OpenCoverage

pcy_tree.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/x509v3/pcy_tree.c
Switch to Source codePreprocessed file
LineSourceCount
1-
2static int tree_init(X509_POLICY_TREE **ptree, struct stack_st_X509 *certs,-
3 unsigned int flags)-
4{-
5 X509_POLICY_TREE *tree;-
6 X509_POLICY_LEVEL *level;-
7 const X509_POLICY_CACHE *cache;-
8 X509_POLICY_DATA *data = -
9 ((void *)0)-
10 ;-
11 int ret = 1;-
12 int n = sk_X509_num(certs) - 1;-
13 int explicit_policy = (
(flags & 0x100)Description
TRUEnever evaluated
FALSEnever evaluated
flags & 0x100)
(flags & 0x100)Description
TRUEnever evaluated
FALSEnever evaluated
 ? 0 : n+1;		0
14 int any_skip = (
(flags & 0x200)Description
TRUEnever evaluated
FALSEnever evaluated
flags & 0x200)
(flags & 0x200)Description
TRUEnever evaluated
FALSEnever evaluated
 ? 0 : n+1;		0
15 int map_skip = (
(flags & 0x400)Description
TRUEnever evaluated
FALSEnever evaluated
flags & 0x400)
(flags & 0x400)Description
TRUEnever evaluated
FALSEnever evaluated
 ? 0 : n+1;		0
16 int i;-
17-
18 *ptree = -
19 ((void *)0)-
20 ;-
21-
22-
23 if (n == 0
n == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
24 return
never executed: return 2;
 2;
never executed: return 2;
0
25-
26-
27-
28-
29-
30-
31 for (i = n - 1; i >= 0
i >= 0Description
TRUEnever evaluated
FALSEnever evaluated
; i--) {		0
32 X509 *x = sk_X509_value(certs, i);-
33-
34-
35 X509_check_purpose(x, -1, 0);-
36-
37-
38 if (policy_cache_set(x) ==
policy_cache_s...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
39 ((void *)0)
policy_cache_s...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
40 )-
41 return
never executed: return 0;
 0;
never executed: return 0;
0
42 }
never executed: end of block
0
43 for (i = n - 1;-
44 i >= 0
i >= 0Description
TRUEnever evaluated
FALSEnever evaluated
 && (explicit_policy > 0
explicit_policy > 0Description
TRUEnever evaluated
FALSEnever evaluated
 || (
(ret & 2) == 0Description
TRUEnever evaluated
FALSEnever evaluated
ret & 2) == 0
(ret & 2) == 0Description
TRUEnever evaluated
FALSEnever evaluated
);		0
45 i--) {-
46 X509 *x = sk_X509_value(certs, i);-
47 uint32_t ex_flags = X509_get_extension_flags(x);-
48-
49-
50 if (ex_flags & 0x800
ex_flags & 0x800Description
TRUEnever evaluated
FALSEnever evaluated
)		0
51 return
never executed: return -1;
 -1;
never executed: return -1;
0
52-
53-
54 cache = policy_cache_set(x);-
55-
56 if ((
(ret & 1)Description
TRUEnever evaluated
FALSEnever evaluated
ret & 1)
(ret & 1)Description
TRUEnever evaluated
FALSEnever evaluated
 && cache->data ==
cache->data == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
57 ((void *)0)
cache->data == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
58 )-
59 ret = 2;
never executed: ret = 2;
0
60 if (explicit_policy > 0
explicit_policy > 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
61 if (!(ex_flags & 0x20)
!(ex_flags & 0x20)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
62 explicit_policy--;
never executed: explicit_policy--;
0
63 if ((
(cache->explicit_skip >= 0)Description
TRUEnever evaluated
FALSEnever evaluated
cache->explicit_skip >= 0)
(cache->explicit_skip >= 0)Description
TRUEnever evaluated
FALSEnever evaluated
0
64 && (
(cache->explic...plicit_policy)Description
TRUEnever evaluated
FALSEnever evaluated
cache->explicit_skip < explicit_policy)
(cache->explic...plicit_policy)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
65 explicit_policy = cache->explicit_skip;
never executed: explicit_policy = cache->explicit_skip;
0
66 }
never executed: end of block
0
67 }
never executed: end of block
0
68-
69 if (explicit_policy == 0
explicit_policy == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
70 ret |= 4;
never executed: ret |= 4;
0
71 if ((
(ret & 1) == 0Description
TRUEnever evaluated
FALSEnever evaluated
ret & 1) == 0
(ret & 1) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
72 return
never executed: return ret;
 ret;
never executed: return ret;
0
73-
74-
75 if ((
(tree = CRYPTO...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
tree = CRYPTO_zalloc(sizeof(*tree), __FILE__, 166)) ==
(tree = CRYPTO...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
76 ((void *)0)
(tree = CRYPTO...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
77 ) {-
78 ERR_put_error(34,(172),((1|64)),__FILE__,167);-
79 return
never executed: return 0;
 0;
never executed: return 0;
0
80 }-
81 if ((
(tree->levels ...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
tree->levels = CRYPTO_zalloc(sizeof(*tree->levels)*(n+1), __FILE__, 178)) ==
(tree->levels ...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
82 ((void *)0)
(tree->levels ...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
83 ) {-
84 CRYPTO_free(tree, __FILE__, 179);-
85 ERR_put_error(34,(172),((1|64)),__FILE__,180);-
86 return
never executed: return 0;
 0;
never executed: return 0;
0
87 }-
88 tree->nlevel = n+1;-
89 level = tree->levels;-
90 if ((
(data = policy...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
data = policy_data_new(
(data = policy...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
91 ((void *)0)
(data = policy...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
92 , OBJ_nid2obj(746), 0)) ==
(data = policy...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
93 ((void *)0)
(data = policy...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
94 )-
95 goto
never executed: goto bad_tree;
 bad_tree;
never executed: goto bad_tree;
0
96 if (level_add_node(level, data,
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
97 ((void *)0)
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
98 , tree) ==
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
99 ((void *)0)
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
100 ) {-
101 policy_data_free(data);-
102 goto
never executed: goto bad_tree;
 bad_tree;
never executed: goto bad_tree;
0
103 }-
104-
105-
106-
107-
108-
109 for (i = n - 1; i >= 0
i >= 0Description
TRUEnever evaluated
FALSEnever evaluated
; i--) {		0
110 X509 *x = sk_X509_value(certs, i);-
111 uint32_t ex_flags = X509_get_extension_flags(x);-
112-
113-
114 cache = policy_cache_set(x);-
115-
116 X509_up_ref(x);-
117 (++level)->cert = x;-
118-
119 if (!cache->anyPolicy
!cache->anyPolicyDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
120 level->flags |= 0x200;
never executed: level->flags |= 0x200;
0
121-
122-
123 if (any_skip == 0
any_skip == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
124-
125-
126-
127-
128 if (!(ex_flags & 0x20)
!(ex_flags & 0x20)Description
TRUEnever evaluated
FALSEnever evaluated
 || (
(i == 0)Description
TRUEnever evaluated
FALSEnever evaluated
i == 0)
(i == 0)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
129 level->flags |= 0x200;
never executed: level->flags |= 0x200;
0
130 }
never executed: end of block
 else {		0
131 if (!(ex_flags & 0x20)
!(ex_flags & 0x20)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
132 any_skip--;
never executed: any_skip--;
0
133 if ((
(cache->any_skip >= 0)Description
TRUEnever evaluated
FALSEnever evaluated
cache->any_skip >= 0)
(cache->any_skip >= 0)Description
TRUEnever evaluated
FALSEnever evaluated
 && (
(cache->any_skip < any_skip)Description
TRUEnever evaluated
FALSEnever evaluated
cache->any_skip < any_skip)
(cache->any_skip < any_skip)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
134 any_skip = cache->any_skip;
never executed: any_skip = cache->any_skip;
0
135 }
never executed: end of block
0
136-
137 if (map_skip == 0
map_skip == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
138 level->flags |= 0x400;
never executed: level->flags |= 0x400;
