1 /* $OpenBSD: ts_rsp_verify.c,v 1.27 2022/07/17 19:40:38 kn Exp $ */ 2 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 3 * project 2002. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 #include <string.h> 61 62 #include <openssl/err.h> 63 #include <openssl/objects.h> 64 #include <openssl/pkcs7.h> 65 #include <openssl/ts.h> 66 67 #include "evp_locl.h" 68 #include "x509_lcl.h" 69 70 /* Private function declarations. */ 71 72 static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, 73 X509 *signer, STACK_OF(X509) **chain); 74 static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain); 75 static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si); 76 static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); 77 static ESS_SIGNING_CERT_V2 *ESS_get_signing_cert_v2(PKCS7_SIGNER_INFO *si); 78 static int TS_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert); 79 static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert); 80 static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, 81 PKCS7 *token, TS_TST_INFO *tst_info); 82 static int TS_check_status_info(TS_RESP *response); 83 static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); 84 static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info); 85 static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, 86 X509_ALGOR **md_alg, 87 unsigned char **imprint, unsigned *imprint_len); 88 static int TS_check_imprints(X509_ALGOR *algor_a, 89 unsigned char *imprint_a, unsigned len_a, 90 TS_TST_INFO *tst_info); 91 static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); 92 static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); 93 static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name); 94 95 /* 96 * Local mapping between response codes and descriptions. 97 * Don't forget to change TS_STATUS_BUF_SIZE when modifying 98 * the elements of this array. 99 */ 100 static const char *TS_status_text[] = { 101 "granted", 102 "grantedWithMods", 103 "rejection", 104 "waiting", 105 "revocationWarning", 106 "revocationNotification" 107 }; 108 109 #define TS_STATUS_TEXT_SIZE (sizeof(TS_status_text)/sizeof(*TS_status_text)) 110 111 /* 112 * This must be greater or equal to the sum of the strings in TS_status_text 113 * plus the number of its elements. 114 */ 115 #define TS_STATUS_BUF_SIZE 256 116 117 static struct { 118 int code; 119 const char *text; 120 } TS_failure_info[] = { 121 { TS_INFO_BAD_ALG, "badAlg" }, 122 { TS_INFO_BAD_REQUEST, "badRequest" }, 123 { TS_INFO_BAD_DATA_FORMAT, "badDataFormat" }, 124 { TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable" }, 125 { TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy" }, 126 { TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension" }, 127 { TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable" }, 128 { TS_INFO_SYSTEM_FAILURE, "systemFailure" } 129 }; 130 131 #define TS_FAILURE_INFO_SIZE (sizeof(TS_failure_info) / \ 132 sizeof(*TS_failure_info)) 133 134 /* Functions for verifying a signed TS_TST_INFO structure. */ 135 136 /* 137 * This function carries out the following tasks: 138 * - Checks if there is one and only one signer. 139 * - Search for the signing certificate in 'certs' and in the response. 140 * - Check the extended key usage and key usage fields of the signer 141 * certificate (done by the path validation). 142 * - Build and validate the certificate path. 143 * - Check if the certificate path meets the requirements of the 144 * SigningCertificate ESS signed attribute. 145 * - Verify the signature value. 