From eb8dd9dca1228af0cd132f515509051ecfabf6f6 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Mon, 14 Apr 2025 17:32:06 +0000 Subject: This commit was manufactured by cvs2git to create tag 'tb_20250414'. --- src/lib/libcrypto/ct/ct.h | 567 -------------------------------------- src/lib/libcrypto/ct/ct_b64.c | 226 --------------- src/lib/libcrypto/ct/ct_err.c | 149 ---------- src/lib/libcrypto/ct/ct_local.h | 260 ----------------- src/lib/libcrypto/ct/ct_log.c | 379 ------------------------- src/lib/libcrypto/ct/ct_oct.c | 464 ------------------------------- src/lib/libcrypto/ct/ct_policy.c | 163 ----------- src/lib/libcrypto/ct/ct_prn.c | 211 -------------- src/lib/libcrypto/ct/ct_sct.c | 507 ---------------------------------- src/lib/libcrypto/ct/ct_sct_ctx.c | 323 ---------------------- src/lib/libcrypto/ct/ct_vfy.c | 195 ------------- src/lib/libcrypto/ct/ct_x509v3.c | 201 -------------- 12 files changed, 3645 deletions(-) delete mode 100644 src/lib/libcrypto/ct/ct.h delete mode 100644 src/lib/libcrypto/ct/ct_b64.c delete mode 100644 src/lib/libcrypto/ct/ct_err.c delete mode 100644 src/lib/libcrypto/ct/ct_local.h delete mode 100644 src/lib/libcrypto/ct/ct_log.c delete mode 100644 src/lib/libcrypto/ct/ct_oct.c delete mode 100644 src/lib/libcrypto/ct/ct_policy.c delete mode 100644 src/lib/libcrypto/ct/ct_prn.c delete mode 100644 src/lib/libcrypto/ct/ct_sct.c delete mode 100644 src/lib/libcrypto/ct/ct_sct_ctx.c delete mode 100644 src/lib/libcrypto/ct/ct_vfy.c delete mode 100644 src/lib/libcrypto/ct/ct_x509v3.c (limited to 'src/lib/libcrypto/ct') diff --git a/src/lib/libcrypto/ct/ct.h b/src/lib/libcrypto/ct/ct.h deleted file mode 100644 index db5cf28b48..0000000000 --- a/src/lib/libcrypto/ct/ct.h +++ /dev/null @@ -1,567 +0,0 @@ -/* $OpenBSD: ct.h,v 1.8 2024/08/08 23:50:29 tb Exp $ */ -/* - * Public API for Certificate Transparency (CT). - * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 2016 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_CT_H -#define HEADER_CT_H - -#include - -#ifndef OPENSSL_NO_CT -#include -#include -#include -#ifdef __cplusplus -extern "C" { -#endif - -/* Minimum RSA key size, from RFC6962 */ -#define SCT_MIN_RSA_BITS 2048 - -/* All hashes are SHA256 in v1 of Certificate Transparency */ -#define CT_V1_HASHLEN SHA256_DIGEST_LENGTH - -typedef enum { - CT_LOG_ENTRY_TYPE_NOT_SET = -1, - CT_LOG_ENTRY_TYPE_X509 = 0, - CT_LOG_ENTRY_TYPE_PRECERT = 1 -} ct_log_entry_type_t; - -typedef enum { - SCT_VERSION_NOT_SET = -1, - SCT_VERSION_V1 = 0 -} sct_version_t; - -typedef enum { - SCT_SOURCE_UNKNOWN, - SCT_SOURCE_TLS_EXTENSION, - SCT_SOURCE_X509V3_EXTENSION, - SCT_SOURCE_OCSP_STAPLED_RESPONSE -} sct_source_t; - -typedef enum { - SCT_VALIDATION_STATUS_NOT_SET, - SCT_VALIDATION_STATUS_UNKNOWN_LOG, - SCT_VALIDATION_STATUS_VALID, - SCT_VALIDATION_STATUS_INVALID, - SCT_VALIDATION_STATUS_UNVERIFIED, - SCT_VALIDATION_STATUS_UNKNOWN_VERSION -} sct_validation_status_t; - -DECLARE_STACK_OF(SCT) -DECLARE_STACK_OF(CTLOG) - -/****************************************** - * CT policy evaluation context functions * - ******************************************/ - -/* - * Creates a new, empty policy evaluation context. - * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished - * with the CT_POLICY_EVAL_CTX. - */ -CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); - -/* Deletes a policy evaluation context and anything it owns. */ -void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); - -/* Gets the peer certificate that the SCTs are for */ -X509 *CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); - -/* - * Sets the certificate associated with the received SCTs. - * Increments the reference count of cert. - * Returns 1 on success, 0 otherwise. - */ -int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); - -/* Gets the issuer of the aforementioned certificate */ -X509 *CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); - -/* - * Sets the issuer of the certificate associated with the received SCTs. - * Increments the reference count of issuer. - * Returns 1 on success, 0 otherwise. - */ -int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); - -/* Gets the CT logs that are trusted sources of SCTs */ -const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); - -/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ -void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, - CTLOG_STORE *log_store); - -/* - * Gets the time, in milliseconds since the Unix epoch, that will be used as the - * current time when checking whether an SCT was issued in the future. - * Such SCTs will fail validation, as required by RFC6962. - */ -uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); - -/* - * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. - * If an SCT's timestamp is after this time, it will be interpreted as having - * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs - * whose timestamp is in the future", so an SCT will not validate in this case. - */ -void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); - -/***************** - * SCT functions * - *****************/ - -/* - * Creates a new, blank SCT. - * The caller is responsible for calling SCT_free when finished with the SCT. - */ -SCT *SCT_new(void); - -/* - * Creates a new SCT from some base64-encoded strings. - * The caller is responsible for calling SCT_free when finished with the SCT. - */ -SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64, - ct_log_entry_type_t entry_type, uint64_t timestamp, - const char *extensions_base64, const char *signature_base64); - -/* - * Frees the SCT and the underlying data structures. - */ -void SCT_free(SCT *sct); - -/* - * Free a stack of SCTs, and the underlying SCTs themselves. - * Intended to be compatible with X509V3_EXT_FREE. - */ -void SCT_LIST_free(STACK_OF(SCT) *a); - -/* - * Returns the version of the SCT. - */ -sct_version_t SCT_get_version(const SCT *sct); - -/* - * Set the version of an SCT. - * Returns 1 on success, 0 if the version is unrecognized. - */ -int SCT_set_version(SCT *sct, sct_version_t version); - -/* - * Returns the log entry type of the SCT. - */ -ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); - -/* - * Set the log entry type of an SCT. - * Returns 1 on success, 0 otherwise. - */ -int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); - -/* - * Gets the ID of the log that an SCT came from. - * Ownership of the log ID remains with the SCT. - * Returns the length of the log ID. - */ -size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); - -/* - * Set the log ID of an SCT to point directly to the *log_id specified. - * The SCT takes ownership of the specified pointer. - * Returns 1 on success, 0 otherwise. - */ -int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); - -/* - * Set the log ID of an SCT. - * This makes a copy of the log_id. - * Returns 1 on success, 0 otherwise. - */ -int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, - size_t log_id_len); - -/* - * Returns the timestamp for the SCT (epoch time in milliseconds). - */ -uint64_t SCT_get_timestamp(const SCT *sct); - -/* - * Set the timestamp of an SCT (epoch time in milliseconds). - */ -void SCT_set_timestamp(SCT *sct, uint64_t timestamp); - -/* - * Return the NID for the signature used by the SCT. - * For CT v1, this will be either NID_sha256WithRSAEncryption or - * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). - */ -int SCT_get_signature_nid(const SCT *sct); - -/* - * Set the signature type of an SCT - * For CT v1, this should be either NID_sha256WithRSAEncryption or - * NID_ecdsa_with_SHA256. - * Returns 1 on success, 0 otherwise. - */ -int SCT_set_signature_nid(SCT *sct, int nid); - -/* - * Set *ext to point to the extension data for the SCT. ext must not be NULL. - * The SCT retains ownership of this pointer. - * Returns length of the data pointed to. - */ -size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); - -/* - * Set the extensions of an SCT to point directly to the *ext specified. - * The SCT takes ownership of the specified pointer. - */ -void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); - -/* - * Set the extensions of an SCT. - * This takes a copy of the ext. - * Returns 1 on success, 