summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2023-04-26 20:43:33 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2023-04-26 20:43:33 +0000
commitf4c5fc6da452f579a053fee0255ae037f5656612 (patch)
treee8c065a42a068371612cf0d77c15a3fd301285ba
parentdc90b7a5f854bb2fd0f789cf4df4dbbbf5971ea5 (diff)
Take X509_POLICY_NODE_print() behind the barn
This used to be public API but is now only used for debug code that has certainly never been used since it was released to the public. It drags that debug nonsense with it. ok beck
-rw-r--r--lib/libcrypto/Symbols.namespace1
-rw-r--r--lib/libcrypto/hidden/openssl/x509v3.h3
-rw-r--r--lib/libcrypto/x509/pcy_tree.c74
-rw-r--r--lib/libcrypto/x509/x509_cpols.c25
4 files changed, 3 insertions, 100 deletions
diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace
index f477c4d6cec..4320731af38 100644
--- a/lib/libcrypto/Symbols.namespace
+++ b/lib/libcrypto/Symbols.namespace
@@ -837,7 +837,6 @@ _libre_a2i_IPADDRESS
_libre_a2i_IPADDRESS_NC
_libre_a2i_ipadd
_libre_X509V3_NAME_from_section
-_libre_X509_POLICY_NODE_print
_libre_ASRange_new
_libre_ASRange_free
_libre_d2i_ASRange
diff --git a/lib/libcrypto/hidden/openssl/x509v3.h b/lib/libcrypto/hidden/openssl/x509v3.h
index 044b55334d7..e63b91afdbf 100644
--- a/lib/libcrypto/hidden/openssl/x509v3.h
+++ b/lib/libcrypto/hidden/openssl/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.2 2023/04/25 18:48:32 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.3 2023/04/26 20:43:32 tb Exp $ */
/*
* Copyright (c) 2022 Bob Beck <beck@openbsd.org>
*
@@ -213,7 +213,6 @@ LCRYPTO_USED(a2i_IPADDRESS);
LCRYPTO_USED(a2i_IPADDRESS_NC);
LCRYPTO_USED(a2i_ipadd);
LCRYPTO_USED(X509V3_NAME_from_section);
-LCRYPTO_USED(X509_POLICY_NODE_print);
LCRYPTO_USED(ASRange_new);
LCRYPTO_USED(ASRange_free);
LCRYPTO_USED(d2i_ASRange);
diff --git a/lib/libcrypto/x509/pcy_tree.c b/lib/libcrypto/x509/pcy_tree.c
index eb3c427a3a1..4f253e3cd15 100644
--- a/lib/libcrypto/x509/pcy_tree.c
+++ b/lib/libcrypto/x509/pcy_tree.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pcy_tree.c,v 1.7 2023/04/26 19:11:33 beck Exp $ */
+/* $OpenBSD: pcy_tree.c,v 1.8 2023/04/26 20:43:32 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2004.
*/
@@ -64,74 +64,6 @@
#include "pcy_int.h"
#include "x509_local.h"
-/* Enable this to print out the complete policy tree at various point during
- * evaluation.
- */
-
-/*#define OPENSSL_POLICY_DEBUG*/
-
-#ifdef OPENSSL_POLICY_DEBUG
-
-static void
-expected_print(BIO *err, X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
- int indent)
-{
- if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) ||
- !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
- BIO_puts(err, " Not Mapped\n");
- else {
- int i;
- STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
- ASN1_OBJECT *oid;
- BIO_puts(err, " Expected: ");
- for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
- oid = sk_ASN1_OBJECT_value(pset, i);
- if (i)
- BIO_puts(err, ", ");
- i2a_ASN1_OBJECT(err, oid);
- }
- BIO_puts(err, "\n");
- }
-}
-
-static void
-tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
-{
- X509_POLICY_LEVEL *plev;
- X509_POLICY_NODE *node;
- int i;
- BIO *err;
-
- if ((err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL)
- return;
-
- if (!curr)
- curr = tree->levels + tree->nlevel;
- else
- curr++;
- BIO_printf(err, "Level print after %s\n", str);
- BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
- for (plev = tree->levels; plev != curr; plev++) {
- BIO_printf(err, "Level %ld, flags = %x\n",
- plev - tree->levels, plev->flags);
- for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
- node = sk_X509_POLICY_NODE_value(plev->nodes, i);
- X509_POLICY_NODE_print(err, node, 2);
- expected_print(err, plev, node, 2);
- BIO_printf(err, " Flags: %x\n", node->data->flags);
- }
- if (plev->anyPolicy)
- X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
- }
-
- BIO_free(err);
-}
-#else
-
-#define tree_print(a,b,c) /* */
-
-#endif
-
/* Initialize policy tree. Return values:
* 0 Some internal error occurred.
* -1 Inconsistent or invalid extensions in certificates.
@@ -615,7 +547,6 @@ tree_evaluate(X509_POLICY_TREE *tree)
if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) &&
!tree_link_any(curr, cache, tree))
return 0;
- tree_print("before tree_prune()", tree, curr);
ret = tree_prune(tree, curr);
if (ret != 1)
return ret;
@@ -726,9 +657,6 @@ X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
if (!tree)
goto error;
ret = tree_evaluate(tree);
-
- tree_print("tree_evaluate()", tree, NULL);
-
if (ret <= 0)
goto error;
diff --git a/lib/libcrypto/x509/x509_cpols.c b/lib/libcrypto/x509/x509_cpols.c
index bac02093710..bb09034ce0a 100644
--- a/lib/libcrypto/x509/x509_cpols.c
+++ b/lib/libcrypto/x509/x509_cpols.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cpols.c,v 1.9 2023/04/26 19:11:33 beck Exp $ */
+/* $OpenBSD: x509_cpols.c,v 1.10 2023/04/26 20:43:32 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -65,9 +65,6 @@
#include <openssl/err.h>
#include <openssl/x509v3.h>
-#ifndef LIBRESSL_HAS_POLICY_DAG
-#include "pcy_int.h"
-#endif
#include "x509_local.h"
/* Certificate policies extension support: this one is a bit complex... */
@@ -767,23 +764,3 @@ print_notice(BIO *out, USERNOTICE *notice, int indent)
BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
notice->exptext->length, notice->exptext->data);
}
-
-#ifndef LIBRESSL_HAS_POLICY_DAG
-void
-X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
-{
- const X509_POLICY_DATA *dat = node->data;
-
- BIO_printf(out, "%*sPolicy: ", indent, "");
-
- i2a_ASN1_OBJECT(out, dat->valid_policy);
- BIO_puts(out, "\n");
- BIO_printf(out, "%*s%s\n", indent + 2, "",
- node_data_critical(dat) ? "Critical" : "Non Critical");
- if (dat->qualifier_set)
- print_qualifiers(out, dat->qualifier_set, indent + 2);
- else
- BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
-}
-LCRYPTO_ALIAS(X509_POLICY_NODE_print);
-#endif