Unexport some ASN1_ITEMs that aren't used externally
The only ASN1_ITEMs from x509.h that are referenced externally are
X509_NAME, X509_ALGOR, and RSA_PSS_PARAMS. (RSA_PSS_PARAMS only by way
of an ASN1_item_pack call.) The others don't actually need ASN1_ITEMs.
This will cut down on the number of compatibility schemes we need when
the parsers are rewritten.
Also remove (d2i|i2d)_X509_NAME_ENTRY. It seems people only need to
create and destroy them, not serialize them individually.
It also means we can actually remove X509's ASN1_ITEM, as it's already
unused inside the library. I've replaced EmbedX509 with tests for the
types that are actually embedded. Those have not yet been rewritten,
but the tests are now ready for when they are.
Update-Note: Fewer types can be parsed generically through the ASN1_ITEM
system now. If someone was relying on a removed ASN1_ITEM, it will
appear as a compile error and we can restore it.
Bug: 443
Change-Id: Ib2a75d40c2e93dcf1c0474cf0df4a96190aac9a4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/63946
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/asn1/asn1_test.cc b/crypto/asn1/asn1_test.cc
index 07628c8..b97bd63 100644
--- a/crypto/asn1/asn1_test.cc
+++ b/crypto/asn1/asn1_test.cc
@@ -2823,93 +2823,109 @@
TestSerialize(obj.get(), i2d_OPTIONAL_CHOICE, kTrue);
}
-struct EMBED_X509 {
- X509 *x509;
- X509 *x509_opt;
- STACK_OF(X509) *x509_seq;
+struct EMBED_X509_ALGOR {
+ X509_ALGOR *simple;
+ X509_ALGOR *opt;
+ STACK_OF(X509_ALGOR) *seq;
};
-DECLARE_ASN1_FUNCTIONS(EMBED_X509)
-ASN1_SEQUENCE(EMBED_X509) = {
- ASN1_SIMPLE(EMBED_X509, x509, X509),
- ASN1_EXP_OPT(EMBED_X509, x509_opt, X509, 0),
- ASN1_IMP_SEQUENCE_OF_OPT(EMBED_X509, x509_seq, X509, 1),
-} ASN1_SEQUENCE_END(EMBED_X509)
-IMPLEMENT_ASN1_FUNCTIONS(EMBED_X509)
+struct EMBED_X509_NAME {
+ X509_NAME *simple;
+ X509_NAME *opt;
+ STACK_OF(X509_NAME) *seq;
+};
-// Test that X.509 types defined in this library can be embedded into other
-// types, as we rewrite them away from the templating system.
-TEST(ASN1Test, EmbedX509) {
- // Set up a test certificate.
- static const char kTestCert[] = R"(
------BEGIN CERTIFICATE-----
-MIIBzzCCAXagAwIBAgIJANlMBNpJfb/rMAkGByqGSM49BAEwRTELMAkGA1UEBhMC
-QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
-dHMgUHR5IEx0ZDAeFw0xNDA0MjMyMzIxNTdaFw0xNDA1MjMyMzIxNTdaMEUxCzAJ
-BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
-dCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATmK2ni
-v2Wfl74vHg2UikzVl2u3qR4NRvvdqakendy6WgHn1peoChj5w8SjHlbifINI2xYa
-HPUdfvGULUvPciLBo1AwTjAdBgNVHQ4EFgQUq4TSrKuV8IJOFngHVVdf5CaNgtEw
