kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4935 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: 5a869aa3e8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5a869aa3e8'
${ noResults }
boringssl/crypto/x509v3/pcy_map.c

131 lines
4.9 KiB
Raw Blame History 

  1. /* pcy_map.c */

  2. /*

  3.  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project

  4.  * 2004.

  5.  */

  6. /* ====================================================================

  7.  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

  8.  *

  9.  * Redistribution and use in source and binary forms, with or without

  10.  * modification, are permitted provided that the following conditions

  11.  * are met:

  12.  *

  13.  * 1. Redistributions of source code must retain the above copyright

  14.  *    notice, this list of conditions and the following disclaimer.

  15.  *

  16.  * 2. Redistributions in binary form must reproduce the above copyright

  17.  *    notice, this list of conditions and the following disclaimer in

  18.  *    the documentation and/or other materials provided with the

  19.  *    distribution.

  20.  *

  21.  * 3. All advertising materials mentioning features or use of this

  22.  *    software must display the following acknowledgment:

  23.  *    "This product includes software developed by the OpenSSL Project

  24.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  25.  *

  26.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  27.  *    endorse or promote products derived from this software without

  28.  *    prior written permission. For written permission, please contact

  29.  *    licensing@OpenSSL.org.

  30.  *

  31.  * 5. Products derived from this software may not be called "OpenSSL"

  32.  *    nor may "OpenSSL" appear in their names without prior written

  33.  *    permission of the OpenSSL Project.

  34.  *

  35.  * 6. Redistributions of any form whatsoever must retain the following

  36.  *    acknowledgment:

  37.  *    "This product includes software developed by the OpenSSL Project

  38.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  41.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  43.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  44.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  45.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  46.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  47.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  49.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  50.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  51.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  52.  * ====================================================================

  53.  *

  54.  * This product includes cryptographic software written by Eric Young

  55.  * (eay@cryptsoft.com).  This product includes software written by Tim

  56.  * Hudson (tjh@cryptsoft.com).

  57.  *

  58.  */

  59. 

  60. #include <openssl/obj.h>

  61. #include <openssl/x509.h>

  62. #include <openssl/x509v3.h>

  63. 

  64. #include "pcy_int.h"

  65. 

  66. /*

  67.  * Set policy mapping entries in cache. Note: this modifies the passed

  68.  * POLICY_MAPPINGS structure

  69.  */

  70. 

  71. int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)

  72. {

  73.     POLICY_MAPPING *map;

  74.     X509_POLICY_DATA *data;

  75.     X509_POLICY_CACHE *cache = x->policy_cache;

  76.     size_t i;

  77.     int ret = 0;

  78.     if (sk_POLICY_MAPPING_num(maps) == 0) {

  79.         ret = -1;

  80.         goto bad_mapping;

  81.     }

  82.     for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) {

  83.         map = sk_POLICY_MAPPING_value(maps, i);

  84.         /* Reject if map to or from anyPolicy */

  85.         if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)

  86.             || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) {

  87.             ret = -1;

  88.             goto bad_mapping;

  89.         }

  90. 

  91.         /* Attempt to find matching policy data */

  92.         data = policy_cache_find_data(cache, map->issuerDomainPolicy);

  93.         /* If we don't have anyPolicy can't map */

  94.         if (!data && !cache->anyPolicy)

  95.             continue;

  96. 

  97.         /* Create a NODE from anyPolicy */

  98.         if (!data) {

  99.             data = policy_data_new(NULL, map->issuerDomainPolicy,

  100.                                    cache->anyPolicy->flags

  101.                                    & POLICY_DATA_FLAG_CRITICAL);

  102.             if (!data)

  103.                 goto bad_mapping;

  104.             data->qualifier_set = cache->anyPolicy->qualifier_set;

  105.             /*

  106.              * map->issuerDomainPolicy = NULL;

  107.              */

  108.             data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;

  109.             data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;

  110.             if (!sk_X509_POLICY_DATA_push(cache->data, data)) {

  111.                 policy_data_free(data);

  112.                 goto bad_mapping;

  113.             }

  114.         } else

  115.             data->flags |= POLICY_DATA_FLAG_MAPPED;

  116.         if (!sk_ASN1_OBJECT_push(data->expected_policy_set,

  117.                                  map->subjectDomainPolicy))

  118.             goto bad_mapping;

  119.         map->subjectDomainPolicy = NULL;

  120. 

  121.     }

  122. 

  123.     ret = 1;

  124.  bad_mapping:

  125.     if (ret == -1)

  126.         x->ex_flags |= EXFLAG_INVALID_POLICY;

  127.     sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);

  128.     return ret;

  129. 

  130. }