0 otherwise. - */ -int SCT_set1_extensions(SCT *sct, const unsigned char *ext, - size_t ext_len); - -/* - * Set *sig to point to the signature for the SCT. sig must not be NULL. - * The SCT retains ownership of this pointer. - * Returns length of the data pointed to. - */ -size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); - -/* - * Set the signature of an SCT to point directly to the *sig specified. - * The SCT takes ownership of the specified pointer. - */ -void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); - -/* - * Set the signature of an SCT to be a copy of the *sig specified. - * Returns 1 on success, 0 otherwise. - */ -int SCT_set1_signature(SCT *sct, const unsigned char *sig, - size_t sig_len); - -/* - * The origin of this SCT, e.g. TLS extension, OCSP response, etc. - */ -sct_source_t SCT_get_source(const SCT *sct); - -/* - * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. - * Returns 1 on success, 0 otherwise. - */ -int SCT_set_source(SCT *sct, sct_source_t source); - -/* - * Returns a text string describing the validation status of |sct|. - */ -const char *SCT_validation_status_string(const SCT *sct); - -/* - * Pretty-prints an |sct| to |out|. - * It will be indented by the number of spaces specified by |indent|. - * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came - * from, so that the log name can be printed. - */ -void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); - -/* - * Pretty-prints an |sct_list| to |out|. - * It will be indented by the number of spaces specified by |indent|. - * SCTs will be delimited by |separator|. - * If |logs| is not NULL, it will be used to lookup the CT log that each SCT - * came from, so that the log names can be printed. - */ -void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, - const char *separator, const CTLOG_STORE *logs); - -/* - * Gets the last result of validating this SCT. - * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. - */ -sct_validation_status_t SCT_get_validation_status(const SCT *sct); - -/* - * Validates the given SCT with the provided context. - * Sets the "validation_status" field of the SCT. - * Returns 1 if the SCT is valid and the signature verifies. - * Returns 0 if the SCT is invalid or could not be verified. - * Returns -1 if an error occurs. - */ -int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); - -/* - * Validates the given list of SCTs with the provided context. - * Sets the "validation_status" field of each SCT. - * Returns 1 if there are no invalid SCTs and all signatures verify. - * Returns 0 if at least one SCT is invalid or could not be verified. - * Returns a negative integer if an error occurs. - */ -int SCT_LIST_validate(const STACK_OF(SCT) *scts, - CT_POLICY_EVAL_CTX *ctx); - - -/********************************* - * SCT parsing and serialisation * - *********************************/ - -/* - * Serialize (to TLS format) a stack of SCTs and return the length. - * "a" must not be NULL. - * If "pp" is NULL, just return the length of what would have been serialized. - * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer - * for data that caller is responsible for freeing (only if function returns - * successfully). - * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring - * that "*pp" is large enough to accept all of the serialized data. - * Returns < 0 on error, >= 0 indicating bytes written (or would have been) - * on success. - */ -int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); - -/* - * Convert TLS format SCT list to a stack of SCTs. - * If "a" or "*a" is NULL, a new stack will be created that the caller is - * responsible for freeing (by calling SCT_LIST_free). - * "**pp" and "*pp" must not be NULL. - * Upon success, "*pp" will point to after the last bytes read, and a stack - * will be returned. - * Upon failure, a NULL pointer will be returned, and the position of "*pp" is - * not defined. - */ -STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, - size_t len); - -/* - * Serialize (to DER format) a stack of SCTs and return the length. - * "a" must not be NULL. - * If "pp" is NULL, just returns the length of what would have been serialized. - * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer - * for data that caller is responsible for freeing (only if function returns - * successfully). - * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring - * that "*pp" is large enough to accept all of the serialized data. - * Returns < 0 on error, >= 0 indicating bytes written (or would have been) - * on success. - */ -int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); - -/* - * Parses an SCT list in DER format and returns it. - * If "a" or "*a" is NULL, a new stack will be created that the caller is - * responsible for freeing (by calling SCT_LIST_free). - * "**pp" and "*pp" must not be NULL. - * Upon success, "*pp" will point to after the last bytes read, and a stack - * will be returned. - * Upon failure, a NULL pointer will be returned, and the position of "*pp" is - * not defined. - */ -STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, - long len); - -/* - * Serialize (to TLS format) an |sct| and write it to |out|. - * If |out| is null, no SCT will be output but the length will still be returned. - * If |out| points to a null pointer, a string will be allocated to hold the - * TLS-format SCT. It is the responsibility of the caller to free it. - * If |out| points to an allocated string, the TLS-format SCT will be written - * to it. - * The length of the SCT in TLS format will be returned. - */ -int i2o_SCT(const SCT *sct, unsigned char **out); - -/* - * Parses an SCT in TLS format and returns it. - * If |psct| is not null, it will end up pointing to the parsed SCT. If it - * already points to a non-null pointer, the pointer will be free'd. - * |in| should be a pointer to a string containing the TLS-format SCT. - * |in| will be advanced to the end of the SCT if parsing succeeds. - * |len| should be the length of the SCT in |in|. - * Returns NULL if an error occurs. - * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' - * fields will be populated (with |in| and |len| respectively). - */ -SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); - -/******************** - * CT log functions * - ********************/ - -/* - * Creates a new CT log instance with the given |public_key| and |name|. - * Takes ownership of |public_key| but copies |name|. - * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. - * Should be deleted by the caller using CTLOG_free when no longer needed. - */ -CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); - -/* - * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER - * in |pkey_base64|. The |name| is a string to help users identify this log. - * Returns 1 on success, 0 on failure. - * Should be deleted by the caller using CTLOG_free when no longer needed. - */ -int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, - const char *name); - -/* - * Deletes a CT log instance and its fields. - */ -void CTLOG_free(CTLOG *log); - -/* Gets the name of the CT log */ -const char *CTLOG_get0_name(const CTLOG *log); -/* Gets the ID of the CT log */ -void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, - size_t *log_id_len); -/* Gets the public key of the CT log */ -EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); - -/************************** - * CT log store functions * - **************************/ - -/* - * Creates a new CT log store. - * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. - */ -CTLOG_STORE *CTLOG_STORE_new(void); - -/* - * Deletes a CT log store and all of the CT log instances held within. - */ -void CTLOG_STORE_free(CTLOG_STORE *store); - -/* - * Finds a CT log in the store based on its log ID. - * Returns the CT log, or NULL if no match is found. - */ -const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, - const uint8_t *log_id, size_t log_id_len); - -/* - * Loads a CT log list into a |store| from a |file|. - * Returns 1 if loading is successful, or 0 otherwise. - */ -int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); - -/* - * Loads the default CT log list into a |store|. - * Returns 1 if loading is successful, or 0 otherwise. - */ -int CTLOG_STORE_load_default_file(CTLOG_STORE *store); - -int ERR_load_CT_strings(void); - -/* - * CT function codes. - */ -# define CT_F_CTLOG_NEW 117 -# define CT_F_CTLOG_NEW_FROM_BASE64 118 -# define CT_F_CTLOG_NEW_FROM_CONF 119 -# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 -# define CT_F_CTLOG_STORE_LOAD_FILE 123 -# define CT_F_CTLOG_STORE_LOAD_LOG 130 -# define CT_F_CTLOG_STORE_NEW 131 -# define CT_F_CT_BASE64_DECODE 124 -# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 -# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 -# define CT_F_I2O_SCT 107 -# define CT_F_I2O_SCT_LIST 108 -# define CT_F_I2O_SCT_SIGNATURE 109 -# define CT_F_O2I_SCT 110 -# define CT_F_O2I_SCT_LIST 111 -# define CT_F_O2I_SCT_SIGNATURE 112 -# define CT_F_SCT_CTX_NEW 126 -# define CT_F_SCT_CTX_VERIFY 128 -# define CT_F_SCT_NEW 100 -# define CT_F_SCT_NEW_FROM_BASE64 127 -# define CT_F_SCT_SET0_LOG_ID 101 -# define CT_F_SCT_SET1_EXTENSIONS 114 -# define CT_F_SCT_SET1_LOG_ID 115 -# define CT_F_SCT_SET1_SIGNATURE 116 -# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 -# define CT_F_SCT_SET_SIGNATURE_NID 103 -# define CT_F_SCT_SET_VERSION 104 - -/* - * CT reason codes. - */ -# define CT_R_BASE64_DECODE_ERROR 108 -# define CT_R_INVALID_LOG_ID_LENGTH 100 -# define CT_R_LOG_CONF_INVALID 109 -# define CT_R_LOG_CONF_INVALID_KEY 110 -# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 -# define CT_R_LOG_CONF_MISSING_KEY 112 -# define CT_R_LOG_KEY_INVALID 113 -# define CT_R_SCT_FUTURE_TIMESTAMP 116 -# define CT_R_SCT_INVALID 104 -# define CT_R_SCT_INVALID_SIGNATURE 107 -# define CT_R_SCT_LIST_INVALID 105 -# define CT_R_SCT_LOG_ID_MISMATCH 114 -# define CT_R_SCT_NOT_SET 106 -# define CT_R_SCT_UNSUPPORTED_VERSION 115 -# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 -# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 -# define CT_R_UNSUPPORTED_VERSION 103 - -#ifdef __cplusplus -} -#endif -#endif -#endif diff --git a/src/lib/libcrypto/ct/ct_b64.c b/src/lib/libcrypto/ct/ct_b64.c deleted file mode 100644 index 101cd1e2b1..0000000000 --- a/src/lib/libcrypto/ct/ct_b64.c +++ /dev/null @@ -1,226 +0,0 @@ -/* $OpenBSD: ct_b64.c,v 1.7 2023/07/08 07:22:58 beck Exp $ */ -/* - * Written by Rob Stradling (rob@comodo.com) and Stephen Henson - * (steve@openssl.org) for the OpenSSL project 2014. - */ -/* ==================================================================== - * Copyright (c) 2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include -#include -#include - -#include "bytestring.h" -#include "ct_local.h" - -/* - * Decodes the base64 string |in| into |out|. - * A new string will be malloc'd and assigned to |out|. This will be owned by - * the caller. Do not provide a pre-allocated string in |out|. - */ -static int -ct_base64_decode(const char *in, unsigned char **out) -{ - size_t inlen = strlen(in); - int outlen, i; - unsigned char *outbuf = NULL; - - if (inlen == 0) { - *out = NULL; - return 0; - } - - outlen = (inlen / 4) * 3; - outbuf = malloc(outlen); - if (outbuf == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - - outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen); - if (outlen < 0) { - CTerror(CT_R_BASE64_DECODE_ERROR); - goto err; - } - - /* - * Subtract padding bytes from |outlen|. - * Any more than 2 is malformed. - */ - i = 0; - while (in[--inlen] == '=') { - --outlen; - if (++i > 2) - goto err; - } - - *out = outbuf; - return outlen; - err: - free(outbuf); - return -1; -} - -SCT * -SCT_new_from_base64(unsigned char version, const char *logid_base64, - ct_log_entry_type_t entry_type, uint64_t timestamp, - const char *extensions_base64, const char *signature_base64) -{ - unsigned char *dec = NULL; - int declen; - SCT *sct; - CBS cbs; - - if ((sct = SCT_new()) == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - - /* - * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we - * can only construct SCT versions that have been defined. - */ - if (!SCT_set_version(sct, version)) { - CTerror(CT_R_SCT_UNSUPPORTED_VERSION); - goto err; - } - - declen = ct_base64_decode(logid_base64, &dec); - if (declen < 0) { - CTerror(X509_R_BASE64_DECODE_ERROR); - goto err; - } - if (!SCT_set0_log_id(sct, dec, declen)) - goto err; - dec = NULL; - - declen = ct_base64_decode(extensions_base64, &dec); - if (declen < 0) { - CTerror(X509_R_BASE64_DECODE_ERROR); - goto err; - } - SCT_set0_extensions(sct, dec, declen); - dec = NULL; - - declen = ct_base64_decode(signature_base64, &dec); - if (declen < 0) { - CTerror(X509_R_BASE64_DECODE_ERROR); - goto err; - } - - CBS_init(&cbs, dec, declen); - if (!o2i_SCT_signature(sct, &cbs)) - goto err; - free(dec); - dec = NULL; - - SCT_set_timestamp(sct, timestamp); - - if (!SCT_set_log_entry_type(sct, entry_type)) - goto err; - - return sct; - - err: - free(dec); - SCT_free(sct); - return NULL; -} -LCRYPTO_ALIAS(SCT_new_from_base64); - -/* - * Allocate, build and returns a new |ct_log| from input |pkey_base64| - * It returns 1 on success, - * 0 on decoding failure, or invalid parameter if any - * -1 on internal (malloc) failure - */ -int -CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name) -{ - unsigned char *pkey_der = NULL; - int pkey_der_len; - const unsigned char *p; - EVP_PKEY *pkey = NULL; - - if (ct_log == NULL) { - CTerror(ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der); - if (pkey_der_len < 0) { - CTerror(CT_R_LOG_CONF_INVALID_KEY); - return 0; - } - - p = pkey_der; - pkey = d2i_PUBKEY(NULL, &p, pkey_der_len); - free(pkey_der); - if (pkey == NULL) { - CTerror(CT_R_LOG_CONF_INVALID_KEY); - return 0; - } - - *ct_log = CTLOG_new(pkey, name); - if (*ct_log == NULL) { - EVP_PKEY_free(pkey); - return 0; - } - - return 1; -} -LCRYPTO_ALIAS(CTLOG_new_from_base64); diff --git a/src/lib/libcrypto/ct/ct_err.c b/src/lib/libcrypto/ct/ct_err.c deleted file mode 100644 index 494f88b898..0000000000 --- a/src/lib/libcrypto/ct/ct_err.c +++ /dev/null @@ -1,149 +0,0 @@ -/* $OpenBSD: ct_err.c,v 1.8 2024/06/24 06:43:22 tb Exp $ */ -/* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#include "err_local.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA CT_str_functs[] = { - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0), - "CTLOG_new_from_base64"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), - "ctlog_new_from_conf"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0), - "ctlog_store_load_ctx_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0), - "CTLOG_STORE_load_file"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0), - "ctlog_store_load_log"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0), - "CT_POLICY_EVAL_CTX_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0), - "ct_v1_log_id_from_pkey"}, - {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"}, - {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"}, - {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"}, - {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"}, - {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"}, - {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), - "SCT_new_from_base64"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), - "SCT_set1_extensions"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), - "SCT_set1_signature"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0), - "SCT_set_log_entry_type"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0), - "SCT_set_signature_nid"}, - {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"}, - {0, NULL} -}; - -static const ERR_STRING_DATA CT_str_reasons[] = { - {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), - "base64 decode error"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH), - "invalid log id length"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY), - "log conf invalid key"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION), - "log conf missing description"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY), - "log conf missing key"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP), - "sct future timestamp"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE), - "sct invalid signature"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), - "sct log id