static int verify_command(char *data, char *digest, char *queryfile, char *in, int token_in, char *ca_path, char *ca_file, char *untrusted) { BIO *in_bio = NULL; PKCS7 *token = NULL; TS_RESP *response = NULL; TS_VERIFY_CTX *verify_ctx = NULL; int ret = 0; /* Decode the token (PKCS7) or response (TS_RESP) files. */ if (!(in_bio = BIO_new_file(in, "rb"))) goto end; if (token_in) { if (!(token = d2i_PKCS7_bio(in_bio, NULL))) goto end; } else { if (!(response = d2i_TS_RESP_bio(in_bio, NULL))) goto end; } if (!(verify_ctx = create_verify_ctx(data, digest, queryfile, ca_path, ca_file, untrusted))) goto end; /* Checking the token or response against the request. */ ret = token_in ? TS_RESP_verify_token(verify_ctx, token) : TS_RESP_verify_response(verify_ctx, response); end: printf("Verification: "); if (ret) printf("OK\n"); else { printf("FAILED\n"); /* Print errors, if there are any. */ ERR_print_errors(bio_err); } /* Clean up. */ BIO_free_all(in_bio); PKCS7_free(token); TS_RESP_free(response); TS_VERIFY_CTX_free(verify_ctx); return ret; }
static int verify_command(char *data, char *digest, char *queryfile, char *in, int token_in, char *CApath, char *CAfile, char *untrusted, X509_VERIFY_PARAM *vpm) { BIO *in_bio = NULL; PKCS7 *token = NULL; TS_RESP *response = NULL; TS_VERIFY_CTX *verify_ctx = NULL; int ret = 0; if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end; if (token_in) { if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL) goto end; } else { if ((response = d2i_TS_RESP_bio(in_bio, NULL)) == NULL) goto end; } if ((verify_ctx = create_verify_ctx(data, digest, queryfile, CApath, CAfile, untrusted, vpm)) == NULL) goto end; ret = token_in ? TS_RESP_verify_token(verify_ctx, token) : TS_RESP_verify_response(verify_ctx, response); end: printf("Verification: "); if (ret) printf("OK\n"); else { printf("FAILED\n"); ERR_print_errors(bio_err); } BIO_free_all(in_bio); PKCS7_free(token); TS_RESP_free(response); TS_VERIFY_CTX_free(verify_ctx); return ret; }
static int reply_command(CONF *conf, char *section, char *engine, char *queryfile, char *passin, char *inkey, const EVP_MD *md, char *signer, char *chain, const char *policy, char *in, int token_in, char *out, int token_out, int text) { int ret = 0; TS_RESP *response = NULL; BIO *in_bio = NULL; BIO *query_bio = NULL; BIO *inkey_bio = NULL; BIO *signer_bio = NULL; BIO *out_bio = NULL; if (in != NULL) { if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end; if (token_in) { response = read_PKCS7(in_bio); } else { response = d2i_TS_RESP_bio(in_bio, NULL); } } else { response = create_response(conf, section, engine, queryfile, passin, inkey, md, signer, chain, policy); if (response) BIO_printf(bio_err, "Response has been generated.\n"); else BIO_printf(bio_err, "Response is not generated.\n"); } if (response == NULL) goto end; /* Write response. */ if (text) { if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL) goto end; if (token_out) { TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); if (!TS_TST_INFO_print_bio(out_bio, tst_info)) goto end; } else { if (!TS_RESP_print_bio(out_bio, response)) goto end; } } else { if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL) goto end; if (token_out) { PKCS7 *token = TS_RESP_get_token(response); if (!i2d_PKCS7_bio(out_bio, token)) goto end; } else { if (!i2d_TS_RESP_bio(out_bio, response)) goto end; } } ret = 1; end: ERR_print_errors(bio_err); BIO_free_all(in_bio); BIO_free_all(query_bio); BIO_free_all(inkey_bio); BIO_free_all(signer_bio); BIO_free_all(out_bio); TS_RESP_free(response); return ret; }
static int reply_command(CONF * conf, char *section, char *engine, char *queryfile, char *passin, char *inkey, char *signer, char *chain, const char *policy, char *in, int token_in, char *out, int token_out, int text) { int ret = 0; TS_RESP *response = NULL; BIO *in_bio = NULL; BIO *query_bio = NULL; BIO *inkey_bio = NULL; BIO *signer_bio = NULL; BIO *out_bio = NULL; /* Build response object either from response or query. */ if (in != NULL) { if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end; if (token_in) { /* * We have a ContentInfo (PKCS7) object, add * 'granted' status info around it. */ response = read_PKCS7(in_bio); } else { /* We have a ready-made TS_RESP object. */ response = d2i_TS_RESP_bio(in_bio, NULL); } } else { response = create_response(conf, section, engine, queryfile, passin, inkey, signer, chain, policy); if (response) BIO_printf(bio_err, "Response has been generated.