From 4189dc3782c5989dbaa7d247e41a96a25b27c940 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Tue, 16 Mar 2021 16:41:52 +0100 Subject: [PATCH] CMS ESS: Move four internal aux function to where they belong in crypto/cms Also constify and slightly refactor them. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14601) --- crypto/cms/cms_ess.c | 119 ++++++++++++++++++--------------------- crypto/cms/cms_sd.c | 51 ++++++++++++++++- crypto/ess/ess_asn1.c | 64 +-------------------- doc/man3/X509_dup.pod | 2 + include/crypto/cms.h | 27 --------- include/openssl/ess.h.in | 6 +- util/libcrypto.num | 2 + 7 files changed, 112 insertions(+), 159 deletions(-) delete mode 100644 include/crypto/cms.h diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index fd9903eee8..d029b75b69 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -16,7 +16,6 @@ #include #include #include "crypto/ess.h" -#include "crypto/cms.h" #include "crypto/x509.h" #include "cms_local.h" @@ -46,6 +45,60 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) return 1; } +/* + * Returns 0 if attribute is not found, 1 if found, + * or -1 on attribute parsing failure. + */ +static int ossl_cms_signerinfo_get_signing_cert(const CMS_SignerInfo *si, + ESS_SIGNING_CERT **psc) +{ + ASN1_STRING *str; + ESS_SIGNING_CERT *sc; + ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificate); + + if (psc != NULL) + *psc = NULL; + str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE); + if (str == NULL) + return 0; + + sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT)); + if (sc == NULL) + return -1; + if (psc != NULL) + *psc = sc; + else + ESS_SIGNING_CERT_free(sc); + return 1; +} + +/* + * Returns 0 if attribute is not found, 1 if found, + * or -1 on attribute parsing failure. + */ +static int ossl_cms_signerinfo_get_signing_cert_v2(const CMS_SignerInfo *si, + ESS_SIGNING_CERT_V2 **psc) +{ + ASN1_STRING *str; + ESS_SIGNING_CERT_V2 *sc; + ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificateV2); + + if (psc != NULL) + *psc = NULL; + str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE); + if (str == NULL) + return 0; + + sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT_V2)); + if (sc == NULL) + return -1; + if (psc != NULL) + *psc = sc; + else + ESS_SIGNING_CERT_V2_free(sc); + return 1; +} + int ossl_cms_check_signing_certs(const CMS_SignerInfo *si, const STACK_OF(X509) *chain) { @@ -361,67 +414,3 @@ ASN1_OCTET_STRING *ossl_cms_encode_Receipt(CMS_SignerInfo *si) CMS_ReceiptRequest_free(rr); return os; } - -/* - * Add signer certificate's V2 digest |sc| to a SignerInfo structure |si| - */ - -int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc) -{ - ASN1_STRING *seq = NULL; - unsigned char *p, *pp = NULL; - int len; - - /* Add SigningCertificateV2 signed attribute to the signer info. */ - len = i2d_ESS_SIGNING_CERT_V2(sc, NULL); - if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) - goto err; - p = pp; - i2d_ESS_SIGNING_CERT_V2(sc, &p); - if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) - goto err; - OPENSSL_free(pp); - pp = NULL; - if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificateV2, - V_ASN1_SEQUENCE, seq, -1)) - goto err; - ASN1_STRING_free(seq); - return 1; - err: - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(seq); - OPENSSL_free(pp); - return 0; -} - -/* - * Add signer certificate's digest |sc| to a SignerInfo structure |si| - */ - -int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc) -{ - ASN1_STRING *seq = NULL; - unsigned char *p, *pp = NULL; - int len; - - /* Add SigningCertificate signed attribute to the signer info. */ - len = i2d_ESS_SIGNING_CERT(sc, NULL); - if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) - goto err; - p = pp; - i2d_ESS_SIGNING_CERT(sc, &p); - if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) - goto err; - OPENSSL_free(pp); - pp = NULL; - if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificate, - V_ASN1_SEQUENCE, seq, -1)) - goto err; - ASN1_STRING_free(seq); - return 1; - err: - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(seq); - OPENSSL_free(pp); - return 0; -} diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 43dbec6004..d208822c4b 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -18,7 +18,6 @@ #include "internal/sizes.h" #include "crypto/asn1.h" #include "crypto/evp.h" -#include "crypto/cms.h" #include "crypto/ess.h" #include "crypto/x509.h" /* for ossl_x509_add_cert_new() */ #include "cms_local.h" @@ -253,6 +252,56 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) return 1; } +/* Add SigningCertificate signed attribute to the signer info. */ +static int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, + const ESS_SIGNING_CERT *sc) +{ + ASN1_STRING *seq = NULL; + unsigned char *p, *pp = NULL; + int ret, len = i2d_ESS_SIGNING_CERT(sc, NULL); + + if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) + return 0; + + p = pp; + i2d_ESS_SIGNING_CERT(sc, &p); + if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { + ASN1_STRING_free(seq); + OPENSSL_free(pp); + return 0; + } + OPENSSL_free(pp); + ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificate, + V_ASN1_SEQUENCE, seq, -1); + ASN1_STRING_free(seq); + return ret; +} + +/* Add SigningCertificateV2 signed attribute to the signer info. */ +static int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, + const ESS_SIGNING_CERT_V2 *sc) +{ + ASN1_STRING *seq = NULL; + unsigned char *p, *pp = NULL; + int ret, len = i2d_ESS_SIGNING_CERT_V2(sc, NULL); + + if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) + return 