TS and CMS CAdES-BES: Refactor check_signing_certs() funcs into common ESS func

Also constify related CMS/PKCS7 functions and improve error codes thrown. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14503)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2021-03-12 19:45:40 +0100
committer: Dr. David von Oheimb <dev@ddvo.net> 2021-03-18 07:03:53 +0100
commit: 63b64f19c13d59d68dc2e525f454aea62a739842 (patch)
tree: a0eb5a23182f4d056dcb435dadf4c96fb50e76c1 /include
parent: bef876f97e26309ccd20f916cf1e5e305735ee98 (diff)
7 files changed, 19 insertions, 15 deletions
diff --git a/include/crypto/cms.h b/include/crypto/cms.h
index f1cf6bd6bf..fe1aed0c09 100644
--- a/include/crypto/cms.h
+++ b/include/crypto/cms.h
@@ -18,9 +18,9 @@
 int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
 int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc);
 
-int ossl_cms_signerinfo_get_signing_cert_v2(CMS_SignerInfo *si,
+int ossl_cms_signerinfo_get_signing_cert_v2(const CMS_SignerInfo *si,
                                             ESS_SIGNING_CERT_V2 **psc);
-int ossl_cms_signerinfo_get_signing_cert(CMS_SignerInfo *si,
+int ossl_cms_signerinfo_get_signing_cert(const CMS_SignerInfo *si,
                                          ESS_SIGNING_CERT **psc);
 # endif /* OPENSSL_NO_CMS */
 
diff --git a/include/crypto/ess.h b/include/crypto/ess.h
index 099e3de9a5..1961e39067 100644
--- a/include/crypto/ess.h
+++ b/include/crypto/ess.h
@@ -13,14 +13,14 @@
 
 /* internal ESS related stuff */
 
-ESS_SIGNING_CERT *ossl_ess_signing_cert_get(PKCS7_SIGNER_INFO *si);
+ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si);
 int ossl_ess_signing_cert_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
 
 ESS_SIGNING_CERT *ossl_ess_signing_cert_new_init(X509 *signcert,
                                                  STACK_OF(X509) *certs,
                                                  int issuer_needed);
 
-ESS_SIGNING_CERT_V2 *ossl_ess_signing_cert_v2_get(PKCS7_SIGNER_INFO *si);
+ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si);
 int ossl_ess_signing_cert_v2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc);
 
 ESS_SIGNING_CERT_V2 *ossl_ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
@@ -28,12 +28,10 @@ ESS_SIGNING_CERT_V2 *ossl_ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
                                                        STACK_OF(X509) *certs,
                                                        int issuer_needed);
 
-/* Returns < 0 if certificate is not found, certificate index otherwise. */
-int ossl_ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids,
-                          const X509 *cert);
-int ossl_ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
-int ossl_ess_find_cid(const STACK_OF(X509) *certs,
-                      ESS_CERT_ID *cid, ESS_CERT_ID_V2 *cid_v2);
+int ossl_ess_check_signing_certs(const ESS_SIGNING_CERT *ss,
+                                 const ESS_SIGNING_CERT_V2 *ssv2,
+                                 const STACK_OF(X509) *chain,
+                                 int require_signing_cert);
 
 /*-
  * IssuerSerial ::= SEQUENCE {
diff --git a/include/crypto/esserr.h b/include/crypto/esserr.h
index d253356a90..a87d4fabce 100644
--- a/include/crypto/esserr.h
+++ b/include/crypto/esserr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/cms.h.in b/include/openssl/cms.h.in
index 5ffd3b4405..e2912b47cc 100644
--- a/include/openssl/cms.h.in
+++ b/include/openssl/cms.h.in
@@ -310,7 +310,8 @@ int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
 int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
                                 const char *attrname, int type,
                                 const void *bytes, int len);
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
+void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si,
+                                  const ASN1_OBJECT *oid,
                                   int lastpos, int type);
 
 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h
index 418e8baff9..1c4f4c799d 100644
--- a/include/openssl/cmserr.h
+++ b/include/openssl/cmserr.h
@@ -49,7 +49,6 @@
 #  define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE      114
 #  define CMS_R_ERROR_SETTING_KEY                          115
 #  define CMS_R_ERROR_SETTING_RECIPIENTINFO                116
-#  define CMS_R_ESS_NO_SIGNING_CERTID_ATTRIBUTE            182
 #  define CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR          183
 #  define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH               117
 #  define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER           176
diff --git a/include/openssl/esserr.h b/include/openssl/esserr.h
index 2eb82c1eb7..0b9e89e4cb 100644
--- a/include/openssl/esserr.h
+++ b/include/openssl/esserr.h
@@ -21,8 +21,14 @@
 /*
  * ESS reason codes.
  */
+# define ESS_R_EMPTY_ESS_CERT_ID_LIST                     107
+# define ESS_R_ESS_CERT_DIGEST_ERROR                      103
+# define ESS_R_ESS_CERT_ID_NOT_FOUND                      104
+# define ESS_R_ESS_CERT_ID_WRONG_ORDER                    105
+# define ESS_R_ESS_DIGEST_ALG_UNKNOWN                     106
 # define ESS_R_ESS_SIGNING_CERTIFICATE_ERROR              102
 # define ESS_R_ESS_SIGNING_CERT_ADD_ERROR                 100
 # define ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR              101
+# define ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE      108
 
 #endif
diff --git a/include/openssl/pkcs7.h.in b/include/openssl/pkcs7.h.in
index df53acc2a1..87dda54115 100644
--- a/include/openssl/pkcs7.h.in
+++ b/include/openssl/pkcs7.h.in
@@ -304,8 +304,8 @@ int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type,
                                void *data);
 int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
                         void *value);
-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
+ASN1_TYPE *PKCS7_get_attribute(const PKCS7_SIGNER_INFO *si, int nid);
+ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid);
 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
                                 STACK_OF(X509_ATTRIBUTE) *sk);
 int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2021-03-12 19:45:40 +0100
committer	Dr. David von Oheimb <dev@ddvo.net>	2021-03-18 07:03:53 +0100
commit	63b64f19c13d59d68dc2e525f454aea62a739842 (patch)
tree	a0eb5a23182f4d056dcb435dadf4c96fb50e76c1 /include
parent	bef876f97e26309ccd20f916cf1e5e305735ee98 (diff)