diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-02-20 18:24:11 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-02-20 18:48:56 +0000 |
| commit | ded18639d7f8ffacea10a24938cf091a0efbca40 (patch) | |
| tree | 6f825751eb517dc5e71e42028bdda1ea55a831a0 /ssl | |
| parent | 4cfeb00be953cff10182772930adb7776860cfff (diff) | |
Move CT viewer extension code to crypto/x509v3
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl.h | 3 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 126 |
2 files changed, 0 insertions, 129 deletions
@@ -2557,9 +2557,6 @@ void SSL_trace(int write_p, int version, int content_type, const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); #endif -/* RFC6962 Signed Certificate Timestamp List X.509 extension parser */ -int X509V3_EXT_add_rfc6962(void); - /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 27621cdf06..6c988d1829 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -110,9 +110,6 @@ */ #include <stdio.h> -#include <time.h> -#include <openssl/bio.h> -#include <openssl/bn.h> #include <openssl/objects.h> #include <openssl/evp.h> #include <openssl/hmac.h> @@ -4435,126 +4432,3 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) } #endif - -/* RFC6962 Signed Certificate Timestamp List X.509 extension parser */ -static int i2r_sctlist(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct, - BIO *out, int indent) - { - BN_ULLONG timestamp; - struct tm tm1; - time_t unix_epoch = 0; - unsigned char* data = oct->data; - char month[4]; - unsigned short listlen, sctlen = 0, fieldlen; - int signhash_nid; - - if (oct->length < 2) - return 0; - n2s(data, listlen); - if (listlen != oct->length - 2) - return 0; - - while (listlen > 0) - { - if (listlen < 2) - return 0; - n2s(data, sctlen); - listlen -= 2; - - if ((sctlen < 1) || (sctlen > listlen)) - return 0; - listlen -= sctlen; - - BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, - ""); - - if (*data == 0) /* SCT v1 */ - { - /* Fixed-length header: - * struct { - * (1 byte) Version sct_version; - * (32 bytes) LogID id; - * (8 bytes) uint64 timestamp; - * (2 bytes + ?) CtExtensions extensions; - */ - if (sctlen < 43) - return 0; - sctlen -= 43; - - BIO_printf(out, "\n%*sVersion : v1(0)", indent + 4, - ""); - - BIO_printf(out, "\n%*sLog ID : ", indent + 4, ""); - BIO_hex_string(out, indent + 16, 16, data + 1, 32); - - data += 33; - n2l8(data, timestamp); - OPENSSL_gmtime(&unix_epoch, &tm1); - OPENSSL_gmtime_adj(&tm1, timestamp / 86400000, - (timestamp % 86400000) / 1000); - strftime(month, 4, "%b", &tm1); - BIO_printf(out, "\n%*sTimestamp : ", indent + 4, ""); - BIO_printf(out, "%s %2d %02d:%02d:%02d.%03u %d UTC", - month, tm1.tm_mday, tm1.tm_hour, - tm1.tm_min, tm1.tm_sec, - (unsigned int)(timestamp % 1000), - tm1.tm_year + 1900); - - n2s(data, fieldlen); - if (sctlen < fieldlen) - return 0; - sctlen -= fieldlen; - BIO_printf(out, "\n%*sExtensions: ", indent + 4, ""); - if (fieldlen == 0) - BIO_printf(out, "none"); - else - BIO_hex_string(out, indent + 16, 16, data, - fieldlen); - data += fieldlen; - - /* digitally-signed struct header: - * (1 byte) Hash algorithm - * (1 byte) Signature algorithm - * (2 bytes + ?) Signature - */ - if (sctlen < 4) - return 0; - sctlen -= 4; - - tls1_lookup_sigalg(NULL, NULL, &signhash_nid, data); - data += 2; - n2s(data, fieldlen); - if (sctlen != fieldlen) - return 0; - BIO_printf(out, "\n%*sSignature : ", indent + 4, ""); - BIO_printf(out, "%s", OBJ_nid2ln(signhash_nid)); - BIO_printf(out, "\n%*s ", indent + 4, ""); - BIO_hex_string(out, indent + 16, 16, data, fieldlen); - if (listlen > 0) BIO_printf(out, "\n"); - data += fieldlen; - } - } - - return 1; - } - -static X509V3_EXT_METHOD ext_method_ct_precert_scts = - { - NID_ct_precert_scts, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), - 0, 0, 0, 0, 0, 0, 0, 0, (X509V3_EXT_I2R)i2r_sctlist, NULL, NULL - }; - -static X509V3_EXT_METHOD ext_method_ct_cert_scts = - { - NID_ct_cert_scts, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), - 0, 0, 0, 0, 0, 0, 0, 0, (X509V3_EXT_I2R)i2r_sctlist, NULL, NULL - }; - -int X509V3_EXT_add_rfc6962(void) - { - if (!X509V3_EXT_add(&ext_method_ct_precert_scts)) - return 0; - if (!X509V3_EXT_add(&ext_method_ct_cert_scts)) - return 0; - return 1; - } |