Absolute File Name: | /home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/x509v3/pcy_cache.c |
Source code | Switch to Preprocessed file |
Line | Source | Count | ||||||
---|---|---|---|---|---|---|---|---|
1 | /* | - | ||||||
2 | * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. | - | ||||||
3 | * | - | ||||||
4 | * Licensed under the OpenSSL license (the "License"). You may not use | - | ||||||
5 | * this file except in compliance with the License. You can obtain a copy | - | ||||||
6 | * in the file LICENSE in the source distribution or at | - | ||||||
7 | * https://www.openssl.org/source/license.html | - | ||||||
8 | */ | - | ||||||
9 | - | |||||||
10 | #include "internal/cryptlib.h" | - | ||||||
11 | #include <openssl/x509.h> | - | ||||||
12 | #include <openssl/x509v3.h> | - | ||||||
13 | #include "internal/x509_int.h" | - | ||||||
14 | - | |||||||
15 | #include "pcy_int.h" | - | ||||||
16 | - | |||||||
17 | static int policy_data_cmp(const X509_POLICY_DATA *const *a, | - | ||||||
18 | const X509_POLICY_DATA *const *b); | - | ||||||
19 | static int policy_cache_set_int(long *out, ASN1_INTEGER *value); | - | ||||||
20 | - | |||||||
21 | /* | - | ||||||
22 | * Set cache entry according to CertificatePolicies extension. Note: this | - | ||||||
23 | * destroys the passed CERTIFICATEPOLICIES structure. | - | ||||||
24 | */ | - | ||||||
25 | - | |||||||
26 | static int policy_cache_create(X509 *x, | - | ||||||
27 | CERTIFICATEPOLICIES *policies, int crit) | - | ||||||
28 | { | - | ||||||
29 | int i, num, ret = 0; | - | ||||||
30 | X509_POLICY_CACHE *cache = x->policy_cache; | - | ||||||
31 | X509_POLICY_DATA *data = NULL; | - | ||||||
32 | POLICYINFO *policy; | - | ||||||
33 | - | |||||||
34 | if ((num = sk_POLICYINFO_num(policies)) <= 0)
| 0 | ||||||
35 | goto bad_policy; never executed: goto bad_policy; | 0 | ||||||
36 | cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); | - | ||||||
37 | if (cache->data == NULL) {
| 0 | ||||||
38 | X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE); | - | ||||||
39 | goto just_cleanup; never executed: goto just_cleanup; | 0 | ||||||
40 | } | - | ||||||
41 | for (i = 0; i < num; i++) {
| 0 | ||||||
42 | policy = sk_POLICYINFO_value(policies, i); | - | ||||||
43 | data = policy_data_new(policy, NULL, crit); | - | ||||||
44 | if (data == NULL) {
| 0 | ||||||
45 | X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE); | - | ||||||
46 | goto just_cleanup; never executed: goto just_cleanup; | 0 | ||||||
47 | } | - | ||||||
48 | /* | - | ||||||
49 | * Duplicate policy OIDs are illegal: reject if matches found. | - | ||||||
50 | */ | - | ||||||
51 | if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
| 0 | ||||||
52 | if (cache->anyPolicy) {
| 0 | ||||||
53 | ret = -1; | - | ||||||
54 | goto bad_policy; never executed: goto bad_policy; | 0 | ||||||
55 | } | - | ||||||
56 | cache->anyPolicy = data; | - | ||||||
57 | } else if (sk_X509_POLICY_DATA_find(cache->data, data) >=0 ) { never executed: end of block
| 0 | ||||||
58 | ret = -1; | - | ||||||
59 | goto bad_policy; never executed: goto bad_policy; | 0 | ||||||
60 | } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
| 0 | ||||||
61 | X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE); | - | ||||||
62 | goto bad_policy; never executed: goto bad_policy; | 0 | ||||||
63 | } | - | ||||||
64 | data = NULL; | - | ||||||
65 | } never executed: end of block | 0 | ||||||
66 | ret = 1; | - | ||||||
67 | - | |||||||
68 | bad_policy: code before this statement never executed: bad_policy: | 0 | ||||||
69 | if (ret == -1)
| 0 | ||||||
70 | x->ex_flags |= EXFLAG_INVALID_POLICY; never executed: x->ex_flags |= 0x800; | 0 | ||||||