mismatch"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION), - "sct unsupported version"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID), - "unrecognized signature nid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE), - "unsupported entry type"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), - "unsupported version"}, - {0, NULL} -}; - -#endif - -int -ERR_load_CT_strings(void) -{ - if (ERR_func_error_string(CT_str_functs[0].error) == NULL) { - ERR_load_const_strings(CT_str_functs); - ERR_load_const_strings(CT_str_reasons); - } - return 1; -} diff --git a/src/lib/libcrypto/ct/ct_local.h b/src/lib/libcrypto/ct/ct_local.h deleted file mode 100644 index cd19ed096a..0000000000 --- a/src/lib/libcrypto/ct/ct_local.h +++ /dev/null @@ -1,260 +0,0 @@ -/* $OpenBSD: ct_local.h,v 1.8 2021/12/20 17:19:19 jsing Exp $ */ -/* - * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 2016 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#include - -#include -#include -#include -#include -#include - -#include "bytestring.h" - -/* Number of bytes in an SCT v1 LogID - see RFC 6962 section 3.2. */ -#define CT_V1_LOG_ID_LEN 32 - -/* Maximum size of an SCT - see RFC 6962 section 3.3. */ -#define MAX_SCT_SIZE 65535 -#define MAX_SCT_LIST_SIZE MAX_SCT_SIZE - -/* - * Macros to write integers in network-byte order. - */ - -#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ - c[1]=(unsigned char)(((s) )&0xff)),c+=2) - -#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ - c[1]=(unsigned char)(((l)>> 8)&0xff), \ - c[2]=(unsigned char)(((l) )&0xff)),c+=3) - -#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* Signed Certificate Timestamp */ -struct sct_st { - sct_version_t version; - /* If version is not SCT_VERSION_V1, this contains the encoded SCT */ - unsigned char *sct; - size_t sct_len; - /* - * If version is SCT_VERSION_V1, fields below contain components of - * the SCT - */ - unsigned char *log_id; - size_t log_id_len; - /* - * Note, we cannot distinguish between an unset timestamp, and one - * that is set to 0. However since CT didn't exist in 1970, no real - * SCT should ever be set as such. - */ - uint64_t timestamp; - unsigned char *ext; - size_t ext_len; - unsigned char hash_alg; - unsigned char sig_alg; - unsigned char *sig; - size_t sig_len; - /* Log entry type */ - ct_log_entry_type_t entry_type; - /* Where this SCT was found, e.g. certificate, OCSP response, etc. */ - sct_source_t source; - /* The result of the last attempt to validate this SCT. */ - sct_validation_status_t validation_status; -}; - -/* Miscellaneous data that is useful when verifying an SCT */ -struct sct_ctx_st { - /* Public key */ - EVP_PKEY *pkey; - /* Hash of public key */ - unsigned char *pkeyhash; - size_t pkeyhashlen; - /* For pre-certificate: issuer public key hash */ - unsigned char *ihash; - size_t ihashlen; - /* certificate encoding */ - unsigned char *certder; - size_t certderlen; - /* pre-certificate encoding */ - unsigned char *preder; - size_t prederlen; - /* - * milliseconds since epoch (to check that the SCT isn't from the - * future) - */ - uint64_t epoch_time_in_ms; -}; - -/* Context when evaluating whether a Certificate Transparency policy is met */ -struct ct_policy_eval_ctx_st { - X509 *cert; - X509 *issuer; - CTLOG_STORE *log_store; - /* - * milliseconds since epoch (to check that the SCT isn't from the - * future) - */ - uint64_t epoch_time_in_ms; -}; - -/* - * Creates a new context for verifying an SCT. - */ -SCT_CTX *SCT_CTX_new(void); -/* - * Deletes an SCT verification context. - */ -void SCT_CTX_free(SCT_CTX *sctx); - -/* - * Sets the certificate that the SCT was created for. - * If *cert does not have a poison extension, presigner must be NULL. - * If *cert does not have a poison extension, it may have a single SCT - * (NID_ct_precert_scts) extension. - * If either *cert or *presigner have an AKID (NID_authority_key_identifier) - * extension, both must have one. - * Returns 1 on success, 0 on failure. - */ -int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner); - -/* - * Sets the issuer of the certificate that the SCT was created for. - * This is just a convenience method to save extracting the public key and - * calling SCT_CTX_set1_issuer_pubkey(). - * Issuer must not be NULL. - * Returns 1 on success, 0 on failure. - */ -int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer); - -/* - * Sets the public key of the issuer of the certificate that the SCT was created - * for. - * The public key must not be NULL. - * Returns 1 on success, 0 on failure. - */ -int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); - -/* - * Sets the public key of the CT log that the SCT is from. - * Returns 1 on success, 0 on failure. - */ -int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); - -/* - * Sets the time to evaluate the SCT against, in milliseconds since the Unix - * epoch. If the SCT's timestamp is after this time, it will be interpreted as - * having been issued in the future. RFC6962 states that "TLS clients MUST - * reject SCTs whose timestamp is in the future", so an SCT will not validate - * in this case. - */ -void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms); - -/* - * Verifies an SCT with the given context. - * Returns 1 if the SCT verifies successfully; any other value indicates - * failure. See EVP_DigestVerifyFinal() for the meaning of those values. - */ -int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct); - -/* - * Does this SCT have the minimum fields populated to be usable? - * Returns 1 if so, 0 otherwise. - */ -int SCT_is_complete(const SCT *sct); - -/* - * Does this SCT have the signature-related fields populated? - * Returns 1 if so, 0 otherwise. - * This checks that the signature and hash algorithms are set to supported - * values and that the signature field is set. - */ -int SCT_signature_is_complete(const SCT *sct); - -/* - * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature - * and o2i_SCT_signature conform to the i2d/d2i conventions. - */ - -/* - * Serialize (to TLS format) an |sct| signature and write it to |out|. - * If |out| is null, no signature will be output but the length will be returned. - * If |out| points to a null pointer, a string will be allocated to hold the - * TLS-format signature. It is the responsibility of the caller to free it. - * If |out| points to an allocated string, the signature will be written to it. - * The length of the signature in TLS format will be returned. - */ -int i2o_SCT_signature(const SCT *sct, unsigned char **out); - -/* - * Parses an SCT signature in TLS format and populates the |sct| with it. - * |in| should be a pointer to a string containing the TLS-format signature. - * |in| will be advanced to the end of the signature if parsing succeeds. - * |len| should be the length of the signature in |in|. - * Returns the number of bytes parsed, or a negative integer if an error occurs. - * If an error occurs, the SCT's signature NID may be updated whilst the - * signature field itself remains unset. - */ -int o2i_SCT_signature(SCT *sct, CBS *cbs); - -/* - * Handlers for Certificate Transparency X509v3/OCSP extensions - */ -extern const X509V3_EXT_METHOD v3_ct_scts[3]; diff --git a/src/lib/libcrypto/ct/ct_log.c b/src/lib/libcrypto/ct/ct_log.c deleted file mode 100644 index 72045477ac..0000000000 --- a/src/lib/libcrypto/ct/ct_log.c +++ /dev/null @@ -1,379 +0,0 @@ -/* $OpenBSD: ct_log.c,v 1.9 2024/11/05 09:35:40 tb Exp $ */ -/* Author: Adam Eijdenberg . */ -/* ==================================================================== - * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "conf_local.h" -#include "crypto_local.h" - - -/* - * Information about a CT log server. - */ -struct ctlog_st { - char *name; - uint8_t log_id[CT_V1_HASHLEN]; - EVP_PKEY *public_key; -}; - -/* - * A store for multiple CTLOG instances. - * It takes ownership of any CTLOG instances added to it. - */ -struct ctlog_store_st { - STACK_OF(CTLOG) *logs; -}; - -/* The context when loading a CT log list from a CONF file. */ -typedef struct ctlog_store_load_ctx_st { - CTLOG_STORE *log_store; - CONF *conf; - size_t invalid_log_entries; -} CTLOG_STORE_LOAD_CTX; - -/* - * Creates an empty context for loading a CT log store. - * It should