Unexport various X509V3_CTX and NCONF helper functions.
These are used inside the various extension implementations and aren't
used outside the library. In doing so, delete a bunch of functions that
aren't used anyway.
Change-Id: I7e4d049682155d20b8ae9bd7c239be96c1261d98
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/56025
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/crypto/x509v3/internal.h b/crypto/x509v3/internal.h
index efc1741..fea5c9c 100644
--- a/crypto/x509v3/internal.h
+++ b/crypto/x509v3/internal.h
@@ -134,6 +134,39 @@
int X509V3_NAME_from_section(X509_NAME *nm, const STACK_OF(CONF_VALUE) *dn_sk,
int chtype);
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+
+// X509V3_add_value appends a |CONF_VALUE| containing |name| and |value| to
+// |*extlist|. It returns one on success and zero on error. If |*extlist| is
+// NULL, it sets |*extlist| to a newly-allocated |STACK_OF(CONF_VALUE)|
+// containing the result. Either |name| or |value| may be NULL to omit the
+// field.
+//
+// On failure, if |*extlist| was NULL, |*extlist| will remain NULL when the
+// function returns.
+int X509V3_add_value(const char *name, const char *value,
+ STACK_OF(CONF_VALUE) **extlist);
+
+// X509V3_add_value_bool behaves like |X509V3_add_value| but stores the value
+// "TRUE" if |asn1_bool| is non-zero and "FALSE" otherwise.
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+ STACK_OF(CONF_VALUE) **extlist);
+
+// X509V3_add_value_bool behaves like |X509V3_add_value| but stores a string
+// representation of |aint|. Note this string representation may be decimal or
+// hexadecimal, depending on the size of |aint|.
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
+ STACK_OF(CONF_VALUE) **extlist);
+
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
+
+#define X509V3_conf_err(val) \
+ ERR_add_error_data(6, "section:", (val)->section, ",name:", (val)->name, \
+ ",value:", (val)->value);
+
// Internal structures
diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
index 19c1a5d..936a44d 100644
--- a/crypto/x509v3/v3_bcons.c
+++ b/crypto/x509v3/v3_bcons.c
@@ -65,6 +65,9 @@
#include <openssl/obj.h>
#include <openssl/x509v3.h>
+#include "internal.h"
+
+
static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(
const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
static void *v2i_BASIC_CONSTRAINTS(const X509V3_EXT_METHOD *method,
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index 64bed7a..043d6ce 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -394,18 +394,6 @@
// Config database functions
-char *X509V3_get_string(X509V3_CTX *ctx, const char *name,
- const char *section) {
- if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
- OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED);
- return NULL;
- }
- if (ctx->db_meth->get_string) {
- return ctx->db_meth->get_string(ctx->db, name, section);
- }
- return NULL;
-}
-
STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) {
if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED);
@@ -417,15 +405,6 @@
return NULL;
}
-void X509V3_string_free(X509V3_CTX *ctx, char *str) {
- if (!str) {
- return;
- }
- if (ctx->db_meth->free_string) {
- ctx->db_meth->free_string(ctx->db, str);
- }
-}
-
void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) {
if (!section) {
return;
diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c
index 0305ed2..568e289 100644
--- a/crypto/x509v3/v3_extku.c
+++ b/crypto/x509v3/v3_extku.c
@@ -63,6 +63,9 @@
#include <openssl/obj.h>
#include <openssl/x509v3.h>
+#include "internal.h"
+
+
static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *nval);
diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c
index 7ed778b..69c8933 100644
--- a/crypto/x509v3/v3_pcons.c
+++ b/crypto/x509v3/v3_pcons.c
@@ -65,6 +65,9 @@
#include <openssl/obj.h>
#include <openssl/x509v3.h>
+#include "internal.h"
+
+
static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(
const X509V3_EXT_METHOD *method, void *bcons,
STACK_OF(CONF_VALUE) *extlist);
diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c
index 02f9716..3e9dcb3 100644
--- a/crypto/x509v3/v3_pmaps.c
+++ b/crypto/x509v3/v3_pmaps.c
@@ -63,6 +63,9 @@
