summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ts
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/ts')
-rw-r--r--src/lib/libcrypto/ts/ts_asn1.c17
-rw-r--r--src/lib/libcrypto/ts/ts_conf.c5
-rw-r--r--src/lib/libcrypto/ts/ts_err.c54
-rw-r--r--src/lib/libcrypto/ts/ts_req_utils.c10
-rw-r--r--src/lib/libcrypto/ts/ts_rsp_sign.c62
-rw-r--r--src/lib/libcrypto/ts/ts_rsp_utils.c26
-rw-r--r--src/lib/libcrypto/ts/ts_rsp_verify.c42
-rw-r--r--src/lib/libcrypto/ts/ts_verify_ctx.c4
8 files changed, 81 insertions, 139 deletions
diff --git a/src/lib/libcrypto/ts/ts_asn1.c b/src/lib/libcrypto/ts/ts_asn1.c
index 49232d8073..bc89f1368a 100644
--- a/src/lib/libcrypto/ts/ts_asn1.c
+++ b/src/lib/libcrypto/ts/ts_asn1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts_asn1.c,v 1.10 2016/11/04 18:35:30 jsing Exp $ */ 1/* $OpenBSD: ts_asn1.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Nils Larsch for the OpenSSL project 2004. 2/* Written by Nils Larsch for the OpenSSL project 2004.
3 */ 3 */
4/* ==================================================================== 4/* ====================================================================
@@ -541,19 +541,18 @@ ts_resp_set_tst_info(TS_RESP *a)
541 541
542 if (a->token) { 542 if (a->token) {
543 if (status != 0 && status != 1) { 543 if (status != 0 && status != 1) {
544 TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT); 544 TSerror(TS_R_TOKEN_PRESENT);
545 return 0; 545 return 0;
546 } 546 }
547 if (a->tst_info != NULL) 547 if (a->tst_info != NULL)
548 TS_TST_INFO_free(a->tst_info); 548 TS_TST_INFO_free(a->tst_info);
549 a->tst_info = PKCS7_to_TS_TST_INFO(a->token); 549 a->tst_info = PKCS7_to_TS_TST_INFO(a->token);
550 if (!a->tst_info) { 550 if (!a->tst_info) {
551 TSerr(TS_F_TS_RESP_SET_TST_INFO, 551 TSerror(TS_R_PKCS7_TO_TS_TST_INFO_FAILED);
552 TS_R_PKCS7_TO_TS_TST_INFO_FAILED);
553 return 0; 552 return 0;
554 } 553 }
555 } else if (status == 0 || status == 1) { 554 } else if (status == 0 || status == 1) {
556 TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT); 555 TSerror(TS_R_TOKEN_NOT_PRESENT);
557 return 0; 556 return 0;
558 } 557 }
559 558
@@ -858,13 +857,13 @@ PKCS7_to_TS_TST_INFO(PKCS7 *token)
858 const unsigned char *p; 857 const unsigned char *p;
859 858
860 if (!PKCS7_type_is_signed(token)) { 859 if (!PKCS7_type_is_signed(token)) {
861 TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); 860 TSerror(TS_R_BAD_PKCS7_TYPE);
862 return NULL; 861 return NULL;
863 } 862 }
864 863
865 /* Content must be present. */ 864 /* Content must be present. */
866 if (PKCS7_get_detached(token)) { 865 if (PKCS7_get_detached(token)) {
867 TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT); 866 TSerror(TS_R_DETACHED_CONTENT);
868 return NULL; 867 return NULL;
869 } 868 }
870 869
@@ -872,14 +871,14 @@ PKCS7_to_TS_TST_INFO(PKCS7 *token)
872 pkcs7_signed = token->d.sign; 871 pkcs7_signed = token->d.sign;
873 enveloped = pkcs7_signed->contents; 872 enveloped = pkcs7_signed->contents;
874 if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) { 873 if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) {
875 TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); 874 TSerror(TS_R_BAD_PKCS7_TYPE);
876 return NULL; 875 return NULL;
877 } 876 }
878 877
879 /* We have a DER encoded TST_INFO as the signed data. */ 878 /* We have a DER encoded TST_INFO as the signed data. */
880 tst_info_wrapper = enveloped->d.other; 879 tst_info_wrapper = enveloped->d.other;
881 if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) { 880 if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) {
882 TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE); 881 TSerror(TS_R_BAD_TYPE);
883 return NULL; 882 return NULL;
884 } 883 }
885 884
diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c
index bb98a6ff4c..c223aa3d46 100644
--- a/src/lib/libcrypto/ts/ts_conf.c
+++ b/src/lib/libcrypto/ts/ts_conf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts_conf.c,v 1.9 2015/02/11 03:19:37 doug Exp $ */ 1/* $OpenBSD: ts_conf.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -245,8 +245,7 @@ TS_CONF_set_default_engine(const char *name)
245 245
246err: 246err:
247 if (!ret) { 247 if (!ret) {
248 TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, 248 TSerror(TS_R_COULD_NOT_SET_ENGINE);
249 TS_R_COULD_NOT_SET_ENGINE);
250 ERR_asprintf_error_data("engine:%s", name); 249 ERR_asprintf_error_data("engine:%s", name);
251 } 250 }
252 if (e) 251 if (e)
diff --git a/src/lib/libcrypto/ts/ts_err.c b/src/lib/libcrypto/ts/ts_err.c
index f71be883f8..4b89909384 100644
--- a/src/lib/libcrypto/ts/ts_err.c
+++ b/src/lib/libcrypto/ts/ts_err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts_err.c,v 1.4 2014/07/10 22:45:58 jsing Exp $ */ 1/* $OpenBSD: ts_err.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -72,57 +72,7 @@
