Remove 'file:' feature in v3_pci.c's CONF hooks.
This makes it easier to build a subset of BoringSSL which doesn't depend
on the filesystem (though perhaps it's worth a build define for that
now). This hook is also generally surprising. CONF hooks are bad enough
when they don't open arbitrary files.
Change-Id: Ibf791162dd3d4cec8117eb49ff0cd716a1c54abd
Reviewed-on: https://boringssl-review.googlesource.com/14166
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 68dca5e..4352abe 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -35,7 +35,6 @@
* SUCH DAMAGE.
*/
-#include <stdio.h>
#include <string.h>
#include <openssl/conf.h>
@@ -153,38 +152,6 @@
goto err;
}
OPENSSL_free(tmp_data2);
- } else if (strncmp(val->value, "file:", 5) == 0) {
- unsigned char buf[2048];
- int n;
- BIO *b = BIO_new_file(val->value + 5, "r");
- if (!b) {
- OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB);
- X509V3_conf_err(val);
- goto err;
- }
- while ((n = BIO_read(b, buf, sizeof(buf))) > 0
- || (n == 0 && BIO_should_retry(b))) {
- if (!n)
- continue;
-
- tmp_data = OPENSSL_realloc((*policy)->data,
- (*policy)->length + n + 1);
-
- if (!tmp_data)
- break;
-
- (*policy)->data = tmp_data;
- OPENSSL_memcpy(&(*policy)->data[(*policy)->length], buf, n);
- (*policy)->length += n;
- (*policy)->data[(*policy)->length] = '\0';
- }
- BIO_free_all(b);
-
- if (n < 0) {
- OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB);
- X509V3_conf_err(val);
- goto err;
- }
} else if (strncmp(val->value, "text:", 5) == 0) {
val_len = strlen(val->value + 5);
tmp_data = OPENSSL_realloc((*policy)->data,
