From 9c422b5b1ebc9871a7306f66648aa16c8769082a Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Wed, 3 Jun 2015 22:04:48 -0400 Subject: [PATCH] Rename all static TS_xxx to ts_xxx Reviewed-by: Richard Levitte --- crypto/ts/ts_conf.c | 46 ++++++------- crypto/ts/ts_rsp_print.c | 12 ++-- crypto/ts/ts_rsp_sign.c | 62 ++++++++--------- crypto/ts/ts_rsp_verify.c | 139 +++++++++++++++++--------------------- 4 files changed, 121 insertions(+), 138 deletions(-) diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index 1e511bee75..4d303f7b0b 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -152,12 +152,12 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) /* Function definitions for handling configuration options. */ -static void TS_CONF_lookup_fail(const char *name, const char *tag) +static void ts_CONF_lookup_fail(const char *name, const char *tag) { fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag); } -static void TS_CONF_invalid(const char *name, const char *tag) +static void ts_CONF_invalid(const char *name, const char *tag) { fprintf(stderr, "invalid variable value for %s::%s\n", name, tag); } @@ -167,7 +167,7 @@ const char *TS_CONF_get_tsa_section(CONF *conf, const char *section) if (!section) { section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA); if (!section) - TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); + ts_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); } return section; } @@ -178,7 +178,7 @@ int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, int ret = 0; char *serial = NCONF_get_string(conf, section, ENV_SERIAL); if (!serial) { - TS_CONF_lookup_fail(section, ENV_SERIAL); + ts_CONF_lookup_fail(section, ENV_SERIAL); goto err; } TS_RESP_CTX_set_serial_cb(ctx, cb, serial); @@ -199,7 +199,7 @@ int TS_CONF_set_crypto_device(CONF *conf, const char *section, device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE); if (device && !TS_CONF_set_default_engine(device)) { - TS_CONF_invalid(section, ENV_CRYPTO_DEVICE); + ts_CONF_invalid(section, ENV_CRYPTO_DEVICE); goto err; } ret = 1; @@ -246,7 +246,7 @@ int TS_CONF_set_signer_cert(CONF *conf, const char *section, if (cert == NULL) { cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT); if (cert == NULL) { - TS_CONF_lookup_fail(section, ENV_SIGNER_CERT); + ts_CONF_lookup_fail(section, ENV_SIGNER_CERT); goto err; } } @@ -292,7 +292,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section, if (!key) key = NCONF_get_string(conf, section, ENV_SIGNER_KEY); if (!key) { - TS_CONF_lookup_fail(section, ENV_SIGNER_KEY); + ts_CONF_lookup_fail(section, ENV_SIGNER_KEY); goto err; } if ((key_obj = TS_CONF_load_key(key, pass)) == NULL) @@ -314,11 +314,11 @@ int TS_CONF_set_def_policy(CONF *conf, const char *section, if (!policy) policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY); if (!policy) { - TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); + ts_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); goto err; } if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) { - TS_CONF_invalid(section, ENV_DEFAULT_POLICY); + ts_CONF_invalid(section, ENV_DEFAULT_POLICY); goto err; } if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj)) @@ -339,7 +339,7 @@ int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) /* If no other policy is specified, that's fine. */ if (policies && (list = X509V3_parse_list(policies)) == NULL) { - TS_CONF_invalid(section, ENV_OTHER_POLICIES); + ts_CONF_invalid(section, ENV_OTHER_POLICIES); goto err; } for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { @@ -348,7 +348,7 @@ int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) ASN1_OBJECT *objtmp; if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { - TS_CONF_invalid(section, ENV_OTHER_POLICIES); + ts_CONF_invalid(section, ENV_OTHER_POLICIES); goto err; } if (!TS_RESP_CTX_add_policy(ctx, objtmp)) @@ -370,15 +370,15 @@ int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); if (digests == NULL) { - TS_CONF_lookup_fail(section, ENV_DIGESTS); + ts_CONF_lookup_fail(section, ENV_DIGESTS); goto err; } if ((list = X509V3_parse_list(digests)) == NULL) { - TS_CONF_invalid(section, ENV_DIGESTS); + ts_CONF_invalid(section, ENV_DIGESTS); goto err; } if (sk_CONF_VALUE_num(list) == 0) { - TS_CONF_invalid(section, ENV_DIGESTS); + ts_CONF_invalid(section, ENV_DIGESTS); goto err; } for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { @@ -387,7 +387,7 @@ int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) const EVP_MD *md; if ((md = EVP_get_digestbyname(extval)) == NULL) { - TS_CONF_invalid(section, ENV_DIGESTS); + ts_CONF_invalid(section, ENV_DIGESTS); goto err; } if (!TS_RESP_CTX_add_md(ctx, md)) @@ -409,7 +409,7 @@ int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); if (accuracy && (list = X509V3_parse_list(accuracy)) == NULL) { - TS_CONF_invalid(section, ENV_ACCURACY); + ts_CONF_invalid(section, ENV_ACCURACY); goto err; } for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { @@ -424,7 +424,7 @@ int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) if (val->value) micros = atoi(val->value); } else { - TS_CONF_invalid(section, ENV_ACCURACY); + ts_CONF_invalid(section, ENV_ACCURACY); goto err; } } @@ -450,7 +450,7 @@ int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, &digits)) digits = 0; if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) { - TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); + ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); goto err; } @@ -462,7 +462,7 @@ int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, return ret; } -static int TS_CONF_add_flag(CONF *conf, const char *section, +static int ts_CONF_add_flag(CONF *conf, const char *section, const char *field, int flag, TS_RESP_CTX *ctx) { /* Default is false. */ @@ -471,7 +471,7 @@ static int TS_CONF_add_flag(CONF *conf, const char *section, if (strcmp(value, ENV_VALUE_YES) == 0) TS_RESP_CTX_add_flags(ctx, flag); else if (strcmp(value, ENV_VALUE_NO) != 0) { - TS_CONF_invalid(section, field); + ts_CONF_invalid(section, field); return 0; } } @@ -481,17 +481,17 @@ static int TS_CONF_add_flag(CONF *conf, const char *section, int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx) { - return TS_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); + return ts_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); } int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx) { - return TS_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); + return ts_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); } int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, TS_RESP_CTX *ctx) { - return TS_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, + return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, TS_ESS_CERT_ID_CHAIN, ctx); } diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c index 108cd2fe02..b71985f46c 100644 --- a/crypto/ts/ts_rsp_print.c +++ b/crypto/ts/ts_rsp_print.c @@ -71,9 +71,9 @@ struct status_map_st { /* Local function declarations. */ -static int TS_status_map_print(BIO *bio, const struct status_map_st *a, +static int ts_status_map_print(BIO *bio, const struct status_map_st *a, const ASN1_BIT_STRING *v); -static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy); +static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy); /* Function definitions. */ @@ -149,7 +149,7 @@ int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a) /* Printing failure information. */ BIO_printf(bio, "Failure info: "); if (a->failure_info != NULL) - lines = TS_status_map_print(bio, failure_map, a->failure_info); + lines = ts_status_map_print(bio, failure_map, a->failure_info); if (lines == 0) BIO_printf(bio, "unspecified"); BIO_printf(bio, "\n"); @@ -157,7 +157,7 @@ int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a) return 1; } -static int TS_status_map_print(BIO *bio, const struct status_map_st *a, +static int ts_status_map_print(BIO *bio, const struct status_map_st *a, const ASN1_BIT_STRING *v) { int lines = 0; @@ -219,7 +219,7 @@ int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a) if (accuracy == NULL) BIO_printf(bio, "unspecified"); else - TS_ACCURACY_print_bio(bio, accuracy); + ts_ACCURACY_print_bio(bio, accuracy); BIO_write(bio, "\n", 1); /* Print ordering. */ @@ -254,7 +254,7 @@ int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a) return 1; } -static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy) +static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy) { const ASN1_INTEGER *seconds = TS_ACCURACY_get_seconds(accuracy); const ASN1_INTEGER *millis = TS_ACCURACY_get_millis(accuracy); diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index c28d936dfe..d90d33ffea 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -73,19 +73,19 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); -static void TS_RESP_CTX_init(TS_RESP_CTX *ctx); -static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx); -static int TS_RESP_check_request(TS_RESP_CTX *ctx); -static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx); -static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, +static void ts_RESP_CTX_init(TS_RESP_CTX *ctx); +static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx); +static int ts_RESP_check_request(TS_RESP_CTX *ctx); +static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx); +static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); -static int TS_RESP_process_extensions(TS_RESP_CTX *ctx); -static int TS_RESP_sign(TS_RESP_CTX *ctx); +static int ts_RESP_process_extensions(TS_RESP_CTX *ctx); +static int ts_RESP_sign(TS_RESP_CTX *ctx); -static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, +static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs); -static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed); -static int TS_TST_INFO_content_new(PKCS7 *p7); +static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed); +static int ts_TST_INFO_content_new(PKCS7 *p7); static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); static ASN1_GENERALIZEDTIME @@ -427,7 +427,7 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) TS_RESP *response; int result = 0; - TS_RESP_CTX_init(ctx); + ts_RESP_CTX_init(ctx); /* Creating the response object. */ if ((ctx->response = TS_RESP_new()) == NULL) { @@ -448,23 +448,23 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) goto end; /* Checking the request format. */ - if (!TS_RESP_check_request(ctx)) + if (!ts_RESP_check_request(ctx)) goto end; /* Checking acceptable policies. */ - if ((policy = TS_RESP_get_policy(ctx)) == NULL) + if ((policy = ts_RESP_get_policy(ctx)) == NULL) goto end; /* Creating the TS_TST_INFO object. */ - if ((ctx->tst_info = TS_RESP_create_tst_info(ctx, policy)) == NULL) + if ((ctx->tst_info = ts_RESP_create_tst_info(ctx, policy)) == NULL) goto end; /* Processing extensions. */ - if (!TS_RESP_process_extensions(ctx)) + if (!ts_RESP_process_extensions(ctx)) goto end; /* Generating the signature. */ - if (!TS_RESP_sign(ctx)) + if (!ts_RESP_sign(ctx)) goto end; /* Everything was successful. */ @@ -484,12 +484,12 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) } response = ctx->response; ctx->response = NULL; /* Ownership will be returned to caller. */ - TS_RESP_CTX_cleanup(ctx); + ts_RESP_CTX_cleanup(ctx); return response; } /* Initializes the variable part of the context. */ -static void TS_RESP_CTX_init(TS_RESP_CTX *ctx) +static void ts_RESP_CTX_init(TS_RESP_CTX *ctx) { ctx->request = NULL; ctx->response = NULL; @@ -497,7 +497,7 @@ static void TS_RESP_CTX_init(TS_RESP_CTX *ctx) } /* Cleans up the variable part of the context. */ -static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx) +static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx) { TS_REQ_free(ctx->request); ctx->request = NULL; @@ -508,7 +508,7 @@ static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx) } /* Checks the format and content of the request. */ -static int TS_RESP_check_request(TS_RESP_CTX *ctx) +static int ts_RESP_check_request(TS_RESP_CTX *ctx) { TS_REQ *request = ctx->request; TS_MSG_IMPRINT *msg_imprint; @@ -564,7 +564,7 @@ static int TS_RESP_check_request(TS_RESP_CTX *ctx) } /* Returns the TSA policy based on the requested and acceptable policies. */ -static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx) +static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx) { ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request); ASN1_OBJECT *policy = NULL; @@ -597,7 +597,7 @@ static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx) } /* Creates the TS_TST_INFO object based on the settings of the context. */ -static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, +static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) { int result = 0; @@ -683,7 +683,7 @@ static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, } /* Processing the extensions of the request. */ -static int TS_RESP_process_extensions(TS_RESP_CTX *ctx) +static int ts_RESP_process_extensions(TS_RESP_CTX *ctx) { STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request); int i; @@ -704,7 +704,7 @@ static int TS_RESP_process_extensions(TS_RESP_CTX *ctx) } /* Functions for signing the TS_TST_INFO structure of the context. */ -static int TS_RESP_sign(TS_RESP_CTX *ctx) +static int ts_RESP_sign(TS_RESP_CTX *ctx) { int ret = 0; PKCS7 *p7 = NULL; @@ -764,7 +764,7 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx) * certificate id and optionally the certificate chain. */ certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; - if ((sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL) + if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL) goto err; /* Add SigningCertificate signed attribute to the signer info. */ @@ -774,7 +774,7 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx) } /* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */ - if (!TS_TST_INFO_content_new(p7)) + if (!ts_TST_INFO_content_new(p7)) goto err; /* Add the DER encoded tst_info to the PKCS7 structure. */ @@ -812,7 +812,7 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx) return ret; } -static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, +static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs) { ESS_CERT_ID *cid; @@ -827,13 +827,13 @@ static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, goto err; /* Adding the signing certificate id. */ - if ((cid = ESS_CERT_ID_new_init(signcert, 0)) == NULL + if ((cid = ess_CERT_ID_new_init(signcert, 0)) == NULL || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) goto err; /* Adding the certificate chain ids. */ for (i = 0; i < sk_X509_num(certs); ++i) { X509 *cert = sk_X509_value(certs, i); - if ((cid = ESS_CERT_ID_new_init(cert, 1)) == NULL + if ((cid = ess_CERT_ID_new_init(cert, 1)) == NULL || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) goto err; } @@ -845,7 +845,7 @@ static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, return NULL; } -static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) +static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed) { ESS_CERT_ID *cid = NULL; GENERAL_NAME *name = NULL; @@ -889,7 +889,7 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) return NULL; } -static int TS_TST_INFO_content_new(PKCS7 *p7) +static int ts_TST_INFO_content_new(PKCS7 *p7) { PKCS7 *ret = NULL; ASN1_OCTET_STRING *octet_string = NULL; diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 116e116997..342c524c7c 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -65,27 +65,27 @@ /* Private function declarations. */ -static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, +static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, STACK_OF(X509) **chain); -static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, +static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain); -static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si); -static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); -static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); -static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, +static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si); +static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); +static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); +static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, TS_TST_INFO *tst_info); -static int TS_check_status_info(TS_RESP *response); -static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); -static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info); -static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, +static int ts_check_status_info(TS_RESP *response); +static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); +static int ts_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info); +static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg, unsigned char **imprint, unsigned *imprint_len); -static int TS_check_imprints(X509_ALGOR *algor_a, +static int ts_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a, TS_TST_INFO *tst_info); -static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); -static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); -static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, +static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); +static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); +static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name); /* @@ -93,7 +93,7 @@ static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, * Don't forget to change TS_STATUS_BUF_SIZE when modifying * the elements of this array. */ -static const char *TS_status_text[] = { "granted", +static const char *ts_status_text[] = { "granted", "grantedWithMods", "rejection", "waiting", @@ -101,7 +101,7 @@ static const char *TS_status_text[] = { "granted", "revocationNotification" }; -#define TS_STATUS_TEXT_SIZE OSSL_NELEM(TS_status_text) +#define TS_STATUS_TEXT_SIZE OSSL_NELEM(ts_status_text) /* * This must be greater or equal to the sum of the strings in TS_status_text @@ -112,35 +112,18 @@ static const char *TS_status_text[] = { "granted", static struct { int code; const char *text; -} TS_failure_info[] = { - { - TS_INFO_BAD_ALG, "badAlg" - }, - { - TS_INFO_BAD_REQUEST, "badRequest" - }, - { - TS_INFO_BAD_DATA_FORMAT, "badDataFormat" - }, - { - TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable" - }, - { - TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy" - }, - { - TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension" - }, - { - TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable" - }, - { - TS_INFO_SYSTEM_FAILURE, "systemFailure" - } +} ts_failure_info[] = { + {TS_INFO_BAD_ALG, "badAlg"}, + {TS_INFO_BAD_REQUEST, "badRequest"}, + {TS_INFO_BAD_DATA_FORMAT, "badDataFormat"}, + {TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"}, + {TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"}, + {TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"}, + {TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"}, + {TS_INFO_SYSTEM_FAILURE, "systemFailure"} }; -#define