| OLD | NEW |
|---|
| 1 /* pcy_map.c */ | 1 /* pcy_map.c */ |
| 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 * project 2004. | 3 * project 2004. |
| 4 */ | 4 */ |
| 5 /* ==================================================================== | 5 /* ==================================================================== |
| 6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. |
| 7 * | 7 * |
| 8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
| 9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
| 10 * are met: | 10 * are met: |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 55 * Hudson (tjh@cryptsoft.com). | 55 * Hudson (tjh@cryptsoft.com). |
| 56 * | 56 * |
| 57 */ | 57 */ |
| 58 | 58 |
| 59 #include "cryptlib.h" | 59 #include "cryptlib.h" |
| 60 #include <openssl/x509.h> | 60 #include <openssl/x509.h> |
| 61 #include <openssl/x509v3.h> | 61 #include <openssl/x509v3.h> |
| 62 | 62 |
| 63 #include "pcy_int.h" | 63 #include "pcy_int.h" |
| 64 | 64 |
| 65 static int ref_cmp(const X509_POLICY_REF * const *a, | |
| 66 const X509_POLICY_REF * const *b) | |
| 67 { | |
| 68 return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy); | |
| 69 } | |
| 70 | |
| 71 static void policy_map_free(X509_POLICY_REF *map) | |
| 72 { | |
| 73 if (map->subjectDomainPolicy) | |
| 74 ASN1_OBJECT_free(map->subjectDomainPolicy); | |
| 75 OPENSSL_free(map); | |
| 76 } | |
| 77 | |
| 78 static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *i
d) | |
| 79 { | |
| 80 X509_POLICY_REF tmp; | |
| 81 int idx; | |
| 82 tmp.subjectDomainPolicy = id; | |
| 83 | |
| 84 idx = sk_X509_POLICY_REF_find(cache->maps, &tmp); | |
| 85 if (idx == -1) | |
| 86 return NULL; | |
| 87 return sk_X509_POLICY_REF_value(cache->maps, idx); | |
| 88 } | |
| 89 | |
| 90 /* Set policy mapping entries in cache. | 65 /* Set policy mapping entries in cache. |
| 91 * Note: this modifies the passed POLICY_MAPPINGS structure | 66 * Note: this modifies the passed POLICY_MAPPINGS structure |
| 92 */ | 67 */ |
| 93 | 68 |
| 94 int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) | 69 int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) |
| 95 { | 70 { |
| 96 POLICY_MAPPING *map; | 71 POLICY_MAPPING *map; |
| 97 X509_POLICY_REF *ref = NULL; | |
| 98 X509_POLICY_DATA *data; | 72 X509_POLICY_DATA *data; |
| 99 X509_POLICY_CACHE *cache = x->policy_cache; | 73 X509_POLICY_CACHE *cache = x->policy_cache; |
| 100 int i; | 74 int i; |
| 101 int ret = 0; | 75 int ret = 0; |
| 102 if (sk_POLICY_MAPPING_num(maps) == 0) | 76 if (sk_POLICY_MAPPING_num(maps) == 0) |
| 103 { | 77 { |
| 104 ret = -1; | 78 ret = -1; |
| 105 goto bad_mapping; | 79 goto bad_mapping; |
| 106 } | 80 } |
| 107 cache->maps = sk_X509_POLICY_REF_new(ref_cmp); | |
| 108 for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) | 81 for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) |
| 109 { | 82 { |
| 110 map = sk_POLICY_MAPPING_value(maps, i); | 83 map = sk_POLICY_MAPPING_value(maps, i); |
| 111 /* Reject if map to or from anyPolicy */ | 84 /* Reject if map to or from anyPolicy */ |
| 112 if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) | 85 if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) |
| 113 || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) | 86 || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) |
| 114 { | 87 { |
| 115 ret = -1; | 88 ret = -1; |
| 116 goto bad_mapping; | 89 goto bad_mapping; |
