Remove PEM_X509_INFO_write_bio.
Nothing calls this function, it doesn't support most key types, and
accesses pkey.rsa without checking the type. Just remove it.
Change-Id: I073dfe74c545c7e08578b85105c88a19bbddf58a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53505
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index e30faa3..04b4743 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -263,84 +263,3 @@
OPENSSL_free(data);
return ret;
}
-
-// A TJH addition
-int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
- unsigned char *kstr, int klen, pem_password_cb *cb,
- void *u) {
- int i, ret = 0;
- unsigned char *data = NULL;
- const char *objstr = NULL;
- char buf[PEM_BUFSIZE];
- unsigned char *iv = NULL;
- unsigned iv_len = 0;
-
- if (enc != NULL) {
- iv_len = EVP_CIPHER_iv_length(enc);
- objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
- if (objstr == NULL) {
- OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER);
- goto err;
- }
- }
-
- // now for the fun part ... if we have a private key then we have to be
- // able to handle a not-yet-decrypted key being written out correctly ...
- // if it is decrypted or it is non-encrypted then we use the base code
- if (xi->x_pkey != NULL) {
- if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
- if (enc == NULL) {
- OPENSSL_PUT_ERROR(PEM, PEM_R_CIPHER_IS_NULL);
- goto err;
- }
-
- // copy from weirdo names into more normal things
- iv = xi->enc_cipher.iv;
- data = (unsigned char *)xi->enc_data;
- i = xi->enc_len;
-
- // we take the encryption data from the internal stuff rather
- // than what the user has passed us ... as we have to match
- // exactly for some strange reason
- objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
- if (objstr == NULL) {
- OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER);
- goto err;
- }
-
- // create the right magic header stuff
- assert(strlen(objstr) + 23 + 2 * iv_len + 13 <= sizeof buf);
- buf[0] = '\0';
- PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
- PEM_dek_info(buf, objstr, iv_len, (char *)iv);
-
- // use the normal code to write things out
- i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
- if (i <= 0) {
- goto err;
- }
- } else {
- // Add DSA/DH
- // normal optionally encrypted stuff
- if (PEM_write_bio_RSAPrivateKey(bp, xi->x_pkey->dec_pkey->pkey.rsa, enc,
- kstr, klen, cb, u) <= 0) {
- goto err;
- }
- }
- }
-
- // if we have a certificate then write it out now
- if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0)) {
- goto err;
- }
-
- // we are ignoring anything else that is loaded into the X509_INFO
- // structure for the moment ... as I don't need it so I'm not coding it
- // here and Eric can do it when this makes it into the base library --tjh
-
- ret = 1;
-
-err:
- OPENSSL_cleanse(buf, PEM_BUFSIZE);
- return ret;
-}
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index a94f276..56075ae 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -349,10 +349,6 @@
OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(
BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
-OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi,
- EVP_CIPHER *enc, unsigned char *kstr,
- int klen, pem_password_cb *cd,
- void *u);
OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
