1214571Sdim/* crypto/ts/ts_verify_ctx.c */ 2214571Sdim/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 3214571Sdim * project 2003. 4214571Sdim */ 5214571Sdim/* ==================================================================== 6214571Sdim * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7214571Sdim * 8214571Sdim * Redistribution and use in source and binary forms, with or without 9214571Sdim * modification, are permitted provided that the following conditions 10214571Sdim * are met: 11214571Sdim * 12214571Sdim * 1. Redistributions of source code must retain the above copyright 13214571Sdim * notice, this list of conditions and the following disclaimer. 14214571Sdim * 15214571Sdim * 2. Redistributions in binary form must reproduce the above copyright 16214571Sdim * notice, this list of conditions and the following disclaimer in 17214571Sdim * the documentation and/or other materials provided with the 18214571Sdim * distribution. 19214571Sdim * 20214571Sdim * 3. All advertising materials mentioning features or use of this 21214571Sdim * software must display the following acknowledgment: 22214571Sdim * "This product includes software developed by the OpenSSL Project 23214571Sdim * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24214571Sdim * 25214571Sdim * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26214571Sdim * endorse or promote products derived from this software without 27214571Sdim * prior written permission. For written permission, please contact 28214571Sdim * licensing@OpenSSL.org. 29214571Sdim * 30214571Sdim * 5. Products derived from this software may not be called "OpenSSL" 31214571Sdim * nor may "OpenSSL" appear in their names without prior written 32214571Sdim * permission of the OpenSSL Project. 33214571Sdim * 34214571Sdim * 6. Redistributions of any form whatsoever must retain the following 35214571Sdim * acknowledgment: 36214571Sdim * "This product includes software developed by the OpenSSL Project 37214571Sdim * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38214571Sdim * 39214571Sdim * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40214571Sdim * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41214571Sdim * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42214571Sdim * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43214571Sdim * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44214571Sdim * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45214571Sdim * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46214571Sdim * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47214571Sdim * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48214571Sdim * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49214571Sdim * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50214571Sdim * OF THE POSSIBILITY OF SUCH DAMAGE. 51214571Sdim * ==================================================================== 52214571Sdim * 53214571Sdim * This product includes cryptographic software written by Eric Young 54214571Sdim * (eay@cryptsoft.com). This product includes software written by Tim 55214571Sdim * Hudson (tjh@cryptsoft.com). 56214571Sdim * 57214571Sdim */ 58214571Sdim 59214571Sdim#include <openssl/local/cryptlib.h> 60214571Sdim#include <openssl/objects.h> 61214571Sdim#include <openssl/ts.h> 62214571Sdim 63214571SdimTS_VERIFY_CTX *TS_VERIFY_CTX_new(void) 64214571Sdim { 65214571Sdim TS_VERIFY_CTX *ctx = 66214571Sdim (TS_VERIFY_CTX *) OPENSSL_malloc(sizeof(TS_VERIFY_CTX)); 67214571Sdim if (ctx) 68214571Sdim memset(ctx, 0, sizeof(TS_VERIFY_CTX)); 69214571Sdim else 70214571Sdim TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); 71214571Sdim return ctx; 72214571Sdim } 73214571Sdim 74238123Sjhbvoid TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) 75247012Sjmg { 76214571Sdim OPENSSL_assert(ctx != NULL); 77214571Sdim memset(ctx, 0, sizeof(TS_VERIFY_CTX)); 78214571Sdim } 79214571Sdim 80214571Sdimvoid TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) 81247117Sjmg { 82256112Sdim if (!ctx) return; 83261307Spfg 84247117Sjmg TS_VERIFY_CTX_cleanup(ctx); 85247117Sjmg OPENSSL_free(ctx); 86247117Sjmg } 87247117Sjmg 88214571Sdimvoid TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) 89214571Sdim { 90214571Sdim if (!ctx) return; 91214571Sdim 92261307Spfg X509_STORE_free(ctx->store); 93214571Sdim sk_X509_pop_free(ctx->certs, X509_free); 94214571Sdim 95214571Sdim ASN1_OBJECT_free(ctx->policy); 96214571Sdim 97214571Sdim X509_ALGOR_free(ctx->md_alg); 98214571Sdim OPENSSL_free(ctx->imprint); 99214571Sdim 100214571Sdim BIO_free_all(ctx->data); 101214571Sdim 102214571Sdim ASN1_INTEGER_free(ctx->nonce); 103214571Sdim 104214571Sdim GENERAL_NAME_free(ctx->tsa_name); 105214571Sdim 106214571Sdim TS_VERIFY_CTX_init(ctx); 107214571Sdim } 108214571Sdim 109214571SdimTS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) 110214571Sdim { 111214571Sdim TS_VERIFY_CTX *ret = ctx; 112214571Sdim ASN1_OBJECT *policy; 113214571Sdim TS_MSG_IMPRINT *imprint; 114214571Sdim X509_ALGOR *md_alg; 115214571Sdim ASN1_OCTET_STRING *msg; 116214571Sdim const ASN1_INTEGER *nonce; 117214571Sdim 118214571Sdim OPENSSL_assert(req != NULL); 119214571Sdim if (ret) 120214571Sdim TS_VERIFY_CTX_cleanup(ret); 121214571Sdim else 122214571Sdim if (!(ret = TS_VERIFY_CTX_new())) return NULL; 123214571Sdim 124214571Sdim /* Setting flags. */ 125214571Sdim ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); 126214571Sdim 127214571Sdim /* Setting policy. */ 128214571Sdim if ((policy = TS_REQ_get_policy_id(req)) != NULL) 129214571Sdim { 130214571Sdim if (!(ret->policy = OBJ_dup(policy))) goto err; 131214571Sdim } 132214571Sdim else 133214571Sdim ret->flags &= ~TS_VFY_POLICY; 134247012Sjmg 135247012Sjmg /* Setting md_alg, imprint and imprint_len. */ 136214571Sdim imprint = TS_REQ_get_msg_imprint(req); 137214571Sdim md_alg = TS_MSG_IMPRINT_get_algo(imprint); 138214571Sdim if (!(ret->md_alg = X509_ALGOR_dup(md_alg))) goto err; 139214571Sdim msg = TS_MSG_IMPRINT_get_msg(imprint); 140214571Sdim ret->imprint_len = ASN1_STRING_length(msg); 141214571Sdim if (!(ret->imprint = OPENSSL_malloc(ret->imprint_len))) goto err; 142214571Sdim memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len); 143214571Sdim 144214571Sdim /* Setting nonce. */ 145214571Sdim if ((nonce = TS_REQ_get_nonce(req)) != NULL) 146214571Sdim { 147214571Sdim if (!(ret->nonce = ASN1_INTEGER_dup(nonce))) goto err; 148214571Sdim } 149214571Sdim else 150214571Sdim ret->flags &= ~TS_VFY_NONCE; 151214571Sdim 152214571Sdim return ret; 153214571Sdim err: 154214571Sdim if (ctx) 155214571Sdim TS_VERIFY_CTX_cleanup(ctx); 156214571Sdim else 157214571Sdim TS_VERIFY_CTX_free(ret); 158214571Sdim return NULL; 159214571Sdim } 160214571Sdim