generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make TS structures opaque.

Browse Source 
Most of the accessors existed and were already used so it was easy.
TS_VERIFY_CTX didn't have accessors/settors so I added the simple and
obvious ones, and changed the app to use them.  Also, within crypto/ts,
replaced the functions with direct access to the structure members
since we generally aren't opaque within a directory.

Also fix RT3901.

Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Rich Salz 2015-06-10 14:07:40 -04:00 committed by Rich Salz
parent 8e704858f2
commit ca4a494cb7
14 changed files with 398 additions and 306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
apps/ts.c
View File

@ -724,7 +724,7 @@ static TS_RESP *read_PKCS7(BIO *in_bio)
/* Create granted status info. */ /* Create granted status info. */
if ((si = TS_STATUS_INFO_new()) == NULL) if ((si = TS_STATUS_INFO_new()) == NULL)
goto end; goto end;
if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED))) if (!TS_STATUS_INFO_set_status(si, TS_STATUS_GRANTED))
goto end; goto end;
if (!TS_RESP_set_status_info(resp, si)) if (!TS_RESP_set_status_info(resp, si))
goto end; goto end;
@ -976,23 +976,24 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
BIO *input = NULL; BIO *input = NULL;
TS_REQ *request = NULL; TS_REQ *request = NULL;
int ret = 0; int ret = 0;
int f = 0;
if (data != NULL || digest != NULL) { if (data != NULL || digest != NULL) {
if ((ctx = TS_VERIFY_CTX_new()) == NULL) if ((ctx = TS_VERIFY_CTX_new()) == NULL)
goto err; goto err;
ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER; f = TS_VFY_VERSION | TS_VFY_SIGNER;
if (data != NULL) { if (data != NULL) {
ctx->flags |= TS_VFY_DATA; f |= TS_VFY_DATA;
if ((ctx->data = BIO_new_file(data, "rb")) == NULL) if (TS_VERIFY_CTX_set_data(ctx, BIO_new_file(data, "rb")) == NULL)
goto err; goto err;
} else if (digest != NULL) { } else if (digest != NULL) {
long imprint_len; long imprint_len;
ctx->flags |= TS_VFY_IMPRINT; unsigned char *hexstr = string_to_hex(digest, &imprint_len);
if ((ctx->imprint = string_to_hex(digest, &imprint_len)) == NULL) { f |= TS_VFY_IMPRINT;
if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) {
BIO_printf(bio_err, "invalid digest string\n"); BIO_printf(bio_err, "invalid digest string\n");
goto err; goto err;
} }
ctx->imprint_len = imprint_len;
} }
} else if (queryfile != NULL) { } else if (queryfile != NULL) {
@ -1010,14 +1011,16 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
return NULL; return NULL;
/* Add the signature verification flag and arguments. */ /* Add the signature verification flag and arguments. */
ctx->flags |= TS_VFY_SIGNATURE; TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE);
/* Initialising the X509_STORE object. */ /* Initialising the X509_STORE object. */
if ((ctx->store = create_cert_store(CApath, CAfile)) == NULL) if (TS_VERIFY_CTX_set_store(ctx, create_cert_store(CApath, CAfile))
== NULL)
goto err; goto err;
/* Loading untrusted certificates. */ /* Loading untrusted certificates. */
if (untrusted && (ctx->certs = TS_CONF_load_certs(untrusted)) == NULL) if (untrusted
&& TS_VERIFY_CTS_set_certs(ctx, TS_CONF_load_certs(untrusted)) == NULL)
goto err; goto err;
ret = 1; ret = 1;

18
crypto/ts/Makefile
View File

@ -86,7 +86,7 @@ ts_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ts_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ts_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ts_asn1.o: ../../include/openssl/ts.h ../../include/openssl/x509.h ts_asn1.o: ../../include/openssl/ts.h ../../include/openssl/x509.h
ts_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h ts_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
ts_asn1.o: ts_asn1.c ts_asn1.o: ts_asn1.c ts_lcl.h
ts_conf.o: ../../e_os.h ../../include/openssl/asn1.h ts_conf.o: ../../e_os.h ../../include/openssl/asn1.h
ts_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
ts_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ts_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@ -135,7 +135,7 @@ ts_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ts_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ts_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ts_lib.o: ../../include/openssl/ts.h ../../include/openssl/x509.h ts_lib.o: ../../include/openssl/ts.h ../../include/openssl/x509.h
ts_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h ts_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
ts_lib.o: ../include/internal/cryptlib.h ts_lib.c ts_lib.o: ../include/internal/cryptlib.h ts_lcl.h ts_lib.c
ts_req_print.o: ../../e_os.h ../../include/openssl/asn1.h ts_req_print.o: ../../e_os.h ../../include/openssl/asn1.h
ts_req_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ts_req_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
ts_req_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ts_req_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
@ -153,7 +153,7 @@ ts_req_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ts_req_print.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_req_print.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
ts_req_print.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_req_print.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ts_req_print.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h ts_req_print.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h
ts_req_print.o: ts_req_print.c ts_req_print.o: ts_lcl.h ts_req_print.c
ts_req_utils.o: ../../e_os.h ../../include/openssl/asn1.h ts_req_utils.o: ../../e_os.h ../../include/openssl/asn1.h
ts_req_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_req_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
ts_req_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ts_req_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@ -171,7 +171,7 @@ ts_req_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ts_req_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_req_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
ts_req_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_req_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ts_req_utils.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h ts_req_utils.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h
ts_req_utils.o: ts_req_utils.c ts_req_utils.o: ts_lcl.h ts_req_utils.c
ts_rsp_print.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_print.o: ../../e_os.h ../../include/openssl/asn1.h
ts_rsp_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ts_rsp_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
ts_rsp_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ts_rsp_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
@ -189,7 +189,7 @@ ts_rsp_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ts_rsp_print.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_print.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
ts_rsp_print.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_rsp_print.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ts_rsp_print.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h ts_rsp_print.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h
ts_rsp_print.o: ts_rsp_print.c ts_rsp_print.o: ts_lcl.h ts_rsp_print.c
ts_rsp_sign.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_sign.o: ../../e_os.h ../../include/openssl/asn1.h
ts_rsp_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_rsp_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
ts_rsp_sign.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ts_rsp_sign.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@ -207,7 +207,7 @@ ts_rsp_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ts_rsp_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
ts_rsp_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_rsp_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ts_rsp_sign.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h ts_rsp_sign.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h
ts_rsp_sign.o: ts_rsp_sign.c ts_rsp_sign.o: ts_lcl.h ts_rsp_sign.c
ts_rsp_utils.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_utils.o: ../../e_os.h ../../include/openssl/asn1.h
ts_rsp_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_rsp_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
ts_rsp_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ts_rsp_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@ -225,7 +225,7 @@ ts_rsp_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ts_rsp_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
ts_rsp_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_rsp_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ts_rsp_utils.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h ts_rsp_utils.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h
ts_rsp_utils.o: ts_rsp_utils.c ts_rsp_utils.o: ts_lcl.h ts_rsp_utils.c
ts_rsp_verify.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_verify.o: ../../e_os.h ../../include/openssl/asn1.h
ts_rsp_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_rsp_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
ts_rsp_verify.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ts_rsp_verify.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@ -243,7 +243,7 @@ ts_rsp_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ts_rsp_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
ts_rsp_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_rsp_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ts_rsp_verify.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h ts_rsp_verify.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h
ts_rsp_verify.o: ts_rsp_verify.c ts_rsp_verify.o: ts_lcl.h ts_rsp_verify.c
ts_verify_ctx.o: ../../e_os.h ../../include/openssl/asn1.h ts_verify_ctx.o: ../../e_os.h ../../include/openssl/asn1.h
ts_verify_ctx.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_verify_ctx.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
ts_verify_ctx.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h ts_verify_ctx.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
@ -261,4 +261,4 @@ ts_verify_ctx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ts_verify_ctx.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_verify_ctx.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h
ts_verify_ctx.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_verify_ctx.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ts_verify_ctx.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h ts_verify_ctx.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h
ts_verify_ctx.o: ts_verify_ctx.c ts_verify_ctx.o: ts_lcl.h ts_verify_ctx.c