-HwYDVR0jBBgwFoAUq4TSrKuV8IJOFngHVVdf5CaNgtEwDAYDVR0TBAUwAwEB/zAJ
-BgcqhkjOPQQBA0gAMEUCIQDyoDVeUTo2w4J5m+4nUIWOcAZ0lVfSKXQA9L4Vh13E
-BwIgfB55FGohg/B6dGh5XxSZmmi08cueFV7mHzJSYV51yRQ=
------END CERTIFICATE-----
-)";
- bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kTestCert, sizeof(kTestCert)));
- ASSERT_TRUE(bio);
- bssl::UniquePtr<X509> cert(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
- ASSERT_TRUE(cert);
- uint8_t *cert_der = nullptr;
- int cert_len = i2d_X509(cert.get(), &cert_der);
- ASSERT_GT(cert_len, 0);
- bssl::UniquePtr<uint8_t> free_cert_der(cert_der);
+DECLARE_ASN1_FUNCTIONS(EMBED_X509_ALGOR)
+ASN1_SEQUENCE(EMBED_X509_ALGOR) = {
+ ASN1_SIMPLE(EMBED_X509_ALGOR, simple, X509_ALGOR),
+ ASN1_EXP_OPT(EMBED_X509_ALGOR, opt, X509_ALGOR, 0),
+ ASN1_IMP_SEQUENCE_OF_OPT(EMBED_X509_ALGOR, seq, X509_ALGOR, 1),
+} ASN1_SEQUENCE_END(EMBED_X509_ALGOR)
+IMPLEMENT_ASN1_FUNCTIONS(EMBED_X509_ALGOR)
- std::unique_ptr<EMBED_X509, decltype(&EMBED_X509_free)> obj(nullptr,
- EMBED_X509_free);
+DECLARE_ASN1_FUNCTIONS(EMBED_X509_NAME)
+ASN1_SEQUENCE(EMBED_X509_NAME) = {
+ ASN1_SIMPLE(EMBED_X509_NAME, simple, X509_NAME),
+ ASN1_EXP_OPT(EMBED_X509_NAME, opt, X509_NAME, 0),
+ ASN1_IMP_SEQUENCE_OF_OPT(EMBED_X509_NAME, seq, X509_NAME, 1),
+} ASN1_SEQUENCE_END(EMBED_X509_NAME)
+IMPLEMENT_ASN1_FUNCTIONS(EMBED_X509_NAME)
+
+template <typename EmbedT, typename T, typename MaybeConstT, typename StackT>
+void TestEmbedType(bssl::Span<const uint8_t> inp,
+ int (*i2d)(MaybeConstT *, uint8_t **),
+ EmbedT *(*embed_new)(), void (*embed_free)(EmbedT *),
+ EmbedT *(*d2i_embed)(EmbedT **, const uint8_t **, long),
+ int (*i2d_embed)(EmbedT *, uint8_t **),
+ size_t (*sk_num)(const StackT *),
+ T *(*sk_value)(const StackT *, size_t)) {
+ std::unique_ptr<EmbedT, decltype(embed_free)> obj(nullptr, embed_free);
// Test only the first field present.
bssl::ScopedCBB cbb;
ASSERT_TRUE(CBB_init(cbb.get(), 64));
CBB seq;
ASSERT_TRUE(CBB_add_asn1(cbb.get(), &seq, CBS_ASN1_SEQUENCE));
- ASSERT_TRUE(CBB_add_bytes(&seq, cert_der, cert_len));
+ ASSERT_TRUE(CBB_add_bytes(&seq, inp.data(), inp.size()));
ASSERT_TRUE(CBB_flush(cbb.get()));
const uint8_t *ptr = CBB_data(cbb.get());
- obj.reset(d2i_EMBED_X509(nullptr, &ptr, CBB_len(cbb.get())));
+ obj.reset(d2i_embed(nullptr, &ptr, CBB_len(cbb.get())));
ASSERT_TRUE(obj);
- ASSERT_TRUE(obj->x509);
- EXPECT_EQ(X509_cmp(obj->x509, cert.get()), 0);
- EXPECT_FALSE(obj->x509_opt);
- EXPECT_FALSE(obj->x509_seq);
- TestSerialize(obj.get(), i2d_EMBED_X509,
+ ASSERT_TRUE(obj->simple);
+ // Test the field was parsed correctly by reserializing it.
