Remove PEM_X509_INFO_write_bio.

Nothing calls this function, it doesn't support most key types, and
accesses pkey.rsa without checking the type. Just remove it.

Change-Id: I073dfe74c545c7e08578b85105c88a19bbddf58a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/53505
Auto-Submit: David Benjamin <[email protected]>
Reviewed-by: Bob Beck <[email protected]>
Commit-Queue: Bob Beck <[email protected]>

crypto/pem/pem_info.c

@@ -263,84 +263,3 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
   OPENSSL_free(data);
   return ret;
 }
-
-// A TJH addition
-int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
-                            unsigned char *kstr, int klen, pem_password_cb *cb,
-                            void *u) {
-  int i, ret = 0;
-  unsigned char *data = NULL;
-  const char *objstr = NULL;
-  char buf[PEM_BUFSIZE];
-  unsigned char *iv = NULL;
-  unsigned iv_len = 0;
-
-  if (enc != NULL) {
-    iv_len = EVP_CIPHER_iv_length(enc);
-    objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
-    if (objstr == NULL) {
-      OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER);
-      goto err;
-    }
-  }
-
-  // now for the fun part ... if we have a private key then we have to be
-  // able to handle a not-yet-decrypted key being written out correctly ...
-  // if it is decrypted or it is non-encrypted then we use the base code
-  if (xi->x_pkey != NULL) {
-    if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
-      if (enc == NULL) {
-        OPENSSL_PUT_ERROR(PEM, PEM_R_CIPHER_IS_NULL);
-        goto err;
-      }
-
-      // copy from weirdo names into more normal things
-      iv = xi->enc_cipher.iv;
-      data = (unsigned char *)xi->enc_data;
-      i = xi->enc_len;
-
-      // we take the encryption data from the internal stuff rather
-      // than what the user has passed us ... as we have to match
-      // exactly for some strange reason
-      objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
-      if (objstr == NULL) {
-        OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER);
-        goto err;
-      }
-
-      // create the right magic header stuff
-      assert(strlen(objstr) + 23 + 2 * iv_len + 13 <= sizeof buf);
-      buf[0] = '\0';
-      PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
-      PEM_dek_info(buf, objstr, iv_len, (char *)iv);
-
-      // use the normal code to write things out
-      i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
-      if (i <= 0) {
-        goto err;
-      }
-    } else {
-      // Add DSA/DH
-      // normal optionally encrypted stuff
-      if (PEM_write_bio_RSAPrivateKey(bp, xi->x_pkey->dec_pkey->pkey.rsa, enc,
-                                      kstr, klen, cb, u) <= 0) {
-        goto err;
-      }
-    }
-  }
-
-  // if we have a certificate then write it out now
-  if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0)) {
-    goto err;
-  }
-
-  // we are ignoring anything else that is loaded into the X509_INFO
-  // structure for the moment ... as I don't need it so I'm not coding it
-  // here and Eric can do it when this makes it into the base library --tjh
-
-  ret = 1;
-
-err:
-  OPENSSL_cleanse(buf, PEM_BUFSIZE);
-  return ret;
-}

include/openssl/pem.h

@@ -349,10 +349,6 @@ OPENSSL_EXPORT int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name,
 
 OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(
     BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
-OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi,
-                                           EVP_CIPHER *enc, unsigned char *kstr,
-                                           int klen, pem_password_cb *cd,
-                                           void *u);
 
 OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header,
                             unsigned char **data, long *len);