Beispiel #1
0
TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX (TS_REQ * req, TS_VERIFY_CTX * ctx)
{
    TS_VERIFY_CTX *ret = ctx;

    ASN1_OBJECT *policy;

    TS_MSG_IMPRINT *imprint;

    X509_ALGOR *md_alg;

    ASN1_OCTET_STRING *msg;

    const ASN1_INTEGER *nonce;

    OPENSSL_assert (req != NULL);
    if (ret)
        TS_VERIFY_CTX_cleanup (ret);
    else if (!(ret = TS_VERIFY_CTX_new ()))
        return NULL;

    /* Setting flags. */
    ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);

    /* Setting policy. */
    if ((policy = TS_REQ_get_policy_id (req)) != NULL)
    {
        if (!(ret->policy = OBJ_dup (policy)))
            goto err;
    }
    else
        ret->flags &= ~TS_VFY_POLICY;

    /* Setting md_alg, imprint and imprint_len. */
    imprint = TS_REQ_get_msg_imprint (req);
    md_alg = TS_MSG_IMPRINT_get_algo (imprint);
    if (!(ret->md_alg = X509_ALGOR_dup (md_alg)))
        goto err;
    msg = TS_MSG_IMPRINT_get_msg (imprint);
    ret->imprint_len = ASN1_STRING_length (msg);
    if (!(ret->imprint = OPENSSL_malloc (ret->imprint_len)))
        goto err;
    memcpy (ret->imprint, ASN1_STRING_data (msg), ret->imprint_len);

    /* Setting nonce. */
    if ((nonce = TS_REQ_get_nonce (req)) != NULL)
    {
        if (!(ret->nonce = ASN1_INTEGER_dup (nonce)))
            goto err;
    }
    else
        ret->flags &= ~TS_VFY_NONCE;

    return ret;
  err:
    if (ctx)
        TS_VERIFY_CTX_cleanup (ctx);
    else
        TS_VERIFY_CTX_free (ret);
    return NULL;
}
Beispiel #2
0
static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
                                        char *queryfile,
                                        char *CApath, char *CAfile,
                                        char *untrusted,
                                        X509_VERIFY_PARAM *vpm)
{
    TS_VERIFY_CTX *ctx = NULL;
    BIO *input = NULL;
    TS_REQ *request = NULL;
    int ret = 0;
    int f = 0;

    if (data != NULL || digest != NULL) {
        if ((ctx = TS_VERIFY_CTX_new()) == NULL)
            goto err;
        f = TS_VFY_VERSION | TS_VFY_SIGNER;
        if (data != NULL) {
            f |= TS_VFY_DATA;
            if (TS_VERIFY_CTX_set_data(ctx, BIO_new_file(data, "rb")) == NULL)
                goto err;
        } else if (digest != NULL) {
            long imprint_len;
            unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len);
            f |= TS_VFY_IMPRINT;
            if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) {
                BIO_printf(bio_err, "invalid digest string\n");
                goto err;
            }
        }

    } else if (queryfile != NULL) {
        if ((input = BIO_new_file(queryfile, "rb")) == NULL)
            goto err;
        if ((request = d2i_TS_REQ_bio(input, NULL)) == NULL)
            goto err;
        if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL)
            goto err;
    } else
        return NULL;

    /* Add the signature verification flag and arguments. */
    TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE);

    /* Initialising the X509_STORE object. */
    if (TS_VERIFY_CTX_set_store(ctx, create_cert_store(CApath, CAfile, vpm))
            == NULL)
        goto err;

    /* Loading untrusted certificates. */
    if (untrusted
        && TS_VERIFY_CTS_set_certs(ctx, TS_CONF_load_certs(untrusted)) == NULL)
        goto err;
    ret = 1;

 err:
    if (!ret) {
        TS_VERIFY_CTX_free(ctx);
        ctx = NULL;
    }
    BIO_free_all(input);
    TS_REQ_free(request);
    return ctx;
}
Beispiel #3
0
static TS_VERIFY_CTX *
create_verify_ctx(char *data, char *digest, char *queryfile, char *ca_path,
    char *ca_file, char *untrusted)
{
	TS_VERIFY_CTX *ctx = NULL;
	BIO *input = NULL;
	TS_REQ *request = NULL;
	int ret = 0;

	if (data != NULL || digest != NULL) {
		if (!(ctx = TS_VERIFY_CTX_new()))
			goto err;
		ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER;
		if (data != NULL) {
			ctx->flags |= TS_VFY_DATA;
			if (!(ctx->data = BIO_new_file(data, "rb")))
				goto err;
		} else if (digest != NULL) {
			long imprint_len;
			ctx->flags |= TS_VFY_IMPRINT;
			if (!(ctx->imprint = string_to_hex(digest,
				    &imprint_len))) {
				BIO_printf(bio_err, "invalid digest string\n");
				goto err;
			}
			ctx->imprint_len = imprint_len;
		}
	} else if (queryfile != NULL) {
		/*
		 * The request has just to be read, decoded and converted to
		 * a verify context object.
		 */
		if (!(input = BIO_new_file(queryfile, "rb")))
			goto err;
		if (!(request = d2i_TS_REQ_bio(input, NULL)))
			goto err;
		if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)))
			goto err;
	} else
		return NULL;

	/* Add the signature verification flag and arguments. */
	ctx->flags |= TS_VFY_SIGNATURE;

	/* Initialising the X509_STORE object. */
	if (!(ctx->store = create_cert_store(ca_path, ca_file)))
		goto err;

	/* Loading untrusted certificates. */
	if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted)))
		goto err;

	ret = 1;
err:
	if (!ret) {
		TS_VERIFY_CTX_free(ctx);
		ctx = NULL;
	}
	BIO_free_all(input);
	TS_REQ_free(request);
	return ctx;
}