summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ct
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2025-04-14 17:32:06 +0000
committercvs2svn <admin@example.com>2025-04-14 17:32:06 +0000
commitb1ddde874c215cc8891531ed92876f091b7eb83e (patch)
treeedb6da6af7e865d488dc1a29309f1e1ec226e603 /src/lib/libcrypto/ct
parentf0a36529837a161734c802ae4c42e84e42347be2 (diff)
downloadopenbsd-tb_20250414.tar.gz
openbsd-tb_20250414.tar.bz2
openbsd-tb_20250414.zip
This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414
Diffstat (limited to 'src/lib/libcrypto/ct')
-rw-r--r--src/lib/libcrypto/ct/ct.h567
-rw-r--r--src/lib/libcrypto/ct/ct_b64.c226
-rw-r--r--src/lib/libcrypto/ct/ct_err.c149
-rw-r--r--src/lib/libcrypto/ct/ct_local.h260
-rw-r--r--src/lib/libcrypto/ct/ct_log.c379
-rw-r--r--src/lib/libcrypto/ct/ct_oct.c464
-rw-r--r--src/lib/libcrypto/ct/ct_policy.c163
-rw-r--r--src/lib/libcrypto/ct/ct_prn.c211
-rw-r--r--src/lib/libcrypto/ct/ct_sct.c507
-rw-r--r--src/lib/libcrypto/ct/ct_sct_ctx.c323
-rw-r--r--src/lib/libcrypto/ct/ct_vfy.c195
-rw-r--r--src/lib/libcrypto/ct/ct_x509v3.c201
12 files changed, 0 insertions, 3645 deletions
diff --git a/src/lib/libcrypto/ct/ct.h b/src/lib/libcrypto/ct/ct.h
deleted file mode 100644
index db5cf28b48..0000000000
--- a/src/lib/libcrypto/ct/ct.h
+++ /dev/null
@@ -1,567 +0,0 @@
1/* $OpenBSD: ct.h,v 1.8 2024/08/08 23:50:29 tb Exp $ */
2/*
3 * Public API for Certificate Transparency (CT).
4 * Written by Rob Percival (robpercival@google.com) for the OpenSSL project.
5 */
6/* ====================================================================
7 * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#ifndef HEADER_CT_H
56#define HEADER_CT_H
57
58#include <openssl/opensslconf.h>
59
60#ifndef OPENSSL_NO_CT
61#include <openssl/ossl_typ.h>
62#include <openssl/safestack.h>
63#include <openssl/x509.h>
64#ifdef __cplusplus
65extern "C" {
66#endif
67
68/* Minimum RSA key size, from RFC6962 */
69#define SCT_MIN_RSA_BITS 2048
70
71/* All hashes are SHA256 in v1 of Certificate Transparency */
72#define CT_V1_HASHLEN SHA256_DIGEST_LENGTH
73
74typedef enum {
75 CT_LOG_ENTRY_TYPE_NOT_SET = -1,
76 CT_LOG_ENTRY_TYPE_X509 = 0,
77 CT_LOG_ENTRY_TYPE_PRECERT = 1
78} ct_log_entry_type_t;
79
80typedef enum {
81 SCT_VERSION_NOT_SET = -1,
82 SCT_VERSION_V1 = 0
83} sct_version_t;
84
85typedef enum {
86 SCT_SOURCE_UNKNOWN,
87 SCT_SOURCE_TLS_EXTENSION,
88 SCT_SOURCE_X509V3_EXTENSION,
89 SCT_SOURCE_OCSP_STAPLED_RESPONSE
90} sct_source_t;
91
92typedef enum {
93 SCT_VALIDATION_STATUS_NOT_SET,
94 SCT_VALIDATION_STATUS_UNKNOWN_LOG,
95 SCT_VALIDATION_STATUS_VALID,
96 SCT_VALIDATION_STATUS_INVALID,
97 SCT_VALIDATION_STATUS_UNVERIFIED,
98 SCT_VALIDATION_STATUS_UNKNOWN_VERSION
99} sct_validation_status_t;
100
101DECLARE_STACK_OF(SCT)
102DECLARE_STACK_OF(CTLOG)
103
104/******************************************
105 * CT policy evaluation context functions *
106 ******************************************/
107
108/*
109 * Creates a new, empty policy evaluation context.
110 * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished
111 * with the CT_POLICY_EVAL_CTX.
112 */
113CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
114
115/* Deletes a policy evaluation context and anything it owns. */
116void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
117
118/* Gets the peer certificate that the SCTs are for */
119X509 *CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
120
121/*
122 * Sets the certificate associated with the received SCTs.
123 * Increments the reference count of cert.
124 * Returns 1 on success, 0 otherwise.
125 */
126int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
127
128/* Gets the issuer of the aforementioned certificate */
129X509 *CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
130
131/*
132 * Sets the issuer of the certificate associated with the received SCTs.
133 * Increments the reference count of issuer.
134 * Returns 1 on success, 0 otherwise.
135 */
136int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
137
138/* Gets the CT logs that are trusted sources of SCTs */
139const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
140
141/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */
142void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
143 CTLOG_STORE *log_store);
144
145/*
146 * Gets the time, in milliseconds since the Unix epoch, that will be used as the
147 * current time when checking whether an SCT was issued in the future.
148 * Such SCTs will fail validation, as required by RFC6962.
149 */
150uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
151
152/*
153 * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch.
154 * If an SCT's timestamp is after this time, it will be interpreted as having
155 * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs
156 * whose timestamp is in the future", so an SCT will not validate in this case.
157 */
158void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
159
160/*****************
161 * SCT functions *
162 *****************/
163
164/*
165 * Creates a new, blank SCT.
166 * The caller is responsible for calling SCT_free when finished with the SCT.
167 */
168SCT *SCT_new(void);
169
170/*
171 * Creates a new SCT from some base64-encoded strings.
172 * The caller is responsible for calling SCT_free when finished with the SCT.
173 */
174SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
175 ct_log_entry_type_t entry_type, uint64_t timestamp,
176 const char *extensions_base64, const char *signature_base64);
177
178/*
179 * Frees the SCT and the underlying data structures.
180 */
181void SCT_free(SCT *sct);
182
183/*
184 * Free a stack of SCTs, and the underlying SCTs themselves.
185 * Intended to be compatible with X509V3_EXT_FREE.
186 */
187void SCT_LIST_free(STACK_OF(SCT) *a);
188
189/*
190 * Returns the version of the SCT.
191 */
192sct_version_t SCT_get_version(const SCT *sct);
193
194/*
195 * Set the version of an SCT.
196 * Returns 1 on success, 0 if the version is unrecognized.
197 */
198int SCT_set_version(SCT *sct, sct_version_t version);
199
200/*
201 * Returns the log entry type of the SCT.
202 */
203ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
204
205/*
206 * Set the log entry type of an SCT.
207 * Returns 1 on success, 0 otherwise.
208 */
209int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
210
211/*
212 * Gets the ID of the log that an SCT came from.
213 * Ownership of the log ID remains with the SCT.
214 * Returns the length of the log ID.
215 */
216size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
217
218/*
219 * Set the log ID of an SCT to point directly to the *log_id specified.
220 * The SCT takes ownership of the specified pointer.
221 * Returns 1 on success, 0 otherwise.
222 */
223int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
224
225/*
226 * Set the log ID of an SCT.
227 * This makes a copy of the log_id.
228 * Returns 1 on success, 0 otherwise.
229 */
230int SCT_set1_log_id(SCT *sct, const unsigned char *log_id,
231 size_t log_id_len);
232
233/*
234 * Returns the timestamp for the SCT (epoch time in milliseconds).
235 */
236uint64_t SCT_get_timestamp(const SCT *sct);
237
238/*
239 * Set the timestamp of an SCT (epoch time in milliseconds).
240 */
241void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
242
243/*
244 * Return the NID for the signature used by the SCT.
245 * For CT v1, this will be either NID_sha256WithRSAEncryption or
246 * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset).
247 */
248int SCT_get_signature_nid(const SCT *sct);
249
250/*
251 * Set the signature type of an SCT
252 * For CT v1, this should be either NID_sha256WithRSAEncryption or
253 * NID_ecdsa_with_SHA256.
254 * Returns 1 on success, 0 otherwise.
255 */
256int SCT_set_signature_nid(SCT *sct, int nid);
257
258/*
259 * Set *ext to point to the extension data for the SCT. ext must not be NULL.
260 * The SCT retains ownership of this pointer.
261 * Returns length of the data pointed to.
262 */
263size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
264
265/*
266 * Set the extensions of an SCT to point directly to the *ext specified.
267 * The SCT takes ownership of the specified pointer.
268 */
269void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
270
271/*
272 * Set the extensions of an SCT.
273 * This takes a copy of the ext.
274 * Returns 1 on success, 0 otherwise.
275 */
276int SCT_set1_extensions(SCT *sct, const unsigned char *ext,
277 size_t ext_len);
278
279/*
280 * Set *sig to point to the signature for the SCT. sig must not be NULL.
281 * The SCT retains ownership of this pointer.
282 * Returns length of the data pointed to.
283 */
284size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
285
286/*
287 * Set the signature of an SCT to point directly to the *sig specified.
288 * The SCT takes ownership of the specified pointer.
289 */
290void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
291
292/*
293 * Set the signature of an SCT to be a copy of the *sig specified.
294 * Returns 1 on success, 0 otherwise.
295 */
296int SCT_set1_signature(SCT *sct, const unsigned char *sig,
297 size_t sig_len);
298
299/*
300 * The origin of this SCT, e.g. TLS extension, OCSP response, etc.
301 */
302sct_source_t SCT_get_source(const SCT *sct);
303
304/*
305 * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc.
306 * Returns 1 on success, 0 otherwise.
307 */
308int SCT_set_source(SCT *sct, sct_source_t source);
309
310/*
311 * Returns a text string describing the validation status of |sct|.
312 */
313const char *SCT_validation_status_string(const SCT *sct);
314
315/*
316 * Pretty-prints an |sct| to |out|.
317 * It will be indented by the number of spaces specified by |indent|.
318 * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came
319 * from, so that the log name can be printed.
320 */
321void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
322
323/*
324 * Pretty-prints an |sct_list| to |out|.
325 * It will be indented by the number of spaces specified by |indent|.
326 * SCTs will be delimited by |separator|.
327 * If |logs| is not NULL, it will be used to lookup the CT log that each SCT
328 * came from, so that the log names can be printed.
329 */
330void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
331 const char *separator, const CTLOG_STORE *logs);
332
333/*
334 * Gets the last result of validating this SCT.
335 * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET.
336 */
337sct_validation_status_t SCT_get_validation_status(const SCT *sct);
338
339/*
340 * Validates the given SCT with the provided context.
341 * Sets the "validation_status" field of the SCT.
342 * Returns 1 if the SCT is valid and the signature verifies.
343 * Returns 0 if the SCT is invalid or could not be verified.
344 * Returns -1 if an error occurs.
345 */
346int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
347
348/*
349 * Validates the given list of SCTs with the provided context.
350 * Sets the "validation_status" field of each SCT.
351 * Returns 1 if there are no invalid SCTs and all signatures verify.
352 * Returns 0 if at least one SCT is invalid or could not be verified.
353 * Returns a negative integer if an error occurs.
354 */
355int SCT_LIST_validate(const STACK_OF(SCT) *scts,
356 CT_POLICY_EVAL_CTX *ctx);
357
358
359/*********************************
360 * SCT parsing and serialisation *
361 *********************************/
362
363/*
364 * Serialize (to TLS format) a stack of SCTs and return the length.
365 * "a" must not be NULL.
366 * If "pp" is NULL, just return the length of what would have been serialized.
