Take X509_POLICY_NODE_print() behind the barn

This used to be public API but is now only used for debug code that has certainly never been used since it was released to the public. It drags that debug nonsense with it. ok beck
author: tb <> 2023-04-26 20:43:32 +0000
committer: tb <> 2023-04-26 20:43:32 +0000
commit: b095c3c5a1f9e1ca6df4f040af58aa1e778537bf (patch)
tree: 9eb75afdde7f7f11fd0c86e8a506d4c450decf8f /src
parent: 453b91d6329d9b353060b1a405a350428ad1d2b4 (diff)
download: openbsd-b095c3c5a1f9e1ca6df4f040af58aa1e778537bf.tar.gz
openbsd-b095c3c5a1f9e1ca6df4f040af58aa1e778537bf.tar.bz2
openbsd-b095c3c5a1f9e1ca6df4f040af58aa1e778537bf.zip
4 files changed, 3 insertions, 100 deletions
diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace
index f477c4d6ce..4320731af3 100644
--- a/src/lib/libcrypto/Symbols.namespace
+++ b/src/lib/libcrypto/Symbols.namespace
@@ -837,7 +837,6 @@ _libre_a2i_IPADDRESS
 _libre_a2i_IPADDRESS_NC
 _libre_a2i_ipadd
 _libre_X509V3_NAME_from_section
-_libre_X509_POLICY_NODE_print
 _libre_ASRange_new
 _libre_ASRange_free
 _libre_d2i_ASRange
diff --git a/src/lib/libcrypto/hidden/openssl/x509v3.h b/src/lib/libcrypto/hidden/openssl/x509v3.h
index 044b55334d..e63b91afdb 100644
--- a/src/lib/libcrypto/hidden/openssl/x509v3.h
+++ b/src/lib/libcrypto/hidden/openssl/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.2 2023/04/25 18:48:32 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.3 2023/04/26 20:43:32 tb Exp $ */
 /*
 * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
 *
@@ -213,7 +213,6 @@ LCRYPTO_USED(a2i_IPADDRESS);
 LCRYPTO_USED(a2i_IPADDRESS_NC);
 LCRYPTO_USED(a2i_ipadd);
 LCRYPTO_USED(X509V3_NAME_from_section);
-LCRYPTO_USED(X509_POLICY_NODE_print);
 LCRYPTO_USED(ASRange_new);
 LCRYPTO_USED(ASRange_free);
 LCRYPTO_USED(d2i_ASRange);
diff --git a/src/lib/libcrypto/x509/pcy_tree.c b/src/lib/libcrypto/x509/pcy_tree.c
index eb3c427a3a..4f253e3cd1 100644
--- a/src/lib/libcrypto/x509/pcy_tree.c
+++ b/src/lib/libcrypto/x509/pcy_tree.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pcy_tree.c,v 1.7 2023/04/26 19:11:33 beck Exp $ */
+/* $OpenBSD: pcy_tree.c,v 1.8 2023/04/26 20:43:32 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
@@ -64,74 +64,6 @@
 #include "pcy_int.h"
 #include "x509_local.h"
-/* Enable this to print out the complete policy tree at various point during
- * evaluation.
