Unexport some STACK_OF types.

STACK_OF(GENERAL_NAMES) is STACK_OF(STACK_OF(GENERAL_NAMES)). Nothing uses this. It appears to be a remnant of CMS and indirect CRL support. May as well trim the header slightly. STACK_OF(X509_VERIFY_PARAM) is a remnant of (non-thread-safe) global registration of X509_VERIFY_PARAMs. STACK_OF(X509_LOOKUP) is only used internally. May as well prune them from the header so the file expands to be a bit less code. Update-Note: A few obscure STACK_OF(T) types are unexported. This is not expected to impact anyone. Change-Id: I03757c8522531132a31270b6dab055966b6e9070 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64527 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com> (cherry picked from commit e6489902b7fb692875341b8ab5e57f0515f47bc1)
aws · May 14, 2024 · a24ada3 · a24ada3
1 parent 0537d54
commit a24ada3
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 6 deletions.
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
@@ -284,6 +284,8 @@ struct x509_lookup_method_st {
                         X509_OBJECT *ret);
 } /* X509_LOOKUP_METHOD */;
 
+DEFINE_STACK_OF(X509_LOOKUP)
+
 // This is used to hold everything.  It is used for all certificate
 // validation.  Once we have a certificate chain, the 'verify'
 // function is then called to actually check the cert chain.

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
@@ -3240,8 +3240,6 @@ DEFINE_STACK_OF(X509_TRUST)
 #define X509_TRUST_REJECTED 2
 #define X509_TRUST_UNTRUSTED 3
 
-DECLARE_STACK_OF(GENERAL_NAMES)
-
 // X509_verify_cert_error_string returns |err| as a human-readable string, where
 // |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
 // a default description.
@@ -3326,9 +3324,7 @@ certificate chain.
 #define X509_LU_CRL 2
 #define X509_LU_PKEY 3
 
-DEFINE_STACK_OF(X509_LOOKUP)
 DEFINE_STACK_OF(X509_OBJECT)
-DEFINE_STACK_OF(X509_VERIFY_PARAM)
 
 typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
 typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx,
@@ -4034,8 +4030,6 @@ struct GENERAL_NAME_st {
   } d;
 } /* GENERAL_NAME */;
 
-DEFINE_STACK_OF(GENERAL_NAMES)
-
 typedef struct ACCESS_DESCRIPTION_st {
   ASN1_OBJECT *method;
   GENERAL_NAME *location;