72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason) 72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason)
73 73
74static ERR_STRING_DATA TS_str_functs[] = { 74static ERR_STRING_DATA TS_str_functs[] = {
75 {ERR_FUNC(TS_F_D2I_TS_RESP), "d2i_TS_RESP"}, 75 {ERR_FUNC(0xfff), "CRYPTO_internal"},
76 {ERR_FUNC(TS_F_DEF_SERIAL_CB), "DEF_SERIAL_CB"},
77 {ERR_FUNC(TS_F_DEF_TIME_CB), "DEF_TIME_CB"},
78 {ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_ADD_SIGNING_CERT"},
79 {ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT), "ESS_CERT_ID_NEW_INIT"},
80 {ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT), "ESS_SIGNING_CERT_NEW_INIT"},
81 {ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN), "INT_TS_RESP_VERIFY_TOKEN"},
82 {ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO), "PKCS7_to_TS_TST_INFO"},
83 {ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"},
84 {ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"},
85 {ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS), "TS_ACCURACY_set_seconds"},
86 {ERR_FUNC(TS_F_TS_CHECK_IMPRINTS), "TS_CHECK_IMPRINTS"},
87 {ERR_FUNC(TS_F_TS_CHECK_NONCES), "TS_CHECK_NONCES"},
88 {ERR_FUNC(TS_F_TS_CHECK_POLICY), "TS_CHECK_POLICY"},
89 {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"},
90 {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"},
91 {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"},
92 {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"},
93 {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"},
94 {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"},
95 {ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"},
96 {ERR_FUNC(TS_F_TS_REQ_SET_NONCE), "TS_REQ_set_nonce"},
97 {ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID), "TS_REQ_set_policy_id"},
98 {ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE), "TS_RESP_create_response"},
99 {ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO), "TS_RESP_CREATE_TST_INFO"},
100 {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO), "TS_RESP_CTX_add_failure_info"},
101 {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD), "TS_RESP_CTX_add_md"},
102 {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"},
103 {ERR_FUNC(TS_F_TS_RESP_CTX_NEW), "TS_RESP_CTX_new"},
104 {ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY), "TS_RESP_CTX_set_accuracy"},
105 {ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS), "TS_RESP_CTX_set_certs"},
106 {ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY), "TS_RESP_CTX_set_def_policy"},
107 {ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT), "TS_RESP_CTX_set_signer_cert"},
108 {ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO), "TS_RESP_CTX_set_status_info"},
109 {ERR_FUNC(TS_F_TS_RESP_GET_POLICY), "TS_RESP_GET_POLICY"},
110 {ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION), "TS_RESP_SET_GENTIME_WITH_PRECISION"},
111 {ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO), "TS_RESP_set_status_info"},
112 {ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"},
113 {ERR_FUNC(TS_F_TS_RESP_SIGN), "TS_RESP_SIGN"},
114 {ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"},
115 {ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN), "TS_RESP_verify_token"},
116 {ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"},
117 {ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT), "TS_TST_INFO_set_msg_imprint"},
118 {ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE), "TS_TST_INFO_set_nonce"},
119 {ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID), "TS_TST_INFO_set_policy_id"},
120 {ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"},
121 {ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME), "TS_TST_INFO_set_time"},
122 {ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA), "TS_TST_INFO_set_tsa"},
123 {ERR_FUNC(TS_F_TS_VERIFY), "TS_VERIFY"},
124 {ERR_FUNC(TS_F_TS_VERIFY_CERT), "TS_VERIFY_CERT"},
125 {ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW), "TS_VERIFY_CTX_new"},
126 {0, NULL} 76 {0, NULL}
127}; 77};
128 78
diff --git a/src/lib/libcrypto/ts/ts_req_utils.c b/src/lib/libcrypto/ts/ts_req_utils.c
index ab813b2b42..bd707c228f 100644
--- a/src/lib/libcrypto/ts/ts_req_utils.c
+++ b/src/lib/libcrypto/ts/ts_req_utils.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts_req_utils.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */ 1/* $OpenBSD: ts_req_utils.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -84,7 +84,7 @@ TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint)
84 return 1; 84 return 1;
85 new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); 85 new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
86 if (new_msg_imprint == NULL) { 86 if (new_msg_imprint == NULL) {
