summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/ct/ct.h65
-rw-r--r--src/lib/libcrypto/ct/ct_b64.c260
-rw-r--r--src/lib/libcrypto/ct/ct_err.c136
-rw-r--r--src/lib/libcrypto/ct/ct_local.h96
-rw-r--r--src/lib/libcrypto/ct/ct_log.c371
-rw-r--r--src/lib/libcrypto/ct/ct_oct.c707
-rw-r--r--src/lib/libcrypto/ct/ct_policy.c84
-rw-r--r--src/lib/libcrypto/ct/ct_prn.c168
-rw-r--r--src/lib/libcrypto/ct/ct_sct.c603
-rw-r--r--src/lib/libcrypto/ct/ct_sct_ctx.c398
-rw-r--r--src/lib/libcrypto/ct/ct_vfy.c222
-rw-r--r--src/lib/libcrypto/ct/ct_x509v3.c126
12 files changed, 1653 insertions, 1583 deletions
diff --git a/src/lib/libcrypto/ct/ct.h b/src/lib/libcrypto/ct/ct.h
index ebdba34d67..ac981fa0b5 100644
--- a/src/lib/libcrypto/ct/ct.h
+++ b/src/lib/libcrypto/ct/ct.h
@@ -8,51 +8,51 @@
8 */ 8 */
9 9
10#ifndef HEADER_CT_H 10#ifndef HEADER_CT_H
11# define HEADER_CT_H 11#define HEADER_CT_H
12 12
13# include <openssl/opensslconf.h> 13#include <openssl/opensslconf.h>
14 14
15# ifndef OPENSSL_NO_CT 15#ifndef OPENSSL_NO_CT
16# include <openssl/ossl_typ.h> 16#include <openssl/ossl_typ.h>
17# include <openssl/safestack.h> 17#include <openssl/safestack.h>
18# include <openssl/x509.h> 18#include <openssl/x509.h>
19# include <openssl/cterr.h> 19#include <openssl/cterr.h>
20# ifdef __cplusplus 20#ifdef __cplusplus
21extern "C" { 21extern "C" {
22# endif 22#endif
23 23
24 24
25/* Minimum RSA key size, from RFC6962 */ 25/* Minimum RSA key size, from RFC6962 */
26# define SCT_MIN_RSA_BITS 2048 26#define SCT_MIN_RSA_BITS 2048
27 27
28/* All hashes are SHA256 in v1 of Certificate Transparency */ 28/* All hashes are SHA256 in v1 of Certificate Transparency */
29# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH 29#define CT_V1_HASHLEN SHA256_DIGEST_LENGTH
30 30
31typedef enum { 31typedef enum {
32 CT_LOG_ENTRY_TYPE_NOT_SET = -1, 32 CT_LOG_ENTRY_TYPE_NOT_SET = -1,
33 CT_LOG_ENTRY_TYPE_X509 = 0, 33 CT_LOG_ENTRY_TYPE_X509 = 0,
34 CT_LOG_ENTRY_TYPE_PRECERT = 1 34 CT_LOG_ENTRY_TYPE_PRECERT = 1
35} ct_log_entry_type_t; 35} ct_log_entry_type_t;
36 36
37typedef enum { 37typedef enum {
38 SCT_VERSION_NOT_SET = -1, 38 SCT_VERSION_NOT_SET = -1,
39 SCT_VERSION_V1 = 0 39 SCT_VERSION_V1 = 0
40} sct_version_t; 40} sct_version_t;
41 41
42typedef enum { 42typedef enum {
43 SCT_SOURCE_UNKNOWN, 43 SCT_SOURCE_UNKNOWN,
44 SCT_SOURCE_TLS_EXTENSION, 44 SCT_SOURCE_TLS_EXTENSION,
45 SCT_SOURCE_X509V3_EXTENSION, 45 SCT_SOURCE_X509V3_EXTENSION,
46 SCT_SOURCE_OCSP_STAPLED_RESPONSE 46 SCT_SOURCE_OCSP_STAPLED_RESPONSE
47} sct_source_t; 47} sct_source_t;
48 48
49typedef enum { 49typedef enum {
50 SCT_VALIDATION_STATUS_NOT_SET, 50 SCT_VALIDATION_STATUS_NOT_SET,
51 SCT_VALIDATION_STATUS_UNKNOWN_LOG, 51 SCT_VALIDATION_STATUS_UNKNOWN_LOG,
52 SCT_VALIDATION_STATUS_VALID, 52 SCT_VALIDATION_STATUS_VALID,
53 SCT_VALIDATION_STATUS_INVALID, 53 SCT_VALIDATION_STATUS_INVALID,
54 SCT_VALIDATION_STATUS_UNVERIFIED, 54 SCT_VALIDATION_STATUS_UNVERIFIED,
55 SCT_VALIDATION_STATUS_UNKNOWN_VERSION 55 SCT_VALIDATION_STATUS_UNKNOWN_VERSION
56} sct_validation_status_t; 56} sct_validation_status_t;
57 57
58DEFINE_STACK_OF(SCT) 58DEFINE_STACK_OF(SCT)
@@ -288,7 +288,7 @@ void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
288 * came from, so that the log names can be printed. 288 * came from, so that the log names can be printed.
289 */ 289 */
290void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, 290void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
291 const char *separator, const CTLOG_STORE *logs); 291 const char *separator, const CTLOG_STORE *logs);
292 292
293/* 293/*
294 * Gets the last result of validating this SCT. 294 * Gets the last result of validating this SCT.
@@ -313,7 +313,7 @@ __owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
313 * Returns a negative integer if an error occurs. 313 * Returns a negative integer if an error occurs.
314 */ 314 */
315__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, 315__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts,
316 CT_POLICY_EVAL_CTX *ctx); 316 CT_POLICY_EVAL_CTX *ctx);
317 317
318 318
319/********************************* 319/*********************************
@@ -345,7 +345,7 @@ __owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
345 * not defined. 345 * not defined.
346 */ 346 */
347STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, 347STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
348 size_t len); 348 size_t len);
349 349
350/* 350/*
351 * Serialize (to DER format) a stack of SCTs and return the length. 351 * Serialize (to DER format) a stack of SCTs and return the length.
@@ -372,7 +372,7 @@ __owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
372 * not defined. 372 * not defined.
373 */ 373 */
374STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, 374STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
375 long len); 375 long len);
376 376
377/* 377/*
378 * Serialize (to TLS format) an |sct| and write it to |out|. 378 * Serialize (to TLS format) an |sct| and write it to |out|.
@@ -428,7 +428,7 @@ void CTLOG_free(CTLOG *log);
428const char *CTLOG_get0_name(const CTLOG *log); 428const char *CTLOG_get0_name(const CTLOG *log);
429/* Gets the ID of the CT log */ 429/* Gets the ID of the CT log */
430void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, 430void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
431 size_t *log_id_len); 431 size_t *log_id_len);
432/* Gets the public key of the CT log */ 432/* Gets the public key of the CT log */
433EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); 433EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
434 434
@@ -452,8 +452,7 @@ void CTLOG_STORE_free(CTLOG_STORE *store);
452 * Returns the CT log, or NULL if no match is found. 452 * Returns the CT log, or NULL if no match is found.
453 */ 453 */
454const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, 454const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
455 const uint8_t *log_id, 455 const uint8_t *log_id, size_t log_id_len);
456 size_t log_id_len);
457 456
458/* 457/*
459 * Loads a CT log list into a |store| from a |file|. 458 * Loads a CT log list into a |store| from a |file|.
diff --git a/src/lib/libcrypto/ct/ct_b64.c b/src/lib/libcrypto/ct/ct_b64.c
index 4abe11ca29..8ca5f469df 100644
--- a/src/lib/libcrypto/ct/ct_b64.c
+++ b/src/lib/libcrypto/ct/ct_b64.c
@@ -21,109 +21,110 @@
21 * A new string will be malloc'd and assigned to |out|. This will be owned by 21 * A new string will be malloc'd and assigned to |out|. This will be owned by
22 * the caller. Do not provide a pre-allocated string in |out|. 22 * the caller. Do not provide a pre-allocated string in |out|.
23 */ 23 */
24static int ct_base64_decode(const char *in, unsigned char **out) 24static int
25ct_base64_decode(const char *in, unsigned char **out)
25{ 26{
26 size_t inlen = strlen(in); 27 size_t inlen = strlen(in);
27 int outlen, i; 28 int outlen, i;
28 unsigned char *outbuf = NULL; 29 unsigned char *outbuf = NULL;
29 30
30 if (inlen == 0) { 31 if (inlen == 0) {
31 *out = NULL; 32 *out = NULL;
32 return 0; 33 return 0;
33 } 34 }
34 35
35 outlen = (inlen / 4) * 3; 36 outlen = (inlen / 4) * 3;
36 outbuf = OPENSSL_malloc(outlen); 37 outbuf = OPENSSL_malloc(outlen);
37 if (outbuf == NULL) { 38 if (outbuf == NULL) {
38 CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE); 39 CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);
39 goto err; 40 goto err;
40 } 41 }
41 42
42 outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen); 43 outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
43 if (outlen < 0) { 44 if (outlen < 0) {
44 CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR); 45 CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);
45 goto err; 46 goto err;
46 } 47 }
47 48
48 /* Subtract padding bytes from |outlen|. Any more than 2 is malformed. */ 49 /* Subtract padding bytes from |outlen|. Any more than 2 is malformed. */
49 i = 0; 50 i = 0;
50 while (in[--inlen] == '=') { 51 while (in[--inlen] == '=') {
51 --outlen; 52 --outlen;
52 if (++i > 2) 53 if (++i > 2)
53 goto err; 54 goto err;
54 } 55 }
55 56
56 *out = outbuf; 57 *out = outbuf;
57 return outlen; 58 return outlen;
58err: 59 err:
59 OPENSSL_free(outbuf); 60 OPENSSL_free(outbuf);
60 return -1; 61 return -1;
61} 62}
62 63
63SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64, 64SCT *
64 ct_log_entry_type_t entry_type, uint64_t timestamp, 65SCT_new_from_base64(unsigned char version, const char *logid_base64,
65 const char *extensions_base64, 66 ct_log_entry_type_t entry_type, uint64_t timestamp,
66 const char *signature_base64) 67 const char *extensions_base64, const char *signature_base64)
67{ 68{
68 SCT *sct = SCT_new(); 69 SCT *sct = SCT_new();
69 unsigned char *dec = NULL; 70 unsigned char *dec = NULL;
70 const unsigned char* p = NULL; 71 const unsigned char* p = NULL;
71 int declen; 72 int declen;
72 73
73 if (sct == NULL) { 74 if (sct == NULL) {
74 CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE); 75 CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
75 return NULL; 76 return NULL;
76 } 77 }
77 78
78 /* 79 /*
79 * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we 80 * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
80 * can only construct SCT versions that have been defined. 81 * can only construct SCT versions that have been defined.
