OpenCoverage

pcy_cache.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/x509v3/pcy_cache.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/*-
2 * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.-
3 *-
4 * Licensed under the OpenSSL license (the "License"). You may not use-
5 * this file except in compliance with the License. You can obtain a copy-
6 * in the file LICENSE in the source distribution or at-
7 * https://www.openssl.org/source/license.html-
8 */-
9-
10#include "internal/cryptlib.h"-
11#include <openssl/x509.h>-
12#include <openssl/x509v3.h>-
13#include "internal/x509_int.h"-
14-
15#include "pcy_int.h"-
16-
17static int policy_data_cmp(const X509_POLICY_DATA *const *a,-
18 const X509_POLICY_DATA *const *b);-
19static int policy_cache_set_int(long *out, ASN1_INTEGER *value);-
20-
21/*-
22 * Set cache entry according to CertificatePolicies extension. Note: this-
23 * destroys the passed CERTIFICATEPOLICIES structure.-
24 */-
25-
26static int policy_cache_create(X509 *x,-
27 CERTIFICATEPOLICIES *policies, int crit)-
28{-
29 int i, num, ret = 0;-
30 X509_POLICY_CACHE *cache = x->policy_cache;-
31 X509_POLICY_DATA *data = NULL;-
32 POLICYINFO *policy;-
33-
34 if ((num = sk_POLICYINFO_num(policies)) <= 0)
(num = sk_POLI...olicies)) <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
35 goto bad_policy;
never executed: goto bad_policy;
0
36 cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);-
37 if (cache->data == NULL) {
cache->data == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
38 X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);-
39 goto just_cleanup;
never executed: goto just_cleanup;
0
40 }-
41 for (i = 0; i < num; i++) {
i < numDescription
TRUEnever evaluated
FALSEnever evaluated
0
42 policy = sk_POLICYINFO_value(policies, i);-
43 data = policy_data_new(policy, NULL, crit);-
44 if (data == NULL) {
data == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
45 X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);-
46 goto just_cleanup;
never executed: goto just_cleanup;
0
47 }-
48 /*-
49 * Duplicate policy OIDs are illegal: reject if matches found.-
50 */-
51 if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
OBJ_obj2nid(da...policy) == 746Description
TRUEnever evaluated
FALSEnever evaluated
0
52 if (cache->anyPolicy) {
cache->anyPolicyDescription
TRUEnever evaluated
FALSEnever evaluated
0
53 ret = -1;-
54 goto bad_policy;
never executed: goto bad_policy;
0
55 }-
56 cache->anyPolicy = data;-
57 } else if (sk_X509_POLICY_DATA_find(cache->data, data) >=0 ) {
never executed: end of block
sk_X509_POLICY...ata, data) >=0Description
TRUEnever evaluated
FALSEnever evaluated
0
58 ret = -1;-
59 goto bad_policy;
never executed: goto bad_policy;
0
60 } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
!sk_X509_POLIC...e->data, data)Description
TRUEnever evaluated
FALSEnever evaluated
0
61 X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);-
62 goto bad_policy;
never executed: goto bad_policy;
0
63 }-
64 data = NULL;-
65 }
never executed: end of block
0
66 ret = 1;-
67-
68 bad_policy:
code before this statement never executed: bad_policy:
0
69 if (ret == -1)
ret == -1Description
TRUEnever evaluated
FALSEnever evaluated
0
70 x->ex_flags |= EXFLAG_INVALID_POLICY;
never executed: x->ex_flags |= 0x800;
0
71 policy_data_free(data);-
72 just_cleanup:
code before this statement never executed: just_cleanup:
0
73 sk_POLICYINFO_pop_free(policies, POLICYINFO_free);-
74 if (ret <= 0) {
ret <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
75 sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);-
76 cache->data = NULL;-
77 }
never executed: end of block
0
78 return ret;
never executed: return ret;
0
79}-
80-
81static int policy_cache_new(X509 *x)-
82{-
83 X509_POLICY_CACHE *cache;-
84 ASN1_INTEGER *ext_any = NULL;-
85 POLICY_CONSTRAINTS *ext_pcons = NULL;-
86 CERTIFICATEPOLICIES *ext_cpols = NULL;-
87 POLICY_MAPPINGS *ext_pmaps = NULL;-
88 int i;-
89-
90 if (x->policy_cache != NULL)
x->policy_cache != ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
91 return 1;
never executed: return 1;
0
92 cache = OPENSSL_malloc(sizeof(*cache));-
93 if (cache == NULL) {
cache == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
94 X509V3err(X509V3_F_POLICY_CACHE_NEW, ERR_R_MALLOC_FAILURE);-
95 return 0;
never executed: return 0;
0
96 }-
97 cache->anyPolicy = NULL;-
98 cache->data = NULL;-
99 cache->any_skip = -1;-
100 cache->explicit_skip = -1;-
101 cache->map_skip = -1;-
102-
103 x->policy_cache = cache;-
104-
105 /*-
106 * Handle requireExplicitPolicy *first*. Need to process this even if we-
107 * don't have any policies.-
108 */-
109 ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);-
110-
111 if (!ext_pcons) {
!ext_pconsDescription
TRUEnever evaluated
FALSEnever evaluated
0
112 if (i != -1)
i != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
113 goto bad_cache;
never executed: goto bad_cache;
0
114 } else {
never executed: end of block
0
115 if (!ext_pcons->requireExplicitPolicy
!ext_pcons->re...ExplicitPolicyDescription
TRUEnever evaluated
FALSEnever evaluated
0
