diff options
Diffstat (limited to 'src/lib/libcrypto/x509/pcy_tree.c')
-rw-r--r-- | src/lib/libcrypto/x509/pcy_tree.c | 74 |
1 files changed, 1 insertions, 73 deletions
diff --git a/src/lib/libcrypto/x509/pcy_tree.c b/src/lib/libcrypto/x509/pcy_tree.c index eb3c427a3a..4f253e3cd1 100644 --- a/src/lib/libcrypto/x509/pcy_tree.c +++ b/src/lib/libcrypto/x509/pcy_tree.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: pcy_tree.c,v 1.7 2023/04/26 19:11:33 beck Exp $ */ | 1 | /* $OpenBSD: pcy_tree.c,v 1.8 2023/04/26 20:43:32 tb Exp $ */ |
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 | * project 2004. | 3 | * project 2004. |
4 | */ | 4 | */ |
@@ -64,74 +64,6 @@ | |||
64 | #include "pcy_int.h" | 64 | #include "pcy_int.h" |
65 | #include "x509_local.h" | 65 | #include "x509_local.h" |
66 | 66 | ||
67 | /* Enable this to print out the complete policy tree at various point during | ||
68 | * evaluation. | ||
69 | */ | ||
70 | |||
71 | /*#define OPENSSL_POLICY_DEBUG*/ | ||
72 | |||
73 | #ifdef OPENSSL_POLICY_DEBUG | ||
74 | |||
75 | static void | ||
76 | expected_print(BIO *err, X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node, | ||
77 | int indent) | ||
78 | { | ||
79 | if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) || | ||
80 | !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK)) | ||
81 | BIO_puts(err, " Not Mapped\n"); | ||
82 | else { | ||
83 | int i; | ||
84 | STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set; | ||
85 | ASN1_OBJECT *oid; | ||
86 | BIO_puts(err, " Expected: "); | ||
87 | for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) { | ||
88 | oid = sk_ASN1_OBJECT_value(pset, i); | ||
89 | if (i) | ||
90 | BIO_puts(err, ", "); | ||
91 | i2a_ASN1_OBJECT(err, oid); | ||
92 | } | ||
93 | BIO_puts(err, "\n"); | ||
94 | } | ||
95 | } | ||
96 | |||
97 | static void | ||
98 | tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) | ||
99 | { | ||
100 | X509_POLICY_LEVEL *plev; | ||
101 | X509_POLICY_NODE *node; | ||
102 | int i; | ||
103 | BIO *err; | ||
104 | |||
105 | if ((err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL) | ||
106 | return; | ||
107 | |||
108 | if (!curr) | ||
109 | curr = tree->levels + tree->nlevel; | ||
110 | else | ||
111 | curr++; | ||
112 | BIO_printf(err, "Level print after %s\n", str); | ||
113 | BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels); | ||
114 | for (plev = tree->levels; plev != curr; plev++) { | ||
115 | BIO_printf(err, "Level %ld, flags = %x\n", | ||
116 | plev - tree->levels, plev->flags); | ||
117 | for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) { | ||
118 | node = sk_X509_POLICY_NODE_value(plev->nodes, i); | ||
119 | X509_POLICY_NODE_print(err, node, 2); | ||
120 | expected_print(err, plev, node, 2); | ||
121 | BIO_printf(err, " Flags: %x\n", node->data->flags); | ||
122 | } | ||
123 | if (plev->anyPolicy) | ||
124 | X509_POLICY_NODE_print(err, plev->anyPolicy, 2); | ||
125 | } | ||
126 | |||
127 | BIO_free(err); | ||
128 | } | ||
129 | #else | ||
130 | |||
131 | #define tree_print(a,b,c) /* */ | ||
132 | |||
133 | #endif | ||
134 | |||
135 | /* Initialize policy tree. Return values: | 67 | /* Initialize policy tree. Return values: |
136 | * 0 Some internal error occurred. | 68 | * 0 Some internal error occurred. |
137 | * -1 Inconsistent or invalid extensions in certificates. | 69 | * -1 Inconsistent or invalid extensions in certificates. |
@@ -615,7 +547,6 @@ tree_evaluate(X509_POLICY_TREE *tree) | |||
615 | if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) && | 547 | if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) && |
616 | !tree_link_any(curr, cache, tree)) | 548 | !tree_link_any(curr, cache, tree)) |
617 | return 0; | 549 | return 0; |
618 | tree_print("before tree_prune()", tree, curr); | ||
619 | ret = tree_prune(tree, curr); | 550 | ret = tree_prune(tree, curr); |
620 | if (ret != 1) | 551 | if (ret != 1) |
621 | return ret; | 552 | return ret; |
@@ -726,9 +657,6 @@ X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, | |||
726 | if (!tree) | 657 | if (!tree) |
727 | goto error; | 658 | goto error; |
728 | ret = tree_evaluate(tree); | 659 | ret = tree_evaluate(tree); |
729 | |||
730 | tree_print("tree_evaluate()", tree, NULL); | ||
731 | |||
732 | if (ret <= 0) | 660 | if (ret <= 0) |
733 | goto error; | 661 | goto error; |
734 | 662 | ||