From 8c00f267b8df1a8c70eff8198de40aa561299e48 Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Wed, 31 Jul 2019 19:14:12 +1000 Subject: [PATCH] CAdES : lowercase name for now internal methods. CAdES : rework CAdES signing API. Make it private, as it is unused outside library bounds. Fix varous doc-nits. Reviewed-by: Paul Dale Reviewed-by: Shane Lontis Reviewed-by: Matthias St. Pierre --- crypto/cms/cms_ess.c | 12 +++++------- crypto/cms/cms_sd.c | 7 +++++-- crypto/err/openssl.txt | 4 ++-- crypto/include/internal/cms_int.h | 13 +++++++++++++ crypto/include/internal/ess_int.h | 9 +++++++++ .../man3/cms_add1_signing_cert.pod} | 13 +++++++------ doc/man3/X509_dup.pod | 6 ++++++ doc/man3/d2i_X509.pod | 4 ++++ include/openssl/cms.h | 3 --- include/openssl/ess.h | 7 ------- util/libcrypto.num | 4 ---- util/missingcrypto.txt | 10 ---------- util/missingcrypto111.txt | 10 ---------- 13 files changed, 51 insertions(+), 51 deletions(-) create mode 100644 crypto/include/internal/cms_int.h rename doc/{man3/CMS_add1_signing_cert.pod => internal/man3/cms_add1_signing_cert.pod} (69%) diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 95e3628d9c..8f80f6ba5d 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -17,6 +17,7 @@ #include #include "cms_lcl.h" #include "internal/ess_int.h" +#include "internal/cms_int.h" IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) @@ -339,12 +340,10 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) } /* - * Add signer certificate's V2 digest to a SignerInfo - * structure + * Add signer certificate's V2 digest |sc| to a SignerInfo structure |si| */ -int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, - ESS_SIGNING_CERT_V2 *sc) +int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp; @@ -373,11 +372,10 @@ int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, } /* - * Add signer certificate's digest to a SignerInfo - * structure + * Add signer certificate's digest |sc| to a SignerInfo structure |si| */ -int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc) +int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp; diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 40a3356359..4de750bd72 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -14,9 +14,12 @@ #include #include #include +#include #include "cms_lcl.h" #include "internal/asn1_int.h" #include "internal/evp_int.h" +#include "internal/cms_int.h" +#include "internal/ess_int.h" /* CMS SignedData Utilities */ @@ -355,13 +358,13 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if ((sc = ESS_SIGNING_CERT_new_init(signer, NULL, 1)) == NULL) goto err; - add_sc = CMS_add1_signing_cert(si, sc); + add_sc = cms_add1_signing_cert(si, sc); ESS_SIGNING_CERT_free(sc); } else { if ((sc2 = ESS_SIGNING_CERT_V2_new_init(md, signer, NULL, 1)) == NULL) goto err; - add_sc = CMS_add1_signing_cert_v2(si, sc2); + add_sc = cms_add1_signing_cert_v2(si, sc2); ESS_SIGNING_CERT_V2_free(sc2); } if (!add_sc) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index ede1c57a7b..d172f4c288 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -246,8 +246,8 @@ CMS_F_CMS_ADD1_RECEIPTREQUEST:158:CMS_add1_ReceiptRequest CMS_F_CMS_ADD1_RECIPIENT_CERT:101:CMS_add1_recipient_cert CMS_F_CMS_ADD1_SIGNER:102:CMS_add1_signer CMS_F_CMS_ADD1_SIGNINGTIME:103:cms_add1_signingTime -CMS_F_CMS_ADD1_SIGNING_CERT:181:CMS_add1_signing_cert -CMS_F_CMS_ADD1_SIGNING_CERT_V2:182:CMS_add1_signing_cert_v2 +CMS_F_CMS_ADD1_SIGNING_CERT:181:cms_add1_signing_cert +CMS_F_CMS_ADD1_SIGNING_CERT_V2:182:cms_add1_signing_cert_v2 CMS_F_CMS_COMPRESS:104:CMS_compress CMS_F_CMS_COMPRESSEDDATA_CREATE:105:cms_CompressedData_create CMS_F_CMS_COMPRESSEDDATA_INIT_BIO:106:cms_CompressedData_init_bio diff --git a/crypto/include/internal/cms_int.h b/crypto/include/internal/cms_int.h new file mode 100644 index 0000000000..c630991d68 --- /dev/null +++ b/crypto/include/internal/cms_int.h @@ -0,0 +1,13 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* internal CMS-ESS related stuff */ + +int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); +int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc); diff --git a/crypto/include/internal/ess_int.h b/crypto/include/internal/ess_int.h index 26476ae984..ac6c5c61d7 100644 --- a/crypto/include/internal/ess_int.h +++ b/crypto/include/internal/ess_int.h @@ -12,9 +12,18 @@ ESS_SIGNING_CERT *ESS_SIGNING_CERT_get(PKCS7_SIGNER_INFO *si); int ESS_SIGNING_CERT_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, + STACK_OF(X509) *certs, + int issuer_needed); + ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_get(PKCS7_SIGNER_INFO *si); int ESS_SIGNING_CERT_V2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc); +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg, + X509 *signcert, + STACK_OF(X509) *certs, + int issuer_needed); + /*- * IssuerSerial ::= SEQUENCE { * issuer GeneralNames, diff --git a/doc/man3/CMS_add1_signing_cert.pod b/doc/internal/man3/cms_add1_signing_cert.pod similarity index 69% rename from doc/man3/CMS_add1_signing_cert.pod rename to doc/internal/man3/cms_add1_signing_cert.pod index 035e679d2c..a825c07190 100644 --- a/doc/man3/CMS_add1_signing_cert.pod +++ b/doc/internal/man3/cms_add1_signing_cert.pod @@ -2,7 +2,7 @@ =head1 NAME -CMS_add1_signing_cert, CMS_add1_signing_cert_v2 +cms_add1_signing_cert, cms_add1_signing_cert_v2 - add ESS signing-certificate signed attribute to a CMS_SignerInfo data structure @@ -10,15 +10,15 @@ CMS_SignerInfo data structure #include - int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); + int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); - int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc2); + int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc2); =head1 DESCRIPTION -CMS_add1_signing_cert() adds an ESS Signing Certificate B (version 1) signed +cms_add1_signing_cert() adds an ESS Signing Certificate B (version 1) signed attribute to the CMS_SignerInfo B. -CMS_add1_signing_cert_v2() adds an ESS Signing Certificate B (version 2) signed +cms_add1_signing_cert_v2() adds an ESS Signing Certificate B (version 2) signed attribute to the CMS_SignerInfo B. The ESS Signing Certificate attributes version 1 and 2 are defined in RFC 5035 which updates Section 5.4 of RFC 2634. @@ -31,7 +31,8 @@ For a fuller description see L). =head1 RETURN VALUES -CMS_add1_signing_cert() and CMS_add1_signing_cert_v2() return 1 if attribute is added or 0 if an error occurred. +cms_add1_signing_cert() and cms_add1_signing_cert_v2() return 1 if attribute +is added or 0 if an error occurred. =head1 COPYRIGHT diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index 19fb7a7a9b..e6ee557e8f 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -52,12 +52,18 @@ EDIPARTYNAME_new, ESS_CERT_ID_dup, ESS_CERT_ID_free, ESS_CERT_ID_new, +ESS_CERT_ID_V2_dup, +ESS_CERT_ID_V2_free, +ESS_CERT_ID_V2_new, ESS_ISSUER_SERIAL_dup, ESS_ISSUER_SERIAL_free, ESS_ISSUER_SERIAL_new, ESS_SIGNING_CERT_dup, ESS_SIGNING_CERT_free, ESS_SIGNING_CERT_new, +ESS_SIGNING_CERT_V2_dup, +ESS_SIGNING_CERT_V2_free, +ESS_SIGNING_CERT_V2_new, EXTENDED_KEY_USAGE_free, EXTENDED_KEY_USAGE_new, GENERAL_NAMES_free, diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 36a5e8f6db..3075b0d0ef 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -63,8 +63,10 @@ d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, +d2i_ESS_CERT_ID_V2, d2i_ESS_ISSUER_SERIAL, d2i_ESS_SIGNING_CERT, +d2i_ESS_SIGNING_CERT_V2, d2i_EXTENDED_KEY_USAGE, d2i_GENERAL_NAME, d2i_GENERAL_NAMES, @@ -249,8 +251,10 @@ i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, +i2d_ESS_CERT_ID_V2, i2d_ESS_ISSUER_SERIAL, i2d_ESS_SIGNING_CERT, +i2d_ESS_SIGNING_CERT_V2, i2d_EXTENDED_KEY_USAGE, i2d_GENERAL_NAME, i2d_GENERAL_NAMES, diff --git a/include/openssl/cms.h b/include/openssl/cms.h index 64002e4d46..608b6d7cac 100644 --- a/include/openssl/cms.h +++ b/include/openssl/cms.h @@ -16,7 +16,6 @@ # include # include # include -# include # ifdef __cplusplus extern "C" { # endif @@ -285,8 +284,6 @@ int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const void *bytes, int len); void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int lastpos, int type); -int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); -int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc); int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, diff --git a/include/openssl/ess.h b/include/openssl/ess.h index fb5e45c46d..f13b5395a8 100644 --- a/include/openssl/ess.h +++ b/include/openssl/ess.h @@ -41,9 +41,6 @@ DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID) DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT) DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT, ESS_SIGNING_CERT) DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) -ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, - STACK_OF(X509) *certs, - int issuer_needed); DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID_V2) DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID_V2, ESS_CERT_ID_V2) @@ -52,10 +49,6 @@ DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT_V2) DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT_V2, ESS_SIGNING_CERT_V2) DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) -ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg, - X509 *signcert, - STACK_OF(X509) *certs, - int issuer_needed); # ifdef __cplusplus } diff --git a/util/libcrypto.num b/util/libcrypto.num index a6c5097e1c..63cab3225c 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4476,10 +4476,6 @@ ASYNC_WAIT_CTX_get_callback 4581 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_set_callback 4582 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_set_status 4583 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_get_status 4584 3_0_0 EXIST::FUNCTION: -CMS_add1_signing_cert 4585 3_0_0 EXIST::FUNCTION:CMS -CMS_add1_signing_cert_v2 4586 3_0_0 EXIST::FUNCTION:CMS -ESS_SIGNING_CERT_new_init 4587 3_0_0 EXIST::FUNCTION: -ESS_SIGNING_CERT_V2_new_init 4588 3_0_0 EXIST::FUNCTION: ERR_load_ESS_strings 4589 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_new_id 4590 3_0_0 EXIST::FUNCTION: EVP_KDF_CTX_free 4591 3_0_0 EXIST::FUNCTION: diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index a227b1082a..05eee92d27 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -474,12 +474,6 @@ ERR_load_X509_strings ERR_load_strings_const ERR_set_error_data ERR_unload_strings -ESS_CERT_ID_V2_dup -ESS_CERT_ID_V2_free -ESS_CERT_ID_V2_new -ESS_SIGNING_CERT_V2_dup -ESS_SIGNING_CERT_V2_free -ESS_SIGNING_CERT_V2_new ESS_SIGNING_CERT_V2_new_init ESS_SIGNING_CERT_new_init EVP_CIPHER_CTX_buf_noconst @@ -1456,8 +1450,6 @@ b2i_PublicKey_bio conf_ssl_get conf_ssl_get_cmd conf_ssl_name_find -d2i_ESS_CERT_ID_V2 -d2i_ESS_SIGNING_CERT_V2 d2i_X509_bio d2i_X509_fp err_free_strings_int @@ -1469,8 +1461,6 @@ i2a_ASN1_STRING i2b_PVK_bio i2b_PrivateKey_bio i2b_PublicKey_bio -i2d_ESS_CERT_ID_V2 -i2d_ESS_SIGNING_CERT_V2 i2d_PrivateKey_bio i2d_PrivateKey_fp i2d_X509_bio diff --git a/util/missingcrypto111.txt b/util/missingcrypto111.txt index 1fb924bc70..e544c1b3c7 100644 --- a/util/missingcrypto111.txt +++ b/util/missingcrypto111.txt @@ -485,12 +485,6 @@ ERR_load_X509_strings ERR_load_strings_const ERR_set_error_data ERR_unload_strings -ESS_CERT_ID_V2_dup -ESS_CERT_ID_V2_free -ESS_CERT_ID_V2_new -ESS_SIGNING_CERT_V2_dup -ESS_SIGNING_CERT_V2_free -ESS_SIGNING_CERT_V2_new EVP_CIPHER_CTX_buf_noconst EVP_CIPHER_CTX_clear_flags EVP_CIPHER_CTX_copy @@ -1571,8 +1565,6 @@ b2i_PublicKey_bio conf_ssl_get conf_ssl_get_cmd conf_ssl_name_find -d2i_ESS_CERT_ID_V2 -d2i_ESS_SIGNING_CERT_V2 d2i_X509_bio d2i_X509_fp err_free_strings_int @@ -1584,8 +1576,6 @@ i2a_ASN1_STRING i2b_PVK_bio i2b_PrivateKey_bio i2b_PublicKey_bio -i2d_ESS_CERT_ID_V2 -i2d_ESS_SIGNING_CERT_V2 i2d_PrivateKey_bio i2d_PrivateKey_fp i2d_X509_bio