367 * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
368 * for data that caller is responsible for freeing (only if function returns
369 * successfully).
370 * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
371 * that "*pp" is large enough to accept all of the serialized data.
372 * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
373 * on success.
374 */
375int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
376
377/*
378 * Convert TLS format SCT list to a stack of SCTs.
379 * If "a" or "*a" is NULL, a new stack will be created that the caller is
380 * responsible for freeing (by calling SCT_LIST_free).
381 * "**pp" and "*pp" must not be NULL.
382 * Upon success, "*pp" will point to after the last bytes read, and a stack
383 * will be returned.
384 * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
385 * not defined.
386 */
387STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
388 size_t len);
389
390/*
391 * Serialize (to DER format) a stack of SCTs and return the length.
392 * "a" must not be NULL.
393 * If "pp" is NULL, just returns the length of what would have been serialized.
394 * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
395 * for data that caller is responsible for freeing (only if function returns
396 * successfully).
397 * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
398 * that "*pp" is large enough to accept all of the serialized data.
399 * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
400 * on success.
401 */
402int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
403
404/*
405 * Parses an SCT list in DER format and returns it.
406 * If "a" or "*a" is NULL, a new stack will be created that the caller is
407 * responsible for freeing (by calling SCT_LIST_free).
408 * "**pp" and "*pp" must not be NULL.
409 * Upon success, "*pp" will point to after the last bytes read, and a stack
410 * will be returned.
411 * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
412 * not defined.
413 */
414STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
415 long len);
416
417/*
418 * Serialize (to TLS format) an |sct| and write it to |out|.
419 * If |out| is null, no SCT will be output but the length will still be returned.
420 * If |out| points to a null pointer, a string will be allocated to hold the
421 * TLS-format SCT. It is the responsibility of the caller to free it.
422 * If |out| points to an allocated string, the TLS-format SCT will be written
423 * to it.
424 * The length of the SCT in TLS format will be returned.
425 */
426int i2o_SCT(const SCT *sct, unsigned char **out);
427
428/*
429 * Parses an SCT in TLS format and returns it.
430 * If |psct| is not null, it will end up pointing to the parsed SCT. If it
431 * already points to a non-null pointer, the pointer will be free'd.
432 * |in| should be a pointer to a string containing the TLS-format SCT.
433 * |in| will be advanced to the end of the SCT if parsing succeeds.
434 * |len| should be the length of the SCT in |in|.
435 * Returns NULL if an error occurs.
436 * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len'
437 * fields will be populated (with |in| and |len| respectively).
438 */
439SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
440
441/********************
442 * CT log functions *
443 ********************/
444
445/*
446 * Creates a new CT log instance with the given |public_key| and |name|.
447 * Takes ownership of |public_key| but copies |name|.
448 * Returns NULL if malloc fails or if |public_key| cannot be converted to DER.
449 * Should be deleted by the caller using CTLOG_free when no longer needed.
450 */
451CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
452
453/*
454 * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER
455 * in |pkey_base64|. The |name| is a string to help users identify this log.
456 * Returns 1 on success, 0 on failure.
457 * Should be deleted by the caller using CTLOG_free when no longer needed.
458 */
459int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64,
460 const char *name);
461
462/*
463 * Deletes a CT log instance and its fields.
464 */
465void CTLOG_free(CTLOG *log);
466
467/* Gets the name of the CT log */
468const char *CTLOG_get0_name(const CTLOG *log);
469/* Gets the ID of the CT log */
470void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
471 size_t *log_id_len);
472/* Gets the public key of the CT log */
473EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
474
475/**************************
476 * CT log store functions *
477 **************************/
478
479/*
480 * Creates a new CT log store.
481 * Should be deleted by the caller using CTLOG_STORE_free when no longer needed.
482 */
483CTLOG_STORE *CTLOG_STORE_new(void);
484
485/*
486 * Deletes a CT log store and all of the CT log instances held within.
487 */
488void CTLOG_STORE_free(CTLOG_STORE *store);
489
490/*
491 * Finds a CT log in the store based on its log ID.
492 * Returns the CT log, or NULL if no match is found.
493 */
494const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
495 const uint8_t *log_id, size_t log_id_len);
496
497/*
498 * Loads a CT log list into a |store| from a |file|.
499 * Returns 1 if loading is successful, or 0 otherwise.
500 */
501int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
502
503/*
504 * Loads the default CT log list into a |store|.
505 * Returns 1 if loading is successful, or 0 otherwise.
506 */
507int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
508
509int ERR_load_CT_strings(void);
510
511/*
512 * CT function codes.
513 */
514# define CT_F_CTLOG_NEW 117
515# define CT_F_CTLOG_NEW_FROM_BASE64 118
516# define CT_F_CTLOG_NEW_FROM_CONF 119
517# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122
518# define CT_F_CTLOG_STORE_LOAD_FILE 123
519# define CT_F_CTLOG_STORE_LOAD_LOG 130
520# define CT_F_CTLOG_STORE_NEW 131
521# define CT_F_CT_BASE64_DECODE 124
522# define CT_F_CT_POLICY_EVAL_CTX_NEW 133
523# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125
524# define CT_F_I2O_SCT 107
525# define CT_F_I2O_SCT_LIST 108
526# define CT_F_I2O_SCT_SIGNATURE 109
527# define CT_F_O2I_SCT 110
528# define CT_F_O2I_SCT_LIST 111
529# define CT_F_O2I_SCT_SIGNATURE 112
530# define CT_F_SCT_CTX_NEW 126
531# define CT_F_SCT_CTX_VERIFY 128
532# define CT_F_SCT_NEW 100
533# define CT_F_SCT_NEW_FROM_BASE64 127
534# define CT_F_SCT_SET0_LOG_ID 101
535# define CT_F_SCT_SET1_EXTENSIONS 114
536# define CT_F_SCT_SET1_LOG_ID 115
537# define CT_F_SCT_SET1_SIGNATURE 116
538# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102
539# define CT_F_SCT_SET_SIGNATURE_NID 103
540# define CT_F_SCT_SET_VERSION 104
541
542/*
543 * CT reason codes.
544 */
545# define CT_R_BASE64_DECODE_ERROR 108
546# define CT_R_INVALID_LOG_ID_LENGTH 100
547# define CT_R_LOG_CONF_INVALID 109
548# define CT_R_LOG_CONF_INVALID_KEY 110
549# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111
550# define CT_R_LOG_CONF_MISSING_KEY 112
551# define CT_R_LOG_KEY_INVALID 113
552# define CT_R_SCT_FUTURE_TIMESTAMP 116
553# define CT_R_SCT_INVALID 104
554# define CT_R_SCT_INVALID_SIGNATURE 107
555# define CT_R_SCT_LIST_INVALID 105
556# define CT_R_SCT_LOG_ID_MISMATCH 114
557# define CT_R_SCT_NOT_SET 106
558# define CT_R_SCT_UNSUPPORTED_VERSION 115
559# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101
560# define CT_R_UNSUPPORTED_ENTRY_TYPE 102
561# define CT_R_UNSUPPORTED_VERSION 103
562
563#ifdef __cplusplus
564}
565#endif
566#endif
567#endif
diff --git a/src/lib/libcrypto/ct/ct_b64.c b/src/lib/libcrypto/ct/ct_b64.c
deleted file mode 100644
index 101cd1e2b1..0000000000
--- a/src/lib/libcrypto/ct/ct_b64.c
+++ /dev/null
@@ -1,226 +0,0 @@
1/* $OpenBSD: ct_b64.c,v 1.7 2023/07/08 07:22:58 beck Exp $ */
2/*
3 * Written by Rob Stradling (rob@comodo.com) and Stephen Henson
4 * (steve@openssl.org) for the OpenSSL project 2014.
5 */
6/* ====================================================================
7 * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <limits.h>
61#include <string.h>
62
63#include <openssl/ct.h>
64#include <openssl/err.h>
65#include <openssl/evp.h>
66
67#include "bytestring.h"
68#include "ct_local.h"
69
70/*
71 * Decodes the base64 string |in| into |out|.
72 * A new string will be malloc'd and assigned to |out|. This will be owned by
73 * the caller. Do not provide a pre-allocated string in |out|.
74 */
75static int
76ct_base64_decode(const char *in, unsigned char **out)
77{
78 size_t inlen = strlen(in);
79 int outlen, i;
80 unsigned char *outbuf = NULL;
81
82 if (inlen == 0) {
83 *out = NULL;
84 return 0;
85 }
86
87 outlen = (inlen / 4) * 3;
88 outbuf = malloc(outlen);
89 if (outbuf == NULL) {
90 CTerror(ERR_R_MALLOC_FAILURE);
91 goto err;
92 }
93
94 outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
95 if (outlen < 0) {
96 CTerror(CT_R_BASE64_DECODE_ERROR);
97 goto err;
98 }
99
100 /*
101 * Subtract padding bytes from |outlen|.
102 * Any more than 2 is malformed.
103 */
104 i = 0;
105 while (in[--inlen] == '=') {
106 --outlen;
107 if (++i > 2)
108 goto err;
109 }
110
111 *out = outbuf;
112 return outlen;
113 err:
114 free(outbuf);
115 return -1;
116}
117
118SCT *
119SCT_new_from_base64(unsigned char version, const char *logid_base64,
120 ct_log_entry_type_t entry_type, uint64_t timestamp,
121 const char *extensions_base64, const char *signature_base64)
122{
123 unsigned char *dec = NULL;
124 int declen;
125 SCT *sct;
126 CBS cbs;
127
128 if ((sct = SCT_new()) == NULL) {
129 CTerror(ERR_R_MALLOC_FAILURE);
130 return NULL;
131 }
132
133 /*
134 * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
135 * can only construct SCT versions that have been defined.
