Take the old policy code behind the barn

It can go play in the fields with all the other exponential time policy "code". discussed with jsing ok & commit message beck
author: tb <> 2023-04-28 16:21:57 +0000
committer: tb <> 2023-04-28 16:21:57 +0000
commit: 0f7876e466fed4dad77a738f0bdb63846092d5ef (patch)
tree: ab7bf11dbba9e8b630f9ced2d33ff8be0eb6049a /src/lib/libcrypto/x509/pcy_node.c
parent: 1059b2a4a3d9eb72ad6073bbadee2edc0fd7f990 (diff)
download: openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.tar.gz
openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.tar.bz2
openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.zip
1 files changed, 0 insertions, 204 deletions
diff --git a/src/lib/libcrypto/x509/pcy_node.c b/src/lib/libcrypto/x509/pcy_node.c
deleted file mode 100644
index 1daf7e2aff..0000000000
--- a/src/lib/libcrypto/x509/pcy_node.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/* $OpenBSD: pcy_node.c,v 1.2 2023/04/26 19:11:33 beck Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#ifndef LIBRESSL_HAS_POLICY_DAG
-#include "pcy_int.h"
-static int
-node_cmp(const X509_POLICY_NODE * const *a, const X509_POLICY_NODE * const *b)
-{
-        return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
-}
-STACK_OF(X509_POLICY_NODE) *
-policy_node_cmp_new(void)
-{
-        return sk_X509_POLICY_NODE_new(node_cmp);
-}
-X509_POLICY_NODE *
-tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, const ASN1_OBJECT *id)
-{
-        X509_POLICY_DATA n;
-        X509_POLICY_NODE l;
-        int idx;
-        n.valid_policy = (ASN1_OBJECT *)id;
-        l.data = &n;
-        idx = sk_X509_POLICY_NODE_find(nodes, &l);
-        if (idx == -1)
-                return NULL;
-        return sk_X509_POLICY_NODE_value(nodes, idx);
-}
-X509_POLICY_NODE *
-level_find_node(const X509_POLICY_LEVEL *level, const X509_POLICY_NODE *parent,
-    const ASN1_OBJECT *id)
-{
-        X509_POLICY_NODE *node;
-        int i;
-        for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {
-                node = sk_X509_POLICY_NODE_value(level->nodes, i);
-                if (node->parent == parent) {
-                        if (!OBJ_cmp(node->data->valid_policy, id))
-                                return node;
-                }
-        }
-        return NULL;
-}
-int
-level_add_node(X509_POLICY_LEVEL *level, const X509_POLICY_DATA *data,
-    X509_POLICY_NODE *parent, X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep)
-{
-        X509_POLICY_NODE *node = NULL;
-        if (level) {
-                node = malloc(sizeof(X509_POLICY_NODE));
-                if (!node)
-                        goto node_error;
-                node->data = data;
-                node->parent = parent;
-                node->nchild = 0;
-                if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
-                        if (level->anyPolicy)
-                                goto node_error;
-                        level->anyPolicy = node;
-                        if (parent)
-                                parent->nchild++;
-                } else {
-                        if (!level->nodes)
-                                level->nodes = policy_node_cmp_new();
-                        if (!level->nodes)
-                                goto node_error;
-                        if (!sk_X509_POLICY_NODE_push(level->nodes, node))
-                                goto node_error;
-                        if (parent)
-                                parent->nchild++;
-                }
-        }
-        if (tree) {
-                if (!tree->extra_data)
-                        tree->extra_data = sk_X509_POLICY_DATA_new_null();
-                if (!tree->extra_data)
-                        goto node_error_cond;
-                if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
-                        goto node_error_cond;
-        }
-        if (nodep)
-                *nodep = node;
-        return 1;
-node_error_cond:
-        if (level)
-                node = NULL;
-node_error:
-        policy_node_free(node);
-        node = NULL;
-        if (nodep)
-                *nodep = node;
-        return 0;
-}
-void
-policy_node_free(X509_POLICY_NODE *node)
-{
-        free(node);
-}
-/* See if a policy node matches a policy OID. If mapping enabled look through
- * expected policy set otherwise just valid policy.
- */
-int
-policy_node_match(const X509_POLICY_LEVEL *lvl, const X509_POLICY_NODE *node,
-    const ASN1_OBJECT *oid)
-{
-        int i;
-        ASN1_OBJECT *policy_oid;
-        const X509_POLICY_DATA *x = node->data;
-        if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP) ||
-            !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) {
-                if (!OBJ_cmp(x->valid_policy, oid))
-                        return 1;
-                return 0;
-        }
-        for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) {
-                policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
-                if (!OBJ_cmp(policy_oid, oid))
-                        return 1;
-        }
-        return 0;
-}
-#endif /* LIBRESSL_HAS_POLICY_DAG */
author	tb <>	2023-04-28 16:21:57 +0000
committer	tb <>	2023-04-28 16:21:57 +0000
commit	0f7876e466fed4dad77a738f0bdb63846092d5ef (patch)
tree	ab7bf11dbba9e8b630f9ced2d33ff8be0eb6049a /src/lib/libcrypto/x509/pcy_node.c
parent	1059b2a4a3d9eb72ad6073bbadee2edc0fd7f990 (diff)
download	openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.tar.gz openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.tar.bz2 openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.zip

diff --git a/src/lib/libcrypto/x509/pcy_node.c b/src/lib/libcrypto/x509/pcy_node.c deleted file mode 100644 index 1daf7e2aff..0000000000 --- a/src/lib/libcrypto/x509/pcy_node.c +++ /dev/null
@@ -1,204 +0,0 @@
1	/* $OpenBSD: pcy_node.c,v 1.2 2023/04/26 19:11:33 beck Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2004.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <openssl/asn1.h>
60	#include <openssl/x509.h>
61	#include <openssl/x509v3.h>
62
63	#ifndef LIBRESSL_HAS_POLICY_DAG
64
65	#include "pcy_int.h"
66
67	static int
68	node_cmp(const X509_POLICY_NODE * const a, const X509_POLICY_NODE const *b)
69	{
70	return OBJ_cmp((a)->data->valid_policy, (b)->data->valid_policy);
71	}
72
73	STACK_OF(X509_POLICY_NODE) *
74	policy_node_cmp_new(void)
75	{
76	return sk_X509_POLICY_NODE_new(node_cmp);
77	}
78
79	X509_POLICY_NODE *
80	tree_find_sk(STACK_OF(X509_POLICY_NODE) nodes, const ASN1_OBJECT id)
81	{
82	X509_POLICY_DATA n;
83	X509_POLICY_NODE l;
84	int idx;
85
86	n.valid_policy = (ASN1_OBJECT *)id;
87	l.data = &n;
88
89	idx = sk_X509_POLICY_NODE_find(nodes, &l);
90	if (idx == -1)
91	return NULL;
92
93	return sk_X509_POLICY_NODE_value(nodes, idx);
94	}
95
96	X509_POLICY_NODE *
97	level_find_node(const X509_POLICY_LEVEL level, const X509_POLICY_NODE parent,
98	const ASN1_OBJECT *id)
99	{
100	X509_POLICY_NODE *node;
101	int i;
102
103	for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {
104	node = sk_X509_POLICY_NODE_value(level->nodes, i);
105	if (node->parent == parent) {
106	if (!OBJ_cmp(node->data->valid_policy, id))
107	return node;
108	}
109	}
110	return NULL;
111	}
112
113
114	int
115	level_add_node(X509_POLICY_LEVEL level, const X509_POLICY_DATA data,
116	X509_POLICY_NODE parent, X509_POLICY_TREE tree, X509_POLICY_NODE **nodep)
117	{
118	X509_POLICY_NODE *node = NULL;
119
120	if (level) {
121	node = malloc(sizeof(X509_POLICY_NODE));
122	if (!node)
123	goto node_error;
124	node->data = data;
125	node->parent = parent;
126	node->nchild = 0;
127	if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
128	if (level->anyPolicy)
129	goto node_error;
130	level->anyPolicy = node;
131	if (parent)
132	parent->nchild++;
133	} else {
134
135	if (!level->nodes)
136	level->nodes = policy_node_cmp_new();
137	if (!level->nodes)
138	goto node_error;
139	if (!sk_X509_POLICY_NODE_push(level->nodes, node))
140	goto node_error;
141	if (parent)
142	parent->nchild++;
143	}
144	}
145
146	if (tree) {
147	if (!tree->extra_data)
148	tree->extra_data = sk_X509_POLICY_DATA_new_null();
149	if (!tree->extra_data)
150	goto node_error_cond;
151	if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
152	goto node_error_cond;
153	}
154
155	if (nodep)
156	*nodep = node;
157
158	return 1;
159
160	node_error_cond:
161	if (level)
162	node = NULL;
163	node_error:
164	policy_node_free(node);
165	node = NULL;
166	if (nodep)
167	*nodep = node;
168	return 0;
169	}
170
171	void
172	policy_node_free(X509_POLICY_NODE *node)
173	{
174	free(node);
175	}
176
177	/* See if a policy node matches a policy OID. If mapping enabled look through
178	* expected policy set otherwise just valid policy.
179	*/
180
181	int
182	policy_node_match(const X509_POLICY_LEVEL lvl, const X509_POLICY_NODE node,
183	const ASN1_OBJECT *oid)
184	{
185	int i;
186	ASN1_OBJECT *policy_oid;
187	const X509_POLICY_DATA *x = node->data;
188
189	if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP) \|\|
190	!(x->flags & POLICY_DATA_FLAG_MAP_MASK)) {
191	if (!OBJ_cmp(x->valid_policy, oid))
192	return 1;
193	return 0;
194	}
195
196	for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) {
197	policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
198	if (!OBJ_cmp(policy_oid, oid))
199	return 1;
200	}
201	return 0;
202	}
203
204	#endif /* LIBRESSL_HAS_POLICY_DAG */