71 | policy_data_free(data); | - | ||||||
72 | just_cleanup: code before this statement never executed: just_cleanup: | 0 | ||||||
73 | sk_POLICYINFO_pop_free(policies, POLICYINFO_free); | - | ||||||
74 | if (ret <= 0) {
| 0 | ||||||
75 | sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); | - | ||||||
76 | cache->data = NULL; | - | ||||||
77 | } never executed: end of block | 0 | ||||||
78 | return ret; never executed: return ret; | 0 | ||||||
79 | } | - | ||||||
80 | - | |||||||
81 | static int policy_cache_new(X509 *x) | - | ||||||
82 | { | - | ||||||
83 | X509_POLICY_CACHE *cache; | - | ||||||
84 | ASN1_INTEGER *ext_any = NULL; | - | ||||||
85 | POLICY_CONSTRAINTS *ext_pcons = NULL; | - | ||||||
86 | CERTIFICATEPOLICIES *ext_cpols = NULL; | - | ||||||
87 | POLICY_MAPPINGS *ext_pmaps = NULL; | - | ||||||
88 | int i; | - | ||||||
89 | - | |||||||
90 | if (x->policy_cache != NULL)
| 0 | ||||||
91 | return 1; never executed: return 1; | 0 | ||||||
92 | cache = OPENSSL_malloc(sizeof(*cache)); | - | ||||||
93 | if (cache == NULL) {
| 0 | ||||||
94 | X509V3err(X509V3_F_POLICY_CACHE_NEW, ERR_R_MALLOC_FAILURE); | - | ||||||
95 | return 0; never executed: return 0; | 0 | ||||||
96 | } | - | ||||||
97 | cache->anyPolicy = NULL; | - | ||||||
98 | cache->data = NULL; | - | ||||||
99 | cache->any_skip = -1; | - | ||||||
100 | cache->explicit_skip = -1; | - | ||||||
101 | cache->map_skip = -1; | - | ||||||
102 | - | |||||||
103 | x->policy_cache = cache; | - | ||||||
104 | - | |||||||
105 | /* | - | ||||||
106 | * Handle requireExplicitPolicy *first*. Need to process this even if we | - | ||||||
107 | * don't have any policies. | - | ||||||
108 | */ | - | ||||||
109 | ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); | - | ||||||
110 | - | |||||||
111 | if (!ext_pcons) {
| 0 | ||||||
112 | if (i != -1)
| 0 | ||||||
113 | goto bad_cache; never executed: goto bad_cache; | 0 | ||||||
114 | } else { never executed: end of block | 0 | ||||||
115 | if (!ext_pcons->requireExplicitPolicy
| 0 | ||||||
116 | && !ext_pcons->inhibitPolicyMapping)
| 0 | ||||||
117 | goto bad_cache; never executed: goto bad_cache; | 0 | ||||||
118 | if (!policy_cache_set_int(&cache->explicit_skip,
| 0 | ||||||
119 | ext_pcons->requireExplicitPolicy))
| 0 | ||||||
120 | goto bad_cache; never executed: goto bad_cache; | 0 | ||||||
121 | if (!policy_cache_set_int(&cache->map_skip,
| 0 | ||||||
122 | ext_pcons->inhibitPolicyMapping))
| 0 | ||||||
123 | goto bad_cache; never executed: goto bad_cache; | 0 | ||||||
124 | } never executed: end of block | 0 | ||||||
125 | - | |||||||
126 | /* Process CertificatePolicies */ | - | ||||||
127 | - | |||||||
128 | ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL); | - | ||||||
129 | /* | - | ||||||
130 | * If no CertificatePolicies extension or problem decoding then there is | - | ||||||
131 | * no point continuing because the valid policies will be NULL. | - | ||||||
132 | */ | - | ||||||
133 | if (!ext_cpols) {
| 0 | ||||||
134 | /* If not absent some problem with extension */ | - | ||||||
135 | if (i != -1)
| 0 | ||||||
136 | goto bad_cache; never executed: goto bad_cache; | 0 | ||||||
137 | return 1; never executed: return 1; | 0 | ||||||
138 | } | - | ||||||
139 | - | |||||||
140 | i = policy_cache_create(x, ext_cpols, i); | - | ||||||
141 | - | |||||||
142 | /* NB: ext_cpols freed by policy_cache_set_policies */ | - | ||||||
143 | - | |||||||
144 | if (i <= 0)
| 0 | ||||||
145 | return i; never executed: return i; | 0 | ||||||
146 | - | |||||||
147 | ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); | - | ||||||
148 | - | |||||||
149 | if (!ext_pmaps) {