146 * - Returns the signer certificate in 'signer', if 'signer' is not NULL. 147 */ 148 int 149 TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, 150 X509_STORE *store, X509 **signer_out) 151 { 152 STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL; 153 PKCS7_SIGNER_INFO *si; 154 STACK_OF(X509) *signers = NULL; 155 X509 *signer; 156 STACK_OF(X509) *chain = NULL; 157 char buf[4096]; 158 int i, j = 0, ret = 0; 159 BIO *p7bio = NULL; 160 161 /* Some sanity checks first. */ 162 if (!token) { 163 TSerror(TS_R_INVALID_NULL_POINTER); 164 goto err; 165 } 166 167 /* Check for the correct content type */ 168 if (!PKCS7_type_is_signed(token)) { 169 TSerror(TS_R_WRONG_CONTENT_TYPE); 170 goto err; 171 } 172 173 /* Check if there is one and only one signer. */ 174 sinfos = PKCS7_get_signer_info(token); 175 if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) { 176 TSerror(TS_R_THERE_MUST_BE_ONE_SIGNER); 177 goto err; 178 } 179 si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0); 180 181 /* Check for no content: no data to verify signature. */ 182 if (PKCS7_get_detached(token)) { 183 TSerror(TS_R_NO_CONTENT); 184 goto err; 185 } 186 187 /* Get hold of the signer certificate, search only internal 188 certificates if it was requested. */ 189 signers = PKCS7_get0_signers(token, certs, 0); 190 if (!signers || sk_X509_num(signers) != 1) 191 goto err; 192 signer = sk_X509_value(signers, 0); 193 194 /* Now verify the certificate. */ 195 if (!TS_verify_cert(store, certs, signer, &chain)) 196 goto err; 197 198 /* Check if the signer certificate is consistent with the 199 ESS extension. */ 200 if (!TS_check_signing_certs(si, chain)) 201 goto err; 202 203 /* Creating the message digest. */ 204 p7bio = PKCS7_dataInit(token, NULL); 205 206 /* We now have to 'read' from p7bio to calculate digests etc. */ 207 while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0) 208 ; 209 210 /* Verifying the signature. */ 211 j = PKCS7_signatureVerify(p7bio, token, si, signer); 212 if (j <= 0) { 213 TSerror(TS_R_SIGNATURE_FAILURE); 214 goto err; 215 } 216 217 /* Return the signer certificate if needed. */ 218 if (signer_out) { 219 *signer_out = signer; 220 CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); 221 } 222 223 ret = 1; 224 225 err: 226 BIO_free_all(p7bio); 227 sk_X509_pop_free(chain, X509_free); 228 sk_X509_free(signers); 229 230 return ret; 231 } 232 233 /* 234 * The certificate chain is returned in chain. Caller is responsible for 235 * freeing the vector. 236 */ 237 static int 238 TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, 239 STACK_OF(X509) **chain) 240 { 241 X509_STORE_CTX cert_ctx; 242 int i; 243 int ret = 0; 244 245 /* chain is an out argument. */ 246 *chain = NULL; 247 if (X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted) == 0) { 248 TSerror(ERR_R_X509_LIB); 249 goto err; 250 } 251 if (X509_STORE_CTX_set_purpose(&cert_ctx, 252 X509_PURPOSE_TIMESTAMP_SIGN) == 0) 253 goto err; 254 i = X509_verify_cert(&cert_ctx); 255 if (i <= 0) { 256 int j = X509_STORE_CTX_get_error(&cert_ctx); 257 258 TSerror(TS_R_CERTIFICATE_VERIFY_ERROR); 259 ERR_asprintf_error_data("Verify error:%s", 260 X509_verify_cert_error_string(j)); 261 goto err; 262 } else { 263 /* Get a copy of the certificate chain. */ 264 *chain = X509_STORE_CTX_get1_chain(&cert_ctx); 265 ret = 1; 266 } 267 268 err: 269 X509_STORE_CTX_cleanup(&cert_ctx); 270 271 return ret; 272 } 273 274 static int 275 TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain) 276 { 277 ESS_SIGNING_CERT *ss = NULL; 278 STACK_OF(ESS_CERT_ID) *cert_ids; 279 ESS_SIGNING_CERT_V2 *ssv2 = NULL; 280 STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2; 281 X509 *cert; 282 int i = 0; 283 int ret = 0; 284 285 if ((ss = ESS_get_signing_cert(si)) != NULL) { 286 cert_ids = ss->cert_ids; 287 /* The signer certificate must be the first in cert_ids. */ 288 cert = sk_X509_value(chain, 0); 289 290 if (TS_find_cert(cert_ids, cert) != 0) 291 goto err; 292 293 /* 294 * Check the other certificates of the chain if there are more 295 * than one certificate ids in cert_ids. 296 */ 297 if (sk_ESS_CERT_ID_num(cert_ids) > 1) { 298 /* All the certificates of the chain must be in cert_ids. */ 299 for (i = 1; i < sk_X509_num(chain); i++) { 300 cert = sk_X509_value(chain, i); 301 302 if (TS_find_cert(cert_ids, cert) < 0) 303 goto err; 304 } 305 } 306 } 307 308 if ((ssv2 = ESS_get_signing_cert_v2(si)) != NULL) { 309 cert_ids_v2 = ssv2->cert_ids; 310 /* The signer certificate must be the first in cert_ids_v2. */ 311 cert = sk_X509_value(chain, 0); 312 313 if (TS_find_cert_v2(cert_ids_v2, cert) != 0) 314 goto err; 315 316 /* 317 * Check the other certificates of the chain if there are more 318 * than one certificate ids in cert_ids_v2. 