0
139 else {-
140 if (!(ex_flags & 0x20)
!(ex_flags & 0x20)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
141 map_skip--;
never executed: map_skip--;
0
142 if ((
(cache->map_skip >= 0)Description
TRUEnever evaluated
FALSEnever evaluated
cache->map_skip >= 0)
(cache->map_skip >= 0)Description
TRUEnever evaluated
FALSEnever evaluated
 && (
(cache->map_skip < map_skip)Description
TRUEnever evaluated
FALSEnever evaluated
cache->map_skip < map_skip)
(cache->map_skip < map_skip)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
143 map_skip = cache->map_skip;
never executed: map_skip = cache->map_skip;
0
144 }
never executed: end of block
0
145 }-
146-
147 *ptree = tree;-
148 return
never executed: return ret;
 ret;
never executed: return ret;
0
149-
150 bad_tree:-
151 X509_policy_tree_free(tree);-
152 return
never executed: return 0;
 0;
never executed: return 0;
0
153}-
154-
155-
156-
157-
158static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,-
159 X509_POLICY_DATA *data)-
160{-
161 X509_POLICY_LEVEL *last = curr - 1;-
162 int i, matched = 0;-
163-
164-
165 for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes)
i < sk_X509_PO...m(last->nodes)Description
TRUEnever evaluated
FALSEnever evaluated
; i++) {		0
166 X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);-
167-
168 if (policy_node_match(last, node, data->valid_policy)
policy_node_ma...>valid_policy)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
169 if (level_add_node(curr, data, node,
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
170 ((void *)0)
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
171 ) ==
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
172 ((void *)0)
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
173 )-
174 return
never executed: return 0;
 0;
never executed: return 0;
0
175 matched = 1;-
176 }
never executed: end of block
0
177 }
never executed: end of block
0
178 if (!matched
!matchedDescription
TRUEnever evaluated
FALSEnever evaluated
 && last->anyPolicy
last->anyPolicyDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
179 if (level_add_node(curr, data, last->anyPolicy,
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
180 ((void *)0)
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
181 ) ==
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
182 ((void *)0)
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
183 )-
184 return
never executed: return 0;
 0;
never executed: return 0;
0
185 }
never executed: end of block
0
186 return
never executed: return 1;
 1;
never executed: return 1;
0
187}-
188-
189-
190-
191-
192-
193-
194-
195static int tree_link_nodes(X509_POLICY_LEVEL *curr,-
196 const X509_POLICY_CACHE *cache)-
197{-
198 int i;-
199-
200 for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data)
i < sk_X509_PO...m(cache->data)Description
TRUEnever evaluated
FALSEnever evaluated
; i++) {		0
201 X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);-
202-
203-
204 if (!tree_link_matching_nodes(curr, data)
!tree_link_mat...es(curr, data)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
205 return
never executed: return 0;
 0;
never executed: return 0;
0
206 }
never executed: end of block
0
207 return
never executed: return 1;
 1;
never executed: return 1;
0
208}-
209-
210-
211-
212-
213-
214-
215-
216static int tree_add_unmatched(X509_POLICY_LEVEL *curr,-
217 const X509_POLICY_CACHE *cache,-
218 const ASN1_OBJECT *id,-
219 X509_POLICY_NODE *node, X509_POLICY_TREE *tree)-
220{-
221 X509_POLICY_DATA *data;-
222-
223 if (id ==
id == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
224 ((void *)0)
id == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
225 )-
226 id = node->data->valid_policy;
never executed: id = node->data->valid_policy;
0
227-
228-
229-
230-
