← Back to branch summary

~cyphermox/shim/0.9git

« back to all changes in this revision

Viewing changes to Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c

  • Committer: Mathieu Trudel-Lapierre
  • Date: 2016-07-26 16:03:25 UTC
  • mfrom: (0.1.7)
  • Revision ID: mathieu.trudel-lapierre@canonical.com-20160726160325-y702pvbyiy4t2buq
New upstream release.

Show diffs side-by-side

added added

removed removed

Lines of Context:
Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c
1
1
/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
2
 
/* Contributed to the OpenSSL Project 2004
3
 
 * by Richard Levitte (richard@levitte.org)
 
2
/*
 
3
 * Contributed to the OpenSSL Project 2004 by Richard Levitte
 
4
 * (richard@levitte.org)
4
5
 */
5
6
/* Copyright (c) 2004 Kungliga Tekniska H�gskolan
6
7
 * (Royal Institute of Technology, Stockholm, Sweden).
40
41
#include <openssl/x509v3.h>
41
42
 
42
43
static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
43
 
        BIO *out, int indent);
 
44
                   BIO *out, int indent);
44
45
static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
45
 
        X509V3_CTX *ctx, char *str);
 
46
                                          X509V3_CTX *ctx, char *str);
46
47
 
47
48
const X509V3_EXT_METHOD v3_pci =
48
 
        { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
49
 
          0,0,0,0,
50
 
          0,0,
51
 
          NULL, NULL,
52
 
          (X509V3_EXT_I2R)i2r_pci,
53
 
          (X509V3_EXT_R2I)r2i_pci,
54
 
          NULL,
55
 
        };
 
49
    { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
 
50
    0, 0, 0, 0,
 
51
    0, 0,
 
52
    NULL, NULL,
 
53
    (X509V3_EXT_I2R)i2r_pci,
 
54
    (X509V3_EXT_R2I)r2i_pci,
 
55
    NULL,
 
56
};
56
57
 
57
58
static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
58
 
        BIO *out, int indent)
59
 
        {
60
 
        BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
61
 
        if (pci->pcPathLengthConstraint)
62
 
          i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
63
 
        else
64
 
          BIO_printf(out, "infinite");
65
 
        BIO_puts(out, "\n");
66
 
        BIO_printf(out, "%*sPolicy Language: ", indent, "");
67
 
        i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
68
 
        BIO_puts(out, "\n");
69
 
        if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
70
 
          BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
71
 
                     pci->proxyPolicy->policy->data);
72
 
        return 1;
73
 
        }
 
59
                   BIO *out, int indent)
 
60
{
 
61
    BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
 
62
    if (pci->pcPathLengthConstraint)
 
63
        i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
 
64
    else
 
65
        BIO_printf(out, "infinite");
 
66
    BIO_puts(out, "\n");
 
67
    BIO_printf(out, "%*sPolicy Language: ", indent, "");
 
68
    i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
 
69
    BIO_puts(out, "\n");
 
70
    if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
 
71
        BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
 
72
                   pci->proxyPolicy->policy->data);
 
73
    return 1;
 
