Take X509_POLICY_NODE_print() behind the barn

This used to be public API but is now only used for debug code that has
certainly never been used since it was released to the public. It drags
that debug nonsense with it.

ok beck

diff --git a/lib/libcrypto/Symbols.namespace b/lib/libcrypto/Symbols.namespace
index f477c4d..4320731 100644 (file)
--- a/lib/libcrypto/Symbols.namespace
+++ b/lib/libcrypto/Symbols.namespace
@@ -837,7 +837,6 @@ _libre_a2i_IPADDRESS
 _libre_a2i_IPADDRESS_NC
 _libre_a2i_ipadd
 _libre_X509V3_NAME_from_section
-_libre_X509_POLICY_NODE_print
 _libre_ASRange_new
 _libre_ASRange_free
 _libre_d2i_ASRange

diff --git a/lib/libcrypto/hidden/openssl/x509v3.h b/lib/libcrypto/hidden/openssl/x509v3.h
index 044b553..e63b91a 100644 (file)
--- a/lib/libcrypto/hidden/openssl/x509v3.h
+++ b/lib/libcrypto/hidden/openssl/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.2 2023/04/25 18:48:32 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.3 2023/04/26 20:43:32 tb Exp $ */
 /*
  * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
  *
@@ -213,7 +213,6 @@ LCRYPTO_USED(a2i_IPADDRESS);
 LCRYPTO_USED(a2i_IPADDRESS_NC);
 LCRYPTO_USED(a2i_ipadd);
 LCRYPTO_USED(X509V3_NAME_from_section);
-LCRYPTO_USED(X509_POLICY_NODE_print);
 LCRYPTO_USED(ASRange_new);
 LCRYPTO_USED(ASRange_free);
 LCRYPTO_USED(d2i_ASRange);

diff --git a/lib/libcrypto/x509/pcy_tree.c b/lib/libcrypto/x509/pcy_tree.c
index eb3c427..4f253e3 100644 (file)
--- a/lib/libcrypto/x509/pcy_tree.c
+++ b/lib/libcrypto/x509/pcy_tree.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pcy_tree.c,v 1.7 2023/04/26 19:11:33 beck Exp $ */
+/* $OpenBSD: pcy_tree.c,v 1.8 2023/04/26 20:43:32 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
@@ -64,74 +64,6 @@
 #include "pcy_int.h"
 #include "x509_local.h"
 
-/* Enable this to print out the complete policy tree at various point during
- * evaluation.
- */
-
-/*#define OPENSSL_POLICY_DEBUG*/
-
-#ifdef OPENSSL_POLICY_DEBUG
-
-static void
-expected_print(BIO *err, X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
-    int indent)
-{
-       if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) ||
-           !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
-               BIO_puts(err, "  Not Mapped\n");
-       else {
-               int i;
-               STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
-               ASN1_OBJECT *oid;
-               BIO_puts(err, "  Expected: ");
-               for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
-                       oid = sk_ASN1_OBJECT_value(pset, i);
-                       if (i)
-                               BIO_puts(err, ", ");
-                       i2a_ASN1_OBJECT(err, oid);
-               }
-               BIO_puts(err, "\n");
-       }
-}
-
-static void
-tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
-{
-       X509_POLICY_LEVEL *plev;
-       X509_POLICY_NODE *node;
-       int i;
-       BIO *err;
-
-       if ((err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL)
-               return;
-
-       if (!curr)
-               curr = tree->levels + tree->nlevel;
-       else
-               curr++;
-       BIO_printf(err, "Level print after %s\n", str);
-       BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
-       for (plev = tree->levels; plev != curr; plev++) {
-               BIO_printf(err, "Level %ld, flags = %x\n",
-                   plev - tree->levels, plev->flags);
-               for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
-                       node = sk_X509_POLICY_NODE_value(plev->nodes, i);
-                       X509_POLICY_NODE_print(err, node, 2);
-                       expected_print(err, plev, node, 2);
-                       BIO_printf(err, "  Flags: %x\n", node->data->flags);
-               }
-               if (plev->anyPolicy)
-                       X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
-       }
-
-       BIO_free(err);
-}
-#else
-
-#define tree_print(a,b,c) /* */
-
-#endif
-
 /* Initialize policy tree. Return values:
  *  0 Some internal error occurred.
  * -1 Inconsistent or invalid extensions in certificates.
@@ -615,7 +547,6 @@ tree_evaluate(X509_POLICY_TREE *tree)
                if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) &&
                    !tree_link_any(curr, cache, tree))
                        return 0;
-               tree_print("before tree_prune()", tree, curr);
                ret = tree_prune(tree, curr);
                if (ret != 1)
                        return ret;
@@ -726,9 +657,6 @@ X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
        if (!tree)
                goto error;
        ret = tree_evaluate(tree);
-
-       tree_print("tree_evaluate()", tree, NULL);
-
        if (ret <= 0)
                goto error;
 

diff --git a/lib/libcrypto/x509/x509_cpols.c b/lib/libcrypto/x509/x509_cpols.c
index bac0209..bb09034 100644 (file)
--- a/lib/libcrypto/x509/x509_cpols.c
+++ b/lib/libcrypto/x509/x509_cpols.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_cpols.c,v 1.9 2023/04/26 19:11:33 beck Exp $ */
+/* $OpenBSD: x509_cpols.c,v 1.10 2023/04/26 20:43:32 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -65,9 +65,6 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 
-#ifndef LIBRESSL_HAS_POLICY_DAG
-#include "pcy_int.h"
-#endif
 #include "x509_local.h"
 
 /* Certificate policies extension support: this one is a bit complex... */
@@ -767,23 +764,3 @@ print_notice(BIO *out, USERNOTICE *notice, int indent)
                BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
                    notice->exptext->length, notice->exptext->data);
 }
-
-#ifndef LIBRESSL_HAS_POLICY_DAG
-void
-X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
-{
-       const X509_POLICY_DATA *dat = node->data;
-
-       BIO_printf(out, "%*sPolicy: ", indent, "");
-
-       i2a_ASN1_OBJECT(out, dat->valid_policy);
-       BIO_puts(out, "\n");
-       BIO_printf(out, "%*s%s\n", indent + 2, "",
-           node_data_critical(dat) ? "Critical" : "Non Critical");
-       if (dat->qualifier_set)
-               print_qualifiers(out, dat->qualifier_set, indent + 2);
-       else
-               BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
-}
-LCRYPTO_ALIAS(X509_POLICY_NODE_print);
-#endif