- */
-/*#define OPENSSL_POLICY_DEBUG*/
-#ifdef OPENSSL_POLICY_DEBUG
-static void
-expected_print(BIO *err, X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
-    int indent)
-{
-        if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) ||
-            !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
-                BIO_puts(err, "  Not Mapped\n");
-        else {
-                int i;
-                STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
-                ASN1_OBJECT *oid;
-                BIO_puts(err, "  Expected: ");
-                for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
-                        oid = sk_ASN1_OBJECT_value(pset, i);
-                        if (i)
-                                BIO_puts(err, ", ");
-                        i2a_ASN1_OBJECT(err, oid);
-                }
-                BIO_puts(err, "\n");
-        }
-}
-static void
-tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
-{
-        X509_POLICY_LEVEL *plev;
-        X509_POLICY_NODE *node;
-        int i;
-        BIO *err;
-        if ((err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL)
-                return;
-        if (!curr)
-                curr = tree->levels + tree->nlevel;
-        else
-                curr++;
-        BIO_printf(err, "Level print after %s\n", str);
-        BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
-        for (plev = tree->levels; plev != curr; plev++) {
-                BIO_printf(err, "Level %ld, flags = %x\n",
-                    plev - tree->levels, plev->flags);
-                for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
-                        node = sk_X509_POLICY_NODE_value(plev->nodes, i);
-                        X509_POLICY_NODE_print(err, node, 2);
-                        expected_print(err, plev, node, 2);
-                        BIO_printf(err, "  Flags: %x\n", node->data->flags);
-                }
-                if (plev->anyPolicy)
-                        X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
-        }
-        BIO_free(err);
-}
-#else
-#define tree_print(a,b,c) /* */
-#endif
 /* Initialize policy tree. Return values:
 *  0 Some internal error occurred.
 * -1 Inconsistent or invalid extensions in certificates.
@@ -615,7 +547,6 @@ tree_evaluate(X509_POLICY_TREE *tree)
                if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) &&
                    !tree_link_any(curr, cache, tree))
                        return 0;
-                tree_print("before tree_prune()", tree, curr);
                ret = tree_prune(tree, curr);
                if (ret != 1)
                        return ret;
@@ -726,9 +657,6 @@ X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
        if (!tree)
                goto error;
        ret = tree_evaluate(tree);
-        tree_print("tree_evaluate()", tree, NULL);
        if (ret <= 0)
                goto error;
diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c
index bac0209371..bb09034ce0 100644
--- a/src/lib/libcrypto/x509/x509_cpols.c
+++ b/src/lib/libcrypto/x509/x509_cpols.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cpols.c,v 1.9 2023/04/26 19:11:33 beck Exp $ */
+/* $OpenBSD: x509_cpols.c,v 1.10 2023/04/26 20:43:32 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -65,9 +65,6 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
-#ifndef LIBRESSL_HAS_POLICY_DAG
-#include "pcy_int.h"
-#endif
 #include "x509_local.h"
 /* Certificate policies extension support: this one is a bit complex... */
@@ -767,23 +764,3 @@ print_notice(BIO *out, USERNOTICE *notice, int indent)
                BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
                    notice->exptext->length, notice->exptext->data);
 }
-#ifndef LIBRESSL_HAS_POLICY_DAG
-void
-X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
-{
-        const X509_POLICY_DATA *dat = node->data;
-        BIO_printf(out, "%*sPolicy: ", indent, "");
-        i2a_ASN1_OBJECT(out, dat->valid_policy);
-        BIO_puts(out, "\n");
-        BIO_printf(out, "%*s%s\n", indent + 2, "",
-            node_data_critical(dat) ? "Critical" : "Non Critical");
-        if (dat->qualifier_set)
-                print_qualifiers(out, dat->qualifier_set, indent + 2);
-        else
-                BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
-}
-LCRYPTO_ALIAS(X509_POLICY_NODE_print);
-#endif
author	tb <>	2023-04-26 20:43:32 +0000
committer	tb <>	2023-04-26 20:43:32 +0000