87 TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE); 87 TSerror(ERR_R_MALLOC_FAILURE);
88 return 0; 88 return 0;
89 } 89 }
90 TS_MSG_IMPRINT_free(a->msg_imprint); 90 TS_MSG_IMPRINT_free(a->msg_imprint);
@@ -107,7 +107,7 @@ TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg)
107 return 1; 107 return 1;
108 new_alg = X509_ALGOR_dup(alg); 108 new_alg = X509_ALGOR_dup(alg);
109 if (new_alg == NULL) { 109 if (new_alg == NULL) {
110 TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE); 110 TSerror(ERR_R_MALLOC_FAILURE);
111 return 0; 111 return 0;
112 } 112 }
113 X509_ALGOR_free(a->hash_algo); 113 X509_ALGOR_free(a->hash_algo);
@@ -142,7 +142,7 @@ TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy)
142 return 1; 142 return 1;
143 new_policy = OBJ_dup(policy); 143 new_policy = OBJ_dup(policy);
144 if (new_policy == NULL) { 144 if (new_policy == NULL) {
145 TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE); 145 TSerror(ERR_R_MALLOC_FAILURE);
146 return 0; 146 return 0;
147 } 147 }
148 ASN1_OBJECT_free(a->policy_id); 148 ASN1_OBJECT_free(a->policy_id);
@@ -165,7 +165,7 @@ TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce)
165 return 1; 165 return 1;
166 new_nonce = ASN1_INTEGER_dup(nonce); 166 new_nonce = ASN1_INTEGER_dup(nonce);
167 if (new_nonce == NULL) { 167 if (new_nonce == NULL) {
168 TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE); 168 TSerror(ERR_R_MALLOC_FAILURE);
169 return 0; 169 return 0;
170 } 170 }
171 ASN1_INTEGER_free(a->nonce); 171 ASN1_INTEGER_free(a->nonce);
diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c
index f9e8c53cc8..57e2d7f348 100644
--- a/src/lib/libcrypto/ts/ts_rsp_sign.c
+++ b/src/lib/libcrypto/ts/ts_rsp_sign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts_rsp_sign.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */ 1/* $OpenBSD: ts_rsp_sign.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -103,7 +103,7 @@ def_serial_cb(struct TS_resp_ctx *ctx, void *data)
103 return serial; 103 return serial;
104 104
105err: 105err:
106 TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); 106 TSerror(ERR_R_MALLOC_FAILURE);
107 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 107 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
108 "Error during serial number generation."); 108 "Error during serial number generation.");
109 return NULL; 109 return NULL;
@@ -116,7 +116,7 @@ def_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec)
116 struct timeval tv; 116 struct timeval tv;
117 117
118 if (gettimeofday(&tv, NULL) != 0) { 118 if (gettimeofday(&tv, NULL) != 0) {
119 TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR); 119 TSerror(TS_R_TIME_SYSCALL_ERROR);
120 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 120 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
121 "Time is not available."); 121 "Time is not available.");
122 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); 122 TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
@@ -147,7 +147,7 @@ TS_RESP_CTX_new(void)
147 TS_RESP_CTX *ctx; 147 TS_RESP_CTX *ctx;
148 148
149 if (!(ctx = calloc(1, sizeof(TS_RESP_CTX)))) { 149 if (!(ctx = calloc(1, sizeof(TS_RESP_CTX)))) {
150 TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE); 150 TSerror(ERR_R_MALLOC_FAILURE);
151 return NULL; 151 return NULL;
152 } 152 }
153 153
@@ -181,8 +181,7 @@ int
181TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) 181TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
182{ 182{
183 if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) { 183 if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) {
184 TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT, 184 TSerror(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
185 TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
186 return 0; 185 return 0;
187 } 186 }
188 X509_free(ctx->signer_cert); 187 X509_free(ctx->signer_cert);
@@ -211,7 +210,7 @@ TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
211 return 1; 210 return 1;
212 211
213err: 212err:
214 TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE); 213 TSerror(ERR_R_MALLOC_FAILURE);
215 return 0; 214 return 0;
216} 215}
217 216
@@ -227,7 +226,7 @@ TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
227 if (!certs) 226 if (!certs)
228 return 1; 227 return 1;
229 if (!(ctx->certs = sk_X509_dup(certs))) { 228 if (!(ctx->certs = sk_X509_dup(certs))) {
230 TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE); 229 TSerror(ERR_R_MALLOC_FAILURE);
231 return 0; 230 return 0;
232 } 231 }
233 for (i = 0; i < sk_X509_num(ctx->certs); ++i) { 232 for (i = 0; i < sk_X509_num(ctx->certs); ++i) {
@@ -254,7 +253,7 @@ TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy)
254 return 1; 253 return 1;
255 254
256err: 255err:
257 TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE); 256 TSerror(ERR_R_MALLOC_FAILURE);
258 ASN1_OBJECT_free(copy); 257 ASN1_OBJECT_free(copy);
259 return 0; 258 return 0;
260} 259}
@@ -272,7 +271,7 @@ TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
272 return 1; 271 return 1;
273 272
274err: 273err:
275 TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE); 274 TSerror(ERR_R_MALLOC_FAILURE);
276 return 0; 275 return 0;
277} 276}
278 277
@@ -302,7 +301,7 @@ TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, int secs, int millis, int micros)
302 301
303err: 302err:
304 TS_RESP_CTX_accuracy_free(ctx); 303 TS_RESP_CTX_accuracy_free(ctx);
305 TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE); 304 TSerror(ERR_R_MALLOC_FAILURE);
306 return 0; 305 return 0;
307} 306}
308 307
@@ -353,7 +352,7 @@ TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, int status, const char *text)
353 352
354err: 353err:
355 if (!ret) 354 if (!ret)
356 TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); 355 TSerror(ERR_R_MALLOC_FAILURE);
357 TS_STATUS_INFO_free(si); 356 TS_STATUS_INFO_free(si);
358 ASN1_UTF8STRING_free(utf8_text); 357 ASN1_UTF8STRING_free(utf8_text);
359 return ret; 358 return ret;
@@ -384,7 +383,7 @@ TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure)
384 return 1; 383 return 1;
385 384
386err: 385err:
387 TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE); 386 TSerror(ERR_R_MALLOC_FAILURE);
388 return 0; 387 return 0;
389} 388}
390 389
@@ -421,7 +420,7 @@ TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
421 420
422 /* Creating the response object. */ 421 /* Creating the response object. */
423 if (!(ctx->response = TS_RESP_new())) { 422 if (!(ctx->response = TS_RESP_new())) {
424 TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE); 423 TSerror(ERR_R_MALLOC_FAILURE);
425 goto end; 424 goto end;
426 } 425 }
427 426
@@ -463,7 +462,7 @@ TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
463 462
464end: 463end:
465 if (!result) { 464 if (!result) {
466 TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR); 465 TSerror(TS_R_RESPONSE_SETUP_ERROR);
467 if (ctx->response != NULL) { 466 if (ctx->response != NULL) {
468 if (TS_RESP_CTX_set_status_info_cond(ctx, 467 if (TS_RESP_CTX_set_status_info_cond(ctx,
469 TS_STATUS_REJECTION, "Error during response " 468 TS_STATUS_REJECTION, "Error during response "
@@ -567,7 +566,7 @@ TS_RESP_get_policy(TS_RESP_CTX *ctx)
567 int i; 566 int i;
568 567
569 if (ctx->default_policy == NULL) { 568 if (ctx->default_policy == NULL) {
570 TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER); 569 TSerror(TS_R_INVALID_NULL_POINTER);
571 return NULL; 570 return NULL;
572 } 571 }
573 /* Return the default policy if none is requested or the default is 572 /* Return the default policy if none is requested or the default is
@@ -582,7 +581,7 @@ TS_RESP_get_policy(TS_RESP_CTX *ctx)
582 policy = current; 581 policy = current;
583 } 582 }
584 if (!policy) { 583 if (!policy) {
585 TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY); 584 TSerror(TS_R_UNACCEPTABLE_POLICY);
586 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, 585 TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
587 "Requested policy is not " 586 "Requested policy is not "
588 "supported."); 587 "supported.");
@@ -665,7 +664,7 @@ end:
665 if (!result) { 664 if (!result) {
666 TS_TST_INFO_free(tst_info); 665 TS_TST_INFO_free(tst_info);
667 tst_info = NULL; 666 tst_info = NULL;
668 TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR); 667 TSerror(TS_R_TST_INFO_SETUP_ERROR);
669 TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, 668 TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
670 "Error during TSTInfo " 669 "Error during TSTInfo "
671 "generation."); 670 "generation.");
@@ -716,14 +715,13 @@ TS_RESP_sign(TS_RESP_CTX *ctx)
716 715
717 /* Check if signcert and pkey match. */ 716 /* Check if signcert and pkey match. */
718 if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) { 717 if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {
719 TSerr(TS_F_TS_RESP_SIGN, 718 TSerror(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
720 TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
721 goto err; 719 goto err;
722 } 720 }
723 721
724 /* Create a new PKCS7 signed object. */ 722 /* Create a new PKCS7 signed object. */
725 if (!(p7 = PKCS7_new())) { 723 if (!(p7 = PKCS7_new())) {
726 TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); 724 TSerror(ERR_R_MALLOC_FAILURE);
727 goto err; 725 goto err;
728 } 726 }
729 if (!PKCS7_set_type(p7, NID_pkcs7_signed)) 727 if (!PKCS7_set_type(p7, NID_pkcs7_signed))
@@ -747,7 +745,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx)
747 /* Add a new signer info. */ 745 /* Add a new signer info. */
