summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ts/ts_rsp_sign.c
diff options
context:
space:
mode:
authorjsing <>2014-04-21 16:32:06 +0000
committerjsing <>2014-04-21 16:32:06 +0000
commitdbe50a7f3c84521e4543ad2e5292244bd0b81414 (patch)
treebe04a70e8733f1afb3ae549ad26c1c50ec666f15 /src/lib/libcrypto/ts/ts_rsp_sign.c
parent4e74c38c506a70910cb7f88175f2f718983bbdc6 (diff)
downloadopenbsd-dbe50a7f3c84521e4543ad2e5292244bd0b81414.tar.gz
openbsd-dbe50a7f3c84521e4543ad2e5292244bd0b81414.tar.bz2
openbsd-dbe50a7f3c84521e4543ad2e5292244bd0b81414.zip
KNF.
Diffstat (limited to 'src/lib/libcrypto/ts/ts_rsp_sign.c')
-rw-r--r--src/lib/libcrypto/ts/ts_rsp_sign.c789
1 files changed, 414 insertions, 375 deletions
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c
index 17f81b4a35..71530d7f24 100644
--- a/src/lib/libcrypto/ts/ts_rsp_sign.c
+++ b/src/lib/libcrypto/ts/ts_rsp_sign.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -76,102 +76,107 @@ static void TS_RESP_CTX_init(TS_RESP_CTX *ctx);
76static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx); 76static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx);
77static int TS_RESP_check_request(TS_RESP_CTX *ctx); 77static int TS_RESP_check_request(TS_RESP_CTX *ctx);
78static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx); 78static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx);
79static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, 79static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx,
80 ASN1_OBJECT *policy); 80 ASN1_OBJECT *policy);
81static int TS_RESP_process_extensions(TS_RESP_CTX *ctx); 81static int TS_RESP_process_extensions(TS_RESP_CTX *ctx);
82static int TS_RESP_sign(TS_RESP_CTX *ctx); 82static int TS_RESP_sign(TS_RESP_CTX *ctx);
83 83
84static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, 84static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert,
85 STACK_OF(X509) *certs); 85 STACK_OF(X509) *certs);
86static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed); 86static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
87static int TS_TST_INFO_content_new(PKCS7 *p7); 87static int TS_TST_INFO_content_new(PKCS7 *p7);
88static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); 88static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
89 89
90static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( 90static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(
91 ASN1_GENERALIZEDTIME *, long, long, unsigned); 91 ASN1_GENERALIZEDTIME *, long, long, unsigned);
92 92
93/* Default callbacks for response generation. */ 93/* Default callbacks for response generation. */
94 94
95static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) 95static ASN1_INTEGER *
96 { 96def_serial_cb(struct TS_resp_ctx *ctx, void *data)
97{
97 ASN1_INTEGER *serial = ASN1_INTEGER_new(); 98 ASN1_INTEGER *serial = ASN1_INTEGER_new();
98 if (!serial) goto err; 99
99 if (!ASN1_INTEGER_set(serial, 1)) goto err; 100 if (!serial)
101 goto err;
102 if (!ASN1_INTEGER_set(serial, 1))
103 goto err;
100 return serial; 104 return serial;
101 err: 105
106err:
102 TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); 107 TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
103 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 108 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
104 "Error during serial number generation."); 109 "Error during serial number generation.");
105 return NULL; 110 return NULL;
106 } 111}
107 112
108#if defined(OPENSSL_SYS_UNIX) 113#if defined(OPENSSL_SYS_UNIX)
109 114
110/* Use the gettimeofday function call. */ 115/* Use the gettimeofday function call. */
111static int def_time_cb(struct TS_resp_ctx *ctx, void *data, 116static int
112 long *sec, long *usec) 117def_time_cb(struct TS_resp_ctx *ctx, void *data, long *sec, long *usec)
113 { 118{
114 struct timeval tv; 119 struct timeval tv;
115 if (gettimeofday(&tv, NULL) != 0) 120
116 { 121 if (gettimeofday(&tv, NULL) != 0) {
117 TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR); 122 TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
118 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 123 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
119 "Time is not available."); 124 "Time is not available.");
120 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); 125 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
121 return 0; 126 return 0;
122 } 127 }
123 /* Return time to caller. */ 128 /* Return time to caller. */
124 *sec = tv.tv_sec; 129 *sec = tv.tv_sec;
125 *usec = tv.tv_usec; 130 *usec = tv.tv_usec;
126 131
127 return 1; 132 return 1;
128 } 133}
129 134
130#else 135#else
131 136
132/* Use the time function call that provides only seconds precision. */ 137/* Use the time function call that provides only seconds precision. */
133static int def_time_cb(struct TS_resp_ctx *ctx, void *data, 138static int
134 long *sec, long *usec) 139def_time_cb(struct TS_resp_ctx *ctx, void *data, long *sec, long *usec)
135 { 140{
136 time_t t; 141 time_t t;
137 if (time(&t) == (time_t) -1) 142
138 { 143 if (time(&t) == (time_t) - 1) {
139 TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR); 144 TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
140 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 145 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
141 "Time is not available."); 146 "Time is not available.");
142 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); 147 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
143 return 0; 148 return 0;
144 } 149 }
145 /* Return time to caller, only second precision. */ 150 /* Return time to caller, only second precision. */
146 *sec = (long) t; 151 *sec = (long) t;
147 *usec = 0; 152 *usec = 0;
148 153
149 return 1; 154 return 1;
150 } 155}
151 156
152#endif 157#endif
153 158
154static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, 159static int
155 void *data) 160def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, void *data)
156 { 161{
157 /* No extensions are processed here. */ 162 /* No extensions are processed here. */
158 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 163 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
159 "Unsupported extension."); 164 "Unsupported extension.");
160 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION); 165 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION);
161 return 0; 166 return 0;
162 } 167}
163 168
164/* TS_RESP_CTX management functions. */ 169/* TS_RESP_CTX management functions. */
165 170
166TS_RESP_CTX *TS_RESP_CTX_new() 171TS_RESP_CTX *
167 { 172TS_RESP_CTX_new()
173{
168 TS_RESP_CTX *ctx; 174 TS_RESP_CTX *ctx;
169 175
170 if (!(ctx = (TS_RESP_CTX *) malloc(sizeof(TS_RESP_CTX)))) 176 if (!(ctx = (TS_RESP_CTX *) malloc(sizeof(TS_RESP_CTX)))) {
171 {
172 TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE); 177 TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE);
173 return NULL; 178 return NULL;
174 } 179 }
175 memset(ctx, 0, sizeof(TS_RESP_CTX)); 180 memset(ctx, 0, sizeof(TS_RESP_CTX));
176 181
177 /* Setting default callbacks. */ 182 /* Setting default callbacks. */
@@ -180,11 +185,13 @@ TS_RESP_CTX *TS_RESP_CTX_new()
180 ctx->extension_cb = def_extension_cb; 185 ctx->extension_cb = def_extension_cb;
181 186
