1214571Sdim/* crypto/ts/ts_verify_ctx.c */
2214571Sdim/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3214571Sdim * project 2003.
4214571Sdim */
5214571Sdim/* ====================================================================
6214571Sdim * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
7214571Sdim *
8214571Sdim * Redistribution and use in source and binary forms, with or without
9214571Sdim * modification, are permitted provided that the following conditions
10214571Sdim * are met:
11214571Sdim *
12214571Sdim * 1. Redistributions of source code must retain the above copyright
13214571Sdim *    notice, this list of conditions and the following disclaimer.
14214571Sdim *
15214571Sdim * 2. Redistributions in binary form must reproduce the above copyright
16214571Sdim *    notice, this list of conditions and the following disclaimer in
17214571Sdim *    the documentation and/or other materials provided with the
18214571Sdim *    distribution.
19214571Sdim *
20214571Sdim * 3. All advertising materials mentioning features or use of this
21214571Sdim *    software must display the following acknowledgment:
22214571Sdim *    "This product includes software developed by the OpenSSL Project
23214571Sdim *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24214571Sdim *
25214571Sdim * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26214571Sdim *    endorse or promote products derived from this software without
27214571Sdim *    prior written permission. For written permission, please contact
28214571Sdim *    licensing@OpenSSL.org.
29214571Sdim *
30214571Sdim * 5. Products derived from this software may not be called "OpenSSL"
31214571Sdim *    nor may "OpenSSL" appear in their names without prior written
32214571Sdim *    permission of the OpenSSL Project.
33214571Sdim *
34214571Sdim * 6. Redistributions of any form whatsoever must retain the following
35214571Sdim *    acknowledgment:
36214571Sdim *    "This product includes software developed by the OpenSSL Project
37214571Sdim *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38214571Sdim *
39214571Sdim * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40214571Sdim * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41214571Sdim * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42214571Sdim * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43214571Sdim * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44214571Sdim * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45214571Sdim * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46214571Sdim * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47214571Sdim * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48214571Sdim * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49214571Sdim * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50214571Sdim * OF THE POSSIBILITY OF SUCH DAMAGE.
51214571Sdim * ====================================================================
52214571Sdim *
53214571Sdim * This product includes cryptographic software written by Eric Young
54214571Sdim * (eay@cryptsoft.com).  This product includes software written by Tim
55214571Sdim * Hudson (tjh@cryptsoft.com).
56214571Sdim *
57214571Sdim */
58214571Sdim
59214571Sdim#include <openssl/local/cryptlib.h>
60214571Sdim#include <openssl/objects.h>
61214571Sdim#include <openssl/ts.h>
62214571Sdim
63214571SdimTS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
64214571Sdim	{
65214571Sdim	TS_VERIFY_CTX *ctx =
66214571Sdim		(TS_VERIFY_CTX *) OPENSSL_malloc(sizeof(TS_VERIFY_CTX));
67214571Sdim	if (ctx)
68214571Sdim		memset(ctx, 0, sizeof(TS_VERIFY_CTX));
69214571Sdim	else
70214571Sdim		TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE);
71214571Sdim	return ctx;
72214571Sdim	}
73214571Sdim
74238123Sjhbvoid TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
75247012Sjmg	{
76214571Sdim	OPENSSL_assert(ctx != NULL);
77214571Sdim	memset(ctx, 0, sizeof(TS_VERIFY_CTX));
78214571Sdim	}
79214571Sdim
80214571Sdimvoid TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
81247117Sjmg	{
82256112Sdim	if (!ctx) return;
83261307Spfg
84247117Sjmg	TS_VERIFY_CTX_cleanup(ctx);
85247117Sjmg	OPENSSL_free(ctx);
86247117Sjmg	}
87247117Sjmg
88214571Sdimvoid TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
89214571Sdim	{
90214571Sdim	if (!ctx) return;
91214571Sdim
92261307Spfg	X509_STORE_free(ctx->store);
93214571Sdim	sk_X509_pop_free(ctx->certs, X509_free);
94214571Sdim
95214571Sdim	ASN1_OBJECT_free(ctx->policy);
96214571Sdim
97214571Sdim	X509_ALGOR_free(ctx->md_alg);
98214571Sdim	OPENSSL_free(ctx->imprint);
99214571Sdim
100214571Sdim	BIO_free_all(ctx->data);
101214571Sdim
102214571Sdim	ASN1_INTEGER_free(ctx->nonce);
103214571Sdim
104214571Sdim	GENERAL_NAME_free(ctx->tsa_name);
105214571Sdim
106214571Sdim	TS_VERIFY_CTX_init(ctx);
107214571Sdim	}
108214571Sdim
109214571SdimTS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
110214571Sdim	{
111214571Sdim	TS_VERIFY_CTX *ret = ctx;
112214571Sdim	ASN1_OBJECT *policy;
113214571Sdim	TS_MSG_IMPRINT *imprint;
114214571Sdim	X509_ALGOR *md_alg;
115214571Sdim	ASN1_OCTET_STRING *msg;
116214571Sdim	const ASN1_INTEGER *nonce;
117214571Sdim
118214571Sdim	OPENSSL_assert(req != NULL);
119214571Sdim	if (ret)
120214571Sdim		TS_VERIFY_CTX_cleanup(ret);
121214571Sdim	else
122214571Sdim		if (!(ret = TS_VERIFY_CTX_new())) return NULL;
123214571Sdim
124214571Sdim	/* Setting flags. */
125214571Sdim	ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
126214571Sdim
127214571Sdim	/* Setting policy. */
128214571Sdim	if ((policy = TS_REQ_get_policy_id(req)) != NULL)
129214571Sdim		{
130214571Sdim		if (!(ret->policy = OBJ_dup(policy))) goto err;
131214571Sdim		}
132214571Sdim	else
133214571Sdim		ret->flags &= ~TS_VFY_POLICY;
134247012Sjmg
135247012Sjmg	/* Setting md_alg, imprint and imprint_len. */
136214571Sdim	imprint = TS_REQ_get_msg_imprint(req);
137214571Sdim	md_alg = TS_MSG_IMPRINT_get_algo(imprint);
138214571Sdim	if (!(ret->md_alg = X509_ALGOR_dup(md_alg))) goto err;
139214571Sdim	msg = TS_MSG_IMPRINT_get_msg(imprint);
140214571Sdim	ret->imprint_len = ASN1_STRING_length(msg);
141214571Sdim	if (!(ret->imprint = OPENSSL_malloc(ret->imprint_len))) goto err;
142214571Sdim	memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len);
143214571Sdim
144214571Sdim	/* Setting nonce. */
145214571Sdim	if ((nonce = TS_REQ_get_nonce(req)) != NULL)
146214571Sdim		{
147214571Sdim		if (!(ret->nonce = ASN1_INTEGER_dup(nonce))) goto err;
148214571Sdim		}
149214571Sdim	else
150214571Sdim		ret->flags &= ~TS_VFY_NONCE;
151214571Sdim
152214571Sdim	return ret;
153214571Sdim err:
154214571Sdim	if (ctx)
155214571Sdim		TS_VERIFY_CTX_cleanup(ctx);
156214571Sdim	else
157214571Sdim		TS_VERIFY_CTX_free(ret);
158214571Sdim	return NULL;
159214571Sdim	}
160214571Sdim