[thirdparty/openssl.git] / crypto / ts / ts_rsp_verify.c

/*
 * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/ts.h>
#include <openssl/pkcs7.h>
#include "ts_local.h"
#include "crypto/ess.h"

DEFINE_STACK_OF(ESS_CERT_ID)
DEFINE_STACK_OF(ESS_CERT_ID_V2)

static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                          X509 *signer, STACK_OF(X509) **chain);
static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
                                  STACK_OF(X509) *chain);

static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
                                    PKCS7 *token, TS_TST_INFO *tst_info);
static int ts_check_status_info(TS_RESP *response);
static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
static int ts_check_policy(const ASN1_OBJECT *req_oid,
                           const TS_TST_INFO *tst_info);
static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
                              X509_ALGOR **md_alg,
                              unsigned char **imprint, unsigned *imprint_len);
static int ts_check_imprints(X509_ALGOR *algor_a,
                             const unsigned char *imprint_a, unsigned len_a,
                             TS_TST_INFO *tst_info);
static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names,
                        GENERAL_NAME *name);

/*
 * This must be large enough to hold all values in ts_status_text (with
 * comma separator) or all text fields in ts_failure_info (also with comma).
 */
#define TS_STATUS_BUF_SIZE      256

/*
 * Local mapping between response codes and descriptions.
 */
static const char *ts_status_text[] = {
    "granted",
    "grantedWithMods",
    "rejection",
    "waiting",
    "revocationWarning",
    "revocationNotification"
};

#define TS_STATUS_TEXT_SIZE     OSSL_NELEM(ts_status_text)

static struct {
    int code;
    const char *text;
} ts_failure_info[] = {
    {TS_INFO_BAD_ALG, "badAlg"},
    {TS_INFO_BAD_REQUEST, "badRequest"},
    {TS_INFO_BAD_DATA_FORMAT, "badDataFormat"},
    {TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"},
    {TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"},
    {TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"},
    {TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"},
    {TS_INFO_SYSTEM_FAILURE, "systemFailure"}
};


/*-
 * This function carries out the following tasks:
 *      - Checks if there is one and only one signer.
 *      - Search for the signing certificate in 'certs' and in the response.
 *      - Check the extended key usage and key usage fields of the signer
 *      certificate (done by the path validation).
 *      - Build and validate the certificate path.
 *      - Check if the certificate path meets the requirements of the
 *      SigningCertificate ESS signed attribute.
 *      - Verify the signature value.
 *      - Returns the signer certificate in 'signer', if 'signer' is not NULL.
 */
int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
                             X509_STORE *store, X509 **signer_out)
{
    STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
    PKCS7_SIGNER_INFO *si;
    STACK_OF(X509) *signers = NULL;
    X509 *signer;
    STACK_OF(X509) *chain = NULL;
    char buf[4096];
    int i, j = 0, ret = 0;
    BIO *p7bio = NULL;

    /* Some sanity checks first. */
    if (!token) {
        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
        goto err;
    }
    if (!PKCS7_type_is_signed(token)) {
        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
        goto err;
    }
    sinfos = PKCS7_get_signer_info(token);
    if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_THERE_MUST_BE_ONE_SIGNER);
        goto err;
    }
    si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
    if (PKCS7_get_detached(token)) {
        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
        goto err;
    }

    /*
     * Get hold of the signer certificate, search only internal certificates
     * if it was requested.
     */
    signers = PKCS7_get0_signers(token, certs, 0);
    if (!signers || sk_X509_num(signers) != 1)
        goto err;
    signer = sk_X509_value(signers, 0);

    if (!ts_verify_cert(store, certs, signer, &chain))
        goto err;
    if (!ts_check_signing_certs(si, chain))
        goto err;
    p7bio = PKCS7_dataInit(token, NULL);

    /* We now have to 'read' from p7bio to calculate digests etc. */
    while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0)
        continue;

    j = PKCS7_signatureVerify(p7bio, token, si, signer);
    if (j <= 0) {
        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
        goto err;
    }

    if (signer_out) {
        *signer_out = signer;
        X509_up_ref(signer);
    }
    ret = 1;

 err:
    BIO_free_all(p7bio);
    sk_X509_pop_free(chain, X509_free);
    sk_X509_free(signers);

    return ret;
}

/*
 * The certificate chain is returned in chain. Caller is responsible for
 * freeing the vector.
 */
static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                          X509 *signer, STACK_OF(X509) **chain)
{
    X509_STORE_CTX *cert_ctx = NULL;
    int i;
    int ret = 0;

