From 0cea7bbe94f4bedc2189e20cabb639867ab21c91 Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 24 Jul 2022 08:16:47 +0000 Subject: [PATCH] Start making ts opaque Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them. Include ts_local.h where necessary or where it will be needed soon. ok jsing --- lib/libcrypto/Makefile | 3 +- lib/libcrypto/ts/ts.h | 45 +------------ lib/libcrypto/ts/ts_asn1.c | 4 +- lib/libcrypto/ts/ts_local.h | 110 +++++++++++++++++++++++++++++++ lib/libcrypto/ts/ts_req_utils.c | 4 +- lib/libcrypto/ts/ts_rsp_print.c | 4 +- lib/libcrypto/ts/ts_rsp_sign.c | 3 +- lib/libcrypto/ts/ts_rsp_utils.c | 4 +- lib/libcrypto/ts/ts_rsp_verify.c | 3 +- lib/libcrypto/ts/ts_verify_ctx.c | 4 +- 10 files changed, 134 insertions(+), 50 deletions(-) create mode 100644 lib/libcrypto/ts/ts_local.h diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index 81755cc3699..423fba5f589 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.76 2022/07/13 06:32:54 tb Exp $ +# $OpenBSD: Makefile,v 1.77 2022/07/24 08:16:47 tb Exp $ LIB= crypto LIBREBUILD=y @@ -44,6 +44,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/kdf CFLAGS+= -I${LCRYPTO_SRC}/modes CFLAGS+= -I${LCRYPTO_SRC}/ocsp CFLAGS+= -I${LCRYPTO_SRC}/rsa +CFLAGS+= -I${LCRYPTO_SRC}/ts CFLAGS+= -I${LCRYPTO_SRC}/x509 VERSION_SCRIPT= Symbols.map diff --git a/lib/libcrypto/ts/ts.h b/lib/libcrypto/ts/ts.h index bfcf9dfe8f8..31b916983ed 100644 --- a/lib/libcrypto/ts/ts.h +++ b/lib/libcrypto/ts/ts.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ts.h,v 1.14 2022/07/23 07:13:03 tb Exp $ */ +/* $OpenBSD: ts.h,v 1.15 2022/07/24 08:16:47 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL * project 2002, 2003, 2004. */ @@ -265,32 +265,10 @@ typedef struct ESS_signing_cert { } ESS_SIGNING_CERT; #ifdef LIBRESSL_INTERNAL -/* - * ESSCertIDv2 ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier - * DEFAULT {algorithm id-sha256}, - * certHash Hash, - * issuerSerial IssuerSerial OPTIONAL } - */ - -typedef struct ESS_cert_id_v2 { - X509_ALGOR *hash_alg; /* Default SHA-256. */ - ASN1_OCTET_STRING *hash; - ESS_ISSUER_SERIAL *issuer_serial; -} ESS_CERT_ID_V2; - +typedef struct ESS_cert_id_v2 ESS_CERT_ID_V2; DECLARE_STACK_OF(ESS_CERT_ID_V2) -/* - * SigningCertificateV2 ::= SEQUENCE { - * certs SEQUENCE OF ESSCertIDv2, - * policies SEQUENCE OF PolicyInformation OPTIONAL } - */ - -typedef struct ESS_signing_cert_v2 { - STACK_OF(ESS_CERT_ID_V2) *cert_ids; - STACK_OF(POLICYINFO) *policy_info; -} ESS_SIGNING_CERT_V2; +typedef struct ESS_signing_cert_v2 ESS_SIGNING_CERT_V2; #endif /* LIBRESSL_INTERNAL */ TS_REQ *TS_REQ_new(void); @@ -379,23 +357,6 @@ ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, const unsigned char **pp, long length); ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); -#ifdef LIBRESSL_INTERNAL -ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void); -void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a); -int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp); -ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, const unsigned char **pp, - long length); -ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a); - -ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void); -void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a); -int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, - unsigned char **pp); -ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a, - const unsigned char **pp, long length); -ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a); -#endif /* LIBRESSL_INTERNAL */ - int TS_REQ_set_version(TS_REQ *a, long version); long TS_REQ_get_version(const TS_REQ *a); diff --git a/lib/libcrypto/ts/ts_asn1.c b/lib/libcrypto/ts/ts_asn1.c index c4316d13f84..6537f1c85a1 100644 --- a/lib/libcrypto/ts/ts_asn1.c +++ b/lib/libcrypto/ts/ts_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_asn1.c,v 1.12 2022/07/16 18:36:36 kn Exp $ */ +/* $OpenBSD: ts_asn1.c,v 1.13 2022/07/24 08:16:47 tb Exp $ */ /* Written by Nils Larsch for the OpenSSL project 2004. */ /* ==================================================================== @@ -61,6 +61,8 @@ #include #include +#include "ts_local.h" + static const ASN1_TEMPLATE TS_MSG_IMPRINT_seq_tt[] = { { .flags = 0, diff --git a/lib/libcrypto/ts/ts_local.h b/lib/libcrypto/ts/ts_local.h new file mode 100644 index 00000000000..01d26de127d --- /dev/null +++ b/lib/libcrypto/ts/ts_local.h @@ -0,0 +1,110 @@ +/* $OpenBSD: ts_local.h,v 1.1 2022/07/24 08:16:47 tb Exp $ */ +/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL + * project 2002, 2003, 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_TS_LOCAL_H +#define HEADER_TS_LOCAL_H + +__BEGIN_HIDDEN_DECLS + +/* + * ESSCertIDv2 ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier + * DEFAULT {algorithm id-sha256}, + * certHash Hash, + * issuerSerial IssuerSerial OPTIONAL } + */ + +struct ESS_cert_id_v2 { + X509_ALGOR *hash_alg; /* Default SHA-256. */ + ASN1_OCTET_STRING *hash; + ESS_ISSUER_SERIAL *issuer_serial; +}; + +/* + * SigningCertificateV2 ::= SEQUENCE { + * certs SEQUENCE OF ESSCertIDv2, + * policies SEQUENCE OF PolicyInformation OPTIONAL } + */ + +struct ESS_signing_cert_v2 { + STACK_OF(ESS_CERT_ID_V2) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +}; + +/* + * Public OpenSSL API that we do not currently want to expose. + */ + +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void); +void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a); +int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp); +ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, const unsigned char **pp, + long length); +ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a); + +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void); +void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a); +int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, + unsigned char **pp); +ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a); + +__END_HIDDEN_DECLS + +#endif /* HEADER_TS_LOCAL_H */ diff --git a/lib/libcrypto/ts/ts_req_utils.c b/lib/libcrypto/ts/ts_req_utils.c index 6b9c13f39b4..8d9d6f3e613 100644 --- a/lib/libcrypto/ts/ts_req_utils.c +++ b/lib/libcrypto/ts/ts_req_utils.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_req_utils.c,v 1.6 2018/05/13 15:04:05 tb Exp $ */ +/* $OpenBSD: ts_req_utils.c,v 1.7 2022/07/24 08:16:47 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -63,6 +63,8 @@ #include #include +#include "ts_local.h" + int TS_REQ_set_version(TS_REQ *a, long version) { diff --git a/lib/libcrypto/ts/ts_rsp_print.c b/lib/libcrypto/ts/ts_rsp_print.c index c442b716464..cfff955cd66 100644 --- a/lib/libcrypto/ts/ts_rsp_print.c +++ b/lib/libcrypto/ts/ts_rsp_print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_print.c,v 1.5 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: ts_rsp_print.c,v 1.6 2022/07/24 08:16:47 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -63,6 +63,8 @@ #include #include +#include "ts_local.h" + struct status_map_st { int bit; const char *text; diff --git a/lib/libcrypto/ts/ts_rsp_sign.c b/lib/libcrypto/ts/ts_rsp_sign.c index 55738875dbb..665dc1cec49 100644 --- a/lib/libcrypto/ts/ts_rsp_sign.c +++ b/lib/libcrypto/ts/ts_rsp_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_sign.c,v 1.27 2022/07/16 16:42:58 kn Exp $ */ +/* $OpenBSD: ts_rsp_sign.c,v 1.28 2022/07/24 08:16:47 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -66,6 +66,7 @@ #include #include "evp_locl.h" +#include "ts_local.h" #include "x509_lcl.h" /* Private function declarations. */ diff --git a/lib/libcrypto/ts/ts_rsp_utils.c b/lib/libcrypto/ts/ts_rsp_utils.c index 233df867acd..995dbb80358 100644 --- a/lib/libcrypto/ts/ts_rsp_utils.c +++ b/lib/libcrypto/ts/ts_rsp_utils.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_utils.c,v 1.7 2018/05/13 15:35:46 tb Exp $ */ +/* $OpenBSD: ts_rsp_utils.c,v 1.8 2022/07/24 08:16:47 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -63,6 +63,8 @@ #include #include +#include "ts_local.h" + /* Function definitions. */ int diff --git a/lib/libcrypto/ts/ts_rsp_verify.c b/lib/libcrypto/ts/ts_rsp_verify.c index 816d7000f35..a5829b35ca0 100644 --- a/lib/libcrypto/ts/ts_rsp_verify.c +++ b/lib/libcrypto/ts/ts_rsp_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_verify.c,v 1.27 2022/07/17 19:40:38 kn Exp $ */ +/* $OpenBSD: ts_rsp_verify.c,v 1.28 2022/07/24 08:16:47 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -65,6 +65,7 @@ #include #include "evp_locl.h" +#include "ts_local.h" #include "x509_lcl.h" /* Private function declarations. */ diff --git a/lib/libcrypto/ts/ts_verify_ctx.c b/lib/libcrypto/ts/ts_verify_ctx.c index 7608a7d1093..83ef54a8947 100644 --- a/lib/libcrypto/ts/ts_verify_ctx.c +++ b/lib/libcrypto/ts/ts_verify_ctx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_verify_ctx.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ts_verify_ctx.c,v 1.10 2022/07/24 08:16:47 tb Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2003. */ @@ -62,6 +62,8 @@ #include #include +#include "ts_local.h" + TS_VERIFY_CTX * TS_VERIFY_CTX_new(void) { -- 2.20.1