748 if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, 746 if (!(si = PKCS7_add_signature(p7, ctx->signer_cert,
749 ctx->signer_key, EVP_sha1()))) { 747 ctx->signer_key, EVP_sha1()))) {
750 TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR); 748 TSerror(TS_R_PKCS7_ADD_SIGNATURE_ERROR);
751 goto err; 749 goto err;
752 } 750 }
753 751
@@ -755,7 +753,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx)
755 oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); 753 oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
756 if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, 754 if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
757 V_ASN1_OBJECT, oid)) { 755 V_ASN1_OBJECT, oid)) {
758 TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); 756 TSerror(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
759 goto err; 757 goto err;
760 } 758 }
761 759
@@ -767,7 +765,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx)
767 765
768 /* Add SigningCertificate signed attribute to the signer info. */ 766 /* Add SigningCertificate signed attribute to the signer info. */
769 if (!ESS_add_signing_cert(si, sc)) { 767 if (!ESS_add_signing_cert(si, sc)) {
770 TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR); 768 TSerror(TS_R_ESS_ADD_SIGNING_CERT_ERROR);
771 goto err; 769 goto err;
772 } 770 }
773 771
@@ -777,19 +775,19 @@ TS_RESP_sign(TS_RESP_CTX *ctx)
777 775
778 /* Add the DER encoded tst_info to the PKCS7 structure. */ 776 /* Add the DER encoded tst_info to the PKCS7 structure. */
779 if (!(p7bio = PKCS7_dataInit(p7, NULL))) { 777 if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
780 TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); 778 TSerror(ERR_R_MALLOC_FAILURE);
781 goto err; 779 goto err;
782 } 780 }
783 781
784 /* Convert tst_info to DER. */ 782 /* Convert tst_info to DER. */
785 if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) { 783 if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) {
786 TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); 784 TSerror(TS_R_TS_DATASIGN);
787 goto err; 785 goto err;
788 } 786 }
789 787
790 /* Create the signature and add it to the signer info. */ 788 /* Create the signature and add it to the signer info. */
791 if (!PKCS7_dataFinal(p7, p7bio)) { 789 if (!PKCS7_dataFinal(p7, p7bio)) {
792 TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); 790 TSerror(TS_R_TS_DATASIGN);
793 goto err; 791 goto err;
794 } 792 }
795 793
@@ -840,7 +838,7 @@ ESS_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs)
840 838
841err: 839err:
842 ESS_SIGNING_CERT_free(sc); 840 ESS_SIGNING_CERT_free(sc);
843 TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE); 841 TSerror(ERR_R_MALLOC_FAILURE);
844 return NULL; 842 return NULL;
845} 843}
846 844
@@ -886,7 +884,7 @@ ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
886err: 884err:
887 GENERAL_NAME_free(name); 885 GENERAL_NAME_free(name);
888 ESS_CERT_ID_free(cid); 886 ESS_CERT_ID_free(cid);
889 TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE); 887 TSerror(ERR_R_MALLOC_FAILURE);
890 return NULL; 888 return NULL;
891} 889}
892 890
@@ -928,13 +926,13 @@ ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
928 926
929 len = i2d_ESS_SIGNING_CERT(sc, NULL); 927 len = i2d_ESS_SIGNING_CERT(sc, NULL);
930 if (!(pp = malloc(len))) { 928 if (!(pp = malloc(len))) {
931 TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); 929 TSerror(ERR_R_MALLOC_FAILURE);
932 goto err; 930 goto err;
933 } 931 }
934 p = pp; 932 p = pp;
935 i2d_ESS_SIGNING_CERT(sc, &p); 933 i2d_ESS_SIGNING_CERT(sc, &p);
936 if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { 934 if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) {
937 TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); 935 TSerror(ERR_R_MALLOC_FAILURE);
938 goto err; 936 goto err;
939 } 937 }
940 free(pp); 938 free(pp);
@@ -1017,6 +1015,6 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
1017 return asn1_time; 1015 return asn1_time;
1018 1016
1019err: 1017err:
1020 TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME); 1018 TSerror(TS_R_COULD_NOT_SET_TIME);
1021 return NULL; 1019 return NULL;
1022} 1020}
diff --git a/src/lib/libcrypto/ts/ts_rsp_utils.c b/src/lib/libcrypto/ts/ts_rsp_utils.c
index 39eb2a2963..5638331d17 100644
--- a/src/lib/libcrypto/ts/ts_rsp_utils.c
+++ b/src/lib/libcrypto/ts/ts_rsp_utils.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts_rsp_utils.c,v 1.5 2015/07/29 14:58:34 jsing Exp $ */ 1/* $OpenBSD: ts_rsp_utils.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -74,7 +74,7 @@ TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
74 return 1; 74 return 1;
75 new_status_info = TS_STATUS_INFO_dup(status_info); 75 new_status_info = TS_STATUS_INFO_dup(status_info);
