/src/openssl30/crypto/x509/pcy_local.h

Source (jump to first uncovered line)
/*
 * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;

DEFINE_STACK_OF(X509_POLICY_DATA)

/* Internal structures */

/*
 * This structure and the field names correspond to the Policy 'node' of
 * RFC3280. NB this structure contains no pointers to parent or child data:
 * X509_POLICY_NODE contains that. This means that the main policy data can
 * be kept static and cached with the certificate.
 */

struct X509_POLICY_DATA_st {
    unsigned int flags;
    /* Policy OID and qualifiers for this data */
    ASN1_OBJECT *valid_policy;
    STACK_OF(POLICYQUALINFO) *qualifier_set;
    STACK_OF(ASN1_OBJECT) *expected_policy_set;
};

/* X509_POLICY_DATA flags values */

/*
 * This flag indicates the structure has been mapped using a policy mapping
 * extension. If policy mapping is not active its references get deleted.
 */

#define POLICY_DATA_FLAG_MAPPED                 0x1

/*
 * This flag indicates the data doesn't correspond to a policy in Certificate
 * Policies: it has been mapped to any policy.
 */

#define POLICY_DATA_FLAG_MAPPED_ANY             0x2

/* AND with flags to see if any mapping has occurred */

#define POLICY_DATA_FLAG_MAP_MASK               0x3

/* qualifiers are shared and shouldn't be freed */

#define POLICY_DATA_FLAG_SHARED_QUALIFIERS      0x4

/* Parent node is an extra node and should be freed */

#define POLICY_DATA_FLAG_EXTRA_NODE             0x8

/* Corresponding CertificatePolicies is critical */

#define POLICY_DATA_FLAG_CRITICAL               0x10

/* This structure is cached with a certificate */

struct X509_POLICY_CACHE_st {
    /* anyPolicy data or NULL if no anyPolicy */
    X509_POLICY_DATA *anyPolicy;
    /* other policy data */
    STACK_OF(X509_POLICY_DATA) *data;
    /* If InhibitAnyPolicy present this is its value or -1 if absent. */
    long any_skip;
    /*
     * If policyConstraints and requireExplicitPolicy present this is its
     * value or -1 if absent.
     */
    long explicit_skip;
    /*
     * If policyConstraints and policyMapping present this is its value or -1
     * if absent.
     */
    long map_skip;
};

/*
 * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL
 */

/* This structure represents the relationship between nodes */

struct X509_POLICY_NODE_st {
    /* node data this refers to */
    const X509_POLICY_DATA *data;
    /* Parent node */
    X509_POLICY_NODE *parent;
    /* Number of child nodes */
    int nchild;
};

struct X509_POLICY_LEVEL_st {
    /* Cert for this level */
    X509 *cert;
    /* nodes at this level */
    STACK_OF(X509_POLICY_NODE) *nodes;
    /* anyPolicy node */
    X509_POLICY_NODE *anyPolicy;
    /* Extra data */
    /*
     * STACK_OF(X509_POLICY_DATA) *extra_data;
     */
    unsigned int flags;
};

struct X509_POLICY_TREE_st {
    /* The number of nodes in the tree */
    size_t node_count;
    /* The maximum number of nodes in the tree */
    size_t node_maximum;

    /* This is the tree 'level' data */
    X509_POLICY_LEVEL *levels;
    int nlevel;
    /*
     * Extra policy data when additional nodes (not from the certificate) are
     * required.
     */
    STACK_OF(X509_POLICY_DATA) *extra_data;
    /* This is the authority constrained policy set */
    STACK_OF(X509_POLICY_NODE) *auth_policies;
    STACK_OF(X509_POLICY_NODE) *user_policies;
    unsigned int flags;
};

/* Set if anyPolicy present in user policies */
#define POLICY_FLAG_ANY_POLICY          0x2

/* Useful macros */

#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
#define node_critical(node) node_data_critical(node->data)

/* Internal functions */

X509_POLICY_DATA *ossl_policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
                                       int crit);
void ossl_policy_data_free(X509_POLICY_DATA *data);

X509_POLICY_DATA *ossl_policy_cache_find_data(const X509_POLICY_CACHE *cache,
                                              const ASN1_OBJECT *id);
int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);

STACK_OF(X509_POLICY_NODE) *ossl_policy_node_cmp_new(void);

void ossl_policy_cache_free(X509_POLICY_CACHE *cache);

X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
                                              const X509_POLICY_NODE *parent,
                                              const ASN1_OBJECT *id);

X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
                                           const ASN1_OBJECT *id);

X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
                                             X509_POLICY_DATA *data,
                                             X509_POLICY_NODE *parent,
                                             X509_POLICY_TREE *tree,
                                             int extra_data);
void ossl_policy_node_free(X509_POLICY_NODE *node);
int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
                           const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);

const X509_POLICY_CACHE *ossl_policy_cache_set(X509 *x);