74
}
74
75
 
75
76
static int process_pci_value(CONF_VALUE *val,
76
 
        ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
77
 
        ASN1_OCTET_STRING **policy)
78
 
        {
79
 
        int free_policy = 0;
80
 
 
81
 
        if (strcmp(val->name, "language") == 0)
82
 
                {
83
 
                if (*language)
84
 
                        {
85
 
                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
86
 
                        X509V3_conf_err(val);
87
 
                        return 0;
88
 
                        }
89
 
                if (!(*language = OBJ_txt2obj(val->value, 0)))
90
 
                        {
91
 
                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
92
 
                        X509V3_conf_err(val);
93
 
                        return 0;
94
 
                        }
95
 
                }
96
 
        else if (strcmp(val->name, "pathlen") == 0)
97
 
                {
98
 
                if (*pathlen)
99
 
                        {
100
 
                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
101
 
                        X509V3_conf_err(val);
102
 
                        return 0;
103
 
                        }
104
 
                if (!X509V3_get_value_int(val, pathlen))
105
 
                        {
106
 
                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);
107
 
                        X509V3_conf_err(val);
108
 
                        return 0;
109
 
                        }
110
 
                }
111
 
        else if (strcmp(val->name, "policy") == 0)
112
 
                {
113
 
                unsigned char *tmp_data = NULL;
114
 
                long val_len;
115
 
                if (!*policy)
116
 
                        {
117
 
                        *policy = ASN1_OCTET_STRING_new();
118
 
                        if (!*policy)
119
 
                                {
120
 
                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
121
 
                                X509V3_conf_err(val);
122
 
                                return 0;
123
 
                                }
124
 
                        free_policy = 1;
125
 
                        }
126
 
                if (strncmp(val->value, "hex:", 4) == 0)
127
 
                        {
128
 
                        unsigned char *tmp_data2 =
129
 
                                string_to_hex(val->value + 4, &val_len);
130
 
 
131
 
                        if (!tmp_data2) 
132
 
                                {
133
 
                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
134
 
                                X509V3_conf_err(val);
135
 
                                goto err;
136
 
                                }
137
 
 
138
 
                        tmp_data = OPENSSL_realloc((*policy)->data,
139
 
                                (*policy)->length + val_len + 1);
140
 
                        if (tmp_data)
141
 
                                {
142
 
                                (*policy)->data = tmp_data;
143
 
                                memcpy(&(*policy)->data[(*policy)->length],
144
 
                                        tmp_data2, val_len);
145
 
                                (*policy)->length += val_len;
146
 
                                (*policy)->data[(*policy)->length] = '\0';
147
 
                                }
148
 
                        else
149
 
                                {
150
 
                                OPENSSL_free(tmp_data2);
151
 
                                /* realloc failure implies the original data space is b0rked too! */
152
 
                                (*policy)->data = NULL;
153
 
                                (*policy)->length = 0;
154
 
                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
155
 
                                X509V3_conf_err(val);
156
 
                                goto err;
157
 
                                }
158
 
                        OPENSSL_free(tmp_data2);
159
 
                        }
160
 
#ifndef OPENSSL_NO_STDIO
161
 
                else if (strncmp(val->value, "file:", 5) == 0)
162
 
                        {
163
 
                        unsigned char buf[2048];
164
 
                        int n;
165
 
                        BIO *b = BIO_new_file(val->value + 5, "r");
166
 
                        if (!b)
167
 
                                {
168
 
                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
169
 
                                X509V3_conf_err(val);
170
 
                                goto err;
171
 
                                }
172
 
                        while((n = BIO_read(b, buf, sizeof(buf))) > 0
173
 
                                || (n == 0 && BIO_should_retry(b)))
174
 
                                {
175
 
                                if (!n) continue;
176
 
 
177
 
                                tmp_data = OPENSSL_realloc((*policy)->data,
178
 
                                        (*policy)->length + n + 1);
179
 
 
180
 
                                if (!tmp_data)
181
 
                                        break;
182
 
 
183
 
                                (*policy)->data = tmp_data;
184
 
                                memcpy(&(*policy)->data[(*policy)->length],
185
 
                                        buf, n);
186
 
                                (*policy)->length += n;
187
 
                                (*policy)->data[(*policy)->length] = '\0';
188
 
                                }
189
 
                        BIO_free_all(b);
190
 
 
191
 
                        if (n < 0)
192
 
                                {
193
 
                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
194
 
                                X509V3_conf_err(val);
195
 
                                goto err;
196
 
                                }
197
 
                        }
198
 
#endif
199
 