1
crypto/ts/ts_asn1.c
View File

@ -59,6 +59,7 @@
#include <openssl/ts.h> #include <openssl/ts.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include "ts_lcl.h"
ASN1_SEQUENCE(TS_MSG_IMPRINT) = { ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR),

230
crypto/ts/ts_lcl.h Normal file
View File

@ -0,0 +1,230 @@
/* ====================================================================
* Copyright (c) 2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/*-
* MessageImprint ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
* hashedMessage OCTET STRING }
*/
struct TS_msg_imprint_st {
X509_ALGOR *hash_algo;
ASN1_OCTET_STRING *hashed_msg;
};
/*-
* TimeStampResp ::= SEQUENCE {
* status PKIStatusInfo,
* timeStampToken TimeStampToken OPTIONAL }
*/
struct TS_resp_st {
TS_STATUS_INFO *status_info;
PKCS7 *token;
TS_TST_INFO *tst_info;
};
/*-
* TimeStampReq ::= SEQUENCE {
* version INTEGER { v1(1) },
* messageImprint MessageImprint,
* --a hash algorithm OID and the hash value of the data to be
* --time-stamped
* reqPolicy TSAPolicyId OPTIONAL,
* nonce INTEGER OPTIONAL,
* certReq BOOLEAN DEFAULT FALSE,
* extensions [0] IMPLICIT Extensions OPTIONAL }
*/
struct TS_req_st {
ASN1_INTEGER *version;
TS_MSG_IMPRINT *msg_imprint;
ASN1_OBJECT *policy_id;
ASN1_INTEGER *nonce;
ASN1_BOOLEAN cert_req;
STACK_OF(X509_EXTENSION) *extensions;
};
/*-
* Accuracy ::= SEQUENCE {
* seconds INTEGER OPTIONAL,
* millis [0] INTEGER (1..999) OPTIONAL,
* micros [1] INTEGER (1..999) OPTIONAL }
*/
struct TS_accuracy_st {
ASN1_INTEGER *seconds;
ASN1_INTEGER *millis;
ASN1_INTEGER *micros;
};
/*-
* TSTInfo ::= SEQUENCE {
* version INTEGER { v1(1) },
* policy TSAPolicyId,
* messageImprint MessageImprint,
* -- MUST have the same value as the similar field in
* -- TimeStampReq
* serialNumber INTEGER,
* -- Time-Stamping users MUST be ready to accommodate integers
* -- up to 160 bits.
* genTime GeneralizedTime,
* accuracy Accuracy OPTIONAL,
* ordering BOOLEAN DEFAULT FALSE,
* nonce INTEGER OPTIONAL,
* -- MUST be present if the similar field was present
* -- in TimeStampReq. In that case it MUST have the same value.
* tsa [0] GeneralName OPTIONAL,
* extensions [1] IMPLICIT Extensions OPTIONAL }
*/
struct TS_tst_info_st {
ASN1_INTEGER *version;
ASN1_OBJECT *policy_id;
TS_MSG_IMPRINT *msg_imprint;
ASN1_INTEGER *serial;
ASN1_GENERALIZEDTIME *time;
TS_ACCURACY *accuracy;
ASN1_BOOLEAN ordering;
ASN1_INTEGER *nonce;
GENERAL_NAME *tsa;
STACK_OF(X509_EXTENSION) *extensions;
};
struct TS_status_info_st {
ASN1_INTEGER *status;
STACK_OF(ASN1_UTF8STRING) *text;
ASN1_BIT_STRING *failure_info;
};
DECLARE_STACK_OF(ASN1_UTF8STRING)
/*-
* IssuerSerial ::= SEQUENCE {
* issuer GeneralNames,
* serialNumber CertificateSerialNumber
* }
*/
struct ESS_issuer_serial {
STACK_OF(GENERAL_NAME) *issuer;
ASN1_INTEGER *serial;
};
/*-
* ESSCertID ::= SEQUENCE {
* certHash Hash,
* issuerSerial IssuerSerial OPTIONAL
* }
*/
struct ESS_cert_id {
ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */
ESS_ISSUER_SERIAL *issuer_serial;
};
/*-
* SigningCertificate ::= SEQUENCE {
* certs SEQUENCE OF ESSCertID,
* policies SEQUENCE OF PolicyInformation OPTIONAL
* }
*/
struct ESS_signing_cert {
STACK_OF(ESS_CERT_ID) *cert_ids;
STACK_OF(POLICYINFO) *policy_info;
};
struct TS_resp_ctx {
X509 *signer_cert;
EVP_PKEY *signer_key;
STACK_OF(X509) *certs; /* Certs to include in signed data. */
STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */
ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */
ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */
ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */
unsigned clock_precision_digits; /* fraction of seconds in time stamp
* token. */
unsigned flags; /* Optional info, see values above. */
/* Callback functions. */
TS_serial_cb serial_cb;
void *serial_cb_data; /* User data for serial_cb. */
TS_time_cb time_cb;
void *time_cb_data; /* User data for time_cb. */
TS_extension_cb extension_cb;
void *extension_cb_data; /* User data for extension_cb. */
/* These members are used only while creating the response. */
TS_REQ *request;
TS_RESP *response;
TS_TST_INFO *tst_info;
};
struct TS_verify_ctx {
/* Set this to the union of TS_VFY_... flags you want to carry out. */
unsigned flags;
/* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
X509_STORE *store;
STACK_OF(X509) *certs;
/* Must be set only with TS_VFY_POLICY. */
ASN1_OBJECT *policy;
/*
* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
* algorithm from the response is used.
*/
X509_ALGOR *md_alg;
unsigned char *imprint;
unsigned imprint_len;
/* Must be set only with TS_VFY_DATA. */
BIO *data;
/* Must be set only with TS_VFY_TSA_NAME. */
ASN1_INTEGER *nonce;
/* Must be set only with TS_VFY_TSA_NAME. */
GENERAL_NAME *tsa_name;
};

