Remove proxy cert remnants

author: tb <> 2023-04-25 19:01:01 +0000
committer: tb <> 2023-04-25 19:01:01 +0000
commit: 53c813a50e9d2ac606f35b1db747f11077d6fa5a (patch)
tree: fdca376107f19b4cc1f0af55170d1ee674413902 /src/lib/libcrypto/x509/x509_pci.c
parent: e14b6ccb5027834e09c4d8a742214f122daa582f (diff)
download: openbsd-53c813a50e9d2ac606f35b1db747f11077d6fa5a.tar.gz
openbsd-53c813a50e9d2ac606f35b1db747f11077d6fa5a.tar.bz2
openbsd-53c813a50e9d2ac606f35b1db747f11077d6fa5a.zip
1 files changed, 0 insertions, 311 deletions
diff --git a/src/lib/libcrypto/x509/x509_pci.c b/src/lib/libcrypto/x509/x509_pci.c
deleted file mode 100644
index b1d31dfb44..0000000000
--- a/src/lib/libcrypto/x509/x509_pci.c
+++ /dev/null
@@ -1,311 +0,0 @@
-/* $OpenBSD: x509_pci.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */
-/* Contributed to the OpenSSL Project 2004
- * by Richard Levitte (richard@levitte.org)
- */
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
-    BIO *out, int indent);
-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
-    X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_pci = {
-        .ext_nid = NID_proxyCertInfo,
-        .ext_flags = 0,
-        .it = &PROXY_CERT_INFO_EXTENSION_it,
-        .ext_new = NULL,
-        .ext_free = NULL,
-        .d2i = NULL,
-        .i2d = NULL,
-        .i2s = NULL,
-        .s2i = NULL,
-        .i2v = NULL,
-        .v2i = NULL,
-        .i2r = (X509V3_EXT_I2R)i2r_pci,
-        .r2i = (X509V3_EXT_R2I)r2i_pci,
-        .usr_data = NULL,
-};
-static int
-i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, BIO *out,
-    int indent)
-{
-        BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
-        if (pci->pcPathLengthConstraint)
-                i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
-        else
-                BIO_printf(out, "infinite");
-        BIO_puts(out, "\n");
-        BIO_printf(out, "%*sPolicy Language: ", indent, "");
-        i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
-        BIO_puts(out, "\n");
-        if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
-                BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",
-                    pci->proxyPolicy->policy->length,
-                    pci->proxyPolicy->policy->data);
-        return 1;
-}
-static int
-process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language,
-    ASN1_INTEGER **pathlen, ASN1_OCTET_STRING **policy)
-{
-        int free_policy = 0;
-        if (strcmp(val->name, "language") == 0) {
-                if (*language) {
-                        X509V3error(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
-                        X509V3_conf_err(val);
-                        return 0;
-                }
-                if (!(*language = OBJ_txt2obj(val->value, 0))) {
-                        X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
-                        X509V3_conf_err(val);
-                        return 0;
-                }
-        }
-        else if (strcmp(val->name, "pathlen") == 0) {
-                if (*pathlen) {
-                        X509V3error(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
-                        X509V3_conf_err(val);
-                        return 0;
-                }
-                if (!X509V3_get_value_int(val, pathlen)) {
-                        X509V3error(X509V3_R_POLICY_PATH_LENGTH);
-                        X509V3_conf_err(val);
-                        return 0;
-                }
-        }
-        else if (strcmp(val->name, "policy") == 0) {
-                unsigned char *tmp_data = NULL;
-                long val_len;
-                if (!*policy) {
-                        *policy = ASN1_OCTET_STRING_new();
-                        if (!*policy) {
-                                X509V3error(ERR_R_MALLOC_FAILURE);
-                                X509V3_conf_err(val);
-                                return 0;
-                        }
-                        free_policy = 1;
-                }
-                if (strncmp(val->value, "hex:", 4) == 0) {
-                        unsigned char *tmp_data2 =
-                            string_to_hex(val->value + 4, &val_len);
-                        if (!tmp_data2) {
-                                X509V3error(X509V3_R_ILLEGAL_HEX_DIGIT);
-                                X509V3_conf_err(val);
-                                goto err;
-                        }
-                        tmp_data = realloc((*policy)->data,
