ts_rsp_verify.c 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704
  1. /*
  2. * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/objects.h>
  12. #include <openssl/ts.h>
  13. #include <openssl/pkcs7.h>
  14. #include "ts_lcl.h"
  15. static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
  16. X509 *signer, STACK_OF(X509) **chain);
  17. static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
  18. STACK_OF(X509) *chain);
  19. static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si);
  20. static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
  21. static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert);
  22. static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
  23. PKCS7 *token, TS_TST_INFO *tst_info);
  24. static int ts_check_status_info(TS_RESP *response);
  25. static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
  26. static int ts_check_policy(const ASN1_OBJECT *req_oid,
  27. const TS_TST_INFO *tst_info);
  28. static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
  29. X509_ALGOR **md_alg,
  30. unsigned char **imprint, unsigned *imprint_len);
  31. static int ts_check_imprints(X509_ALGOR *algor_a,
  32. const unsigned char *imprint_a, unsigned len_a,
  33. TS_TST_INFO *tst_info);
  34. static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
  35. static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
  36. static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names,
  37. GENERAL_NAME *name);
  38. static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert);
  39. static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si);
  40. /*
  41. * This must be large enough to hold all values in ts_status_text (with
  42. * comma separator) or all text fields in ts_failure_info (also with comma).
  43. */
  44. #define TS_STATUS_BUF_SIZE 256
  45. /*
  46. * Local mapping between response codes and descriptions.
  47. */
  48. static const char *ts_status_text[] = {
  49. "granted",
  50. "grantedWithMods",
  51. "rejection",
  52. "waiting",
  53. "revocationWarning",
  54. "revocationNotification"
  55. };
  56. #define TS_STATUS_TEXT_SIZE OSSL_NELEM(ts_status_text)
  57. static struct {
  58. int code;
  59. const char *text;
  60. } ts_failure_info[] = {
  61. {TS_INFO_BAD_ALG, "badAlg"},
  62. {TS_INFO_BAD_REQUEST, "badRequest"},
  63. {TS_INFO_BAD_DATA_FORMAT, "badDataFormat"},
  64. {TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"},
  65. {TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"},
  66. {TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"},
  67. {TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"},
  68. {TS_INFO_SYSTEM_FAILURE, "systemFailure"}
  69. };
  70. /*-
  71. * This function carries out the following tasks:
  72. * - Checks if there is one and only one signer.
  73. * - Search for the signing certificate in 'certs' and in the response.
  74. * - Check the extended key usage and key usage fields of the signer
  75. * certificate (done by the path validation).
  76. * - Build and validate the certificate path.
  77. * - Check if the certificate path meets the requirements of the
  78. * SigningCertificate ESS signed attribute.
  79. * - Verify the signature value.
  80. * - Returns the signer certificate in 'signer', if 'signer' is not NULL.
  81. */
  82. int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
  83. X509_STORE *store, X509 **signer_out)
  84. {
  85. STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
  86. PKCS7_SIGNER_INFO *si;
  87. STACK_OF(X509) *signers = NULL;
  88. X509 *signer;
  89. STACK_OF(X509) *chain = NULL;
  90. char buf[4096];
  91. int i, j = 0, ret = 0;
  92. BIO *p7bio = NULL;
  93. /* Some sanity checks first. */
  94. if (!token) {
  95. TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
  96. goto err;
  97. }
  98. if (!PKCS7_type_is_signed(token)) {
  99. TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
  100. goto err;
  101. }
  102. sinfos = PKCS7_get_signer_info(token);
  103. if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
  104. TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_THERE_MUST_BE_ONE_SIGNER);
  105. goto err;
  106. }
  107. si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
  108. if (PKCS7_get_detached(token)) {
  109. TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
  110. goto err;
  111. }
  112. /*
  113. * Get hold of the signer certificate, search only internal certificates
  114. * if it was requested.
  115. */
  116. signers = PKCS7_get0_signers(token, certs, 0);
  117. if (!signers || sk_X509_num(signers) != 1)
  118. goto err;
  119. signer = sk_X509_value(signers, 0);
  120. if (!ts_verify_cert(store, certs, signer, &chain))
  121. goto err;
  122. if (!ts_check_signing_certs(si, chain))
  123. goto err;
  124. p7bio = PKCS7_dataInit(token, NULL);
  125. /* We now have to 'read' from p7bio to calculate digests etc. */
  126. while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0)
  127. continue;
  128. j = PKCS7_signatureVerify(p7bio, token, si, signer);
  129. if (j <= 0) {
  130. TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
  131. goto err;
  132. }
  133. if (signer_out) {
  134. *signer_out = signer;
  135. X509_up_ref(signer);
  136. }
  137. ret = 1;
  138. err:
  139. BIO_free_all(p7bio);
  140. sk_X509_pop_free(chain, X509_free);
  141. sk_X509_free(signers);
  142. return ret;
  143. }
  144. /*
  145. * The certificate chain is returned in chain. Caller is responsible for
  146. * freeing the vector.
  147. */
  148. static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
  149. X509 *signer, STACK_OF(X509) **chain)
  150. {
  151. X509_STORE_CTX *cert_ctx = NULL;
  152. int i;
  153. int ret = 0;
  154. *chain = NULL;
  155. cert_ctx = X509_STORE_CTX_new();
  156. if (cert_ctx == NULL) {
  157. TSerr(TS_F_TS_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
  158. goto err;
  159. }
  160. if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted))
  161. goto end;
  162. X509_STORE_CTX_set_purpose(cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
  163. i = X509_verify_cert(cert_ctx);
  164. if (i <= 0) {
  165. int j = X509_STORE_CTX_get_error(cert_ctx);
  166. TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
  167. ERR_add_error_data(2, "Verify error:",
  168. X509_verify_cert_error_string(j));
  169. goto err;
  170. }
  171. *chain = X509_STORE_CTX_get1_chain(cert_ctx);
  172. ret = 1;
  173. goto end;
  174. err:
  175. ret = 0;
  176. end:
  177. X509_STORE_CTX_free(cert_ctx);
  178. return ret;
  179. }
  180. static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
  181. STACK_OF(X509) *chain)
  182. {
  183. ESS_SIGNING_CERT *ss = ess_get_signing_cert(si);
  184. STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
  185. ESS_SIGNING_CERT_V2 *ssv2 = ess_get_signing_cert_v2(si);
  186. STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = NULL;
  187. X509 *cert;
  188. int i = 0;
  189. int ret = 0;
  190. if (ss != NULL) {
  191. cert_ids = ss->cert_ids;
  192. cert = sk_X509_value(chain, 0);
  193. if (ts_find_cert(cert_ids, cert) != 0)
  194. goto err;
  195. /*
  196. * Check the other certificates of the chain if there are more than one
  197. * certificate ids in cert_ids.
  198. */
  199. if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
  200. for (i = 1; i < sk_X509_num(chain); ++i) {
  201. cert = sk_X509_value(chain, i);
  202. if (ts_find_cert(cert_ids, cert) < 0)
  203. goto err;
  204. }
  205. }
  206. } else if (ssv2 != NULL) {
  207. cert_ids_v2 = ssv2->cert_ids;
  208. cert = sk_X509_value(chain, 0);
  209. if (ts_find_cert_v2(cert_ids_v2, cert) != 0)
  210. goto err;
  211. /*
  212. * Check the other certificates of the chain if there are more than one
  213. * certificate ids in cert_ids.