231 if ((
(data = policy...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
data = policy_data_new(
(data = policy...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
232 ((void *)0)
(data = policy...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
233 , id, (node->data->flags & 0x10))) ==
(data = policy...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
234 ((void *)0)
(data = policy...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
235 )-
236 return
never executed: return 0;
 0;
never executed: return 0;
0
237-
238-
239 data->qualifier_set = cache->anyPolicy->qualifier_set;-
240 data->flags |= 0x4;-
241 if (level_add_node(curr, data, node, tree) ==
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
242 ((void *)0)
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
243 ) {-
244 policy_data_free(data);-
245 return
never executed: return 0;
 0;
never executed: return 0;
0
246 }-
247 return
never executed: return 1;
 1;
never executed: return 1;
0
248}-
249-
250-
251-
252-
253static int tree_link_unmatched(X509_POLICY_LEVEL *curr,-
254 const X509_POLICY_CACHE *cache,-
255 X509_POLICY_NODE *node, X509_POLICY_TREE *tree)-
256{-
257 const X509_POLICY_LEVEL *last = curr - 1;-
258 int i;-
259-
260 if ((
(last->flags & 0x400)Description
TRUEnever evaluated
FALSEnever evaluated
last->flags & 0x400)
(last->flags & 0x400)Description
TRUEnever evaluated
FALSEnever evaluated
0
261 || !(node->data->flags & 0x1)
!(node->data->flags & 0x1)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
262-
263 if (node->nchild
node->nchildDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
264 return
never executed: return 1;
 1;
never executed: return 1;
0
265 if (!tree_add_unmatched(curr, cache,
!tree_add_unma... , node, tree)Description
TRUEnever evaluated
FALSEnever evaluated
0
266 ((void *)0)
!tree_add_unma... , node, tree)Description
TRUEnever evaluated
FALSEnever evaluated
0
267 , node, tree)
!tree_add_unma... , node, tree)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
268 return
never executed: return 0;
 0;
never executed: return 0;
0
269-
270 }
never executed: end of block
 else {		0
271-
272 struct stack_st_ASN1_OBJECT *expset = node->data->expected_policy_set;-
273 if (node->nchild == sk_ASN1_OBJECT_num(expset)
node->nchild =...CT_num(expset)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
274 return
never executed: return 1;
 1;
never executed: return 1;
0
275-
276 for (i = 0; i < sk_ASN1_OBJECT_num(expset)
i < sk_ASN1_OBJECT_num(expset)Description
TRUEnever evaluated
FALSEnever evaluated
; i++) {		0
277 ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(expset, i);-
278 if (level_find_node(curr, node, oid)
level_find_nod...rr, node, oid)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
279 continue;
never executed: continue;
0
280 if (!tree_add_unmatched(curr, cache, oid, node, tree)
!tree_add_unma...d, node, tree)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
281 return
never executed: return 0;
 0;
never executed: return 0;
0
282 }
never executed: end of block
0
283-
284 }
never executed: end of block
0
285 return
never executed: return 1;
 1;
never executed: return 1;
0
286}-
287-
288-
289-
290-
291static int tree_link_any(X509_POLICY_LEVEL *curr,-
292 const X509_POLICY_CACHE *cache,-
293 X509_POLICY_TREE *tree)-
294{-
295 int i;-
296 X509_POLICY_NODE *node;-
297 X509_POLICY_LEVEL *last = curr - 1;-
298-
299 for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes)
i < sk_X509_PO...m(last->nodes)Description
TRUEnever evaluated
FALSEnever evaluated
; i++) {		0
300 node = sk_X509_POLICY_NODE_value(last->nodes, i);-
301-
302 if (!tree_link_unmatched(curr, cache, node, tree)
!tree_link_unm...e, node, tree)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
303 return
never executed: return 0;
