diff options
Diffstat (limited to 'crypto/cms/cms_ess.c')
-rw-r--r-- | crypto/cms/cms_ess.c | 63 |
1 files changed, 5 insertions, 58 deletions
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index b8b0076e03..5982035c45 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -46,67 +46,14 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) return 1; } -/* - First, get the ESS_SIGNING_CERT(V2) signed attribute from |si|. - Then check matching of each cert of trust |chain| with one of - the |cert_ids|(Hash+IssuerID) list from this ESS_SIGNING_CERT. - Derived from ts_check_signing_certs() -*/ -int ossl_ess_check_signing_certs(CMS_SignerInfo *si, STACK_OF(X509) *chain) +int ossl_cms_check_signing_certs(const CMS_SignerInfo *si, + const STACK_OF(X509) *chain) { ESS_SIGNING_CERT *ss = NULL; ESS_SIGNING_CERT_V2 *ssv2 = NULL; - X509 *cert; - int i = 0, ret = 0; - - if (ossl_cms_signerinfo_get_signing_cert(si, &ss) > 0 - && ss->cert_ids != NULL) { - STACK_OF(ESS_CERT_ID) *cert_ids = ss->cert_ids; - - cert = sk_X509_value(chain, 0); - if (ossl_ess_find_cert(cert_ids, cert) != 0) - goto err; - - /* - * Check the other certificates of the chain. - * Fail if no signing certificate ids found for each certificate. - */ - if (sk_ESS_CERT_ID_num(cert_ids) > 1) { - /* for each chain cert, try to find its cert id */ - for (i = 1; i < sk_X509_num(chain); ++i) { - cert = sk_X509_value(chain, i); - if (ossl_ess_find_cert(cert_ids, cert) < 0) - goto err; - } - } - } else if (ossl_cms_signerinfo_get_signing_cert_v2(si, &ssv2) > 0 - && ssv2->cert_ids!= NULL) { - STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = ssv2->cert_ids; - - cert = sk_X509_value(chain, 0); - if (ossl_ess_find_cert_v2(cert_ids_v2, cert) != 0) - goto err; - - /* - * Check the other certificates of the chain. - * Fail if no signing certificate ids found for each certificate. - */ - if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) { - /* for each chain cert, try to find its cert id */ - for (i = 1; i < sk_X509_num(chain); ++i) { - cert = sk_X509_value(chain, i); - if (ossl_ess_find_cert_v2(cert_ids_v2, cert) < 0) - goto err; - } - } - } else { - ERR_raise(ERR_LIB_CMS, CMS_R_ESS_NO_SIGNING_CERTID_ATTRIBUTE); - return 0; - } - ret = 1; - err: - if (!ret) - ERR_raise(ERR_LIB_CMS, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR); + int ret = ossl_cms_signerinfo_get_signing_cert(si, &ss) >= 0 + && ossl_cms_signerinfo_get_signing_cert_v2(si, &ssv2) >= 0 + && ossl_ess_check_signing_certs(ss, ssv2, chain, 1); ESS_SIGNING_CERT_free(ss); ESS_SIGNING_CERT_V2_free(ssv2); |