TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX (TS_REQ * req, TS_VERIFY_CTX * ctx) { TS_VERIFY_CTX *ret = ctx; ASN1_OBJECT *policy; TS_MSG_IMPRINT *imprint; X509_ALGOR *md_alg; ASN1_OCTET_STRING *msg; const ASN1_INTEGER *nonce; OPENSSL_assert (req != NULL); if (ret) TS_VERIFY_CTX_cleanup (ret); else if (!(ret = TS_VERIFY_CTX_new ())) return NULL; /* Setting flags. */ ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); /* Setting policy. */ if ((policy = TS_REQ_get_policy_id (req)) != NULL) { if (!(ret->policy = OBJ_dup (policy))) goto err; } else ret->flags &= ~TS_VFY_POLICY; /* Setting md_alg, imprint and imprint_len. */ imprint = TS_REQ_get_msg_imprint (req); md_alg = TS_MSG_IMPRINT_get_algo (imprint); if (!(ret->md_alg = X509_ALGOR_dup (md_alg))) goto err; msg = TS_MSG_IMPRINT_get_msg (imprint); ret->imprint_len = ASN1_STRING_length (msg); if (!(ret->imprint = OPENSSL_malloc (ret->imprint_len))) goto err; memcpy (ret->imprint, ASN1_STRING_data (msg), ret->imprint_len); /* Setting nonce. */ if ((nonce = TS_REQ_get_nonce (req)) != NULL) { if (!(ret->nonce = ASN1_INTEGER_dup (nonce))) goto err; } else ret->flags &= ~TS_VFY_NONCE; return ret; err: if (ctx) TS_VERIFY_CTX_cleanup (ctx); else TS_VERIFY_CTX_free (ret); return NULL; }
static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, char *queryfile, char *CApath, char *CAfile, char *untrusted, X509_VERIFY_PARAM *vpm) { TS_VERIFY_CTX *ctx = NULL; BIO *input = NULL; TS_REQ *request = NULL; int ret = 0; int f = 0; if (data != NULL || digest != NULL) { if ((ctx = TS_VERIFY_CTX_new()) == NULL) goto err; f = TS_VFY_VERSION | TS_VFY_SIGNER; if (data != NULL) { f |= TS_VFY_DATA; if (TS_VERIFY_CTX_set_data(ctx, BIO_new_file(data, "rb")) == NULL) goto err; } else if (digest != NULL) { long imprint_len; unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len); f |= TS_VFY_IMPRINT; if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) { BIO_printf(bio_err, "invalid digest string\n"); goto err; } } } else if (queryfile != NULL) { if ((input = BIO_new_file(queryfile, "rb")) == NULL) goto err; if ((request = d2i_TS_REQ_bio(input, NULL)) == NULL) goto err; if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL) goto err; } else return NULL; /* Add the signature verification flag and arguments. */ TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE); /* Initialising the X509_STORE object. */ if (TS_VERIFY_CTX_set_store(ctx, create_cert_store(CApath, CAfile, vpm)) == NULL) goto err; /* Loading untrusted certificates. */ if (untrusted && TS_VERIFY_CTS_set_certs(ctx, TS_CONF_load_certs(untrusted)) == NULL) goto err; ret = 1; err: if (!ret) { TS_VERIFY_CTX_free(ctx); ctx = NULL; } BIO_free_all(input); TS_REQ_free(request); return ctx; }
static TS_VERIFY_CTX * create_verify_ctx(char *data, char *digest, char *queryfile, char *ca_path, char *ca_file, char *untrusted) { TS_VERIFY_CTX *ctx = NULL; BIO *input = NULL; TS_REQ *request = NULL; int ret = 0; if (data != NULL || digest != NULL) { if (!(ctx = TS_VERIFY_CTX_new())) goto err; ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER; if (data != NULL) { ctx->flags |= TS_VFY_DATA; if (!(ctx->data = BIO_new_file(data, "rb"))) goto err; } else if (digest != NULL) { long imprint_len; ctx->flags |= TS_VFY_IMPRINT; if (!(ctx->imprint = string_to_hex(digest, &imprint_len))) { BIO_printf(bio_err, "invalid digest string\n"); goto err; } ctx->imprint_len = imprint_len; } } else if (queryfile != NULL) { /* * The request has just to be read, decoded and converted to * a verify context object. */ if (!(input = BIO_new_file(queryfile, "rb"))) goto err; if (!(request = d2i_TS_REQ_bio(input, NULL))) goto err; if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL))) goto err; } else return NULL; /* Add the signature verification flag and arguments. */ ctx->flags |= TS_VFY_SIGNATURE; /* Initialising the X509_STORE object. */ if (!(ctx->store = create_cert_store(ca_path, ca_file))) goto err; /* Loading untrusted certificates. */ if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted))) goto err; ret = 1; err: if (!ret) { TS_VERIFY_CTX_free(ctx); ctx = NULL; } BIO_free_all(input); TS_REQ_free(request); return ctx; }