\n"); else BIO_printf(bio_err, "Response is not generated.\n"); } if (response == NULL) goto end; /* Write response either in ASN.1 or text format. */ if ((out_bio = BIO_open_with_default(out, "wb", stdout)) == NULL) goto end; if (text) { /* Text output. */ if (token_out) { TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); if (!TS_TST_INFO_print_bio(out_bio, tst_info)) goto end; } else { if (!TS_RESP_print_bio(out_bio, response)) goto end; } } else { /* ASN.1 DER output. */ if (token_out) { PKCS7 *token = TS_RESP_get_token(response); if (!i2d_PKCS7_bio(out_bio, token)) goto end; } else { if (!i2d_TS_RESP_bio(out_bio, response)) goto end; } } ret = 1; end: ERR_print_errors(bio_err); /* Clean up. */ BIO_free_all(in_bio); BIO_free_all(query_bio); BIO_free_all(inkey_bio); BIO_free_all(signer_bio); BIO_free_all(out_bio); TS_RESP_free(response); return ret; }
UNSIGNED32 get_timestamp_response(const char* urlStr, char* hash, UNSIGNED32 hash_size, UNSIGNED32 httpTimeOut, TS_RESP** tsResponse) { UNSIGNED32 result = TINTERNALERROR; BIO* responseBio = NULL; Url* url = NULL; TS_REQ* tsRequest = NULL; BIO* requestBio = NULL; int requestHeaderLength; int requestLength; int requestContentLength; char requestHeader[2048 + 256]; char* request = NULL; void* contentBuffer = NULL; void* resultBuffer = NULL; int resultLength; TS_MSG_IMPRINT* msgImprint = NULL; ASN1_OCTET_STRING* hashedMessage = NULL; int hashedMessageLength; int httpResult; char *urlBuffer = NULL; int redirection = 0; /* Check if TS url is specified */ if (!urlStr) { goto end; } /* Get Request for timestamp */ tsRequest = get_timestamp_request(hash, hash_size, create_nonce(NONCE_LENGTH)); msgImprint = TS_REQ_get_msg_imprint(tsRequest); hashedMessage = TS_MSG_IMPRINT_get_msg(msgImprint); hashedMessageLength = ASN1_STRING_length((ASN1_STRING*)hashedMessage); if ((int)hash_size != hashedMessageLength) { goto end; } requestBio = BIO_new(BIO_s_mem()); if (requestBio == NULL) { goto end; } if (!i2d_TS_REQ_bio(requestBio, tsRequest)) { goto end; } contentBuffer = memory_alloc(BIO_number_written(requestBio)); if (contentBuffer == NULL) { goto end; } requestContentLength = BIO_read(requestBio, contentBuffer, BIO_number_written(requestBio)); /* Allocate memory buffer for timestamp server url */ urlBuffer = memory_alloc(strlen(urlStr) + 1); if (!urlBuffer) { goto end; } /* Copy TS url to allocated buffer */ strcpy(urlBuffer, urlStr); http_redirect: /* Parse and check URL */ url = parse_url(urlBuffer); if (url == NULL) { goto end; } if (strcmp(url->Scheme, "http") != 0) { goto end; } requestHeaderLength = sprintf(requestHeader, "POST %s HTTP/1.0\r\nHOST: %s\r\nPragma: no-cache\r\nContent-Type: application/timestamp-query\r\nAccept: application/timestamp-reply\r\nContent-Length: %d\r\n\r\n", urlBuffer, url->Host, requestContentLength); requestLength = requestHeaderLength + requestContentLength; request = (char*)memory_alloc(requestLength); if (request == NULL) { goto end; } memcpy(request, requestHeader, requestHeaderLength); memcpy(request + requestHeaderLength, contentBuffer, requestContentLength); httpResult = http_read(url->Host, request, requestLength, url->Port, httpTimeOut, 1, &resultBuffer, &resultLength); if (httpResult == HTTP_REDIRECTION && (resultBuffer) && !redirection) { free_url(url); url = NULL; memory_free(request); request = NULL; /* Allocated buffer for redirected url */ urlBuffer = memory_realloc(urlBuffer, resultLength); if (!urlBuffer) { goto end; } memcpy(urlBuffer, resultBuffer, resultLength); memory_free(resultBuffer); redirection++; goto http_redirect; } else if ((httpResult == HTTP_NOERROR) && (resultBuffer)) { responseBio = BIO_new(BIO_s_mem()); if (responseBio == NULL) { goto end; } BIO_write(responseBio, resultBuffer, resultLength); *tsResponse = d2i_TS_RESP_bio(responseBio, NULL); if (*tsResponse == NULL) { goto end; } result = TNOERR; } else { switch (httpResult) { case HTTP_NOLIVEINTERNET_ERROR: result = TNONET; break; case HTTP_TIMEOUT_ERROR: result = TTIMEOUT; break; case HTTP_RESPONSESTATUS_ERROR: result = TSERVERERROR; break; default: result = TINTERNALERROR; break; } } end: free_url(url); if (tsRequest != NULL) { TS_REQ_free(tsRequest); } if (requestBio != NULL) { BIO_free_all(requestBio); } if (responseBio != NULL) { BIO_free_all(responseBio); } if (request != NULL) { memory_free(request); } if (contentBuffer != NULL) { memory_free(contentBuffer); } if (resultBuffer != NULL) { memory_free(resultBuffer); } if (urlBuffer != NULL) { memory_free(urlBuffer); } return result; }