diff options
author | FdaSilvaYY <fdasilvayy@gmail.com> | 2019-06-12 19:52:39 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-05-27 13:16:30 +0200 |
commit | 9e3c510bde91350c5a40b7ba4e9e0945895e9368 (patch) | |
tree | 1720a2cfea2ffded3a4e374e2c6e110f2499dbc4 /include | |
parent | f7f53d7d61bba235b8babf4cf580114d74183e3e (diff) |
crypto/cms: add CAdES-BES signed attributes validation
for signing certificate V2 and signing certificate extensions.
CAdES: lowercase name for now internal methods.
crypto/cms: generated file changes.
Add some CHANGES entries.
[extended tests]
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8098)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/cms.h | 10 | ||||
-rw-r--r-- | include/crypto/ess.h | 6 | ||||
-rw-r--r-- | include/openssl/cmserr.h | 4 | ||||
-rw-r--r-- | include/openssl/esserr.h | 3 |
4 files changed, 20 insertions, 3 deletions
diff --git a/include/crypto/cms.h b/include/crypto/cms.h index c630991d68..67263fa886 100644 --- a/include/crypto/cms.h +++ b/include/crypto/cms.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,7 +7,15 @@ * https://www.openssl.org/source/license.html */ +#ifndef OPENSSL_NO_CMS + /* internal CMS-ESS related stuff */ int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc); + +int cms_signerinfo_get_signing_cert_v2(CMS_SignerInfo *si, + ESS_SIGNING_CERT_V2 **psc); +int cms_signerinfo_get_signing_cert(CMS_SignerInfo *si, + ESS_SIGNING_CERT **psc); +#endif diff --git a/include/crypto/ess.h b/include/crypto/ess.h index ac6c5c61d7..6ae9a8180b 100644 --- a/include/crypto/ess.h +++ b/include/crypto/ess.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,6 +24,10 @@ ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg, STACK_OF(X509) *certs, int issuer_needed); +/* Returns < 0 if certificate is not found, certificate index otherwise. */ +int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, const X509 *cert); +int ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); + /*- * IssuerSerial ::= SEQUENCE { * issuer GeneralNames, diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h index 6cff785caa..97704bfa52 100644 --- a/include/openssl/cmserr.h +++ b/include/openssl/cmserr.h @@ -109,6 +109,7 @@ int ERR_load_CMS_strings(void); # define CMS_F_CMS_SIGN 0 # define CMS_F_CMS_SIGNED_DATA_INIT 0 # define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 0 +# define CMS_F_CMS_SIGNERINFO_GET_CHAIN 0 # define CMS_F_CMS_SIGNERINFO_SIGN 0 # define CMS_F_CMS_SIGNERINFO_VERIFY 0 # define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 0 @@ -118,6 +119,7 @@ int ERR_load_CMS_strings(void); # define CMS_F_CMS_STREAM 0 # define CMS_F_CMS_UNCOMPRESS 0 # define CMS_F_CMS_VERIFY 0 +# define CMS_F_ESS_CHECK_SIGNING_CERTS 0 # define CMS_F_KEK_UNWRAP_KEY 0 # endif @@ -147,6 +149,8 @@ int ERR_load_CMS_strings(void); # define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 # define CMS_R_ERROR_SETTING_KEY 115 # define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_ESS_NO_SIGNING_CERTID_ATTRIBUTE 182 +# define CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR 183 # define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 # define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 # define CMS_R_INVALID_KEY_LENGTH 118 diff --git a/include/openssl/esserr.h b/include/openssl/esserr.h index 8befce5c48..ff3c3d3d95 100644 --- a/include/openssl/esserr.h +++ b/include/openssl/esserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,7 @@ #ifndef OPENSSL_ESSERR_H # define OPENSSL_ESSERR_H +# pragma once # include <openssl/opensslconf.h> # include <openssl/symhacks.h> |