Unexport some conf layers unused outside of libcrypto

imodules are called imodules because they contain Information about
modules that have been Initialized. Which one of these two I it is
is anyone's best guess. Why anything outside of libcrypto would ever
possibly care will also remain a mystery.

Remove the old way of adding a conf module, user data, stop allowing
to set a method (it's opaque now, remember?) and drop a couple bits
more from the public api interface.

ok beck jsing

10 files changed, 31 insertions, 84 deletions

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index 3385b631e74..20abe2588f2 100644
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list
@@ -594,27 +594,12 @@ CONF_get1_default_config_file
 CONF_get_number
 CONF_get_section
 CONF_get_string
-CONF_imodule_get_flags
-CONF_imodule_get_module
-CONF_imodule_get_name
-CONF_imodule_get_usr_data
-CONF_imodule_get_value
-CONF_imodule_set_flags
-CONF_imodule_set_usr_data
 CONF_load
-CONF_load_bio
-CONF_load_fp
-CONF_module_add
-CONF_module_get_usr_data
-CONF_module_set_usr_data
 CONF_modules_finish
 CONF_modules_free
 CONF_modules_load
 CONF_modules_load_file
 CONF_modules_unload
-CONF_parse_list
-CONF_set_default_method
-CONF_set_nconf
 CRL_DIST_POINTS_free
 CRL_DIST_POINTS_it
 CRL_DIST_POINTS_new
@@ -1510,7 +1495,6 @@ NCONF_get_section
 NCONF_get_string
 NCONF_load
 NCONF_load_bio
-NCONF_load_fp
 NCONF_new
 NETSCAPE_SPKAC_free
 NETSCAPE_SPKAC_it
diff --git a/lib/libcrypto/asn1/asn1_gen.c b/lib/libcrypto/asn1/asn1_gen.c
index c7eafd72677..4b8d7051abf 100644
--- a/lib/libcrypto/asn1/asn1_gen.c
+++ b/lib/libcrypto/asn1/asn1_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_gen.c,v 1.22 2024/05/17 02:57:26 tb Exp $ */
+/* $OpenBSD: asn1_gen.c,v 1.23 2024/08/31 09:26:18 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2002.
  */
@@ -63,6 +63,7 @@
 #include <openssl/x509v3.h>
 
 #include "asn1_local.h"
+#include "conf_local.h"
 
 #define ASN1_GEN_FLAG		0x10000
 #define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)
diff --git a/lib/libcrypto/asn1/asn_moid.c b/lib/libcrypto/asn1/asn_moid.c
index 68749804632..e3c7d09446c 100644
--- a/lib/libcrypto/asn1/asn_moid.c
+++ b/lib/libcrypto/asn1/asn_moid.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn_moid.c,v 1.17 2024/03/02 09:02:04 tb Exp $ */
+/* $OpenBSD: asn_moid.c,v 1.18 2024/08/31 09:26:18 tb Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -66,6 +66,7 @@
 #include <openssl/x509.h>
 
 #include "asn1_local.h"
+#include "conf_local.h"
 
 /* Simple ASN1 OID module: add all objects in a given section */
 
diff --git a/lib/libcrypto/conf/conf.h b/lib/libcrypto/conf/conf.h
index 5129a259b32..feccaafb05d 100644
--- a/lib/libcrypto/conf/conf.h
+++ b/lib/libcrypto/conf/conf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.h,v 1.18 2024/08/31 09:21:44 tb Exp $ */
+/* $OpenBSD: conf.h,v 1.19 2024/08/31 09:26:18 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -138,7 +138,6 @@ void NCONF_free(CONF *conf);
 void NCONF_free_data(CONF *conf);
 
 int NCONF_load(CONF *conf, const char *file, long *eline);
-int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
 int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
 STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section);
 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
@@ -156,24 +155,9 @@ int CONF_modules_load_file(const char *filename, const char *appname,
 void CONF_modules_unload(int all);
 void CONF_modules_finish(void);
 void CONF_modules_free(void);
-int CONF_module_add(const char *name, conf_init_func *ifunc,
-    conf_finish_func *ffunc);
-
-const char *CONF_imodule_get_name(const CONF_IMODULE *md);
-const char *CONF_imodule_get_value(const CONF_IMODULE *md);
-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
-void *CONF_module_get_usr_data(CONF_MODULE *pmod);
-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
 
 char *CONF_get1_default_config_file(void);
 
-int CONF_parse_list(const char *list, int sep, int nospc,
-    int (*list_cb)(const char *elem, int len, void *usr), void *arg);
-
 void OPENSSL_load_builtin_modules(void);
 
 void ERR_load_CONF_strings(void);
diff --git a/lib/libcrypto/conf/conf_lib.c b/lib/libcrypto/conf/conf_lib.c
index fca7486de37..abeea5588f6 100644
--- a/lib/libcrypto/conf/conf_lib.c
+++ b/lib/libcrypto/conf/conf_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_lib.c,v 1.19 2024/08/31 09:21:44 tb Exp $ */
+/* $OpenBSD: conf_lib.c,v 1.20 2024/08/31 09:26:18 tb Exp $ */
 /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
  * project 2000.
  */
@@ -77,7 +77,6 @@ CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash)
 	default_CONF_method->init(conf);
 	conf->data = hash;
 }
-LCRYPTO_ALIAS(CONF_set_nconf);
 