    *chain = NULL;
    cert_ctx = X509_STORE_CTX_new();
    if (cert_ctx == NULL) {
        TSerr(TS_F_TS_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted))
        goto end;
    X509_STORE_CTX_set_purpose(cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
    i = X509_verify_cert(cert_ctx);
    if (i <= 0) {
        int j = X509_STORE_CTX_get_error(cert_ctx);
        TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
        ERR_add_error_data(2, "Verify error:",
                           X509_verify_cert_error_string(j));
        goto err;
    }
    *chain = X509_STORE_CTX_get1_chain(cert_ctx);
    ret = 1;
    goto end;

err:
    ret = 0;

end:
    X509_STORE_CTX_free(cert_ctx);
    return ret;
}

static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
                                  STACK_OF(X509) *chain)
{
    ESS_SIGNING_CERT *ss = ESS_SIGNING_CERT_get(si);
    STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
    ESS_SIGNING_CERT_V2 *ssv2 = ESS_SIGNING_CERT_V2_get(si);
    STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = NULL;
    X509 *cert;
    int i = 0;
    int ret = 0;

    if (ss != NULL) {
        cert_ids = ss->cert_ids;
        cert = sk_X509_value(chain, 0);
        if (ess_find_cert(cert_ids, cert) != 0)
            goto err;

        /*
         * Check the other certificates of the chain if there are more than one
         * certificate ids in cert_ids.
         */
        if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
            for (i = 1; i < sk_X509_num(chain); ++i) {
                cert = sk_X509_value(chain, i);
                if (ess_find_cert(cert_ids, cert) < 0)
                    goto err;
            }
        }
    } else if (ssv2 != NULL) {
        cert_ids_v2 = ssv2->cert_ids;
        cert = sk_X509_value(chain, 0);
        if (ess_find_cert_v2(cert_ids_v2, cert) != 0)
            goto err;

        /*
         * Check the other certificates of the chain if there are more than one
         * certificate ids in cert_ids.
         */
        if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) {
            for (i = 1; i < sk_X509_num(chain); ++i) {
                cert = sk_X509_value(chain, i);
                if (ess_find_cert_v2(cert_ids_v2, cert) < 0)
                    goto err;
            }
        }
    } else {
        goto err;
    }

    ret = 1;
 err:
    if (!ret)
        TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
              TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
    ESS_SIGNING_CERT_free(ss);
    ESS_SIGNING_CERT_V2_free(ssv2);
    return ret;
}

/*-
 * Verifies whether 'response' contains a valid response with regards
 * to the settings of the context:
 *      - Gives an error message if the TS_TST_INFO is not present.
 *      - Calls _TS_RESP_verify_token to verify the token content.
 */
int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
{
    PKCS7 *token = response->token;
    TS_TST_INFO *tst_info = response->tst_info;
    int ret = 0;

    if (!ts_check_status_info(response))
        goto err;
    if (!int_ts_RESP_verify_token(ctx, token, tst_info))
        goto err;
    ret = 1;

 err:
    return ret;
}

/*
 * Tries to extract a TS_TST_INFO structure from the PKCS7 token and
 * calls the internal int_TS_RESP_verify_token function for verifying it.
 */
int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
{
    TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
    int ret = 0;
    if (tst_info) {
        ret = int_ts_RESP_verify_token(ctx, token, tst_info);
        TS_TST_INFO_free(tst_info);
    }
    return ret;
}

/*-
 * Verifies whether the 'token' contains a valid time stamp token
 * with regards to the settings of the context. Only those checks are
 * carried out that are specified in the context:
 *      - Verifies the signature of the TS_TST_INFO.
 *      - Checks the version number of the response.
 *      - Check if the requested and returned policies math.
 *      - Check if the message imprints are the same.
 *      - Check if the nonces are the same.
 *      - Check if the TSA name matches the signer.
 *      - Check if the TSA name is the expected TSA.
 */
static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
                                    PKCS7 *token, TS_TST_INFO *tst_info)
{
    X509 *signer = NULL;
    GENERAL_NAME *tsa_name = tst_info->tsa;
    X509_ALGOR *md_alg = NULL;
    unsigned char *imprint = NULL;
    unsigned imprint_len = 0;
    int ret = 0;
    int flags = ctx->flags;

    /* Some options require us to also check the signature */
    if (((flags & TS_VFY_SIGNER) && tsa_name != NULL)
            || (flags & TS_VFY_TSA_NAME)) {
        flags |= TS_VFY_SIGNATURE;
    }

    if ((flags & TS_VFY_SIGNATURE)
        && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
        goto err;
    if ((flags & TS_VFY_VERSION)
        && TS_TST_INFO_get_version(tst_info) != 1) {
        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
        goto err;
    }
    if ((flags & TS_VFY_POLICY)
        && !ts_check_policy(ctx->policy, tst_info))
        goto err;
    if ((flags & TS_VFY_IMPRINT)
        && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
                              tst_info))
        goto err;
    if ((flags & TS_VFY_DATA)
        && (!ts_compute_imprint(ctx->data, tst_info,
                                &md_alg, &imprint, &imprint_len)
            || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)))
        goto err;
    if ((flags & TS_VFY_NONCE)
        && !ts_check_nonces(ctx->nonce, tst_info))
        goto err;
    if ((flags & TS_VFY_SIGNER)
        && tsa_name && !ts_check_signer_name(tsa_name, signer)) {
        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
        goto err;
    }
    if ((flags & TS_VFY_TSA_NAME)
        && !ts_check_signer_name(ctx->tsa_name, signer)) {
        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
        goto err;
    }
    ret = 1;

 err:
    X509_free(signer);
    X509_ALGOR_free(md_alg);
    OPENSSL_free(imprint);
    return ret;
}

static int ts_check_status_info(TS_RESP *response)
{
    TS_STATUS_INFO *info = response->status_info;
    long status = ASN1_INTEGER_get(info->status);
    const char *status_text = NULL;
    char *embedded_status_text = NULL;
    char failure_text[TS_STATUS_BUF_SIZE] = "";

    if (status == 0 || status == 1)
        return 1;

