ts_rsp_verify.c revision 296341
1/* crypto/ts/ts_resp_verify.c */ 2/* 3 * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project 4 * 2002. 5 */ 6/* ==================================================================== 7 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60#include <stdio.h> 61#include "cryptlib.h" 62#include <openssl/objects.h> 63#include <openssl/ts.h> 64#include <openssl/pkcs7.h> 65 66/* Private function declarations. */ 67 68static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, 69 X509 *signer, STACK_OF(X509) **chain); 70static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, 71 STACK_OF(X509) *chain); 72static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si); 73static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); 74static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); 75static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, 76 PKCS7 *token, TS_TST_INFO *tst_info); 77static int TS_check_status_info(TS_RESP *response); 78static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); 79static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info); 80static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, 81 X509_ALGOR **md_alg, 82 unsigned char **imprint, unsigned *imprint_len); 83static int TS_check_imprints(X509_ALGOR *algor_a, 84 unsigned char *imprint_a, unsigned len_a, 85 TS_TST_INFO *tst_info); 86static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); 87static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); 88static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, 89 GENERAL_NAME *name); 90 91/* 92 * Local mapping between response codes and descriptions. 93 * Don't forget to change TS_STATUS_BUF_SIZE when modifying 94 * the elements of this array. 95 */ 96static const char *TS_status_text[] = { "granted", 97 "grantedWithMods", 98 "rejection", 99 "waiting", 100 "revocationWarning", 101 "revocationNotification" 102}; 103 104#define TS_STATUS_TEXT_SIZE (sizeof(TS_status_text)/sizeof(*TS_status_text)) 105 106/* 107 * This must be greater or equal to the sum of the strings in TS_status_text 108 * plus the number of its elements. 109 */ 110#define TS_STATUS_BUF_SIZE 256 111 112static struct { 113 int code; 114 const char *text; 115} TS_failure_info[] = { 116 { 117 TS_INFO_BAD_ALG, "badAlg" 118 }, 119 { 120 TS_INFO_BAD_REQUEST, "badRequest" 121 }, 122 { 123 TS_INFO_BAD_DATA_FORMAT, "badDataFormat" 124 }, 125 { 126 TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable" 127 }, 128 { 129 TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy" 130 }, 131 { 132 TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension" 133 }, 134 { 135 TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable" 136 }, 137 { 138 TS_INFO_SYSTEM_FAILURE, "systemFailure" 139 } 140}; 141 142#define TS_FAILURE_INFO_SIZE (sizeof(TS_failure_info) / \ 143 sizeof(*TS_failure_info)) 144 145/* Functions for verifying a signed TS_TST_INFO structure. */ 146 147/*- 148 * This function carries out the following tasks: 149 * - Checks if there is one and only one signer. 150 * - Search for the signing certificate in 'certs' and in the response. 151 * - Check the extended key usage and key usage fields of the signer 152 * certificate (done by the path validation). 153 * - Build and validate the certificate path. 154 * - Check if the certificate path meets the requirements of the 155 * SigningCertificate ESS signed attribute. 156 * - Verify the signature value. 157 * - Returns the signer certificate in 'signer', if 'signer' is not NULL. 158 */ 159int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, 160 X509_STORE *store, X509 **signer_out) 161{ 162 STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL; 163 PKCS7_SIGNER_INFO *si; 164 STACK_OF(X509) *signers = NULL; 165 X509 *signer; 166 STACK_OF(X509) *chain = NULL; 167 char buf[4096]; 168 int i, j = 0, ret = 0; 169 BIO *p7bio = NULL; 170 171 /* Some sanity checks first. */ 172 if (!token) { 173 TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER); 174 goto err; 175 } 176 177 /* Check for the correct content type */ 178 if (!PKCS7_type_is_signed(token)) { 179 TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE); 180 goto err; 181 } 182 183 /* Check if there is one and only one signer. */ 184 sinfos = PKCS7_get_signer_info(token); 185 if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) { 186 TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_THERE_MUST_BE_ONE_SIGNER); 187 goto err; 188 } 189 si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0); 190 191 /* Check for no content: no data to verify signature. */ 192 if (PKCS7_get_detached(token)) { 193 TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT); 194 goto err; 195 } 196 197 /* 198 * Get hold of the signer certificate, search only internal certificates 199 * if it was requested. 200 */ 201 signers = PKCS7_get0_signers(token, certs, 0); 202 if (!signers || sk_X509_num(signers) != 1) 203 goto err; 204 signer = sk_X509_value(signers, 0); 205 206 /* Now verify the certificate. */ 207 if (!TS_verify_cert(store, certs, signer, &chain)) 208 goto err; 209 210 /* 211 * Check if the signer certificate is consistent with the ESS extension. 212 */ 213 if (!TS_check_signing_certs(si, chain)) 214 goto err; 215 216 /* Creating the message digest. */ 217 p7bio = PKCS7_dataInit(token, NULL); 218 219 /* We now have to 'read' from p7bio to calculate digests etc. */ 220 while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0) ; 221 222 /* Verifying the signature. */ 223 j = PKCS7_signatureVerify(p7bio, token, si, signer); 224 if (j <= 0) { 225 TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE); 226 goto err; 227 } 228 229 /* Return the signer certificate if needed. */ 230 if (signer_out) { 231 *signer_out = signer; 232 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); 233 } 234 235 ret = 1; 236 237 err: 238 BIO_free_all(p7bio); 239 sk_X509_pop_free(chain, X509_free); 240 sk_X509_free(signers); 241 242 return ret; 243} 244 245/* 246 * The certificate chain is returned in chain. Caller is responsible for 247 * freeing the vector. 248 */ 249static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, 250 X509 *signer, STACK_OF(X509) **chain) 251{ 252 X509_STORE_CTX cert_ctx; 253 int i; 254 int ret = 1; 255 256 /* chain is an out argument. */ 257 *chain = NULL; 258 X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted); 259 X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN); 260 i = X509_verify_cert(&cert_ctx); 261 if (i <= 0) { 262 int j = X509_STORE_CTX_get_error(&cert_ctx); 263 TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR); 264 ERR_add_error_data(2, "Verify error:", 265 X509_verify_cert_error_string(j)); 266 ret = 0; 267 } else { 268 /* Get a copy of the certificate chain. */ 269 *chain = X509_STORE_CTX_get1_chain(&cert_ctx); 270 } 271 272 X509_STORE_CTX_cleanup(&cert_ctx); 273 274 return ret; 275} 276 277static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, 278 STACK_OF(X509) *chain) 279{ 280 ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si); 281 STACK_OF(ESS_CERT_ID) *cert_ids = NULL; 282 X509 *cert; 283 int i = 0; 284 int ret = 0; 285 286 if (!ss) 287 goto err; 288 cert_ids = ss->cert_ids; 289 /* The signer certificate must be the first in cert_ids. */ 290 cert = sk_X509_value(chain, 0); 291 if (TS_find_cert(cert_ids, cert) != 0) 292 goto err; 293 294 /* 295 * Check the other certificates of the chain if there are more than one 296 * certificate ids in cert_ids. 297 */ 298 if (sk_ESS_CERT_ID_num(cert_ids) > 1) { 299 /* All the certificates of the chain must be in cert_ids. */ 300 for (i = 1; i < sk_X509_num(chain); ++i) { 301 cert = sk_X509_value(chain, i); 302 if (TS_find_cert(cert_ids, cert) < 0) 303 goto err; 304 } 305 } 306 ret = 1; 307 err: 308 if (!ret) 309 TSerr(TS_F_TS_CHECK_SIGNING_CERTS, 310 TS_R_ESS_SIGNING_CERTIFICATE_ERROR); 311 ESS_SIGNING_CERT_free(ss); 312 return ret; 313} 314 315static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) 316{ 317 ASN1_TYPE *attr; 318 const unsigned char *p; 319 attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate); 320 if (!attr) 321 return NULL; 322 p = attr->value.sequence->data; 323 