 /* The following section contains the "CONF classic" functions,
    rewritten in terms of the new CONF interface. */
@@ -88,7 +87,6 @@ CONF_set_default_method(CONF_METHOD *meth)
 	default_CONF_method = meth;
 	return 1;
 }
-LCRYPTO_ALIAS(CONF_set_default_method);
 
 LHASH_OF(CONF_VALUE) *
 CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, long *eline)
@@ -123,7 +121,6 @@ CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, long *eline)
 	BIO_free(btmp);
 	return ltmp;
 }
-LCRYPTO_ALIAS(CONF_load_fp);
 
 LHASH_OF(CONF_VALUE) *
 CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, long *eline)
@@ -138,7 +135,6 @@ CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, long *eline)
 		return ctmp.data;
 	return NULL;
 }
-LCRYPTO_ALIAS(CONF_load_bio);
 
 STACK_OF(CONF_VALUE) *
 CONF_get_section(LHASH_OF(CONF_VALUE) *conf, const char *section)
@@ -255,22 +251,6 @@ NCONF_load(CONF *conf, const char *file, long *eline)
 LCRYPTO_ALIAS(NCONF_load);
 
 int
-NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
-{
-	BIO *btmp;
-	int ret;
-
-	if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-		CONFerror(ERR_R_BUF_LIB);
-		return 0;
-	}
-	ret = NCONF_load_bio(conf, btmp, eline);
-	BIO_free(btmp);
-	return ret;
-}
-LCRYPTO_ALIAS(NCONF_load_fp);
-
-int
 NCONF_load_bio(CONF *conf, BIO *bp, long *eline)
 {
 	if (conf == NULL) {
diff --git a/lib/libcrypto/conf/conf_local.h b/lib/libcrypto/conf/conf_local.h
index dec0d3c0c16..cf5941ed509 100644
--- a/lib/libcrypto/conf/conf_local.h
+++ b/lib/libcrypto/conf/conf_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_local.h,v 1.1 2024/08/31 09:21:44 tb Exp $ */
+/* $OpenBSD: conf_local.h,v 1.2 2024/08/31 09:26:18 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -74,6 +74,22 @@ struct conf_method_st {
 	int (*load)(CONF *conf, const char *name, long *eline);
 };
 
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+    conf_finish_func *ffunc);
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md);
+const char *CONF_imodule_get_value(const CONF_IMODULE *md);
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
+void *CONF_module_get_usr_data(CONF_MODULE *pmod);
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+    int (*list_cb)(const char *elem, int len, void *usr), void *arg);
+
 __END_HIDDEN_DECLS
 
 #endif /* HEADER_CONF_LOCAL_H */
diff --git a/lib/libcrypto/conf/conf_mod.c b/lib/libcrypto/conf/conf_mod.c
index 4bde9eb3765..3477bc71b18 100644
--- a/lib/libcrypto/conf/conf_mod.c
+++ b/lib/libcrypto/conf/conf_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_mod.c,v 1.38 2024/04/09 13:56:30 beck Exp $ */
+/* $OpenBSD: conf_mod.c,v 1.39 2024/08/31 09:26:18 tb Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -413,7 +413,6 @@ CONF_module_add(const char *name, conf_init_func *ifunc, conf_finish_func *ffunc
 {
 	return module_add(name, ifunc, ffunc);
 }
-LCRYPTO_ALIAS(CONF_module_add);
 
 void
 CONF_modules_free(void)
@@ -430,63 +429,54 @@ CONF_imodule_get_name(const CONF_IMODULE *imod)
 {
 	return imod->name;
 }
-LCRYPTO_ALIAS(CONF_imodule_get_name);
 
 const char *
 CONF_imodule_get_value(const CONF_IMODULE *imod)
 {
 	return imod->value;
 }
-LCRYPTO_ALIAS(CONF_imodule_get_value);
 
 void *
 CONF_imodule_get_usr_data(const CONF_IMODULE *imod)
 {
 	return imod->usr_data;
 }
-LCRYPTO_ALIAS(CONF_imodule_get_usr_data);
 
 void
 CONF_imodule_set_usr_data(CONF_IMODULE *imod, void *usr_data)
 {
 	imod->usr_data = usr_data;
 }
-LCRYPTO_ALIAS(CONF_imodule_set_usr_data);
 
