Make some more x509 conf stuff internal

This internalizes a particularly scary layer of conf used for X.509
extensions. Again unused public API...

ok beck jsing

13 files changed, 42 insertions, 72 deletions

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index d18a13410d1..9405613b186 100644
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list
@@ -2370,23 +2370,12 @@ X509V3_EXT_val_prn
 X509V3_NAME_from_section
 X509V3_add1_i2d
 X509V3_add_standard_extensions
-X509V3_add_value
-X509V3_add_value_bool
-X509V3_add_value_bool_nf
-X509V3_add_value_int
-X509V3_add_value_uchar
 X509V3_conf_free
 X509V3_extensions_print
 X509V3_get_d2i
-X509V3_get_section
-X509V3_get_string
-X509V3_get_value_bool
-X509V3_get_value_int
 X509V3_parse_list
-X509V3_section_free
 X509V3_set_ctx
 X509V3_set_nconf
-X509V3_string_free
 X509_ALGORS_it
 X509_ALGOR_cmp
 X509_ALGOR_dup
diff --git a/lib/libcrypto/asn1/asn1_gen.c b/lib/libcrypto/asn1/asn1_gen.c
index 4b8d7051abf..0b4cfe00a9f 100644
--- a/lib/libcrypto/asn1/asn1_gen.c
+++ b/lib/libcrypto/asn1/asn1_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_gen.c,v 1.23 2024/08/31 09:26:18 tb Exp $ */
+/* $OpenBSD: asn1_gen.c,v 1.24 2024/08/31 10:03:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2002.
  */
@@ -64,6 +64,7 @@
 
 #include "asn1_local.h"
 #include "conf_local.h"
+#include "x509_local.h"
 
 #define ASN1_GEN_FLAG		0x10000
 #define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)
diff --git a/lib/libcrypto/hidden/openssl/x509v3.h b/lib/libcrypto/hidden/openssl/x509v3.h
index 6cdd932209d..9f5a1ffdbcf 100644
--- a/lib/libcrypto/hidden/openssl/x509v3.h
+++ b/lib/libcrypto/hidden/openssl/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.14 2024/08/31 09:59:12 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.15 2024/08/31 10:03:03 tb Exp $ */
 /*
  * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
  *
@@ -139,19 +139,8 @@ LCRYPTO_USED(X509V3_EXT_REQ_add_nconf);
 LCRYPTO_USED(X509V3_EXT_CRL_add_nconf);
 LCRYPTO_USED(X509V3_EXT_conf_nid);
 LCRYPTO_USED(X509V3_EXT_conf);
-LCRYPTO_USED(X509V3_add_value_bool_nf);
-LCRYPTO_USED(X509V3_get_value_bool);
-LCRYPTO_USED(X509V3_get_value_int);
 LCRYPTO_USED(X509V3_set_nconf);
-LCRYPTO_UNUSED(X509V3_get_string);
-LCRYPTO_USED(X509V3_get_section);
-LCRYPTO_UNUSED(X509V3_string_free);
-LCRYPTO_USED(X509V3_section_free);
 LCRYPTO_USED(X509V3_set_ctx);
-LCRYPTO_USED(X509V3_add_value);
-LCRYPTO_USED(X509V3_add_value_uchar);
-LCRYPTO_USED(X509V3_add_value_bool);
-LCRYPTO_USED(X509V3_add_value_int);
 LCRYPTO_USED(i2s_ASN1_INTEGER);
 LCRYPTO_USED(s2i_ASN1_INTEGER);
 LCRYPTO_USED(i2s_ASN1_ENUMERATED);
diff --git a/lib/libcrypto/x509/x509_akey.c b/lib/libcrypto/x509/x509_akey.c
index b052d95984f..926508c4cd4 100644
--- a/lib/libcrypto/x509/x509_akey.c
+++ b/lib/libcrypto/x509/x509_akey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_akey.c,v 1.2 2024/07/13 15:08:58 tb Exp $ */
+/* $OpenBSD: x509_akey.c,v 1.3 2024/08/31 10:03:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -65,6 +65,8 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 
+#include "x509_local.h"
+
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
 static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
diff --git a/lib/libcrypto/x509/x509_bcons.c b/lib/libcrypto/x509/x509_bcons.c
index e44ff4d1cb6..99cb5afe9a4 100644
--- a/lib/libcrypto/x509/x509_bcons.c
+++ b/lib/libcrypto/x509/x509_bcons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_bcons.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */
+/* $OpenBSD: x509_bcons.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -65,6 +65,8 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 
+#include "x509_local.h"
+
 static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
     BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
 static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
diff --git a/lib/libcrypto/x509/x509_bitst.c b/lib/libcrypto/x509/x509_bitst.c
index 0328310f08c..479874ddb56 100644
--- a/lib/libcrypto/x509/x509_bitst.c
+++ b/lib/libcrypto/x509/x509_bitst.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_bitst.c,v 1.6 2024/07/13 15:08:58 tb Exp $ */
+/* $OpenBSD: x509_bitst.c,v 1.7 2024/08/31 10:03:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -63,6 +63,8 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 
+#include "x509_local.h"
+
 static BIT_STRING_BITNAME ns_cert_type_table[] = {
 	{0, "SSL Client", "client"},
 	{1, "SSL Server", "server"},
diff --git a/lib/libcrypto/x509/x509_conf.c b/lib/libcrypto/x509/x509_conf.c
index ab78649453b..c8917f7ef7d 100644
--- a/lib/libcrypto/x509/x509_conf.c
+++ b/lib/libcrypto/x509/x509_conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_conf.c,v 1.25 2024/08/31 09:59:12 tb Exp $ */
+/* $OpenBSD: x509_conf.c,v 1.26 2024/08/31 10:03:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -411,7 +411,6 @@ X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section)
 	X509V3error(ERR_R_DISABLED);
 	return NULL;
 }
-LCRYPTO_ALIAS(X509V3_get_string);
 