5
crypto/ts/ts_lib.c
View File

@ -64,6 +64,7 @@
#include <openssl/x509.h> #include <openssl/x509.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include <openssl/ts.h> #include <openssl/ts.h>
#include "ts_lcl.h"
/* Local function declarations. */ /* Local function declarations. */
@ -135,10 +136,10 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a)
{ {
ASN1_OCTET_STRING *msg; ASN1_OCTET_STRING *msg;
TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a)); TS_X509_ALGOR_print_bio(bio, a->hash_algo);
BIO_printf(bio, "Message data:\n"); BIO_printf(bio, "Message data:\n");
msg = TS_MSG_IMPRINT_get_msg(a); msg = a->hashed_msg;
BIO_dump_indent(bio, (const char *)ASN1_STRING_data(msg), BIO_dump_indent(bio, (const char *)ASN1_STRING_data(msg),
ASN1_STRING_length(msg), 4); ASN1_STRING_length(msg), 4);

13
crypto/ts/ts_req_print.c
View File

@ -63,6 +63,7 @@
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include <openssl/ts.h> #include <openssl/ts.h>
#include "ts_lcl.h"
/* Function definitions. */ /* Function definitions. */
@ -70,7 +71,6 @@ int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
{ {
int v; int v;
ASN1_OBJECT *policy_id; ASN1_OBJECT *policy_id;
const ASN1_INTEGER *nonce;
if (a == NULL) if (a == NULL)
return 0; return 0;
@ -78,7 +78,7 @@ int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
v = TS_REQ_get_version(a); v = TS_REQ_get_version(a);
BIO_printf(bio, "Version: %d\n", v); BIO_printf(bio, "Version: %d\n", v);
TS_MSG_IMPRINT_print_bio(bio, TS_REQ_get_msg_imprint(a)); TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint);
BIO_printf(bio, "Policy OID: "); BIO_printf(bio, "Policy OID: ");
policy_id = TS_REQ_get_policy_id(a); policy_id = TS_REQ_get_policy_id(a);
@ -88,17 +88,16 @@ int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
TS_OBJ_print_bio(bio, policy_id); TS_OBJ_print_bio(bio, policy_id);
BIO_printf(bio, "Nonce: "); BIO_printf(bio, "Nonce: ");
nonce = TS_REQ_get_nonce(a); if (a->nonce == NULL)
if (nonce == NULL)
BIO_printf(bio, "unspecified"); BIO_printf(bio, "unspecified");
else else
TS_ASN1_INTEGER_print_bio(bio, nonce); TS_ASN1_INTEGER_print_bio(bio, a->nonce);
BIO_write(bio, "\n", 1); BIO_write(bio, "\n", 1);
BIO_printf(bio, "Certificate required: %s\n", BIO_printf(bio, "Certificate required: %s\n",
TS_REQ_get_cert_req(a) ? "yes" : "no"); a->cert_req ? "yes" : "no");
TS_ext_print_bio(bio, TS_REQ_get_exts(a)); TS_ext_print_bio(bio, a->extensions);
return 1; return 1;
} }

1
crypto/ts/ts_req_utils.c
View File

@ -62,6 +62,7 @@
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include <openssl/ts.h> #include <openssl/ts.h>
#include "ts_lcl.h"
int TS_REQ_set_version(TS_REQ *a, long version) int TS_REQ_set_version(TS_REQ *a, long version)
{ {

