From bc3686dfb031445c5af9a256a46a57dc1277a190 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 31 Aug 2015 12:16:52 +0100
Subject: [PATCH] make X509_CERT_AUX opaque

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 crypto/asn1/t_x509a.c              |  1 +
 crypto/asn1/x_x509a.c              |  1 +
 crypto/include/internal/x509_int.h | 14 ++++++++++++++
 crypto/x509/x509_trs.c             |  1 +
 include/openssl/x509.h             | 14 +-------------
 5 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c
index 12fedb8edf..06b227e388 100644
--- a/crypto/asn1/t_x509a.c
+++ b/crypto/asn1/t_x509a.c
@@ -62,6 +62,7 @@
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 /*
  * X509_CERT_AUX and string set routines
diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c
index e299b1fd50..76608b669f 100644
--- a/crypto/asn1/x_x509a.c
+++ b/crypto/asn1/x_x509a.c
@@ -62,6 +62,7 @@
 #include <openssl/evp.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 
 /*
  * X509_CERT_AUX routines. These are used to encode additional user
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 761f702e7f..644b27d405 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -75,3 +75,17 @@ struct X509_name_st {
     unsigned char *canon_enc;
     int canon_enclen;
 } /* X509_NAME */ ;
+
+/*
+ * This stuff is certificate "auxiliary info" it contains details which are
+ * useful in certificate stores and databases. When used this is tagged onto
+ * the end of the certificate itself
+ */
+
+struct x509_cert_aux_st {
+    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
+    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
+    ASN1_UTF8STRING *alias;     /* "friendly name" */
+    ASN1_OCTET_STRING *keyid;   /* key id of private key */
+    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
+};
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index 1912c96551..6e3616e2f2 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -60,6 +60,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/x509v3.h>
+#include "internal/x509_int.h"
 
 static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
 static void trtable_free(X509_TRUST *p);
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 0c2d19a97b..ab8abcaf78 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -196,19 +196,7 @@ typedef struct x509_cinf_st {
     ASN1_ENCODING enc;
 } X509_CINF;
 
-/*
- * This stuff is certificate "auxiliary info" it contains details which are
- * useful in certificate stores and databases. When used this is tagged onto
- * the end of the certificate itself
- */
-
-typedef struct x509_cert_aux_st {
-    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
-    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
-    ASN1_UTF8STRING *alias;     /* "friendly name" */
-    ASN1_OCTET_STRING *keyid;   /* key id of private key */
-    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
-} X509_CERT_AUX;
+typedef struct x509_cert_aux_st X509_CERT_AUX;
 
 struct x509_st {
     X509_CINF *cert_info;
-- 
2.25.1