 0;
never executed: return 0;
0
304 }
never executed: end of block
0
305-
306 if (last->anyPolicy
last->anyPolicyDescription
TRUEnever evaluated
FALSEnever evaluated
 &&		0
307 level_add_node(curr, cache->anyPolicy, last->anyPolicy,
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
308 ((void *)0)
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
309 ) ==
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
310 ((void *)0)
level_add_node...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
311 )-
312 return
never executed: return 0;
 0;
never executed: return 0;
0
313 return
never executed: return 1;
 1;
never executed: return 1;
0
314}-
315static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)-
316{-
317 struct stack_st_X509_POLICY_NODE *nodes;-
318 X509_POLICY_NODE *node;-
319 int i;-
320 nodes = curr->nodes;-
321 if (curr->flags & 0x400
curr->flags & 0x400Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
322 for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0
i >= 0Description
TRUEnever evaluated
FALSEnever evaluated
; i--) {		0
323 node = sk_X509_POLICY_NODE_value(nodes, i);-
324-
325 if (node->data->flags & 0x3
node->data->flags & 0x3Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
326 node->parent->nchild--;-
327 CRYPTO_free(node, __FILE__, 403);-
328 (void)sk_X509_POLICY_NODE_delete(nodes, i);-
329 }
never executed: end of block
0
330 }
never executed: end of block
0
331 }
never executed: end of block
0
332-
333 for (;;) {-
334 --curr;-
335 nodes = curr->nodes;-
336 for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0
i >= 0Description
TRUEnever evaluated
FALSEnever evaluated
; i--) {		0
337 node = sk_X509_POLICY_NODE_value(nodes, i);-
338 if (node->nchild == 0
node->nchild == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
339 node->parent->nchild--;-
340 CRYPTO_free(node, __FILE__, 416);-
341 (void)sk_X509_POLICY_NODE_delete(nodes, i);-
342 }
never executed: end of block
0
343 }
never executed: end of block
0
344 if (curr->anyPolicy
curr->anyPolicyDescription
TRUEnever evaluated
FALSEnever evaluated
 && !curr->anyPolicy->nchild
!curr->anyPolicy->nchildDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
345 if (curr->anyPolicy->parent
curr->anyPolicy->parentDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
346 curr->anyPolicy->parent->nchild--;
never executed: curr->anyPolicy->parent->nchild--;
0
347 CRYPTO_free(curr->anyPolicy, __FILE__, 423);-
348 curr->anyPolicy = -
349 ((void *)0)-
350 ;-
351 }
never executed: end of block
0
352 if (curr == tree->levels
curr == tree->levelsDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
353-
354 if (!curr->anyPolicy
!curr->anyPolicyDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
355 return
never executed: return 2;
 2;
never executed: return 2;
0
356 break;
never executed: break;
0
357 }-
358 }
never executed: end of block
0
359 return
never executed: return 1;
 1;
never executed: return 1;
0
360}-
361-
362-
363-
364-
365static int tree_add_auth_node(struct stack_st_X509_POLICY_NODE **pnodes,-
366 X509_POLICY_NODE *pcy)-
367{-
368 if (*
*pnodes == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
pnodes ==
*pnodes == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
369 ((void *)0)
*pnodes == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
 		0
370 &&-
371 (*
(*pnodes = pol...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
pnodes = policy_node_cmp_new()) ==
(*pnodes = pol...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
372 ((void *)0)
(*pnodes = pol...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
373 )-
374 return
never executed: return 0;
 0;
never executed: return 0;
0
375 if (sk_X509_POLICY_NODE_find(*pnodes, pcy) >= 0
sk_X509_POLICY...des, pcy) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