-                            (*policy)->length + val_len + 1);
-                        if (tmp_data) {
-                                (*policy)->data = tmp_data;
-                                memcpy(&(*policy)->data[(*policy)->length],
-                                    tmp_data2, val_len);
-                                (*policy)->length += val_len;
-                                (*policy)->data[(*policy)->length] = '\0';
-                        } else {
-                                free(tmp_data2);
-                                free((*policy)->data);
-                                (*policy)->data = NULL;
-                                (*policy)->length = 0;
-                                X509V3error(ERR_R_MALLOC_FAILURE);
-                                X509V3_conf_err(val);
-                                goto err;
-                        }
-                        free(tmp_data2);
-                }
-                else if (strncmp(val->value, "file:", 5) == 0) {
-                        unsigned char buf[2048];
-                        int n;
-                        BIO *b = BIO_new_file(val->value + 5, "r");
-                        if (!b) {
-                                X509V3error(ERR_R_BIO_LIB);
-                                X509V3_conf_err(val);
-                                goto err;
-                        }
-                        while ((n = BIO_read(b, buf, sizeof(buf))) > 0 ||
-                            (n == 0 && BIO_should_retry(b))) {
-                                if (!n)
-                                        continue;
-                                tmp_data = realloc((*policy)->data,
-                                    (*policy)->length + n + 1);
-                                if (!tmp_data)
-                                        break;
-                                (*policy)->data = tmp_data;
-                                memcpy(&(*policy)->data[(*policy)->length],
-                                    buf, n);
-                                (*policy)->length += n;
-                                (*policy)->data[(*policy)->length] = '\0';
-                        }
-                        BIO_free_all(b);
-                        if (n < 0) {
-                                X509V3error(ERR_R_BIO_LIB);
-                                X509V3_conf_err(val);
-                                goto err;
-                        }
-                }
-                else if (strncmp(val->value, "text:", 5) == 0) {
-                        val_len = strlen(val->value + 5);
-                        tmp_data = realloc((*policy)->data,
-                            (*policy)->length + val_len + 1);
-                        if (tmp_data) {
-                                (*policy)->data = tmp_data;
-                                memcpy(&(*policy)->data[(*policy)->length],
-                                    val->value + 5, val_len);
-                                (*policy)->length += val_len;
-                                (*policy)->data[(*policy)->length] = '\0';
-                        } else {
-                                free((*policy)->data);
-                                (*policy)->data = NULL;
-                                (*policy)->length = 0;
-                                X509V3error(ERR_R_MALLOC_FAILURE);
-                                X509V3_conf_err(val);
-                                goto err;
-                        }
-                } else {
-                        X509V3error(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
-                        X509V3_conf_err(val);
-                        goto err;
-                }
-                if (!tmp_data) {
-                        X509V3error(ERR_R_MALLOC_FAILURE);
-                        X509V3_conf_err(val);
-                        goto err;
-                }
-        }
-        return 1;
-err:
-        if (free_policy) {
-                ASN1_OCTET_STRING_free(*policy);
-                *policy = NULL;
-        }
-        return 0;
-}
-static PROXY_CERT_INFO_EXTENSION *
-r2i_pci(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value)
-{
-        PROXY_CERT_INFO_EXTENSION *pci = NULL;
-        STACK_OF(CONF_VALUE) *vals;
-        ASN1_OBJECT *language = NULL;
-        ASN1_INTEGER *pathlen = NULL;
-        ASN1_OCTET_STRING *policy = NULL;
-        int i, j;
-        vals = X509V3_parse_list(value);
-        for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
