GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/x509v3/pcy_node.c Lines: 0 59 0.0 %
Date: 2017-11-07 Branches: 0 50 0.0 %

Line Branch Exec Source
1
/* $OpenBSD: pcy_node.c,v 1.6 2015/07/18 00:01:05 beck Exp $ */
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
 * project 2004.
4
 */
5
/* ====================================================================
6
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. All advertising materials mentioning features or use of this
21
 *    software must display the following acknowledgment:
22
 *    "This product includes software developed by the OpenSSL Project
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
 *
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
 *    endorse or promote products derived from this software without
27
 *    prior written permission. For written permission, please contact
28
 *    licensing@OpenSSL.org.
29
 *
30
 * 5. Products derived from this software may not be called "OpenSSL"
31
 *    nor may "OpenSSL" appear in their names without prior written
32
 *    permission of the OpenSSL Project.
33
 *
34
 * 6. Redistributions of any form whatsoever must retain the following
35
 *    acknowledgment:
36
 *    "This product includes software developed by the OpenSSL Project
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
 *
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
51
 * ====================================================================
52
 *
53
 * This product includes cryptographic software written by Eric Young
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
55
 * Hudson (tjh@cryptsoft.com).
56
 *
57
 */
58
59
#include <openssl/asn1.h>
60
#include <openssl/x509.h>
61
#include <openssl/x509v3.h>
62
63
#include "pcy_int.h"
64
65
static int
66
node_cmp(const X509_POLICY_NODE * const *a, const X509_POLICY_NODE * const *b)
67
{
68
	return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
69
}
70
71
STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
72
{
73
	return sk_X509_POLICY_NODE_new(node_cmp);
74
}
75
76
X509_POLICY_NODE *
77
tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, const ASN1_OBJECT *id)
78
{
79
	X509_POLICY_DATA n;
80
	X509_POLICY_NODE l;
81
	int idx;
82
83
	n.valid_policy = (ASN1_OBJECT *)id;
84
	l.data = &n;
85
86
	idx = sk_X509_POLICY_NODE_find(nodes, &l);
87
	if (idx == -1)
88
		return NULL;
89
90
	return sk_X509_POLICY_NODE_value(nodes, idx);
91
}
92
93
X509_POLICY_NODE *
94
level_find_node(const X509_POLICY_LEVEL *level, const X509_POLICY_NODE *parent,
95
    const ASN1_OBJECT *id)
96
{
97
	X509_POLICY_NODE *node;
98
	int i;
99
100
	for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {
101
		node = sk_X509_POLICY_NODE_value(level->nodes, i);
102
		if (node->parent == parent) {
103
			if (!OBJ_cmp(node->data->valid_policy, id))
104
				return node;
105
		}
106
	}
107
	return NULL;
108
}
109
110
111
int
112
level_add_node(X509_POLICY_LEVEL *level, const X509_POLICY_DATA *data,
113
    X509_POLICY_NODE *parent, X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep)
114
{
115
	X509_POLICY_NODE *node = NULL;
116
117
	if (level) {
118
		node = malloc(sizeof(X509_POLICY_NODE));
119
		if (!node)
120
			goto node_error;
121
		node->data = data;
122
		node->parent = parent;
123
		node->nchild = 0;
124
		if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
125
			if (level->anyPolicy)
126
				goto node_error;
127
			level->anyPolicy = node;
128
			if (parent)
129
				parent->nchild++;
130
		} else {
131
132
			if (!level->nodes)
133
				level->nodes = policy_node_cmp_new();
134
			if (!level->nodes)
135
				goto node_error;
136
			if (!sk_X509_POLICY_NODE_push(level->nodes, node))
137
				goto node_error;
138
			if (parent)
139
				parent->nchild++;
140
		}
141
	}
142
143
	if (tree) {
144
		if (!tree->extra_data)
145
			tree->extra_data = sk_X509_POLICY_DATA_new_null();
146
		if (!tree->extra_data)
147
			goto node_error_cond;
148
		if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
149
			goto node_error_cond;
150
	}
151
152
	if (nodep)
153
		*nodep = node;
154
155
	return 1;
156
157
node_error_cond:
158
	if (level)
159
		node = NULL;
160
node_error:
161
	policy_node_free(node);
162
	node = NULL;
163
	if (nodep)
164
		*nodep = node;
165
	return 0;
166
}
167
168
void
169
policy_node_free(X509_POLICY_NODE *node)
170
{
171
	free(node);
172
}
173
174
/* See if a policy node matches a policy OID. If mapping enabled look through
175
 * expected policy set otherwise just valid policy.
176
 */
177
178
int
179
policy_node_match(const X509_POLICY_LEVEL *lvl, const X509_POLICY_NODE *node,
180
    const ASN1_OBJECT *oid)
181
{
182
	int i;
183
	ASN1_OBJECT *policy_oid;
184
	const X509_POLICY_DATA *x = node->data;
185
186
	if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP) ||
187
	    !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) {
188
		if (!OBJ_cmp(x->valid_policy, oid))
189
			return 1;
190
		return 0;
191
	}
192
193
	for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) {
194
		policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
195
		if (!OBJ_cmp(policy_oid, oid))
196
			return 1;
197
	}
198
	return 0;
199
}