2 files changed, 170 insertions, 2 deletions
diff --git a/src/lib/libcrypto/ts/ts.h b/src/lib/libcrypto/ts/ts.h
index b2fe32bf77..6d4b2dd3a6 100644
--- a/src/lib/libcrypto/ts/ts.h
+++ b/src/lib/libcrypto/ts/ts.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.h,v 1.12 2022/07/16 15:02:29 kn Exp $ */
+/* $OpenBSD: ts.h,v 1.13 2022/07/16 18:36:36 kn Exp $ */
 /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
 * project 2002, 2003, 2004.
 */
@@ -264,6 +264,34 @@ typedef struct ESS_signing_cert {
        STACK_OF(POLICYINFO) *policy_info;
 } ESS_SIGNING_CERT;
+#ifdef LIBRESSL_INTERNAL
+/*
+ * ESSCertIDv2 ::=  SEQUENCE {
+ *     hashAlgorithm           AlgorithmIdentifier
+ *            DEFAULT {algorithm id-sha256},
+ *     certHash                 Hash,
+ *     issuerSerial             IssuerSerial OPTIONAL }
+ */
+typedef struct ESS_cert_id_v2 {
+        X509_ALGOR *hash_alg;   /* Default SHA-256. */
+        ASN1_OCTET_STRING *hash;
+        ESS_ISSUER_SERIAL *issuer_serial;
+} ESS_CERT_ID_V2;
+DECLARE_STACK_OF(ESS_CERT_ID_V2)
+/*
+ * SigningCertificateV2 ::=  SEQUENCE {
+ *     certs        SEQUENCE OF ESSCertIDv2,
+ *     policies     SEQUENCE OF PolicyInformation OPTIONAL }
+ */
+typedef struct ESS_signing_cert_v2 {
+        STACK_OF(ESS_CERT_ID_V2) *cert_ids;
+        STACK_OF(POLICYINFO) *policy_info;
+} ESS_SIGNING_CERT_V2;
+#endif /* LIBRESSL_INTERNAL */
 TS_REQ  *TS_REQ_new(void);
 void    TS_REQ_free(TS_REQ *a);
@@ -351,6 +379,23 @@ ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a,
                    const unsigned char **pp, long length);
 ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
+#ifdef LIBRESSL_INTERNAL
+ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void);
+void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a);
+int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp);
+ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, const unsigned char **pp,
+    long length);
+ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a);
+ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void);
+void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a);
+int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a,
+    unsigned char **pp);
+ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a,
+    const unsigned char **pp, long length);
+ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a);
+#endif /* LIBRESSL_INTERNAL */
 int TS_REQ_set_version(TS_REQ *a, long version);
 long TS_REQ_get_version(const TS_REQ *a);
diff --git a/src/lib/libcrypto/ts/ts_asn1.c b/src/lib/libcrypto/ts/ts_asn1.c
index bc89f1368a..c4316d13f8 100644
--- a/src/lib/libcrypto/ts/ts_asn1.c
+++ b/src/lib/libcrypto/ts/ts_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_asn1.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ts_asn1.c,v 1.12 2022/07/16 18:36:36 kn Exp $ */
 /* Written by Nils Larsch for the OpenSSL project 2004.
 */
 /* ====================================================================
@@ -846,6 +846,129 @@ ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *x)
        return ASN1_item_dup(&ESS_SIGNING_CERT_it, x);
 }
+static const ASN1_TEMPLATE ESS_CERT_ID_V2_seq_tt[] = {
+        {
+                .flags = ASN1_TFLG_OPTIONAL,
+                .tag = 0,
+                .offset = offsetof(ESS_CERT_ID_V2, hash_alg),
+                .field_name = "hash_alg",
+                .item = &X509_ALGOR_it,
+        },
+        {
+                .flags = 0,
+                .tag = 0,
+                .offset = offsetof(ESS_CERT_ID_V2, hash),
+                .field_name = "hash",
+                .item = &ASN1_OCTET_STRING_it,
+        },
+        {
+                .flags = ASN1_TFLG_OPTIONAL,
+                .tag = 0,
+                .offset = offsetof(ESS_CERT_ID_V2, issuer_serial),
+                .field_name = "issuer_serial",
+                .item = &ESS_ISSUER_SERIAL_it,
+        },
+};
+static const ASN1_ITEM ESS_CERT_ID_V2_it = {
+        .itype = ASN1_ITYPE_SEQUENCE,
+        .utype = V_ASN1_SEQUENCE,
+        .templates = ESS_CERT_ID_V2_seq_tt,
+        .tcount = sizeof(ESS_CERT_ID_V2_seq_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = NULL,
+        .size = sizeof(ESS_CERT_ID_V2),
+        .sname = "ESS_CERT_ID_V2",
+};
+ESS_CERT_ID_V2 *
+d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a, const unsigned char **in, long len)
+{
+        return (ESS_CERT_ID_V2 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
+            &ESS_CERT_ID_V2_it);
+}
+int
+i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **out)
+{
+        return ASN1_item_i2d((ASN1_VALUE *)a, out, &ESS_CERT_ID_V2_it);
+}
+ESS_CERT_ID_V2 *
+ESS_CERT_ID_V2_new(void)
+{
+        return (ESS_CERT_ID_V2 *)ASN1_item_new(&ESS_CERT_ID_V2_it);
+}
+void
+ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a)
+{
+        ASN1_item_free((ASN1_VALUE *)a, &ESS_CERT_ID_V2_it);
+}
+ESS_CERT_ID_V2 *
+ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *x)
+{
+        return ASN1_item_dup(&ESS_CERT_ID_V2_it, x);
+}
+static const ASN1_TEMPLATE ESS_SIGNING_CERT_V2_seq_tt[] = {
+        {
+                .flags = ASN1_TFLG_SEQUENCE_OF,
+                .tag = 0,
+                .offset = offsetof(ESS_SIGNING_CERT_V2, cert_ids),
+                .field_name = "cert_ids",
+                .item = &ESS_CERT_ID_V2_it,
+        },
+        {
+                .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
+                .tag = 0,
+                .offset = offsetof(ESS_SIGNING_CERT_V2, policy_info),
+                .field_name = "policy_info",
+                .item = &POLICYINFO_it,
+        },
+};
+static const ASN1_ITEM ESS_SIGNING_CERT_V2_it = {
+        .itype = ASN1_ITYPE_SEQUENCE,
+        .utype = V_ASN1_SEQUENCE,
+        .templates = ESS_SIGNING_CERT_V2_seq_tt,
+        .tcount = sizeof(ESS_SIGNING_CERT_V2_seq_tt) / sizeof(ASN1_TEMPLATE),
+        .funcs = NULL,
+        .size = sizeof(ESS_SIGNING_CERT_V2),
+        .sname = "ESS_SIGNING_CERT_V2",
+};
+ESS_SIGNING_CERT_V2 *
+d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a, const unsigned char **in, long len)
+{
+        return (ESS_SIGNING_CERT_V2 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
+            &ESS_SIGNING_CERT_V2_it);
+}
+int
+i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, unsigned char **out)
+{
+        return ASN1_item_i2d((ASN1_VALUE *)a, out, &ESS_SIGNING_CERT_V2_it);
+}
+ESS_SIGNING_CERT_V2 *
+ESS_SIGNING_CERT_V2_new(void)
+{
+        return (ESS_SIGNING_CERT_V2 *)ASN1_item_new(&ESS_SIGNING_CERT_V2_it);
+}
+void
+ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a)
+{
+        ASN1_item_free((ASN1_VALUE *)a, &ESS_SIGNING_CERT_V2_it);
+}
+ESS_SIGNING_CERT_V2 *
+ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *x)
+{
+        return ASN1_item_dup(&ESS_SIGNING_CERT_V2_it, x);
+}
 /* Getting encapsulated TS_TST_INFO object from PKCS7. */
 TS_TST_INFO *
 PKCS7_to_TS_TST_INFO(PKCS7 *token)

diff --git a/src/lib/libcrypto/ts/ts.h b/src/lib/libcrypto/ts/ts.h index b2fe32bf77..6d4b2dd3a6 100644 --- a/src/lib/libcrypto/ts/ts.h +++ b/src/lib/libcrypto/ts/ts.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ts.h,v 1.12 2022/07/16 15:02:29 kn Exp $ */	1	/* $OpenBSD: ts.h,v 1.13 2022/07/16 18:36:36 kn Exp $ */
2	/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL	2	/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
3	* project 2002, 2003, 2004.	3	* project 2002, 2003, 2004.
4	*/	4	*/
@@ -264,6 +264,34 @@ typedef struct ESS_signing_cert {
264	STACK_OF(POLICYINFO) *policy_info;	264	STACK_OF(POLICYINFO) *policy_info;
265	} ESS_SIGNING_CERT;	265	} ESS_SIGNING_CERT;
266		266
		267	#ifdef LIBRESSL_INTERNAL
		268	/*
		269	* ESSCertIDv2 ::= SEQUENCE {
		270	* hashAlgorithm AlgorithmIdentifier
		271	* DEFAULT {algorithm id-sha256},
		272	* certHash Hash,
		273	* issuerSerial IssuerSerial OPTIONAL }
		274	*/
		275
		276	typedef struct ESS_cert_id_v2 {
		277	X509_ALGOR hash_alg; / Default SHA-256. */
		278	ASN1_OCTET_STRING *hash;
		279	ESS_ISSUER_SERIAL *issuer_serial;
		280	} ESS_CERT_ID_V2;
		281
		282	DECLARE_STACK_OF(ESS_CERT_ID_V2)
		283
		284	/*
		285	* SigningCertificateV2 ::= SEQUENCE {
		286	* certs SEQUENCE OF ESSCertIDv2,
		287	* policies SEQUENCE OF PolicyInformation OPTIONAL }
		288	*/
		289
		290	typedef struct ESS_signing_cert_v2 {
		291	STACK_OF(ESS_CERT_ID_V2) *cert_ids;
		292	STACK_OF(POLICYINFO) *policy_info;
		293	} ESS_SIGNING_CERT_V2;
		294	#endif /* LIBRESSL_INTERNAL */
267		295
268	TS_REQ *TS_REQ_new(void);	296	TS_REQ *TS_REQ_new(void);
269	void TS_REQ_free(TS_REQ *a);	297	void TS_REQ_free(TS_REQ *a);
@@ -351,6 +379,23 @@ ESS_SIGNING_CERT d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT *a,
351	const unsigned char **pp, long length);	379	const unsigned char **pp, long length);
352	ESS_SIGNING_CERT ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT a);	380	ESS_SIGNING_CERT ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT a);
353		381
		382	#ifdef LIBRESSL_INTERNAL
		383	ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void);
		384	void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a);
		385	int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 a, unsigned char *pp);
		386	ESS_CERT_ID_V2 d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 a, const unsigned char *pp,
		387	long length);
		388	ESS_CERT_ID_V2 ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 a);
		389
		390	ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void);
		391	void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a);
		392	int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a,
		393	unsigned char **pp);
		394	ESS_SIGNING_CERT_V2 d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 *a,
		395	const unsigned char **pp, long length);
		396	ESS_SIGNING_CERT_V2 ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 a);
		397	#endif /* LIBRESSL_INTERNAL */
		398
354	int TS_REQ_set_version(TS_REQ *a, long version);	399	int TS_REQ_set_version(TS_REQ *a, long version);
355	long TS_REQ_get_version(const TS_REQ *a);	400	long TS_REQ_get_version(const TS_REQ *a);
356		401


diff --git a/src/lib/libcrypto/ts/ts_asn1.c b/src/lib/libcrypto/ts/ts_asn1.c index bc89f1368a..c4316d13f8 100644 --- a/src/lib/libcrypto/ts/ts_asn1.c +++ b/src/lib/libcrypto/ts/ts_asn1.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ts_asn1.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */	1	/* $OpenBSD: ts_asn1.c,v 1.12 2022/07/16 18:36:36 kn Exp $ */
2	/* Written by Nils Larsch for the OpenSSL project 2004.	2	/* Written by Nils Larsch for the OpenSSL project 2004.
3	*/	3	*/
4	/* ====================================================================	4	/* ====================================================================
@@ -846,6 +846,129 @@ ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *x)
846	return ASN1_item_dup(&ESS_SIGNING_CERT_it, x);	846	return ASN1_item_dup(&ESS_SIGNING_CERT_it, x);
847	}	847	}
848		848
		849	static const ASN1_TEMPLATE ESS_CERT_ID_V2_seq_tt[] = {
		850	{
		851	.flags = ASN1_TFLG_OPTIONAL,
		852	.tag = 0,
		853	.offset = offsetof(ESS_CERT_ID_V2, hash_alg),
		854	.field_name = "hash_alg",
		855	.item = &X509_ALGOR_it,
		856	},
		857	{
		858	.flags = 0,
		859	.tag = 0,
		860	.offset = offsetof(ESS_CERT_ID_V2, hash),
		861	.field_name = "hash",
		862	.item = &ASN1_OCTET_STRING_it,
		863	},
		864	{
		865	.flags = ASN1_TFLG_OPTIONAL,
		866	.tag = 0,
		867	.offset = offsetof(ESS_CERT_ID_V2, issuer_serial),
		868	.field_name = "issuer_serial",
		869	.item = &ESS_ISSUER_SERIAL_it,
		870	},
		871	};
		872
		873	static const ASN1_ITEM ESS_CERT_ID_V2_it = {
		874	.itype = ASN1_ITYPE_SEQUENCE,
		875	.utype = V_ASN1_SEQUENCE,
		876	.templates = ESS_CERT_ID_V2_seq_tt,
		877	.tcount = sizeof(ESS_CERT_ID_V2_seq_tt) / sizeof(ASN1_TEMPLATE),
		878	.funcs = NULL,
		879	.size = sizeof(ESS_CERT_ID_V2),
		880	.sname = "ESS_CERT_ID_V2",
		881	};
		882
		883	ESS_CERT_ID_V2 *
		884	d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 a, const unsigned char in, long len)
		885	{
		886	return (ESS_CERT_ID_V2 )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
		887	&ESS_CERT_ID_V2_it);
		888	}
		889
		890	int
		891	i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 a, unsigned char *out)
		892	{
		893	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ESS_CERT_ID_V2_it);
		894	}
		895
		896	ESS_CERT_ID_V2 *
		897	ESS_CERT_ID_V2_new(void)
		898	{
		899	return (ESS_CERT_ID_V2 *)ASN1_item_new(&ESS_CERT_ID_V2_it);
		900	}
		901
		902	void
		903	ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a)
		904	{
		905	ASN1_item_free((ASN1_VALUE *)a, &ESS_CERT_ID_V2_it);
		906	}
		907
		908	ESS_CERT_ID_V2 *
		909	ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *x)
		910	{
		911	return ASN1_item_dup(&ESS_CERT_ID_V2_it, x);
		912	}
		913
		914	static const ASN1_TEMPLATE ESS_SIGNING_CERT_V2_seq_tt[] = {
		915	{
		916	.flags = ASN1_TFLG_SEQUENCE_OF,
		917	.tag = 0,
		918	.offset = offsetof(ESS_SIGNING_CERT_V2, cert_ids),
		919	.field_name = "cert_ids",
		920	.item = &ESS_CERT_ID_V2_it,
		921	},
		922	{
		923	.flags = ASN1_TFLG_SEQUENCE_OF \| ASN1_TFLG_OPTIONAL,
		924	.tag = 0,
		925	.offset = offsetof(ESS_SIGNING_CERT_V2, policy_info),
		926	.field_name = "policy_info",
		927	.item = &POLICYINFO_it,
		928	},
		929	};
		930
		931	static const ASN1_ITEM ESS_SIGNING_CERT_V2_it = {
		932	.itype = ASN1_ITYPE_SEQUENCE,
		933	.utype = V_ASN1_SEQUENCE,
		934	.templates = ESS_SIGNING_CERT_V2_seq_tt,
		935	.tcount = sizeof(ESS_SIGNING_CERT_V2_seq_tt) / sizeof(ASN1_TEMPLATE),
		936	.funcs = NULL,
		937	.size = sizeof(ESS_SIGNING_CERT_V2),
		938	.sname = "ESS_SIGNING_CERT_V2",
		939	};
		940
		941	ESS_SIGNING_CERT_V2 *
		942	d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 a, const unsigned char in, long len)
		943	{
		944	return (ESS_SIGNING_CERT_V2 )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
		945	&ESS_SIGNING_CERT_V2_it);
		946	}
		947
		948	int
		949	i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 a, unsigned char *out)
		950	{
		951	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ESS_SIGNING_CERT_V2_it);
		952	}
		953
		954	ESS_SIGNING_CERT_V2 *
		955	ESS_SIGNING_CERT_V2_new(void)
		956	{
		957	return (ESS_SIGNING_CERT_V2 *)ASN1_item_new(&ESS_SIGNING_CERT_V2_it);
		958	}
		959
		960	void
		961	ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a)
		962	{
		963	ASN1_item_free((ASN1_VALUE *)a, &ESS_SIGNING_CERT_V2_it);
		964	}
		965
		966	ESS_SIGNING_CERT_V2 *
		967	ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *x)
		968	{
		969	return ASN1_item_dup(&ESS_SIGNING_CERT_V2_it, x);
		970	}
		971
849	/* Getting encapsulated TS_TST_INFO object from PKCS7. */	972	/* Getting encapsulated TS_TST_INFO object from PKCS7. */
850	TS_TST_INFO *	973	TS_TST_INFO *
851	PKCS7_to_TS_TST_INFO(PKCS7 *token)	974	PKCS7_to_TS_TST_INFO(PKCS7 *token)