182 return ctx; 187 return ctx;
183 } 188}
184 189
185void TS_RESP_CTX_free(TS_RESP_CTX *ctx) 190void
186 { 191TS_RESP_CTX_free(TS_RESP_CTX *ctx)
187 if (!ctx) return; 192{
193 if (!ctx)
194 return;
188 195
189 X509_free(ctx->signer_cert); 196 X509_free(ctx->signer_cert);
190 EVP_PKEY_free(ctx->signer_key); 197 EVP_PKEY_free(ctx->signer_key);
@@ -196,95 +203,108 @@ void TS_RESP_CTX_free(TS_RESP_CTX *ctx)
196 ASN1_INTEGER_free(ctx->millis); 203 ASN1_INTEGER_free(ctx->millis);
197 ASN1_INTEGER_free(ctx->micros); 204 ASN1_INTEGER_free(ctx->micros);
198 free(ctx); 205 free(ctx);
199 } 206}
200 207
201int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) 208int
202 { 209TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
203 if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) 210{
204 { 211 if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) {
205 TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT, 212 TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT,
206 TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); 213 TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
207 return 0; 214 return 0;
208 } 215 }
209 if (ctx->signer_cert) X509_free(ctx->signer_cert); 216 if (ctx->signer_cert)
217 X509_free(ctx->signer_cert);
210 ctx->signer_cert = signer; 218 ctx->signer_cert = signer;
211 CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509); 219 CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509);
212 return 1; 220 return 1;
213 } 221}
214 222
215int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key) 223int
216 { 224TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key)
217 if (ctx->signer_key) EVP_PKEY_free(ctx->signer_key); 225{
226 if (ctx->signer_key)
227 EVP_PKEY_free(ctx->signer_key);
218 ctx->signer_key = key; 228 ctx->signer_key = key;
219 CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY); 229 CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY);
220 230
221 return 1; 231 return 1;
222 } 232}
223 233
224int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) 234int
225 { 235TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
226 if (ctx->default_policy) ASN1_OBJECT_free(ctx->default_policy); 236{
227 if (!(ctx->default_policy = OBJ_dup(def_policy))) goto err; 237 if (ctx->default_policy)
238 ASN1_OBJECT_free(ctx->default_policy);
239 if (!(ctx->default_policy = OBJ_dup(def_policy)))
240 goto err;
228 return 1; 241 return 1;
229 err: 242
243err:
230 TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE); 244 TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE);
231 return 0; 245 return 0;
232 } 246}
233 247
234int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) 248int
235 { 249TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
250{
236 int i; 251 int i;
237 252
238 if (ctx->certs) 253 if (ctx->certs) {
239 {
240 sk_X509_pop_free(ctx->certs, X509_free); 254 sk_X509_pop_free(ctx->certs, X509_free);
241 ctx->certs = NULL; 255 ctx->certs = NULL;
242 } 256 }
243 if (!certs) return 1; 257 if (!certs)
244 if (!(ctx->certs = sk_X509_dup(certs))) 258 return 1;
245 { 259 if (!(ctx->certs = sk_X509_dup(certs))) {
246 TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE); 260 TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
247 return 0; 261 return 0;
248 } 262 }
249 for (i = 0; i < sk_X509_num(ctx->certs); ++i) 263 for (i = 0; i < sk_X509_num(ctx->certs); ++i) {
250 {
251 X509 *cert = sk_X509_value(ctx->certs, i); 264 X509 *cert = sk_X509_value(ctx->certs, i);
252 CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509); 265 CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509);
253 } 266 }
254 267
255 return 1; 268 return 1;
256 } 269}
257 270
258int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) 271int
259 { 272TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy)
273{
260 ASN1_OBJECT *copy = NULL; 274 ASN1_OBJECT *copy = NULL;
261 275
262 /* Create new policy stack if necessary. */ 276 /* Create new policy stack if necessary. */
263 if (!ctx->policies && !(ctx->policies = sk_ASN1_OBJECT_new_null())) 277 if (!ctx->policies && !(ctx->policies = sk_ASN1_OBJECT_new_null()))
278 goto err;
279 if (!(copy = OBJ_dup(policy)))
280 goto err;
281 if (!sk_ASN1_OBJECT_push(ctx->policies, copy))
264 goto err; 282 goto err;
265 if (!(copy = OBJ_dup(policy))) goto err;
266 if (!sk_ASN1_OBJECT_push(ctx->policies, copy)) goto err;
267 283
268 return 1; 284 return 1;
269 err: 285
286err:
270 TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE); 287 TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE);
271 ASN1_OBJECT_free(copy); 288 ASN1_OBJECT_free(copy);
272 return 0; 289 return 0;
273 } 290}
274 291
275int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md) 292int
276 { 293TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
294{
277 /* Create new md stack if necessary. */ 295 /* Create new md stack if necessary. */
278 if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null())) 296 if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null()))
279 goto err; 297 goto err;
280 /* Add the shared md, no copy needed. */ 298 /* Add the shared md, no copy needed. */
281 if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md)) goto err; 299 if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md))
300 goto err;
282 301
283 return 1; 302 return 1;
284 err: 303
304err:
285 TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE); 305 TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE);
286 return 0; 306 return 0;
287 } 307}
288 308
289#define TS_RESP_CTX_accuracy_free(ctx) \ 309#define TS_RESP_CTX_accuracy_free(ctx) \
290 ASN1_INTEGER_free(ctx->seconds); \ 310 ASN1_INTEGER_free(ctx->seconds); \
@@ -294,129 +314,142 @@ int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
294 ASN1_INTEGER_free(ctx->micros); \ 314 ASN1_INTEGER_free(ctx->micros); \
295 ctx->micros = NULL; 315 ctx->micros = NULL;
296 316
297int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, 317int
298 int secs, int millis, int micros) 318TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, int secs, int millis, int micros)
299 { 319{
300
301 TS_RESP_CTX_accuracy_free(ctx); 320 TS_RESP_CTX_accuracy_free(ctx);
302 if (secs && (!(ctx->seconds = ASN1_INTEGER_new()) 321 if (secs && (!(ctx->seconds = ASN1_INTEGER_new()) ||
303 || !ASN1_INTEGER_set(ctx->seconds, secs))) 322 !ASN1_INTEGER_set(ctx->seconds, secs)))
304 goto err; 323 goto err;
305 if (millis && (!(ctx->millis = ASN1_INTEGER_new()) 324 if (millis && (!(ctx->millis = ASN1_INTEGER_new()) ||
306 || !ASN1_INTEGER_set(ctx->millis, millis))) 325 !ASN1_INTEGER_set(ctx->millis, millis)))
307 goto err; 326 goto err;
308 if (micros && (!(ctx->micros = ASN1_INTEGER_new()) 327 if (micros && (!(ctx->micros = ASN1_INTEGER_new()) ||
309 || !ASN1_INTEGER_set(ctx->micros, micros))) 328 !ASN1_INTEGER_set(ctx->micros, micros)))
310 goto err; 329 goto err;
311 330
312 return 1; 331 return 1;
313 err: 332
333err:
314 TS_RESP_CTX_accuracy_free(ctx); 334 TS_RESP_CTX_accuracy_free(ctx);
315 TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE); 335 TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
316 return 0; 336 return 0;
317 } 337}
318 338
319void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags) 339void
320 { 340TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags)
