summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2023-04-28 16:30:15 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2023-04-28 16:30:15 +0000
commit3ff85db04e8aac8e0dea379426dc5b81cba98471 (patch)
treeb406148712c65e8c49499f5013b4ad2e3fd96ba7 /lib
parentfca597932118f96b59a6dcd5b4411ae8e8f22565 (diff)
Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefile
with beck
Diffstat (limited to 'lib')
-rw-r--r--lib/libcrypto/Makefile3
-rw-r--r--lib/libcrypto/asn1/x_x509.c9
-rw-r--r--lib/libcrypto/x509/x509_local.h23
-rw-r--r--lib/libcrypto/x509/x509_policy.c6
-rw-r--r--lib/libcrypto/x509/x509_vfy.c62
5 files changed, 5 insertions, 98 deletions
diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile
index 110ec3fb97a..4238e6df95c 100644
--- a/lib/libcrypto/Makefile
+++ b/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.124 2023/04/28 16:21:57 tb Exp $
+# $OpenBSD: Makefile,v 1.125 2023/04/28 16:30:14 tb Exp $
LIB= crypto
LIBREBUILD=y
@@ -19,7 +19,6 @@ CFLAGS+= -Wall -Wundef
CFLAGS+= -Werror
.endif
CFLAGS+= -DLIBRESSL_INTERNAL -DLIBRESSL_CRYPTO_INTERNAL
-CFLAGS+= -DLIBRESSL_HAS_POLICY_DAG
.ifdef NAMESPACE
CFLAGS+= -DLIBRESSL_NAMESPACE -DLIBRESSL_CRYPTO_NAMESPACE
.endif
diff --git a/lib/libcrypto/asn1/x_x509.c b/lib/libcrypto/asn1/x_x509.c
index 5a769abdffb..0c10bec4c86 100644
--- a/lib/libcrypto/asn1/x_x509.c
+++ b/lib/libcrypto/asn1/x_x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_x509.c,v 1.34 2023/04/26 19:11:32 beck Exp $ */
+/* $OpenBSD: x_x509.c,v 1.35 2023/04/28 16:30:14 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -169,10 +169,6 @@ X509_CINF_free(X509_CINF *a)
}
/* X509 top level structure needs a bit of customisation */
-#ifndef LIBRESSL_HAS_POLICY_DAG
-extern void policy_cache_free(X509_POLICY_CACHE *cache);
-#endif
-
static int
x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
@@ -207,9 +203,6 @@ x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
ASN1_OCTET_STRING_free(ret->skid);
AUTHORITY_KEYID_free(ret->akid);
CRL_DIST_POINTS_free(ret->crldp);
-#ifndef LIBRESSL_HAS_POLICY_DAG
- policy_cache_free(ret->policy_cache);
-#endif
GENERAL_NAMES_free(ret->altname);
NAME_CONSTRAINTS_free(ret->nc);
#ifndef OPENSSL_NO_RFC3779
diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h
index 1aa66d2440b..374cba3d58a 100644
--- a/lib/libcrypto/x509/x509_local.h
+++ b/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_local.h,v 1.6 2023/04/26 19:11:33 beck Exp $ */
+/* $OpenBSD: x509_local.h,v 1.7 2023/04/28 16:30:14 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2013.
*/
@@ -69,13 +69,6 @@ __BEGIN_HIDDEN_DECLS
#define X509_CRL_HASH_EVP EVP_sha512()
#define X509_CRL_HASH_LEN SHA512_DIGEST_LENGTH
-#ifndef LIBRESSL_HAS_POLICY_DAG
-typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
-typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
-typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
-typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
-#endif
-
struct X509_pubkey_st {
X509_ALGOR *algor;
ASN1_BIT_STRING *public_key;
@@ -178,9 +171,6 @@ struct x509_st {
unsigned long ex_nscert;
ASN1_OCTET_STRING *skid;
AUTHORITY_KEYID *akid;
-#ifndef LIBRESSL_HAS_POLICY_DAG
- X509_POLICY_CACHE *policy_cache;
-#endif
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
@@ -360,9 +350,6 @@ struct x509_store_ctx_st {
int valid; /* if 0, rebuild chain */
int num_untrusted; /* number of untrusted certs in chain */
STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
-#ifndef LIBRESSL_HAS_POLICY_DAG
- X509_POLICY_TREE *tree; /* Valid policy tree */
-#endif
int explicit_policy; /* Require explicit policy value */
@@ -396,17 +383,9 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);
int name_cmp(const char *name, const char *cmp);
-#ifdef LIBRESSL_HAS_POLICY_DAG
int X509_policy_check(const STACK_OF(X509) *certs,
const STACK_OF(ASN1_OBJECT) *user_policies, unsigned long flags,
X509 **out_current_cert);
-#else
-int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
- STACK_OF(X509) *certs, STACK_OF(ASN1_OBJECT) *policy_oids,
- unsigned int flags);
-
-void X509_policy_tree_free(X509_POLICY_TREE *tree);
-#endif
__END_HIDDEN_DECLS
diff --git a/lib/libcrypto/x509/x509_policy.c b/lib/libcrypto/x509/x509_policy.c
index e51e193085a..73f7154f513 100644
--- a/lib/libcrypto/x509/x509_policy.c
+++ b/lib/libcrypto/x509/x509_policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_policy.c,v 1.24 2023/04/28 15:57:38 tb Exp $ */
+/* $OpenBSD: x509_policy.c,v 1.25 2023/04/28 16:30:14 tb Exp $ */
/*
* Copyright (c) 2022, Google Inc.
*
@@ -26,8 +26,6 @@
#include "x509_internal.h"
#include "x509_local.h"
-#ifdef LIBRESSL_HAS_POLICY_DAG
-
/* XXX move to proper place */
#define X509_R_INVALID_POLICY_EXTENSION 201
@@ -1019,5 +1017,3 @@ err:
sk_X509_POLICY_LEVEL_pop_free(levels, x509_policy_level_free);
return ret;
}
-
-#endif /* LIBRESSL_HAS_POLICY_DAG */
diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c
index 76847e72241..93dc06ed05d 100644
--- a/lib/libcrypto/x509/x509_vfy.c
+++ b/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.116 2023/04/26 19:11:33 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.117 2023/04/28 16:30:14 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1744,7 +1744,6 @@ cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
}
-#ifdef LIBRESSL_HAS_POLICY_DAG
int
x509_vfy_check_policy(X509_STORE_CTX *ctx)
{
@@ -1779,59 +1778,6 @@ x509_vfy_check_policy(X509_STORE_CTX *ctx)
return 1;
}
-#else
-int
-x509_vfy_check_policy(X509_STORE_CTX *ctx)
-{
- int ret;
-
- if (ctx->parent)
- return 1;
-
- /* X509_policy_check always allocates a new tree. */
- X509_policy_tree_free(ctx->tree);
- ctx->tree = NULL;
-
- ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
- ctx->param->policies, ctx->param->flags);
- if (ret == 0) {
- X509error(ERR_R_MALLOC_FAILURE);
- return 0;
- }
- /* Invalid or inconsistent extensions */
- if (ret == -1) {
- /* Locate certificates with bad extensions and notify
- * callback.
- */
- X509 *x;
- int i;
- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
- x = sk_X509_value(ctx->chain, i);
- if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
- continue;
- ctx->current_cert = x;
- ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
- if (!ctx->verify_cb(0, ctx))
- return 0;
- }
- return 1;
- }
- if (ret == -2) {
- ctx->current_cert = NULL;
- ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
- return ctx->verify_cb(0, ctx);
- }
-
- if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
- ctx->current_cert = NULL;
- ctx->error = X509_V_OK;
- if (!ctx->verify_cb(2, ctx))
- return 0;
- }
-
- return 1;
-}
-#endif
static int
check_policy(X509_STORE_CTX *ctx)
@@ -2524,12 +2470,6 @@ X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
X509_VERIFY_PARAM_free(ctx->param);
ctx->param = NULL;
}
-#ifndef LIBRESSL_HAS_POLICY_DAG
- if (ctx->tree != NULL) {
- X509_policy_tree_free(ctx->tree);
- ctx->tree = NULL;
- }
-#endif
if (ctx->chain != NULL) {
sk_X509_pop_free(ctx->chain, X509_free);
ctx->chain = NULL;