-                CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
-                if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
-                        X509V3error(X509V3_R_INVALID_PROXY_POLICY_SETTING);
-                        X509V3_conf_err(cnf);
-                        goto err;
-                }
-                if (*cnf->name == '@') {
-                        STACK_OF(CONF_VALUE) *sect;
-                        int success_p = 1;
-                        sect = X509V3_get_section(ctx, cnf->name + 1);
-                        if (!sect) {
-                                X509V3error(X509V3_R_INVALID_SECTION);
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                        for (j = 0; success_p &&
-                            j < sk_CONF_VALUE_num(sect); j++) {
-                                success_p = process_pci_value(
-                                    sk_CONF_VALUE_value(sect, j),
-                                    &language, &pathlen, &policy);
-                        }
-                        X509V3_section_free(ctx, sect);
-                        if (!success_p)
-                                goto err;
-                } else {
-                        if (!process_pci_value(cnf,
-                            &language, &pathlen, &policy)) {
-                                X509V3_conf_err(cnf);
-                                goto err;
-                        }
-                }
-        }
-        /* Language is mandatory */
-        if (!language) {
-                X509V3error(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
-                goto err;
-        }
-        i = OBJ_obj2nid(language);
-        if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
-                X509V3error(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
-                goto err;
-        }
-        pci = PROXY_CERT_INFO_EXTENSION_new();
-        if (!pci) {
-                X509V3error(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        pci->proxyPolicy->policyLanguage = language;
-        language = NULL;
-        pci->proxyPolicy->policy = policy;
-        policy = NULL;
-        pci->pcPathLengthConstraint = pathlen;
-        pathlen = NULL;
-        goto end;
-err:
-        ASN1_OBJECT_free(language);
-        language = NULL;
-        ASN1_INTEGER_free(pathlen);
-        pathlen = NULL;
-        ASN1_OCTET_STRING_free(policy);
-        policy = NULL;
-end:
-        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-        return pci;
-}
author	tb <>	2023-04-25 19:01:01 +0000
committer	tb <>	2023-04-25 19:01:01 +0000
commit	53c813a50e9d2ac606f35b1db747f11077d6fa5a (patch)
tree	fdca376107f19b4cc1f0af55170d1ee674413902 /src/lib/libcrypto/x509/x509_pci.c
parent	e14b6ccb5027834e09c4d8a742214f122daa582f (diff)
download	openbsd-53c813a50e9d2ac606f35b1db747f11077d6fa5a.tar.gz openbsd-53c813a50e9d2ac606f35b1db747f11077d6fa5a.tar.bz2 openbsd-53c813a50e9d2ac606f35b1db747f11077d6fa5a.zip

diff --git a/src/lib/libcrypto/x509/x509_pci.c b/src/lib/libcrypto/x509/x509_pci.c deleted file mode 100644 index b1d31dfb44..0000000000 --- a/src/lib/libcrypto/x509/x509_pci.c +++ /dev/null
@@ -1,311 +0,0 @@
1	/* $OpenBSD: x509_pci.c,v 1.2 2021/08/24 15:23:03 tb Exp $ */
2	/* Contributed to the OpenSSL Project 2004
3	* by Richard Levitte (richard@levitte.org)
4	*/
5	/* Copyright (c) 2004 Kungliga Tekniska Högskolan
6	* (Royal Institute of Technology, Stockholm, Sweden).
7	* All rights reserved.
8	*
9	* Redistribution and use in source and binary forms, with or without
10	* modification, are permitted provided that the following conditions
11	* are met:
12	*
13	* 1. Redistributions of source code must retain the above copyright
14	* notice, this list of conditions and the following disclaimer.
15	*
16	* 2. Redistributions in binary form must reproduce the above copyright
17	* notice, this list of conditions and the following disclaimer in the
18	* documentation and/or other materials provided with the distribution.
19	*
20	* 3. Neither the name of the Institute nor the names of its contributors
21	* may be used to endorse or promote products derived from this software
22	* without specific prior written permission.
23	*
24	* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
25	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27	* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
28	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34	* SUCH DAMAGE.