return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); 324} 325 326/* Returns < 0 if certificate is not found, certificate index otherwise. */ 327static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) 328{ 329 int i; 330 331 if (!cert_ids || !cert) 332 return -1; 333 334 /* Recompute SHA1 hash of certificate if necessary (side effect). */ 335 X509_check_purpose(cert, -1, 0); 336 337 /* Look for cert in the cert_ids vector. */ 338 for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) { 339 ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); 340 341 /* Check the SHA-1 hash first. */ 342 if (cid->hash->length == sizeof(cert->sha1_hash) 343 && !memcmp(cid->hash->data, cert->sha1_hash, 344 sizeof(cert->sha1_hash))) { 345 /* Check the issuer/serial as well if specified. */ 346 ESS_ISSUER_SERIAL *is = cid->issuer_serial; 347 if (!is || !TS_issuer_serial_cmp(is, cert->cert_info)) 348 return i; 349 } 350 } 351 352 return -1; 353} 354 355static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) 356{ 357 GENERAL_NAME *issuer; 358 359 if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1) 360 return -1; 361 362 /* Check the issuer first. It must be a directory name. */ 363 issuer = sk_GENERAL_NAME_value(is->issuer, 0); 364 if (issuer->type != GEN_DIRNAME 365 || X509_NAME_cmp(issuer->d.dirn, cinfo->issuer)) 366 return -1; 367 368 /* Check the serial number, too. */ 369 if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber)) 370 return -1; 371 372 return 0; 373} 374 375/*- 376 * Verifies whether 'response' contains a valid response with regards 377 * to the settings of the context: 378 * - Gives an error message if the TS_TST_INFO is not present. 379 * - Calls _TS_RESP_verify_token to verify the token content. 380 */ 381int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) 382{ 383 PKCS7 *token = TS_RESP_get_token(response); 384 TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); 385 int ret = 0; 386 387 /* Check if we have a successful TS_TST_INFO object in place. */ 388 if (!TS_check_status_info(response)) 389 goto err; 390 391 /* Check the contents of the time stamp token. */ 392 if (!int_TS_RESP_verify_token(ctx, token, tst_info)) 393 goto err; 394 395 ret = 1; 396 err: 397 return ret; 398} 399 400/* 401 * Tries to extract a TS_TST_INFO structure from the PKCS7 token and 402 * calls the internal int_TS_RESP_verify_token function for verifying it. 403 */ 404int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) 405{ 406 TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token); 407 int ret = 0; 408 if (tst_info) { 409 ret = int_TS_RESP_verify_token(ctx, token, tst_info); 410 TS_TST_INFO_free(tst_info); 411 } 412 return ret; 413} 414 415/*- 416 * Verifies whether the 'token' contains a valid time stamp token 417 * with regards to the settings of the context. Only those checks are 418 * carried out that are specified in the context: 419 * - Verifies the signature of the TS_TST_INFO. 420 * - Checks the version number of the response. 421 * - Check if the requested and returned policies math. 422 * - Check if the message imprints are the same. 423 * - Check if the nonces are the same. 424 * - Check if the TSA name matches the signer. 425 * - Check if the TSA name is the expected TSA. 426 */ 427static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, 428 PKCS7 *token, TS_TST_INFO *tst_info) 429{ 430 X509 *signer = NULL; 431 GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info); 432 X509_ALGOR *md_alg = NULL; 433 unsigned char *imprint = NULL; 434 unsigned imprint_len = 0; 435 int ret = 0; 436 437 /* Verify the signature. */ 438 if ((ctx->flags & TS_VFY_SIGNATURE) 439 && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer)) 440 goto err; 441 442 /* Check version number of response. */ 443 if ((ctx->flags & TS_VFY_VERSION) 444 && TS_TST_INFO_get_version(tst_info) != 1) { 445 TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION); 446 goto err; 447 } 448 449 /* Check policies. */ 450 if ((ctx->flags & TS_VFY_POLICY) 451 && !TS_check_policy(ctx->policy, tst_info)) 452 goto err; 453 454 /* Check message imprints. */ 455 if ((ctx->flags & TS_VFY_IMPRINT) 456 && !