v3_pcons.c revision 296341
1135956Sphk/* v3_pcons.c */ 2135956Sphk/* 3135956Sphk * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 4135956Sphk * project. 5135956Sphk */ 6135956Sphk/* ==================================================================== 7135956Sphk * Copyright (c) 2003 The OpenSSL Project. All rights reserved. 8135956Sphk * 9135956Sphk * Redistribution and use in source and binary forms, with or without 10135956Sphk * modification, are permitted provided that the following conditions 11135956Sphk * are met: 12135956Sphk * 13135956Sphk * 1. Redistributions of source code must retain the above copyright 14135956Sphk * notice, this list of conditions and the following disclaimer. 15135956Sphk * 16135956Sphk * 2. Redistributions in binary form must reproduce the above copyright 17135956Sphk * notice, this list of conditions and the following disclaimer in 18135956Sphk * the documentation and/or other materials provided with the 19135956Sphk * distribution. 20135956Sphk * 21135956Sphk * 3. All advertising materials mentioning features or use of this 22135956Sphk * software must display the following acknowledgment: 23135956Sphk * "This product includes software developed by the OpenSSL Project 24135956Sphk * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25135956Sphk * 26135956Sphk * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27135956Sphk * endorse or promote products derived from this software without 28143283Sphk * prior written permission. For written permission, please contact 29143283Sphk * licensing@OpenSSL.org. 30143283Sphk * 31135956Sphk * 5. Products derived from this software may not be called "OpenSSL" 32143283Sphk * nor may "OpenSSL" appear in their names without prior written 33135956Sphk * permission of the OpenSSL Project. 34143283Sphk * 35135956Sphk * 6. Redistributions of any form whatsoever must retain the following 36143283Sphk * acknowledgment: 37135956Sphk * "This product includes software developed by the OpenSSL Project 38143283Sphk * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39143283Sphk * 40143283Sphk * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41135956Sphk * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42143283Sphk * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43143283Sphk * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44218909Sbrucec * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45143283Sphk * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46135956Sphk * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47143283Sphk * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48143283Sphk * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49143283Sphk * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50143283Sphk * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51143283Sphk * OF THE POSSIBILITY OF SUCH DAMAGE. 52143283Sphk * ==================================================================== 53135956Sphk * 54135956Sphk * This product includes cryptographic software written by Eric Young 55218909Sbrucec * (eay@cryptsoft.com). This product includes software written by Tim 56143283Sphk * Hudson (tjh@cryptsoft.com). 57143283Sphk * 58143283Sphk */ 59143283Sphk 60143283Sphk#include <stdio.h> 61143283Sphk#include "cryptlib.h" 62143283Sphk#include <openssl/asn1.h> 63143283Sphk#include <openssl/asn1t.h> 64143283Sphk#include <openssl/conf.h> 65143283Sphk#include <openssl/x509v3.h> 66240579Seadler 67143283Sphkstatic STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD 68135956Sphk *method, void *bcons, STACK_OF(CONF_VALUE) 69135956Sphk *extlist); 70135956Sphkstatic void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, 71135956Sphk X509V3_CTX *ctx, 72135956Sphk STACK_OF(CONF_VALUE) *values); 73135956Sphk 74135956Sphkconst X509V3_EXT_METHOD v3_policy_constraints = { 75135956Sphk NID_policy_constraints, 0, 76135956Sphk ASN1_ITEM_ref(POLICY_CONSTRAINTS), 77135956Sphk 0, 0, 0, 0, 78135956Sphk 0, 0, 79135956Sphk i2v_POLICY_CONSTRAINTS, 80143283Sphk v2i_POLICY_CONSTRAINTS, 81143283Sphk NULL, NULL, 82143283Sphk NULL 83135956Sphk}; 84135956Sphk 85135956SphkASN1_SEQUENCE(POLICY_CONSTRAINTS) = { 86135956Sphk ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0), 87135956Sphk ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1) 88135956Sphk} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS) 89135956Sphk 90135956SphkIMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) 91135956Sphk 92135956Sphkstatic STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD 93135956Sphk *method, void *a, STACK_OF(CONF_VALUE) 94135956Sphk *extlist) 95143283Sphk{ 96143283Sphk POLICY_CONSTRAINTS *pcons = a; 97143283Sphk X509V3_add_value_int("Require Explicit Policy", 98143283Sphk pcons->requireExplicitPolicy, &extlist); 99135956Sphk X509V3_add_value_int("Inhibit Policy Mapping", 100135956Sphk pcons->inhibitPolicyMapping, &extlist); 101135956Sphk return extlist; 102135956Sphk} 103143283Sphk 104135956Sphkstatic void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, 105135956Sphk X509V3_CTX *ctx, 106135956Sphk STACK_OF(CONF_VALUE) *values) 107135956Sphk{ 108135956Sphk POLICY_CONSTRAINTS *pcons = NULL; 109143283Sphk CONF_VALUE *val; 110135956Sphk int i; 111135956Sphk if (!(pcons = POLICY_CONSTRAINTS_new())) { 112135956Sphk X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); 113143283Sphk return NULL; 114143283Sphk } 115143283Sphk for (i = 0; i < sk_CONF_VALUE_num(values); i++) { 116143283Sphk val = sk_CONF_VALUE_value(values, i); 117143283Sphk if (!strcmp(val->name, "requireExplicitPolicy")) { 118143283Sphk if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) 119143283Sphk goto err; 120143283Sphk } else if (!strcmp(val->name, "inhibitPolicyMapping")) { 121143283Sphk if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) 122135956Sphk goto err; 123135956Sphk } else { 124143283Sphk X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME); 125135956Sphk X509V3_conf_err(val); 126143283Sphk goto err; 127143283Sphk } 128143283Sphk } 129143283Sphk if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) { 130143283Sphk X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, 131143283Sphk X509V3_R_ILLEGAL_EMPTY_EXTENSION); 132143283Sphk goto err; 133143283Sphk } 134143283Sphk 135143283Sphk return pcons; 136143283Sphk err: 137143283Sphk POLICY_CONSTRAINTS_free(pcons); 138143283Sphk return NULL; 139143283Sphk} 140143283Sphk