diff options
| -rw-r--r-- | crypto/cms/cms_cd.c | 7 | ||||
| -rw-r--r-- | crypto/cms/cms_dd.c | 16 | ||||
| -rw-r--r-- | crypto/cms/cms_dh.c | 2 | ||||
| -rw-r--r-- | crypto/cms/cms_ec.c | 4 | ||||
| -rw-r--r-- | crypto/cms/cms_enc.c | 25 | ||||
| -rw-r--r-- | crypto/cms/cms_env.c | 122 | ||||
| -rw-r--r-- | crypto/cms/cms_ess.c | 29 | ||||
| -rw-r--r-- | crypto/cms/cms_io.c | 10 | ||||
| -rw-r--r-- | crypto/cms/cms_kari.c | 57 | ||||
| -rw-r--r-- | crypto/cms/cms_lib.c | 66 | ||||
| -rw-r--r-- | crypto/cms/cms_local.h | 154 | ||||
| -rw-r--r-- | crypto/cms/cms_pwri.c | 20 | ||||
| -rw-r--r-- | crypto/cms/cms_rsa.c | 4 | ||||
| -rw-r--r-- | crypto/cms/cms_sd.c | 90 | ||||
| -rw-r--r-- | crypto/cms/cms_smime.c | 41 | ||||
| -rw-r--r-- | crypto/ess/ess_asn1.c | 10 | ||||
| -rw-r--r-- | crypto/ess/ess_lib.c | 28 | ||||
| -rw-r--r-- | crypto/ts/ts_rsp_sign.c | 11 | ||||
| -rw-r--r-- | crypto/ts/ts_rsp_verify.c | 12 | ||||
| -rw-r--r-- | include/crypto/cms.h | 12 | ||||
| -rw-r--r-- | include/crypto/ess.h | 27 | ||||
| -rw-r--r-- | include/openssl/symhacks.h | 4 |
22 files changed, 385 insertions, 366 deletions
diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c index c781268659..de38288d09 100644 --- a/crypto/cms/cms_cd.c +++ b/crypto/cms/cms_cd.c @@ -21,8 +21,9 @@ /* CMS CompressedData Utilities */ -CMS_ContentInfo *cms_CompressedData_create(int comp_nid, OSSL_LIB_CTX *libctx, - const char *propq) +CMS_ContentInfo *ossl_cms_CompressedData_create(int comp_nid, + OSSL_LIB_CTX *libctx, + const char *propq) { CMS_ContentInfo *cms; CMS_CompressedData *cd; @@ -61,7 +62,7 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid, OSSL_LIB_CTX *libctx, return NULL; } -BIO *cms_CompressedData_init_bio(const CMS_ContentInfo *cms) +BIO *ossl_cms_CompressedData_init_bio(const CMS_ContentInfo *cms) { CMS_CompressedData *cd; const ASN1_OBJECT *compoid; diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index 4eba827d62..31b0a6f23f 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -17,9 +17,9 @@ /* CMS DigestedData Utilities */ -CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md, - OSSL_LIB_CTX *libctx, - const char *propq) +CMS_ContentInfo *ossl_cms_DigestedData_create(const EVP_MD *md, + OSSL_LIB_CTX *libctx, + const char *propq) { CMS_ContentInfo *cms; CMS_DigestedData *dd; @@ -48,14 +48,16 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md, return NULL; } -BIO *cms_DigestedData_init_bio(const CMS_ContentInfo *cms) +BIO *ossl_cms_DigestedData_init_bio(const CMS_ContentInfo *cms) { CMS_DigestedData *dd = cms->d.digestedData; - return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm, cms_get0_cmsctx(cms)); + return ossl_cms_DigestAlgorithm_init_bio(dd->digestAlgorithm, + ossl_cms_get0_cmsctx(cms)); } -int cms_DigestedData_do_final(const CMS_ContentInfo *cms, BIO *chain, int verify) +int ossl_cms_DigestedData_do_final(const CMS_ContentInfo *cms, BIO *chain, + int verify) { EVP_MD_CTX *mctx = EVP_MD_CTX_new(); unsigned char md[EVP_MAX_MD_SIZE]; @@ -70,7 +72,7 @@ int cms_DigestedData_do_final(const CMS_ContentInfo *cms, BIO *chain, int verify dd = cms->d.digestedData; - if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm)) + if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm)) goto err; if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0) diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index e55b4a062f..95ce8e8351 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -327,7 +327,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) return rv; } -int cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt) +int ossl_cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt) { assert(decrypt == 0 || decrypt == 1); diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c index a4c6da6069..096eafd815 100644 --- a/crypto/cms/cms_ec.c +++ b/crypto/cms/cms_ec.c @@ -370,7 +370,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) return rv; } -int cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt) +int ossl_cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt) { assert(decrypt == 0 || decrypt == 1); @@ -385,7 +385,7 @@ int cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt) } /* ECDSA and DSA implementation is the same */ -int cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify) +int ossl_cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify) { assert(verify == 0 || verify == 1); diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index cf19b7604b..3bec60bcf0 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -21,8 +21,8 @@ /* Return BIO based on EncryptedContentInfo and key */ -BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, - const CMS_CTX *cms_ctx) +BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, + const CMS_CTX *cms_ctx) { BIO *b; EVP_CIPHER_CTX *ctx; @@ -37,8 +37,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, size_t tkeylen = 0; int ok = 0; int enc, keep_key = 0; - OSSL_LIB_CTX *libctx = cms_ctx_get0_libctx(cms_ctx); - const char *propq = cms_ctx_get0_propq(cms_ctx); + OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(cms_ctx); + const char *propq = ossl_cms_ctx_get0_propq(cms_ctx); enc = ec->cipher ? 1 : 0; @@ -193,10 +193,10 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, return NULL; } -int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen, - const CMS_CTX *cms_ctx) +int ossl_cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, + const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, + const CMS_CTX *cms_ctx) { ec->cipher = cipher; if (key) { @@ -234,14 +234,15 @@ int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, return 0; } ec = cms->d.encryptedData->encryptedContentInfo; - return cms_EncryptedContent_init(ec, ciph, key, keylen, cms_get0_cmsctx(cms)); + return ossl_cms_EncryptedContent_init(ec, ciph, key, keylen, + ossl_cms_get0_cmsctx(cms)); } -BIO *cms_EncryptedData_init_bio(const CMS_ContentInfo *cms) +BIO *ossl_cms_EncryptedData_init_bio(const CMS_ContentInfo *cms) { CMS_EncryptedData *enc = cms->d.encryptedData; if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs) enc->version = 2; - return cms_EncryptedContent_init_bio(enc->encryptedContentInfo, - cms_get0_cmsctx(cms)); + return ossl_cms_EncryptedContent_init_bio(enc->encryptedContentInfo, + ossl_cms_get0_cmsctx(cms)); } diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index d133b15136..b0b9e4aaac 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -42,7 +42,7 @@ static int cms_get_enveloped_type(const CMS_ContentInfo *cms) } } -CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) +CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms) { if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); @@ -51,7 +51,7 @@ CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) return cms->d.envelopedData; } -CMS_AuthEnvelopedData *cms_get0_auth_enveloped(CMS_ContentInfo *cms) +CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms) { if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_authEnvelopedData) { ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); @@ -75,7 +75,7 @@ static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); return cms->d.envelopedData; } - return cms_get0_enveloped(cms); + return ossl_cms_get0_enveloped(cms); } static CMS_AuthEnvelopedData * @@ -95,10 +95,10 @@ cms_auth_enveloped_data_init(CMS_ContentInfo *cms) cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData); return cms->d.authEnvelopedData; } - return cms_get0_auth_enveloped(cms); + return ossl_cms_get0_auth_enveloped(cms); } -int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) +int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) { EVP_PKEY *pkey; int i; @@ -116,11 +116,11 @@ int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) return 0; if (EVP_PKEY_is_a(pkey, "DHX") || EVP_PKEY_is_a(pkey, "DH")) - return cms_dh_envelope(ri, cmd); + return ossl_cms_dh_envelope(ri, cmd); else if (EVP_PKEY_is_a(pkey, "EC")) - return cms_ecdh_envelope(ri, cmd); + return ossl_cms_ecdh_envelope(ri, cmd); else if (EVP_PKEY_is_a(pkey, "RSA")) - return cms_rsa_envelope(ri, cmd); + return ossl_cms_rsa_envelope(ri, cmd); /* Something else? We'll give engines etc a chance to handle this */ if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) @@ -137,7 +137,7 @@ int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) return 1; } -CMS_EncryptedContentInfo* cms_get0_env_enc_content(const CMS_ContentInfo *cms) +CMS_EncryptedContentInfo* ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms) { switch (cms_get_enveloped_type(cms)) { case CMS_ENVELOPED_STANDARD: @@ -165,11 +165,11 @@ STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) } } -void cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms) +void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms) { int i; CMS_RecipientInfo *ri; - const