341{
321 ctx->flags |= flags; 342 ctx->flags |= flags;
322 } 343}
323 344
324void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data) 345void
325 { 346TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data)
347{
326 ctx->serial_cb = cb; 348 ctx->serial_cb = cb;
327 ctx->serial_cb_data = data; 349 ctx->serial_cb_data = data;
328 } 350}
329 351
330void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data) 352void
331 { 353TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data)
354{
332 ctx->time_cb = cb; 355 ctx->time_cb = cb;
333 ctx->time_cb_data = data; 356 ctx->time_cb_data = data;
334 } 357}
335 358
336void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, 359void
337 TS_extension_cb cb, void *data) 360TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, TS_extension_cb cb, void *data)
338 { 361{
339 ctx->extension_cb = cb; 362 ctx->extension_cb = cb;
340 ctx->extension_cb_data = data; 363 ctx->extension_cb_data = data;
341 } 364}
342 365
343int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, 366int
344 int status, const char *text) 367TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, int status, const char *text)
345 { 368{
346 TS_STATUS_INFO *si = NULL; 369 TS_STATUS_INFO *si = NULL;
347 ASN1_UTF8STRING *utf8_text = NULL; 370 ASN1_UTF8STRING *utf8_text = NULL;
348 int ret = 0; 371 int ret = 0;
349 372
350 if (!(si = TS_STATUS_INFO_new())) goto err; 373 if (!(si = TS_STATUS_INFO_new()))
351 if (!ASN1_INTEGER_set(si->status, status)) goto err; 374 goto err;
352 if (text) 375 if (!ASN1_INTEGER_set(si->status, status))
353 { 376 goto err;
354 if (!(utf8_text = ASN1_UTF8STRING_new()) 377 if (text) {
355 || !ASN1_STRING_set(utf8_text, text, strlen(text))) 378 if (!(utf8_text = ASN1_UTF8STRING_new()) ||
379 !ASN1_STRING_set(utf8_text, text, strlen(text)))
356 goto err; 380 goto err;
357 if (!si->text && !(si->text = sk_ASN1_UTF8STRING_new_null())) 381 if (!si->text && !(si->text = sk_ASN1_UTF8STRING_new_null()))
358 goto err; 382 goto err;
359 if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text)) goto err; 383 if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text))
384 goto err;
360 utf8_text = NULL; /* Ownership is lost. */ 385 utf8_text = NULL; /* Ownership is lost. */
361 } 386 }
362 if (!TS_RESP_set_status_info(ctx->response, si)) goto err; 387 if (!TS_RESP_set_status_info(ctx->response, si))
388 goto err;
363 ret = 1; 389 ret = 1;
364 err: 390
391err:
365 if (!ret) 392 if (!ret)
366 TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); 393 TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
367 TS_STATUS_INFO_free(si); 394 TS_STATUS_INFO_free(si);
368 ASN1_UTF8STRING_free(utf8_text); 395 ASN1_UTF8STRING_free(utf8_text);
369 return ret; 396 return ret;
370 } 397}
371 398
372int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, 399int
373 int status, const char *text) 400TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, int status, const char *text)
374 { 401{
375 int ret = 1; 402 int ret = 1;
376 TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); 403 TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response);
377 404
378 if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) 405 if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) {
379 {
380 /* Status has not been set, set it now. */ 406 /* Status has not been set, set it now. */
381 ret = TS_RESP_CTX_set_status_info(ctx, status, text); 407 ret = TS_RESP_CTX_set_status_info(ctx, status, text);
382 }
383 return ret;
384 } 408 }
409 return ret;
410}
385 411
386int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure) 412int
387 { 413TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure)
414{
388 TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); 415 TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response);
416
389 if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new())) 417 if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new()))
390 goto err; 418 goto err;
391 if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1)) 419 if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1))
392 goto err; 420 goto err;
393 return 1; 421 return 1;
394 err: 422
423err:
395 TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE); 424 TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE);
396 return 0; 425 return 0;
397 } 426}
398 427
399TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx) 428TS_REQ *
400 { 429TS_RESP_CTX_get_request(TS_RESP_CTX *ctx)
430{
401 return ctx->request; 431 return ctx->request;
402 } 432}
403 433
404TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx) 434TS_TST_INFO *
405 { 435TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx)
436{
406 return ctx->tst_info; 437 return ctx->tst_info;
407 } 438}
408 439
409int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, unsigned precision) 440int
410 { 441TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, unsigned precision)
411 if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) 442{
412 return 0; 443 if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
413 ctx->clock_precision_digits = precision; 444 return 0;
414 return 1; 445 ctx->clock_precision_digits = precision;
415 } 446 return 1;
447}
416 448
417/* Main entry method of the response generation. */ 449/* Main entry method of the response generation. */
418TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) 450TS_RESP *
419 { 451TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
452{
420 ASN1_OBJECT *policy; 453 ASN1_OBJECT *policy;
421 TS_RESP *response; 454 TS_RESP *response;
422 int result = 0; 455 int result = 0;
@@ -424,87 +457,90 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
424 TS_RESP_CTX_init(ctx); 457 TS_RESP_CTX_init(ctx);
425 458
426 /* Creating the response object. */ 459 /* Creating the response object. */
427 if (!(ctx->response = TS_RESP_new())) 460 if (!(ctx->response = TS_RESP_new())) {
428 {
429 TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE); 461 TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE);
430 goto end; 462 goto end;
431 } 463 }
432 464
433 /* Parsing DER request. */ 465 /* Parsing DER request. */
434 if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL))) 466 if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL))) {
435 {
436 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 467 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
437 "Bad request format or " 468 "Bad request format or "
438 "system error."); 469 "system error.");
439 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); 470 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
440 goto end; 471 goto end;
441 } 472 }
442 473
443 /* Setting default status info. */ 474 /* Setting default status info. */
444 if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL)) 475 if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL))
445 goto end; 476 goto end;
446 477
447 /* Checking the request format. */ 478 /* Checking the request format. */
448 if (!TS_RESP_check_request(ctx)) goto end; 479 if (!TS_RESP_check_request(ctx))
480 goto end;
449 481
450 /* Checking acceptable policies. */ 482 /* Checking acceptable policies. */
451 if (!(policy = TS_RESP_get_policy(ctx))) goto end; 483 if (!(policy = TS_RESP_get_policy(ctx)))
