[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Jul 31 09:17:18 UTC 2019
The branch master has been updated
via 8c00f267b8df1a8c70eff8198de40aa561299e48 (commit)
from faea3bd1339ac1029ab2bc746dfb7c891366d653 (commit)
- Log -----------------------------------------------------------------
commit 8c00f267b8df1a8c70eff8198de40aa561299e48
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Wed Jul 31 19:14:12 2019 +1000
CAdES : lowercase name for now internal methods.
CAdES : rework CAdES signing API.
Make it private, as it is unused outside library bounds.
Fix varous doc-nits.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_ess.c | 12 +++++-------
crypto/cms/cms_sd.c | 7 +++++--
crypto/err/openssl.txt | 4 ++--
.../providercommon.h => crypto/include/internal/cms_int.h | 7 +++----
crypto/include/internal/ess_int.h | 9 +++++++++
.../man3/cms_add1_signing_cert.pod} | 13 +++++++------
doc/man3/X509_dup.pod | 6 ++++++
doc/man3/d2i_X509.pod | 4 ++++
include/openssl/cms.h | 3 ---
include/openssl/ess.h | 7 -------
util/libcrypto.num | 4 ----
util/missingcrypto.txt | 10 ----------
util/missingcrypto111.txt | 10 ----------
13 files changed, 41 insertions(+), 55 deletions(-)
copy providers/common/include/internal/providercommon.h => crypto/include/internal/cms_int.h (64%)
rename doc/{man3/CMS_add1_signing_cert.pod => internal/man3/cms_add1_signing_cert.pod} (69%)
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index 95e3628d9c..8f80f6ba5d 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -17,6 +17,7 @@
#include <openssl/ess.h>
#include "cms_lcl.h"
#include "internal/ess_int.h"
+#include "internal/cms_int.h"
IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
@@ -339,12 +340,10 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
}
/*
- * Add signer certificate's V2 digest to a SignerInfo
- * structure
+ * Add signer certificate's V2 digest |sc| to a SignerInfo structure |si|
*/
-int CMS_add1_signing_cert_v2(CMS_SignerInfo *si,
- ESS_SIGNING_CERT_V2 *sc)
+int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc)
{
ASN1_STRING *seq = NULL;
unsigned char *p, *pp;
@@ -373,11 +372,10 @@ int CMS_add1_signing_cert_v2(CMS_SignerInfo *si,
}
/*
- * Add signer certificate's digest to a SignerInfo
- * structure
+ * Add signer certificate's digest |sc| to a SignerInfo structure |si|
*/
-int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc)
+int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc)
{
ASN1_STRING *seq = NULL;
unsigned char *p, *pp;
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 40a3356359..4de750bd72 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -14,9 +14,12 @@
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
+#include <openssl/ess.h>
#include "cms_lcl.h"
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
+#include "internal/cms_int.h"
+#include "internal/ess_int.h"
/* CMS SignedData Utilities */
@@ -355,13 +358,13 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if ((sc = ESS_SIGNING_CERT_new_init(signer,
NULL, 1)) == NULL)
goto err;
- add_sc = CMS_add1_signing_cert(si, sc);
+ add_sc = cms_add1_signing_cert(si, sc);
ESS_SIGNING_CERT_free(sc);
} else {
if ((sc2 = ESS_SIGNING_CERT_V2_new_init(md, signer,
NULL, 1)) == NULL)
goto err;
- add_sc = CMS_add1_signing_cert_v2(si, sc2);
+ add_sc = cms_add1_signing_cert_v2(si, sc2);
ESS_SIGNING_CERT_V2_free(sc2);
}
if (!add_sc)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index ede1c57a7b..d172f4c288 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -246,8 +246,8 @@ CMS_F_CMS_ADD1_RECEIPTREQUEST:158:CMS_add1_ReceiptRequest
CMS_F_CMS_ADD1_RECIPIENT_CERT:101:CMS_add1_recipient_cert
