1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* pcy_data.c */ 2d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * project 2004. 4d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the above copyright 13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer. 14d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in 17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the documentation and/or other materials provided with the 18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * distribution. 19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this 21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * software must display the following acknowledgment: 22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * endorse or promote products derived from this software without 27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * prior written permission. For written permission, please contact 28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * licensing@OpenSSL.org. 29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 5. Products derived from this software may not be called "OpenSSL" 31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * nor may "OpenSSL" appear in their names without prior written 32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * permission of the OpenSSL Project. 33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 6. Redistributions of any form whatsoever must retain the following 35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * acknowledgment: 36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ==================================================================== 52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This product includes cryptographic software written by Eric Young 54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * (eay@cryptsoft.com). This product includes software written by Tim 55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Hudson (tjh@cryptsoft.com). 56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/mem.h> 60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/obj.h> 61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/x509.h> 62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/x509v3.h> 63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 64d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include "pcy_int.h" 65d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 66d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 67d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Policy Node routines */ 68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 69d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid policy_data_free(X509_POLICY_DATA *data) 70d9e397b599b13d642138480a28c14db7a136bf0Adam Langley { 71d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ASN1_OBJECT_free(data->valid_policy); 72d9e397b599b13d642138480a28c14db7a136bf0Adam Langley /* Don't free qualifiers if shared */ 73d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) 74d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sk_POLICYQUALINFO_pop_free(data->qualifier_set, 75d9e397b599b13d642138480a28c14db7a136bf0Adam Langley POLICYQUALINFO_free); 76d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free); 77d9e397b599b13d642138480a28c14db7a136bf0Adam Langley OPENSSL_free(data); 78d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 79d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 80d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Create a data based on an existing policy. If 'id' is NULL use the 81d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * oid in the policy, otherwise use 'id'. This behaviour covers the two 82d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * types of data in RFC3280: data with from a CertificatePolcies extension 83d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * and additional data with just the qualifiers of anyPolicy and ID from 84d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * another source. 85d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 86d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 87d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyX509_POLICY_DATA *policy_data_new(POLICYINFO *policy, 88d9e397b599b13d642138480a28c14db7a136bf0Adam Langley const ASN1_OBJECT *cid, int crit) 89d9e397b599b13d642138480a28c14db7a136bf0Adam Langley { 90d9e397b599b13d642138480a28c14db7a136bf0Adam Langley X509_POLICY_DATA *ret; 91d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ASN1_OBJECT *id; 92d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (!policy && !cid) 93d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return NULL; 94d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (cid) 95d9e397b599b13d642138480a28c14db7a136bf0Adam Langley { 96d9e397b599b13d642138480a28c14db7a136bf0Adam Langley id = OBJ_dup(cid); 97d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (!id) 98d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return NULL; 99d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 100d9e397b599b13d642138480a28c14db7a136bf0Adam Langley else 101d9e397b599b13d642138480a28c14db7a136bf0Adam Langley id = NULL; 102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); 103d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (!ret) 104d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return NULL; 105d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); 106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (!ret->expected_policy_set) 107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley { 108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley OPENSSL_free(ret); 109d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (id) 110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ASN1_OBJECT_free(id); 111d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return NULL; 112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 113d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 114d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (crit) 115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret->flags = POLICY_DATA_FLAG_CRITICAL; 116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley else 117d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret->flags = 0; 118d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 119d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (id) 120d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret->valid_policy = id; 121d9e397b599b13d642138480a28c14db7a136bf0Adam Langley else 122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley { 123d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret->valid_policy = policy->policyid; 124d9e397b599b13d642138480a28c14db7a136bf0Adam Langley policy->policyid = NULL; 125d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 126d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 127d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if (policy) 128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley { 129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret->qualifier_set = policy->qualifiers; 130d9e397b599b13d642138480a28c14db7a136bf0Adam Langley policy->qualifiers = NULL; 131d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 132d9e397b599b13d642138480a28c14db7a136bf0Adam Langley else 133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret->qualifier_set = NULL; 134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley return ret; 136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 137d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 138