1 /* 2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "internal/cryptlib.h" 11 #include <openssl/objects.h> 12 #include <openssl/ts.h> 13 #include "ts_local.h" 14 15 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) 16 { 17 TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); 18 19 if (ctx == NULL) 20 TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); 21 return ctx; 22 } 23 24 void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) 25 { 26 OPENSSL_assert(ctx != NULL); 27 memset(ctx, 0, sizeof(*ctx)); 28 } 29 30 void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) 31 { 32 if (!ctx) 33 return; 34 35 TS_VERIFY_CTX_cleanup(ctx); 36 OPENSSL_free(ctx); 37 } 38 39 int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f) 40 { 41 ctx->flags |= f; 42 return ctx->flags; 43 } 44 45 int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f) 46 { 47 ctx->flags = f; 48 return ctx->flags; 49 } 50 51 BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b) 52 { 53 ctx->data = b; 54 return ctx->data; 55 } 56 57 X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s) 58 { 59 ctx->store = s; 60 return ctx->store; 61 } 62 63 STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, 64 STACK_OF(X509) *certs) 65 { 66 ctx->certs = certs; 67 return ctx->certs; 68 } 69 70 unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, 71 unsigned char *hexstr, long len) 72 { 73 ctx->imprint = hexstr; 74 ctx->imprint_len = len; 75 return ctx->imprint; 76 } 77 78 void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) 79 { 80 if (!ctx) 81 return; 82 83 X509_STORE_free(ctx->store); 84 sk_X509_pop_free(ctx->certs, X509_free); 85 86 ASN1_OBJECT_free(ctx->policy); 87 88 X509_ALGOR_free(ctx->md_alg); 89 OPENSSL_free(ctx->imprint); 90 91 BIO_free_all(ctx->data); 92 93 ASN1_INTEGER_free(ctx->nonce); 94 95 GENERAL_NAME_free(ctx->tsa_name); 96 97 TS_VERIFY_CTX_init(ctx); 98 } 99 100 TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) 101 { 102 TS_VERIFY_CTX *ret = ctx; 103 ASN1_OBJECT *policy; 104 TS_MSG_IMPRINT *imprint; 105 X509_ALGOR *md_alg; 106 ASN1_OCTET_STRING *msg; 107 const ASN1_INTEGER *nonce; 108 109 OPENSSL_assert(req != NULL); 110 if (ret) 111 TS_VERIFY_CTX_cleanup(ret); 112 else if ((ret = TS_VERIFY_CTX_new()) == NULL) 113 return NULL; 114 115 ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); 116 117 if ((policy = req->policy_id) != NULL) { 118 if ((ret->policy = OBJ_dup(policy)) == NULL) 119 goto err; 120 } else 121 ret->flags &= ~TS_VFY_POLICY; 122 123 imprint = req->msg_imprint; 124 md_alg = imprint->hash_algo; 125 if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL) 126 goto err; 127 msg = imprint->hashed_msg; 128 ret->imprint_len = ASN1_STRING_length(msg); 129 if (ret->imprint_len <= 0) 130 goto err; 131 if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL) 132 goto err; 133 memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len); 134 135 if ((nonce = req->nonce) != NULL) { 136 if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL) 137 goto err; 138 } else 139 ret->flags &= ~TS_VFY_NONCE; 140 141 return ret; 142 err: 143 if (ctx) 144 TS_VERIFY_CTX_cleanup(ctx); 145 else 146 TS_VERIFY_CTX_free(ret); 147 return NULL; 148 } 149