484 goto end;
452 485
453 /* Creating the TS_TST_INFO object. */ 486 /* Creating the TS_TST_INFO object. */
454 if (!(ctx->tst_info = TS_RESP_create_tst_info(ctx, policy))) 487 if (!(ctx->tst_info = TS_RESP_create_tst_info(ctx, policy)))
455 goto end; 488 goto end;
456 489
457 /* Processing extensions. */ 490 /* Processing extensions. */
458 if (!TS_RESP_process_extensions(ctx)) goto end; 491 if (!TS_RESP_process_extensions(ctx))
492 goto end;
459 493
460 /* Generating the signature. */ 494 /* Generating the signature. */
461 if (!TS_RESP_sign(ctx)) goto end; 495 if (!TS_RESP_sign(ctx))
496 goto end;
462 497
463 /* Everything was successful. */ 498 /* Everything was successful. */
464 result = 1; 499 result = 1;
465 end: 500
466 if (!result) 501end:
467 { 502 if (!result) {
468 TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR); 503 TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR);
469 if (ctx->response != NULL) 504 if (ctx->response != NULL) {
470 {
471 if (TS_RESP_CTX_set_status_info_cond(ctx, 505 if (TS_RESP_CTX_set_status_info_cond(ctx,
472 TS_STATUS_REJECTION, "Error during response " 506 TS_STATUS_REJECTION, "Error during response "
473 "generation.") == 0) 507 "generation.") == 0) {
474 {
475 TS_RESP_free(ctx->response); 508 TS_RESP_free(ctx->response);
476 ctx->response = NULL; 509 ctx->response = NULL;
477 }
478 } 510 }
479 } 511 }
512 }
480 response = ctx->response; 513 response = ctx->response;
481 ctx->response = NULL; /* Ownership will be returned to caller. */ 514 ctx->response = NULL; /* Ownership will be returned to caller. */
482 TS_RESP_CTX_cleanup(ctx); 515 TS_RESP_CTX_cleanup(ctx);
483 return response; 516 return response;
484 } 517}
485 518
486/* Initializes the variable part of the context. */ 519/* Initializes the variable part of the context. */
487static void TS_RESP_CTX_init(TS_RESP_CTX *ctx) 520static void
488 { 521TS_RESP_CTX_init(TS_RESP_CTX *ctx)
522{
489 ctx->request = NULL; 523 ctx->request = NULL;
490 ctx->response = NULL; 524 ctx->response = NULL;
491 ctx->tst_info = NULL; 525 ctx->tst_info = NULL;
492 } 526}
493 527
494/* Cleans up the variable part of the context. */ 528/* Cleans up the variable part of the context. */
495static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx) 529static void
496 { 530TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx)
531{
497 TS_REQ_free(ctx->request); 532 TS_REQ_free(ctx->request);
498 ctx->request = NULL; 533 ctx->request = NULL;
499 TS_RESP_free(ctx->response); 534 TS_RESP_free(ctx->response);
500 ctx->response = NULL; 535 ctx->response = NULL;
501 TS_TST_INFO_free(ctx->tst_info); 536 TS_TST_INFO_free(ctx->tst_info);
502 ctx->tst_info = NULL; 537 ctx->tst_info = NULL;
503 } 538}
504 539
505/* Checks the format and content of the request. */ 540/* Checks the format and content of the request. */
506static int TS_RESP_check_request(TS_RESP_CTX *ctx) 541static int
507 { 542TS_RESP_check_request(TS_RESP_CTX *ctx)
543{
508 TS_REQ *request = ctx->request; 544 TS_REQ *request = ctx->request;
509 TS_MSG_IMPRINT *msg_imprint; 545 TS_MSG_IMPRINT *msg_imprint;
510 X509_ALGOR *md_alg; 546 X509_ALGOR *md_alg;
@@ -514,95 +550,88 @@ static int TS_RESP_check_request(TS_RESP_CTX *ctx)
514 int i; 550 int i;
515 551
516 /* Checking request version. */ 552 /* Checking request version. */
517 if (TS_REQ_get_version(request) != 1) 553 if (TS_REQ_get_version(request) != 1) {
518 {
519 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 554 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
520 "Bad request version."); 555 "Bad request version.");
521 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST); 556 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST);
522 return 0; 557 return 0;
523 } 558 }
524 559
525 /* Checking message digest algorithm. */ 560 /* Checking message digest algorithm. */
526 msg_imprint = TS_REQ_get_msg_imprint(request); 561 msg_imprint = TS_REQ_get_msg_imprint(request);
527 md_alg = TS_MSG_IMPRINT_get_algo(msg_imprint); 562 md_alg = TS_MSG_IMPRINT_get_algo(msg_imprint);
528 md_alg_id = OBJ_obj2nid(md_alg->algorithm); 563 md_alg_id = OBJ_obj2nid(md_alg->algorithm);
529 for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) 564 for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) {
530 {
531 EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i); 565 EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
532 if (md_alg_id == EVP_MD_type(current_md)) 566 if (md_alg_id == EVP_MD_type(current_md))
533 md = current_md; 567 md = current_md;
534 } 568 }
535 if (!md) 569 if (!md) {
536 {
537 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 570 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
538 "Message digest algorithm is " 571 "Message digest algorithm is "
539 "not supported."); 572 "not supported.");
540 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); 573 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
541 return 0; 574 return 0;
542 } 575 }
543 576
544 /* No message digest takes parameter. */ 577 /* No message digest takes parameter. */
545 if (md_alg->parameter 578 if (md_alg->parameter &&
546 && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) 579 ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) {
547 {
548 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 580 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
549 "Superfluous message digest " 581 "Superfluous message digest "
550 "parameter."); 582 "parameter.");
551 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); 583 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
552 return 0; 584 return 0;
553 } 585 }
554 /* Checking message digest size. */ 586 /* Checking message digest size. */
555 digest = TS_MSG_IMPRINT_get_msg(msg_imprint); 587 digest = TS_MSG_IMPRINT_get_msg(msg_imprint);
556 if (digest->length != EVP_MD_size(md)) 588 if (digest->length != EVP_MD_size(md)) {
557 {
558 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 589 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
559 "Bad message digest."); 590 "Bad message digest.");
560 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); 591 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
561 return 0; 592 return 0;
562 } 593 }
563 594
564 return 1; 595 return 1;
565 } 596}
566 597
567/* Returns the TSA policy based on the requested and acceptable policies. */ 598/* Returns the TSA policy based on the requested and acceptable policies. */
568static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx) 599static ASN1_OBJECT *
569 { 600TS_RESP_get_policy(TS_RESP_CTX *ctx)
601{
570 ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request); 602 ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request);
571 ASN1_OBJECT *policy = NULL; 603 ASN1_OBJECT *policy = NULL;
572 int i; 604 int i;
573 605
574 if (ctx->default_policy == NULL) 606 if (ctx->default_policy == NULL) {
575 {
576 TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER); 607 TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER);
577 return NULL; 608 return NULL;
578 } 609 }
579 /* Return the default policy if none is requested or the default is 610 /* Return the default policy if none is requested or the default is
580 requested. */ 611 requested. */