be populated before use. - */ -static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void); - -/* - * Deletes a CT log store load context. - * Does not delete any of the fields. - */ -static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx); - -static CTLOG_STORE_LOAD_CTX * -ctlog_store_load_ctx_new(void) -{ - CTLOG_STORE_LOAD_CTX *ctx = calloc(1, sizeof(*ctx)); - - if (ctx == NULL) - CTerror(ERR_R_MALLOC_FAILURE); - - return ctx; -} - -static void -ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx) -{ - free(ctx); -} - -/* Converts a log's public key into a SHA256 log ID */ -static int -ct_v1_log_id_from_pkey(EVP_PKEY *pkey, unsigned char log_id[CT_V1_HASHLEN]) -{ - int ret = 0; - unsigned char *pkey_der = NULL; - int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der); - - if (pkey_der_len <= 0) { - CTerror(CT_R_LOG_KEY_INVALID); - goto err; - } - - SHA256(pkey_der, pkey_der_len, log_id); - ret = 1; - err: - free(pkey_der); - return ret; -} - -CTLOG_STORE * -CTLOG_STORE_new(void) -{ - CTLOG_STORE *ret = calloc(1, sizeof(*ret)); - - if (ret == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->logs = sk_CTLOG_new_null(); - if (ret->logs == NULL) - goto err; - - return ret; - err: - free(ret); - return NULL; -} -LCRYPTO_ALIAS(CTLOG_STORE_new); - -void -CTLOG_STORE_free(CTLOG_STORE *store) -{ - if (store != NULL) { - sk_CTLOG_pop_free(store->logs, CTLOG_free); - free(store); - } -} -LCRYPTO_ALIAS(CTLOG_STORE_free); - -static int -ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section) -{ - const char *description = NCONF_get_string(conf, section, - "description"); - char *pkey_base64; - - if (description == NULL) { - CTerror(CT_R_LOG_CONF_MISSING_DESCRIPTION); - return 0; - } - - pkey_base64 = NCONF_get_string(conf, section, "key"); - if (pkey_base64 == NULL) { - CTerror(CT_R_LOG_CONF_MISSING_KEY); - return 0; - } - - return CTLOG_new_from_base64(ct_log, pkey_base64, description); -} - -int -CTLOG_STORE_load_default_file(CTLOG_STORE *store) -{ - return CTLOG_STORE_load_file(store, CTLOG_FILE); -} -LCRYPTO_ALIAS(CTLOG_STORE_load_default_file); - -/* - * Called by CONF_parse_list, which stops if this returns <= 0, - * Otherwise, one bad log entry would stop loading of any of - * the following log entries. - * It may stop parsing and returns -1 on any internal (malloc) error. - */ -static int -ctlog_store_load_log(const char *log_name, int log_name_len, void *arg) -{ - CTLOG_STORE_LOAD_CTX *load_ctx = arg; - CTLOG *ct_log = NULL; - /* log_name may not be null-terminated, so fix that before using it */ - char *tmp; - int ret = 0; - - /* log_name will be NULL for empty list entries */ - if (log_name == NULL) - return 1; - - tmp = strndup(log_name, log_name_len); - if (tmp == NULL) - goto mem_err; - - ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp); - free(tmp); - - if (ret < 0) { - /* Propagate any internal error */ - return ret; - } - if (ret == 0) { - /* If we can't load this log, record that fact and skip it */ - ++load_ctx->invalid_log_entries; - return 1; - } - - if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) { - goto mem_err; - } - return 1; - - mem_err: - CTLOG_free(ct_log); - CTerror(ERR_R_MALLOC_FAILURE); - return -1; -} - -int -CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file) -{ - int ret = 0; - char *enabled_logs; - CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new(); - - if (load_ctx == NULL) - return 0; - load_ctx->log_store = store; - load_ctx->conf = NCONF_new(NULL); - if (load_ctx->conf == NULL) - goto end; - - if (NCONF_load(load_ctx->conf, file, NULL) <= 0) { - CTerror(CT_R_LOG_CONF_INVALID); - goto end; - } - - enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs"); - if (enabled_logs == NULL) { - CTerror(CT_R_LOG_CONF_INVALID); - goto end; - } - - if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) || - load_ctx->invalid_log_entries > 0) { - CTerror(CT_R_LOG_CONF_INVALID); - goto end; - } - - ret = 1; - end: - NCONF_free(load_ctx->conf); - ctlog_store_load_ctx_free(load_ctx); - return ret; -} -LCRYPTO_ALIAS(CTLOG_STORE_load_file); - -/* - * Initialize a new CTLOG object. - * Takes ownership of the public key. - * Copies the name. - */ -CTLOG * -CTLOG_new(EVP_PKEY *public_key, const char *name) -{ - CTLOG *ret = calloc(1, sizeof(*ret)); - - if (ret == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->name = strdup(name); - if (ret->name == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - - if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1) - goto err; - - ret->public_key = public_key; - return ret; - err: - CTLOG_free(ret); - return NULL; -} -LCRYPTO_ALIAS(CTLOG_new); - -/* Frees CT log and associated structures */ -void -CTLOG_free(CTLOG *log) -{ - if (log != NULL) { - free(log->name); - EVP_PKEY_free(log->public_key); - free(log); - } -} -LCRYPTO_ALIAS(CTLOG_free); - -const char * -CTLOG_get0_name(const CTLOG *log) -{ - return log->name; -} -LCRYPTO_ALIAS(CTLOG_get0_name); - -void -CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, size_t *log_id_len) -{ - *log_id = log->log_id; - *log_id_len = CT_V1_HASHLEN; -} -LCRYPTO_ALIAS(CTLOG_get0_log_id); - -EVP_PKEY * -CTLOG_get0_public_key(const CTLOG *log) -{ - return log->public_key; -} -LCRYPTO_ALIAS(CTLOG_get0_public_key); - -/* - * Given a log ID, finds the matching log. - * Returns NULL if no match found. - */ -const CTLOG * -CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, const uint8_t *log_id, - size_t log_id_len) -{ - int i; - - for (i = 0; i < sk_CTLOG_num(store->logs); ++i) { - const CTLOG *log = sk_CTLOG_value(store->logs, i); - if (memcmp(log->log_id, log_id, log_id_len) == 0) - return log; - } - - return NULL; -} -LCRYPTO_ALIAS(CTLOG_STORE_get0_log_by_id); diff --git a/src/lib/libcrypto/ct/ct_oct.c b/src/lib/libcrypto/ct/ct_oct.c deleted file mode 100644 index 1f5e5c75d0..0000000000 --- a/src/lib/libcrypto/ct/ct_oct.c +++ /dev/null @@ -1,464 +0,0 @@ -/* $OpenBSD: ct_oct.c,v 1.9 2023/07/08 07:22:58 beck Exp $ */ -/* - * Written by Rob Stradling (rob@comodo.com) and Stephen Henson - * (steve@openssl.org) for the OpenSSL project 2014. - */ -/* ==================================================================== - * Copyright (c) 2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifdef OPENSSL_NO_CT -# error "CT is disabled" -#endif - -#include -#include - -#include -#include -#include -#include - -#include "bytestring.h" -#include "ct_local.h" - -int -o2i_SCT_signature(SCT *sct, CBS *cbs) -{ - uint8_t hash_alg, sig_alg; - CBS signature; - - if (sct->version != SCT_VERSION_V1) { - CTerror(CT_R_UNSUPPORTED_VERSION); - return 0; - } - - /* - * Parse a digitally-signed element - see RFC 6962 section 3.2 and - * RFC 5246 sections 4.7 and 7.4.1.4.1. - */ - if (!CBS_get_u8(cbs, &hash_alg)) - goto err_invalid; - if (!CBS_get_u8(cbs, &sig_alg)) - goto err_invalid; - if (!CBS_get_u16_length_prefixed(cbs, &signature)) - goto err_invalid; - if (CBS_len(cbs) != 0) - goto err_invalid; - - /* - * Reject empty signatures since they are invalid for all supported - * algorithms (this really should be done by SCT_set1_signature()). - */ - if (CBS_len(&signature) == 0) - goto err_invalid; - - sct->hash_alg = hash_alg; - sct->sig_alg = sig_alg; - - if (SCT_get_signature_nid(sct) == NID_undef) - goto err_invalid; - - if (!SCT_set1_signature(sct, CBS_data(&signature), CBS_len(&signature))) - return 0; - - return 1; - - err_invalid: - CTerror(CT_R_SCT_INVALID_SIGNATURE); - return 0; -} - -static int -o2i_SCT_internal(SCT **out_sct, CBS *cbs) -{ - SCT *sct = NULL; - uint8_t version; - - *out_sct = NULL; - - if ((sct = SCT_new()) == NULL) - goto err; - - if (CBS_len(cbs) > MAX_SCT_SIZE) - goto err_invalid; - if (!CBS_peek_u8(cbs, &version)) - goto err_invalid; - - sct->version = version; - - if (version == SCT_VERSION_V1) { - CBS extensions, log_id; - uint64_t timestamp; - - /* - * Parse a v1 SignedCertificateTimestamp - see RFC 6962 - * section 3.2. - */ - if (!CBS_get_u8(cbs, &version)) - goto err_invalid; - if (!CBS_get_bytes(cbs, &log_id, CT_V1_LOG_ID_LEN)) - goto err_invalid; - if (!CBS_get_u64(cbs, ×tamp)) - goto err_invalid; - if (!CBS_get_u16_length_prefixed(cbs, &extensions)) - goto err_invalid; - - if (!CBS_stow(&log_id, &sct->log_id, &sct->log_id_len)) - goto