CAdES : rework CAdES signing API.
Make it private, as it is unused outside library bounds.
Fix varous doc-nits.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
#include <openssl/ess.h>
#include "cms_lcl.h"
#include "internal/ess_int.h"
+#include "internal/cms_int.h"
IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
}
/*
- * Add signer certificate's V2 digest to a SignerInfo
- * structure
+ * Add signer certificate's V2 digest |sc| to a SignerInfo structure |si|
*/
-int CMS_add1_signing_cert_v2(CMS_SignerInfo *si,
- ESS_SIGNING_CERT_V2 *sc)
+int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc)
{
ASN1_STRING *seq = NULL;
unsigned char *p, *pp;
}
/*
- * Add signer certificate's digest to a SignerInfo
- * structure
+ * Add signer certificate's digest |sc| to a SignerInfo structure |si|
*/
-int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc)
+int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc)
{
ASN1_STRING *seq = NULL;
unsigned char *p, *pp;
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
+#include <openssl/ess.h>
#include "cms_lcl.h"
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
+#include "internal/cms_int.h"
+#include "internal/ess_int.h"
/* CMS SignedData Utilities */
if ((sc = ESS_SIGNING_CERT_new_init(signer,
NULL, 1)) == NULL)
goto err;
- add_sc = CMS_add1_signing_cert(si, sc);
+ add_sc = cms_add1_signing_cert(si, sc);
ESS_SIGNING_CERT_free(sc);
} else {
if ((sc2 = ESS_SIGNING_CERT_V2_new_init(md, signer,
NULL, 1)) == NULL)
goto err;
- add_sc = CMS_add1_signing_cert_v2(si, sc2);
+ add_sc = cms_add1_signing_cert_v2(si, sc2);
ESS_SIGNING_CERT_V2_free(sc2);
}
if (!add_sc)
CMS_F_CMS_ADD1_RECIPIENT_CERT:101:CMS_add1_recipient_cert
CMS_F_CMS_ADD1_SIGNER:102:CMS_add1_signer
CMS_F_CMS_ADD1_SIGNINGTIME:103:cms_add1_signingTime
-CMS_F_CMS_ADD1_SIGNING_CERT:181:CMS_add1_signing_cert
-CMS_F_CMS_ADD1_SIGNING_CERT_V2:182:CMS_add1_signing_cert_v2
+CMS_F_CMS_ADD1_SIGNING_CERT:181:cms_add1_signing_cert
+CMS_F_CMS_ADD1_SIGNING_CERT_V2:182:cms_add1_signing_cert_v2
CMS_F_CMS_COMPRESS:104:CMS_compress
CMS_F_CMS_COMPRESSEDDATA_CREATE:105:cms_CompressedData_create
CMS_F_CMS_COMPRESSEDDATA_INIT_BIO:106:cms_CompressedData_init_bio
--- /dev/null
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* internal CMS-ESS related stuff */
+
+int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
+int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc);
ESS_SIGNING_CERT *ESS_SIGNING_CERT_get(PKCS7_SIGNER_INFO *si);
int ESS_SIGNING_CERT_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert,
+ STACK_OF(X509) *certs,
+ int issuer_needed);
+
ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_get(PKCS7_SIGNER_INFO *si);
int ESS_SIGNING_CERT_V2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc);
+ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg,
+ X509 *signcert,
+ STACK_OF(X509) *certs,
+ int issuer_needed);
+
/*-
* IssuerSerial ::= SEQUENCE {
* issuer GeneralNames,
--- /dev/null
+=pod
+
+=head1 NAME
+
+cms_add1_signing_cert, cms_add1_signing_cert_v2
+- add ESS signing-certificate signed attribute to a
+CMS_SignerInfo data structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/cms.h>
+
+ int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
+
+ int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc2);
+
+=head1 DESCRIPTION
+
+cms_add1_signing_cert() adds an ESS Signing Certificate B<sc> (version 1) signed
+attribute to the CMS_SignerInfo B<si>.
+cms_add1_signing_cert_v2() adds an ESS Signing Certificate B<sc2> (version 2) signed
+attribute to the CMS_SignerInfo B<si>.
+The ESS Signing Certificate attributes version 1 and 2 are defined in RFC 5035
+which updates Section 5.4 of RFC 2634.
+
+=head1 NOTES
+
+This attribute is mandatory to make a CMS compliant with CAdES-BES
+(European Standard ETSI EN 319 122-1 V1.1.1).
+For a fuller description see L<cms(1)>).
+
+=head1 RETURN VALUES
+
+cms_add1_signing_cert() and cms_add1_signing_cert_v2() return 1 if attribute
+is added or 0 if an error occurred.
+
+=head1 COPYRIGHT
+
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
+++ /dev/null
-=pod
-
-=head1 NAME
-
-CMS_add1_signing_cert, CMS_add1_signing_cert_v2
-- add ESS signing-certificate signed attribute to a
-CMS_SignerInfo data structure
-
-=head1 SYNOPSIS
-
- #include <openssl/cms.h>
-
- int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
-
- int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc2);
-
-=head1 DESCRIPTION
-
-CMS_add1_signing_cert() adds an ESS Signing Certificate B<sc> (version 1) signed
-attribute to the CMS_SignerInfo B<si>.
-CMS_add1_signing_cert_v2() adds an ESS Signing Certificate B<sc2> (version 2) signed
-attribute to the CMS_SignerInfo B<si>.
-The ESS Signing Certificate attributes version 1 and 2 are defined in RFC 5035
-which updates Section 5.4 of RFC 2634.
-
-=head1 NOTES
-
-This attribute is mandatory to make a CMS compliant with CAdES-BES
-(European Standard ETSI EN 319 122-1 V1.1.1).
-For a fuller description see L<cms(1)>).
-
-=head1 RETURN VALUES
-
-CMS_add1_signing_cert() and CMS_add1_signing_cert_v2() return 1 if attribute is added or 0 if an error occurred.
-
-=head1 COPYRIGHT
-
-Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the Apache License 2.0 (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
ESS_CERT_ID_dup,
ESS_CERT_ID_free,
ESS_CERT_ID_new,
+ESS_CERT_ID_V2_dup,
+ESS_CERT_ID_V2_free,
+ESS_CERT_ID_V2_new,
ESS_ISSUER_SERIAL_dup,
ESS_ISSUER_SERIAL_free,
ESS_ISSUER_SERIAL_new,
ESS_SIGNING_CERT_dup,
ESS_SIGNING_CERT_free,
ESS_SIGNING_CERT_new,
+ESS_SIGNING_CERT_V2_dup,
+ESS_SIGNING_CERT_V2_free,
+ESS_SIGNING_CERT_V2_new,
EXTENDED_KEY_USAGE_free,
EXTENDED_KEY_USAGE_new,
GENERAL_NAMES_free,
d2i_EC_PUBKEY_fp,
d2i_EDIPARTYNAME,
d2i_ESS_CERT_ID,
+d2i_ESS_CERT_ID_V2,
d2i_ESS_ISSUER_SERIAL,
d2i_ESS_SIGNING_CERT,
+d2i_ESS_SIGNING_CERT_V2,
d2i_EXTENDED_KEY_USAGE,
d2i_GENERAL_NAME,
d2i_GENERAL_NAMES,
i2d_EC_PUBKEY_fp,
i2d_EDIPARTYNAME,
i2d_ESS_CERT_ID,
+i2d_ESS_CERT_ID_V2,
i2d_ESS_ISSUER_SERIAL,
i2d_ESS_SIGNING_CERT,
+i2d_ESS_SIGNING_CERT_V2,
i2d_EXTENDED_KEY_USAGE,
i2d_GENERAL_NAME,
i2d_GENERAL_NAMES,
# include <openssl/x509.h>
# include <openssl/x509v3.h>
# include <openssl/cmserr.h>
-# include <openssl/ess.h>
