5 files changed, 11 insertions, 54 deletions

diff --git a/src/lib/libcrypto/x509/x509_local.h b/src/lib/libcrypto/x509/x509_local.h
index 4ac99da2bd..342aa226fb 100644
--- a/src/lib/libcrypto/x509/x509_local.h
+++ b/src/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_local.h,v 1.20 2024/03/02 10:20:27 tb Exp $ */
+/*      $OpenBSD: x509_local.h,v 1.21 2024/03/02 10:40:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2013.
  */
@@ -59,6 +59,8 @@
 #ifndef HEADER_X509_LOCAL_H
 #define HEADER_X509_LOCAL_H
 
+#include <openssl/x509v3.h>
+
 __BEGIN_HIDDEN_DECLS
 
 #define TS_HASH_EVP             EVP_sha1()
@@ -402,6 +404,9 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, const unsigned char *salt,
 X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
     int prf_nid, int keylen);
 
+int X509_PURPOSE_get_by_id(int id);
+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
+
 __END_HIDDEN_DECLS
 
 #endif /* !HEADER_X509_LOCAL_H */
diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c
index 1735e70cae..9d4ec3220c 100644
--- a/src/lib/libcrypto/x509/x509_purp.c
+++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.36 2024/02/28 16:26:08 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.37 2024/03/02 10:40:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -188,18 +188,6 @@ X509_check_purpose(X509 *x, int id, int ca)
 LCRYPTO_ALIAS(X509_check_purpose);
 
 int
-X509_PURPOSE_set(int *p, int purpose)
-{
-        if (X509_PURPOSE_get_by_id(purpose) == -1) {
-                X509V3error(X509V3_R_INVALID_PURPOSE);
-                return 0;
-        }
-        *p = purpose;
-        return 1;
-}
-LCRYPTO_ALIAS(X509_PURPOSE_set);
-
-int
 X509_PURPOSE_get_count(void)
 {
         return X509_PURPOSE_COUNT;
@@ -243,23 +231,6 @@ X509_PURPOSE_get_by_id(int purpose)
 
         return purpose - X509_PURPOSE_MIN;
 }
-LCRYPTO_ALIAS(X509_PURPOSE_get_by_id);
-
-int
-X509_PURPOSE_add(int id, int trust, int flags,
-    int (*ck)(const X509_PURPOSE *, const X509 *, int), const char *name,
-    const char *sname, void *arg)
-{
-        X509error(ERR_R_DISABLED);
-        return 0;
-}
-LCRYPTO_ALIAS(X509_PURPOSE_add);
-
-void
-X509_PURPOSE_cleanup(void)
-{
-}
-LCRYPTO_ALIAS(X509_PURPOSE_cleanup);
 
 int
 X509_PURPOSE_get_id(const X509_PURPOSE *xp)
@@ -287,7 +258,6 @@ X509_PURPOSE_get_trust(const X509_PURPOSE *xp)
 {
         return xp->trust;
 }
-LCRYPTO_ALIAS(X509_PURPOSE_get_trust);
 
 /*
  * List of NIDs of extensions supported by the verifier. If an extension
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 499db35578..5399658639 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.141 2024/02/28 12:21:16 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.142 2024/03/02 10:40:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2172,15 +2172,6 @@ LCRYPTO_ALIAS(X509_STORE_CTX_set0_crls);
  * aren't set then we use the default of SSL client/server.
  */
 int
-X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
-    int purpose, int trust)
-{
-        X509error(ERR_R_DISABLED);
-        return 0;
-}
-LCRYPTO_ALIAS(X509_STORE_CTX_purpose_inherit);
-
-int
 X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose_id)
 {
         const X509_PURPOSE *purpose;
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index d7657a51f0..914a83bb00 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.65 2024/02/23 10:39:07 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.66 2024/03/02 10:40:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -404,8 +404,6 @@ void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
 void    X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
-                                int purpose, int trust);
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
                                                                 time_t t);
diff --git a/src/lib/libcrypto/x509/x509v3.h b/src/lib/libcrypto/x509/x509v3.h
index 676fd62c27..118a449e82 100644
--- a/src/lib/libcrypto/x509/x509v3.h
+++ b/src/lib/libcrypto/x509/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.26 2024/03/02 10:35:32 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.27 2024/03/02 10:40:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -719,20 +719,13 @@ int X509V3_extensions_print(BIO *out, const char *title,
 int X509_check_ca(X509 *x);
 int X509_check_purpose(X509 *x, int id, int ca);
 int X509_supported_extension(X509_EXTENSION *ex);
-int X509_PURPOSE_set(int *p, int purpose);
 int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
 int X509_PURPOSE_get_count(void);
-X509_PURPOSE * X509_PURPOSE_get0(int idx);
+X509_PURPOSE *X509_PURPOSE_get0(int idx);
 int X509_PURPOSE_get_by_sname(const char *sname);
-int X509_PURPOSE_get_by_id(int id);
-int X509_PURPOSE_add(int id, int trust, int flags,
-                        int (*ck)(const X509_PURPOSE *, const X509 *, int),
-                        const char *name, const char *sname, void *arg);
 char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
 char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
-int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
-void X509_PURPOSE_cleanup(void);
 int X509_PURPOSE_get_id(const X509_PURPOSE *);
 uint32_t X509_get_extension_flags(X509 *x);
 uint32_t X509_get_key_usage(X509 *x);