err; - - sct->timestamp = timestamp; - - if (!CBS_stow(&extensions, &sct->ext, &sct->ext_len)) - goto err; - - if (!o2i_SCT_signature(sct, cbs)) - goto err; - - if (CBS_len(cbs) != 0) - goto err_invalid; - } else { - /* If not V1 just cache encoding. */ - if (!CBS_stow(cbs, &sct->sct, &sct->sct_len)) - goto err; - } - - *out_sct = sct; - - return 1; - - err_invalid: - CTerror(CT_R_SCT_INVALID); - err: - SCT_free(sct); - - return 0; -} - -SCT * -o2i_SCT(SCT **psct, const unsigned char **in, size_t len) -{ - SCT *sct; - CBS cbs; - - CBS_init(&cbs, *in, len); - - if (psct != NULL) { - SCT_free(*psct); - *psct = NULL; - } - - if (!o2i_SCT_internal(&sct, &cbs)) - return NULL; - - if (psct != NULL) - *psct = sct; - - *in = CBS_data(&cbs); - - return sct; -} -LCRYPTO_ALIAS(o2i_SCT); - -int -i2o_SCT_signature(const SCT *sct, unsigned char **out) -{ - size_t len; - unsigned char *p = NULL, *pstart = NULL; - - if (!SCT_signature_is_complete(sct)) { - CTerror(CT_R_SCT_INVALID_SIGNATURE); - goto err; - } - - if (sct->version != SCT_VERSION_V1) { - CTerror(CT_R_UNSUPPORTED_VERSION); - goto err; - } - - /* - * (1 byte) Hash algorithm - * (1 byte) Signature algorithm - * (2 bytes + ?) Signature - */ - len = 4 + sct->sig_len; - - if (out != NULL) { - if (*out != NULL) { - p = *out; - *out += len; - } else { - pstart = p = malloc(len); - if (p == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - *out = p; - } - - *p++ = sct->hash_alg; - *p++ = sct->sig_alg; - s2n(sct->sig_len, p); - memcpy(p, sct->sig, sct->sig_len); - } - - return len; - err: - free(pstart); - return -1; -} - -int -i2o_SCT(const SCT *sct, unsigned char **out) -{ - size_t len; - unsigned char *p = NULL, *pstart = NULL; - - if (!SCT_is_complete(sct)) { - CTerror(CT_R_SCT_NOT_SET); - goto err; - } - /* - * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes) - * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions - * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2 - * bytes + ?) Signature - */ - if (sct->version == SCT_VERSION_V1) - len = 43 + sct->ext_len + 4 + sct->sig_len; - else - len = sct->sct_len; - - if (out == NULL) - return len; - - if (*out != NULL) { - p = *out; - *out += len; - } else { - pstart = p = malloc(len); - if (p == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - *out = p; - } - - if (sct->version == SCT_VERSION_V1) { - *p++ = sct->version; - memcpy(p, sct->log_id, CT_V1_HASHLEN); - p += CT_V1_HASHLEN; - l2n8(sct->timestamp, p); - s2n(sct->ext_len, p); - if (sct->ext_len > 0) { - memcpy(p, sct->ext, sct->ext_len); - p += sct->ext_len; - } - if (i2o_SCT_signature(sct, &p) <= 0) - goto err; - } else { - memcpy(p, sct->sct, len); - } - - return len; - err: - free(pstart); - return -1; -} -LCRYPTO_ALIAS(i2o_SCT); - -STACK_OF(SCT) * -o2i_SCT_LIST(STACK_OF(SCT) **out_scts, const unsigned char **pp, size_t len) -{ - CBS cbs, cbs_scts, cbs_sct; - STACK_OF(SCT) *scts = NULL; - - CBS_init(&cbs, *pp, len); - - if (CBS_len(&cbs) > MAX_SCT_LIST_SIZE) - goto err_invalid; - if (!CBS_get_u16_length_prefixed(&cbs, &cbs_scts)) - goto err_invalid; - if (CBS_len(&cbs) != 0) - goto err_invalid; - - if (out_scts != NULL) { - SCT_LIST_free(*out_scts); - *out_scts = NULL; - } - - if ((scts = sk_SCT_new_null()) == NULL) - return NULL; - - while (CBS_len(&cbs_scts) > 0) { - SCT *sct; - - if (!CBS_get_u16_length_prefixed(&cbs_scts, &cbs_sct)) - goto err_invalid; - - if (!o2i_SCT_internal(&sct, &cbs_sct)) - goto err; - if (!sk_SCT_push(scts, sct)) { - SCT_free(sct); - goto err; - } - } - - if (out_scts != NULL) - *out_scts = scts; - - *pp = CBS_data(&cbs); - - return scts; - - err_invalid: - CTerror(CT_R_SCT_LIST_INVALID); - err: - SCT_LIST_free(scts); - - return NULL; -} -LCRYPTO_ALIAS(o2i_SCT_LIST); - -int -i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp) -{ - int len, sct_len, i, is_pp_new = 0; - size_t len2; - unsigned char *p = NULL, *p2; - - if (pp != NULL) { - if (*pp == NULL) { - if ((len = i2o_SCT_LIST(a, NULL)) == -1) { - CTerror(CT_R_SCT_LIST_INVALID); - return -1; - } - if ((*pp = malloc(len)) == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - return -1; - } - is_pp_new = 1; - } - p = *pp + 2; - } - - len2 = 2; - for (i = 0; i < sk_SCT_num(a); i++) { - if (pp != NULL) { - p2 = p; - p += 2; - if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1) - goto err; - s2n(sct_len, p2); - } else { - if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1) - goto err; - } - len2 += 2 + sct_len; - } - - if (len2 > MAX_SCT_LIST_SIZE) - goto err; - - if (pp != NULL) { - p = *pp; - s2n(len2 - 2, p); - if (!is_pp_new) - *pp += len2; - } - return len2; - - err: - if (is_pp_new) { - free(*pp); - *pp = NULL; - } - return -1; -} -LCRYPTO_ALIAS(i2o_SCT_LIST); - -STACK_OF(SCT) * -d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) -{ - ASN1_OCTET_STRING *oct = NULL; - STACK_OF(SCT) *sk = NULL; - const unsigned char *p; - - p = *pp; - if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL) - return NULL; - - p = oct->data; - if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL) - *pp += len; - - ASN1_OCTET_STRING_free(oct); - return sk; -} -LCRYPTO_ALIAS(d2i_SCT_LIST); - -int -i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out) -{ - ASN1_OCTET_STRING oct; - int len; - - oct.data = NULL; - if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1) - return -1; - - len = i2d_ASN1_OCTET_STRING(&oct, out); - free(oct.data); - return len; -} -LCRYPTO_ALIAS(i2d_SCT_LIST); diff --git a/src/lib/libcrypto/ct/ct_policy.c b/src/lib/libcrypto/ct/ct_policy.c deleted file mode 100644 index eb2b312019..0000000000 --- a/src/lib/libcrypto/ct/ct_policy.c +++ /dev/null @@ -1,163 +0,0 @@ -/* $OpenBSD: ct_policy.c,v 1.6 2023/07/08 07:22:58 beck Exp $ */ -/* - * Implementations of Certificate Transparency SCT policies. - * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. - */ -/* ==================================================================== - * Copyright (c) 2016 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifdef OPENSSL_NO_CT -# error "CT is disabled" -#endif - -#include -#include -#include - -#include "ct_local.h" - -/* - * Number of seconds in the future that an SCT timestamp can be, by default, - * without being considered invalid. This is added to time() when setting a - * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms. - * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time(). - */ -static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300; - -CT_POLICY_EVAL_CTX * -CT_POLICY_EVAL_CTX_new(void) -{ - CT_POLICY_EVAL_CTX *ctx = calloc(1, sizeof(CT_POLICY_EVAL_CTX)); - - if (ctx == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - - /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */ - ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * - 1000; - - return ctx; -} -LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_new); - -void -CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx) -{ - if (ctx == NULL) - return; - X509_free(ctx->cert); - X509_free(ctx->issuer); - free(ctx); -} -LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_free); - -int -CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert) -{ - if (!X509_up_ref(cert)) - return 0; - ctx->cert = cert; - return 1; -} -LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_set1_cert); - -int -CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer) -{ - if (!X509_up_ref(issuer)) - return 0; - ctx->issuer = issuer; - return 1; -} -LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_set1_issuer); - -void -CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, - CTLOG_STORE *log_store) -{ - ctx->log_store = log_store; -} -LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE); - -void -CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms) -{ - ctx->epoch_time_in_ms = time_in_ms; -} -LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_set_time); - -X509 * -CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx) -{ - return ctx->cert; -} -LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_get0_cert); - -X509 * -CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx) -{ - return ctx->issuer; -} -LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_get0_issuer); - -const