69
crypto/ts/ts_rsp_print.c
View File

@ -63,6 +63,7 @@
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
#include <openssl/ts.h> #include <openssl/ts.h>
#include "ts_lcl.h"
struct status_map_st { struct status_map_st {
int bit; int bit;
@ -79,15 +80,12 @@ static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy);
int TS_RESP_print_bio(BIO *bio, TS_RESP *a) int TS_RESP_print_bio(BIO *bio, TS_RESP *a)
{ {
TS_TST_INFO *tst_info;
BIO_printf(bio, "Status info:\n"); BIO_printf(bio, "Status info:\n");
TS_STATUS_INFO_print_bio(bio, TS_RESP_get_status_info(a)); TS_STATUS_INFO_print_bio(bio, a->status_info);
BIO_printf(bio, "\nTST info:\n"); BIO_printf(bio, "\nTST info:\n");
tst_info = TS_RESP_get_tst_info(a); if (a->tst_info != NULL)
if (tst_info != NULL) TS_TST_INFO_print_bio(bio, a->tst_info);
TS_TST_INFO_print_bio(bio, TS_RESP_get_tst_info(a));
else else
BIO_printf(bio, "Not included.\n"); BIO_printf(bio, "Not included.\n");
@ -176,102 +174,85 @@ static int ts_status_map_print(BIO *bio, const struct status_map_st *a,
int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a) int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a)
{ {
int v; int v;
ASN1_OBJECT *policy_id;
const ASN1_INTEGER *serial;
const ASN1_GENERALIZEDTIME *gtime;
TS_ACCURACY *accuracy;
const ASN1_INTEGER *nonce;
GENERAL_NAME *tsa_name;
if (a == NULL) if (a == NULL)
return 0; return 0;
/* Print version. */ /* Print version. */
v = TS_TST_INFO_get_version(a); v = ASN1_INTEGER_get(a->version);
BIO_printf(bio, "Version: %d\n", v); BIO_printf(bio, "Version: %d\n", v);
/* Print policy id. */ /* Print policy id. */
BIO_printf(bio, "Policy OID: "); BIO_printf(bio, "Policy OID: ");
policy_id = TS_TST_INFO_get_policy_id(a); TS_OBJ_print_bio(bio, a->policy_id);
TS_OBJ_print_bio(bio, policy_id);
/* Print message imprint. */ /* Print message imprint. */
TS_MSG_IMPRINT_print_bio(bio, TS_TST_INFO_get_msg_imprint(a)); TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint);
/* Print serial number. */ /* Print serial number. */
BIO_printf(bio, "Serial number: "); BIO_printf(bio, "Serial number: ");
serial = TS_TST_INFO_get_serial(a); if (a->serial == NULL)
if (serial == NULL)
BIO_printf(bio, "unspecified"); BIO_printf(bio, "unspecified");
else else
TS_ASN1_INTEGER_print_bio(bio, serial); TS_ASN1_INTEGER_print_bio(bio, a->serial);
BIO_write(bio, "\n", 1); BIO_write(bio, "\n", 1);
/* Print time stamp. */ /* Print time stamp. */
BIO_printf(bio, "Time stamp: "); BIO_printf(bio, "Time stamp: ");
gtime = TS_TST_INFO_get_time(a); ASN1_GENERALIZEDTIME_print(bio, a->time);
ASN1_GENERALIZEDTIME_print(bio, gtime);
BIO_write(bio, "\n", 1); BIO_write(bio, "\n", 1);
/* Print accuracy. */ /* Print accuracy. */
BIO_printf(bio, "Accuracy: "); BIO_printf(bio, "Accuracy: ");
accuracy = TS_TST_INFO_get_accuracy(a); if (a->accuracy == NULL)
if (accuracy == NULL)
BIO_printf(bio, "unspecified"); BIO_printf(bio, "unspecified");
else else
ts_ACCURACY_print_bio(bio, accuracy); ts_ACCURACY_print_bio(bio, a->accuracy);
BIO_write(bio, "\n", 1); BIO_write(bio, "\n", 1);
/* Print ordering. */ /* Print ordering. */
BIO_printf(bio, "Ordering: %s\n", BIO_printf(bio, "Ordering: %s\n", a->ordering ? "yes" : "no");
TS_TST_INFO_get_ordering(a) ? "yes" : "no");
/* Print nonce. */ /* Print nonce. */
BIO_printf(bio, "Nonce: "); BIO_printf(bio, "Nonce: ");
nonce = TS_TST_INFO_get_nonce(a); if (a->nonce == NULL)
if (nonce == NULL)
BIO_printf(bio, "unspecified"); BIO_printf(bio, "unspecified");
else else
TS_ASN1_INTEGER_print_bio(bio, nonce); TS_ASN1_INTEGER_print_bio(bio, a->nonce);
BIO_write(bio, "\n", 1); BIO_write(bio, "\n", 1);
/* Print TSA name. */ /* Print TSA name. */
BIO_printf(bio, "TSA: "); BIO_printf(bio, "TSA: ");
tsa_name = TS_TST_INFO_get_tsa(a); if (a->tsa == NULL)
if (tsa_name == NULL)
BIO_printf(bio, "unspecified"); BIO_printf(bio, "unspecified");
else { else {
STACK_OF(CONF_VALUE) *nval; STACK_OF(CONF_VALUE) *nval;
if ((nval = i2v_GENERAL_NAME(NULL, tsa_name, NULL))) if ((nval = i2v_GENERAL_NAME(NULL, a->tsa, NULL)))
X509V3_EXT_val_prn(bio, nval, 0, 0); X509V3_EXT_val_prn(bio, nval, 0, 0);
sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
} }
BIO_write(bio, "\n", 1); BIO_write(bio, "\n", 1);
/* Print extensions. */ /* Print extensions. */
TS_ext_print_bio(bio, TS_TST_INFO_get_exts(a)); TS_ext_print_bio(bio, a->extensions);
return 1; return 1;
} }
static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy) static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *a)
{ {
const ASN1_INTEGER *seconds = TS_ACCURACY_get_seconds(accuracy); if (a->seconds != NULL)
const ASN1_INTEGER *millis = TS_ACCURACY_get_millis(accuracy); TS_ASN1_INTEGER_print_bio(bio, a->seconds);
const ASN1_INTEGER *micros = TS_ACCURACY_get_micros(accuracy);
if (seconds != NULL)
TS_ASN1_INTEGER_print_bio(bio, seconds);
else else
BIO_printf(bio, "unspecified"); BIO_printf(bio, "unspecified");
BIO_printf(bio, " seconds, "); BIO_printf(bio, " seconds, ");
if (millis != NULL) if (a->millis != NULL)
TS_ASN1_INTEGER_print_bio(bio, millis); TS_ASN1_INTEGER_print_bio(bio, a->millis);
else else
BIO_printf(bio, "unspecified"); BIO_printf(bio, "unspecified");
BIO_printf(bio, " millis, "); BIO_printf(bio, " millis, ");
if (micros != NULL) if (a->micros != NULL)
TS_ASN1_INTEGER_print_bio(bio, micros); TS_ASN1_INTEGER_print_bio(bio, a->micros);
else else
BIO_printf(bio, "unspecified"); BIO_printf(bio, "unspecified");
BIO_printf(bio, " micros"); BIO_printf(bio, " micros");