136 */
137 if (!SCT_set_version(sct, version)) {
138 CTerror(CT_R_SCT_UNSUPPORTED_VERSION);
139 goto err;
140 }
141
142 declen = ct_base64_decode(logid_base64, &dec);
143 if (declen < 0) {
144 CTerror(X509_R_BASE64_DECODE_ERROR);
145 goto err;
146 }
147 if (!SCT_set0_log_id(sct, dec, declen))
148 goto err;
149 dec = NULL;
150
151 declen = ct_base64_decode(extensions_base64, &dec);
152 if (declen < 0) {
153 CTerror(X509_R_BASE64_DECODE_ERROR);
154 goto err;
155 }
156 SCT_set0_extensions(sct, dec, declen);
157 dec = NULL;
158
159 declen = ct_base64_decode(signature_base64, &dec);
160 if (declen < 0) {
161 CTerror(X509_R_BASE64_DECODE_ERROR);
162 goto err;
163 }
164
165 CBS_init(&cbs, dec, declen);
166 if (!o2i_SCT_signature(sct, &cbs))
167 goto err;
168 free(dec);
169 dec = NULL;
170
171 SCT_set_timestamp(sct, timestamp);
172
173 if (!SCT_set_log_entry_type(sct, entry_type))
174 goto err;
175
176 return sct;
177
178 err:
179 free(dec);
180 SCT_free(sct);
181 return NULL;
182}
183LCRYPTO_ALIAS(SCT_new_from_base64);
184
185/*
186 * Allocate, build and returns a new |ct_log| from input |pkey_base64|
187 * It returns 1 on success,
188 * 0 on decoding failure, or invalid parameter if any
189 * -1 on internal (malloc) failure
190 */
191int
192CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
193{
194 unsigned char *pkey_der = NULL;
195 int pkey_der_len;
196 const unsigned char *p;
197 EVP_PKEY *pkey = NULL;
198
199 if (ct_log == NULL) {
200 CTerror(ERR_R_PASSED_NULL_PARAMETER);
201 return 0;
202 }
203
204 pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
205 if (pkey_der_len < 0) {
206 CTerror(CT_R_LOG_CONF_INVALID_KEY);
207 return 0;
208 }
209
210 p = pkey_der;
211 pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
212 free(pkey_der);
213 if (pkey == NULL) {
214 CTerror(CT_R_LOG_CONF_INVALID_KEY);
215 return 0;
216 }
217
218 *ct_log = CTLOG_new(pkey, name);
219 if (*ct_log == NULL) {
220 EVP_PKEY_free(pkey);
221 return 0;
222 }
223
224 return 1;
225}
226LCRYPTO_ALIAS(CTLOG_new_from_base64);
diff --git a/src/lib/libcrypto/ct/ct_err.c b/src/lib/libcrypto/ct/ct_err.c
deleted file mode 100644
index 494f88b898..0000000000
--- a/src/lib/libcrypto/ct/ct_err.c
+++ /dev/null
@@ -1,149 +0,0 @@
1/* $OpenBSD: ct_err.c,v 1.8 2024/06/24 06:43:22 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <openssl/ct.h>
57#include <openssl/err.h>
58
59#include "err_local.h"
60
61#ifndef OPENSSL_NO_ERR
62
63static const ERR_STRING_DATA CT_str_functs[] = {
64 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"},
65 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0),
66 "CTLOG_new_from_base64"},
67 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0),
68 "ctlog_new_from_conf"},
69 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0),
70 "ctlog_store_load_ctx_new"},
71 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0),
72 "CTLOG_STORE_load_file"},
73 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0),
74 "ctlog_store_load_log"},
75 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"},
76 {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"},
77 {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0),
78 "CT_POLICY_EVAL_CTX_new"},
79 {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0),
80 "ct_v1_log_id_from_pkey"},
81 {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"},
82 {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"},
83 {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"},
84 {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"},
85 {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"},
86 {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"},
87 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"},
88 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"},
89 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"},
90 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0),
91 "SCT_new_from_base64"},
92 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"},
93 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0),
94 "SCT_set1_extensions"},
95 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"},
96 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0),
97 "SCT_set1_signature"},
98 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0),
99 "SCT_set_log_entry_type"},
100 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0),
101 "SCT_set_signature_nid"},
102 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"},
103 {0, NULL}
104};
105
106static const ERR_STRING_DATA CT_str_reasons[] = {
107 {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR),
108 "base64 decode error"},
109 {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH),
110 "invalid log id length"},
111 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"},
112 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY),
113 "log conf invalid key"},
114 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION),
115 "log conf missing description"},
116 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY),
117 "log conf missing key"},
118 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"},
119 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP),
120 "sct future timestamp"},
121 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"},
122 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE),
123 "sct invalid signature"},
124 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"},
125 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH),
126 "sct log id mismatch"},
127 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"},
128 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION),
129 "sct unsupported version"},
130 {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID),
131 "unrecognized signature nid"},
132 {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE),
133 "unsupported entry type"},
134 {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION),
135 "unsupported version"},
136 {0, NULL}
137};
138
139#endif
140
141int
142ERR_load_CT_strings(void)
143{
144 if (ERR_func_error_string(CT_str_functs[0].error) == NULL) {
145 ERR_load_const_strings(CT_str_functs);
146 ERR_load_const_strings(CT_str_reasons);
147 }
148 return 1;
149}
diff --git a/src/lib/libcrypto/ct/ct_local.h b/src/lib/libcrypto/ct/ct_local.h
deleted file mode 100644
index cd19ed096a..0000000000
--- a/src/lib/libcrypto/ct/ct_local.h
+++ /dev/null
@@ -1,260 +0,0 @@
1/* $OpenBSD: ct_local.h,v 1.8 2021/12/20 17:19:19 jsing Exp $ */
2/*
3 * Written by Rob Percival (robpercival@google.com) for the OpenSSL project.
4 */
5/* ====================================================================
6 * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54#include <stddef.h>
55
56#include <openssl/ct.h>
57#include <openssl/evp.h>
58#include <openssl/safestack.h>
59#include <openssl/x509.h>
60#include <openssl/x509v3.h>
61
62#include "bytestring.h"
63
64/* Number of bytes in an SCT v1 LogID - see RFC 6962 section 3.2. */
65#define CT_V1_LOG_ID_LEN 32
66
67/* Maximum size of an SCT - see RFC 6962 section 3.3. */
68#define MAX_SCT_SIZE 65535
69#define MAX_SCT_LIST_SIZE MAX_SCT_SIZE
70
71/*
72 * Macros to write integers in network-byte order.
73 */
74
75#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
76 c[1]=(unsigned char)(((s) )&0xff)),c+=2)
77
78#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
79 c[1]=(unsigned char)(((l)>> 8)&0xff), \
80 c[2]=(unsigned char)(((l) )&0xff)),c+=3)
81
82#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
83 *((c)++)=(unsigned char)(((l)>>48)&0xff), \
84 *((c)++)=(unsigned char)(((l)>>40)&0xff), \
85 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
86 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
87 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
88 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
89 *((c)++)=(unsigned char)(((l) )&0xff))
90
91/* Signed Certificate Timestamp */
92struct sct_st {
93 sct_version_t version;
94 /* If version is not SCT_VERSION_V1, this contains the encoded SCT */
95 unsigned char *sct;
96 size_t sct_len;
97 /*
98 * If version is SCT_VERSION_V1, fields below contain components of
99 * the SCT
100 */
101 unsigned char *log_id;
102 size_t log_id_len;
103 /*
104 * Note, we cannot distinguish between an unset timestamp, and one
105 * that is set to 0. However since CT didn't exist in 1970, no real
106 * SCT should ever be set as such.
107 */
108 uint64_t timestamp;
109 unsigned char *ext;
110 size_t ext_len;
111 unsigned char hash_alg;
112 unsigned char sig_alg;
113 unsigned char *sig;
114 size_t sig_len;
115 /* Log entry type */
116 ct_log_entry_type_t entry_type;
117 /* Where this SCT was found, e.g. certificate, OCSP response, etc. */
118 sct_source_t source;
119 /* The result of the last attempt to validate this SCT. */
120 sct_validation_status_t validation_status;
121};
122
123/* Miscellaneous data that is useful when verifying an SCT */
124struct sct_ctx_st {
125 /* Public key */
126 EVP_PKEY *pkey;
127 /* Hash of public key */
128 unsigned char *pkeyhash;
129 size_t pkeyhashlen;
130 /* For pre-certificate: issuer public key hash */
131 unsigned char *ihash;
132 size_t ihashlen;
133 /* certificate encoding */
134 unsigned char *certder;
135 size_t certderlen;
136 /* pre-certificate encoding */
137 unsigned char *preder;
138 size_t prederlen;
139 /*
140 * milliseconds since epoch (to check that the SCT isn't from the
141 * future)
142 */
143 uint64_t epoch_time_in_ms;
144};
145
146/* Context when evaluating whether a Certificate Transparency policy is met */
147struct ct_policy_eval_ctx_st {
148 X509 *cert;
149 X509 *issuer;
150 CTLOG_STORE *log_store;
151 /*
152 * milliseconds since epoch (to check that the SCT isn't from the
153 * future)
154 */
155 uint64_t epoch_time_in_ms;
156};
157
158/*
159 * Creates a new context for verifying an SCT.
160 */
161SCT_CTX *SCT_CTX_new(void);
162/*
163 * Deletes an SCT verification context.
164 */
165void SCT_CTX_free(SCT_CTX *sctx);
166
167/*
168 * Sets the certificate that the SCT was created for.
169 * If *cert does not have a poison extension, presigner must be NULL.
170 * If *cert does not have a poison extension, it may have a single SCT
171 * (NID_ct_precert_scts) extension.
172 * If either *cert or *presigner have an AKID (NID_authority_key_identifier)
173 * extension, both must have one.
174 * Returns 1 on success, 0 on failure.
175 */
176int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);
177
178/*
179 * Sets the issuer of the certificate that the SCT was created for.
180 * This is just a convenience method to save extracting the public key and
181 * calling SCT_CTX_set1_issuer_pubkey().
182 * Issuer must not be NULL.
183 * Returns 1 on success, 0 on failure.
184 */
185int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer);
186
187/*
188 * Sets the public key of the issuer of the certificate that the SCT was created
189 * for.
190 * The public key must not be NULL.
191 * Returns 1 on success, 0 on failure.
192 */
193int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
194
195/*
196 * Sets the public key of the CT log that the SCT is from.
197 * Returns 1 on success, 0 on failure.
198 */
199int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
200
201/*
202 * Sets the time to evaluate the SCT against, in milliseconds since the Unix
203 * epoch. If the SCT's timestamp is after this time, it will be interpreted as
204 * having been issued in the future. RFC6962 states that "TLS clients MUST
205 * reject SCTs whose timestamp is in the future", so an SCT will not validate
206 * in this case.
207 */
208void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms);
209
210/*
211 * Verifies an SCT with the given context.
212 * Returns 1 if the SCT verifies successfully; any other value indicates
213 * failure. See EVP_DigestVerifyFinal() for the meaning of those values.
214 */
215int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct);
216
217/*
218 * Does this SCT have the minimum fields populated to be usable?
219 * Returns 1 if so, 0 otherwise.
220 */
221int SCT_is_complete(const SCT *sct);
222
223/*
224 * Does this SCT have the signature-related fields populated?
225 * Returns 1 if so, 0 otherwise.
226 * This checks that the signature and hash algorithms are set to supported
227 * values and that the signature field is set.
228 */
229int SCT_signature_is_complete(const SCT *sct);
230
231/*
232 * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature
233 * and o2i_SCT_signature conform to the i2d/d2i conventions.
234 */
235
236/*
237 * Serialize (to TLS format) an |sct| signature and write it to |out|.
238 * If |out| is null, no signature will be output but the length will be returned.
239 * If |out| points to a null pointer, a string will be allocated to hold the
240 * TLS-format signature. It is the responsibility of the caller to free it.
241 * If |out| points to an allocated string, the signature will be written to it.
242 * The length of the signature in TLS format will be returned.
243 */
244int i2o_SCT_signature(const SCT *sct, unsigned char **out);
245
246/*
247 * Parses an SCT signature in TLS format and populates the |sct| with it.
248 * |in| should be a pointer to a string containing the TLS-format signature.
249 * |in| will be advanced to the end of the signature if parsing succeeds.
250 * |len| should be the length of the signature in |in|.
251 * Returns the number of bytes parsed, or a negative integer if an error occurs.
252 * If an error occurs, the SCT's signature NID may be updated whilst the
253 * signature field itself remains unset.
254 */
255int o2i_SCT_signature(SCT *sct, CBS *cbs);
256
257/*
258 * Handlers for Certificate Transparency X509v3/OCSP extensions
259 */
260extern const X509V3_EXT_METHOD v3_ct_scts[3];
diff --git a/src/lib/libcrypto/ct/ct_log.c b/src/lib/libcrypto/ct/ct_log.c
deleted file mode 100644
index 72045477ac..0000000000
--- a/src/lib/libcrypto/ct/ct_log.c
+++ /dev/null
@@ -1,379 +0,0 @@
1/* $OpenBSD: ct_log.c,v 1.9 2024/11/05 09:35:40 tb Exp $ */
2/* Author: Adam Eijdenberg <adam.eijdenberg@gmail.com>. */
3/* ====================================================================
4 * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 *
18 * 3. All advertising materials mentioning features or use of this
19 * software must display the following acknowledgment:
20 * "This product includes software developed by the OpenSSL Project
21 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
22 *
23 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
24 * endorse or promote products derived from this software without
25 * prior written permission. For written permission, please contact
26 * openssl-core@openssl.org.
