Move PKCS#7 functions into their own directory.

A follow-up change will add a CRYPTO_BUFFER variant. This makes the naming match the header and doesn't require including x509.h. (Though like ssl.h and pkcs8.h, some of the functions are implemented with code that depends on crypto/x509.) Change-Id: I5a7de209f4f775fe0027893f711326d89699ca1f Reviewed-on: https://boringssl-review.googlesource.com/15128 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
7 yıl önce · 6fdea2aba9
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -116,6 +116,7 @@ add_subdirectory(x509)
 add_subdirectory(x509v3)

 # Level 4
 add_subdirectory(pkcs7)
 add_subdirectory(pkcs8)

 # Test support code
@@ -194,6 +195,7 @@ add_library(
  $<TARGET_OBJECTS:pem>
  $<TARGET_OBJECTS:x509>
  $<TARGET_OBJECTS:x509v3>
  $<TARGET_OBJECTS:pkcs7>
  $<TARGET_OBJECTS:pkcs8_lib>

  ${CRYPTO_FIPS_OBJECTS}
--- a/crypto/err/CMakeLists.txt
+++ b/crypto/err/CMakeLists.txt
@@ -21,6 +21,7 @@ add_custom_command(
  hkdf.errordata
  obj.errordata
  pem.errordata
  pkcs7.errordata
  pkcs8.errordata
  rsa.errordata
  ssl.errordata
--- a/crypto/err/pkcs7.errordata
+++ b/crypto/err/pkcs7.errordata
@@ -0,0 +1,4 @@
 PKCS7,100,BAD_PKCS7_VERSION
 PKCS7,101,NOT_PKCS7_SIGNED_DATA
 PKCS7,102,NO_CERTIFICATES_INCLUDED
 PKCS7,103,NO_CRLS_INCLUDED
--- a/crypto/pkcs7/CMakeLists.txt
+++ b/crypto/pkcs7/CMakeLists.txt
@@ -0,0 +1,20 @@
 include_directories(../../include)

 add_library(
  pkcs7

  OBJECT

  pkcs7.c
 )

 add_executable(
  pkcs7_test

  pkcs7_test.c

  $<TARGET_OBJECTS:test_support>
 )

 target_link_libraries(pkcs7_test crypto)
 add_dependencies(all_tests pkcs7_test)
--- a/crypto/pkcs7/pkcs7.c
+++ b/crypto/pkcs7/pkcs7.c
@@ -12,7 +12,7 @@
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>

 #include <assert.h>
 #include <limits.h>
@@ -23,6 +23,7 @@
 #include <openssl/obj.h>
 #include <openssl/pem.h>
 #include <openssl/stack.h>
 #include <openssl/x509.h>

 #include "../bytestring/internal.h"

@@ -67,7 +68,7 @@ static int pkcs7_parse_header(uint8_t **der_bytes, CBS *out, CBS *cbs) {

  if (!CBS_mem_equal(&content_type, kPKCS7SignedData,
                     sizeof(kPKCS7SignedData))) {
    OPENSSL_PUT_ERROR(X509, X509_R_NOT_PKCS7_SIGNED_DATA);
    OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_NOT_PKCS7_SIGNED_DATA);
    goto err;
  }

@@ -82,7 +83,7 @@ static int pkcs7_parse_header(uint8_t **der_bytes, CBS *out, CBS *cbs) {
  }

  if (version < 1) {
    OPENSSL_PUT_ERROR(X509, X509_R_BAD_PKCS7_VERSION);
    OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_BAD_PKCS7_VERSION);
    goto err;
  }

@@ -108,7 +109,7 @@ int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs) {
  /* See https://tools.ietf.org/html/rfc2315#section-9.1 */
  if (!CBS_get_asn1(&signed_data, &certificates,
                    CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) {
    OPENSSL_PUT_ERROR(X509, X509_R_NO_CERTIFICATES_INCLUDED);
    OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_NO_CERTIFICATES_INCLUDED);
    goto err;
  }

@@ -176,7 +177,7 @@ int PKCS7_get_CRLs(STACK_OF(X509_CRL) *out_crls, CBS *cbs) {

  if (!CBS_get_asn1(&signed_data, &crls,
                    CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 1)) {
    OPENSSL_PUT_ERROR(X509, X509_R_NO_CRLS_INCLUDED);
    OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_NO_CRLS_INCLUDED);
    goto err;
  }

--- a/crypto/pkcs7/pkcs7_test.c
+++ b/crypto/pkcs7/pkcs7_test.c
@@ -19,6 +19,7 @@
 #include <openssl/bytestring.h>
 #include <openssl/crypto.h>
 #include <openssl/mem.h>
 #include <openssl/pkcs7.h>
 #include <openssl/stack.h>
 #include <openssl/x509.h>

--- a/crypto/x509/CMakeLists.txt
+++ b/crypto/x509/CMakeLists.txt
@@ -14,7 +14,6 @@ add_library(
  by_dir.c
  by_file.c
  i2d_pr.c
  pkcs7.c
  rsa_pss.c
  t_crl.c
  t_req.c
@@ -58,14 +57,6 @@ add_library(
  x_x509a.c
 )

 add_executable(
  pkcs7_test

  pkcs7_test.c

  $<TARGET_OBJECTS:test_support>
 )

 add_executable(
  x509_test

@@ -74,6 +65,5 @@ add_executable(
  $<TARGET_OBJECTS:test_support>
 )

 target_link_libraries(pkcs7_test crypto)
 target_link_libraries(x509_test crypto)
 add_dependencies(all_tests pkcs7_test x509_test)
 add_dependencies(all_tests x509_test)
--- a/include/openssl/pkcs7.h
+++ b/include/openssl/pkcs7.h
@@ -12,5 +12,65 @@
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

 /* This header is provided in order to make compiling against code that expects
   OpenSSL easier. */
 #ifndef OPENSSL_HEADER_PKCS7_H
 #define OPENSSL_HEADER_PKCS7_H

 #include <openssl/base.h>

 #include <openssl/stack.h>

 #if defined(__cplusplus)
 extern "C" {
 #endif


 /* PKCS#7.
 *
 * This library contains functions for extracting information from PKCS#7
 * structures (RFC 2315). */

 DECLARE_STACK_OF(X509)
 DECLARE_STACK_OF(X509_CRL)

 /* PKCS7_get_certificates parses a PKCS#7, SignedData structure from |cbs| and
 * appends the included certificates to |out_certs|. It returns one on success
 * and zero on error. */
 OPENSSL_EXPORT int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs);

 /* PKCS7_bundle_certificates appends a PKCS#7, SignedData structure containing
 * |certs| to |out|. It returns one on success and zero on error. */
 OPENSSL_EXPORT int PKCS7_bundle_certificates(
    CBB *out, const STACK_OF(X509) *certs);

 /* PKCS7_get_CRLs parses a PKCS#7, SignedData structure from |cbs| and appends
 * the included CRLs to |out_crls|. It returns one on success and zero on
 * error. */
 OPENSSL_EXPORT int PKCS7_get_CRLs(STACK_OF(X509_CRL) *out_crls, CBS *cbs);

 /* PKCS7_bundle_CRLs appends a PKCS#7, SignedData structure containing
 * |crls| to |out|. It returns one on success and zero on error. */
 OPENSSL_EXPORT int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls);

 /* PKCS7_get_PEM_certificates reads a PEM-encoded, PKCS#7, SignedData structure
 * from |pem_bio| and appends the included certificates to |out_certs|. It
 * returns one on success and zero on error. */
 OPENSSL_EXPORT int PKCS7_get_PEM_certificates(STACK_OF(X509) *out_certs,
                                              BIO *pem_bio);

 /* PKCS7_get_PEM_CRLs reads a PEM-encoded, PKCS#7, SignedData structure from
 * |pem_bio| and appends the included CRLs to |out_crls|. It returns one on
 * success and zero on error. */
 OPENSSL_EXPORT int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls,
                                      BIO *pem_bio);


 #if defined(__cplusplus)
 }  /* extern C */
 #endif

 #define PKCS7_R_BAD_PKCS7_VERSION 100
 #define PKCS7_R_NOT_PKCS7_SIGNED_DATA 101
 #define PKCS7_R_NO_CERTIFICATES_INCLUDED 102
 #define PKCS7_R_NO_CRLS_INCLUDED 103

 #endif  /* OPENSSL_HEADER_PKCS7_H */
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -77,6 +77,7 @@
 #include <openssl/ec.h>
 #include <openssl/evp.h>
 #include <openssl/obj.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pool.h>
 #include <openssl/rsa.h>
 #include <openssl/sha.h>
@@ -1115,37 +1116,6 @@ typedef struct rsa_pss_params_st {
 DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)


 /* PKCS7_get_certificates parses a PKCS#7, SignedData structure from |cbs| and
 * appends the included certificates to |out_certs|. It returns one on success
 * and zero on error. */
 OPENSSL_EXPORT int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs);

 /* PKCS7_bundle_certificates appends a PKCS#7, SignedData structure containing
 * |certs| to |out|. It returns one on success and zero on error. */
 OPENSSL_EXPORT int PKCS7_bundle_certificates(
    CBB *out, const STACK_OF(X509) *certs);

 /* PKCS7_get_CRLs parses a PKCS#7, SignedData structure from |cbs| and appends
 * the included CRLs to |out_crls|. It returns one on success and zero on
 * error. */
 OPENSSL_EXPORT int PKCS7_get_CRLs(STACK_OF(X509_CRL) *out_crls, CBS *cbs);

 /* PKCS7_bundle_CRLs appends a PKCS#7, SignedData structure containing
 * |crls| to |out|. It returns one on success and zero on error. */
 OPENSSL_EXPORT int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls);

 /* PKCS7_get_PEM_certificates reads a PEM-encoded, PKCS#7, SignedData structure
 * from |pem_bio| and appends the included certificates to |out_certs|. It
 * returns one on success and zero on error. */
 OPENSSL_EXPORT int PKCS7_get_PEM_certificates(STACK_OF(X509) *out_certs,
                                              BIO *pem_bio);

 /* PKCS7_get_PEM_CRLs reads a PEM-encoded, PKCS#7, SignedData structure from
 * |pem_bio| and appends the included CRLs to |out_crls|. It returns one on
 * success and zero on error. */
 OPENSSL_EXPORT int PKCS7_get_PEM_CRLs(STACK_OF(X509_CRL) *out_crls,
                                      BIO *pem_bio);

 /* EVP_PK values indicate the algorithm of the public key in a certificate. */

 #define EVP_PK_RSA	0x0001
--- a/util/all_tests.json
+++ b/util/all_tests.json
@@ -63,6 +63,7 @@
 	["crypto/lhash/lhash_test"],
 	["crypto/modes/gcm_test"],
 	["crypto/obj/obj_test"],
 	["crypto/pkcs7/pkcs7_test"],
 	["crypto/pkcs8/pkcs12_test"],
 	["crypto/pkcs8/pkcs8_test"],
 	["crypto/poly1305/poly1305_test", "crypto/poly1305/poly1305_tests.txt"],
@@ -70,7 +71,6 @@
 	["crypto/rand/ctrdrbg_vector_test", "crypto/rand/ctrdrbg_vectors.txt"],
 	["crypto/refcount_test"],
 	["crypto/thread_test"],
 	["crypto/x509/pkcs7_test"],
 	["crypto/x509/x509_test"],
 	["crypto/x509v3/tab_test"],
 	["crypto/x509v3/v3name_test"],