v3_pcons.c revision 296341 
1135956Sphk/* v3_pcons.c */
2135956Sphk/*
3135956Sphk * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4135956Sphk * project.
5135956Sphk */
6135956Sphk/* ====================================================================
7135956Sphk * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
8135956Sphk *
9135956Sphk * Redistribution and use in source and binary forms, with or without
10135956Sphk * modification, are permitted provided that the following conditions
11135956Sphk * are met:
12135956Sphk *
13135956Sphk * 1. Redistributions of source code must retain the above copyright
14135956Sphk *    notice, this list of conditions and the following disclaimer.
15135956Sphk *
16135956Sphk * 2. Redistributions in binary form must reproduce the above copyright
17135956Sphk *    notice, this list of conditions and the following disclaimer in
18135956Sphk *    the documentation and/or other materials provided with the
19135956Sphk *    distribution.
20135956Sphk *
21135956Sphk * 3. All advertising materials mentioning features or use of this
22135956Sphk *    software must display the following acknowledgment:
23135956Sphk *    "This product includes software developed by the OpenSSL Project
24135956Sphk *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25135956Sphk *
26135956Sphk * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27135956Sphk *    endorse or promote products derived from this software without
28143283Sphk *    prior written permission. For written permission, please contact
29143283Sphk *    licensing@OpenSSL.org.
30143283Sphk *
31135956Sphk * 5. Products derived from this software may not be called "OpenSSL"
32143283Sphk *    nor may "OpenSSL" appear in their names without prior written
33135956Sphk *    permission of the OpenSSL Project.
34143283Sphk *
35135956Sphk * 6. Redistributions of any form whatsoever must retain the following
36143283Sphk *    acknowledgment:
37135956Sphk *    "This product includes software developed by the OpenSSL Project
38143283Sphk *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39143283Sphk *
40143283Sphk * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41135956Sphk * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42143283Sphk * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43143283Sphk * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44218909Sbrucec * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45143283Sphk * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46135956Sphk * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47143283Sphk * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48143283Sphk * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49143283Sphk * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50143283Sphk * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51143283Sphk * OF THE POSSIBILITY OF SUCH DAMAGE.
52143283Sphk * ====================================================================
53135956Sphk *
54135956Sphk * This product includes cryptographic software written by Eric Young
55218909Sbrucec * (eay@cryptsoft.com).  This product includes software written by Tim
56143283Sphk * Hudson (tjh@cryptsoft.com).
57143283Sphk *
58143283Sphk */
59143283Sphk
60143283Sphk#include <stdio.h>
61143283Sphk#include "cryptlib.h"
62143283Sphk#include <openssl/asn1.h>
63143283Sphk#include <openssl/asn1t.h>
64143283Sphk#include <openssl/conf.h>
65143283Sphk#include <openssl/x509v3.h>
66240579Seadler
67143283Sphkstatic STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
68135956Sphk                                                    *method, void *bcons, STACK_OF(CONF_VALUE)
69135956Sphk                                                    *extlist);
70135956Sphkstatic void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
71135956Sphk                                    X509V3_CTX *ctx,
72135956Sphk                                    STACK_OF(CONF_VALUE) *values);
73135956Sphk
74135956Sphkconst X509V3_EXT_METHOD v3_policy_constraints = {
75135956Sphk    NID_policy_constraints, 0,
76135956Sphk    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
77135956Sphk    0, 0, 0, 0,
78135956Sphk    0, 0,
79135956Sphk    i2v_POLICY_CONSTRAINTS,
80143283Sphk    v2i_POLICY_CONSTRAINTS,
81143283Sphk    NULL, NULL,
82143283Sphk    NULL
83135956Sphk};
84135956Sphk
85135956SphkASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
86135956Sphk        ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
87135956Sphk        ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
88135956Sphk} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
89135956Sphk
90135956SphkIMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
91135956Sphk
92135956Sphkstatic STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
93135956Sphk                                                    *method, void *a, STACK_OF(CONF_VALUE)
94135956Sphk                                                    *extlist)
95143283Sphk{
96143283Sphk    POLICY_CONSTRAINTS *pcons = a;
97143283Sphk    X509V3_add_value_int("Require Explicit Policy",
98143283Sphk                         pcons->requireExplicitPolicy, &extlist);
99135956Sphk    X509V3_add_value_int("Inhibit Policy Mapping",
100135956Sphk                         pcons->inhibitPolicyMapping, &extlist);
101135956Sphk    return extlist;
102135956Sphk}
103143283Sphk
104135956Sphkstatic void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
105135956Sphk                                    X509V3_CTX *ctx,
106135956Sphk                                    STACK_OF(CONF_VALUE) *values)
107135956Sphk{
108135956Sphk    POLICY_CONSTRAINTS *pcons = NULL;
109143283Sphk    CONF_VALUE *val;
110135956Sphk    int i;
111135956Sphk    if (!(pcons = POLICY_CONSTRAINTS_new())) {
112135956Sphk        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
113143283Sphk        return NULL;
114143283Sphk    }
115143283Sphk    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
116143283Sphk        val = sk_CONF_VALUE_value(values, i);
117143283Sphk        if (!strcmp(val->name, "requireExplicitPolicy")) {
118143283Sphk            if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
119143283Sphk                goto err;
120143283Sphk        } else if (!strcmp(val->name, "inhibitPolicyMapping")) {
121143283Sphk            if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
122135956Sphk                goto err;
123135956Sphk        } else {
124143283Sphk            X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
125135956Sphk            X509V3_conf_err(val);
126143283Sphk            goto err;
127143283Sphk        }
128143283Sphk    }
129143283Sphk    if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
130143283Sphk        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
131143283Sphk                  X509V3_R_ILLEGAL_EMPTY_EXTENSION);
132143283Sphk        goto err;
133143283Sphk    }
134143283Sphk
135143283Sphk    return pcons;
136143283Sphk err:
137143283Sphk    POLICY_CONSTRAINTS_free(pcons);
138143283Sphk    return NULL;
139143283Sphk}
140143283Sphk