Coverage Report

Created: 2026-03-19 06:22

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/boringssl/crypto/x509/v3_pcons.cc
Line
Count
Source
1
// Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
6
//
7
//     https://www.apache.org/licenses/LICENSE-2.0
8
//
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
14
15
#include <stdio.h>
16
#include <string.h>
17
18
#include <openssl/asn1.h>
19
#include <openssl/asn1t.h>
20
#include <openssl/conf.h>
21
#include <openssl/err.h>
22
#include <openssl/obj.h>
23
#include <openssl/x509.h>
24
25
#include "internal.h"
26
27
28
using namespace bssl;
29
30
static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(
31
    const X509V3_EXT_METHOD *method, void *bcons,
32
    STACK_OF(CONF_VALUE) *extlist);
33
static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
34
                                    const X509V3_CTX *ctx,
35
                                    const STACK_OF(CONF_VALUE) *values);
36
37
const X509V3_EXT_METHOD bssl::v3_policy_constraints = {
38
    NID_policy_constraints,
39
    0,
40
    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
41
    nullptr,
42
    nullptr,
43
    nullptr,
44
    nullptr,
45
    nullptr,
46
    nullptr,
47
    i2v_POLICY_CONSTRAINTS,
48
    v2i_POLICY_CONSTRAINTS,
49
    nullptr,
50
    nullptr,
51
    nullptr};
52
53
ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
54
    ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER, 0),
55
    ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER, 1),
56
} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
57
58
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
59
60
static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(
61
245
    const X509V3_EXT_METHOD *method, void *a, STACK_OF(CONF_VALUE) *extlist) {
62
245
  const POLICY_CONSTRAINTS *pcons = reinterpret_cast<POLICY_CONSTRAINTS *>(a);
63
245
  X509V3_add_value_int("Require Explicit Policy", pcons->requireExplicitPolicy,
64
245
                       &extlist);
65
245
  X509V3_add_value_int("Inhibit Policy Mapping", pcons->inhibitPolicyMapping,
66
245
                       &extlist);
67
245
  return extlist;
68
245
}
69
70
static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
71
                                    const X509V3_CTX *ctx,
72
407
                                    const STACK_OF(CONF_VALUE) *values) {
73
407
  POLICY_CONSTRAINTS *pcons = nullptr;
74
407
  if (!(pcons = POLICY_CONSTRAINTS_new())) {
75
0
    return nullptr;
76
0
  }
77
601
  for (size_t i = 0; i < sk_CONF_VALUE_num(values); i++) {
78
581
    const CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
79
581
    if (!strcmp(val->name, "requireExplicitPolicy")) {
80
79
      if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) {
81
3
        goto err;
82
3
      }
83
502
    } else if (!strcmp(val->name, "inhibitPolicyMapping")) {
84
121
      if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) {
85
3
        goto err;
86
3
      }
87
381
    } else {
88
381
      OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NAME);
89
381
      X509V3_conf_err(val);
90
381
      goto err;
91
381
    }
92
581
  }
93
20
  if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
94
0
    OPENSSL_PUT_ERROR(X509V3, X509V3_R_ILLEGAL_EMPTY_EXTENSION);
95
0
    goto err;
96
0
  }
97
98
20
  return pcons;
99
387
err:
100
387
  POLICY_CONSTRAINTS_free(pcons);
101
387
  return nullptr;
102
20
}