CMS_F_CMS_ADD1_SIGNER:102:CMS_add1_signer
CMS_F_CMS_ADD1_SIGNINGTIME:103:cms_add1_signingTime
-CMS_F_CMS_ADD1_SIGNING_CERT:181:CMS_add1_signing_cert
-CMS_F_CMS_ADD1_SIGNING_CERT_V2:182:CMS_add1_signing_cert_v2
+CMS_F_CMS_ADD1_SIGNING_CERT:181:cms_add1_signing_cert
+CMS_F_CMS_ADD1_SIGNING_CERT_V2:182:cms_add1_signing_cert_v2
CMS_F_CMS_COMPRESS:104:CMS_compress
CMS_F_CMS_COMPRESSEDDATA_CREATE:105:cms_CompressedData_create
CMS_F_CMS_COMPRESSEDDATA_INIT_BIO:106:cms_CompressedData_init_bio
diff --git a/providers/common/include/internal/providercommon.h b/crypto/include/internal/cms_int.h
similarity index 64%
copy from providers/common/include/internal/providercommon.h
copy to crypto/include/internal/cms_int.h
index d54fafa971..c630991d68 100644
--- a/providers/common/include/internal/providercommon.h
+++ b/crypto/include/internal/cms_int.h
@@ -7,8 +7,7 @@
* https://www.openssl.org/source/license.html
*/
-#include <openssl/provider.h>
+/* internal CMS-ESS related stuff */
-const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx);
-
-const char *ossl_prov_util_nid_to_name(int nid);
+int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
+int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc);
diff --git a/crypto/include/internal/ess_int.h b/crypto/include/internal/ess_int.h
index 26476ae984..ac6c5c61d7 100644
--- a/crypto/include/internal/ess_int.h
+++ b/crypto/include/internal/ess_int.h
@@ -12,9 +12,18 @@
ESS_SIGNING_CERT *ESS_SIGNING_CERT_get(PKCS7_SIGNER_INFO *si);
int ESS_SIGNING_CERT_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert,
+ STACK_OF(X509) *certs,
+ int issuer_needed);
+
ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_get(PKCS7_SIGNER_INFO *si);
int ESS_SIGNING_CERT_V2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc);
+ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg,
+ X509 *signcert,
+ STACK_OF(X509) *certs,
+ int issuer_needed);
+
/*-
* IssuerSerial ::= SEQUENCE {
* issuer GeneralNames,
diff --git a/doc/man3/CMS_add1_signing_cert.pod b/doc/internal/man3/cms_add1_signing_cert.pod
similarity index 69%
rename from doc/man3/CMS_add1_signing_cert.pod
rename to doc/internal/man3/cms_add1_signing_cert.pod
index 035e679d2c..a825c07190 100644
--- a/doc/man3/CMS_add1_signing_cert.pod
+++ b/doc/internal/man3/cms_add1_signing_cert.pod
@@ -2,7 +2,7 @@
=head1 NAME
-CMS_add1_signing_cert, CMS_add1_signing_cert_v2
+cms_add1_signing_cert, cms_add1_signing_cert_v2
- add ESS signing-certificate signed attribute to a
CMS_SignerInfo data structure
@@ -10,15 +10,15 @@ CMS_SignerInfo data structure
#include <openssl/cms.h>
- int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
+ int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
- int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc2);
+ int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc2);
=head1 DESCRIPTION
-CMS_add1_signing_cert() adds an ESS Signing Certificate B<sc> (version 1) signed
+cms_add1_signing_cert() adds an ESS Signing Certificate B<sc> (version 1) signed
attribute to the CMS_SignerInfo B<si>.
-CMS_add1_signing_cert_v2() adds an ESS Signing Certificate B<sc2> (version 2) signed
+cms_add1_signing_cert_v2() adds an ESS Signing Certificate B<sc2> (version 2) signed
attribute to the CMS_SignerInfo B<si>.
The ESS Signing Certificate attributes version 1 and 2 are defined in RFC 5035
which updates Section 5.4 of RFC 2634.
@@ -31,7 +31,8 @@ For a fuller description see L<cms(1)>).
=head1 RETURN VALUES
-CMS_add1_signing_cert() and CMS_add1_signing_cert_v2() return 1 if attribute is added or 0 if an error occurred.
