Make X509_PUBKEY opaque. Update-Note: Direct accesses of X509_PUBKEY should be replaced with one of the accessors. I believe all callers have been fixed at this point. Change-Id: Ib325782867478fb548da1bf5ef0023cf989f125b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46944 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h index 3d868ab..32af84d 100644 --- a/crypto/x509/internal.h +++ b/crypto/x509/internal.h
@@ -31,6 +31,12 @@ ASN1_TIME *notAfter; } /* X509_VAL */; +struct X509_pubkey_st { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + EVP_PKEY *pkey; +} /* X509_PUBKEY */; + /* RSA-PSS functions. */
diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 2fd36f8..8202664 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c
@@ -63,6 +63,8 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "internal.h" + int X509_REQ_print_fp(FILE *fp, X509_REQ *x) { BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE);
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index a4f0728..cf20dcd 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c
@@ -68,6 +68,7 @@ #include "../internal.h" #include "../x509v3/internal.h" +#include "internal.h" int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index f5d3fee..c283e0d 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c
@@ -68,6 +68,7 @@ #include <openssl/thread.h> #include "../internal.h" +#include "internal.h" /* Minor tweak to operation: free up EVP_PKEY */ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 140356d..1cae7e1 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c
@@ -63,6 +63,7 @@ #include <openssl/obj.h> #include <openssl/x509v3.h> +#include "../x509/internal.h" #include "internal.h"
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 714a8eb..4916959 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h
@@ -115,12 +115,6 @@ typedef STACK_OF(X509_ALGOR) X509_ALGORS; -struct X509_pubkey_st { - X509_ALGOR *algor; - ASN1_BIT_STRING *public_key; - EVP_PKEY *pkey; -}; - struct X509_sig_st { X509_ALGOR *algor; ASN1_OCTET_STRING *digest;