OpenSSL
1.0.1c
Main Page
Classes
Files
File List
File Members
All
Classes
Files
Functions
Variables
Typedefs
Enumerations
Enumerator
Macros
crypto
x509v3
pcy_map.c
Go to the documentation of this file.
1
/* pcy_map.c */
2
/* Written by Dr Stephen N Henson (
[email protected]
) for the OpenSSL
3
* project 2004.
4
*/
5
/* ====================================================================
6
* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7
*
8
* Redistribution and use in source and binary forms, with or without
9
* modification, are permitted provided that the following conditions
10
* are met:
11
*
12
* 1. Redistributions of source code must retain the above copyright
13
* notice, this list of conditions and the following disclaimer.
14
*
15
* 2. Redistributions in binary form must reproduce the above copyright
16
* notice, this list of conditions and the following disclaimer in
17
* the documentation and/or other materials provided with the
18
* distribution.
19
*
20
* 3. All advertising materials mentioning features or use of this
21
* software must display the following acknowledgment:
22
* "This product includes software developed by the OpenSSL Project
23
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
*
25
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
* endorse or promote products derived from this software without
27
* prior written permission. For written permission, please contact
28
*
[email protected]
.
29
*
30
* 5. Products derived from this software may not be called "OpenSSL"
31
* nor may "OpenSSL" appear in their names without prior written
32
* permission of the OpenSSL Project.
33
*
34
* 6. Redistributions of any form whatsoever must retain the following
35
* acknowledgment:
36
* "This product includes software developed by the OpenSSL Project
37
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
*
39
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
* OF THE POSSIBILITY OF SUCH DAMAGE.
51
* ====================================================================
52
*
53
* This product includes cryptographic software written by Eric Young
54
* (
[email protected]
). This product includes software written by Tim
55
* Hudson (
[email protected]
).
56
*
57
*/
58
59
#include "
cryptlib.h
"
60
#include <
openssl/x509.h
>
61
#include <
openssl/x509v3.h
>
62
63
#include "
pcy_int.h
"
64
65
/* Set policy mapping entries in cache.
66
* Note: this modifies the passed POLICY_MAPPINGS structure
67
*/
68
69
int
policy_cache_set_mapping
(
X509
*x, POLICY_MAPPINGS *maps)
70
{
71
POLICY_MAPPING
*map;
72
X509_POLICY_DATA
*
data
;
73
X509_POLICY_CACHE
*cache = x->
policy_cache
;
74
int
i;
75
int
ret = 0;
76
if
(
sk_POLICY_MAPPING_num
(maps) == 0)
77
{
78
ret = -1;
79
goto
bad_mapping;
80
}
81
for
(i = 0; i <
sk_POLICY_MAPPING_num
(maps); i++)
82
{
83
map =
sk_POLICY_MAPPING_value
(maps, i);
84
/* Reject if map to or from anyPolicy */
85
if
((
OBJ_obj2nid
(map->
subjectDomainPolicy
) ==
NID_any_policy
)
86
|| (
OBJ_obj2nid
(map->
issuerDomainPolicy
) ==
NID_any_policy
))
87
{
88
ret = -1;
89
goto
bad_mapping;
90
}
91
92
/* Attempt to find matching policy data */
93
data =
policy_cache_find_data
(cache, map->
issuerDomainPolicy
);
94
/* If we don't have anyPolicy can't map */
95
if
(!data && !cache->
anyPolicy
)
96
continue
;
97
98
/* Create a NODE from anyPolicy */
99
if
(!data)
100
{
101
data =
policy_data_new
(NULL, map->
issuerDomainPolicy
,
102
cache->
anyPolicy
->
flags
103
&
POLICY_DATA_FLAG_CRITICAL
);
104
if
(!data)
105
goto
bad_mapping;
106
data->qualifier_set = cache->
anyPolicy
->qualifier_set;
107
/*map->issuerDomainPolicy = NULL;*/
108
data->
flags
|=
POLICY_DATA_FLAG_MAPPED_ANY
;
109
data->
flags
|=
POLICY_DATA_FLAG_SHARED_QUALIFIERS
;
110
if
(!
sk_X509_POLICY_DATA_push
(cache->data, data))
111
{
112
policy_data_free
(data);
113
goto
bad_mapping;
114
}
115
}
116
else
117
data->
flags
|=
POLICY_DATA_FLAG_MAPPED
;
118
if
(!
sk_ASN1_OBJECT_push
(data->expected_policy_set,
119
map->
subjectDomainPolicy
))
120
goto
bad_mapping;
121
map->
subjectDomainPolicy
= NULL;
122
123
}
124
125
ret = 1;
126
bad_mapping:
127
if
(ret == -1)
128
x->
ex_flags
|=
EXFLAG_INVALID_POLICY
;
129
sk_POLICY_MAPPING_pop_free
(maps, POLICY_MAPPING_free);
130
return
ret;
131
132
}
Generated on Thu Jan 10 2013 09:53:40 for OpenSSL by
1.8.2
1.8.2
