4 files changed, 3 insertions, 100 deletions
diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace
index f477c4d6ce..4320731af3 100644
--- a/src/lib/libcrypto/Symbols.namespace
+++ b/src/lib/libcrypto/Symbols.namespace
@@ -837,7 +837,6 @@ _libre_a2i_IPADDRESS
 _libre_a2i_IPADDRESS_NC
 _libre_a2i_ipadd
 _libre_X509V3_NAME_from_section
-_libre_X509_POLICY_NODE_print
 _libre_ASRange_new
 _libre_ASRange_free
 _libre_d2i_ASRange
diff --git a/src/lib/libcrypto/hidden/openssl/x509v3.h b/src/lib/libcrypto/hidden/openssl/x509v3.h
index 044b55334d..e63b91afdb 100644
--- a/src/lib/libcrypto/hidden/openssl/x509v3.h
+++ b/src/lib/libcrypto/hidden/openssl/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.2 2023/04/25 18:48:32 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.3 2023/04/26 20:43:32 tb Exp $ */
 /*
 * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
 *
@@ -213,7 +213,6 @@ LCRYPTO_USED(a2i_IPADDRESS);
 LCRYPTO_USED(a2i_IPADDRESS_NC);
 LCRYPTO_USED(a2i_ipadd);
 LCRYPTO_USED(X509V3_NAME_from_section);
-LCRYPTO_USED(X509_POLICY_NODE_print);
 LCRYPTO_USED(ASRange_new);
 LCRYPTO_USED(ASRange_free);
 LCRYPTO_USED(d2i_ASRange);
diff --git a/src/lib/libcrypto/x509/pcy_tree.c b/src/lib/libcrypto/x509/pcy_tree.c
index eb3c427a3a..4f253e3cd1 100644
--- a/src/lib/libcrypto/x509/pcy_tree.c
+++ b/src/lib/libcrypto/x509/pcy_tree.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pcy_tree.c,v 1.7 2023/04/26 19:11:33 beck Exp $ */
+/* $OpenBSD: pcy_tree.c,v 1.8 2023/04/26 20:43:32 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
@@ -64,74 +64,6 @@
 #include "pcy_int.h"
 #include "x509_local.h"
-/* Enable this to print out the complete policy tree at various point during
- * evaluation.
- */
-/*#define OPENSSL_POLICY_DEBUG*/
-#ifdef OPENSSL_POLICY_DEBUG
-static void
-expected_print(BIO *err, X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
-    int indent)
-{
-        if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) ||
-            !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
-                BIO_puts(err, "  Not Mapped\n");
-        else {
-                int i;
-                STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
-                ASN1_OBJECT *oid;
-                BIO_puts(err, "  Expected: ");
-                for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
-                        oid = sk_ASN1_OBJECT_value(pset, i);
-                        if (i)
-                                BIO_puts(err, ", ");
-                        i2a_ASN1_OBJECT(err, oid);
-                }
-                BIO_puts(err, "\n");
-        }
-}
-static void
-tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
-{
-        X509_POLICY_LEVEL *plev;
-        X509_POLICY_NODE *node;
-        int i;
-        BIO *err;
-        if ((err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL)
-                return;
-        if (!curr)
-                curr = tree->levels + tree->nlevel;
-        else
-                curr++;
-        BIO_printf(err, "Level print after %s\n", str);
-        BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
-        for (plev = tree->levels; plev != curr; plev++) {
-                BIO_printf(err, "Level %ld, flags = %x\n",
-                    plev - tree->levels, plev->flags);
-                for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
-                        node = sk_X509_POLICY_NODE_value(plev->nodes, i);
-                        X509_POLICY_NODE_print(err, node, 2);
-                        expected_print(err, plev, node, 2);
-                        BIO_printf(err, "  Flags: %x\n", node->data->flags);
-                }
-                if (plev->anyPolicy)
-                        X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
-        }
-        BIO_free(err);
-}
-#else
-#define tree_print(a,b,c) /* */
-#endif
 /* Initialize policy tree. Return values:
 *  0 Some internal error occurred.
 * -1 Inconsistent or invalid extensions in certificates.
