v3_pcons.c revision 296465 
1/* v3_pcons.c */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 *    notice, this list of conditions and the following disclaimer in
18 *    the documentation and/or other materials provided with the
19 *    distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 *    software must display the following acknowledgment:
23 *    "This product includes software developed by the OpenSSL Project
24 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 *    endorse or promote products derived from this software without
28 *    prior written permission. For written permission, please contact
29 *    licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 *    nor may "OpenSSL" appear in their names without prior written
33 *    permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 *    acknowledgment:
37 *    "This product includes software developed by the OpenSSL Project
38 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com).  This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/conf.h>
65#include <openssl/x509v3.h>
66
67static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
68                                                    void *bcons,
69                                                    STACK_OF(CONF_VALUE)
70                                                    *extlist);
71static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
72                                    X509V3_CTX *ctx,
73                                    STACK_OF(CONF_VALUE) *values);
74
75const X509V3_EXT_METHOD v3_policy_constraints = {
76    NID_policy_constraints, 0,
77    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
78    0, 0, 0, 0,
79    0, 0,
80    i2v_POLICY_CONSTRAINTS,
81    v2i_POLICY_CONSTRAINTS,
82    NULL, NULL,
83    NULL
84};
85
86ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
87        ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
88        ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
89} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
90
91IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
92
93static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
94                                                    void *a,
95                                                    STACK_OF(CONF_VALUE)
96                                                    *extlist)
97{
98    POLICY_CONSTRAINTS *pcons = a;
99    X509V3_add_value_int("Require Explicit Policy",
100                         pcons->requireExplicitPolicy, &extlist);
101    X509V3_add_value_int("Inhibit Policy Mapping",
102                         pcons->inhibitPolicyMapping, &extlist);
103    return extlist;
104}
105
106static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
107                                    X509V3_CTX *ctx,
108                                    STACK_OF(CONF_VALUE) *values)
109{
110    POLICY_CONSTRAINTS *pcons = NULL;
111    CONF_VALUE *val;
112    int i;
113    if (!(pcons = POLICY_CONSTRAINTS_new())) {
114        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
115        return NULL;
116    }
117    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
118        val = sk_CONF_VALUE_value(values, i);
119        if (!strcmp(val->name, "requireExplicitPolicy")) {
120            if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
121                goto err;
122        } else if (!strcmp(val->name, "inhibitPolicyMapping")) {
123            if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
124                goto err;
125        } else {
126            X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
127            X509V3_conf_err(val);
128            goto err;
129        }
130    }
131    if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
132        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
133                  X509V3_R_ILLEGAL_EMPTY_EXTENSION);
134        goto err;
135    }
136
137    return pcons;
138 err:
139    POLICY_CONSTRAINTS_free(pcons);
140    return NULL;
141}
142