1 files changed, 0 insertions, 287 deletions
diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c
deleted file mode 100644
index 1030931b71..0000000000
--- a/src/lib/libcrypto/x509v3/pcy_cache.c
+++ /dev/null
@@ -1,287 +0,0 @@
-/* pcy_cache.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include "pcy_int.h"
-static int policy_data_cmp(const X509_POLICY_DATA * const *a,
-                                const X509_POLICY_DATA * const *b);
-static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
-/* Set cache entry according to CertificatePolicies extension.
- * Note: this destroys the passed CERTIFICATEPOLICIES structure.
- */
-static int policy_cache_create(X509 *x,
-                        CERTIFICATEPOLICIES *policies, int crit)
-        {
-        int i;
-        int ret = 0;
-        X509_POLICY_CACHE *cache = x->policy_cache;
-        X509_POLICY_DATA *data = NULL;
-        POLICYINFO *policy;
-        if (sk_POLICYINFO_num(policies) == 0)
-                goto bad_policy;
-        cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
-        if (!cache->data)
-                goto bad_policy;
-        for (i = 0; i < sk_POLICYINFO_num(policies); i++)
-                {
-                policy = sk_POLICYINFO_value(policies, i);
-                data = policy_data_new(policy, NULL, crit);
-                if (!data)
-                        goto bad_policy;
-                /* Duplicate policy OIDs are illegal: reject if matches
-                 * found.
-                 */
-                if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)
-                        {
-                        if (cache->anyPolicy)
-                                {
-                                ret = -1;
-                                goto bad_policy;
-                                }
-                        cache->anyPolicy = data;
-                        }
-                else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1)
-                        {
-                        ret = -1;
-                        goto bad_policy;
-                        }
-                else if (!sk_X509_POLICY_DATA_push(cache->data, data))
-                        goto bad_policy;
-                data = NULL;
-                }
-        ret = 1;
-        bad_policy:
-        if (ret == -1)
-                x->ex_flags |= EXFLAG_INVALID_POLICY;
-        if (data)
-                policy_data_free(data);
-        sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
-        if (ret <= 0)
-                {
-                sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
-                cache->data = NULL;
-                }
-        return ret;
-        }
-        
-static int policy_cache_new(X509 *x)
-        {
-        X509_POLICY_CACHE *cache;
-        ASN1_INTEGER *ext_any = NULL;
-        POLICY_CONSTRAINTS *ext_pcons = NULL;
-        CERTIFICATEPOLICIES *ext_cpols = NULL;
-        POLICY_MAPPINGS *ext_pmaps = NULL;
-        int i;
-        cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE));
-        if (!cache)
-                return 0;
-        cache->anyPolicy = NULL;
-        cache->data = NULL;
-        cache->maps = NULL;
-        cache->any_skip = -1;
-        cache->explicit_skip = -1;
-        cache->map_skip = -1;
-        x->policy_cache = cache;
-        /* Handle requireExplicitPolicy *first*. Need to process this
-         * even if we don't have any policies.
-         */
-        ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
-        if (!ext_pcons)
-                {
-                if (i != -1)
-                        goto bad_cache;
-                }
-        else
-                {
-                if (!ext_pcons->requireExplicitPolicy
-                        && !ext_pcons->inhibitPolicyMapping)
-                        goto bad_cache;
-                if (!policy_cache_set_int(&cache->explicit_skip,
-                        ext_pcons->requireExplicitPolicy))
-                        goto bad_cache;
-                if (!policy_cache_set_int(&cache->map_skip,
-                        ext_pcons->inhibitPolicyMapping))
-                        goto bad_cache;
-                }
-        /* Process CertificatePolicies */
-        ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
-        /* If no CertificatePolicies extension or problem decoding then
-         * there is no point continuing because the valid policies will be
-         * NULL.
