switch to X509_get0_notBefore, X509_getm_notBefore, and
X509_set1_notBefore, or revert this if I'm wrong and too many callers
still need updating.
Change-Id: I6e9d91630a10ac777e13ebcdeb543b3cbeea6383
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45965
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index 4957c1e..3d868ab 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -24,6 +24,14 @@
#endif
+/* Internal structures. */
+
+struct X509_val_st {
+ ASN1_TIME *notBefore;
+ ASN1_TIME *notAfter;
+} /* X509_VAL */;
+
+
/* RSA-PSS functions. */
/* x509_rsa_pss_to_ctx configures |ctx| for an RSA-PSS operation based on
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 4a57fb6..d2d5ea7 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -60,6 +60,9 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "internal.h"
+
+
long X509_get_version(const X509 *x509)
{
// The default version is v1(0).
diff --git a/crypto/x509/x_val.c b/crypto/x509/x_val.c
index ad4f7e1..006c53b 100644
--- a/crypto/x509/x_val.c
+++ b/crypto/x509/x_val.c
@@ -60,6 +60,8 @@
#include <openssl/asn1t.h>
#include <openssl/x509.h>
+#include "internal.h"
+
ASN1_SEQUENCE(X509_VAL) = {
ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 53a2568..86896af 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -115,11 +115,6 @@
typedef STACK_OF(X509_ALGOR) X509_ALGORS;
-struct X509_val_st {
- ASN1_TIME *notBefore;
- ASN1_TIME *notAfter;
-} /* X509_VAL */;
-
struct X509_pubkey_st {
X509_ALGOR *algor;
ASN1_BIT_STRING *public_key;