# ifdef __cplusplus
extern "C" {
# endif
const void *bytes, int len);
void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
int lastpos, int type);
-int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
-int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc);
int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT, ESS_SIGNING_CERT)
DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT)
-ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert,
- STACK_OF(X509) *certs,
- int issuer_needed);
DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID_V2)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID_V2, ESS_CERT_ID_V2)
DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT_V2)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT_V2, ESS_SIGNING_CERT_V2)
DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
-ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg,
- X509 *signcert,
- STACK_OF(X509) *certs,
- int issuer_needed);
# ifdef __cplusplus
}
ASYNC_WAIT_CTX_set_callback 4582 3_0_0 EXIST::FUNCTION:
ASYNC_WAIT_CTX_set_status 4583 3_0_0 EXIST::FUNCTION:
ASYNC_WAIT_CTX_get_status 4584 3_0_0 EXIST::FUNCTION:
-CMS_add1_signing_cert 4585 3_0_0 EXIST::FUNCTION:CMS
-CMS_add1_signing_cert_v2 4586 3_0_0 EXIST::FUNCTION:CMS
-ESS_SIGNING_CERT_new_init 4587 3_0_0 EXIST::FUNCTION:
-ESS_SIGNING_CERT_V2_new_init 4588 3_0_0 EXIST::FUNCTION:
ERR_load_ESS_strings 4589 3_0_0 EXIST::FUNCTION:
EVP_KDF_CTX_new_id 4590 3_0_0 EXIST::FUNCTION:
EVP_KDF_CTX_free 4591 3_0_0 EXIST::FUNCTION:
ERR_load_strings_const
ERR_set_error_data
ERR_unload_strings
-ESS_CERT_ID_V2_dup
-ESS_CERT_ID_V2_free
-ESS_CERT_ID_V2_new
-ESS_SIGNING_CERT_V2_dup
-ESS_SIGNING_CERT_V2_free
-ESS_SIGNING_CERT_V2_new
ESS_SIGNING_CERT_V2_new_init
ESS_SIGNING_CERT_new_init
EVP_CIPHER_CTX_buf_noconst
conf_ssl_get
conf_ssl_get_cmd
conf_ssl_name_find
-d2i_ESS_CERT_ID_V2
-d2i_ESS_SIGNING_CERT_V2
d2i_X509_bio
d2i_X509_fp
err_free_strings_int
i2b_PVK_bio
i2b_PrivateKey_bio
i2b_PublicKey_bio
-i2d_ESS_CERT_ID_V2
-i2d_ESS_SIGNING_CERT_V2
i2d_PrivateKey_bio
i2d_PrivateKey_fp
i2d_X509_bio
ERR_load_strings_const
ERR_set_error_data
ERR_unload_strings
-ESS_CERT_ID_V2_dup
-ESS_CERT_ID_V2_free
-ESS_CERT_ID_V2_new
-ESS_SIGNING_CERT_V2_dup
-ESS_SIGNING_CERT_V2_free
-ESS_SIGNING_CERT_V2_new
EVP_CIPHER_CTX_buf_noconst
EVP_CIPHER_CTX_clear_flags
EVP_CIPHER_CTX_copy
conf_ssl_get
conf_ssl_get_cmd
conf_ssl_name_find
-d2i_ESS_CERT_ID_V2
-d2i_ESS_SIGNING_CERT_V2
d2i_X509_bio
d2i_X509_fp
err_free_strings_int
i2b_PVK_bio
i2b_PrivateKey_bio
i2b_PublicKey_bio
-i2d_ESS_CERT_ID_V2
-i2d_ESS_SIGNING_CERT_V2
i2d_PrivateKey_bio
i2d_PrivateKey_fp
i2d_X509_bio
projects / oweals / openssl.git / commitdiff