    /* There was an error, get the description in status_text. */
    if (0 <= status && status < (long) OSSL_NELEM(ts_status_text))
        status_text = ts_status_text[status];
    else
        status_text = "unknown code";

    if (sk_ASN1_UTF8STRING_num(info->text) > 0
        && (embedded_status_text = ts_get_status_text(info->text)) == NULL)
        return 0;

    /* Fill in failure_text with the failure information. */
    if (info->failure_info) {
        int i;
        int first = 1;
        for (i = 0; i < (int)OSSL_NELEM(ts_failure_info); ++i) {
            if (ASN1_BIT_STRING_get_bit(info->failure_info,
                                        ts_failure_info[i].code)) {
                if (!first)
                    strcat(failure_text, ",");
                else
                    first = 0;
                strcat(failure_text, ts_failure_info[i].text);
            }
        }
    }
    if (failure_text[0] == '\0')
        strcpy(failure_text, "unspecified");

    TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
    ERR_add_error_data(6,
                       "status code: ", status_text,
                       ", status text: ", embedded_status_text ?
                       embedded_status_text : "unspecified",
                       ", failure codes: ", failure_text);
    OPENSSL_free(embedded_status_text);

    return 0;
}

static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
{
    return sk_ASN1_UTF8STRING2text(text, "/", TS_MAX_STATUS_LENGTH);
}

static int ts_check_policy(const ASN1_OBJECT *req_oid,
                           const TS_TST_INFO *tst_info)
{
    const ASN1_OBJECT *resp_oid = tst_info->policy_id;

    if (OBJ_cmp(req_oid, resp_oid) != 0) {
        TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
        return 0;
    }

    return 1;
}

static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
                              X509_ALGOR **md_alg,
                              unsigned char **imprint, unsigned *imprint_len)
{
    TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
    X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
    const EVP_MD *md;
    EVP_MD_CTX *md_ctx = NULL;
    unsigned char buffer[4096];
    int length;

    *md_alg = NULL;
    *imprint = NULL;

    if ((*md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL)
        goto err;
    if ((md = EVP_get_digestbyobj((*md_alg)->algorithm)) == NULL) {
        TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
        goto err;
    }
    length = EVP_MD_size(md);
    if (length < 0)
        goto err;
    *imprint_len = length;
    if ((*imprint = OPENSSL_malloc(*imprint_len)) == NULL) {
        TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    md_ctx = EVP_MD_CTX_new();
    if (md_ctx == NULL) {
        TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    if (!EVP_DigestInit(md_ctx, md))
        goto err;
    while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
        if (!EVP_DigestUpdate(md_ctx, buffer, length))
            goto err;
    }
    if (!EVP_DigestFinal(md_ctx, *imprint, NULL))
        goto err;
    EVP_MD_CTX_free(md_ctx);

    return 1;
 err:
    EVP_MD_CTX_free(md_ctx);
    X509_ALGOR_free(*md_alg);
    OPENSSL_free(*imprint);
    *imprint_len = 0;
    *imprint = 0;
    return 0;
}

static int ts_check_imprints(X509_ALGOR *algor_a,
                             const unsigned char *imprint_a, unsigned len_a,
                             TS_TST_INFO *tst_info)
{
    TS_MSG_IMPRINT *b = tst_info->msg_imprint;
    X509_ALGOR *algor_b = b->hash_algo;
    int ret = 0;

    if (algor_a) {
        if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm))
            goto err;

        /* The parameter must be NULL in both. */
        if ((algor_a->parameter
             && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL)
            || (algor_b->parameter
                && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL))
            goto err;
    }

    ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) &&
        memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0;
 err:
    if (!ret)
        TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
    return ret;
}

static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
{
    const ASN1_INTEGER *b = tst_info->nonce;

    if (!b) {
        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
        return 0;
    }

    /* No error if a nonce is returned without being requested. */
    if (ASN1_INTEGER_cmp(a, b) != 0) {
        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
        return 0;
    }

    return 1;
}

/*
 * Check if the specified TSA name matches either the subject or one of the
 * subject alternative names of the TSA certificate.
 */
static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
{
    STACK_OF(GENERAL_NAME) *gen_names = NULL;
    int idx = -1;
    int found = 0;

    if (tsa_name->type == GEN_DIRNAME
        && X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0)
        return 1;
    gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
    while (gen_names != NULL) {
        found = ts_find_name(gen_names, tsa_name) >= 0;
        if (found)
            break;
        /*
         * Get the next subject alternative name, although there should be no
         * more than one.
         */
        GENERAL_NAMES_free(gen_names);
        gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
    }
    GENERAL_NAMES_free(gen_names);

