1 files changed, 41 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509v3/pcy_node.c b/src/lib/libcrypto/x509v3/pcy_node.c
index 6587cb05ab..bd1e7f1ae8 100644
--- a/src/lib/libcrypto/x509v3/pcy_node.c
+++ b/src/lib/libcrypto/x509v3/pcy_node.c
@@ -92,13 +92,25 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
        }
 X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                        const X509_POLICY_NODE *parent, 
                                        const ASN1_OBJECT *id)
        {
-        return tree_find_sk(level->nodes, id);
+        X509_POLICY_NODE *node;
+        int i;
+        for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++)
+                {
+                node = sk_X509_POLICY_NODE_value(level->nodes, i);
+                if (node->parent == parent)
+                        {
+                        if (!OBJ_cmp(node->data->valid_policy, id))
+                                return node;
+                        }
+                }
+        return NULL;
        }
 X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-                        X509_POLICY_DATA *data,
+                        const X509_POLICY_DATA *data,
                        X509_POLICY_NODE *parent,
                        X509_POLICY_TREE *tree)
        {
@@ -155,4 +167,31 @@ void policy_node_free(X509_POLICY_NODE *node)
        OPENSSL_free(node);
        }
+/* See if a policy node matches a policy OID. If mapping enabled look through
+ * expected policy set otherwise just valid policy.
+ */
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
+        {
+        int i;
+        ASN1_OBJECT *policy_oid;
+        const X509_POLICY_DATA *x = node->data;
+        if (        (lvl->flags & X509_V_FLAG_INHIBIT_MAP)
+                || !(x->flags & POLICY_DATA_FLAG_MAP_MASK))
+                {
+                if (!OBJ_cmp(x->valid_policy, oid))
+                        return 1;
+                return 0;
+                }
+        for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++)
+                {
+                policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
+                if (!OBJ_cmp(policy_oid, oid))
+                        return 1;
+                }
+        return 0;
+        }

diff --git a/src/lib/libcrypto/x509v3/pcy_node.c b/src/lib/libcrypto/x509v3/pcy_node.c index 6587cb05ab..bd1e7f1ae8 100644 --- a/src/lib/libcrypto/x509v3/pcy_node.c +++ b/src/lib/libcrypto/x509v3/pcy_node.c
@@ -92,13 +92,25 @@ X509_POLICY_NODE tree_find_sk(STACK_OF(X509_POLICY_NODE) nodes,
92	}	92	}
93		93
94	X509_POLICY_NODE level_find_node(const X509_POLICY_LEVEL level,	94	X509_POLICY_NODE level_find_node(const X509_POLICY_LEVEL level,
		95	const X509_POLICY_NODE *parent,
95	const ASN1_OBJECT *id)	96	const ASN1_OBJECT *id)
96	{	97	{
97	return tree_find_sk(level->nodes, id);	98	X509_POLICY_NODE *node;
		99	int i;
		100	for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++)
		101	{
		102	node = sk_X509_POLICY_NODE_value(level->nodes, i);
		103	if (node->parent == parent)
		104	{
		105	if (!OBJ_cmp(node->data->valid_policy, id))
		106	return node;
		107	}
		108	}
		109	return NULL;
98	}	110	}
99		111
100	X509_POLICY_NODE level_add_node(X509_POLICY_LEVEL level,	112	X509_POLICY_NODE level_add_node(X509_POLICY_LEVEL level,
101	X509_POLICY_DATA *data,	113	const X509_POLICY_DATA *data,
102	X509_POLICY_NODE *parent,	114	X509_POLICY_NODE *parent,
103	X509_POLICY_TREE *tree)	115	X509_POLICY_TREE *tree)
104	{	116	{
@@ -155,4 +167,31 @@ void policy_node_free(X509_POLICY_NODE *node)
155	OPENSSL_free(node);	167	OPENSSL_free(node);
156	}	168	}
157		169
		170	/* See if a policy node matches a policy OID. If mapping enabled look through
		171	* expected policy set otherwise just valid policy.
		172	*/
		173
		174	int policy_node_match(const X509_POLICY_LEVEL *lvl,
		175	const X509_POLICY_NODE node, const ASN1_OBJECT oid)
		176	{
		177	int i;
		178	ASN1_OBJECT *policy_oid;
		179	const X509_POLICY_DATA *x = node->data;
		180
		181	if ( (lvl->flags & X509_V_FLAG_INHIBIT_MAP)
		182	\|\| !(x->flags & POLICY_DATA_FLAG_MAP_MASK))
		183	{
		184	if (!OBJ_cmp(x->valid_policy, oid))
		185	return 1;
		186	return 0;
		187	}
		188
		189	for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++)
		190	{
		191	policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
		192	if (!OBJ_cmp(policy_oid, oid))
		193	return 1;
		194	}
		195	return 0;
158		196
		197	}