81 */ 82 */
82 if (!SCT_set_version(sct, version)) { 83 if (!SCT_set_version(sct, version)) {
83 CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION); 84 CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
84 goto err; 85 goto err;
85 } 86 }
86 87
87 declen = ct_base64_decode(logid_base64, &dec); 88 declen = ct_base64_decode(logid_base64, &dec);
88 if (declen < 0) { 89 if (declen < 0) {
89 CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR); 90 CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
90 goto err; 91 goto err;
91 } 92 }
92 if (!SCT_set0_log_id(sct, dec, declen)) 93 if (!SCT_set0_log_id(sct, dec, declen))
93 goto err; 94 goto err;
94 dec = NULL; 95 dec = NULL;
95 96
96 declen = ct_base64_decode(extensions_base64, &dec); 97 declen = ct_base64_decode(extensions_base64, &dec);
97 if (declen < 0) { 98 if (declen < 0) {
98 CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR); 99 CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
99 goto err; 100 goto err;
100 } 101 }
101 SCT_set0_extensions(sct, dec, declen); 102 SCT_set0_extensions(sct, dec, declen);
102 dec = NULL; 103 dec = NULL;
103 104
104 declen = ct_base64_decode(signature_base64, &dec); 105 declen = ct_base64_decode(signature_base64, &dec);
105 if (declen < 0) { 106 if (declen < 0) {
106 CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR); 107 CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
107 goto err; 108 goto err;
108 } 109 }
109 110
110 p = dec; 111 p = dec;
111 if (o2i_SCT_signature(sct, &p, declen) <= 0) 112 if (o2i_SCT_signature(sct, &p, declen) <= 0)
112 goto err; 113 goto err;
113 OPENSSL_free(dec); 114 OPENSSL_free(dec);
114 dec = NULL; 115 dec = NULL;
115 116
116 SCT_set_timestamp(sct, timestamp); 117 SCT_set_timestamp(sct, timestamp);
117 118
118 if (!SCT_set_log_entry_type(sct, entry_type)) 119 if (!SCT_set_log_entry_type(sct, entry_type))
119 goto err; 120 goto err;
120 121
121 return sct; 122 return sct;
122 123
123 err: 124 err:
124 OPENSSL_free(dec); 125 OPENSSL_free(dec);
125 SCT_free(sct); 126 SCT_free(sct);
126 return NULL; 127 return NULL;
127} 128}
128 129
129/* 130/*
@@ -132,37 +133,38 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
132 * 0 on decoding failure, or invalid parameter if any 133 * 0 on decoding failure, or invalid parameter if any
133 * -1 on internal (malloc) failure 134 * -1 on internal (malloc) failure
134 */ 135 */
135int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name) 136int
137CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
136{ 138{
137 unsigned char *pkey_der = NULL; 139 unsigned char *pkey_der = NULL;
138 int pkey_der_len; 140 int pkey_der_len;
139 const unsigned char *p; 141 const unsigned char *p;
140 EVP_PKEY *pkey = NULL; 142 EVP_PKEY *pkey = NULL;
141 143
142 if (ct_log == NULL) { 144 if (ct_log == NULL) {
143 CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT); 145 CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);
144 return 0; 146 return 0;
145 } 147 }
146 148
147 pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der); 149 pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
148 if (pkey_der_len < 0) { 150 if (pkey_der_len < 0) {
149 CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY); 151 CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
150 return 0; 152 return 0;
151 } 153 }
152 154
153 p = pkey_der; 155 p = pkey_der;
154 pkey = d2i_PUBKEY(NULL, &p, pkey_der_len); 156 pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
155 OPENSSL_free(pkey_der); 157 OPENSSL_free(pkey_der);
156 if (pkey == NULL) { 158 if (pkey == NULL) {
157 CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY); 159 CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
158 return 0; 160 return 0;
159 } 161 }
160 162
161 *ct_log = CTLOG_new(pkey, name); 163 *ct_log = CTLOG_new(pkey, name);
162 if (*ct_log == NULL) { 164 if (*ct_log == NULL) {
163 EVP_PKEY_free(pkey); 165 EVP_PKEY_free(pkey);
164 return 0; 166 return 0;
165 } 167 }
166 168
167 return 1; 169 return 1;
168} 170}
diff --git a/src/lib/libcrypto/ct/ct_err.c b/src/lib/libcrypto/ct/ct_err.c
index c0c62fee6c..ab49f58e5a 100644
--- a/src/lib/libcrypto/ct/ct_err.c
+++ b/src/lib/libcrypto/ct/ct_err.c
@@ -14,72 +14,72 @@
14#ifndef OPENSSL_NO_ERR 14#ifndef OPENSSL_NO_ERR
15 15
16static const ERR_STRING_DATA CT_str_functs[] = { 16static const ERR_STRING_DATA CT_str_functs[] = {
17 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"}, 17 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"},
18 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0), 18 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0),
19 "CTLOG_new_from_base64"}, 19 "CTLOG_new_from_base64"},
20 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), "ctlog_new_from_conf"}, 20 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), "ctlog_new_from_conf"},
21 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0), 21 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0),
22 "ctlog_store_load_ctx_new"}, 22 "ctlog_store_load_ctx_new"},
23 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0), 23 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0),
24 "CTLOG_STORE_load_file"}, 24 "CTLOG_STORE_load_file"},
25 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0), 25 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0),
26 "ctlog_store_load_log"}, 26 "ctlog_store_load_log"},
27 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"}, 27 {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"},
28 {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"}, 28 {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"},
29 {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0), 29 {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0),
30 "CT_POLICY_EVAL_CTX_new"}, 30 "CT_POLICY_EVAL_CTX_new"},
31 {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0), 31 {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0),
32 "ct_v1_log_id_from_pkey"}, 32 "ct_v1_log_id_from_pkey"},
33 {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"}, 33 {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"},
34 {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"}, 34 {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"},
35 {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"}, 35 {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"},
36 {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"}, 36 {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"},
37 {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"}, 37 {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"},
38 {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"}, 38 {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"},
39 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"}, 39 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"},
40 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"}, 40 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"},
41 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"}, 41 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"},
42 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), "SCT_new_from_base64"}, 42 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), "SCT_new_from_base64"},
43 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"}, 43 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"},
44 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), "SCT_set1_extensions"}, 44 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), "SCT_set1_extensions"},
45 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"}, 45 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"},
46 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), "SCT_set1_signature"}, 46 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), "SCT_set1_signature"},
47 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0), 47 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0),
48 "SCT_set_log_entry_type"}, 48 "SCT_set_log_entry_type"},
49 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0), 49 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0),
50 "SCT_set_signature_nid"}, 50 "SCT_set_signature_nid"},
51 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"}, 51 {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"},
52 {0, NULL} 52 {0, NULL}
53}; 53};
54 54
55static const ERR_STRING_DATA CT_str_reasons[] = { 55static const ERR_STRING_DATA CT_str_reasons[] = {
56 {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error"}, 56 {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error"},
57 {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH), 57 {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH),
58 "invalid log id length"}, 58 "invalid log id length"},
59 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"}, 59 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"},
60 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY), 60 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY),
61 "log conf invalid key"}, 61 "log conf invalid key"},
62 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION), 62 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION),
63 "log conf missing description"}, 63 "log conf missing description"},
64 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY), 64 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY),
65 "log conf missing key"}, 65 "log conf missing key"},
66 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"}, 66 {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"},
67 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP), 67 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP),
68 "sct future timestamp"}, 68 "sct future timestamp"},
69 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"}, 69 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"},
70 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE), 70 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE),
71 "sct invalid signature"}, 71 "sct invalid signature"},
72 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"}, 72 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"},
73 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"}, 73 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"},
74 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"}, 74 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"},
75 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION), 75 {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION),
76 "sct unsupported version"}, 76 "sct unsupported version"},
77 {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID), 77 {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID),
78 "unrecognized signature nid"}, 78 "unrecognized signature nid"},
79 {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE), 79 {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE),
80 "unsupported entry type"}, 80 "unsupported entry type"},
81 {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), "unsupported version"}, 81 {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), "unsupported version"},
82 {0, NULL} 82 {0, NULL}
83}; 83};
84 84
85#endif 85#endif
@@ -87,10 +87,10 @@ static const ERR_STRING_DATA CT_str_reasons[] = {
87int ERR_load_CT_strings(void) 87int ERR_load_CT_strings(void)
88{ 88{
89#ifndef OPENSSL_NO_ERR 89#ifndef OPENSSL_NO_ERR
90 if (ERR_func_error_string(CT_str_functs[0].error) == NULL) { 90 if (ERR_func_error_string(CT_str_functs[0].error) == NULL) {
91 ERR_load_strings_const(CT_str_functs); 91 ERR_load_strings_const(CT_str_functs);
92 ERR_load_strings_const(CT_str_reasons); 92 ERR_load_strings_const(CT_str_reasons);
93 } 93 }
94#endif 94#endif
95 return 1; 95 return 1;
96} 96}
diff --git a/src/lib/libcrypto/ct/ct_local.h b/src/lib/libcrypto/ct/ct_local.h
index 9f983c91be..75ff4d8f75 100644
--- a/src/lib/libcrypto/ct/ct_local.h
+++ b/src/lib/libcrypto/ct/ct_local.h
@@ -18,8 +18,8 @@
18 * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT 18 * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT
19 * sct_list <1..2^16-1>; } SignedCertificateTimestampList; 19 * sct_list <1..2^16-1>; } SignedCertificateTimestampList;
20 */ 20 */
21# define MAX_SCT_SIZE 65535 21#define MAX_SCT_SIZE 65535
22# define MAX_SCT_LIST_SIZE MAX_SCT_SIZE 22#define MAX_SCT_LIST_SIZE MAX_SCT_SIZE
23 23
24/* 24/*
25 * Macros to read and write integers in network-byte order. 25 * Macros to read and write integers in network-byte order.
@@ -55,60 +55,60 @@
55 55
56/* Signed Certificate Timestamp */ 56/* Signed Certificate Timestamp */
57struct sct_st { 57struct sct_st {
58 sct_version_t version; 58 sct_version_t version;
59 /* If version is not SCT_VERSION_V1, this contains the encoded SCT */ 59 /* If version is not SCT_VERSION_V1, this contains the encoded SCT */
60 unsigned char *sct; 60 unsigned char *sct;
61 size_t sct_len; 61 size_t sct_len;
62 /* If version is SCT_VERSION_V1, fields below contain components of the SCT */ 62 /* If version is SCT_VERSION_V1, fields below contain components of the SCT */
63 unsigned char *log_id; 63 unsigned char *log_id;
64 size_t log_id_len; 64 size_t log_id_len;
65 /* 65 /*
66 * Note, we cannot distinguish between an unset timestamp, and one 66 * Note, we cannot distinguish between an unset timestamp, and one
67 * that is set to 0. However since CT didn't exist in 1970, no real 67 * that is set to 0. However since CT didn't exist in 1970, no real
68 * SCT should ever be set as such. 68 * SCT should ever be set as such.
69 */ 69 */
70 uint64_t timestamp; 70 uint64_t timestamp;
71 unsigned char *ext; 71 unsigned char *ext;
72 size_t ext_len; 72 size_t ext_len;
73 unsigned char hash_alg; 73 unsigned char hash_alg;
74 unsigned char sig_alg; 74 unsigned char sig_alg;
75 unsigned char *sig; 75 unsigned char *sig;
76 size_t sig_len; 76 size_t sig_len;
77 /* Log entry type */ 77 /* Log entry type */
78 ct_log_entry_type_t entry_type; 78 ct_log_entry_type_t entry_type;
79 /* Where this SCT was found, e.g. certificate, OCSP response, etc. */ 79 /* Where this SCT was found, e.g. certificate, OCSP response, etc. */
80 sct_source_t source; 80 sct_source_t source;
81 /* The result of the last attempt to validate this SCT. */ 81 /* The result of the last attempt to validate this SCT. */
82 sct_validation_status_t validation_status; 82 sct_validation_status_t validation_status;
83}; 83};
84 84
85/* Miscellaneous data that is useful when verifying an SCT */ 85/* Miscellaneous data that is useful when verifying an SCT */
86struct sct_ctx_st { 86struct sct_ctx_st {
87 /* Public key */ 87 /* Public key */
88 EVP_PKEY *pkey; 88 EVP_PKEY *pkey;
89 /* Hash of public key */ 89 /* Hash of public key */
90 unsigned char *pkeyhash; 90 unsigned char *pkeyhash;
91 size_t pkeyhashlen; 91 size_t pkeyhashlen;
92 /* For pre-certificate: issuer public key hash */ 92 /* For pre-certificate: issuer public key hash */
93 unsigned char *ihash; 93 unsigned char *ihash;
94 size_t ihashlen; 94 size_t ihashlen;
95 /* certificate encoding */ 95 /* certificate encoding */
96 unsigned char *certder; 96 unsigned char *certder;
97 size_t certderlen; 97 size_t certderlen;
98 /* pre-certificate encoding */ 98 /* pre-certificate encoding */
99 unsigned char *preder; 99 unsigned char *preder;
100 size_t prederlen; 100 size_t prederlen;
101 /* milliseconds since epoch (to check that the SCT isn't from the future) */ 101 /* milliseconds since epoch (to check that the SCT isn't from the future) */
102 uint64_t epoch_time_in_ms; 102 uint64_t epoch_time_in_ms;
103}; 103};
104 104
105/* Context when evaluating whether a Certificate Transparency policy is met */ 105/* Context when evaluating whether a Certificate Transparency policy is met */
106struct ct_policy_eval_ctx_st { 106struct ct_policy_eval_ctx_st {
107 X509 *cert; 107 X509 *cert;
108 X509 *issuer; 108 X509 *issuer;
109 CTLOG_STORE *log_store; 109 CTLOG_STORE *log_store;
110 /* milliseconds since epoch (to check that SCTs aren't from the future) */ 110 /* milliseconds since epoch (to check that SCTs aren't from the future) */
111 uint64_t epoch_time_in_ms; 111 uint64_t epoch_time_in_ms;
112}; 112};
113 113
114/* 114/*
diff --git a/src/lib/libcrypto/ct/ct_log.c b/src/lib/libcrypto/ct/ct_log.c
index c1bca3e141..ee44de2bfc 100644
--- a/src/lib/libcrypto/ct/ct_log.c
+++ b/src/lib/libcrypto/ct/ct_log.c
@@ -22,9 +22,9 @@
22 * Information about a CT log server. 22 * Information about a CT log server.
23 */ 23 */
24struct ctlog_st { 24struct ctlog_st {
25 char *name; 25 char *name;
26 uint8_t log_id[CT_V1_HASHLEN]; 26 uint8_t log_id[CT_V1_HASHLEN];
27 EVP_PKEY *public_key; 27 EVP_PKEY *public_key;
28}; 28};
29 29
30/* 30/*
@@ -32,14 +32,14 @@ struct ctlog_st {
32 * It takes ownership of any CTLOG instances added to it. 32 * It takes ownership of any CTLOG instances added to it.
33 */ 33 */
34struct ctlog_store_st { 34struct ctlog_store_st {
35 STACK_OF(CTLOG) *logs; 35 STACK_OF(CTLOG) *logs;
36}; 36};
37 37
38/* The context when loading a CT log list from a CONF file. */ 38/* The context when loading a CT log list from a CONF file. */
39typedef struct ctlog_store_load_ctx_st { 39typedef struct ctlog_store_load_ctx_st {
40 CTLOG_STORE *log_store; 40 CTLOG_STORE *log_store;
41 CONF *conf; 41 CONF *conf;
42 size_t invalid_log_entries; 42 size_t invalid_log_entries;
43} CTLOG_STORE_LOAD_CTX; 43} CTLOG_STORE_LOAD_CTX;
44 44
45/* 45/*
@@ -54,95 +54,101 @@ static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void);
54 */ 54 */
55static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx); 55static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx);
56 56
57static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void) 57static CTLOG_STORE_LOAD_CTX *
58ctlog_store_load_ctx_new(void)
58{ 59{
59 CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); 60 CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
60 61
61 if (ctx == NULL) 62 if (ctx == NULL)
62 CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE); 63 CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE);
63 64
64 return ctx; 65 return ctx;
65} 66}
66 67
67static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx) 68static void
69ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx)
68{ 70{
69 OPENSSL_free(ctx); 71 OPENSSL_free(ctx);
70} 72}
71 73
72/* Converts a log's public key into a SHA256 log ID */ 74/* Converts a log's public key into a SHA256 log ID */
73static int ct_v1_log_id_from_pkey(EVP_PKEY *pkey, 75static int
74 unsigned char log_id[CT_V1_HASHLEN]) 76ct_v1_log_id_from_pkey(EVP_PKEY *pkey, unsigned char log_id[CT_V1_HASHLEN])
75{ 77{
76 int ret = 0; 78 int ret = 0;
77 unsigned char *pkey_der = NULL; 79 unsigned char *pkey_der = NULL;
78 int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der); 80 int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der);
79 81
80 if (pkey_der_len <= 0) { 82 if (pkey_der_len <= 0) {
81 CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID); 83 CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID);
82 goto err; 84 goto err;
83 } 85 }
84 86
85 SHA256(pkey_der, pkey_der_len, log_id); 87 SHA256(pkey_der, pkey_der_len, log_id);
86 ret = 1; 88 ret = 1;
87err: 89 err:
88 OPENSSL_free(pkey_der); 90 OPENSSL_free(pkey_der);
89 return ret; 91 return ret;
90} 92}
91 93
92CTLOG_STORE *CTLOG_STORE_new(void) 94CTLOG_STORE *
95CTLOG_STORE_new(void)
93{ 96{
94 CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret)); 97 CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
95 98
96 if (ret == NULL) { 99 if (ret == NULL) {
97 CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE); 100 CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE);
98 return NULL; 101 return NULL;
99 } 102 }
100 103
101 ret->logs = sk_CTLOG_new_null(); 104 ret->logs = sk_CTLOG_new_null();
102 if (ret->logs == NULL) 105 if (ret->logs == NULL)
103 goto err; 106 goto err;
104 107
105 return ret; 108 return ret;
106err: 109err:
107 OPENSSL_free(ret); 110 OPENSSL_free(ret);
108 return NULL; 111 return NULL;
109} 112}
110 113
111void CTLOG_STORE_free(CTLOG_STORE *store) 114void
115CTLOG_STORE_free(CTLOG_STORE *store)
112{ 116{
113 if (store != NULL) { 117 if (store != NULL) {
114 sk_CTLOG_pop_free(store->logs, CTLOG_free); 118 sk_CTLOG_pop_free(store->logs, CTLOG_free);
115 OPENSSL_free(store); 119 OPENSSL_free(store);
116 } 120 }
117} 121}
118 122
119static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section) 123static int
124ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section)
120{ 125{
121 const char *description = NCONF_get_string(conf, section, "description"); 126 const char *description = NCONF_get_string(conf, section, "description");
122 char *pkey_base64; 127 char *pkey_base64;
123 128
124 if (description == NULL) { 129 if (description == NULL) {
125 CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION); 130 CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION);
126 return 0; 131 return 0;
127 } 132 }
128 133
129 pkey_base64 = NCONF_get_string(conf, section, "key"); 134 pkey_base64 = NCONF_get_string(conf, section, "key");
130 if (pkey_base64 == NULL) { 135 if (pkey_base64 == NULL) {
131 CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY); 136 CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY);
132 return 0; 137 return 0;
133 } 138 }
134 139
135 return CTLOG_new_from_base64(ct_log, pkey_base64, description); 140 return CTLOG_new_from_base64(ct_log, pkey_base64, description);
136} 141}
137 142
138int CTLOG_STORE_load_default_file(CTLOG_STORE *store) 143int
144CTLOG_STORE_load_default_file(CTLOG_STORE *store)
139{ 145{
140 const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP); 146 const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
141 147
142 if (fpath == NULL) 148 if (fpath == NULL)
143 fpath = CTLOG_FILE; 149 fpath = CTLOG_FILE;
144 150
145 return CTLOG_STORE_load_file(store, fpath); 151 return CTLOG_STORE_load_file(store, fpath);
146} 152}
147 153
148/* 154/*
@@ -151,82 +157,83 @@ int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
151 * the following log entries. 157 * the following log entries.
152 * It may stop parsing and returns -1 on any internal (malloc) error. 158 * It may stop parsing and returns -1 on any internal (malloc) error.
153 */ 159 */
154static int ctlog_store_load_log(const char *log_name, int log_name_len, 160static int
155 void *arg) 161ctlog_store_load_log(const char *log_name, int log_name_len, void *arg)
156{ 162{
157 CTLOG_STORE_LOAD_CTX *load_ctx = arg; 163 CTLOG_STORE_LOAD_CTX *load_ctx = arg;
158 CTLOG *ct_log = NULL; 164 CTLOG *ct_log = NULL;
159 /* log_name may not be null-terminated, so fix that before using it */ 165 /* log_name may not be null-terminated, so fix that before using it */
160 char *tmp; 166 char *tmp;
161 int ret = 0; 167 int ret = 0;
162 168
163 /* log_name will be NULL for empty list entries */ 169 /* log_name will be NULL for empty list entries */
164 if (log_name == NULL) 170 if (log_name == NULL)
165 return 1; 171 return 1;
166 172
167 tmp = OPENSSL_strndup(log_name, log_name_len); 173 tmp = OPENSSL_strndup(log_name, log_name_len);
168 if (tmp == NULL) 174 if (tmp == NULL)
169 goto mem_err; 175 goto mem_err;
170 176
171 ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp); 177 ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp);
172 OPENSSL_free(tmp); 178 OPENSSL_free(tmp);
173 179
174 if (ret < 0) { 180 if (ret < 0) {
175 /* Propagate any internal error */ 181 /* Propagate any internal error */
176 return ret; 182 return ret;
177 } 183 }
178 if (ret == 0) { 184 if (ret == 0) {
179 /* If we can't load this log, record that fact and skip it */ 185 /* If we can't load this log, record that fact and skip it */
180 ++load_ctx->invalid_log_entries; 186 ++load_ctx->invalid_log_entries;
181 return 1; 187 return 1;
182 } 188 }
183 189
184 if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) { 190 if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) {
185 goto mem_err; 191 goto mem_err;
186 } 192 }
187 return 1; 193 return 1;
188 194
189mem_err: 195mem_err:
190 CTLOG_free(ct_log); 196 CTLOG_free(ct_log);
191 CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE); 197 CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE);
192 return -1; 198 return -1;
193} 199}
194 200
195int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file) 201int
202CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file)
196{ 203{
197 int ret = 0; 204 int ret = 0;
198 char *enabled_logs; 205 char *enabled_logs;
199 CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new(); 206 CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new();
200 207
201 if (load_ctx == NULL) 208 if (load_ctx == NULL)
202 return 0; 209 return 0;
203 load_ctx->log_store = store; 210 load_ctx->log_store = store;
204 load_ctx->conf = NCONF_new(NULL); 211 load_ctx->conf = NCONF_new(NULL);
205 if (load_ctx->conf == NULL) 212 if (load_ctx->conf == NULL)
206 goto end; 213 goto end;
207 214
208 if (NCONF_load(load_ctx->conf, file, NULL) <= 0) { 215 if (NCONF_load(load_ctx->conf, file, NULL) <= 0) {
209 CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID); 216 CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
210 goto end; 217 goto end;
211 } 218 }
212 219
213 enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs"); 220 enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs");
214 if (enabled_logs == NULL) { 221 if (enabled_logs == NULL) {
215 CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID); 222 CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
216 goto end; 223 goto end;
217 } 224 }
218 225
219 if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) || 226 if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) ||
220 load_ctx->invalid_log_entries > 0) { 227 load_ctx->invalid_log_entries > 0) {
221 CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID); 228 CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
222 goto end; 229 goto end;
223 } 230 }
224 231
225 ret = 1; 232 ret = 1;
226end: 233end:
227 NCONF_free(load_ctx->conf); 234 NCONF_free(load_ctx->conf);
228 ctlog_store_load_ctx_free(load_ctx); 235 ctlog_store_load_ctx_free(load_ctx);
229 return ret; 236 return ret;
230} 237}
231 238
232/* 239/*
@@ -234,73 +241,77 @@ end:
234 * Takes ownership of the public key. 241 * Takes ownership of the public key.
235 * Copies the name. 242 * Copies the name.
236 */ 243 */
237CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name) 244CTLOG *
245CTLOG_new(EVP_PKEY *public_key, const char *name)
238{ 246{
239 CTLOG *ret = OPENSSL_zalloc(sizeof(*ret)); 247 CTLOG *ret = OPENSSL_zalloc(sizeof(*ret));
240 248
241 if (ret == NULL) { 249 if (ret == NULL) {
242 CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE); 250 CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
243 return NULL; 251 return NULL;
244 } 252 }
245 253
246 ret->name = OPENSSL_strdup(name); 254 ret->name = OPENSSL_strdup(name);
247 if (ret->name == NULL) { 255 if (ret->name == NULL) {
248 CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE); 256 CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
249 goto err; 257 goto err;
250 } 258 }
251 259
252 if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1) 260 if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
253 goto err; 261 goto err;
254 262
255 ret->public_key = public_key; 263 ret->public_key = public_key;
256 return ret; 264 return ret;
257err: 265 err:
258 CTLOG_free(ret); 266 CTLOG_free(ret);
259 return NULL; 267 return NULL;
260} 268}
261 269
262/* Frees CT log and associated structures */ 270/* Frees CT log and associated structures */
263void CTLOG_free(CTLOG *log) 271void
272CTLOG_free(CTLOG *log)
264{ 273{
265 if (log != NULL) { 274 if (log != NULL) {
266 OPENSSL_free(log->name); 275 OPENSSL_free(log->name);
267 EVP_PKEY_free(log->public_key); 276 EVP_PKEY_free(log->public_key);
268 OPENSSL_free(log); 277 OPENSSL_free(log);
269 } 278 }
270} 279}
271 280
272const char *CTLOG_get0_name(const CTLOG *log) 281const char *
282CTLOG_get0_name(const CTLOG *log)
273{ 283{
274 return log->name; 284 return log->name;
275} 285}
276 286
277void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, 287void
278 size_t *log_id_len) 288CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, size_t *log_id_len)
279{ 289{
280 *log_id = log->log_id; 290 *log_id = log->log_id;
281 *log_id_len = CT_V1_HASHLEN; 291 *log_id_len = CT_V1_HASHLEN;
282} 292}
283 293
284EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log) 294EVP_PKEY *
295CTLOG_get0_public_key(const CTLOG *log)
285{ 296{
286 return log->public_key; 297 return log->public_key;
287} 298}
288 299
289/* 300/*
290 * Given a log ID, finds the matching log. 301 * Given a log ID, finds the matching log.
291 * Returns NULL if no match found. 302 * Returns NULL if no match found.
292 */ 303 */
293const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, 304const CTLOG
294 const uint8_t *log_id, 305*CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, const uint8_t *log_id,
295 size_t log_id_len) 306 size_t log_id_len)
296{ 307{
297 int i; 308 int i;
298 309
299 for (i = 0; i < sk_CTLOG_num(store->logs); ++i) { 310 for (i = 0; i < sk_CTLOG_num(store->logs); ++i) {
300 const CTLOG *log = sk_CTLOG_value(store->logs, i); 311 const CTLOG *log = sk_CTLOG_value(store->logs, i);
301 if (memcmp(log->log_id, log_id, log_id_len) == 0) 312 if (memcmp(log->log_id, log_id, log_id_len) == 0)
302 return log; 313 return log;
303 } 314 }
304 315
305 return NULL; 316 return NULL;
306} 317}
diff --git a/src/lib/libcrypto/ct/ct_oct.c b/src/lib/libcrypto/ct/ct_oct.c
index d4b6645af4..7a45bdb5bf 100644
--- a/src/lib/libcrypto/ct/ct_oct.c
+++ b/src/lib/libcrypto/ct/ct_oct.c
@@ -21,387 +21,392 @@
21 21
22#include "ct_local.h" 22#include "ct_local.h"
23 23
24int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len) 24int
25o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
25{ 26{
26 size_t siglen; 27 size_t siglen;
27 size_t len_remaining = len; 28 size_t len_remaining = len;
28 const unsigned char *p; 29 const unsigned char *p;
29 30
30 if (sct->version != SCT_VERSION_V1) { 31 if (sct->version != SCT_VERSION_V1) {
31 CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION); 32 CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
32 return -1; 33 return -1;
33 } 34 }
34 /* 35 /*
35 * digitally-signed struct header: (1 byte) Hash algorithm (1 byte) 36 * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
36 * Signature algorithm (2 bytes + ?) Signature 37 * Signature algorithm (2 bytes + ?) Signature
37 * 38 *
38 * This explicitly rejects empty signatures: they're invalid for 39 * This explicitly rejects empty signatures: they're invalid for
39 * all supported algorithms. 40 * all supported algorithms.
40 */ 41 */
41 if (len <= 4) { 42 if (len <= 4) {
42 CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE); 43 CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
43 return -1; 44 return -1;
44 } 45 }
45 46
46 p = *in; 47 p = *in;
47 /* Get hash and signature algorithm */ 48 /* Get hash and signature algorithm */
48 sct->hash_alg = *p++; 49 sct->hash_alg = *p++;
49 sct->sig_alg = *p++; 50 sct->sig_alg = *p++;
50 if (SCT_get_signature_nid(sct) == NID_undef) { 51 if (SCT_get_signature_nid(sct) == NID_undef) {
51 CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE); 52 CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
52 return -1; 53 return -1;
53 } 54 }
54 /* Retrieve signature and check it is consistent with the buffer length */ 55 /* Retrieve signature and check it is consistent with the buffer length */
55 n2s(p, siglen); 56 n2s(p, siglen);
56 len_remaining -= (p - *in); 57 len_remaining -= (p - *in);
57 if (siglen > len_remaining) { 58 if (siglen > len_remaining) {
58 CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE); 59 CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
59 return -1; 60 return -1;
60 } 61 }
61 62
62 if (SCT_set1_signature(sct, p, siglen) != 1) 63 if (SCT_set1_signature(sct, p, siglen) != 1)
63 return -1; 64 return -1;
64 len_remaining -= siglen; 65 len_remaining -= siglen;
65 *in = p + siglen; 66 *in = p + siglen;
66 67
67 return len - len_remaining; 68 return len - len_remaining;
68} 69}
69 70
70SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len) 71SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
71{ 72{
72 SCT *sct = NULL; 73 SCT *sct = NULL;
73 const unsigned char *p; 74 const unsigned char *p;
74 75
75 if (len == 0 || len > MAX_SCT_SIZE) { 76 if (len == 0 || len > MAX_SCT_SIZE) {
76 CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); 77 CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
77 goto err; 78 goto err;
78 } 79 }
79 80
80 if ((sct = SCT_new()) == NULL) 81 if ((sct = SCT_new()) == NULL)
81 goto err; 82 goto err;
82 83
83 p = *in; 84 p = *in;
84 85
85 sct->version = *p; 86 sct->version = *p;
86 if (sct->version == SCT_VERSION_V1) { 87 if (sct->version == SCT_VERSION_V1) {
87 int sig_len; 88 int sig_len;
88 size_t len2; 89 size_t len2;
89 /*- 90 /*-
90 * Fixed-length header: 91 * Fixed-length header:
91 * struct { 92 * struct {
92 * Version sct_version; (1 byte) 93 * Version sct_version; (1 byte)
93 * log_id id; (32 bytes) 94 * log_id id; (32 bytes)
94 * uint64 timestamp; (8 bytes) 95 * uint64 timestamp; (8 bytes)
95 * CtExtensions extensions; (2 bytes + ?) 96 * CtExtensions extensions; (2 bytes + ?)
96 * } 97 * }
97 */ 98 */
98 if (len < 43) { 99 if (len < 43) {
99 CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); 100 CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
100 goto err; 101 goto err;
101 } 102 }
102 len -= 43; 103 len -= 43;
103 p++; 104 p++;
104 sct->log_id = BUF_memdup(p, CT_V1_HASHLEN); 105 sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
105 if (sct->log_id == NULL) 106 if (sct->log_id == NULL)
106 goto err; 107 goto err;
107 sct->log_id_len = CT_V1_HASHLEN; 108 sct->log_id_len = CT_V1_HASHLEN;
108 p += CT_V1_HASHLEN; 109 p += CT_V1_HASHLEN;
109 110
110 n2l8(p, sct->timestamp); 111 n2l8(p, sct->timestamp);
111 112
112 n2s(p, len2); 113 n2s(p, len2);
113 if (len < len2) { 114 if (len < len2) {
114 CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); 115 CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
115 goto err; 116 goto err;
116 } 117 }
117 if (len2 > 0) { 118 if (len2 > 0) {
118 sct->ext = BUF_memdup(p, len2); 119 sct->ext = BUF_memdup(p, len2);
119 if (sct->ext == NULL) 120 if (sct->ext == NULL)
120 goto err; 121 goto err;
121 } 122 }
122 sct->ext_len = len2; 123 sct->ext_len = len2;
123 p += len2; 124 p += len2;
124 len -= len2; 125 len -= len2;
125 126
126 sig_len = o2i_SCT_signature(sct, &p, len); 127 sig_len = o2i_SCT_signature(sct, &p, len);
127 if (sig_len <= 0) { 128 if (sig_len <= 0) {
128 CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); 129 CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
129 goto err; 130 goto err;
130 } 131 }
131 len -= sig_len; 132 len -= sig_len;
132 *in = p + len; 133 *in = p + len;
133 } else { 134 } else {
134 /* If not V1 just cache encoding */ 135 /* If not V1 just cache encoding */
135 sct->sct = BUF_memdup(p, len); 136 sct->sct = BUF_memdup(p, len);
136 if (sct->sct == NULL) 137 if (sct->sct == NULL)
137 goto err; 138 goto err;
138 sct->sct_len = len; 139 sct->sct_len = len;
139 *in = p + len; 140 *in = p + len;
140 } 141 }
141 142
142 if (psct != NULL) { 143 if (psct != NULL) {
143 SCT_free(*psct); 144 SCT_free(*psct);
144 *psct = sct; 145 *psct = sct;
145 } 146 }
146 147
147 return sct; 148 return sct;
148err: 149 err:
149 SCT_free(sct); 150 SCT_free(sct);
150 return NULL; 151 return NULL;
151} 152}
152 153
153int i2o_SCT_signature(const SCT *sct, unsigned char **out) 154int
155i2o_SCT_signature(const SCT *sct, unsigned char **out)
154{ 156{
155 size_t len; 157 size_t len;
156 unsigned char *p = NULL, *pstart = NULL; 158 unsigned char *p = NULL, *pstart = NULL;
157 159
158 if (!SCT_signature_is_complete(sct)) { 160 if (!SCT_signature_is_complete(sct)) {
159 CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE); 161 CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
160 goto err; 162 goto err;
161 } 163 }
162 164
163 if (sct->version != SCT_VERSION_V1) { 165 if (sct->version != SCT_VERSION_V1) {
164 CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION); 166 CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
165 goto err; 167 goto err;
166 } 168 }
167 169
168 /* 170 /*
169 * (1 byte) Hash algorithm 171 * (1 byte) Hash algorithm
170 * (1 byte) Signature algorithm 172 * (1 byte) Signature algorithm
171 * (2 bytes + ?) Signature 173 * (2 bytes + ?) Signature
172 */ 174 */
173 len = 4 + sct->sig_len; 175 len = 4 + sct->sig_len;
174 176
175 if (out != NULL) { 177 if (out != NULL) {
176 if (*out != NULL) { 178 if (*out != NULL) {
177 p = *out; 179 p = *out;
178 *out += len; 180 *out += len;
179 } else { 181 } else {
180 pstart = p = OPENSSL_malloc(len); 182 pstart = p = OPENSSL_malloc(len);
181 if (p == NULL) { 183 if (p == NULL) {
182 CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE); 184 CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
183 goto err; 185 goto err;
184 } 186 }
185 *out = p; 187 *out = p;
186 } 188 }
187 189
188 *p++ = sct->hash_alg; 190 *p++ = sct->hash_alg;
189 *p++ = sct->sig_alg; 191 *p++ = sct->sig_alg;
190 s2n(sct->sig_len, p); 192 s2n(sct->sig_len, p);
191 memcpy(p, sct->sig, sct->sig_len); 193 memcpy(p, sct->sig, sct->sig_len);
192 } 194 }
193 195
194 return len; 196 return len;
195err: 197 err:
196 OPENSSL_free(pstart); 198 OPENSSL_free(pstart);
197 return -1; 199 return -1;
198} 200}
199 201
200int i2o_SCT(const SCT *sct, unsigned char **out) 202int
203i2o_SCT(const SCT *sct, unsigned char **out)
201{ 204{
202 size_t len; 205 size_t len;
203 unsigned char *p = NULL, *pstart = NULL; 206 unsigned char *p = NULL, *pstart = NULL;
204 207
205 if (!SCT_is_complete(sct)) { 208 if (!SCT_is_complete(sct)) {
206 CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET); 209 CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
207 goto err; 210 goto err;
208 } 211 }
209 /* 212 /*
210 * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes) 213 * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
211 * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions 214 * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
212 * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2 215 * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
213 * bytes + ?) Signature 216 * bytes + ?) Signature
214 */ 217 */
215 if (sct->version == SCT_VERSION_V1) 218 if (sct->version == SCT_VERSION_V1)
216 len = 43 + sct->ext_len + 4 + sct->sig_len; 219 len = 43 + sct->ext_len + 4 + sct->sig_len;
217 else 220 else
218 len = sct->sct_len; 221 len = sct->sct_len;
219 222
220 if (out == NULL) 223 if (out == NULL)
221 return len; 224 return len;
222 225
223 if (*out != NULL) { 226 if (*out != NULL) {
224 p = *out; 227 p = *out;
225 *out += len; 228 *out += len;
226 } else { 229 } else {
227 pstart = p = OPENSSL_malloc(len); 230 pstart = p = OPENSSL_malloc(len);
228 if (p == NULL) { 231 if (p == NULL) {
229 CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE); 232 CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
230 goto err; 233 goto err;
231 } 234 }
232 *out = p; 235 *out = p;
233 } 236 }
234 237
235 if (sct->version == SCT_VERSION_V1) { 238 if (sct->version == SCT_VERSION_V1) {
236 *p++ = sct->version; 239 *p++ = sct->version;
237 memcpy(p, sct->log_id, CT_V1_HASHLEN); 240 memcpy(p, sct->log_id, CT_V1_HASHLEN);
238 p += CT_V1_HASHLEN; 241 p += CT_V1_HASHLEN;
239 l2n8(sct->timestamp, p); 242 l2n8(sct->timestamp, p);
240 s2n(sct->ext_len, p); 243 s2n(sct->ext_len, p);
241 if (sct->ext_len > 0) { 244 if (sct->ext_len > 0) {
242 memcpy(p, sct->ext, sct->ext_len); 245 memcpy(p, sct->ext, sct->ext_len);
243 p += sct->ext_len; 246 p += sct->ext_len;
244 } 247 }
245 if (i2o_SCT_signature(sct, &p) <= 0) 248 if (i2o_SCT_signature(sct, &p) <= 0)
246 goto err; 249 goto err;
247 } else { 250 } else {
248 memcpy(p, sct->sct, len); 251 memcpy(p, sct->sct, len);
249 } 252 }
250 253
251 return len; 254 return len;
252err: 255 err:
253 OPENSSL_free(pstart); 256 OPENSSL_free(pstart);
254 return -1; 257 return -1;
255} 258}
256 259
257STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, 260STACK_OF(SCT) *
258 size_t len) 261o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, size_t len)
259{ 262{
260 STACK_OF(SCT) *sk = NULL; 263 STACK_OF(SCT) *sk = NULL;
261 size_t list_len, sct_len; 264 size_t list_len, sct_len;
262 265
263 if (len < 2 || len > MAX_SCT_LIST_SIZE) { 266 if (len < 2 || len > MAX_SCT_LIST_SIZE) {
264 CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID); 267 CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
265 return NULL; 268 return NULL;
266 } 269 }
267 270
268 n2s(*pp, list_len); 271 n2s(*pp, list_len);
269 if (list_len != len - 2) { 272 if (list_len != len - 2) {
270 CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID); 273 CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
271 return NULL; 274 return NULL;
272 } 275 }
273 276
274 if (a == NULL || *a == NULL) { 277 if (a == NULL || *a == NULL) {
275 sk = sk_SCT_new_null(); 278 sk = sk_SCT_new_null();
276 if (sk == NULL) 279 if (sk == NULL)
277 return NULL; 280 return NULL;
278 } else { 281 } else {
279 SCT *sct; 282 SCT *sct;
280 283
281 /* Use the given stack, but empty it first. */ 284 /* Use the given stack, but empty it first. */
282 sk = *a; 285 sk = *a;
283 while ((sct = sk_SCT_pop(sk)) != NULL) 286 while ((sct = sk_SCT_pop(sk)) != NULL)
284 SCT_free(sct); 287 SCT_free(sct);
285 } 288 }
286 289
287 while (list_len > 0) { 290 while (list_len > 0) {
288 SCT *sct; 291 SCT *sct;
289 292
290 if (list_len < 2) { 293 if (list_len < 2) {
291 CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID); 294 CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
292 goto err; 295 goto err;
293 } 296 }
294 n2s(*pp, sct_len); 297 n2s(*pp, sct_len);
295 list_len -= 2; 298 list_len -= 2;
296 299
297 if (sct_len == 0 || sct_len > list_len) { 300 if (sct_len == 0 || sct_len > list_len) {
298 CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID); 301 CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
299 goto err; 302 goto err;
300 } 303 }
301 list_len -= sct_len; 304 list_len -= sct_len;
302 305
303 if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL) 306 if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
304 goto err; 307 goto err;
305 if (!sk_SCT_push(sk, sct)) { 308 if (!sk_SCT_push(sk, sct)) {
306 SCT_free(sct); 309 SCT_free(sct);
307 goto err; 310 goto err;
308 } 311 }
309 } 312 }
310 313
311 if (a != NULL && *a == NULL) 314 if (a != NULL && *a == NULL)
312 *a = sk; 315 *a = sk;
313 return sk; 316 return sk;
314 317
315 err: 318 err:
316 if (a == NULL || *a == NULL) 319 if (a == NULL || *a == NULL)
317 SCT_LIST_free(sk); 320 SCT_LIST_free(sk);
318 return NULL; 321 return NULL;
319} 322}
320 323
321int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp) 324int
325i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
322{ 326{
323 int len, sct_len, i, is_pp_new = 0; 327 int len, sct_len, i, is_pp_new = 0;
324 size_t len2; 328 size_t len2;
325 unsigned char *p = NULL, *p2; 329 unsigned char *p = NULL, *p2;
326 330
327 if (pp != NULL) { 331 if (pp != NULL) {
328 if (*pp == NULL) { 332 if (*pp == NULL) {
329 if ((len = i2o_SCT_LIST(a, NULL)) == -1) { 333 if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
330 CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID); 334 CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);
331 return -1; 335 return -1;
332 } 336 }
333 if ((*pp = OPENSSL_malloc(len)) == NULL) { 337 if ((*pp = OPENSSL_malloc(len)) == NULL) {
334 CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE); 338 CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);
335 return -1; 339 return -1;
336 } 340 }
337 is_pp_new = 1; 341 is_pp_new = 1;
338 } 342 }
339 p = *pp + 2; 343 p = *pp + 2;
340 } 344 }
341 345
342 len2 = 2; 346 len2 = 2;
343 for (i = 0; i < sk_SCT_num(a); i++) { 347 for (i = 0; i < sk_SCT_num(a); i++) {
344 if (pp != NULL) { 348 if (pp != NULL) {
345 p2 = p; 349 p2 = p;
346 p += 2; 350 p += 2;
347 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1) 351 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
348 goto err; 352 goto err;
349 s2n(sct_len, p2); 353 s2n(sct_len, p2);
350 } else { 354 } else {
351 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1) 355 if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
352 goto err; 356 goto err;
353 } 357 }
354 len2 += 2 + sct_len; 358 len2 += 2 + sct_len;
355 } 359 }
356 360
357 if (len2 > MAX_SCT_LIST_SIZE) 361 if (len2 > MAX_SCT_LIST_SIZE)
358 goto err; 362 goto err;
359 363
360 if (pp != NULL) { 364 if (pp != NULL) {
361 p = *pp; 365 p = *pp;
362 s2n(len2 - 2, p); 366 s2n(len2 - 2, p);
363 if (!is_pp_new) 367 if (!is_pp_new)
364 *pp += len2; 368 *pp += len2;
365 } 369 }
366 return len2; 370 return len2;
367 371
368 err: 372 err:
369 if (is_pp_new) { 373 if (is_pp_new) {
370 OPENSSL_free(*pp); 374 OPENSSL_free(*pp);
371 *pp = NULL; 375 *pp = NULL;
372 } 376 }
373 return -1; 377 return -1;
374} 378}
375 379
376STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, 380STACK_OF(SCT) *
377 long len) 381d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
378{ 382{
379 ASN1_OCTET_STRING *oct = NULL; 383 ASN1_OCTET_STRING *oct = NULL;
380 STACK_OF(SCT) *sk = NULL; 384 STACK_OF(SCT) *sk = NULL;
381 const unsigned char *p; 385 const unsigned char *p;
382 386
383 p = *pp; 387 p = *pp;
384 if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL) 388 if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
385 return NULL; 389 return NULL;
386 390
387 p = oct->data; 391 p = oct->data;
388 if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL) 392 if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
389 *pp += len; 393 *pp += len;
390 394
391 ASN1_OCTET_STRING_free(oct); 395 ASN1_OCTET_STRING_free(oct);
392 return sk; 396 return sk;
393} 397}
394 398
395int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out) 399int
400i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
396{ 401{
397 ASN1_OCTET_STRING oct; 402 ASN1_OCTET_STRING oct;
398 int len; 403 int len;
399 404
400 oct.data = NULL; 405 oct.data = NULL;
401 if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1) 406 if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
402 return -1; 407 return -1;
403 408
404 len = i2d_ASN1_OCTET_STRING(&oct, out); 409 len = i2d_ASN1_OCTET_STRING(&oct, out);
405 OPENSSL_free(oct.data); 410 OPENSSL_free(oct.data);
406 return len; 411 return len;
407} 412}
diff --git a/src/lib/libcrypto/ct/ct_policy.c b/src/lib/libcrypto/ct/ct_policy.c
index df66e8a494..43ea6fa093 100644
--- a/src/lib/libcrypto/ct/ct_policy.c
+++ b/src/lib/libcrypto/ct/ct_policy.c
@@ -25,74 +25,84 @@
25 */ 25 */
26static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300; 26static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
27 27
28CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void) 28CT_POLICY_EVAL_CTX *
29CT_POLICY_EVAL_CTX_new(void)
29{ 30{
30 CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX)); 31 CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
31 32
32 if (ctx == NULL) { 33 if (ctx == NULL) {
33 CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE); 34 CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
34 return NULL; 35 return NULL;
35 } 36 }
36 37
37 /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */ 38 /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
38 ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * 39 ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
39 1000; 40 1000;
40 41
41 return ctx; 42 return ctx;
42} 43}
43 44
44void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx) 45void
46CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
45{ 47{
46 if (ctx == NULL) 48 if (ctx == NULL)
47 return; 49 return;
48 X509_free(ctx->cert); 50 X509_free(ctx->cert);
49 X509_free(ctx->issuer); 51 X509_free(ctx->issuer);
50 OPENSSL_free(ctx); 52 OPENSSL_free(ctx);
51} 53}
52 54
53int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert) 55int
56CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
54{ 57{
55 if (!X509_up_ref(cert)) 58 if (!X509_up_ref(cert))
56 return 0; 59 return 0;
57 ctx->cert = cert; 60 ctx->cert = cert;
58 return 1; 61 return 1;
59} 62}
60 63
61int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer) 64int
65CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
62{ 66{
63 if (!X509_up_ref(issuer)) 67 if (!X509_up_ref(issuer))
64 return 0; 68 return 0;
65 ctx->issuer = issuer; 69 ctx->issuer = issuer;
66 return 1; 70 return 1;
67} 71}
68 72
69void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, 73void
70 CTLOG_STORE *log_store) 74CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
75 CTLOG_STORE *log_store)
71{ 76{
72 ctx->log_store = log_store; 77 ctx->log_store = log_store;
73} 78}
74 79
75void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms) 80void
81CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
76{ 82{
77 ctx->epoch_time_in_ms = time_in_ms; 83 ctx->epoch_time_in_ms = time_in_ms;
78} 84}
79 85
80X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx) 86X509*
87CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
81{ 88{
82 return ctx->cert; 89 return ctx->cert;
83} 90}
84 91
85X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx) 92X509*
93CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
86{ 94{
87 return ctx->issuer; 95 return ctx->issuer;
88} 96}
89 97
90const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx) 98const CTLOG_STORE *
99CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
91{ 100{
92 return ctx->log_store; 101 return ctx->log_store;
93} 102}
94 103
95uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx) 104uint64_t
105CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
96{ 106{
97 return ctx->epoch_time_in_ms; 107 return ctx->epoch_time_in_ms;
98} 108}
diff --git a/src/lib/libcrypto/ct/ct_prn.c b/src/lib/libcrypto/ct/ct_prn.c
index e6584b57f3..3cd9b8e838 100644
--- a/src/lib/libcrypto/ct/ct_prn.c
+++ b/src/lib/libcrypto/ct/ct_prn.c
@@ -16,112 +16,114 @@
16 16
17#include "ct_local.h" 17#include "ct_local.h"
18 18
19static void SCT_signature_algorithms_print(const SCT *sct, BIO *out) 19static void
20SCT_signature_algorithms_print(const SCT *sct, BIO *out)
20{ 21{
21 int nid = SCT_get_signature_nid(sct); 22 int nid = SCT_get_signature_nid(sct);
22 23
23 if (nid == NID_undef) 24 if (nid == NID_undef)
24 BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg); 25 BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg);
25 else 26 else
26 BIO_printf(out, "%s", OBJ_nid2ln(nid)); 27 BIO_printf(out, "%s", OBJ_nid2ln(nid));
27} 28}
28 29
29static void timestamp_print(uint64_t timestamp, BIO *out) 30static void
31timestamp_print(uint64_t timestamp, BIO *out)
30{ 32{
31 ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new(); 33 ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new();
32 char genstr[20]; 34 char genstr[20];
33 35
34 if (gen == NULL) 36 if (gen == NULL)
35 return; 37 return;
36 ASN1_GENERALIZEDTIME_adj(gen, (time_t)0, 38 ASN1_GENERALIZEDTIME_adj(gen, (time_t)0,(int)(timestamp / 86400000),
37 (int)(timestamp / 86400000), 39 (timestamp % 86400000) / 1000);
38 (timestamp % 86400000) / 1000); 40 /*
39 /* 41 * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
40 * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15 42 * characters long with a final Z. Update it with fractional seconds.
41 * characters long with a final Z. Update it with fractional seconds. 43 */
42 */ 44 BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
43 BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ", 45 ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000));
44 ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000)); 46 if (ASN1_GENERALIZEDTIME_set_string(gen, genstr))
45 if (ASN1_GENERALIZEDTIME_set_string(gen, genstr)) 47 ASN1_GENERALIZEDTIME_print(out, gen);
46 ASN1_GENERALIZEDTIME_print(out, gen); 48 ASN1_GENERALIZEDTIME_free(gen);
47 ASN1_GENERALIZEDTIME_free(gen);
48} 49}
49 50
50const char *SCT_validation_status_string(const SCT *sct) 51const char *
52SCT_validation_status_string(const SCT *sct)
51{ 53{
52 54 switch (SCT_get_validation_status(sct)) {
53 switch (SCT_get_validation_status(sct)) { 55 case SCT_VALIDATION_STATUS_NOT_SET:
54 case SCT_VALIDATION_STATUS_NOT_SET: 56 return "not set";
55 return "not set"; 57 case SCT_VALIDATION_STATUS_UNKNOWN_VERSION:
56 case SCT_VALIDATION_STATUS_UNKNOWN_VERSION: 58 return "unknown version";
57 return "unknown version"; 59 case SCT_VALIDATION_STATUS_UNKNOWN_LOG:
58 case SCT_VALIDATION_STATUS_UNKNOWN_LOG: 60 return "unknown log";
59 return "unknown log"; 61 case SCT_VALIDATION_STATUS_UNVERIFIED:
60 case SCT_VALIDATION_STATUS_UNVERIFIED: 62 return "unverified";
61 return "unverified"; 63 case SCT_VALIDATION_STATUS_INVALID:
62 case SCT_VALIDATION_STATUS_INVALID: 64 return "invalid";
63 return "invalid"; 65 case SCT_VALIDATION_STATUS_VALID:
64 case SCT_VALIDATION_STATUS_VALID: 66 return "valid";
65 return "valid"; 67 }
66 } 68 return "unknown status";
67 return "unknown status";
68} 69}
69 70
70void SCT_print(const SCT *sct, BIO *out, int indent, 71void
71 const CTLOG_STORE *log_store) 72SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *log_store)
72{ 73{
73 const CTLOG *log = NULL; 74 const CTLOG *log = NULL;
74 75
75 if (log_store != NULL) { 76 if (log_store != NULL) {
76 log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id, 77 log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id,
77 sct->log_id_len); 78 sct->log_id_len);
78 } 79 }
79 80
80 BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, ""); 81 BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, "");
81 BIO_printf(out, "\n%*sVersion : ", indent + 4, ""); 82 BIO_printf(out, "\n%*sVersion : ", indent + 4, "");
82 83
83 if (sct->version != SCT_VERSION_V1) { 84 if (sct->version != SCT_VERSION_V1) {
84 BIO_printf(out, "unknown\n%*s", indent + 16, ""); 85 BIO_printf(out, "unknown\n%*s", indent + 16, "");
85 BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len); 86 BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len);
86 return; 87 return;
87 } 88 }
88 89
89 BIO_printf(out, "v1 (0x0)"); 90 BIO_printf(out, "v1 (0x0)");
90 91
91 if (log != NULL) { 92 if (log != NULL) {
92 BIO_printf(out, "\n%*sLog : %s", indent + 4, "", 93 BIO_printf(out, "\n%*sLog : %s", indent + 4, "",
93 CTLOG_get0_name(log)); 94 CTLOG_get0_name(log));
94 } 95 }
95 96
96 BIO_printf(out, "\n%*sLog ID : ", indent + 4, ""); 97 BIO_printf(out, "\n%*sLog ID : ", indent + 4, "");
97 BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len); 98 BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len);
98 99
99 BIO_printf(out, "\n%*sTimestamp : ", indent + 4, ""); 100 BIO_printf(out, "\n%*sTimestamp : ", indent + 4, "");
100 timestamp_print(sct->timestamp, out); 101 timestamp_print(sct->timestamp, out);
101 102
102 BIO_printf(out, "\n%*sExtensions: ", indent + 4, ""); 103 BIO_printf(out, "\n%*sExtensions: ", indent + 4, "");
103 if (sct->ext_len == 0) 104 if (sct->ext_len == 0)
104 BIO_printf(out, "none"); 105 BIO_printf(out, "none");
105 else 106 else
106 BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len); 107 BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len);
107 108
108 BIO_printf(out, "\n%*sSignature : ", indent + 4, ""); 109 BIO_printf(out, "\n%*sSignature : ", indent + 4, "");
109 SCT_signature_algorithms_print(sct, out); 110 SCT_signature_algorithms_print(sct, out);
110 BIO_printf(out, "\n%*s ", indent + 4, ""); 111 BIO_printf(out, "\n%*s ", indent + 4, "");
111 BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len); 112 BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len);
112} 113}
113 114
114void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, 115void
115 const char *separator, const CTLOG_STORE *log_store) 116SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
117 const char *separator, const CTLOG_STORE *log_store)
116{ 118{
117 int sct_count = sk_SCT_num(sct_list); 119 int sct_count = sk_SCT_num(sct_list);
118 int i; 120 int i;
119 121
120 for (i = 0; i < sct_count; ++i) { 122 for (i = 0; i < sct_count; ++i) {
121 SCT *sct = sk_SCT_value(sct_list, i); 123 SCT *sct = sk_SCT_value(sct_list, i);
122 124
123 SCT_print(sct, out, indent, log_store); 125 SCT_print(sct, out, indent, log_store);
124 if (i < sk_SCT_num(sct_list) - 1) 126 if (i < sk_SCT_num(sct_list) - 1)
125 BIO_printf(out, "%s", separator); 127 BIO_printf(out, "%s", separator);
126 } 128 }
127} 129}
diff --git a/src/lib/libcrypto/ct/ct_sct.c b/src/lib/libcrypto/ct/ct_sct.c
index 4ff36e2fbd..ca915b763e 100644
--- a/src/lib/libcrypto/ct/ct_sct.c
+++ b/src/lib/libcrypto/ct/ct_sct.c
@@ -19,378 +19,405 @@
19 19
20#include "ct_local.h" 20#include "ct_local.h"
21 21
22SCT *SCT_new(void) 22SCT *
23SCT_new(void)
23{ 24{
24 SCT *sct = OPENSSL_zalloc(sizeof(*sct)); 25 SCT *sct = OPENSSL_zalloc(sizeof(*sct));
25 26
26 if (sct == NULL) { 27 if (sct == NULL) {
27 CTerr(CT_F_SCT_NEW, ERR_R_MALLOC_FAILURE); 28 CTerr(CT_F_SCT_NEW, ERR_R_MALLOC_FAILURE);
28 return NULL; 29 return NULL;
29 } 30 }
30 31
31 sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET; 32 sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET;
32 sct->version = SCT_VERSION_NOT_SET; 33 sct->version = SCT_VERSION_NOT_SET;
33 return sct; 34 return sct;
34} 35}
35 36
36void SCT_free(SCT *sct) 37void
38SCT_free(SCT *sct)
37{ 39{
38 if (sct == NULL) 40 if (sct == NULL)
39 return; 41 return;
40 42
41 OPENSSL_free(sct->log_id); 43 OPENSSL_free(sct->log_id);
42 OPENSSL_free(sct->ext); 44 OPENSSL_free(sct->ext);
43 OPENSSL_free(sct->sig); 45 OPENSSL_free(sct->sig);
44 OPENSSL_free(sct->sct); 46 OPENSSL_free(sct->sct);
45 OPENSSL_free(sct); 47 OPENSSL_free(sct);
46} 48}
47 49
48void SCT_LIST_free(STACK_OF(SCT) *a) 50void
51SCT_LIST_free(STACK_OF(SCT) *a)
49{ 52{
50 sk_SCT_pop_free(a, SCT_free); 53 sk_SCT_pop_free(a, SCT_free);
51} 54}
52 55
53int SCT_set_version(SCT *sct, sct_version_t version) 56int
57SCT_set_version(SCT *sct, sct_version_t version)
54{ 58{
55 if (version != SCT_VERSION_V1) { 59 if (version != SCT_VERSION_V1) {
56 CTerr(CT_F_SCT_SET_VERSION, CT_R_UNSUPPORTED_VERSION); 60 CTerr(CT_F_SCT_SET_VERSION, CT_R_UNSUPPORTED_VERSION);
57 return 0; 61 return 0;
58 } 62 }
59 sct->version = version; 63 sct->version = version;
60 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 64 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
61 return 1; 65 return 1;
62} 66}
63 67
64int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type) 68int
69SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type)
65{ 70{
66 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 71 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
67 72
68 switch (entry_type) { 73 switch (entry_type) {
69 case CT_LOG_ENTRY_TYPE_X509: 74 case CT_LOG_ENTRY_TYPE_X509:
70 case CT_LOG_ENTRY_TYPE_PRECERT: 75 case CT_LOG_ENTRY_TYPE_PRECERT:
71 sct->entry_type = entry_type; 76 sct->entry_type = entry_type;
72 return 1; 77 return 1;
73 case CT_LOG_ENTRY_TYPE_NOT_SET: 78 case CT_LOG_ENTRY_TYPE_NOT_SET:
74 break; 79 break;
75 } 80 }
76 CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE); 81 CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE);
77 return 0; 82 return 0;
78} 83}
79 84
80int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len) 85int
86SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len)
81{ 87{
82 if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { 88 if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
83 CTerr(CT_F_SCT_SET0_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH); 89 CTerr(CT_F_SCT_SET0_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
84 return 0; 90 return 0;
85 } 91 }
86 92
87 OPENSSL_free(sct->log_id); 93 OPENSSL_free(sct->log_id);
88 sct->log_id = log_id; 94 sct->log_id = log_id;
89 sct->log_id_len = log_id_len; 95 sct->log_id_len = log_id_len;
90 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 96 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
91 return 1; 97 return 1;
92} 98}
93 99
94int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len) 100int
101SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len)
95{ 102{
96 if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { 103 if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
97 CTerr(CT_F_SCT_SET1_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH); 104 CTerr(CT_F_SCT_SET1_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
98 return 0; 105 return 0;
99 } 106 }
100 107
101 OPENSSL_free(sct->log_id); 108 OPENSSL_free(sct->log_id);
102 sct->log_id = NULL; 109 sct->log_id = NULL;
103 sct->log_id_len = 0; 110 sct->log_id_len = 0;
104 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 111 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
105 112
106 if (log_id != NULL && log_id_len > 0) { 113 if (log_id != NULL && log_id_len > 0) {
107 sct->log_id = OPENSSL_memdup(log_id, log_id_len); 114 sct->log_id = OPENSSL_memdup(log_id, log_id_len);
108 if (sct->log_id == NULL) { 115 if (sct->log_id == NULL) {
109 CTerr(CT_F_SCT_SET1_LOG_ID, ERR_R_MALLOC_FAILURE); 116 CTerr(CT_F_SCT_SET1_LOG_ID, ERR_R_MALLOC_FAILURE);
110 return 0; 117 return 0;
111 } 118 }
112 sct->log_id_len = log_id_len; 119 sct->log_id_len = log_id_len;
113 } 120 }
114 return 1; 121 return 1;
115} 122}
116 123
117 124
118void SCT_set_timestamp(SCT *sct, uint64_t timestamp) 125void
126SCT_set_timestamp(SCT *sct, uint64_t timestamp)
119{ 127{
120 sct->timestamp = timestamp; 128 sct->timestamp = timestamp;
121 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 129 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
122} 130}
123 131
124int SCT_set_signature_nid(SCT *sct, int nid) 132int
133SCT_set_signature_nid(SCT *sct, int nid)
125{ 134{
126 switch (nid) { 135 switch (nid) {
127 case NID_sha256WithRSAEncryption: 136 case NID_sha256WithRSAEncryption:
128 sct->hash_alg = TLSEXT_hash_sha256; 137 sct->hash_alg = TLSEXT_hash_sha256;
129 sct->sig_alg = TLSEXT_signature_rsa; 138 sct->sig_alg = TLSEXT_signature_rsa;
130 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 139 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
131 return 1; 140 return 1;
132 case NID_ecdsa_with_SHA256: 141 case NID_ecdsa_with_SHA256:
133 sct->hash_alg = TLSEXT_hash_sha256; 142 sct->hash_alg = TLSEXT_hash_sha256;
134 sct->sig_alg = TLSEXT_signature_ecdsa; 143 sct->sig_alg = TLSEXT_signature_ecdsa;
135 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 144 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
136 return 1; 145 return 1;
137 default: 146 default:
138 CTerr(CT_F_SCT_SET_SIGNATURE_NID, CT_R_UNRECOGNIZED_SIGNATURE_NID); 147 CTerr(CT_F_SCT_SET_SIGNATURE_NID, CT_R_UNRECOGNIZED_SIGNATURE_NID);
139 return 0; 148 return 0;
140 } 149 }
141} 150}
142 151
143void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len) 152void
153SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len)
144{ 154{
145 OPENSSL_free(sct->ext); 155 OPENSSL_free(sct->ext);
146 sct->ext = ext; 156 sct->ext = ext;
147 sct->ext_len = ext_len; 157 sct->ext_len = ext_len;
148 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 158 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
149} 159}
150 160
151int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len) 161int
162SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len)
152{ 163{
153 OPENSSL_free(sct->ext); 164 OPENSSL_free(sct->ext);
154 sct->ext = NULL; 165 sct->ext = NULL;
155 sct->ext_len = 0; 166 sct->ext_len = 0;
156 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 167 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
157 168
158 if (ext != NULL && ext_len > 0) { 169 if (ext != NULL && ext_len > 0) {
159 sct->ext = OPENSSL_memdup(ext, ext_len); 170 sct->ext = OPENSSL_memdup(ext, ext_len);
160 if (sct->ext == NULL) { 171 if (sct->ext == NULL) {
161 CTerr(CT_F_SCT_SET1_EXTENSIONS, ERR_R_MALLOC_FAILURE); 172 CTerr(CT_F_SCT_SET1_EXTENSIONS, ERR_R_MALLOC_FAILURE);
162 return 0; 173 return 0;
163 } 174 }
164 sct->ext_len = ext_len; 175 sct->ext_len = ext_len;
165 } 176 }
166 return 1; 177 return 1;
167} 178}
168 179
169void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len) 180void
181SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len)
170{ 182{
171 OPENSSL_free(sct->sig); 183 OPENSSL_free(sct->sig);
172 sct->sig = sig; 184 sct->sig = sig;
173 sct->sig_len = sig_len; 185 sct->sig_len = sig_len;
174 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 186 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
175} 187}
176 188
177int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len) 189int
190SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len)
178{ 191{
179 OPENSSL_free(sct->sig); 192 OPENSSL_free(sct->sig);
180 sct->sig = NULL; 193 sct->sig = NULL;
181 sct->sig_len = 0; 194 sct->sig_len = 0;
182 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 195 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
183 196
184 if (sig != NULL && sig_len > 0) { 197 if (sig != NULL && sig_len > 0) {
185 sct->sig = OPENSSL_memdup(sig, sig_len); 198 sct->sig = OPENSSL_memdup(sig, sig_len);
186 if (sct->sig == NULL) { 199 if (sct->sig == NULL) {
187 CTerr(CT_F_SCT_SET1_SIGNATURE, ERR_R_MALLOC_FAILURE); 200 CTerr(CT_F_SCT_SET1_SIGNATURE, ERR_R_MALLOC_FAILURE);
188 return 0; 201 return 0;
189 } 202 }
190 sct->sig_len = sig_len; 203 sct->sig_len = sig_len;
191 } 204 }
192 return 1; 205 return 1;
193} 206}
194 207
195sct_version_t SCT_get_version(const SCT *sct) 208sct_version_t
209SCT_get_version(const SCT *sct)
196{ 210{
197 return sct->version; 211 return sct->version;
198} 212}
199 213
200ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct) 214ct_log_entry_type_t
215SCT_get_log_entry_type(const SCT *sct)
201{ 216{
202 return sct->entry_type; 217 return sct->entry_type;
203} 218}
204 219
205size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id) 220size_t
221SCT_get0_log_id(const SCT *sct, unsigned char **log_id)
206{ 222{
207 *log_id = sct->log_id; 223 *log_id = sct->log_id;
208 return sct->log_id_len; 224 return sct->log_id_len;
209} 225}
210 226
211uint64_t SCT_get_timestamp(const SCT *sct) 227uint64_t
228SCT_get_timestamp(const SCT *sct)
212{ 229{
213 return sct->timestamp; 230 return sct->timestamp;
214} 231}
215 232
216int SCT_get_signature_nid(const SCT *sct) 233int
234SCT_get_signature_nid(const SCT *sct)
217{ 235{
218 if (sct->version == SCT_VERSION_V1) { 236 if (sct->version == SCT_VERSION_V1) {
219 if (sct->hash_alg == TLSEXT_hash_sha256) { 237 if (sct->hash_alg == TLSEXT_hash_sha256) {
220 switch (sct->sig_alg) { 238 switch (sct->sig_alg) {
221 case TLSEXT_signature_ecdsa: 239 case TLSEXT_signature_ecdsa:
222 return NID_ecdsa_with_SHA256; 240 return NID_ecdsa_with_SHA256;
223 case TLSEXT_signature_rsa: 241 case TLSEXT_signature_rsa:
224 return NID_sha256WithRSAEncryption; 242 return NID_sha256WithRSAEncryption;
225 default: 243 default:
226 return NID_undef; 244 return NID_undef;
227 } 245 }
228 } 246 }
229 } 247 }
230 return NID_undef; 248 return NID_undef;
231} 249}
232 250
233size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext) 251size_t
252SCT_get0_extensions(const SCT *sct, unsigned char **ext)
234{ 253{
235 *ext = sct->ext; 254 *ext = sct->ext;
236 return sct->ext_len; 255 return sct->ext_len;
237} 256}
238 257
239size_t SCT_get0_signature(const SCT *sct, unsigned char **sig) 258size_t
259SCT_get0_signature(const SCT *sct, unsigned char **sig)
240{ 260{
241 *sig = sct->sig; 261 *sig = sct->sig;
242 return sct->sig_len; 262 return sct->sig_len;
243} 263}
244 264
245int SCT_is_complete(const SCT *sct) 265int
266SCT_is_complete(const SCT *sct)
246{ 267{
247 switch (sct->version) { 268 switch (sct->version) {
248 case SCT_VERSION_NOT_SET: 269 case SCT_VERSION_NOT_SET:
249 return 0; 270 return 0;
250 case SCT_VERSION_V1: 271 case SCT_VERSION_V1:
251 return sct->log_id != NULL && SCT_signature_is_complete(sct); 272 return sct->log_id != NULL && SCT_signature_is_complete(sct);
252 default: 273 default:
253 return sct->sct != NULL; /* Just need cached encoding */ 274 return sct->sct != NULL; /* Just need cached encoding */
254 } 275 }
255} 276}
256 277
257int SCT_signature_is_complete(const SCT *sct) 278int
279SCT_signature_is_complete(const SCT *sct)
258{ 280{
259 return SCT_get_signature_nid(sct) != NID_undef && 281 return SCT_get_signature_nid(sct) != NID_undef && sct->sig != NULL &&
260 sct->sig != NULL && sct->sig_len > 0; 282 sct->sig_len > 0;
261} 283}
262 284
263sct_source_t SCT_get_source(const SCT *sct) 285sct_source_t
286SCT_get_source(const SCT *sct)
264{ 287{
265 return sct->source; 288 return sct->source;
266} 289}
267 290
268int SCT_set_source(SCT *sct, sct_source_t source) 291int
292SCT_set_source(SCT *sct, sct_source_t source)
269{ 293{
270 sct->source = source; 294 sct->source = source;
271 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; 295 sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
272 switch (source) { 296 switch (source) {
273 case SCT_SOURCE_TLS_EXTENSION: 297 case SCT_SOURCE_TLS_EXTENSION:
274 case SCT_SOURCE_OCSP_STAPLED_RESPONSE: 298 case SCT_SOURCE_OCSP_STAPLED_RESPONSE:
275 return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509); 299 return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509);
276 case SCT_SOURCE_X509V3_EXTENSION: 300 case SCT_SOURCE_X509V3_EXTENSION:
277 return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT); 301 return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT);
278 case SCT_SOURCE_UNKNOWN: 302 case SCT_SOURCE_UNKNOWN:
279 break; 303 break;
280 } 304 }
281 /* if we aren't sure, leave the log entry type alone */ 305 /* if we aren't sure, leave the log entry type alone */
282 return 1; 306 return 1;
283} 307}
284 308
285sct_validation_status_t SCT_get_validation_status(const SCT *sct) 309sct_validation_status_t
310SCT_get_validation_status(const SCT *sct)
286{ 311{
287 return sct->validation_status; 312 return sct->validation_status;
288} 313}
289 314
290int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx) 315int
316SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx)
291{ 317{
292 int is_sct_valid = -1; 318 int is_sct_valid = -1;
293 SCT_CTX *sctx = NULL; 319 SCT_CTX *sctx = NULL;
294 X509_PUBKEY *pub = NULL, *log_pkey = NULL; 320 X509_PUBKEY *pub = NULL, *log_pkey = NULL;
295 const CTLOG *log; 321 const CTLOG *log;
296 322
297 /* 323 /*
298 * With an unrecognized SCT version we don't know what such an SCT means, 324 * With an unrecognized SCT version we don't know what such an SCT means,
299 * let alone validate one. So we return validation failure (0). 325 * let alone validate one. So we return validation failure (0).
300 */ 326 */
301 if (sct->version != SCT_VERSION_V1) { 327 if (sct->version != SCT_VERSION_V1) {
302 sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION; 328 sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION;
303 return 0; 329 return 0;
304 } 330 }
305 331
306 log = CTLOG_STORE_get0_log_by_id(ctx->log_store, 332 log = CTLOG_STORE_get0_log_by_id(ctx->log_store, sct->log_id,
307 sct->log_id, sct->log_id_len); 333 sct->log_id_len);
308 334
309 /* Similarly, an SCT from an unknown log also cannot be validated. */ 335 /* Similarly, an SCT from an unknown log also cannot be validated. */
310 if (log == NULL) { 336 if (log == NULL) {
311 sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG; 337 sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG;
312 return 0; 338 return 0;
313 } 339 }
314 340
315 sctx = SCT_CTX_new(); 341 sctx = SCT_CTX_new();
316 if (sctx == NULL) 342 if (sctx == NULL)
317 goto err; 343 goto err;
318 344
319 if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1) 345 if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1)
320 goto err; 346 goto err;
321 if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1) 347 if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1)
322 goto err; 348 goto err;
323 349
324 if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) { 350 if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) {
325 EVP_PKEY *issuer_pkey; 351 EVP_PKEY *issuer_pkey;
326 352
327 if (ctx->issuer == NULL) { 353 if (ctx->issuer == NULL) {
328 sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED; 354 sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
329 goto end; 355 goto end;
330 } 356 }
331 357
332 issuer_pkey = X509_get0_pubkey(ctx->issuer); 358 issuer_pkey = X509_get0_pubkey(ctx->issuer);
333 359
334 if (X509_PUBKEY_set(&pub, issuer_pkey) != 1) 360 if (X509_PUBKEY_set(&pub, issuer_pkey) != 1)
335 goto err; 361 goto err;
336 if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1) 362 if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1)
337 goto err; 363 goto err;
338 } 364 }
339 365
340 SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms); 366 SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms);
341 367
342 /* 368 /*
343 * XXX: Potential for optimization. This repeats some idempotent heavy 369 * XXX: Potential for optimization. This repeats some idempotent heavy
344 * lifting on the certificate for each candidate SCT, and appears to not 370 * lifting on the certificate for each candidate SCT, and appears to not
345 * use any information in the SCT itself, only the certificate is 371 * use any information in the SCT itself, only the certificate is
346 * processed. So it may make more sense to to do this just once, perhaps 372 * processed. So it may make more sense to to do this just once, perhaps
347 * associated with the shared (by all SCTs) policy eval ctx. 373 * associated with the shared (by all SCTs) policy eval ctx.
