X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Fx509v3%2Fpcy_map.c;h=1c58ad4e24970162924aeabf16e07d1d661ce61c;hb=90945fa31a42dcf3beb90540c618e4d627c595ea;hp=35221e8ba82b68f0929a2a5aee6dc803e0dd34e1;hpb=b79c82eaabd87d336f91881f63b4104fec9ae445;p=oweals%2Fopenssl.git diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c index 35221e8ba8..1c58ad4e24 100644 --- a/crypto/x509v3/pcy_map.c +++ b/crypto/x509v3/pcy_map.c @@ -1,6 +1,7 @@ /* pcy_map.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 2004. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2004. */ /* ==================================================================== * Copyright (c) 2004 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,131 +57,75 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include +#include "internal/x509_int.h" #include "pcy_int.h" -static int ref_cmp(const X509_POLICY_REF * const *a, - const X509_POLICY_REF * const *b) - { - return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy); - } - -static void policy_map_free(X509_POLICY_REF *map) - { - if (map->subjectDomainPolicy) - ASN1_OBJECT_free(map->subjectDomainPolicy); - OPENSSL_free(map); - } - -static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id) - { - X509_POLICY_REF tmp; - int idx; - tmp.subjectDomainPolicy = id; - - idx = sk_X509_POLICY_REF_find(cache->maps, &tmp); - if (idx == -1) - return NULL; - return sk_X509_POLICY_REF_value(cache->maps, idx); - } - -/* Set policy mapping entries in cache. - * Note: this modifies the passed POLICY_MAPPINGS structure +/* + * Set policy mapping entries in cache. Note: this modifies the passed + * POLICY_MAPPINGS structure */ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) - { - POLICY_MAPPING *map; - X509_POLICY_REF *ref = NULL; - X509_POLICY_DATA *data; - X509_POLICY_CACHE *cache = x->policy_cache; - int i; - int ret = 0; - if (sk_POLICY_MAPPING_num(maps) == 0) - { - ret = -1; - goto bad_mapping; - } - cache->maps = sk_X509_POLICY_REF_new(ref_cmp); - for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) - { - map = sk_POLICY_MAPPING_value(maps, i); - /* Reject if map to or from anyPolicy */ - if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) - || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) - { - ret = -1; - goto bad_mapping; - } - - /* If we've already mapped from this OID bad mapping */ - if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) - { - ret = -1; - goto bad_mapping; - } - - /* Attempt to find matching policy data */ - data = policy_cache_find_data(cache, map->issuerDomainPolicy); - /* If we don't have anyPolicy can't map */ - if (!data && !cache->anyPolicy) - continue; - - /* Create a NODE from anyPolicy */ - if (!data) - { - data = policy_data_new(NULL, map->issuerDomainPolicy, - cache->anyPolicy->flags - & POLICY_DATA_FLAG_CRITICAL); - if (!data) - goto bad_mapping; - data->qualifier_set = cache->anyPolicy->qualifier_set; - map->issuerDomainPolicy = NULL; - data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; - data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; - if (!sk_X509_POLICY_DATA_push(cache->data, data)) - { - policy_data_free(data); - goto bad_mapping; - } - } - else - data->flags |= POLICY_DATA_FLAG_MAPPED; - - if (!sk_ASN1_OBJECT_push(data->expected_policy_set, - map->subjectDomainPolicy)) - goto bad_mapping; - - ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); - if (!ref) - goto bad_mapping; - - ref->subjectDomainPolicy = map->subjectDomainPolicy; - map->subjectDomainPolicy = NULL; - ref->data = data; - - if (!sk_X509_POLICY_REF_push(cache->maps, ref)) - goto bad_mapping; - - ref = NULL; - - } - - ret = 1; - bad_mapping: - if (ret == -1) - x->ex_flags |= EXFLAG_INVALID_POLICY; - if (ref) - policy_map_free(ref); - if (ret <= 0) - { - sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free); - cache->maps = NULL; - } - sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); - return ret; - - } +{ + POLICY_MAPPING *map; + X509_POLICY_DATA *data; + X509_POLICY_CACHE *cache = x->policy_cache; + int i; + int ret = 0; + if (sk_POLICY_MAPPING_num(maps) == 0) { + ret = -1; + goto bad_mapping; + } + for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) { + map = sk_POLICY_MAPPING_value(maps, i); + /* Reject if map to or from anyPolicy */ + if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) + || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) { + ret = -1; + goto bad_mapping; + } + + /* Attempt to find matching policy data */ + data = policy_cache_find_data(cache, map->issuerDomainPolicy); + /* If we don't have anyPolicy can't map */ + if (data == NULL && !cache->anyPolicy) + continue; + + /* Create a NODE from anyPolicy */ + if (data == NULL) { + data = policy_data_new(NULL, map->issuerDomainPolicy, + cache->anyPolicy->flags + & POLICY_DATA_FLAG_CRITICAL); + if (data == NULL) + goto bad_mapping; + data->qualifier_set = cache->anyPolicy->qualifier_set; + /* + * map->issuerDomainPolicy = NULL; + */ + data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; + if (!sk_X509_POLICY_DATA_push(cache->data, data)) { + policy_data_free(data); + goto bad_mapping; + } + } else + data->flags |= POLICY_DATA_FLAG_MAPPED; + if (!sk_ASN1_OBJECT_push(data->expected_policy_set, + map->subjectDomainPolicy)) + goto bad_mapping; + map->subjectDomainPolicy = NULL; + + } + + ret = 1; + bad_mapping: + if (ret == -1) + x->ex_flags |= EXFLAG_INVALID_POLICY; + sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); + return ret; + +}