CMS_CTX *ctx = cms_get0_cmsctx(cms); + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); STACK_OF(CMS_RecipientInfo) *rinfos = CMS_get0_RecipientInfos(cms); for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) { @@ -181,8 +181,9 @@ void cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms) break; case CMS_RECIPINFO_TRANS: ri->d.ktri->cms_ctx = ctx; - x509_set0_libctx(ri->d.ktri->recip, cms_ctx_get0_libctx(ctx), - cms_ctx_get0_propq(ctx)); + x509_set0_libctx(ri->d.ktri->recip, + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); break; case CMS_RECIPINFO_KEK: ri->d.kekri->cms_ctx = ctx; @@ -225,8 +226,8 @@ CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, if (env == NULL) goto merr; - if (!cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL, 0, - cms_get0_cmsctx(cms))) + if (!ossl_cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL, + 0, ossl_cms_get0_cmsctx(cms))) goto merr; return cms; merr: @@ -253,8 +254,9 @@ CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, aenv = cms_auth_enveloped_data_init(cms); if (aenv == NULL) goto merr; - if (!cms_EncryptedContent_init(aenv->authEncryptedContentInfo, - cipher, NULL, 0, cms_get0_cmsctx(cms))) + if (!ossl_cms_EncryptedContent_init(aenv->authEncryptedContentInfo, + cipher, NULL, 0, + ossl_cms_get0_cmsctx(cms))) goto merr; return cms; merr: @@ -301,7 +303,7 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, * structure. */ - if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype, ctx)) + if (!ossl_cms_set1_SignerIdentifier(ktri->rid, recip, idtype, ctx)) return 0; X509_up_ref(recip); @@ -311,14 +313,14 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, ktri->recip = recip; if (flags & CMS_KEY_PARAM) { - ktri->pctx = EVP_PKEY_CTX_new_from_pkey(cms_ctx_get0_libctx(ctx), + ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), ktri->pkey, - cms_ctx_get0_propq(ctx)); + ossl_cms_ctx_get0_propq(ctx)); if (ktri->pctx == NULL) return 0; if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) return 0; - } else if (!cms_env_asn1_ctrl(ri, 0)) + } else if (!ossl_cms_env_asn1_ctrl(ri, 0)) return 0; return 1; } @@ -334,7 +336,7 @@ CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, CMS_RecipientInfo *ri = NULL; STACK_OF(CMS_RecipientInfo) *ris; EVP_PKEY *pk = NULL; - const CMS_CTX *ctx = cms_get0_cmsctx(cms); + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); ris = CMS_get0_RecipientInfos(cms); if (ris == NULL) @@ -351,7 +353,7 @@ CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, goto err; } - switch (cms_pkey_get_ri_type(pk)) { + switch (ossl_cms_pkey_get_ri_type(pk)) { case CMS_RECIPINFO_TRANS: if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags, ctx)) @@ -359,8 +361,8 @@ CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, break; case CMS_RECIPINFO_AGREE: - if (!cms_RecipientInfo_kari_init(ri, recip, pk, originator, - originatorPrivKey, flags, ctx)) + if (!ossl_cms_RecipientInfo_kari_init(ri, recip, pk, originator, + originatorPrivKey, flags, ctx)) goto err; break; @@ -422,7 +424,8 @@ int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, } ktri = ri->d.ktri; - return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno); + return ossl_cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, + sno); } int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) @@ -431,7 +434,7 @@ int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT); return -2; } - return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); + return ossl_cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); } int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) @@ -455,7 +458,7 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, EVP_PKEY_CTX *pctx; unsigned char *ek = NULL; size_t eklen; - const CMS_CTX *ctx = cms_get0_cmsctx(cms); + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); int ret = 0; @@ -464,16 +467,17 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, return 0; } ktri = ri->d.ktri; - ec = cms_get0_env_enc_content(cms); + ec = ossl_cms_get0_env_enc_content(cms); pctx = ktri->pctx; if (pctx) { - if (!cms_env_asn1_ctrl(ri, 0)) + if (!ossl_cms_env_asn1_ctrl(ri, 0)) goto err; } else { - pctx = EVP_PKEY_CTX_new_from_pkey(cms_ctx_get0_libctx(ctx), ktri->pkey, - cms_ctx_get0_propq(ctx)); + pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), + ktri->pkey, + ossl_cms_ctx_get0_propq(ctx)); if (pctx == NULL) return 0; @@ -526,11 +530,11 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, const EVP_CIPHER *cipher = NULL; EVP_CIPHER *fetched_cipher = NULL; CMS_EncryptedContentInfo *ec; - const CMS_CTX *ctx = cms_get0_cmsctx(cms); - OSSL_LIB_CTX *libctx = cms_ctx_get0_libctx(ctx); - const char *propq = cms_ctx_get0_propq(ctx); + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); + OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); + const char *propq = ossl_cms_ctx_get0_propq(ctx); - ec = cms_get0_env_enc_content(cms); + ec = ossl_cms_get0_env_enc_content(cms); if (ktri->pkey == NULL) { ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY); @@ -567,7 +571,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0) goto err; - if (!cms_env_asn1_ctrl(ri, 1)) + if (!ossl_cms_env_asn1_ctrl(ri, 1)) goto err; if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT, @@ -813,8 +817,8 @@ static EVP_CIPHER *cms_get_key_wrap_cipher(size_t keylen, const CMS_CTX *ctx) default: return NULL; } - return EVP_CIPHER_fetch(cms_ctx_get0_libctx(ctx), alg, - cms_ctx_get0_propq(ctx)); + return EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(ctx), alg, + ossl_cms_ctx_get0_propq(ctx)); } @@ -831,9 +835,9 @@ static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms, EVP_CIPHER *cipher = NULL; int outlen = 0; EVP_CIPHER_CTX *ctx = NULL; - const CMS_CTX *cms_ctx = cms_get0_cmsctx(cms); + const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); - ec = cms_get0_env_enc_content(cms); + ec = ossl_cms_get0_env_enc_content(cms); if (ec == NULL) return 0; @@ -902,9 +906,9 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, EVP_CIPHER *cipher = NULL; int outlen = 0; EVP_CIPHER_CTX *ctx = NULL; - const CMS_CTX *cms_ctx = cms_get0_cmsctx(cms); + const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); - ec = cms_get0_env_enc_content(cms); + ec = ossl_cms_get0_env_enc_content(cms); if (ec == NULL) return 0; @@ -980,7 +984,7 @@ int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) return cms_RecipientInfo_kekri_decrypt(cms, ri); case CMS_RECIPINFO_PASS: - return cms_RecipientInfo_pwri_crypt(cms, ri, 0); + return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 0); default: ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE); @@ -995,13 +999,13 @@ int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri) return cms_RecipientInfo_ktri_encrypt(cms, ri); case CMS_RECIPINFO_AGREE: - return cms_RecipientInfo_kari_encrypt(cms, ri); + return ossl_cms_RecipientInfo_kari_encrypt(cms, ri); case CMS_RECIPINFO_KEK: return cms_RecipientInfo_kekri_encrypt(cms, ri); case CMS_RECIPINFO_PASS: - return cms_RecipientInfo_pwri_crypt(cms, ri, 1); + return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 1); default: ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENT_TYPE); @@ -1097,7 +1101,8 @@ static void cms_env_clear_ec(CMS_EncryptedContentInfo *ec) static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms) { CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo; - BIO *contentBio = cms_EncryptedContent_init_bio(ec, cms_get0_cmsctx(cms)); + BIO *contentBio = ossl_cms_EncryptedContent_init_bio(ec, + ossl_cms_get0_cmsctx(cms)); EVP_CIPHER_CTX *ctx = NULL; if (contentBio == NULL) @@ -1112,7 +1117,8 @@ static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms) * If the selected cipher supports unprotected attributes, * deal with it using special ctrl function */ - if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_CIPHER_WITH_MAC) + if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) + & EVP_CIPH_FLAG_CIPHER_WITH_MAC) && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0, cms->d.envelopedData->unprotectedAttrs) <= 0) { BIO_free(contentBio); @@ -1132,7 +1138,7 @@ static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms) /* Get BIO first to set up key */ ec = env->encryptedContentInfo; - ret = cms_EncryptedContent_init_bio(ec, cms_get0_cmsctx(cms)); + ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms)); /* If error end of processing */ if (!ret) @@ -1158,7 +1164,7 @@ static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms) return NULL; } -BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) +BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) { if (cms->d.envelopedData->encryptedContentInfo->cipher != NULL) { /* If cipher is set it's encryption */ @@ -1169,7 +1175,7 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) return