    return found;
}

/* Returns 1 if name is in gen_names, 0 otherwise. */
static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
{
    int i, found;
    for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) {
        GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);
        found = GENERAL_NAME_cmp(current, name) == 0;
    }
    return found ? i - 1 : -1;
}
Commit	Line	Data
0f113f3e	1	/*
7e06a675	2	* Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
c7235be6	3	*
a1b4409d	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
4f22f405 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
c7235be6 UM	8	*/
	9
	10	#include <stdio.h>
b39fc560	11	#include "internal/cryptlib.h"
c7235be6 UM	12	#include <openssl/objects.h>
	13	#include <openssl/ts.h>
	14	#include <openssl/pkcs7.h>
706457b7	15	#include "ts_local.h"
25f2138b	16	#include "crypto/ess.h"
c7235be6	17
852c2ed2 RS	18	DEFINE_STACK_OF(ESS_CERT_ID)
852c2ed2 RS	19	DEFINE_STACK_OF(ESS_CERT_ID_V2)
852c2ed2	20
9c422b5b	21	static int ts_verify_cert(X509_STORE store, STACK_OF(X509) untrusted,
0f113f3e	22	X509 signer, STACK_OF(X509) *chain);
9c422b5b	23	static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
0f113f3e	24	STACK_OF(X509) *chain);
9e3c510b	25
9c422b5b	26	static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
0f113f3e	27	PKCS7 token, TS_TST_INFO tst_info);
9c422b5b RS	28	static int ts_check_status_info(TS_RESP *response);
9c422b5b RS	29	static char ts_get_status_text(STACK_OF(ASN1_UTF8STRING) text);
c47ba4e9 F	30	static int ts_check_policy(const ASN1_OBJECT *req_oid,
c47ba4e9 F	31	const TS_TST_INFO *tst_info);
9c422b5b	32	static int ts_compute_imprint(BIO data, TS_TST_INFO tst_info,
0f113f3e MC	33	X509_ALGOR **md_alg,
0f113f3e MC	34	unsigned char *imprint, unsigned imprint_len);
9c422b5b	35	static int ts_check_imprints(X509_ALGOR *algor_a,
c47ba4e9	36	const unsigned char *imprint_a, unsigned len_a,
0f113f3e	37	TS_TST_INFO *tst_info);
9c422b5b RS	38	static int ts_check_nonces(const ASN1_INTEGER a, TS_TST_INFO tst_info);
	39	static int ts_check_signer_name(GENERAL_NAME tsa_name, X509 signer);
	40	static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names,
0f113f3e	41	GENERAL_NAME *name);
c7235be6	42
0704343f GP	43	/*
	44	* This must be large enough to hold all values in ts_status_text (with
	45	* comma separator) or all text fields in ts_failure_info (also with comma).
	46	*/
	47	#define TS_STATUS_BUF_SIZE 256
	48
c7235be6 UM	49	/*
c7235be6 UM	50	* Local mapping between response codes and descriptions.
c7235be6	51	*/
0704343f GP	52	static const char *ts_status_text[] = {
0704343f GP	53	"granted",
0f113f3e MC	54	"grantedWithMods",
	55	"rejection",
	56	"waiting",
	57	"revocationWarning",
	58	"revocationNotification"
	59	};
c7235be6	60
9c422b5b	61	#define TS_STATUS_TEXT_SIZE OSSL_NELEM(ts_status_text)
c7235be6	62
0f113f3e MC	63	static struct {
	64	int code;
	65	const char *text;
9c422b5b RS	66	} ts_failure_info[] = {
	67	{TS_INFO_BAD_ALG, "badAlg"},
	68	{TS_INFO_BAD_REQUEST, "badRequest"},
	69	{TS_INFO_BAD_DATA_FORMAT, "badDataFormat"},
	70	{TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"},
	71	{TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"},
	72	{TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"},
	73	{TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"},
	74	{TS_INFO_SYSTEM_FAILURE, "systemFailure"}
0f113f3e MC	75	};
0f113f3e MC	76
c7235be6	77
c80fd6b2	78	/*-
c7235be6	79	* This function carries out the following tasks:
0f113f3e MC	80	* - Checks if there is one and only one signer.
	81	* - Search for the signing certificate in 'certs' and in the response.
	82	* - Check the extended key usage and key usage fields of the signer
	83	* certificate (done by the path validation).
	84	* - Build and validate the certificate path.
	85	* - Check if the certificate path meets the requirements of the
	86	* SigningCertificate ESS signed attribute.
	87	* - Verify the signature value.
	88	* - Returns the signer certificate in 'signer', if 'signer' is not NULL.
c7235be6 UM	89	*/
c7235be6 UM	90	int TS_RESP_verify_signature(PKCS7 token, STACK_OF(X509) certs,
0f113f3e MC	91	X509_STORE store, X509 *signer_out)
	92	{