 STACK_OF(CONF_VALUE) *
 X509V3_get_section(X509V3_CTX *ctx, const char *section)
@@ -422,7 +421,6 @@ X509V3_get_section(X509V3_CTX *ctx, const char *section)
 	}
 	return NCONF_get_section(ctx->db, section);
 }
-LCRYPTO_ALIAS(X509V3_get_section);
 
 /* XXX - remove in next bump. */
 void
@@ -430,14 +428,12 @@ X509V3_string_free(X509V3_CTX *ctx, char *str)
 {
 	return;
 }
-LCRYPTO_ALIAS(X509V3_string_free);
 
 void
 X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
 {
 	return;
 }
-LCRYPTO_ALIAS(X509V3_section_free);
 
 void
 X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
diff --git a/lib/libcrypto/x509/x509_extku.c b/lib/libcrypto/x509/x509_extku.c
index 6a69adabc61..da5036a09a2 100644
--- a/lib/libcrypto/x509/x509_extku.c
+++ b/lib/libcrypto/x509/x509_extku.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_extku.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */
+/* $OpenBSD: x509_extku.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -63,6 +63,8 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 
+#include "x509_local.h"
+
 static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(
diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h
index 81a237d860d..d232a54a213 100644
--- a/lib/libcrypto/x509/x509_local.h
+++ b/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509_local.h,v 1.26 2024/07/13 15:08:58 tb Exp $ */
+/*	$OpenBSD: x509_local.h,v 1.27 2024/08/31 10:03:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2013.
  */
@@ -418,6 +418,23 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
 int X509_PURPOSE_get_by_id(int id);
 int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
 
