This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414

author: cvs2svn <admin@example.com> 2025-04-14 17:32:06 +0000
committer: cvs2svn <admin@example.com> 2025-04-14 17:32:06 +0000
commit: eb8dd9dca1228af0cd132f515509051ecfabf6f6 (patch)
tree: edb6da6af7e865d488dc1a29309f1e1ec226e603 /src/lib/libcrypto/ts/ts_verify_ctx.c
parent: 247f0352e0ed72a4f476db9dc91f4d982bc83eb2 (diff)
download: openbsd-tb_20250414.tar.gz
openbsd-tb_20250414.tar.bz2
openbsd-tb_20250414.zip
1 files changed, 0 insertions, 236 deletions
diff --git a/src/lib/libcrypto/ts/ts_verify_ctx.c b/src/lib/libcrypto/ts/ts_verify_ctx.c
deleted file mode 100644
index 5a2d95c680..0000000000
--- a/src/lib/libcrypto/ts/ts_verify_ctx.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/* $OpenBSD: ts_verify_ctx.c,v 1.14 2023/07/07 07:25:21 beck Exp $ */
-/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/ts.h>
-#include "ts_local.h"
-TS_VERIFY_CTX *
-TS_VERIFY_CTX_new(void)
-{
-        TS_VERIFY_CTX *ctx = calloc(1, sizeof(TS_VERIFY_CTX));
-        if (!ctx)
-                TSerror(ERR_R_MALLOC_FAILURE);
-        return ctx;
-}
-LCRYPTO_ALIAS(TS_VERIFY_CTX_new);
-void
-TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
-{
-        if (!ctx)
-                return;
-        TS_VERIFY_CTX_cleanup(ctx);
-        free(ctx);
-}
-LCRYPTO_ALIAS(TS_VERIFY_CTX_free);
-void
-TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
-{
-        if (!ctx)
-                return;
-        X509_STORE_free(ctx->store);
-        sk_X509_pop_free(ctx->certs, X509_free);
-        ASN1_OBJECT_free(ctx->policy);
-        X509_ALGOR_free(ctx->md_alg);
-        free(ctx->imprint);
-        BIO_free_all(ctx->data);
-        ASN1_INTEGER_free(ctx->nonce);
-        GENERAL_NAME_free(ctx->tsa_name);
-        memset(ctx, 0, sizeof(*ctx));
-}
-LCRYPTO_ALIAS(TS_VERIFY_CTX_cleanup);
-/*
- * XXX: The following accessors demonstrate the amount of care and thought that
- * went into OpenSSL 1.1 API design and the review thereof: for whatever reason
- * these functions return what was passed in. Correct memory management is left
- * as an exercise for the reader... Unfortunately, careful consumers like
- * openssl-ruby assume this behavior, so we're stuck with this insanity. The
- * cherry on top is the TS_VERIFY_CTS_set_certs() [sic!] function that made it
- * into the public API.
- *
- * Outstanding job, R$ and tjh, A+.
- */
-int
-TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags)
-{
-        ctx->flags |= flags;
-        return ctx->flags;
-}
-LCRYPTO_ALIAS(TS_VERIFY_CTX_add_flags);
-int
-TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags)
-{
-        ctx->flags = flags;
-        return ctx->flags;
-}
-LCRYPTO_ALIAS(TS_VERIFY_CTX_set_flags);
-BIO *
-TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *bio)
-{
-        ctx->data = bio;
-        return ctx->data;
-}
-LCRYPTO_ALIAS(TS_VERIFY_CTX_set_data);
-X509_STORE *
-TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *store)
-{
-        ctx->store = store;
-        return ctx->store;
-}
-LCRYPTO_ALIAS(TS_VERIFY_CTX_set_store);
-STACK_OF(X509) *
-TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs)
-{
-        ctx->certs = certs;
-        return ctx->certs;
-}
-LCRYPTO_ALIAS(TS_VERIFY_CTX_set_certs);
-unsigned char *
-TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, unsigned char *imprint,
-    long imprint_len)
-{
-        free(ctx->imprint);
-        ctx->imprint = imprint;
-        ctx->imprint_len = imprint_len;
-        return ctx->imprint;
-}
-LCRYPTO_ALIAS(TS_VERIFY_CTX_set_imprint);
-TS_VERIFY_CTX *
-TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
-{
-        TS_VERIFY_CTX *ret = ctx;
-        ASN1_OBJECT *policy;
-        TS_MSG_IMPRINT *imprint;
-        X509_ALGOR *md_alg;
-        ASN1_OCTET_STRING *msg;
