diff options
| -rw-r--r-- | apps/ts.c | 23 | ||||
| -rw-r--r-- | crypto/ts/Makefile | 18 | ||||
| -rw-r--r-- | crypto/ts/ts_asn1.c | 1 | ||||
| -rw-r--r-- | crypto/ts/ts_lcl.h | 230 | ||||
| -rw-r--r-- | crypto/ts/ts_lib.c | 5 | ||||
| -rw-r--r-- | crypto/ts/ts_req_print.c | 13 | ||||
| -rw-r--r-- | crypto/ts/ts_req_utils.c | 1 | ||||
| -rw-r--r-- | crypto/ts/ts_rsp_print.c | 69 | ||||
| -rw-r--r-- | crypto/ts/ts_rsp_sign.c | 19 | ||||
| -rw-r--r-- | crypto/ts/ts_rsp_utils.c | 6 | ||||
| -rw-r--r-- | crypto/ts/ts_rsp_verify.c | 21 | ||||
| -rw-r--r-- | crypto/ts/ts_verify_ctx.c | 50 | ||||
| -rw-r--r-- | include/openssl/ts.h | 223 | ||||
| -rwxr-xr-x | util/libeay.num | 25 |
14 files changed, 398 insertions, 306 deletions
@@ -724,7 +724,7 @@ static TS_RESP *read_PKCS7(BIO *in_bio) /* Create granted status info. */ if ((si = TS_STATUS_INFO_new()) == NULL) goto end; - if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED))) + if (!TS_STATUS_INFO_set_status(si, TS_STATUS_GRANTED)) goto end; if (!TS_RESP_set_status_info(resp, si)) goto end; @@ -976,23 +976,24 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, BIO *input = NULL; TS_REQ *request = NULL; int ret = 0; + int f = 0; if (data != NULL || digest != NULL) { if ((ctx = TS_VERIFY_CTX_new()) == NULL) goto err; - ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER; + f = TS_VFY_VERSION | TS_VFY_SIGNER; if (data != NULL) { - ctx->flags |= TS_VFY_DATA; - if ((ctx->data = BIO_new_file(data, "rb")) == NULL) + f |= TS_VFY_DATA; + if (TS_VERIFY_CTX_set_data(ctx, BIO_new_file(data, "rb")) == NULL) goto err; } else if (digest != NULL) { long imprint_len; - ctx->flags |= TS_VFY_IMPRINT; - if ((ctx->imprint = string_to_hex(digest, &imprint_len)) == NULL) { + unsigned char *hexstr = string_to_hex(digest, &imprint_len); + f |= TS_VFY_IMPRINT; + if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) { BIO_printf(bio_err, "invalid digest string\n"); goto err; } - ctx->imprint_len = imprint_len; } } else if (queryfile != NULL) { @@ -1010,14 +1011,16 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, return NULL; /* Add the signature verification flag and arguments. */ - ctx->flags |= TS_VFY_SIGNATURE; + TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE); /* Initialising the X509_STORE object. */ - if ((ctx->store = create_cert_store(CApath, CAfile)) == NULL) + if (TS_VERIFY_CTX_set_store(ctx, create_cert_store(CApath, CAfile)) + == NULL) goto err; /* Loading untrusted certificates. */ - if (untrusted && (ctx->certs = TS_CONF_load_certs(untrusted)) == NULL) + if (untrusted + && TS_VERIFY_CTS_set_certs(ctx, TS_CONF_load_certs(untrusted)) == NULL) goto err; ret = 1; diff --git a/crypto/ts/Makefile b/crypto/ts/Makefile index 673d01b9c4..76d1aeac72 100644 --- a/crypto/ts/Makefile +++ b/crypto/ts/Makefile @@ -86,7 +86,7 @@ ts_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ts_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ts_asn1.o: ../../include/openssl/ts.h ../../include/openssl/x509.h ts_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ts_asn1.o: ts_asn1.c +ts_asn1.o: ts_asn1.c ts_lcl.h ts_conf.o: ../../e_os.h ../../include/openssl/asn1.h ts_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -135,7 +135,7 @@ ts_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ts_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ts_lib.o: ../../include/openssl/ts.h ../../include/openssl/x509.h ts_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ts_lib.o: ../include/internal/cryptlib.h ts_lib.c +ts_lib.o: ../include/internal/cryptlib.h ts_lcl.h ts_lib.c ts_req_print.o: ../../e_os.h ../../include/openssl/asn1.h ts_req_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ts_req_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -153,7 +153,7 @@ ts_req_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_req_print.