319 */ 320 if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) { 321 /* All the certificates of the chain must be in cert_ids_v2. */ 322 for (i = 1; i < sk_X509_num(chain); i++) { 323 cert = sk_X509_value(chain, i); 324 325 if (TS_find_cert_v2(cert_ids_v2, cert) < 0) 326 goto err; 327 } 328 } 329 } 330 331 ret = 1; 332 333 err: 334 if (!ret) 335 TSerror(TS_R_ESS_SIGNING_CERTIFICATE_ERROR); 336 ESS_SIGNING_CERT_free(ss); 337 ESS_SIGNING_CERT_V2_free(ssv2); 338 return ret; 339 } 340 341 static ESS_SIGNING_CERT * 342 ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) 343 { 344 ASN1_TYPE *attr; 345 const unsigned char *p; 346 347 attr = PKCS7_get_signed_attribute(si, 348 NID_id_smime_aa_signingCertificate); 349 if (!attr) 350 return NULL; 351 if (attr->type != V_ASN1_SEQUENCE) 352 return NULL; 353 p = attr->value.sequence->data; 354 return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); 355 } 356 357 static ESS_SIGNING_CERT_V2 * 358 ESS_get_signing_cert_v2(PKCS7_SIGNER_INFO *si) 359 { 360 ASN1_TYPE *attr; 361 const unsigned char *p; 362 363 attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2); 364 if (attr == NULL) 365 return NULL; 366 p = attr->value.sequence->data; 367 return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length); 368 } 369 370 /* Returns < 0 if certificate is not found, certificate index otherwise. */ 371 static int 372 TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) 373 { 374 int i; 375 unsigned char cert_hash[TS_HASH_LEN]; 376 377 if (!cert_ids || !cert) 378 return -1; 379 380 if (!X509_digest(cert, TS_HASH_EVP, cert_hash, NULL)) 381 return -1; 382 383 /* Recompute SHA1 hash of certificate if necessary (side effect). */ 384 if (X509_check_purpose(cert, -1, 0) == -1) 385 return -1; 386 387 /* Look for cert in the cert_ids vector. */ 388 for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) { 389 ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); 390 391 /* Check the SHA-1 hash first. */ 392 if (cid->hash->length == TS_HASH_LEN && !memcmp(cid->hash->data, 393 cert_hash, TS_HASH_LEN)) { 394 /* Check the issuer/serial as well if specified. */ 395 ESS_ISSUER_SERIAL *is = cid->issuer_serial; 396 397 if (is == NULL || TS_issuer_serial_cmp(is, cert) == 0) 398 return i; 399 } 400 } 401 402 return -1; 403 } 404 405 /* Returns < 0 if certificate is not found, certificate index otherwise. */ 406 static int 407 TS_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert) 408 { 409 int i; 410 unsigned char cert_digest[EVP_MAX_MD_SIZE]; 411 unsigned int len; 412 413 /* Look for cert in the cert_ids vector. */ 414 for (i = 0; i < sk_ESS_CERT_ID_V2_num(cert_ids); ++i) { 415 ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i); 416 const EVP_MD *md = EVP_sha256(); 417 418 if (cid->hash_alg != NULL) 419 md = EVP_get_digestbyobj(cid->hash_alg->algorithm); 420 if (md == NULL) 421 return -1; 422 423 if (!X509_digest(cert, md, cert_digest, &len)) 424 return -1; 425 426 if ((unsigned int)cid->hash->length != len) 427 return -1; 428 429 if (memcmp(cid->hash->data, cert_digest, cid->hash->length) == 0) { 430 ESS_ISSUER_SERIAL *is = cid->issuer_serial; 431 432 if (is == NULL || TS_issuer_serial_cmp(is, cert) == 0) 433 return i; 434 } 435 } 436 437 return -1; 438 } 439 440 static int 441 TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert) 442 { 443 GENERAL_NAME *issuer; 444 445 if (is == NULL || cert == NULL || sk_GENERAL_NAME_num(is->issuer) != 1) 446 return -1; 447 448 /* Check the issuer first. It must be a directory name. */ 449 issuer = sk_GENERAL_NAME_value(is->issuer, 0); 450 if (issuer->type != GEN_DIRNAME || 451 X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert))) 452 return -1; 453 454 /* Check the serial number, too. */ 455 if (ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber(cert))) 456 return -1; 457 458 return 0; 459 } 460 461 /* 462 * Verifies whether 'response' contains a valid response with regards 463 * to the settings of the context: 464 * - Gives an error message if the TS_TST_INFO is not present. 465 * - Calls _TS_RESP_verify_token to verify the token content. 466 */ 467 int 468 TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) 469 { 470 PKCS7 *token = TS_RESP_get_token(response); 471 TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); 472 int ret = 0; 473 474 /* Check if we have a successful TS_TST_INFO object in place. */ 475 if (!TS_check_status_info(response)) 476 goto err; 477 478 /* Check the contents of the time stamp token. */ 479 if (!int_TS_RESP_verify_token(ctx, token, tst_info)) 480 goto err; 481 482 ret = 1; 483 484 err: 485 return ret; 486 } 487 488 /* 489 * Tries to extract a TS_TST_INFO structure from the PKCS7 token and 490 * calls the internal int_TS_RESP_verify_token function for verifying it. 491 */ 492 int 493 TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) 494 { 495 TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token); 496 int ret = 0; 497 498 if (tst_info) { 499 ret = int_TS_RESP_verify_token(ctx, token, tst_info); 500 TS_TST_INFO_free(tst_info); 501 } 502 return ret; 503 } 504 505 /* 506 * Verifies whether the 'token' contains a valid time stamp token 507 * with regards to the settings of the context. Only those checks are 508 * carried out that are specified in the context: 509 * - Verifies the signature of the TS_TST_INFO. 510 * - Checks the version number of the response. 511 * - Check if the requested and returned policies math. 512 * - Check if the message imprints are the same. 513 * - Check if the nonces are the same. 514 * - Check if the TSA name matches the signer. 515 * - Check if the TSA name is the expected TSA. 516 */ 517 static int 518 int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, 519 TS_TST_INFO *tst_info) 520 { 521 X509 *signer = NULL; 522 GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info); 523 X509_ALGOR *md_alg = NULL; 524 unsigned char *imprint = NULL; 525 unsigned imprint_len = 0; 526 int ret = 0; 527 528 /* Verify the signature. */ 529 if ((ctx->flags & TS_VFY_SIGNATURE) && 530 !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer)) 531 goto err; 532 533 /* Check version number of response. */ 534 if ((ctx->flags & TS_VFY_VERSION) && 535 TS_TST_INFO_get_version(tst_info) != 1) { 536 TSerror(TS_R_UNSUPPORTED_VERSION); 537 goto err; 538 } 539 540 /* Check policies. */ 541 if ((ctx->flags & TS_VFY_POLICY) && 542 !TS_check_policy(ctx->policy, tst_info)) 543 goto err; 544 545 /* Check message imprints. */ 546 if ((ctx->flags & TS_VFY_IMPRINT) && 547 !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, 548 tst_info)) 549 goto err; 550 551 /* Compute and check message imprints. */ 552 if ((ctx->flags & TS_VFY_DATA) && 553 (!TS_compute_imprint(ctx->data, tst_info, 554 &md_alg, &imprint, &imprint_len) || 555 !TS_check_imprints(md_alg, imprint, imprint_len, tst_info))) 556 goto err; 557 558 /* Check nonces. */ 559 if ((ctx->flags & TS_VFY_NONCE) && 560 !TS_check_nonces(ctx->nonce, tst_info)) 561 goto err; 562 563 /* Check whether TSA name and signer certificate match. */ 564 if ((ctx->flags & TS_VFY_SIGNER) && 565 tsa_name && !TS_check_signer_name(tsa_name, signer)) { 566 TSerror(TS_R_TSA_NAME_MISMATCH); 567 goto err; 568 } 569 570 /* Check whether the TSA is the expected one. */ 571 if ((ctx->flags & TS_VFY_TSA_NAME) && 572 !TS_check_signer_name(ctx->tsa_name, signer)) { 573 TSerror(TS_R_TSA_UNTRUSTED); 574 goto err; 575 } 576 577 ret = 1; 578 579 err: 580 X509_free(signer); 581 X509_ALGOR_free(md_alg); 582 free(imprint); 583 return ret; 584 } 585 586 static int 587 TS_check_status_info(TS_RESP *response) 588 { 589 TS_STATUS_INFO *info = TS_RESP_get_status_info(response); 590 long status = ASN1_INTEGER_get(info->status); 591 const char *status_text = NULL; 592 char *embedded_status_text = NULL; 593 char failure_text[TS_STATUS_BUF_SIZE] = ""; 594 595 /* Check if everything went fine. */ 596 if (status == 0 || status == 1) 597 return 1; 598 599 /* There was an error, get the description in status_text. */ 600 if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE) 601 status_text = TS_status_text[status]; 602 else 603 status_text = "unknown code"; 604 605 /* Set the embedded_status_text to the returned description. */ 606 if (sk_ASN1_UTF8STRING_num(info->text) > 0 && 607 !(embedded_status_text = TS_get_status_text(info->text))) 608 return 0; 609 610 /* Filling in failure_text with the failure information. */ 611 if (info->failure_info) { 612 int i; 613 int first = 1; 614 for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i) { 615 if (ASN1_BIT_STRING_get_bit(info->failure_info, 616 TS_failure_info[i].code)) { 617 if (!first) 618 strlcat(failure_text, ",", 619 TS_STATUS_BUF_SIZE); 620 else 621 first = 0; 622 strlcat(failure_text, TS_failure_info[i].text, 623 TS_STATUS_BUF_SIZE); 624 } 625 } 626 } 627 if (failure_text[0] == '\0') 628 strlcpy(failure_text, "unspecified", TS_STATUS_BUF_SIZE); 629 630 /* Making up the error string. */ 631 TSerror(TS_R_NO_TIME_STAMP_TOKEN); 632 ERR_asprintf_error_data 633 ("status code: %s, status text: %s, failure codes: %s", 634 status_text, 635 embedded_status_text ? embedded_status_text : "unspecified", 636 failure_text); 637 free(embedded_status_text); 638 639 return 0; 640 } 641 642 static char * 643 TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) 644 { 645 int i; 646 unsigned int length = 0; 647 char *result = NULL; 648 649 /* Determine length first. */ 650 for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) { 651 ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); 652 length += ASN1_STRING_length(current); 653 length += 1; /* separator character */ 654 } 655 /* Allocate memory (closing '\0' included). */ 656 if (!(result = malloc(length))) { 657 TSerror(ERR_R_MALLOC_FAILURE); 658 return NULL; 659 } 660 /* Concatenate the descriptions. */ 661 result[0] = '\0'; 662 for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) { 663 ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); 664 if (i > 0) 665 strlcat(result, "/", length); 666 strlcat(result, (const char *)ASN1_STRING_data(current), length); 667 } 668 return result; 669 } 670 671 static int 672 TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) 673 { 674 ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); 675 676 if (OBJ_cmp(req_oid, resp_oid) != 0) { 677 TSerror(TS_R_POLICY_MISMATCH); 678 return 0; 679 } 680 681 return 1; 682 } 683 684 static int 685 TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **out_md_alg, 686 unsigned char **out_imprint, unsigned int *out_imprint_len) 687 { 688 TS_MSG_IMPRINT *msg_imprint; 689 X509_ALGOR *md_alg_resp; 690 X509_ALGOR *md_alg = NULL; 691 unsigned char *imprint = NULL; 692 unsigned int imprint_len = 0; 693 const EVP_MD *md; 694 EVP_MD_CTX md_ctx; 695 unsigned char buffer[4096]; 696 int length; 697 698 *out_md_alg = NULL; 699 *out_imprint = NULL; 700 *out_imprint_len = 0; 701 702 /* Retrieve the MD algorithm of the response. */ 703 msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info); 