Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

This patch adds cades support for openssl #7611

Closed
wants to merge 44 commits into from
Closed

This patch adds cades support for openssl #7611

Changes from 5 commits
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
6509be5
Add files via upload
opensignature Nov 10, 2018
3610180
Delete cms.c
opensignature Nov 10, 2018
732536a
Add files via upload
opensignature Nov 10, 2018
acd1d2d
Add files via upload
opensignature Nov 17, 2018
142b848
Add files via upload
opensignature Nov 17, 2018
78d88e7
Add files via upload
opensignature Nov 17, 2018
fc2318e
Add files via upload
opensignature Nov 18, 2018
4fe6a48
Add files via upload
opensignature Nov 18, 2018
856c968
Add files via upload
opensignature Nov 18, 2018
97b65e2
Add files via upload
opensignature Nov 18, 2018
41ea6cf
Add files via upload
opensignature Nov 18, 2018
edb085b
Add files via upload
opensignature Nov 19, 2018
9b26f3a
Fixed cms.h and cmserr.h
opensignature Nov 19, 2018
58eb937
Moved ESS code to cms_ess.c
opensignature Nov 19, 2018
aaf4726
Move ESS (Enhanced Security Services - RFC 5035) definitions from
opensignature Nov 27, 2018
eeee142
Add <openssl/x509.h> to include/openssl/ess.h
opensignature Nov 27, 2018
b430193
Deleted ESS definitions moved to new include/openssl/ess.h
opensignature Nov 28, 2018
257715a
Moved typedefs from ess.h into ossl_typ.h
opensignature Nov 29, 2018
0f39264
Moved structures from include/openssl/ess.h to new crypto/include/int…
opensignature Nov 30, 2018
4d3154b
According to RFC5126 section 5.7.3 added ESS signing-certificate attr…
opensignature Nov 30, 2018
d94c783
Draft of documentation for CAdES
opensignature Nov 30, 2018
e806f87
Merge remote-tracking branch 'upstream/master'
opensignature Dec 1, 2018
2a2a54e
Bug fixed
opensignature Dec 1, 2018
d827142
Test cms with -cades flag
opensignature Dec 1, 2018
e70bf2f
Test -cades flag with SHA256 md
opensignature Dec 2, 2018
04a3338
Release block of memory
opensignature Dec 2, 2018
3545cdf
Release block of memory
opensignature Dec 2, 2018
6359a22
Merge branch 'master' of https://github.com/opensignature/openssl
opensignature Dec 2, 2018
0ae477d
Release block of memory
opensignature Dec 2, 2018
724043e
Draft documentation for CMS_add1_signing_cert ad CMS_add1_signing_cer…
opensignature Dec 3, 2018
da3637f
Fixed libcrypto.num diff
opensignature Dec 3, 2018
48c9519
Add CMS_add1_signing_cert and CMS_add1_signing_cert_v2 to
opensignature Dec 3, 2018
75c7cf5
Documentation bug fixed
opensignature Dec 3, 2018
62e4a9b
Documentation bug fixed and better arranged ess.h and ossl_typ.h
opensignature Dec 4, 2018
6a48bd9
of ess.h needs TS and CMS_add1_signing_cert and CMS1_add1_signing_cer…
opensignature Dec 4, 2018
0b2ac37
ess.h needs to TS and CMS_add1_signing_cert and CMS_add1_signing_cert_v2
opensignature Dec 4, 2018
e8f939c
Change FUNCTION:TS to FUNCTION:CMS in libcrypto.num
opensignature Dec 4, 2018
ad4c5f0
Bug on libcrypto.num fixed
opensignature Dec 4, 2018
8cdd628
Add memory cleanup
opensignature Dec 4, 2018
a06fdda
Memory bug fixed
opensignature Dec 4, 2018
ae46c5a
Add issuer stuff
opensignature Dec 7, 2018
49be137
Conflict with upstream fixed
opensignature Dec 9, 2018
5418ae0
Re-licensing and ifndef changed
opensignature Dec 9, 2018
66537c2
Merge remote-tracking branch 'upstream/master'
opensignature Dec 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 52 additions & 1 deletion apps/cms.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
# include <openssl/x509_vfy.h>
# include <openssl/x509v3.h>
# include <openssl/cms.h>
# include <openssl/ts.h>
# include "crypto/ts/ts_lcl.h"
opensignature marked this conversation as resolved.
Show resolved Hide resolved