@@ -615,7 +547,6 @@ tree_evaluate(X509_POLICY_TREE *tree)
                if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) &&
                    !tree_link_any(curr, cache, tree))
                        return 0;
-                tree_print("before tree_prune()", tree, curr);
                ret = tree_prune(tree, curr);
                if (ret != 1)
                        return ret;
@@ -726,9 +657,6 @@ X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
        if (!tree)
                goto error;
        ret = tree_evaluate(tree);
-        tree_print("tree_evaluate()", tree, NULL);
        if (ret <= 0)
                goto error;
diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c
index bac0209371..bb09034ce0 100644
--- a/src/lib/libcrypto/x509/x509_cpols.c
+++ b/src/lib/libcrypto/x509/x509_cpols.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cpols.c,v 1.9 2023/04/26 19:11:33 beck Exp $ */
+/* $OpenBSD: x509_cpols.c,v 1.10 2023/04/26 20:43:32 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -65,9 +65,6 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
-#ifndef LIBRESSL_HAS_POLICY_DAG
-#include "pcy_int.h"
-#endif
 #include "x509_local.h"
 /* Certificate policies extension support: this one is a bit complex... */
@@ -767,23 +764,3 @@ print_notice(BIO *out, USERNOTICE *notice, int indent)
                BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
                    notice->exptext->length, notice->exptext->data);
 }
-#ifndef LIBRESSL_HAS_POLICY_DAG
-void
-X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
-{
-        const X509_POLICY_DATA *dat = node->data;
-        BIO_printf(out, "%*sPolicy: ", indent, "");
-        i2a_ASN1_OBJECT(out, dat->valid_policy);
-        BIO_puts(out, "\n");
-        BIO_printf(out, "%*s%s\n", indent + 2, "",
-            node_data_critical(dat) ? "Critical" : "Non Critical");
-        if (dat->qualifier_set)
-                print_qualifiers(out, dat->qualifier_set, indent + 2);
-        else
-                BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
-}
-LCRYPTO_ALIAS(X509_POLICY_NODE_print);
-#endif

diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace index f477c4d6ce..4320731af3 100644 --- a/src/lib/libcrypto/Symbols.namespace +++ b/src/lib/libcrypto/Symbols.namespace
@@ -837,7 +837,6 @@ _libre_a2i_IPADDRESS
837	_libre_a2i_IPADDRESS_NC	837	_libre_a2i_IPADDRESS_NC
838	_libre_a2i_ipadd	838	_libre_a2i_ipadd
839	_libre_X509V3_NAME_from_section	839	_libre_X509V3_NAME_from_section
840	_libre_X509_POLICY_NODE_print
841	_libre_ASRange_new	840	_libre_ASRange_new
842	_libre_ASRange_free	841	_libre_ASRange_free
843	_libre_d2i_ASRange	842	_libre_d2i_ASRange


diff --git a/src/lib/libcrypto/hidden/openssl/x509v3.h b/src/lib/libcrypto/hidden/openssl/x509v3.h index 044b55334d..e63b91afdb 100644 --- a/src/lib/libcrypto/hidden/openssl/x509v3.h +++ b/src/lib/libcrypto/hidden/openssl/x509v3.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509v3.h,v 1.2 2023/04/25 18:48:32 tb Exp $ */	1	/* $OpenBSD: x509v3.h,v 1.3 2023/04/26 20:43:32 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2022 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2022 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -213,7 +213,6 @@ LCRYPTO_USED(a2i_IPADDRESS);
213	LCRYPTO_USED(a2i_IPADDRESS_NC);	213	LCRYPTO_USED(a2i_IPADDRESS_NC);
214	LCRYPTO_USED(a2i_ipadd);	214	LCRYPTO_USED(a2i_ipadd);
215	LCRYPTO_USED(X509V3_NAME_from_section);	215	LCRYPTO_USED(X509V3_NAME_from_section);
216	LCRYPTO_USED(X509_POLICY_NODE_print);
217	LCRYPTO_USED(ASRange_new);	216	LCRYPTO_USED(ASRange_new);
218	LCRYPTO_USED(ASRange_free);	217	LCRYPTO_USED(ASRange_free);
219	LCRYPTO_USED(d2i_ASRange);	218	LCRYPTO_USED(d2i_ASRange);


diff --git a/src/lib/libcrypto/x509/pcy_tree.c b/src/lib/libcrypto/x509/pcy_tree.c index eb3c427a3a..4f253e3cd1 100644 --- a/src/lib/libcrypto/x509/pcy_tree.c +++ b/src/lib/libcrypto/x509/pcy_tree.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pcy_tree.c,v 1.7 2023/04/26 19:11:33 beck Exp $ */	1	/* $OpenBSD: pcy_tree.c,v 1.8 2023/04/26 20:43:32 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2004.	3	* project 2004.
4	*/	4	*/
@@ -64,74 +64,6 @@
64	#include "pcy_int.h"	64	#include "pcy_int.h"
65	#include "x509_local.h"	65	#include "x509_local.h"
66		66
67	/* Enable this to print out the complete policy tree at various point during
68	* evaluation.
