Make X509_CERT_AUX internal

Another struct/API that should never have leaked out of the library.

ok jsing

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index 56b6392..ea67b1f 100644 (file)
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list
@@ -2550,10 +2550,6 @@ X509_ATTRIBUTE_it
 X509_ATTRIBUTE_new
 X509_ATTRIBUTE_set1_data
 X509_ATTRIBUTE_set1_object
-X509_CERT_AUX_free
-X509_CERT_AUX_it
-X509_CERT_AUX_new
-X509_CERT_AUX_print
 X509_CINF_free
 X509_CINF_it
 X509_CINF_new
@@ -3210,7 +3206,6 @@ d2i_X509_ALGOR
 d2i_X509_ALGORS
 d2i_X509_ATTRIBUTE
 d2i_X509_AUX
-d2i_X509_CERT_AUX
 d2i_X509_CINF
 d2i_X509_CRL
 d2i_X509_CRL_INFO
@@ -3407,7 +3402,6 @@ i2d_X509_ALGOR
 i2d_X509_ALGORS
 i2d_X509_ATTRIBUTE
 i2d_X509_AUX
-i2d_X509_CERT_AUX
 i2d_X509_CINF
 i2d_X509_CRL
 i2d_X509_CRL_INFO

diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h
index c89e8fc..98a0bcb 100644 (file)
--- a/lib/libcrypto/x509/x509.h
+++ b/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.109 2024/03/02 10:50:26 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.110 2024/03/02 10:52:24 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -149,8 +149,6 @@ typedef struct X509_req_info_st X509_REQ_INFO;
 
 typedef struct X509_req_st X509_REQ;
 
-typedef struct x509_cert_aux_st X509_CERT_AUX;
-
 typedef struct x509_cinf_st X509_CINF;
 
 DECLARE_STACK_OF(X509)
@@ -626,11 +624,6 @@ void X509_free(X509 *a);
 X509 *d2i_X509(X509 **a, const unsigned char **in, long len);
 int i2d_X509(X509 *a, unsigned char **out);
 extern const ASN1_ITEM X509_it;
-X509_CERT_AUX *X509_CERT_AUX_new(void);
-void X509_CERT_AUX_free(X509_CERT_AUX *a);
-X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len);
-int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out);
-extern const ASN1_ITEM X509_CERT_AUX_it;
 
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
@@ -828,7 +821,6 @@ int         X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
 int            X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int            X509_print(BIO *bp,X509 *x);
 int            X509_ocspid_print(BIO *bp,X509 *x);
-int            X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int            X509_CRL_print(BIO *bp,X509_CRL *x);
 int            X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
 int            X509_REQ_print(BIO *bp,X509_REQ *req);

diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h
index 342aa22..83b5740 100644 (file)
--- a/lib/libcrypto/x509/x509_local.h
+++ b/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: x509_local.h,v 1.21 2024/03/02 10:40:05 tb Exp $ */
+/*     $OpenBSD: x509_local.h,v 1.22 2024/03/02 10:52:24 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2013.
  */
@@ -135,13 +135,20 @@ struct X509_req_st {
  * useful in certificate stores and databases. When used this is tagged onto
  * the end of the certificate itself.
  */
-struct x509_cert_aux_st {
+typedef struct x509_cert_aux_st {
        STACK_OF(ASN1_OBJECT) *trust;           /* trusted uses */
        STACK_OF(ASN1_OBJECT) *reject;          /* rejected uses */
        ASN1_UTF8STRING *alias;                 /* "friendly name" */
        ASN1_OCTET_STRING *keyid;               /* key id of private key */
        STACK_OF(X509_ALGOR) *other;            /* other unspecified info */
-} /* X509_CERT_AUX */;
+} X509_CERT_AUX;
+
+X509_CERT_AUX *X509_CERT_AUX_new(void);
+void X509_CERT_AUX_free(X509_CERT_AUX *a);
+X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len);
+int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out);
+extern const ASN1_ITEM X509_CERT_AUX_it;
+int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 
 struct x509_cinf_st {
        ASN1_INTEGER *version;          /* [ 0 ] default of v1 */