Remove unused flags argument from trust handlers

botovq · nebeid · commit 37fcdfd27a85 · 2025-01-03T18:11:03.000-05:00
AWS-LC: - X509_TRUST is in include/openssl/x509.h; the check_trust function pointer was changed there. Change-Id: Ie16e9ab0897305089672720efa4530d43074f692 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/67387 Auto-Submit: Theo Buehler <theorbuehler@gmail.com> Reviewed-by: Bob Beck <bbe@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com> (cherry picked from commit 4ac76f07a401b9b11d6ff305049721cfe3f6a777)
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
@@ -66,10 +66,10 @@
 #include "internal.h"
 
 
-static int trust_1oidany(const X509_TRUST *trust, X509 *x, int flags);
-static int trust_compat(const X509_TRUST *trust, X509 *x, int flags);
+static int trust_1oidany(const X509_TRUST *trust, X509 *x);
+static int trust_compat(const X509_TRUST *trust, X509 *x);
 
-static int obj_trust(int id, X509 *x, int flags);
+static int obj_trust(int id, X509 *x);
 
 static const X509_TRUST trstandard[] = {
     {X509_TRUST_COMPAT, 0, trust_compat, (char *)"compatible", 0, NULL},
@@ -90,18 +90,18 @@ int X509_check_trust(X509 *x, int id, int flags) {
   }
   // We get this as a default value
   if (id == 0) {
-    int rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
+    int rv = obj_trust(NID_anyExtendedKeyUsage, x);
     if (rv != X509_TRUST_UNTRUSTED) {
       return rv;
     }
-    return trust_compat(NULL, x, 0);
+    return trust_compat(NULL, x);
   }
   int idx = X509_TRUST_get_by_id(id);
   if (idx == -1) {
-    return obj_trust(id, x, flags);
+    return obj_trust(id, x);
   }
   const X509_TRUST *pt = X509_TRUST_get0(idx);
-  return pt->check_trust(pt, x, flags);
+  return pt->check_trust(pt, x);
 }
 
 int X509_TRUST_get_count(void) { return OPENSSL_ARRAY_SIZE(trstandard); }
@@ -139,16 +139,16 @@ char *X509_TRUST_get0_name(const X509_TRUST *xp) { return xp->name; }
 
 int X509_TRUST_get_trust(const X509_TRUST *xp) { return xp->trust; }
 
-static int trust_1oidany(const X509_TRUST *trust, X509 *x, int flags) {
+static int trust_1oidany(const X509_TRUST *trust, X509 *x) {
   if (x->aux && (x->aux->trust || x->aux->reject)) {
-    return obj_trust(trust->arg1, x, flags);
+    return obj_trust(trust->arg1, x);
   }
   // we don't have any trust settings: for compatibility we return trusted
   // if it is self signed
-  return trust_compat(trust, x, flags);
+  return trust_compat(trust, x);
 }
 
-static int trust_compat(const X509_TRUST *trust, X509 *x, int flags) {
+static int trust_compat(const X509_TRUST *trust, X509 *x) {
   if (!x509v3_cache_extensions(x)) {
     return X509_TRUST_UNTRUSTED;
   }
@@ -159,7 +159,7 @@ static int trust_compat(const X509_TRUST *trust, X509 *x, int flags) {
   }
 }
 
-static int obj_trust(int id, X509 *x, int flags) {
+static int obj_trust(int id, X509 *x) {
   ASN1_OBJECT *obj;
   size_t i;
   X509_CERT_AUX *ax;
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
@@ -5070,7 +5070,7 @@ DECLARE_STACK_OF(DIST_POINT)
 struct x509_trust_st {
 int trust;
 int flags;
-int (*check_trust)(const X509_TRUST *, X509 *, int);
+int (*check_trust)(const X509_TRUST *, X509 *);
 char *name;
 int arg1;
 void *arg2;
