diff options
| author | jsing <> | 2014-04-21 08:41:26 +0000 |
|---|---|---|
| committer | jsing <> | 2014-04-21 08:41:26 +0000 |
| commit | af50ddfc8cd7409b6577826223496779c69cd1e0 (patch) | |
| tree | f2f8e8a8d38afa820e7b749c66023be793b9ca3c /src/lib/libcrypto/x509v3/pcy_cache.c | |
| parent | f46c697a11680ae5d3ab06393f0bfe2ed1841168 (diff) | |
| download | openbsd-af50ddfc8cd7409b6577826223496779c69cd1e0.tar.gz openbsd-af50ddfc8cd7409b6577826223496779c69cd1e0.tar.bz2 openbsd-af50ddfc8cd7409b6577826223496779c69cd1e0.zip | |
KNF.
Diffstat (limited to 'src/lib/libcrypto/x509v3/pcy_cache.c')
| -rw-r--r-- | src/lib/libcrypto/x509v3/pcy_cache.c | 146 |
1 files changed, 66 insertions, 80 deletions
diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c index 24c79b4a80..cc990670d7 100644 --- a/src/lib/libcrypto/x509v3/pcy_cache.c +++ b/src/lib/libcrypto/x509v3/pcy_cache.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | * are met: | 10 | * are met: |
| 11 | * | 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * | 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in | 16 | * notice, this list of conditions and the following disclaimer in |
| @@ -63,28 +63,28 @@ | |||
| 63 | #include "pcy_int.h" | 63 | #include "pcy_int.h" |
| 64 | 64 | ||
| 65 | static int policy_data_cmp(const X509_POLICY_DATA * const *a, | 65 | static int policy_data_cmp(const X509_POLICY_DATA * const *a, |
| 66 | const X509_POLICY_DATA * const *b); | 66 | const X509_POLICY_DATA * const *b); |
| 67 | static int policy_cache_set_int(long *out, ASN1_INTEGER *value); | 67 | static int policy_cache_set_int(long *out, ASN1_INTEGER *value); |
| 68 | 68 | ||
| 69 | /* Set cache entry according to CertificatePolicies extension. | 69 | /* Set cache entry according to CertificatePolicies extension. |
| 70 | * Note: this destroys the passed CERTIFICATEPOLICIES structure. | 70 | * Note: this destroys the passed CERTIFICATEPOLICIES structure. |
| 71 | */ | 71 | */ |
| 72 | 72 | ||
| 73 | static int policy_cache_create(X509 *x, | 73 | static int |
| 74 | CERTIFICATEPOLICIES *policies, int crit) | 74 | policy_cache_create(X509 *x, CERTIFICATEPOLICIES *policies, int crit) |
| 75 | { | 75 | { |
| 76 | int i; | 76 | int i; |
| 77 | int ret = 0; | 77 | int ret = 0; |
| 78 | X509_POLICY_CACHE *cache = x->policy_cache; | 78 | X509_POLICY_CACHE *cache = x->policy_cache; |
| 79 | X509_POLICY_DATA *data = NULL; | 79 | X509_POLICY_DATA *data = NULL; |
| 80 | POLICYINFO *policy; | 80 | POLICYINFO *policy; |
| 81 | |||
| 81 | if (sk_POLICYINFO_num(policies) == 0) | 82 | if (sk_POLICYINFO_num(policies) == 0) |
| 82 | goto bad_policy; | 83 | goto bad_policy; |
| 83 | cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); | 84 | cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); |
| 84 | if (!cache->data) | 85 | if (!cache->data) |
| 85 | goto bad_policy; | 86 | goto bad_policy; |
| 86 | for (i = 0; i < sk_POLICYINFO_num(policies); i++) | 87 | for (i = 0; i < sk_POLICYINFO_num(policies); i++) { |
| 87 | { | ||
| 88 | policy = sk_POLICYINFO_value(policies, i); | 88 | policy = sk_POLICYINFO_value(policies, i); |
| 89 | data = policy_data_new(policy, NULL, crit); | 89 | data = policy_data_new(policy, NULL, crit); |
| 90 | if (!data) | 90 | if (!data) |
