This commit was manufactured by cvs2git to create tag 'OPENBSD_5_7_BASE'.OPENBSD_5_7_BASE

author: cvs2svn <admin@example.com> 2015-03-08 16:48:48 +0000
committer: cvs2svn <admin@example.com> 2015-03-08 16:48:48 +0000
commit: da1a9ad3a4a867ba6569c05e6fca66d7f296c553 (patch)
tree: 44872802e872bdfd60730fa9cf01d9d5751251c1 /src/lib/libcrypto/x509v3/pcy_cache.c
parent: 973703db67a8e73d70e63afa8f2cde19da09144d (diff)
download: openbsd-OPENBSD_5_7_BASE.tar.gz
openbsd-OPENBSD_5_7_BASE.tar.bz2
openbsd-OPENBSD_5_7_BASE.zip
1 files changed, 0 insertions, 271 deletions
diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c
deleted file mode 100644
index 9c8ba8298b..0000000000
--- a/src/lib/libcrypto/x509v3/pcy_cache.c
+++ /dev/null
@@ -1,271 +0,0 @@
-/* $OpenBSD: pcy_cache.c,v 1.5 2014/07/11 08:44:49 jsing Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include "pcy_int.h"
-static int policy_data_cmp(const X509_POLICY_DATA * const *a,
-    const X509_POLICY_DATA * const *b);
-static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
-/* Set cache entry according to CertificatePolicies extension.
- * Note: this destroys the passed CERTIFICATEPOLICIES structure.
- */
-static int
-policy_cache_create(X509 *x, CERTIFICATEPOLICIES *policies, int crit)
-{
-        int i;
-        int ret = 0;
-        X509_POLICY_CACHE *cache = x->policy_cache;
-        X509_POLICY_DATA *data = NULL;
-        POLICYINFO *policy;
-        if (sk_POLICYINFO_num(policies) == 0)
-                goto bad_policy;
-        cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
-        if (!cache->data)
-                goto bad_policy;
-        for (i = 0; i < sk_POLICYINFO_num(policies); i++) {
-                policy = sk_POLICYINFO_value(policies, i);
-                data = policy_data_new(policy, NULL, crit);
-                if (!data)
-                        goto bad_policy;
-                /* Duplicate policy OIDs are illegal: reject if matches
-                 * found.
-                 */
-                if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
-                        if (cache->anyPolicy) {
-                                ret = -1;
-                                goto bad_policy;
-                        }
-                        cache->anyPolicy = data;
-                } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) {
-                        ret = -1;
-                        goto bad_policy;
-                } else if (!sk_X509_POLICY_DATA_push(cache->data, data))
-                        goto bad_policy;
-                data = NULL;
-        }
-        ret = 1;
-bad_policy:
-        if (ret == -1)
-                x->ex_flags |= EXFLAG_INVALID_POLICY;
-        if (data)
-                policy_data_free(data);
-        sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
-        if (ret <= 0) {
-                sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
-                cache->data = NULL;
-        }
-        return ret;
-}
-static int
-policy_cache_new(X509 *x)
-{
-        X509_POLICY_CACHE *cache;
-        ASN1_INTEGER *ext_any = NULL;
-        POLICY_CONSTRAINTS *ext_pcons = NULL;
-        CERTIFICATEPOLICIES *ext_cpols = NULL;
-        POLICY_MAPPINGS *ext_pmaps = NULL;
-        int i;
-        cache = malloc(sizeof(X509_POLICY_CACHE));
-        if (!cache)
-                return 0;
-        cache->anyPolicy = NULL;
-        cache->data = NULL;
-        cache->any_skip = -1;
-        cache->explicit_skip = -1;
-        cache->map_skip = -1;
-        x->policy_cache = cache;
-        /* Handle requireExplicitPolicy *first*. Need to process this
-         * even if we don't have any policies.
-         */
-        ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
-        if (!ext_pcons) {
-                if (i != -1)
-                        goto bad_cache;
-        } else {
-                if (!ext_pcons->requireExplicitPolicy &&
-                    !ext_pcons->inhibitPolicyMapping)
-                        goto bad_cache;
-                if (!policy_cache_set_int(&cache->explicit_skip,
-                    ext_pcons->requireExplicitPolicy))
-                        goto bad_cache;
-                if (!policy_cache_set_int(&cache->map_skip,
-                    ext_pcons->inhibitPolicyMapping))
-                        goto bad_cache;
-        }
-        /* Process CertificatePolicies */
-        ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
-        /* If no CertificatePolicies extension or problem decoding then
-         * there is no point continuing because the valid policies will be
-         * NULL.
-         */
-        if (!ext_cpols) {
-                /* If not absent some problem with extension */
-                if (i != -1)
-                        goto bad_cache;
-                return 1;
-        }
-        i = policy_cache_create(x, ext_cpols, i);
-        /* NB: ext_cpols freed by policy_cache_set_policies */
-        if (i <= 0)
-                return i;
-        ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
-        if (!ext_pmaps) {
-                /* If not absent some problem with extension */
-                if (i != -1)
-                        goto bad_cache;
-        } else {
-                i = policy_cache_set_mapping(x, ext_pmaps);
-                if (i <= 0)
-                        goto bad_cache;
-        }
-        ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
-        if (!ext_any) {
-                if (i != -1)
-                        goto bad_cache;
-        } else if (!policy_cache_set_int(&cache->any_skip, ext_any))
-                goto bad_cache;
-        if (0) {
-bad_cache:
-                x->ex_flags |= EXFLAG_INVALID_POLICY;
-        }
-        if (ext_pcons)
-                POLICY_CONSTRAINTS_free(ext_pcons);
-        if (ext_any)
-                ASN1_INTEGER_free(ext_any);
-        return 1;
-}
-void
-policy_cache_free(X509_POLICY_CACHE *cache)
-{
-        if (!cache)
-                return;
-        if (cache->anyPolicy)
-                policy_data_free(cache->anyPolicy);
-        if (cache->data)
-                sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
-        free(cache);
-}
-const X509_POLICY_CACHE *
-policy_cache_set(X509 *x)
-{
-        if (x->policy_cache == NULL) {
-                CRYPTO_w_lock(CRYPTO_LOCK_X509);
-                policy_cache_new(x);
-                CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-        }
-        return x->policy_cache;
-}
-X509_POLICY_DATA *
-policy_cache_find_data(const X509_POLICY_CACHE *cache, const ASN1_OBJECT *id)
-{
-        int idx;
-        X509_POLICY_DATA tmp;
-        tmp.valid_policy = (ASN1_OBJECT *)id;
-        idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
-        if (idx == -1)
-                return NULL;
-        return sk_X509_POLICY_DATA_value(cache->data, idx);
-}
-static int
-policy_data_cmp(const X509_POLICY_DATA * const *a,
-    const X509_POLICY_DATA * const *b)
-{
-        return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
-}
-static int
-policy_cache_set_int(long *out, ASN1_INTEGER *value)
-{
-        if (value == NULL)
-                return 1;
-        if (value->type == V_ASN1_NEG_INTEGER)
-                return 0;
-        *out = ASN1_INTEGER_get(value);
-        return 1;
-}
author	cvs2svn <admin@example.com>	2015-03-08 16:48:48 +0000
committer	cvs2svn <admin@example.com>	2015-03-08 16:48:48 +0000
commit	da1a9ad3a4a867ba6569c05e6fca66d7f296c553 (patch)
tree	44872802e872bdfd60730fa9cf01d9d5751251c1 /src/lib/libcrypto/x509v3/pcy_cache.c
parent	973703db67a8e73d70e63afa8f2cde19da09144d (diff)
download	openbsd-OPENBSD_5_7_BASE.tar.gz openbsd-OPENBSD_5_7_BASE.tar.bz2 openbsd-OPENBSD_5_7_BASE.zip

diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c deleted file mode 100644 index 9c8ba8298b..0000000000 --- a/src/lib/libcrypto/x509v3/pcy_cache.c +++ /dev/null
@@ -1,271 +0,0 @@
1	/* $OpenBSD: pcy_cache.c,v 1.5 2014/07/11 08:44:49 jsing Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2004.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <openssl/x509.h>
60	#include <openssl/x509v3.h>
61
62	#include "pcy_int.h"
63
64	static int policy_data_cmp(const X509_POLICY_DATA * const *a,
65	const X509_POLICY_DATA * const *b);
66	static int policy_cache_set_int(long out, ASN1_INTEGER value);
67
68	/* Set cache entry according to CertificatePolicies extension.
69	* Note: this destroys the passed CERTIFICATEPOLICIES structure.
70	*/
71
72	static int
73	policy_cache_create(X509 x, CERTIFICATEPOLICIES policies, int crit)
74	{
75	int i;
76	int ret = 0;
77	X509_POLICY_CACHE *cache = x->policy_cache;
78	X509_POLICY_DATA *data = NULL;
79	POLICYINFO *policy;
80
81	if (sk_POLICYINFO_num(policies) == 0)
82	goto bad_policy;
83	cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
84	if (!cache->data)
85	goto bad_policy;
86	for (i = 0; i < sk_POLICYINFO_num(policies); i++) {
87	policy = sk_POLICYINFO_value(policies, i);
88	data = policy_data_new(policy, NULL, crit);
89	if (!data)
90	goto bad_policy;
91	/* Duplicate policy OIDs are illegal: reject if matches
92	* found.
93	*/
94	if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
95	if (cache->anyPolicy) {
96	ret = -1;
97	goto bad_policy;
98	}
99	cache->anyPolicy = data;
100	} else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) {
101	ret = -1;
102	goto bad_policy;
103	} else if (!sk_X509_POLICY_DATA_push(cache->data, data))
104	goto bad_policy;
105	data = NULL;
106	}
107	ret = 1;
108
109	bad_policy:
110	if (ret == -1)
111	x->ex_flags \|= EXFLAG_INVALID_POLICY;
112	if (data)
113	policy_data_free(data);
114	sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
115	if (ret <= 0) {
116	sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
117	cache->data = NULL;
118	}
119	return ret;
120	}
121
122	static int
123	policy_cache_new(X509 *x)
124	{
125	X509_POLICY_CACHE *cache;
126	ASN1_INTEGER *ext_any = NULL;
127	POLICY_CONSTRAINTS *ext_pcons = NULL;
128	CERTIFICATEPOLICIES *ext_cpols = NULL;
129	POLICY_MAPPINGS *ext_pmaps = NULL;
130	int i;
131
132	cache = malloc(sizeof(X509_POLICY_CACHE));
133	if (!cache)
134	return 0;
135	cache->anyPolicy = NULL;
136	cache->data = NULL;
137	cache->any_skip = -1;
138	cache->explicit_skip = -1;
139	cache->map_skip = -1;
140
141	x->policy_cache = cache;
142
143	/* Handle requireExplicitPolicy first. Need to process this
144	* even if we don't have any policies.
145	*/
146	ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
147
148	if (!ext_pcons) {
149	if (i != -1)
150	goto bad_cache;
151	} else {
152	if (!ext_pcons->requireExplicitPolicy &&
153	!ext_pcons->inhibitPolicyMapping)
154	goto bad_cache;
155	if (!policy_cache_set_int(&cache->explicit_skip,
156	ext_pcons->requireExplicitPolicy))
157	goto bad_cache;
158	if (!policy_cache_set_int(&cache->map_skip,
159	ext_pcons->inhibitPolicyMapping))
160	goto bad_cache;
161	}
162
163	/* Process CertificatePolicies */
164
165	ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
166	/* If no CertificatePolicies extension or problem decoding then
167	* there is no point continuing because the valid policies will be
168	* NULL.
169	*/
170	if (!ext_cpols) {
171	/* If not absent some problem with extension */
172	if (i != -1)
173	goto bad_cache;
174	return 1;
175	}
176
177	i = policy_cache_create(x, ext_cpols, i);
178
179	/* NB: ext_cpols freed by policy_cache_set_policies */
180
181	if (i <= 0)
182	return i;
183
184	ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
185
186	if (!ext_pmaps) {
187	/* If not absent some problem with extension */
188	if (i != -1)
189	goto bad_cache;
190	} else {
191	i = policy_cache_set_mapping(x, ext_pmaps);
192	if (i <= 0)
193	goto bad_cache;
194	}
195
196	ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
197
198	if (!ext_any) {
199	if (i != -1)
200	goto bad_cache;
201	} else if (!policy_cache_set_int(&cache->any_skip, ext_any))
202	goto bad_cache;
203
204	if (0) {
205	bad_cache:
206	x->ex_flags \|= EXFLAG_INVALID_POLICY;
207	}
208
209	if (ext_pcons)
210	POLICY_CONSTRAINTS_free(ext_pcons);
211
212	if (ext_any)
213	ASN1_INTEGER_free(ext_any);
214
215	return 1;
216	}
217
218	void
219	policy_cache_free(X509_POLICY_CACHE *cache)
220	{
221	if (!cache)
222	return;
223	if (cache->anyPolicy)
224	policy_data_free(cache->anyPolicy);
225	if (cache->data)
226	sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
227	free(cache);
228	}
229
230	const X509_POLICY_CACHE *
231	policy_cache_set(X509 *x)
232	{
233	if (x->policy_cache == NULL) {
234	CRYPTO_w_lock(CRYPTO_LOCK_X509);
235	policy_cache_new(x);
236	CRYPTO_w_unlock(CRYPTO_LOCK_X509);
237	}
238
239	return x->policy_cache;
240	}
241
242	X509_POLICY_DATA *
243	policy_cache_find_data(const X509_POLICY_CACHE cache, const ASN1_OBJECT id)
244	{
245	int idx;
246	X509_POLICY_DATA tmp;
247
248	tmp.valid_policy = (ASN1_OBJECT *)id;
249	idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
250	if (idx == -1)
251	return NULL;
252	return sk_X509_POLICY_DATA_value(cache->data, idx);
253	}
254
255	static int
256	policy_data_cmp(const X509_POLICY_DATA * const *a,
257	const X509_POLICY_DATA * const *b)
258	{
259	return OBJ_cmp((a)->valid_policy, (b)->valid_policy);
260	}
261
262	static int
263	policy_cache_set_int(long out, ASN1_INTEGER value)
264	{
265	if (value == NULL)
266	return 1;
267	if (value->type == V_ASN1_NEG_INTEGER)
268	return 0;
269	*out = ASN1_INTEGER_get(value);
270	return 1;
271	}