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_req_print.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_req_print.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -ts_req_print.o: ts_req_print.c +ts_req_print.o: ts_lcl.h ts_req_print.c ts_req_utils.o: ../../e_os.h ../../include/openssl/asn1.h ts_req_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_req_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -171,7 +171,7 @@ ts_req_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_req_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_req_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_req_utils.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -ts_req_utils.o: ts_req_utils.c +ts_req_utils.o: ts_lcl.h ts_req_utils.c ts_rsp_print.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ts_rsp_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -189,7 +189,7 @@ ts_rsp_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_rsp_print.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_print.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_rsp_print.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -ts_rsp_print.o: ts_rsp_print.c +ts_rsp_print.o: ts_lcl.h ts_rsp_print.c ts_rsp_sign.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_rsp_sign.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -207,7 +207,7 @@ ts_rsp_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_rsp_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_rsp_sign.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -ts_rsp_sign.o: ts_rsp_sign.c +ts_rsp_sign.o: ts_lcl.h ts_rsp_sign.c ts_rsp_utils.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_rsp_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -225,7 +225,7 @@ ts_rsp_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_rsp_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_rsp_utils.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -ts_rsp_utils.o: ts_rsp_utils.c +ts_rsp_utils.o: ts_lcl.h ts_rsp_utils.c ts_rsp_verify.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_rsp_verify.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -243,7 +243,7 @@ ts_rsp_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_rsp_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_rsp_verify.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -ts_rsp_verify.o: ts_rsp_verify.c +ts_rsp_verify.o: ts_lcl.h ts_rsp_verify.c ts_verify_ctx.o: ../../e_os.h ../../include/openssl/asn1.h ts_verify_ctx.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_verify_ctx.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -261,4 +261,4 @@ ts_verify_ctx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_verify_ctx.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_verify_ctx.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ts_verify_ctx.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h -ts_verify_ctx.o: ts_verify_ctx.c +ts_verify_ctx.o: ts_lcl.h ts_verify_ctx.c diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c index 99b686f39d..f4884a2596 100644 --- a/crypto/ts/ts_asn1.c +++ b/crypto/ts/ts_asn1.c @@ -59,6 +59,7 @@ #include <openssl/ts.h> #include <openssl/err.h> #include <openssl/asn1t.h> +#include "ts_lcl.h" ASN1_SEQUENCE(TS_MSG_IMPRINT) = { ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), diff --git a/crypto/ts/ts_lcl.h b/crypto/ts/ts_lcl.h new file mode 100644 index 0000000000..7bd23e979c --- /dev/null +++ b/crypto/ts/ts_lcl.h @@ -0,0 +1,230 @@ +/* ==================================================================== + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +/*- + * MessageImprint ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * hashedMessage OCTET STRING } + */ +struct TS_msg_imprint_st { + X509_ALGOR *hash_algo; + ASN1_OCTET_STRING *hashed_msg; +}; + +/*- + * TimeStampResp ::= SEQUENCE { + * status PKIStatusInfo, + * timeStampToken TimeStampToken OPTIONAL } + */ +struct TS_resp_st { + TS_STATUS_INFO *status_info; + PKCS7 *token; + TS_TST_INFO *tst_info; +}; + +/*- + * TimeStampReq ::= SEQUENCE { + * version INTEGER { v1(1) }, + * messageImprint MessageImprint, + * --a hash algorithm OID and the hash value of the data to be + * --time-stamped + * reqPolicy TSAPolicyId OPTIONAL, + * nonce INTEGER OPTIONAL, + * certReq BOOLEAN DEFAULT FALSE, + * extensions [0] IMPLICIT Extensions OPTIONAL } + */ +struct TS_req_st { + ASN1_INTEGER *version; + TS_MSG_IMPRINT *msg_imprint; + ASN1_OBJECT *policy_id; + ASN1_INTEGER *nonce; + ASN1_BOOLEAN cert_req; + STACK_OF(X509_EXTENSION) *extensions; +}; + +/*- + * Accuracy ::= SEQUENCE { + * seconds INTEGER OPTIONAL, + * millis [0] INTEGER (1..999) OPTIONAL, + * micros [1] INTEGER (1..999) OPTIONAL } + */ +struct TS_accuracy_st { + ASN1_INTEGER *seconds; + ASN1_INTEGER *millis; + ASN1_INTEGER *micros; +}; + +/*- + * TSTInfo ::= SEQUENCE { + * version INTEGER { v1(1) }, + * policy TSAPolicyId, + * messageImprint MessageImprint, + * -- MUST have the same value as the similar field in + * -- TimeStampReq + * serialNumber INTEGER, + * -- Time-Stamping users MUST be ready to accommodate integers + * -- up to 160 bits. + * genTime GeneralizedTime, + * accuracy Accuracy OPTIONAL, + * ordering BOOLEAN DEFAULT FALSE, + * nonce INTEGER OPTIONAL, + * -- MUST be present if the similar field was present + * -- in TimeStampReq. In that case it MUST have the same value. + * tsa [0] GeneralName OPTIONAL, + * extensions [1] IMPLICIT Extensions OPTIONAL } + */ +struct TS_tst_info_st { + ASN1_INTEGER *version; + ASN1_OBJECT *policy_id; + TS_MSG_IMPRINT *msg_imprint; + ASN1_INTEGER *serial; + ASN1_GENERALIZEDTIME *time; + TS_ACCURACY *accuracy; + ASN1_BOOLEAN ordering; + ASN1_INTEGER *nonce; + GENERAL_NAME *tsa; + STACK_OF(X509_EXTENSION) *extensions; +}; + +struct TS_status_info_st { + ASN1_INTEGER *status; + STACK_OF(ASN1_UTF8STRING) *text; + ASN1_BIT_STRING *failure_info; +}; + +DECLARE_STACK_OF(ASN1_UTF8STRING) + +/*- + * IssuerSerial ::= SEQUENCE { + * issuer GeneralNames, + * serialNumber CertificateSerialNumber + * } + */ +struct ESS_issuer_serial { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER *serial; +}; + +/*- + * ESSCertID ::= SEQUENCE { + * certHash Hash, + * issuerSerial IssuerSerial OPTIONAL + * } + */ +struct ESS_cert_id { + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ESS_ISSUER_SERIAL *issuer_serial; +}; + +/*- + * SigningCertificate ::= SEQUENCE { + * certs SEQUENCE OF ESSCertID, + * policies SEQUENCE OF PolicyInformation OPTIONAL + * } + */ +struct ESS_signing_cert { + STACK_OF(ESS_CERT_ID) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +}; + + +struct TS_resp_ctx { + X509 *signer_cert; + EVP_PKEY *signer_key; + STACK_OF(X509) *certs; /* Certs to include in signed data. */ + STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ + ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ + STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ + ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ + unsigned clock_precision_digits; /* fraction of seconds in time stamp + * token. */ + unsigned flags; /* Optional info, see values