116 && !ext_pcons->inhibitPolicyMapping)
!ext_pcons->in...tPolicyMappingDescription
TRUEnever evaluated
FALSEnever evaluated
0
117 goto bad_cache;
never executed: goto bad_cache;
0
118 if (!policy_cache_set_int(&cache->explicit_skip,
!policy_cache_...xplicitPolicy)Description
TRUEnever evaluated
FALSEnever evaluated
0
119 ext_pcons->requireExplicitPolicy))
!policy_cache_...xplicitPolicy)Description
TRUEnever evaluated
FALSEnever evaluated
0
120 goto bad_cache;
never executed: goto bad_cache;
0
121 if (!policy_cache_set_int(&cache->map_skip,
!policy_cache_...PolicyMapping)Description
TRUEnever evaluated
FALSEnever evaluated
0
122 ext_pcons->inhibitPolicyMapping))
!policy_cache_...PolicyMapping)Description
TRUEnever evaluated
FALSEnever evaluated
0
123 goto bad_cache;
never executed: goto bad_cache;
0
124 }
never executed: end of block
0
125-
126 /* Process CertificatePolicies */-
127-
128 ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);-
129 /*-
130 * If no CertificatePolicies extension or problem decoding then there is-
131 * no point continuing because the valid policies will be NULL.-
132 */-
133 if (!ext_cpols) {
!ext_cpolsDescription
TRUEnever evaluated
FALSEnever evaluated
0
134 /* If not absent some problem with extension */-
135 if (i != -1)
i != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
136 goto bad_cache;
never executed: goto bad_cache;
0
137 return 1;
never executed: return 1;
0
138 }-
139-
140 i = policy_cache_create(x, ext_cpols, i);-
141-
142 /* NB: ext_cpols freed by policy_cache_set_policies */-
143-
144 if (i <= 0)
i <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
145 return i;
never executed: return i;
0
146-
147 ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);-
148-
149 if (!ext_pmaps) {
!ext_pmapsDescription
TRUEnever evaluated
FALSEnever evaluated
0
150 /* If not absent some problem with extension */-
151 if (i != -1)
i != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
152 goto bad_cache;
never executed: goto bad_cache;
0
153 } else {
never executed: end of block
0
154 i = policy_cache_set_mapping(x, ext_pmaps);-
155 if (i <= 0)
i <= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
156 goto bad_cache;
never executed: goto bad_cache;
0
157 }
never executed: end of block
0
158-
159 ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);-
160-
161 if (!ext_any) {
!ext_anyDescription
TRUEnever evaluated
FALSEnever evaluated
0
162 if (i != -1)
i != -1Description
TRUEnever evaluated
FALSEnever evaluated
0
163 goto bad_cache;
never executed: goto bad_cache;
0
164 } else if (!policy_cache_set_int(&cache->any_skip, ext_any))
never executed: end of block
!policy_cache_...skip, ext_any)Description
TRUEnever evaluated
FALSEnever evaluated
0
165 goto bad_cache;
never executed: goto bad_cache;
0
166 goto just_cleanup;
never executed: goto just_cleanup;
0
167-
168 bad_cache:-
169 x->ex_flags |= EXFLAG_INVALID_POLICY;-
170-
171 just_cleanup:
code before this statement never executed: just_cleanup:
0
172 POLICY_CONSTRAINTS_free(ext_pcons);-
173 ASN1_INTEGER_free(ext_any);-
174 return 1;
never executed: return 1;
0
175-
176}-
177-
178void policy_cache_free(X509_POLICY_CACHE *cache)-
179{-
180 if (!cache)
!cacheDescription
TRUEevaluated 39780 times by 1 test
Evaluated by:
  • libcrypto.so.1.1
FALSEnever evaluated
0-39780
181 return;
executed 39780 times by 1 test: return;
Executed by:
  • libcrypto.so.1.1
39780
182 policy_data_free(cache->anyPolicy);-
183 sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);-
184 OPENSSL_free(cache);-
185}
never executed: end of block
0
186-
187const X509_POLICY_CACHE *policy_cache_set(X509 *x)-
188{-
189-
190 if (x->policy_cache == NULL) {
x->policy_cache == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
191 CRYPTO_THREAD_write_lock(x->lock);-
192 policy_cache_new(x);-
193 CRYPTO_THREAD_unlock(x->lock);-
194 }
never executed: end of block
0
195-
196 return x->policy_cache;
never executed: return x->policy_cache;
0
197-
198}-
199-
200X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,-
201 const ASN1_OBJECT *id)-
202{-
203 int idx;-
204 X509_POLICY_DATA tmp;-
205 tmp.valid_policy = (ASN1_OBJECT *)id;-
206 idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);-
207 return sk_X509_POLICY_DATA_value(cache->data, idx);
never executed: return sk_X509_POLICY_DATA_value(cache->data, idx);
0
208}-
209-
210static int policy_data_cmp(const X509_POLICY_DATA *const *a,-
211 const X509_POLICY_DATA *const *b)-
212{-
213 return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
never executed: return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
0
214}-
215-
216static int policy_cache_set_int(long *out, ASN1_INTEGER *value)-
217{-
218 if (value == NULL)
value == ((void *)0)Description
TRUEnever evaluated
FALSEnever evaluated
0
219 return 1;
never executed: return 1;
0
220 if (value->type == V_ASN1_NEG_INTEGER)
value->type == (2 | 0x100)Description
TRUEnever evaluated
FALSEnever evaluated
0
221 return 0;
never executed: return 0;
0
222 *out = ASN1_INTEGER_get(value);-
223 return 1;
never executed: return 1;
0
224}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2