1 | /* |
2 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include "internal/cryptlib.h" |
11 | #include <openssl/objects.h> |
12 | #include <openssl/ts.h> |
13 | #include "ts_local.h" |
14 | |
15 | TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) |
16 | { |
17 | TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); |
18 | |
19 | if (ctx == NULL) |
20 | TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); |
21 | return ctx; |
22 | } |
23 | |
24 | void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) |
25 | { |
26 | OPENSSL_assert(ctx != NULL); |
27 | memset(ctx, 0, sizeof(*ctx)); |
28 | } |
29 | |
30 | void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) |
31 | { |
32 | if (!ctx) |
33 | return; |
34 | |
35 | TS_VERIFY_CTX_cleanup(ctx); |
36 | OPENSSL_free(ctx); |
37 | } |
38 | |
39 | int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f) |
40 | { |
41 | ctx->flags |= f; |
42 | return ctx->flags; |
43 | } |
44 | |
45 | int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f) |
46 | { |
47 | ctx->flags = f; |
48 | return ctx->flags; |
49 | } |
50 | |
51 | BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b) |
52 | { |
53 | ctx->data = b; |
54 | return ctx->data; |
55 | } |
56 | |
57 | X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s) |
58 | { |
59 | ctx->store = s; |
60 | return ctx->store; |
61 | } |
62 | |
63 | STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, |
64 | STACK_OF(X509) *certs) |
65 | { |
66 | ctx->certs = certs; |
67 | return ctx->certs; |
68 | } |
69 | |
70 | unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, |
71 | unsigned char *hexstr, long len) |
72 | { |
73 | ctx->imprint = hexstr; |
74 | ctx->imprint_len = len; |
75 | return ctx->imprint; |
76 | } |
77 | |
78 | void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) |
79 | { |
80 | if (!ctx) |
81 | return; |
82 | |
83 | X509_STORE_free(ctx->store); |
84 | sk_X509_pop_free(ctx->certs, X509_free); |
85 | |
86 | ASN1_OBJECT_free(ctx->policy); |
87 | |
88 | X509_ALGOR_free(ctx->md_alg); |
89 | OPENSSL_free(ctx->imprint); |
90 | |
91 | BIO_free_all(ctx->data); |
92 | |
93 | ASN1_INTEGER_free(ctx->nonce); |
94 | |
95 | GENERAL_NAME_free(ctx->tsa_name); |
96 | |
97 | TS_VERIFY_CTX_init(ctx); |
98 | } |
99 | |
100 | TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) |
101 | { |
102 | TS_VERIFY_CTX *ret = ctx; |
103 | ASN1_OBJECT *policy; |
104 | TS_MSG_IMPRINT *imprint; |
105 | X509_ALGOR *md_alg; |
106 | ASN1_OCTET_STRING *msg; |
107 | const ASN1_INTEGER *nonce; |
108 | |
109 | OPENSSL_assert(req != NULL); |
110 | if (ret) |
111 | TS_VERIFY_CTX_cleanup(ret); |
112 | else if ((ret = TS_VERIFY_CTX_new()) == NULL) |
113 | return NULL; |
114 | |
115 | ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); |
116 | |
117 | if ((policy = req->policy_id) != NULL) { |
118 | if ((ret->policy = OBJ_dup(policy)) == NULL) |
119 | goto err; |
120 | } else |
121 | ret->flags &= ~TS_VFY_POLICY; |
122 | |
123 | imprint = req->msg_imprint; |
124 | md_alg = imprint->hash_algo; |
125 | if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL) |
126 | goto err; |
127 | msg = imprint->hashed_msg; |
128 | ret->imprint_len = ASN1_STRING_length(msg); |
129 | if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL) |
130 | goto err; |
131 | memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len); |
132 | |
133 | if ((nonce = req->nonce) != NULL) { |
134 | if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL) |
135 | goto err; |
136 | } else |
137 | ret->flags &= ~TS_VFY_NONCE; |
138 | |
139 | return ret; |
140 | err: |
141 | if (ctx) |
142 | TS_VERIFY_CTX_cleanup(ctx); |
143 | else |
144 | TS_VERIFY_CTX_free(ret); |
145 | return NULL; |
146 | } |
147 | |