19
crypto/ts/ts_rsp_sign.c
View File

@ -66,6 +66,7 @@
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/ts.h> #include <openssl/ts.h>
#include <openssl/pkcs7.h> #include <openssl/pkcs7.h>
#include "ts_lcl.h"
/* Private function declarations. */ /* Private function declarations. */
@ -377,7 +378,7 @@ int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
int status, const char *text) int status, const char *text)
{ {
int ret = 1; int ret = 1;
TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); TS_STATUS_INFO *si = ctx->response->status_info;
if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) { if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) {
/* Status has not been set, set it now. */ /* Status has not been set, set it now. */
@ -388,7 +389,7 @@ int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure) int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure)
{ {
TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); TS_STATUS_INFO *si = ctx->response->status_info;
if (si->failure_info == NULL if (si->failure_info == NULL
&& (si->failure_info = ASN1_BIT_STRING_new()) == NULL) && (si->failure_info = ASN1_BIT_STRING_new()) == NULL)
goto err; goto err;
@ -526,8 +527,8 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx)
} }
/* Checking message digest algorithm. */ /* Checking message digest algorithm. */
msg_imprint = TS_REQ_get_msg_imprint(request); msg_imprint = request->msg_imprint;
md_alg = TS_MSG_IMPRINT_get_algo(msg_imprint); md_alg = msg_imprint->hash_algo;
md_alg_id = OBJ_obj2nid(md_alg->algorithm); md_alg_id = OBJ_obj2nid(md_alg->algorithm);
for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) { for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) {
EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i); EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
@ -551,7 +552,7 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx)
return 0; return 0;
} }
/* Checking message digest size. */ /* Checking message digest size. */
digest = TS_MSG_IMPRINT_get_msg(msg_imprint); digest = msg_imprint->hashed_msg;
if (digest->length != EVP_MD_size(md)) { if (digest->length != EVP_MD_size(md)) {
TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
"Bad message digest."); "Bad message digest.");
@ -565,7 +566,7 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx)
/* Returns the TSA policy based on the requested and acceptable policies. */ /* Returns the TSA policy based on the requested and acceptable policies. */
static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx) static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx)
{ {
ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request); ASN1_OBJECT *requested = ctx->request->policy_id;
ASN1_OBJECT *policy = NULL; ASN1_OBJECT *policy = NULL;
int i; int i;
@ -646,7 +647,7 @@ static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
goto end; goto end;
/* Setting nonce if needed. */ /* Setting nonce if needed. */
if ((nonce = TS_REQ_get_nonce(ctx->request)) != NULL if ((nonce = ctx->request->nonce) != NULL
&& !TS_TST_INFO_set_nonce(tst_info, nonce)) && !TS_TST_INFO_set_nonce(tst_info, nonce))
goto end; goto end;
@ -684,7 +685,7 @@ static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
/* Processing the extensions of the request. */ /* Processing the extensions of the request. */
static int ts_RESP_process_extensions(TS_RESP_CTX *ctx) static int ts_RESP_process_extensions(TS_RESP_CTX *ctx)
{ {
STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request); STACK_OF(X509_EXTENSION) *exts = ctx->request->extensions;
int i; int i;
int ok = 1; int ok = 1;
@ -733,7 +734,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx)
goto err; goto err;
/* Add signer certificate and optional certificate chain. */ /* Add signer certificate and optional certificate chain. */
if (TS_REQ_get_cert_req(ctx->request)) { if (ctx->request->cert_req) {
PKCS7_add_certificate(p7, ctx->signer_cert); PKCS7_add_certificate(p7, ctx->signer_cert);
if (ctx->certs) { if (ctx->certs) {
for (i = 0; i < sk_X509_num(ctx->certs); ++i) { for (i = 0; i < sk_X509_num(ctx->certs); ++i) {

6
crypto/ts/ts_rsp_utils.c
View File

@ -62,6 +62,7 @@
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/ts.h> #include <openssl/ts.h>
#include <openssl/pkcs7.h> #include <openssl/pkcs7.h>
#include "ts_lcl.h"
/* Function definitions. */ /* Function definitions. */
@ -394,3 +395,8 @@ void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx)
{ {
return X509V3_get_d2i(a->extensions, nid, crit, idx); return X509V3_get_d2i(a->extensions, nid, crit, idx);
} }
int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i)
{
return ASN1_INTEGER_set(a->status, i);
}