cms_EnvelopedData_Decryption_init_bio(cms); } -BIO *cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms) +BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms) { CMS_EncryptedContentInfo *ec; STACK_OF(CMS_RecipientInfo) *rinfos; @@ -1184,7 +1190,7 @@ BIO *cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms) ec->tag = aenv->mac->data; ec->taglen = aenv->mac->length; } - ret = cms_EncryptedContent_init_bio(ec, cms_get0_cmsctx(cms)); + ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms)); /* If error or no cipher end of processing */ if (ret == NULL || ec->cipher == NULL) @@ -1210,13 +1216,13 @@ BIO *cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms) return NULL; } -int cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain) +int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain) { CMS_EnvelopedData *env = NULL; EVP_CIPHER_CTX *ctx = NULL; BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER); - env = cms_get0_enveloped(cms); + env = ossl_cms_get0_enveloped(cms); if (env == NULL) return 0; @@ -1251,7 +1257,7 @@ int cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain) return 1; } -int cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio) +int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio) { EVP_CIPHER_CTX *ctx; unsigned char *tag = NULL; @@ -1289,7 +1295,7 @@ err: * retain compatibility with previous behaviour if the ctrl value isn't * supported we assume key transport. */ -int cms_pkey_get_ri_type(EVP_PKEY *pk) +int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk) { /* Check types that we know about */ if (EVP_PKEY_is_a(pk, "DH")) @@ -1316,7 +1322,7 @@ int cms_pkey_get_ri_type(EVP_PKEY *pk) return CMS_RECIPINFO_TRANS; } -int cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type) +int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type) { int supportedRiType; @@ -1329,7 +1335,7 @@ int cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type) return r; } - supportedRiType = cms_pkey_get_ri_type(pk); + supportedRiType = ossl_cms_pkey_get_ri_type(pk); if (supportedRiType < 0) return 0; diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 2cdad46efb..b8b0076e03 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -52,18 +52,19 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) the |cert_ids|(Hash+IssuerID) list from this ESS_SIGNING_CERT. Derived from ts_check_signing_certs() */ -int ess_check_signing_certs(CMS_SignerInfo *si, STACK_OF(X509) *chain) +int ossl_ess_check_signing_certs(CMS_SignerInfo *si, STACK_OF(X509) *chain) { ESS_SIGNING_CERT *ss = NULL; ESS_SIGNING_CERT_V2 *ssv2 = NULL; X509 *cert; int i = 0, ret = 0; - if (cms_signerinfo_get_signing_cert(si, &ss) > 0 && ss->cert_ids != NULL) { + if (ossl_cms_signerinfo_get_signing_cert(si, &ss) > 0 + && ss->cert_ids != NULL) { STACK_OF(ESS_CERT_ID) *cert_ids = ss->cert_ids; cert = sk_X509_value(chain, 0); - if (ess_find_cert(cert_ids, cert) != 0) + if (ossl_ess_find_cert(cert_ids, cert) != 0) goto err; /* @@ -74,16 +75,16 @@ int ess_check_signing_certs(CMS_SignerInfo *si, STACK_OF(X509) *chain) /* for each chain cert, try to find its cert id */ for (i = 1; i < sk_X509_num(chain); ++i) { cert = sk_X509_value(chain, i); - if (ess_find_cert(cert_ids, cert) < 0) + if (ossl_ess_find_cert(cert_ids, cert) < 0) goto err; } } - } else if (cms_signerinfo_get_signing_cert_v2(si, &ssv2) > 0 + } else if (ossl_cms_signerinfo_get_signing_cert_v2(si, &ssv2) > 0 && ssv2->cert_ids!= NULL) { STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = ssv2->cert_ids; cert = sk_X509_value(chain, 0); - if (ess_find_cert_v2(cert_ids_v2, cert) != 0) + if (ossl_ess_find_cert_v2(cert_ids_v2, cert) != 0) goto err; /* @@ -94,7 +95,7 @@ int ess_check_signing_certs(CMS_SignerInfo *si, STACK_OF(X509) *chain) /* for each chain cert, try to find its cert id */ for (i = 1; i < sk_X509_num(chain); ++i) { cert = sk_X509_value(chain, i); - if (ess_find_cert_v2(cert_ids_v2, cert) < 0) + if (ossl_ess_find_cert_v2(cert_ids_v2, cert) < 0) goto err; } } @@ -220,15 +221,15 @@ static int cms_msgSigDigest(CMS_SignerInfo *si, return 0; if (!asn1_item_digest_ex(ASN1_ITEM_rptr(CMS_Attributes_Verify), md, si->signedAttrs, dig, diglen, - cms_ctx_get0_libctx(si->cms_ctx), - cms_ctx_get0_propq(si->cms_ctx))) + ossl_cms_ctx_get0_libctx(si->cms_ctx), + ossl_cms_ctx_get0_propq(si->cms_ctx))) return 0; return 1; } /* Add a msgSigDigest attribute to a SignerInfo */ -int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) +int ossl_cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) { unsigned char dig[EVP_MAX_MD_SIZE]; unsigned int diglen; @@ -247,7 +248,7 @@ int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) /* Verify signed receipt after it has already passed normal CMS verify */ -int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) +int ossl_cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) { int r = 0, i; CMS_ReceiptRequest *rr = NULL; @@ -376,7 +377,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) * SignedData ContentInfo. */ -ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) +ASN1_OCTET_STRING *ossl_cms_encode_Receipt(CMS_SignerInfo *si) { CMS_Receipt rct; CMS_ReceiptRequest *rr = NULL; @@ -418,7 +419,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) * Add signer certificate's V2 digest |sc| to a SignerInfo structure |si| */ -int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc) +int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp = NULL; @@ -450,7 +451,7 @@ int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc) * Add signer certificate's digest |sc| to a SignerInfo structure |si| */ -int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc) +int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp = NULL; diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c index 39c44d8416..6b71ddfa90 100644 --- a/crypto/cms/cms_io.c +++ b/crypto/cms/cms_io.c @@ -39,7 +39,7 @@ CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) ci = ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); if (ci != NULL) - cms_resolve_libctx(ci); + ossl_cms_resolve_libctx(ci); return ci; } @@ -76,7 +76,7 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) STACK_OF(X509_ALGOR) *mdalgs; int ctype_nid = OBJ_obj2nid(cms->contentType); int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms)); - const CMS_CTX *ctx = cms_get0_cmsctx(cms); + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); if (ctype_nid == NID_pkcs7_signed) mdalgs = cms->d.signedData->digestAlgorithms; @@ -86,8 +86,8 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) return SMIME_write_ASN1_ex(bio, (ASN1_VALUE *)cms, data, flags, ctype_nid, econt_nid, mdalgs, ASN1_ITEM_rptr(CMS_ContentInfo), - cms_ctx_get0_libctx(ctx), - cms_ctx_get0_propq(ctx)); + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); } CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, BIO **bcont, CMS_ContentInfo **cms) @@ -98,7 +98,7 @@ CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, BIO **bcont, CMS_ContentInfo **cms) ASN1_ITEM_rptr(CMS_ContentInfo), (ASN1_VALUE **)cms); if (ci != NULL) - cms_resolve_libctx(ci); + ossl_cms_resolve_libctx(ci); return ci; } diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 304a5f88e9..1422f350b0 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -104,9 +104,9 @@ int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert) } oik = ri->d.kari->originator; if (oik->type == CMS_OIK_ISSUER_SERIAL) - return cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert); + return ossl_cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert); else if (oik->type == CMS_OIK_KEYIDENTIFIER) - return cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert); + return ossl_cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert); return -1; } @@ -151,14 +151,16 @@ int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, CMS_KeyAgreeRecipientIdentifier *rid = rek->rid; if (rid->type == CMS_REK_ISSUER_SERIAL) - return cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert); + return ossl_cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert); else if (rid->type == CMS_REK_KEYIDENTIFIER) - return cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier, cert); + return ossl_cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier, + cert); else return -1; } -int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, EVP_PKEY *pk, X509 *peer) +int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, + EVP_PKEY *pk, X509 *peer) { EVP_PKEY_CTX *pctx; CMS_KeyAgreeRecipientInfo *kari = ri->d.kari; @@ -168,8 +170,9 @@ int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, EVP_PKEY *p if (pk == NULL) return 1; - pctx = EVP_PKEY_CTX_new_from_pkey(cms_ctx_get0_libctx(kari->cms_ctx), pk, - cms_ctx_get0_propq(kari->cms_ctx)); + pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(kari->cms_ctx), + pk, + ossl_cms_ctx_get0_propq(kari->cms_ctx)); if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0) goto