                else if (strncmp(val->value, "text:", 5) == 0)
200
 
                        {
201
 
                        val_len = strlen(val->value + 5);
202
 
                        tmp_data = OPENSSL_realloc((*policy)->data,
203
 
                                (*policy)->length + val_len + 1);
204
 
                        if (tmp_data)
205
 
                                {
206
 
                                (*policy)->data = tmp_data;
207
 
                                memcpy(&(*policy)->data[(*policy)->length],
208
 
                                        val->value + 5, val_len);
209
 
                                (*policy)->length += val_len;
210
 
                                (*policy)->data[(*policy)->length] = '\0';
211
 
                                }
212
 
                        else
213
 
                                {
214
 
                                /* realloc failure implies the original data space is b0rked too! */
215
 
                                (*policy)->data = NULL;
216
 
                                (*policy)->length = 0;
217
 
                                X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
218
 
                                X509V3_conf_err(val);
219
 
                                goto err;
220
 
                                }
221
 
                        }
222
 
                else
223
 
                        {
224
 
                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
225
 
                        X509V3_conf_err(val);
226
 
                        goto err;
227
 
                        }
228
 
                if (!tmp_data)
229
 
                        {
230
 
                        X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
231
 
                        X509V3_conf_err(val);
232
 
                        goto err;
233
 
                        }
234
 
                }
235
 
        return 1;
236
 
err:
237
 
        if (free_policy)
238
 
                {
239
 
                ASN1_OCTET_STRING_free(*policy);
240
 
                *policy = NULL;
241
 
                }
242
 
        return 0;
243
 
        }
 
77
                             ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
 
78
                             ASN1_OCTET_STRING **policy)
 
79
{
 
80
    int free_policy = 0;
 
81
 
 
82
    if (strcmp(val->name, "language") == 0) {
 
83
        if (*language) {
 
84
            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
 
85
                      X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
 
86
            X509V3_conf_err(val);
 
87
            return 0;
 
88
        }
 
89
        if (!(*language = OBJ_txt2obj(val->value, 0))) {
 
90
            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
 
91
                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
 
92
            X509V3_conf_err(val);
 
93
            return 0;
 
94
        }
 
95
    } else if (strcmp(val->name, "pathlen") == 0) {
 
96
        if (*pathlen) {
 
97
            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
 
98
                      X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
 
99
            X509V3_conf_err(val);
 
100
            return 0;
 
101
        }
 
102
        if (!X509V3_get_value_int(val, pathlen)) {
 
103
            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
 
104
                      X509V3_R_POLICY_PATH_LENGTH);
 
105
            X509V3_conf_err(val);
 
106
            return 0;
 
107
        }
 
108
    } else if (strcmp(val->name, "policy") == 0) {
 
109
        unsigned char *tmp_data = NULL;
 
110
        long val_len;
 
111
        if (!*policy) {
 
112
            *policy = ASN1_OCTET_STRING_new();
 
113
            if (!*policy) {
 
114
                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
 
115
                X509V3_conf_err(val);
 
116
                return 0;
 
117
            }
 
118
            free_policy = 1;
 
119
        }
 
120
        if (strncmp(val->value, "hex:", 4) == 0) {
 
121
            unsigned char *tmp_data2 =
 
122
                string_to_hex(val->value + 4, &val_len);
 
123
 
 
124
            if (!tmp_data2) {
 
125
                X509V3err(X509V3_F_PROCESS_PCI_VALUE,
 
126
                          X509V3_R_ILLEGAL_HEX_DIGIT);
 
127
                X509V3_conf_err(val);
 
128
                goto err;
 
129
            }
 
130
 
 
131
            tmp_data = OPENSSL_realloc((*policy)->data,
 
132
                                       (*policy)->length + val_len + 1);
 
133
            if (tmp_data) {
 
134
                (*policy)->data = tmp_data;
 
135
                memcpy(&(*policy)->data[(*policy)->length],
 
136
                       tmp_data2, val_len);
 
137
                (*policy)->length += val_len;
 
138
                (*policy)->data[(*policy)->length] = '\0';
 
139
            } else {
 
140
                OPENSSL_free(tmp_data2);
 
141
                /*
 
142
                 * realloc failure implies the original data space is b0rked
 
143
                 * too!
 
144
                 */
 
145
                (*policy)->data = NULL;
 
146
                (*policy)->length = 0;
 
147
                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
 
148
                X509V3_conf_err(val);
 
149
                goto err;
 
150
            }
 
151
            OPENSSL_free(tmp_data2);
 
152
        } else if (strncmp(val->value, "file:", 5) == 0) {
 
153
            unsigned char buf[2048];
 
154
            int n;
 
155
            BIO *b = BIO_new_file(val->value + 5, "r");
 
156
            if (!b) {
 
157
                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
 
158
                X509V3_conf_err(val);
 
159
                goto err;
 
160
            }
 
161
            while ((n = BIO_read(b, buf, sizeof(buf))) > 0
 
162
                   || (n == 0 && BIO_should_retry(b))) {
 
163
                if (!n)
 
164
                    continue;
 