21
crypto/ts/ts_rsp_verify.c
View File

@ -62,6 +62,7 @@
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/ts.h> #include <openssl/ts.h>
#include <openssl/pkcs7.h> #include <openssl/pkcs7.h>
#include "ts_lcl.h"
/* Private function declarations. */ /* Private function declarations. */
@ -363,8 +364,8 @@ static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo)
*/ */
int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
{ {
PKCS7 *token = TS_RESP_get_token(response); PKCS7 *token = response->token;
TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); TS_TST_INFO *tst_info = response->tst_info;
int ret = 0; int ret = 0;
/* Check if we have a successful TS_TST_INFO object in place. */ /* Check if we have a successful TS_TST_INFO object in place. */
@ -411,7 +412,7 @@ static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
PKCS7 *token, TS_TST_INFO *tst_info) PKCS7 *token, TS_TST_INFO *tst_info)
{ {
X509 *signer = NULL; X509 *signer = NULL;
GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info); GENERAL_NAME *tsa_name = tst_info->tsa;
X509_ALGOR *md_alg = NULL; X509_ALGOR *md_alg = NULL;
unsigned char *imprint = NULL; unsigned char *imprint = NULL;
unsigned imprint_len = 0; unsigned imprint_len = 0;
@ -476,7 +477,7 @@ static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
static int ts_check_status_info(TS_RESP *response) static int ts_check_status_info(TS_RESP *response)
{ {
TS_STATUS_INFO *info = TS_RESP_get_status_info(response); TS_STATUS_INFO *info = response->status_info;
long status = ASN1_INTEGER_get(info->status); long status = ASN1_INTEGER_get(info->status);
const char *status_text = NULL; const char *status_text = NULL;
char *embedded_status_text = NULL; char *embedded_status_text = NULL;
@ -562,7 +563,7 @@ static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
static int ts_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) static int ts_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
{ {
ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); ASN1_OBJECT *resp_oid = tst_info->policy_id;
if (OBJ_cmp(req_oid, resp_oid) != 0) { if (OBJ_cmp(req_oid, resp_oid) != 0) {
TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH); TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
@ -576,8 +577,8 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
X509_ALGOR **md_alg, X509_ALGOR **md_alg,
unsigned char **imprint, unsigned *imprint_len) unsigned char **imprint, unsigned *imprint_len)
{ {
TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info); TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint); X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
const EVP_MD *md; const EVP_MD *md;
EVP_MD_CTX md_ctx; EVP_MD_CTX md_ctx;
unsigned char buffer[4096]; unsigned char buffer[4096];
@ -628,8 +629,8 @@ static int ts_check_imprints(X509_ALGOR *algor_a,
unsigned char *imprint_a, unsigned len_a, unsigned char *imprint_a, unsigned len_a,
TS_TST_INFO *tst_info) TS_TST_INFO *tst_info)
{ {
TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info); TS_MSG_IMPRINT *b = tst_info->msg_imprint;
X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b); X509_ALGOR *algor_b = b->hash_algo;
int ret = 0; int ret = 0;
/* algor_a is optional. */ /* algor_a is optional. */
@ -657,7 +658,7 @@ static int ts_check_imprints(X509_ALGOR *algor_a,
static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
{ {
const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info); const ASN1_INTEGER *b = tst_info->nonce;
/* Error if nonce is missing. */ /* Error if nonce is missing. */
if (!b) { if (!b) {

50
crypto/ts/ts_verify_ctx.c
View File

@ -60,6 +60,7 @@
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/ts.h> #include <openssl/ts.h>
#include "ts_lcl.h"
TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
{ {
@ -85,6 +86,45 @@ void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
OPENSSL_free(ctx); OPENSSL_free(ctx);
} }
int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f)
{
ctx->flags |= f;
return ctx->flags;
}
int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f)
{
ctx->flags = f;
return ctx->flags;
}
BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b)
{
ctx->data = b;
return ctx->data;
}
X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s)
{
ctx->store = s;
return ctx->store;
}
STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx,
STACK_OF(X509) *certs)
{
ctx->certs = certs;
return ctx->certs;
}
unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
unsigned char *hexstr, long len)
{
ctx->imprint = hexstr;
ctx->imprint_len = len;
return ctx->imprint;
}
void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
{ {
if (!ctx) if (!ctx)
@ -126,25 +166,25 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
/* Setting policy. */ /* Setting policy. */
if ((policy = TS_REQ_get_policy_id(req)) != NULL) { if ((policy = req->policy_id) != NULL) {
if ((ret->policy = OBJ_dup(policy)) == NULL) if ((ret->policy = OBJ_dup(policy)) == NULL)
goto err; goto err;
} else } else
ret->flags &= ~TS_VFY_POLICY; ret->flags &= ~TS_VFY_POLICY;
/* Setting md_alg, imprint and imprint_len. */ /* Setting md_alg, imprint and imprint_len. */
imprint = TS_REQ_get_msg_imprint(req); imprint = req->msg_imprint;
md_alg = TS_MSG_IMPRINT_get_algo(imprint); md_alg = imprint->hash_algo;
if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL) if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL)
goto err; goto err;
msg = TS_MSG_IMPRINT_get_msg(imprint); msg = imprint->hashed_msg;
ret->imprint_len = ASN1_STRING_length(msg); ret->imprint_len = ASN1_STRING_length(msg);
if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL) if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
goto err; goto err;
memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len); memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len);
/* Setting nonce. */ /* Setting nonce. */
if ((nonce = TS_REQ_get_nonce(req)) != NULL) { if ((nonce = req->nonce) != NULL) {
if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL) if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL)
goto err; goto err;
} else } else

