Take the old policy code behind the barn

It can go play in the fields with all the other exponential time policy "code". discussed with jsing ok & commit message beck
author: tb <> 2023-04-28 16:21:57 +0000
committer: tb <> 2023-04-28 16:21:57 +0000
commit: 0f7876e466fed4dad77a738f0bdb63846092d5ef (patch)
tree: ab7bf11dbba9e8b630f9ced2d33ff8be0eb6049a /src/lib/libcrypto/x509/pcy_int.h
parent: 1059b2a4a3d9eb72ad6073bbadee2edc0fd7f990 (diff)
download: openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.tar.gz
openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.tar.bz2
openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.zip
1 files changed, 0 insertions, 281 deletions
diff --git a/src/lib/libcrypto/x509/pcy_int.h b/src/lib/libcrypto/x509/pcy_int.h
deleted file mode 100644
index 43bd548f66..0000000000
--- a/src/lib/libcrypto/x509/pcy_int.h
+++ /dev/null
@@ -1,281 +0,0 @@
-/* $OpenBSD: pcy_int.h,v 1.5 2023/04/26 19:11:32 beck Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef LIBRESSL_HAS_POLICY_DAG
-/* Needed to pull in the typedefs for X509_POLICY_* */
-#include "x509_local.h"
-__BEGIN_HIDDEN_DECLS
-typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
-DECLARE_STACK_OF(X509_POLICY_DATA)
-DECLARE_STACK_OF(X509_POLICY_NODE)
-#define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp))
-#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)
-#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i))
-#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val))
-#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i))
-#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr))
-#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i))
-#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp))
-#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st)
-#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func))
-#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp))
-#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)
-#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i))
-#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val))
-#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i))
-#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr))
-#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i))
-#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp))
-#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st)
-#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func))
-#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
-/* This structure and the field names correspond to the Policy 'node' of
- * RFC3280. NB this structure contains no pointers to parent or child
- * data: X509_POLICY_NODE contains that. This means that the main policy data
- * can be kept static and cached with the certificate.
- */
-struct X509_POLICY_DATA_st {
-        unsigned int flags;
-        /* Policy OID and qualifiers for this data */
-        ASN1_OBJECT *valid_policy;
-        STACK_OF(POLICYQUALINFO) *qualifier_set;
-        STACK_OF(ASN1_OBJECT) *expected_policy_set;
-};
-/* X509_POLICY_DATA flags values */
-/* This flag indicates the structure has been mapped using a policy mapping
- * extension. If policy mapping is not active its references get deleted.
- */
-#define POLICY_DATA_FLAG_MAPPED                 0x1
-/* This flag indicates the data doesn't correspond to a policy in Certificate
- * Policies: it has been mapped to any policy.
- */
-#define POLICY_DATA_FLAG_MAPPED_ANY             0x2
-/* AND with flags to see if any mapping has occurred */
-#define POLICY_DATA_FLAG_MAP_MASK               0x3
-/* qualifiers are shared and shouldn't be freed */
-#define POLICY_DATA_FLAG_SHARED_QUALIFIERS      0x4
-/* Parent node is an extra node and should be freed */
-#define POLICY_DATA_FLAG_EXTRA_NODE             0x8
-/* Corresponding CertificatePolicies is critical */
-#define POLICY_DATA_FLAG_CRITICAL               0x10
-/* This structure is cached with a certificate */
-struct X509_POLICY_CACHE_st {
-        /* anyPolicy data or NULL if no anyPolicy */
-        X509_POLICY_DATA *anyPolicy;
-        /* other policy data */
-        STACK_OF(X509_POLICY_DATA) *data;
-        /* If InhibitAnyPolicy present this is its value or -1 if absent. */
-        long any_skip;
-        /* If policyConstraints and requireExplicitPolicy present this is its
-         * value or -1 if absent.
-         */
-        long explicit_skip;
-        /* If policyConstraints and policyMapping present this is its
-         * value or -1 if absent.
-         */
-        long map_skip;
-};
-/*#define POLICY_CACHE_FLAG_CRITICAL            POLICY_DATA_FLAG_CRITICAL*/
-/* This structure represents the relationship between nodes */
-struct X509_POLICY_NODE_st {
-        /* node data this refers to */
-        const X509_POLICY_DATA *data;
-        /* Parent node */
-        X509_POLICY_NODE *parent;
-        /* Number of child nodes */
-        int nchild;
-};
-struct X509_POLICY_LEVEL_st {
-        /* Cert for this level */
-        X509 *cert;
-        /* nodes at this level */
-        STACK_OF(X509_POLICY_NODE) *nodes;
-        /* anyPolicy node */
-        X509_POLICY_NODE *anyPolicy;
-        /* Extra data */
-        /*STACK_OF(X509_POLICY_DATA) *extra_data;*/
-        unsigned int flags;
-};
-struct X509_POLICY_TREE_st {
-        /* This is the tree 'level' data */
-        X509_POLICY_LEVEL *levels;
-        int nlevel;
-        /* Extra policy data when additional nodes (not from the certificate)
-         * are required.
