1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * 4e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci */ 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci/* We need to use some engine deprecated APIs */ 11e1051a39Sopenharmony_ci#define OPENSSL_SUPPRESS_DEPRECATED 12e1051a39Sopenharmony_ci 13e1051a39Sopenharmony_ci#include <string.h> 14e1051a39Sopenharmony_ci 15e1051a39Sopenharmony_ci#include <openssl/crypto.h> 16e1051a39Sopenharmony_ci#include "internal/cryptlib.h" 17e1051a39Sopenharmony_ci#include <openssl/pem.h> 18e1051a39Sopenharmony_ci#include <openssl/engine.h> 19e1051a39Sopenharmony_ci#include <openssl/ts.h> 20e1051a39Sopenharmony_ci#include <openssl/conf_api.h> 21e1051a39Sopenharmony_ci 22e1051a39Sopenharmony_ci/* Macro definitions for the configuration file. */ 23e1051a39Sopenharmony_ci#define BASE_SECTION "tsa" 24e1051a39Sopenharmony_ci#define ENV_DEFAULT_TSA "default_tsa" 25e1051a39Sopenharmony_ci#define ENV_SERIAL "serial" 26e1051a39Sopenharmony_ci#define ENV_CRYPTO_DEVICE "crypto_device" 27e1051a39Sopenharmony_ci#define ENV_SIGNER_CERT "signer_cert" 28e1051a39Sopenharmony_ci#define ENV_CERTS "certs" 29e1051a39Sopenharmony_ci#define ENV_SIGNER_KEY "signer_key" 30e1051a39Sopenharmony_ci#define ENV_SIGNER_DIGEST "signer_digest" 31e1051a39Sopenharmony_ci#define ENV_DEFAULT_POLICY "default_policy" 32e1051a39Sopenharmony_ci#define ENV_OTHER_POLICIES "other_policies" 33e1051a39Sopenharmony_ci#define ENV_DIGESTS "digests" 34e1051a39Sopenharmony_ci#define ENV_ACCURACY "accuracy" 35e1051a39Sopenharmony_ci#define ENV_ORDERING "ordering" 36e1051a39Sopenharmony_ci#define ENV_TSA_NAME "tsa_name" 37e1051a39Sopenharmony_ci#define ENV_ESS_CERT_ID_CHAIN "ess_cert_id_chain" 38e1051a39Sopenharmony_ci#define ENV_VALUE_SECS "secs" 39e1051a39Sopenharmony_ci#define ENV_VALUE_MILLISECS "millisecs" 40e1051a39Sopenharmony_ci#define ENV_VALUE_MICROSECS "microsecs" 41e1051a39Sopenharmony_ci#define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" 42e1051a39Sopenharmony_ci#define ENV_VALUE_YES "yes" 43e1051a39Sopenharmony_ci#define ENV_VALUE_NO "no" 44e1051a39Sopenharmony_ci#define ENV_ESS_CERT_ID_ALG "ess_cert_id_alg" 45e1051a39Sopenharmony_ci 46e1051a39Sopenharmony_ci/* Function definitions for certificate and key loading. */ 47e1051a39Sopenharmony_ci 48e1051a39Sopenharmony_ciX509 *TS_CONF_load_cert(const char *file) 49e1051a39Sopenharmony_ci{ 50e1051a39Sopenharmony_ci BIO *cert = NULL; 51e1051a39Sopenharmony_ci X509 *x = NULL; 52e1051a39Sopenharmony_ci 53e1051a39Sopenharmony_ci if ((cert = BIO_new_file(file, "r")) == NULL) 54e1051a39Sopenharmony_ci goto end; 55e1051a39Sopenharmony_ci x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); 56e1051a39Sopenharmony_ci end: 57e1051a39Sopenharmony_ci if (x == NULL) 58e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_CERT); 59e1051a39Sopenharmony_ci BIO_free(cert); 60e1051a39Sopenharmony_ci return x; 61e1051a39Sopenharmony_ci} 62e1051a39Sopenharmony_ci 63e1051a39Sopenharmony_ciSTACK_OF(X509) *TS_CONF_load_certs(const