err; @@ -260,12 +263,12 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, enckeylen = rek->encryptedKey->length; enckey = rek->encryptedKey->data; /* Setup all parameters to derive KEK */ - if (!cms_env_asn1_ctrl(ri, 1)) + if (!ossl_cms_env_asn1_ctrl(ri, 1)) goto err; /* Attempt to decrypt CEK */ if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0)) goto err; - ec = cms_get0_env_enc_content(cms); + ec = ossl_cms_get0_env_enc_content(cms); OPENSSL_clear_free(ec->key, ec->keylen); ec->key = cek; ec->keylen = ceklen; @@ -284,8 +287,8 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari, EVP_PKEY *ekey = NULL; int rv = 0; const CMS_CTX *ctx = kari->cms_ctx; - OSSL_LIB_CTX *libctx = cms_ctx_get0_libctx(ctx); - const char *propq = cms_ctx_get0_propq(ctx); + OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); + const char *propq = ossl_cms_ctx_get0_propq(ctx); pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pk, propq); if (pctx == NULL) @@ -317,9 +320,9 @@ static int cms_kari_set_originator_private_key(CMS_KeyAgreeRecipientInfo *kari, int rv = 0; const CMS_CTX *ctx = kari->cms_ctx; - pctx = EVP_PKEY_CTX_new_from_pkey(cms_ctx_get0_libctx(ctx), + pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), originatorPrivKey, - cms_ctx_get0_propq(ctx)); + ossl_cms_ctx_get0_propq(ctx)); if (pctx == NULL) goto err; if (EVP_PKEY_derive_init(pctx) <= 0) @@ -335,10 +338,10 @@ static int cms_kari_set_originator_private_key(CMS_KeyAgreeRecipientInfo *kari, /* Initialise a kari based on passed certificate and key */ -int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *recipPubKey, X509 *originator, - EVP_PKEY *originatorPrivKey, unsigned int flags, - const CMS_CTX *ctx) +int ossl_cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, + EVP_PKEY *recipPubKey, X509 *originator, + EVP_PKEY *originatorPrivKey, + unsigned int flags, const CMS_CTX *ctx) { CMS_KeyAgreeRecipientInfo *kari; CMS_RecipientEncryptedKey *rek = NULL; @@ -366,11 +369,11 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, rek->rid->d.rKeyId = M_ASN1_new_of(CMS_RecipientKeyIdentifier); if (rek->rid->d.rKeyId == NULL) return 0; - if (!cms_set1_keyid(&rek->rid->d.rKeyId->subjectKeyIdentifier, recip)) + if (!ossl_cms_set1_keyid(&rek->rid->d.rKeyId->subjectKeyIdentifier, recip)) return 0; } else { rek->rid->type = CMS_REK_ISSUER_SERIAL; - if (!cms_set1_ias(&rek->rid->d.issuerAndSerialNumber, recip)) + if (!ossl_cms_set1_ias(&rek->rid->d.issuerAndSerialNumber, recip)) return 0; } @@ -390,11 +393,11 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, oik->d.subjectKeyIdentifier = ASN1_OCTET_STRING_new(); if (oik->d.subjectKeyIdentifier == NULL) return 0; - if (!cms_set1_keyid(&oik->d.subjectKeyIdentifier, originator)) + if (!ossl_cms_set1_keyid(&oik->d.subjectKeyIdentifier, originator)) return 0; } else { oik->type = CMS_REK_ISSUER_SERIAL; - if (!cms_set1_ias(&oik->d.issuerAndSerialNumber, originator)) + if (!ossl_cms_set1_ias(&oik->d.issuerAndSerialNumber, originator)) return 0; } @@ -459,9 +462,9 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, else kekcipher_name = SN_id_aes256_wrap; enc: - fetched_kekcipher = EVP_CIPHER_fetch(cms_ctx_get0_libctx(cms_ctx), + fetched_kekcipher = EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(cms_ctx), kekcipher_name, - cms_ctx_get0_propq(cms_ctx)); + ossl_cms_ctx_get0_propq(cms_ctx)); if (fetched_kekcipher == NULL) return 0; ret = EVP_EncryptInit_ex(ctx, fetched_kekcipher, NULL, NULL, NULL); @@ -471,8 +474,8 @@ enc: /* Encrypt content key in key agreement recipient info */ -int cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) +int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, + CMS_RecipientInfo *ri) { CMS_KeyAgreeRecipientInfo *kari; CMS_EncryptedContentInfo *ec; @@ -486,7 +489,7 @@ int cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, } kari = ri->d.kari; reks = kari->recipientEncryptedKeys; - ec = cms_get0_env_enc_content(cms); + ec = ossl_cms_get0_env_enc_content(cms); /* Initialise wrap algorithm parameters */ if (!cms_wrap_init(kari, ec->cipher)) return 0; @@ -502,7 +505,7 @@ int cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, return 0; } /* Initialise KDF algorithm */ - if (!cms_env_asn1_ctrl(ri, 0)) + if (!ossl_cms_env_asn1_ctrl(ri, 0)) return 0; /* For each rek, derive KEK, encrypt CEK */ for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) { diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 3e2907fc16..03e6c631ef 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -31,7 +31,7 @@ CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, ci = (CMS_ContentInfo *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (CMS_ContentInfo_it())); if (ci != NULL) - cms_resolve_libctx(ci); + ossl_cms_resolve_libctx(ci); return ci; } @@ -73,32 +73,32 @@ void CMS_ContentInfo_free(CMS_ContentInfo *cms) } } -const CMS_CTX *cms_get0_cmsctx(const CMS_ContentInfo *cms) +const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms) { return cms != NULL ? &cms->ctx : NULL; } -OSSL_LIB_CTX *cms_ctx_get0_libctx(const CMS_CTX *ctx) +OSSL_LIB_CTX *ossl_cms_ctx_get0_libctx(const CMS_CTX *ctx) { return ctx != NULL ? ctx->libctx : NULL; } -const char *cms_ctx_get0_propq(const CMS_CTX *ctx) +const char *ossl_cms_ctx_get0_propq(const CMS_CTX *ctx) { return ctx != NULL ? ctx->propq : NULL; } -void cms_resolve_libctx(CMS_ContentInfo *ci) +void ossl_cms_resolve_libctx(CMS_ContentInfo *ci) { int i; CMS_CertificateChoices *cch; STACK_OF(CMS_CertificateChoices) **pcerts; - const CMS_CTX *ctx = cms_get0_cmsctx(ci); - OSSL_LIB_CTX *libctx = cms_ctx_get0_libctx(ctx); - const char *propq = cms_ctx_get0_propq(ctx); + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(ci); + OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); + const char *propq = ossl_cms_ctx_get0_propq(ctx); - cms_SignerInfos_set_cmsctx(ci); - cms_RecipientInfos_set_cmsctx(ci); + ossl_cms_SignerInfos_set_cmsctx(ci); + ossl_cms_RecipientInfos_set_cmsctx(ci); pcerts = cms_get0_certificate_choices(ci); if (pcerts != NULL) { @@ -115,7 +115,7 @@ const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms) return cms->contentType; } -CMS_ContentInfo *cms_Data_create(OSSL_LIB_CTX *libctx, const char *propq) +CMS_ContentInfo *ossl_cms_Data_create(OSSL_LIB_CTX *libctx, const char *propq) { CMS_ContentInfo *cms = CMS_ContentInfo_new_ex(libctx, propq); @@ -127,7 +127,7 @@ CMS_ContentInfo *cms_Data_create(OSSL_LIB_CTX *libctx, const char *propq) return cms; } -BIO *cms_content_bio(CMS_ContentInfo *cms) +BIO *ossl_cms_content_bio(CMS_ContentInfo *cms) { ASN1_OCTET_STRING **pos = CMS_get0_content(cms); @@ -151,7 +151,7 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) if (icont) cont = icont; else - cont = cms_content_bio(cms); + cont = ossl_cms_content_bio(cms); if (!cont) { ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT); return NULL; @@ -162,28 +162,28 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) return cont; case NID_pkcs7_signed: - cmsbio = cms_SignedData_init_bio(cms); + cmsbio = ossl_cms_SignedData_init_bio(cms); break; case NID_pkcs7_digest: - cmsbio = cms_DigestedData_init_bio(cms); + cmsbio = ossl_cms_DigestedData_init_bio(cms); break; #ifdef ZLIB case NID_id_smime_ct_compressedData: - cmsbio = cms_CompressedData_init_bio(cms); + cmsbio = ossl_cms_CompressedData_init_bio(cms); break; #endif case NID_pkcs7_encrypted: - cmsbio = cms_EncryptedData_init_bio(cms); + cmsbio = ossl_cms_EncryptedData_init_bio(cms); break; case NID_pkcs7_enveloped: - cmsbio = cms_EnvelopedData_init_bio(cms); + cmsbio = ossl_cms_EnvelopedData_init_bio(cms); break; case NID_id_smime_ct_authEnvelopedData: - cmsbio = cms_AuthEnvelopedData_init_bio(cms); + cmsbio = ossl_cms_AuthEnvelopedData_init_bio(cms); break; default: @@ -234,16 +234,16 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) return 1; case NID_pkcs7_enveloped: - return cms_EnvelopedData_final(cms, cmsbio); + return ossl_cms_EnvelopedData_final(cms, cmsbio); case NID_id_smime_ct_authEnvelopedData: - return cms_AuthEnvelopedData_final(cms, cmsbio); + return ossl_cms_AuthEnvelopedData_final(cms, cmsbio); case NID_pkcs7_signed: - return cms_SignedData_final(cms, cmsbio); + return ossl_cms_SignedData_final(cms, cmsbio); case NID_pkcs7_digest: - return cms_DigestedData_do_final(cms, cmsbio, 0); + return ossl_cms_DigestedData_do_final(cms, cmsbio, 0); default: ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_TYPE); @@ -396,8 +396,8 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached) /* Create a digest BIO from an X509_ALGOR structure */ -BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm, - const CMS_CTX *ctx) +BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm, + const