1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* pcy_data.c */
24969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin/*
34969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
44969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * 2004.
5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */
6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* ====================================================================
7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Redistribution and use in source and binary forms, with or without
10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * modification, are permitted provided that the following conditions
11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * are met:
12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 1. Redistributions of source code must retain the above copyright
144969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin *    notice, this list of conditions and the following disclaimer.
15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 2. Redistributions in binary form must reproduce the above copyright
17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    notice, this list of conditions and the following disclaimer in
18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    the documentation and/or other materials provided with the
19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    distribution.
20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 3. All advertising materials mentioning features or use of this
22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    software must display the following acknowledgment:
23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    "This product includes software developed by the OpenSSL Project
24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    endorse or promote products derived from this software without
28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    prior written permission. For written permission, please contact
29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    licensing@OpenSSL.org.
30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
31d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 5. Products derived from this software may not be called "OpenSSL"
32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    nor may "OpenSSL" appear in their names without prior written
33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    permission of the OpenSSL Project.
34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * 6. Redistributions of any form whatsoever must retain the following
36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    acknowledgment:
37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    "This product includes software developed by the OpenSSL Project
38d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
40d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * OF THE POSSIBILITY OF SUCH DAMAGE.
52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * ====================================================================
53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * This product includes cryptographic software written by Eric Young
55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * (eay@cryptsoft.com).  This product includes software written by Tim
56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley * Hudson (tjh@cryptsoft.com).
57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley *
58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */
59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/mem.h>
61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/obj.h>
62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/x509.h>
63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include <openssl/x509v3.h>
64d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
65d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#include "pcy_int.h"
66d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
67d9e397b599b13d642138480a28c14db7a136bf0Adam Langley/* Policy Node routines */
68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
69d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyvoid policy_data_free(X509_POLICY_DATA *data)
704969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin{
714969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    ASN1_OBJECT_free(data->valid_policy);
724969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    /* Don't free qualifiers if shared */
734969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
744969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free);
754969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
764969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    OPENSSL_free(data);
774969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin}
78d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
794969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin/*
804969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * Create a data based on an existing policy. If 'id' is NULL use the oid in
814969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * the policy, otherwise use 'id'. This behaviour covers the two types of
824969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * data in RFC3280: data with from a CertificatePolcies extension and
834969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * additional data with just the qualifiers of anyPolicy and ID from another
844969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin * source.
85d9e397b599b13d642138480a28c14db7a136bf0Adam Langley */
86d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
87d9e397b599b13d642138480a28c14db7a136bf0Adam LangleyX509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
884969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin                                  const ASN1_OBJECT *cid, int crit)
894969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin{
904969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    X509_POLICY_DATA *ret;
914969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    ASN1_OBJECT *id;
924969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!policy && !cid)
934969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        return NULL;
944969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (cid) {
954969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        id = OBJ_dup(cid);
964969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        if (!id)
974969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin            return NULL;
984969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    } else
994969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        id = NULL;
1004969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
1014969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!ret)
1024969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        return NULL;
1034969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
1044969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (!ret->expected_policy_set) {
1054969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        OPENSSL_free(ret);
1064969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        if (id)
1074969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin            ASN1_OBJECT_free(id);
1084969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        return NULL;
1094969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
1114969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (crit)
1124969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        ret->flags = POLICY_DATA_FLAG_CRITICAL;
1134969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    else
1144969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        ret->flags = 0;
115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
1164969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (id)
1174969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        ret->valid_policy = id;
1184969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    else {
1194969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        ret->valid_policy = policy->policyid;
1204969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        policy->policyid = NULL;
1214969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    }
122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
1234969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    if (policy) {
1244969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        ret->qualifier_set = policy->qualifiers;
1254969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        policy->qualifiers = NULL;
1264969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    } else
1274969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin        ret->qualifier_set = NULL;
128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley
1294969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin    return ret;
1304969cc9b0ab2905ec478277f50ed3849b37a6c6bDavid Benjamin}
131