Branch data Line data Source code
1 : : /* pcy_map.c */
2 : : /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 : : * project 2004.
4 : : */
5 : : /* ====================================================================
6 : : * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7 : : *
8 : : * Redistribution and use in source and binary forms, with or without
9 : : * modification, are permitted provided that the following conditions
10 : : * are met:
11 : : *
12 : : * 1. Redistributions of source code must retain the above copyright
13 : : * notice, this list of conditions and the following disclaimer.
14 : : *
15 : : * 2. Redistributions in binary form must reproduce the above copyright
16 : : * notice, this list of conditions and the following disclaimer in
17 : : * the documentation and/or other materials provided with the
18 : : * distribution.
19 : : *
20 : : * 3. All advertising materials mentioning features or use of this
21 : : * software must display the following acknowledgment:
22 : : * "This product includes software developed by the OpenSSL Project
23 : : * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 : : *
25 : : * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 : : * endorse or promote products derived from this software without
27 : : * prior written permission. For written permission, please contact
28 : : * licensing@OpenSSL.org.
29 : : *
30 : : * 5. Products derived from this software may not be called "OpenSSL"
31 : : * nor may "OpenSSL" appear in their names without prior written
32 : : * permission of the OpenSSL Project.
33 : : *
34 : : * 6. Redistributions of any form whatsoever must retain the following
35 : : * acknowledgment:
36 : : * "This product includes software developed by the OpenSSL Project
37 : : * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 : : *
39 : : * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 : : * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 : : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 : : * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 : : * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 : : * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 : : * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 : : * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 : : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 : : * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 : : * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 : : * OF THE POSSIBILITY OF SUCH DAMAGE.
51 : : * ====================================================================
52 : : *
53 : : * This product includes cryptographic software written by Eric Young
54 : : * (eay@cryptsoft.com). This product includes software written by Tim
55 : : * Hudson (tjh@cryptsoft.com).
56 : : *
57 : : */
58 : :
59 : : #include "cryptlib.h"
60 : : #include <openssl/x509.h>
61 : : #include <openssl/x509v3.h>
62 : :
63 : : #include "pcy_int.h"
64 : :
65 : : /* Set policy mapping entries in cache.
66 : : * Note: this modifies the passed POLICY_MAPPINGS structure
67 : : */
68 : :
69 : 0 : int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
70 : : {
71 : : POLICY_MAPPING *map;
72 : : X509_POLICY_DATA *data;
73 : 0 : X509_POLICY_CACHE *cache = x->policy_cache;
74 : : int i;
75 : 0 : int ret = 0;
76 [ # # ]: 0 : if (sk_POLICY_MAPPING_num(maps) == 0)
77 : : {
78 : : ret = -1;
79 : : goto bad_mapping;
80 : : }
81 [ # # ]: 0 : for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++)
82 : : {
83 : 0 : map = sk_POLICY_MAPPING_value(maps, i);
84 : : /* Reject if map to or from anyPolicy */
85 [ # # ]: 0 : if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
86 [ # # ]: 0 : || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy))
87 : : {
88 : : ret = -1;
89 : : goto bad_mapping;
90 : : }
91 : :
92 : : /* Attempt to find matching policy data */
93 : 0 : data = policy_cache_find_data(cache, map->issuerDomainPolicy);
94 : : /* If we don't have anyPolicy can't map */
95 [ # # ][ # # ]: 0 : if (!data && !cache->anyPolicy)
96 : 0 : continue;
97 : :
98 : : /* Create a NODE from anyPolicy */
99 [ # # ]: 0 : if (!data)
100 : : {
101 : 0 : data = policy_data_new(NULL, map->issuerDomainPolicy,
102 : 0 : cache->anyPolicy->flags
103 : : & POLICY_DATA_FLAG_CRITICAL);
104 [ # # ]: 0 : if (!data)
105 : : goto bad_mapping;
106 : 0 : data->qualifier_set = cache->anyPolicy->qualifier_set;
107 : : /*map->issuerDomainPolicy = NULL;*/
108 : 0 : data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
109 : 0 : data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
110 [ # # ]: 0 : if (!sk_X509_POLICY_DATA_push(cache->data, data))
111 : : {
112 : 0 : policy_data_free(data);
113 : 0 : goto bad_mapping;
114 : : }
115 : : }
116 : : else
117 : 0 : data->flags |= POLICY_DATA_FLAG_MAPPED;
118 [ # # ]: 0 : if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
119 : : map->subjectDomainPolicy))
120 : : goto bad_mapping;
121 : 0 : map->subjectDomainPolicy = NULL;
122 : :
123 : : }
124 : :
125 : : ret = 1;
126 : : bad_mapping:
127 [ # # ]: 0 : if (ret == -1)
128 : 0 : x->ex_flags |= EXFLAG_INVALID_POLICY;
129 : 0 : sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
130 : 0 : return ret;
131 : :
132 : : }
|