348 * 374 *
349 * XXX: Failure here is global (SCT independent) and represents either an 375 * XXX: Failure here is global (SCT independent) and represents either an
350 * issue with the certificate (e.g. duplicate extensions) or an out of 376 * issue with the certificate (e.g. duplicate extensions) or an out of
351 * memory condition. When the certificate is incompatible with CT, we just 377 * memory condition. When the certificate is incompatible with CT, we just
352 * mark the SCTs invalid, rather than report a failure to determine the 378 * mark the SCTs invalid, rather than report a failure to determine the
353 * validation status. That way, callbacks that want to do "soft" SCT 379 * validation status. That way, callbacks that want to do "soft" SCT
354 * processing will not abort handshakes with false positive internal 380 * processing will not abort handshakes with false positive internal
355 * errors. Since the function does not distinguish between certificate 381 * errors. Since the function does not distinguish between certificate
356 * issues (peer's fault) and internal problems (out fault) the safe thing 382 * issues (peer's fault) and internal problems (out fault) the safe thing
357 * to do is to report a validation failure and let the callback or 383 * to do is to report a validation failure and let the callback or
358 * application decide what to do. 384 * application decide what to do.
359 */ 385 */
360 if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1) 386 if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
361 sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED; 387 sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
362 else 388 else
363 sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ? 389 sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ?
364 SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID; 390 SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
365 391
366end: 392 end:
367 is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID; 393 is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID;
368err: 394 err:
369 X509_PUBKEY_free(pub); 395 X509_PUBKEY_free(pub);
370 X509_PUBKEY_free(log_pkey); 396 X509_PUBKEY_free(log_pkey);
371 SCT_CTX_free(sctx); 397 SCT_CTX_free(sctx);
372 398
373 return is_sct_valid; 399 return is_sct_valid;
374} 400}
375 401
376int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx) 402int
403SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx)
377{ 404{
378 int are_scts_valid = 1; 405 int are_scts_valid = 1;
379 int sct_count = scts != NULL ? sk_SCT_num(scts) : 0; 406 int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
380 int i; 407 int i;
381 408
382 for (i = 0; i < sct_count; ++i) { 409 for (i = 0; i < sct_count; ++i) {
383 int is_sct_valid = -1; 410 int is_sct_valid = -1;
384 SCT *sct = sk_SCT_value(scts, i); 411 SCT *sct = sk_SCT_value(scts, i);
385 412
386 if (sct == NULL) 413 if (sct == NULL)
387 continue; 414 continue;
388 415
389 is_sct_valid = SCT_validate(sct, ctx); 416 is_sct_valid = SCT_validate(sct, ctx);
390 if (is_sct_valid < 0) 417 if (is_sct_valid < 0)
391 return is_sct_valid; 418 return is_sct_valid;
392 are_scts_valid &= is_sct_valid; 419 are_scts_valid &= is_sct_valid;
393 } 420 }
394 421
395 return are_scts_valid; 422 return are_scts_valid;
396} 423}
diff --git a/src/lib/libcrypto/ct/ct_sct_ctx.c b/src/lib/libcrypto/ct/ct_sct_ctx.c
index 841e768033..4283cb88aa 100644
--- a/src/lib/libcrypto/ct/ct_sct_ctx.c
+++ b/src/lib/libcrypto/ct/ct_sct_ctx.c
@@ -20,26 +20,28 @@
20 20
21#include "ct_local.h" 21#include "ct_local.h"
22 22
23SCT_CTX *SCT_CTX_new(void) 23SCT_CTX *
24SCT_CTX_new(void)
24{ 25{
25 SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx)); 26 SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx));
26 27
27 if (sctx == NULL) 28 if (sctx == NULL)
28 CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE); 29 CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE);
29 30
30 return sctx; 31 return sctx;
31} 32}
32 33
33void SCT_CTX_free(SCT_CTX *sctx) 34void
35SCT_CTX_free(SCT_CTX *sctx)
34{ 36{
35 if (sctx == NULL) 37 if (sctx == NULL)
36 return; 38 return;
37 EVP_PKEY_free(sctx->pkey); 39 EVP_PKEY_free(sctx->pkey);
38 OPENSSL_free(sctx->pkeyhash); 40 OPENSSL_free(sctx->pkeyhash);
39 OPENSSL_free(sctx->ihash); 41 OPENSSL_free(sctx->ihash);
40 OPENSSL_free(sctx->certder); 42 OPENSSL_free(sctx->certder);
41 OPENSSL_free(sctx->preder); 43 OPENSSL_free(sctx->preder);
42 OPENSSL_free(sctx); 44 OPENSSL_free(sctx);
43} 45}
44 46
45/* 47/*
@@ -47,14 +49,16 @@ void SCT_CTX_free(SCT_CTX *sctx)
47 * If there is more than one extension with that NID, *is_duplicated is set to 49 * If there is more than one extension with that NID, *is_duplicated is set to
48 * 1, otherwise 0 (unless it is NULL). 50 * 1, otherwise 0 (unless it is NULL).
49 */ 51 */
50static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) 52static int
53ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
51{ 54{
52 int ret = X509_get_ext_by_NID(cert, nid, -1); 55 int ret = X509_get_ext_by_NID(cert, nid, -1);
53 56
54 if (is_duplicated != NULL) 57 if (is_duplicated != NULL)
55 *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0; 58 *is_duplicated = ret >= 0 &&
59 X509_get_ext_by_NID(cert, nid, ret) >= 0;
56 60
57 return ret; 61 return ret;
58} 62}
59 63
60/* 64/*
@@ -62,202 +66,208 @@ static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
62 * AKID from the presigner certificate, if necessary. 66 * AKID from the presigner certificate, if necessary.
63 * Returns 1 on success, 0 otherwise. 67 * Returns 1 on success, 0 otherwise.
64 */ 68 */
65__owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner) 69__owur static int
70ct_x509_cert_fixup(X509 *cert, X509 *presigner)
66{ 71{
67 int preidx, certidx; 72 int preidx, certidx;
68 int pre_akid_ext_is_dup, cert_akid_ext_is_dup; 73 int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
69 74
70 if (presigner == NULL) 75 if (presigner == NULL)
71 return 1; 76 return 1;
72 77
73 preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier, 78 preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier,
74 &pre_akid_ext_is_dup); 79 &pre_akid_ext_is_dup);
75 certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, 80 certidx = ct_x509_get_ext(cert, NID_authority_key_identifier,
76 &cert_akid_ext_is_dup); 81 &cert_akid_ext_is_dup);
77 82
78 /* An error occurred whilst searching for the extension */ 83 /* An error occurred whilst searching for the extension */
79 if (preidx < -1 || certidx < -1) 84 if (preidx < -1 || certidx < -1)
80 return 0; 85 return 0;
81 /* Invalid certificate if they contain duplicate extensions */ 86 /* Invalid certificate if they contain duplicate extensions */
82 if (pre_akid_ext_is_dup || cert_akid_ext_is_dup) 87 if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)
83 return 0; 88 return 0;
84 /* AKID must be present in both certificate or absent in both */ 89 /* AKID must be present in both certificate or absent in both */
85 if (preidx >= 0 && certidx == -1) 90 if (preidx >= 0 && certidx == -1)
86 return 0; 91 return 0;
87 if (preidx == -1 && certidx >= 0) 92 if (preidx == -1 && certidx >= 0)
88 return 0; 93 return 0;
89 /* Copy issuer name */ 94 /* Copy issuer name */
90 if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner))) 95 if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
91 return 0; 96 return 0;
92 if (preidx != -1) { 97 if (preidx != -1) {
93 /* Retrieve and copy AKID encoding */ 98 /* Retrieve and copy AKID encoding */
94 X509_EXTENSION *preext = X509_get_ext(presigner, preidx); 99 X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
95 X509_EXTENSION *certext = X509_get_ext(cert, certidx); 100 X509_EXTENSION *certext = X509_get_ext(cert, certidx);
96 ASN1_OCTET_STRING *preextdata; 101 ASN1_OCTET_STRING *preextdata;
97 102
98 /* Should never happen */ 103 /* Should never happen */
99 if (preext == NULL || certext == NULL) 104 if (preext == NULL || certext == NULL)
100 return 0; 105 return 0;
101 preextdata = X509_EXTENSION_get_data(preext); 106 preextdata = X509_EXTENSION_get_data(preext);
102 if (preextdata == NULL || 107 if (preextdata == NULL ||
103 !X509_EXTENSION_set_data(certext, preextdata)) 108 !X509_EXTENSION_set_data(certext, preextdata))
104 return 0; 109 return 0;
105 } 110 }
106 return 1; 111 return 1;
107} 112}
108 113
109int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) 114int
115SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
110{ 116{
111 unsigned char *certder = NULL, *preder = NULL; 117 unsigned char *certder = NULL, *preder = NULL;
112 X509 *pretmp = NULL; 118 X509 *pretmp = NULL;
113 int certderlen = 0, prederlen = 0; 119 int certderlen = 0, prederlen = 0;
114 int idx = -1; 120 int idx = -1;
115 int poison_ext_is_dup, sct_ext_is_dup; 121 int poison_ext_is_dup, sct_ext_is_dup;
116 int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup); 122 int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup);
117 123
118 /* Duplicate poison extensions are present - error */ 124 /* Duplicate poison extensions are present - error */
119 if (poison_ext_is_dup) 125 if (poison_ext_is_dup)
120 goto err; 126 goto err;
121 127
122 /* If *cert doesn't have a poison extension, it isn't a precert */ 128 /* If *cert doesn't have a poison extension, it isn't a precert */
123 if (poison_idx == -1) { 129 if (poison_idx == -1) {
124 /* cert isn't a precert, so we shouldn't have a presigner */ 130 /* cert isn't a precert, so we shouldn't have a presigner */
125 if (presigner != NULL) 131 if (presigner != NULL)
126 goto err; 132 goto err;
127 133
128 certderlen = i2d_X509(cert, &certder); 134 certderlen = i2d_X509(cert, &certder);
129 if (certderlen < 0) 135 if (certderlen < 0)
130 goto err; 136 goto err;
131 } 137 }
132 138
133 /* See if cert has a precert SCTs extension */ 139 /* See if cert has a precert SCTs extension */
134 idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup); 140 idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup);
135 /* Duplicate SCT extensions are present - error */ 141 /* Duplicate SCT extensions are present - error */
136 if (sct_ext_is_dup) 142 if (sct_ext_is_dup)
137 goto err; 143 goto err;
138 144
139 if (idx >= 0 && poison_idx >= 0) { 145 if (idx >= 0 && poison_idx >= 0) {
140 /* 146 /*
141 * cert can't both contain SCTs (i.e. have an SCT extension) and be a 147 * cert can't both contain SCTs (i.e. have an SCT extension) and be a
142 * precert (i.e. have a poison extension). 148 * precert (i.e. have a poison extension).
143 */ 149 */
144 goto err; 150 goto err;
145 } 151 }
146 152
147 if (idx == -1) { 153 if (idx == -1) {
148 idx = poison_idx; 154 idx = poison_idx;
149 } 155 }
150 156
151 /* 157 /*
152 * If either a poison or SCT extension is present, remove it before encoding 158 * If either a poison or SCT extension is present, remove it before encoding
153 * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see 159 * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see
154 * RFC5280) from cert, which is what the CT log signed when it produced the 160 * RFC5280) from cert, which is what the CT log signed when it produced the
155 * SCT. 161 * SCT.