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, 457 tst_info)) 458 goto err; 459 460 /* Compute and check message imprints. */ 461 if ((ctx->flags & TS_VFY_DATA) 462 && (!TS_compute_imprint(ctx->data, tst_info, 463 &md_alg, &imprint, &imprint_len) 464 || !TS_check_imprints(md_alg, imprint, imprint_len, tst_info))) 465 goto err; 466 467 /* Check nonces. */ 468 if ((ctx->flags & TS_VFY_NONCE) 469 && !TS_check_nonces(ctx->nonce, tst_info)) 470 goto err; 471 472 /* Check whether TSA name and signer certificate match. */ 473 if ((ctx->flags & TS_VFY_SIGNER) 474 && tsa_name && !TS_check_signer_name(tsa_name, signer)) { 475 TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH); 476 goto err; 477 } 478 479 /* Check whether the TSA is the expected one. */ 480 if ((ctx->flags & TS_VFY_TSA_NAME) 481 && !TS_check_signer_name(ctx->tsa_name, signer)) { 482 TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED); 483 goto err; 484 } 485 486 ret = 1; 487 err: 488 X509_free(signer); 489 X509_ALGOR_free(md_alg); 490 OPENSSL_free(imprint); 491 return ret; 492} 493 494static int TS_check_status_info(TS_RESP *response) 495{ 496 TS_STATUS_INFO *info = TS_RESP_get_status_info(response); 497 long status = ASN1_INTEGER_get(info->status); 498 const char *status_text = NULL; 499 char *embedded_status_text = NULL; 500 char failure_text[TS_STATUS_BUF_SIZE] = ""; 501 502 /* Check if everything went fine. */ 503 if (status == 0 || status == 1) 504 return 1; 505 506 /* There was an error, get the description in status_text. */ 507 if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE) 508 status_text = TS_status_text[status]; 509 else 510 status_text = "unknown code"; 511 512 /* Set the embedded_status_text to the returned description. */ 513 if (sk_ASN1_UTF8STRING_num(info->text) > 0 514 && !(embedded_status_text = TS_get_status_text(info->text))) 515 return 0; 516 517 /* Filling in failure_text with the failure information. */ 518 if (info->failure_info) { 519 int i; 520 int first = 1; 521 for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i) { 522 if (ASN1_BIT_STRING_get_bit(info->failure_info, 523 TS_failure_info[i].code)) { 524 if (!first) 525 strcpy(failure_text, ","); 526 else 527 first = 0; 528 strcat(failure_text, TS_failure_info[i].text); 529 } 530 } 531 } 532 if (failure_text[0] == '\0') 533 strcpy(failure_text, "unspecified"); 534 535 /* Making up the error string. */ 536 TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN); 537 ERR_add_error_data(6, 538 "status code: ", status_text, 539 ", status text: ", embedded_status_text ? 540 embedded_status_text : "unspecified", 541 ", failure codes: ", failure_text); 542 OPENSSL_free(embedded_status_text); 543 544 return 0; 545} 546 547static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) 548{ 549 int i; 550 unsigned int length = 0; 551 char *result = NULL; 552 char *p; 553 554 /* Determine length first. */ 555 for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) { 556 ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); 557 length += ASN1_STRING_length(current); 558 length += 1; /* separator character */ 559 } 560 /* Allocate memory (closing '\0' included). */ 561 if (!(result = OPENSSL_malloc(length))) { 562 TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE); 563 return NULL; 564 } 565 /* Concatenate the descriptions. */ 566 for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) { 567 ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); 568 length = ASN1_STRING_length(current); 569 if (i > 0) 570 *p++ = '/'; 571 strncpy(p, (const char *)ASN1_STRING_data(current), length); 572 p += length; 573 } 574 /* We do have space for this, too. */ 575 *p = '\0'; 576 577 return result; 578} 579 580static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) 581{ 582 ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); 583 584 if (OBJ_cmp(req_oid, resp_oid) != 0) { 585 TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH); 586 return 0; 587 } 588 589 return 1; 590} 591 592static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, 593 X509_ALGOR **md_alg, 594 unsigned char **imprint, unsigned *imprint_len) 595{ 596 TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info); 597 X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint); 598 const EVP_MD *md; 599 EVP_MD_CTX md_ctx; 600 unsigned char buffer[4096]; 601 int length; 602 603 *md_alg = NULL; 604 *imprint = NULL; 605 606 /* Return the MD algorithm of the response. */ 607 if (!