root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Adapt OPENSSL_POLICY_DEBUG to the new generic trace API 

Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
This commit is contained in:
Richard Levitte 2018-12-13 08:19:08 +01:00
parent a902e43d7d
commit b9ce85f631
3 changed files with 32 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/trace.c
View File

@ -128,6 +128,7 @@ static const struct trace_category_st trace_categories[] = {
TRACE_CATEGORY_(ENGINE_REF_COUNT), TRACE_CATEGORY_(ENGINE_REF_COUNT),
TRACE_CATEGORY_(PKCS5V2), TRACE_CATEGORY_(PKCS5V2),
TRACE_CATEGORY_(PKCS12_KEYGEN), TRACE_CATEGORY_(PKCS12_KEYGEN),
TRACE_CATEGORY_(X509V3_POLICY),
}; };
const char *OSSL_trace_get_category_name(int num) const char *OSSL_trace_get_category_name(int num)

67
crypto/x509v3/pcy_tree.c
View File

@ -8,76 +8,71 @@
*/ */
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/trace.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include "pcy_int.h" #include "pcy_int.h"
/* static void expected_print(BIO *channel,
* Enable this to print out the complete policy tree at various point during X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
* evaluation. int indent)
*/
/*
* #define OPENSSL_POLICY_DEBUG
*/
#ifdef OPENSSL_POLICY_DEBUG
static void expected_print(BIO *err, X509_POLICY_LEVEL *lev,
X509_POLICY_NODE *node, int indent)
{ {
if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) if ((lev->flags & X509_V_FLAG_INHIBIT_MAP)
|| !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK)) || !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
BIO_puts(err, " Not Mapped\n"); BIO_puts(channel, " Not Mapped\n");
else { else {
int i; int i;
STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set; STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
ASN1_OBJECT *oid; ASN1_OBJECT *oid;
BIO_puts(err, " Expected: "); BIO_puts(channel, " Expected: ");
for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) { for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
oid = sk_ASN1_OBJECT_value(pset, i); oid = sk_ASN1_OBJECT_value(pset, i);
if (i) if (i)
BIO_puts(err, ", "); BIO_puts(channel, ", ");
i2a_ASN1_OBJECT(err, oid); i2a_ASN1_OBJECT(channel, oid);
} }
BIO_puts(err, "\n"); BIO_puts(channel, "\n");
} }
} }
static void tree_print(char *str, X509_POLICY_TREE *tree, static void tree_print(BIO *channel,
char *str, X509_POLICY_TREE *tree,
X509_POLICY_LEVEL *curr) X509_POLICY_LEVEL *curr)
{ {
BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE);
X509_POLICY_LEVEL *plev; X509_POLICY_LEVEL *plev;
if (err == NULL)
return;
if (!curr) if (!curr)
curr = tree->levels + tree->nlevel; curr = tree->levels + tree->nlevel;
else else
curr++; curr++;
BIO_printf(err, "Level print after %s\n", str); BIO_printf(channel, "Level print after %s\n", str);
BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels); BIO_printf(channel, "Printing Up to Level %ld\n",
curr - tree->levels);
for (plev = tree->levels; plev != curr; plev++) { for (plev = tree->levels; plev != curr; plev++) {
int i; int i;
BIO_printf(err, "Level %ld, flags = %x\n", BIO_printf(channel, "Level %ld, flags = %x\n",
(long)(plev - tree->levels), plev->flags); (long)(plev - tree->levels), plev->flags);
for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) { for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(plev->nodes, i); X509_POLICY_NODE *node =
sk_X509_POLICY_NODE_value(plev->nodes, i);
X509_POLICY_NODE_print(err, node, 2); X509_POLICY_NODE_print(channel, node, 2);
expected_print(err, plev, node, 2); expected_print(channel, plev, node, 2);
BIO_printf(err, " Flags: %x\n", node->data->flags); BIO_printf(channel, " Flags: %x\n", node->data->flags);
} }
if (plev->anyPolicy) if (plev->anyPolicy)
X509_POLICY_NODE_print(err, plev->anyPolicy, 2); X509_POLICY_NODE_print(channel, plev->anyPolicy, 2);
} }
BIO_free(err);
} }
#endif
#define TREE_PRINT(str, tree, curr) \
OSSL_TRACE_BEGIN(X509V3_POLICY) { \
tree_print(trc_out, "before tree_prune()", tree, curr); \
} OSSL_TRACE_END(X509V3_POLICY)
/*- /*-
* Return value: <= 0 on error, or positive bit mask: * Return value: <= 0 on error, or positive bit mask:
@ -588,9 +583,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
&& !tree_link_any(curr, cache, tree)) && !tree_link_any(curr, cache, tree))
return X509_PCY_TREE_INTERNAL; return X509_PCY_TREE_INTERNAL;
#ifdef OPENSSL_POLICY_DEBUG TREE_PRINT("before tree_prune()", tree, curr);
tree_print("before tree_prune()", tree, curr);
#endif
ret = tree_prune(tree, curr); ret = tree_prune(tree, curr);
if (ret != X509_PCY_TREE_VALID) if (ret != X509_PCY_TREE_VALID)
return ret; return ret;
@ -665,9 +658,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
} }
ret = tree_evaluate(tree); ret = tree_evaluate(tree);
#ifdef OPENSSL_POLICY_DEBUG TREE_PRINT("tree_evaluate()", tree, NULL);
tree_print("tree_evaluate()", tree, NULL);
#endif
if (ret <= 0) if (ret <= 0)
goto error; goto error;

3
include/openssl/trace.h
View File

@ -41,7 +41,8 @@ extern "C" {
# define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 6 # define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 6
# define OSSL_TRACE_CATEGORY_PKCS5V2 7 # define OSSL_TRACE_CATEGORY_PKCS5V2 7
# define OSSL_TRACE_CATEGORY_PKCS12_KEYGEN 8 # define OSSL_TRACE_CATEGORY_PKCS12_KEYGEN 8
# define OSSL_TRACE_CATEGORY_NUM 9 # define OSSL_TRACE_CATEGORY_X509V3_POLICY 9
# define OSSL_TRACE_CATEGORY_NUM 10
/* Returns the trace category number for the given |name| */ /* Returns the trace category number for the given |name| */
int OSSL_trace_get_category_num(const char *name); int OSSL_trace_get_category_num(const char *name);