pcy_cache.c revision 656d9c7f52f88b3a3daccafa7655dec086c4756e
1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* pcy_cache.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * project 2004. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * licensing@OpenSSL.org. 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 59656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "cryptlib.h" 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/x509.h> 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/x509v3.h> 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "pcy_int.h" 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int policy_data_cmp(const X509_POLICY_DATA * const *a, 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const X509_POLICY_DATA * const *b); 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int policy_cache_set_int(long *out, ASN1_INTEGER *value); 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Set cache entry according to CertificatePolicies extension. 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Note: this destroys the passed CERTIFICATEPOLICIES structure. 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int policy_cache_create(X509 *x, 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CERTIFICATEPOLICIES *policies, int crit) 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret = 0; 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_POLICY_CACHE *cache = x->policy_cache; 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_POLICY_DATA *data = NULL; 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project POLICYINFO *policy; 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk_POLICYINFO_num(policies) == 0) 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_policy; 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!cache->data) 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_policy; 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < sk_POLICYINFO_num(policies); i++) 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project policy = sk_POLICYINFO_value(policies, i); 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project data = policy_data_new(policy, NULL, crit); 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!data) 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_policy; 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Duplicate policy OIDs are illegal: reject if matches 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * found. 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cache->anyPolicy) 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = -1; 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_policy; 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cache->anyPolicy = data; 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = -1; 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_policy; 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!sk_X509_POLICY_DATA_push(cache->data, data)) 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_policy; 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project data = NULL; 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 1; 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bad_policy: 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == -1) 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x->ex_flags |= EXFLAG_INVALID_POLICY; 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data) 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project policy_data_free(data); 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_POLICYINFO_pop_free(policies, POLICYINFO_free); 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cache->data = NULL; 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int policy_cache_new(X509 *x) 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_POLICY_CACHE *cache; 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER *ext_any = NULL; 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project POLICY_CONSTRAINTS *ext_pcons = NULL; 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CERTIFICATEPOLICIES *ext_cpols = NULL; 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project POLICY_MAPPINGS *ext_pmaps = NULL; 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!cache) 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cache->anyPolicy = NULL; 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cache->data = NULL; 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cache->maps = NULL; 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cache->any_skip = -1; 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cache->explicit_skip = -1; 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cache->map_skip = -1; 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x->policy_cache = cache; 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Handle requireExplicitPolicy *first*. Need to process this 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * even if we don't have any policies. 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ext_pcons) 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i != -1) 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_cache; 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ext_pcons->requireExplicitPolicy 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && !ext_pcons->inhibitPolicyMapping) 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_cache; 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!policy_cache_set_int(&cache->explicit_skip, 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ext_pcons->requireExplicitPolicy)) 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_cache; 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!policy_cache_set_int(&cache->map_skip, 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ext_pcons->inhibitPolicyMapping)) 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_cache; 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Process CertificatePolicies */ 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL); 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If no CertificatePolicies extension or problem decoding then 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * there is no point continuing because the valid policies will be 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NULL. 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ext_cpols) 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If not absent some problem with extension */ 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i != -1) 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_cache; 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = policy_cache_create(x, ext_cpols, i); 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* NB: ext_cpols freed by policy_cache_set_policies */ 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i <= 0) 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return i; 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ext_pmaps) 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If not absent some problem with extension */ 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i != -1) 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_cache; 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i = policy_cache_set_mapping(x, ext_pmaps); 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i <= 0) 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_cache; 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ext_any) 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i != -1) 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_cache; 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!policy_cache_set_int(&cache->any_skip, ext_any)) 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad_cache; 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (0) 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bad_cache: 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x->ex_flags |= EXFLAG_INVALID_POLICY; 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(ext_pcons) 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project POLICY_CONSTRAINTS_free(ext_pcons); 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ext_any) 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_INTEGER_free(ext_any); 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid policy_cache_free(X509_POLICY_CACHE *cache) 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!cache) 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return; 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cache->anyPolicy) 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project policy_data_free(cache->anyPolicy); 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cache->data) 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(cache); 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst X509_POLICY_CACHE *policy_cache_set(X509 *x) 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (x->policy_cache == NULL) 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_lock(CRYPTO_LOCK_X509); 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project policy_cache_new(x); 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_unlock(CRYPTO_LOCK_X509); 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return x->policy_cache; 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const ASN1_OBJECT *id) 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int idx; 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_POLICY_DATA tmp; 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmp.valid_policy = (ASN1_OBJECT *)id; 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (idx == -1) 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return sk_X509_POLICY_DATA_value(cache->data, idx); 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int policy_data_cmp(const X509_POLICY_DATA * const *a, 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const X509_POLICY_DATA * const *b) 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int policy_cache_set_int(long *out, ASN1_INTEGER *value) 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (value == NULL) 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (value->type == V_ASN1_NEG_INTEGER) 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *out = ASN1_INTEGER_get(value); 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 288