kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
841 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: 78e6978ab9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '78e6978ab9'
${ noResults }
boringssl/crypto/x509v3/pcy_node.c

198 lines
5.5 KiB
Raw Blame History 

  1. /* pcy_node.c */

  2. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  3.  * project 2004.

  4.  */

  5. /* ====================================================================

  6.  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

  7.  *

  8.  * Redistribution and use in source and binary forms, with or without

  9.  * modification, are permitted provided that the following conditions

  10.  * are met:

  11.  *

  12.  * 1. Redistributions of source code must retain the above copyright

  13.  *    notice, this list of conditions and the following disclaimer. 

  14.  *

  15.  * 2. Redistributions in binary form must reproduce the above copyright

  16.  *    notice, this list of conditions and the following disclaimer in

  17.  *    the documentation and/or other materials provided with the

  18.  *    distribution.

  19.  *

  20.  * 3. All advertising materials mentioning features or use of this

  21.  *    software must display the following acknowledgment:

  22.  *    "This product includes software developed by the OpenSSL Project

  23.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  24.  *

  25.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  26.  *    endorse or promote products derived from this software without

  27.  *    prior written permission. For written permission, please contact

  28.  *    licensing@OpenSSL.org.

  29.  *

  30.  * 5. Products derived from this software may not be called "OpenSSL"

  31.  *    nor may "OpenSSL" appear in their names without prior written

  32.  *    permission of the OpenSSL Project.

  33.  *

  34.  * 6. Redistributions of any form whatsoever must retain the following

  35.  *    acknowledgment:

  36.  *    "This product includes software developed by the OpenSSL Project

  37.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  38.  *

  39.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  40.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  41.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  42.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  43.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  44.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  45.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  46.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  48.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  49.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  50.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  51.  * ====================================================================

  52.  *

  53.  * This product includes cryptographic software written by Eric Young

  54.  * (eay@cryptsoft.com).  This product includes software written by Tim

  55.  * Hudson (tjh@cryptsoft.com). */

  56. 

  57. #include <openssl/asn1.h>

  58. #include <openssl/mem.h>

  59. #include <openssl/obj.h>

  60. #include <openssl/x509.h>

  61. #include <openssl/x509v3.h>

  62. 

  63. #include "pcy_int.h"

  64. 

  65. 

  66. static int node_cmp(const X509_POLICY_NODE **a,

  67. 			const X509_POLICY_NODE **b)

  68. 	{

  69. 	return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);

  70. 	}

  71. 

  72. STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)

  73. 	{

  74. 	return sk_X509_POLICY_NODE_new(node_cmp);

  75. 	}

  76. 

  77. X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,

  78. 					const ASN1_OBJECT *id)

  79. 	{

  80. 	X509_POLICY_DATA n;

  81. 	X509_POLICY_NODE l;

  82. 	size_t idx;

  83. 

  84. 	n.valid_policy = (ASN1_OBJECT *)id;

  85. 	l.data = &n;

  86. 

  87. 	if (!sk_X509_POLICY_NODE_find(nodes, &idx, &l))

  88. 		return NULL;

  89. 

  90. 	return sk_X509_POLICY_NODE_value(nodes, idx);

  91. 

  92. 	}

  93. 

  94. X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,

  95. 					const X509_POLICY_NODE *parent,	

  96. 					const ASN1_OBJECT *id)

  97. 	{

  98. 	X509_POLICY_NODE *node;

  99. 	size_t i;

  100. 	for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++)

  101. 		{

  102. 		node = sk_X509_POLICY_NODE_value(level->nodes, i);

  103. 		if (node->parent == parent)

  104. 			{

  105. 			if (!OBJ_cmp(node->data->valid_policy, id))

  106. 				return node;

  107. 			}

  108. 		}

  109. 	return NULL;

  110. 	}

  111. 

  112. X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,

  113. 			const X509_POLICY_DATA *data,

  114. 			X509_POLICY_NODE *parent,

  115. 			X509_POLICY_TREE *tree)

  116. 	{

  117. 	X509_POLICY_NODE *node;

  118. 	node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));

  119. 	if (!node)

  120. 		return NULL;

  121. 	node->data = data;

  122. 	node->parent = parent;

  123. 	node->nchild = 0;

  124. 	if (level)

  125. 		{

  126. 		if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)

  127. 			{

  128. 			if (level->anyPolicy)

  129. 				goto node_error;

  130. 			level->anyPolicy = node;

  131. 			}

  132. 		else

  133. 			{

  134. 

  135. 			if (!level->nodes)

  136. 				level->nodes = policy_node_cmp_new();

  137. 			if (!level->nodes)

  138. 				goto node_error;

  139. 			if (!sk_X509_POLICY_NODE_push(level->nodes, node))

  140. 				goto node_error;

  141. 			}

  142. 		}

  143. 

  144. 	if (tree)

  145. 		{

  146. 		if (!tree->extra_data)

  147. 			 tree->extra_data = sk_X509_POLICY_DATA_new_null();

  148. 		if (!tree->extra_data)

  149. 			goto node_error;

  150. 		if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))

  151. 			goto node_error;

  152. 		}

  153. 

  154. 	if (parent)

  155. 		parent->nchild++;

  156. 

  157. 	return node;

  158. 

  159. 	node_error:

  160. 	policy_node_free(node);

  161. 	return 0;

  162. 

  163. 	}

  164. 

  165. void policy_node_free(X509_POLICY_NODE *node)

  166. 	{

  167. 	OPENSSL_free(node);

  168. 	}

  169. 

  170. /* See if a policy node matches a policy OID. If mapping enabled look through

  171.  * expected policy set otherwise just valid policy.

  172.  */

  173. 

  174. int policy_node_match(const X509_POLICY_LEVEL *lvl,

  175. 		      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)

  176. 	{

  177. 	size_t i;

  178. 	ASN1_OBJECT *policy_oid;

  179. 	const X509_POLICY_DATA *x = node->data;

  180. 

  181. 	if (	    (lvl->flags & X509_V_FLAG_INHIBIT_MAP)

  182. 		|| !(x->flags & POLICY_DATA_FLAG_MAP_MASK))

  183. 		{

  184. 		if (!OBJ_cmp(x->valid_policy, oid))

  185. 			return 1;

  186. 		return 0;

  187. 		}

  188. 

  189. 	for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++)

  190. 		{

  191. 		policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);

  192. 		if (!OBJ_cmp(policy_oid, oid))

  193. 			return 1;

  194. 		}

  195. 	return 0;

  196. 

  197. 	}