-        const ASN1_INTEGER *nonce;
-        if (ret)
-                TS_VERIFY_CTX_cleanup(ret);
-        else if (!(ret = TS_VERIFY_CTX_new()))
-                return NULL;
-        /* Setting flags. */
-        ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
-        /* Setting policy. */
-        if ((policy = TS_REQ_get_policy_id(req)) != NULL) {
-                if (!(ret->policy = OBJ_dup(policy)))
-                        goto err;
-        } else
-                ret->flags &= ~TS_VFY_POLICY;
-        /* Setting md_alg, imprint and imprint_len. */
-        imprint = TS_REQ_get_msg_imprint(req);
-        md_alg = TS_MSG_IMPRINT_get_algo(imprint);
-        if (!(ret->md_alg = X509_ALGOR_dup(md_alg)))
-                goto err;
-        msg = TS_MSG_IMPRINT_get_msg(imprint);
-        ret->imprint_len = ASN1_STRING_length(msg);
-        if (!(ret->imprint = malloc(ret->imprint_len)))
-                goto err;
-        memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len);
-        /* Setting nonce. */
-        if ((nonce = TS_REQ_get_nonce(req)) != NULL) {
-                if (!(ret->nonce = ASN1_INTEGER_dup(nonce)))
-                        goto err;
-        } else
-                ret->flags &= ~TS_VFY_NONCE;
-        return ret;
-err:
-        if (ctx)
-                TS_VERIFY_CTX_cleanup(ctx);
-        else
-                TS_VERIFY_CTX_free(ret);
-        return NULL;
-}
-LCRYPTO_ALIAS(TS_REQ_to_TS_VERIFY_CTX);
author	cvs2svn <admin@example.com>	2025-04-14 17:32:06 +0000
committer	cvs2svn <admin@example.com>	2025-04-14 17:32:06 +0000
commit	eb8dd9dca1228af0cd132f515509051ecfabf6f6 (patch)
tree	edb6da6af7e865d488dc1a29309f1e1ec226e603 /src/lib/libcrypto/ts/ts_verify_ctx.c
parent	247f0352e0ed72a4f476db9dc91f4d982bc83eb2 (diff)
download	openbsd-tb_20250414.tar.gz openbsd-tb_20250414.tar.bz2 openbsd-tb_20250414.zip

diff --git a/src/lib/libcrypto/ts/ts_verify_ctx.c b/src/lib/libcrypto/ts/ts_verify_ctx.c deleted file mode 100644 index 5a2d95c680..0000000000 --- a/src/lib/libcrypto/ts/ts_verify_ctx.c +++ /dev/null
@@ -1,236 +0,0 @@
1	/* $OpenBSD: ts_verify_ctx.c,v 1.14 2023/07/07 07:25:21 beck Exp $ */
2	/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3	* project 2003.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <string.h>
60
61	#include <openssl/err.h>
62	#include <openssl/objects.h>
63	#include <openssl/ts.h>
64
65	#include "ts_local.h"
66
67	TS_VERIFY_CTX *
68	TS_VERIFY_CTX_new(void)
69	{
70	TS_VERIFY_CTX *ctx = calloc(1, sizeof(TS_VERIFY_CTX));
71
72	if (!ctx)
73	TSerror(ERR_R_MALLOC_FAILURE);
74
75	return ctx;
76	}
77	LCRYPTO_ALIAS(TS_VERIFY_CTX_new);
78
79	void
80	TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
81	{
82	if (!ctx)
83	return;
84
85	TS_VERIFY_CTX_cleanup(ctx);
86	free(ctx);
87	}
88	LCRYPTO_ALIAS(TS_VERIFY_CTX_free);
89
90	void
91	TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
92	{
93	if (!ctx)
94	return;
95
96	X509_STORE_free(ctx->store);
97	sk_X509_pop_free(ctx->certs, X509_free);
98
99	ASN1_OBJECT_free(ctx->policy);
100
101	X509_ALGOR_free(ctx->md_alg);
102	free(ctx->imprint);
103
104	BIO_free_all(ctx->data);
105
106	ASN1_INTEGER_free(ctx->nonce);
107
108	GENERAL_NAME_free(ctx->tsa_name);
109
110	memset(ctx, 0, sizeof(*ctx));
111	}
112	LCRYPTO_ALIAS(TS_VERIFY_CTX_cleanup);
113
114	/*
115	* XXX: The following accessors demonstrate the amount of care and thought that
116	* went into OpenSSL 1.1 API design and the review thereof: for whatever reason
117	* these functions return what was passed in. Correct memory management is left
118	* as an exercise for the reader... Unfortunately, careful consumers like
119	* openssl-ruby assume this behavior, so we're stuck with this insanity. The
120	* cherry on top is the TS_VERIFY_CTS_set_certs() [sic!] function that made it
121	* into the public API.
