crypto/cms: add CAdES-BES signed attributes validation

for signing certificate V2 and signing certificate extensions. CAdES: lowercase name for now internal methods. crypto/cms: generated file changes. Add some CHANGES entries. [extended tests] Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/8098)
author: FdaSilvaYY <fdasilvayy@gmail.com> 2019-06-12 19:52:39 +0200
committer: Tomas Mraz <tmraz@fedoraproject.org> 2020-05-27 13:16:30 +0200
commit: 9e3c510bde91350c5a40b7ba4e9e0945895e9368 (patch)
tree: 1720a2cfea2ffded3a4e374e2c6e110f2499dbc4 /include
parent: f7f53d7d61bba235b8babf4cf580114d74183e3e (diff)
4 files changed, 20 insertions, 3 deletions
diff --git a/include/crypto/cms.h b/include/crypto/cms.h
index c630991d68..67263fa886 100644
--- a/include/crypto/cms.h
+++ b/include/crypto/cms.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,7 +7,15 @@
  * https://www.openssl.org/source/license.html
  */
 
+#ifndef OPENSSL_NO_CMS
+
 /* internal CMS-ESS related stuff */
 
 int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
 int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc);
+
+int cms_signerinfo_get_signing_cert_v2(CMS_SignerInfo *si,
+                                       ESS_SIGNING_CERT_V2 **psc);
+int cms_signerinfo_get_signing_cert(CMS_SignerInfo *si,
+                                    ESS_SIGNING_CERT **psc);
+#endif
diff --git a/include/crypto/ess.h b/include/crypto/ess.h
index ac6c5c61d7..6ae9a8180b 100644
--- a/include/crypto/ess.h
+++ b/include/crypto/ess.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -24,6 +24,10 @@ ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg,
                                                   STACK_OF(X509) *certs,
                                                   int issuer_needed);
 
+/* Returns < 0 if certificate is not found, certificate index otherwise. */
+int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, const X509 *cert);
+int ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
+
 /*-
  * IssuerSerial ::= SEQUENCE {
  *        issuer                  GeneralNames,
diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h
index 6cff785caa..97704bfa52 100644
--- a/include/openssl/cmserr.h
+++ b/include/openssl/cmserr.h
@@ -109,6 +109,7 @@ int ERR_load_CMS_strings(void);
 #   define CMS_F_CMS_SIGN                                   0
 #   define CMS_F_CMS_SIGNED_DATA_INIT                       0
 #   define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN                0
+#   define CMS_F_CMS_SIGNERINFO_GET_CHAIN                   0
 #   define CMS_F_CMS_SIGNERINFO_SIGN                        0
 #   define CMS_F_CMS_SIGNERINFO_VERIFY                      0
 #   define CMS_F_CMS_SIGNERINFO_VERIFY_CERT                 0
@@ -118,6 +119,7 @@ int ERR_load_CMS_strings(void);
 #   define CMS_F_CMS_STREAM                                 0
 #   define CMS_F_CMS_UNCOMPRESS                             0
 #   define CMS_F_CMS_VERIFY                                 0
+#   define CMS_F_ESS_CHECK_SIGNING_CERTS                    0
 #   define CMS_F_KEK_UNWRAP_KEY                             0
 # endif
 
@@ -147,6 +149,8 @@ int ERR_load_CMS_strings(void);
 #  define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE      114
 #  define CMS_R_ERROR_SETTING_KEY                          115
 #  define CMS_R_ERROR_SETTING_RECIPIENTINFO                116
+#  define CMS_R_ESS_NO_SIGNING_CERTID_ATTRIBUTE            182
+#  define CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR          183
 #  define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH               117
 #  define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER           176
 #  define CMS_R_INVALID_KEY_LENGTH                         118
diff --git a/include/openssl/esserr.h b/include/openssl/esserr.h
index 8befce5c48..ff3c3d3d95 100644
--- a/include/openssl/esserr.h
+++ b/include/openssl/esserr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,6 +10,7 @@
 
 #ifndef OPENSSL_ESSERR_H
 # define OPENSSL_ESSERR_H
+# pragma once
 
 # include <openssl/opensslconf.h>
 # include <openssl/symhacks.h>
author	FdaSilvaYY <fdasilvayy@gmail.com>	2019-06-12 19:52:39 +0200
committer	Tomas Mraz <tmraz@fedoraproject.org>	2020-05-27 13:16:30 +0200
commit	9e3c510bde91350c5a40b7ba4e9e0945895e9368 (patch)
tree	1720a2cfea2ffded3a4e374e2c6e110f2499dbc4 /include
parent	f7f53d7d61bba235b8babf4cf580114d74183e3e (diff)