27 *
28 * 5. Products derived from this software may not be called "OpenSSL"
29 * nor may "OpenSSL" appear in their names without prior written
30 * permission of the OpenSSL Project.
31 *
32 * 6. Redistributions of any form whatsoever must retain the following
33 * acknowledgment:
34 * "This product includes software developed by the OpenSSL Project
35 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
36 *
37 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
38 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
39 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
40 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
46 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
47 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
48 * OF THE POSSIBILITY OF SUCH DAMAGE.
49 * ====================================================================
50 *
51 * This product includes cryptographic software written by Eric Young
52 * (eay@cryptsoft.com). This product includes software written by Tim
53 * Hudson (tjh@cryptsoft.com).
54 *
55 * Licensed under the OpenSSL license (the "License"). You may not use
56 * this file except in compliance with the License. You can obtain a copy
57 * in the file LICENSE in the source distribution or at
58 * https://www.openssl.org/source/license.html
59 */
60
61#include <stdint.h>
62#include <stdlib.h>
63#include <string.h>
64
65#include <openssl/asn1.h>
66#include <openssl/conf.h>
67#include <openssl/ct.h>
68#include <openssl/err.h>
69#include <openssl/evp.h>
70#include <openssl/sha.h>
71#include <openssl/x509.h>
72
73#include "conf_local.h"
74#include "crypto_local.h"
75
76
77/*
78 * Information about a CT log server.
79 */
80struct ctlog_st {
81 char *name;
82 uint8_t log_id[CT_V1_HASHLEN];
83 EVP_PKEY *public_key;
84};
85
86/*
87 * A store for multiple CTLOG instances.
88 * It takes ownership of any CTLOG instances added to it.
89 */
90struct ctlog_store_st {
91 STACK_OF(CTLOG) *logs;
92};
93
94/* The context when loading a CT log list from a CONF file. */
95typedef struct ctlog_store_load_ctx_st {
96 CTLOG_STORE *log_store;
97 CONF *conf;
98 size_t invalid_log_entries;
99} CTLOG_STORE_LOAD_CTX;
100
101/*
102 * Creates an empty context for loading a CT log store.
103 * It should be populated before use.
104 */
105static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void);
106
107/*
108 * Deletes a CT log store load context.
109 * Does not delete any of the fields.
110 */
111static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx);
112
113static CTLOG_STORE_LOAD_CTX *
114ctlog_store_load_ctx_new(void)
115{
116 CTLOG_STORE_LOAD_CTX *ctx = calloc(1, sizeof(*ctx));
117
118 if (ctx == NULL)
119 CTerror(ERR_R_MALLOC_FAILURE);
120
121 return ctx;
122}
123
124static void
125ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx)
126{
127 free(ctx);
128}
129
130/* Converts a log's public key into a SHA256 log ID */
131static int
132ct_v1_log_id_from_pkey(EVP_PKEY *pkey, unsigned char log_id[CT_V1_HASHLEN])
133{
134 int ret = 0;
135 unsigned char *pkey_der = NULL;
136 int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der);
137
138 if (pkey_der_len <= 0) {
139 CTerror(CT_R_LOG_KEY_INVALID);
140 goto err;
141 }
142
143 SHA256(pkey_der, pkey_der_len, log_id);
144 ret = 1;
145 err:
146 free(pkey_der);
147 return ret;
148}
149
150CTLOG_STORE *
151CTLOG_STORE_new(void)
152{
153 CTLOG_STORE *ret = calloc(1, sizeof(*ret));
154
155 if (ret == NULL) {
156 CTerror(ERR_R_MALLOC_FAILURE);
157 return NULL;
158 }
159
160 ret->logs = sk_CTLOG_new_null();
161 if (ret->logs == NULL)
162 goto err;
163
164 return ret;
165 err:
166 free(ret);
167 return NULL;
168}
169LCRYPTO_ALIAS(CTLOG_STORE_new);
170
171void
172CTLOG_STORE_free(CTLOG_STORE *store)
173{
174 if (store != NULL) {
175 sk_CTLOG_pop_free(store->logs, CTLOG_free);
176 free(store);
177 }
178}
179LCRYPTO_ALIAS(CTLOG_STORE_free);
180
181static int
182ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section)
183{
184 const char *description = NCONF_get_string(conf, section,
185 "description");
186 char *pkey_base64;
187
188 if (description == NULL) {
189 CTerror(CT_R_LOG_CONF_MISSING_DESCRIPTION);
190 return 0;
191 }
192
193 pkey_base64 = NCONF_get_string(conf, section, "key");
194 if (pkey_base64 == NULL) {
195 CTerror(CT_R_LOG_CONF_MISSING_KEY);
196 return 0;
197 }
198
199 return CTLOG_new_from_base64(ct_log, pkey_base64, description);
200}
201
202int
203CTLOG_STORE_load_default_file(CTLOG_STORE *store)
204{
205 return CTLOG_STORE_load_file(store, CTLOG_FILE);
206}
207LCRYPTO_ALIAS(CTLOG_STORE_load_default_file);
208
209/*
210 * Called by CONF_parse_list, which stops if this returns <= 0,
211 * Otherwise, one bad log entry would stop loading of any of
212 * the following log entries.
213 * It may stop parsing and returns -1 on any internal (malloc) error.
214 */
215static int
216ctlog_store_load_log(const char *log_name, int log_name_len, void *arg)
217{
218 CTLOG_STORE_LOAD_CTX *load_ctx = arg;
219 CTLOG *ct_log = NULL;
220 /* log_name may not be null-terminated, so fix that before using it */
221 char *tmp;
222 int ret = 0;
223
224 /* log_name will be NULL for empty list entries */
225 if (log_name == NULL)
226 return 1;
227
228 tmp = strndup(log_name, log_name_len);
229 if (tmp == NULL)
230 goto mem_err;
231
232 ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp);
233 free(tmp);
234
235 if (ret < 0) {
236 /* Propagate any internal error */
237 return ret;
238 }
239 if (ret == 0) {
240 /* If we can't load this log, record that fact and skip it */
241 ++load_ctx->invalid_log_entries;
242 return 1;
243 }
244
245 if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) {
246 goto mem_err;
247 }
248 return 1;
249
250 mem_err:
251 CTLOG_free(ct_log);
252 CTerror(ERR_R_MALLOC_FAILURE);
253 return -1;
254}
255
256int
257CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file)
258{
259 int ret = 0;
260 char *enabled_logs;
261 CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new();
262
263 if (load_ctx == NULL)
264 return 0;
265 load_ctx->log_store = store;
266 load_ctx->conf = NCONF_new(NULL);
267 if (load_ctx->conf == NULL)
268 goto end;
269
270 if (NCONF_load(load_ctx->conf, file, NULL) <= 0) {
271 CTerror(CT_R_LOG_CONF_INVALID);
272 goto end;
273 }
274
275 enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs");
276 if (enabled_logs == NULL) {
277 CTerror(CT_R_LOG_CONF_INVALID);
278 goto end;
279 }
280
281 if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) ||
282 load_ctx->invalid_log_entries > 0) {
283 CTerror(CT_R_LOG_CONF_INVALID);
284 goto end;
285 }
286
287 ret = 1;
288 end:
289 NCONF_free(load_ctx->conf);
290 ctlog_store_load_ctx_free(load_ctx);
291 return ret;
292}
293LCRYPTO_ALIAS(CTLOG_STORE_load_file);
294
295/*
296 * Initialize a new CTLOG object.
297 * Takes ownership of the public key.
298 * Copies the name.
299 */
300CTLOG *
301CTLOG_new(EVP_PKEY *public_key, const char *name)
302{
303 CTLOG *ret = calloc(1, sizeof(*ret));
304
305 if (ret == NULL) {
306 CTerror(ERR_R_MALLOC_FAILURE);
307 return NULL;
308 }
309
310 ret->name = strdup(name);
311 if (ret->name == NULL) {
312 CTerror(ERR_R_MALLOC_FAILURE);
313 goto err;
314 }
315
316 if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
317 goto err;
318
319 ret->public_key = public_key;
320 return ret;
321 err:
322 CTLOG_free(ret);
323 return NULL;
324}
325LCRYPTO_ALIAS(CTLOG_new);
326
327/* Frees CT log and associated structures */
328void
329CTLOG_free(CTLOG *log)
330{
331 if (log != NULL) {
332 free(log->name);
333 EVP_PKEY_free(log->public_key);
334 free(log);
335 }
336}
337LCRYPTO_ALIAS(CTLOG_free);
338
339const char *
340CTLOG_get0_name(const CTLOG *log)
341{
342 return log->name;
343}
344LCRYPTO_ALIAS(CTLOG_get0_name);
345
346void
347CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, size_t *log_id_len)
348{
349 *log_id = log->log_id;
350 *log_id_len = CT_V1_HASHLEN;
351}
352LCRYPTO_ALIAS(CTLOG_get0_log_id);
353
354EVP_PKEY *
355CTLOG_get0_public_key(const CTLOG *log)
356{
357 return log->public_key;
358}
359LCRYPTO_ALIAS(CTLOG_get0_public_key);
360
361/*
362 * Given a log ID, finds the matching log.
363 * Returns NULL if no match found.
364 */
365const CTLOG *
366CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, const uint8_t *log_id,
367 size_t log_id_len)
368{
369 int i;
370
371 for (i = 0; i < sk_CTLOG_num(store->logs); ++i) {
372 const CTLOG *log = sk_CTLOG_value(store->logs, i);
373 if (memcmp(log->log_id, log_id, log_id_len) == 0)
374 return log;
375 }
376
377 return NULL;
378}
379LCRYPTO_ALIAS(CTLOG_STORE_get0_log_by_id);
diff --git a/src/lib/libcrypto/ct/ct_oct.c b/src/lib/libcrypto/ct/ct_oct.c
deleted file mode 100644
index 1f5e5c75d0..0000000000
--- a/src/lib/libcrypto/ct/ct_oct.c
+++ /dev/null
@@ -1,464 +0,0 @@
1/* $OpenBSD: ct_oct.c,v 1.9 2023/07/08 07:22:58 beck Exp $ */
2/*
3 * Written by Rob Stradling (rob@comodo.com) and Stephen Henson
4 * (steve@openssl.org) for the OpenSSL project 2014.
5 */
6/* ====================================================================
7 * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#ifdef OPENSSL_NO_CT
61# error "CT is disabled"
62#endif
63
64#include <limits.h>
65#include <string.h>
66
67#include <openssl/asn1.h>
68#include <openssl/buffer.h>
69#include <openssl/ct.h>
70#include <openssl/err.h>
71
72#include "bytestring.h"
73#include "ct_local.h"
74
75int
76o2i_SCT_signature(SCT *sct, CBS *cbs)
77{
78 uint8_t hash_alg, sig_alg;
79 CBS signature;
80
81 if (sct->version != SCT_VERSION_V1) {
82 CTerror(CT_R_UNSUPPORTED_VERSION);
83 return 0;
84 }
85
86 /*
87 * Parse a digitally-signed element - see RFC 6962 section 3.2 and
88 * RFC 5246 sections 4.7 and 7.4.1.4.1.
89 */
90 if (!CBS_get_u8(cbs, &hash_alg))
91 goto err_invalid;
92 if (!CBS_get_u8(cbs, &sig_alg))
93 goto err_invalid;
94 if (!CBS_get_u16_length_prefixed(cbs, &signature))
95 goto err_invalid;
96 if (CBS_len(cbs) != 0)
97 goto err_invalid;
98
99 /*
100 * Reject empty signatures since they are invalid for all supported
101 * algorithms (this really should be done by SCT_set1_signature()).