 CONF_MODULE *
 CONF_imodule_get_module(const CONF_IMODULE *imod)
 {
 	return imod->mod;
 }
-LCRYPTO_ALIAS(CONF_imodule_get_module);
 
 unsigned long
 CONF_imodule_get_flags(const CONF_IMODULE *imod)
 {
 	return imod->flags;
 }
-LCRYPTO_ALIAS(CONF_imodule_get_flags);
 
 void
 CONF_imodule_set_flags(CONF_IMODULE *imod, unsigned long flags)
 {
 	imod->flags = flags;
 }
-LCRYPTO_ALIAS(CONF_imodule_set_flags);
 
 void *
 CONF_module_get_usr_data(CONF_MODULE *mod)
 {
 	return mod->usr_data;
 }
-LCRYPTO_ALIAS(CONF_module_get_usr_data);
 
 void
 CONF_module_set_usr_data(CONF_MODULE *mod, void *usr_data)
 {
 	mod->usr_data = usr_data;
 }
-LCRYPTO_ALIAS(CONF_module_set_usr_data);
 
 /* Return default config file name */
 
@@ -547,4 +537,3 @@ CONF_parse_list(const char *list_, int sep, int nospc,
 		lstart = p + 1;
 	}
 }
-LCRYPTO_ALIAS(CONF_parse_list);
diff --git a/lib/libcrypto/ct/ct_log.c b/lib/libcrypto/ct/ct_log.c
index eb503a38169..514246ff4f9 100644
--- a/lib/libcrypto/ct/ct_log.c
+++ b/lib/libcrypto/ct/ct_log.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ct_log.c,v 1.6 2023/07/08 07:22:58 beck Exp $ */
+/*	$OpenBSD: ct_log.c,v 1.7 2024/08/31 09:26:18 tb Exp $ */
 /* Author: Adam Eijdenberg <adam.eijdenberg@gmail.com>. */
 /* ====================================================================
  * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
@@ -67,6 +67,8 @@
 #include <openssl/evp.h>
 #include <openssl/safestack.h>
 
+#include "conf_local.h"
+
 #include "cryptlib.h"
 
 
diff --git a/lib/libcrypto/hidden/openssl/conf.h b/lib/libcrypto/hidden/openssl/conf.h
index 9d073303ca8..b4fb6e90457 100644
--- a/lib/libcrypto/hidden/openssl/conf.h
+++ b/lib/libcrypto/hidden/openssl/conf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.h,v 1.2 2024/08/31 09:18:00 tb Exp $ */
+/* $OpenBSD: conf.h,v 1.3 2024/08/31 09:26:18 tb Exp $ */
 /*
  * Copyright (c) 2024 Bob Beck <beck@openbsd.org>
  *
@@ -42,7 +42,6 @@ LCRYPTO_USED(NCONF_WIN32);
 LCRYPTO_USED(NCONF_free);
 LCRYPTO_USED(NCONF_free_data);
 LCRYPTO_USED(NCONF_load);
-LCRYPTO_USED(NCONF_load_fp);
 LCRYPTO_USED(NCONF_load_bio);
 LCRYPTO_USED(NCONF_get_section);
 LCRYPTO_USED(NCONF_get_string);
@@ -52,18 +51,7 @@ LCRYPTO_USED(CONF_modules_load_file);
 LCRYPTO_USED(CONF_modules_unload);
 LCRYPTO_USED(CONF_modules_finish);
 LCRYPTO_USED(CONF_modules_free);
-LCRYPTO_USED(CONF_module_add);
-LCRYPTO_USED(CONF_imodule_get_name);
-LCRYPTO_USED(CONF_imodule_get_value);
-LCRYPTO_USED(CONF_imodule_get_usr_data);
-LCRYPTO_USED(CONF_imodule_set_usr_data);
-LCRYPTO_USED(CONF_imodule_get_module);
-LCRYPTO_USED(CONF_imodule_get_flags);
-LCRYPTO_USED(CONF_imodule_set_flags);
-LCRYPTO_USED(CONF_module_get_usr_data);
-LCRYPTO_USED(CONF_module_set_usr_data);
 LCRYPTO_USED(CONF_get1_default_config_file);
-LCRYPTO_USED(CONF_parse_list);
 LCRYPTO_USED(OPENSSL_load_builtin_modules);
 LCRYPTO_USED(ERR_load_CONF_strings);
 
diff --git a/lib/libcrypto/x509/x509_utl.c b/lib/libcrypto/x509/x509_utl.c
index 422e89989a6..e0e5a673861 100644
--- a/lib/libcrypto/x509/x509_utl.c
+++ b/lib/libcrypto/x509/x509_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_utl.c,v 1.19 2024/07/08 06:57:37 jca Exp $ */
+/* $OpenBSD: x509_utl.c,v 1.20 2024/08/31 09:26:18 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -67,6 +67,8 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 
+#include "conf_local.h"
+
 #include "bytestring.h"
 
 static char *bn_to_string(const BIGNUM *bn);