xref: /openssl/crypto/x509/pcy_map.c (revision 4d0340a6) 
1 /*
2  * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include "internal/cryptlib.h"
11 #include <openssl/x509.h>
12 #include <openssl/x509v3.h>
13 #include "crypto/x509.h"
14 
15 #include "pcy_local.h"
16 
17 /*
18  * Set policy mapping entries in cache. Note: this modifies the passed
19  * POLICY_MAPPINGS structure
20  */
21 
ossl_policy_cache_set_mapping(X509 * x,POLICY_MAPPINGS * maps)22 int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
23 {
24     POLICY_MAPPING *map;
25     X509_POLICY_DATA *data;
26     X509_POLICY_CACHE *cache = x->policy_cache;
27     int i;
28     int ret = 0;
29     if (sk_POLICY_MAPPING_num(maps) == 0) {
30         ret = -1;
31         goto bad_mapping;
32     }
33     for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) {
34         map = sk_POLICY_MAPPING_value(maps, i);
35         /* Reject if map to or from anyPolicy */
36         if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
37             || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) {
38             ret = -1;
39             goto bad_mapping;
40         }
41 
42         /* Attempt to find matching policy data */
43         data = ossl_policy_cache_find_data(cache, map->issuerDomainPolicy);
44         /* If we don't have anyPolicy can't map */
45         if (data == NULL && !cache->anyPolicy)
46             continue;
47 
48         /* Create a NODE from anyPolicy */
49         if (data == NULL) {
50             data = ossl_policy_data_new(NULL, map->issuerDomainPolicy,
51                                         cache->anyPolicy->flags
52                                         & POLICY_DATA_FLAG_CRITICAL);
53             if (data == NULL)
54                 goto bad_mapping;
55             data->qualifier_set = cache->anyPolicy->qualifier_set;
56             /*
57              * map->issuerDomainPolicy = NULL;
58              */
59             data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
60             data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
61             if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
62                 ossl_policy_data_free(data);
63                 goto bad_mapping;
64             }
65         } else
66             data->flags |= POLICY_DATA_FLAG_MAPPED;
67         if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
68                                  map->subjectDomainPolicy))
69             goto bad_mapping;
70         map->subjectDomainPolicy = NULL;
71 
72     }
73 
74     ret = 1;
75  bad_mapping:
76     sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
77     return ret;
78 
79 }
80