diff options
Diffstat (limited to 'src/lib/libcrypto/ts/ts_rsp_sign.c')
| -rw-r--r-- | src/lib/libcrypto/ts/ts_rsp_sign.c | 62 |
1 files changed, 30 insertions, 32 deletions
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c index f9e8c53cc8..57e2d7f348 100644 --- a/src/lib/libcrypto/ts/ts_rsp_sign.c +++ b/src/lib/libcrypto/ts/ts_rsp_sign.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ts_rsp_sign.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */ | 1 | /* $OpenBSD: ts_rsp_sign.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */ |
| 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL | 2 | /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL |
| 3 | * project 2002. | 3 | * project 2002. |
| 4 | */ | 4 | */ |
| @@ -103,7 +103,7 @@ def_serial_cb(struct TS_resp_ctx *ctx, void *data) | |||
| 103 | return serial; | 103 | return serial; |
| 104 | 104 | ||
| 105 | err: | 105 | err: |
| 106 | TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); | 106 | TSerror(ERR_R_MALLOC_FAILURE); |
| 107 | TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, | 107 | TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, |
| 108 | "Error during serial number generation."); | 108 | "Error during serial number generation."); |
| 109 | return NULL; | 109 | return NULL; |
| @@ -116,7 +116,7 @@ def_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec) | |||
| 116 | struct timeval tv; | 116 | struct timeval tv; |
| 117 | 117 | ||
| 118 | if (gettimeofday(&tv, NULL) != 0) { | 118 | if (gettimeofday(&tv, NULL) != 0) { |
| 119 | TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR); | 119 | TSerror(TS_R_TIME_SYSCALL_ERROR); |
| 120 | TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, | 120 | TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, |
| 121 | "Time is not available."); | 121 | "Time is not available."); |
| 122 | TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); | 122 | TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); |
| @@ -147,7 +147,7 @@ TS_RESP_CTX_new(void) | |||
| 147 | TS_RESP_CTX *ctx; | 147 | TS_RESP_CTX *ctx; |
| 148 | 148 | ||
| 149 | if (!(ctx = calloc(1, sizeof(TS_RESP_CTX)))) { | 149 | if (!(ctx = calloc(1, sizeof(TS_RESP_CTX)))) { |
| 150 | TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE); | 150 | TSerror(ERR_R_MALLOC_FAILURE); |
| 151 | return NULL; | 151 | return NULL; |
| 152 | } | 152 | } |
| 153 | 153 | ||
| @@ -181,8 +181,7 @@ int | |||
| 181 | TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) | 181 | TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) |
| 182 | { | 182 | { |
| 183 | if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) { | 183 | if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) { |
| 184 | TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT, | 184 | TSerror(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); |
| 185 | TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); | ||
| 186 | return 0; | 185 | return 0; |
| 187 | } | 186 | } |
| 188 | X509_free(ctx->signer_cert); | 187 | X509_free(ctx->signer_cert); |
| @@ -211,7 +210,7 @@ TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) | |||
| 211 | return 1; | 210 | return 1; |
| 212 | 211 | ||
| 213 | err: | 212 | err: |
| 214 | TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE); | 213 | TSerror(ERR_R_MALLOC_FAILURE); |
| 215 | return 0; | 214 | return 0; |
| 216 | } | 215 | } |
| 217 | 216 | ||
| @@ -227,7 +226,7 @@ TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) | |||
| 227 | if (!certs) | 226 | if (!certs) |
| 228 | return 1; | 227 | return 1; |
| 229 | if (!(ctx->certs = sk_X509_dup(certs))) { | 228 | if (!(ctx->certs = sk_X509_dup(certs))) { |