static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int cms_cb(int ok, X509_STORE_CTX *ctx);
Expand Down Expand Up @@ -51,6 +53,7 @@ static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
# define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
# define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
# define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
# define CMS_CADES 0x100000

static int verify_err = 0;

Expand All @@ -65,7 +68,7 @@ struct cms_key_param_st {
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT,
OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN,
OPT_DECRYPT, OPT_SIGN, OPT_CADES, OPT_SIGN_RECEIPT, OPT_RESIGN,
OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT,
OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY,
OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS,
Expand Down Expand Up @@ -102,6 +105,7 @@ const OPTIONS cms_options[] = {
{"sign", OPT_SIGN, '-', "Sign message"},
{"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
{"resign", OPT_RESIGN, '-', "Resign a signed message"},
{"cades", OPT_CADES, '-', "Include signer certificate digest"},
{"verify", OPT_VERIFY, '-', "Verify signed message"},
{"verify_retcode", OPT_VERIFY_RETCODE, '-'},
{"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
Expand Down Expand Up @@ -326,6 +330,9 @@ int cms_main(int argc, char **argv)
case OPT_BINARY:
flags |= CMS_BINARY;
break;
case OPT_CADES:
flags |= CMS_CADES;
break;
case OPT_KEYID:
flags |= CMS_USE_KEYID;
break;
Expand Down Expand Up @@ -940,6 +947,50 @@ int cms_main(int argc, char **argv)
si = CMS_add1_signer(cms, signer, key, sign_md, tflags);
if (si == NULL)
goto end;
if (flags & CMS_CADES) {
ASN1_STRING *seq = NULL;
unsigned char *p, *pp = NULL;
ESS_SIGNING_CERT_V2 *sc = NULL;
ESS_CERT_ID_V2 * cid;
unsigned char hash[EVP_MAX_MD_SIZE];
unsigned int hash_len = sizeof (hash);
X509_ALGOR *alg = NULL;
int len;
opensignature marked this conversation as resolved.
Show resolved Hide resolved

memset(hash, 0, sizeof (hash));
/* Create the SigningCertificateV2 attribute. */
if (!(sc = ESS_SIGNING_CERT_V2_new()))
goto end;
/* Adding the signing certificate id. */
if (!(cid = ESS_CERT_ID_V2_new()))
goto end;
alg = X509_ALGOR_new();
if (alg == NULL)
goto end;
X509_ALGOR_set_md(alg, sign_md);
if (alg->algorithm == NULL)
goto end;
cid->hash_alg = alg;
alg = NULL;
if (!X509_digest(signer, sign_md, hash, &hash_len))
goto end;
if (!ASN1_OCTET_STRING_set(cid->hash, hash, hash_len))
goto end;
if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
goto end;
/* Add SigningCertificateV2 signed attribute to the signer info. */
len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
if ((pp = OPENSSL_malloc(len)) == NULL)
opensignature marked this conversation as resolved.
Show resolved Hide resolved
goto end;
p = pp;
i2d_ESS_SIGNING_CERT_V2(sc, &p);
if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len))
opensignature marked this conversation as resolved.
Show resolved Hide resolved
goto end;
opensignature marked this conversation as resolved.
Show resolved Hide resolved
OPENSSL_free(pp);
pp = NULL;
if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificateV2,
V_ASN1_SEQUENCE, seq, -1)) goto end;
}
if (kparam != NULL) {
EVP_PKEY_CTX *pctx;
pctx = CMS_SignerInfo_get0_pkey_ctx(si);
Expand Down