From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Tue, 16 Mar 2021 15:04:08 +0000 (+0100)
Subject: TS ESS: Move four internal aux function to where they belong in crypto/ts
X-Git-Tag: openssl-3.0.0-alpha16~109
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=176a9a682a22d556037b0a959911e6020c8d2ecd;p=thirdparty%2Fopenssl.git

TS ESS: Move four internal aux function to where they belong in crypto/ts

Also constify and slightly refactor them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)
---

diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c
index beda9c4c16e..65444d383ff 100644
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@@ -194,93 +194,6 @@ static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg,
     return NULL;
 }
 
-/* TODO the following four functions should be moved to ../ts/ */
-ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si)
-{
-    ASN1_TYPE *attr;
-    const unsigned char *p;
-
-    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
-    if (attr == NULL)
-        return NULL;
-    p = attr->value.sequence->data;
-    return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
-}
-
-ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si)
-{
-    ASN1_TYPE *attr;
-    const unsigned char *p;
-
-    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
-    if (attr == NULL)
-        return NULL;
-    p = attr->value.sequence->data;
-    return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
-}
-
-int ossl_ess_signing_cert_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
-{
-    ASN1_STRING *seq = NULL;
-    unsigned char *p, *pp = NULL;
-    int len;
-
-    len = i2d_ESS_SIGNING_CERT(sc, NULL);
-    if (len <= 0)
-        goto err;
-    if ((pp = OPENSSL_malloc(len)) == NULL) {
-        ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    p = pp;
-    i2d_ESS_SIGNING_CERT(sc, &p);
-    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
-        ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-    OPENSSL_free(pp);
-    pp = NULL;
-    return PKCS7_add_signed_attribute(si,
-                                      NID_id_smime_aa_signingCertificate,
-                                      V_ASN1_SEQUENCE, seq);
- err:
-    ASN1_STRING_free(seq);
-    OPENSSL_free(pp);
-
-    return 0;
-}
-
-int ossl_ess_signing_cert_v2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc)
-{
-    ASN1_STRING *seq = NULL;
-    unsigned char *p, *pp = NULL;
-    int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
-
-    if (len <= 0)
-        goto err;
-    if ((pp = OPENSSL_malloc(len)) == NULL) {
-        ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    p = pp;
-    i2d_ESS_SIGNING_CERT_V2(sc, &p);
-    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
-        ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE);
-        goto err;
-    }
-
-    OPENSSL_free(pp);
-    pp = NULL;
-    return PKCS7_add_signed_attribute(si,
-                                      NID_id_smime_aa_signingCertificateV2,
-                                      V_ASN1_SEQUENCE, seq);
- err:
-    ASN1_STRING_free(seq);
-    OPENSSL_free(pp);
-    return 0;
-}
-
 static int ess_issuer_serial_cmp(const ESS_ISSUER_SERIAL *is, const X509 *cert)
 {
     GENERAL_NAME *issuer;
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 8f0653c5d30..172d444d094 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -626,6 +626,52 @@ static int ts_RESP_process_extensions(TS_RESP_CTX *ctx)
 }
 
 /* Functions for signing the TS_TST_INFO structure of the context. */
+static int ossl_ess_add1_signing_cert(PKCS7_SIGNER_INFO *si,
+                                      const ESS_SIGNING_CERT *sc)
+{
+    ASN1_STRING *seq = NULL;
+    int len = i2d_ESS_SIGNING_CERT(sc, NULL);
+    unsigned char *p, *pp = OPENSSL_malloc(len);
+
+    if (pp == NULL)
+        return 0;
+
+    p = pp;
+    i2d_ESS_SIGNING_CERT(sc, &p);
+    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
+        ASN1_STRING_free(seq);
+        OPENSSL_free(pp);
+        return 0;
+    }
+
+    OPENSSL_free(pp);
+    return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
+                                      V_ASN1_SEQUENCE, seq);
+}
+
+static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
+                                         const ESS_SIGNING_CERT_V2 *sc)
+{
+    ASN1_STRING *seq = NULL;
+    int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
+    unsigned char *p, *pp = OPENSSL_malloc(len);
+
+    if (pp == NULL)
+        return 0;
+
+    p = pp;
+    i2d_ESS_SIGNING_CERT_V2(sc, &p);
+    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
+        ASN1_STRING_free(seq);
+        OPENSSL_free(pp);
+        return 0;
+    }
+
+    OPENSSL_free(pp);
+    return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
+                                      V_ASN1_SEQUENCE, seq);
+}
+
 static int ts_RESP_sign(TS_RESP_CTX *ctx)
 {
     int ret = 0;
@@ -691,7 +737,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx)
                                                  certs, 0)) == NULL)
             goto err;
 
-        if (!ossl_ess_signing_cert_add(si, sc)) {
+        if (!ossl_ess_add1_signing_cert(si, sc)) {
             ERR_raise(ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
             goto err;
         }
@@ -701,7 +747,7 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx)
         if (sc2 == NULL)
             goto err;
 
-        if (!ossl_ess_signing_cert_v2_add(si, sc2)) {
+        if (!ossl_ess_add1_signing_cert_v2(si, sc2)) {
             ERR_raise(ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR);
             goto err;
         }
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 56f40b11528..03e7312843a 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -203,6 +203,31 @@ end:
     return ret;
 }
 
+static ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *attr;
+    const unsigned char *p;
+
+    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
+    if (attr == NULL)
+        return NULL;
+    p = attr->value.sequence->data;
+    return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
+}
+
+static
+ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *attr;
+    const unsigned char *p;
+
+    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
+    if (attr == NULL)
+        return NULL;
+    p = attr->value.sequence->data;
+    return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
+}
+
 static int ts_check_signing_certs(const PKCS7_SIGNER_INFO *si,
                                   const STACK_OF(X509) *chain)
 {
diff --git a/include/crypto/ess.h b/include/crypto/ess.h
index 7a687d47ccc..7acde5f8a4f 100644
--- a/include/crypto/ess.h
+++ b/include/crypto/ess.h
@@ -11,17 +11,6 @@
 # define OSSL_CRYPTO_ESS_H
 # pragma once
 
-/* internal ESS related functions used for TS */
-/* TODO move these four decls to a new include/crypto/ts.h */
-
-ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si);
-int ossl_ess_signing_cert_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
-
-ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si);
-int ossl_ess_signing_cert_v2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc);
-
-/* internal ESS stuff */
-
 /*-
  * IssuerSerial ::= SEQUENCE {
  *        issuer                  GeneralNames,