113039Sthartmann/* crypto/ts/ts_verify_ctx.c */ 216972Sdlong/* 313039Sthartmann * Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL project 413039Sthartmann * 2003. 513039Sthartmann */ 613039Sthartmann/* ==================================================================== 713039Sthartmann * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 813039Sthartmann * 913039Sthartmann * Redistribution and use in source and binary forms, with or without 1013039Sthartmann * modification, are permitted provided that the following conditions 1113039Sthartmann * are met: 1213039Sthartmann * 1313039Sthartmann * 1. Redistributions of source code must retain the above copyright 1413039Sthartmann * notice, this list of conditions and the following disclaimer. 1513039Sthartmann * 1613039Sthartmann * 2. Redistributions in binary form must reproduce the above copyright 1713039Sthartmann * notice, this list of conditions and the following disclaimer in 1813039Sthartmann * the documentation and/or other materials provided with the 1913039Sthartmann * distribution. 2013039Sthartmann * 2113039Sthartmann * 3. All advertising materials mentioning features or use of this 2213039Sthartmann * software must display the following acknowledgment: 2313039Sthartmann * "This product includes software developed by the OpenSSL Project 2413039Sthartmann * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2513039Sthartmann * 2613039Sthartmann * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2713039Sthartmann * endorse or promote products derived from this software without 2813039Sthartmann * prior written permission. For written permission, please contact 2913039Sthartmann * licensing@OpenSSL.org. 3013039Sthartmann * 3113039Sthartmann * 5. Products derived from this software may not be called "OpenSSL" 3213039Sthartmann * nor may "OpenSSL" appear in their names without prior written 3316972Sdlong * permission of the OpenSSL Project. 3416972Sdlong * 3513039Sthartmann * 6. Redistributions of any form whatsoever must retain the following 3613039Sthartmann * acknowledgment: 3713039Sthartmann * "This product includes software developed by the OpenSSL Project 3813039Sthartmann * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3913039Sthartmann * 4013039Sthartmann * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4113039Sthartmann * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4213039Sthartmann * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4313039Sthartmann * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4413039Sthartmann * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4513039Sthartmann * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4613039Sthartmann * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4713039Sthartmann * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4813039Sthartmann * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4913039Sthartmann * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5013039Sthartmann * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5113039Sthartmann * OF THE POSSIBILITY OF SUCH DAMAGE. 5213039Sthartmann * ==================================================================== 5316972Sdlong * 5416972Sdlong * This product includes cryptographic software written by Eric Young 5516972Sdlong * (eay@cryptsoft.com). This product includes software written by Tim 5613039Sthartmann * Hudson (tjh@cryptsoft.com). 