165
 
 
166
                tmp_data = OPENSSL_realloc((*policy)->data,
 
167
                                           (*policy)->length + n + 1);
 
168
 
 
169
                if (!tmp_data)
 
170
                    break;
 
171
 
 
172
                (*policy)->data = tmp_data;
 
173
                memcpy(&(*policy)->data[(*policy)->length], buf, n);
 
174
                (*policy)->length += n;
 
175
                (*policy)->data[(*policy)->length] = '\0';
 
176
            }
 
177
            BIO_free_all(b);
 
178
 
 
179
            if (n < 0) {
 
180
                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
 
181
                X509V3_conf_err(val);
 
182
                goto err;
 
183
            }
 
184
        } else if (strncmp(val->value, "text:", 5) == 0) {
 
185
            val_len = strlen(val->value + 5);
 
186
            tmp_data = OPENSSL_realloc((*policy)->data,
 
187
                                       (*policy)->length + val_len + 1);
 
188
            if (tmp_data) {
 
189
                (*policy)->data = tmp_data;
 
190
                memcpy(&(*policy)->data[(*policy)->length],
 
191
                       val->value + 5, val_len);
 
192
                (*policy)->length += val_len;
 
193
                (*policy)->data[(*policy)->length] = '\0';
 
194
            } else {
 
195
                /*
 
196
                 * realloc failure implies the original data space is b0rked
 
197
                 * too!
 
198
                 */
 
199
                (*policy)->data = NULL;
 
200
                (*policy)->length = 0;
 
201
                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
 
202
                X509V3_conf_err(val);
 
203
                goto err;
 
204
            }
 
205
        } else {
 
206
            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
 
207
                      X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
 
208
            X509V3_conf_err(val);
 
209
            goto err;
 
210
        }
 
211
        if (!tmp_data) {
 
212
            X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
 
213
            X509V3_conf_err(val);
 
214
            goto err;
 
215
        }
 
216
    }
 
217
    return 1;
 
218
 err:
 
219
    if (free_policy) {
 
220
        ASN1_OCTET_STRING_free(*policy);
 
221
        *policy = NULL;
 
222
    }
 
223
    return 0;
 