35	*/
36
37	#include <stdio.h>
38	#include <string.h>
39
40	#include <openssl/conf.h>
41	#include <openssl/err.h>
42	#include <openssl/x509v3.h>
43
44	static int i2r_pci(X509V3_EXT_METHOD method, PROXY_CERT_INFO_EXTENSION ext,
45	BIO *out, int indent);
46	static PROXY_CERT_INFO_EXTENSION r2i_pci(X509V3_EXT_METHOD method,
47	X509V3_CTX ctx, char str);
48
49	const X509V3_EXT_METHOD v3_pci = {
50	.ext_nid = NID_proxyCertInfo,
51	.ext_flags = 0,
52	.it = &PROXY_CERT_INFO_EXTENSION_it,
53	.ext_new = NULL,
54	.ext_free = NULL,
55	.d2i = NULL,
56	.i2d = NULL,
57	.i2s = NULL,
58	.s2i = NULL,
59	.i2v = NULL,
60	.v2i = NULL,
61	.i2r = (X509V3_EXT_I2R)i2r_pci,
62	.r2i = (X509V3_EXT_R2I)r2i_pci,
63	.usr_data = NULL,
64	};
65
66	static int
67	i2r_pci(X509V3_EXT_METHOD method, PROXY_CERT_INFO_EXTENSION pci, BIO *out,
68	int indent)
69	{
70	BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
71	if (pci->pcPathLengthConstraint)
72	i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
73	else
74	BIO_printf(out, "infinite");
75	BIO_puts(out, "\n");
76	BIO_printf(out, "%*sPolicy Language: ", indent, "");
77	i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
78	BIO_puts(out, "\n");
79	if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
80	BIO_printf(out, "%sPolicy Text: %.s\n", indent, "",
81	pci->proxyPolicy->policy->length,
82	pci->proxyPolicy->policy->data);
83	return 1;
84	}
85
86	static int
87	process_pci_value(CONF_VALUE val, ASN1_OBJECT *language,
88	ASN1_INTEGER pathlen, ASN1_OCTET_STRING policy)
89	{
90	int free_policy = 0;
91
92	if (strcmp(val->name, "language") == 0) {
93	if (*language) {
94	X509V3error(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
95	X509V3_conf_err(val);
96	return 0;
97	}
98	if (!(*language = OBJ_txt2obj(val->value, 0))) {
99	X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER);
100	X509V3_conf_err(val);
101	return 0;
102	}
103	}
104	else if (strcmp(val->name, "pathlen") == 0) {
105	if (*pathlen) {
106	X509V3error(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
107	X509V3_conf_err(val);
108	return 0;
109	}
110	if (!X509V3_get_value_int(val, pathlen)) {
111	X509V3error(X509V3_R_POLICY_PATH_LENGTH);
112	X509V3_conf_err(val);
113	return 0;
114	}
115	}
116	else if (strcmp(val->name, "policy") == 0) {
117	unsigned char *tmp_data = NULL;
118	long val_len;
119	if (!*policy) {
120	*policy = ASN1_OCTET_STRING_new();
121	if (!*policy) {
122	X509V3error(ERR_R_MALLOC_FAILURE);
123	X509V3_conf_err(val);
124	return 0;
125	}
126	free_policy = 1;
127	}
128	if (strncmp(val->value, "hex:", 4) == 0) {
129	unsigned char *tmp_data2 =
130	string_to_hex(val->value + 4, &val_len);
131
132	if (!tmp_data2) {
133	X509V3error(X509V3_R_ILLEGAL_HEX_DIGIT);
134	X509V3_conf_err(val);
135	goto err;
136	}
137
138	tmp_data = realloc((*policy)->data,
139	(*policy)->length + val_len + 1);
140	if (tmp_data) {
141	(*policy)->data = tmp_data;
142	memcpy(&(policy)->data[(policy)->length],
143	tmp_data2, val_len);
144	(*policy)->length += val_len;
145	(policy)->data[(policy)->length] = '\0';
146	} else {
147	free(tmp_data2);
148	free((*policy)->data);
149	(*policy)->data = NULL;
150	(*policy)->length = 0;
151	X509V3error(ERR_R_MALLOC_FAILURE);
152	X509V3_conf_err(val);
153	goto err;
154	}
155	free(tmp_data2);
156	}
157	else if (strncmp(val->value, "file:", 5) == 0) {
158	unsigned char buf[2048];
159	int n;
160	BIO *b = BIO_new_file(val->value + 5, "r");
161	if (!b) {
162	X509V3error(ERR_R_BIO_LIB);
163	X509V3_conf_err(val);
164	goto err;
165	}
166	while ((n = BIO_read(b, buf, sizeof(buf))) > 0 \|\|
167	(n == 0 && BIO_should_retry(b))) {
