summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ts/ts_conf.c
diff options
context:
space:
mode:
authorjsing <>2014-04-21 16:32:06 +0000
committerjsing <>2014-04-21 16:32:06 +0000
commitd38038d391733e01f20761a13d2e7f39dd1495fa (patch)
treebe04a70e8733f1afb3ae549ad26c1c50ec666f15 /src/lib/libcrypto/ts/ts_conf.c
parentf7f50fee471be5d0d88214715a1bc24df690120c (diff)
downloadopenbsd-d38038d391733e01f20761a13d2e7f39dd1495fa.tar.gz
openbsd-d38038d391733e01f20761a13d2e7f39dd1495fa.tar.bz2
openbsd-d38038d391733e01f20761a13d2e7f39dd1495fa.zip
KNF.
Diffstat (limited to 'src/lib/libcrypto/ts/ts_conf.c')
-rw-r--r--src/lib/libcrypto/ts/ts_conf.c422
1 files changed, 221 insertions, 201 deletions
diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c
index 212f8bf702..f8cf3b514c 100644
--- a/src/lib/libcrypto/ts/ts_conf.c
+++ b/src/lib/libcrypto/ts/ts_conf.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -85,420 +85,440 @@
85#define ENV_VALUE_SECS "secs" 85#define ENV_VALUE_SECS "secs"
86#define ENV_VALUE_MILLISECS "millisecs" 86#define ENV_VALUE_MILLISECS "millisecs"
87#define ENV_VALUE_MICROSECS "microsecs" 87#define ENV_VALUE_MICROSECS "microsecs"
88#define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" 88#define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits"
89#define ENV_VALUE_YES "yes" 89#define ENV_VALUE_YES "yes"
90#define ENV_VALUE_NO "no" 90#define ENV_VALUE_NO "no"
91 91
92/* Function definitions for certificate and key loading. */ 92/* Function definitions for certificate and key loading. */
93 93
94X509 *TS_CONF_load_cert(const char *file) 94X509 *
95 { 95TS_CONF_load_cert(const char *file)
96{
96 BIO *cert = NULL; 97 BIO *cert = NULL;
97 X509 *x = NULL; 98 X509 *x = NULL;
98 99
99 if ((cert = BIO_new_file(file, "r")) == NULL) goto end; 100 if ((cert = BIO_new_file(file, "r")) == NULL)
101 goto end;
100 x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); 102 x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
103
101end: 104end:
102 if (x == NULL) 105 if (x == NULL)
103 fprintf(stderr, "unable to load certificate: %s\n", file); 106 fprintf(stderr, "unable to load certificate: %s\n", file);
104 BIO_free(cert); 107 BIO_free(cert);
105 return x; 108 return x;
106 } 109}
107 110
108STACK_OF(X509) *TS_CONF_load_certs(const char *file) 111STACK_OF(X509) *TS_CONF_load_certs(const char *file)
109 { 112{
110 BIO *certs = NULL; 113 BIO *certs = NULL;
111 STACK_OF(X509) *othercerts = NULL; 114 STACK_OF(X509) *othercerts = NULL;
112 STACK_OF(X509_INFO) *allcerts = NULL; 115 STACK_OF(X509_INFO) *allcerts = NULL;
113 int i; 116 int i;
114 117
115 if (!(certs = BIO_new_file(file, "r"))) goto end; 118 if (!(certs = BIO_new_file(file, "r")))
119 goto end;
116 120
117 if (!(othercerts = sk_X509_new_null())) goto end; 121 if (!(othercerts = sk_X509_new_null()))
122 goto end;
118 allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); 123 allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
119 for(i = 0; i < sk_X509_INFO_num(allcerts); i++) 124 for (i = 0; i < sk_X509_INFO_num(allcerts); i++) {
120 {
121 X509_INFO *xi = sk_X509_INFO_value(allcerts, i); 125 X509_INFO *xi = sk_X509_INFO_value(allcerts, i);
122 if (xi->x509) 126 if (xi->x509) {
123 {
124 sk_X509_push(othercerts, xi->x509); 127 sk_X509_push(othercerts, xi->x509);
125 xi->x509 = NULL; 128 xi->x509 = NULL;
126 }
127 } 129 }
130 }
131
128end: 132end:
129 if (othercerts == NULL) 133 if (othercerts == NULL)
130 fprintf(stderr, "unable to load certificates: %s\n", file); 134 fprintf(stderr, "unable to load certificates: %s\n", file);
131 sk_X509_INFO_pop_free(allcerts, X509_INFO_free); 135 sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
132 BIO_free(certs); 136 BIO_free(certs);
