Delete some dead code from crypto/x509. These are never referenced within the library or externally. Some of the constants have been unused since SSLeay. Change-Id: I597511208dab1ab3816e5f730fcadaea9a733dff Reviewed-on: https://boringssl-review.googlesource.com/17025 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c index 386dd60..b0cceca 100644 --- a/crypto/pem/pem_xaux.c +++ b/crypto/pem/pem_xaux.c
@@ -63,5 +63,3 @@ #include <openssl/x509.h> IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) -IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, - X509_CERT_PAIR)
diff --git a/crypto/x509/CMakeLists.txt b/crypto/x509/CMakeLists.txt index 3be09dd..74001e7 100644 --- a/crypto/x509/CMakeLists.txt +++ b/crypto/x509/CMakeLists.txt
@@ -39,7 +39,6 @@ x509name.c x509rset.c x509spki.c - x509type.c x_algor.c x_all.c x_attrib.c
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index c2cdd38..2413a1c 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c
@@ -146,12 +146,6 @@ return ok; } -#if 0 -static int x509_subject_cmp(X509 **a, X509 **b) -{ - return X509_subject_name_cmp(*a, *b); -} -#endif /* Return 1 is a certificate is self signed */ static int cert_self_signed(X509 *x) {
diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c deleted file mode 100644 index d4f5a4d..0000000 --- a/crypto/x509/x509type.c +++ /dev/null
@@ -1,126 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - -#include <openssl/evp.h> -#include <openssl/obj.h> -#include <openssl/x509.h> - -int X509_certificate_type(X509 *x, EVP_PKEY *pkey) -{ - EVP_PKEY *pk; - int ret = 0, i; - - if (x == NULL) - return (0); - - if (pkey == NULL) - pk = X509_get_pubkey(x); - else - pk = pkey; - - if (pk == NULL) - return (0); - - switch (pk->type) { - case EVP_PKEY_RSA: - ret = EVP_PK_RSA | EVP_PKT_SIGN; -/* if (!sign only extension) */ - ret |= EVP_PKT_ENC; - break; - case EVP_PKEY_DSA: - ret = EVP_PK_DSA | EVP_PKT_SIGN; - break; - case EVP_PKEY_EC: - ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH; - break; - case EVP_PKEY_DH: - ret = EVP_PK_DH | EVP_PKT_EXCH; - break; - case NID_id_GostR3410_94: - case NID_id_GostR3410_2001: - ret = EVP_PKT_EXCH | EVP_PKT_SIGN; - break; - default: - break; - } - - i = OBJ_obj2nid(x->sig_alg->algorithm); - if (i && OBJ_find_sigid_algs(i, NULL, &i)) { - - switch (i) { - case NID_rsaEncryption: - case NID_rsa: - ret |= EVP_PKS_RSA; - break; - case NID_dsa: - case NID_dsa_2: - ret |= EVP_PKS_DSA; - break; - case NID_X9_62_id_ecPublicKey: - ret |= EVP_PKS_EC; - break; - default: - break; - } - } - - if (EVP_PKEY_size(pk) <= 1024 / 8) /* /8 because it's 1024 bits we look - * for, not bytes */ - ret |= EVP_PKT_EXP; - if (pkey == NULL) - EVP_PKEY_free(pk); - return (ret); -}
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c index a63ee42..dccc46a 100644 --- a/crypto/x509/x_x509a.c +++ b/crypto/x509/x_x509a.c
@@ -196,10 +196,3 @@ x->aux->reject = NULL; } } - -ASN1_SEQUENCE(X509_CERT_PAIR) = { - ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0), - ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1) -} ASN1_SEQUENCE_END(X509_CERT_PAIR) - -IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)
diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c index 764f38f..7d5f067 100644 --- a/crypto/x509v3/pcy_lib.c +++ b/crypto/x509v3/pcy_lib.c
@@ -137,15 +137,6 @@ return node->data->valid_policy; } -#if 0 -int X509_policy_node_get_critical(const X509_POLICY_NODE *node) -{ - if (node_critical(node)) - return 1; - return 0; -} -#endif - STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node)
diff --git a/include/openssl/base.h b/include/openssl/base.h index 0d4eab3..460c1e0 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h
@@ -248,7 +248,6 @@ typedef struct DSA_SIG_st DSA_SIG; typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; -typedef struct Netscape_certificate_sequence NETSCAPE_CERT_SEQUENCE; typedef struct Netscape_spkac_st NETSCAPE_SPKAC; typedef struct Netscape_spki_st NETSCAPE_SPKI; typedef struct RIPEMD160state_st RIPEMD160_CTX; @@ -264,7 +263,6 @@ typedef struct X509_info_st X509_INFO; typedef struct X509_name_entry_st X509_NAME_ENTRY; typedef struct X509_name_st X509_NAME; -typedef struct X509_objects_st X509_OBJECTS; typedef struct X509_pubkey_st X509_PUBKEY; typedef struct X509_req_info_st X509_REQ_INFO; typedef struct X509_req_st X509_REQ; @@ -329,7 +327,6 @@ typedef struct v3_ext_ctx X509V3_CTX; typedef struct x509_attributes_st X509_ATTRIBUTE; typedef struct x509_cert_aux_st X509_CERT_AUX; -typedef struct x509_cert_pair_st X509_CERT_PAIR; typedef struct x509_cinf_st X509_CINF; typedef struct x509_crl_method_st X509_CRL_METHOD; typedef struct x509_lookup_st X509_LOOKUP;
diff --git a/include/openssl/pem.h b/include/openssl/pem.h index 41bedd2..ae6c23c 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h