-         */
-        STACK_OF(X509_POLICY_DATA) *extra_data;
-        /* This is the authority constained policy set */
-        STACK_OF(X509_POLICY_NODE) *auth_policies;
-        STACK_OF(X509_POLICY_NODE) *user_policies;
-        unsigned int flags;
-};
-/* Set if anyPolicy present in user policies */
-#define POLICY_FLAG_ANY_POLICY          0x2
-/* Useful macros */
-#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
-#define node_critical(node) node_data_critical(node->data)
-/* Internal functions */
-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
-    int crit);
-void policy_data_free(X509_POLICY_DATA *data);
-X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
-    const ASN1_OBJECT *id);
-int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
-STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
-void policy_cache_init(void);
-void policy_cache_free(X509_POLICY_CACHE *cache);
-X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
-    const X509_POLICY_NODE *parent, const ASN1_OBJECT *id);
-X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
-    const ASN1_OBJECT *id);
-int level_add_node(X509_POLICY_LEVEL *level,
-    const X509_POLICY_DATA *data, X509_POLICY_NODE *parent,
-    X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep);
-void policy_node_free(X509_POLICY_NODE *node);
-int policy_node_match(const X509_POLICY_LEVEL *lvl,
-    const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
-const X509_POLICY_CACHE *policy_cache_set(X509 *x);
-int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
-X509_POLICY_LEVEL *
-        X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);
-STACK_OF(X509_POLICY_NODE) *
-        X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);
-STACK_OF(X509_POLICY_NODE) *
-        X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);
-int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i);
-const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
-STACK_OF(POLICYQUALINFO) *
-        X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);
-const X509_POLICY_NODE *
-        X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
-__END_HIDDEN_DECLS
-#endif /* LIBRESSL_HAS_POLICY_DAG */
author	tb <>	2023-04-28 16:21:57 +0000
committer	tb <>	2023-04-28 16:21:57 +0000
commit	0f7876e466fed4dad77a738f0bdb63846092d5ef (patch)
tree	ab7bf11dbba9e8b630f9ced2d33ff8be0eb6049a /src/lib/libcrypto/x509/pcy_int.h
parent	1059b2a4a3d9eb72ad6073bbadee2edc0fd7f990 (diff)
download	openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.tar.gz openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.tar.bz2 openbsd-0f7876e466fed4dad77a738f0bdb63846092d5ef.zip

diff --git a/src/lib/libcrypto/x509/pcy_int.h b/src/lib/libcrypto/x509/pcy_int.h deleted file mode 100644 index 43bd548f66..0000000000 --- a/src/lib/libcrypto/x509/pcy_int.h +++ /dev/null
@@ -1,281 +0,0 @@
1	/* $OpenBSD: pcy_int.h,v 1.5 2023/04/26 19:11:32 beck Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2004.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#ifndef LIBRESSL_HAS_POLICY_DAG
60
61	/* Needed to pull in the typedefs for X509_POLICY_* */
62	#include "x509_local.h"
63
64	__BEGIN_HIDDEN_DECLS
65
66	typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
67
68	DECLARE_STACK_OF(X509_POLICY_DATA)
69	DECLARE_STACK_OF(X509_POLICY_NODE)
70
71	#define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp))
72	#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)
73	#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))
74	#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))
75	#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i))
76	#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val))
77	#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st))
78	#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val))
79	#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val))
80	#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val))
81	#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val))
82	#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i))
83	#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr))
84	#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i))
85	#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp))
86	#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st)
87	#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func))
88	#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st))
89	#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st))
90	#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))
91	#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))
92
93	#define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp))
94	#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)
95	#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))
96	#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))
97	#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i))
98	#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val))
99	#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st))
100	#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val))
101	#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val))
102	#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val))
103	#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val))
104	#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i))
105	#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr))
106	#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i))
107	#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp))
108	#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st)
109	#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func))
110	#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st))
111	#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st))
112	#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
113	#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
114
115	/* This structure and the field names correspond to the Policy 'node' of
116	* RFC3280. NB this structure contains no pointers to parent or child
117	* data: X509_POLICY_NODE contains that. This means that the main policy data
118	* can be kept static and cached with the certificate.
119	*/
120
121	struct X509_POLICY_DATA_st {
122	unsigned int flags;
123	/* Policy OID and qualifiers for this data */
124	ASN1_OBJECT *valid_policy;
125	STACK_OF(POLICYQUALINFO) *qualifier_set;
126	STACK_OF(ASN1_OBJECT) *expected_policy_set;
127	};
128
129	/* X509_POLICY_DATA flags values */
130
131	/* This flag indicates the structure has been mapped using a policy mapping
132	* extension. If policy mapping is not active its references get deleted.
133	*/
134
135	#define POLICY_DATA_FLAG_MAPPED 0x1
136
137	/* This flag indicates the data doesn't correspond to a policy in Certificate
138	* Policies: it has been mapped to any policy.