133 return othercerts; 137 return othercerts;
134 } 138}
135 139
136EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) 140EVP_PKEY *
137 { 141TS_CONF_load_key(const char *file, const char *pass)
142{
138 BIO *key = NULL; 143 BIO *key = NULL;
139 EVP_PKEY *pkey = NULL; 144 EVP_PKEY *pkey = NULL;
140 145
141 if (!(key = BIO_new_file(file, "r"))) goto end; 146 if (!(key = BIO_new_file(file, "r")))
147 goto end;
142 pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *) pass); 148 pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *) pass);
143 end: 149
150end:
144 if (pkey == NULL) 151 if (pkey == NULL)
145 fprintf(stderr, "unable to load private key: %s\n", file); 152 fprintf(stderr, "unable to load private key: %s\n", file);
146 BIO_free(key); 153 BIO_free(key);
147 return pkey; 154 return pkey;
148 } 155}
149 156
150/* Function definitions for handling configuration options. */ 157/* Function definitions for handling configuration options. */
151 158
152static void TS_CONF_lookup_fail(const char *name, const char *tag) 159static void
153 { 160TS_CONF_lookup_fail(const char *name, const char *tag)
161{
154 fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag); 162 fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag);
155 } 163}
156 164
157static void TS_CONF_invalid(const char *name, const char *tag) 165static void
158 { 166TS_CONF_invalid(const char *name, const char *tag)
167{
159 fprintf(stderr, "invalid variable value for %s::%s\n", name, tag); 168 fprintf(stderr, "invalid variable value for %s::%s\n", name, tag);
160 } 169}
161 170
162const char *TS_CONF_get_tsa_section(CONF *conf, const char *section) 171const char *
163 { 172TS_CONF_get_tsa_section(CONF *conf, const char *section)
164 if (!section) 173{
165 { 174 if (!section) {
166 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA); 175 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA);
167 if (!section) 176 if (!section)
168 TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); 177 TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA);
169 }
170 return section;
171 } 178 }
179 return section;
180}
172 181
173int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, 182int
174 TS_RESP_CTX *ctx) 183TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
175 { 184 TS_RESP_CTX *ctx)
185{
176 int ret = 0; 186 int ret = 0;
177 char *serial = NCONF_get_string(conf, section, ENV_SERIAL); 187 char *serial = NCONF_get_string(conf, section, ENV_SERIAL);
178 if (!serial) 188
179 { 189 if (!serial) {
180 TS_CONF_lookup_fail(section, ENV_SERIAL); 190 TS_CONF_lookup_fail(section, ENV_SERIAL);
181 goto err; 191 goto err;
182 } 192 }
183 TS_RESP_CTX_set_serial_cb(ctx, cb, serial); 193 TS_RESP_CTX_set_serial_cb(ctx, cb, serial);
184 194
185 ret = 1; 195 ret = 1;
186 err: 196
197err:
187 return ret; 198 return ret;
188 } 199}
189 200
190#ifndef OPENSSL_NO_ENGINE 201#ifndef OPENSSL_NO_ENGINE
191 202
192int TS_CONF_set_crypto_device(CONF *conf, const char *section, 203int
193 const char *device) 204TS_CONF_set_crypto_device(CONF *conf, const char *section, const char *device)
194 { 205{
195 int ret = 0; 206 int ret = 0;
196 207
197 if (!device) 208 if (!device)
198 device = NCONF_get_string(conf, section, 209 device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE);
199 ENV_CRYPTO_DEVICE);
200 210
201 if (device && !TS_CONF_set_default_engine(device)) 211 if (device && !TS_CONF_set_default_engine(device)) {
202 {
203 TS_CONF_invalid(section, ENV_CRYPTO_DEVICE); 212 TS_CONF_invalid(section, ENV_CRYPTO_DEVICE);
204 goto err; 213 goto err;
205 } 214 }
206 ret = 1; 215 ret = 1;
207 err: 216
217err:
208 return ret; 218 return ret;
209 } 219}
210 220
211int TS_CONF_set_default_engine(const char *name) 221int