+cms_add1_signing_cert() and cms_add1_signing_cert_v2() return 1 if attribute
+is added or 0 if an error occurred.
=head1 COPYRIGHT
diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod
index 19fb7a7a9b..e6ee557e8f 100644
--- a/doc/man3/X509_dup.pod
+++ b/doc/man3/X509_dup.pod
@@ -52,12 +52,18 @@ EDIPARTYNAME_new,
ESS_CERT_ID_dup,
ESS_CERT_ID_free,
ESS_CERT_ID_new,
+ESS_CERT_ID_V2_dup,
+ESS_CERT_ID_V2_free,
+ESS_CERT_ID_V2_new,
ESS_ISSUER_SERIAL_dup,
ESS_ISSUER_SERIAL_free,
ESS_ISSUER_SERIAL_new,
ESS_SIGNING_CERT_dup,
ESS_SIGNING_CERT_free,
ESS_SIGNING_CERT_new,
+ESS_SIGNING_CERT_V2_dup,
+ESS_SIGNING_CERT_V2_free,
+ESS_SIGNING_CERT_V2_new,
EXTENDED_KEY_USAGE_free,
EXTENDED_KEY_USAGE_new,
GENERAL_NAMES_free,
diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
index 36a5e8f6db..3075b0d0ef 100644
--- a/doc/man3/d2i_X509.pod
+++ b/doc/man3/d2i_X509.pod
@@ -63,8 +63,10 @@ d2i_EC_PUBKEY_bio,
d2i_EC_PUBKEY_fp,
d2i_EDIPARTYNAME,
d2i_ESS_CERT_ID,
+d2i_ESS_CERT_ID_V2,
d2i_ESS_ISSUER_SERIAL,
d2i_ESS_SIGNING_CERT,
+d2i_ESS_SIGNING_CERT_V2,
d2i_EXTENDED_KEY_USAGE,
d2i_GENERAL_NAME,
d2i_GENERAL_NAMES,
@@ -249,8 +251,10 @@ i2d_EC_PUBKEY_bio,
i2d_EC_PUBKEY_fp,
i2d_EDIPARTYNAME,
i2d_ESS_CERT_ID,
+i2d_ESS_CERT_ID_V2,
i2d_ESS_ISSUER_SERIAL,
i2d_ESS_SIGNING_CERT,
+i2d_ESS_SIGNING_CERT_V2,
i2d_EXTENDED_KEY_USAGE,
i2d_GENERAL_NAME,
i2d_GENERAL_NAMES,
diff --git a/include/openssl/cms.h b/include/openssl/cms.h
index 64002e4d46..608b6d7cac 100644
--- a/include/openssl/cms.h
+++ b/include/openssl/cms.h
@@ -16,7 +16,6 @@
# include <openssl/x509.h>
# include <openssl/x509v3.h>
# include <openssl/cmserr.h>
-# include <openssl/ess.h>
# ifdef __cplusplus
extern "C" {
# endif
@@ -285,8 +284,6 @@ int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
const void *bytes, int len);
void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
int lastpos, int type);
-int CMS_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc);
-int CMS_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc);
int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
diff --git a/include/openssl/ess.h b/include/openssl/ess.h
index fb5e45c46d..f13b5395a8 100644
--- a/include/openssl/ess.h
+++ b/include/openssl/ess.h
@@ -41,9 +41,6 @@ DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID)
DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT, ESS_SIGNING_CERT)
DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT)
-ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert,
- STACK_OF(X509) *certs,
- int issuer_needed);
DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_CERT_ID_V2)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_CERT_ID_V2, ESS_CERT_ID_V2)
@@ -52,10 +49,6 @@ DECLARE_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_SIGNING_CERT_V2)
DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_SIGNING_CERT_V2, ESS_SIGNING_CERT_V2)
DECLARE_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
-ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg,
- X509 *signcert,
- STACK_OF(X509) *certs,
- int issuer_needed);
# ifdef __cplusplus
}
diff --git a/util/libcrypto.num b/util/libcrypto.num
index a6c5097e1c..63cab3225c 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4476,10 +4476,6 @@ ASYNC_WAIT_CTX_get_callback 4581 3_0_0 EXIST::FUNCTION:
ASYNC_WAIT_CTX_set_callback 4582 3_0_0 EXIST::FUNCTION:
ASYNC_WAIT_CTX_set_status 4583 3_0_0 EXIST::FUNCTION:
ASYNC_WAIT_CTX_get_status 4584 3_0_0 EXIST::FUNCTION:
-CMS_add1_signing_cert 4585 3_0_0 EXIST::FUNCTION:CMS
-CMS_add1_signing_cert_v2 4586 3_0_0 EXIST::FUNCTION:CMS
-ESS_SIGNING_CERT_new_init 4587 3_0_0 EXIST::FUNCTION:
-ESS_SIGNING_CERT_V2_new_init 4588 3_0_0 EXIST::FUNCTION:
ERR_load_ESS_strings 4589 3_0_0 EXIST::FUNCTION:
EVP_KDF_CTX_new_id 4590 3_0_0 EXIST::FUNCTION:
EVP_KDF_CTX_free 4591 3_0_0 EXIST::FUNCTION:
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index a227b1082a..05eee92d27 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -474,12 +474,6 @@ ERR_load_X509_strings
ERR_load_strings_const
ERR_set_error_data
ERR_unload_strings
-ESS_CERT_ID_V2_dup
-ESS_CERT_ID_V2_free
-ESS_CERT_ID_V2_new
-ESS_SIGNING_CERT_V2_dup
-ESS_SIGNING_CERT_V2_free
-ESS_SIGNING_CERT_V2_new
ESS_SIGNING_CERT_V2_new_init
ESS_SIGNING_CERT_new_init
EVP_CIPHER_CTX_buf_noconst
@@ -1456,8 +1450,6 @@ b2i_PublicKey_bio
conf_ssl_get
conf_ssl_get_cmd
conf_ssl_name_find
-d2i_ESS_CERT_ID_V2
-d2i_ESS_SIGNING_CERT_V2
d2i_X509_bio
d2i_X509_fp
err_free_strings_int
@@ -1469,8 +1461,6 @@ i2a_ASN1_STRING
i2b_PVK_bio
i2b_PrivateKey_bio
i2b_PublicKey_bio
-i2d_ESS_CERT_ID_V2
-i2d_ESS_SIGNING_CERT_V2
i2d_PrivateKey_bio
i2d_PrivateKey_fp
i2d_X509_bio
diff --git a/util/missingcrypto111.txt b/util/missingcrypto111.txt
index 1fb924bc70..e544c1b3c7 100644
--- a/util/missingcrypto111.txt
+++ b/util/missingcrypto111.txt
@@ -485,12 +485,6 @@ ERR_load_X509_strings
ERR_load_strings_const
ERR_set_error_data
ERR_unload_strings
-ESS_CERT_ID_V2_dup
-ESS_CERT_ID_V2_free
-ESS_CERT_ID_V2_new
-ESS_SIGNING_CERT_V2_dup
-ESS_SIGNING_CERT_V2_free
-ESS_SIGNING_CERT_V2_new
EVP_CIPHER_CTX_buf_noconst
EVP_CIPHER_CTX_clear_flags
EVP_CIPHER_CTX_copy
@@ -1571,8 +1565,6 @@ b2i_PublicKey_bio
conf_ssl_get
conf_ssl_get_cmd
conf_ssl_name_find
-d2i_ESS_CERT_ID_V2
-d2i_ESS_SIGNING_CERT_V2
d2i_X509_bio
d2i_X509_fp
err_free_strings_int
@@ -1584,8 +1576,6 @@ i2a_ASN1_STRING
i2b_PVK_bio
i2b_PrivateKey_bio
i2b_PublicKey_bio
-i2d_ESS_CERT_ID_V2
-i2d_ESS_SIGNING_CERT_V2
i2d_PrivateKey_bio
i2d_PrivateKey_fp
i2d_X509_bio
More information about the openssl-commits
mailing list