| 230 | TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE); | 229 | TSerror(ERR_R_MALLOC_FAILURE); |
| 231 | return 0; | 230 | return 0; |
| 232 | } | 231 | } |
| 233 | for (i = 0; i < sk_X509_num(ctx->certs); ++i) { | 232 | for (i = 0; i < sk_X509_num(ctx->certs); ++i) { |
| @@ -254,7 +253,7 @@ TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) | |||
| 254 | return 1; | 253 | return 1; |
| 255 | 254 | ||
| 256 | err: | 255 | err: |
| 257 | TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE); | 256 | TSerror(ERR_R_MALLOC_FAILURE); |
| 258 | ASN1_OBJECT_free(copy); | 257 | ASN1_OBJECT_free(copy); |
| 259 | return 0; | 258 | return 0; |
| 260 | } | 259 | } |
| @@ -272,7 +271,7 @@ TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md) | |||
| 272 | return 1; | 271 | return 1; |
| 273 | 272 | ||
| 274 | err: | 273 | err: |
| 275 | TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE); | 274 | TSerror(ERR_R_MALLOC_FAILURE); |
| 276 | return 0; | 275 | return 0; |
| 277 | } | 276 | } |
| 278 | 277 | ||
| @@ -302,7 +301,7 @@ TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, int secs, int millis, int micros) | |||
| 302 | 301 | ||
| 303 | err: | 302 | err: |
| 304 | TS_RESP_CTX_accuracy_free(ctx); | 303 | TS_RESP_CTX_accuracy_free(ctx); |
| 305 | TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE); | 304 | TSerror(ERR_R_MALLOC_FAILURE); |
| 306 | return 0; | 305 | return 0; |
| 307 | } | 306 | } |
| 308 | 307 | ||
| @@ -353,7 +352,7 @@ TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, int status, const char *text) | |||
| 353 | 352 | ||
| 354 | err: | 353 | err: |
| 355 | if (!ret) | 354 | if (!ret) |
| 356 | TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); | 355 | TSerror(ERR_R_MALLOC_FAILURE); |
| 357 | TS_STATUS_INFO_free(si); | 356 | TS_STATUS_INFO_free(si); |
| 358 | ASN1_UTF8STRING_free(utf8_text); | 357 | ASN1_UTF8STRING_free(utf8_text); |
| 359 | return ret; | 358 | return ret; |
| @@ -384,7 +383,7 @@ TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure) | |||
| 384 | return 1; | 383 | return 1; |
| 385 | 384 | ||
| 386 | err: | 385 | err: |
| 387 | TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE); | 386 | TSerror(ERR_R_MALLOC_FAILURE); |
| 388 | return 0; | 387 | return 0; |
| 389 | } | 388 | } |
| 390 | 389 | ||
| @@ -421,7 +420,7 @@ TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) | |||
| 421 | 420 | ||
| 422 | /* Creating the response object. */ | 421 | /* Creating the response object. */ |
| 423 | if (!(ctx->response = TS_RESP_new())) { | 422 | if (!(ctx->response = TS_RESP_new())) { |
| 424 | TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE); | 423 | TSerror(ERR_R_MALLOC_FAILURE); |
| 425 | goto end; | 424 | goto end; |
| 426 | } | 425 | } |
| 427 | 426 | ||
| @@ -463,7 +462,7 @@ TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) | |||
| 463 | 462 | ||
| 464 | end: | 463 | end: |
| 465 | if (!result) { | 464 | if (!result) { |
| 466 | TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR); | 465 | TSerror(TS_R_RESPONSE_SETUP_ERROR); |
| 467 | if (ctx->response != NULL) { | 466 | if (ctx->response != NULL) { |
| 468 | if (TS_RESP_CTX_set_status_info_cond(ctx, | 467 | if (TS_RESP_CTX_set_status_info_cond(ctx, |
| 469 | TS_STATUS_REJECTION, "Error during response " | 468 | TS_STATUS_REJECTION, "Error during response " |
| @@ -567,7 +566,7 @@ TS_RESP_get_policy(TS_RESP_CTX *ctx) | |||
| 567 | int i; | 566 | int i; |
| 568 | 567 | ||
| 569 | if (ctx->default_policy == NULL) { | 568 | if (ctx->default_policy == NULL) { |
| 570 | TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER); | 569 | TSerror(TS_R_INVALID_NULL_POINTER); |
| 571 | return NULL; | 570 | return NULL; |