+ TestSerialize(obj->simple, i2d, inp);
+ EXPECT_FALSE(obj->opt);
+ EXPECT_FALSE(obj->seq);
+ TestSerialize(obj.get(), i2d_embed,
{CBB_data(cbb.get()), CBB_len(cbb.get())});
// Test all fields present.
cbb.Reset();
ASSERT_TRUE(CBB_init(cbb.get(), 64));
ASSERT_TRUE(CBB_add_asn1(cbb.get(), &seq, CBS_ASN1_SEQUENCE));
- ASSERT_TRUE(CBB_add_bytes(&seq, cert_der, cert_len));
+ ASSERT_TRUE(CBB_add_bytes(&seq, inp.data(), inp.size()));
CBB child;
ASSERT_TRUE(CBB_add_asn1(
&seq, &child, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0));
- ASSERT_TRUE(CBB_add_bytes(&child, cert_der, cert_len));
+ ASSERT_TRUE(CBB_add_bytes(&child, inp.data(), inp.size()));
ASSERT_TRUE(CBB_add_asn1(
&seq, &child, CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 1));
- ASSERT_TRUE(CBB_add_bytes(&child, cert_der, cert_len));
- ASSERT_TRUE(CBB_add_bytes(&child, cert_der, cert_len));
+ ASSERT_TRUE(CBB_add_bytes(&child, inp.data(), inp.size()));
+ ASSERT_TRUE(CBB_add_bytes(&child, inp.data(), inp.size()));
ASSERT_TRUE(CBB_flush(cbb.get()));
ptr = CBB_data(cbb.get());
- obj.reset(d2i_EMBED_X509(nullptr, &ptr, CBB_len(cbb.get())));
+ obj.reset(d2i_embed(nullptr, &ptr, CBB_len(cbb.get())));
ASSERT_TRUE(obj);
- ASSERT_TRUE(obj->x509);
- EXPECT_EQ(X509_cmp(obj->x509, cert.get()), 0);
- ASSERT_TRUE(obj->x509_opt);
- EXPECT_EQ(X509_cmp(obj->x509_opt, cert.get()), 0);
- ASSERT_EQ(sk_X509_num(obj->x509_seq), 2u);
- EXPECT_EQ(X509_cmp(sk_X509_value(obj->x509_seq, 0), cert.get()), 0);
- EXPECT_EQ(X509_cmp(sk_X509_value(obj->x509_seq, 1), cert.get()), 0);
- TestSerialize(obj.get(), i2d_EMBED_X509,
+ ASSERT_TRUE(obj->simple);
+ TestSerialize(obj->simple, i2d, inp);
+ ASSERT_TRUE(obj->opt);
+ TestSerialize(obj->opt, i2d, inp);
+ ASSERT_EQ(sk_num(obj->seq), 2u);
+ TestSerialize(sk_value(obj->seq, 0), i2d, inp);
+ TestSerialize(sk_value(obj->seq, 1), i2d, inp);
+ TestSerialize(obj.get(), i2d_embed,
{CBB_data(cbb.get()), CBB_len(cbb.get())});
}
+// Test that X.509 types defined in this library can be embedded into other
+// types, as we rewrite them away from the templating system.
+TEST(ASN1Test, EmbedTypes) {
+ static const uint8_t kTestAlg[] = {0x30, 0x09, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x04, 0x01};
+ TestEmbedType(kTestAlg, i2d_X509_ALGOR, EMBED_X509_ALGOR_new,
+ EMBED_X509_ALGOR_free, d2i_EMBED_X509_ALGOR,
+ i2d_EMBED_X509_ALGOR, sk_X509_ALGOR_num, sk_X509_ALGOR_value);
+
+ static const uint8_t kTestName[] = {
+ 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
+ 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
+ 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
+ 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
+ 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64};
+ TestEmbedType(kTestName, i2d_X509_NAME, EMBED_X509_NAME_new,
+ EMBED_X509_NAME_free, d2i_EMBED_X509_NAME, i2d_EMBED_X509_NAME,
+ sk_X509_NAME_num, sk_X509_NAME_value);
+}
+
#endif // !WINDOWS || !SHARED_LIBRARY
diff --git a/crypto/pkcs8/pkcs8_x509.c b/crypto/pkcs8/pkcs8_x509.c
index 2d0bf08..f17ee1f 100644
--- a/crypto/pkcs8/pkcs8_x509.c
+++ b/crypto/pkcs8/pkcs8_x509.c
@@ -70,9 +70,10 @@
#include <openssl/rand.h>
#include <openssl/x509.h>
-#include "internal.h"
#include "../bytestring/internal.h"
#include "../internal.h"
+#include "../x509/internal.h"
+#include "internal.h"
int pkcs12_iterations_acceptable(uint64_t iterations) {
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index 4256755..0f3f554 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -86,12 +86,20 @@
EVP_PKEY *pkey;
} /* X509_PUBKEY */;
+// X509_PUBKEY is an |ASN1_ITEM| whose ASN.1 type is SubjectPublicKeyInfo and C
+// type is |X509_PUBKEY*|.