  214. */
  215. if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) {
  216. for (i = 1; i < sk_X509_num(chain); ++i) {
  217. cert = sk_X509_value(chain, i);
  218. if (ts_find_cert_v2(cert_ids_v2, cert) < 0)
  219. goto err;
  220. }
  221. }
  222. } else {
  223. goto err;
  224. }
  225. ret = 1;
  226. err:
  227. if (!ret)
  228. TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
  229. TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
  230. ESS_SIGNING_CERT_free(ss);
  231. ESS_SIGNING_CERT_V2_free(ssv2);
  232. return ret;
  233. }
  234. static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si)
  235. {
  236. ASN1_TYPE *attr;
  237. const unsigned char *p;
  238. attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
  239. if (!attr)
  240. return NULL;
  241. p = attr->value.sequence->data;
  242. return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
  243. }
  244. static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si)
  245. {
  246. ASN1_TYPE *attr;
  247. const unsigned char *p;
  248. attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
  249. if (attr == NULL)
  250. return NULL;
  251. p = attr->value.sequence->data;
  252. return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
  253. }
  254. /* Returns < 0 if certificate is not found, certificate index otherwise. */
  255. static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
  256. {
  257. int i;
  258. unsigned char cert_sha1[SHA_DIGEST_LENGTH];
  259. if (!cert_ids || !cert)
  260. return -1;
  261. X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
  262. /* Recompute SHA1 hash of certificate if necessary (side effect). */
  263. X509_check_purpose(cert, -1, 0);
  264. /* Look for cert in the cert_ids vector. */
  265. for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) {
  266. ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);
  267. if (cid->hash->length == SHA_DIGEST_LENGTH
  268. && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) {
  269. ESS_ISSUER_SERIAL *is = cid->issuer_serial;
  270. if (!is || !ts_issuer_serial_cmp(is, cert))
  271. return i;
  272. }
  273. }
  274. return -1;
  275. }
  276. /* Returns < 0 if certificate is not found, certificate index otherwise. */
  277. static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert)
  278. {
  279. int i;
  280. unsigned char cert_digest[EVP_MAX_MD_SIZE];
  281. unsigned int len;
  282. /* Look for cert in the cert_ids vector. */
  283. for (i = 0; i < sk_ESS_CERT_ID_V2_num(cert_ids); ++i) {
  284. ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i);
  285. const EVP_MD *md;
  286. if (cid->hash_alg != NULL)
  287. md = EVP_get_digestbyobj(cid->hash_alg->algorithm);
  288. else
  289. md = EVP_sha256();
  290. X509_digest(cert, md, cert_digest, &len);
  291. if (cid->hash->length != (int)len)
  292. return -1;
  293. if (memcmp(cid->hash->data, cert_digest, cid->hash->length) == 0) {
  294. ESS_ISSUER_SERIAL *is = cid->issuer_serial;
  295. if (is == NULL || !ts_issuer_serial_cmp(is, cert))
  296. return i;
  297. }
  298. }
  299. return -1;
  300. }
  301. static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert)
  302. {
  303. GENERAL_NAME *issuer;
  304. if (!is || !cert || sk_GENERAL_NAME_num(is->issuer) != 1)
  305. return -1;
  306. issuer = sk_GENERAL_NAME_value(is->issuer, 0);
  307. if (issuer->type != GEN_DIRNAME
  308. || X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert)))
  309. return -1;
  310. if (ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber(cert)))
  311. return -1;
  312. return 0;
  313. }
  314. /*-
  315. * Verifies whether 'response' contains a valid response with regards
  316. * to the settings of the context:
  317. * - Gives an error message if the TS_TST_INFO is not present.
  318. * - Calls _TS_RESP_verify_token to verify the token content.
  319. */
  320. int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
  321. {
  322. PKCS7 *token = response->token;
  323. TS_TST_INFO *tst_info = response->tst_info;
  324. int ret = 0;
  325. if (!ts_check_status_info(response))
  326. goto err;
  327. if (!int_ts_RESP_verify_token(ctx, token, tst_info))
  328. goto err;
  329. ret = 1;
  330. err:
  331. return ret;
  332. }
  333. /*
  334. * Tries to extract a TS_TST_INFO structure from the PKCS7 token and
  335. * calls the internal int_TS_RESP_verify_token function for verifying it.
  336. */
  337. int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
  338. {
  339. TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
  340. int ret = 0;
  341. if (tst_info) {
  342. ret = int_ts_RESP_verify_token(ctx, token, tst_info);
  343. TS_TST_INFO_free(tst_info);
  344. }
  345. return ret;
  346. }
  347. /*-
  348. * Verifies whether the 'token' contains a valid time stamp token
  349. * with regards to the settings of the context. Only those checks are
  350. * carried out that are specified in the context:
  351. * - Verifies the signature of the TS_TST_INFO.
  352. * - Checks the version number of the response.
  353. * - Check if the requested and returned policies math.
  354. * - Check if the message imprints are the same.
  355. * - Check if the nonces are the same.
  356. * - Check if the TSA name matches the signer.
  357. * - Check if the TSA name is the expected TSA.
