| 1 | /*
|
|---|
| 2 | * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 3 | *
|
|---|
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
|---|
| 6 | * in the file LICENSE in the source distribution or at
|
|---|
| 7 | * https://www.openssl.org/source/license.html
|
|---|
| 8 | */
|
|---|
| 9 |
|
|---|
| 10 | #include "internal/cryptlib.h"
|
|---|
| 11 | #include <openssl/x509.h>
|
|---|
| 12 | #include <openssl/x509v3.h>
|
|---|
| 13 |
|
|---|
| 14 | #include "pcy_local.h"
|
|---|
| 15 |
|
|---|
| 16 | /* Policy Node routines */
|
|---|
| 17 |
|
|---|
| 18 | void ossl_policy_data_free(X509_POLICY_DATA *data)
|
|---|
| 19 | {
|
|---|
| 20 | if (data == NULL)
|
|---|
| 21 | return;
|
|---|
| 22 | ASN1_OBJECT_free(data->valid_policy);
|
|---|
| 23 | /* Don't free qualifiers if shared */
|
|---|
| 24 | if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
|
|---|
| 25 | sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free);
|
|---|
| 26 | sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
|
|---|
| 27 | OPENSSL_free(data);
|
|---|
| 28 | }
|
|---|
| 29 |
|
|---|
| 30 | /*
|
|---|
| 31 | * Create a data based on an existing policy. If 'id' is NULL use the OID in
|
|---|
| 32 | * the policy, otherwise use 'id'. This behaviour covers the two types of
|
|---|
| 33 | * data in RFC3280: data with from a CertificatePolicies extension and
|
|---|
| 34 | * additional data with just the qualifiers of anyPolicy and ID from another
|
|---|
| 35 | * source.
|
|---|
| 36 | */
|
|---|
| 37 |
|
|---|
| 38 | X509_POLICY_DATA *ossl_policy_data_new(POLICYINFO *policy,
|
|---|
| 39 | const ASN1_OBJECT *cid, int crit)
|
|---|
| 40 | {
|
|---|
| 41 | X509_POLICY_DATA *ret;
|
|---|
| 42 | ASN1_OBJECT *id;
|
|---|
| 43 |
|
|---|
| 44 | if (policy == NULL && cid == NULL)
|
|---|
| 45 | return NULL;
|
|---|
| 46 | if (cid) {
|
|---|
| 47 | id = OBJ_dup(cid);
|
|---|
| 48 | if (id == NULL)
|
|---|
| 49 | return NULL;
|
|---|
| 50 | } else
|
|---|
| 51 | id = NULL;
|
|---|
| 52 | ret = OPENSSL_zalloc(sizeof(*ret));
|
|---|
| 53 | if (ret == NULL) {
|
|---|
| 54 | ASN1_OBJECT_free(id);
|
|---|
| 55 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
|---|
| 56 | return NULL;
|
|---|
| 57 | }
|
|---|
| 58 | ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
|
|---|
| 59 | if (ret->expected_policy_set == NULL) {
|
|---|
| 60 | OPENSSL_free(ret);
|
|---|
| 61 | ASN1_OBJECT_free(id);
|
|---|
| 62 | ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
|
|---|
| 63 | return NULL;
|
|---|
| 64 | }
|
|---|
| 65 |
|
|---|
| 66 | if (crit)
|
|---|
| 67 | ret->flags = POLICY_DATA_FLAG_CRITICAL;
|
|---|
| 68 |
|
|---|
| 69 | if (id)
|
|---|
| 70 | ret->valid_policy = id;
|
|---|
| 71 | else {
|
|---|
| 72 | ret->valid_policy = policy->policyid;
|
|---|
| 73 | policy->policyid = NULL;
|
|---|
| 74 | }
|
|---|
| 75 |
|
|---|
| 76 | if (policy) {
|
|---|
| 77 | ret->qualifier_set = policy->qualifiers;
|
|---|
| 78 | policy->qualifiers = NULL;
|
|---|
| 79 | }
|
|---|
| 80 |
|
|---|
| 81 | return ret;
|
|---|
| 82 | }
|
|---|