+DECLARE_ASN1_ITEM(X509_PUBKEY)
+
struct X509_name_entry_st {
ASN1_OBJECT *object;
ASN1_STRING *value;
int set;
} /* X509_NAME_ENTRY */;
+// X509_NAME_ENTRY is an |ASN1_ITEM| whose ASN.1 type is AttributeTypeAndValue
+// (RFC 5280) and C type is |X509_NAME_ENTRY*|.
+DECLARE_ASN1_ITEM(X509_NAME_ENTRY)
+
// we always keep X509_NAMEs in 2 forms.
struct X509_name_st {
STACK_OF(X509_NAME_ENTRY) *entries;
@@ -107,6 +115,10 @@
STACK_OF(ASN1_TYPE) *set;
} /* X509_ATTRIBUTE */;
+// X509_ATTRIBUTE is an |ASN1_ITEM| whose ASN.1 type is Attribute (RFC 2986) and
+// C type is |X509_ATTRIBUTE*|.
+DECLARE_ASN1_ITEM(X509_ATTRIBUTE)
+
typedef struct x509_cert_aux_st {
STACK_OF(ASN1_OBJECT) *trust; // trusted uses
STACK_OF(ASN1_OBJECT) *reject; // rejected uses
@@ -122,6 +134,14 @@
ASN1_OCTET_STRING *value;
} /* X509_EXTENSION */;
+// X509_EXTENSION is an |ASN1_ITEM| whose ASN.1 type is X.509 Extension (RFC
+// 5280) and C type is |X509_EXTENSION*|.
+DECLARE_ASN1_ITEM(X509_EXTENSION)
+
+// X509_EXTENSIONS is an |ASN1_ITEM| whose ASN.1 type is SEQUENCE of Extension
+// (RFC 5280) and C type is |STACK_OF(X509_EXTENSION)*|.
+DECLARE_ASN1_ITEM(X509_EXTENSIONS)
+
typedef struct {
ASN1_INTEGER *version; // [ 0 ] default of v1
ASN1_INTEGER *serialNumber;
@@ -162,6 +182,10 @@
CRYPTO_MUTEX lock;
} /* X509 */;
+// X509 is an |ASN1_ITEM| whose ASN.1 type is X.509 Certificate (RFC 5280) and C
+// type is |X509*|.
+DECLARE_ASN1_ITEM(X509)
+
typedef struct {
ASN1_ENCODING enc;
ASN1_INTEGER *version;
@@ -181,6 +205,10 @@
ASN1_BIT_STRING *signature;
} /* X509_REQ */;
+// X509_REQ is an |ASN1_ITEM| whose ASN.1 type is CertificateRequest (RFC 2986)
+// and C type is |X509_REQ*|.
+DECLARE_ASN1_ITEM(X509_REQ)
+
struct x509_revoked_st {
ASN1_INTEGER *serialNumber;
ASN1_TIME *revocationDate;
@@ -189,6 +217,11 @@
int reason;
} /* X509_REVOKED */;
+// X509_REVOKED is an |ASN1_ITEM| whose ASN.1 type is an element of the
+// revokedCertificates field of TBSCertList (RFC 5280) and C type is
+// |X509_REVOKED*|.
+DECLARE_ASN1_ITEM(X509_REVOKED)
+
typedef struct {
ASN1_INTEGER *version;
X509_ALGOR *sig_alg;
@@ -235,6 +268,10 @@
unsigned char crl_hash[SHA256_DIGEST_LENGTH];
} /* X509_CRL */;
+// X509_CRL is an |ASN1_ITEM| whose ASN.1 type is X.509 CertificateList (RFC
+// 5280) and C type is |X509_CRL*|.
+DECLARE_ASN1_ITEM(X509_CRL)
+
struct X509_VERIFY_PARAM_st {
char *name;
int64_t check_time; // POSIX time to use
@@ -266,6 +303,14 @@
} data;
} /* X509_OBJECT */;
+// NETSCAPE_SPKI is an |ASN1_ITEM| whose ASN.1 type is
+// SignedPublicKeyAndChallenge and C type is |NETSCAPE_SPKI*|.
+DECLARE_ASN1_ITEM(NETSCAPE_SPKI)
+
+// NETSCAPE_SPKAC is an |ASN1_ITEM| whose ASN.1 type is PublicKeyAndChallenge
+// and C type is |NETSCAPE_SPKAC*|.
+DECLARE_ASN1_ITEM(NETSCAPE_SPKAC)
+
// This is a static that defines the function interface
struct x509_lookup_method_st {
const char *name;
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index 0bca639..e2c28e6 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -99,7 +99,7 @@
ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE),
} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
-IMPLEMENT_ASN1_FUNCTIONS_const(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X509_NAME_ENTRY)
IMPLEMENT_ASN1_DUP_FUNCTION_const(X509_NAME_ENTRY)
// For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so
diff --git a/crypto/x509/x_spki.c b/crypto/x509/x_spki.c
index 905a87b..b991711 100644
--- a/crypto/x509/x_spki.c
+++ b/crypto/x509/x_spki.c
@@ -60,6 +60,8 @@
#include <openssl/asn1t.h>
#include <openssl/x509.h>
+#include "internal.h"
+
ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 2d4d555..8e22059c 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -300,54 +300,6 @@
return -1;
}
-static int x509_new_cb(ASN1_VALUE **pval, const ASN1_ITEM *it) {
- *pval = (ASN1_VALUE *)X509_new();
- return *pval != NULL;
-}
-
-static void x509_free_cb(ASN1_VALUE **pval, const ASN1_ITEM *it) {
- X509_free((X509 *)*pval);
- *pval = NULL;
-}
-
-static int x509_d2i_cb(ASN1_VALUE **pval, const unsigned char **in, long len,
- const ASN1_ITEM *it, int opt, ASN1_TLC *ctx) {
- if (len < 0) {
- OPENSSL_PUT_ERROR(ASN1, ASN1_R_BUFFER_TOO_SMALL);
- return 0;
- }
-
- CBS cbs;
- CBS_init(&cbs, *in, len);
- if (opt && !CBS_peek_asn1_tag(&cbs, CBS_ASN1_SEQUENCE)) {
- return -1;
- }
-
- X509 *ret = x509_parse(&cbs, NULL);
- if (ret == NULL) {
- return 0;
- }
-
- *in = CBS_data(&cbs);
- X509_free((X509 *)*pval);
- *pval = (ASN1_VALUE *)ret;
- return 1;
-}
-
-static int x509_i2d_cb(ASN1_VALUE **pval, unsigned char **out,
- const ASN1_ITEM *it) {
- return i2d_X509((X509 *)*pval, out);
-}
-
-static const ASN1_EXTERN_FUNCS x509_extern_funcs = {
- x509_new_cb,
- x509_free_cb,
- x509_d2i_cb,
- x509_i2d_cb,
-};
-
-IMPLEMENT_EXTERN_ASN1(X509, V_ASN1_SEQUENCE, x509_extern_funcs)
-
X509 *X509_dup(X509 *x509) {
uint8_t *der = NULL;
int len = i2d_X509(x509, &der);
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 93ff69e..18f70bd 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -118,10 +118,6 @@
DEFINE_STACK_OF(X509)
-// X509 is an |ASN1_ITEM| whose ASN.1 type is X.509 Certificate (RFC 5280) and C
-// type is |X509*|.