@@ -324,8 +324,6 @@ DECLARE_PEM_rw(X509_AUX, X509) -DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) - DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index cc1432d..efd8c78 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h
@@ -112,13 +112,6 @@ #define X509v3_KU_DECIPHER_ONLY 0x8000 #define X509v3_KU_UNDEF 0xffff -struct X509_objects_st - { - int nid; - int (*a2i)(void); - int (*i2a)(void); - } /* X509_OBJECTS */; - DEFINE_STACK_OF(X509_ALGOR) DECLARE_ASN1_SET_OF(X509_ALGOR) @@ -159,11 +152,7 @@ { STACK_OF(X509_NAME_ENTRY) *entries; int modified; /* true if 'bytes' needs to be built */ -#ifndef OPENSSL_NO_BUFFER BUF_MEM *bytes; -#else - char *bytes; -#endif /* unsigned long hash; Keep the hash around for lookups */ unsigned char *canon_enc; int canon_enclen; @@ -171,8 +160,6 @@ DEFINE_STACK_OF(X509_NAME) -#define X509_EX_V_NETSCAPE_HACK 0x8000 -#define X509_EX_V_INIT 0x0001 struct X509_extension_st { ASN1_OBJECT *object; @@ -295,11 +282,6 @@ DEFINE_STACK_OF(X509_TRUST) -struct x509_cert_pair_st { - X509 *forward; - X509 *reverse; -} /* X509_CERT_PAIR */; - /* standard trust ids */ #define X509_TRUST_DEFAULT (-1) /* Only valid in purpose settings */ @@ -510,20 +492,6 @@ ASN1_BIT_STRING *signature; } /* NETSCAPE_SPKI */; -/* Netscape certificate sequence structure */ -struct Netscape_certificate_sequence - { - ASN1_OBJECT *type; - STACK_OF(X509) *certs; - } /* NETSCAPE_CERT_SEQUENCE */; - -/* Unused (and iv length is wrong) -typedef struct CBCParameter_st - { - unsigned char iv[8]; - } CBC_PARAM; -*/ - /* PKCS#8 private key info structure */ struct pkcs8_priv_key_info_st @@ -550,9 +518,6 @@ extern "C" { #endif -#define X509_EXT_PACK_UNKNOWN 1 -#define X509_EXT_PACK_STRING 2 - #define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) /* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ #define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) @@ -781,8 +746,6 @@ DECLARE_ASN1_FUNCTIONS(X509) DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) -DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) - /* X509_up_ref adds one to the reference count of |x| and returns one. */ OPENSSL_EXPORT int X509_up_ref(X509 *x); @@ -822,7 +785,6 @@ DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) -DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) #ifndef OPENSSL_NO_EVP OPENSSL_EXPORT X509_INFO * X509_INFO_new(void); @@ -858,7 +820,6 @@ OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); OPENSSL_EXPORT EVP_PKEY * X509_get_pubkey(X509 *x); OPENSSL_EXPORT ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x); -OPENSSL_EXPORT int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *x,long version); @@ -1130,32 +1091,6 @@ DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) -/* EVP_PK values indicate the algorithm of the public key in a certificate. */ - -#define EVP_PK_RSA 0x0001 -#define EVP_PK_DSA 0x0002 -#define EVP_PK_DH 0x0004 -#define EVP_PK_EC 0x0008 - -/* EVP_PKS values indicate the algorithm used to sign a certificate. */ - -#define EVP_PKS_RSA 0x0100 -#define EVP_PKS_DSA 0x0200 -#define EVP_PKS_EC 0x0400 - -/* EVP_PKT values are flags that define what public-key operations can be - * performed with the public key from a certificate. */ - -/* EVP_PKT_SIGN indicates that the public key can be used for signing. */ -#define EVP_PKT_SIGN 0x0010 -/* EVP_PKT_ENC indicates that a session key can be encrypted to the public - * key. */ -#define EVP_PKT_ENC 0x0020 -/* EVP_PKT_EXCH indicates that key-agreement can be performed. */ -#define EVP_PKT_EXCH 0x0040 -/* EVP_PKT_EXP indicates that key is weak (i.e. "export"). */ -#define EVP_PKT_EXP 0x1000 - #ifdef __cplusplus }
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 4c36570..ac739ea 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h
@@ -80,25 +80,6 @@ * dependencies on this header where possible. */ -#if 0 -/* Outer object */ -typedef struct x509_hash_dir_st - { - int num_dirs; - char **dirs; - int *dirs_type; - int num_dirs_alloced; - } X509_HASH_DIR_CTX; -#endif - -typedef struct x509_file_st - { - int num_paths; /* number of paths to files or directories */ - int num_alloced; - char **paths; /* the list of paths or directories */ - int *path_type; - } X509_CERT_FILE_CTX; - /*******************************/ /* SSL_CTX -> X509_STORE @@ -117,10 +98,6 @@ certificate chain. */ -/* The following are legacy constants that should not be used. */ -#define X509_LU_RETRY (-1) -#define X509_LU_FAIL 0 - #define X509_LU_X509 1 #define X509_LU_CRL 2 #define X509_LU_PKEY 3
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index e6e8f01..7375d23 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h
@@ -738,7 +738,6 @@ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ -void ERR_load_X509V3_strings(void); #ifdef __cplusplus