76 if (new_status_info == NULL) { 76 if (new_status_info == NULL) {
77 TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); 77 TSerror(ERR_R_MALLOC_FAILURE);
78 return 0; 78 return 0;
79 } 79 }
80 TS_STATUS_INFO_free(a->status_info); 80 TS_STATUS_INFO_free(a->status_info);
@@ -133,7 +133,7 @@ TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy)
133 return 1; 133 return 1;
134 new_policy = OBJ_dup(policy); 134 new_policy = OBJ_dup(policy);
135 if (new_policy == NULL) { 135 if (new_policy == NULL) {
136 TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE); 136 TSerror(ERR_R_MALLOC_FAILURE);
137 return 0; 137 return 0;
138 } 138 }
139 ASN1_OBJECT_free(a->policy_id); 139 ASN1_OBJECT_free(a->policy_id);
@@ -156,7 +156,7 @@ TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint)
156 return 1; 156 return 1;
157 new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); 157 new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
158 if (new_msg_imprint == NULL) { 158 if (new_msg_imprint == NULL) {
159 TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE); 159 TSerror(ERR_R_MALLOC_FAILURE);
160 return 0; 160 return 0;
161 } 161 }
162 TS_MSG_IMPRINT_free(a->msg_imprint); 162 TS_MSG_IMPRINT_free(a->msg_imprint);
@@ -179,7 +179,7 @@ TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial)
179 return 1; 179 return 1;
180 new_serial = ASN1_INTEGER_dup(serial); 180 new_serial = ASN1_INTEGER_dup(serial);
181 if (new_serial == NULL) { 181 if (new_serial == NULL) {
182 TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE); 182 TSerror(ERR_R_MALLOC_FAILURE);
183 return 0; 183 return 0;
184 } 184 }
185 ASN1_INTEGER_free(a->serial); 185 ASN1_INTEGER_free(a->serial);
@@ -202,7 +202,7 @@ TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime)
202 return 1; 202 return 1;
203 new_time = ASN1_STRING_dup(gtime); 203 new_time = ASN1_STRING_dup(gtime);
204 if (new_time == NULL) { 204 if (new_time == NULL) {
205 TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE); 205 TSerror(ERR_R_MALLOC_FAILURE);
206 return 0; 206 return 0;
207 } 207 }
208 ASN1_GENERALIZEDTIME_free(a->time); 208 ASN1_GENERALIZEDTIME_free(a->time);
@@ -225,7 +225,7 @@ TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy)
225 return 1; 225 return 1;
226 new_accuracy = TS_ACCURACY_dup(accuracy); 226 new_accuracy = TS_ACCURACY_dup(accuracy);
227 if (new_accuracy == NULL) { 227 if (new_accuracy == NULL) {
228 TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE); 228 TSerror(ERR_R_MALLOC_FAILURE);
229 return 0; 229 return 0;
230 } 230 }
231 TS_ACCURACY_free(a->accuracy); 231 TS_ACCURACY_free(a->accuracy);
@@ -248,7 +248,7 @@ TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds)
248 return 1; 248 return 1;
249 new_seconds = ASN1_INTEGER_dup(seconds); 249 new_seconds = ASN1_INTEGER_dup(seconds);
250 if (new_seconds == NULL) { 250 if (new_seconds == NULL) {
251 TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE); 251 TSerror(ERR_R_MALLOC_FAILURE);
252 return 0; 252 return 0;
253 } 253 }
254 ASN1_INTEGER_free(a->seconds); 254 ASN1_INTEGER_free(a->seconds);
@@ -272,8 +272,7 @@ TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis)
272 if (millis != NULL) { 272 if (millis != NULL) {
273 new_millis = ASN1_INTEGER_dup(millis); 273 new_millis = ASN1_INTEGER_dup(millis);
274 if (new_millis == NULL) { 274 if (new_millis == NULL) {
275 TSerr(TS_F_TS_ACCURACY_SET_MILLIS, 275 TSerror(ERR_R_MALLOC_FAILURE);
276 ERR_R_MALLOC_FAILURE);
277 return 0; 276 return 0;
278 } 277 }
279 } 278 }
@@ -298,8 +297,7 @@ TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros)
298 if (micros != NULL) { 297 if (micros != NULL) {
299 new_micros = ASN1_INTEGER_dup(micros); 298 new_micros = ASN1_INTEGER_dup(micros);
300 if (new_micros == NULL) { 299 if (new_micros == NULL) {
301 TSerr(TS_F_TS_ACCURACY_SET_MICROS, 300 TSerror(ERR_R_MALLOC_FAILURE);
302 ERR_R_MALLOC_FAILURE);
303 return 0; 301 return 0;
304 } 302 }
305 } 303 }
@@ -336,7 +334,7 @@ TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce)
336 return 1; 334 return 1;
337 new_nonce = ASN1_INTEGER_dup(nonce); 335 new_nonce = ASN1_INTEGER_dup(nonce);
338 if (new_nonce == NULL) { 336 if (new_nonce == NULL) {
339 TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE); 337 TSerror(ERR_R_MALLOC_FAILURE);
340 return 0; 338 return 0;
341 } 339 }
342 ASN1_INTEGER_free(a->nonce); 340 ASN1_INTEGER_free(a->nonce);
@@ -359,7 +357,7 @@ TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa)
359 return 1; 357 return 1;
360 new_tsa = GENERAL_NAME_dup(tsa); 358 new_tsa = GENERAL_NAME_dup(tsa);
361 if (new_tsa == NULL) { 359 if (new_tsa == NULL) {
362 TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE); 360 TSerror(ERR_R_MALLOC_FAILURE);
363 return 0; 361 return 0;
364 } 362 }