#include <openssl/obj.h>
#include <openssl/x509v3.h>
+#include "internal.h"
+
+
static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 466dbf2..4fe4c50 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -142,11 +142,6 @@
/*omit_value=*/value == NULL, extlist);
}
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
- STACK_OF(CONF_VALUE) **extlist) {
- return X509V3_add_value(name, (const char *)value, extlist);
-}
-
int x509V3_add_value_asn1_string(const char *name, const ASN1_STRING *value,
STACK_OF(CONF_VALUE) **extlist) {
return x509V3_add_len_value(name, (const char *)value->data, value->length,
@@ -173,14 +168,6 @@
return X509V3_add_value(name, "FALSE", extlist);
}
-int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
- STACK_OF(CONF_VALUE) **extlist) {
- if (asn1_bool) {
- return X509V3_add_value(name, "TRUE", extlist);
- }
- return 1;
-}
-
static char *bignum_to_string(const BIGNUM *bn) {
char *tmp, *ret;
size_t len;
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 8d5adbf..59a4d8d 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -356,10 +356,6 @@
// onlysomereasons present
#define IDP_REASONS 0x40
-#define X509V3_conf_err(val) \
- ERR_add_error_data(6, "section:", (val)->section, ",name:", (val)->name, \
- ",value:", (val)->value);
-
#define X509V3_set_ctx_test(ctx) \
X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
@@ -594,53 +590,11 @@
OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx,
const char *section, X509_CRL *crl);
-OPENSSL_EXPORT int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
- STACK_OF(CONF_VALUE) **extlist);
-OPENSSL_EXPORT int X509V3_get_value_bool(const CONF_VALUE *value,
- int *asn1_bool);
-OPENSSL_EXPORT int X509V3_get_value_int(const CONF_VALUE *value,
- ASN1_INTEGER **aint);
OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
-OPENSSL_EXPORT char *X509V3_get_string(X509V3_CTX *ctx, const char *name,
- const char *section);
-OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx,
- const char *section);
-OPENSSL_EXPORT void X509V3_string_free(X509V3_CTX *ctx, char *str);
-OPENSSL_EXPORT void X509V3_section_free(X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *section);
OPENSSL_EXPORT void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
X509_REQ *req, X509_CRL *crl, int flags);
-// X509V3_add_value appends a |CONF_VALUE| containing |name| and |value| to
-// |*extlist|. It returns one on success and zero on error. If |*extlist| is
-// NULL, it sets |*extlist| to a newly-allocated |STACK_OF(CONF_VALUE)|
-// containing the result. Either |name| or |value| may be NULL to omit the
-// field.
-//
-// On failure, if |*extlist| was NULL, |*extlist| will remain NULL when the
-// function returns.
-OPENSSL_EXPORT int X509V3_add_value(const char *name, const char *value,
- STACK_OF(CONF_VALUE) **extlist);
-
-// X509V3_add_value_uchar behaves like |X509V3_add_value| but takes an
-// |unsigned char| pointer.
-OPENSSL_EXPORT int X509V3_add_value_uchar(const char *name,
- const unsigned char *value,
- STACK_OF(CONF_VALUE) **extlist);
-
-// X509V3_add_value_bool behaves like |X509V3_add_value| but stores the value
-// "TRUE" if |asn1_bool| is non-zero and "FALSE" otherwise.
-OPENSSL_EXPORT int X509V3_add_value_bool(const char *name, int asn1_bool,
- STACK_OF(CONF_VALUE) **extlist);
-
-// X509V3_add_value_bool behaves like |X509V3_add_value| but stores a string
-// representation of |aint|. Note this string representation may be decimal or
-// hexadecimal, depending on the size of |aint|.
-OPENSSL_EXPORT int X509V3_add_value_int(const char *name,
- const ASN1_INTEGER *aint,
- STACK_OF(CONF_VALUE) **extlist);
-
OPENSSL_EXPORT char *i2s_ASN1_INTEGER(const X509V3_EXT_METHOD *meth,
const ASN1_INTEGER *aint);
OPENSSL_EXPORT ASN1_INTEGER *s2i_ASN1_INTEGER(const X509V3_EXT_METHOD *meth,
@@ -656,7 +610,6 @@
const X509_EXTENSION *ext);
OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
OPENSSL_EXPORT int X509V3_add_standard_extensions(void);
-OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
// X509V3_EXT_d2i decodes |ext| and returns a pointer to a newly-allocated
// structure, with type dependent on the type of the extension. It returns NULL