commit	b095c3c5a1f9e1ca6df4f040af58aa1e778537bf (patch)
tree	9eb75afdde7f7f11fd0c86e8a506d4c450decf8f /src
parent	453b91d6329d9b353060b1a405a350428ad1d2b4 (diff)
download	openbsd-b095c3c5a1f9e1ca6df4f040af58aa1e778537bf.tar.gz openbsd-b095c3c5a1f9e1ca6df4f040af58aa1e778537bf.tar.bz2 openbsd-b095c3c5a1f9e1ca6df4f040af58aa1e778537bf.zip

diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace index f477c4d6ce..4320731af3 100644 --- a/src/lib/libcrypto/Symbols.namespace +++ b/src/lib/libcrypto/Symbols.namespace
@@ -837,7 +837,6 @@ _libre_a2i_IPADDRESS
837	_libre_a2i_IPADDRESS_NC	837	_libre_a2i_IPADDRESS_NC
838	_libre_a2i_ipadd	838	_libre_a2i_ipadd
839	_libre_X509V3_NAME_from_section	839	_libre_X509V3_NAME_from_section
840	_libre_X509_POLICY_NODE_print
841	_libre_ASRange_new	840	_libre_ASRange_new
842	_libre_ASRange_free	841	_libre_ASRange_free
843	_libre_d2i_ASRange	842	_libre_d2i_ASRange


diff --git a/src/lib/libcrypto/hidden/openssl/x509v3.h b/src/lib/libcrypto/hidden/openssl/x509v3.h index 044b55334d..e63b91afdb 100644 --- a/src/lib/libcrypto/hidden/openssl/x509v3.h +++ b/src/lib/libcrypto/hidden/openssl/x509v3.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509v3.h,v 1.2 2023/04/25 18:48:32 tb Exp $ */	1	/* $OpenBSD: x509v3.h,v 1.3 2023/04/26 20:43:32 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2022 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2022 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -213,7 +213,6 @@ LCRYPTO_USED(a2i_IPADDRESS);
213	LCRYPTO_USED(a2i_IPADDRESS_NC);	213	LCRYPTO_USED(a2i_IPADDRESS_NC);
214	LCRYPTO_USED(a2i_ipadd);	214	LCRYPTO_USED(a2i_ipadd);
215	LCRYPTO_USED(X509V3_NAME_from_section);	215	LCRYPTO_USED(X509V3_NAME_from_section);
216	LCRYPTO_USED(X509_POLICY_NODE_print);
217	LCRYPTO_USED(ASRange_new);	216	LCRYPTO_USED(ASRange_new);
218	LCRYPTO_USED(ASRange_free);	217	LCRYPTO_USED(ASRange_free);
219	LCRYPTO_USED(d2i_ASRange);	218	LCRYPTO_USED(d2i_ASRange);


diff --git a/src/lib/libcrypto/x509/pcy_tree.c b/src/lib/libcrypto/x509/pcy_tree.c index eb3c427a3a..4f253e3cd1 100644 --- a/src/lib/libcrypto/x509/pcy_tree.c +++ b/src/lib/libcrypto/x509/pcy_tree.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pcy_tree.c,v 1.7 2023/04/26 19:11:33 beck Exp $ */	1	/* $OpenBSD: pcy_tree.c,v 1.8 2023/04/26 20:43:32 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2004.	3	* project 2004.
4	*/	4	*/
@@ -64,74 +64,6 @@
64	#include "pcy_int.h"	64	#include "pcy_int.h"
65	#include "x509_local.h"	65	#include "x509_local.h"
66		66
67	/* Enable this to print out the complete policy tree at various point during
68	* evaluation.
69	*/
70
71	/#define OPENSSL_POLICY_DEBUG/
72
73	#ifdef OPENSSL_POLICY_DEBUG
74
75	static void
76	expected_print(BIO err, X509_POLICY_LEVEL lev, X509_POLICY_NODE *node,
77	int indent)
78	{
79	if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) \|\|
80	!(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
81	BIO_puts(err, " Not Mapped\n");
82	else {
83	int i;
84	STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
85	ASN1_OBJECT *oid;
86	BIO_puts(err, " Expected: ");
87	for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
88	oid = sk_ASN1_OBJECT_value(pset, i);
89	if (i)
90	BIO_puts(err, ", ");
91	i2a_ASN1_OBJECT(err, oid);
92	}
93	BIO_puts(err, "\n");
94	}
95	}
96
97	static void
98	tree_print(char str, X509_POLICY_TREE tree, X509_POLICY_LEVEL *curr)
99	{
100	X509_POLICY_LEVEL *plev;
101	X509_POLICY_NODE *node;
102	int i;
103	BIO *err;
104
105	if ((err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL)
106	return;
107
108	if (!curr)
109	curr = tree->levels + tree->nlevel;
110	else
111	curr++;
112	BIO_printf(err, "Level print after %s\n", str);
113	BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
114	for (plev = tree->levels; plev != curr; plev++) {
115	BIO_printf(err, "Level %ld, flags = %x\n",
116	plev - tree->levels, plev->flags);
117	for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
118	node = sk_X509_POLICY_NODE_value(plev->nodes, i);
119	X509_POLICY_NODE_print(err, node, 2);
120	expected_print(err, plev, node, 2);
121	BIO_printf(err, " Flags: %x\n", node->data->flags);
122	}
123	if (plev->anyPolicy)
124	X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
125	}
126
127	BIO_free(err);
128	}
129	#else
130
131	#define tree_print(a,b,c) /* */
132
133	#endif
134
135	/* Initialize policy tree. Return values:	67	/* Initialize policy tree. Return values:
136	* 0 Some internal error occurred.	68	* 0 Some internal error occurred.