TS_FAILURE_INFO_SIZE (sizeof(TS_failure_info) / \ - sizeof(*TS_failure_info)) +#define TS_FAILURE_INFO_SIZE OSSL_NELEM(ts_failure_info) /* Functions for verifying a signed TS_TST_INFO structure. */ @@ -204,13 +187,13 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, signer = sk_X509_value(signers, 0); /* Now verify the certificate. */ - if (!TS_verify_cert(store, certs, signer, &chain)) + if (!ts_verify_cert(store, certs, signer, &chain)) goto err; /* * Check if the signer certificate is consistent with the ESS extension. */ - if (!TS_check_signing_certs(si, chain)) + if (!ts_check_signing_certs(si, chain)) goto err; /* Creating the message digest. */ @@ -246,7 +229,7 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, * The certificate chain is returned in chain. Caller is responsible for * freeing the vector. */ -static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, +static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, STACK_OF(X509) **chain) { X509_STORE_CTX cert_ctx; @@ -274,10 +257,10 @@ static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, return ret; } -static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, +static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain) { - ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si); + ESS_SIGNING_CERT *ss = ess_get_signing_cert(si); STACK_OF(ESS_CERT_ID) *cert_ids = NULL; X509 *cert; int i = 0; @@ -288,7 +271,7 @@ static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, cert_ids = ss->cert_ids; /* The signer certificate must be the first in cert_ids. */ cert = sk_X509_value(chain, 0); - if (TS_find_cert(cert_ids, cert) != 0) + if (ts_find_cert(cert_ids, cert) != 0) goto err; /* @@ -299,7 +282,7 @@ static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, /* All the certificates of the chain must be in cert_ids. */ for (i = 1; i < sk_X509_num(chain); ++i) { cert = sk_X509_value(chain, i); - if (TS_find_cert(cert_ids, cert) < 0) + if (ts_find_cert(cert_ids, cert) < 0) goto err; } } @@ -312,7 +295,7 @@ static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, return ret; } -static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) +static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si) { ASN1_TYPE *attr; const unsigned char *p; @@ -324,7 +307,7 @@ static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) } /* Returns < 0 if certificate is not found, certificate index otherwise. */ -static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) +static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) { int i; @@ -344,7 +327,7 @@ static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) sizeof(cert->sha1_hash))) { /* Check the issuer/serial as well if specified. */ ESS_ISSUER_SERIAL *is = cid->issuer_serial; - if (!is || !TS_issuer_serial_cmp(is, cert->cert_info)) + if (!is || !ts_issuer_serial_cmp(is, cert->cert_info)) return i; } } @@ -352,7 +335,7 @@ static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) return -1; } -static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) +static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) { GENERAL_NAME *issuer; @@ -385,11 +368,11 @@ int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) int ret = 0; /* Check if we have a successful TS_TST_INFO object in place. */ - if (!TS_check_status_info(response)) + if (!ts_check_status_info(response)) goto err; /* Check the contents of the time stamp token. */ - if (!int_TS_RESP_verify_token(ctx, token, tst_info)) + if (!int_ts_RESP_verify_token(ctx, token, tst_info)) goto err; ret = 1; @@ -406,7 +389,7 @@ int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token); int ret = 0; if (tst_info) { - ret = int_TS_RESP_verify_token(ctx, token, tst_info); + ret = int_ts_RESP_verify_token(ctx, token, tst_info); TS_TST_INFO_free(tst_info); } return ret; @@ -424,7 +407,7 @@ int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) * - Check if the TSA name matches the signer. * - Check if the TSA name is the expected TSA. */ -static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, +static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, TS_TST_INFO *tst_info) { X509 *signer = NULL; @@ -448,37 +431,37 @@ static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, /* Check policies. */ if ((ctx->flags & TS_VFY_POLICY) - && !TS_check_policy(ctx->policy, tst_info)) + && !ts_check_policy(ctx->policy, tst_info)) goto err; /* Check message imprints. */ if ((ctx->flags & TS_VFY_IMPRINT) - && !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, + && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, tst_info)) goto err; /* Compute and check message imprints. */ if ((ctx->flags & TS_VFY_DATA) - && (!TS_compute_imprint(ctx->data, tst_info, + && (!ts_compute_imprint(ctx->data, tst_info, &md_alg, &imprint, &imprint_len) - || !TS_check_imprints(md_alg, imprint, imprint_len, tst_info))) + || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info))) goto err; /* Check nonces. */ if ((ctx->flags & TS_VFY_NONCE) - && !TS_check_nonces(ctx->nonce, tst_info)) + && !ts_check_nonces(ctx->nonce, tst_info)) goto err; /* Check whether TSA name and signer certificate match. */ if ((ctx->flags & TS_VFY_SIGNER) - && tsa_name && !TS_check_signer_name(tsa_name, signer)) { + && tsa_name && !ts_check_signer_name(tsa_name, signer)) { TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH); goto err; } /* Check whether the TSA is the expected one. */ if ((ctx->flags & TS_VFY_TSA_NAME) - && !TS_check_signer_name(ctx->tsa_name, signer)) { + && !ts_check_signer_name(ctx->tsa_name, signer)) { TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED); goto err; } @@ -491,7 +474,7 @@ static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, return ret; } -static int TS_check_status_info(TS_RESP *response) +static int ts_check_status_info(TS_RESP *response) { TS_STATUS_INFO *info = TS_RESP_get_status_info(response); long status = ASN1_INTEGER_get(info->status); @@ -505,13 +488,13 @@ static int TS_check_status_info(TS_RESP *response) /* There was an error, get the description in status_text. */ if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE) - status_text = TS_status_text[status]; + status_text = ts_status_text[status]; else status_text = "unknown code"; /* Set the embedded_status_text to the returned description. */ if (sk_ASN1_UTF8STRING_num(info->text) > 0 - && (embedded_status_text = TS_get_status_text(info->text)) == NULL) + && (embedded_status_text = ts_get_status_text(info->text)) == NULL) return 0; /* Filling in failure_text with the failure information. */ @@ -520,12 +503,12 @@ static int TS_check_status_info(TS_RESP *response) int first = 1; for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i) { if (ASN1_BIT_STRING_get_bit(info->failure_info, - TS_failure_info[i].code)) { + ts_failure_info[i].code)) { if (!first) strcpy(failure_text, ","); else first = 0; - strcat(failure_text, TS_failure_info[i].text); + strcat(failure_text, ts_failure_info[i].text); } } } @@ -544,7 +527,7 @@ static int TS_check_status_info(TS_RESP *response) return 0; } -static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) +static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) { int i; unsigned int length = 0; @@ -577,7 +560,7 @@ static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) return result; } -static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) +static int ts_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) { ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); @@ -589,7 +572,7 @@ static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) return 1; } -static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, +static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg, unsigned char **imprint, unsigned *imprint_len) { @@ -641,7 +624,7 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, return 0; } -static int TS_check_imprints(X509_ALGOR *algor_a, +static int ts_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a, TS_TST_INFO *tst_info) { @@ -672,7 +655,7 @@ static int TS_check_imprints(X509_ALGOR *algor_a, return ret; } -static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) +static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) { const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info); @@ -695,7 +678,7 @@ static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) * Check if the specified TSA name matches either the subject or one of the * subject alternative names of the TSA certificate. */ -static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) +static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) { STACK_OF(GENERAL_NAME) *gen_names = NULL; int idx = -1; @@ -709,7 +692,7 @@ static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) /* Check all the alternative names. */ gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx); while (gen_names != NULL) { - found = TS_find_name(gen_names, tsa_name) >= 0; + found = ts_find_name(gen_names, tsa_name) >= 0; if (found) break; /* @@ -725,7 +708,7 @@ static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) } /* Returns 1 if name is in gen_names, 0 otherwise. */ -static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name) +static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name) { int i, found; for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) { -- 2.34.1