| @@ -92,48 +92,44 @@ static int policy_cache_create(X509 *x, | |||
| 92 | /* Duplicate policy OIDs are illegal: reject if matches | 92 | /* Duplicate policy OIDs are illegal: reject if matches |
| 93 | * found. | 93 | * found. |
| 94 | */ | 94 | */ |
| 95 | if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) | 95 | if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { |
| 96 | { | 96 | if (cache->anyPolicy) { |
| 97 | if (cache->anyPolicy) | ||
| 98 | { | ||
| 99 | ret = -1; | 97 | ret = -1; |
| 100 | goto bad_policy; | 98 | goto bad_policy; |
| 101 | } | ||
| 102 | cache->anyPolicy = data; | ||
| 103 | } | 99 | } |
| 104 | else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) | 100 | cache->anyPolicy = data; |
| 105 | { | 101 | } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) { |
| 106 | ret = -1; | 102 | ret = -1; |
| 107 | goto bad_policy; | 103 | goto bad_policy; |
| 108 | } | 104 | } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) |
| 109 | else if (!sk_X509_POLICY_DATA_push(cache->data, data)) | ||
| 110 | goto bad_policy; | 105 | goto bad_policy; |
| 111 | data = NULL; | 106 | data = NULL; |
| 112 | } | 107 | } |
| 113 | ret = 1; | 108 | ret = 1; |
| 114 | bad_policy: | 109 | |
| 110 | bad_policy: | ||
| 115 | if (ret == -1) | 111 | if (ret == -1) |
| 116 | x->ex_flags |= EXFLAG_INVALID_POLICY; | 112 | x->ex_flags |= EXFLAG_INVALID_POLICY; |
| 117 | if (data) | 113 | if (data) |
| 118 | policy_data_free(data); | 114 | policy_data_free(data); |
| 119 | sk_POLICYINFO_pop_free(policies, POLICYINFO_free); | 115 | sk_POLICYINFO_pop_free(policies, POLICYINFO_free); |
| 120 | if (ret <= 0) | 116 | if (ret <= 0) { |
| 121 | { | ||
| 122 | sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); | 117 | sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); |
| 123 | cache->data = NULL; | 118 | cache->data = NULL; |
| 124 | } | ||
| 125 | return ret; | ||
| 126 | } | 119 | } |
| 120 | return ret; | ||
| 121 | } | ||
| 127 | 122 | ||
| 128 | 123 | static int | |
| 129 | static int policy_cache_new(X509 *x) | 124 | policy_cache_new(X509 *x) |
| 130 | { | 125 | { |
| 131 | X509_POLICY_CACHE *cache; | 126 | X509_POLICY_CACHE *cache; |
| 132 | ASN1_INTEGER *ext_any = NULL; | 127 | ASN1_INTEGER *ext_any = NULL; |
| 133 | POLICY_CONSTRAINTS *ext_pcons = NULL; | 128 | POLICY_CONSTRAINTS *ext_pcons = NULL; |
| 134 | CERTIFICATEPOLICIES *ext_cpols = NULL; | 129 | CERTIFICATEPOLICIES *ext_cpols = NULL; |
| 135 | POLICY_MAPPINGS *ext_pmaps = NULL; | 130 | POLICY_MAPPINGS *ext_pmaps = NULL; |
| 136 | int i; | 131 | int i; |
| 132 | |||
| 137 | cache = malloc(sizeof(X509_POLICY_CACHE)); | 133 | cache = malloc(sizeof(X509_POLICY_CACHE)); |
| 138 | if (!cache) | 134 | if (!cache) |
| 139 | return 0; | 135 | return 0; |
| @@ -150,23 +146,20 @@ static int policy_cache_new(X509 *x) | |||
| 150 | */ | 146 | */ |
| 151 | ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); | 147 | ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); |
| 152 | 148 | ||
| 153 | if (!ext_pcons) | 149 | if (!ext_pcons) { |
| 154 | { | ||
| 155 | if (i != -1) | 150 | if (i != -1) |
| 156 | goto bad_cache; | 151 | goto bad_cache; |
| 157 | } | 152 | } else { |
| 158 | else | 153 | if (!ext_pcons->requireExplicitPolicy && |
| 159 | { | 154 | !ext_pcons->inhibitPolicyMapping) |
