1/* pcy_node.c */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4 * 2004.
5 */
6/* ====================================================================
7 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com). */
57
58#include <openssl/asn1.h>
59#include <openssl/mem.h>
60#include <openssl/obj.h>
61#include <openssl/x509.h>
62#include <openssl/x509v3.h>
63
64#include "pcy_int.h"
65
66static int node_cmp(const X509_POLICY_NODE **a, const X509_POLICY_NODE **b)
67{
68 return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
69}
70
71STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
72{
73 return sk_X509_POLICY_NODE_new(node_cmp);
74}
75
76X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
77 const ASN1_OBJECT *id)
78{
79 X509_POLICY_DATA n;
80 X509_POLICY_NODE l;
81 size_t idx;
82
83 n.valid_policy = (ASN1_OBJECT *)id;
84 l.data = &n;
85
86 sk_X509_POLICY_NODE_sort(nodes);
87 if (!sk_X509_POLICY_NODE_find(nodes, &idx, &l))
88 return NULL;
89
90 return sk_X509_POLICY_NODE_value(nodes, idx);
91
92}
93
94X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
95 const X509_POLICY_NODE *parent,
96 const ASN1_OBJECT *id)
97{
98 X509_POLICY_NODE *node;
99 size_t i;
100 for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {
101 node = sk_X509_POLICY_NODE_value(level->nodes, i);
102 if (node->parent == parent) {
103 if (!OBJ_cmp(node->data->valid_policy, id))
104 return node;
105 }
106 }
107 return NULL;
108}
109
110X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
111 X509_POLICY_DATA *data,
112 X509_POLICY_NODE *parent,
113 X509_POLICY_TREE *tree)
114{
115 X509_POLICY_NODE *node;
116 node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));
117 if (!node)
118 return NULL;
119 node->data = data;
120 node->parent = parent;
121 node->nchild = 0;
122 if (level) {
123 if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
124 if (level->anyPolicy)
125 goto node_error;
126 level->anyPolicy = node;
127 } else {
128
129 if (!level->nodes)
130 level->nodes = policy_node_cmp_new();
131 if (!level->nodes)
132 goto node_error;
133 if (!sk_X509_POLICY_NODE_push(level->nodes, node))
134 goto node_error;
135 }
136 }
137
138 if (tree) {
139 if (!tree->extra_data)
140 tree->extra_data = sk_X509_POLICY_DATA_new_null();
141 if (!tree->extra_data)
142 goto node_error;
143 if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
144 goto node_error;
145 }
146
147 if (parent)
148 parent->nchild++;
149
150 return node;
151
152 node_error:
153 policy_node_free(node);
154 return 0;
155
156}
157
158void policy_node_free(X509_POLICY_NODE *node)
159{
160 OPENSSL_free(node);
161}
162
163/*
164 * See if a policy node matches a policy OID. If mapping enabled look through
165 * expected policy set otherwise just valid policy.
166 */
167
168int policy_node_match(const X509_POLICY_LEVEL *lvl,
169 const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
170{
171 size_t i;
172 ASN1_OBJECT *policy_oid;
173 const X509_POLICY_DATA *x = node->data;
174
175 if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP)
176 || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) {
177 if (!OBJ_cmp(x->valid_policy, oid))
178 return 1;
179 return 0;
180 }
181
182 for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) {
183 policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
184 if (!OBJ_cmp(policy_oid, oid))
185 return 1;
186 }
187 return 0;
188
189}
190