char *file) 64e1051a39Sopenharmony_ci{ 65e1051a39Sopenharmony_ci BIO *certs = NULL; 66e1051a39Sopenharmony_ci STACK_OF(X509) *othercerts = NULL; 67e1051a39Sopenharmony_ci STACK_OF(X509_INFO) *allcerts = NULL; 68e1051a39Sopenharmony_ci int i; 69e1051a39Sopenharmony_ci 70e1051a39Sopenharmony_ci if ((certs = BIO_new_file(file, "r")) == NULL) 71e1051a39Sopenharmony_ci goto end; 72e1051a39Sopenharmony_ci if ((othercerts = sk_X509_new_null()) == NULL) 73e1051a39Sopenharmony_ci goto end; 74e1051a39Sopenharmony_ci 75e1051a39Sopenharmony_ci allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); 76e1051a39Sopenharmony_ci for (i = 0; i < sk_X509_INFO_num(allcerts); i++) { 77e1051a39Sopenharmony_ci X509_INFO *xi = sk_X509_INFO_value(allcerts, i); 78e1051a39Sopenharmony_ci 79e1051a39Sopenharmony_ci if (xi->x509 != NULL) { 80e1051a39Sopenharmony_ci if (!X509_add_cert(othercerts, xi->x509, X509_ADD_FLAG_DEFAULT)) { 81e1051a39Sopenharmony_ci sk_X509_pop_free(othercerts, X509_free); 82e1051a39Sopenharmony_ci othercerts = NULL; 83e1051a39Sopenharmony_ci goto end; 84e1051a39Sopenharmony_ci } 85e1051a39Sopenharmony_ci xi->x509 = NULL; 86e1051a39Sopenharmony_ci } 87e1051a39Sopenharmony_ci } 88e1051a39Sopenharmony_ci end: 89e1051a39Sopenharmony_ci if (othercerts == NULL) 90e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_CERT); 91e1051a39Sopenharmony_ci sk_X509_INFO_pop_free(allcerts, X509_INFO_free); 92e1051a39Sopenharmony_ci BIO_free(certs); 93e1051a39Sopenharmony_ci return othercerts; 94e1051a39Sopenharmony_ci} 95e1051a39Sopenharmony_ci 96e1051a39Sopenharmony_ciEVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) 97e1051a39Sopenharmony_ci{ 98e1051a39Sopenharmony_ci BIO *key = NULL; 99e1051a39Sopenharmony_ci EVP_PKEY *pkey = NULL; 100e1051a39Sopenharmony_ci 101e1051a39Sopenharmony_ci if ((key = BIO_new_file(file, "r")) == NULL) 102e1051a39Sopenharmony_ci goto end; 103e1051a39Sopenharmony_ci pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass); 104e1051a39Sopenharmony_ci end: 105e1051a39Sopenharmony_ci if (pkey == NULL) 106e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_KEY); 107e1051a39Sopenharmony_ci BIO_free(key); 108e1051a39Sopenharmony_ci return pkey; 109e1051a39Sopenharmony_ci} 110e1051a39Sopenharmony_ci 111e1051a39Sopenharmony_ci/* Function definitions for handling configuration options. */ 112e1051a39Sopenharmony_ci 113e1051a39Sopenharmony_cistatic void ts_CONF_lookup_fail(const char *name, const char *tag) 114e1051a39Sopenharmony_ci{ 115e1051a39Sopenharmony_ci ERR_raise_data(ERR_LIB_TS, TS_R_VAR_LOOKUP_FAILURE, "%s::%s", name, tag); 116e1051a39Sopenharmony_ci} 117e1051a39Sopenharmony_ci 118e1051a39Sopenharmony_cistatic void ts_CONF_invalid(const char *name, const char *tag) 119e1051a39Sopenharmony_ci{ 120e1051a39Sopenharmony_ci ERR_raise_data(ERR_LIB_TS, TS_R_VAR_BAD_VALUE, "%s::%s", name, tag); 121e1051a39Sopenharmony_ci} 122e1051a39Sopenharmony_ci 123e1051a39Sopenharmony_ciconst char *TS_CONF_get_tsa_section(CONF *conf, const char *section) 124e1051a39Sopenharmony_ci{ 125e1051a39Sopenharmony_ci if (!section) { 126e1051a39Sopenharmony_ci section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA); 127e1051a39Sopenharmony_ci if (!section) 128e1051a39Sopenharmony_ci ts_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); 129e1051a39Sopenharmony_ci } 130e1051a39Sopenharmony_ci return section; 131e1051a39Sopenharmony_ci} 132e1051a39Sopenharmony_ci 133e1051a39Sopenharmony_ciint TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, 134e1051a39Sopenharmony_ci TS_RESP_CTX *ctx) 135e1051a39Sopenharmony_ci{ 136e1051a39Sopenharmony_ci int ret = 0; 137e1051a39Sopenharmony_ci char *serial = NCONF_get_string(conf, section, ENV_SERIAL); 138e1051a39Sopenharmony_ci if (!serial) { 139e1051a39Sopenharmony_ci ts_CONF_lookup_fail(section, ENV_SERIAL); 140e1051a39Sopenharmony_ci goto err; 141e1051a39Sopenharmony_ci } 142e1051a39Sopenharmony_ci TS_RESP_CTX_set_serial_cb(ctx, cb, serial); 143e1051a39Sopenharmony_ci 144e1051a39Sopenharmony_ci ret = 1; 145e1051a39Sopenharmony_ci err: 146e1051a39Sopenharmony_ci return ret; 147e1051a39Sopenharmony_ci} 148e1051a39Sopenharmony_ci 149e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_ENGINE 150e1051a39Sopenharmony_ci 151e1051a39Sopenharmony_ciint TS_CONF_set_crypto_device(CONF *conf, const char *section, 152e1051a39Sopenharmony_ci const char *device) 153e1051a39Sopenharmony_ci{ 154e1051a39Sopenharmony_ci int ret = 0; 155e1051a39Sopenharmony_ci 156e1051a39Sopenharmony_ci if (device == NULL) 157e1051a39Sopenharmony_ci device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE); 158e1051a39Sopenharmony_ci 159e1051a39Sopenharmony_ci if (device && !TS_CONF_set_default_engine(device)) { 160e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_CRYPTO_DEVICE); 161e1051a39Sopenharmony_ci goto err; 162e1051a39Sopenharmony_ci } 163e1051a39Sopenharmony_ci ret = 1; 164e1051a39Sopenharmony_ci err: 165e1051a39Sopenharmony_ci return ret; 166e1051a39Sopenharmony_ci} 167e1051a39Sopenharmony_ci 168e1051a39Sopenharmony_ciint TS_CONF_set_default_engine(const char *name) 169e1051a39Sopenharmony_ci{ 170e1051a39Sopenharmony_ci ENGINE *e = NULL; 171e1051a39Sopenharmony_ci int ret = 0; 172e1051a39Sopenharmony_ci 173e1051a39Sopenharmony_ci if (strcmp(name, "builtin") == 0) 174e1051a39Sopenharmony_ci return 1; 175e1051a39Sopenharmony_ci 176e1051a39Sopenharmony_ci if ((e = ENGINE_by_id(name)) == NULL) 177e1051a39Sopenharmony_ci goto err; 178e1051a39Sopenharmony_ci if (strcmp(name, "chil") == 0) 179e1051a39Sopenharmony_ci ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); 180e1051a39Sopenharmony_ci if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) 181e1051a39Sopenharmony_ci goto err; 182e1051a39Sopenharmony_ci ret = 1; 183e1051a39Sopenharmony_ci 184e1051a39Sopenharmony_ci err: 185e1051a39Sopenharmony_ci if (!ret) 186e1051a39Sopenharmony_ci ERR_raise_data(ERR_LIB_TS, TS_R_COULD_NOT_SET_ENGINE, 187e1051a39Sopenharmony_ci "engine:%s", name); 188e1051a39Sopenharmony_ci ENGINE_free(e); 189e1051a39Sopenharmony_ci return ret; 190e1051a39Sopenharmony_ci} 191e1051a39Sopenharmony_ci 192e1051a39Sopenharmony_ci#endif 193e1051a39Sopenharmony_ci 194e1051a39Sopenharmony_ciint TS_CONF_set_signer_cert(CONF *conf, const char *section, 195e1051a39Sopenharmony_ci const char *cert, TS_RESP_CTX *ctx) 196e1051a39Sopenharmony_ci{ 197e1051a39Sopenharmony_ci int ret = 0; 198e1051a39Sopenharmony_ci X509 *cert_obj = NULL; 199e1051a39Sopenharmony_ci 200e1051a39Sopenharmony_ci if (cert == NULL) { 201e1051a39Sopenharmony_ci cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT); 202e1051a39Sopenharmony_ci if (cert == NULL) { 203e1051a39Sopenharmony_ci ts_CONF_lookup_fail(section, ENV_SIGNER_CERT); 204e1051a39Sopenharmony_ci goto err; 205e1051a39Sopenharmony_ci } 206e1051a39Sopenharmony_ci } 207e1051a39Sopenharmony_ci if ((cert_obj = TS_CONF_load_cert(cert)) == NULL) 208e1051a39Sopenharmony_ci goto err; 209e1051a39Sopenharmony_ci if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj)) 210e1051a39Sopenharmony_ci goto err; 211e1051a39Sopenharmony_ci 212e1051a39Sopenharmony_ci ret = 1; 213e1051a39Sopenharmony_ci err: 214e1051a39Sopenharmony_ci X509_free(cert_obj); 215e1051a39Sopenharmony_ci return ret; 216e1051a39Sopenharmony_ci} 217e1051a39Sopenharmony_ci 218e1051a39Sopenharmony_ciint TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, 219e1051a39Sopenharmony_ci TS_RESP_CTX *ctx) 220e1051a39Sopenharmony_ci{ 221e1051a39Sopenharmony_ci int ret = 0; 222e1051a39Sopenharmony_ci STACK_OF(X509) *certs_obj = NULL; 223e1051a39Sopenharmony_ci 224e1051a39Sopenharmony_ci if (certs == NULL) { 225e1051a39Sopenharmony_ci /* Certificate chain is optional. */ 226e1051a39Sopenharmony_ci if ((certs = NCONF_get_string(conf, section, ENV_CERTS)) == NULL) 227e1051a39Sopenharmony_ci goto end; 228e1051a39Sopenharmony_ci } 229e1051a39Sopenharmony_ci if ((certs_obj = TS_CONF_load_certs(certs)) == NULL) 230e1051a39Sopenharmony_ci goto err; 231e1051a39Sopenharmony_ci if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) 232e1051a39Sopenharmony_ci goto err; 233e1051a39Sopenharmony_ci end: 234e1051a39Sopenharmony_ci ret = 1; 235e1051a39Sopenharmony_ci err: 236e1051a39Sopenharmony_ci sk_X509_pop_free(certs_obj, X509_free); 237e1051a39Sopenharmony_ci return ret; 238e1051a39Sopenharmony_ci} 239e1051a39Sopenharmony_ci 240e1051a39Sopenharmony_ciint TS_CONF_set_signer_key(CONF *conf, const char *section, 241e1051a39Sopenharmony_ci const char *key, const char *pass, 242e1051a39Sopenharmony_ci TS_RESP_CTX *ctx) 243e1051a39Sopenharmony_ci{ 244e1051a39Sopenharmony_ci int ret = 0; 245e1051a39Sopenharmony_ci EVP_PKEY *key_obj = NULL; 246e1051a39Sopenharmony_ci if (!key) 247e1051a39Sopenharmony_ci key = NCONF_get_string(conf, section, ENV_SIGNER_KEY); 248e1051a39Sopenharmony_ci if (!key) { 249e1051a39Sopenharmony_ci ts_CONF_lookup_fail(section, ENV_SIGNER_KEY); 250e1051a39Sopenharmony_ci goto err; 251e1051a39Sopenharmony_ci } 252e1051a39Sopenharmony_ci if ((key_obj = TS_CONF_load_key(key, pass)) == NULL) 253e1051a39Sopenharmony_ci goto err; 254e1051a39Sopenharmony_ci if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) 255e1051a39Sopenharmony_ci goto err; 256e1051a39Sopenharmony_ci 257e1051a39Sopenharmony_ci ret = 1; 258e1051a39Sopenharmony_ci err: 259e1051a39Sopenharmony_ci EVP_PKEY_free(key_obj); 260e1051a39Sopenharmony_ci return ret; 261e1051a39Sopenharmony_ci} 262e1051a39Sopenharmony_ci 263e1051a39Sopenharmony_ciint TS_CONF_set_signer_digest(CONF *conf, const char *section, 264e1051a39Sopenharmony_ci const char *md, TS_RESP_CTX *ctx) 265e1051a39Sopenharmony_ci{ 266e1051a39Sopenharmony_ci int ret = 0; 267e1051a39Sopenharmony_ci const EVP_MD *sign_md = NULL; 268e1051a39Sopenharmony_ci if (md == NULL) 269e1051a39Sopenharmony_ci md = NCONF_get_string(conf, section, ENV_SIGNER_DIGEST); 270e1051a39Sopenharmony_ci if (md == NULL) { 271e1051a39Sopenharmony_ci ts_CONF_lookup_fail(section, ENV_SIGNER_DIGEST); 272e1051a39Sopenharmony_ci goto err; 273e1051a39Sopenharmony_ci } 274e1051a39Sopenharmony_ci sign_md = EVP_get_digestbyname(md); 275e1051a39Sopenharmony_ci if (sign_md == NULL) { 276e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_SIGNER_DIGEST); 277e1051a39Sopenharmony_ci goto err; 278e1051a39Sopenharmony_ci } 279e1051a39Sopenharmony_ci if (!TS_RESP_CTX_set_signer_digest(ctx, sign_md)) 280e1051a39Sopenharmony_ci goto err; 281e1051a39Sopenharmony_ci 282e1051a39Sopenharmony_ci ret = 1; 283e1051a39Sopenharmony_ci err: 284e1051a39Sopenharmony_ci return ret; 285e1051a39Sopenharmony_ci} 286e1051a39Sopenharmony_ci 287e1051a39Sopenharmony_ciint TS_CONF_set_def_policy(CONF *conf, const char *section, 288e1051a39Sopenharmony_ci const char *policy, TS_RESP_CTX *ctx) 289e1051a39Sopenharmony_ci{ 290e1051a39Sopenharmony_ci int ret = 0; 291e1051a39Sopenharmony_ci ASN1_OBJECT *policy_obj = NULL; 292e1051a39Sopenharmony_ci 293e1051a39Sopenharmony_ci if (policy == NULL) 294e1051a39Sopenharmony_ci policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY); 295e1051a39Sopenharmony_ci if (policy == NULL) { 296e1051a39Sopenharmony_ci ts_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); 297e1051a39Sopenharmony_ci goto err; 298e1051a39Sopenharmony_ci } 299e1051a39Sopenharmony_ci if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) { 300e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_DEFAULT_POLICY); 301e1051a39Sopenharmony_ci goto err; 302e1051a39Sopenharmony_ci } 303e1051a39Sopenharmony_ci if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj)) 304e1051a39Sopenharmony_ci goto err; 305e1051a39Sopenharmony_ci 306e1051a39Sopenharmony_ci ret = 1; 307e1051a39Sopenharmony_ci err: 308e1051a39Sopenharmony_ci ASN1_OBJECT_free(policy_obj); 309e1051a39Sopenharmony_ci return ret; 310e1051a39Sopenharmony_ci} 311e1051a39Sopenharmony_ci 312e1051a39Sopenharmony_ciint TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) 313e1051a39Sopenharmony_ci{ 314e1051a39Sopenharmony_ci int ret = 0; 315e1051a39Sopenharmony_ci int i; 316e1051a39Sopenharmony_ci STACK_OF(CONF_VALUE) *list = NULL; 317e1051a39Sopenharmony_ci char *policies = NCONF_get_string(conf, section, ENV_OTHER_POLICIES); 318e1051a39Sopenharmony_ci 319e1051a39Sopenharmony_ci /* If no other policy is specified, that's fine. */ 320e1051a39Sopenharmony_ci if (policies && (list = X509V3_parse_list(policies)) == NULL) { 321e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_OTHER_POLICIES); 322e1051a39Sopenharmony_ci goto err; 323e1051a39Sopenharmony_ci } 324e1051a39Sopenharmony_ci for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { 325e1051a39Sopenharmony_ci CONF_VALUE *val = sk_CONF_VALUE_value(list, i); 326e1051a39Sopenharmony_ci const char *extval = val->value ? val->value : val->name; 327e1051a39Sopenharmony_ci ASN1_OBJECT *objtmp; 328e1051a39Sopenharmony_ci 329e1051a39Sopenharmony_ci if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { 330e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_OTHER_POLICIES); 331e1051a39Sopenharmony_ci goto err; 332e1051a39Sopenharmony_ci } 333e1051a39Sopenharmony_ci if (!TS_RESP_CTX_add_policy(ctx, objtmp)) 334e1051a39Sopenharmony_ci goto err; 335e1051a39Sopenharmony_ci ASN1_OBJECT_free(objtmp); 336e1051a39Sopenharmony_ci } 337e1051a39Sopenharmony_ci 338e1051a39Sopenharmony_ci ret = 1; 339e1051a39Sopenharmony_ci err: 340e1051a39Sopenharmony_ci sk_CONF_VALUE_pop_free(list, X509V3_conf_free); 341e1051a39Sopenharmony_ci return ret; 342e1051a39Sopenharmony_ci} 343e1051a39Sopenharmony_ci 344e1051a39Sopenharmony_ciint TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) 345e1051a39Sopenharmony_ci{ 346e1051a39Sopenharmony_ci int ret = 0; 347e1051a39Sopenharmony_ci int i; 348e1051a39Sopenharmony_ci STACK_OF(CONF_VALUE) *list = NULL; 349e1051a39Sopenharmony_ci char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); 350e1051a39Sopenharmony_ci 351e1051a39Sopenharmony_ci if (digests == NULL) { 352e1051a39Sopenharmony_ci ts_CONF_lookup_fail(section, ENV_DIGESTS); 353e1051a39Sopenharmony_ci goto err; 354e1051a39Sopenharmony_ci } 355e1051a39Sopenharmony_ci if ((list = X509V3_parse_list(digests)) == NULL) { 356e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_DIGESTS); 357e1051a39Sopenharmony_ci goto err; 358e1051a39Sopenharmony_ci } 359e1051a39Sopenharmony_ci if (sk_CONF_VALUE_num(list) == 0) { 360e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_DIGESTS); 361e1051a39Sopenharmony_ci goto err; 362e1051a39Sopenharmony_ci } 363e1051a39Sopenharmony_ci for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { 364e1051a39Sopenharmony_ci CONF_VALUE *val = sk_CONF_VALUE_value(list, i); 365e1051a39Sopenharmony_ci const char *extval = val->value ? val->value : val->name; 366e1051a39Sopenharmony_ci const EVP_MD *md; 367e1051a39Sopenharmony_ci 368e1051a39Sopenharmony_ci if ((md = EVP_get_digestbyname(extval)) == NULL) { 369e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_DIGESTS); 370e1051a39Sopenharmony_ci goto err; 371e1051a39Sopenharmony_ci } 372e1051a39Sopenharmony_ci if (!TS_RESP_CTX_add_md(ctx, md)) 373e1051a39Sopenharmony_ci goto err; 374e1051a39Sopenharmony_ci } 375e1051a39Sopenharmony_ci 376e1051a39Sopenharmony_ci ret = 1; 377e1051a39Sopenharmony_ci err: 378e1051a39Sopenharmony_ci sk_CONF_VALUE_pop_free(list, X509V3_conf_free); 379e1051a39Sopenharmony_ci return ret; 380e1051a39Sopenharmony_ci} 381e1051a39Sopenharmony_ci 382e1051a39Sopenharmony_ciint TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) 383e1051a39Sopenharmony_ci{ 384e1051a39Sopenharmony_ci int ret = 0; 385e1051a39Sopenharmony_ci int i; 386e1051a39Sopenharmony_ci int secs = 0, millis = 0, micros = 0; 387e1051a39Sopenharmony_ci STACK_OF(CONF_VALUE) *list = NULL; 388e1051a39Sopenharmony_ci char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); 389e1051a39Sopenharmony_ci 390e1051a39Sopenharmony_ci if (accuracy && (list = X509V3_parse_list(accuracy)) == NULL) { 391e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_ACCURACY); 392e1051a39Sopenharmony_ci goto err; 393e1051a39Sopenharmony_ci } 394e1051a39Sopenharmony_ci for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { 395e1051a39Sopenharmony_ci CONF_VALUE *val = sk_CONF_VALUE_value(list, i); 396e1051a39Sopenharmony_ci if (strcmp(val->name, ENV_VALUE_SECS) == 0) { 397e1051a39Sopenharmony_ci if (val->value) 398e1051a39Sopenharmony_ci secs = atoi(val->value); 399e1051a39Sopenharmony_ci } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) { 400e1051a39Sopenharmony_ci if (val->value) 401e1051a39Sopenharmony_ci millis = atoi(val->value); 402e1051a39Sopenharmony_ci } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) { 403e1051a39Sopenharmony_ci if (val->value) 404e1051a39Sopenharmony_ci micros = atoi(val->value); 405e1051a39Sopenharmony_ci } else { 406e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_ACCURACY); 407e1051a39Sopenharmony_ci goto err; 408e1051a39Sopenharmony_ci } 409e1051a39Sopenharmony_ci } 410e1051a39Sopenharmony_ci if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros)) 411e1051a39Sopenharmony_ci goto err; 412e1051a39Sopenharmony_ci 413e1051a39Sopenharmony_ci ret = 1; 414e1051a39Sopenharmony_ci err: 415e1051a39Sopenharmony_ci sk_CONF_VALUE_pop_free(list, X509V3_conf_free); 416e1051a39Sopenharmony_ci return ret; 417e1051a39Sopenharmony_ci} 418e1051a39Sopenharmony_ci 419e1051a39Sopenharmony_ciint TS_CONF_set_clock_precision_digits(const CONF *conf, const char *section, 420e1051a39Sopenharmony_ci TS_RESP_CTX *ctx) 421e1051a39Sopenharmony_ci{ 422e1051a39Sopenharmony_ci int ret = 0; 423e1051a39Sopenharmony_ci long digits = 0; 424e1051a39Sopenharmony_ci 425e1051a39Sopenharmony_ci /* 426e1051a39Sopenharmony_ci * If not specified, set the default value to 0, i.e. sec precision 427e1051a39Sopenharmony_ci */ 428e1051a39Sopenharmony_ci digits = _CONF_get_number(conf, section, ENV_CLOCK_PRECISION_DIGITS); 429e1051a39Sopenharmony_ci if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) { 430e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); 431e1051a39Sopenharmony_ci goto err; 432e1051a39Sopenharmony_ci } 433e1051a39Sopenharmony_ci 434e1051a39Sopenharmony_ci if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits)) 435e1051a39Sopenharmony_ci goto err; 436e1051a39Sopenharmony_ci 437e1051a39Sopenharmony_ci return 1; 438e1051a39Sopenharmony_ci err: 439e1051a39Sopenharmony_ci return ret; 440e1051a39Sopenharmony_ci} 441e1051a39Sopenharmony_ci 442e1051a39Sopenharmony_cistatic int ts_CONF_add_flag(CONF *conf, const char *section, 443e1051a39Sopenharmony_ci const char *field, int flag, TS_RESP_CTX *ctx) 444e1051a39Sopenharmony_ci{ 445e1051a39Sopenharmony_ci const char *value = NCONF_get_string(conf, section, field); 446e1051a39Sopenharmony_ci 447e1051a39Sopenharmony_ci if (value) { 448e1051a39Sopenharmony_ci if (strcmp(value, ENV_VALUE_YES) == 0) 449e1051a39Sopenharmony_ci TS_RESP_CTX_add_flags(ctx, flag); 450e1051a39Sopenharmony_ci else if (strcmp(value, ENV_VALUE_NO) != 0) { 451e1051a39Sopenharmony_ci ts_CONF_invalid(section, field); 452e1051a39Sopenharmony_ci return 0; 453e1051a39Sopenharmony_ci } 454e1051a39Sopenharmony_ci } 455e1051a39Sopenharmony_ci 456e1051a39Sopenharmony_ci return 1; 457e1051a39Sopenharmony_ci} 458e1051a39Sopenharmony_ci 459e1051a39Sopenharmony_ciint TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx) 460e1051a39Sopenharmony_ci{ 461e1051a39Sopenharmony_ci return ts_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); 462e1051a39Sopenharmony_ci} 463e1051a39Sopenharmony_ci 464e1051a39Sopenharmony_ciint TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx) 465e1051a39Sopenharmony_ci{ 466e1051a39Sopenharmony_ci return ts_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); 467e1051a39Sopenharmony_ci} 468e1051a39Sopenharmony_ci 469e1051a39Sopenharmony_ciint TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, 470e1051a39Sopenharmony_ci TS_RESP_CTX *ctx) 471e1051a39Sopenharmony_ci{ 472e1051a39Sopenharmony_ci return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, 473e1051a39Sopenharmony_ci TS_ESS_CERT_ID_CHAIN, ctx); 474e1051a39Sopenharmony_ci} 475e1051a39Sopenharmony_ci 476e1051a39Sopenharmony_ciint TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, 477e1051a39Sopenharmony_ci TS_RESP_CTX *ctx) 478e1051a39Sopenharmony_ci{ 479e1051a39Sopenharmony_ci int ret = 0; 480e1051a39Sopenharmony_ci const EVP_MD *cert_md = NULL; 481e1051a39Sopenharmony_ci const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG); 482e1051a39Sopenharmony_ci 483e1051a39Sopenharmony_ci if (md == NULL) 484e1051a39Sopenharmony_ci md = "sha1"; 485e1051a39Sopenharmony_ci 486e1051a39Sopenharmony_ci cert_md = EVP_get_digestbyname(md); 487e1051a39Sopenharmony_ci if (cert_md == NULL) { 488e1051a39Sopenharmony_ci ts_CONF_invalid(section, ENV_ESS_CERT_ID_ALG); 489e1051a39Sopenharmony_ci goto err; 490e1051a39Sopenharmony_ci } 491e1051a39Sopenharmony_ci 492e1051a39Sopenharmony_ci if (!TS_RESP_CTX_set_ess_cert_id_digest(ctx, cert_md)) 493e1051a39Sopenharmony_ci goto err; 494e1051a39Sopenharmony_ci 495e1051a39Sopenharmony_ci ret = 1; 496e1051a39Sopenharmony_cierr: 497e1051a39Sopenharmony_ci return ret; 498e1051a39Sopenharmony_ci} 499