-DECLARE_ASN1_ITEM(X509)
-
// X509_up_ref adds one to the reference count of |x509| and returns one.
OPENSSL_EXPORT int X509_up_ref(X509 *x509);
@@ -517,10 +513,6 @@
DEFINE_STACK_OF(X509_CRL)
DEFINE_STACK_OF(X509_REVOKED)
-// X509_CRL is an |ASN1_ITEM| whose ASN.1 type is X.509 CertificateList (RFC
-// 5280) and C type is |X509_CRL*|.
-DECLARE_ASN1_ITEM(X509_CRL)
-
// X509_CRL_up_ref adds one to the reference count of |crl| and returns one.
OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl);
@@ -779,11 +771,6 @@
// to mutate the object. Doing so may break |X509_CRL|'s and cause the library
// to behave incorrectly.
-// X509_REVOKED is an |ASN1_ITEM| whose ASN.1 type is an element of the
-// revokedCertificates field of TBSCertList (RFC 5280) and C type is
-// |X509_REVOKED*|.
-DECLARE_ASN1_ITEM(X509_REVOKED)
-
// X509_REVOKED_new returns a newly-allocated, empty |X509_REVOKED| object, or
// NULL on allocation error.
OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_new(void);
@@ -907,10 +894,6 @@
// Instead, mutation functions should only be used when issuing new CRLs, as
// described in a later section.
-// X509_REQ is an |ASN1_ITEM| whose ASN.1 type is CertificateRequest (RFC 2986)
-// and C type is |X509_REQ*|.
-DECLARE_ASN1_ITEM(X509_REQ)
-
// X509_REQ_dup returns a newly-allocated copy of |req|, or NULL on error. This
// function works by serializing the structure, so if |req| is incomplete, it
// may fail.
@@ -1291,10 +1274,6 @@
ossl_ssize_t len, int loc,
int set);
-// X509_NAME_ENTRY is an |ASN1_ITEM| whose ASN.1 type is AttributeTypeAndValue
-// (RFC 5280) and C type is |X509_NAME_ENTRY*|.
-DECLARE_ASN1_ITEM(X509_NAME_ENTRY)
-
// X509_NAME_ENTRY_new returns a new, empty |X509_NAME_ENTRY_new|, or NULL on
// error.
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
@@ -1302,17 +1281,6 @@
// X509_NAME_ENTRY_free releases memory associated with |entry|.
OPENSSL_EXPORT void X509_NAME_ENTRY_free(X509_NAME_ENTRY *entry);
-// d2i_X509_NAME_ENTRY parses up to |len| bytes from |*inp| as a DER-encoded
-// AttributeTypeAndValue (RFC 5280), as described in |d2i_SAMPLE|.
-OPENSSL_EXPORT X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **out,
- const uint8_t **inp,
- long len);
-
-// i2d_X509_NAME_ENTRY marshals |in| as a DER-encoded AttributeTypeAndValue (RFC
-// 5280), as described in |i2d_SAMPLE|.
-OPENSSL_EXPORT int i2d_X509_NAME_ENTRY(const X509_NAME_ENTRY *in,
- uint8_t **outp);
-
// X509_NAME_ENTRY_dup returns a newly-allocated copy of |entry|, or NULL on
// error.
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_dup(
@@ -1393,10 +1361,6 @@
// X.509 encodes public keys as SubjectPublicKeyInfo (RFC 5280), sometimes
// referred to as SPKI. These are represented in this library by |X509_PUBKEY|.
-// X509_PUBKEY is an |ASN1_ITEM| whose ASN.1 type is SubjectPublicKeyInfo and C
-// type is |X509_PUBKEY*|.
-DECLARE_ASN1_ITEM(X509_PUBKEY)
-
// X509_PUBKEY_new returns a newly-allocated, empty |X509_PUBKEY| object, or
// NULL on error.
OPENSSL_EXPORT X509_PUBKEY *X509_PUBKEY_new(void);
@@ -1470,10 +1434,6 @@
// determined by the extension type. This library represents extensions with the
// |X509_EXTENSION| type.