	93	STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
	94	PKCS7_SIGNER_INFO *si;
	95	STACK_OF(X509) *signers = NULL;
	96	X509 *signer;
	97	STACK_OF(X509) *chain = NULL;
	98	char buf[4096];
	99	int i, j = 0, ret = 0;
	100	BIO *p7bio = NULL;
	101
	102	/* Some sanity checks first. */
	103	if (!token) {
	104	TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
	105	goto err;
	106	}
0f113f3e MC	107	if (!PKCS7_type_is_signed(token)) {
	108	TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
	109	goto err;
	110	}
0f113f3e MC	111	sinfos = PKCS7_get_signer_info(token);
	112	if (!sinfos \|\| sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
	113	TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_THERE_MUST_BE_ONE_SIGNER);
	114	goto err;
	115	}
	116	si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
0f113f3e MC	117	if (PKCS7_get_detached(token)) {
	118	TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
	119	goto err;
	120	}
	121
	122	/*
	123	* Get hold of the signer certificate, search only internal certificates
	124	* if it was requested.
	125	*/
	126	signers = PKCS7_get0_signers(token, certs, 0);
	127	if (!signers \|\| sk_X509_num(signers) != 1)
	128	goto err;
	129	signer = sk_X509_value(signers, 0);
	130
9c422b5b	131	if (!ts_verify_cert(store, certs, signer, &chain))
0f113f3e	132	goto err;
9c422b5b	133	if (!ts_check_signing_certs(si, chain))
0f113f3e	134	goto err;
0f113f3e MC	135	p7bio = PKCS7_dataInit(token, NULL);
	136
	137	/* We now have to 'read' from p7bio to calculate digests etc. */
18cd23df RS	138	while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0)
18cd23df RS	139	continue;
0f113f3e	140
0f113f3e MC	141	j = PKCS7_signatureVerify(p7bio, token, si, signer);
	142	if (j <= 0) {
	143	TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
	144	goto err;
	145	}
	146
0f113f3e MC	147	if (signer_out) {
0f113f3e MC	148	*signer_out = signer;
05f0fb9f	149	X509_up_ref(signer);
0f113f3e	150	}
0f113f3e	151	ret = 1;
c7235be6 UM	152
c7235be6 UM	153	err:
0f113f3e MC	154	BIO_free_all(p7bio);
	155	sk_X509_pop_free(chain, X509_free);
	156	sk_X509_free(signers);
c7235be6	157
0f113f3e MC	158	return ret;
0f113f3e MC	159	}
c7235be6 UM	160
	161	/*
	162	* The certificate chain is returned in chain. Caller is responsible for
	163	* freeing the vector.
	164	*/
9c422b5b	165	static int ts_verify_cert(X509_STORE store, STACK_OF(X509) untrusted,
0f113f3e MC	166	X509 signer, STACK_OF(X509) *chain)
0f113f3e MC	167	{
f0e0fd51	168	X509_STORE_CTX *cert_ctx = NULL;
0f113f3e	169	int i;
f0e0fd51	170	int ret = 0;
0f113f3e	171
0f113f3e	172	*chain = NULL;
f0e0fd51 RS	173	cert_ctx = X509_STORE_CTX_new();
	174	if (cert_ctx == NULL) {
	175	TSerr(TS_F_TS_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
	176	goto err;
	177	}
	178	if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted))
	179	goto end;
	180	X509_STORE_CTX_set_purpose(cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
	181	i = X509_verify_cert(cert_ctx);
0f113f3e	182	if (i <= 0) {
f0e0fd51	183	int j = X509_STORE_CTX_get_error(cert_ctx);
0f113f3e MC	184	TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
	185	ERR_add_error_data(2, "Verify error:",
	186	X509_verify_cert_error_string(j));
f0e0fd51	187	goto err;
0f113f3e	188	}
f0e0fd51 RS	189	*chain = X509_STORE_CTX_get1_chain(cert_ctx);
	190	ret = 1;
	191	goto end;
0f113f3e	192
f0e0fd51 RS	193	err:
f0e0fd51 RS	194	ret = 0;
0f113f3e	195
f0e0fd51 RS	196	end:
f0e0fd51 RS	197	X509_STORE_CTX_free(cert_ctx);
0f113f3e MC	198	return ret;
	199	}
	200
9c422b5b	201	static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
0f113f3e MC	202	STACK_OF(X509) *chain)
0f113f3e MC	203	{
e85d19c6	204	ESS_SIGNING_CERT *ss = ESS_SIGNING_CERT_get(si);
0f113f3e	205	STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
e85d19c6	206	ESS_SIGNING_CERT_V2 *ssv2 = ESS_SIGNING_CERT_V2_get(si);
f0ef20bf	207	STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = NULL;
0f113f3e MC	208	X509 *cert;
	209	int i = 0;
	210	int ret = 0;
	211
f0ef20bf MK	212	if (ss != NULL) {
	213	cert_ids = ss->cert_ids;
	214	cert = sk_X509_value(chain, 0);
9e3c510b	215	if (ess_find_cert(cert_ids, cert) != 0)
f0ef20bf	216	goto err;
0f113f3e	217
f0ef20bf MK	218	/*
	219	* Check the other certificates of the chain if there are more than one
	220	* certificate ids in cert_ids.
	221	*/
	222	if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
	223	for (i = 1; i < sk_X509_num(chain); ++i) {
	224	cert = sk_X509_value(chain, i);
9e3c510b	225	if (ess_find_cert(cert_ids, cert) < 0)
f0ef20bf MK	226	goto err;
f0ef20bf MK	227	}
0f113f3e	228	}
f0ef20bf MK	229	} else if (ssv2 != NULL) {
	230	cert_ids_v2 = ssv2->cert_ids;
	231	cert = sk_X509_value(chain, 0);
9e3c510b	232	if (ess_find_cert_v2(cert_ids_v2, cert) != 0)
f0ef20bf MK	233	goto err;
	234
	235	/*
	236	* Check the other certificates of the chain if there are more than one
	237	* certificate ids in cert_ids.
	238	*/
	239	if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) {
	240	for (i = 1; i < sk_X509_num(chain); ++i) {
	241	cert = sk_X509_value(chain, i);
9e3c510b	242	if (ess_find_cert_v2(cert_ids_v2, cert) < 0)
f0ef20bf MK	243	goto err;
	244	}
	245	}
	246	} else {
	247	goto err;
0f113f3e	248	}
f0ef20bf	249
0f113f3e	250	ret = 1;
c7235be6	251	err:
0f113f3e MC	252	if (!ret)
	253	TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
	254	TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
	255	ESS_SIGNING_CERT_free(ss);
f0ef20bf	256	ESS_SIGNING_CERT_V2_free(ssv2);
0f113f3e MC	257	return ret;
0f113f3e MC	258	}
c7235be6	259
c80fd6b2	260	/*-
0f113f3e	261	* Verifies whether 'response' contains a valid response with regards
c7235be6	262	* to the settings of the context:
0f113f3e MC	263	* - Gives an error message if the TS_TST_INFO is not present.
0f113f3e MC	264	* - Calls _TS_RESP_verify_token to verify the token content.
c7235be6 UM	265	*/
c7235be6 UM	266	int TS_RESP_verify_response(TS_VERIFY_CTX ctx, TS_RESP response)
0f113f3e	267	{
ca4a494c RS	268	PKCS7 *token = response->token;
ca4a494c RS	269	TS_TST_INFO *tst_info = response->tst_info;
0f113f3e	270	int ret = 0;
c7235be6	271
9c422b5b	272	if (!ts_check_status_info(response))
0f113f3e	273	goto err;
9c422b5b	274	if (!int_ts_RESP_verify_token(ctx, token, tst_info))
0f113f3e	275	goto err;
0f113f3e	276	ret = 1;
18cd23df	277
c7235be6	278	err:
0f113f3e MC	279	return ret;
0f113f3e MC	280	}
c7235be6 UM	281
	282	/*
	283	* Tries to extract a TS_TST_INFO structure from the PKCS7 token and
a291745e	284	* calls the internal int_TS_RESP_verify_token function for verifying it.
c7235be6 UM	285	*/
c7235be6 UM	286	int TS_RESP_verify_token(TS_VERIFY_CTX ctx, PKCS7 token)
0f113f3e MC	287	{
	288	TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
	289	int ret = 0;
	290	if (tst_info) {
9c422b5b	291	ret = int_ts_RESP_verify_token(ctx, token, tst_info);
0f113f3e MC	292	TS_TST_INFO_free(tst_info);
	293	}
	294	return ret;
	295	}
c7235be6	296
1d97c843	297	/*-
0f113f3e	298	* Verifies whether the 'token' contains a valid time stamp token
c7235be6 UM	299	* with regards to the settings of the context. Only those checks are
c7235be6 UM	300	* carried out that are specified in the context:
0f113f3e MC	301	* - Verifies the signature of the TS_TST_INFO.
	302	* - Checks the version number of the response.
	303	* - Check if the requested and returned policies math.
	304	* - Check if the message imprints are the same.
	305	* - Check if the nonces are the same.
	306	* - Check if the TSA name matches the signer.
	307	* - Check if the TSA name is the expected TSA.
c7235be6	308	*/
9c422b5b	309	static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
0f113f3e MC	310	PKCS7 token, TS_TST_INFO tst_info)
	311	{
	312	X509 *signer = NULL;
ca4a494c	313	GENERAL_NAME *tsa_name = tst_info->tsa;
0f113f3e MC	314	X509_ALGOR *md_alg = NULL;
	315	unsigned char *imprint = NULL;
	316	unsigned imprint_len = 0;
	317	int ret = 0;
e68a780e	318	int flags = ctx->flags;
0f113f3e	319
e68a780e MC	320	/* Some options require us to also check the signature */
	321	if (((flags & TS_VFY_SIGNER) && tsa_name != NULL)
	322	\|\| (flags & TS_VFY_TSA_NAME)) {
	323	flags \|= TS_VFY_SIGNATURE;
	324	}
	325
	326	if ((flags & TS_VFY_SIGNATURE)
0f113f3e MC	327	&& !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
0f113f3e MC	328	goto err;
e68a780e	329	if ((flags & TS_VFY_VERSION)
0f113f3e MC	330	&& TS_TST_INFO_get_version(tst_info) != 1) {
	331	TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