| 0 | ||||||
150 | /* If not absent some problem with extension */ | - | ||||||
151 | if (i != -1)
| 0 | ||||||
152 | goto bad_cache; never executed: goto bad_cache; | 0 | ||||||
153 | } else { never executed: end of block | 0 | ||||||
154 | i = policy_cache_set_mapping(x, ext_pmaps); | - | ||||||
155 | if (i <= 0)
| 0 | ||||||
156 | goto bad_cache; never executed: goto bad_cache; | 0 | ||||||
157 | } never executed: end of block | 0 | ||||||
158 | - | |||||||
159 | ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); | - | ||||||
160 | - | |||||||
161 | if (!ext_any) {
| 0 | ||||||
162 | if (i != -1)
| 0 | ||||||
163 | goto bad_cache; never executed: goto bad_cache; | 0 | ||||||
164 | } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) never executed: end of block
| 0 | ||||||
165 | goto bad_cache; never executed: goto bad_cache; | 0 | ||||||
166 | goto just_cleanup; never executed: goto just_cleanup; | 0 | ||||||
167 | - | |||||||
168 | bad_cache: | - | ||||||
169 | x->ex_flags |= EXFLAG_INVALID_POLICY; | - | ||||||
170 | - | |||||||
171 | just_cleanup: code before this statement never executed: just_cleanup: | 0 | ||||||
172 | POLICY_CONSTRAINTS_free(ext_pcons); | - | ||||||
173 | ASN1_INTEGER_free(ext_any); | - | ||||||
174 | return 1; never executed: return 1; | 0 | ||||||
175 | - | |||||||
176 | } | - | ||||||
177 | - | |||||||
178 | void policy_cache_free(X509_POLICY_CACHE *cache) | - | ||||||
179 | { | - | ||||||
180 | if (!cache)
| 0-39780 | ||||||
181 | return; executed 39780 times by 1 test: return; Executed by:
| 39780 | ||||||
182 | policy_data_free(cache->anyPolicy); | - | ||||||
183 | sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); | - | ||||||
184 | OPENSSL_free(cache); | - | ||||||
185 | } never executed: end of block | 0 | ||||||
186 | - | |||||||
187 | const X509_POLICY_CACHE *policy_cache_set(X509 *x) | - | ||||||
188 | { | - | ||||||
189 | - | |||||||
190 | if (x->policy_cache == NULL) {
| 0 | ||||||
191 | CRYPTO_THREAD_write_lock(x->lock); | - | ||||||
192 | policy_cache_new(x); | - | ||||||
193 | CRYPTO_THREAD_unlock(x->lock); | - | ||||||
194 | } never executed: end of block | 0 | ||||||
195 | - | |||||||
196 | return x->policy_cache; never executed: return x->policy_cache; | 0 | ||||||
197 | - | |||||||
198 | } | - | ||||||
199 | - | |||||||
200 | X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, | - | ||||||
201 | const ASN1_OBJECT *id) | - | ||||||
202 | { | - | ||||||
203 | int idx; | - | ||||||
204 | X509_POLICY_DATA tmp; | - | ||||||
205 | tmp.valid_policy = (ASN1_OBJECT *)id; | - | ||||||
206 | idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); | - | ||||||
207 | return sk_X509_POLICY_DATA_value(cache->data, idx); never executed: return sk_X509_POLICY_DATA_value(cache->data, idx); | 0 | ||||||
208 | } | - | ||||||
209 | - | |||||||
210 | static int policy_data_cmp(const X509_POLICY_DATA *const *a, | - | ||||||
211 | const X509_POLICY_DATA *const *b) | - | ||||||
212 | { | - | ||||||
213 | return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); never executed: return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); | 0 | ||||||
214 | } | - | ||||||
215 | - | |||||||
216 | static int policy_cache_set_int(long *out, ASN1_INTEGER *value) | - | ||||||
217 | { | - | ||||||
218 | if (value == NULL)
| 0 | ||||||
219 | return 1; never executed: return 1; | 0 | ||||||
220 | if (value->type == V_ASN1_NEG_INTEGER)
| 0 | ||||||
221 | return 0; never executed: return 0; | 0 | ||||||
222 | *out = ASN1_INTEGER_get(value); | - | ||||||
223 | return 1; never executed: return 1; | 0 | ||||||
224 | } | - | ||||||
Source code | Switch to Preprocessed file |