xref: /third_party/openssl/crypto/x509/v3_pcons.c (revision e1051a39) 
1/*
2 * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License").  You may not use
5 * this file except in compliance with the License.  You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include "internal/cryptlib.h"
12#include <openssl/asn1.h>
13#include <openssl/asn1t.h>
14#include <openssl/conf.h>
15#include <openssl/x509v3.h>
16#include "ext_dat.h"
17
18static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
19                                                    *method, void *bcons, STACK_OF(CONF_VALUE)
20                                                    *extlist);
21static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
22                                    X509V3_CTX *ctx,
23                                    STACK_OF(CONF_VALUE) *values);
24
25const X509V3_EXT_METHOD ossl_v3_policy_constraints = {
26    NID_policy_constraints, 0,
27    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
28    0, 0, 0, 0,
29    0, 0,
30    i2v_POLICY_CONSTRAINTS,
31    v2i_POLICY_CONSTRAINTS,
32    NULL, NULL,
33    NULL
34};
35
36ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
37        ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
38        ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
39} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
40
41IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
42
43static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
44                                                    *method, void *a, STACK_OF(CONF_VALUE)
45                                                    *extlist)
46{
47    POLICY_CONSTRAINTS *pcons = a;
48    X509V3_add_value_int("Require Explicit Policy",
49                         pcons->requireExplicitPolicy, &extlist);
50    X509V3_add_value_int("Inhibit Policy Mapping",
51                         pcons->inhibitPolicyMapping, &extlist);
52    return extlist;
53}
54
55static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
56                                    X509V3_CTX *ctx,
57                                    STACK_OF(CONF_VALUE) *values)
58{
59    POLICY_CONSTRAINTS *pcons = NULL;
60    CONF_VALUE *val;
61    int i;
62
63    if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) {
64        ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
65        return NULL;
66    }
67    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
68        val = sk_CONF_VALUE_value(values, i);
69        if (strcmp(val->name, "requireExplicitPolicy") == 0) {
70            if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
71                goto err;
72        } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) {
73            if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
74                goto err;
75        } else {
76            ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_NAME,
77                           "%s", val->name);
78            goto err;
79        }
80    }
81    if (pcons->inhibitPolicyMapping == NULL
82            && pcons->requireExplicitPolicy == NULL) {
83        ERR_raise(ERR_LIB_X509V3, X509V3_R_ILLEGAL_EMPTY_EXTENSION);
84        goto err;
85    }
86
87    return pcons;
88 err:
89    POLICY_CONSTRAINTS_free(pcons);
90    return NULL;
91}
92