commit beaf594f8b3969219d531e6ba77a08387befc929
author David Benjamin <davidben@google.com> Fri Jun 19 12:26:20 2020 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri Jun 19 21:46:02 2020 +0000
tree cd9c3ab9e4e293ef104c575b31bd968fc078715d
parent 991d31bbf11471d723f4a57a62100aff7f3cb9a5

Remove X509_get_signature_type.

This macro dates to SSLeay. It is never used and for good reason: it
doesn't do anything. EVP_PKEY_type returns NID_undef if the NID is not
key type, but it is being passed in a signature algorithm type. This
means that, except for invalid certificates, or the rare algorithms
where the two OIDs match (Ed25519), it always returns NID_undef.

Update-Note: If there are any calls to X509_get_signature_type, remove
them. It more-or-less always returned NID_undef.

Change-Id: I6e2e41f171143c28f2afce2890f029b776cc36b5
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41806
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

include/openssl/x509.h

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 8f78f4a..3efaea8 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -496,8 +496,6 @@
 #define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
 #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
 #define X509_name_cmp(a, b) X509_NAME_cmp((a), (b))
-#define X509_get_signature_type(x) \
-  EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
 
 #define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
 const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);