223
include/openssl/ts.h
View File

@ -93,99 +93,12 @@ extern "C" {
# include <openssl/x509.h> # include <openssl/x509.h>
# include <openssl/x509v3.h> # include <openssl/x509v3.h>
/*- typedef struct TS_msg_imprint_st TS_MSG_IMPRINT;
MessageImprint ::= SEQUENCE { typedef struct TS_req_st TS_REQ;
hashAlgorithm AlgorithmIdentifier, typedef struct TS_accuracy_st TS_ACCURACY;
hashedMessage OCTET STRING } typedef struct TS_tst_info_st TS_TST_INFO;
*/
typedef struct TS_msg_imprint_st {
X509_ALGOR *hash_algo;
ASN1_OCTET_STRING *hashed_msg;
} TS_MSG_IMPRINT;
/*-
TimeStampReq ::= SEQUENCE {
version INTEGER { v1(1) },
messageImprint MessageImprint,
--a hash algorithm OID and the hash value of the data to be
--time-stamped
reqPolicy TSAPolicyId OPTIONAL,
nonce INTEGER OPTIONAL,
certReq BOOLEAN DEFAULT FALSE,
extensions [0] IMPLICIT Extensions OPTIONAL }
*/
typedef struct TS_req_st {
ASN1_INTEGER *version;
TS_MSG_IMPRINT *msg_imprint;
ASN1_OBJECT *policy_id; /* OPTIONAL */
ASN1_INTEGER *nonce; /* OPTIONAL */
ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */
STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */
} TS_REQ;
/*-
Accuracy ::= SEQUENCE {
seconds INTEGER OPTIONAL,
millis [0] INTEGER (1..999) OPTIONAL,
micros [1] INTEGER (1..999) OPTIONAL }
*/
typedef struct TS_accuracy_st {
ASN1_INTEGER *seconds;
ASN1_INTEGER *millis;
ASN1_INTEGER *micros;
} TS_ACCURACY;
/*-
TSTInfo ::= SEQUENCE {
version INTEGER { v1(1) },
policy TSAPolicyId,
messageImprint MessageImprint,
-- MUST have the same value as the similar field in
-- TimeStampReq
serialNumber INTEGER,
-- Time-Stamping users MUST be ready to accommodate integers
-- up to 160 bits.
genTime GeneralizedTime,
accuracy Accuracy OPTIONAL,
ordering BOOLEAN DEFAULT FALSE,
nonce INTEGER OPTIONAL,
-- MUST be present if the similar field was present
-- in TimeStampReq. In that case it MUST have the same value.
tsa [0] GeneralName OPTIONAL,
extensions [1] IMPLICIT Extensions OPTIONAL }
*/
typedef struct TS_tst_info_st {
ASN1_INTEGER *version;
ASN1_OBJECT *policy_id;
TS_MSG_IMPRINT *msg_imprint;
ASN1_INTEGER *serial;
ASN1_GENERALIZEDTIME *time;
TS_ACCURACY *accuracy;
ASN1_BOOLEAN ordering;
ASN1_INTEGER *nonce;
GENERAL_NAME *tsa;
STACK_OF(X509_EXTENSION) *extensions;
} TS_TST_INFO;
/*-
PKIStatusInfo ::= SEQUENCE {
status PKIStatus,
statusString PKIFreeText OPTIONAL,
failInfo PKIFailureInfo OPTIONAL }
From RFC 1510 - section 3.1.1:
PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
-- text encoded as UTF-8 String (note: each UTF8String SHOULD
-- include an RFC 1766 language tag to indicate the language
-- of the contained text)
*/
/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */
/* Possible values for status. */
# define TS_STATUS_GRANTED 0 # define TS_STATUS_GRANTED 0
# define TS_STATUS_GRANTED_WITH_MODS 1 # define TS_STATUS_GRANTED_WITH_MODS 1
# define TS_STATUS_REJECTION 2 # define TS_STATUS_REJECTION 2
@ -193,10 +106,7 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
# define TS_STATUS_REVOCATION_WARNING 4 # define TS_STATUS_REVOCATION_WARNING 4
# define TS_STATUS_REVOCATION_NOTIFICATION 5 # define TS_STATUS_REVOCATION_NOTIFICATION 5
/* /* Possible values for failure_info. */
* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c
*/
# define TS_INFO_BAD_ALG 0 # define TS_INFO_BAD_ALG 0
# define TS_INFO_BAD_REQUEST 2 # define TS_INFO_BAD_REQUEST 2
# define TS_INFO_BAD_DATA_FORMAT 5 # define TS_INFO_BAD_DATA_FORMAT 5
@ -206,65 +116,15 @@ PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
# define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 # define TS_INFO_ADD_INFO_NOT_AVAILABLE 17
# define TS_INFO_SYSTEM_FAILURE 25 # define TS_INFO_SYSTEM_FAILURE 25
typedef struct TS_status_info_st {
ASN1_INTEGER *status;
STACK_OF(ASN1_UTF8STRING) *text;
ASN1_BIT_STRING *failure_info;
} TS_STATUS_INFO;
DECLARE_STACK_OF(ASN1_UTF8STRING) typedef struct TS_status_info_st TS_STATUS_INFO;
typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
/*- typedef struct ESS_cert_id ESS_CERT_ID;
TimeStampResp ::= SEQUENCE { typedef struct ESS_signing_cert ESS_SIGNING_CERT;
status PKIStatusInfo,
timeStampToken TimeStampToken OPTIONAL }
*/
typedef struct TS_resp_st {
TS_STATUS_INFO *status_info;
PKCS7 *token;
TS_TST_INFO *tst_info;
} TS_RESP;
/* The structure below would belong to the ESS component. */
/*-
IssuerSerial ::= SEQUENCE {
issuer GeneralNames,
serialNumber CertificateSerialNumber
}
*/
typedef struct ESS_issuer_serial {
STACK_OF(GENERAL_NAME) *issuer;
ASN1_INTEGER *serial;
} ESS_ISSUER_SERIAL;
/*-
ESSCertID ::= SEQUENCE {
certHash Hash,
issuerSerial IssuerSerial OPTIONAL
}
*/
typedef struct ESS_cert_id {
ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */
ESS_ISSUER_SERIAL *issuer_serial;
} ESS_CERT_ID;
DECLARE_STACK_OF(ESS_CERT_ID) DECLARE_STACK_OF(ESS_CERT_ID)
/*- typedef struct TS_resp_st TS_RESP;
SigningCertificate ::= SEQUENCE {
certs SEQUENCE OF ESSCertID,
policies SEQUENCE OF PolicyInformation OPTIONAL
}
*/
typedef struct ESS_signing_cert {
STACK_OF(ESS_CERT_ID) *cert_ids;
STACK_OF(POLICYINFO) *policy_info;
} ESS_SIGNING_CERT;
TS_REQ *TS_REQ_new(void); TS_REQ *TS_REQ_new(void);
void TS_REQ_free(TS_REQ *a); void TS_REQ_free(TS_REQ *a);
@ -356,6 +216,8 @@ void ERR_load_TS_strings(void);
int TS_REQ_set_version(TS_REQ *a, long version); int TS_REQ_set_version(TS_REQ *a, long version);
long TS_REQ_get_version(const TS_REQ *a); long TS_REQ_get_version(const TS_REQ *a);
int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i);
int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint);
TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a);
@ -487,31 +349,7 @@ typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec,
typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *,
void *); void *);
typedef struct TS_resp_ctx { typedef struct TS_resp_ctx TS_RESP_CTX;
X509 *signer_cert;
EVP_PKEY *signer_key;
STACK_OF(X509) *certs; /* Certs to include in signed data. */
STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */
ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */
ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */
ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */
unsigned clock_precision_digits; /* fraction of seconds in time stamp
* token. */
unsigned flags; /* Optional info, see values above. */
/* Callback functions. */
TS_serial_cb serial_cb;
void *serial_cb_data; /* User data for serial_cb. */
TS_time_cb time_cb;
void *time_cb_data; /* User data for time_cb. */
TS_extension_cb extension_cb;
void *extension_cb_data; /* User data for extension_cb. */
/* These members are used only while creating the response. */
TS_REQ *request;
TS_RESP *response;
TS_TST_INFO *tst_info;
} TS_RESP_CTX;
DECLARE_STACK_OF(EVP_MD) DECLARE_STACK_OF(EVP_MD)
@ -645,42 +483,25 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
| TS_VFY_SIGNER \ | TS_VFY_SIGNER \
| TS_VFY_TSA_NAME) | TS_VFY_TSA_NAME)
typedef struct TS_verify_ctx { typedef struct TS_verify_ctx TS_VERIFY_CTX;
/* Set this to the union of TS_VFY_... flags you want to carry out. */
unsigned flags;
/* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
X509_STORE *store;
STACK_OF(X509) *certs;
/* Must be set only with TS_VFY_POLICY. */
ASN1_OBJECT *policy;
/*
* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
* algorithm from the response is used.
*/
X509_ALGOR *md_alg;
unsigned char *imprint;
unsigned imprint_len;
/* Must be set only with TS_VFY_DATA. */
BIO *data;
/* Must be set only with TS_VFY_TSA_NAME. */
ASN1_INTEGER *nonce;
/* Must be set only with TS_VFY_TSA_NAME. */
GENERAL_NAME *tsa_name;
} TS_VERIFY_CTX;
int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
/* /*
* Declarations related to response verification context, * Declarations related to response verification context,
* they are defined in ts/ts_verify_ctx.c.
*/ */
/* Set all fields to zero. */
TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f);
int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f);
BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b);
unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
unsigned char *hexstr, long len);
X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
/*- /*-
* If ctx is NULL, it allocates and returns a new object, otherwise * If ctx is NULL, it allocates and returns a new object, otherwise