-         */
-        if (!ext_cpols)
-                {
-                /* If not absent some problem with extension */
-                if (i != -1)
-                        goto bad_cache;
-                return 1;
-                }
-        i = policy_cache_create(x, ext_cpols, i);
-        /* NB: ext_cpols freed by policy_cache_set_policies */
-        if (i <= 0)
-                return i;
-        ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
-        if (!ext_pmaps)
-                {
-                /* If not absent some problem with extension */
-                if (i != -1)
-                        goto bad_cache;
-                }
-        else
-                {
-                i = policy_cache_set_mapping(x, ext_pmaps);
-                if (i <= 0)
-                        goto bad_cache;
-                }
-        ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
-        if (!ext_any)
-                {
-                if (i != -1)
-                        goto bad_cache;
-                }
-        else if (!policy_cache_set_int(&cache->any_skip, ext_any))
-                        goto bad_cache;
-        if (0)
-                {
-                bad_cache:
-                x->ex_flags |= EXFLAG_INVALID_POLICY;
-                }
-        if(ext_pcons)
-                POLICY_CONSTRAINTS_free(ext_pcons);
-        if (ext_any)
-                ASN1_INTEGER_free(ext_any);
-        return 1;
-        
-}
-void policy_cache_free(X509_POLICY_CACHE *cache)
-        {
-        if (!cache)
-                return;
-        if (cache->anyPolicy)
-                policy_data_free(cache->anyPolicy);
-        if (cache->data)
-                sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
-        OPENSSL_free(cache);
-        }
-const X509_POLICY_CACHE *policy_cache_set(X509 *x)
-        {
-        if (x->policy_cache == NULL)
-                {
-                CRYPTO_w_lock(CRYPTO_LOCK_X509);
-                        policy_cache_new(x);
-                CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-                }
-        return x->policy_cache;
-        }
-X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
-                                                const ASN1_OBJECT *id)
-        {
-        int idx;
-        X509_POLICY_DATA tmp;
-        tmp.valid_policy = (ASN1_OBJECT *)id;
-        idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
-        if (idx == -1)
-                return NULL;
-        return sk_X509_POLICY_DATA_value(cache->data, idx);
-        }
-static int policy_data_cmp(const X509_POLICY_DATA * const *a,
-                                const X509_POLICY_DATA * const *b)
-        {
-        return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
-        }
-static int policy_cache_set_int(long *out, ASN1_INTEGER *value)
-        {
-        if (value == NULL)
-                return 1;
-        if (value->type == V_ASN1_NEG_INTEGER)
-                return 0;
-        *out = ASN1_INTEGER_get(value);
-        return 1;
-        }

diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c deleted file mode 100644 index 1030931b71..0000000000 --- a/src/lib/libcrypto/x509v3/pcy_cache.c +++ /dev/null
@@ -1,287 +0,0 @@
1	/* pcy_cache.c */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2004.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include "cryptlib.h"
60	#include <openssl/x509.h>
61	#include <openssl/x509v3.h>
62
63	#include "pcy_int.h"
64
65	static int policy_data_cmp(const X509_POLICY_DATA * const *a,
66	const X509_POLICY_DATA * const *b);
67	static int policy_cache_set_int(long out, ASN1_INTEGER value);
68
69	/* Set cache entry according to CertificatePolicies extension.
70	* Note: this destroys the passed CERTIFICATEPOLICIES structure.
71	*/
72
73	static int policy_cache_create(X509 *x,
74	CERTIFICATEPOLICIES *policies, int crit)
75	{
76	int i;
77	int ret = 0;
78	X509_POLICY_CACHE *cache = x->policy_cache;
79	X509_POLICY_DATA *data = NULL;
80	POLICYINFO *policy;
81	if (sk_POLICYINFO_num(policies) == 0)
82	goto bad_policy;
83	cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
84	if (!cache->data)
85	goto bad_policy;
86	for (i = 0; i < sk_POLICYINFO_num(policies); i++)
87	{
88	policy = sk_POLICYINFO_value(policies, i);
89	data = policy_data_new(policy, NULL, crit);
90	if (!data)
91	goto bad_policy;
92	/* Duplicate policy OIDs are illegal: reject if matches
93	* found.
94	*/
95	if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)
96	{
97	if (cache->anyPolicy)
98	{
99	ret = -1;
100	goto bad_policy;
101	}
102	cache->anyPolicy = data;
103	}
104	else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1)
105	{
106	ret = -1;
107	goto bad_policy;
108	}
109	else if (!sk_X509_POLICY_DATA_push(cache->data, data))
110	goto bad_policy;
111	data = NULL;
112	}
113	ret = 1;
114	bad_policy:
115	if (ret == -1)
116	x->ex_flags \|= EXFLAG_INVALID_POLICY;
117	if (data)
118	policy_data_free(data);
119	sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
120	if (ret <= 0)
121	{
122	sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
123	cache->data = NULL;
124	}
125	return ret;
126	}
127
128
129	static int policy_cache_new(X509 *x)
130	{
131	X509_POLICY_CACHE *cache;
132	ASN1_INTEGER *ext_any = NULL;
133	POLICY_CONSTRAINTS *ext_pcons = NULL;
134	CERTIFICATEPOLICIES *ext_cpols = NULL;
135	POLICY_MAPPINGS *ext_pmaps = NULL;
136	int i;
137	cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE));
138	if (!cache)
139	return 0;
140	cache->anyPolicy = NULL;
141	cache->data = NULL;
142	cache->maps = NULL;
143	cache->any_skip = -1;
144	cache->explicit_skip = -1;
145	cache->map_skip = -1;
146
147	x->policy_cache = cache;
148
149	/* Handle requireExplicitPolicy first. Need to process this
150	* even if we don't have any policies.
