make ASN1_OBJECT opaque

Reviewed-by: Matt Caswell <matt@openssl.org>

10 files changed, 40 insertions, 18 deletions

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index c780d8ee02..ddc3aaff7b 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -63,6 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/bn.h>
+#include "internal/asn1_int.h"
 
 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 {
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index ef5b9e8d84..a00c08a965 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -194,22 +194,6 @@ typedef struct asn1_const_ctx_st {
     int line;                   /* used in error processing */
 } ASN1_const_CTX;
 
-/*
- * These are used internally in the ASN1_OBJECT to keep track of whether the
- * names and data need to be free()ed
- */
-# define ASN1_OBJECT_FLAG_DYNAMIC         0x01/* internal use */
-# define ASN1_OBJECT_FLAG_CRITICAL        0x02/* critical x509v3 object id */
-# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
-# define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08/* internal use */
-struct asn1_object_st {
-    const char *sn, *ln;
-    int nid;
-    int length;
-    const unsigned char *data;  /* data remains const after init */
-    int flags;                  /* Should we free this one */
-};
-
 # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
 /*
  * This indicates that the ASN1_STRING is not a real value but just a place
diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
index fab2dd92e2..da7e29119a 100644
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -64,6 +64,7 @@
 #include <openssl/conf.h>
 #include <openssl/dso.h>
 #include <openssl/x509.h>
+#include "internal/asn1_int.h"
 
 /* Simple ASN1 OID module: add all objects in a given section */
 
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 1c200b0690..1d1f838078 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -63,6 +63,7 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
+#include "internal/asn1_int.h"
 
 static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
                                  const ASN1_ITEM *it, int tag, int aclass);
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 966d9fb272..8d00029862 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -176,7 +176,7 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
     default:
         /* Check it has an OID and it is valid */
         otmp = OBJ_nid2obj(nid);
-        if (!otmp || !otmp->data)
+        if (OBJ_get0_data(otmp) == NULL)
             nid = NID_undef;
         ASN1_OBJECT_free(otmp);
         return nid;
diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
index 58759bee6c..20c8f40511 100644
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@@ -103,3 +103,19 @@ struct evp_pkey_asn1_method_st {
                       X509_ALGOR *alg1, X509_ALGOR *alg2,
                       ASN1_BIT_STRING *sig);
 } /* EVP_PKEY_ASN1_METHOD */ ;
+
+/*
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
+ * names and data need to be free()ed
+ */
+# define ASN1_OBJECT_FLAG_DYNAMIC         0x01/* internal use */
+# define ASN1_OBJECT_FLAG_CRITICAL        0x02/* critical x509v3 object id */
+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08/* internal use */
+struct asn1_object_st {
+    const char *sn, *ln;
+    int nid;
+    int length;
+    const unsigned char *data;  /* data remains const after init */
+    int flags;                  /* Should we free this one */
+};
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index e7366af8dc..5c861d1ec2 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -64,6 +64,7 @@
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/bn.h>
+#include "internal/asn1_int.h"
 
 /* obj_dat.h is generated from objects.h by obj_dat.pl */
 #include "obj_dat.h"
@@ -781,3 +782,17 @@ int OBJ_create(const char *oid, const char *sn, const char *ln)
     OPENSSL_free(buf);
     return (ok);
 }
+
+size_t OBJ_length(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return 0;
+    return obj->length;
+}
+
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return NULL;
+    return obj->data;
+}
diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c
index 8851baffb2..0bcb5df506 100644
--- a/crypto/objects/obj_lib.c
+++ b/crypto/objects/obj_lib.c
@@ -61,6 +61,7 @@
 #include <openssl/lhash.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
+#include "internal/asn1_int.h"
 
 ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
 {
diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h
index b8dafa89ce..165817fb1a 100644
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@@ -1107,6 +1107,9 @@ int OBJ_create(const char *oid, const char *sn, const char *ln);
 void OBJ_cleanup(void);
 int OBJ_create_objects(BIO *in);
 
+size_t OBJ_length(const ASN1_OBJECT *obj);
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+
 int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
 int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
 int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index cc45e40cc9..a521d1190a 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -95,7 +95,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
             RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
             return (0);
         }
-        if (sig.algor->algorithm->length == 0) {
+        if (OBJ_length(sig.algor->algorithm) == 0) {
             RSAerr(RSA_F_RSA_SIGN,
                    RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
             return (0);