- unsigned int flags)
- {
- X509_POLICY_TREE *tree;
- X509_POLICY_LEVEL *level;
- const X509_POLICY_CACHE *cache;
- X509_POLICY_DATA *data = NULL;
- X509 *x;
- int ret = 1;
- int i, n;
- int explicit_policy;
- int any_skip;
- int map_skip;
- *ptree = NULL;
- n = sk_X509_num(certs);
-
-#if 0
- /* Disable policy mapping for now... */
- flags |= X509_V_FLAG_INHIBIT_MAP;
-#endif
-
- if (flags & X509_V_FLAG_EXPLICIT_POLICY)
- explicit_policy = 0;
- else
- explicit_policy = n + 1;
-
- if (flags & X509_V_FLAG_INHIBIT_ANY)
- any_skip = 0;
- else
- any_skip = n + 1;
-
- if (flags & X509_V_FLAG_INHIBIT_MAP)
- map_skip = 0;
- else
- map_skip = n + 1;
-
- /* Can't do anything with just a trust anchor */
- if (n == 1)
- return 1;
- /* First setup policy cache in all certificates apart from the
- * trust anchor. Note any bad cache results on the way. Also can
- * calculate explicit_policy value at this point.
- */
- for (i = n - 2; i >= 0; i--)
- {
- x = sk_X509_value(certs, i);
- X509_check_purpose(x, -1, -1);
- cache = policy_cache_set(x);
- /* If cache NULL something bad happened: return immediately */
- if (cache == NULL)
- return 0;
- /* If inconsistent extensions keep a note of it but continue */
- if (x->ex_flags & EXFLAG_INVALID_POLICY)
- ret = -1;
- /* Otherwise if we have no data (hence no CertificatePolicies)
- * and haven't already set an inconsistent code note it.
- */
- else if ((ret == 1) && !cache->data)
- ret = 2;
- if (explicit_policy > 0)
- {
- if (!(x->ex_flags & EXFLAG_SI))
- explicit_policy--;
- if ((cache->explicit_skip != -1)
- && (cache->explicit_skip < explicit_policy))
- explicit_policy = cache->explicit_skip;
- }
- }
-
- if (ret != 1)
- {
- if (ret == 2 && !explicit_policy)
- return 6;
- return ret;
- }
-
-
- /* If we get this far initialize the tree */
-
- tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE));
-
- if (!tree)
- return 0;
-
- tree->flags = 0;
- tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n);
- tree->nlevel = 0;
- tree->extra_data = NULL;
- tree->auth_policies = NULL;
- tree->user_policies = NULL;
-
- if (!tree->levels)
- {
- OPENSSL_free(tree);
- return 0;
- }
-
- memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL));
-
- tree->nlevel = n;
-
- level = tree->levels;
-
- /* Root data: initialize to anyPolicy */
-
- data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0);
-
- if (!data || !level_add_node(level, data, NULL, tree))
- goto bad_tree;
-
- for (i = n - 2; i >= 0; i--)
- {
- level++;
- x = sk_X509_value(certs, i);
- cache = policy_cache_set(x);
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
- level->cert = x;
-
- if (!cache->anyPolicy)
- level->flags |= X509_V_FLAG_INHIBIT_ANY;
-
- /* Determine inhibit any and inhibit map flags */
- if (any_skip == 0)
- {
- /* Any matching allowed if certificate is self
- * issued and not the last in the chain.
- */
- if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
- level->flags |= X509_V_FLAG_INHIBIT_ANY;
- }
- else
- {
- if (!(x->ex_flags & EXFLAG_SI))
- any_skip--;
- if ((cache->any_skip >= 0)
- && (cache->any_skip < any_skip))
- any_skip = cache->any_skip;
- }
-
- if (map_skip == 0)
- level->flags |= X509_V_FLAG_INHIBIT_MAP;
- else
- {
- if (!(x->ex_flags & EXFLAG_SI))
- map_skip--;
- if ((cache->map_skip >= 0)
- && (cache->map_skip < map_skip))
- map_skip = cache->map_skip;
- }
-
- }
-
- *ptree = tree;
-
- if (explicit_policy)
- return 1;
- else
- return 5;
-
- bad_tree:
-
- X509_policy_tree_free(tree);
-
- return 0;
-
- }
-
+ unsigned int flags)
+{
+ X509_POLICY_TREE *tree;
+ X509_POLICY_LEVEL *level;
+ const X509_POLICY_CACHE *cache;
+ X509_POLICY_DATA *data = NULL;
+ int ret = X509_PCY_TREE_VALID;
+ int n = sk_X509_num(certs) - 1; /* RFC5280 paths omit the TA */
+ int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n+1;
+ int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n+1;
+ int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n+1;
+ int i;
+
+ *ptree = NULL;
+
+ /* Can't do anything with just a trust anchor */
+ if (n == 0)
+ return X509_PCY_TREE_EMPTY;
+
+ /*
+ * First setup the policy cache in all n non-TA certificates, this will be
+ * used in X509_verify_cert() which will invoke the verify callback for all
+ * certificates with invalid policy extensions.
