diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-03-16 16:04:08 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-04-28 14:10:47 +0200 |
commit | 176a9a682a22d556037b0a959911e6020c8d2ecd (patch) | |
tree | cc8f9c69a2c2f0d99a98d1b8c65826d11c1d72b9 /crypto | |
parent | 1751768cd191c3541dc89a2bb24da1e506385c37 (diff) |
TS ESS: Move four internal aux function to where they belong in crypto/ts
Also constify and slightly refactor them.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ess/ess_lib.c | 87 | ||||
-rw-r--r-- | crypto/ts/ts_rsp_sign.c | 50 | ||||
-rw-r--r-- | crypto/ts/ts_rsp_verify.c | 25 |
3 files changed, 73 insertions, 89 deletions
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index beda9c4c16..65444d383f 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -194,93 +194,6 @@ static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, return NULL; } -/* TODO the following four functions should be moved to ../ts/ */ -ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si) -{ - ASN1_TYPE *attr; - const unsigned char *p; - - attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate); - if (attr == NULL) - return NULL; - p = attr->value.sequence->data; - return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); -} - -ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si) -{ - ASN1_TYPE *attr; - const unsigned char *p; - - attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2); - if (attr == NULL) - return NULL; - p = attr->value.sequence->data; - return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length); -} - -int ossl_ess_signing_cert_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) -{ - ASN1_STRING *seq = NULL; - unsigned char *p, *pp = NULL; - int len; - - len = i2d_ESS_SIGNING_CERT(sc, NULL); - if (len <= 0) - goto err; - if ((pp = OPENSSL_malloc(len)) == NULL) { - ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE); - goto err; - } - p = pp; - i2d_ESS_SIGNING_CERT(sc, &p); - if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) { - ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE); - goto err; - } - OPENSSL_free(pp); - pp = NULL; - return PKCS7_add_signed_attribute(si, - NID_id_smime_aa_signingCertificate, - V_ASN1_SEQUENCE, seq); - err: - ASN1_STRING_free(seq); - OPENSSL_free(pp); - - return 0; -} - -int ossl_ess_signing_cert_v2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc) -{ - ASN1_STRING *seq = NULL; - unsigned char *p, *pp = NULL; - int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL); - - if (len <= 0) - goto err; - if ((pp = OPENSSL_malloc(len)) == NULL) { - ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE); - goto err; - } - - p = pp; - i2d_ESS_SIGNING_CERT_V2(sc, &p); - if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) { - ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE); - goto err; - } - - OPENSSL_free(pp); - pp = NULL; - return PKCS7_add_signed_attribute(si, - NID_id_smime_aa_signingCertificateV2, - V_ASN1_SEQUENCE, seq); - err: - ASN1_STRING_free(seq); - OPENSSL_free(pp); - return 0; -} - static int ess_issuer_serial_cmp(const ESS_ISSUER_SERIAL *is, const X509 *cert) { GENERAL_NAME *issuer; diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 8f0653c5d3..172d444d09 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -626,6 +626,52 @@ static int ts_RESP_process_extensions(TS_RESP_CTX *ctx) } /* Functions for signing the TS_TST_INFO structure of the context. */ +static int ossl_ess_add1_signing_cert(PKCS7_SIGNER_INFO *si, + const ESS_SIGNING_CERT *sc) +{ + ASN1_STRING *seq = NULL; + int len = i2d_ESS_SIGNING_CERT(sc, NULL); + unsigned char *p, *pp = OPENSSL_malloc(len); + + if (pp == NULL) + return 0; + + p = pp; + i2d_ESS_SIGNING_CERT(sc, &p); + if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) { + ASN1_STRING_free(seq); + OPENSSL_free(pp); + return 0; + } + + OPENSSL_free(pp); + return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate, + V_ASN1_SEQUENCE, seq); +} + +static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si, + const ESS_SIGNING_CERT_V2 *sc) +{ + ASN1_STRING *seq = NULL; + int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL); + unsigned char *p, *pp = OPENSSL_malloc(len); + + if (pp == NULL) + return 0; + + p = pp; + i2d_ESS_SIGNING_CERT_V2(sc, &p); + if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) { + ASN1_STRING_free(seq); + OPENSSL_free(pp); + return 0; + } + + OPENSSL_free(pp); + return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2, + V_ASN1_SEQUENCE, seq); +} + static int ts_RESP_sign(TS_RESP_CTX *ctx) { int ret = 0; @@ -691,7 +737,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) certs, 0)) == NULL) goto err; - if (!ossl_ess_signing_cert_add(si, sc)) { + if (!ossl_ess_add1_signing_cert(si, sc)) { ERR_raise(ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_ERROR); goto err; } @@ -701,7 +747,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) if (sc2 == NULL) goto err; - if (!ossl_ess_signing_cert_v2_add(si, sc2)) { + if (!ossl_ess_add1_signing_cert_v2(si, sc2)) { ERR_raise(ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR); goto err; } diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 56f40b1152..03e7312843 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -203,6 +203,31 @@ end: return ret; } +static ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si) +{ + ASN1_TYPE *attr; + const unsigned char *p; + + attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate); + if (attr == NULL) + return NULL; + p = attr->value.sequence->data; + return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); +} + +static +ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si) +{ + ASN1_TYPE *attr; + const unsigned char *p; + + attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2); + if (attr == NULL) + return NULL; + p = attr->value.sequence->data; + return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length); +} + static int ts_check_signing_certs(const PKCS7_SIGNER_INFO *si, const STACK_OF(X509) *chain) { |