212 { 222TS_CONF_set_default_engine(const char *name)
223{
213 ENGINE *e = NULL; 224 ENGINE *e = NULL;
214 int ret = 0; 225 int ret = 0;
215 226
216 /* Leave the default if builtin specified. */ 227 /* Leave the default if builtin specified. */
217 if (strcmp(name, "builtin") == 0) return 1; 228 if (strcmp(name, "builtin") == 0)
229 return 1;
218 230
219 if (!(e = ENGINE_by_id(name))) goto err; 231 if (!(e = ENGINE_by_id(name)))
232 goto err;
220 /* All the operations are going to be carried out by the engine. */ 233 /* All the operations are going to be carried out by the engine. */
221 if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) goto err; 234 if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
235 goto err;
222 ret = 1; 236 ret = 1;
223 err: 237
224 if (!ret) 238err:
225 { 239 if (!ret) {
226 TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, 240 TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE,
227 TS_R_COULD_NOT_SET_ENGINE); 241 TS_R_COULD_NOT_SET_ENGINE);
228 ERR_add_error_data(2, "engine:", name); 242 ERR_add_error_data(2, "engine:", name);
229 }
230 if (e) ENGINE_free(e);
231 return ret;
232 } 243 }
244 if (e)
245 ENGINE_free(e);
246 return ret;
247}
233 248
234#endif 249#endif
235 250
236int TS_CONF_set_signer_cert(CONF *conf, const char *section, 251int
237 const char *cert, TS_RESP_CTX *ctx) 252TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert,
238 { 253 TS_RESP_CTX *ctx)
254{
239 int ret = 0; 255 int ret = 0;
240 X509 *cert_obj = NULL; 256 X509 *cert_obj = NULL;
241 if (!cert) 257
242 cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT);
243 if (!cert) 258 if (!cert)
244 { 259 cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT);
260 if (!cert) {
245 TS_CONF_lookup_fail(section, ENV_SIGNER_CERT); 261 TS_CONF_lookup_fail(section, ENV_SIGNER_CERT);
246 goto err; 262 goto err;
247 } 263 }
248 if (!(cert_obj = TS_CONF_load_cert(cert))) 264 if (!(cert_obj = TS_CONF_load_cert(cert)))
249 goto err; 265 goto err;
250 if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj)) 266 if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj))
251 goto err; 267 goto err;
252 268
253 ret = 1; 269 ret = 1;
254 err: 270
271err:
255 X509_free(cert_obj); 272 X509_free(cert_obj);
256 return ret; 273 return ret;
257 } 274}
258 275
259int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, 276int
260 TS_RESP_CTX *ctx) 277TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
261 { 278 TS_RESP_CTX *ctx)
279{
262 int ret = 0; 280 int ret = 0;
263 STACK_OF(X509) *certs_obj = NULL; 281 STACK_OF(X509) *certs_obj = NULL;
264 if (!certs) 282
283 if (!certs)
265 certs = NCONF_get_string(conf, section, ENV_CERTS); 284 certs = NCONF_get_string(conf, section, ENV_CERTS);
266 /* Certificate chain is optional. */ 285 /* Certificate chain is optional. */
267 if (!certs) goto end; 286 if (!certs)
268 if (!(certs_obj = TS_CONF_load_certs(certs))) goto err; 287 goto end;
269 if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) goto err; 288 if (!(certs_obj = TS_CONF_load_certs(certs)))
270 end: 289 goto err;
290 if (!TS_RESP_CTX_set_certs(ctx, certs_obj))
291 goto err;
292
293end:
271 ret = 1; 294 ret = 1;
272 err: 295err:
273 sk_X509_pop_free(certs_obj, X509_free); 296 sk_X509_pop_free(certs_obj, X509_free);
274 return ret; 297 return ret;
275 } 298}
276 299
277int TS_CONF_set_signer_key(CONF *conf, const char *section, 300int
278 const char *key, const char *pass, 301TS_CONF_set_signer_key(CONF *conf, const char *section, const char *key,
279 TS_RESP_CTX *ctx) 302 const char *pass, TS_RESP_CTX *ctx)
280 { 303{
281 int ret = 0; 304 int ret = 0;
282 EVP_PKEY *key_obj = NULL; 305 EVP_PKEY *key_obj = NULL;
283 if (!key) 306
