CAdES: implement CAdES-BES signed attributes validation #8098
CAdES: implement CAdES-BES signed attributes validation #8098FdaSilvaYY wants to merge 6 commits intoopenssl:masterfrom
Conversation
1b03cee to
19626ad
Compare
|
Apart from my comment, can you have a look at Travis and figure out what's going on? Them are a few too many unresolved symbols for my comfort... |
2584aa5 to
f4cb69e
Compare
Fully fixed, I should not edit my code so late ;) |
f4cb69e to
42a6476
Compare
|
any news about this? |
b20fafe to
53c49de
Compare
|
@maxcuttins : needs a bit of documents about the two added methods. |
fb5c13b to
404e7f3
Compare
404e7f3 to
572f67c
Compare
572f67c to
f715df7
Compare
288d872 to
40ad55c
Compare
02258ec to
739f0d1
Compare
|
Ping @slontis : suggested tests added. |
739f0d1 to
b2befc8
Compare
|
Just a general comment about the generated files..
|
60044db to
1d6891e
Compare
|
Automated Ping: This issue is in a state where it requires action by @openssl/committers but the last update was 54 days ago |
I just rebase my branch, last weekend to integrate CHANGES and cms tests evolutions. Sent with GitHawk |
|
Nits in CHANGES fixed. |
|
it smell like it's almost ready! 👍 |
|
This issue is in a state where it requires action by @openssl/committers but the last update was 30 days ago |
|
Oh, I feel so sorry @FdaSilvaYY If I only knew how to help... |
|
@bernd-edlinger : Thanks for your support. I'm used to the OpenSSL merge delays. By the way, my last force-push was merging your changes from #10755 |
|
Nice, that one merged that to 1.1.1f (and it broke something) |
|
@FdaSilvaYY one thing I never understood, given how friendly you are all the time, |
offtopic: The correct spelling is Tomáš. However using just Tomas is fine. |
|
Fully rebased. CI are all green. |
|
with make test TESTS=test_x509 V=1 |
Thanks @opensignature. @FdaSilvaYY already reported this issue in #11853. |
crypto/cms/cms_smime.c
Outdated
There was a problem hiding this comment.
Nit: It is weird to "optimize" boolean value into unsigned char. The int type is usually used in place of boolean throughout the OpenSSL code. Also I would slightly prefer using (flags & CMS_CADES) != 0 instead of the ? operator.
crypto/cms/cms_smime.c
Outdated
There was a problem hiding this comment.
Optional: at this point scount == sk_CMS_SignerInfo_num(sinfos) so you could use scount here to optimize.
crypto/ess/ess_lib.c
Outdated
There was a problem hiding this comment.
Would it make sense to just return ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber((X509 *)cert)); here?
crypto/ess/ess_lib.c
Outdated
There was a problem hiding this comment.
This was now changed. You can also use X509v3_cache_extensions() directly.
crypto/ess/ess_lib.c
Outdated
There was a problem hiding this comment.
This will require change to use fetch. Perhaps just mark with TODO 3.0.
crypto/ess/ess_lib.c
Outdated
There was a problem hiding this comment.
This will have to be changed for 3.0 to use fetch. Please add TODO 3.0 comment.
crypto/ess/ess_lib.c
Outdated
There was a problem hiding this comment.
I think that X509_digest should do this automatically.
for signing certificate V2 and signing certificate extensions. CAdES : lowercase name for now internal methods.
about the two new added methods and two new error codes.
[extended tests]
…ning certificate V2 and signing certificate extensions.
|
Travis builds are Green, except usual s390 "no space left" ... |
|
@slontis Can you please re-approve? |
slontis
left a comment
There was a problem hiding this comment.
Reapproved..
Thanks for your patience with this PR @FdaSilvaYY.
|
This pull request is ready to merge. |
|
Squashed and merged as 9e3c510. Thank you very much for the PR and your patience when waiting for the reviews and merge. |
|
Thanks for all your reviews and remarks. |
CAdES-BES Signature Validation feature following #7893.
The core validation code comes from PR #771. this PR mostly shared and reuse its code.
Checklist