1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* pcy_data.c */ 24969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin/* 34969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 44969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * 2004. 5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ==================================================================== 7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without 10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions 11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met: 12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the above copyright 144969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * notice, this list of conditions and the following disclaimer. 15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright 17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * notice, this list of conditions and the following disclaimer in 18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * the documentation and/or other materials provided with the 19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * distribution. 20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this 22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * software must display the following acknowledgment: 23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * endorse or promote products derived from this software without 28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * prior written permission. For written permission, please contact 29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * licensing@OpenSSL.org. 30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 5. Products derived from this software may not be called "OpenSSL" 32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * nor may "OpenSSL" appear in their names without prior written 33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * permission of the OpenSSL Project. 34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 6. Redistributions of any form whatsoever must retain the following 36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * acknowledgment: 37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * "This product includes software developed by the OpenSSL Project 38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OF THE POSSIBILITY OF SUCH DAMAGE. 52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ==================================================================== 53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This product includes cryptographic software written by Eric Young 55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * (eay@cryptsoft.com). This product includes software written by Tim 56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Hudson (tjh@cryptsoft.com). 57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/mem.h> 61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/obj.h> 62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/x509.h> 63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/x509v3.h> 64d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 65d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include "pcy_int.h" 66d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 67d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Policy Node routines */ 68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 69d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid policy_data_free(X509_POLICY_DATA *data) 704969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin{ 714969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_OBJECT_free(data->valid_policy); 724969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin /* Don't free qualifiers if shared */ 734969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) 744969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free); 754969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free); 764969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin OPENSSL_free(data); 774969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin} 78d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 794969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin/* 804969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * Create a data based on an existing policy. If 'id' is NULL use the oid in 814969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * the policy, otherwise use 'id'. This behaviour covers the two types of 824969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * data in RFC3280: data with from a CertificatePolcies extension and 834969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * additional data with just the qualifiers of anyPolicy and ID from another 844969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * source. 85d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */ 86d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 87d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyX509_POLICY_DATA *policy_data_new(POLICYINFO *policy, 884969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin const ASN1_OBJECT *cid, int crit) 894969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin{ 904969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin X509_POLICY_DATA *ret; 914969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_OBJECT *id; 924969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!policy && !cid) 934969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 944969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (cid) { 954969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin id = OBJ_dup(cid); 964969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!id) 974969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 984969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } else 994969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin id = NULL; 1004969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); 1014969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!ret) 1024969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 1034969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); 1044969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (!ret->expected_policy_set) { 1054969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin OPENSSL_free(ret); 1064969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (id) 1074969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ASN1_OBJECT_free(id); 1084969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return NULL; 1094969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1114969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (crit) 1124969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ret->flags = POLICY_DATA_FLAG_CRITICAL; 1134969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin else 1144969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ret->flags = 0; 115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1164969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (id) 1174969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ret->valid_policy = id; 1184969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin else { 1194969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ret->valid_policy = policy->policyid; 1204969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin policy->policyid = NULL; 1214969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } 122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1234969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin if (policy) { 1244969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ret->qualifier_set = policy->qualifiers; 1254969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin policy->qualifiers = NULL; 1264969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin } else 1274969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin ret->qualifier_set = NULL; 128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1294969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin return ret; 1304969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin} 131