5713039Sthartmann * 5813039Sthartmann */ 5913039Sthartmann 6013039Sthartmann#include "cryptlib.h" 6113039Sthartmann#include <openssl/objects.h> 6216972Sdlong#include <openssl/ts.h> 6316972Sdlong 6416972SdlongTS_VERIFY_CTX *TS_VERIFY_CTX_new(void) 6513039Sthartmann{ 6613039Sthartmann TS_VERIFY_CTX *ctx = 6713039Sthartmann (TS_VERIFY_CTX *)OPENSSL_malloc(sizeof(TS_VERIFY_CTX)); 6813039Sthartmann if (ctx) 6913039Sthartmann memset(ctx, 0, sizeof(TS_VERIFY_CTX)); 7013039Sthartmann else 7113039Sthartmann TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); 7213039Sthartmann return ctx; 7313039Sthartmann} 7416972Sdlong 7516972Sdlongvoid TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) 7616972Sdlong{ 7716972Sdlong OPENSSL_assert(ctx != NULL); 7816972Sdlong memset(ctx, 0, sizeof(TS_VERIFY_CTX)); 7913039Sthartmann} 8013039Sthartmann 8116972Sdlongvoid TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) 8216972Sdlong{ 8316972Sdlong if (!ctx) 8413039Sthartmann return; 8513039Sthartmann 8613039Sthartmann TS_VERIFY_CTX_cleanup(ctx); 8713039Sthartmann OPENSSL_free(ctx); 8813039Sthartmann} 8913039Sthartmann 9013039Sthartmannvoid TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) 9113039Sthartmann{ 9216972Sdlong if (!ctx) 9316972Sdlong return; 9416972Sdlong 9516972Sdlong X509_STORE_free(ctx->store); 9616972Sdlong sk_X509_pop_free(ctx->certs, X509_free); 9716972Sdlong 9816972Sdlong ASN1_OBJECT_free(ctx->policy); 9916972Sdlong 10016972Sdlong X509_ALGOR_free(ctx->md_alg); 10116972Sdlong OPENSSL_free(ctx->imprint); 10213039Sthartmann 10316972Sdlong BIO_free_all(ctx->data); 10416972Sdlong 10516972Sdlong ASN1_INTEGER_free(ctx->nonce); 10616972Sdlong 10716972Sdlong GENERAL_NAME_free(ctx->tsa_name); 10813039Sthartmann 10913039Sthartmann TS_VERIFY_CTX_init(ctx); 11013039Sthartmann} 11113039Sthartmann 11213039SthartmannTS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) 11313039Sthartmann{ 11413039Sthartmann TS_VERIFY_CTX *ret = ctx; 11516972Sdlong ASN1_OBJECT *policy; 11616972Sdlong TS_MSG_IMPRINT *imprint; 11716972Sdlong X509_ALGOR *md_alg; 11816972Sdlong ASN1_OCTET_STRING *msg; 11916972Sdlong const ASN1_INTEGER *nonce; 12016972Sdlong 12113039Sthartmann OPENSSL_assert(req != NULL); 12216972Sdlong if (ret) 12316972Sdlong TS_VERIFY_CTX_cleanup(ret); 12416972Sdlong else if (!(ret = TS_VERIFY_CTX_new())) 12516972Sdlong return NULL; 12616972Sdlong 12713039Sthartmann /* Setting flags. */ 12813039Sthartmann ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); 12913039Sthartmann 13013039Sthartmann /* Setting policy. */ 13113039Sthartmann if ((policy = TS_REQ_get_policy_id(req)) != NULL) { 13213039Sthartmann if (!(ret->policy = OBJ_dup(policy))) 13313039Sthartmann goto err; 13413039Sthartmann } else 13513039Sthartmann ret->flags &= ~TS_VFY_POLICY; 13616972Sdlong 13716972Sdlong /* Setting md_alg, imprint and imprint_len. */ 13816972Sdlong imprint = TS_REQ_get_msg_imprint(req); 13916972Sdlong md_alg = TS_MSG_IMPRINT_get_algo(imprint); 14013039Sthartmann if (!(ret->md_alg = X509_ALGOR_dup(md_alg))) 14113039Sthartmann goto err; 14213039Sthartmann msg = TS_MSG_IMPRINT_get_msg(imprint); 14313039Sthartmann ret->imprint_len = ASN1_STRING_length(msg); 14413039Sthartmann if (!(ret->imprint = OPENSSL_malloc(ret->imprint_len))) 14513039Sthartmann goto err; 14613039Sthartmann memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len); 14713039Sthartmann 14813039Sthartmann /* Setting nonce. */ 14913039Sthartmann if ((nonce = TS_REQ_get_nonce(req)) != NULL) { 15013327Sshade if (!(ret->nonce = ASN1_INTEGER_dup(nonce))) 15113327Sshade goto err; 15213039Sthartmann } else 15313039Sthartmann ret->flags &= ~TS_VFY_NONCE; 15413039Sthartmann 15513039Sthartmann return ret; 15613039Sthartmann err: 15713039Sthartmann if (ctx) 15813039Sthartmann TS_VERIFY_CTX_cleanup(ctx); 15913039Sthartmann else 16013039Sthartmann TS_VERIFY_CTX_free(ret); 16113039Sthartmann return NULL; 16213039Sthartmann} 16313039Sthartmann