Google Git
Sign in
boringssl/boringssl/e6489902b7fb692875341b8ab5e57f0515f47bc1^!/.
commit
e6489902b7fb692875341b8ab5e57f0515f47bc1
[log]
author
David Benjamin <davidben@google.com>
Mon Dec 04 11:39:59 2023 -0500
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Wed Dec 06 22:08:40 2023 +0000
tree
80d39f2e8fbd82cdaa35f872ef22552ed776965c
parent
6099ab92c2447d41ab9e95f5c1bc8cfbc331439f [diff]
Unexport some STACK_OF types.

STACK_OF(GENERAL_NAMES) is STACK_OF(STACK_OF(GENERAL_NAMES)). Nothing
uses this. It appears to be a remnant of CMS and indirect CRL support.
May as well trim the header slightly.

STACK_OF(X509_VERIFY_PARAM) is a remnant of (non-thread-safe) global
registration of X509_VERIFY_PARAMs.

STACK_OF(X509_LOOKUP) is only used internally.

May as well prune them from the header so the file expands to be a bit
less code.

Update-Note: A few obscure STACK_OF(T) types are unexported. This is not
expected to impact anyone.

Change-Id: I03757c8522531132a31270b6dab055966b6e9070
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64527
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index efb9037..9e943e0 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h

@@ -318,6 +318,8 @@
                         X509_OBJECT *ret);
 } /* X509_LOOKUP_METHOD */;
 
+DEFINE_STACK_OF(X509_LOOKUP)
+
 // This is used to hold everything.  It is used for all certificate
 // validation.  Once we have a certificate chain, the 'verify'
 // function is then called to actually check the cert chain.

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 12b38c8..1fa89fd 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h

@@ -3143,8 +3143,6 @@
 #define X509_TRUST_REJECTED 2
 #define X509_TRUST_UNTRUSTED 3
 
-DECLARE_STACK_OF(GENERAL_NAMES)
-
 // X509_verify_cert_error_string returns |err| as a human-readable string, where
 // |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
 // a default description.
@@ -3206,9 +3204,7 @@
 #define X509_LU_CRL 2
 #define X509_LU_PKEY 3
 
-DEFINE_STACK_OF(X509_LOOKUP)
 DEFINE_STACK_OF(X509_OBJECT)
-DEFINE_STACK_OF(X509_VERIFY_PARAM)
 
 typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
 typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx,
@@ -3828,8 +3824,6 @@
   } d;
 } /* GENERAL_NAME */;
 
-DEFINE_STACK_OF(GENERAL_NAMES)
-
 typedef struct ACCESS_DESCRIPTION_st {
   ASN1_OBJECT *method;
   GENERAL_NAME *location;