crypto/x509/pcy_node.c

   1 /*
   2  * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <openssl/asn1.h>
  11 #include <openssl/x509.h>
  12 #include <openssl/x509v3.h>
  13 #include <openssl/err.h>
  14
  15 #include "pcy_local.h"
  16
  17 static int node_cmp(const X509_POLICY_NODE *const *a,
  18                     const X509_POLICY_NODE *const *b)
  19 {
  20     return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
  21 }
  22
  23 STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
  24 {
  25     return sk_X509_POLICY_NODE_new(node_cmp);
  26 }
  27
  28 X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
  29                                const ASN1_OBJECT *id)
  30 {
  31     X509_POLICY_DATA n;
  32     X509_POLICY_NODE l;
  33     int idx;
  34
  35     n.valid_policy = (ASN1_OBJECT *)id;
  36     l.data = &n;
  37
  38     idx = sk_X509_POLICY_NODE_find(nodes, &l);
  39     return sk_X509_POLICY_NODE_value(nodes, idx);
  40
  41 }
  42
  43 X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
  44                                   const X509_POLICY_NODE *parent,
  45                                   const ASN1_OBJECT *id)
  46 {
  47     X509_POLICY_NODE *node;
  48     int i;
  49     for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {
  50         node = sk_X509_POLICY_NODE_value(level->nodes, i);
  51         if (node->parent == parent) {
  52             if (!OBJ_cmp(node->data->valid_policy, id))
  53                 return node;
  54         }
  55     }
  56     return NULL;
  57 }
  58
  59 X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
  60                                  X509_POLICY_DATA *data,
  61                                  X509_POLICY_NODE *parent,
  62                                  X509_POLICY_TREE *tree)
  63 {
  64     X509_POLICY_NODE *node;
  65
  66     node = OPENSSL_zalloc(sizeof(*node));
  67     if (node == NULL) {
  68         X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
  69         return NULL;
  70     }
  71     node->data = data;
  72     node->parent = parent;
  73     if (level) {
  74         if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
  75             if (level->anyPolicy)
  76                 goto node_error;
  77             level->anyPolicy = node;
  78         } else {
  79
  80             if (level->nodes == NULL)
  81                 level->nodes = policy_node_cmp_new();
  82             if (level->nodes == NULL) {
  83                 X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
  84                 goto node_error;
  85             }
  86             if (!sk_X509_POLICY_NODE_push(level->nodes, node)) {
  87                 X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
  88                 goto node_error;
  89             }
  90         }
  91     }
  92
  93     if (tree) {
  94         if (tree->extra_data == NULL)
  95             tree->extra_data = sk_X509_POLICY_DATA_new_null();
  96         if (tree->extra_data == NULL){
  97             X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
  98             goto node_error;
  99         }
 100         if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) {
 101             X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
 102             goto node_error;
 103         }
 104     }
 105
 106     if (parent)
 107         parent->nchild++;
 108
 109     return node;
 110
 111  node_error:
 112     policy_node_free(node);
 113     return NULL;
 114 }
 115
 116 void policy_node_free(X509_POLICY_NODE *node)
 117 {
 118     OPENSSL_free(node);
 119 }
 120
 121 /*
 122  * See if a policy node matches a policy OID. If mapping enabled look through
 123  * expected policy set otherwise just valid policy.
 124  */
 125
 126 int policy_node_match(const X509_POLICY_LEVEL *lvl,
 127                       const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
 128 {
 129     int i;
 130     ASN1_OBJECT *policy_oid;
 131     const X509_POLICY_DATA *x = node->data;
 132
 133     if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP)
 134         || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) {
 135         if (!OBJ_cmp(x->valid_policy, oid))
 136             return 1;
 137         return 0;
 138     }
 139
 140     for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) {
 141         policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
 142         if (!OBJ_cmp(policy_oid, oid))
 143             return 1;
 144     }
 145     return 0;
 146
 147 }