137	* -1 Inconsistent or invalid extensions in certificates.	69	* -1 Inconsistent or invalid extensions in certificates.
@@ -615,7 +547,6 @@ tree_evaluate(X509_POLICY_TREE *tree)
615	if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) &&	547	if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) &&
616	!tree_link_any(curr, cache, tree))	548	!tree_link_any(curr, cache, tree))
617	return 0;	549	return 0;
618	tree_print("before tree_prune()", tree, curr);
619	ret = tree_prune(tree, curr);	550	ret = tree_prune(tree, curr);
620	if (ret != 1)	551	if (ret != 1)
621	return ret;	552	return ret;
@@ -726,9 +657,6 @@ X509_policy_check(X509_POLICY_TREE *ptree, int pexplicit_policy,
726	if (!tree)	657	if (!tree)
727	goto error;	658	goto error;
728	ret = tree_evaluate(tree);	659	ret = tree_evaluate(tree);
729
730	tree_print("tree_evaluate()", tree, NULL);
731
732	if (ret <= 0)	660	if (ret <= 0)
733	goto error;	661	goto error;
734		662


diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c index bac0209371..bb09034ce0 100644 --- a/src/lib/libcrypto/x509/x509_cpols.c +++ b/src/lib/libcrypto/x509/x509_cpols.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_cpols.c,v 1.9 2023/04/26 19:11:33 beck Exp $ */	1	/* $OpenBSD: x509_cpols.c,v 1.10 2023/04/26 20:43:32 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -65,9 +65,6 @@
65	#include <openssl/err.h>	65	#include <openssl/err.h>
66	#include <openssl/x509v3.h>	66	#include <openssl/x509v3.h>
67		67
68	#ifndef LIBRESSL_HAS_POLICY_DAG
69	#include "pcy_int.h"
70	#endif
71	#include "x509_local.h"	68	#include "x509_local.h"
72		69
73	/* Certificate policies extension support: this one is a bit complex... */	70	/* Certificate policies extension support: this one is a bit complex... */
@@ -767,23 +764,3 @@ print_notice(BIO out, USERNOTICE notice, int indent)
767	BIO_printf(out, "%sExplicit Text: %.s\n", indent, "",	764	BIO_printf(out, "%sExplicit Text: %.s\n", indent, "",
768	notice->exptext->length, notice->exptext->data);	765	notice->exptext->length, notice->exptext->data);
769	}	766	}
770
771	#ifndef LIBRESSL_HAS_POLICY_DAG
772	void
773	X509_POLICY_NODE_print(BIO out, X509_POLICY_NODE node, int indent)
774	{
775	const X509_POLICY_DATA *dat = node->data;
776
777	BIO_printf(out, "%*sPolicy: ", indent, "");
778
779	i2a_ASN1_OBJECT(out, dat->valid_policy);
780	BIO_puts(out, "\n");
781	BIO_printf(out, "%*s%s\n", indent + 2, "",
782	node_data_critical(dat) ? "Critical" : "Non Critical");
783	if (dat->qualifier_set)
784	print_qualifiers(out, dat->qualifier_set, indent + 2);
785	else
786	BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
787	}
788	LCRYPTO_ALIAS(X509_POLICY_NODE_print);
789	#endif