224
}
244
225
 
245
226
static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
246
 
        X509V3_CTX *ctx, char *value)
247
 
        {
248
 
        PROXY_CERT_INFO_EXTENSION *pci = NULL;
249
 
        STACK_OF(CONF_VALUE) *vals;
250
 
        ASN1_OBJECT *language = NULL;
251
 
        ASN1_INTEGER *pathlen = NULL;
252
 
        ASN1_OCTET_STRING *policy = NULL;
253
 
        int i, j;
254
 
 
255
 
        vals = X509V3_parse_list(value);
256
 
        for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
257
 
                {
258
 
                CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
259
 
                if (!cnf->name || (*cnf->name != '@' && !cnf->value))
260
 
                        {
261
 
                        X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
262
 
                        X509V3_conf_err(cnf);
263
 
                        goto err;
264
 
                        }
265
 
                if (*cnf->name == '@')
266
 
                        {
267
 
                        STACK_OF(CONF_VALUE) *sect;
268
 
                        int success_p = 1;
269
 
 
270
 
                        sect = X509V3_get_section(ctx, cnf->name + 1);
271
 
                        if (!sect)
272
 
                                {
273
 
                                X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
274
 
                                X509V3_conf_err(cnf);
275
 
                                goto err;
276
 
                                }
277
 
                        for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
278
 
                                {
279
 
                                success_p =
280
 
                                        process_pci_value(sk_CONF_VALUE_value(sect, j),
281
 
                                                &language, &pathlen, &policy);
282
 
                                }
283
 
                        X509V3_section_free(ctx, sect);
284
 
                        if (!success_p)
285
 
                                goto err;
286
 
                        }
287
 
                else
288
 
                        {
289
 
                        if (!process_pci_value(cnf,
290
 
                                        &language, &pathlen, &policy))
291
 
                                {
292
 
                                X509V3_conf_err(cnf);
293
 
                                goto err;
294
 
                                }
295
 
                        }
296
 
                }
297
 
 
298
 
        /* Language is mandatory */
299
 
        if (!language)
300
 
                {
301
 
                X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
302
 
                goto err;
303
 
                }
304
 
        i = OBJ_obj2nid(language);
305
 
        if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
306
 
                {
307
 
                X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
308
 
                goto err;
309
 
                }
310
 
 
311
 
        pci = PROXY_CERT_INFO_EXTENSION_new();
312
 
        if (!pci)
313
 
                {
314
 
                X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
315
 
                goto err;
316
 
                }
317
 
 
318
 
        pci->proxyPolicy->policyLanguage = language; language = NULL;
319
 
        pci->proxyPolicy->policy = policy; policy = NULL;
320
 
        pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
321
 
        goto end;
322
 
err:
323
 
        if (language) { ASN1_OBJECT_free(language); language = NULL; }
324
 
        if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
325
 
        if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
326
 
        if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
327
 
end:
328
 
        sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
329
 
        return pci;
330
 
        }
 
227
                                          X509V3_CTX *ctx, char *value)
 
228
{
 
229
    PROXY_CERT_INFO_EXTENSION *pci = NULL;
 
230
    STACK_OF(CONF_VALUE) *vals;
 
231
    ASN1_OBJECT *language = NULL;
 
232
    ASN1_INTEGER *pathlen = NULL;
 
233
    ASN1_OCTET_STRING *policy = NULL;
 
234
    int i, j;
 
235
 
 
236
    vals = X509V3_parse_list(value);
 
237
    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
 
238
        CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
 
239
        if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
 
240
            X509V3err(X509V3_F_R2I_PCI,
 
241
                      X509V3_R_INVALID_PROXY_POLICY_SETTING);
 
242
            X509V3_conf_err(cnf);
 
243
            goto err;
 
244
        }
 
245
        if (*cnf->name == '@') {
 
246
            STACK_OF(CONF_VALUE) *sect;
 
247
            int success_p = 1;
 
248
 
 
249
            sect = X509V3_get_section(ctx, cnf->name + 1);
 
250
            if (!sect) {
 
251
                X509V3err(X509V3_F_R2I_PCI, X509V3_R_INVALID_SECTION);
 
252
                X509V3_conf_err(cnf);
 
253
                goto err;
 
254
            }
 
255
            for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) {
 
256
                success_p =
 
257
                    process_pci_value(sk_CONF_VALUE_value(sect, j),
 
258
                                      &language, &pathlen, &policy);
 
259
            }
 
260
            X509V3_section_free(ctx, sect);
 
261
            if (!success_p)
 
262
                goto err;
 
263
        } else {
 
264
            if (!process_pci_value(cnf, &language, &pathlen, &policy)) {
 
265
                X509V3_conf_err(cnf);
 
266
                goto err;
 
267
            }
 
268
        }
 
269
    }
 
270
 
 
271
    /* Language is mandatory */
 
272
    if (!language) {
 
273
        X509V3err(X509V3_F_R2I_PCI,
 
274
                  X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
 
275
        goto err;
 
276
    }
 
277
    i = OBJ_obj2nid(language);
 
278
    if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
 
279
        X509V3err(X509V3_F_R2I_PCI,
 
280
                  X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
 
281
        goto err;
 
282
    }
 
283
 
 
284
    pci = PROXY_CERT_INFO_EXTENSION_new();
 
285
    if (!pci) {
 
286
        X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
 
287
        goto err;
 
288
    }
 
289
 
 
290
    pci->proxyPolicy->policyLanguage = language;
 
291
    language = NULL;
 
292
    pci->proxyPolicy->policy = policy;
 
293
    policy = NULL;
 
294
    pci->pcPathLengthConstraint = pathlen;
 
295
    pathlen = NULL;
 
296
    goto end;
 
297
 err:
 
298
    if (language) {
 
299
        ASN1_OBJECT_free(language);
 
300
        language = NULL;
 
301
    }
 
302
    if (pathlen) {
 
303
        ASN1_INTEGER_free(pathlen);
 
304
        pathlen = NULL;
 
305
    }
 
306
    if (policy) {
 
307
        ASN1_OCTET_STRING_free(policy);
 
308
        policy = NULL;
 
309
    }
 
310
    if (pci) {
 
311
        PROXY_CERT_INFO_EXTENSION_free(pci);
 
312
        pci = NULL;
 
313
    }
 
314
 end:
 
315
    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
 
316
    return pci;
 
317
}