| 1 | /*
|
|---|
| 2 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 3 | *
|
|---|
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
|---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
|---|
| 6 | * in the file LICENSE in the source distribution or at
|
|---|
| 7 | * https://www.openssl.org/source/license.html
|
|---|
| 8 | */
|
|---|
| 9 |
|
|---|
| 10 | #ifdef OPENSSL_NO_CT
|
|---|
| 11 | # error "CT is disabled"
|
|---|
| 12 | #endif
|
|---|
| 13 |
|
|---|
| 14 | #include "ct_local.h"
|
|---|
| 15 |
|
|---|
| 16 | static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
|
|---|
| 17 | {
|
|---|
| 18 | return OPENSSL_strdup("NULL");
|
|---|
| 19 | }
|
|---|
| 20 |
|
|---|
| 21 | static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
|
|---|
| 22 | {
|
|---|
| 23 | return ASN1_NULL_new();
|
|---|
| 24 | }
|
|---|
| 25 |
|
|---|
| 26 | static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
|
|---|
| 27 | BIO *out, int indent)
|
|---|
| 28 | {
|
|---|
| 29 | SCT_LIST_print(sct_list, out, indent, "\n", NULL);
|
|---|
| 30 | return 1;
|
|---|
| 31 | }
|
|---|
| 32 |
|
|---|
| 33 | static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
|
|---|
| 34 | {
|
|---|
| 35 | if (s != NULL) {
|
|---|
| 36 | int i;
|
|---|
| 37 |
|
|---|
| 38 | for (i = 0; i < sk_SCT_num(s); i++) {
|
|---|
| 39 | int res = SCT_set_source(sk_SCT_value(s, i), source);
|
|---|
| 40 |
|
|---|
| 41 | if (res != 1) {
|
|---|
| 42 | return 0;
|
|---|
| 43 | }
|
|---|
| 44 | }
|
|---|
| 45 | }
|
|---|
| 46 | return 1;
|
|---|
| 47 | }
|
|---|
| 48 |
|
|---|
| 49 | static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
|
|---|
| 50 | const unsigned char **pp,
|
|---|
| 51 | long len)
|
|---|
| 52 | {
|
|---|
| 53 | STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
|
|---|
| 54 |
|
|---|
| 55 | if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
|
|---|
| 56 | SCT_LIST_free(s);
|
|---|
| 57 | *a = NULL;
|
|---|
| 58 | return NULL;
|
|---|
| 59 | }
|
|---|
| 60 | return s;
|
|---|
| 61 | }
|
|---|
| 62 |
|
|---|
| 63 | static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
|
|---|
| 64 | const unsigned char **pp,
|
|---|
| 65 | long len)
|
|---|
| 66 | {
|
|---|
| 67 | STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
|
|---|
| 68 |
|
|---|
| 69 | if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
|
|---|
| 70 | SCT_LIST_free(s);
|
|---|
| 71 | *a = NULL;
|
|---|
| 72 | return NULL;
|
|---|
| 73 | }
|
|---|
| 74 | return s;
|
|---|
| 75 | }
|
|---|
| 76 |
|
|---|
| 77 | /* Handlers for X509v3/OCSP Certificate Transparency extensions */
|
|---|
| 78 | const X509V3_EXT_METHOD v3_ct_scts[3] = {
|
|---|
| 79 | /* X509v3 extension in certificates that contains SCTs */
|
|---|
| 80 | { NID_ct_precert_scts, 0, NULL,
|
|---|
| 81 | NULL, (X509V3_EXT_FREE)SCT_LIST_free,
|
|---|
| 82 | (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
|
|---|
| 83 | NULL, NULL,
|
|---|
| 84 | NULL, NULL,
|
|---|
| 85 | (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
|
|---|
| 86 | NULL },
|
|---|
| 87 |
|
|---|
| 88 | /* X509v3 extension to mark a certificate as a pre-certificate */
|
|---|
| 89 | { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
|
|---|
| 90 | NULL, NULL, NULL, NULL,
|
|---|
| 91 | i2s_poison, s2i_poison,
|
|---|
| 92 | NULL, NULL,
|
|---|
| 93 | NULL, NULL,
|
|---|
| 94 | NULL },
|
|---|
| 95 |
|
|---|
| 96 | /* OCSP extension that contains SCTs */
|
|---|
| 97 | { NID_ct_cert_scts, 0, NULL,
|
|---|
| 98 | 0, (X509V3_EXT_FREE)SCT_LIST_free,
|
|---|
| 99 | (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
|
|---|
| 100 | NULL, NULL,
|
|---|
| 101 | NULL, NULL,
|
|---|
| 102 | (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
|
|---|
| 103 | NULL },
|
|---|
| 104 | };
|
|---|