581 if (!requested || !OBJ_cmp(requested, ctx->default_policy)) 612 if (!requested || !OBJ_cmp(requested, ctx->default_policy))
582 policy = ctx->default_policy; 613 policy = ctx->default_policy;
583 614
584 /* Check if the policy is acceptable. */ 615 /* Check if the policy is acceptable. */
585 for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) 616 for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) {
586 {
587 ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i); 617 ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i);
588 if (!OBJ_cmp(requested, current)) 618 if (!OBJ_cmp(requested, current))
589 policy = current; 619 policy = current;
590 } 620 }
591 if (!policy) 621 if (!policy) {
592 {
593 TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY); 622 TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY);
594 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 623 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
595 "Requested policy is not " 624 "Requested policy is not "
596 "supported."); 625 "supported.");
597 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY); 626 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY);
598 }
599 return policy;
600 } 627 }
628 return policy;
629}
601 630
602/* Creates the TS_TST_INFO object based on the settings of the context. */ 631/* Creates the TS_TST_INFO object based on the settings of the context. */
603static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, 632static TS_TST_INFO *
604 ASN1_OBJECT *policy) 633TS_RESP_create_tst_info(TS_RESP_CTX *ctx, ASN1_OBJECT *policy)
605 { 634{
606 int result = 0; 635 int result = 0;
607 TS_TST_INFO *tst_info = NULL; 636 TS_TST_INFO *tst_info = NULL;
608 ASN1_INTEGER *serial = NULL; 637 ASN1_INTEGER *serial = NULL;
@@ -612,24 +641,26 @@ static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx,
612 const ASN1_INTEGER *nonce; 641 const ASN1_INTEGER *nonce;
613 GENERAL_NAME *tsa_name = NULL; 642 GENERAL_NAME *tsa_name = NULL;
614 643
615 if (!(tst_info = TS_TST_INFO_new())) goto end; 644 if (!(tst_info = TS_TST_INFO_new()))
616 if (!TS_TST_INFO_set_version(tst_info, 1)) goto end; 645 goto end;
617 if (!TS_TST_INFO_set_policy_id(tst_info, policy)) goto end; 646 if (!TS_TST_INFO_set_version(tst_info, 1))
647 goto end;
648 if (!TS_TST_INFO_set_policy_id(tst_info, policy))
649 goto end;
618 if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint)) 650 if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint))
619 goto end; 651 goto end;
620 if (!(serial = (*ctx->serial_cb)(ctx, ctx->serial_cb_data)) 652 if (!(serial = (*ctx->serial_cb)(ctx, ctx->serial_cb_data)) ||
621 || !TS_TST_INFO_set_serial(tst_info, serial)) 653 !TS_TST_INFO_set_serial(tst_info, serial))
622 goto end; 654 goto end;
623 if (!(*ctx->time_cb)(ctx, ctx->time_cb_data, &sec, &usec) 655 if (!(*ctx->time_cb)(ctx, ctx->time_cb_data, &sec, &usec) ||
624 || !(asn1_time = TS_RESP_set_genTime_with_precision(NULL, 656 !(asn1_time = TS_RESP_set_genTime_with_precision(NULL, sec, usec,
625 sec, usec, 657 ctx->clock_precision_digits)) ||
626 ctx->clock_precision_digits)) 658 !TS_TST_INFO_set_time(tst_info, asn1_time))
627 || !TS_TST_INFO_set_time(tst_info, asn1_time))
628 goto end; 659 goto end;
629 660
630 /* Setting accuracy if needed. */ 661 /* Setting accuracy if needed. */
631 if ((ctx->seconds || ctx->millis || ctx->micros) 662 if ((ctx->seconds || ctx->millis || ctx->micros) &&
632 && !(accuracy = TS_ACCURACY_new())) 663 !(accuracy = TS_ACCURACY_new()))
633 goto end; 664 goto end;
634 665
635 if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds)) 666 if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds))
@@ -638,58 +669,60 @@ static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx,
638 goto end; 669 goto end;
639 if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros)) 670 if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros))
640 goto end; 671 goto end;
641 if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy)) 672 if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy))
642 goto end; 673 goto end;
643 674
644 /* Setting ordering. */ 675 /* Setting ordering. */
645 if ((ctx->flags & TS_ORDERING) 676 if ((ctx->flags & TS_ORDERING) &&
646 && !TS_TST_INFO_set_ordering(tst_info, 1)) 677 !TS_TST_INFO_set_ordering(tst_info, 1))
647 goto end; 678 goto end;
648 679
649 /* Setting nonce if needed. */ 680 /* Setting nonce if needed. */
650 if ((nonce = TS_REQ_get_nonce(ctx->request)) != NULL 681 if ((nonce = TS_REQ_get_nonce(ctx->request)) != NULL &&
651 && !TS_TST_INFO_set_nonce(tst_info, nonce)) 682 !TS_TST_INFO_set_nonce(tst_info, nonce))
652 goto end; 683 goto end;
653 684
654 /* Setting TSA name to subject of signer certificate. */ 685 /* Setting TSA name to subject of signer certificate. */
655 if (ctx->flags & TS_TSA_NAME) 686 if (ctx->flags & TS_TSA_NAME) {
656 { 687 if (!(tsa_name = GENERAL_NAME_new()))
657 if (!(tsa_name = GENERAL_NAME_new())) goto end; 688 goto end;
658 tsa_name->type = GEN_DIRNAME; 689 tsa_name->type = GEN_DIRNAME;
659 tsa_name->d.dirn = 690 tsa_name->d.dirn =
660 X509_NAME_dup(ctx->signer_cert->cert_info->subject); 691 X509_NAME_dup(ctx->signer_cert->cert_info->subject);
661 if (!tsa_name->d.dirn) goto end; 692 if (!tsa_name->d.dirn)
662 if (!TS_TST_INFO_set_tsa(tst_info, tsa_name)) goto end; 693 goto end;
663 } 694 if (!TS_TST_INFO_set_tsa(tst_info, tsa_name))
695 goto end;
696 }
664 697
665 result = 1; 698 result = 1;
666 end: 699
667 if (!result) 700end:
668 { 701 if (!result) {
669 TS_TST_INFO_free(tst_info); 702 TS_TST_INFO_free(tst_info);
670 tst_info = NULL; 703 tst_info = NULL;
671 TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR); 704 TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR);
672 TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, 705 TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
673 "Error during TSTInfo " 706 "Error during TSTInfo "
674 "generation."); 707 "generation.");
675 } 708 }
676 GENERAL_NAME_free(tsa_name); 709 GENERAL_NAME_free(tsa_name);
677 TS_ACCURACY_free(accuracy); 710 TS_ACCURACY_free(accuracy);
678 ASN1_GENERALIZEDTIME_free(asn1_time); 711 ASN1_GENERALIZEDTIME_free(asn1_time);
679 ASN1_INTEGER_free(serial); 712 ASN1_INTEGER_free(serial);
680 713
681 return tst_info; 714 return tst_info;
682 } 715}
683 716
684/* Processing the extensions of the request. */ 717/* Processing the extensions of the request. */
685static int TS_RESP_process_extensions(TS_RESP_CTX *ctx) 718static int
686 { 719TS_RESP_process_extensions(TS_RESP_CTX *ctx)
720{
687 STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request); 721 STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request);
688 int i; 722 int i;
689 int ok = 1; 723 int ok = 1;
690 724
691 for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) 725 for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) {
692 {
693 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); 726 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
694 /* XXXXX The last argument was previously 727 /* XXXXX The last argument was previously
695 (void *)ctx->extension_cb, but ISO C doesn't permit 728 (void *)ctx->extension_cb, but ISO C doesn't permit
@@ -699,14 +732,15 @@ static int TS_RESP_process_extensions(TS_RESP_CTX *ctx)
699 anyway... 732 anyway...
