diff options
| author | Adam Eijdenberg <eijdenberg@google.com> | 2015-09-15 09:13:48 -0700 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2015-10-09 11:32:25 +0200 |
| commit | 3149baf83cb703f060b1e6eeb440a45e010a626b (patch) | |
| tree | 17dc1557fdc833c8ee969280339e12c1ab144ab4 /crypto/x509v3 | |
| parent | 329428708d6836676f6a7078aa2e2a1db9a1addb (diff) | |
Initial commit for Certificate Transparency support
Original authors:
Rob Stradling <rob@comodo.com>
Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto/x509v3')
| -rw-r--r-- | crypto/x509v3/Makefile | 2 | ||||
| -rw-r--r-- | crypto/x509v3/v3_lib.c | 2 | ||||
| -rw-r--r-- | crypto/x509v3/v3_scts.c | 52 |
3 files changed, 14 insertions, 42 deletions
diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile index 5460af46f1..87fc083afc 100644 --- a/crypto/x509v3/Makefile +++ b/crypto/x509v3/Makefile @@ -523,7 +523,7 @@ v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_purp.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h v3_purp.o: ../include/internal/x509_int.h v3_purp.c -v3_scts.o: ../../e_os.h ../../include/openssl/asn1.h +v3_scts.o: ../../crypto/ct/ct_locl.h ../../e_os.h ../../include/openssl/asn1.h v3_scts.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_scts.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h v3_scts.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 5073575623..8d42147f55 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -152,7 +152,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = { &v3_idp, &v3_alt[2], &v3_freshest_crl, -#ifndef OPENSSL_NO_SCT +#ifndef OPENSSL_NO_CT &v3_ct_scts[0], &v3_ct_scts[1], #endif diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index b1505feb35..6d3665cf01 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -61,8 +61,9 @@ #include <openssl/asn1.h> #include <openssl/x509v3.h> #include "ext_dat.h" +#include "crypto/ct/ct_locl.h" -#ifndef OPENSSL_NO_SCT +#ifndef OPENSSL_NO_CT /* Signature and hash algorithms from RFC 5246 */ #define TLSEXT_hash_sha256 4 @@ -82,27 +83,6 @@ l|=((uint64_t)(*((c)++)))<< 8, \ l|=((uint64_t)(*((c)++)))) -typedef struct SCT_st { - /* The encoded SCT */ - unsigned char *sct; - unsigned short sctlen; - /* - * Components of the SCT. "logid", "ext" and "sig" point to addresses - * inside "sct". - */ - unsigned char version; - unsigned char *logid; - unsigned short logidlen; - uint64_t timestamp; - unsigned char *ext; - unsigned short extlen; - unsigned char hash_alg; - unsigned char sig_alg; - unsigned char *sig; - unsigned short siglen; -} SCT; - -DECLARE_STACK_OF(SCT) static void SCT_LIST_free(STACK_OF(SCT) *a); static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, @@ -162,14 +142,6 @@ static void timestamp_print(BIO *out, uint64_t timestamp) ASN1_GENERALIZEDTIME_free(gen); } -static void SCT_free(SCT *sct) -{ - if (!sct) - return; - OPENSSL_free(sct->sct); - OPENSSL_free(sct); -} - static void SCT_LIST_free(STACK_OF(SCT) *a) { sk_SCT_pop_free(a, SCT_free); @@ -219,7 +191,7 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, if (!sct->sct) goto err; memcpy(sct->sct, p, sctlen); - sct->sctlen = sctlen; + sct->sct_len = sctlen; p += sctlen; p2 = sct->sct; @@ -237,8 +209,8 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, goto err; sctlen -= 43; - sct->logid = p2; - sct->logidlen = 32; + sct->log_id = p2; + sct->log_id_len = 32; p2 += 32; n2l8(p2, sct->timestamp); @@ -247,7 +219,7 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, if (sctlen < fieldlen) goto err; sct->ext = p2; - sct->extlen = fieldlen; + sct->ext_len = fieldlen; p2 += fieldlen; sctlen -= fieldlen; @@ -267,7 +239,7 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, if (sctlen != fieldlen) goto err; sct->sig = p2; - sct->siglen = fieldlen; + sct->sig_len = fieldlen; } } @@ -298,25 +270,25 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, BIO_printf(out, "v1(0)"); BIO_printf(out, "\n%*sLog ID : ", indent + 4, ""); - BIO_hex_string(out, indent + 16, 16, sct->logid, sct->logidlen); + BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len); BIO_printf(out, "\n%*sTimestamp : ", indent + 4, ""); timestamp_print(out, sct->timestamp); BIO_printf(out, "\n%*sExtensions: ", indent + 4, ""); - if (sct->extlen == 0) + if (sct->ext_len == 0) BIO_printf(out, "none"); else - BIO_hex_string(out, indent + 16, 16, sct->ext, sct->extlen); + BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len); BIO_printf(out, "\n%*sSignature : ", indent + 4, ""); tls12_signature_print(out, sct->hash_alg, sct->sig_alg); BIO_printf(out, "\n%*s ", indent + 4, ""); - BIO_hex_string(out, indent + 16, 16, sct->sig, sct->siglen); + BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len); } else { /* Unknown version */ BIO_printf(out, "unknown\n%*s", indent + 16, ""); - BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sctlen); + BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len); } if (++i < sk_SCT_num(sct_list)) |