| 572 | } | 571 | } |
| 573 | /* Return the default policy if none is requested or the default is | 572 | /* Return the default policy if none is requested or the default is |
| @@ -582,7 +581,7 @@ TS_RESP_get_policy(TS_RESP_CTX *ctx) | |||
| 582 | policy = current; | 581 | policy = current; |
| 583 | } | 582 | } |
| 584 | if (!policy) { | 583 | if (!policy) { |
| 585 | TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY); | 584 | TSerror(TS_R_UNACCEPTABLE_POLICY); |
| 586 | TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, | 585 | TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, |
| 587 | "Requested policy is not " | 586 | "Requested policy is not " |
| 588 | "supported."); | 587 | "supported."); |
| @@ -665,7 +664,7 @@ end: | |||
| 665 | if (!result) { | 664 | if (!result) { |
| 666 | TS_TST_INFO_free(tst_info); | 665 | TS_TST_INFO_free(tst_info); |
| 667 | tst_info = NULL; | 666 | tst_info = NULL; |
| 668 | TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR); | 667 | TSerror(TS_R_TST_INFO_SETUP_ERROR); |
| 669 | TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, | 668 | TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, |
| 670 | "Error during TSTInfo " | 669 | "Error during TSTInfo " |
| 671 | "generation."); | 670 | "generation."); |
| @@ -716,14 +715,13 @@ TS_RESP_sign(TS_RESP_CTX *ctx) | |||
| 716 | 715 | ||
| 717 | /* Check if signcert and pkey match. */ | 716 | /* Check if signcert and pkey match. */ |
| 718 | if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) { | 717 | if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) { |
| 719 | TSerr(TS_F_TS_RESP_SIGN, | 718 | TSerror(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); |
| 720 | TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); | ||
| 721 | goto err; | 719 | goto err; |
| 722 | } | 720 | } |
| 723 | 721 | ||
| 724 | /* Create a new PKCS7 signed object. */ | 722 | /* Create a new PKCS7 signed object. */ |
| 725 | if (!(p7 = PKCS7_new())) { | 723 | if (!(p7 = PKCS7_new())) { |
| 726 | TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); | 724 | TSerror(ERR_R_MALLOC_FAILURE); |
| 727 | goto err; | 725 | goto err; |
| 728 | } | 726 | } |
| 729 | if (!PKCS7_set_type(p7, NID_pkcs7_signed)) | 727 | if (!PKCS7_set_type(p7, NID_pkcs7_signed)) |
| @@ -747,7 +745,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx) | |||
| 747 | /* Add a new signer info. */ | 745 | /* Add a new signer info. */ |
| 748 | if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, | 746 | if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, |
| 749 | ctx->signer_key, EVP_sha1()))) { | 747 | ctx->signer_key, EVP_sha1()))) { |
| 750 | TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR); | 748 | TSerror(TS_R_PKCS7_ADD_SIGNATURE_ERROR); |
| 751 | goto err; | 749 | goto err; |
| 752 | } | 750 | } |
| 753 | 751 | ||
| @@ -755,7 +753,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx) | |||
| 755 | oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); | 753 | oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); |
| 756 | if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, | 754 | if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, |
| 757 | V_ASN1_OBJECT, oid)) { | 755 | V_ASN1_OBJECT, oid)) { |
| 758 | TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); | 756 | TSerror(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); |
| 759 | goto err; | 757 | goto err; |
| 760 | } | 758 | } |
| 761 | 759 | ||
| @@ -767,7 +765,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx) | |||
| 767 | 765 | ||
| 768 | /* Add SigningCertificate signed attribute to the signer info. */ | 766 | /* Add SigningCertificate signed attribute to the signer info. */ |
