git.ipfire.org Git - thirdparty/openssl.git/commit

author	Peter Juhasz <juhasz.peter@uhusystems.com>
	Tue, 15 Jun 2021 23:23:27 +0000 (01:23 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 26 Dec 2024 18:33:42 +0000 (19:33 +0100)
commit	34ea176abfbd4349bc36179eb8a6b80536e820b2
tree	210a7c238eb8f6e916a959dc9564b8b7ebd02345	tree \| snapshot
parent	b85e6f534906f0bf9114386d227e481d2336a0ff	commit \| diff

Add CMS_NO_SIGNING_TIME flag to CMS_sign(), CMS_add1_signer()

Previously there was no way to create a CMS SignedData signature without a
signing time attribute, because CMS_SignerInfo_sign added it unconditionally.
However, there is a use case (PAdES signatures) where this attribute is not
allowed, so this commit introduces a new flag to the CMS API that causes this
attribute to be omitted at signing time.

Also add -no_signing_time option to cms command.

Fixes #15777

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15783)

CHANGES.md		diff \| blob \| blame \| history
apps/cms.c		diff \| blob \| blame \| history
crypto/cms/cms_local.h		diff \| blob \| blame \| history
crypto/cms/cms_sd.c		diff \| blob \| blame \| history
doc/man1/openssl-cms.pod.in		diff \| blob \| blame \| history
doc/man3/CMS_add1_signer.pod		diff \| blob \| blame \| history
doc/man3/CMS_sign.pod		diff \| blob \| blame \| history
include/openssl/cms.h.in		diff \| blob \| blame \| history
test/recipes/80-test_cms.t		diff \| blob \| blame \| history