Make X509_VERIFY_PARAM opaque.
Update-Note: Use setters instead of configuring X509_VERIFY_PARAM
directly.
Change-Id: I03ba0d17acc09604c1c20bf8f682e7bbc5642310
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48127
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index d556fe0..d984805 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -112,7 +112,10 @@
CRYPTO_refcount_t references;
} /* X509_REQ */;
-struct X509_VERIFY_PARAM_ID_st {
+// TODO(davidben): This was historically a separate struct because
+// |X509_VERIFY_PARAM| used to be exported. Now that it is also opaque, embed it
+// directly.
+typedef struct {
STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
unsigned int hostflags; /* Flags to control matching features */
char *peername; /* Matching hostname in peer certificate */
@@ -121,7 +124,19 @@
unsigned char *ip; /* If not NULL IP address to match */
size_t iplen; /* Length of IP address */
unsigned char poison; /* Fail all verifications */
-};
+} X509_VERIFY_PARAM_ID;
+
+struct X509_VERIFY_PARAM_st {
+ char *name;
+ time_t check_time; // Time to use
+ unsigned long inh_flags; // Inheritance flags
+ unsigned long flags; // Various verify flags
+ int purpose; // purpose to check untrusted certificates
+ int trust; // trust setting to check
+ int depth; // Verify depth
+ STACK_OF(ASN1_OBJECT) *policies; // Permissible policies
+ X509_VERIFY_PARAM_ID *id; // opaque ID data
+} /* X509_VERIFY_PARAM */;
/* RSA-PSS functions. */
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 3bc5878..9b99f4a 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -132,24 +132,6 @@
X509_OBJECT *ret);
} X509_LOOKUP_METHOD;
-typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
-
-// This structure hold all parameters associated with a verify operation
-// by including an X509_VERIFY_PARAM structure in related structures the
-// parameters used can be customized
-
-struct X509_VERIFY_PARAM_st {
- char *name;
- time_t check_time; // Time to use
- unsigned long inh_flags; // Inheritance flags
- unsigned long flags; // Various verify flags
- int purpose; // purpose to check untrusted certificates
- int trust; // trust setting to check
- int depth; // Verify depth
- STACK_OF(ASN1_OBJECT) *policies; // Permissible policies
- X509_VERIFY_PARAM_ID *id; // opaque ID data
-};
-
DEFINE_STACK_OF(X509_VERIFY_PARAM)
typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);