25
util/libeay.num
View File

@ -4587,19 +4587,26 @@ CRYPTO_secure_free 4945 EXIST::FUNCTION:
BIO_s_secmem 4946 EXIST::FUNCTION: BIO_s_secmem 4946 EXIST::FUNCTION:
CRYPTO_get_secure_mem_ex_functions 4947 EXIST::FUNCTION: CRYPTO_get_secure_mem_ex_functions 4947 EXIST::FUNCTION:
CRYPTO_set_secure_mem_functions 4948 EXIST::FUNCTION: CRYPTO_set_secure_mem_functions 4948 EXIST::FUNCTION:
TS_VERIFY_CTX_set_flags 4949 EXIST::FUNCTION:
X509_STORE_CTX_get_num_untrusted 4949 EXIST::FUNCTION: X509_STORE_CTX_get_num_untrusted 4949 EXIST::FUNCTION:
TS_STATUS_INFO_set_status 4950 EXIST::FUNCTION:
X509_up_ref 4950 EXIST::FUNCTION: X509_up_ref 4950 EXIST::FUNCTION:
TS_VERIFY_CTX_set_imprint 4951 EXIST::FUNCTION:
X509_REQ_get_version 4951 EXIST::FUNCTION: X509_REQ_get_version 4951 EXIST::FUNCTION:
TS_VERIFY_CTS_set_certs 4952 EXIST::FUNCTION:
X509_REQ_get_subject_name 4952 EXIST::FUNCTION: X509_REQ_get_subject_name 4952 EXIST::FUNCTION:
TS_VERIFY_CTX_set_data 4953 EXIST::FUNCTION:
X509_CRL_up_ref 4953 EXIST::FUNCTION: X509_CRL_up_ref 4953 EXIST::FUNCTION:
CRYPTO_zalloc 4954 EXIST::FUNCTION: CRYPTO_zalloc 4954 EXIST::FUNCTION:
X509_get_extension_flags 4955 EXIST::FUNCTION: TS_VERIFY_CTX_set_store 4954 EXIST::FUNCTION:
X509_get_extended_key_usage 4956 EXIST::FUNCTION: X509_get_extension_flags 4954 EXIST::FUNCTION:
X509_get_key_usage 4957 EXIST::FUNCTION: TS_VERIFY_CTX_add_flags 4955 EXIST::FUNCTION:
X509_CRL_get_issuer 4958 EXIST::FUNCTION: X509_get_extended_key_usage 4955 EXIST::FUNCTION:
X509_CRL_get_nextUpdate 4959 EXIST::FUNCTION: X509_get_key_usage 4956 EXIST::FUNCTION:
X509_CRL_get0_signature 4960 EXIST::FUNCTION: X509_CRL_get_issuer 4957 EXIST::FUNCTION:
X509_CRL_get_REVOKED 4961 EXIST::FUNCTION: X509_CRL_get_nextUpdate 4958 EXIST::FUNCTION:
X509_CRL_get_version 4962 EXIST::FUNCTION: X509_CRL_get0_signature 4959 EXIST::FUNCTION:
X509_CRL_get_lastUpdate 4963 EXIST::FUNCTION: X509_CRL_get_REVOKED 4960 EXIST::FUNCTION:
X509_CRL_get_version 4961 EXIST::FUNCTION:
X509_CRL_get_lastUpdate 4962 EXIST::FUNCTION:
EVP_PBE_get 4964 EXIST::FUNCTION: EVP_PBE_get 4964 EXIST::FUNCTION: