1 files changed, 104 insertions, 0 deletions
diff --git a/src/lib/libcrypto/ct/ct_x509v3.c b/src/lib/libcrypto/ct/ct_x509v3.c
new file mode 100644
index 0000000000..19c2a852d2
--- /dev/null
+++ b/src/lib/libcrypto/ct/ct_x509v3.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+#include "ct_local.h"
+static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
+{
+    return OPENSSL_strdup("NULL");
+}
+static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+   return ASN1_NULL_new();
+}
+static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
+                 BIO *out, int indent)
+{
+    SCT_LIST_print(sct_list, out, indent, "\n", NULL);
+    return 1;
+}
+static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
+{
+    if (s != NULL) {
+        int i;
+        for (i = 0; i < sk_SCT_num(s); i++) {
+            int res = SCT_set_source(sk_SCT_value(s, i), source);
+            if (res != 1) {
+                return 0;
+            }
+        }
+    }
+    return 1;
+}
+static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+     STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+     if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
+         SCT_LIST_free(s);
+         *a = NULL;
+         return NULL;
+     }
+     return s;
+}
+static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+    STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+    if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
+        SCT_LIST_free(s);
+        *a = NULL;
+        return NULL;
+    }
+    return s;
+}
+/* Handlers for X509v3/OCSP Certificate Transparency extensions */
+const X509V3_EXT_METHOD v3_ct_scts[3] = {
+    /* X509v3 extension in certificates that contains SCTs */
+    { NID_ct_precert_scts, 0, NULL,
+    NULL, (X509V3_EXT_FREE)SCT_LIST_free,
+    (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    NULL, NULL,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
+    NULL },
+    /* X509v3 extension to mark a certificate as a pre-certificate */
+    { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
+    NULL, NULL, NULL, NULL,
+    i2s_poison, s2i_poison,
+    NULL, NULL,
+    NULL, NULL,
+    NULL },
+    /* OCSP extension that contains SCTs */
+    { NID_ct_cert_scts, 0, NULL,
+    0, (X509V3_EXT_FREE)SCT_LIST_free,
+    (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    NULL, NULL,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
+    NULL },
+};

diff --git a/src/lib/libcrypto/ct/ct_x509v3.c b/src/lib/libcrypto/ct/ct_x509v3.c new file mode 100644 index 0000000000..19c2a852d2 --- /dev/null +++ b/src/lib/libcrypto/ct/ct_x509v3.c
@@ -0,0 +1,104 @@
	1	/*
	2	* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#ifdef OPENSSL_NO_CT
	11	# error "CT is disabled"
	12	#endif
	13
	14	#include "ct_local.h"
	15
	16	static char i2s_poison(const X509V3_EXT_METHOD method, void *val)
	17	{
	18	return OPENSSL_strdup("NULL");
	19	}
	20
	21	static void s2i_poison(const X509V3_EXT_METHOD method, X509V3_CTX ctx, const char str)
	22	{
	23	return ASN1_NULL_new();
	24	}
	25
	26	static int i2r_SCT_LIST(X509V3_EXT_METHOD method, STACK_OF(SCT) sct_list,
	27	BIO *out, int indent)
	28	{
	29	SCT_LIST_print(sct_list, out, indent, "\n", NULL);
	30	return 1;
	31	}
	32
	33	static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
	34	{
	35	if (s != NULL) {
	36	int i;
	37
	38	for (i = 0; i < sk_SCT_num(s); i++) {
	39	int res = SCT_set_source(sk_SCT_value(s, i), source);
	40
	41	if (res != 1) {
	42	return 0;
	43	}
	44	}
	45	}
	46	return 1;
	47	}
	48
	49	static STACK_OF(SCT) x509_ext_d2i_SCT_LIST(STACK_OF(SCT) *a,
	50	const unsigned char **pp,
	51	long len)
	52	{
	53	STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
	54
	55	if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
	56	SCT_LIST_free(s);
	57	*a = NULL;
	58	return NULL;
	59	}
	60	return s;
	61	}
	62
	63	static STACK_OF(SCT) ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) *a,
	64	const unsigned char **pp,
	65	long len)
	66	{
	67	STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
	68
	69	if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
	70	SCT_LIST_free(s);
	71	*a = NULL;
	72	return NULL;
	73	}
	74	return s;
	75	}
	76
	77	/* Handlers for X509v3/OCSP Certificate Transparency extensions */
	78	const X509V3_EXT_METHOD v3_ct_scts[3] = {
	79	/* X509v3 extension in certificates that contains SCTs */
	80	{ NID_ct_precert_scts, 0, NULL,
	81	NULL, (X509V3_EXT_FREE)SCT_LIST_free,
	82	(X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
	83	NULL, NULL,
	84	NULL, NULL,
	85	(X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
	86	NULL },
	87
	88	/* X509v3 extension to mark a certificate as a pre-certificate */
	89	{ NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
	90	NULL, NULL, NULL, NULL,
	91	i2s_poison, s2i_poison,
	92	NULL, NULL,
	93	NULL, NULL,
	94	NULL },
	95
	96	/* OCSP extension that contains SCTs */
	97	{ NID_ct_cert_scts, 0, NULL,
	98	0, (X509V3_EXT_FREE)SCT_LIST_free,
	99	(X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
	100	NULL, NULL,
	101	NULL, NULL,
	102	(X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
	103	NULL },
	104	};