365 GENERAL_NAME_free(a->tsa); 363 GENERAL_NAME_free(a->tsa);
diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c
index 020658bb02..36ead0671a 100644
--- a/src/lib/libcrypto/ts/ts_rsp_verify.c
+++ b/src/lib/libcrypto/ts/ts_rsp_verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts_rsp_verify.c,v 1.17 2016/11/05 15:19:07 miod Exp $ */ 1/* $OpenBSD: ts_rsp_verify.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -155,28 +155,27 @@ TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
155 155
156 /* Some sanity checks first. */ 156 /* Some sanity checks first. */
157 if (!token) { 157 if (!token) {
158 TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER); 158 TSerror(TS_R_INVALID_NULL_POINTER);
159 goto err; 159 goto err;
160 } 160 }
161 161
162 /* Check for the correct content type */ 162 /* Check for the correct content type */
163 if (!PKCS7_type_is_signed(token)) { 163 if (!PKCS7_type_is_signed(token)) {
164 TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE); 164 TSerror(TS_R_WRONG_CONTENT_TYPE);
165 goto err; 165 goto err;
166 } 166 }
167 167
168 /* Check if there is one and only one signer. */ 168 /* Check if there is one and only one signer. */
169 sinfos = PKCS7_get_signer_info(token); 169 sinfos = PKCS7_get_signer_info(token);
170 if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) { 170 if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
171 TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, 171 TSerror(TS_R_THERE_MUST_BE_ONE_SIGNER);
172 TS_R_THERE_MUST_BE_ONE_SIGNER);
173 goto err; 172 goto err;
174 } 173 }
175 si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0); 174 si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
176 175
177 /* Check for no content: no data to verify signature. */ 176 /* Check for no content: no data to verify signature. */
178 if (PKCS7_get_detached(token)) { 177 if (PKCS7_get_detached(token)) {
179 TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT); 178 TSerror(TS_R_NO_CONTENT);
180 goto err; 179 goto err;
181 } 180 }
182 181
@@ -206,7 +205,7 @@ TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
206 /* Verifying the signature. */ 205 /* Verifying the signature. */
207 j = PKCS7_signatureVerify(p7bio, token, si, signer); 206 j = PKCS7_signatureVerify(p7bio, token, si, signer);
208 if (j <= 0) { 207 if (j <= 0) {
209 TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE); 208 TSerror(TS_R_SIGNATURE_FAILURE);
210 goto err; 209 goto err;
211 } 210 }
212 211
@@ -241,7 +240,7 @@ TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer,
241 /* chain is an out argument. */ 240 /* chain is an out argument. */
242 *chain = NULL; 241 *chain = NULL;
243 if (X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted) == 0) { 242 if (X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted) == 0) {
244 TSerr(TS_F_TS_VERIFY_CERT, ERR_R_X509_LIB); 243 TSerror(ERR_R_X509_LIB);
245 goto err; 244 goto err;
246 } 245 }
247 if (X509_STORE_CTX_set_purpose(&cert_ctx, 246 if (X509_STORE_CTX_set_purpose(&cert_ctx,
@@ -251,7 +250,7 @@ TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer,
251 if (i <= 0) { 250 if (i <= 0) {
252 int j = X509_STORE_CTX_get_error(&cert_ctx); 251 int j = X509_STORE_CTX_get_error(&cert_ctx);
253 252
254 TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR); 253 TSerror(TS_R_CERTIFICATE_VERIFY_ERROR);
255 ERR_asprintf_error_data("Verify error:%s", 254 ERR_asprintf_error_data("Verify error:%s",
256 X509_verify_cert_error_string(j)); 255 X509_verify_cert_error_string(j));
257 goto err; 256 goto err;
@@ -298,8 +297,7 @@ TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain)
298 297
299err: 298err:
300 if (!ret) 299 if (!ret)
301 TSerr(TS_F_TS_CHECK_SIGNING_CERTS, 300 TSerror(TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
302 TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
303 ESS_SIGNING_CERT_free(ss); 301 ESS_SIGNING_CERT_free(ss);
304 return ret; 302 return ret;
305} 303}
@@ -446,7 +444,7 @@ int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token,
446 /* Check version number of response. */ 444 /* Check version number of response. */
447 if ((ctx->flags & TS_VFY_VERSION) && 445 if ((ctx->flags & TS_VFY_VERSION) &&
448 TS_TST_INFO_get_version(tst_info) != 1) { 446 TS_TST_INFO_get_version(tst_info) != 1) {
449 TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION); 447 TSerror(TS_R_UNSUPPORTED_VERSION);
450 goto err; 448 goto err;
451 } 449 }
452 450
@@ -476,14 +474,14 @@ int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token,
476 /* Check whether TSA name and signer certificate match. */ 474 /* Check whether TSA name and signer certificate match. */
477 if ((ctx->flags & TS_VFY_SIGNER) && 475 if ((ctx->flags & TS_VFY_SIGNER) &&
478 tsa_name && !TS_check_signer_name(tsa_name, signer)) { 476 tsa_name && !TS_check_signer_name(tsa_name, signer)) {
