Unexport X509_CERT_AUX and remove X509_CERT_AUX.other
This type is opaque, with no accessors or setters, and there is no way
to get a hold of one except by parsing it. It's only used indirectly via
X509 functions.
The 'other' field is unused and appears to be impossible to set or
query, in either us or upstream.
Change-Id: I4aca665872792f75e9d92e5af68da597b849d4b6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51746
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index 702464a..99319c8 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -106,13 +106,14 @@
STACK_OF(ASN1_TYPE) *set;
} /* X509_ATTRIBUTE */;
-struct x509_cert_aux_st {
+typedef struct x509_cert_aux_st {
STACK_OF(ASN1_OBJECT) *trust; // trusted uses
STACK_OF(ASN1_OBJECT) *reject; // rejected uses
ASN1_UTF8STRING *alias; // "friendly name"
ASN1_OCTET_STRING *keyid; // key id of private key
- STACK_OF(X509_ALGOR) *other; // other unspecified info
-} /* X509_CERT_AUX */;
+} X509_CERT_AUX;
+
+DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
struct X509_extension_st {
ASN1_OBJECT *object;
@@ -370,6 +371,8 @@
ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
+
/* RSA-PSS functions. */
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c
index 447a891..d0e921f 100644
--- a/crypto/x509/x_x509a.c
+++ b/crypto/x509/x_x509a.c
@@ -78,7 +78,6 @@
ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
- ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
} ASN1_SEQUENCE_END(X509_CERT_AUX)
IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
diff --git a/include/openssl/base.h b/include/openssl/base.h
index e8d7994..b630236 100644
--- a/include/openssl/base.h
+++ b/include/openssl/base.h
@@ -448,7 +448,6 @@
typedef struct trust_token_method_st TRUST_TOKEN_METHOD;
typedef struct v3_ext_ctx X509V3_CTX;
typedef struct x509_attributes_st X509_ATTRIBUTE;
-typedef struct x509_cert_aux_st X509_CERT_AUX;
typedef struct x509_crl_method_st X509_CRL_METHOD;
typedef struct x509_lookup_st X509_LOOKUP;
typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 1a45d75..a7121ca 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -858,7 +858,6 @@
OPENSSL_EXPORT int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
DECLARE_ASN1_FUNCTIONS(X509)
-DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
// X509_up_ref adds one to the reference count of |x509| and returns one.
OPENSSL_EXPORT int X509_up_ref(X509 *x509);
@@ -1362,7 +1361,6 @@
unsigned long cflag);
OPENSSL_EXPORT int X509_print(BIO *bp, X509 *x);
OPENSSL_EXPORT int X509_ocspid_print(BIO *bp, X509 *x);
-OPENSSL_EXPORT int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
OPENSSL_EXPORT int X509_CRL_print(BIO *bp, X509_CRL *x);
OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
unsigned long cflag);