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
11
12		DEFINE_STACK_OF(X509_POLICY_DATA)
13
14		/* Internal structures */
15
16		/*
17		* This structure and the field names correspond to the Policy 'node' of
18		* RFC3280. NB this structure contains no pointers to parent or child data:
19		* X509_POLICY_NODE contains that. This means that the main policy data can
20		* be kept static and cached with the certificate.
21		*/
22
23		struct X509_POLICY_DATA_st {
24		unsigned int flags;
25		/* Policy OID and qualifiers for this data */
26		ASN1_OBJECT *valid_policy;
27		STACK_OF(POLICYQUALINFO) *qualifier_set;
28		STACK_OF(ASN1_OBJECT) *expected_policy_set;
29		};
30
31		/* X509_POLICY_DATA flags values */
32
33		/*
34		* This flag indicates the structure has been mapped using a policy mapping
35		* extension. If policy mapping is not active its references get deleted.
36		*/
37
38	0	#define POLICY_DATA_FLAG_MAPPED 0x1
39
40		/*
41		* This flag indicates the data doesn't correspond to a policy in Certificate
42		* Policies: it has been mapped to any policy.
43		*/
44
45	0	#define POLICY_DATA_FLAG_MAPPED_ANY 0x2
46
47		/* AND with flags to see if any mapping has occurred */
48
49	0	#define POLICY_DATA_FLAG_MAP_MASK 0x3
50
51		/* qualifiers are shared and shouldn't be freed */
52
53	0	#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4
54
55		/* Parent node is an extra node and should be freed */
56
57	0	#define POLICY_DATA_FLAG_EXTRA_NODE 0x8
58
59		/* Corresponding CertificatePolicies is critical */
60
61	0	#define POLICY_DATA_FLAG_CRITICAL 0x10
62
63		/* This structure is cached with a certificate */
64
65		struct X509_POLICY_CACHE_st {
66		/* anyPolicy data or NULL if no anyPolicy */
67		X509_POLICY_DATA *anyPolicy;
68		/* other policy data */
69		STACK_OF(X509_POLICY_DATA) *data;
70		/* If InhibitAnyPolicy present this is its value or -1 if absent. */
71		long any_skip;
72		/*
73		* If policyConstraints and requireExplicitPolicy present this is its
74		* value or -1 if absent.
75		*/
76		long explicit_skip;
77		/*
78		* If policyConstraints and policyMapping present this is its value or -1
79		* if absent.
80		*/
81		long map_skip;
82		};
83
84		/*
85		* #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL
86		*/
87
88		/* This structure represents the relationship between nodes */
89
90		struct X509_POLICY_NODE_st {
91		/* node data this refers to */
92		const X509_POLICY_DATA *data;
93		/* Parent node */
94		X509_POLICY_NODE *parent;
95		/* Number of child nodes */
96		int nchild;
97		};
98
99		struct X509_POLICY_LEVEL_st {
100		/* Cert for this level */
101		X509 *cert;
102		/* nodes at this level */
103		STACK_OF(X509_POLICY_NODE) *nodes;
104		/* anyPolicy node */
105		X509_POLICY_NODE *anyPolicy;
106		/* Extra data */
107		/*
108		* STACK_OF(X509_POLICY_DATA) *extra_data;
109		*/
110		unsigned int flags;
111		};
112
113		struct X509_POLICY_TREE_st {
114		/* The number of nodes in the tree */
115		size_t node_count;
116		/* The maximum number of nodes in the tree */
117		size_t node_maximum;
118
119		/* This is the tree 'level' data */
120		X509_POLICY_LEVEL *levels;
121		int nlevel;
122		/*
123		* Extra policy data when additional nodes (not from the certificate) are
124		* required.
125		*/
126		STACK_OF(X509_POLICY_DATA) *extra_data;
127		/* This is the authority constrained policy set */
128		STACK_OF(X509_POLICY_NODE) *auth_policies;
129		STACK_OF(X509_POLICY_NODE) *user_policies;
130		unsigned int flags;
131		};
132
133		/* Set if anyPolicy present in user policies */
134	0	#define POLICY_FLAG_ANY_POLICY 0x2
135
136		/* Useful macros */
137
138	0	#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
139	0	#define node_critical(node) node_data_critical(node->data)
140
141		/* Internal functions */
142
143		X509_POLICY_DATA ossl_policy_data_new(POLICYINFO policy, const ASN1_OBJECT *id,
144		int crit);
145		void ossl_policy_data_free(X509_POLICY_DATA *data);
146
147		X509_POLICY_DATA ossl_policy_cache_find_data(const X509_POLICY_CACHE cache,
148		const ASN1_OBJECT *id);
149		int ossl_policy_cache_set_mapping(X509 x, POLICY_MAPPINGS maps);
150
151		STACK_OF(X509_POLICY_NODE) *ossl_policy_node_cmp_new(void);
152
153		void ossl_policy_cache_free(X509_POLICY_CACHE *cache);
154
155		X509_POLICY_NODE ossl_policy_level_find_node(const X509_POLICY_LEVEL level,
156		const X509_POLICY_NODE *parent,
157		const ASN1_OBJECT *id);
158
159		X509_POLICY_NODE ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) sk,
160		const ASN1_OBJECT *id);
161
162		X509_POLICY_NODE ossl_policy_level_add_node(X509_POLICY_LEVEL level,
163		X509_POLICY_DATA *data,
164		X509_POLICY_NODE *parent,
165		X509_POLICY_TREE *tree,
166		int extra_data);
167		void ossl_policy_node_free(X509_POLICY_NODE *node);
168		int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
169		const X509_POLICY_NODE node, const ASN1_OBJECT oid);
170
171		const X509_POLICY_CACHE ossl_policy_cache_set(X509 x);

Coverage Report

Created: 2023-09-25 06:41