700 */ 733 */
701 ok = (*ctx->extension_cb)(ctx, ext, NULL); 734 ok = (*ctx->extension_cb)(ctx, ext, NULL);
702 } 735 }
703 736
704 return ok; 737 return ok;
705 } 738}
706 739
707/* Functions for signing the TS_TST_INFO structure of the context. */ 740/* Functions for signing the TS_TST_INFO structure of the context. */
708static int TS_RESP_sign(TS_RESP_CTX *ctx) 741static int
709 { 742TS_RESP_sign(TS_RESP_CTX *ctx)
743{
710 int ret = 0; 744 int ret = 0;
711 PKCS7 *p7 = NULL; 745 PKCS7 *p7 = NULL;
712 PKCS7_SIGNER_INFO *si; 746 PKCS7_SIGNER_INFO *si;
@@ -718,9 +752,9 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx)
718 752
719 /* Check if signcert and pkey match. */ 753 /* Check if signcert and pkey match. */
720 if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) { 754 if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {
721 TSerr(TS_F_TS_RESP_SIGN, 755 TSerr(TS_F_TS_RESP_SIGN,
722 TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); 756 TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
723 goto err; 757 goto err;
724 } 758 }
725 759
726 /* Create a new PKCS7 signed object. */ 760 /* Create a new PKCS7 signed object. */
@@ -728,57 +762,54 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx)
728 TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); 762 TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
729 goto err; 763 goto err;
730 } 764 }
731 if (!PKCS7_set_type(p7, NID_pkcs7_signed)) goto err; 765 if (!PKCS7_set_type(p7, NID_pkcs7_signed))
766 goto err;
732 767
733 /* Force SignedData version to be 3 instead of the default 1. */ 768 /* Force SignedData version to be 3 instead of the default 1. */
734 if (!ASN1_INTEGER_set(p7->d.sign->version, 3)) goto err; 769 if (!ASN1_INTEGER_set(p7->d.sign->version, 3))
770 goto err;
735 771
736 /* Add signer certificate and optional certificate chain. */ 772 /* Add signer certificate and optional certificate chain. */
737 if (TS_REQ_get_cert_req(ctx->request)) 773 if (TS_REQ_get_cert_req(ctx->request)) {
738 {
739 PKCS7_add_certificate(p7, ctx->signer_cert); 774 PKCS7_add_certificate(p7, ctx->signer_cert);
740 if (ctx->certs) 775 if (ctx->certs) {
741 { 776 for (i = 0; i < sk_X509_num(ctx->certs); ++i) {
742 for(i = 0; i < sk_X509_num(ctx->certs); ++i)
743 {
744 X509 *cert = sk_X509_value(ctx->certs, i); 777 X509 *cert = sk_X509_value(ctx->certs, i);
745 PKCS7_add_certificate(p7, cert); 778 PKCS7_add_certificate(p7, cert);
746 }
747 } 779 }
748 } 780 }
781 }
749 782
750 /* Add a new signer info. */ 783 /* Add a new signer info. */
751 if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, 784 if (!(si = PKCS7_add_signature(p7, ctx->signer_cert,
752 ctx->signer_key, EVP_sha1()))) 785 ctx->signer_key, EVP_sha1()))) {
753 {
754 TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR); 786 TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR);
755 goto err; 787 goto err;
756 } 788 }
757 789
758 /* Add content type signed attribute to the signer info. */ 790 /* Add content type signed attribute to the signer info. */
759 oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); 791 oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
760 if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, 792 if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
761 V_ASN1_OBJECT, oid)) 793 V_ASN1_OBJECT, oid)) {
762 {
763 TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); 794 TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
764 goto err; 795 goto err;
765 } 796 }
766 797
767 /* Create the ESS SigningCertificate attribute which contains 798 /* Create the ESS SigningCertificate attribute which contains
768 the signer certificate id and optionally the certificate chain. */ 799 the signer certificate id and optionally the certificate chain. */
769 certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; 800 certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
770 if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs))) 801 if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs)))
771 goto err; 802 goto err;
772 803
773 /* Add SigningCertificate signed attribute to the signer info. */ 804 /* Add SigningCertificate signed attribute to the signer info. */
774 if (!ESS_add_signing_cert(si, sc)) 805 if (!ESS_add_signing_cert(si, sc)) {
775 {
776 TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR); 806 TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
777 goto err; 807 goto err;
778 } 808 }
779 809
780 /* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */ 810 /* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */
781 if (!TS_TST_INFO_content_new(p7)) goto err; 811 if (!TS_TST_INFO_content_new(p7))
812 goto err;
782 813
783 /* Add the DER encoded tst_info to the PKCS7 structure. */ 814 /* Add the DER encoded tst_info to the PKCS7 structure. */
784 if (!(p7bio = PKCS7_dataInit(p7, NULL))) { 815 if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
@@ -787,18 +818,16 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx)
787 } 818 }
788 819
789 /* Convert tst_info to DER. */ 820 /* Convert tst_info to DER. */
790 if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) 821 if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) {
791 {
792 TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); 822 TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
793 goto err; 823 goto err;
794 } 824 }
795 825
796 /* Create the signature and add it to the signer info. */ 826 /* Create the signature and add it to the signer info. */
797 if (!PKCS7_dataFinal(p7, p7bio)) 827 if (!PKCS7_dataFinal(p7, p7bio)) {
798 {
799 TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); 828 TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
800 goto err; 829 goto err;
801 } 830 }
802 831
803 /* Set new PKCS7 and TST_INFO objects. */ 832 /* Set new PKCS7 and TST_INFO objects. */
804 TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info); 833 TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info);
@@ -806,152 +835,163 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx)
806 ctx->tst_info = NULL; /* Ownership is lost. */ 835 ctx->tst_info = NULL; /* Ownership is lost. */
807 836
808 ret = 1; 837 ret = 1;
