2 * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/asn1.h>
11 #include <openssl/x509.h>
12 #include <openssl/x509v3.h>
13 #include <openssl/err.h>
17 static int node_cmp(const X509_POLICY_NODE
*const *a
,
18 const X509_POLICY_NODE
*const *b
)
20 return OBJ_cmp((*a
)->data
->valid_policy
, (*b
)->data
->valid_policy
);
23 STACK_OF(X509_POLICY_NODE
) *policy_node_cmp_new(void)
25 return sk_X509_POLICY_NODE_new(node_cmp
);
28 X509_POLICY_NODE
*tree_find_sk(STACK_OF(X509_POLICY_NODE
) *nodes
,
29 const ASN1_OBJECT
*id
)
35 n
.valid_policy
= (ASN1_OBJECT
*)id
;
38 idx
= sk_X509_POLICY_NODE_find(nodes
, &l
);
39 return sk_X509_POLICY_NODE_value(nodes
, idx
);
43 X509_POLICY_NODE
*level_find_node(const X509_POLICY_LEVEL
*level
,
44 const X509_POLICY_NODE
*parent
,
45 const ASN1_OBJECT
*id
)
47 X509_POLICY_NODE
*node
;
49 for (i
= 0; i
< sk_X509_POLICY_NODE_num(level
->nodes
); i
++) {
50 node
= sk_X509_POLICY_NODE_value(level
->nodes
, i
);
51 if (node
->parent
== parent
) {
52 if (!OBJ_cmp(node
->data
->valid_policy
, id
))
59 X509_POLICY_NODE
*level_add_node(X509_POLICY_LEVEL
*level
,
60 X509_POLICY_DATA
*data
,
61 X509_POLICY_NODE
*parent
,
62 X509_POLICY_TREE
*tree
)
64 X509_POLICY_NODE
*node
;
66 node
= OPENSSL_zalloc(sizeof(*node
));
68 X509V3err(X509V3_F_LEVEL_ADD_NODE
, ERR_R_MALLOC_FAILURE
);
72 node
->parent
= parent
;
74 if (OBJ_obj2nid(data
->valid_policy
) == NID_any_policy
) {
77 level
->anyPolicy
= node
;
80 if (level
->nodes
== NULL
)
81 level
->nodes
= policy_node_cmp_new();
82 if (level
->nodes
== NULL
) {
83 X509V3err(X509V3_F_LEVEL_ADD_NODE
, ERR_R_MALLOC_FAILURE
);
86 if (!sk_X509_POLICY_NODE_push(level
->nodes
, node
)) {
87 X509V3err(X509V3_F_LEVEL_ADD_NODE
, ERR_R_MALLOC_FAILURE
);
94 if (tree
->extra_data
== NULL
)
95 tree
->extra_data
= sk_X509_POLICY_DATA_new_null();
96 if (tree
->extra_data
== NULL
){
97 X509V3err(X509V3_F_LEVEL_ADD_NODE
, ERR_R_MALLOC_FAILURE
);
100 if (!sk_X509_POLICY_DATA_push(tree
->extra_data
, data
)) {
101 X509V3err(X509V3_F_LEVEL_ADD_NODE
, ERR_R_MALLOC_FAILURE
);
112 policy_node_free(node
);
116 void policy_node_free(X509_POLICY_NODE
*node
)
122 * See if a policy node matches a policy OID. If mapping enabled look through
123 * expected policy set otherwise just valid policy.
126 int policy_node_match(const X509_POLICY_LEVEL
*lvl
,
127 const X509_POLICY_NODE
*node
, const ASN1_OBJECT
*oid
)
130 ASN1_OBJECT
*policy_oid
;
131 const X509_POLICY_DATA
*x
= node
->data
;
133 if ((lvl
->flags
& X509_V_FLAG_INHIBIT_MAP
)
134 || !(x
->flags
& POLICY_DATA_FLAG_MAP_MASK
)) {
135 if (!OBJ_cmp(x
->valid_policy
, oid
))
140 for (i
= 0; i
< sk_ASN1_OBJECT_num(x
->expected_policy_set
); i
++) {
141 policy_oid
= sk_ASN1_OBJECT_value(x
->expected_policy_set
, i
);
142 if (!OBJ_cmp(policy_oid
, oid
))