1 files changed, 212 insertions, 0 deletions
diff --git a/src/lib/libcrypto/x509v3/pcy_int.h b/src/lib/libcrypto/x509v3/pcy_int.h
new file mode 100644
index 0000000000..ccff92846e
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/pcy_int.h
@@ -0,0 +1,212 @@
+/* pcy_int.h */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
+DECLARE_STACK_OF(X509_POLICY_DATA)
+/* Internal structures */
+/* This structure and the field names correspond to the Policy 'node' of
+ * RFC3280. NB this structure contains no pointers to parent or child
+ * data: X509_POLICY_NODE contains that. This means that the main policy data
+ * can be kept static and cached with the certificate.
+ */
+struct X509_POLICY_DATA_st
+        {
+        unsigned int flags;
+        /* Policy OID and qualifiers for this data */
+        ASN1_OBJECT *valid_policy;
+        STACK_OF(POLICYQUALINFO) *qualifier_set;
+        STACK_OF(ASN1_OBJECT) *expected_policy_set;
+        };
+/* X509_POLICY_DATA flags values */
+/* This flag indicates the structure has been mapped using a policy mapping
+ * extension. If policy mapping is not active its references get deleted. 
+ */
+#define POLICY_DATA_FLAG_MAPPED                 0x1
+/* This flag indicates the data doesn't correspond to a policy in Certificate
+ * Policies: it has been mapped to any policy.
+ */
+#define POLICY_DATA_FLAG_MAPPED_ANY             0x2
+/* AND with flags to see if any mapping has occurred */
+#define POLICY_DATA_FLAG_MAP_MASK               0x3
+/* qualifiers are shared and shouldn't be freed */
+#define POLICY_DATA_FLAG_SHARED_QUALIFIERS      0x4
+/* Parent node is an extra node and should be freed */
+#define POLICY_DATA_FLAG_EXTRA_NODE             0x8
+/* Corresponding CertificatePolicies is critical */
+#define POLICY_DATA_FLAG_CRITICAL               0x10
+/* This structure is cached with a certificate */
+struct X509_POLICY_CACHE_st {
+        /* anyPolicy data or NULL if no anyPolicy */
+        X509_POLICY_DATA *anyPolicy;
+        /* other policy data */
+        STACK_OF(X509_POLICY_DATA) *data;
+        /* If InhibitAnyPolicy present this is its value or -1 if absent. */
+        long any_skip;
+        /* If policyConstraints and requireExplicitPolicy present this is its
+         * value or -1 if absent.
+         */
+        long explicit_skip;
+        /* If policyConstraints and policyMapping present this is its
+         * value or -1 if absent.
+         */
+        long map_skip;
+        };
+/*#define POLICY_CACHE_FLAG_CRITICAL            POLICY_DATA_FLAG_CRITICAL*/
+/* This structure represents the relationship between nodes */
+struct X509_POLICY_NODE_st
+        {
+        /* node data this refers to */
+        const X509_POLICY_DATA *data;
+        /* Parent node */
+        X509_POLICY_NODE *parent;
+        /* Number of child nodes */
+        int nchild;
+        };
+struct X509_POLICY_LEVEL_st
+        {
+        /* Cert for this level */
+        X509 *cert;
+        /* nodes at this level */
+        STACK_OF(X509_POLICY_NODE) *nodes;
+        /* anyPolicy node */
+        X509_POLICY_NODE *anyPolicy;
+        /* Extra data */
+        /*STACK_OF(X509_POLICY_DATA) *extra_data;*/
+        unsigned int flags;
+        };
+struct X509_POLICY_TREE_st
+        {
+        /* This is the tree 'level' data */
+        X509_POLICY_LEVEL *levels;
+        int nlevel;
+        /* Extra policy data when additional nodes (not from the certificate)
+         * are required.
+         */
+        STACK_OF(X509_POLICY_DATA) *extra_data;
+        /* This is the authority constained policy set */
+        STACK_OF(X509_POLICY_NODE) *auth_policies;
+        STACK_OF(X509_POLICY_NODE) *user_policies;
+        unsigned int flags;
+        };
+/* Set if anyPolicy present in user policies */
+#define POLICY_FLAG_ANY_POLICY          0x2
+/* Useful macros */
+#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
+#define node_critical(node) node_data_critical(node->data)
+/* Internal functions */
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
+                                                                int crit);
+void policy_data_free(X509_POLICY_DATA *data);
+X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
+                                                        const ASN1_OBJECT *id);
+int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
+STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
+void policy_cache_init(void);
+void policy_cache_free(X509_POLICY_CACHE *cache);
+X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                        const X509_POLICY_NODE *parent, 
+                                        const ASN1_OBJECT *id);
+X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+                                                const ASN1_OBJECT *id);
+X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                        const X509_POLICY_DATA *data,
+                        X509_POLICY_NODE *parent,
+                        X509_POLICY_TREE *tree);
+void policy_node_free(X509_POLICY_NODE *node);
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+const X509_POLICY_CACHE *policy_cache_set(X509 *x);

diff --git a/src/lib/libcrypto/x509v3/pcy_int.h b/src/lib/libcrypto/x509v3/pcy_int.h new file mode 100644 index 0000000000..ccff92846e --- /dev/null +++ b/src/lib/libcrypto/x509v3/pcy_int.h
@@ -0,0 +1,212 @@
	1	/* pcy_int.h */
	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
	3	* project 2004.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58
	59
	60	typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
	61
	62	DECLARE_STACK_OF(X509_POLICY_DATA)
	63
	64	/* Internal structures */
	65
	66	/* This structure and the field names correspond to the Policy 'node' of
	67	* RFC3280. NB this structure contains no pointers to parent or child
	68	* data: X509_POLICY_NODE contains that. This means that the main policy data
	69	* can be kept static and cached with the certificate.
