From 1c263e6ea63efaf2057f76f34d8a6c7e1441fef0 Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 16 Apr 2023 08:21:12 +0000 Subject: [PATCH] Mark remaining policy tree public API for removal ok jsing --- lib/libcrypto/x509/x509_vfy.h | 17 +++++++++++++++-- lib/libcrypto/x509/x509v3.h | 5 ++++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h index 9e3c263a069..f5b103a0e76 100644 --- a/lib/libcrypto/x509/x509_vfy.h +++ b/lib/libcrypto/x509/x509_vfy.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.h,v 1.58 2023/03/10 16:44:07 tb Exp $ */ +/* $OpenBSD: x509_vfy.h,v 1.59 2023/04/16 08:21:12 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -416,8 +416,12 @@ X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); #define X509_STORE_set_verify_func(ctx, func) \ X509_STORE_set_verify((ctx), (func)) +/* Remove in next bump. */ +#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL) X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +#endif + int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); @@ -468,13 +472,21 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); void X509_VERIFY_PARAM_table_cleanup(void); +/* Move to x509_local.h in next bump - needed by x509_vfy.c. */ +#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL) int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, STACK_OF(X509) *certs, STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); void X509_policy_tree_free(X509_POLICY_TREE *tree); +#endif +/* + * Move these to pcy_int.h in next bump - X509_policy_tree_get0_user_policies() + * is actually used, the rest can be deleted. + */ +#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL) int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); X509_POLICY_LEVEL * X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i); @@ -496,8 +508,9 @@ STACK_OF(POLICYQUALINFO) * const X509_POLICY_NODE * X509_policy_node_get0_parent(const X509_POLICY_NODE *node); +#endif + #ifdef __cplusplus } #endif #endif - diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h index f4c12223aeb..9a08845191c 100644 --- a/lib/libcrypto/x509/x509v3.h +++ b/lib/libcrypto/x509/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.18 2023/04/16 08:11:38 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.19 2023/04/16 08:21:13 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -844,8 +844,11 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc); int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, unsigned long chtype); +/* Move to pcy_int.h. */ +#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL) void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); DECLARE_STACK_OF(X509_POLICY_NODE) +#endif #ifndef OPENSSL_NO_RFC3779 typedef struct ASRange_st { -- 2.20.1