  358. */
  359. static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
  360. PKCS7 *token, TS_TST_INFO *tst_info)
  361. {
  362. X509 *signer = NULL;
  363. GENERAL_NAME *tsa_name = tst_info->tsa;
  364. X509_ALGOR *md_alg = NULL;
  365. unsigned char *imprint = NULL;
  366. unsigned imprint_len = 0;
  367. int ret = 0;
  368. int flags = ctx->flags;
  369. /* Some options require us to also check the signature */
  370. if (((flags & TS_VFY_SIGNER) && tsa_name != NULL)
  371. || (flags & TS_VFY_TSA_NAME)) {
  372. flags |= TS_VFY_SIGNATURE;
  373. }
  374. if ((flags & TS_VFY_SIGNATURE)
  375. && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
  376. goto err;
  377. if ((flags & TS_VFY_VERSION)
  378. && TS_TST_INFO_get_version(tst_info) != 1) {
  379. TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
  380. goto err;
  381. }
  382. if ((flags & TS_VFY_POLICY)
  383. && !ts_check_policy(ctx->policy, tst_info))
  384. goto err;
  385. if ((flags & TS_VFY_IMPRINT)
  386. && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
  387. tst_info))
  388. goto err;
  389. if ((flags & TS_VFY_DATA)
  390. && (!ts_compute_imprint(ctx->data, tst_info,
  391. &md_alg, &imprint, &imprint_len)
  392. || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)))
  393. goto err;
  394. if ((flags & TS_VFY_NONCE)
  395. && !ts_check_nonces(ctx->nonce, tst_info))
  396. goto err;
  397. if ((flags & TS_VFY_SIGNER)
  398. && tsa_name && !ts_check_signer_name(tsa_name, signer)) {
  399. TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
  400. goto err;
  401. }
  402. if ((flags & TS_VFY_TSA_NAME)
  403. && !ts_check_signer_name(ctx->tsa_name, signer)) {
  404. TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
  405. goto err;
  406. }
  407. ret = 1;
  408. err:
  409. X509_free(signer);
  410. X509_ALGOR_free(md_alg);
  411. OPENSSL_free(imprint);
  412. return ret;
  413. }
  414. static int ts_check_status_info(TS_RESP *response)
  415. {
  416. TS_STATUS_INFO *info = response->status_info;
  417. long status = ASN1_INTEGER_get(info->status);
  418. const char *status_text = NULL;
  419. char *embedded_status_text = NULL;
  420. char failure_text[TS_STATUS_BUF_SIZE] = "";
  421. if (status == 0 || status == 1)
  422. return 1;
  423. /* There was an error, get the description in status_text. */
  424. if (0 <= status && status < (long) OSSL_NELEM(ts_status_text))
  425. status_text = ts_status_text[status];
  426. else
  427. status_text = "unknown code";
  428. if (sk_ASN1_UTF8STRING_num(info->text) > 0
  429. && (embedded_status_text = ts_get_status_text(info->text)) == NULL)
  430. return 0;
  431. /* Fill in failure_text with the failure information. */
  432. if (info->failure_info) {
  433. int i;
  434. int first = 1;
  435. for (i = 0; i < (int)OSSL_NELEM(ts_failure_info); ++i) {
  436. if (ASN1_BIT_STRING_get_bit(info->failure_info,
  437. ts_failure_info[i].code)) {
  438. if (!first)
  439. strcat(failure_text, ",");
  440. else
  441. first = 0;
  442. strcat(failure_text, ts_failure_info[i].text);
  443. }
  444. }
  445. }
  446. if (failure_text[0] == '\0')
  447. strcpy(failure_text, "unspecified");
  448. TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
  449. ERR_add_error_data(6,
  450. "status code: ", status_text,
  451. ", status text: ", embedded_status_text ?
