static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names,
GENERAL_NAME *name);
+/*
+ * This must be large enough to hold all values in ts_status_text (with
+ * comma separator) or all text fields in ts_failure_info (also with comma).
+ */
+#define TS_STATUS_BUF_SIZE 256
+
/*
* Local mapping between response codes and descriptions.
- * Don't forget to change TS_STATUS_BUF_SIZE when modifying
- * the elements of this array.
*/
-static const char *ts_status_text[] = { "granted",
+static const char *ts_status_text[] = {
+ "granted",
"grantedWithMods",
"rejection",
"waiting",
#define TS_STATUS_TEXT_SIZE OSSL_NELEM(ts_status_text)
-/*
- * This must be greater or equal to the sum of the strings in TS_status_text
- * plus the number of its elements.
- */
-#define TS_STATUS_BUF_SIZE 256
-
static struct {
int code;
const char *text;
{TS_INFO_SYSTEM_FAILURE, "systemFailure"}
};
-#define TS_FAILURE_INFO_SIZE OSSL_NELEM(ts_failure_info)
-
/*-
* This function carries out the following tasks:
static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
{
int i;
+ unsigned char cert_sha1[SHA_DIGEST_LENGTH];
if (!cert_ids || !cert)
return -1;
+ X509_digest(cert, EVP_sha1(), cert_sha1, NULL);
+
/* Recompute SHA1 hash of certificate if necessary (side effect). */
X509_check_purpose(cert, -1, 0);
for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) {
ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);
- if (cid->hash->length == sizeof(cert->sha1_hash)
- && memcmp(cid->hash->data, cert->sha1_hash,
- sizeof(cert->sha1_hash)) == 0) {
+ if (cid->hash->length == SHA_DIGEST_LENGTH
+ && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) {
ESS_ISSUER_SERIAL *is = cid->issuer_serial;
if (!is || !ts_issuer_serial_cmp(is, cert))
return i;
return 1;
/* There was an error, get the description in status_text. */
- if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE)
+ if (0 <= status && status < (long) OSSL_NELEM(ts_status_text))
status_text = ts_status_text[status];
else
status_text = "unknown code";
if (ASN1_BIT_STRING_get_bit(info->failure_info,
ts_failure_info[i].code)) {
if (!first)
- strcpy(failure_text, ",");
+ strcat(failure_text, ",");
else
first = 0;
strcat(failure_text, ts_failure_info[i].text);
TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
const EVP_MD *md;
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx = NULL;
unsigned char buffer[4096];
int length;
goto err;
}
- if (!EVP_DigestInit(&md_ctx, md))
+ md_ctx = EVP_MD_CTX_create();
+ if (md_ctx == NULL) {
+ TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!EVP_DigestInit(md_ctx, md))
goto err;
while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
- if (!EVP_DigestUpdate(&md_ctx, buffer, length))
+ if (!EVP_DigestUpdate(md_ctx, buffer, length))
goto err;
}
- if (!EVP_DigestFinal(&md_ctx, *imprint, NULL))
+ if (!EVP_DigestFinal(md_ctx, *imprint, NULL))
goto err;
+ EVP_MD_CTX_destroy(md_ctx);
return 1;
err:
+ EVP_MD_CTX_destroy(md_ctx);
X509_ALGOR_free(*md_alg);
OPENSSL_free(*imprint);
*imprint_len = 0;