crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)
[openssl.git] / crypto / ts / ts_rsp_verify.c
index facc4b5..e658354 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
 #include <openssl/ts.h>
 #include <openssl/pkcs7.h>
 #include "ts_lcl.h"
+#include "internal/ess_int.h"
 
 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                           X509 *signer, STACK_OF(X509) **chain);
 static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
                                   STACK_OF(X509) *chain);
-static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si);
 static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
 static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert);
 static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
@@ -38,7 +38,6 @@ static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
 static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names,
                         GENERAL_NAME *name);
 static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert);
-static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si);
 
 /*
  * This must be large enough to hold all values in ts_status_text (with
@@ -201,9 +200,9 @@ end:
 static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
                                   STACK_OF(X509) *chain)
 {
-    ESS_SIGNING_CERT *ss = ess_get_signing_cert(si);
+    ESS_SIGNING_CERT *ss = ESS_SIGNING_CERT_get(si);
     STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
-    ESS_SIGNING_CERT_V2 *ssv2 = ess_get_signing_cert_v2(si);
+    ESS_SIGNING_CERT_V2 *ssv2 = ESS_SIGNING_CERT_V2_get(si);
     STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = NULL;
     X509 *cert;
     int i = 0;
@@ -257,29 +256,6 @@ static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
     return ret;
 }
 
-static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si)
-{
-    ASN1_TYPE *attr;
-    const unsigned char *p;
-    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
-    if (!attr)
-        return NULL;
-    p = attr->value.sequence->data;
-    return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
-}
-
-static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si)
-{
-    ASN1_TYPE *attr;
-    const unsigned char *p;
-
-    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
-    if (attr == NULL)
-        return NULL;
-    p = attr->value.sequence->data;
-    return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
-}
-
 /* Returns < 0 if certificate is not found, certificate index otherwise. */
 static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
 {