1 /* 2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "internal/cryptlib.h" 11 #include <openssl/objects.h> 12 #include <openssl/ts.h> 13 #include "ts_local.h" 14 15 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) 16 { 17 TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); 18 19 if (ctx == NULL) 20 TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); 21 return ctx; 22 } 23 24 void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) 25 { 26 OPENSSL_assert(ctx != NULL); 27 memset(ctx, 0, sizeof(*ctx)); 28 } 29 30 void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) 31 { 32 if (!ctx) 33 return; 34 35 TS_VERIFY_CTX_cleanup(ctx); 36 OPENSSL_free(ctx); 37 } 38 39 int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f) 40 { 41 ctx->flags |= f; 42 return ctx->flags; 43 } 44 45 int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f) 46 { 47 ctx->flags = f; 48 return ctx->flags; 49 } 50 51 BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b) 52 { 53 ctx->data = b; 54 return ctx->data; 55 } 56 57 X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s) 58 { 59 ctx->store = s; 60 return ctx->store; 61 } 62 63 STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, 64 STACK_OF(X509) *certs) 65 { 66 ctx->certs = certs; 67 return ctx->certs; 68 } 69 70 unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, 71 unsigned char *hexstr, long len) 72 { 73 OPENSSL_free(ctx->imprint); 74 ctx->imprint = hexstr; 75 ctx->imprint_len = len; 76 return ctx->imprint; 77 } 78 79 void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) 80 { 81 if (!ctx) 82 return; 83 84 X509_STORE_free(ctx->store); 85 sk_X509_pop_free(ctx->certs, X509_free); 86 87 ASN1_OBJECT_free(ctx->policy); 88 89 X509_ALGOR_free(ctx->md_alg); 90 OPENSSL_free(ctx->imprint); 91 92 BIO_free_all(ctx->data); 93 94 ASN1_INTEGER_free(ctx->nonce); 95 96 GENERAL_NAME_free(ctx->tsa_name); 97 98 TS_VERIFY_CTX_init(ctx); 99 } 100 101 TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) 102 { 103 TS_VERIFY_CTX *ret = ctx; 104 ASN1_OBJECT *policy; 105 TS_MSG_IMPRINT *imprint; 106 X509_ALGOR *md_alg; 107 ASN1_OCTET_STRING *msg; 108 const ASN1_INTEGER *nonce; 109 110 OPENSSL_assert(req != NULL); 111 if (ret) 112 TS_VERIFY_CTX_cleanup(ret); 113 else if ((ret = TS_VERIFY_CTX_new()) == NULL) 114 return NULL; 115 116 ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); 117 118 if ((policy = req->policy_id) != NULL) { 119 if ((ret->policy = OBJ_dup(policy)) == NULL) 120 goto err; 121 } else 122 ret->flags &= ~TS_VFY_POLICY; 123 124 imprint = req->msg_imprint; 125 md_alg = imprint->hash_algo; 126 if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL) 127 goto err; 128 msg = imprint->hashed_msg; 129 ret->imprint_len = ASN1_STRING_length(msg); 130 if (ret->imprint_len <= 0) 131 goto err; 132 if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL) 133 goto err; 134 memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len); 135 136 if ((nonce = req->nonce) != NULL) { 137 if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL) 138 goto err; 139 } else 140 ret->flags &= ~TS_VFY_NONCE; 141 142 return ret; 143 err: 144 if (ctx) 145 TS_VERIFY_CTX_cleanup(ctx); 146 else 147 TS_VERIFY_CTX_free(ret); 148 return NULL; 149 } 150