commit 4ac76f07a401b9b11d6ff305049721cfe3f6a777
author Theo Buehler <theorbuehler@gmail.com> Thu Mar 21 22:16:06 2024 +1000
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri Mar 22 04:04:36 2024 +0000
tree e55a4e25f28c21fb8f30a52a1e712ce57adf2d38
parent ae719ab057a7db33a388fd52ea30397273036d63

Remove unused flags argument from trust handlers

Change-Id: Ie16e9ab0897305089672720efa4530d43074f692
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67387
Auto-Submit: Theo Buehler <theorbuehler@gmail.com>
Reviewed-by: Bob Beck <bbe@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

crypto/x509/x509_trs.c

diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index 87137b1..64380c0 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -67,14 +67,14 @@
 
 struct x509_trust_st {
   int trust;
-  int (*check_trust)(const X509_TRUST *, X509 *, int);
+  int (*check_trust)(const X509_TRUST *, X509 *);
   int nid;
 } /* X509_TRUST */;
 
-static int trust_1oidany(const X509_TRUST *trust, X509 *x, int flags);
-static int trust_compat(const X509_TRUST *trust, X509 *x, int flags);
+static int trust_1oidany(const X509_TRUST *trust, X509 *x);
+static int trust_compat(const X509_TRUST *trust, X509 *x);
 
-static int obj_trust(int id, X509 *x, int flags);
+static int obj_trust(int id, X509 *x);
 
 static const X509_TRUST trstandard[] = {
     {X509_TRUST_COMPAT, trust_compat, 0},
@@ -99,36 +99,36 @@
   }
   // We get this as a default value
   if (id == 0) {
-    int rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
+    int rv = obj_trust(NID_anyExtendedKeyUsage, x);
     if (rv != X509_TRUST_UNTRUSTED) {
       return rv;
     }
-    return trust_compat(NULL, x, 0);
+    return trust_compat(NULL, x);
   }
   const X509_TRUST *pt = X509_TRUST_get0(id);
   if (pt == NULL) {
     // Unknown trust IDs are silently reintrepreted as NIDs. This is unreachable
     // from the certificate verifier itself, but wpa_supplicant relies on it.
     // Note this relies on commonly-used NIDs and trust IDs not colliding.
-    return obj_trust(id, x, flags);
+    return obj_trust(id, x);
   }
-  return pt->check_trust(pt, x, flags);
+  return pt->check_trust(pt, x);
 }
 
 int X509_is_valid_trust_id(int trust) {
   return X509_TRUST_get0(trust) != NULL;
 }
 
-static int trust_1oidany(const X509_TRUST *trust, X509 *x, int flags) {
+static int trust_1oidany(const X509_TRUST *trust, X509 *x) {
   if (x->aux && (x->aux->trust || x->aux->reject)) {
-    return obj_trust(trust->nid, x, flags);
+    return obj_trust(trust->nid, x);
   }
   // we don't have any trust settings: for compatibility we return trusted
   // if it is self signed
-  return trust_compat(trust, x, flags);
+  return trust_compat(trust, x);
 }
 
-static int trust_compat(const X509_TRUST *trust, X509 *x, int flags) {
+static int trust_compat(const X509_TRUST *trust, X509 *x) {
   if (!x509v3_cache_extensions(x)) {
     return X509_TRUST_UNTRUSTED;
   }
@@ -139,7 +139,7 @@
   }
 }
 
-static int obj_trust(int id, X509 *x, int flags) {
+static int obj_trust(int id, X509 *x) {
   X509_CERT_AUX *ax = x->aux;
   if (!ax) {
     return X509_TRUST_UNTRUSTED;