69	*/
70
71	/#define OPENSSL_POLICY_DEBUG/
72
73	#ifdef OPENSSL_POLICY_DEBUG
74
75	static void
76	expected_print(BIO err, X509_POLICY_LEVEL lev, X509_POLICY_NODE *node,
77	int indent)
78	{
79	if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) \|\|
80	!(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
81	BIO_puts(err, " Not Mapped\n");
82	else {
83	int i;
84	STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
85	ASN1_OBJECT *oid;
86	BIO_puts(err, " Expected: ");
87	for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
88	oid = sk_ASN1_OBJECT_value(pset, i);
89	if (i)
90	BIO_puts(err, ", ");
91	i2a_ASN1_OBJECT(err, oid);
92	}
93	BIO_puts(err, "\n");
94	}
95	}
96
97	static void
98	tree_print(char str, X509_POLICY_TREE tree, X509_POLICY_LEVEL *curr)
99	{
100	X509_POLICY_LEVEL *plev;
101	X509_POLICY_NODE *node;
102	int i;
103	BIO *err;
104
105	if ((err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL)
106	return;
107
108	if (!curr)
109	curr = tree->levels + tree->nlevel;
110	else
111	curr++;
112	BIO_printf(err, "Level print after %s\n", str);
113	BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
114	for (plev = tree->levels; plev != curr; plev++) {
115	BIO_printf(err, "Level %ld, flags = %x\n",
116	plev - tree->levels, plev->flags);
117	for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
118	node = sk_X509_POLICY_NODE_value(plev->nodes, i);
119	X509_POLICY_NODE_print(err, node, 2);
120	expected_print(err, plev, node, 2);
121	BIO_printf(err, " Flags: %x\n", node->data->flags);
122	}
123	if (plev->anyPolicy)
124	X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
125	}
126
127	BIO_free(err);
128	}
129	#else
130
131	#define tree_print(a,b,c) /* */
132
133	#endif
134
135	/* Initialize policy tree. Return values:	67	/* Initialize policy tree. Return values:
136	* 0 Some internal error occurred.	68	* 0 Some internal error occurred.
137	* -1 Inconsistent or invalid extensions in certificates.	69	* -1 Inconsistent or invalid extensions in certificates.
@@ -615,7 +547,6 @@ tree_evaluate(X509_POLICY_TREE *tree)
615	if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) &&	547	if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) &&
616	!tree_link_any(curr, cache, tree))	548	!tree_link_any(curr, cache, tree))
617	return 0;	549	return 0;
618	tree_print("before tree_prune()", tree, curr);
619	ret = tree_prune(tree, curr);	550	ret = tree_prune(tree, curr);
620	if (ret != 1)	551	if (ret != 1)
621	return ret;	552	return ret;
@@ -726,9 +657,6 @@ X509_policy_check(X509_POLICY_TREE *ptree, int pexplicit_policy,
726	if (!tree)	657	if (!tree)
727	goto error;	658	goto error;
728	ret = tree_evaluate(tree);	659	ret = tree_evaluate(tree);
729
730	tree_print("tree_evaluate()", tree, NULL);
731
732	if (ret <= 0)	660	if (ret <= 0)
733	goto error;	661	goto error;
734		662


diff --git a/src/lib/libcrypto/x509/x509_cpols.c b/src/lib/libcrypto/x509/x509_cpols.c index bac0209371..bb09034ce0 100644 --- a/src/lib/libcrypto/x509/x509_cpols.c +++ b/src/lib/libcrypto/x509/x509_cpols.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_cpols.c,v 1.9 2023/04/26 19:11:33 beck Exp $ */	1	/* $OpenBSD: x509_cpols.c,v 1.10 2023/04/26 20:43:32 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -65,9 +65,6 @@
65	#include <openssl/err.h>	65	#include <openssl/err.h>
66	#include <openssl/x509v3.h>	66	#include <openssl/x509v3.h>
67		67
68	#ifndef LIBRESSL_HAS_POLICY_DAG
69	#include "pcy_int.h"
70	#endif
71	#include "x509_local.h"	68	#include "x509_local.h"
72		69
73	/* Certificate policies extension support: this one is a bit complex... */	70	/* Certificate policies extension support: this one is a bit complex... */
@@ -767,23 +764,3 @@ print_notice(BIO out, USERNOTICE notice, int indent)
767	BIO_printf(out, "%sExplicit Text: %.s\n", indent, "",	764	BIO_printf(out, "%sExplicit Text: %.s\n", indent, "",
768	notice->exptext->length, notice->exptext->data);	765	notice->exptext->length, notice->exptext->data);
769	}	766	}
770
771	#ifndef LIBRESSL_HAS_POLICY_DAG
772	void
773	X509_POLICY_NODE_print(BIO out, X509_POLICY_NODE node, int indent)
774	{
775	const X509_POLICY_DATA *dat = node->data;
776
777	BIO_printf(out, "%*sPolicy: ", indent, "");
778
779	i2a_ASN1_OBJECT(out, dat->valid_policy);
780	BIO_puts(out, "\n");
781	BIO_printf(out, "%*s%s\n", indent + 2, "",
782	node_data_critical(dat) ? "Critical" : "Non Critical");
783	if (dat->qualifier_set)
784	print_qualifiers(out, dat->qualifier_set, indent + 2);
785	else
786	BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
787	}
788	LCRYPTO_ALIAS(X509_POLICY_NODE_print);
789	#endif