*
*/
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/x509.h>
#include <openssl/x509v3.h>
* explicit_policy value at this point.
*/
for (i = n - 2; i >= 0; i--) {
+ uint32_t ex_flags;
x = sk_X509_value(certs, i);
+ ex_flags = X509_get_extension_flags(x);
X509_check_purpose(x, -1, -1);
cache = policy_cache_set(x);
/* If cache NULL something bad happened: return immediately */
/*
* If inconsistent extensions keep a note of it but continue
*/
- if (x->ex_flags & EXFLAG_INVALID_POLICY)
+ if (ex_flags & EXFLAG_INVALID_POLICY)
ret = -1;
/*
* Otherwise if we have no data (hence no CertificatePolicies) and
else if ((ret == 1) && !cache->data)
ret = 2;
if (explicit_policy > 0) {
- if (!(x->ex_flags & EXFLAG_SI))
+ if (!(ex_flags & EXFLAG_SI))
explicit_policy--;
if ((cache->explicit_skip != -1)
&& (cache->explicit_skip < explicit_policy))
}
/* If we get this far initialize the tree */
-
- tree = OPENSSL_malloc(sizeof(*tree));
-
+ tree = OPENSSL_zalloc(sizeof(*tree));
if (!tree)
return 0;
-
- tree->flags = 0;
- tree->levels = OPENSSL_malloc(sizeof(*tree->levels) * n);
- tree->nlevel = 0;
- tree->extra_data = NULL;
- tree->auth_policies = NULL;
- tree->user_policies = NULL;
-
+ tree->levels = OPENSSL_zalloc(sizeof(*tree->levels) * n);
if (!tree->levels) {
OPENSSL_free(tree);
return 0;
}
-
- memset(tree->levels, 0, sizeof(*tree->levels) * n);
tree->nlevel = n;
level = tree->levels;
goto bad_tree;
for (i = n - 2; i >= 0; i--) {
+ uint32_t ex_flags;
level++;
x = sk_X509_value(certs, i);
+ ex_flags = X509_get_extension_flags(x);
cache = policy_cache_set(x);
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(x);
level->cert = x;
if (!cache->anyPolicy)
* Any matching allowed if certificate is self issued and not the
* last in the chain.
*/
- if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
+ if (!(ex_flags & EXFLAG_SI) || (i == 0))
level->flags |= X509_V_FLAG_INHIBIT_ANY;
} else {
- if (!(x->ex_flags & EXFLAG_SI))
+ if (!(ex_flags & EXFLAG_SI))
any_skip--;
if ((cache->any_skip >= 0)
&& (cache->any_skip < any_skip))
if (map_skip == 0)
level->flags |= X509_V_FLAG_INHIBIT_MAP;
else {
- if (!(x->ex_flags & EXFLAG_SI))
+ if (!(ex_flags & EXFLAG_SI))
map_skip--;
if ((cache->map_skip >= 0)
&& (cache->map_skip < map_skip))
* If no anyPolicy node on this this level it can't appear on lower
* levels so end search.
*/
- if (!(anyptr = curr->anyPolicy))
+ if ((anyptr = curr->anyPolicy) == NULL)
break;
curr++;
for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) {