168	if (!n)
169	continue;
170
171	tmp_data = realloc((*policy)->data,
172	(*policy)->length + n + 1);
173
174	if (!tmp_data)
175	break;
176
177	(*policy)->data = tmp_data;
178	memcpy(&(policy)->data[(policy)->length],
179	buf, n);
180	(*policy)->length += n;
181	(policy)->data[(policy)->length] = '\0';
182	}
183	BIO_free_all(b);
184
185	if (n < 0) {
186	X509V3error(ERR_R_BIO_LIB);
187	X509V3_conf_err(val);
188	goto err;
189	}
190	}
191	else if (strncmp(val->value, "text:", 5) == 0) {
192	val_len = strlen(val->value + 5);
193	tmp_data = realloc((*policy)->data,
194	(*policy)->length + val_len + 1);
195	if (tmp_data) {
196	(*policy)->data = tmp_data;
197	memcpy(&(policy)->data[(policy)->length],
198	val->value + 5, val_len);
199	(*policy)->length += val_len;
200	(policy)->data[(policy)->length] = '\0';
201	} else {
202	free((*policy)->data);
203	(*policy)->data = NULL;
204	(*policy)->length = 0;
205	X509V3error(ERR_R_MALLOC_FAILURE);
206	X509V3_conf_err(val);
207	goto err;
208	}
209	} else {
210	X509V3error(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
211	X509V3_conf_err(val);
212	goto err;
213	}
214	if (!tmp_data) {
215	X509V3error(ERR_R_MALLOC_FAILURE);
216	X509V3_conf_err(val);
217	goto err;
218	}
219	}
220	return 1;
221
222	err:
223	if (free_policy) {
224	ASN1_OCTET_STRING_free(*policy);
225	*policy = NULL;
226	}
227	return 0;
228	}
229
230	static PROXY_CERT_INFO_EXTENSION *
231	r2i_pci(X509V3_EXT_METHOD method, X509V3_CTX ctx, char *value)
232	{
233	PROXY_CERT_INFO_EXTENSION *pci = NULL;
234	STACK_OF(CONF_VALUE) *vals;
235	ASN1_OBJECT *language = NULL;
236	ASN1_INTEGER *pathlen = NULL;
237	ASN1_OCTET_STRING *policy = NULL;
238	int i, j;
239
240	vals = X509V3_parse_list(value);
241	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
242	CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
243	if (!cnf->name \|\| (*cnf->name != '@' && !cnf->value)) {
244	X509V3error(X509V3_R_INVALID_PROXY_POLICY_SETTING);
245	X509V3_conf_err(cnf);
246	goto err;
247	}
248	if (*cnf->name == '@') {
249	STACK_OF(CONF_VALUE) *sect;
250	int success_p = 1;
251
252	sect = X509V3_get_section(ctx, cnf->name + 1);
253	if (!sect) {
254	X509V3error(X509V3_R_INVALID_SECTION);
255	X509V3_conf_err(cnf);
256	goto err;
257	}
258	for (j = 0; success_p &&
259	j < sk_CONF_VALUE_num(sect); j++) {
260	success_p = process_pci_value(
261	sk_CONF_VALUE_value(sect, j),
262	&language, &pathlen, &policy);
263	}
264	X509V3_section_free(ctx, sect);
265	if (!success_p)
266	goto err;
267	} else {
268	if (!process_pci_value(cnf,
269	&language, &pathlen, &policy)) {
270	X509V3_conf_err(cnf);
271	goto err;
272	}
273	}
274	}
275
276	/* Language is mandatory */
277	if (!language) {
278	X509V3error(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
279	goto err;
280	}
281	i = OBJ_obj2nid(language);
282	if ((i == NID_Independent \|\| i == NID_id_ppl_inheritAll) && policy) {
283	X509V3error(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
284	goto err;
285	}
286
287	pci = PROXY_CERT_INFO_EXTENSION_new();
288	if (!pci) {
289	X509V3error(ERR_R_MALLOC_FAILURE);
290	goto err;
291	}
292
293	pci->proxyPolicy->policyLanguage = language;
294	language = NULL;
295	pci->proxyPolicy->policy = policy;
296	policy = NULL;
297	pci->pcPathLengthConstraint = pathlen;
298	pathlen = NULL;
299	goto end;
300
301	err:
302	ASN1_OBJECT_free(language);
303	language = NULL;
304	ASN1_INTEGER_free(pathlen);
305	pathlen = NULL;
306	ASN1_OCTET_STRING_free(policy);
307	policy = NULL;
308	end:
309	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
310	return pci;
311	}