above. */ + /* Callback functions. */ + TS_serial_cb serial_cb; + void *serial_cb_data; /* User data for serial_cb. */ + TS_time_cb time_cb; + void *time_cb_data; /* User data for time_cb. */ + TS_extension_cb extension_cb; + void *extension_cb_data; /* User data for extension_cb. */ + /* These members are used only while creating the response. */ + TS_REQ *request; + TS_RESP *response; + TS_TST_INFO *tst_info; +}; + +struct TS_verify_ctx { + /* Set this to the union of TS_VFY_... flags you want to carry out. */ + unsigned flags; + /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ + X509_STORE *store; + STACK_OF(X509) *certs; + /* Must be set only with TS_VFY_POLICY. */ + ASN1_OBJECT *policy; + /* + * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the + * algorithm from the response is used. + */ + X509_ALGOR *md_alg; + unsigned char *imprint; + unsigned imprint_len; + /* Must be set only with TS_VFY_DATA. */ + BIO *data; + /* Must be set only with TS_VFY_TSA_NAME. */ + ASN1_INTEGER *nonce; + /* Must be set only with TS_VFY_TSA_NAME. */ + GENERAL_NAME *tsa_name; +}; diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index 2bf7c505f6..cd9c19f76a 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -64,6 +64,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/ts.h> +#include "ts_lcl.h" /* Local function declarations. */ @@ -135,10 +136,10 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a) { ASN1_OCTET_STRING *msg; - TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a)); + TS_X509_ALGOR_print_bio(bio, a->hash_algo); BIO_printf(bio, "Message data:\n"); - msg = TS_MSG_IMPRINT_get_msg(a); + msg = a->hashed_msg; BIO_dump_indent(bio, (const char *)ASN1_STRING_data(msg), ASN1_STRING_length(msg), 4); diff --git a/crypto/ts/ts_req_print.c b/crypto/ts/ts_req_print.c index eef1b8aab1..0f618d5662 100644 --- a/crypto/ts/ts_req_print.c +++ b/crypto/ts/ts_req_print.c @@ -63,6 +63,7 @@ #include <openssl/bn.h> #include <openssl/x509v3.h> #include <openssl/ts.h> +#include "ts_lcl.h" /* Function definitions. */ @@ -70,7 +71,6 @@ int TS_REQ_print_bio(BIO *bio, TS_REQ *a) { int v; ASN1_OBJECT *policy_id; - const ASN1_INTEGER *nonce; if (a == NULL) return 0; @@ -78,7 +78,7 @@ int TS_REQ_print_bio(BIO *bio, TS_REQ *a) v = TS_REQ_get_version(a); BIO_printf(bio, "Version: %d\n", v); - TS_MSG_IMPRINT_print_bio(bio, TS_REQ_get_msg_imprint(a)); + TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint); BIO_printf(bio, "Policy OID: "); policy_id = TS_REQ_get_policy_id(a); @@ -88,17 +88,16 @@ int TS_REQ_print_bio(BIO *bio, TS_REQ *a) TS_OBJ_print_bio(bio, policy_id); BIO_printf(bio, "Nonce: "); - nonce = TS_REQ_get_nonce(a); - if (nonce == NULL) + if (a->nonce == NULL) BIO_printf(bio, "unspecified"); else - TS_ASN1_INTEGER_print_bio(bio, nonce); + TS_ASN1_INTEGER_print_bio(bio, a->nonce); BIO_write(bio, "\n", 1); BIO_printf(bio, "Certificate required: %s\n", - TS_REQ_get_cert_req(a) ? "yes" : "no"); + a->cert_req ? "yes" : "no"); - TS_ext_print_bio(bio, TS_REQ_get_exts(a)); + TS_ext_print_bio(bio, a->extensions); return 1; } diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c index 7f3a4a4289..706f4428ff 100644 --- a/crypto/ts/ts_req_utils.c +++ b/crypto/ts/ts_req_utils.c @@ -62,6 +62,7 @@ #include <openssl/objects.h> #include <openssl/x509v3.h> #include <openssl/ts.h> +#include "ts_lcl.h" int TS_REQ_set_version(TS_REQ *a, long version) { diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c index b71985f46c..f2fae69294 100644 --- a/crypto/ts/ts_rsp_print.c +++ b/crypto/ts/ts_rsp_print.c @@ -63,6 +63,7 @@ #include <openssl/bn.h> #include <openssl/x509v3.h> #include <openssl/ts.h> +#include "ts_lcl.h" struct status_map_st { int bit; @@ -79,15 +80,12 @@ static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy); int TS_RESP_print_bio(BIO *bio, TS_RESP *a) { - TS_TST_INFO *tst_info; - BIO_printf(bio, "Status info:\n"); - TS_STATUS_INFO_print_bio(bio, TS_RESP_get_status_info(a)); + TS_STATUS_INFO_print_bio(bio, a->status_info); BIO_printf(bio, "\nTST info:\n"); - tst_info = TS_RESP_get_tst_info(a); - if (tst_info != NULL) - TS_TST_INFO_print_bio(bio, TS_RESP_get_tst_info(a)); + if (a->tst_info != NULL) + TS_TST_INFO_print_bio(bio, a->tst_info); else BIO_printf(bio, "Not included.\n"); @@ -176,102 +174,85 @@ static int ts_status_map_print(BIO *bio, const struct status_map_st *a, int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a) { int v; - ASN1_OBJECT *policy_id; - const ASN1_INTEGER *serial; - const ASN1_GENERALIZEDTIME *gtime; - TS_ACCURACY *accuracy; - const ASN1_INTEGER *nonce; - GENERAL_NAME *tsa_name; if (a == NULL) return 0; /* Print version. */ - v = TS_TST_INFO_get_version(a); + v = ASN1_INTEGER_get(a->version); BIO_printf(bio, "Version: %d\n", v); /* Print policy id. */ BIO_printf(bio, "Policy OID: "); - policy_id = TS_TST_INFO_get_policy_id(a); - TS_OBJ_print_bio(bio, policy_id); + TS_OBJ_print_bio(bio, a->policy_id); /* Print message imprint. */ - TS_MSG_IMPRINT_print_bio(bio, TS_TST_INFO_get_msg_imprint(a)); + TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint); /* Print serial number. */ BIO_printf(bio, "Serial number: "); - serial = TS_TST_INFO_get_serial(a); - if (serial == NULL) + if (a->serial == NULL) BIO_printf(bio, "unspecified"); else - TS_ASN1_INTEGER_print_bio(bio, serial); + TS_ASN1_INTEGER_print_bio(bio, a->serial); BIO_write(bio, "\n", 1); /* Print time stamp. */ BIO_printf(bio, "Time stamp: "); - gtime = TS_TST_INFO_get_time(a); - ASN1_GENERALIZEDTIME_print(bio, gtime); + ASN1_GENERALIZEDTIME_print(bio, a->time); BIO_write(bio, "\n", 1); /* Print accuracy. */ BIO_printf(bio, "Accuracy: "); - accuracy = TS_TST_INFO_get_accuracy(a); - if (accuracy == NULL) + if (a->accuracy == NULL) BIO_printf(bio, "unspecified"); else - ts_ACCURACY_print_bio(bio, accuracy); + ts_ACCURACY_print_bio(bio, a->accuracy); BIO_write(bio, "\n", 1); /* Print ordering. */ - BIO_printf(bio, "Ordering: %s\n", - TS_TST_INFO_get_ordering(a) ? "yes" : "no"); + BIO_printf(bio, "Ordering: %s\n", a->ordering ? "yes" : "no"); /* Print nonce. */ BIO_printf(bio, "Nonce: "); - nonce = TS_TST_INFO_get_nonce(a); - if (nonce == NULL) + if (a->nonce == NULL) BIO_printf(bio, "unspecified"); else - TS_ASN1_INTEGER_print_bio(bio, nonce); + TS_ASN1_INTEGER_print_bio(bio, a->nonce); BIO_write(bio, "\n", 1); /* Print TSA name. */ BIO_printf(bio, "TSA: "); - tsa_name = TS_TST_INFO_get_tsa(a); - if (tsa_name == NULL) + if (a->tsa == NULL) BIO_printf(bio, "unspecified"); else { STACK_OF(CONF_VALUE) *nval; - if ((nval = i2v_GENERAL_NAME(NULL, tsa_name, NULL))) + if ((nval = i2v_GENERAL_NAME(NULL, a->tsa, NULL))) X509V3_EXT_val_prn(bio, nval, 0, 0); sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); } BIO_write(bio, "\n", 1); /* Print extensions. */ - TS_ext_print_bio(bio, TS_TST_INFO_get_exts(a)); + TS_ext_print_bio(bio, a->extensions); return 1; } -static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy) +static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *a) { - const ASN1_INTEGER *seconds = TS_ACCURACY_get_seconds(accuracy); - const ASN1_INTEGER *millis = TS_ACCURACY_get_millis(accuracy); - const ASN1_INTEGER *micros = TS_ACCURACY_get_micros(accuracy); - - if (seconds != NULL) - TS_ASN1_INTEGER_print_bio(bio, seconds); + if (a->seconds != NULL) + TS_ASN1_INTEGER_print_bio(bio, a->seconds); else BIO_printf(bio, "unspecified"); BIO_printf(bio, " seconds, "); - if (millis != NULL) - TS_ASN1_INTEGER_print_bio(bio, millis); + if (a->millis != NULL) + TS_ASN1_INTEGER_print_bio(bio, a->millis); else BIO_printf(bio, "unspecified"); BIO_printf(bio, " millis, "); - if (micros != NULL) - TS_ASN1_INTEGER_print_bio(bio, micros); + if (a->micros != NULL) + TS_ASN1_INTEGER_print_bio(bio, a->micros); else BIO_printf(bio, "unspecified"); BIO_printf(bio, " micros"); diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 9cacec8713..3343dce275 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -66,6 +66,7 @@ #include <openssl/objects.h> #include <openssl/ts.h> #include <openssl/pkcs7.h> +#include "ts_lcl.h" /* Private function declarations. */ @@ -377,7 +378,7 @@ int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, int status, const char *text) { int ret = 1; - TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); + TS_STATUS_INFO *si = ctx->response->status_info; if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) { /* Status has not been set, set it now. */ @@ -388,7 +389,7 @@ int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure) { - TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); + TS_STATUS_INFO *si = ctx->response->status_info; if (si->failure_info == NULL && (si->failure_info = ASN1_BIT_STRING_new()) == NULL) goto err; @@ -526,8 +527,8 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx) } /* Checking message digest algorithm. */ - msg_imprint = TS_REQ_get_msg_imprint(request); - md_alg = TS_MSG_IMPRINT_get_algo(msg_imprint); + msg_imprint = request->msg_imprint; + md_alg = msg_imprint->hash_algo; md_alg_id = OBJ_obj2nid(md_alg->algorithm); for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) { EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i); @@ -551,7 +552,7 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx) return 0; } /* Checking message digest size. */ - digest = TS_MSG_IMPRINT_get_msg(msg_imprint); + digest = msg_imprint->hashed_msg; if (digest->length != EVP_MD_size(md)) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Bad message digest."); @@ -565,7 +566,7 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx) /* Returns the TSA policy based on the requested and acceptable policies. */ static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx) { - ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request); + ASN1_OBJECT *requested = ctx->request->policy_id; ASN1_OBJECT *policy = NULL; int i; @@ -646,7 +647,7 @@ static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx, goto end; /* Setting nonce if needed. */ - if ((nonce = TS_REQ_get_nonce(ctx->request)) != NULL + if ((nonce = ctx->request->nonce) != NULL && !TS_TST_INFO_set_nonce(tst_info, nonce)) goto end; @@ -684,7 +685,7 @@ static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx, /* Processing the extensions of the request. */ static int ts_RESP_process_extensions(TS_RESP_CTX *ctx) { - STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request); + STACK_OF(X509_EXTENSION) *exts = ctx->request->extensions; int i; int ok = 1; @@ -733,7 +734,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) goto err; /* Add signer certificate and optional certificate chain. */ - if (TS_REQ_get_cert_req(ctx->request)) { + if (ctx->request->cert_req) { PKCS7_add_certificate(p7, ctx->signer_cert); if (ctx->certs) { for (i = 0; i < sk_X509_num(ctx->certs); ++i) { diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c index 8c66c5fe0d..887d31497c 100644 --- a/crypto/ts/ts_rsp_utils.c +++ b/crypto/ts/ts_rsp_utils.c @@ -62,6 +62,7 @@ #include <openssl/objects.h> #include <openssl/ts.h> #include <openssl/pkcs7.h> +#include "ts_lcl.h" /* Function definitions. */ @@ -394,3 +395,8 @@ void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx) { return X509V3_get_d2i(a->extensions, nid, crit, idx); } + +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i) +{ + return ASN1_INTEGER_set(a->status, i); +} diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 5784e3dc5a..c01d6a6565 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -62,6 +62,7 @@ #include <openssl/objects.h> #include <openssl/ts.h> #include <openssl/pkcs7.h> +#include "ts_lcl.h" /* Private function declarations. */ @@ -363,8 +364,8 @@ static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) */ int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) { - PKCS7 *token = TS_RESP_get_token(response); - TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); + PKCS7 *token = response->token; + TS_TST_INFO *tst_info = response->tst_info; int ret = 0; /* Check if we have a successful TS_TST_INFO object in place. */ @@ -411,7 +412,7 @@ static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, TS_TST_INFO *tst_info) { X509 *signer = NULL; - GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info); + GENERAL_NAME *tsa_name = tst_info->tsa; X509_ALGOR *md_alg = NULL; unsigned char *imprint = NULL; unsigned imprint_len = 0; @@ -476,7 +477,7 @@ static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, static int ts_check_status_info(TS_RESP *response) { - TS_STATUS_INFO *info = TS_RESP_get_status_info(response); + TS_STATUS_INFO *info = response->status_info; long status = ASN1_INTEGER_get(info->status); const char *status_text = NULL; char *embedded_status_text = NULL; @@ -562,7 +563,7 @@ static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) static int ts_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) { - ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); + ASN1_OBJECT *resp_oid = tst_info->policy_id; if (OBJ_cmp(req_oid, resp_oid) != 0) { TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH); @@ -576,8 +577,8 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg, unsigned char **imprint, unsigned *imprint_len) { - TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info); - X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint); + TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint; + X509_ALGOR *md_alg_resp = msg_imprint->hash_algo; const EVP_MD *md; EVP_MD_CTX md_ctx; unsigned char buffer[4096]; @@ -628,8 +629,8 @@ static int ts_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a, TS_TST_INFO *tst_info) { - TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info); - X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b); + TS_MSG_IMPRINT *b = tst_info->msg_imprint; + X509_ALGOR *algor_b = b->hash_algo; int ret = 0; /* algor_a is optional. */ @@ -657,7 +658,7 @@ static int ts_check_imprints(X509_ALGOR *algor_a, static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) { - const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info); + const ASN1_INTEGER *b = tst_info->nonce; /* Error if nonce is missing. */ if (!b) { diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index e23ae268f4..c370137fee 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -60,6 +60,7 @@ #include "internal/cryptlib.h" #include <openssl/objects.h> #include <openssl/ts.h> +#include "ts_lcl.h" TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) { @@ -85,6 +86,45 @@ void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) OPENSSL_free(ctx); } +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f) +{ + ctx->f |