| 769 | if (!ESS_add_signing_cert(si, sc)) { | 767 | if (!ESS_add_signing_cert(si, sc)) { |
| 770 | TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR); | 768 | TSerror(TS_R_ESS_ADD_SIGNING_CERT_ERROR); |
| 771 | goto err; | 769 | goto err; |
| 772 | } | 770 | } |
| 773 | 771 | ||
| @@ -777,19 +775,19 @@ TS_RESP_sign(TS_RESP_CTX *ctx) | |||
| 777 | 775 | ||
| 778 | /* Add the DER encoded tst_info to the PKCS7 structure. */ | 776 | /* Add the DER encoded tst_info to the PKCS7 structure. */ |
| 779 | if (!(p7bio = PKCS7_dataInit(p7, NULL))) { | 777 | if (!(p7bio = PKCS7_dataInit(p7, NULL))) { |
| 780 | TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); | 778 | TSerror(ERR_R_MALLOC_FAILURE); |
| 781 | goto err; | 779 | goto err; |
| 782 | } | 780 | } |
| 783 | 781 | ||
| 784 | /* Convert tst_info to DER. */ | 782 | /* Convert tst_info to DER. */ |
| 785 | if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) { | 783 | if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) { |
| 786 | TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); | 784 | TSerror(TS_R_TS_DATASIGN); |
| 787 | goto err; | 785 | goto err; |
| 788 | } | 786 | } |
| 789 | 787 | ||
| 790 | /* Create the signature and add it to the signer info. */ | 788 | /* Create the signature and add it to the signer info. */ |
| 791 | if (!PKCS7_dataFinal(p7, p7bio)) { | 789 | if (!PKCS7_dataFinal(p7, p7bio)) { |
| 792 | TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); | 790 | TSerror(TS_R_TS_DATASIGN); |
| 793 | goto err; | 791 | goto err; |
| 794 | } | 792 | } |
| 795 | 793 | ||
| @@ -840,7 +838,7 @@ ESS_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs) | |||
| 840 | 838 | ||
| 841 | err: | 839 | err: |
| 842 | ESS_SIGNING_CERT_free(sc); | 840 | ESS_SIGNING_CERT_free(sc); |
| 843 | TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE); | 841 | TSerror(ERR_R_MALLOC_FAILURE); |
| 844 | return NULL; | 842 | return NULL; |
| 845 | } | 843 | } |
| 846 | 844 | ||
| @@ -886,7 +884,7 @@ ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) | |||
| 886 | err: | 884 | err: |
| 887 | GENERAL_NAME_free(name); | 885 | GENERAL_NAME_free(name); |
| 888 | ESS_CERT_ID_free(cid); | 886 | ESS_CERT_ID_free(cid); |
| 889 | TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE); | 887 | TSerror(ERR_R_MALLOC_FAILURE); |
| 890 | return NULL; | 888 | return NULL; |
| 891 | } | 889 | } |
| 892 | 890 | ||
| @@ -928,13 +926,13 @@ ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) | |||
| 928 | 926 | ||
| 929 | len = i2d_ESS_SIGNING_CERT(sc, NULL); | 927 | len = i2d_ESS_SIGNING_CERT(sc, NULL); |
| 930 | if (!(pp = malloc(len))) { | 928 | if (!(pp = malloc(len))) { |
| 931 | TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); | 929 | TSerror(ERR_R_MALLOC_FAILURE); |
| 932 | goto err; | 930 | goto err; |
| 933 | } | 931 | } |
| 934 | p = pp; | 932 | p = pp; |
| 935 | i2d_ESS_SIGNING_CERT(sc, &p); | 933 | i2d_ESS_SIGNING_CERT(sc, &p); |
| 936 | if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { | 934 | if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { |
| 937 | TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); | 935 | TSerror(ERR_R_MALLOC_FAILURE); |
| 938 | goto err; | 936 | goto err; |
| 939 | } | 937 | } |
| 940 | free(pp); | 938 | free(pp); |
| @@ -1017,6 +1015,6 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, | |||
| 1017 | return asn1_time; | 1015 | return asn1_time; |
| 1018 | 1016 | ||
| 1019 | err: | 1017 | err: |
| 1020 | TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME); | 1018 | TSerror(TS_R_COULD_NOT_SET_TIME); |
| 1021 | return NULL; | 1019 | return NULL; |
| 1022 | } | 1020 | } |