139	*/
140
141	#define POLICY_DATA_FLAG_MAPPED_ANY 0x2
142
143	/* AND with flags to see if any mapping has occurred */
144
145	#define POLICY_DATA_FLAG_MAP_MASK 0x3
146
147	/* qualifiers are shared and shouldn't be freed */
148
149	#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4
150
151	/* Parent node is an extra node and should be freed */
152
153	#define POLICY_DATA_FLAG_EXTRA_NODE 0x8
154
155	/* Corresponding CertificatePolicies is critical */
156
157	#define POLICY_DATA_FLAG_CRITICAL 0x10
158
159	/* This structure is cached with a certificate */
160
161	struct X509_POLICY_CACHE_st {
162	/* anyPolicy data or NULL if no anyPolicy */
163	X509_POLICY_DATA *anyPolicy;
164	/* other policy data */
165	STACK_OF(X509_POLICY_DATA) *data;
166	/* If InhibitAnyPolicy present this is its value or -1 if absent. */
167	long any_skip;
168	/* If policyConstraints and requireExplicitPolicy present this is its
169	* value or -1 if absent.
170	*/
171	long explicit_skip;
172	/* If policyConstraints and policyMapping present this is its
173	* value or -1 if absent.
174	*/
175	long map_skip;
176	};
177
178	/#define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL/
179
180	/* This structure represents the relationship between nodes */
181
182	struct X509_POLICY_NODE_st {
183	/* node data this refers to */
184	const X509_POLICY_DATA *data;
185	/* Parent node */
186	X509_POLICY_NODE *parent;
187	/* Number of child nodes */
188	int nchild;
189	};
190
191	struct X509_POLICY_LEVEL_st {
192	/* Cert for this level */
193	X509 *cert;
194	/* nodes at this level */
195	STACK_OF(X509_POLICY_NODE) *nodes;
196	/* anyPolicy node */
197	X509_POLICY_NODE *anyPolicy;
198	/* Extra data */
199	/STACK_OF(X509_POLICY_DATA) extra_data;*/
200	unsigned int flags;
201	};
202
203	struct X509_POLICY_TREE_st {
204	/* This is the tree 'level' data */
205	X509_POLICY_LEVEL *levels;
206	int nlevel;
207	/* Extra policy data when additional nodes (not from the certificate)
208	* are required.
209	*/
210	STACK_OF(X509_POLICY_DATA) *extra_data;
211	/* This is the authority constained policy set */
212	STACK_OF(X509_POLICY_NODE) *auth_policies;
213	STACK_OF(X509_POLICY_NODE) *user_policies;
214	unsigned int flags;
215	};
216
217	/* Set if anyPolicy present in user policies */
218	#define POLICY_FLAG_ANY_POLICY 0x2
219
220	/* Useful macros */
221
222	#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
223	#define node_critical(node) node_data_critical(node->data)
224
225	/* Internal functions */
226
227	X509_POLICY_DATA policy_data_new(POLICYINFO policy, const ASN1_OBJECT *id,
228	int crit);
229	void policy_data_free(X509_POLICY_DATA *data);
230
231	X509_POLICY_DATA policy_cache_find_data(const X509_POLICY_CACHE cache,
232	const ASN1_OBJECT *id);
233	int policy_cache_set_mapping(X509 x, POLICY_MAPPINGS maps);
234
235
236	STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
237
238	void policy_cache_init(void);
239
240	void policy_cache_free(X509_POLICY_CACHE *cache);
241
242	X509_POLICY_NODE level_find_node(const X509_POLICY_LEVEL level,
243	const X509_POLICY_NODE parent, const ASN1_OBJECT id);
244
245	X509_POLICY_NODE tree_find_sk(STACK_OF(X509_POLICY_NODE) sk,
246	const ASN1_OBJECT *id);
247
248	int level_add_node(X509_POLICY_LEVEL *level,
249	const X509_POLICY_DATA data, X509_POLICY_NODE parent,
250	X509_POLICY_TREE tree, X509_POLICY_NODE *nodep);
251	void policy_node_free(X509_POLICY_NODE *node);
252	int policy_node_match(const X509_POLICY_LEVEL *lvl,
253	const X509_POLICY_NODE node, const ASN1_OBJECT oid);
254
255	const X509_POLICY_CACHE policy_cache_set(X509 x);
256
257	int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
258	X509_POLICY_LEVEL *
259	X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);
260
261	STACK_OF(X509_POLICY_NODE) *
262	X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);
263
264	STACK_OF(X509_POLICY_NODE) *
265	X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);
266
267	int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
268
269	X509_POLICY_NODE X509_policy_level_get0_node(X509_POLICY_LEVEL level, int i);
270
271	const ASN1_OBJECT X509_policy_node_get0_policy(const X509_POLICY_NODE node);
272
273	STACK_OF(POLICYQUALINFO) *
274	X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);
275	const X509_POLICY_NODE *
276	X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
277
278
279	__END_HIDDEN_DECLS
280
281	#endif /* LIBRESSL_HAS_POLICY_DAG */