projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 0f113f3e | 1 | /* |
| 3c2bdd7d | 2 | * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. |
| 4acc3e90 | 3 | * |
| 4286ca47 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| d2e9e320 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at | |
| 7 | * https://www.openssl.org/source/license.html | |
| 4acc3e90 DSH |
8 | */ |
| 9 | ||
| 4acc3e90 DSH |
10 | #include <openssl/asn1.h> |
| 11 | #include <openssl/x509.h> | |
| 12 | #include <openssl/x509v3.h> | |
| 7fcdbd83 | 13 | #include <openssl/err.h> |
| 4acc3e90 | 14 | |
| 706457b7 | 15 | #include "pcy_local.h" |
| 4acc3e90 | 16 | |
| 0f113f3e MC |
17 | static int node_cmp(const X509_POLICY_NODE *const *a, |
| 18 | const X509_POLICY_NODE *const *b) | |
| 19 | { | |
| 20 | return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy); | |
| 21 | } | |
| 4acc3e90 | 22 | |
| b54cab31 | 23 | STACK_OF(X509_POLICY_NODE) *ossl_policy_node_cmp_new(void) |
| 0f113f3e MC |
24 | { |
| 25 | return sk_X509_POLICY_NODE_new(node_cmp); | |
| 26 | } | |
| 4acc3e90 | 27 | |
| b54cab31 SL |
28 | X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, |
| 29 | const ASN1_OBJECT *id) | |
| 0f113f3e MC |
30 | { |
| 31 | X509_POLICY_DATA n; | |
| 32 | X509_POLICY_NODE l; | |
| 33 | int idx; | |
| 4acc3e90 | 34 | |
| 0f113f3e MC |
35 | n.valid_policy = (ASN1_OBJECT *)id; |
| 36 | l.data = &n; | |
| 4acc3e90 | 37 | |
| 0f113f3e | 38 | idx = sk_X509_POLICY_NODE_find(nodes, &l); |
| 0f113f3e | 39 | return sk_X509_POLICY_NODE_value(nodes, idx); |
| 4acc3e90 | 40 | |
| 0f113f3e | 41 | } |
| 4acc3e90 | 42 | |
| b54cab31 SL |
43 | X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, |
| 44 | const X509_POLICY_NODE *parent, | |
| 45 | const ASN1_OBJECT *id) | |
| 0f113f3e MC |
46 | { |
| 47 | X509_POLICY_NODE *node; | |
| 48 | int i; | |
| 49 | for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) { | |
| 50 | node = sk_X509_POLICY_NODE_value(level->nodes, i); | |
| 51 | if (node->parent == parent) { | |
| 52 | if (!OBJ_cmp(node->data->valid_policy, id)) | |
| 53 | return node; | |
| 54 | } | |
| 55 | } | |
| 56 | return NULL; | |
| 57 | } | |
| 4acc3e90 | 58 | |
| b54cab31 SL |
59 | X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, |
| 60 | X509_POLICY_DATA *data, | |
| 61 | X509_POLICY_NODE *parent, | |
| 62 | X509_POLICY_TREE *tree) | |
| 0f113f3e MC |
63 | { |
| 64 | X509_POLICY_NODE *node; | |
| 64b25758 RS |
65 | |
| 66 | node = OPENSSL_zalloc(sizeof(*node)); | |
| 7fcdbd83 | 67 | if (node == NULL) { |
| 9311d0c4 | 68 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
| 0f113f3e | 69 | return NULL; |
| 7fcdbd83 | 70 | } |
| 0f113f3e MC |
71 | node->data = data; |
| 72 | node->parent = parent; | |
| 0f113f3e MC |
73 | if (level) { |
| 74 | if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { | |
| 75 | if (level->anyPolicy) | |
| 76 | goto node_error; | |
| 77 | level->anyPolicy = node; | |
| 78 | } else { | |
| 79 | ||
| 90945fa3 | 80 | if (level->nodes == NULL) |
| b54cab31 | 81 | level->nodes = ossl_policy_node_cmp_new(); |
| 7fcdbd83 | 82 | if (level->nodes == NULL) { |
| 9311d0c4 | 83 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
| 0f113f3e | 84 | goto node_error; |
| 7fcdbd83 F |
85 | } |
| 86 | if (!sk_X509_POLICY_NODE_push(level->nodes, node)) { | |
| 9311d0c4 | 87 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
| 0f113f3e | 88 | goto node_error; |
| 7fcdbd83 | 89 | } |
| 0f113f3e MC |
90 | } |
| 91 | } | |
| 92 | ||
| 93 | if (tree) { | |
| 90945fa3 | 94 | if (tree->extra_data == NULL) |
| 0f113f3e | 95 | tree->extra_data = sk_X509_POLICY_DATA_new_null(); |
| 7fcdbd83 | 96 | if (tree->extra_data == NULL){ |
| 9311d0c4 | 97 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
| 0f113f3e | 98 | goto node_error; |
| 7fcdbd83 F |
99 | } |
| 100 | if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) { | |
| 9311d0c4 | 101 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
| 0f113f3e | 102 | goto node_error; |
| 7fcdbd83 | 103 | } |
| 0f113f3e MC |
104 | } |
| 105 | ||
| 106 | if (parent) | |
| 107 | parent->nchild++; | |
| 108 | ||
| 109 | return node; | |
| 110 | ||
| 111 | node_error: | |
| b54cab31 | 112 | ossl_policy_node_free(node); |
| 895c2f84 | 113 | return NULL; |
| 0f113f3e | 114 | } |
| 4acc3e90 | 115 | |
| b54cab31 | 116 | void ossl_policy_node_free(X509_POLICY_NODE *node) |
| 0f113f3e MC |
117 | { |
| 118 | OPENSSL_free(node); | |
| 119 | } | |
| 4acc3e90 | 120 | |
| 0f113f3e MC |
121 | /* |
| 122 | * See if a policy node matches a policy OID. If mapping enabled look through | |
| 002e66c0 DSH |
123 | * expected policy set otherwise just valid policy. |
| 124 | */ | |
| 125 | ||
| b54cab31 SL |
126 | int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, |
| 127 | const X509_POLICY_NODE *node, const ASN1_OBJECT *oid) | |
| 0f113f3e MC |
128 | { |
| 129 | int i; | |
| 130 | ASN1_OBJECT *policy_oid; | |
| 131 | const X509_POLICY_DATA *x = node->data; | |
| 132 | ||
| 133 | if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP) | |
| 134 | || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) { | |
| 135 | if (!OBJ_cmp(x->valid_policy, oid)) | |
| 136 | return 1; | |
| 137 | return 0; | |
| 138 | } | |
| 139 | ||
| 140 | for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) { | |
| 141 | policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i); | |
| 142 | if (!OBJ_cmp(policy_oid, oid)) | |
| 143 | return 1; | |
| 144 | } | |
| 145 | return 0; | |
| 146 | ||
| 147 | } |