security-and-privacy/uts-server
security-and-privacy/uts-server
1
0
Fork 0
mirror of https://github.com/kakwa/uts-server synced 2025-07-04 20:47:09 +02:00
Code Issues Releases Wiki Activity

code cleaning an reorganization

Browse source
This commit is contained in:
kakwa 2016-09-12 08:39:03 +02:00
parent f92cb7213e
commit a6d73bfd49
6 changed files with 47 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

64
src/lib/rfc3161.c
View file

@ -23,28 +23,6 @@
#include <syslog.h>
#include "utils.h"
#define OID_SECTION "oids"
// number of char we get to log for the serial
#define SERIAL_ID_SIZE 8
/* Reply related functions. */
static int reply_command(CONF *conf, char *section, char *engine, char *query,
char *passin, char *inkey, const EVP_MD *md,
char *signer, char *chain, const char *policy,
char *in, int token_in, char *out, int token_out,
int text);
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
#define B_FORMAT_TEXT 0x8000
#define FORMAT_UNDEF 0
#define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
#define FORMAT_ASN1 4 /* ASN.1/DER */
/*
* Reply-related method definitions.
*/
int add_oid_section(rfc3161_context *ct, CONF *conf) {
char *p;
STACK_OF(CONF_VALUE) * sktmp;
@ -113,6 +91,27 @@ ts_resp_ctx_wrapper *get_ctxw(rfc3161_context *ct) {
return ret;
}
// Build a random serial for each request.
// It's less painful to manage than an incremental serial stored in a file
// and a 150 bits size is more than enough to prevent collision.
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data42) {
unsigned char data[20] = {0};
RAND_bytes(data, sizeof(data));
// data[0] &= 0x7F;
// build big number from our bytes
BIGNUM *bn = BN_new();
BN_bin2bn(data, sizeof(data), bn);
// build the ASN1_INTEGER from our BIGNUM
ASN1_INTEGER *asnInt = ASN1_INTEGER_new();
BN_to_ASN1_INTEGER(bn, asnInt);
// cleanup
BN_free(bn);
return asnInt;
}
// create a TS_RESP_CTX (OpenSSL Time-Stamp Response Context)
TS_RESP_CTX *create_tsctx(rfc3161_context *ct, CONF *conf, const char *section,
const char *policy) {
@ -353,24 +352,3 @@ end:
TS_RESP_free(ts_response);
return ret;
}
// Build a random serial for each request.
// It's less painful to manage than an incremental serial stored in a file
// and a 150 bits size is more than enough to prevent collision.
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data42) {
unsigned char data[20] = {0};
RAND_bytes(data, sizeof(data));
// data[0] &= 0x7F;
// build big number from our bytes
BIGNUM *bn = BN_new();
BN_bin2bn(data, sizeof(data), bn);
// build the ASN1_INTEGER from our BIGNUM
ASN1_INTEGER *asnInt = ASN1_INTEGER_new();
BN_to_ASN1_INTEGER(bn, asnInt);
// cleanup
BN_free(bn);
return asnInt;
}