CTLOG_STORE * -CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx) -{ - return ctx->log_store; -} -LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_get0_log_store); - -uint64_t -CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx) -{ - return ctx->epoch_time_in_ms; -} -LCRYPTO_ALIAS(CT_POLICY_EVAL_CTX_get_time); diff --git a/src/lib/libcrypto/ct/ct_prn.c b/src/lib/libcrypto/ct/ct_prn.c deleted file mode 100644 index e6931eeb09..0000000000 --- a/src/lib/libcrypto/ct/ct_prn.c +++ /dev/null @@ -1,211 +0,0 @@ -/* $OpenBSD: ct_prn.c,v 1.7 2023/07/08 07:22:58 beck Exp $ */ -/* - * Written by Rob Stradling (rob@comodo.com) and Stephen Henson - * (steve@openssl.org) for the OpenSSL project 2014. - */ -/* ==================================================================== - * Copyright (c) 2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifdef OPENSSL_NO_CT -# error "CT is disabled" -#endif - -#include -#include - -#include "ct_local.h" - -/* - * XXX public api in OpenSSL 1.1.0 but this is the only thing that uses it. - * so I am stuffing it here for the moment. - */ -static int -BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, - int datalen) -{ - int i, j = 0; - - if (datalen < 1) - return 1; - - for (i = 0; i < datalen - 1; i++) { - if (i && !j) - BIO_printf(out, "%*s", indent, ""); - - BIO_printf(out, "%02X:", data[i]); - - j = (j + 1) % width; - if (!j) - BIO_printf(out, "\n"); - } - - if (i && !j) - BIO_printf(out, "%*s", indent, ""); - BIO_printf(out, "%02X", data[datalen - 1]); - return 1; -} - -static void -SCT_signature_algorithms_print(const SCT *sct, BIO *out) -{ - int nid = SCT_get_signature_nid(sct); - - if (nid == NID_undef) - BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg); - else - BIO_printf(out, "%s", OBJ_nid2ln(nid)); -} - -static void -timestamp_print(uint64_t timestamp, BIO *out) -{ - ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new(); - char genstr[20]; - - if (gen == NULL) - return; - ASN1_GENERALIZEDTIME_adj(gen, (time_t)0, (int)(timestamp / 86400000), - (timestamp % 86400000) / 1000); - /* - * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15 - * characters long with a final Z. Update it with fractional seconds. - */ - snprintf(genstr, sizeof(genstr), "%.14sZ", ASN1_STRING_get0_data(gen)); - if (ASN1_GENERALIZEDTIME_set_string(gen, genstr)) - ASN1_GENERALIZEDTIME_print(out, gen); - ASN1_GENERALIZEDTIME_free(gen); -} - -const char * -SCT_validation_status_string(const SCT *sct) -{ - switch (SCT_get_validation_status(sct)) { - case SCT_VALIDATION_STATUS_NOT_SET: - return "not set"; - case SCT_VALIDATION_STATUS_UNKNOWN_VERSION: - return "unknown version"; - case SCT_VALIDATION_STATUS_UNKNOWN_LOG: - return "unknown log"; - case SCT_VALIDATION_STATUS_UNVERIFIED: - return "unverified"; - case SCT_VALIDATION_STATUS_INVALID: - return "invalid"; - case SCT_VALIDATION_STATUS_VALID: - return "valid"; - } - return "unknown status"; -} -LCRYPTO_ALIAS(SCT_validation_status_string); - -void -SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *log_store) -{ - const CTLOG *log = NULL; - - if (log_store != NULL) { - log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id, - sct->log_id_len); - } - - BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, ""); - BIO_printf(out, "\n%*sVersion : ", indent + 4, ""); - - if (sct->version != SCT_VERSION_V1) { - BIO_printf(out, "unknown\n%*s", indent + 16, ""); - BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len); - return; - } - - BIO_printf(out, "v1 (0x0)"); - - if (log != NULL) { - BIO_printf(out, "\n%*sLog : %s", indent + 4, "", - CTLOG_get0_name(log)); - } - - BIO_printf(out, "\n%*sLog ID : ", indent + 4, ""); - BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len); - - BIO_printf(out, "\n%*sTimestamp : ", indent + 4, ""); - timestamp_print(sct->timestamp, out); - - BIO_printf(out, "\n%*sExtensions: ", indent + 4, ""); - if (sct->ext_len == 0) - BIO_printf(out, "none"); - else - BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len); - - BIO_printf(out, "\n%*sSignature : ", indent + 4, ""); - SCT_signature_algorithms_print(sct, out); - BIO_printf(out, "\n%*s ", indent + 4, ""); - BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len); -} -LCRYPTO_ALIAS(SCT_print); - -void -SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, - const char *separator, const CTLOG_STORE *log_store) -{ - int sct_count = sk_SCT_num(sct_list); - int i; - - for (i = 0; i < sct_count; ++i) { - SCT *sct = sk_SCT_value(sct_list, i); - - SCT_print(sct, out, indent, log_store); - if (i < sk_SCT_num(sct_list) - 1) - BIO_printf(out, "%s", separator); - } -} -LCRYPTO_ALIAS(SCT_LIST_print); diff --git a/src/lib/libcrypto/ct/ct_sct.c b/src/lib/libcrypto/ct/ct_sct.c deleted file mode 100644 index 4b2716e734..0000000000 --- a/src/lib/libcrypto/ct/ct_sct.c +++ /dev/null @@ -1,507 +0,0 @@ -/* $OpenBSD: ct_sct.c,v 1.10 2023/07/22 17:02:49 tb Exp $ */ -/* - * Written by Rob Stradling (rob@comodo.com), Stephen Henson (steve@openssl.org) - * and Adam Eijdenberg (adam.eijdenberg@gmail.com) for the OpenSSL project 2016. - */ -/* ==================================================================== - * Copyright (c) 2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifdef OPENSSL_NO_CT -# error "CT disabled" -#endif - -#include -#include -#include - -#include -#include -#include -#include -#include - -#include "ct_local.h" - -SCT * -SCT_new(void) -{ - SCT *sct = calloc(1, sizeof(*sct)); - - if (sct == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - return NULL; - } - - sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET; - sct->version = SCT_VERSION_NOT_SET; - return sct; -} -LCRYPTO_ALIAS(SCT_new); - -void -SCT_free(SCT *sct) -{ - if (sct == NULL) - return; - - free(sct->log_id); - free(sct->ext); - free(sct->sig); - free(sct->sct); - free(sct); -} -LCRYPTO_ALIAS(SCT_free); - -void -SCT_LIST_free(STACK_OF(SCT) *scts) -{ - sk_SCT_pop_free(scts, SCT_free); -} -LCRYPTO_ALIAS(SCT_LIST_free); - -int -SCT_set_version(SCT *sct, sct_version_t version) -{ - if (version != SCT_VERSION_V1) { - CTerror(CT_R_UNSUPPORTED_VERSION); - return 0; - } - sct->version = version; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - return 1; -} -LCRYPTO_ALIAS(SCT_set_version); - -int -SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type) -{ - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - - switch (entry_type) { - case CT_LOG_ENTRY_TYPE_X509: - case CT_LOG_ENTRY_TYPE_PRECERT: - sct->entry_type = entry_type; - return 1; - case CT_LOG_ENTRY_TYPE_NOT_SET: - break; - } - CTerror(CT_R_UNSUPPORTED_ENTRY_TYPE); - return 0; -} -LCRYPTO_ALIAS(SCT_set_log_entry_type); - -int -SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len) -{ - if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { - CTerror(CT_R_INVALID_LOG_ID_LENGTH); - return 0; - } - - free(sct->log_id); - sct->log_id = log_id; - sct->log_id_len = log_id_len; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - return 1; -} -LCRYPTO_ALIAS(SCT_set0_log_id); - -int -SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len) -{ - if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { - CTerror(CT_R_INVALID_LOG_ID_LENGTH); - return 0; - } - - free(sct->log_id); - sct->log_id = NULL; - sct->log_id_len = 0; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - - if (log_id != NULL && log_id_len > 0) { - sct->log_id = malloc(log_id_len); - if (sct->log_id == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(sct->log_id, log_id, log_id_len); - sct->log_id_len = log_id_len; - } - return 1; -} -LCRYPTO_ALIAS(SCT_set1_log_id); - - -void -SCT_set_timestamp(SCT *sct, uint64_t timestamp) -{ - sct->timestamp = timestamp; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; -} -LCRYPTO_ALIAS(SCT_set_timestamp); - -int -SCT_set_signature_nid(SCT *sct, int nid) -{ - switch (nid) { - case NID_sha256WithRSAEncryption: - sct->hash_alg = 4; /* XXX */ - sct->sig_alg = 1; /* XXX */ - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - return 1; - case NID_ecdsa_with_SHA256: - sct->hash_alg = 4; /* XXX */ - sct->sig_alg = 3; /* XXX */ - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - return 1; - default: - CTerror(CT_R_UNRECOGNIZED_SIGNATURE_NID); - return 