OpenSSL  1.0.1c
 All Classes Files Functions Variables Typedefs Enumerations Enumerator Macros
pcy_node.c
Go to the documentation of this file.
1 /* pcy_node.c */
2 /* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL
3  * project 2004.
4  */
5 /* ====================================================================
6  * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  * notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  * notice, this list of conditions and the following disclaimer in
17  * the documentation and/or other materials provided with the
18  * distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  * software must display the following acknowledgment:
22  * "This product includes software developed by the OpenSSL Project
23  * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  * endorse or promote products derived from this software without
27  * prior written permission. For written permission, please contact
28  * [email protected].
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  * nor may "OpenSSL" appear in their names without prior written
32  * permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  * acknowledgment:
36  * "This product includes software developed by the OpenSSL Project
37  * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * ([email protected]). This product includes software written by Tim
55  * Hudson ([email protected]).
56  *
57  */
58 
59 #include <openssl/asn1.h>
60 #include <openssl/x509.h>
61 #include <openssl/x509v3.h>
62 
63 #include "pcy_int.h"
64 
65 static int node_cmp(const X509_POLICY_NODE * const *a,
66  const X509_POLICY_NODE * const *b)
67  {
68  return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
69  }
70 
71 STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
72  {
73  return sk_X509_POLICY_NODE_new(node_cmp);
74  }
75 
76 X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
77  const ASN1_OBJECT *id)
78  {
79  X509_POLICY_DATA n;
80  X509_POLICY_NODE l;
81  int idx;
82 
83  n.valid_policy = (ASN1_OBJECT *)id;
84  l.data = &n;
85 
86  idx = sk_X509_POLICY_NODE_find(nodes, &l);
87  if (idx == -1)
88  return NULL;
89 
90  return sk_X509_POLICY_NODE_value(nodes, idx);
91 
92  }
93 
94 X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
95  const X509_POLICY_NODE *parent,
96  const ASN1_OBJECT *id)
97  {
98  X509_POLICY_NODE *node;
99  int i;
100  for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++)
101  {
102  node = sk_X509_POLICY_NODE_value(level->nodes, i);
103  if (node->parent == parent)
104  {
105  if (!OBJ_cmp(node->data->valid_policy, id))
106  return node;
107  }
108  }
109  return NULL;
110  }
111 
112 X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
113  const X509_POLICY_DATA *data,
114  X509_POLICY_NODE *parent,
115  X509_POLICY_TREE *tree)
116  {
117  X509_POLICY_NODE *node;
118  node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));
119  if (!node)
120  return NULL;
121  node->data = data;
122  node->parent = parent;
123  node->nchild = 0;
124  if (level)
125  {
126  if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)
127  {
128  if (level->anyPolicy)
129  goto node_error;
130  level->anyPolicy = node;
131  }
132  else
133  {
134 
135  if (!level->nodes)
136  level->nodes = policy_node_cmp_new();
137  if (!level->nodes)
138  goto node_error;
139  if (!sk_X509_POLICY_NODE_push(level->nodes, node))
140  goto node_error;
141  }
142  }
143 
144  if (tree)
145  {
146  if (!tree->extra_data)
147  tree->extra_data = sk_X509_POLICY_DATA_new_null();
148  if (!tree->extra_data)
149  goto node_error;
150  if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
151  goto node_error;
152  }
153 
154  if (parent)
155  parent->nchild++;
156 
157  return node;
158 
159  node_error:
160  policy_node_free(node);
161  return 0;
162 
163  }
164 
165 void policy_node_free(X509_POLICY_NODE *node)
166  {
167  OPENSSL_free(node);
168  }
169 
170 /* See if a policy node matches a policy OID. If mapping enabled look through
171  * expected policy set otherwise just valid policy.
172  */
173 
174 int policy_node_match(const X509_POLICY_LEVEL *lvl,
175  const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
176  {
177  int i;
178  ASN1_OBJECT *policy_oid;
179  const X509_POLICY_DATA *x = node->data;
180 
181  if ( (lvl->flags & X509_V_FLAG_INHIBIT_MAP)
182  || !(x->flags & POLICY_DATA_FLAG_MAP_MASK))
183  {
184  if (!OBJ_cmp(x->valid_policy, oid))
185  return 1;
186  return 0;
187  }
188 
189  for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++)
190  {
191  policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
192  if (!OBJ_cmp(policy_oid, oid))
193  return 1;
194  }
195  return 0;
196 
197  }
Generated on Thu Jan 10 2013 09:53:40 for OpenSSL by   doxygen 1.8.2