ts_verify_ctx.c 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147
  1. /*
  2. * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "internal/cryptlib.h"
  10. #include <openssl/objects.h>
  11. #include <openssl/ts.h>
  12. #include "ts_local.h"
  13. TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
  14. {
  15. TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
  16. return ctx;
  17. }
  18. void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
  19. {
  20. OPENSSL_assert(ctx != NULL);
  21. memset(ctx, 0, sizeof(*ctx));
  22. }
  23. void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
  24. {
  25. if (!ctx)
  26. return;
  27. TS_VERIFY_CTX_cleanup(ctx);
  28. OPENSSL_free(ctx);
  29. }
  30. int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f)
  31. {
  32. ctx->flags |= f;
  33. return ctx->flags;
  34. }
  35. int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f)
  36. {
  37. ctx->flags = f;
  38. return ctx->flags;
  39. }
  40. BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b)
  41. {
  42. ctx->data = b;
  43. return ctx->data;
  44. }
  45. X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s)
  46. {
  47. ctx->store = s;
  48. return ctx->store;
  49. }
  50. STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx,
  51. STACK_OF(X509) *certs)
  52. {
  53. ctx->certs = certs;
  54. return ctx->certs;
  55. }
  56. unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
  57. unsigned char *hexstr, long len)
  58. {
  59. OPENSSL_free(ctx->imprint);
  60. ctx->imprint = hexstr;
  61. ctx->imprint_len = len;
  62. return ctx->imprint;
  63. }
  64. void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
  65. {
  66. if (!ctx)
  67. return;
  68. X509_STORE_free(ctx->store);
  69. OSSL_STACK_OF_X509_free(ctx->certs);
  70. ASN1_OBJECT_free(ctx->policy);
  71. X509_ALGOR_free(ctx->md_alg);
  72. OPENSSL_free(ctx->imprint);
  73. BIO_free_all(ctx->data);
  74. ASN1_INTEGER_free(ctx->nonce);
  75. GENERAL_NAME_free(ctx->tsa_name);
  76. TS_VERIFY_CTX_init(ctx);
  77. }
  78. TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
  79. {
  80. TS_VERIFY_CTX *ret = ctx;
  81. ASN1_OBJECT *policy;
  82. TS_MSG_IMPRINT *imprint;
  83. X509_ALGOR *md_alg;
  84. ASN1_OCTET_STRING *msg;
  85. const ASN1_INTEGER *nonce;
  86. OPENSSL_assert(req != NULL);
  87. if (ret)
  88. TS_VERIFY_CTX_cleanup(ret);
  89. else if ((ret = TS_VERIFY_CTX_new()) == NULL)
  90. return NULL;
  91. ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
  92. if ((policy = req->policy_id) != NULL) {
  93. if ((ret->policy = OBJ_dup(policy)) == NULL)
  94. goto err;
  95. } else
  96. ret->flags &= ~TS_VFY_POLICY;
  97. imprint = req->msg_imprint;
  98. md_alg = imprint->hash_algo;
  99. if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL)
  100. goto err;
  101. msg = imprint->hashed_msg;
  102. ret->imprint_len = ASN1_STRING_length(msg);
  103. if (ret->imprint_len <= 0)
  104. goto err;
  105. if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
  106. goto err;
  107. memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);
  108. if ((nonce = req->nonce) != NULL) {
  109. if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL)
  110. goto err;
  111. } else
  112. ret->flags &= ~TS_VFY_NONCE;
  113. return ret;
  114. err:
  115. if (ctx)
  116. TS_VERIFY_CTX_cleanup(ctx);
  117. else
  118. TS_VERIFY_CTX_free(ret);
  119. return NULL;
  120. }