	70	*/
	71
	72	struct X509_POLICY_DATA_st
	73	{
	74	unsigned int flags;
	75	/* Policy OID and qualifiers for this data */
	76	ASN1_OBJECT *valid_policy;
	77	STACK_OF(POLICYQUALINFO) *qualifier_set;
	78	STACK_OF(ASN1_OBJECT) *expected_policy_set;
	79	};
	80
	81	/* X509_POLICY_DATA flags values */
	82
	83	/* This flag indicates the structure has been mapped using a policy mapping
	84	* extension. If policy mapping is not active its references get deleted.
	85	*/
	86
	87	#define POLICY_DATA_FLAG_MAPPED 0x1
	88
	89	/* This flag indicates the data doesn't correspond to a policy in Certificate
	90	* Policies: it has been mapped to any policy.
	91	*/
	92
	93	#define POLICY_DATA_FLAG_MAPPED_ANY 0x2
	94
	95	/* AND with flags to see if any mapping has occurred */
	96
	97	#define POLICY_DATA_FLAG_MAP_MASK 0x3
	98
	99	/* qualifiers are shared and shouldn't be freed */
	100
	101	#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4
	102
	103	/* Parent node is an extra node and should be freed */
	104
	105	#define POLICY_DATA_FLAG_EXTRA_NODE 0x8
	106
	107	/* Corresponding CertificatePolicies is critical */
	108
	109	#define POLICY_DATA_FLAG_CRITICAL 0x10
	110
	111	/* This structure is cached with a certificate */
	112
	113	struct X509_POLICY_CACHE_st {
	114	/* anyPolicy data or NULL if no anyPolicy */
	115	X509_POLICY_DATA *anyPolicy;
	116	/* other policy data */
	117	STACK_OF(X509_POLICY_DATA) *data;
	118	/* If InhibitAnyPolicy present this is its value or -1 if absent. */
	119	long any_skip;
	120	/* If policyConstraints and requireExplicitPolicy present this is its
	121	* value or -1 if absent.
	122	*/
	123	long explicit_skip;
	124	/* If policyConstraints and policyMapping present this is its
	125	* value or -1 if absent.
	126	*/
	127	long map_skip;
	128	};
	129
	130	/#define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL/
	131
	132	/* This structure represents the relationship between nodes */
	133
	134	struct X509_POLICY_NODE_st
	135	{
	136	/* node data this refers to */
	137	const X509_POLICY_DATA *data;
	138	/* Parent node */
	139	X509_POLICY_NODE *parent;
	140	/* Number of child nodes */
	141	int nchild;
	142	};
	143
	144	struct X509_POLICY_LEVEL_st
	145	{
	146	/* Cert for this level */
	147	X509 *cert;
	148	/* nodes at this level */
	149	STACK_OF(X509_POLICY_NODE) *nodes;
	150	/* anyPolicy node */
	151	X509_POLICY_NODE *anyPolicy;
	152	/* Extra data */
	153	/STACK_OF(X509_POLICY_DATA) extra_data;*/
	154	unsigned int flags;
	155	};
	156
	157	struct X509_POLICY_TREE_st
	158	{
	159	/* This is the tree 'level' data */
	160	X509_POLICY_LEVEL *levels;
	161	int nlevel;
	162	/* Extra policy data when additional nodes (not from the certificate)
	163	* are required.
	164	*/
	165	STACK_OF(X509_POLICY_DATA) *extra_data;
	166	/* This is the authority constained policy set */
	167	STACK_OF(X509_POLICY_NODE) *auth_policies;
	168	STACK_OF(X509_POLICY_NODE) *user_policies;
	169	unsigned int flags;
	170	};
	171
	172	/* Set if anyPolicy present in user policies */
	173	#define POLICY_FLAG_ANY_POLICY 0x2
	174
	175	/* Useful macros */
	176
	177	#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
	178	#define node_critical(node) node_data_critical(node->data)
	179
	180	/* Internal functions */
	181
	182	X509_POLICY_DATA policy_data_new(POLICYINFO policy, const ASN1_OBJECT *id,
	183	int crit);
	184	void policy_data_free(X509_POLICY_DATA *data);
	185
	186	X509_POLICY_DATA policy_cache_find_data(const X509_POLICY_CACHE cache,
	187	const ASN1_OBJECT *id);
	188	int policy_cache_set_mapping(X509 x, POLICY_MAPPINGS maps);
	189
	190
	191	STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
	192
	193	void policy_cache_init(void);
	194
	195	void policy_cache_free(X509_POLICY_CACHE *cache);
	196
	197	X509_POLICY_NODE level_find_node(const X509_POLICY_LEVEL level,
	198	const X509_POLICY_NODE *parent,
	199	const ASN1_OBJECT *id);
	200
	201	X509_POLICY_NODE tree_find_sk(STACK_OF(X509_POLICY_NODE) sk,
	202	const ASN1_OBJECT *id);
	203
	204	X509_POLICY_NODE level_add_node(X509_POLICY_LEVEL level,
	205	const X509_POLICY_DATA *data,
	206	X509_POLICY_NODE *parent,
	207	X509_POLICY_TREE *tree);
	208	void policy_node_free(X509_POLICY_NODE *node);
	209	int policy_node_match(const X509_POLICY_LEVEL *lvl,
	210	const X509_POLICY_NODE node, const ASN1_OBJECT oid);
	211
	212	const X509_POLICY_CACHE policy_cache_set(X509 x);