704 md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint); 705 if ((md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL) 706 goto err; 707 708 /* Getting the MD object. */ 709 if ((md = EVP_get_digestbyobj((md_alg)->algorithm)) == NULL) { 710 TSerror(TS_R_UNSUPPORTED_MD_ALGORITHM); 711 goto err; 712 } 713 714 /* Compute message digest. */ 715 if ((length = EVP_MD_size(md)) < 0) 716 goto err; 717 imprint_len = length; 718 if ((imprint = malloc(imprint_len)) == NULL) { 719 TSerror(ERR_R_MALLOC_FAILURE); 720 goto err; 721 } 722 723 if (!EVP_DigestInit(&md_ctx, md)) 724 goto err; 725 while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) { 726 if (!EVP_DigestUpdate(&md_ctx, buffer, length)) 727 goto err; 728 } 729 if (!EVP_DigestFinal(&md_ctx, imprint, NULL)) 730 goto err; 731 732 *out_md_alg = md_alg; 733 md_alg = NULL; 734 *out_imprint = imprint; 735 imprint = NULL; 736 *out_imprint_len = imprint_len; 737 738 return 1; 739 740 err: 741 X509_ALGOR_free(md_alg); 742 free(imprint); 743 return 0; 744 } 745 746 static int 747 TS_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a, 748 TS_TST_INFO *tst_info) 749 { 750 TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info); 751 X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b); 752 int ret = 0; 753 754 /* algor_a is optional. */ 755 if (algor_a) { 756 /* Compare algorithm OIDs. */ 757 if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)) 758 goto err; 759 760 /* The parameter must be NULL in both. */ 761 if ((algor_a->parameter && 762 ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL) || 763 (algor_b->parameter && 764 ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL)) 765 goto err; 766 } 767 768 /* Compare octet strings. */ 769 ret = len_a == (unsigned) ASN1_STRING_length(b->hashed_msg) && 770 memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0; 771 772 err: 773 if (!ret) 774 TSerror(TS_R_MESSAGE_IMPRINT_MISMATCH); 775 return ret; 776 } 777 778 static int 779 TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) 780 { 781 const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info); 782 783 /* Error if nonce is missing. */ 784 if (!b) { 785 TSerror(TS_R_NONCE_NOT_RETURNED); 786 return 0; 787 } 788 789 /* No error if a nonce is returned without being requested. */ 790 if (ASN1_INTEGER_cmp(a, b) != 0) { 791 TSerror(TS_R_NONCE_MISMATCH); 792 return 0; 793 } 794 795 return 1; 796 } 797 798 /* Check if the specified TSA name matches either the subject 799 or one of the subject alternative names of the TSA certificate. */ 800 static int 801 TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) 802 { 803 STACK_OF(GENERAL_NAME) *gen_names = NULL; 804 int idx = -1; 805 int found = 0; 806 807 if (signer == NULL) 808 return 0; 809 810 /* Check the subject name first. */ 811 if (tsa_name->type == GEN_DIRNAME && 812 X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0) 813 return 1; 814 815 /* Check all the alternative names. */ 816 gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, 817 NULL, &idx); 818 while (gen_names != NULL && 819 !(found = (TS_find_name(gen_names, tsa_name) >= 0))) { 820 /* Get the next subject alternative name, 821 although there should be no more than one. */ 822 GENERAL_NAMES_free(gen_names); 823 gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, 824 NULL, &idx); 825 } 826 if (gen_names) 827 GENERAL_NAMES_free(gen_names); 828 829 return found; 830 } 831 832 /* Returns 1 if name is in gen_names, 0 otherwise. */ 833 static int 834 TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name) 835 { 836 int i, found; 837 for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); 838 ++i) { 839 GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i); 840 found = GENERAL_NAME_cmp(current, name) == 0; 841 } 842 return found ? i - 1 : -1; 843 } 844