102 */
103 if (CBS_len(&signature) == 0)
104 goto err_invalid;
105
106 sct->hash_alg = hash_alg;
107 sct->sig_alg = sig_alg;
108
109 if (SCT_get_signature_nid(sct) == NID_undef)
110 goto err_invalid;
111
112 if (!SCT_set1_signature(sct, CBS_data(&signature), CBS_len(&signature)))
113 return 0;
114
115 return 1;
116
117 err_invalid:
118 CTerror(CT_R_SCT_INVALID_SIGNATURE);
119 return 0;
120}
121
122static int
123o2i_SCT_internal(SCT **out_sct, CBS *cbs)
124{
125 SCT *sct = NULL;
126 uint8_t version;
127
128 *out_sct = NULL;
129
130 if ((sct = SCT_new()) == NULL)
131 goto err;
132
133 if (CBS_len(cbs) > MAX_SCT_SIZE)
134 goto err_invalid;
135 if (!CBS_peek_u8(cbs, &version))
136 goto err_invalid;
137
138 sct->version = version;
139
140 if (version == SCT_VERSION_V1) {
141 CBS extensions, log_id;
142 uint64_t timestamp;
143
144 /*
145 * Parse a v1 SignedCertificateTimestamp - see RFC 6962
146 * section 3.2.
147 */
148 if (!CBS_get_u8(cbs, &version))
149 goto err_invalid;
150 if (!CBS_get_bytes(cbs, &log_id, CT_V1_LOG_ID_LEN))
151 goto err_invalid;
152 if (!CBS_get_u64(cbs, &timestamp))
153 goto err_invalid;
154 if (!CBS_get_u16_length_prefixed(cbs, &extensions))
155 goto err_invalid;
156
157 if (!CBS_stow(&log_id, &sct->log_id, &sct->log_id_len))
158 goto err;
159
160 sct->timestamp = timestamp;
161
162 if (!CBS_stow(&extensions, &sct->ext, &sct->ext_len))
163 goto err;
164
165 if (!o2i_SCT_signature(sct, cbs))
166 goto err;
167
168 if (CBS_len(cbs) != 0)
169 goto err_invalid;
170 } else {
171 /* If not V1 just cache encoding. */
172 if (!CBS_stow(cbs, &sct->sct, &sct->sct_len))
173 goto err;
174 }
175
176 *out_sct = sct;
177
178 return 1;
179
180 err_invalid:
181 CTerror(CT_R_SCT_INVALID);
182 err:
183 SCT_free(sct);
184
185 return 0;
186}
187
188SCT *
189o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
190{
191 SCT *sct;
192 CBS cbs;
193
194 CBS_init(&cbs, *in, len);
195
196 if (psct != NULL) {
197 SCT_free(*psct);
198 *psct = NULL;
199 }
200
201 if (!o2i_SCT_internal(&sct, &cbs))
202 return NULL;
203
204 if (psct != NULL)
205 *psct = sct;
206
207 *in = CBS_data(&cbs);
208
209 return sct;
210}
211LCRYPTO_ALIAS(o2i_SCT);
212
213int
214i2o_SCT_signature(const SCT *sct, unsigned char **out)
215{
216 size_t len;
217 unsigned char *p = NULL, *pstart = NULL;
218
219 if (!SCT_signature_is_complete(sct)) {
220 CTerror(CT_R_SCT_INVALID_SIGNATURE);
221 goto err;
222 }
223
224 if (sct->version != SCT_VERSION_V1) {
225 CTerror(CT_R_UNSUPPORTED_VERSION);
226 goto err;
227 }
228
229 /*
230 * (1 byte) Hash algorithm
231 * (1 byte) Signature algorithm
232 * (2 bytes + ?) Signature
233 */
234 len = 4 + sct->sig_len;
235
236 if (out != NULL) {
237 if (*out != NULL) {
238 p = *out;
239 *out += len;
240 } else {
241 pstart = p = malloc(len);
242 if (p == NULL) {
243 CTerror(ERR_R_MALLOC_FAILURE);
244 goto err;
245 }
246 *out = p;
247 }
248
249 *p++ = sct->hash_alg;
250 *p++ = sct->sig_alg;
251 s2n(sct->sig_len, p);
252 memcpy(p, sct->sig, sct->sig_len);
253 }
254
255 return len;
256 err:
257 free(pstart);
258 return -1;
259}
260
261int
262i2o_SCT(const SCT *sct, unsigned char **out)
263{
264 size_t len;
265 unsigned char *p = NULL, *pstart = NULL;
266
267 if (!SCT_is_complete(sct)) {
268 CTerror(CT_R_SCT_NOT_SET);
269 goto err;
270 }
271 /*
272 * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
273 * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
274 * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
275 * bytes + ?) Signature
276 */
277 if (sct->version == SCT_VERSION_V1)
278 len = 43 + sct->ext_len + 4 + sct->sig_len;
279 else
280 len = sct->sct_len;
281
282 if (out == NULL)
283 return len;
284
285 if (*out != NULL) {
286 p = *out;
287 *out += len;
288 } else {
289 pstart = p = malloc(len);
290 if (p == NULL) {
291 CTerror(ERR_R_MALLOC_FAILURE);
292 goto err;
293 }
294 *out = p;
295 }
296
297 if (sct->version == SCT_VERSION_V1) {
298 *p++ = sct->version;
299 memcpy(p, sct->log_id, CT_V1_HASHLEN);
300 p += CT_V1_HASHLEN;
301 l2n8(sct->timestamp, p);
302 s2n(sct->ext_len, p);
303 if (sct->ext_len > 0) {
304 memcpy(p, sct->ext, sct->ext_len);
305 p += sct->ext_len;
306 }
307 if (i2o_SCT_signature(sct, &p) <= 0)
308 goto err;
309 } else {
310 memcpy(p, sct->sct, len);
311 }
312
313 return len;
314 err:
315 free(pstart);
316 return -1;
317}
318LCRYPTO_ALIAS(i2o_SCT);
319
320STACK_OF(SCT) *
321o2i_SCT_LIST(STACK_OF(SCT) **out_scts, const unsigned char **pp, size_t len)
322{
323 CBS cbs, cbs_scts, cbs_sct;
324 STACK_OF(SCT) *scts = NULL;
325
326 CBS_init(&cbs, *pp, len);
327
328 if (CBS_len(&cbs) > MAX_SCT_LIST_SIZE)
329 goto err_invalid;
330 if (!CBS_get_u16_length_prefixed(&cbs, &cbs_scts))
331 goto err_invalid;
332 if (CBS_len(&cbs) != 0)
333 goto err_invalid;
334
335 if (out_scts != NULL) {
336 SCT_LIST_free(*out_scts);
337 *out_scts = NULL;
338 }
339
340 if ((scts = sk_SCT_new_null()) == NULL)
341 return NULL;
342
343 while (CBS_len(&cbs_scts) > 0) {
344 SCT *sct;
345
346 if (!CBS_get_u16_length_prefixed(&cbs_scts, &cbs_sct))
347 goto err_invalid;
348
349 if (!o2i_SCT_internal(&sct, &cbs_sct))
350 goto err;
351 if (!sk_SCT_push(scts, sct)) {
352 SCT_free(sct);
353 goto err;
354 }
355 }
356
357 if (out_scts != NULL)
358 *out_scts = scts;
359
360 *pp = CBS_data(&cbs);
361
362 return scts;
363
364 err_invalid:
365 CTerror(CT_R_SCT_LIST_INVALID);
366 err:
367 SCT_LIST_free(scts);
368
369 return NULL;
370}
371LCRYPTO_ALIAS(o2i_SCT_LIST);
372
373int
374i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
375{
376 int len, sct_len, i, is_pp_new = 0;
377 size_t len2;
378 unsigned char *p = NULL, *p2;
379
380 if (pp != NULL) {
381 if (*pp == NULL) {
382 if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
383 CTerror(CT_R_SCT_LIST_INVALID);
384 return -1;
385 }
386 if ((*pp = malloc(len)) == NULL) {
387 CTerror(ERR_R_MALLOC_FAILURE);
388 return -1;
389 }
390 is_pp_new = 1;
391 }
392 p = *pp + 2;
393 }
394
395 len2 = 2;
396 for (i = 0; i < sk_SCT_num(a); i++) {
397 if (pp != NULL) {
398 p2 = p;
399 p += 2;
400 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
401 goto err;
402 s2n(sct_len, p2);
403 } else {
404 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
405 goto err;
406 }
407 len2 += 2 + sct_len;
408 }
409
410 if (len2 > MAX_SCT_LIST_SIZE)
411 goto err;
412
413 if (pp != NULL) {
414 p = *pp;
415 s2n(len2 - 2, p);
416 if (!is_pp_new)
417 *pp += len2;
418 }
419 return len2;
420
421 err:
422 if (is_pp_new) {
423 free(*pp);
424 *pp = NULL;
425 }
426 return -1;
427}
428LCRYPTO_ALIAS(i2o_SCT_LIST);
429
430STACK_OF(SCT) *
431d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
432{
433 ASN1_OCTET_STRING *oct = NULL;
434 STACK_OF(SCT) *sk = NULL;
435 const unsigned char *p;
436
437 p = *pp;
438 if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
439 return NULL;
440
441 p = oct->data;
442 if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
443 *pp += len;
444
445 ASN1_OCTET_STRING_free(oct);
446 return sk;
447}
448LCRYPTO_ALIAS(d2i_SCT_LIST);
449
450int
451i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
452{
453 ASN1_OCTET_STRING oct;
454 int len;
455
456 oct.data = NULL;
457 if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
458 return -1;
459
460 len = i2d_ASN1_OCTET_STRING(&oct, out);
461 free(oct.data);
462 return len;
463}
464LCRYPTO_ALIAS(i2d_SCT_LIST);
diff --git a/src/lib/libcrypto/ct/ct_policy.c b/src/lib/libcrypto/ct/ct_policy.c
deleted file mode 100644
index eb2b312019..0000000000
--- a/src/lib/libcrypto/ct/ct_policy.c
+++ /dev/null
@@ -1,163 +0,0 @@
1/* $OpenBSD: ct_policy.c,v 1.6 2023/07/08 07:22:58 beck Exp $ */
2/*
3 * Implementations of Certificate Transparency SCT policies.
4 * Written by Rob Percival (robpercival@google.com) for the OpenSSL project.
5 */
6/* ====================================================================
7 * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55#ifdef OPENSSL_NO_CT
56# error "CT is disabled"
57#endif
58
59#include <openssl/ct.h>
60#include <openssl/err.h>
61#include <time.h>
62
63#include "ct_local.h"
64
65/*
66 * Number of seconds in the future that an SCT timestamp can be, by default,
67 * without being considered invalid. This is added to time() when setting a
68 * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
69 * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
70 */
71static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
72
73CT_POLICY_EVAL_CTX *
74CT_POLICY_EVAL_CTX_new(void)
75{
76 CT_POLICY_EVAL_CTX *ctx = calloc(1, sizeof(CT_POLICY_EVAL_CTX));
77
78 if (ctx == NULL) {
79 CTerror(ERR_R_MALLOC_FAILURE);
80 return NULL;
81 }
82
83 /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
84 ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
85 1000;
86
87 return ctx;
88}
89LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_new);
90
91void
92CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
93{
94 if (ctx == NULL)
95 return;
96 X509_free(ctx->cert);
97 X509_free(ctx->issuer);
98 free(ctx);
99}
100LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_free);
101
102int
103CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
104{
105 if (!X509_up_ref(cert))
106 return 0;
107 ctx->cert = cert;
108 return 1;
109}
110LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_set1_cert);
111
112int
113CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
114{
115 if (!X509_up_ref(issuer))
116 return 0;
117 ctx->issuer = issuer;
118 return 1;
119}
120LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_set1_issuer);
121
122void
123CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
124 CTLOG_STORE *log_store)
125{
126 ctx->log_store = log_store;
127}
128LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE);
129
130void
131CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
132{
133 ctx->epoch_time_in_ms = time_in_ms;
134}
135LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_set_time);
136
137X509 *
138CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
139{
140 return ctx->cert;
141}
142LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_get0_cert);
143
144X509 *
145CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
146{
147 return ctx->issuer;
148}
149LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_get0_issuer);
150
151const CTLOG_STORE *
152CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
153{
154 return ctx->log_store;
155}
156LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_get0_log_store);
157
158uint64_t
159CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
160{
161 return ctx->epoch_time_in_ms;
162}
163LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_get_time);
diff --git a/src/lib/libcrypto/ct/ct_prn.c b/src/lib/libcrypto/ct/ct_prn.c
deleted file mode 100644
index e6931eeb09..0000000000
--- a/src/lib/libcrypto/ct/ct_prn.c
+++ /dev/null
@@ -1,211 +0,0 @@
1/* $OpenBSD: ct_prn.c,v 1.7 2023/07/08 07:22:58 beck Exp $ */
2/*
3 * Written by Rob Stradling (rob@comodo.com) and Stephen Henson
4 * (steve@openssl.org) for the OpenSSL project 2014.
5 */
6/* ====================================================================
7 * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#ifdef OPENSSL_NO_CT
61# error "CT is disabled"
62#endif
63
64#include <openssl/asn1.h>
65#include <openssl/bio.h>
66
67#include "ct_local.h"
68
69/*
70 * XXX public api in OpenSSL 1.1.0 but this is the only thing that uses it.
71 * so I am stuffing it here for the moment.
72 */
73static int
74BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
75 int datalen)
76{
77 int i, j = 0;
78
79 if (datalen < 1)
80 return 1;
81
82 for (i = 0; i < datalen - 1; i++) {
83 if (i && !j)
84 BIO_printf(out, "%*s", indent, "");
85
86 BIO_printf(out, "%02X:", data[i]);
87
88 j = (j + 1) % width;
89 if (!j)
90 BIO_printf(out, "\n");
91 }
92
93 if (i && !j)
94 BIO_printf(out, "%*s", indent, "");
95 BIO_printf(out, "%02X", data[datalen - 1]);
96 return 1;
97}
98
99static void
100SCT_signature_algorithms_print(const SCT *sct, BIO *out)
101{
102 int nid = SCT_get_signature_nid(sct);
103
104 if (nid == NID_undef)
105 BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg);
106 else
107 BIO_printf(out, "%s", OBJ_nid2ln(nid));
108}
109
110static void
111timestamp_print(uint64_t timestamp, BIO *out)
112{
113 ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new();
114 char genstr[20];
115
116 if (gen == NULL)
117 return;
118 ASN1_GENERALIZEDTIME_adj(gen, (time_t)0, (int)(timestamp / 86400000),
119 (timestamp % 86400000) / 1000);
120 /*
121 * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
122 * characters long with a final Z. Update it with fractional seconds.
123 */
124 snprintf(genstr, sizeof(genstr), "%.14sZ", ASN1_STRING_get0_data(gen));
125 if (ASN1_GENERALIZEDTIME_set_string(gen, genstr))
126 ASN1_GENERALIZEDTIME_print(out, gen);
127 ASN1_GENERALIZEDTIME_free(gen);
128}
129
130const char *
131SCT_validation_status_string(const SCT *sct)
132{
133 switch (SCT_get_validation_status(sct)) {
134 case SCT_VALIDATION_STATUS_NOT_SET:
135 return "not set";
136 case SCT_VALIDATION_STATUS_UNKNOWN_VERSION:
137 return "unknown version";
138 case SCT_VALIDATION_STATUS_UNKNOWN_LOG:
139 return "unknown log";
140 case SCT_VALIDATION_STATUS_UNVERIFIED:
141 return "unverified";
142 case SCT_VALIDATION_STATUS_INVALID:
143 return "invalid";
144 case SCT_VALIDATION_STATUS_VALID:
145 return "valid";
146 }
147 return "unknown status";
148}
149LCRYPTO_ALIAS(SCT_validation_status_string);
150
151void
152SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *log_store)
153{
154 const CTLOG *log = NULL;
155
156 if (log_store != NULL) {
157 log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id,
158 sct->log_id_len);
159 }
160
161 BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, "");
162 BIO_printf(out, "\n%*sVersion : ", indent + 4, "");
163
164 if (sct->version != SCT_VERSION_V1) {
165 BIO_printf(out, "unknown\n%*s", indent + 16, "");
166 BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len);
167 return;
168 }
169
170 BIO_printf(out, "v1 (0x0)");
171
172 if (log != NULL) {
173 BIO_printf(out, "\n%*sLog : %s", indent + 4, "",
174 CTLOG_get0_name(log));
175 }
176
177 BIO_printf(out, "\n%*sLog ID : ", indent + 4, "");
178 BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len);
179
180 BIO_printf(out, "\n%*sTimestamp : ", indent + 4, "");
181 timestamp_print(sct->timestamp, out);
182
183 BIO_printf(out, "\n%*sExtensions: ", indent + 4, "");
184 if (sct->ext_len == 0)
185 BIO_printf(out, "none");
186 else
187 BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len);
188
189 BIO_printf(out, "\n%*sSignature : ", indent + 4, "");
190 SCT_signature_algorithms_print(sct, out);
191 BIO_printf(out, "\n%*s ", indent + 4, "");
192 BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len);
193}
194LCRYPTO_ALIAS(SCT_print);
195
196void
197SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
198 const char *separator, const CTLOG_STORE *log_store)
199{
200 int sct_count = sk_SCT_num(sct_list);
201 int i;
202
203 for (i = 0; i < sct_count; ++i) {
204 SCT *sct = sk_SCT_value(sct_list, i);
205
206 SCT_print(sct, out, indent, log_store);
207 if (i < sk_SCT_num(sct_list) - 1)
208 BIO_printf(out, "%s", separator);
209 }
210}
211LCRYPTO_ALIAS(SCT_LIST_print);
diff --git a/src/lib/libcrypto/ct/ct_sct.c b/src/lib/libcrypto/ct/ct_sct.c
deleted file mode 100644
index 4b2716e734..0000000000
--- a/src/lib/libcrypto/ct/ct_sct.c
+++ /dev/null
@@ -1,507 +0,0 @@
1/* $OpenBSD: ct_sct.c,v 1.10 2023/07/22 17:02:49 tb Exp $ */
2/*
3 * Written by Rob Stradling (rob@comodo.com), Stephen Henson (steve@openssl.org)
4 * and Adam Eijdenberg (adam.eijdenberg@gmail.com) for the OpenSSL project 2016.
5 */
6/* ====================================================================
7 * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#ifdef OPENSSL_NO_CT
61# error "CT disabled"
62#endif
63
64#include <stdint.h>
65#include <stdlib.h>
66#include <string.h>
67
68#include <openssl/asn1.h>
69#include <openssl/ct.h>
70#include <openssl/err.h>
71#include <openssl/objects.h>
72#include <openssl/x509.h>
73
74#include "ct_local.h"
75
76SCT *
77SCT_new(void)
78{
79 SCT *sct = calloc(1, sizeof(*sct));
80
81 if (sct == NULL) {
82 CTerror(ERR_R_MALLOC_FAILURE);
83 return NULL;
84 }
85
86 sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET;
87 sct->version = SCT_VERSION_NOT_SET;
88 return sct;
89}
90LCRYPTO_ALIAS(SCT_new);
91
92void
93SCT_free(SCT *sct)
94{
95 if (sct == NULL)
96 return;
97
98 free(sct->log_id);
99 free(sct->ext);
100 free(sct->sig);
101 free(sct->sct);
102 free(sct);
103}
104LCRYPTO_ALIAS(SCT_free);
105
106void
107SCT_LIST_free(STACK_OF(SCT) *scts)
108{
109 sk_SCT_pop_free(scts, SCT_free);
110}
111LCRYPTO_ALIAS(SCT_LIST_free);
112
113int
114SCT_set_version(SCT *sct, sct_version_t version)
115{
116 if (version != SCT_VERSION_V1) {
117 CTerror(CT_R_UNSUPPORTED_VERSION);
118 return 0;
119 }
120 sct->version = version;
121 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
122 return 1;
123}
124LCRYPTO_ALIAS(SCT_set_version);
125
126int
127SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type)
128{
129 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
130
131 switch (entry_type) {
132 case CT_LOG_ENTRY_TYPE_X509:
133 case CT_LOG_ENTRY_TYPE_PRECERT:
134 sct->entry_type = entry_type;
135 return 1;
136 case CT_LOG_ENTRY_TYPE_NOT_SET:
137 break;
138 }
139 CTerror(CT_R_UNSUPPORTED_ENTRY_TYPE);
140 return 0;
141}
142LCRYPTO_ALIAS(SCT_set_log_entry_type);
143
144int
145SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len)
146{
147 if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
148 CTerror(CT_R_INVALID_LOG_ID_LENGTH);
149 return 0;
150 }
151
152 free(sct->log_id);
153 sct->log_id = log_id;
154 sct->log_id_len = log_id_len;
155 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
156 return 1;
157}
158LCRYPTO_ALIAS(SCT_set0_log_id);
159
160int
161SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len)
162{
163 if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
164 CTerror(CT_R_INVALID_LOG_ID_LENGTH);
165 return 0;
166 }
167
168 free(sct->log_id);
169 sct->log_id = NULL;
170 sct->log_id_len = 0;
171 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
172
173 if (log_id != NULL && log_id_len > 0) {
174 sct->log_id = malloc(log_id_len);
175 if (sct->log_id == NULL) {
176 CTerror(ERR_R_MALLOC_FAILURE);
177 return 0;
178 }
179 memcpy(sct->log_id, log_id, log_id_len);
180 sct->log_id_len = log_id_len;
181 }
182 return 1;
183}
184LCRYPTO_ALIAS(SCT_set1_log_id);
185
186
187void
188SCT_set_timestamp(SCT *sct, uint64_t timestamp)
189{
190 sct->timestamp = timestamp;
191 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
192}
193LCRYPTO_ALIAS(SCT_set_timestamp);
194
195int
196SCT_set_signature_nid(SCT *sct, int nid)
197{
198 switch (nid) {
199 case NID_sha256WithRSAEncryption:
200 sct->hash_alg = 4; /* XXX */
201 sct->sig_alg = 1; /* XXX */
202 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
203 return 1;
204 case NID_ecdsa_with_SHA256:
205 sct->hash_alg = 4; /* XXX */
206 sct->sig_alg = 3; /* XXX */
207 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
208 return 1;
209 default:
210 CTerror(CT_R_UNRECOGNIZED_SIGNATURE_NID);
211 return 0;
212 }
213}
214LCRYPTO_ALIAS(SCT_set_signature_nid);
215
216void
217SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len)
218{
219 free(sct->ext);
220 sct->ext = ext;
221 sct->ext_len = ext_len;
222 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
223}
224LCRYPTO_ALIAS(SCT_set0_extensions);
225
226int
227SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len)
228{
229 free(sct->ext);
230 sct->ext = NULL;
231 sct->ext_len = 0;
232 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
233
234 if (ext != NULL && ext_len > 0) {
235 sct->ext = malloc(ext_len);
236 if (sct->ext == NULL) {
237 CTerror(ERR_R_MALLOC_FAILURE);
238 return 0;
239 }
240 memcpy(sct->ext, ext, ext_len);
241 sct->ext_len = ext_len;
242 }
243 return 1;
244}
245LCRYPTO_ALIAS(SCT_set1_extensions);
246
247void
248SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len)
249{
250 free(sct->sig);
251 sct->sig = sig;
252 sct->sig_len = sig_len;
253 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
254}
255LCRYPTO_ALIAS(SCT_set0_signature);
256
257int
258SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len)
259{
260 free(sct->sig);
261 sct->sig = NULL;
262 sct->sig_len = 0;
263 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
264
265 if (sig != NULL && sig_len > 0) {
266 sct->sig = malloc(sig_len);
267 if (sct->sig == NULL) {
268 CTerror(ERR_R_MALLOC_FAILURE);
269 return 0;
270 }
271 memcpy(sct->sig, sig, sig_len);
272 sct->sig_len = sig_len;
273 }
274 return 1;
275}
276LCRYPTO_ALIAS(SCT_set1_signature);
277
278sct_version_t
279SCT_get_version(const SCT *sct)
280{
281 return sct->version;
282}
283LCRYPTO_ALIAS(SCT_get_version);
284
285ct_log_entry_type_t
286SCT_get_log_entry_type(const SCT *sct)
287{
288 return sct->entry_type;
289}
290LCRYPTO_ALIAS(SCT_get_log_entry_type);
291
292size_t
293SCT_get0_log_id(const SCT *sct, unsigned char **log_id)
294{
295 *log_id = sct->log_id;
296 return sct->log_id_len;
297}
298LCRYPTO_ALIAS(SCT_get0_log_id);
299
300uint64_t
301SCT_get_timestamp(const SCT *sct)
302{
303 return sct->timestamp;
304}
305LCRYPTO_ALIAS(SCT_get_timestamp);
306
307int
308SCT_get_signature_nid(const SCT *sct)
309{
310 if (sct->version == SCT_VERSION_V1) {
311 /* XXX sigalg numbers */
312 if (sct->hash_alg == 4) {
313 switch (sct->sig_alg) {
314 case 3:
315 return NID_ecdsa_with_SHA256;
316 case 1:
317 return NID_sha256WithRSAEncryption;
318 default:
319 return NID_undef;
320 }
321 }
322 }
323 return NID_undef;
324}
325LCRYPTO_ALIAS(SCT_get_signature_nid);
326
327size_t
328SCT_get0_extensions(const SCT *sct, unsigned char **ext)
329{
330 *ext = sct->ext;
331 return sct->ext_len;
332}
333LCRYPTO_ALIAS(SCT_get0_extensions);
334
335size_t
336SCT_get0_signature(const SCT *sct, unsigned char **sig)
337{
338 *sig = sct->sig;
339 return sct->sig_len;
340}
341LCRYPTO_ALIAS(SCT_get0_signature);
342
343int
344SCT_is_complete(const SCT *sct)
345{
346 switch (sct->version) {
347 case SCT_VERSION_NOT_SET:
348 return 0;
349 case SCT_VERSION_V1:
350 return sct->log_id != NULL && SCT_signature_is_complete(sct);
351 default:
352 return sct->sct != NULL; /* Just need cached encoding */
353 }
354}
355
356int
357SCT_signature_is_complete(const SCT *sct)
358{
359 return SCT_get_signature_nid(sct) != NID_undef &&
360 sct->sig != NULL && sct->sig_len > 0;
361}
362
363sct_source_t
364SCT_get_source(const SCT *sct)
365{
366 return sct->source;
367}
368LCRYPTO_ALIAS(SCT_get_source);
369
370int
371SCT_set_source(SCT *sct, sct_source_t source)
372{
373 sct->source = source;
374 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
375 switch (source) {
376 case SCT_SOURCE_TLS_EXTENSION:
377 case SCT_SOURCE_OCSP_STAPLED_RESPONSE:
378 return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509);
379 case SCT_SOURCE_X509V3_EXTENSION:
380 return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT);
381 case SCT_SOURCE_UNKNOWN:
382 break;
383 }
384 /* if we aren't sure, leave the log entry type alone */
385 return 1;
386}
387LCRYPTO_ALIAS(SCT_set_source);
388
389sct_validation_status_t
390SCT_get_validation_status(const SCT *sct)
391{
392 return sct->validation_status;
393}
394LCRYPTO_ALIAS(SCT_get_validation_status);
395
396int
397SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx)
398{
399 int is_sct_valid = -1;
400 SCT_CTX *sctx = NULL;
401 X509_PUBKEY *pub = NULL, *log_pkey = NULL;
402 const CTLOG *log;
403
404 /*
405 * With an unrecognized SCT version we don't know what such an SCT means,
406 * let alone validate one. So we return validation failure (0).
407 */
408 if (sct->version != SCT_VERSION_V1) {
409 sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION;
410 return 0;
411 }
412
413 log = CTLOG_STORE_get0_log_by_id(ctx->log_store, sct->log_id,
414 sct->log_id_len);
415
416 /* Similarly, an SCT from an unknown log also cannot be validated. */
417 if (log == NULL) {
418 sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG;
419 return 0;
420 }
421
422 sctx = SCT_CTX_new();
423 if (sctx == NULL)
424 goto err;
425
426 if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1)
427 goto err;
428 if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1)
429 goto err;
430
431 if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) {
432 EVP_PKEY *issuer_pkey;
433
434 if (ctx->issuer == NULL) {
435 sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
436 goto end;
437 }
438
439 if ((issuer_pkey = X509_get0_pubkey(ctx->issuer)) == NULL)
440 goto err;
441
442 if (X509_PUBKEY_set(&pub, issuer_pkey) != 1)
443 goto err;
444 if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1)
445 goto err;
446 }
447
448 SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms);
449
450 /*
451 * XXX: Potential for optimization. This repeats some idempotent heavy
452 * lifting on the certificate for each candidate SCT, and appears to not
453 * use any information in the SCT itself, only the certificate is
454 * processed. So it may make more sense to to do this just once, perhaps
455 * associated with the shared (by all SCTs) policy eval ctx.
456 *
457 * XXX: Failure here is global (SCT independent) and represents either an
458 * issue with the certificate (e.g. duplicate extensions) or an out of
459 * memory condition. When the certificate is incompatible with CT, we just
460 * mark the SCTs invalid, rather than report a failure to determine the
461 * validation status. That way, callbacks that want to do "soft" SCT
462 * processing will not abort handshakes with false positive internal
463 * errors. Since the function does not distinguish between certificate
464 * issues (peer's fault) and internal problems (out fault) the safe thing
465 * to do is to report a validation failure and let the callback or
466 * application decide what to do.
467 */
468 if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
469 sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
470 else
471 sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ?
472 SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
473
474 end:
475 is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID;
476 err:
477 X509_PUBKEY_free(pub);
478 X509_PUBKEY_free(log_pkey);
479 SCT_CTX_free(sctx);
480
481 return is_sct_valid;
482}
483LCRYPTO_ALIAS(SCT_validate);
484
485int
486SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx)
487{
488 int are_scts_valid = 1;
489 int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
490 int i;
491
492 for (i = 0; i < sct_count; ++i) {
493 int is_sct_valid = -1;
494 SCT *sct = sk_SCT_value(scts, i);
495
496 if (sct == NULL)
497 continue;
498
499 is_sct_valid = SCT_validate(sct, ctx);
500 if (is_sct_valid < 0)
501 return is_sct_valid;
502 are_scts_valid &= is_sct_valid;
503 }
504
505 return are_scts_valid;
506}
507LCRYPTO_ALIAS(SCT_LIST_validate);
diff --git a/src/lib/libcrypto/ct/ct_sct_ctx.c b/src/lib/libcrypto/ct/ct_sct_ctx.c
deleted file mode 100644
index b2b6d4e269..0000000000
--- a/src/lib/libcrypto/ct/ct_sct_ctx.c
+++ /dev/null
@@ -1,323 +0,0 @@
1/* $OpenBSD: ct_sct_ctx.c,v 1.6 2022/06/30 11:14:47 tb Exp $ */
2/*
3 * Written by Rob Stradling (rob@comodo.com) and Stephen Henson
4 * (steve@openssl.org) for the OpenSSL project 2014.
5 */
6/* ====================================================================
7 * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#ifdef OPENSSL_NO_CT
61# error "CT is disabled"
62#endif
63
64#include <stddef.h>
65#include <string.h>
66
67#include <openssl/err.h>
68#include <openssl/objects.h>
69#include <openssl/x509.h>
70
71#include "ct_local.h"
72
73SCT_CTX *
74SCT_CTX_new(void)
75{
76 SCT_CTX *sctx = calloc(1, sizeof(*sctx));
77
78 if (sctx == NULL)
79 CTerror(ERR_R_MALLOC_FAILURE);
80
81 return sctx;
82}
83
84void
85SCT_CTX_free(SCT_CTX *sctx)
86{
87 if (sctx == NULL)
88 return;
89 EVP_PKEY_free(sctx->pkey);
90 free(sctx->pkeyhash);
91 free(sctx->ihash);
92 free(sctx->certder);
93 free(sctx->preder);
94 free(sctx);
95}
96
97/*
98 * Finds the index of the first extension with the given NID in cert.
99 * If there is more than one extension with that NID, *is_duplicated is set to
100 * 1, otherwise 0 (unless it is NULL).
101 */
102static int
103ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
104{
105 int ret = X509_get_ext_by_NID(cert, nid, -1);
106
107 if (is_duplicated != NULL)
108 *is_duplicated = ret >= 0 &&
109 X509_get_ext_by_NID(cert, nid, ret) >= 0;
110
111 return ret;
112}
113
114/*
115 * Modifies a certificate by deleting extensions and copying the issuer and
116 * AKID from the presigner certificate, if necessary.
117 * Returns 1 on success, 0 otherwise.
118 */
119static int
120ct_x509_cert_fixup(X509 *cert, X509 *presigner)
121{
122 int preidx, certidx;
123 int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
124
125 if (presigner == NULL)
126 return 1;
127
128 preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier,
129 &pre_akid_ext_is_dup);
130 certidx = ct_x509_get_ext(cert, NID_authority_key_identifier,
131 &cert_akid_ext_is_dup);
132
133 /* An error occurred whilst searching for the extension */
134 if (preidx < -1 || certidx < -1)
135 return 0;
136 /* Invalid certificate if they contain duplicate extensions */
137 if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)
138 return 0;
139 /* AKID must be present in both certificate or absent in both */
140 if (preidx >= 0 && certidx == -1)
141 return 0;
142 if (preidx == -1 && certidx >= 0)
143 return 0;
144 /* Copy issuer name */
145 if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
146 return 0;
147 if (preidx != -1) {
148 /* Retrieve and copy AKID encoding */
149 X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
150 X509_EXTENSION *certext = X509_get_ext(cert, certidx);
151 ASN1_OCTET_STRING *preextdata;
152
153 /* Should never happen */
154 if (preext == NULL || certext == NULL)
155 return 0;
156 preextdata = X509_EXTENSION_get_data(preext);
157 if (preextdata == NULL ||
158 !X509_EXTENSION_set_data(certext, preextdata))
159 return 0;
160 }
161 return 1;
162}
163
164int
165SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
166{
167 unsigned char *certder = NULL, *preder = NULL;
168 X509 *pretmp = NULL;
169 int certderlen = 0, prederlen = 0;
170 int idx = -1;
171 int poison_ext_is_dup, sct_ext_is_dup;
172 int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup);
173
174 /* Duplicate poison extensions are present - error */
175 if (poison_ext_is_dup)
176 goto err;
177
178 /* If *cert doesn't have a poison extension, it isn't a precert */
179 if (poison_idx == -1) {
180 /* cert isn't a precert, so we shouldn't have a presigner */
181 if (presigner != NULL)
182 goto err;
183
184 certderlen = i2d_X509(cert, &certder);
185 if (certderlen < 0)
186 goto err;
187 }
188
189 /* See if cert has a precert SCTs extension */
190 idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup);
191 /* Duplicate SCT extensions are present - error */
192 if (sct_ext_is_dup)
193 goto err;
194
195 if (idx >= 0 && poison_idx >= 0) {
196 /*
197 * cert can't both contain SCTs (i.e. have an SCT extension) and be a
198 * precert (i.e. have a poison extension).
199 */
200 goto err;
201 }
202
203 if (idx == -1) {
204 idx = poison_idx;
205 }
206
207 /*
208 * If either a poison or SCT extension is present, remove it before encoding
209 * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see
210 * RFC5280) from cert, which is what the CT log signed when it produced the
211 * SCT.
212 */
213 if (idx >= 0) {
214 X509_EXTENSION *ext;
215
216 /* Take a copy of certificate so we don't modify passed version */
217 pretmp = X509_dup(cert);
218 if (pretmp == NULL)
219 goto err;
220
221 ext = X509_delete_ext(pretmp, idx);
222 X509_EXTENSION_free(ext);
223
224 if (!ct_x509_cert_fixup(pretmp, presigner))
225 goto err;
226
227 prederlen = i2d_re_X509_tbs(pretmp, &preder);
228 if (prederlen <= 0)
229 goto err;
230 }
231
232 X509_free(pretmp);
233
234 free(sctx->certder);
235 sctx->certder = certder;
236 sctx->certderlen = certderlen;
237
238 free(sctx->preder);
239 sctx->preder = preder;
240 sctx->prederlen = prederlen;
241
242 return 1;
243 err:
244 free(certder);
245 free(preder);
246 X509_free(pretmp);
247 return 0;
248}
249
250static int
251ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, size_t *hash_len)
252{
253 int ret = 0;
254 unsigned char *md = NULL, *der = NULL;
255 int der_len;
256 unsigned int md_len;
257
258 /* Reuse buffer if possible */
259 if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {
260 md = *hash;
261 } else {
262 md = malloc(SHA256_DIGEST_LENGTH);
263 if (md == NULL)
264 goto err;
265 }
266
267 /* Calculate key hash */
268 der_len = i2d_X509_PUBKEY(pkey, &der);
269 if (der_len <= 0)
270 goto err;
271
272 if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL))
273 goto err;
274
275 if (md != *hash) {
276 free(*hash);
277 *hash = md;
278 *hash_len = SHA256_DIGEST_LENGTH;
279 }
280
281 md = NULL;
282 ret = 1;
283 err:
284 free(md);
285 free(der);
286 return ret;
287}
288
289int
290SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
291{
292 return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
293}
294
295int
296SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
297{
298 return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen);
299}
300
301int
302SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
303{
304 EVP_PKEY *pkey = X509_PUBKEY_get(pubkey);
305
306 if (pkey == NULL)
307 return 0;
308
309 if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) {
310 EVP_PKEY_free(pkey);
311 return 0;
312 }
313
314 EVP_PKEY_free(sctx->pkey);
315 sctx->pkey = pkey;
316 return 1;
317}
318
319void
320SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms)
321{
322 sctx->epoch_time_in_ms = time_in_ms;
323}
diff --git a/src/lib/libcrypto/ct/ct_vfy.c b/src/lib/libcrypto/ct/ct_vfy.c
deleted file mode 100644
index 424117263a..0000000000
--- a/src/lib/libcrypto/ct/ct_vfy.c
+++ /dev/null
@@ -1,195 +0,0 @@
1/* $OpenBSD: ct_vfy.c,v 1.6 2022/01/06 14:34:40 jsing Exp $ */
2/*
3 * Written by Rob Stradling (rob@comodo.com) and Stephen Henson
4 * (steve@openssl.org) for the OpenSSL project 2014.
5 */
6/* ====================================================================
7 * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <string.h>
61
62#include <openssl/ct.h>
63#include <openssl/err.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66
67#include "ct_local.h"
68
69typedef enum sct_signature_type_t {
70 SIGNATURE_TYPE_NOT_SET = -1,
71 SIGNATURE_TYPE_CERT_TIMESTAMP,
72 SIGNATURE_TYPE_TREE_HASH
73} SCT_SIGNATURE_TYPE;
74
75/*
76 * Update encoding for SCT signature verification/generation to supplied
77 * EVP_MD_CTX.
78 */
79static int
80sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
81{
82 CBB cbb, entry, extensions;
83 uint8_t *data = NULL;
84 size_t data_len;
85 int ret = 0;
86
87 memset(&cbb, 0, sizeof(cbb));
88
89 if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
90 goto err;
91 if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
92 goto err;
93
94 if (!CBB_init(&cbb, 0))
95 goto err;
96
97 /*
98 * Build the digitally-signed struct per RFC 6962 section 3.2.
99 */
100 if (!CBB_add_u8(&cbb, sct->version))
101 goto err;
102 if (!CBB_add_u8(&cbb, SIGNATURE_TYPE_CERT_TIMESTAMP))
103 goto err;
104 if (!CBB_add_u64(&cbb, sct->timestamp))
105 goto err;
106 if (!CBB_add_u16(&cbb, sct->entry_type))
107 goto err;
108
109 if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) {
110 if (!CBB_add_bytes(&cbb, sctx->ihash, sctx->ihashlen))
111 goto err;
112 }
113
114 if (!CBB_add_u24_length_prefixed(&cbb, &entry))
115 goto err;
116 if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) {
117 if (sctx->preder == NULL)
118 goto err;
119 if (!CBB_add_bytes(&entry, sctx->preder, sctx->prederlen))
120 goto err;
121 } else {
122 if (sctx->certder == NULL)
123 goto err;
124 if (!CBB_add_bytes(&entry, sctx->certder, sctx->certderlen))
125 goto err;
126 }
127
128 if (!CBB_add_u16_length_prefixed(&cbb, &extensions))
129 goto err;
130 if (sct->ext_len > 0) {
131 if (!CBB_add_bytes(&extensions, sct->ext, sct->ext_len))
132 goto err;
133 }
134
135 if (!CBB_finish(&cbb, &data, &data_len))
136 goto err;
137
138 if (!EVP_DigestUpdate(ctx, data, data_len))
139 goto err;
140
141 ret = 1;
142
143 err:
144 CBB_cleanup(&cbb);
145 free(data);
146
147 return ret;
148}
149
150int
151SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
152{
153 EVP_MD_CTX *ctx = NULL;
154 int ret = 0;
155
156 if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
157 sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
158 (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT &&
159 sctx->ihash == NULL)) {
160 CTerror(CT_R_SCT_NOT_SET);
161 return 0;
162 }
163 if (sct->version != SCT_VERSION_V1) {
164 CTerror(CT_R_SCT_UNSUPPORTED_VERSION);
165 return 0;
166 }
167 if (sct->log_id_len != sctx->pkeyhashlen ||
168 memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
169 CTerror(CT_R_SCT_LOG_ID_MISMATCH);
170 return 0;
171 }
172 if (sct->timestamp > sctx->epoch_time_in_ms) {
173 CTerror(CT_R_SCT_FUTURE_TIMESTAMP);
174 return 0;
175 }
176
177 if ((ctx = EVP_MD_CTX_new()) == NULL)
178 goto end;
179
180 if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
181 goto end;
182
183 if (!sct_ctx_update(ctx, sctx, sct))
184 goto end;
185
186 /* Verify signature */
187 /* If ret < 0 some other error: fall through without setting error */
188 if ((ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len)) == 0)
189 CTerror(CT_R_SCT_INVALID_SIGNATURE);
190
191 end:
192 EVP_MD_CTX_free(ctx);
193
194 return ret;
195}
diff --git a/src/lib/libcrypto/ct/ct_x509v3.c b/src/lib/libcrypto/ct/ct_x509v3.c
deleted file mode 100644
index b14ffc9532..0000000000
--- a/src/lib/libcrypto/ct/ct_x509v3.c
+++ /dev/null
@@ -1,201 +0,0 @@
1/* $OpenBSD: ct_x509v3.c,v 1.7 2024/07/13 15:08:58 tb Exp $ */
2/*
3 * Written by Rob Stradling (rob@comodo.com) and Stephen Henson
4 * (steve@openssl.org) for the OpenSSL project 2014.
5 */
6/* ====================================================================
7 * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#ifdef OPENSSL_NO_CT
61# error "CT is disabled"
62#endif
63
64#include <string.h>
65
66#include "ct_local.h"
67
68static char *
69i2s_poison(const X509V3_EXT_METHOD *method, void *val)
70{
71 return strdup("NULL");
72}
73
74static void *
75s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
76{
77 return ASN1_NULL_new();
78}
79
80static int
81i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, BIO *out,
82 int indent)
83{
84 SCT_LIST_print(sct_list, out, indent, "\n", NULL);
85 return 1;
86}
87
88static int
89set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
90{
91 if (s != NULL) {
92 int i;
93
94 for (i = 0; i < sk_SCT_num(s); i++) {
95 int res = SCT_set_source(sk_SCT_value(s, i), source);
96
97 if (res != 1) {
98 return 0;
99 }
100 }
101 }
102 return 1;
103}
104
105static STACK_OF(SCT) *
106x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
107{
108 STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
109
110 if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
111 SCT_LIST_free(s);
112 *a = NULL;
113 return NULL;
114 }
115 return s;
116}
117
118static STACK_OF(SCT) *
119ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
120{
121 STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
122
123 if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
124 SCT_LIST_free(s);
125 *a = NULL;
126 return NULL;
127 }
128 return s;
129}
130
131/* X509v3 extension in certificates that contains SCTs */
132static const X509V3_EXT_METHOD x509v3_ext_ct_precert_scts = {
133 .ext_nid = NID_ct_precert_scts,
134 .ext_flags = 0,
135 .it = NULL,
136 .ext_new = NULL,
137 .ext_free = (X509V3_EXT_FREE)SCT_LIST_free,
138 .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST,
139 .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST,
140 .i2s = NULL,
141 .s2i = NULL,
142 .i2v = NULL,
143 .v2i = NULL,
144 .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST,
145 .r2i = NULL,
146 .usr_data = NULL,
147};
148
149const X509V3_EXT_METHOD *
150x509v3_ext_method_ct_precert_scts(void)
151{
152 return &x509v3_ext_ct_precert_scts;
153}
154
155/* X509v3 extension to mark a certificate as a pre-certificate */
156static const X509V3_EXT_METHOD x509v3_ext_ct_precert_poison = {
157 .ext_nid = NID_ct_precert_poison,
158 .ext_flags = 0,
159 .it = &ASN1_NULL_it,
160 .ext_new = NULL,
161 .ext_free = NULL,
162 .d2i = NULL,
163 .i2d = NULL,
164 .i2s = i2s_poison,
165 .s2i = s2i_poison,
166 .i2v = NULL,
167 .v2i = NULL,
168 .i2r = NULL,
169 .r2i = NULL,
170 .usr_data = NULL,
171};
172
173const X509V3_EXT_METHOD *
174x509v3_ext_method_ct_precert_poison(void)
175{
176 return &x509v3_ext_ct_precert_poison;
177}
178
179/* OCSP extension that contains SCTs */
180static const X509V3_EXT_METHOD x509v3_ext_ct_cert_scts = {
181 .ext_nid = NID_ct_cert_scts,
182 .ext_flags = 0,
183 .it = NULL,
184 .ext_new = NULL,
185 .ext_free = (X509V3_EXT_FREE)SCT_LIST_free,
186 .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST,
187 .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST,
188 .i2s = NULL,
189 .s2i = NULL,
190 .i2v = NULL,
191 .v2i = NULL,
192 .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST,
193 .r2i = NULL,
194 .usr_data = NULL,
195};
196
197const X509V3_EXT_METHOD *
198x509v3_ext_method_ct_cert_scts(void)
199{
200 return &x509v3_ext_ct_cert_scts;
201}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-23 20:48:59 +0000