| 160 | if (!ext_pcons->requireExplicitPolicy | ||
| 161 | && !ext_pcons->inhibitPolicyMapping) | ||
| 162 | goto bad_cache; | 155 | goto bad_cache; |
| 163 | if (!policy_cache_set_int(&cache->explicit_skip, | 156 | if (!policy_cache_set_int(&cache->explicit_skip, |
| 164 | ext_pcons->requireExplicitPolicy)) | 157 | ext_pcons->requireExplicitPolicy)) |
| 165 | goto bad_cache; | 158 | goto bad_cache; |
| 166 | if (!policy_cache_set_int(&cache->map_skip, | 159 | if (!policy_cache_set_int(&cache->map_skip, |
| 167 | ext_pcons->inhibitPolicyMapping)) | 160 | ext_pcons->inhibitPolicyMapping)) |
| 168 | goto bad_cache; | 161 | goto bad_cache; |
| 169 | } | 162 | } |
| 170 | 163 | ||
| 171 | /* Process CertificatePolicies */ | 164 | /* Process CertificatePolicies */ |
| 172 | 165 | ||
| @@ -175,13 +168,12 @@ static int policy_cache_new(X509 *x) | |||
| 175 | * there is no point continuing because the valid policies will be | 168 | * there is no point continuing because the valid policies will be |
| 176 | * NULL. | 169 | * NULL. |
| 177 | */ | 170 | */ |
| 178 | if (!ext_cpols) | 171 | if (!ext_cpols) { |
| 179 | { | ||
| 180 | /* If not absent some problem with extension */ | 172 | /* If not absent some problem with extension */ |
| 181 | if (i != -1) | 173 | if (i != -1) |
| 182 | goto bad_cache; | 174 | goto bad_cache; |
| 183 | return 1; | 175 | return 1; |
| 184 | } | 176 | } |
| 185 | 177 | ||
| 186 | i = policy_cache_create(x, ext_cpols, i); | 178 | i = policy_cache_create(x, ext_cpols, i); |
| 187 | 179 | ||
| @@ -192,48 +184,41 @@ static int policy_cache_new(X509 *x) | |||
| 192 | 184 | ||
| 193 | ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); | 185 | ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); |
| 194 | 186 | ||
| 195 | if (!ext_pmaps) | 187 | if (!ext_pmaps) { |
| 196 | { | ||
| 197 | /* If not absent some problem with extension */ | 188 | /* If not absent some problem with extension */ |
| 198 | if (i != -1) | 189 | if (i != -1) |
| 199 | goto bad_cache; | 190 | goto bad_cache; |
| 200 | } | 191 | } else { |
| 201 | else | ||
| 202 | { | ||
| 203 | i = policy_cache_set_mapping(x, ext_pmaps); | 192 | i = policy_cache_set_mapping(x, ext_pmaps); |
| 204 | if (i <= 0) | 193 | if (i <= 0) |
| 205 | goto bad_cache; | 194 | goto bad_cache; |
| 206 | } | 195 | } |
| 207 | 196 | ||
| 208 | ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); | 197 | ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); |
| 209 | 198 | ||
| 210 | if (!ext_any) | 199 | if (!ext_any) { |
| 211 | { | ||
| 212 | if (i != -1) | 200 | if (i != -1) |
| 213 | goto bad_cache; | 201 | goto bad_cache; |
| 214 | } | 202 | } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) |
| 215 | else if (!policy_cache_set_int(&cache->any_skip, ext_any)) | 203 | goto bad_cache; |
| 216 | goto bad_cache; | ||
| 217 | 204 | ||
| 218 | if (0) | 205 | if (0) { |
| 219 | { | 206 | bad_cache: |
| 220 | bad_cache: | ||
| 221 | x->ex_flags |= EXFLAG_INVALID_POLICY; | 207 | x->ex_flags |= EXFLAG_INVALID_POLICY; |
| 222 | } | 208 | } |
| 223 | 209 | ||
| 224 | if(ext_pcons) | 210 | if (ext_pcons) |
| 225 | POLICY_CONSTRAINTS_free(ext_pcons); | 211 | POLICY_CONSTRAINTS_free(ext_pcons); |
| 226 | 212 | ||
| 227 | if (ext_any) | 213 | if (ext_any) |
