summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/pcy_tree.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509/pcy_tree.c')
-rw-r--r--src/lib/libcrypto/x509/pcy_tree.c74
1 files changed, 1 insertions, 73 deletions
diff --git a/src/lib/libcrypto/x509/pcy_tree.c b/src/lib/libcrypto/x509/pcy_tree.c
index eb3c427a3a..4f253e3cd1 100644
--- a/src/lib/libcrypto/x509/pcy_tree.c
+++ b/src/lib/libcrypto/x509/pcy_tree.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pcy_tree.c,v 1.7 2023/04/26 19:11:33 beck Exp $ */ 1/* $OpenBSD: pcy_tree.c,v 1.8 2023/04/26 20:43:32 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004. 3 * project 2004.
4 */ 4 */
@@ -64,74 +64,6 @@
64#include "pcy_int.h" 64#include "pcy_int.h"
65#include "x509_local.h" 65#include "x509_local.h"
66 66
67/* Enable this to print out the complete policy tree at various point during
68 * evaluation.
69 */
70
71/*#define OPENSSL_POLICY_DEBUG*/
72
73#ifdef OPENSSL_POLICY_DEBUG
74
75static void
76expected_print(BIO *err, X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
77 int indent)
78{
79 if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) ||
80 !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
81 BIO_puts(err, " Not Mapped\n");
82 else {
83 int i;
84 STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
85 ASN1_OBJECT *oid;
86 BIO_puts(err, " Expected: ");
87 for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
88 oid = sk_ASN1_OBJECT_value(pset, i);
89 if (i)
90 BIO_puts(err, ", ");
91 i2a_ASN1_OBJECT(err, oid);
92 }
93 BIO_puts(err, "\n");
94 }
95}
96
97static void
98tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
99{
100 X509_POLICY_LEVEL *plev;
101 X509_POLICY_NODE *node;
102 int i;
103 BIO *err;
104
105 if ((err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL)
106 return;
107
108 if (!curr)
109 curr = tree->levels + tree->nlevel;
110 else
111 curr++;
112 BIO_printf(err, "Level print after %s\n", str);
113 BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
114 for (plev = tree->levels; plev != curr; plev++) {
115 BIO_printf(err, "Level %ld, flags = %x\n",
116 plev - tree->levels, plev->flags);
117 for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
118 node = sk_X509_POLICY_NODE_value(plev->nodes, i);
119 X509_POLICY_NODE_print(err, node, 2);
120 expected_print(err, plev, node, 2);
121 BIO_printf(err, " Flags: %x\n", node->data->flags);
122 }
123 if (plev->anyPolicy)
124 X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
125 }
126
127 BIO_free(err);
128}
129#else
130
131#define tree_print(a,b,c) /* */
132
133#endif
134
135/* Initialize policy tree. Return values: 67/* Initialize policy tree. Return values:
136 * 0 Some internal error occurred. 68 * 0 Some internal error occurred.
137 * -1 Inconsistent or invalid extensions in certificates. 69 * -1 Inconsistent or invalid extensions in certificates.
@@ -615,7 +547,6 @@ tree_evaluate(X509_POLICY_TREE *tree)
615 if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) && 547 if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) &&
616 !tree_link_any(curr, cache, tree)) 548 !tree_link_any(curr, cache, tree))
617 return 0; 549 return 0;
618 tree_print("before tree_prune()", tree, curr);
619 ret = tree_prune(tree, curr); 550 ret = tree_prune(tree, curr);
620 if (ret != 1) 551 if (ret != 1)
621 return ret; 552 return ret;
@@ -726,9 +657,6 @@ X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
726 if (!tree) 657 if (!tree)
727 goto error; 658 goto error;
728 ret = tree_evaluate(tree); 659 ret = tree_evaluate(tree);
729
730 tree_print("tree_evaluate()", tree, NULL);
731
732 if (ret <= 0) 660 if (ret <= 0)
733 goto error; 661 goto error;
734 662