479 TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH); 477 TSerror(TS_R_TSA_NAME_MISMATCH);
480 goto err; 478 goto err;
481 } 479 }
482 480
483 /* Check whether the TSA is the expected one. */ 481 /* Check whether the TSA is the expected one. */
484 if ((ctx->flags & TS_VFY_TSA_NAME) && 482 if ((ctx->flags & TS_VFY_TSA_NAME) &&
485 !TS_check_signer_name(ctx->tsa_name, signer)) { 483 !TS_check_signer_name(ctx->tsa_name, signer)) {
486 TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED); 484 TSerror(TS_R_TSA_UNTRUSTED);
487 goto err; 485 goto err;
488 } 486 }
489 487
@@ -541,7 +539,7 @@ TS_check_status_info(TS_RESP *response)
541 strlcpy(failure_text, "unspecified", TS_STATUS_BUF_SIZE); 539 strlcpy(failure_text, "unspecified", TS_STATUS_BUF_SIZE);
542 540
543 /* Making up the error string. */ 541 /* Making up the error string. */
544 TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN); 542 TSerror(TS_R_NO_TIME_STAMP_TOKEN);
545 ERR_asprintf_error_data 543 ERR_asprintf_error_data
546 ("status code: %s, status text: %s, failure codes: %s", 544 ("status code: %s, status text: %s, failure codes: %s",
547 status_text, 545 status_text,
@@ -567,7 +565,7 @@ TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
567 } 565 }
568 /* Allocate memory (closing '\0' included). */ 566 /* Allocate memory (closing '\0' included). */
569 if (!(result = malloc(length))) { 567 if (!(result = malloc(length))) {
570 TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE); 568 TSerror(ERR_R_MALLOC_FAILURE);
571 return NULL; 569 return NULL;
572 } 570 }
573 /* Concatenate the descriptions. */ 571 /* Concatenate the descriptions. */
@@ -587,7 +585,7 @@ TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info)
587 ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); 585 ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info);
588 586
589 if (OBJ_cmp(req_oid, resp_oid) != 0) { 587 if (OBJ_cmp(req_oid, resp_oid) != 0) {
590 TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH); 588 TSerror(TS_R_POLICY_MISMATCH);
591 return 0; 589 return 0;
592 } 590 }
593 591
@@ -614,7 +612,7 @@ TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg,
614 612
615 /* Getting the MD object. */ 613 /* Getting the MD object. */
616 if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) { 614 if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) {
617 TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM); 615 TSerror(TS_R_UNSUPPORTED_MD_ALGORITHM);
618 goto err; 616 goto err;
619 } 617 }
620 618
@@ -624,7 +622,7 @@ TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg,
624 goto err; 622 goto err;
625 *imprint_len = length; 623 *imprint_len = length;
626 if (!(*imprint = malloc(*imprint_len))) { 624 if (!(*imprint = malloc(*imprint_len))) {
627 TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE); 625 TSerror(ERR_R_MALLOC_FAILURE);
628 goto err; 626 goto err;
629 } 627 }
630 628
@@ -675,7 +673,7 @@ TS_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a,
675 673
676err: 674err:
677 if (!ret) 675 if (!ret)
678 TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH); 676 TSerror(TS_R_MESSAGE_IMPRINT_MISMATCH);
679 return ret; 677 return ret;
680} 678}
681 679
@@ -686,13 +684,13 @@ TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
686 684
687 /* Error if nonce is missing. */ 685 /* Error if nonce is missing. */
688 if (!b) { 686 if (!b) {
689 TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED); 687 TSerror(TS_R_NONCE_NOT_RETURNED);
690 return 0; 688 return 0;
691 } 689 }
692 690
693 /* No error if a nonce is returned without being requested. */ 691 /* No error if a nonce is returned without being requested. */
694 if (ASN1_INTEGER_cmp(a, b) != 0) { 692 if (ASN1_INTEGER_cmp(a, b) != 0) {
695 TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH); 693 TSerror(TS_R_NONCE_MISMATCH);
696 return 0; 694 return 0;
697 } 695 }
698 696
diff --git a/src/lib/libcrypto/ts/ts_verify_ctx.c b/src/lib/libcrypto/ts/ts_verify_ctx.c
index 7dda76e7d9..7608a7d109 100644
--- a/src/lib/libcrypto/ts/ts_verify_ctx.c
+++ b/src/lib/libcrypto/ts/ts_verify_ctx.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts_verify_ctx.c,v 1.8 2015/02/10 09:46:30 miod Exp $ */ 1/* $OpenBSD: ts_verify_ctx.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2003. 3 * project 2003.
4 */ 4 */
@@ -68,7 +68,7 @@ TS_VERIFY_CTX_new(void)
68 TS_VERIFY_CTX *ctx = calloc(1, sizeof(TS_VERIFY_CTX)); 68 TS_VERIFY_CTX *ctx = calloc(1, sizeof(TS_VERIFY_CTX));
69 69
70 if (!ctx) 70 if (!ctx)
71 TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); 71 TSerror(ERR_R_MALLOC_FAILURE);
72 72
73 return ctx; 73 return ctx;
74} 74}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 22:36:10 +0000