156 */ 162 */
157 if (idx >= 0) { 163 if (idx >= 0) {
158 X509_EXTENSION *ext; 164 X509_EXTENSION *ext;
159 165
160 /* Take a copy of certificate so we don't modify passed version */ 166 /* Take a copy of certificate so we don't modify passed version */
161 pretmp = X509_dup(cert); 167 pretmp = X509_dup(cert);
162 if (pretmp == NULL) 168 if (pretmp == NULL)
163 goto err; 169 goto err;
164 170
165 ext = X509_delete_ext(pretmp, idx); 171 ext = X509_delete_ext(pretmp, idx);
166 X509_EXTENSION_free(ext); 172 X509_EXTENSION_free(ext);
167 173
168 if (!ct_x509_cert_fixup(pretmp, presigner)) 174 if (!ct_x509_cert_fixup(pretmp, presigner))
169 goto err; 175 goto err;
170 176
171 prederlen = i2d_re_X509_tbs(pretmp, &preder); 177 prederlen = i2d_re_X509_tbs(pretmp, &preder);
172 if (prederlen <= 0) 178 if (prederlen <= 0)
173 goto err; 179 goto err;
174 } 180 }
175 181
176 X509_free(pretmp); 182 X509_free(pretmp);
177 183
178 OPENSSL_free(sctx->certder); 184 OPENSSL_free(sctx->certder);
179 sctx->certder = certder; 185 sctx->certder = certder;
180 sctx->certderlen = certderlen; 186 sctx->certderlen = certderlen;
181 187
182 OPENSSL_free(sctx->preder); 188 OPENSSL_free(sctx->preder);
183 sctx->preder = preder; 189 sctx->preder = preder;
184 sctx->prederlen = prederlen; 190 sctx->prederlen = prederlen;
185 191
186 return 1; 192 return 1;
187err: 193 err:
188 OPENSSL_free(certder); 194 OPENSSL_free(certder);
189 OPENSSL_free(preder); 195 OPENSSL_free(preder);
190 X509_free(pretmp); 196 X509_free(pretmp);
191 return 0; 197 return 0;
192} 198}
193 199
194__owur static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, 200__owur static int
195 size_t *hash_len) 201ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, size_t *hash_len)
196{ 202{
197 int ret = 0; 203 int ret = 0;
198 unsigned char *md = NULL, *der = NULL; 204 unsigned char *md = NULL, *der = NULL;
199 int der_len; 205 int der_len;
200 unsigned int md_len; 206 unsigned int md_len;
201 207
202 /* Reuse buffer if possible */ 208 /* Reuse buffer if possible */
203 if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) { 209 if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {
204 md = *hash; 210 md = *hash;
205 } else { 211 } else {
206 md = OPENSSL_malloc(SHA256_DIGEST_LENGTH); 212 md = OPENSSL_malloc(SHA256_DIGEST_LENGTH);
207 if (md == NULL) 213 if (md == NULL)
208 goto err; 214 goto err;
209 } 215 }
210 216
211 /* Calculate key hash */ 217 /* Calculate key hash */
212 der_len = i2d_X509_PUBKEY(pkey, &der); 218 der_len = i2d_X509_PUBKEY(pkey, &der);
213 if (der_len <= 0) 219 if (der_len <= 0)
214 goto err; 220 goto err;
215 221
216 if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL)) 222 if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL))
217 goto err; 223 goto err;
218 224
219 if (md != *hash) { 225 if (md != *hash) {
220 OPENSSL_free(*hash); 226 OPENSSL_free(*hash);
221 *hash = md; 227 *hash = md;
222 *hash_len = SHA256_DIGEST_LENGTH; 228 *hash_len = SHA256_DIGEST_LENGTH;
223 } 229 }
224 230
225 md = NULL; 231 md = NULL;
226 ret = 1; 232 ret = 1;
227 err: 233 err:
228 OPENSSL_free(md); 234 OPENSSL_free(md);
229 OPENSSL_free(der); 235 OPENSSL_free(der);
230 return ret; 236 return ret;
231} 237}
232 238
233int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer) 239int
240SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
234{ 241{
235 return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer)); 242 return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
236} 243}
237 244
238int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) 245int
246SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
239{ 247{
240 return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen); 248 return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen);
241} 249}
242 250
243int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) 251int
252SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
244{ 253{
245 EVP_PKEY *pkey = X509_PUBKEY_get(pubkey); 254 EVP_PKEY *pkey = X509_PUBKEY_get(pubkey);
246 255
247 if (pkey == NULL) 256 if (pkey == NULL)
248 return 0; 257 return 0;
249 258
250 if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) { 259 if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) {
251 EVP_PKEY_free(pkey); 260 EVP_PKEY_free(pkey);
252 return 0; 261 return 0;
253 } 262 }
254 263
255 EVP_PKEY_free(sctx->pkey); 264 EVP_PKEY_free(sctx->pkey);
256 sctx->pkey = pkey; 265 sctx->pkey = pkey;
257 return 1; 266 return 1;
258} 267}
259 268
260void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms) 269void
270SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms)
261{ 271{
262 sctx->epoch_time_in_ms = time_in_ms; 272 sctx->epoch_time_in_ms = time_in_ms;
263} 273}
diff --git a/src/lib/libcrypto/ct/ct_vfy.c b/src/lib/libcrypto/ct/ct_vfy.c
index 74fd34f415..74642a9304 100644
--- a/src/lib/libcrypto/ct/ct_vfy.c
+++ b/src/lib/libcrypto/ct/ct_vfy.c
@@ -17,124 +17,126 @@
17#include "ct_local.h" 17#include "ct_local.h"
18 18
19typedef enum sct_signature_type_t { 19typedef enum sct_signature_type_t {
20 SIGNATURE_TYPE_NOT_SET = -1, 20 SIGNATURE_TYPE_NOT_SET = -1,
21 SIGNATURE_TYPE_CERT_TIMESTAMP, 21 SIGNATURE_TYPE_CERT_TIMESTAMP,
22 SIGNATURE_TYPE_TREE_HASH 22 SIGNATURE_TYPE_TREE_HASH
23} SCT_SIGNATURE_TYPE; 23} SCT_SIGNATURE_TYPE;
24 24
25/* 25/*
26 * Update encoding for SCT signature verification/generation to supplied 26 * Update encoding for SCT signature verification/generation to supplied
27 * EVP_MD_CTX. 27 * EVP_MD_CTX.
28 */ 28 */
29static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct) 29static int
30sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
30{ 31{
31 unsigned char tmpbuf[12]; 32 unsigned char tmpbuf[12];
32 unsigned char *p, *der; 33 unsigned char *p, *der;
33 size_t derlen; 34 size_t derlen;
34 /*+ 35 /*+
35 * digitally-signed struct { 36 * digitally-signed struct {
36 * (1 byte) Version sct_version; 37 * (1 byte) Version sct_version;
37 * (1 byte) SignatureType signature_type = certificate_timestamp; 38 * (1 byte) SignatureType signature_type = certificate_timestamp;
38 * (8 bytes) uint64 timestamp; 39 * (8 bytes) uint64 timestamp;
39 * (2 bytes) LogEntryType entry_type; 40 * (2 bytes) LogEntryType entry_type;
40 * (? bytes) select(entry_type) { 41 * (? bytes) select(entry_type) {
41 * case x509_entry: ASN.1Cert; 42 * case x509_entry: ASN.1Cert;
42 * case precert_entry: PreCert; 43 * case precert_entry: PreCert;
43 * } signed_entry; 44 * } signed_entry;
44 * (2 bytes + sct->ext_len) CtExtensions extensions; 45 * (2 bytes + sct->ext_len) CtExtensions extensions;
45 * } 46 * }
46 */ 47 */
47 if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET) 48 if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
48 return 0; 49 return 0;
49 if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL) 50 if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
50 return 0; 51 return 0;
51 52
52 p = tmpbuf; 53 p = tmpbuf;
53 *p++ = sct->version; 54 *p++ = sct->version;
54 *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP; 55 *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
55 l2n8(sct->timestamp, p); 56 l2n8(sct->timestamp, p);
56 s2n(sct->entry_type, p); 57 s2n(sct->entry_type, p);
57 58
58 if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf)) 59 if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
59 return 0; 60 return 0;
60 61
61 if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) { 62 if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
62 der = sctx->certder; 63 der = sctx->certder;
63 derlen = sctx->certderlen; 64 derlen = sctx->certderlen;
64 } else { 65 } else {
65 if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen)) 66 if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
66 return 0; 67 return 0;
67 der = sctx->preder; 68 der = sctx->preder;
68 derlen = sctx->prederlen; 69 derlen = sctx->prederlen;
69 } 70 }
70 71
71 /* If no encoding available, fatal error */ 72 /* If no encoding available, fatal error */
72 if (der == NULL) 73 if (der == NULL)
73 return 0; 74 return 0;
74 75
75 /* Include length first */ 76 /* Include length first */
76 p = tmpbuf; 77 p = tmpbuf;
77 l2n3(derlen, p); 78 l2n3(derlen, p);
78 79
79 if (!EVP_DigestUpdate(ctx, tmpbuf, 3)) 80 if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
80 return 0; 81 return 0;
81 if (!EVP_DigestUpdate(ctx, der, derlen)) 82 if (!EVP_DigestUpdate(ctx, der, derlen))
82 return 0; 83 return 0;
83 84
84 /* Add any extensions */ 85 /* Add any extensions */
85 p = tmpbuf; 86 p = tmpbuf;
86 s2n(sct->ext_len, p); 87 s2n(sct->ext_len, p);
87 if (!EVP_DigestUpdate(ctx, tmpbuf, 2)) 88 if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
88 return 0; 89 return 0;
89 90
90 if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len)) 91 if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
91 return 0; 92 return 0;
92 93
93 return 1; 94 return 1;
94} 95}
95 96
96int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct) 97int
98SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
97{ 99{
98 EVP_MD_CTX *ctx = NULL; 100 EVP_MD_CTX *ctx = NULL;
99 int ret = 0; 101 int ret = 0;
100 102
101 if (!SCT_is_complete(sct) || sctx->pkey == NULL || 103 if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
102 sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET || 104 sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
103 (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) { 105 (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
104 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET); 106 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET);
105 return 0; 107 return 0;
106 } 108 }
107 if (sct->version != SCT_VERSION_V1) { 109 if (sct->version != SCT_VERSION_V1) {
108 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION); 110 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
109 return 0; 111 return 0;
110 } 112 }
111 if (sct->log_id_len != sctx->pkeyhashlen || 113 if (sct->log_id_len != sctx->pkeyhashlen ||
112 memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) { 114 memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
113 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH); 115 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
114 return 0; 116 return 0;
115 } 117 }
116 if (sct->timestamp > sctx->epoch_time_in_ms) { 118 if (sct->timestamp > sctx->epoch_time_in_ms) {
117 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_FUTURE_TIMESTAMP); 119 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_FUTURE_TIMESTAMP);
118 return 0; 120 return 0;
119 } 121 }
120 122
121 ctx = EVP_MD_CTX_new(); 123 ctx = EVP_MD_CTX_new();
122 if (ctx == NULL) 124 if (ctx == NULL)
123 goto end; 125 goto end;
124 126
125 if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey)) 127 if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
126 goto end; 128 goto end;
127 129
128 if (!sct_ctx_update(ctx, sctx, sct)) 130 if (!sct_ctx_update(ctx, sctx, sct))
129 goto end; 131 goto end;
130 132
131 /* Verify signature */ 133 /* Verify signature */
132 ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len); 134 ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
133 /* If ret < 0 some other error: fall through without setting error */ 135 /* If ret < 0 some other error: fall through without setting error */
134 if (ret == 0) 136 if (ret == 0)
135 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE); 137 CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE);
136 138
137end: 139 end:
138 EVP_MD_CTX_free(ctx); 140 EVP_MD_CTX_free(ctx);
139 return ret; 141 return ret;
140} 142}
diff --git a/src/lib/libcrypto/ct/ct_x509v3.c b/src/lib/libcrypto/ct/ct_x509v3.c
index 19c2a852d2..32312e2c6b 100644
--- a/src/lib/libcrypto/ct/ct_x509v3.c
+++ b/src/lib/libcrypto/ct/ct_x509v3.c
@@ -13,92 +13,94 @@
13 13
14#include "ct_local.h" 14#include "ct_local.h"
15 15
16static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val) 16static char *
17i2s_poison(const X509V3_EXT_METHOD *method, void *val)
17{ 18{
18 return OPENSSL_strdup("NULL"); 19 return OPENSSL_strdup("NULL");
19} 20}
20 21
21static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) 22static void *
23s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
22{ 24{
23 return ASN1_NULL_new(); 25 return ASN1_NULL_new();
24} 26}
25 27
26static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, 28static int
27 BIO *out, int indent) 29i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, BIO *out,
30 int indent)
28{ 31{
29 SCT_LIST_print(sct_list, out, indent, "\n", NULL); 32 SCT_LIST_print(sct_list, out, indent, "\n", NULL);
30 return 1; 33 return 1;
31} 34}
32 35
33static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source) 36static int
37set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
34{ 38{
35 if (s != NULL) { 39 if (s != NULL) {
36 int i; 40 int i;
37 41
38 for (i = 0; i < sk_SCT_num(s); i++) { 42 for (i = 0; i < sk_SCT_num(s); i++) {
39 int res = SCT_set_source(sk_SCT_value(s, i), source); 43 int res = SCT_set_source(sk_SCT_value(s, i), source);
40 44
41 if (res != 1) { 45 if (res != 1) {
42 return 0; 46 return 0;
43 } 47 }
44 } 48 }
45 } 49 }
46 return 1; 50 return 1;
47} 51}
48 52
49static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, 53static STACK_OF(SCT) *
50 const unsigned char **pp, 54x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
51 long len)
52{ 55{
53 STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); 56 STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
54 57
55 if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) { 58 if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
56 SCT_LIST_free(s); 59 SCT_LIST_free(s);
57 *a = NULL; 60 *a = NULL;
58 return NULL; 61 return NULL;
59 } 62 }
60 return s; 63 return s;
61} 64}
62 65
63static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, 66static STACK_OF(SCT) *o
64 const unsigned char **pp, 67csp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
65 long len)
66{ 68{
67 STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); 69 STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
68 70
69 if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) { 71 if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
70 SCT_LIST_free(s); 72 SCT_LIST_free(s);
71 *a = NULL; 73 *a = NULL;
72 return NULL; 74 return NULL;
73 } 75 }
74 return s; 76 return s;
75} 77}
76 78
77/* Handlers for X509v3/OCSP Certificate Transparency extensions */ 79/* Handlers for X509v3/OCSP Certificate Transparency extensions */
78const X509V3_EXT_METHOD v3_ct_scts[3] = { 80const X509V3_EXT_METHOD v3_ct_scts[3] = {
79 /* X509v3 extension in certificates that contains SCTs */ 81 /* X509v3 extension in certificates that contains SCTs */
80 { NID_ct_precert_scts, 0, NULL, 82 { NID_ct_precert_scts, 0, NULL,
81 NULL, (X509V3_EXT_FREE)SCT_LIST_free, 83 NULL, (X509V3_EXT_FREE)SCT_LIST_free,
82 (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST, 84 (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
83 NULL, NULL, 85 NULL, NULL,
84 NULL, NULL, 86 NULL, NULL,
85 (X509V3_EXT_I2R)i2r_SCT_LIST, NULL, 87 (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
86 NULL }, 88 NULL },
87 89
88 /* X509v3 extension to mark a certificate as a pre-certificate */ 90 /* X509v3 extension to mark a certificate as a pre-certificate */
89 { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL), 91 { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
90 NULL, NULL, NULL, NULL, 92 NULL, NULL, NULL, NULL,
91 i2s_poison, s2i_poison, 93 i2s_poison, s2i_poison,
92 NULL, NULL, 94 NULL, NULL,
93 NULL, NULL, 95 NULL, NULL,
94 NULL }, 96 NULL },
95 97
96 /* OCSP extension that contains SCTs */ 98 /* OCSP extension that contains SCTs */
97 { NID_ct_cert_scts, 0, NULL, 99 { NID_ct_cert_scts, 0, NULL,
98 0, (X509V3_EXT_FREE)SCT_LIST_free, 100 0, (X509V3_EXT_FREE)SCT_LIST_free,
99 (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST, 101 (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
100 NULL, NULL, 102 NULL, NULL,
101 NULL, NULL, 103 NULL, NULL,
102 (X509V3_EXT_I2R)i2r_SCT_LIST, NULL, 104 (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
103 NULL }, 105 NULL },
104}; 106};
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 05:16:04 +0000