376 return
never executed: return 1;
 1;
never executed: return 1;
0
377 return
never executed: return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0;
 sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0;
never executed: return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0;
0
378}-
379static int tree_calculate_authority_set(X509_POLICY_TREE *tree,-
380 struct stack_st_X509_POLICY_NODE **pnodes)-
381{-
382 X509_POLICY_LEVEL *curr;-
383 X509_POLICY_NODE *node, *anyptr;-
384 struct stack_st_X509_POLICY_NODE **addnodes;-
385 int i, j;-
386 curr = tree->levels + tree->nlevel - 1;-
387-
388-
389 if (curr->anyPolicy
curr->anyPolicyDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
390 if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)
!tree_add_auth...rr->anyPolicy)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
391 return
never executed: return 0;
 0;
never executed: return 0;
0
392 addnodes = pnodes;-
393 }
never executed: end of block
 else		0
394-
395 addnodes = &tree->auth_policies;
never executed: addnodes = &tree->auth_policies;
0
396-
397 curr = tree->levels;-
398 for (i = 1; i < tree->nlevel
i < tree->nlevelDescription
TRUEnever evaluated
FALSEnever evaluated
; i++) {		0
399-
400-
401-
402-
403 if ((
(anyptr = curr...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
anyptr = curr->anyPolicy) ==
(anyptr = curr...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
404 ((void *)0)
(anyptr = curr...== ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
405 )-
406 break;
never executed: break;
0
407 curr++;-
408 for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes)
j < sk_X509_PO...m(curr->nodes)Description
TRUEnever evaluated
FALSEnever evaluated
; j++) {		0
409 node = sk_X509_POLICY_NODE_value(curr->nodes, j);-
410 if ((
(node->parent == anyptr)Description
TRUEnever evaluated
FALSEnever evaluated
node->parent == anyptr)
(node->parent == anyptr)Description
TRUEnever evaluated
FALSEnever evaluated
0
411 && !tree_add_auth_node(addnodes, node)
!tree_add_auth...ddnodes, node)Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
412 if (addnodes == pnodes
addnodes == pnodesDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
413 sk_X509_POLICY_NODE_free(*pnodes);-
414 *pnodes = -
415 ((void *)0)-
416 ;-
417 }
never executed: end of block
0
418 return
never executed: return 0;
 0;
never executed: return 0;
0
419 }-
420 }
never executed: end of block
0
421 }
never executed: end of block
0
422 if (addnodes == pnodes
addnodes == pnodesDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
423 return
never executed: return 2;
 2;
never executed: return 2;
0
424-
425 *pnodes = tree->auth_policies;-
426 return
never executed: return 1;
 1;
never executed: return 1;
0
427}-
428-
429-
430-
431-
432static int tree_calculate_user_set(X509_POLICY_TREE *tree,-
433 struct stack_st_ASN1_OBJECT *policy_oids,-
434 struct stack_st_X509_POLICY_NODE *auth_nodes)-
435{-
436 int i;-
437 X509_POLICY_NODE *node;-
438 ASN1_OBJECT *oid;-
439 X509_POLICY_NODE *anyPolicy;-
440 X509_POLICY_DATA *extra;-
441-
442-
443-
444-
445-
446 if (sk_ASN1_OBJECT_num(policy_oids) <= 0
sk_ASN1_OBJECT...icy_oids) <= 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
447 return
never executed: return 1;
 1;
never executed: return 1;
0
448-
449 anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;-
450-
451 for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids)
i < sk_ASN1_OB...m(policy_oids)Description
TRUEnever evaluated
FALSEnever evaluated
; i++) {		0
452 oid = sk_ASN1_OBJECT_value(policy_oids, i);-
453 if (OBJ_obj2nid(oid) == 746
OBJ_obj2nid(oid) == 746Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
454 tree->flags |= 0x2;-
455 return
never executed: return 1;
 1;
never executed: return 1;
0
456 }-
457 }
never executed: end of block
0
458-
459 for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids)
i < sk_ASN1_OB...m(policy_oids)Description
TRUEnever evaluated
FALSEnever evaluated
; i++) {		0
460 oid = sk_ASN1_OBJECT_value(policy_oids, i);-
461 node = tree_find_sk(auth_nodes, oid);-
462 if (!node
!nodeDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
463 if (!anyPolicy
!anyPolicyDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
464 continue;
never executed: continue;
0
465-
466-
467-
468-
469 extra = policy_data_new(-
470 ((void *)0)-
471 , oid, (anyPolicy->data->flags & 0x10));-
472 if (extra ==
extra == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
473 ((void *)0)
extra == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
474 )-
475 return
never executed: return 0;
 0;
never executed: return 0;
0
476 extra->qualifier_set = anyPolicy->data->qualifier_set;-
477 extra->flags = 0x4-
478 | 0x8;-
479 node = level_add_node(-
480 ((void *)0)-
481 , extra, anyPolicy->parent, tree);-
482 }
never executed: end of block
0
483 if (!tree->user_policies
!tree->user_policiesDescription
TRUEnever evaluated
FALSEnever evaluated
) {		0
484 tree->user_policies = sk_X509_POLICY_NODE_new_null();-
485 if (!tree->user_policies
!tree->user_policiesDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
486 return
never executed: return 1;
 1;
never executed: return 1;
0
487 }
never executed: end of block
0
488 if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)
!sk_X509_POLIC...olicies, node)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
489 return
never executed: return 0;
 0;
never executed: return 0;
0
490 }
never executed: end of block
0
491 return
never executed: return 1;
 1;
never executed: return 1;
0
492}-
493-
494-
495-
496-
497-
498-
499-
500static int tree_evaluate(X509_POLICY_TREE *tree)-
501{-
502 int ret, i;-
503 X509_POLICY_LEVEL *curr = tree->levels + 1;-
504 const X509_POLICY_CACHE *cache;-
505-
506 for (i = 1; i < tree->nlevel
i < tree->nlevelDescription
TRUEnever evaluated
FALSEnever evaluated
; i++, curr++) {		0
507 cache = policy_cache_set(curr->cert);-
508 if (!tree_link_nodes(curr, cache)
!tree_link_nodes(curr, cache)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
509 return
never executed: return 0;
 0;
never executed: return 0;
0
510-
511 if (!(curr->flags & 0x200)
!(curr->flags & 0x200)Description
TRUEnever evaluated
FALSEnever evaluated
0
512 && !tree_link_any(curr, cache, tree)
!tree_link_any..., cache, tree)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
513 return
never executed: return 0;
 0;
never executed: return 0;
0
514-
515-
516-
517 ret = tree_prune(tree, curr);-
518 if (ret != 1
ret != 1Description
TRUEnever evaluated
FALSEnever evaluated
)		0
519 return
never executed: return ret;
 ret;
never executed: return ret;
0
520 }
never executed: end of block
0
521 return
never executed: return 1;
 1;
never executed: return 1;
0
522}-
523-
524static void exnode_free(X509_POLICY_NODE *node)-
525{-
526 if (node->data
node->dataDescription
TRUEnever evaluated
FALSEnever evaluated
 && (
(node->data->flags & 0x8)Description
TRUEnever evaluated
FALSEnever evaluated
node->data->flags & 0x8)
(node->data->flags & 0x8)Description
TRUEnever evaluated
FALSEnever evaluated
)		0
527 CRYPTO_free(node, __FILE__, 604);
never executed: CRYPTO_free(node, __FILE__, 604);
0
528}
never executed: end of block
0
529-
530void X509_policy_tree_free(X509_POLICY_TREE *tree)-
531{-
532 X509_POLICY_LEVEL *curr;-
533 int i;-
534-
535 if (!tree
!treeDescription
TRUEevaluated 5111 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
)		0-5111
536 return;
executed 5111 times by 1 test: return;
Executed by:
  • libcrypto.so.1.1
5111
537-
538 sk_X509_POLICY_NODE_free(tree->auth_policies);-
539 sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);-
