kris
/
boringssl
1
0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Non puoi selezionare più di 25 argomenti Gli argomenti devono iniziare con una lettera o un numero, possono includere trattini ('-') e possono essere lunghi fino a 35 caratteri.
5043 Commit
12 Rami (Branch)
38 MiB
 
 
 
 
 
 
Albero (Tree): 441efad4d7
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '441efad4d7'
${ noResults }
boringssl/crypto/x509v3/pcy_node.c

189 righe
6.0 KiB
Originale Blame Cronologia 

  1. /* pcy_node.c */

  2. /*

  3.  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project

  4.  * 2004.

  5.  */

  6. /* ====================================================================

  7.  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

  8.  *

  9.  * Redistribution and use in source and binary forms, with or without

  10.  * modification, are permitted provided that the following conditions

  11.  * are met:

  12.  *

  13.  * 1. Redistributions of source code must retain the above copyright

  14.  *    notice, this list of conditions and the following disclaimer.

  15.  *

  16.  * 2. Redistributions in binary form must reproduce the above copyright

  17.  *    notice, this list of conditions and the following disclaimer in

  18.  *    the documentation and/or other materials provided with the

  19.  *    distribution.

  20.  *

  21.  * 3. All advertising materials mentioning features or use of this

  22.  *    software must display the following acknowledgment:

  23.  *    "This product includes software developed by the OpenSSL Project

  24.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  25.  *

  26.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  27.  *    endorse or promote products derived from this software without

  28.  *    prior written permission. For written permission, please contact

  29.  *    licensing@OpenSSL.org.

  30.  *

  31.  * 5. Products derived from this software may not be called "OpenSSL"

  32.  *    nor may "OpenSSL" appear in their names without prior written

  33.  *    permission of the OpenSSL Project.

  34.  *

  35.  * 6. Redistributions of any form whatsoever must retain the following

  36.  *    acknowledgment:

  37.  *    "This product includes software developed by the OpenSSL Project

  38.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  41.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  43.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  44.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  45.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  46.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  47.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  49.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  50.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  51.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  52.  * ====================================================================

  53.  *

  54.  * This product includes cryptographic software written by Eric Young

  55.  * (eay@cryptsoft.com).  This product includes software written by Tim

  56.  * Hudson (tjh@cryptsoft.com). */

  57. 

  58. #include <openssl/asn1.h>

  59. #include <openssl/mem.h>

  60. #include <openssl/obj.h>

  61. #include <openssl/x509.h>

  62. #include <openssl/x509v3.h>

  63. 

  64. #include "pcy_int.h"

  65. 

  66. static int node_cmp(const X509_POLICY_NODE **a, const X509_POLICY_NODE **b)

  67. {

  68.     return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);

  69. }

  70. 

  71. STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)

  72. {

  73.     return sk_X509_POLICY_NODE_new(node_cmp);

  74. }

  75. 

  76. X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,

  77.                                const ASN1_OBJECT *id)

  78. {

  79.     X509_POLICY_DATA n;

  80.     X509_POLICY_NODE l;

  81.     size_t idx;

  82. 

  83.     n.valid_policy = (ASN1_OBJECT *)id;

  84.     l.data = &n;

  85. 

  86.     if (!sk_X509_POLICY_NODE_find(nodes, &idx, &l))

  87.         return NULL;

  88. 

  89.     return sk_X509_POLICY_NODE_value(nodes, idx);

  90. 

  91. }

  92. 

  93. X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,

  94.                                   const X509_POLICY_NODE *parent,

  95.                                   const ASN1_OBJECT *id)

  96. {

  97.     X509_POLICY_NODE *node;

  98.     size_t i;

  99.     for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {

  100.         node = sk_X509_POLICY_NODE_value(level->nodes, i);

  101.         if (node->parent == parent) {

  102.             if (!OBJ_cmp(node->data->valid_policy, id))

  103.                 return node;

  104.         }

  105.     }

  106.     return NULL;

  107. }

  108. 

  109. X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,

  110.                                  X509_POLICY_DATA *data,

  111.                                  X509_POLICY_NODE *parent,

  112.                                  X509_POLICY_TREE *tree)

  113. {

  114.     X509_POLICY_NODE *node;

  115.     node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));

  116.     if (!node)

  117.         return NULL;

  118.     node->data = data;

  119.     node->parent = parent;

  120.     node->nchild = 0;

  121.     if (level) {

  122.         if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {

  123.             if (level->anyPolicy)

  124.                 goto node_error;

  125.             level->anyPolicy = node;

  126.         } else {

  127. 

  128.             if (!level->nodes)

  129.                 level->nodes = policy_node_cmp_new();

  130.             if (!level->nodes)

  131.                 goto node_error;

  132.             if (!sk_X509_POLICY_NODE_push(level->nodes, node))

  133.                 goto node_error;

  134.         }

  135.     }

  136. 

  137.     if (tree) {

  138.         if (!tree->extra_data)

  139.             tree->extra_data = sk_X509_POLICY_DATA_new_null();

  140.         if (!tree->extra_data)

  141.             goto node_error;

  142.         if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))

  143.             goto node_error;

  144.     }

  145. 

  146.     if (parent)

  147.         parent->nchild++;

  148. 

  149.     return node;

  150. 

  151.  node_error:

  152.     policy_node_free(node);

  153.     return 0;

  154. 

  155. }

  156. 

  157. void policy_node_free(X509_POLICY_NODE *node)

  158. {

  159.     OPENSSL_free(node);

  160. }

  161. 

  162. /*

  163.  * See if a policy node matches a policy OID. If mapping enabled look through

  164.  * expected policy set otherwise just valid policy.

  165.  */

  166. 

  167. int policy_node_match(const X509_POLICY_LEVEL *lvl,

  168.                       const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)

  169. {

  170.     size_t i;

  171.     ASN1_OBJECT *policy_oid;

  172.     const X509_POLICY_DATA *x = node->data;

  173. 

  174.     if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP)

  175.         || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) {

  176.         if (!OBJ_cmp(x->valid_policy, oid))

  177.             return 1;

  178.         return 0;

  179.     }

  180. 

  181.     for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) {

  182.         policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);

  183.         if (!OBJ_cmp(policy_oid, oid))

  184.             return 1;

  185.     }

  186.     return 0;

  187. 

  188. }