(*md_alg = X509_ALGOR_dup(md_alg_resp))) 608 goto err; 609 610 /* Getting the MD object. */ 611 if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) { 612 TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM); 613 goto err; 614 } 615 616 /* Compute message digest. */ 617 length = EVP_MD_size(md); 618 if (length < 0) 619 goto err; 620 *imprint_len = length; 621 if (!(*imprint = OPENSSL_malloc(*imprint_len))) { 622 TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE); 623 goto err; 624 } 625 626 if (!EVP_DigestInit(&md_ctx, md)) 627 goto err; 628 while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) { 629 if (!EVP_DigestUpdate(&md_ctx, buffer, length)) 630 goto err; 631 } 632 if (!EVP_DigestFinal(&md_ctx, *imprint, NULL)) 633 goto err; 634 635 return 1; 636 err: 637 X509_ALGOR_free(*md_alg); 638 OPENSSL_free(*imprint); 639 *imprint_len = 0; 640 *imprint = NULL; 641 return 0; 642} 643 644static int TS_check_imprints(X509_ALGOR *algor_a, 645 unsigned char *imprint_a, unsigned len_a, 646 TS_TST_INFO *tst_info) 647{ 648 TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info); 649 X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b); 650 int ret = 0; 651 652 /* algor_a is optional. */ 653 if (algor_a) { 654 /* Compare algorithm OIDs. */ 655 if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)) 656 goto err; 657 658 /* The parameter must be NULL in both. */ 659 if ((algor_a->parameter 660 && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL) 661 || (algor_b->parameter 662 && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL)) 663 goto err; 664 } 665 666 /* Compare octet strings. */ 667 ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) && 668 memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0; 669 err: 670 if (!ret) 671 TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH); 672 return ret; 673} 674 675static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) 676{ 677 const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info); 678 679 /* Error if nonce is missing. */ 680 if (!b) { 681 TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED); 682 return 0; 683 } 684 685 /* No error if a nonce is returned without being requested. */ 686 if (ASN1_INTEGER_cmp(a, b) != 0) { 687 TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH); 688 return 0; 689 } 690 691 return 1; 692} 693 694/* 695 * Check if the specified TSA name matches either the subject or one of the 696 * subject alternative names of the TSA certificate. 697 */ 698static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) 699{ 700 STACK_OF(GENERAL_NAME) *gen_names = NULL; 701 int idx = -1; 702 int found = 0; 703 704 /* Check the subject name first. */ 705 if (tsa_name->type == GEN_DIRNAME 706 && X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) 707 return 1; 708 709 /* Check all the alternative names. */ 710 gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx); 711 while (gen_names != NULL 712 && !(found = TS_find_name(gen_names, tsa_name) >= 0)) { 713 /* 714 * Get the next subject alternative name, although there should be no 715 * more than one. 716 */ 717 GENERAL_NAMES_free(gen_names); 718 gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, 719 NULL, &idx); 720 } 721 if (gen_names) 722 GENERAL_NAMES_free(gen_names); 723 724 return found; 725} 726 727/* Returns 1 if name is in gen_names, 0 otherwise. */ 728static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name) 729{ 730 int i, found; 731 for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) { 732 GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i); 733 found = GENERAL_NAME_cmp(current, name) == 0; 734 } 735 return found ? i - 1 : -1; 736} 737