| 228 | ASN1_INTEGER_free(ext_any); | 214 | ASN1_INTEGER_free(ext_any); |
| 229 | 215 | ||
| 230 | return 1; | 216 | return 1; |
| 231 | |||
| 232 | |||
| 233 | } | 217 | } |
| 234 | 218 | ||
| 235 | void policy_cache_free(X509_POLICY_CACHE *cache) | 219 | void |
| 236 | { | 220 | policy_cache_free(X509_POLICY_CACHE *cache) |
| 221 | { | ||
| 237 | if (!cache) | 222 | if (!cache) |
| 238 | return; | 223 | return; |
| 239 | if (cache->anyPolicy) | 224 | if (cache->anyPolicy) |
| @@ -241,46 +226,47 @@ void policy_cache_free(X509_POLICY_CACHE *cache) | |||
| 241 | if (cache->data) | 226 | if (cache->data) |
| 242 | sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); | 227 | sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); |
| 243 | free(cache); | 228 | free(cache); |
| 244 | } | 229 | } |
| 245 | |||
| 246 | const X509_POLICY_CACHE *policy_cache_set(X509 *x) | ||
| 247 | { | ||
| 248 | 230 | ||
| 249 | if (x->policy_cache == NULL) | 231 | const X509_POLICY_CACHE * |
| 250 | { | 232 | policy_cache_set(X509 *x) |
| 233 | { | ||
| 234 | if (x->policy_cache == NULL) { | ||
| 251 | CRYPTO_w_lock(CRYPTO_LOCK_X509); | 235 | CRYPTO_w_lock(CRYPTO_LOCK_X509); |
| 252 | policy_cache_new(x); | 236 | policy_cache_new(x); |
| 253 | CRYPTO_w_unlock(CRYPTO_LOCK_X509); | 237 | CRYPTO_w_unlock(CRYPTO_LOCK_X509); |
| 254 | } | 238 | } |
| 255 | 239 | ||
| 256 | return x->policy_cache; | 240 | return x->policy_cache; |
| 241 | } | ||
| 257 | 242 | ||
| 258 | } | 243 | X509_POLICY_DATA * |
| 259 | 244 | policy_cache_find_data(const X509_POLICY_CACHE *cache, const ASN1_OBJECT *id) | |
| 260 | X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, | 245 | { |
| 261 | const ASN1_OBJECT *id) | ||
| 262 | { | ||
| 263 | int idx; | 246 | int idx; |
| 264 | X509_POLICY_DATA tmp; | 247 | X509_POLICY_DATA tmp; |
| 248 | |||
| 265 | tmp.valid_policy = (ASN1_OBJECT *)id; | 249 | tmp.valid_policy = (ASN1_OBJECT *)id; |
| 266 | idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); | 250 | idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); |
| 267 | if (idx == -1) | 251 | if (idx == -1) |
| 268 | return NULL; | 252 | return NULL; |
| 269 | return sk_X509_POLICY_DATA_value(cache->data, idx); | 253 | return sk_X509_POLICY_DATA_value(cache->data, idx); |
| 270 | } | 254 | } |
| 271 | 255 | ||
| 272 | static int policy_data_cmp(const X509_POLICY_DATA * const *a, | 256 | static int |
| 273 | const X509_POLICY_DATA * const *b) | 257 | policy_data_cmp(const X509_POLICY_DATA * const *a, |
| 274 | { | 258 | const X509_POLICY_DATA * const *b) |
| 259 | { | ||
| 275 | return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); | 260 | return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); |
| 276 | } | 261 | } |
| 277 | 262 | ||
| 278 | static int policy_cache_set_int(long *out, ASN1_INTEGER *value) | 263 | static int |
| 279 | { | 264 | policy_cache_set_int(long *out, ASN1_INTEGER *value) |
| 265 | { | ||
| 280 | if (value == NULL) | 266 | if (value == NULL) |
| 281 | return 1; | 267 | return 1; |
| 282 | if (value->type == V_ASN1_NEG_INTEGER) | 268 | if (value->type == V_ASN1_NEG_INTEGER) |
| 283 | return 0; | 269 | return 0; |
| 284 | *out = ASN1_INTEGER_get(value); | 270 | *out = ASN1_INTEGER_get(value); |
| 285 | return 1; | 271 | return 1; |
| 286 | } | 272 | } |