kris
/
boringssl
1
0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Non puoi selezionare più di 25 argomenti Gli argomenti devono iniziare con una lettera o un numero, possono includere trattini ('-') e possono essere lunghi fino a 35 caratteri.
5314 Commit
12 Rami (Branch)
38 MiB
 
 
 
 
 
 
Albero (Tree): 82639e6f53
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da '82639e6f53'
${ noResults }
boringssl/crypto/x509v3/pcy_node.c

190 righe
6.1 KiB
Originale Blame Cronologia 

  1. /* pcy_node.c */

  2. /*

  3.  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project

  4.  * 2004.

  5.  */

  6. /* ====================================================================

  7.  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.

  8.  *

  9.  * Redistribution and use in source and binary forms, with or without

  10.  * modification, are permitted provided that the following conditions

  11.  * are met:

  12.  *

  13.  * 1. Redistributions of source code must retain the above copyright

  14.  *    notice, this list of conditions and the following disclaimer.

  15.  *

  16.  * 2. Redistributions in binary form must reproduce the above copyright

  17.  *    notice, this list of conditions and the following disclaimer in

  18.  *    the documentation and/or other materials provided with the

  19.  *    distribution.

  20.  *

  21.  * 3. All advertising materials mentioning features or use of this

  22.  *    software must display the following acknowledgment:

  23.  *    "This product includes software developed by the OpenSSL Project

  24.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  25.  *

  26.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  27.  *    endorse or promote products derived from this software without

  28.  *    prior written permission. For written permission, please contact

  29.  *    licensing@OpenSSL.org.

  30.  *

  31.  * 5. Products derived from this software may not be called "OpenSSL"

  32.  *    nor may "OpenSSL" appear in their names without prior written

  33.  *    permission of the OpenSSL Project.

  34.  *

  35.  * 6. Redistributions of any form whatsoever must retain the following

  36.  *    acknowledgment:

  37.  *    "This product includes software developed by the OpenSSL Project

  38.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  41.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  43.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  44.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  45.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  46.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  47.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  49.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  50.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  51.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  52.  * ====================================================================

  53.  *

  54.  * This product includes cryptographic software written by Eric Young

  55.  * (eay@cryptsoft.com).  This product includes software written by Tim

  56.  * Hudson (tjh@cryptsoft.com). */

  57. 

  58. #include <openssl/asn1.h>

  59. #include <openssl/mem.h>

  60. #include <openssl/obj.h>

  61. #include <openssl/x509.h>

  62. #include <openssl/x509v3.h>

  63. 

  64. #include "pcy_int.h"

  65. 

  66. static int node_cmp(const X509_POLICY_NODE **a, const X509_POLICY_NODE **b)

  67. {

  68.     return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);

  69. }

  70. 

  71. STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)

  72. {

  73.     return sk_X509_POLICY_NODE_new(node_cmp);

  74. }

  75. 

  76. X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,

  77.                                const ASN1_OBJECT *id)

  78. {

  79.     X509_POLICY_DATA n;

  80.     X509_POLICY_NODE l;

  81.     size_t idx;

  82. 

  83.     n.valid_policy = (ASN1_OBJECT *)id;

  84.     l.data = &n;

  85. 

  86.     sk_X509_POLICY_NODE_sort(nodes);

  87.     if (!sk_X509_POLICY_NODE_find(nodes, &idx, &l))

  88.         return NULL;

  89. 

  90.     return sk_X509_POLICY_NODE_value(nodes, idx);

  91. 

  92. }

  93. 

  94. X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,

  95.                                   const X509_POLICY_NODE *parent,

  96.                                   const ASN1_OBJECT *id)

  97. {

  98.     X509_POLICY_NODE *node;

  99.     size_t i;

  100.     for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {

  101.         node = sk_X509_POLICY_NODE_value(level->nodes, i);

  102.         if (node->parent == parent) {

  103.             if (!OBJ_cmp(node->data->valid_policy, id))

  104.                 return node;

  105.         }

  106.     }

  107.     return NULL;

  108. }

  109. 

  110. X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,

  111.                                  X509_POLICY_DATA *data,

  112.                                  X509_POLICY_NODE *parent,

  113.                                  X509_POLICY_TREE *tree)

  114. {

  115.     X509_POLICY_NODE *node;

  116.     node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));

  117.     if (!node)

  118.         return NULL;

  119.     node->data = data;

  120.     node->parent = parent;

  121.     node->nchild = 0;

  122.     if (level) {

  123.         if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {

  124.             if (level->anyPolicy)

  125.                 goto node_error;

  126.             level->anyPolicy = node;

  127.         } else {

  128. 

  129.             if (!level->nodes)

  130.                 level->nodes = policy_node_cmp_new();

  131.             if (!level->nodes)

  132.                 goto node_error;

  133.             if (!sk_X509_POLICY_NODE_push(level->nodes, node))

  134.                 goto node_error;

  135.         }

  136.     }

  137. 

  138.     if (tree) {

  139.         if (!tree->extra_data)

  140.             tree->extra_data = sk_X509_POLICY_DATA_new_null();

  141.         if (!tree->extra_data)

  142.             goto node_error;

  143.         if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))

  144.             goto node_error;

  145.     }

  146. 

  147.     if (parent)

  148.         parent->nchild++;

  149. 

  150.     return node;

  151. 

  152.  node_error:

  153.     policy_node_free(node);

  154.     return 0;

  155. 

  156. }

  157. 

  158. void policy_node_free(X509_POLICY_NODE *node)

  159. {

  160.     OPENSSL_free(node);

  161. }

  162. 

  163. /*

  164.  * See if a policy node matches a policy OID. If mapping enabled look through

  165.  * expected policy set otherwise just valid policy.

  166.  */

  167. 

  168. int policy_node_match(const X509_POLICY_LEVEL *lvl,

  169.                       const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)

  170. {

  171.     size_t i;

  172.     ASN1_OBJECT *policy_oid;

  173.     const X509_POLICY_DATA *x = node->data;

  174. 

  175.     if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP)

  176.         || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) {

  177.         if (!OBJ_cmp(x->valid_policy, oid))

  178.             return 1;

  179.         return 0;

  180.     }

  181. 

  182.     for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) {

  183.         policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);

  184.         if (!OBJ_cmp(policy_oid, oid))

  185.             return 1;

  186.     }

  187.     return 0;

  188. 

  189. }