151	*/
152	ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
153
154	if (!ext_pcons)
155	{
156	if (i != -1)
157	goto bad_cache;
158	}
159	else
160	{
161	if (!ext_pcons->requireExplicitPolicy
162	&& !ext_pcons->inhibitPolicyMapping)
163	goto bad_cache;
164	if (!policy_cache_set_int(&cache->explicit_skip,
165	ext_pcons->requireExplicitPolicy))
166	goto bad_cache;
167	if (!policy_cache_set_int(&cache->map_skip,
168	ext_pcons->inhibitPolicyMapping))
169	goto bad_cache;
170	}
171
172	/* Process CertificatePolicies */
173
174	ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
175	/* If no CertificatePolicies extension or problem decoding then
176	* there is no point continuing because the valid policies will be
177	* NULL.
178	*/
179	if (!ext_cpols)
180	{
181	/* If not absent some problem with extension */
182	if (i != -1)
183	goto bad_cache;
184	return 1;
185	}
186
187	i = policy_cache_create(x, ext_cpols, i);
188
189	/* NB: ext_cpols freed by policy_cache_set_policies */
190
191	if (i <= 0)
192	return i;
193
194	ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
195
196	if (!ext_pmaps)
197	{
198	/* If not absent some problem with extension */
199	if (i != -1)
200	goto bad_cache;
201	}
202	else
203	{
204	i = policy_cache_set_mapping(x, ext_pmaps);
205	if (i <= 0)
206	goto bad_cache;
207	}
208
209	ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
210
211	if (!ext_any)
212	{
213	if (i != -1)
214	goto bad_cache;
215	}
216	else if (!policy_cache_set_int(&cache->any_skip, ext_any))
217	goto bad_cache;
218
219	if (0)
220	{
221	bad_cache:
222	x->ex_flags \|= EXFLAG_INVALID_POLICY;
223	}
224
225	if(ext_pcons)
226	POLICY_CONSTRAINTS_free(ext_pcons);
227
228	if (ext_any)
229	ASN1_INTEGER_free(ext_any);
230
231	return 1;
232
233
234	}
235
236	void policy_cache_free(X509_POLICY_CACHE *cache)
237	{
238	if (!cache)
239	return;
240	if (cache->anyPolicy)
241	policy_data_free(cache->anyPolicy);
242	if (cache->data)
243	sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
244	OPENSSL_free(cache);
245	}
246
247	const X509_POLICY_CACHE policy_cache_set(X509 x)
248	{
249
250	if (x->policy_cache == NULL)
251	{
252	CRYPTO_w_lock(CRYPTO_LOCK_X509);
253	policy_cache_new(x);
254	CRYPTO_w_unlock(CRYPTO_LOCK_X509);
255	}
256
257	return x->policy_cache;
258
259	}
260
261	X509_POLICY_DATA policy_cache_find_data(const X509_POLICY_CACHE cache,
262	const ASN1_OBJECT *id)
263	{
264	int idx;
265	X509_POLICY_DATA tmp;
266	tmp.valid_policy = (ASN1_OBJECT *)id;
267	idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
268	if (idx == -1)
269	return NULL;
270	return sk_X509_POLICY_DATA_value(cache->data, idx);
271	}
272
273	static int policy_data_cmp(const X509_POLICY_DATA * const *a,
274	const X509_POLICY_DATA * const *b)
275	{
276	return OBJ_cmp((a)->valid_policy, (b)->valid_policy);
277	}
278
279	static int policy_cache_set_int(long out, ASN1_INTEGER value)
280	{
281	if (value == NULL)
282	return 1;
283	if (value->type == V_ASN1_NEG_INTEGER)
284	return 0;
285	*out = ASN1_INTEGER_get(value);
286	return 1;
287	}