540-
541 for (i = 0, curr = tree->levels; i < tree->nlevel
i < tree->nlevelDescription
TRUEnever evaluated
FALSEnever evaluated
; i++, curr++) {		0
542 X509_free(curr->cert);-
543 sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);-
544 policy_node_free(curr->anyPolicy);-
545 }
never executed: end of block
0
546-
547 sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);-
548 CRYPTO_free(tree->levels, __FILE__, 625);-
549 CRYPTO_free(tree, __FILE__, 626);-
550-
551}
never executed: end of block
0
552int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,-
553 struct stack_st_X509 *certs,-
554 struct stack_st_ASN1_OBJECT *policy_oids, unsigned int flags)-
555{-
556 int init_ret;-
557 int ret;-
558 int calc_ret;-
559 X509_POLICY_TREE *tree = -
560 ((void *)0)-
561 ;-
562 struct stack_st_X509_POLICY_NODE *nodes, *auth_nodes = -
563 ((void *)0)-
564 ;-
565-
566 *ptree = -
567 ((void *)0)-
568 ;-
569 *pexplicit_policy = 0;-
570 init_ret = tree_init(&tree, certs, flags);-
571-
572 if (init_ret <= 0
init_ret <= 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
573 return
never executed: return init_ret;
 init_ret;
never executed: return init_ret;
0
574-
575 if ((
(init_ret & 4) == 0Description
TRUEnever evaluated
FALSEnever evaluated
init_ret & 4) == 0
(init_ret & 4) == 0Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
576 if (init_ret & 2
init_ret & 2Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
577 X509_policy_tree_free(tree);-
578 return
never executed: return 1;
 1;
never executed: return 1;
0
579 }-
580 }
never executed: end of block
 else {		0
581 *pexplicit_policy = 1;-
582-
583 if (init_ret & 2
init_ret & 2Description
TRUEnever evaluated
FALSEnever evaluated
)		0
584 return
never executed: return -2;
 -2;
never executed: return -2;
0
585 }
never executed: end of block
0
586-
587 ret = tree_evaluate(tree);-
588-
589-
590-
591 if (ret <= 0
ret <= 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
592 goto
never executed: goto error;
 error;
never executed: goto error;
0
593-
594 if (ret == 2
ret == 2Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
595 X509_policy_tree_free(tree);-
596 if (init_ret & 4
init_ret & 4Description
TRUEnever evaluated
FALSEnever evaluated
)		0
597 return
never executed: return -2;
 -2;
never executed: return -2;
0
598 return
never executed: return 1;
 1;
never executed: return 1;
0
599 }-
600-
601-
602-
603 if ((
(calc_ret = tr...h_nodes)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
calc_ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0
(calc_ret = tr...h_nodes)) == 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
604 goto
never executed: goto error;
 error;
never executed: goto error;
0
605 ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);-
606 if (calc_ret == 2
calc_ret == 2Description
TRUEnever evaluated
FALSEnever evaluated
)		0
607 sk_X509_POLICY_NODE_free(auth_nodes);
never executed: sk_X509_POLICY_NODE_free(auth_nodes);
0
608 if (!ret
!retDescription
TRUEnever evaluated
FALSEnever evaluated
)		0
609 goto
never executed: goto error;
 error;
never executed: goto error;
0
610-
611 *ptree = tree;-
612-
613 if (init_ret & 4
init_ret & 4Description
TRUEnever evaluated
FALSEnever evaluated
) {		0
614 nodes = X509_policy_tree_get0_user_policies(tree);-
615 if (sk_X509_POLICY_NODE_num(nodes) <= 0
sk_X509_POLICY...um(nodes) <= 0Description
TRUEnever evaluated
FALSEnever evaluated
)		0
616 return
never executed: return -2;
 -2;
never executed: return -2;
0
617 }
never executed: end of block
0
618 return
never executed: return 1;
 1;
never executed: return 1;
0
619-
620 error:-
621 X509_policy_tree_free(tree);-
622 return
never executed: return 0;
 0;
never executed: return 0;
0
623}-
Switch to Source codePreprocessed file
Generated by Squish Coco 4.2.2