+ */
+ for (i = n - 1; i >= 0; i--) {
+ X509 *x = sk_X509_value(certs, i);
+
+ /* Call for side-effect of computing hash and caching extensions */
+ X509_check_purpose(x, -1, 0);
+
+ /* If cache is NULL, likely ENOMEM: return immediately */
+ if (policy_cache_set(x) == NULL)
+ return X509_PCY_TREE_INTERNAL;
+ }
+
+ /*
+ * At this point check for invalid policies and required explicit policy.
+ * Note that the explicit_policy counter is a count-down to zero, with the
+ * requirement kicking in if and once it does that. The counter is
+ * decremented for every non-self-issued certificate in the path, but may
+ * be further reduced by policy constraints in a non-leaf certificate.
+ *
+ * The ultimate policy set is the intersection of all the policies along
+ * the path, if we hit a certificate with an empty policy set, and explicit
+ * policy is required we're done.
+ */
+ for (i = n - 1;
+ i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0);
+ i--) {
+ X509 *x = sk_X509_value(certs, i);
+ uint32_t ex_flags = X509_get_extension_flags(x);
+
+ /* All the policies are already cached, we can return early */
+ if (ex_flags & EXFLAG_INVALID_POLICY)
+ return X509_PCY_TREE_INVALID;
+
+ /* Access the cache which we now know exists */
+ cache = policy_cache_set(x);
+
+ if ((ret & X509_PCY_TREE_VALID) && cache->data == NULL)
+ ret = X509_PCY_TREE_EMPTY;
+ if (explicit_policy > 0) {
+ if (!(ex_flags & EXFLAG_SI))
+ explicit_policy--;
+ if ((cache->explicit_skip >= 0)
+ && (cache->explicit_skip < explicit_policy))
+ explicit_policy = cache->explicit_skip;
+ }
+ }
+
+ if (explicit_policy == 0)
+ ret |= X509_PCY_TREE_EXPLICIT;
+ if ((ret & X509_PCY_TREE_VALID) == 0)
+ return ret;
+
+ /* If we get this far initialize the tree */
+ if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL)
+ return X509_PCY_TREE_INTERNAL;
+
+ /*
+ * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+ *
+ * The top level is implicitly for the trust anchor with valid expected
+ * policies of anyPolicy. (RFC 5280 has the TA at depth 0 and the leaf at
+ * depth n, we have the leaf at depth 0 and the TA at depth n).
+ */
+ if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) {
+ OPENSSL_free(tree);
+ return X509_PCY_TREE_INTERNAL;
+ }
+ tree->nlevel = n+1;
+ level = tree->levels;
+ if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+ goto bad_tree;
+ if (level_add_node(level, data, NULL, tree) == NULL) {
+ policy_data_free(data);
+ goto bad_tree;
+ }
+
+ /*
+ * In this pass initialize all the tree levels and whether anyPolicy and
+ * policy mapping are inhibited at each level.
+ */
+ for (i = n - 1; i >= 0; i--) {
+ X509 *x = sk_X509_value(certs, i);
+ uint32_t ex_flags = X509_get_extension_flags(x);
+
+ /* Access the cache which we now know exists */
+ cache = policy_cache_set(x);
+
+ X509_up_ref(x);
+ (++level)->cert = x;
+
+ if (!cache->anyPolicy)
+ level->flags |= X509_V_FLAG_INHIBIT_ANY;
+
+ /* Determine inhibit any and inhibit map flags */
+ if (any_skip == 0) {
+ /*
+ * Any matching allowed only if certificate is self issued and not
+ * the last in the chain.
+ */
+ if (!(ex_flags & EXFLAG_SI) || (i == 0))
+ level->flags |= X509_V_FLAG_INHIBIT_ANY;
+ } else {
+ if (!(ex_flags & EXFLAG_SI))
+ any_skip--;
+ if ((cache->any_skip >= 0) && (cache->any_skip < any_skip))
+ any_skip = cache->any_skip;
+ }
+
+ if (map_skip == 0)
+ level->flags |= X509_V_FLAG_INHIBIT_MAP;
+ else {
+ if (!(ex_flags & EXFLAG_SI))
+ map_skip--;
+ if ((cache->map_skip >= 0) && (cache->map_skip < map_skip))
+ map_skip = cache->map_skip;
+ }
+ }
+
+ *ptree = tree;
+ return ret;
+
+ bad_tree:
+ X509_policy_tree_free(tree);
+ return X509_PCY_TREE_INTERNAL;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise
+ */