  452. embedded_status_text : "unspecified",
  453. ", failure codes: ", failure_text);
  454. OPENSSL_free(embedded_status_text);
  455. return 0;
  456. }
  457. static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
  458. {
  459. int i;
  460. int length = 0;
  461. char *result = NULL;
  462. char *p;
  463. for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {
  464. ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
  465. if (ASN1_STRING_length(current) > TS_MAX_STATUS_LENGTH - length - 1)
  466. return NULL;
  467. length += ASN1_STRING_length(current);
  468. length += 1; /* separator character */
  469. }
  470. if ((result = OPENSSL_malloc(length)) == NULL) {
  471. TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
  472. return NULL;
  473. }
  474. for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) {
  475. ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
  476. length = ASN1_STRING_length(current);
  477. if (i > 0)
  478. *p++ = '/';
  479. strncpy(p, (const char *)ASN1_STRING_get0_data(current), length);
  480. p += length;
  481. }
  482. *p = '\0';
  483. return result;
  484. }
  485. static int ts_check_policy(const ASN1_OBJECT *req_oid,
  486. const TS_TST_INFO *tst_info)
  487. {
  488. const ASN1_OBJECT *resp_oid = tst_info->policy_id;
  489. if (OBJ_cmp(req_oid, resp_oid) != 0) {
  490. TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
  491. return 0;
  492. }
  493. return 1;
  494. }
  495. static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
  496. X509_ALGOR **md_alg,
  497. unsigned char **imprint, unsigned *imprint_len)
  498. {
  499. TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
  500. X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
  501. const EVP_MD *md;
  502. EVP_MD_CTX *md_ctx = NULL;
  503. unsigned char buffer[4096];
  504. int length;
  505. *md_alg = NULL;
  506. *imprint = NULL;
  507. if ((*md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL)
  508. goto err;
  509. if ((md = EVP_get_digestbyobj((*md_alg)->algorithm)) == NULL) {
  510. TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
  511. goto err;
  512. }
  513. length = EVP_MD_size(md);
  514. if (length < 0)
  515. goto err;
  516. *imprint_len = length;
  517. if ((*imprint = OPENSSL_malloc(*imprint_len)) == NULL) {
  518. TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
  519. goto err;
  520. }
  521. md_ctx = EVP_MD_CTX_new();
  522. if (md_ctx == NULL) {
  523. TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
  524. goto err;
  525. }
  526. if (!EVP_DigestInit(md_ctx, md))
  527. goto err;
  528. while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
  529. if (!EVP_DigestUpdate(md_ctx, buffer, length))
  530. goto err;
  531. }
  532. if (!EVP_DigestFinal(md_ctx, *imprint, NULL))
  533. goto err;
  534. EVP_MD_CTX_free(md_ctx);
  535. return 1;
  536. err:
  537. EVP_MD_CTX_free(md_ctx);
  538. X509_ALGOR_free(*md_alg);
  539. OPENSSL_free(*imprint);
  540. *imprint_len = 0;
  541. *imprint = 0;
  542. return 0;
  543. }
  544. static int ts_check_imprints(X509_ALGOR *algor_a,
  545. const unsigned char *imprint_a, unsigned len_a,
  546. TS_TST_INFO *tst_info)
  547. {
  548. TS_MSG_IMPRINT *b = tst_info->msg_imprint;
  549. X509_ALGOR *algor_b = b->hash_algo;
  550. int ret = 0;
  551. if (algor_a) {
  552. if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm))
  553. goto err;
  554. /* The parameter must be NULL in both. */
  555. if ((algor_a->parameter
  556. && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL)
  557. || (algor_b->parameter
  558. && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL))
  559. goto err;
  560. }
  561. ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) &&
  562. memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0;
  563. err:
  564. if (!ret)
  565. TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
  566. return ret;
  567. }
  568. static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
  569. {
  570. const ASN1_INTEGER *b = tst_info->nonce;
  571. if (!b) {
  572. TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
  573. return 0;
  574. }
  575. /* No error if a nonce is returned without being requested. */
  576. if (ASN1_INTEGER_cmp(a, b) != 0) {
  577. TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
  578. return 0;
  579. }
  580. return 1;
  581. }
  582. /*
  583. * Check if the specified TSA name matches either the subject or one of the
  584. * subject alternative names of the TSA certificate.
  585. */
  586. static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
  587. {
  588. STACK_OF(GENERAL_NAME) *gen_names = NULL;
  589. int idx = -1;
  590. int found = 0;
  591. if (tsa_name->type == GEN_DIRNAME
  592. && X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0)
  593. return 1;
  594. gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
  595. while (gen_names != NULL) {
  596. found = ts_find_name(gen_names, tsa_name) >= 0;
  597. if (found)
  598. break;
  599. /*
  600. * Get the next subject alternative name, although there should be no
  601. * more than one.
  602. */
  603. GENERAL_NAMES_free(gen_names);
  604. gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
  605. }
  606. GENERAL_NAMES_free(gen_names);
  607. return found;
  608. }
  609. /* Returns 1 if name is in gen_names, 0 otherwise. */
  610. static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
  611. {
  612. int i, found;
  613. for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) {
  614. GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);
  615. found = GENERAL_NAME_cmp(current, name) == 0;
  616. }
  617. return found ? i - 1 : -1;
  618. }