284 key = NCONF_get_string(conf, section, ENV_SIGNER_KEY);
285 if (!key) 307 if (!key)
286 { 308 key = NCONF_get_string(conf, section, ENV_SIGNER_KEY);
309 if (!key) {
287 TS_CONF_lookup_fail(section, ENV_SIGNER_KEY); 310 TS_CONF_lookup_fail(section, ENV_SIGNER_KEY);
288 goto err; 311 goto err;
289 } 312 }
290 if (!(key_obj = TS_CONF_load_key(key, pass))) goto err; 313 if (!(key_obj = TS_CONF_load_key(key, pass)))
291 if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) goto err; 314 goto err;
315 if (!TS_RESP_CTX_set_signer_key(ctx, key_obj))
316 goto err;
292 317
293 ret = 1; 318 ret = 1;
294 err: 319
320err:
295 EVP_PKEY_free(key_obj); 321 EVP_PKEY_free(key_obj);
296 return ret; 322 return ret;
297 } 323}
298 324
299int TS_CONF_set_def_policy(CONF *conf, const char *section, 325int
300 const char *policy, TS_RESP_CTX *ctx) 326TS_CONF_set_def_policy(CONF *conf, const char *section, const char *policy,
301 { 327 TS_RESP_CTX *ctx)
328{
302 int ret = 0; 329 int ret = 0;
303 ASN1_OBJECT *policy_obj = NULL; 330 ASN1_OBJECT *policy_obj = NULL;
304 if (!policy) 331
305 policy = NCONF_get_string(conf, section, 332 if (!policy)
306 ENV_DEFAULT_POLICY); 333 policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY);
307 if (!policy) 334 if (!policy) {
308 {
309 TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); 335 TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY);
310 goto err; 336 goto err;
311 } 337 }
312 if (!(policy_obj = OBJ_txt2obj(policy, 0))) 338 if (!(policy_obj = OBJ_txt2obj(policy, 0))) {
313 {
314 TS_CONF_invalid(section, ENV_DEFAULT_POLICY); 339 TS_CONF_invalid(section, ENV_DEFAULT_POLICY);
315 goto err; 340 goto err;
316 } 341 }
317 if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj)) 342 if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj))
318 goto err; 343 goto err;
319 344
320 ret = 1; 345 ret = 1;
321 err: 346
347err:
322 ASN1_OBJECT_free(policy_obj); 348 ASN1_OBJECT_free(policy_obj);
323 return ret; 349 return ret;
324 } 350}
325 351
326int TS_CONF_set_policies(CONF *conf, const char *section, 352int
327 TS_RESP_CTX *ctx) 353TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx)
328 { 354{
329 int ret = 0; 355 int ret = 0;
330 int i; 356 int i;
331 STACK_OF(CONF_VALUE) *list = NULL; 357 STACK_OF(CONF_VALUE) *list = NULL;
332 char *policies = NCONF_get_string(conf, section, 358 char *policies = NCONF_get_string(conf, section, ENV_OTHER_POLICIES);
333 ENV_OTHER_POLICIES); 359
334 /* If no other policy is specified, that's fine. */ 360 /* If no other policy is specified, that's fine. */
335 if (policies && !(list = X509V3_parse_list(policies))) 361 if (policies && !(list = X509V3_parse_list(policies))) {
336 {
337 TS_CONF_invalid(section, ENV_OTHER_POLICIES); 362 TS_CONF_invalid(section, ENV_OTHER_POLICIES);
338 goto err; 363 goto err;
339 } 364 }
340 for (i = 0; i < sk_CONF_VALUE_num(list); ++i) 365 for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
341 {
342 CONF_VALUE *val = sk_CONF_VALUE_value(list, i); 366 CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
343 const char *extval = val->value ? val->value : val->name; 367 const char *extval = val->value ? val->value : val->name;
344 ASN1_OBJECT *objtmp; 368 ASN1_OBJECT *objtmp;
345 if (!(objtmp = OBJ_txt2obj(extval, 0))) 369 if (!(objtmp = OBJ_txt2obj(extval, 0))) {
346 {
347 TS_CONF_invalid(section, ENV_OTHER_POLICIES); 370 TS_CONF_invalid(section, ENV_OTHER_POLICIES);
348 goto err; 371 goto err;
349 } 372 }
350 if (!TS_RESP_CTX_add_policy(ctx, objtmp)) 373 if (!TS_RESP_CTX_add_policy(ctx, objtmp))
351 goto err; 374 goto err;
352 ASN1_OBJECT_free(objtmp); 375 ASN1_OBJECT_free(objtmp);
353 } 376 }
354 377
355 ret = 1; 378 ret = 1;
356 err: 379
380err:
357 sk_CONF_VALUE_pop_free(list, X509V3_conf_free); 381 sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
358 return ret; 382 return ret;
359 } 383}
360 384
361int TS_CONF_set_digests(CONF *conf, const char *section, 385int
362 TS_RESP_CTX *ctx) 386TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx)
363 { 387{
364 int ret = 0; 388 int ret = 0;
365 int i; 389 int i;
366 STACK_OF(CONF_VALUE) *list = NULL; 390 STACK_OF(CONF_VALUE) *list = NULL;
367 char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); 391 char *digests = NCONF_get_string(conf, section, ENV_DIGESTS);
368 if (!digests) 392
369 { 393 if (!digests) {
370 TS_CONF_lookup_fail(section, ENV_DIGESTS); 394 TS_CONF_lookup_fail(section, ENV_DIGESTS);
371 goto err; 395 goto err;
372 } 396 }
373 if (!(list = X509V3_parse_list(digests))) 397 if (!(list = X509V3_parse_list(digests))) {
374 {
375 TS_CONF_invalid(section, ENV_DIGESTS); 398 TS_CONF_invalid(section, ENV_DIGESTS);
376 goto err; 399 goto err;
377 } 400 }
378 if (sk_CONF_VALUE_num(list) == 0) 401 if (sk_CONF_VALUE_num(list) == 0) {
379 {
380 TS_CONF_invalid(section, ENV_DIGESTS); 402 TS_CONF_invalid(section, ENV_DIGESTS);
381 goto err; 403 goto err;
382 } 404 }
383 for (i = 0; i < sk_CONF_VALUE_num(list); ++i) 405 for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
384 {
385 CONF_VALUE *val = sk_CONF_VALUE_value(list, i); 406 CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
386 const char *extval = val->value ? val->value : val->name; 407 const char *extval = val->value ? val->value : val->name;
387 const EVP_MD *md; 408 const EVP_MD *md;
388 if (!(md = EVP_get_digestbyname(extval))) 409 if (!(md = EVP_get_digestbyname(extval))) {
389 {
390 TS_CONF_invalid(section, ENV_DIGESTS); 410 TS_CONF_invalid(section, ENV_DIGESTS);
391 goto err; 411 goto err;
392 } 412 }
393 if (!TS_RESP_CTX_add_md(ctx, md)) 413 if (!TS_RESP_CTX_add_md(ctx, md))
394 goto err; 414 goto err;
395 } 415 }
396 416
397 ret = 1; 417 ret = 1;
398 err: 418
419err:
399 sk_CONF_VALUE_pop_free(list, X509V3_conf_free); 420 sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
400 return ret; 421 return ret;
401 } 422}
402 423
403int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) 424int
404 { 425TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
426{
405 int ret = 0; 427 int ret = 0;
406 int i; 428 int i;
407 int secs = 0, millis = 0, micros = 0; 429 int secs = 0, millis = 0, micros = 0;
408 STACK_OF(CONF_VALUE) *list = NULL; 430 STACK_OF(CONF_VALUE) *list = NULL;
409 char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); 431 char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);
410 432
411 if (accuracy && !(list = X509V3_parse_list(accuracy))) 433 if (accuracy && !(list = X509V3_parse_list(accuracy))) {
412 {
413 TS_CONF_invalid(section, ENV_ACCURACY); 434 TS_CONF_invalid(section, ENV_ACCURACY);
414 goto err; 435 goto err;
415 } 436 }
416 for (i = 0; i < sk_CONF_VALUE_num(list); ++i) 437 for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
417 {
418 CONF_VALUE *val = sk_CONF_VALUE_value(list, i); 438 CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
419 if (strcmp(val->name, ENV_VALUE_SECS) == 0) 439 if (strcmp(val->name, ENV_VALUE_SECS) == 0) {
420 { 440 if (val->value)
421 if (val->value) secs = atoi(val->value); 441 secs = atoi(val->value);
422 } 442 } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) {
423 else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) 443 if (val->value)
424 { 444 millis = atoi(val->value);
425 if (val->value) millis = atoi(val->value); 445 } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) {
426 } 446 if (val->value)
427 else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) 447 micros = atoi(val->value);
428 { 448 } else {
