/src/openssl30/crypto/x509/pcy_map.c

Source (jump to first uncovered line)
/*
 * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include "internal/cryptlib.h"
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "crypto/x509.h"

#include "pcy_local.h"

/*
 * Set policy mapping entries in cache. Note: this modifies the passed
 * POLICY_MAPPINGS structure
 */

int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
{
    POLICY_MAPPING *map;
    X509_POLICY_DATA *data;
    X509_POLICY_CACHE *cache = x->policy_cache;
    int i;
    int ret = 0;
    if (sk_POLICY_MAPPING_num(maps) == 0) {
        ret = -1;
        goto bad_mapping;
    }
    for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) {
        map = sk_POLICY_MAPPING_value(maps, i);
        /* Reject if map to or from anyPolicy */
        if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
            || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) {
            ret = -1;
            goto bad_mapping;
        }

        /* Attempt to find matching policy data */
        data = ossl_policy_cache_find_data(cache, map->issuerDomainPolicy);
        /* If we don't have anyPolicy can't map */
        if (data == NULL && !cache->anyPolicy)
            continue;

        /* Create a NODE from anyPolicy */
        if (data == NULL) {
            data = ossl_policy_data_new(NULL, map->issuerDomainPolicy,
                                        cache->anyPolicy->flags
                                        & POLICY_DATA_FLAG_CRITICAL);
            if (data == NULL)
                goto bad_mapping;
            data->qualifier_set = cache->anyPolicy->qualifier_set;
            /*
             * map->issuerDomainPolicy = NULL;
             */
            data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
            data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
            if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
                ossl_policy_data_free(data);
                goto bad_mapping;
            }
        } else
            data->flags |= POLICY_DATA_FLAG_MAPPED;
        if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
                                 map->subjectDomainPolicy))
            goto bad_mapping;
        map->subjectDomainPolicy = NULL;

    }

    ret = 1;
 bad_mapping:
    sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
    return ret;

}

Coverage Report

Created: 2023-09-25 06:45

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include "internal/cryptlib.h"
11		#include <openssl/x509.h>
12		#include <openssl/x509v3.h>
13		#include "crypto/x509.h"
14
15		#include "pcy_local.h"
16
17		/*
18		* Set policy mapping entries in cache. Note: this modifies the passed
19		* POLICY_MAPPINGS structure
20		*/
21
22		int ossl_policy_cache_set_mapping(X509 x, POLICY_MAPPINGS maps)
23	0	{
24	0	POLICY_MAPPING *map;
25	0	X509_POLICY_DATA *data;
26	0	X509_POLICY_CACHE *cache = x->policy_cache;
27	0	int i;
28	0	int ret = 0;
29	0	if (sk_POLICY_MAPPING_num(maps) == 0) {
30	0	ret = -1;
31	0	goto bad_mapping;
32	0	}
33	0	for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) {
34	0	map = sk_POLICY_MAPPING_value(maps, i);
35		/* Reject if map to or from anyPolicy */
36	0	if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
37	0	\|\| (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) {
38	0	ret = -1;
39	0	goto bad_mapping;
40	0	}
41
42		/* Attempt to find matching policy data */
43	0	data = ossl_policy_cache_find_data(cache, map->issuerDomainPolicy);
44		/* If we don't have anyPolicy can't map */
45	0	if (data == NULL && !cache->anyPolicy)
46	0	continue;
47
48		/* Create a NODE from anyPolicy */
49	0	if (data == NULL) {
50	0	data = ossl_policy_data_new(NULL, map->issuerDomainPolicy,
51	0	cache->anyPolicy->flags
52	0	& POLICY_DATA_FLAG_CRITICAL);
53	0	if (data == NULL)
54	0	goto bad_mapping;
55	0	data->qualifier_set = cache->anyPolicy->qualifier_set;
56		/*
57		* map->issuerDomainPolicy = NULL;
58		*/
59	0	data->flags \|= POLICY_DATA_FLAG_MAPPED_ANY;
60	0	data->flags \|= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
61	0	if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
62	0	ossl_policy_data_free(data);
63	0	goto bad_mapping;
64	0	}
65	0	} else
66	0	data->flags \|= POLICY_DATA_FLAG_MAPPED;
67	0	if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
68	0	map->subjectDomainPolicy))
69	0	goto bad_mapping;
70	0	map->subjectDomainPolicy = NULL;
71
72	0	}
73
74	0	ret = 1;
75	0	bad_mapping:
76	0	sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
77	0	return ret;
78
79	0	}