CMS_CTX *ctx) { BIO *mdbio = NULL; const ASN1_OBJECT *digestoid; @@ -409,8 +409,8 @@ BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm, alg = OBJ_nid2sn(OBJ_obj2nid(digestoid)); (void)ERR_set_mark(); - fetched_digest = EVP_MD_fetch(cms_ctx_get0_libctx(ctx), alg, - cms_ctx_get0_propq(ctx)); + fetched_digest = EVP_MD_fetch(ossl_cms_ctx_get0_libctx(ctx), alg, + ossl_cms_ctx_get0_propq(ctx)); if (fetched_digest != NULL) digest = fetched_digest; @@ -438,8 +438,8 @@ BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm, /* Locate a message digest content from a BIO chain based on SignerInfo */ -int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg) +int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, + X509_ALGOR *mdalg) { int nid; const ASN1_OBJECT *mdoid; @@ -666,7 +666,7 @@ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) return crls; } -int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert) +int ossl_cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert) { int ret; ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert)); @@ -675,7 +675,7 @@ int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert) return ASN1_INTEGER_cmp(ias->serialNumber, X509_get0_serialNumber(cert)); } -int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert) +int ossl_cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert) { const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert); @@ -684,7 +684,7 @@ int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert) return ASN1_OCTET_STRING_cmp(keyid, cert_keyid); } -int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) +int ossl_cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) { CMS_IssuerAndSerialNumber *ias; ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber); @@ -703,7 +703,7 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) return 0; } -int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert) +int ossl_cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert) { ASN1_OCTET_STRING *keyid = NULL; const ASN1_OCTET_STRING *cert_keyid; diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h index 3dfeb72689..82b4be5d19 100644 --- a/crypto/cms/cms_local.h +++ b/crypto/cms/cms_local.h @@ -388,96 +388,98 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) # define CMS_OIK_KEYIDENTIFIER 1 # define CMS_OIK_PUBKEY 2 -BIO *cms_content_bio(CMS_ContentInfo *cms); -const CMS_CTX *cms_get0_cmsctx(const CMS_ContentInfo *cms); -OSSL_LIB_CTX *cms_ctx_get0_libctx(const CMS_CTX *ctx); -const char *cms_ctx_get0_propq(const CMS_CTX *ctx); -void cms_resolve_libctx(CMS_ContentInfo *ci); - -CMS_ContentInfo *cms_Data_create(OSSL_LIB_CTX *ctx, const char *propq); - -CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md, - OSSL_LIB_CTX *libctx, - const char *propq); -BIO *cms_DigestedData_init_bio(const CMS_ContentInfo *cms); -int cms_DigestedData_do_final(const CMS_ContentInfo *cms, - BIO *chain, int verify); - -BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms); -int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); -int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, - int type, const CMS_CTX *ctx); -int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); -int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); - -CMS_ContentInfo *cms_CompressedData_create(int comp_nid, OSSL_LIB_CTX *libctx, - const char *propq); -BIO *cms_CompressedData_init_bio(const CMS_ContentInfo *cms); - -BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm, - const CMS_CTX *ctx); -int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg); - -int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert); -int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert); -int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert); -int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert); - -BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, +BIO *ossl_cms_content_bio(CMS_ContentInfo *cms); +const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms); +OSSL_LIB_CTX *ossl_cms_ctx_get0_libctx(const CMS_CTX *ctx); +const char *ossl_cms_ctx_get0_propq(const CMS_CTX *ctx); +void ossl_cms_resolve_libctx(CMS_ContentInfo *ci); + +CMS_ContentInfo *ossl_cms_Data_create(OSSL_LIB_CTX *ctx, const char *propq); + +CMS_ContentInfo *ossl_cms_DigestedData_create(const EVP_MD *md, + OSSL_LIB_CTX *libctx, + const char *propq); +BIO *ossl_cms_DigestedData_init_bio(const CMS_ContentInfo *cms); +int ossl_cms_DigestedData_do_final(const CMS_ContentInfo *cms, + BIO *chain, int verify); + +BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms); +int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); +int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, + int type, const CMS_CTX *ctx); +int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno); +int ossl_cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); + +CMS_ContentInfo *ossl_cms_CompressedData_create(int comp_nid, + OSSL_LIB_CTX *libctx, + const char *propq); +BIO *ossl_cms_CompressedData_init_bio(const CMS_ContentInfo *cms); + +BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm, + const CMS_CTX *ctx); +int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, + X509_ALGOR *mdalg); + +int ossl_cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert); +int ossl_cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert); +int ossl_cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert); +int ossl_cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert); + +BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, + const CMS_CTX *ctx); +BIO *ossl_cms_EncryptedData_init_bio(const CMS_ContentInfo *cms); +int ossl_cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, + const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, const CMS_CTX *ctx); -BIO *cms_EncryptedData_init_bio(const CMS_ContentInfo *cms); -int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen, - const CMS_CTX *ctx); - -int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); -int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); -ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si); - -BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); -int cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain); -BIO *cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms); -int cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio); -CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms); -CMS_AuthEnvelopedData *cms_get0_auth_enveloped(CMS_ContentInfo *cms); -CMS_EncryptedContentInfo* cms_get0_env_enc_content(const CMS_ContentInfo *cms); + +int ossl_cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); +int ossl_cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); +ASN1_OCTET_STRING *ossl_cms_encode_Receipt(CMS_SignerInfo *si); + +BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); +int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain); +BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms); +int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio); +CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms); +CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms); +CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms); /* RecipientInfo routines */ -int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd); -int cms_pkey_get_ri_type(EVP_PKEY *pk); -int cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type); +int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd); +int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk); +int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type); -void cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms); +void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms); /* KARI routines */ -int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *recipPubKey, X509 *originator, - EVP_PKEY *originatorPrivKey, unsigned int flags, - const CMS_CTX *ctx); -int cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri); +int ossl_cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, + EVP_PKEY *recipPubKey, X509 *originator, + EVP_PKEY *originatorPrivKey, + unsigned int flags, + const CMS_CTX *ctx); +int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, + CMS_RecipientInfo *ri); /* PWRI routines */ -int cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, int en_de); +int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, int en_de); /* SignerInfo routines */ int CMS_si_check_attributes(const CMS_SignerInfo *si); -void cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms); +void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms); /* ESS routines */ -int ess_check_signing_certs(CMS_SignerInfo *si, STACK_OF(X509) *chain); +int ossl_ess_check_signing_certs(CMS_SignerInfo *si, STACK_OF(X509) *chain); -int cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt); -int cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt); -int cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt); -int cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify); -int cms_rsa_sign(CMS_SignerInfo *si, int verify); +int ossl_cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt); +int ossl_cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt); +int ossl_cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt); +int ossl_cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify); +int ossl_cms_rsa_sign(CMS_SignerInfo *si, int verify); DECLARE_ASN1_ITEM(CMS_CertificateChoices) DECLARE_ASN1_ITEM(CMS_DigestedData) diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 1f5111435f..cea1e404c0 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -50,9 +50,9 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, X509_ALGOR *encalg = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; int ivlen; - const CMS_CTX *cms_ctx = cms_get0_cmsctx(cms); + const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); - ec = cms_get0_env_enc_content(cms); + ec = ossl_cms_get0_env_enc_content(cms); if (ec == NULL) return NULL; ris = CMS_get0_RecipientInfos(cms); @@ -93,7 +93,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, ivlen = EVP_CIPHER_CTX_iv_length(ctx); if (ivlen > 0) { - if (RAND_bytes_ex(cms_ctx_get0_libctx(cms_ctx), iv, ivlen) <= 0) + if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen) <= 0) goto err; if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) { ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); @@ -262,7 +262,7 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, memcpy(out + 4, in, inlen); /* Add random padding to end */ if (olen > inlen + 4 - && RAND_bytes_ex(cms_ctx_get0_libctx(cms_ctx), out + 4 + inlen, + && RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), out + 4 + inlen, olen - 4 - inlen) <= 0) return 0; /* Encrypt twice */ @@ -278,8 +278,8 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, /* Encrypt/Decrypt content key in PWRI recipient info */ -int cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, int en_de) +int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, int en_de) { CMS_EncryptedContentInfo *ec; CMS_PasswordRecipientInfo *pwri; @@ -290,9 +290,9 @@ int cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, EVP_CIPHER *kekcipher; unsigned char *key = NULL; size_t keylen; - const CMS_CTX *cms_ctx = cms_get0_cmsctx(cms); + const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); - ec = cms_get0_env_enc_content(cms); + ec = ossl_cms_get0_env_enc_content(cms); pwri = ri->d.pwri; @@ -316,8 +316,8 @@ int cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, } name = OBJ_nid2sn(OBJ_obj2nid(kekalg->algorithm)); - kekcipher = EVP_CIPHER_fetch(cms_ctx_get0_libctx(cms_ctx), name, - cms_ctx_get0_propq(cms_ctx)); + kekcipher = EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(cms_ctx), name, + ossl_cms_ctx_get0_propq(cms_ctx)); if (kekcipher == NULL) { ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER); diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c index 92619fcdd1..f9e9bffe21 100644 --- a/crypto/cms/cms_rsa.c +++ b/crypto/cms/cms_rsa.c @@ -172,7 +172,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) return rv; } -int cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt) +int ossl_cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt) { assert(decrypt == 0 || decrypt == 1); @@ -238,7 +238,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si) return 0; } -int cms_rsa_sign(CMS_SignerInfo *si, int verify) +int ossl_cms_rsa_sign(CMS_SignerInfo *si, int verify) { assert(verify == 0 || verify == 1); diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index b0519f3894..cc980d4e58 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -175,17 +175,17 @@ static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) return 0; } -int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type, - const CMS_CTX *ctx) +int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, + int type, const CMS_CTX *ctx) { switch (type) { case CMS_SIGNERINFO_ISSUER_SERIAL: - if (!cms_set1_ias(&sid->d.issuerAndSerialNumber, cert)) + if (!ossl_cms_set1_ias(&sid->d.issuerAndSerialNumber, cert)) return 0; break; case CMS_SIGNERINFO_KEYIDENTIFIER: - if (!cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert)) + if (!ossl_cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert)) return 0; break; @@ -199,10 +199,10 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type, return 1; } -int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno) +int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, + ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, + ASN1_INTEGER **sno) { if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) { if (issuer) @@ -217,12 +217,12 @@ int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, return 1; } -int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) +int ossl_cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) { if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) - return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert); + return ossl_cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert); else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) - return cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert); + return ossl_cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert); else return -1; } @@ -233,9 +233,9 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) int i; if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC")) - return cms_ecdsa_dsa_sign(si, cmd); + return ossl_cms_ecdsa_dsa_sign(si, cmd); else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS")) - return cms_rsa_sign(si, cmd); + return ossl_cms_rsa_sign(si, cmd); /* Something else? We'll give engines etc a chance to handle this */ if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) @@ -260,7 +260,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, CMS_SignerInfo *si = NULL; X509_ALGOR *alg; int i, type; - const CMS_CTX *ctx = cms_get0_cmsctx(cms); + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); if (!X509_check_private_key(signer, pk)) { ERR_raise(ERR_LIB_CMS, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); @@ -299,7 +299,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, si->version = 1; } - if (!cms_set1_SignerIdentifier(si->sid, signer, type, ctx)) + if (!ossl_cms_set1_SignerIdentifier(si->sid, signer, type, ctx)) goto err; if (md == NULL) { @@ -373,16 +373,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, int add_sc; if (md == EVP_sha1() || md == NULL) { - if ((sc = ESS_SIGNING_CERT_new_init(signer, - NULL, 1)) == NULL) + if ((sc = ossl_ess_signing_cert_new_init(signer, + NULL, 1)) == NULL) goto err; - add_sc = cms_add1_signing_cert(si, sc); + add_sc = ossl_cms_add1_signing_cert(si, sc); ESS_SIGNING_CERT_free(sc); } else { - if ((sc2 = ESS_SIGNING_CERT_V2_new_init(md, signer, - NULL, 1)) == NULL) + if ((sc2 = ossl_ess_signing_cert_v2_new_init(md, signer, + NULL, 1)) == NULL) goto err; - add_sc = cms_add1_signing_cert_v2(si, sc2); + add_sc = ossl_cms_add1_signing_cert_v2(si, sc2); ESS_SIGNING_CERT_V2_free(sc2); } if (!add_sc) @@ -407,9 +407,9 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (flags & CMS_KEY_PARAM) { if (flags & CMS_NOATTR) { - si->pctx = EVP_PKEY_CTX_new_from_pkey(cms_ctx_get0_libctx(ctx), + si->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), si->pkey, - cms_ctx_get0_propq(ctx)); + ossl_cms_ctx_get0_propq(ctx)); if (si->pctx == NULL) goto err; if (EVP_PKEY_sign_init(si->pctx) <= 0) @@ -417,8 +417,9 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) goto err; } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, EVP_MD_name(md), - cms_ctx_get0_libctx(ctx), - cms_ctx_get0_propq(ctx), pk) <= 0) { + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx), + pk) <= 0) { goto err; } } @@ -438,12 +439,12 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } -void cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms) +void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms) { int i; CMS_SignerInfo *si; STACK_OF(CMS_SignerInfo) *sinfos = CMS_get0_SignerInfos(cms); - const CMS_CTX *ctx = cms_get0_cmsctx(cms); + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); @@ -534,12 +535,12 @@ int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno) { - return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); + return ossl_cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); } int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) { - return cms_SignerIdentifier_cert_cmp(si->sid, cert); + return ossl_cms_SignerIdentifier_cert_cmp(si->sid, cert); } int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, @@ -614,7 +615,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, EVP_MD_CTX *mctx = EVP_MD_CTX_new(); int r = 0; EVP_PKEY_CTX *pctx = NULL; - const CMS_CTX *ctx = cms_get0_cmsctx(cms); + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); if (mctx == NULL) { ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); @@ -626,7 +627,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, goto err; } - if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) + if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; /* Set SignerInfo algorithm details if we used custom parameter */ if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) @@ -681,8 +682,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, goto err; } if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey, - cms_ctx_get0_libctx(ctx), - cms_ctx_get0_propq(ctx))) { + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx))) { ERR_raise(ERR_LIB_CMS, CMS_R_SIGNFINAL_ERROR); OPENSSL_free(sig); goto err; @@ -699,7 +700,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, } -int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) +int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) { STACK_OF(CMS_SignerInfo) *sinfos; CMS_SignerInfo *si; @@ -740,8 +741,9 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) pctx = si->pctx; else { EVP_MD_CTX_reset(mctx); - if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, cms_ctx_get0_libctx(ctx), - cms_ctx_get0_propq(ctx), si->pkey) <= 0) + if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx), si->pkey) <= 0) goto err; si->pctx = pctx; } @@ -818,8 +820,8 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) const EVP_MD *md; EVP_MD *fetched_md = NULL; const CMS_CTX *ctx = si->cms_ctx; - OSSL_LIB_CTX *libctx = cms_ctx_get0_libctx(ctx); - const char *propq = cms_ctx_get0_propq(ctx); + OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); + const char *propq = ossl_cms_ctx_get0_propq(ctx); if (si->pkey == NULL) { ERR_raise(ERR_LIB_CMS, CMS_R_NO_PUBLIC_KEY); @@ -879,7 +881,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) /* Create a chain of digest BIOs from a CMS ContentInfo */ -BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) +BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms) { int i; CMS_SignedData *sd; @@ -895,7 +897,8 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) BIO *mdbio; digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); - mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm, cms_get0_cmsctx(cms)); + mdbio = ossl_cms_DigestAlgorithm_init_bio(digestAlgorithm, + ossl_cms_get0_cmsctx(cms)); if (mdbio == NULL) goto err; if (chain != NULL) @@ -933,7 +936,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } } - if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) + if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { @@ -958,8 +961,9 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) const EVP_MD *md = EVP_MD_CTX_md(mctx); const CMS_CTX *ctx = si->cms_ctx; - pkctx = EVP_PKEY_CTX_new_from_pkey(cms_ctx_get0_libctx(ctx), si->pkey, - cms_ctx_get0_propq(ctx)); + pkctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), + si->pkey, + ossl_cms_ctx_get0_propq(ctx)); if (pkctx == NULL) goto err; if (EVP_PKEY_verify_init(pkctx) <= 0) diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 3967988932..ac4ad2d490 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -121,7 +121,7 @@ int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags) CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, OSSL_LIB_CTX *libctx, const char *propq) { - CMS_ContentInfo *cms = cms_Data_create(libctx, propq); + CMS_ContentInfo *cms = ossl_cms_Data_create(libctx, propq); if (cms == NULL) return NULL; @@ -158,7 +158,7 @@ int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, r = cms_copy_content(out, cont, flags); if (r) - r = cms_DigestedData_do_final(cms, cont, 1); + r = ossl_cms_DigestedData_do_final(cms, cont, 1); do_free_upto(cont, dcont); return r; } @@ -171,7 +171,7 @@ CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, if (md == NULL) md = EVP_sha1(); - cms = cms_DigestedData_create(md, ctx, propq); + cms = ossl_cms_DigestedData_create(md, ctx, propq); if (cms == NULL) return NULL; @@ -264,8 +264,8 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509 *signer; int i, j, r = 0; - ctx = X509_STORE_CTX_new_ex(cms_ctx_get0_libctx(cms_ctx), - cms_ctx_get0_propq(cms_ctx)); + ctx = X509_STORE_CTX_new_ex(ossl_cms_ctx_get0_libctx(cms_ctx), + ossl_cms_ctx_get0_propq(cms_ctx)); if (ctx == NULL) { ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); goto err; @@ -309,7 +309,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, int i, scount = 0, ret = 0; BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL; int cadesVerify = (flags & CMS_CADES) != 0; - const CMS_CTX *ctx = cms_get0_cmsctx(cms); + const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); if (dcont == NULL && !check_content(cms)) return 0; @@ -381,7 +381,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, if (cadesVerify) { STACK_OF(X509) *si_chain = si_chains ? si_chains[i] : NULL; - if (ess_check_signing_certs(si, si_chain) <= 0) + if (ossl_ess_check_signing_certs(si, si_chain) <= 0) goto err; } } @@ -493,7 +493,7 @@ int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, r = CMS_verify(rcms, certs, store, NULL, NULL, flags); if (r <= 0) return r; - return cms_Receipt_verify(rcms, ocms); + return ossl_cms_Receipt_verify(rcms, ocms); } CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, @@ -568,8 +568,9 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, /* Initialize signed data */ - cms = CMS_sign_ex(NULL, NULL, certs, NULL, flags, cms_ctx_get0_libctx(ctx), - cms_ctx_get0_propq(ctx)); + cms = CMS_sign_ex(NULL, NULL, certs, NULL, flags, + ossl_cms_ctx_get0_libctx(ctx), + ossl_cms_ctx_get0_propq(ctx)); if (cms == NULL) goto err; @@ -583,7 +584,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, goto err; } - os = cms_encode_Receipt(si); + os = ossl_cms_encode_Receipt(si); if (os == NULL) goto err; @@ -594,7 +595,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, /* Add msgSigDigest attribute */ - if (!cms_msgSigDigest_add1(rct_si, si)) + if (!ossl_cms_msgSigDigest_add1(rct_si, si)) goto err; /* Finalize structure */ @@ -700,9 +701,9 @@ int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, ris = CMS_get0_RecipientInfos(cms); if (ris != NULL) - debug = cms_get0_env_enc_content(cms)->debug; + debug = ossl_cms_get0_env_enc_content(cms)->debug; - cms_pkey_ri_type = cms_pkey_get_ri_type(pk); + cms_pkey_ri_type = ossl_cms_pkey_get_ri_type(pk); if (cms_pkey_ri_type == CMS_RECIPINFO_NONE) { ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); return 0; @@ -713,7 +714,7 @@ int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, ri = sk_CMS_RecipientInfo_value(ris, i); ri_type = CMS_RecipientInfo_type(ri); - if (!cms_pkey_is_ri_type_supported(pk, ri_type)) + if (!ossl_cms_pkey_is_ri_type_supported(pk, ri_type)) continue; match_ri = 1; if (ri_type == CMS_RECIPINFO_AGREE) { @@ -846,13 +847,13 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, if (dcont == NULL && !check_content(cms)) return 0; if (flags & CMS_DEBUG_DECRYPT) - cms_get0_env_enc_content(cms)->debug = 1; + ossl_cms_get0_env_enc_content(cms)->debug = 1; else - cms_get0_env_enc_content(cms)->debug = 0; + ossl_cms_get0_env_enc_content(cms)->debug = 0; if (cert == NULL) - cms_get0_env_enc_content(cms)->havenocert = 1; + ossl_cms_get0_env_enc_content(cms)->havenocert = 1; else - cms_get0_env_enc_content(cms)->havenocert = 0; + ossl_cms_get0_env_enc_content(cms)->havenocert = 0; if (pk == NULL && cert == NULL && dcont == NULL && out == NULL) return 1; if (pk != NULL && !CMS_decrypt_set1_pkey(cms, pk, cert)) @@ -920,7 +921,7 @@ CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) if (comp_nid <= 0) comp_nid = NID_zlib_compression; - cms = cms_CompressedData_create(comp_nid, NULL, NULL); + cms = ossl_cms_CompressedData_create(comp_nid, NULL, NULL); if (cms == NULL) return NULL; diff --git a/crypto/ess/ess_asn1.c b/crypto/ess/ess_asn1.c index a8d13a3a20..37bac4e707 100644 --- a/crypto/ess/ess_asn1.c +++ b/crypto/ess/ess_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -65,8 +65,8 @@ IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) * Returns < 0 if attribute is not found, 1 if found, or * -1 on attribute parsing failure. */ -int cms_signerinfo_get_signing_cert_v2(CMS_SignerInfo *si, - ESS_SIGNING_CERT_V2 **psc) +int ossl_cms_signerinfo_get_signing_cert_v2(CMS_SignerInfo *si, + ESS_SIGNING_CERT_V2 **psc) { ASN1_STRING *str; ESS_SIGNING_CERT_V2 *sc; @@ -92,8 +92,8 @@ int cms_signerinfo_get_signing_cert_v2(CMS_SignerInfo *si, * Returns < 0 if attribute is not found, 1 if found, or * -1 on attribute parsing failure. */ -int cms_signerinfo_get_signing_cert(CMS_SignerInfo *si, - ESS_SIGNING_CERT **psc) +int