-// X509_EXTENSION is an |ASN1_ITEM| whose ASN.1 type is X.509 Extension (RFC
-// 5280) and C type is |X509_EXTENSION*|.
-DECLARE_ASN1_ITEM(X509_EXTENSION)
-
// X509_EXTENSION_new returns a newly-allocated, empty |X509_EXTENSION| object
// or NULL on error.
OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_new(void);
@@ -1552,10 +1512,6 @@
DEFINE_STACK_OF(X509_EXTENSION)
typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
-// X509_EXTENSIONS is an |ASN1_ITEM| whose ASN.1 type is SEQUENCE of Extension
-// (RFC 5280) and C type is |STACK_OF(X509_EXTENSION)*|.
-DECLARE_ASN1_ITEM(X509_EXTENSIONS)
-
// d2i_X509_EXTENSIONS parses up to |len| bytes from |*inp| as a DER-encoded
// SEQUENCE OF Extension (RFC 5280), as described in |d2i_SAMPLE|.
OPENSSL_EXPORT X509_EXTENSIONS *d2i_X509_EXTENSIONS(X509_EXTENSIONS **out,
@@ -1709,10 +1665,6 @@
DEFINE_STACK_OF(X509_ATTRIBUTE)
-// X509_ATTRIBUTE is an |ASN1_ITEM| whose ASN.1 type is Attribute (RFC 2986) and
-// C type is |X509_ATTRIBUTE*|.
-DECLARE_ASN1_ITEM(X509_ATTRIBUTE)
-
// X509_ATTRIBUTE_new returns a newly-allocated, empty |X509_ATTRIBUTE| object,
// or NULL on error. |X509_ATTRIBUTE_set1_*| may be used to finish initializing
// it.
@@ -1854,10 +1806,6 @@
ASN1_BIT_STRING *signature;
} /* NETSCAPE_SPKI */;
-// NETSCAPE_SPKI is an |ASN1_ITEM| whose ASN.1 type is
-// SignedPublicKeyAndChallenge and C type is |NETSCAPE_SPKI*|.
-DECLARE_ASN1_ITEM(NETSCAPE_SPKI)
-
// NETSCAPE_SPKI_new returns a newly-allocated, empty |NETSCAPE_SPKI| object, or
// NULL on error.
OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_new(void);
@@ -1918,10 +1866,6 @@
ASN1_IA5STRING *challenge;
} /* NETSCAPE_SPKAC */;
-// NETSCAPE_SPKAC is an |ASN1_ITEM| whose ASN.1 type is PublicKeyAndChallenge
-// and C type is |NETSCAPE_SPKAC*|.
-DECLARE_ASN1_ITEM(NETSCAPE_SPKAC)
-
// NETSCAPE_SPKAC_new returns a newly-allocated, empty |NETSCAPE_SPKAC| object,
// or NULL on error.
OPENSSL_EXPORT NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void);
@@ -1992,10 +1936,6 @@
//
// TODO(davidben): Do these functions really belong in this header?
-// PKCS8_PRIV_KEY_INFO is an |ASN1_ITEM| whose ASN.1 type is PrivateKeyInfo and
-// C type is |PKCS8_PRIV_KEY_INFO*|.
-DECLARE_ASN1_ITEM(PKCS8_PRIV_KEY_INFO)
-
// PKCS8_PRIV_KEY_INFO_new returns a newly-allocated, empty
// |PKCS8_PRIV_KEY_INFO| object, or NULL on error.
OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
@@ -2035,10 +1975,6 @@
// no type in X.509 which matches this format. The two common types which do are
// DigestInfo (RFC 2315 and RFC 8017), and EncryptedPrivateKeyInfo (RFC 5208).
-// X509_SIG is an |ASN1_ITEM| whose ASN.1 type is the SEQUENCE described above
-// and C type is |X509_SIG*|.
-DECLARE_ASN1_ITEM(X509_SIG)
-
// X509_SIG_new returns a newly-allocated, empty |X509_SIG| object, or NULL on
// error.
OPENSSL_EXPORT X509_SIG *X509_SIG_new(void);
