]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
3c2bdd7d | 2 | * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. |
4acc3e90 | 3 | * |
4286ca47 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
d2e9e320 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
4acc3e90 DSH |
8 | */ |
9 | ||
4acc3e90 DSH |
10 | #include <openssl/asn1.h> |
11 | #include <openssl/x509.h> | |
12 | #include <openssl/x509v3.h> | |
7fcdbd83 | 13 | #include <openssl/err.h> |
4acc3e90 | 14 | |
706457b7 | 15 | #include "pcy_local.h" |
4acc3e90 | 16 | |
0f113f3e MC |
17 | static int node_cmp(const X509_POLICY_NODE *const *a, |
18 | const X509_POLICY_NODE *const *b) | |
19 | { | |
20 | return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy); | |
21 | } | |
4acc3e90 | 22 | |
b54cab31 | 23 | STACK_OF(X509_POLICY_NODE) *ossl_policy_node_cmp_new(void) |
0f113f3e MC |
24 | { |
25 | return sk_X509_POLICY_NODE_new(node_cmp); | |
26 | } | |
4acc3e90 | 27 | |
b54cab31 SL |
28 | X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, |
29 | const ASN1_OBJECT *id) | |
0f113f3e MC |
30 | { |
31 | X509_POLICY_DATA n; | |
32 | X509_POLICY_NODE l; | |
33 | int idx; | |
4acc3e90 | 34 | |
0f113f3e MC |
35 | n.valid_policy = (ASN1_OBJECT *)id; |
36 | l.data = &n; | |
4acc3e90 | 37 | |
0f113f3e | 38 | idx = sk_X509_POLICY_NODE_find(nodes, &l); |
0f113f3e | 39 | return sk_X509_POLICY_NODE_value(nodes, idx); |
4acc3e90 | 40 | |
0f113f3e | 41 | } |
4acc3e90 | 42 | |
b54cab31 SL |
43 | X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level, |
44 | const X509_POLICY_NODE *parent, | |
45 | const ASN1_OBJECT *id) | |
0f113f3e MC |
46 | { |
47 | X509_POLICY_NODE *node; | |
48 | int i; | |
49 | for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) { | |
50 | node = sk_X509_POLICY_NODE_value(level->nodes, i); | |
51 | if (node->parent == parent) { | |
52 | if (!OBJ_cmp(node->data->valid_policy, id)) | |
53 | return node; | |
54 | } | |
55 | } | |
56 | return NULL; | |
57 | } | |
4acc3e90 | 58 | |
b54cab31 SL |
59 | X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level, |
60 | X509_POLICY_DATA *data, | |
61 | X509_POLICY_NODE *parent, | |
62 | X509_POLICY_TREE *tree) | |
0f113f3e MC |
63 | { |
64 | X509_POLICY_NODE *node; | |
64b25758 RS |
65 | |
66 | node = OPENSSL_zalloc(sizeof(*node)); | |
7fcdbd83 | 67 | if (node == NULL) { |
9311d0c4 | 68 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
0f113f3e | 69 | return NULL; |
7fcdbd83 | 70 | } |
0f113f3e MC |
71 | node->data = data; |
72 | node->parent = parent; | |
0f113f3e MC |
73 | if (level) { |
74 | if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { | |
75 | if (level->anyPolicy) | |
76 | goto node_error; | |
77 | level->anyPolicy = node; | |
78 | } else { | |
79 | ||
90945fa3 | 80 | if (level->nodes == NULL) |
b54cab31 | 81 | level->nodes = ossl_policy_node_cmp_new(); |
7fcdbd83 | 82 | if (level->nodes == NULL) { |
9311d0c4 | 83 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
0f113f3e | 84 | goto node_error; |
7fcdbd83 F |
85 | } |
86 | if (!sk_X509_POLICY_NODE_push(level->nodes, node)) { | |
9311d0c4 | 87 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
0f113f3e | 88 | goto node_error; |
7fcdbd83 | 89 | } |
0f113f3e MC |
90 | } |
91 | } | |
92 | ||
93 | if (tree) { | |
90945fa3 | 94 | if (tree->extra_data == NULL) |
0f113f3e | 95 | tree->extra_data = sk_X509_POLICY_DATA_new_null(); |
7fcdbd83 | 96 | if (tree->extra_data == NULL){ |
9311d0c4 | 97 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
0f113f3e | 98 | goto node_error; |
7fcdbd83 F |
99 | } |
100 | if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) { | |
9311d0c4 | 101 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); |
0f113f3e | 102 | goto node_error; |
7fcdbd83 | 103 | } |
0f113f3e MC |
104 | } |
105 | ||
106 | if (parent) | |
107 | parent->nchild++; | |
108 | ||
109 | return node; | |
110 | ||
111 | node_error: | |
b54cab31 | 112 | ossl_policy_node_free(node); |
895c2f84 | 113 | return NULL; |
0f113f3e | 114 | } |
4acc3e90 | 115 | |
b54cab31 | 116 | void ossl_policy_node_free(X509_POLICY_NODE *node) |
0f113f3e MC |
117 | { |
118 | OPENSSL_free(node); | |
119 | } | |
4acc3e90 | 120 | |
0f113f3e MC |
121 | /* |
122 | * See if a policy node matches a policy OID. If mapping enabled look through | |
002e66c0 DSH |
123 | * expected policy set otherwise just valid policy. |
124 | */ | |
125 | ||
b54cab31 SL |
126 | int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl, |
127 | const X509_POLICY_NODE *node, const ASN1_OBJECT *oid) | |
0f113f3e MC |
128 | { |
129 | int i; | |
130 | ASN1_OBJECT *policy_oid; | |
131 | const X509_POLICY_DATA *x = node->data; | |
132 | ||
133 | if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP) | |
134 | || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) { | |
135 | if (!OBJ_cmp(x->valid_policy, oid)) | |
136 | return 1; | |
137 | return 0; | |
138 | } | |
139 | ||
140 | for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) { | |
141 | policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i); | |
142 | if (!OBJ_cmp(policy_oid, oid)) | |
143 | return 1; | |
144 | } | |
145 | return 0; | |
146 | ||
147 | } |