ossl_cms_signerinfo_get_signing_cert(CMS_SignerInfo *si, + ESS_SIGNING_CERT **psc) { ASN1_STRING *str; ESS_SIGNING_CERT *sc; diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c index 1301c9ed85..46004cc8da 100644 --- a/crypto/ess/ess_lib.c +++ b/crypto/ess/ess_lib.c @@ -18,9 +18,9 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed); static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, X509 *cert, int issuer_needed); -ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, - STACK_OF(X509) *certs, - int issuer_needed) +ESS_SIGNING_CERT *ossl_ess_signing_cert_new_init(X509 *signcert, + STACK_OF(X509) *certs, + int issuer_needed) { ESS_CERT_ID *cid = NULL; ESS_SIGNING_CERT *sc; @@ -96,10 +96,10 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) return NULL; } -ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg, - X509 *signcert, - STACK_OF(X509) *certs, - int issuer_needed) +ESS_SIGNING_CERT_V2 *ossl_ess_signing_cert_v2_new_init(const EVP_MD *hash_alg, + X509 *signcert, + STACK_OF(X509) *certs, + int issuer_needed) { ESS_CERT_ID_V2 *cid = NULL; ESS_SIGNING_CERT_V2 *sc; @@ -192,7 +192,7 @@ static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, return NULL; } -ESS_SIGNING_CERT *ESS_SIGNING_CERT_get(PKCS7_SIGNER_INFO *si) +ESS_SIGNING_CERT *ossl_ess_signing_cert_get(PKCS7_SIGNER_INFO *si) { ASN1_TYPE *attr; const unsigned char *p; @@ -204,7 +204,7 @@ ESS_SIGNING_CERT *ESS_SIGNING_CERT_get(PKCS7_SIGNER_INFO *si) return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); } -ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_get(PKCS7_SIGNER_INFO *si) +ESS_SIGNING_CERT_V2 *ossl_ess_signing_cert_v2_get(PKCS7_SIGNER_INFO *si) { ASN1_TYPE *attr; const unsigned char *p; @@ -216,7 +216,7 @@ ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_get(PKCS7_SIGNER_INFO *si) return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length); } -int ESS_SIGNING_CERT_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) +int ossl_ess_signing_cert_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp = NULL; @@ -245,8 +245,7 @@ int ESS_SIGNING_CERT_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) return 0; } -int ESS_SIGNING_CERT_V2_add(PKCS7_SIGNER_INFO *si, - ESS_SIGNING_CERT_V2 *sc) +int ossl_ess_signing_cert_v2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc) { ASN1_STRING *seq = NULL; unsigned char *p, *pp = NULL; @@ -291,7 +290,7 @@ static int ess_issuer_serial_cmp(const ESS_ISSUER_SERIAL *is, const X509 *cert) } /* Returns < 0 if certificate is not found, certificate index otherwise. */ -int ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) +int ossl_ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) { int i; unsigned char cert_sha1[SHA_DIGEST_LENGTH]; @@ -324,7 +323,8 @@ int ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) } /* Returns < 0 if certificate is not found, certificate index otherwise. */ -int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, const X509 *cert) +int ossl_ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, + const X509 *cert) { int i; unsigned char cert_digest[EVP_MAX_MD_SIZE]; diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 313b37ed06..0bbe0e2b6c 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -664,20 +664,21 @@ static int ts_RESP_sign(TS_RESP_CTX *ctx) certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; if (ctx->ess_cert_id_digest == NULL || ctx->ess_cert_id_digest == EVP_sha1()) { - if ((sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs, 0)) == NULL) + if ((sc = ossl_ess_signing_cert_new_init(ctx->signer_cert, + certs, 0)) == NULL) goto err; - if (!ESS_SIGNING_CERT_add(si, sc)) { + if (!ossl_ess_signing_cert_add(si, sc)) { ERR_raise(ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_ERROR); goto err; } } else { - sc2 = ESS_SIGNING_CERT_V2_new_init(ctx->ess_cert_id_digest, - ctx->signer_cert, certs, 0); + sc2 = ossl_ess_signing_cert_v2_new_init(ctx->ess_cert_id_digest, + ctx->signer_cert, certs, 0); if (sc2 == NULL) goto err; - if (!ESS_SIGNING_CERT_V2_add(si, sc2)) { + if (!ossl_ess_signing_cert_v2_add(si, sc2)) { ERR_raise(ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR); goto err; } diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 8e097a3336..bba335a684 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -197,9 +197,9 @@ end: static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain) { - ESS_SIGNING_CERT *ss = ESS_SIGNING_CERT_get(si); + ESS_SIGNING_CERT *ss = ossl_ess_signing_cert_get(si); STACK_OF(ESS_CERT_ID) *cert_ids = NULL; - ESS_SIGNING_CERT_V2 *ssv2 = ESS_SIGNING_CERT_V2_get(si); + ESS_SIGNING_CERT_V2 *ssv2 = ossl_ess_signing_cert_v2_get(si); STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = NULL; X509 *cert; int i = 0; @@ -208,7 +208,7 @@ static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, if (ss != NULL) { cert_ids = ss->cert_ids; cert = sk_X509_value(chain, 0); - if (ess_find_cert(cert_ids, cert) != 0) + if (ossl_ess_find_cert(cert_ids, cert) != 0) goto err; /* @@ -218,14 +218,14 @@ static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, if (sk_ESS_CERT_ID_num(cert_ids) > 1) { for (i = 1; i < sk_X509_num(chain); ++i) { cert = sk_X509_value(chain, i); - if (ess_find_cert(cert_ids, cert) < 0) + if (ossl_ess_find_cert(cert_ids, cert) < 0) goto err; } } } else if (ssv2 != NULL) { cert_ids_v2 = ssv2->cert_ids; cert = sk_X509_value(chain, 0); - if (ess_find_cert_v2(cert_ids_v2, cert) != 0) + if (ossl_ess_find_cert_v2(cert_ids_v2, cert) != 0) goto err; /* @@ -235,7 +235,7 @@ static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) { for (i = 1; i < sk_X509_num(chain); ++i) { cert = sk_X509_value(chain, i); - if (ess_find_cert_v2(cert_ids_v2, cert) < 0) + if (ossl_ess_find_cert_v2(cert_ids_v2, cert) < 0) goto err; } } diff --git a/include/crypto/cms.h b/include/crypto/cms.h index f98f3cfbea..f1cf6bd6bf 100644 --- a/include/crypto/cms.h +++ b/include/crypto/cms.h @@ -15,13 +15,13 @@ /* internal CMS-ESS related stuff */ -int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); -int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc); +int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); +int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc); -int cms_signerinfo_get_signing_cert_v2(CMS_SignerInfo *si, - ESS_SIGNING_CERT_V2 **psc); -int cms_signerinfo_get_signing_cert(CMS_SignerInfo *si, - ESS_SIGNING_CERT **psc); +int ossl_cms_signerinfo_get_signing_cert_v2(CMS_SignerInfo *si, + ESS_SIGNING_CERT_V2 **psc); +int ossl_cms_signerinfo_get_signing_cert(CMS_SignerInfo *si, + ESS_SIGNING_CERT **psc); # endif /* OPENSSL_NO_CMS */ #endif diff --git a/include/crypto/ess.h b/include/crypto/ess.h index c13cd64222..5abd229869 100644 --- a/include/crypto/ess.h +++ b/include/crypto/ess.h @@ -13,24 +13,25 @@ /* internal ESS related stuff */ -ESS_SIGNING_CERT *ESS_SIGNING_CERT_get(PKCS7_SIGNER_INFO *si); -int ESS_SIGNING_CERT_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); +ESS_SIGNING_CERT *ossl_ess_signing_cert_get(PKCS7_SIGNER_INFO *si); +int ossl_ess_signing_cert_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); -ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, - STACK_OF(X509) *certs, - int issuer_needed); +ESS_SIGNING_CERT *ossl_ess_signing_cert_new_init(X509 *signcert, + STACK_OF(X509) *certs, + int issuer_needed); -ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_get(PKCS7_SIGNER_INFO *si); -int ESS_SIGNING_CERT_V2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc); +ESS_SIGNING_CERT_V2 *ossl_ess_signing_cert_v2_get(PKCS7_SIGNER_INFO *si); +int ossl_ess_signing_cert_v2_add(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT_V2 *sc); -ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new_init(const EVP_MD *hash_alg, - X509 *signcert, - STACK_OF(X509) *certs, - int issuer_needed); +ESS_SIGNING_CERT_V2 *ossl_ess_signing_cert_v2_new_init(const EVP_MD *hash_alg, + X509 *signcert, + STACK_OF(X509) *certs, + int issuer_needed); /* Returns < 0 if certificate is not found, certificate index otherwise. */ -int ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, const X509 *cert); -int ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); +int ossl_ess_find_cert_v2(const STACK_OF(ESS_CERT_ID_V2) *cert_ids, + const X509 *cert); +int ossl_ess_find_cert(const STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); /*- * IssuerSerial ::= SEQUENCE { diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h index d3eacc293f..b2ae379525 100644 --- a/include/openssl/symhacks.h +++ b/include/openssl/symhacks.h @@ -34,10 +34,6 @@ # undef i2d_ECPKPARAMETERS # define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS -/* This one clashes with CMS_data_create */ -# undef cms_Data_create -# define cms_Data_create priv_cms_Data_create - # endif #endif /* ! defined HEADER_VMS_IDHACKS_H */ |