	332	goto err;
	333	}
e68a780e	334	if ((flags & TS_VFY_POLICY)
9c422b5b	335	&& !ts_check_policy(ctx->policy, tst_info))
0f113f3e	336	goto err;
e68a780e	337	if ((flags & TS_VFY_IMPRINT)
9c422b5b	338	&& !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
0f113f3e MC	339	tst_info))
0f113f3e MC	340	goto err;
e68a780e	341	if ((flags & TS_VFY_DATA)
9c422b5b	342	&& (!ts_compute_imprint(ctx->data, tst_info,
0f113f3e	343	&md_alg, &imprint, &imprint_len)
9c422b5b	344	\|\| !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)))
0f113f3e	345	goto err;
e68a780e	346	if ((flags & TS_VFY_NONCE)
9c422b5b	347	&& !ts_check_nonces(ctx->nonce, tst_info))
0f113f3e	348	goto err;
e68a780e	349	if ((flags & TS_VFY_SIGNER)
9c422b5b	350	&& tsa_name && !ts_check_signer_name(tsa_name, signer)) {
0f113f3e MC	351	TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
	352	goto err;
	353	}
e68a780e	354	if ((flags & TS_VFY_TSA_NAME)
9c422b5b	355	&& !ts_check_signer_name(ctx->tsa_name, signer)) {
0f113f3e MC	356	TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
	357	goto err;
	358	}
0f113f3e	359	ret = 1;
18cd23df	360
c7235be6	361	err:
0f113f3e MC	362	X509_free(signer);
	363	X509_ALGOR_free(md_alg);
	364	OPENSSL_free(imprint);
	365	return ret;
	366	}
c7235be6	367
9c422b5b	368	static int ts_check_status_info(TS_RESP *response)
0f113f3e	369	{
ca4a494c	370	TS_STATUS_INFO *info = response->status_info;
0f113f3e MC	371	long status = ASN1_INTEGER_get(info->status);
	372	const char *status_text = NULL;
	373	char *embedded_status_text = NULL;
	374	char failure_text[TS_STATUS_BUF_SIZE] = "";
	375
0f113f3e MC	376	if (status == 0 \|\| status == 1)
	377	return 1;
	378
	379	/* There was an error, get the description in status_text. */
0704343f	380	if (0 <= status && status < (long) OSSL_NELEM(ts_status_text))
9c422b5b	381	status_text = ts_status_text[status];
0f113f3e MC	382	else
	383	status_text = "unknown code";
	384
0f113f3e	385	if (sk_ASN1_UTF8STRING_num(info->text) > 0
9c422b5b	386	&& (embedded_status_text = ts_get_status_text(info->text)) == NULL)
0f113f3e MC	387	return 0;
0f113f3e MC	388
18cd23df	389	/* Fill in failure_text with the failure information. */
0f113f3e MC	390	if (info->failure_info) {
	391	int i;
	392	int first = 1;
18cd23df	393	for (i = 0; i < (int)OSSL_NELEM(ts_failure_info); ++i) {
0f113f3e	394	if (ASN1_BIT_STRING_get_bit(info->failure_info,
9c422b5b	395	ts_failure_info[i].code)) {
0f113f3e	396	if (!first)
0704343f	397	strcat(failure_text, ",");
0f113f3e MC	398	else
0f113f3e MC	399	first = 0;
9c422b5b	400	strcat(failure_text, ts_failure_info[i].text);
0f113f3e MC	401	}
	402	}
	403	}
	404	if (failure_text[0] == '\0')
	405	strcpy(failure_text, "unspecified");
	406
0f113f3e MC	407	TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
	408	ERR_add_error_data(6,
	409	"status code: ", status_text,
	410	", status text: ", embedded_status_text ?
	411	embedded_status_text : "unspecified",
	412	", failure codes: ", failure_text);
	413	OPENSSL_free(embedded_status_text);
	414
	415	return 0;
	416	}
c7235be6	417
9c422b5b	418	static char ts_get_status_text(STACK_OF(ASN1_UTF8STRING) text)
0f113f3e	419	{
da42c2a3	420	return sk_ASN1_UTF8STRING2text(text, "/", TS_MAX_STATUS_LENGTH);
0f113f3e	421	}
c7235be6	422
609b0852	423	static int ts_check_policy(const ASN1_OBJECT *req_oid,
c47ba4e9	424	const TS_TST_INFO *tst_info)
0f113f3e	425	{
c47ba4e9	426	const ASN1_OBJECT *resp_oid = tst_info->policy_id;
c7235be6	427
0f113f3e MC	428	if (OBJ_cmp(req_oid, resp_oid) != 0) {
	429	TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
	430	return 0;
	431	}
c7235be6	432
0f113f3e MC	433	return 1;
0f113f3e MC	434	}
c7235be6	435
9c422b5b	436	static int ts_compute_imprint(BIO data, TS_TST_INFO tst_info,
0f113f3e MC	437	X509_ALGOR **md_alg,
	438	unsigned char *imprint, unsigned imprint_len)
	439	{
ca4a494c RS	440	TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
ca4a494c RS	441	X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
0f113f3e	442	const EVP_MD *md;
6e59a892	443	EVP_MD_CTX *md_ctx = NULL;
0f113f3e MC	444	unsigned char buffer[4096];
	445	int length;
	446
	447	*md_alg = NULL;
	448	*imprint = NULL;
	449
75ebbd9a	450	if ((*md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL)
