Remove unused function pointers from X509_STORE

The struct underlying the X509_STORE type is opaque ars and nothing uses
the accessors that OpenSSL added blindly for these. Therefore we didn't
add them in the first place. So this rips out several dozens of lines of
dead code.

ok beck joshua jsing

diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h
index 63082d1..080dbaf 100644 (file)
--- a/lib/libcrypto/x509/x509_local.h
+++ b/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: x509_local.h,v 1.11 2023/11/01 20:37:42 tb Exp $ */
+/*     $OpenBSD: x509_local.h,v 1.12 2023/12/22 07:35:09 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2013.
  */
@@ -299,15 +299,7 @@ struct x509_store_st {
        /* Callbacks for various operations */
        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);   /* error callback */
-       int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-       int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-       int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-       int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-       int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-       STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
-       STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-       int (*cleanup)(X509_STORE_CTX *ctx);
 
        CRYPTO_EX_DATA ex_data;
        int references;

diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c
index 2d4061c..2f86722 100644 (file)
--- a/lib/libcrypto/x509/x509_vfy.c
+++ b/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.127 2023/11/27 00:51:12 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.128 2023/12/22 07:35:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2338,52 +2338,16 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *leaf,
        else
                ctx->verify_cb = null_callback;
 
-       if (store && store->get_issuer)
-               ctx->get_issuer = store->get_issuer;
-       else
-               ctx->get_issuer = X509_STORE_CTX_get1_issuer;
-
-       if (store && store->check_issued)
-               ctx->check_issued = store->check_issued;
-       else
-               ctx->check_issued = check_issued;
-
-       if (store && store->check_revocation)
-               ctx->check_revocation = store->check_revocation;
-       else
-               ctx->check_revocation = check_revocation;
-
-       if (store && store->get_crl)
-               ctx->get_crl = store->get_crl;
-       else
-               ctx->get_crl = NULL;
-
-       if (store && store->check_crl)
-               ctx->check_crl = store->check_crl;
-       else
-               ctx->check_crl = check_crl;
-
-       if (store && store->cert_crl)
-               ctx->cert_crl = store->cert_crl;
-       else
-               ctx->cert_crl = cert_crl;
-
+       ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+       ctx->check_issued = check_issued;
+       ctx->check_revocation = check_revocation;
+       ctx->get_crl = NULL;                            /* XXX - remove */
+       ctx->check_crl = check_crl;
+       ctx->cert_crl = cert_crl;
        ctx->check_policy = check_policy;
-
-       if (store && store->lookup_certs)
-               ctx->lookup_certs = store->lookup_certs;
-       else
-               ctx->lookup_certs = X509_STORE_CTX_get1_certs;
-
-       if (store && store->lookup_crls)
-               ctx->lookup_crls = store->lookup_crls;
-       else
-               ctx->lookup_crls = X509_STORE_CTX_get1_crls;
-
-       if (store && store->cleanup)
-               ctx->cleanup = store->cleanup;
-       else
-               ctx->cleanup = NULL;
+       ctx->lookup_certs = X509_STORE_CTX_get1_certs;
+       ctx->lookup_crls = X509_STORE_CTX_get1_crls;
+       ctx->cleanup = NULL;                            /* XXX - remove */
 
        ctx->param = X509_VERIFY_PARAM_new();
        if (!ctx->param) {