809 err: 838
839err:
810 if (!ret) 840 if (!ret)
811 TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, 841 TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
812 "Error during signature " 842 "Error during signature "
813 "generation."); 843 "generation.");
814 BIO_free_all(p7bio); 844 BIO_free_all(p7bio);
815 ESS_SIGNING_CERT_free(sc); 845 ESS_SIGNING_CERT_free(sc);
816 PKCS7_free(p7); 846 PKCS7_free(p7);
817 return ret; 847 return ret;
818 } 848}
819 849
820static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, 850static ESS_SIGNING_CERT *
821 STACK_OF(X509) *certs) 851ESS_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs)
822 { 852{
823 ESS_CERT_ID *cid; 853 ESS_CERT_ID *cid;
824 ESS_SIGNING_CERT *sc = NULL; 854 ESS_SIGNING_CERT *sc = NULL;
825 int i; 855 int i;
826 856
827 /* Creating the ESS_CERT_ID stack. */ 857 /* Creating the ESS_CERT_ID stack. */
828 if (!(sc = ESS_SIGNING_CERT_new())) goto err; 858 if (!(sc = ESS_SIGNING_CERT_new()))
859 goto err;
829 if (!sc->cert_ids && !(sc->cert_ids = sk_ESS_CERT_ID_new_null())) 860 if (!sc->cert_ids && !(sc->cert_ids = sk_ESS_CERT_ID_new_null()))
830 goto err; 861 goto err;
831 862
832 /* Adding the signing certificate id. */ 863 /* Adding the signing certificate id. */
833 if (!(cid = ESS_CERT_ID_new_init(signcert, 0)) 864 if (!(cid = ESS_CERT_ID_new_init(signcert, 0)) ||
834 || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) 865 !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
835 goto err; 866 goto err;
836 /* Adding the certificate chain ids. */ 867 /* Adding the certificate chain ids. */
837 for (i = 0; i < sk_X509_num(certs); ++i) 868 for (i = 0; i < sk_X509_num(certs); ++i) {
838 {
839 X509 *cert = sk_X509_value(certs, i); 869 X509 *cert = sk_X509_value(certs, i);
840 if (!(cid = ESS_CERT_ID_new_init(cert, 1)) 870 if (!(cid = ESS_CERT_ID_new_init(cert, 1)) ||
841 || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) 871 !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
842 goto err; 872 goto err;
843 } 873 }
844 874
845 return sc; 875 return sc;
876
846err: 877err:
847 ESS_SIGNING_CERT_free(sc); 878 ESS_SIGNING_CERT_free(sc);
848 TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE); 879 TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE);
849 return NULL; 880 return NULL;
850 } 881}
851 882
852static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) 883static ESS_CERT_ID *
853 { 884ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
885{
854 ESS_CERT_ID *cid = NULL; 886 ESS_CERT_ID *cid = NULL;
855 GENERAL_NAME *name = NULL; 887 GENERAL_NAME *name = NULL;
856 888
857 /* Recompute SHA1 hash of certificate if necessary (side effect). */ 889 /* Recompute SHA1 hash of certificate if necessary (side effect). */
858 X509_check_purpose(cert, -1, 0); 890 X509_check_purpose(cert, -1, 0);
859 891
860 if (!(cid = ESS_CERT_ID_new())) goto err; 892 if (!(cid = ESS_CERT_ID_new()))
893 goto err;
861 if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash, 894 if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash,
862 sizeof(cert->sha1_hash))) 895 sizeof(cert->sha1_hash)))
863 goto err; 896 goto err;
864 897
865 /* Setting the issuer/serial if requested. */ 898 /* Setting the issuer/serial if requested. */
866 if (issuer_needed) 899 if (issuer_needed) {
867 {
868 /* Creating issuer/serial structure. */ 900 /* Creating issuer/serial structure. */
869 if (!cid->issuer_serial 901 if (!cid->issuer_serial &&
870 && !(cid->issuer_serial = ESS_ISSUER_SERIAL_new())) 902 !(cid->issuer_serial = ESS_ISSUER_SERIAL_new()))
871 goto err; 903 goto err;
872 /* Creating general name from the certificate issuer. */ 904 /* Creating general name from the certificate issuer. */
873 if (!(name = GENERAL_NAME_new())) goto err; 905 if (!(name = GENERAL_NAME_new()))
906 goto err;
874 name->type = GEN_DIRNAME; 907 name->type = GEN_DIRNAME;
875 if (!(name->d.dirn = X509_NAME_dup(cert->cert_info->issuer))) 908 if (!(name->d.dirn = X509_NAME_dup(cert->cert_info->issuer)))
876 goto err; 909 goto err;
877 if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) 910 if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name))
878 goto err; 911 goto err;
879 name = NULL; /* Ownership is lost. */ 912 name = NULL; /* Ownership is lost. */
880 /* Setting the serial number. */ 913 /* Setting the serial number. */
881 ASN1_INTEGER_free(cid->issuer_serial->serial); 914 ASN1_INTEGER_free(cid->issuer_serial->serial);
882 if (!(cid->issuer_serial->serial = 915 if (!(cid->issuer_serial->serial =
883 ASN1_INTEGER_dup(cert->cert_info->serialNumber))) 916 ASN1_INTEGER_dup(cert->cert_info->serialNumber)))
884 goto err; 917 goto err;
885 } 918 }
886 919
887 return cid; 920 return cid;
921
888err: 922err:
889 GENERAL_NAME_free(name); 923 GENERAL_NAME_free(name);
890 ESS_CERT_ID_free(cid); 924 ESS_CERT_ID_free(cid);
891 TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE); 925 TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE);
892 return NULL; 926 return NULL;
893 } 927}
894 928
895static int TS_TST_INFO_content_new(PKCS7 *p7) 929static int
896 { 930TS_TST_INFO_content_new(PKCS7 *p7)
931{
897 PKCS7 *ret = NULL; 932 PKCS7 *ret = NULL;
898 ASN1_OCTET_STRING *octet_string = NULL; 933 ASN1_OCTET_STRING *octet_string = NULL;
899 934
900 /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */ 935 /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */
901 if (!(ret = PKCS7_new())) goto err; 936 if (!(ret = PKCS7_new()))
902 if (!(ret->d.other = ASN1_TYPE_new())) goto err; 937 goto err;
938 if (!(ret->d.other = ASN1_TYPE_new()))
939 goto err;
903 ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); 940 ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
904 if (!(octet_string = ASN1_OCTET_STRING_new())) goto err; 941 if (!(octet_string = ASN1_OCTET_STRING_new()))
942 goto err;
905 ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string); 943 ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string);
906 octet_string = NULL; 944 octet_string = NULL;
907 945
908 /* Add encapsulated content to signed PKCS7 structure. */ 946 /* Add encapsulated content to signed PKCS7 structure. */