| 117 } | 90 } |
| 118 | 91 |
| 119 /* If we've already mapped from this OID bad mapping */ | |
| 120 if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) | |
| 121 { | |
| 122 ret = -1; | |
| 123 goto bad_mapping; | |
| 124 } | |
| 125 | |
| 126 /* Attempt to find matching policy data */ | 92 /* Attempt to find matching policy data */ |
| 127 data = policy_cache_find_data(cache, map->issuerDomainPolicy); | 93 data = policy_cache_find_data(cache, map->issuerDomainPolicy); |
| 128 /* If we don't have anyPolicy can't map */ | 94 /* If we don't have anyPolicy can't map */ |
| 129 if (!data && !cache->anyPolicy) | 95 if (!data && !cache->anyPolicy) |
| 130 continue; | 96 continue; |
| 131 | 97 |
| 132 /* Create a NODE from anyPolicy */ | 98 /* Create a NODE from anyPolicy */ |
| 133 if (!data) | 99 if (!data) |
| 134 { | 100 { |
| 135 data = policy_data_new(NULL, map->issuerDomainPolicy, | 101 data = policy_data_new(NULL, map->issuerDomainPolicy, |
| 136 cache->anyPolicy->flags | 102 cache->anyPolicy->flags |
| 137 & POLICY_DATA_FLAG_CRITICAL); | 103 & POLICY_DATA_FLAG_CRITICAL); |
| 138 if (!data) | 104 if (!data) |
| 139 goto bad_mapping; | 105 goto bad_mapping; |
| 140 data->qualifier_set = cache->anyPolicy->qualifier_set; | 106 data->qualifier_set = cache->anyPolicy->qualifier_set; |
| 141 » » » map->issuerDomainPolicy = NULL; | 107 » » » /*map->issuerDomainPolicy = NULL;*/ |
| 142 data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; | 108 data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; |
| 143 data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; | 109 data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; |
| 144 if (!sk_X509_POLICY_DATA_push(cache->data, data)) | 110 if (!sk_X509_POLICY_DATA_push(cache->data, data)) |
| 145 { | 111 { |
| 146 policy_data_free(data); | 112 policy_data_free(data); |
| 147 goto bad_mapping; | 113 goto bad_mapping; |
| 148 } | 114 } |
| 149 } | 115 } |
| 150 else | 116 else |
| 151 data->flags |= POLICY_DATA_FLAG_MAPPED; | 117 data->flags |= POLICY_DATA_FLAG_MAPPED; |
| 152 | |
| 153 if (!sk_ASN1_OBJECT_push(data->expected_policy_set, | 118 if (!sk_ASN1_OBJECT_push(data->expected_policy_set, |
| 154 map->subjectDomainPolicy)) | 119 map->subjectDomainPolicy)) |
| 155 goto bad_mapping; | 120 goto bad_mapping; |
| 156 | |
| 157 ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); | |
| 158 if (!ref) | |
| 159 goto bad_mapping; | |
| 160 | |
| 161 ref->subjectDomainPolicy = map->subjectDomainPolicy; | |
| 162 map->subjectDomainPolicy = NULL; | 121 map->subjectDomainPolicy = NULL; |
| 163 ref->data = data; | |
| 164 | |
| 165 if (!sk_X509_POLICY_REF_push(cache->maps, ref)) | |
| 166 goto bad_mapping; | |
| 167 | |
| 168 ref = NULL; | |
| 169 | 122 |
| 170 } | 123 } |
| 171 | 124 |
| 172 ret = 1; | 125 ret = 1; |
| 173 bad_mapping: | 126 bad_mapping: |
| 174 if (ret == -1) | 127 if (ret == -1) |
| 175 x->ex_flags |= EXFLAG_INVALID_POLICY; | 128 x->ex_flags |= EXFLAG_INVALID_POLICY; |
| 176 if (ref) | |
| 177 policy_map_free(ref); | |
| 178 if (ret <= 0) | |
| 179 { | |
| 180 sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free); | |
| 181 cache->maps = NULL; | |
| 182 } | |
| 183 sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); | 129 sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); |
| 184 return ret; | 130 return ret; |
| 185 | 131 |
| 186 } | 132 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/