ts_verify_ctx.c 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
  1. /*
  2. * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "internal/cryptlib.h"
  10. #include <openssl/objects.h>
  11. #include <openssl/ts.h>
  12. #include "ts_lcl.h"
  13. TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
  14. {
  15. TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
  16. if (ctx == NULL)
  17. TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE);
  18. return ctx;
  19. }
  20. void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
  21. {
  22. OPENSSL_assert(ctx != NULL);
  23. memset(ctx, 0, sizeof(*ctx));
  24. }
  25. void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
  26. {
  27. if (!ctx)
  28. return;
  29. TS_VERIFY_CTX_cleanup(ctx);
  30. OPENSSL_free(ctx);
  31. }
  32. int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f)
  33. {
  34. ctx->flags |= f;
  35. return ctx->flags;
  36. }
  37. int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f)
  38. {
  39. ctx->flags = f;
  40. return ctx->flags;
  41. }
  42. BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b)
  43. {
  44. ctx->data = b;
  45. return ctx->data;
  46. }
  47. X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s)
  48. {
  49. ctx->store = s;
  50. return ctx->store;
  51. }
  52. STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx,
  53. STACK_OF(X509) *certs)
  54. {
  55. ctx->certs = certs;
  56. return ctx->certs;
  57. }
  58. unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
  59. unsigned char *hexstr, long len)
  60. {
  61. ctx->imprint = hexstr;
  62. ctx->imprint_len = len;
  63. return ctx->imprint;
  64. }
  65. void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
  66. {
  67. if (!ctx)
  68. return;
  69. X509_STORE_free(ctx->store);
  70. sk_X509_pop_free(ctx->certs, X509_free);
  71. ASN1_OBJECT_free(ctx->policy);
  72. X509_ALGOR_free(ctx->md_alg);
  73. OPENSSL_free(ctx->imprint);
  74. BIO_free_all(ctx->data);
  75. ASN1_INTEGER_free(ctx->nonce);
  76. GENERAL_NAME_free(ctx->tsa_name);
  77. TS_VERIFY_CTX_init(ctx);
  78. }
  79. TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
  80. {
  81. TS_VERIFY_CTX *ret = ctx;
  82. ASN1_OBJECT *policy;
  83. TS_MSG_IMPRINT *imprint;
  84. X509_ALGOR *md_alg;
  85. ASN1_OCTET_STRING *msg;
  86. const ASN1_INTEGER *nonce;
  87. OPENSSL_assert(req != NULL);
  88. if (ret)
  89. TS_VERIFY_CTX_cleanup(ret);
  90. else if ((ret = TS_VERIFY_CTX_new()) == NULL)
  91. return NULL;
  92. ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
  93. if ((policy = req->policy_id) != NULL) {
  94. if ((ret->policy = OBJ_dup(policy)) == NULL)
  95. goto err;
  96. } else
  97. ret->flags &= ~TS_VFY_POLICY;
  98. imprint = req->msg_imprint;
  99. md_alg = imprint->hash_algo;
  100. if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL)
  101. goto err;
  102. msg = imprint->hashed_msg;
  103. ret->imprint_len = ASN1_STRING_length(msg);
  104. if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
  105. goto err;
  106. memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);
  107. if ((nonce = req->nonce) != NULL) {
  108. if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL)
  109. goto err;
  110. } else
  111. ret->flags &= ~TS_VFY_NONCE;
  112. return ret;
  113. err:
  114. if (ctx)
  115. TS_VERIFY_CTX_cleanup(ctx);
  116. else
  117. TS_VERIFY_CTX_free(ret);
  118. return NULL;
  119. }