429 if (val->value) micros = atoi(val->value);
430 }
431 else
432 {
433 TS_CONF_invalid(section, ENV_ACCURACY); 449 TS_CONF_invalid(section, ENV_ACCURACY);
434 goto err; 450 goto err;
435 }
436 } 451 }
452 }
437 if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros)) 453 if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros))
438 goto err; 454 goto err;
439 455
440 ret = 1; 456 ret = 1;
441 err: 457
458err:
442 sk_CONF_VALUE_pop_free(list, X509V3_conf_free); 459 sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
443 return ret; 460 return ret;
444 } 461}
445 462
446int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, 463int
447 TS_RESP_CTX *ctx) 464TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
448 { 465 TS_RESP_CTX *ctx)
466{
449 int ret = 0; 467 int ret = 0;
450 long digits = 0; 468 long digits = 0;
451 469
452 /* If not specified, set the default value to 0, i.e. sec precision */ 470 /* If not specified, set the default value to 0, i.e. sec precision */
453 if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS, 471 if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS,
454 &digits)) 472 &digits))
455 digits = 0; 473 digits = 0;
456 if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) 474 if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) {
457 {
458 TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); 475 TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS);
459 goto err; 476 goto err;
460 } 477 }
461 478
462 if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits)) 479 if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits))
463 goto err; 480 goto err;
464 481
465 return 1; 482 return 1;
466 err: 483
484err:
467 return ret; 485 return ret;
468 } 486}
469 487
470static int TS_CONF_add_flag(CONF *conf, const char *section, const char *field, 488static int
471 int flag, TS_RESP_CTX *ctx) 489TS_CONF_add_flag(CONF *conf, const char *section, const char *field, int flag,
472 { 490 TS_RESP_CTX *ctx)
491{
473 /* Default is false. */ 492 /* Default is false. */
474 const char *value = NCONF_get_string(conf, section, field); 493 const char *value = NCONF_get_string(conf, section, field);
475 if (value) 494
476 { 495 if (value) {
477 if (strcmp(value, ENV_VALUE_YES) == 0) 496 if (strcmp(value, ENV_VALUE_YES) == 0)
478 TS_RESP_CTX_add_flags(ctx, flag); 497 TS_RESP_CTX_add_flags(ctx, flag);
479 else if (strcmp(value, ENV_VALUE_NO) != 0) 498 else if (strcmp(value, ENV_VALUE_NO) != 0) {
480 {
481 TS_CONF_invalid(section, field); 499 TS_CONF_invalid(section, field);
482 return 0; 500 return 0;
483 }
484 } 501 }
502 }
485 503
486 return 1; 504 return 1;
487 } 505}
488 506
489int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx) 507int
490 { 508TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx)
509{
491 return TS_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); 510 return TS_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx);
492 } 511}
493 512
494int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx) 513int
495 { 514TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx)
515{
496 return TS_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); 516 return TS_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx);
497 } 517}
498 518
499int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, 519int
500 TS_RESP_CTX *ctx) 520TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, TS_RESP_CTX *ctx)
501 { 521{
502 return TS_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, 522 return TS_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN,
503 TS_ESS_CERT_ID_CHAIN, ctx); 523 TS_ESS_CERT_ID_CHAIN, ctx);
504 } 524}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-05 11:25:24 +0000