+int X509V3_add_value(const char *name, const char *value,
+    STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+    STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+    STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
+    STACK_OF(CONF_VALUE) **extlist);
+
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
+
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section);
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+
 const X509V3_EXT_METHOD *x509v3_ext_method_authority_key_identifier(void);
 const X509V3_EXT_METHOD *x509v3_ext_method_basic_constraints(void);
 const X509V3_EXT_METHOD *x509v3_ext_method_certificate_issuer(void);
diff --git a/lib/libcrypto/x509/x509_pcons.c b/lib/libcrypto/x509/x509_pcons.c
index d6ee9d7e2ca..66dc57abf6d 100644
--- a/lib/libcrypto/x509/x509_pcons.c
+++ b/lib/libcrypto/x509/x509_pcons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_pcons.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */
+/* $OpenBSD: x509_pcons.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -65,6 +65,8 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 
+#include "x509_local.h"
+
 static STACK_OF(CONF_VALUE) *
 i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons,
     STACK_OF(CONF_VALUE) *extlist);
diff --git a/lib/libcrypto/x509/x509_pmaps.c b/lib/libcrypto/x509/x509_pmaps.c
index 7a91917f652..5039f65f2e3 100644
--- a/lib/libcrypto/x509/x509_pmaps.c
+++ b/lib/libcrypto/x509/x509_pmaps.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_pmaps.c,v 1.5 2024/07/13 15:08:58 tb Exp $ */
+/* $OpenBSD: x509_pmaps.c,v 1.6 2024/08/31 10:03:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -64,6 +64,8 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 
+#include "x509_local.h"
+
 static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(
diff --git a/lib/libcrypto/x509/x509_utl.c b/lib/libcrypto/x509/x509_utl.c
index e0e5a673861..6f5add482fe 100644
--- a/lib/libcrypto/x509/x509_utl.c
+++ b/lib/libcrypto/x509/x509_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_utl.c,v 1.20 2024/08/31 09:26:18 tb Exp $ */
+/* $OpenBSD: x509_utl.c,v 1.21 2024/08/31 10:03:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -122,7 +122,6 @@ X509V3_add_value(const char *name, const char *value,
 	}
 	return 0;
 }
-LCRYPTO_ALIAS(X509V3_add_value);
 
 int
 X509V3_add_value_uchar(const char *name, const unsigned char *value,
@@ -130,7 +129,6 @@ X509V3_add_value_uchar(const char *name, const unsigned char *value,
 {
 	return X509V3_add_value(name, (const char *)value, extlist);
 }
-LCRYPTO_ALIAS(X509V3_add_value_uchar);
 
 /* Free function for STACK_OF(CONF_VALUE) */
 
@@ -154,17 +152,6 @@ X509V3_add_value_bool(const char *name, int asn1_bool,
 		return X509V3_add_value(name, "TRUE", extlist);
 	return X509V3_add_value(name, "FALSE", extlist);
 }
-LCRYPTO_ALIAS(X509V3_add_value_bool);
-
-int
-X509V3_add_value_bool_nf(const char *name, int asn1_bool,
-    STACK_OF(CONF_VALUE) **extlist)
-{
-	if (asn1_bool)
-		return X509V3_add_value(name, "TRUE", extlist);
-	return 1;
-}
-LCRYPTO_ALIAS(X509V3_add_value_bool_nf);
 
 static char *
 bn_to_string(const BIGNUM *bn)
@@ -307,7 +294,6 @@ X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
 	free(strtmp);
 	return ret;
 }
-LCRYPTO_ALIAS(X509V3_add_value_int);
 
 int
 X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool)
@@ -333,7 +319,6 @@ X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool)
 	X509V3_conf_err(value);
 	return 0;
 }
-LCRYPTO_ALIAS(X509V3_get_value_bool);
 
 int
 X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint)
@@ -347,7 +332,6 @@ X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint)
 	*aint = itmp;
 	return 1;
 }
-LCRYPTO_ALIAS(X509V3_get_value_int);
 
 #define HDR_NAME	1
 #define HDR_VALUE	2
diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h
index 6a18c1f153d..3c55987d47c 100644
--- a/lib/libcrypto/x509/x509v3.h
+++ b/lib/libcrypto/x509/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.32 2024/08/31 09:59:12 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.33 2024/08/31 10:03:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -648,29 +648,12 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
 X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
     const char *name, const char *value);
 
-int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
-			     STACK_OF(CONF_VALUE) **extlist);
-int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
-int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
 #endif
 
-char *X509V3_get_string(X509V3_CTX *ctx, const char *name,
-    const char *section);
-STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
-void X509V3_string_free(X509V3_CTX *ctx, char *str);
-void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
 				 X509_REQ *req, X509_CRL *crl, int flags);
 
-int X509V3_add_value(const char *name, const char *value,
-						STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-						STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_bool(const char *name, int asn1_bool,
-						STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
-						STACK_OF(CONF_VALUE) **extlist);
 char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
 ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
 char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
@@ -685,7 +668,6 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext);
 void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
     int *idx);
 
-
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);