122	*
123	* Outstanding job, R$ and tjh, A+.
124	*/
125
126	int
127	TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags)
128	{
129	ctx->flags \|= flags;
130
131	return ctx->flags;
132	}
133	LCRYPTO_ALIAS(TS_VERIFY_CTX_add_flags);
134
135	int
136	TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags)
137	{
138	ctx->flags = flags;
139
140	return ctx->flags;
141	}
142	LCRYPTO_ALIAS(TS_VERIFY_CTX_set_flags);
143
144	BIO *
145	TS_VERIFY_CTX_set_data(TS_VERIFY_CTX ctx, BIO bio)
146	{
147	ctx->data = bio;
148
149	return ctx->data;
150	}
151	LCRYPTO_ALIAS(TS_VERIFY_CTX_set_data);
152
153	X509_STORE *
154	TS_VERIFY_CTX_set_store(TS_VERIFY_CTX ctx, X509_STORE store)
155	{
156	ctx->store = store;
157
158	return ctx->store;
159	}
160	LCRYPTO_ALIAS(TS_VERIFY_CTX_set_store);
161
162	STACK_OF(X509) *
163	TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX ctx, STACK_OF(X509) certs)
164	{
165	ctx->certs = certs;
166
167	return ctx->certs;
168	}
169	LCRYPTO_ALIAS(TS_VERIFY_CTX_set_certs);
170
171	unsigned char *
172	TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX ctx, unsigned char imprint,
173	long imprint_len)
174	{
175	free(ctx->imprint);
176
177	ctx->imprint = imprint;
178	ctx->imprint_len = imprint_len;
179
180	return ctx->imprint;
181	}
182	LCRYPTO_ALIAS(TS_VERIFY_CTX_set_imprint);
183
184	TS_VERIFY_CTX *
185	TS_REQ_to_TS_VERIFY_CTX(TS_REQ req, TS_VERIFY_CTX ctx)
186	{
187	TS_VERIFY_CTX *ret = ctx;
188	ASN1_OBJECT *policy;
189	TS_MSG_IMPRINT *imprint;
190	X509_ALGOR *md_alg;
191	ASN1_OCTET_STRING *msg;
192	const ASN1_INTEGER *nonce;
193
194	if (ret)
195	TS_VERIFY_CTX_cleanup(ret);
196	else if (!(ret = TS_VERIFY_CTX_new()))
197	return NULL;
198
199	/* Setting flags. */
200	ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME \| TS_VFY_SIGNATURE);
201
202	/* Setting policy. */
203	if ((policy = TS_REQ_get_policy_id(req)) != NULL) {
204	if (!(ret->policy = OBJ_dup(policy)))
205	goto err;
206	} else
207	ret->flags &= ~TS_VFY_POLICY;
208
209	/* Setting md_alg, imprint and imprint_len. */
210	imprint = TS_REQ_get_msg_imprint(req);
211	md_alg = TS_MSG_IMPRINT_get_algo(imprint);
212	if (!(ret->md_alg = X509_ALGOR_dup(md_alg)))
213	goto err;
214	msg = TS_MSG_IMPRINT_get_msg(imprint);
215	ret->imprint_len = ASN1_STRING_length(msg);
216	if (!(ret->imprint = malloc(ret->imprint_len)))
217	goto err;
218	memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len);
219
220	/* Setting nonce. */
221	if ((nonce = TS_REQ_get_nonce(req)) != NULL) {
222	if (!(ret->nonce = ASN1_INTEGER_dup(nonce)))
223	goto err;
224	} else
225	ret->flags &= ~TS_VFY_NONCE;
226
227	return ret;
228
229	err:
230	if (ctx)
231	TS_VERIFY_CTX_cleanup(ctx);
232	else
233	TS_VERIFY_CTX_free(ret);
234	return NULL;
235	}
236	LCRYPTO_ALIAS(TS_REQ_to_TS_VERIFY_CTX);