0f113f3e	451	goto err;
75ebbd9a	452	if ((md = EVP_get_digestbyobj((*md_alg)->algorithm)) == NULL) {
0f113f3e MC	453	TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
	454	goto err;
	455	}
0f113f3e MC	456	length = EVP_MD_size(md);
	457	if (length < 0)
	458	goto err;
	459	*imprint_len = length;
75ebbd9a	460	if ((imprint = OPENSSL_malloc(imprint_len)) == NULL) {
0f113f3e MC	461	TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
	462	goto err;
	463	}
	464
bfb0641f	465	md_ctx = EVP_MD_CTX_new();
6e59a892 RL	466	if (md_ctx == NULL) {
	467	TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
	468	goto err;
	469	}
	470	if (!EVP_DigestInit(md_ctx, md))
0f113f3e MC	471	goto err;
0f113f3e MC	472	while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
6e59a892	473	if (!EVP_DigestUpdate(md_ctx, buffer, length))
0f113f3e MC	474	goto err;
0f113f3e MC	475	}
6e59a892	476	if (!EVP_DigestFinal(md_ctx, *imprint, NULL))
0f113f3e	477	goto err;
bfb0641f	478	EVP_MD_CTX_free(md_ctx);
0f113f3e MC	479
0f113f3e MC	480	return 1;
c7235be6	481	err:
bfb0641f	482	EVP_MD_CTX_free(md_ctx);
0f113f3e MC	483	X509_ALGOR_free(*md_alg);
	484	OPENSSL_free(*imprint);
	485	*imprint_len = 0;
	486	*imprint = 0;
	487	return 0;
	488	}
	489
9c422b5b	490	static int ts_check_imprints(X509_ALGOR *algor_a,
c47ba4e9	491	const unsigned char *imprint_a, unsigned len_a,
0f113f3e MC	492	TS_TST_INFO *tst_info)
0f113f3e MC	493	{
ca4a494c RS	494	TS_MSG_IMPRINT *b = tst_info->msg_imprint;
ca4a494c RS	495	X509_ALGOR *algor_b = b->hash_algo;
0f113f3e MC	496	int ret = 0;
0f113f3e MC	497
0f113f3e	498	if (algor_a) {
0f113f3e MC	499	if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm))
	500	goto err;
	501
	502	/* The parameter must be NULL in both. */
	503	if ((algor_a->parameter
	504	&& ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL)
	505	\|\| (algor_b->parameter
	506	&& ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL))
	507	goto err;
	508	}
	509
0f113f3e	510	ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) &&
17ebf85a	511	memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0;
c7235be6	512	err:
0f113f3e MC	513	if (!ret)
	514	TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
	515	return ret;
	516	}
c7235be6	517
9c422b5b	518	static int ts_check_nonces(const ASN1_INTEGER a, TS_TST_INFO tst_info)
0f113f3e	519	{
ca4a494c	520	const ASN1_INTEGER *b = tst_info->nonce;
0f113f3e	521
0f113f3e MC	522	if (!b) {
	523	TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
	524	return 0;
	525	}
	526
	527	/* No error if a nonce is returned without being requested. */
	528	if (ASN1_INTEGER_cmp(a, b) != 0) {
	529	TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
	530	return 0;
	531	}
	532
	533	return 1;
	534	}
	535
	536	/*
	537	* Check if the specified TSA name matches either the subject or one of the
	538	* subject alternative names of the TSA certificate.
	539	*/
9c422b5b	540	static int ts_check_signer_name(GENERAL_NAME tsa_name, X509 signer)
0f113f3e MC	541	{
	542	STACK_OF(GENERAL_NAME) *gen_names = NULL;
	543	int idx = -1;
	544	int found = 0;
	545
0f113f3e	546	if (tsa_name->type == GEN_DIRNAME
a8d8e06b	547	&& X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0)
0f113f3e	548	return 1;
0f113f3e	549	gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
75ebbd9a	550	while (gen_names != NULL) {
9c422b5b	551	found = ts_find_name(gen_names, tsa_name) >= 0;
75ebbd9a RS	552	if (found)
75ebbd9a RS	553	break;
0f113f3e MC	554	/*
	555	* Get the next subject alternative name, although there should be no
	556	* more than one.
	557	*/
	558	GENERAL_NAMES_free(gen_names);
75ebbd9a	559	gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
0f113f3e	560	}
25aaa98a	561	GENERAL_NAMES_free(gen_names);
0f113f3e MC	562
	563	return found;
	564	}
c7235be6 UM	565
c7235be6 UM	566	/* Returns 1 if name is in gen_names, 0 otherwise. */
9c422b5b	567	static int ts_find_name(STACK_OF(GENERAL_NAME) gen_names, GENERAL_NAME name)
0f113f3e MC	568	{
	569	int i, found;
	570	for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) {
	571	GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);
	572	found = GENERAL_NAME_cmp(current, name) == 0;
	573	}
	574	return found ? i - 1 : -1;
	575	}