909 if (!PKCS7_set_content(p7, ret)) goto err; 947 if (!PKCS7_set_content(p7, ret))
948 goto err;
910 949
911 return 1; 950 return 1;
912 err: 951
952err:
913 ASN1_OCTET_STRING_free(octet_string); 953 ASN1_OCTET_STRING_free(octet_string);
914 PKCS7_free(ret); 954 PKCS7_free(ret);
915 return 0; 955 return 0;
916 } 956}
917 957
918static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) 958static int
919 { 959ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
960{
920 ASN1_STRING *seq = NULL; 961 ASN1_STRING *seq = NULL;
921 unsigned char *p, *pp = NULL; 962 unsigned char *p, *pp = NULL;
922 int len; 963 int len;
923 964
924 len = i2d_ESS_SIGNING_CERT(sc, NULL); 965 len = i2d_ESS_SIGNING_CERT(sc, NULL);
925 if (!(pp = (unsigned char *) malloc(len))) 966 if (!(pp = (unsigned char *) malloc(len))) {
926 {
927 TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); 967 TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
928 goto err; 968 goto err;
929 } 969 }
930 p = pp; 970 p = pp;
931 i2d_ESS_SIGNING_CERT(sc, &p); 971 i2d_ESS_SIGNING_CERT(sc, &p);
932 if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) 972 if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) {
933 {
934 TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); 973 TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
935 goto err; 974 goto err;
936 } 975 }
937 free(pp); pp = NULL; 976 free(pp);
938 return PKCS7_add_signed_attribute(si, 977 pp = NULL;
939 NID_id_smime_aa_signingCertificate, 978 return PKCS7_add_signed_attribute(si,
940 V_ASN1_SEQUENCE, seq); 979 NID_id_smime_aa_signingCertificate, V_ASN1_SEQUENCE, seq);
941 err: 980
981err:
942 ASN1_STRING_free(seq); 982 ASN1_STRING_free(seq);
943 free(pp); 983 free(pp);
944 984
945 return 0; 985 return 0;
946 } 986}
947 987
948 988
949static ASN1_GENERALIZEDTIME * 989static ASN1_GENERALIZEDTIME *
950TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, 990TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
951 long sec, long usec, unsigned precision) 991 long sec, long usec, unsigned precision)
952 { 992{
953 time_t time_sec = (time_t) sec; 993 time_t time_sec = (time_t) sec;
954 struct tm *tm = NULL; 994 struct tm *tm = NULL;
955 char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; 995 char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
956 char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2]; 996 char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2];
957 char *p; 997 char *p;
@@ -960,26 +1000,25 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
960 if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) 1000 if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
961 goto err; 1001 goto err;
962 1002
963
964 if (!(tm = gmtime(&time_sec))) 1003 if (!(tm = gmtime(&time_sec)))
965 goto err; 1004 goto err;
966 1005
967 /* 1006 /*
968 * Put "genTime_str" in GeneralizedTime format. We work around the 1007 * Put "genTime_str" in GeneralizedTime format. We work around the
969 * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST 1008 * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST
970 * NOT include fractional seconds") and OpenSSL related functions to 1009 * NOT include fractional seconds") and OpenSSL related functions to
971 * meet the rfc3161 requirement: "GeneralizedTime syntax can include 1010 * meet the rfc3161 requirement: "GeneralizedTime syntax can include
972 * fraction-of-second details". 1011 * fraction-of-second details".
973 */ 1012 */
974 if (precision > 0) { 1013 if (precision > 0) {
975 /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides 1014 /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides
976 the following restrictions for a DER-encoding, which OpenSSL 1015 the following restrictions for a DER-encoding, which OpenSSL
977 (specifically ASN1_GENERALIZEDTIME_check() function) doesn't 1016 (specifically ASN1_GENERALIZEDTIME_check() function) doesn't
978 support: 1017 support:
979 "The encoding MUST terminate with a "Z" (which means "Zulu" 1018 "The encoding MUST terminate with a "Z" (which means "Zulu"
980 time). The decimal point element, if present, MUST be the 1019 time). The decimal point element, if present, MUST be the
981 point option ".". The fractional-seconds elements, 1020 point option ".". The fractional-seconds elements,
982 if present, MUST omit all trailing 0's; 1021 if present, MUST omit all trailing 0's;
983 if the elements correspond to 0, they MUST be wholly 1022 if the elements correspond to 0, they MUST be wholly
984 omitted, and the decimal point element also MUST be 1023 omitted, and the decimal point element also MUST be
985 omitted." */ 1024 omitted." */
@@ -999,7 +1038,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
999 } 1038 }
1000 rv = snprintf(genTime_str, sizeof(genTime_str), 1039 rv = snprintf(genTime_str, sizeof(genTime_str),
1001 "%04d%02d%02d%02d%02d%02d%sZ", 1040 "%04d%02d%02d%02d%02d%02d%sZ",
1002 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, 1041 tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
1003 tm->tm_hour, tm->tm_min, tm->tm_sec, usecstr); 1042 tm->tm_hour, tm->tm_min, tm->tm_sec, usecstr);
1004 if (rv == -1 || rv >= sizeof(genTime_str)) 1043 if (rv == -1 || rv >= sizeof(genTime_str))
1005 goto err; 1044 goto err;
@@ -1007,14 +1046,14 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
1007 /* Now call OpenSSL to check and set our genTime value */ 1046 /* Now call OpenSSL to check and set our genTime value */
1008 if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new())) 1047 if (!asn1_time && !(asn1_time = M_ASN1_GENERALIZEDTIME_new()))
1009 goto err; 1048 goto err;
1010 if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) 1049 if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) {
1011 {
1012 ASN1_GENERALIZEDTIME_free(asn1_time); 1050 ASN1_GENERALIZEDTIME_free(asn1_time);
1013 goto err; 1051 goto err;
1014 } 1052 }
1015 1053
1016 return asn1_time; 1054 return asn1_time;
1017 err: 1055
1056err:
1018 TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME); 1057 TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME);
1019 return NULL; 1058 return NULL;
1020 } 1059}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 04:45:57 +0000