Unexport X509_CERT_AUX and remove X509_CERT_AUX.other

davidben · Boringssl LUCI CQ · commit 6378c47cb74b · 2022-03-18T19:41:42.000Z
This type is opaque, with no accessors or setters, and there is no way to get a hold of one except by parsing it. It's only used indirectly via X509 functions. The 'other' field is unused and appears to be impossible to set or query, in either us or upstream. Change-Id: I4aca665872792f75e9d92e5af68da597b849d4b6 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51746 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
@@ -106,13 +106,14 @@ struct x509_attributes_st {
   STACK_OF(ASN1_TYPE) *set;
 } /* X509_ATTRIBUTE */;
 
-struct x509_cert_aux_st {
+typedef struct x509_cert_aux_st {
   STACK_OF(ASN1_OBJECT) *trust;   // trusted uses
   STACK_OF(ASN1_OBJECT) *reject;  // rejected uses
   ASN1_UTF8STRING *alias;         // "friendly name"
   ASN1_OCTET_STRING *keyid;       // key id of private key
-  STACK_OF(X509_ALGOR) *other;    // other unspecified info
-} /* X509_CERT_AUX */;
+} X509_CERT_AUX;
+
+DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
 
 struct X509_extension_st {
   ASN1_OBJECT *object;
@@ -370,6 +371,8 @@ struct x509_store_ctx_st {
 
 ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
 
+int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
+
 
 /* RSA-PSS functions. */
 
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c
@@ -78,7 +78,6 @@ ASN1_SEQUENCE(X509_CERT_AUX) = {
         ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
         ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
         ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
-        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
 } ASN1_SEQUENCE_END(X509_CERT_AUX)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
diff --git a/include/openssl/base.h b/include/openssl/base.h
@@ -448,7 +448,6 @@ typedef struct trust_token_issuer_st TRUST_TOKEN_ISSUER;
 typedef struct trust_token_method_st TRUST_TOKEN_METHOD;
 typedef struct v3_ext_ctx X509V3_CTX;
 typedef struct x509_attributes_st X509_ATTRIBUTE;
-typedef struct x509_cert_aux_st X509_CERT_AUX;
 typedef struct x509_crl_method_st X509_CRL_METHOD;
 typedef struct x509_lookup_st X509_LOOKUP;
 typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
@@ -858,7 +858,6 @@ DECLARE_ASN1_FUNCTIONS(X509_NAME)
 OPENSSL_EXPORT int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
 
 DECLARE_ASN1_FUNCTIONS(X509)
-DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
 
 // X509_up_ref adds one to the reference count of |x509| and returns one.
 OPENSSL_EXPORT int X509_up_ref(X509 *x509);
@@ -1362,7 +1361,6 @@ OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
                                  unsigned long cflag);
 OPENSSL_EXPORT int X509_print(BIO *bp, X509 *x);
 OPENSSL_EXPORT int X509_ocspid_print(BIO *bp, X509 *x);
-OPENSSL_EXPORT int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
 OPENSSL_EXPORT int X509_CRL_print(BIO *bp, X509_CRL *x);
 OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
                                      unsigned long cflag);