0; + + p = pp; + i2d_ESS_SIGNING_CERT_V2(sc, &p); + if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { + ASN1_STRING_free(seq); + OPENSSL_free(pp); + return 0; + } + OPENSSL_free(pp); + ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificateV2, + V_ASN1_SEQUENCE, seq, -1); + ASN1_STRING_free(seq); + return ret; +} + CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk, const EVP_MD *md, unsigned int flags) diff --git a/crypto/ess/ess_asn1.c b/crypto/ess/ess_asn1.c index 681ac4e727..68bc854c99 100644 --- a/crypto/ess/ess_asn1.c +++ b/crypto/ess/ess_asn1.c @@ -13,7 +13,6 @@ #include #include #include "crypto/ess.h" -#include "crypto/cms.h" /* ASN1 stuff for ESS Structure */ @@ -36,7 +35,7 @@ IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID) ASN1_SEQUENCE(ESS_SIGNING_CERT) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO) -} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT) +} ASN1_SEQUENCE_END(ESS_SIGNING_CERT) IMPLEMENT_ASN1_FUNCTIONS(ESS_SIGNING_CERT) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) @@ -53,66 +52,7 @@ IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) -} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2) +} ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_FUNCTIONS(ESS_SIGNING_CERT_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) - -/* TODO the following two functions should be moved to ../cms/ */ -/* No cms support means no CMS_SignerInfo* definitions */ -#ifndef OPENSSL_NO_CMS - -/* - * Returns 0 if attribute is not found, 1 if found, - * or -1 on attribute parsing failure. - */ -int ossl_cms_signerinfo_get_signing_cert_v2(const CMS_SignerInfo *si, - ESS_SIGNING_CERT_V2 **psc) -{ - ASN1_STRING *str; - ESS_SIGNING_CERT_V2 *sc; - ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificateV2); - - if (psc != NULL) - *psc = NULL; - str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE); - if (str == NULL) - return 0; - - sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT_V2)); - if (sc == NULL) - return -1; - if (psc != NULL) - *psc = sc; - else - ESS_SIGNING_CERT_V2_free(sc); - return 1; -} - -/* - * Returns 0 if attribute is not found, 1 if found, - * or -1 on attribute parsing failure. - */ -int ossl_cms_signerinfo_get_signing_cert(const CMS_SignerInfo *si, - ESS_SIGNING_CERT **psc) -{ - ASN1_STRING *str; - ESS_SIGNING_CERT *sc; - ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificate); - - if (psc != NULL) - *psc = NULL; - str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE); - if (str == NULL) - return 0; - - sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT)); - if (sc == NULL) - return -1; - if (psc != NULL) - *psc = sc; - else - ESS_SIGNING_CERT_free(sc); - return 1; -} -#endif /* !OPENSSL_NO_CMS */ diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index 9629082310..b68d42e934 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -61,9 +61,11 @@ ESS_ISSUER_SERIAL_free, ESS_ISSUER_SERIAL_new, ESS_SIGNING_CERT_dup, ESS_SIGNING_CERT_free, +ESS_SIGNING_CERT_it, ESS_SIGNING_CERT_new, ESS_SIGNING_CERT_V2_dup, ESS_SIGNING_CERT_V2_free, +ESS_SIGNING_CERT_V2_it, ESS_SIGNING_CERT_V2_new, EXTENDED_KEY_USAGE_free, EXTENDED_KEY_USAGE_new, diff --git a/include/crypto/cms.h b/include/crypto/cms.h deleted file mode 100644 index fe1aed0c09..0000000000 --- a/include/crypto/cms.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_CMS_H -# define OSSL_CRYPTO_CMS_H -# pragma once - -# ifndef OPENSSL_NO_CMS - -/* internal CMS-ESS related stuff */ - -int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); -int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc); - -int ossl_cms_signerinfo_get_signing_cert_v2(const CMS_SignerInfo *si, - ESS_SIGNING_CERT_V2 **psc); -int ossl_cms_signerinfo_get_signing_cert(const CMS_SignerInfo *si, - ESS_SIGNING_CERT **psc); -# endif /* OPENSSL_NO_CMS */ - -#endif diff --git a/include/openssl/ess.h.in b/include/openssl/ess.h.in index c35d8ef82d..d1a685b98e 100644 --- a/include/openssl/ess.h.in +++ b/include/openssl/ess.h.in @@ -52,16 +52,14 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID) DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID, ESS_CERT_ID) DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID) -DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT) -DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT, ESS_SIGNING_CERT) +DECLARE_ASN1_FUNCTIONS(ESS_SIGNING_CERT) DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID_V2) DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID_V2, ESS_CERT_ID_V2) DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) -DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT_V2) -DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT_V2, ESS_SIGNING_CERT_V2) +DECLARE_ASN1_FUNCTIONS(ESS_SIGNING_CERT_V2) DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) ESS_SIGNING_CERT *OSSL_ESS_signing_cert_new_init(const X509 *signcert, diff --git a/util/libcrypto.num b/util/libcrypto.num index dcfc71b13d..54978afe20 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5318,6 +5318,8 @@ BIO_f_readbuffer ? 3_0_0 EXIST::FUNCTION: OSSL_ESS_check_signing_certs ? 3_0_0 EXIST::FUNCTION: OSSL_ESS_signing_cert_new_init ? 3_0_0 EXIST::FUNCTION: OSSL_ESS_signing_cert_v2_new_init ? 3_0_0 EXIST::FUNCTION: +ESS_SIGNING_CERT_it ? 3_0_0 EXIST::FUNCTION: +ESS_SIGNING_CERT_V2_it ? 3_0_0 EXIST::FUNCTION: EVP_DigestInit_ex2 ? 3_0_0 EXIST::FUNCTION: EVP_EncryptInit_ex2 ? 3_0_0 EXIST::FUNCTION: EVP_DecryptInit_ex2 ? 3_0_0 EXIST::FUNCTION: