Also constify and slightly refactor them.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)
return NULL;
}
-/* TODO the following four functions should be moved to ../ts/ */
-ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si)
-{
- ASN1_TYPE *attr;
- const unsigned char *p;
-
- attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
- if (attr == NULL)
- return NULL;
- p = attr->value.sequence->data;
- return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
-}
-
-ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si)
-{
- ASN1_TYPE *attr;
- const unsigned char *p;
-
- attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
- if (attr == NULL)
- return NULL;
- p = attr->value.sequence->data;
- return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
-}
-
-int ossl_ess_signing_cert_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
-{
- ASN1_STRING *seq = NULL;
- unsigned char *p, *pp = NULL;
- int len;
-
- len = i2d_ESS_SIGNING_CERT(sc, NULL);
- if (len <= 0)
- goto err;
- if ((pp = OPENSSL_malloc(len)) == NULL) {
- ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- p = pp;
- i2d_ESS_SIGNING_CERT(sc, &p);
- if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
- ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- OPENSSL_free(pp);
- pp = NULL;
- return PKCS7_add_signed_attribute(si,
- NID_id_smime_aa_signingCertificate,
- V_ASN1_SEQUENCE, seq);
- err:
- ASN1_STRING_free(seq);
- OPENSSL_free(pp);
-
- return 0;
-}
-
-int ossl_ess_signing_cert_v2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc)
-{
- ASN1_STRING *seq = NULL;
- unsigned char *p, *pp = NULL;
- int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
-
- if (len <= 0)
- goto err;
- if ((pp = OPENSSL_malloc(len)) == NULL) {
- ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- p = pp;
- i2d_ESS_SIGNING_CERT_V2(sc, &p);
- if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
- ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- OPENSSL_free(pp);
- pp = NULL;
- return PKCS7_add_signed_attribute(si,
- NID_id_smime_aa_signingCertificateV2,
- V_ASN1_SEQUENCE, seq);
- err:
- ASN1_STRING_free(seq);
- OPENSSL_free(pp);
- return 0;
-}
-
static int ess_issuer_serial_cmp(const ESS_ISSUER_SERIAL *is, const X509 *cert)
{
GENERAL_NAME *issuer;
}
/* Functions for signing the TS_TST_INFO structure of the context. */
+static int ossl_ess_add1_signing_cert(PKCS7_SIGNER_INFO *si,
+ const ESS_SIGNING_CERT *sc)
+{
+ ASN1_STRING *seq = NULL;
+ int len = i2d_ESS_SIGNING_CERT(sc, NULL);
+ unsigned char *p, *pp = OPENSSL_malloc(len);
+
+ if (pp == NULL)
+ return 0;
+
+ p = pp;
+ i2d_ESS_SIGNING_CERT(sc, &p);
+ if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
+ ASN1_STRING_free(seq);
+ OPENSSL_free(pp);
+ return 0;
+ }
+
+ OPENSSL_free(pp);
+ return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
+ V_ASN1_SEQUENCE, seq);
+}
+
+static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
+ const ESS_SIGNING_CERT_V2 *sc)
+{
+ ASN1_STRING *seq = NULL;
+ int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
+ unsigned char *p, *pp = OPENSSL_malloc(len);
+
+ if (pp == NULL)
+ return 0;
+
+ p = pp;
+ i2d_ESS_SIGNING_CERT_V2(sc, &p);
+ if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
+ ASN1_STRING_free(seq);
+ OPENSSL_free(pp);
+ return 0;
+ }
+
+ OPENSSL_free(pp);
+ return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
+ V_ASN1_SEQUENCE, seq);
+}
+
static int ts_RESP_sign(TS_RESP_CTX *ctx)
{
int ret = 0;
certs, 0)) == NULL)
goto err;
- if (!ossl_ess_signing_cert_add(si, sc)) {
+ if (!ossl_ess_add1_signing_cert(si, sc)) {
ERR_raise(ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
goto err;
}
if (sc2 == NULL)
goto err;
- if (!ossl_ess_signing_cert_v2_add(si, sc2)) {
+ if (!ossl_ess_add1_signing_cert_v2(si, sc2)) {
ERR_raise(ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR);
goto err;
}
return ret;
}
+static ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si)
+{
+ ASN1_TYPE *attr;
+ const unsigned char *p;
+
+ attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
+ if (attr == NULL)
+ return NULL;
+ p = attr->value.sequence->data;
+ return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
+}
+
+static
+ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si)
+{
+ ASN1_TYPE *attr;
+ const unsigned char *p;
+
+ attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
+ if (attr == NULL)
+ return NULL;
+ p = attr->value.sequence->data;
+ return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
+}
+
static int ts_check_signing_certs(const PKCS7_SIGNER_INFO *si,
const STACK_OF(X509) *chain)
{
# define OSSL_CRYPTO_ESS_H
# pragma once
-/* internal ESS related functions used for TS */
-/* TODO move these four decls to a new include/crypto/ts.h */
-
-ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si);
-int ossl_ess_signing_cert_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
-
-ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si);
-int ossl_ess_signing_cert_v2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc);
-
-/* internal ESS stuff */
-
/*-
* IssuerSerial ::= SEQUENCE {
* issuer GeneralNames,