Unifdef LIBRESSL_HAS_POLICY_DAG and remove it from the Makefile

with beck
author: tb <> 2023-04-28 16:30:14 +0000
committer: tb <> 2023-04-28 16:30:14 +0000
commit: 83a0da50b7e7d8bf663824c7e46e6d0a39dd5b18 (patch)
tree: 9058435a70684a5adbf1febdddf08ce4894fa577 /src/lib/libcrypto/x509/x509_vfy.c
parent: d3241f465d88c38cafbf3cf15404f0cc8f189057 (diff)
download: openbsd-83a0da50b7e7d8bf663824c7e46e6d0a39dd5b18.tar.gz
openbsd-83a0da50b7e7d8bf663824c7e46e6d0a39dd5b18.tar.bz2
openbsd-83a0da50b7e7d8bf663824c7e46e6d0a39dd5b18.zip
1 files changed, 1 insertions, 61 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 76847e7224..93dc06ed05 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.116 2023/04/26 19:11:33 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.117 2023/04/28 16:30:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1744,7 +1744,6 @@ cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
 }
-#ifdef LIBRESSL_HAS_POLICY_DAG
 int
 x509_vfy_check_policy(X509_STORE_CTX *ctx)
 {
@@ -1779,59 +1778,6 @@ x509_vfy_check_policy(X509_STORE_CTX *ctx)
        return 1;
 }
-#else
-int
-x509_vfy_check_policy(X509_STORE_CTX *ctx)
-{
-        int ret;
-        if (ctx->parent)
-                return 1;
-        /* X509_policy_check always allocates a new tree. */
-        X509_policy_tree_free(ctx->tree);
-        ctx->tree = NULL;
-        ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
-            ctx->param->policies, ctx->param->flags);
-        if (ret == 0) {
-                X509error(ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        /* Invalid or inconsistent extensions */
-        if (ret == -1) {
-                /* Locate certificates with bad extensions and notify
-                 * callback.
-                 */
-                X509 *x;
-                int i;
-                for (i = 1; i < sk_X509_num(ctx->chain); i++) {
-                        x = sk_X509_value(ctx->chain, i);
-                        if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
-                                continue;
-                        ctx->current_cert = x;
-                        ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
-                        if (!ctx->verify_cb(0, ctx))
-                                return 0;
-                }
-                return 1;
-        }
-        if (ret == -2) {
-                ctx->current_cert = NULL;
-                ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
-                return ctx->verify_cb(0, ctx);
-        }
-        if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
-                ctx->current_cert = NULL;
-                ctx->error = X509_V_OK;
-                if (!ctx->verify_cb(2, ctx))
-                        return 0;
-        }
-        return 1;
-}
-#endif
 static int
 check_policy(X509_STORE_CTX *ctx)
@@ -2524,12 +2470,6 @@ X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
                        X509_VERIFY_PARAM_free(ctx->param);
                ctx->param = NULL;
        }
-#ifndef LIBRESSL_HAS_POLICY_DAG
-        if (ctx->tree != NULL) {
-                X509_policy_tree_free(ctx->tree);
-                ctx->tree = NULL;
-        }
-#endif
        if (ctx->chain != NULL) {
                sk_X509_pop_free(ctx->chain, X509_free);
                ctx->chain = NULL;
author	tb <>	2023-04-28 16:30:14 +0000
committer	tb <>	2023-04-28 16:30:14 +0000
commit	83a0da50b7e7d8bf663824c7e46e6d0a39dd5b18 (patch)
tree	9058435a70684a5adbf1febdddf08ce4894fa577 /src/lib/libcrypto/x509/x509_vfy.c
parent	d3241f465d88c38cafbf3cf15404f0cc8f189057 (diff)
download	openbsd-83a0da50b7e7d8bf663824c7e46e6d0a39dd5b18.tar.gz openbsd-83a0da50b7e7d8bf663824c7e46e6d0a39dd5b18.tar.bz2 openbsd-83a0da50b7e7d8bf663824c7e46e6d0a39dd5b18.zip

diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 76847e7224..93dc06ed05 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.c,v 1.116 2023/04/26 19:11:33 beck Exp $ */	1	/* $OpenBSD: x509_vfy.c,v 1.117 2023/04/28 16:30:14 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1744,7 +1744,6 @@ cert_crl(X509_STORE_CTX ctx, X509_CRL crl, X509 *x)
1744	}	1744	}
1745		1745
1746		1746
1747	#ifdef LIBRESSL_HAS_POLICY_DAG
1748	int	1747	int
1749	x509_vfy_check_policy(X509_STORE_CTX *ctx)	1748	x509_vfy_check_policy(X509_STORE_CTX *ctx)
1750	{	1749	{
@@ -1779,59 +1778,6 @@ x509_vfy_check_policy(X509_STORE_CTX *ctx)
1779		1778
1780	return 1;	1779	return 1;
1781	}	1780	}
1782	#else
1783	int
1784	x509_vfy_check_policy(X509_STORE_CTX *ctx)
1785	{
1786	int ret;
1787
1788	if (ctx->parent)
1789	return 1;
1790
1791	/* X509_policy_check always allocates a new tree. */
1792	X509_policy_tree_free(ctx->tree);
1793	ctx->tree = NULL;
1794
1795	ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1796	ctx->param->policies, ctx->param->flags);
1797	if (ret == 0) {
1798	X509error(ERR_R_MALLOC_FAILURE);
1799	return 0;
1800	}
1801	/* Invalid or inconsistent extensions */
1802	if (ret == -1) {
1803	/* Locate certificates with bad extensions and notify
1804	* callback.
1805	*/
1806	X509 *x;
1807	int i;
1808	for (i = 1; i < sk_X509_num(ctx->chain); i++) {
1809	x = sk_X509_value(ctx->chain, i);
1810	if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
1811	continue;
1812	ctx->current_cert = x;
1813	ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
1814	if (!ctx->verify_cb(0, ctx))
1815	return 0;
1816	}
1817	return 1;
1818	}
1819	if (ret == -2) {
1820	ctx->current_cert = NULL;
1821	ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
1822	return ctx->verify_cb(0, ctx);
1823	}
1824
1825	if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1826	ctx->current_cert = NULL;
1827	ctx->error = X509_V_OK;
1828	if (!ctx->verify_cb(2, ctx))
1829	return 0;
1830	}
1831
1832	return 1;
1833	}
1834	#endif
1835		1781
1836	static int	1782	static int
1837	check_policy(X509_STORE_CTX *ctx)	1783	check_policy(X509_STORE_CTX *ctx)
@@ -2524,12 +2470,6 @@ X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
2524	X509_VERIFY_PARAM_free(ctx->param);	2470	X509_VERIFY_PARAM_free(ctx->param);
2525	ctx->param = NULL;	2471	ctx->param = NULL;
2526	}	2472	}
2527	#ifndef LIBRESSL_HAS_POLICY_DAG
2528	if (ctx->tree != NULL) {
2529	X509_policy_tree_free(ctx->tree);
2530	ctx->tree = NULL;
2531	}
2532	#endif
2533	if (ctx->chain != NULL) {	2473	if (ctx->chain != NULL) {
2534	sk_X509_pop_free(ctx->chain, X509_free);	2474	sk_X509_pop_free(ctx->chain, X509_free);
2535	ctx->chain = NULL;	2475	ctx->chain = NULL;