From 3af9e83e3c7166ac7ae25c2725921c75f1e81c08 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sat, 2 Mar 2024 10:57:03 +0000
Subject: [PATCH] Garbage collect most of the public LOOKUP API

Yet another bit of extensibility that no one ever really used.
X509_LOOKUP_free() needs to stay because of ... rust-openssl
(and kdelibs4support).

ok jsing
---
 lib/libcrypto/Symbols.list              |  7 ----
 lib/libcrypto/Symbols.namespace         |  7 ----
 lib/libcrypto/hidden/openssl/x509_vfy.h |  9 +----
 lib/libcrypto/x509/x509_lu.c            | 52 ++-----------------------
 lib/libcrypto/x509/x509_vfy.h           | 14 +------
 5 files changed, 5 insertions(+), 84 deletions(-)

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index 10562c675a3..2c411b3565f 100644
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list
@@ -2619,18 +2619,11 @@ X509_EXTENSION_set_data
 X509_EXTENSION_set_object
 X509_INFO_free
 X509_INFO_new
-X509_LOOKUP_by_alias
-X509_LOOKUP_by_fingerprint
-X509_LOOKUP_by_issuer_serial
-X509_LOOKUP_by_subject
 X509_LOOKUP_ctrl
 X509_LOOKUP_file
 X509_LOOKUP_free
 X509_LOOKUP_hash_dir
-X509_LOOKUP_init
 X509_LOOKUP_mem
-X509_LOOKUP_new
-X509_LOOKUP_shutdown
 X509_NAME_ENTRIES_it
 X509_NAME_ENTRY_create_by_NID
 X509_NAME_ENTRY_create_by_OBJ
diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace
index d9590797dc6..aa81bc13f2d 100644
--- a/lib/libcrypto/Symbols.namespace
+++ b/lib/libcrypto/Symbols.namespace
@@ -517,14 +517,7 @@ _libre_X509_LOOKUP_ctrl
 _libre_X509_load_cert_file
 _libre_X509_load_crl_file
 _libre_X509_load_cert_crl_file
-_libre_X509_LOOKUP_new
 _libre_X509_LOOKUP_free
-_libre_X509_LOOKUP_init
-_libre_X509_LOOKUP_by_subject
-_libre_X509_LOOKUP_by_issuer_serial
-_libre_X509_LOOKUP_by_fingerprint
-_libre_X509_LOOKUP_by_alias
-_libre_X509_LOOKUP_shutdown
 _libre_X509_STORE_load_locations
 _libre_X509_STORE_load_mem
 _libre_X509_STORE_set_default_paths
diff --git a/lib/libcrypto/hidden/openssl/x509_vfy.h b/lib/libcrypto/hidden/openssl/x509_vfy.h
index 88d8b143df0..3d65837a48f 100644
--- a/lib/libcrypto/hidden/openssl/x509_vfy.h
+++ b/lib/libcrypto/hidden/openssl/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.8 2024/03/02 10:40:05 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.9 2024/03/02 10:57:03 tb Exp $ */
 /*
  * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
  *
@@ -79,14 +79,7 @@ LCRYPTO_USED(X509_LOOKUP_ctrl);
 LCRYPTO_USED(X509_load_cert_file);
 LCRYPTO_USED(X509_load_crl_file);
 LCRYPTO_USED(X509_load_cert_crl_file);
-LCRYPTO_USED(X509_LOOKUP_new);
 LCRYPTO_USED(X509_LOOKUP_free);
-LCRYPTO_USED(X509_LOOKUP_init);
-LCRYPTO_USED(X509_LOOKUP_by_subject);
-LCRYPTO_USED(X509_LOOKUP_by_issuer_serial);
-LCRYPTO_USED(X509_LOOKUP_by_fingerprint);
-LCRYPTO_USED(X509_LOOKUP_by_alias);
-LCRYPTO_USED(X509_LOOKUP_shutdown);
 LCRYPTO_USED(X509_STORE_load_locations);
 LCRYPTO_USED(X509_STORE_load_mem);
 LCRYPTO_USED(X509_STORE_set_default_paths);
diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c
index 7e7a5dedd0d..56fb439996e 100644
--- a/lib/libcrypto/x509/x509_lu.c
+++ b/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.63 2024/02/23 10:39:07 tb Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.64 2024/03/02 10:57:03 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -65,7 +65,7 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"
 
-X509_LOOKUP *
+static X509_LOOKUP *
 X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 {
 	X509_LOOKUP *lu;
@@ -84,7 +84,6 @@ X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 
 	return lu;
 }
-LCRYPTO_ALIAS(X509_LOOKUP_new);
 
 void
 X509_LOOKUP_free(X509_LOOKUP *ctx)
@@ -97,26 +96,6 @@ X509_LOOKUP_free(X509_LOOKUP *ctx)
 }
 LCRYPTO_ALIAS(X509_LOOKUP_free);
 
-int
-X509_LOOKUP_init(X509_LOOKUP *ctx)
-{
-	if (ctx->method == NULL)
-		return 0;
-	/* Historical behavior: make init succeed even without method. */
-	return 1;
-}
-LCRYPTO_ALIAS(X509_LOOKUP_init);
-
-int
-X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
-{
-	if (ctx->method == NULL)
-		return 0;
-	/* Historical behavior: make shutdown succeed even without method. */
-	return 1;
-}
-LCRYPTO_ALIAS(X509_LOOKUP_shutdown);
-
 int
 X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
     char **ret)
@@ -129,7 +108,7 @@ X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
 }
 LCRYPTO_ALIAS(X509_LOOKUP_ctrl);
 
-int
+static int
 X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, X509_NAME *name,
     X509_OBJECT *ret)
 {
@@ -137,31 +116,6 @@ X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, X509_NAME *name,
 		return 0;
 	return ctx->method->get_by_subject(ctx, type, name, ret);
 }
-LCRYPTO_ALIAS(X509_LOOKUP_by_subject);
-
-int
-X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-    X509_NAME *name, ASN1_INTEGER *serial, X509_OBJECT *ret)
-{
-	return 0;
-}
-LCRYPTO_ALIAS(X509_LOOKUP_by_issuer_serial);
-
-int
-X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-    const unsigned char *bytes, int len, X509_OBJECT *ret)
-{
-	return 0;
-}
-LCRYPTO_ALIAS(X509_LOOKUP_by_fingerprint);
-
-int
-X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, const char *str,
-    int len, X509_OBJECT *ret)
-{
-	return 0;
-}
-LCRYPTO_ALIAS(X509_LOOKUP_by_alias);
 
 static int
 x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h
index 6474d5238a3..755a0643533 100644
--- a/lib/libcrypto/x509/x509_vfy.h
+++ b/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.67 2024/03/02 10:54:39 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.68 2024/03/02 10:57:03 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -363,19 +363,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
 int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 
-
-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
 void X509_LOOKUP_free(X509_LOOKUP *ctx);
-int X509_LOOKUP_init(X509_LOOKUP *ctx);
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-    X509_NAME *name, X509_OBJECT *ret);
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-    X509_NAME *name, ASN1_INTEGER *serial, X509_OBJECT *ret);
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-    const unsigned char *bytes, int len, X509_OBJECT *ret);
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-    const char *str, int len, X509_OBJECT *ret);
-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
 int	X509_STORE_load_locations(X509_STORE *ctx,
 		const char *file, const char *dir);
-- 
2.20.1