Make X509_CERT_AUX internal

Another struct/API that should never have leaked out of the library.

ok jsing

3 files changed, 11 insertions, 18 deletions

diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list
index 56b6392487b..ea67b1faa0e 100644
--- a/lib/libcrypto/Symbols.list
+++ b/lib/libcrypto/Symbols.list
@@ -2550,10 +2550,6 @@ X509_ATTRIBUTE_it
 X509_ATTRIBUTE_new
 X509_ATTRIBUTE_set1_data
 X509_ATTRIBUTE_set1_object
-X509_CERT_AUX_free
-X509_CERT_AUX_it
-X509_CERT_AUX_new
-X509_CERT_AUX_print
 X509_CINF_free
 X509_CINF_it
 X509_CINF_new
@@ -3210,7 +3206,6 @@ d2i_X509_ALGOR
 d2i_X509_ALGORS
 d2i_X509_ATTRIBUTE
 d2i_X509_AUX
-d2i_X509_CERT_AUX
 d2i_X509_CINF
 d2i_X509_CRL
 d2i_X509_CRL_INFO
@@ -3407,7 +3402,6 @@ i2d_X509_ALGOR
 i2d_X509_ALGORS
 i2d_X509_ATTRIBUTE
 i2d_X509_AUX
-i2d_X509_CERT_AUX
 i2d_X509_CINF
 i2d_X509_CRL
 i2d_X509_CRL_INFO
diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h
index c89e8fc7579..98a0bcb2012 100644
--- a/lib/libcrypto/x509/x509.h
+++ b/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.109 2024/03/02 10:50:26 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.110 2024/03/02 10:52:24 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -149,8 +149,6 @@ typedef struct X509_req_info_st X509_REQ_INFO;
 
 typedef struct X509_req_st X509_REQ;
 
-typedef struct x509_cert_aux_st X509_CERT_AUX;
-
 typedef struct x509_cinf_st X509_CINF;
 
 DECLARE_STACK_OF(X509)
@@ -626,11 +624,6 @@ void X509_free(X509 *a);
 X509 *d2i_X509(X509 **a, const unsigned char **in, long len);
 int i2d_X509(X509 *a, unsigned char **out);
 extern const ASN1_ITEM X509_it;
-X509_CERT_AUX *X509_CERT_AUX_new(void);
-void X509_CERT_AUX_free(X509_CERT_AUX *a);
-X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len);
-int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out);
-extern const ASN1_ITEM X509_CERT_AUX_it;
 
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
@@ -828,7 +821,6 @@ int		X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
 int		X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int		X509_print(BIO *bp,X509 *x);
 int		X509_ocspid_print(BIO *bp,X509 *x);
-int		X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int		X509_CRL_print(BIO *bp,X509_CRL *x);
 int		X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
 int		X509_REQ_print(BIO *bp,X509_REQ *req);
diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h
index 342aa226fb4..83b57403d0f 100644
--- a/lib/libcrypto/x509/x509_local.h
+++ b/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509_local.h,v 1.21 2024/03/02 10:40:05 tb Exp $ */
+/*	$OpenBSD: x509_local.h,v 1.22 2024/03/02 10:52:24 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2013.
  */
@@ -135,13 +135,20 @@ struct X509_req_st {
  * useful in certificate stores and databases. When used this is tagged onto
  * the end of the certificate itself.
  */
-struct x509_cert_aux_st {
+typedef struct x509_cert_aux_st {
 	STACK_OF(ASN1_OBJECT) *trust;		/* trusted uses */
 	STACK_OF(ASN1_OBJECT) *reject;		/* rejected uses */
 	ASN1_UTF8STRING *alias;			/* "friendly name" */
 	ASN1_OCTET_STRING *keyid;		/* key id of private key */
 	STACK_OF(X509_ALGOR) *other;		/* other unspecified info */
-} /* X509_CERT_AUX */;
+} X509_CERT_AUX;
+
+X509_CERT_AUX *X509_CERT_AUX_new(void);
+void X509_CERT_AUX_free(X509_CERT_AUX *a);
+X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len);
+int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out);
+extern const ASN1_ITEM X509_CERT_AUX_it;
+int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 
 struct x509_cinf_st {
 	ASN1_INTEGER *version;		/* [ 0 ] default of v1 */