0; - } -} -LCRYPTO_ALIAS(SCT_set_signature_nid); - -void -SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len) -{ - free(sct->ext); - sct->ext = ext; - sct->ext_len = ext_len; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; -} -LCRYPTO_ALIAS(SCT_set0_extensions); - -int -SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len) -{ - free(sct->ext); - sct->ext = NULL; - sct->ext_len = 0; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - - if (ext != NULL && ext_len > 0) { - sct->ext = malloc(ext_len); - if (sct->ext == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(sct->ext, ext, ext_len); - sct->ext_len = ext_len; - } - return 1; -} -LCRYPTO_ALIAS(SCT_set1_extensions); - -void -SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len) -{ - free(sct->sig); - sct->sig = sig; - sct->sig_len = sig_len; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; -} -LCRYPTO_ALIAS(SCT_set0_signature); - -int -SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len) -{ - free(sct->sig); - sct->sig = NULL; - sct->sig_len = 0; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - - if (sig != NULL && sig_len > 0) { - sct->sig = malloc(sig_len); - if (sct->sig == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(sct->sig, sig, sig_len); - sct->sig_len = sig_len; - } - return 1; -} -LCRYPTO_ALIAS(SCT_set1_signature); - -sct_version_t -SCT_get_version(const SCT *sct) -{ - return sct->version; -} -LCRYPTO_ALIAS(SCT_get_version); - -ct_log_entry_type_t -SCT_get_log_entry_type(const SCT *sct) -{ - return sct->entry_type; -} -LCRYPTO_ALIAS(SCT_get_log_entry_type); - -size_t -SCT_get0_log_id(const SCT *sct, unsigned char **log_id) -{ - *log_id = sct->log_id; - return sct->log_id_len; -} -LCRYPTO_ALIAS(SCT_get0_log_id); - -uint64_t -SCT_get_timestamp(const SCT *sct) -{ - return sct->timestamp; -} -LCRYPTO_ALIAS(SCT_get_timestamp); - -int -SCT_get_signature_nid(const SCT *sct) -{ - if (sct->version == SCT_VERSION_V1) { - /* XXX sigalg numbers */ - if (sct->hash_alg == 4) { - switch (sct->sig_alg) { - case 3: - return NID_ecdsa_with_SHA256; - case 1: - return NID_sha256WithRSAEncryption; - default: - return NID_undef; - } - } - } - return NID_undef; -} -LCRYPTO_ALIAS(SCT_get_signature_nid); - -size_t -SCT_get0_extensions(const SCT *sct, unsigned char **ext) -{ - *ext = sct->ext; - return sct->ext_len; -} -LCRYPTO_ALIAS(SCT_get0_extensions); - -size_t -SCT_get0_signature(const SCT *sct, unsigned char **sig) -{ - *sig = sct->sig; - return sct->sig_len; -} -LCRYPTO_ALIAS(SCT_get0_signature); - -int -SCT_is_complete(const SCT *sct) -{ - switch (sct->version) { - case SCT_VERSION_NOT_SET: - return 0; - case SCT_VERSION_V1: - return sct->log_id != NULL && SCT_signature_is_complete(sct); - default: - return sct->sct != NULL; /* Just need cached encoding */ - } -} - -int -SCT_signature_is_complete(const SCT *sct) -{ - return SCT_get_signature_nid(sct) != NID_undef && - sct->sig != NULL && sct->sig_len > 0; -} - -sct_source_t -SCT_get_source(const SCT *sct) -{ - return sct->source; -} -LCRYPTO_ALIAS(SCT_get_source); - -int -SCT_set_source(SCT *sct, sct_source_t source) -{ - sct->source = source; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - switch (source) { - case SCT_SOURCE_TLS_EXTENSION: - case SCT_SOURCE_OCSP_STAPLED_RESPONSE: - return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509); - case SCT_SOURCE_X509V3_EXTENSION: - return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT); - case SCT_SOURCE_UNKNOWN: - break; - } - /* if we aren't sure, leave the log entry type alone */ - return 1; -} -LCRYPTO_ALIAS(SCT_set_source); - -sct_validation_status_t -SCT_get_validation_status(const SCT *sct) -{ - return sct->validation_status; -} -LCRYPTO_ALIAS(SCT_get_validation_status); - -int -SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx) -{ - int is_sct_valid = -1; - SCT_CTX *sctx = NULL; - X509_PUBKEY *pub = NULL, *log_pkey = NULL; - const CTLOG *log; - - /* - * With an unrecognized SCT version we don't know what such an SCT means, - * let alone validate one. So we return validation failure (0). - */ - if (sct->version != SCT_VERSION_V1) { - sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION; - return 0; - } - - log = CTLOG_STORE_get0_log_by_id(ctx->log_store, sct->log_id, - sct->log_id_len); - - /* Similarly, an SCT from an unknown log also cannot be validated. */ - if (log == NULL) { - sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG; - return 0; - } - - sctx = SCT_CTX_new(); - if (sctx == NULL) - goto err; - - if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1) - goto err; - if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1) - goto err; - - if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) { - EVP_PKEY *issuer_pkey; - - if (ctx->issuer == NULL) { - sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED; - goto end; - } - - if ((issuer_pkey = X509_get0_pubkey(ctx->issuer)) == NULL) - goto err; - - if (X509_PUBKEY_set(&pub, issuer_pkey) != 1) - goto err; - if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1) - goto err; - } - - SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms); - - /* - * XXX: Potential for optimization. This repeats some idempotent heavy - * lifting on the certificate for each candidate SCT, and appears to not - * use any information in the SCT itself, only the certificate is - * processed. So it may make more sense to to do this just once, perhaps - * associated with the shared (by all SCTs) policy eval ctx. - * - * XXX: Failure here is global (SCT independent) and represents either an - * issue with the certificate (e.g. duplicate extensions) or an out of - * memory condition. When the certificate is incompatible with CT, we just - * mark the SCTs invalid, rather than report a failure to determine the - * validation status. That way, callbacks that want to do "soft" SCT - * processing will not abort handshakes with false positive internal - * errors. Since the function does not distinguish between certificate - * issues (peer's fault) and internal problems (out fault) the safe thing - * to do is to report a validation failure and let the callback or - * application decide what to do. - */ - if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1) - sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED; - else - sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ? - SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID; - - end: - is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID; - err: - X509_PUBKEY_free(pub); - X509_PUBKEY_free(log_pkey); - SCT_CTX_free(sctx); - - return is_sct_valid; -} -LCRYPTO_ALIAS(SCT_validate); - -int -SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx) -{ - int are_scts_valid = 1; - int sct_count = scts != NULL ? sk_SCT_num(scts) : 0; - int i; - - for (i = 0; i < sct_count; ++i) { - int is_sct_valid = -1; - SCT *sct = sk_SCT_value(scts, i); - - if (sct == NULL) - continue; - - is_sct_valid = SCT_validate(sct, ctx); - if (is_sct_valid < 0) - return is_sct_valid; - are_scts_valid &= is_sct_valid; - } - - return are_scts_valid; -} -LCRYPTO_ALIAS(SCT_LIST_validate); diff --git a/src/lib/libcrypto/ct/ct_sct_ctx.c b/src/lib/libcrypto/ct/ct_sct_ctx.c deleted file mode 100644 index b2b6d4e269..0000000000 --- a/src/lib/libcrypto/ct/ct_sct_ctx.c +++ /dev/null @@ -1,323 +0,0 @@ -/* $OpenBSD: ct_sct_ctx.c,v 1.6 2022/06/30 11:14:47 tb Exp $ */ -/* - * Written by Rob Stradling (rob@comodo.com) and Stephen Henson - * (steve@openssl.org) for the OpenSSL project 2014. - */ -/* ==================================================================== - * Copyright (c) 2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifdef OPENSSL_NO_CT -# error "CT is disabled" -#endif - -#include -#include - -#include -#include -#include - -#include "ct_local.h" - -SCT_CTX * -SCT_CTX_new(void) -{ - SCT_CTX *sctx = calloc(1, sizeof(*sctx)); - - if (sctx == NULL) - CTerror(ERR_R_MALLOC_FAILURE); - - return sctx; -} - -void -SCT_CTX_free(SCT_CTX *sctx) -{ - if (sctx == NULL) - return; - EVP_PKEY_free(sctx->pkey); - free(sctx->pkeyhash); - free(sctx->ihash); - free(sctx->certder); - free(sctx->preder); - free(sctx); -} - -/* - * Finds the index of the first extension with the given NID in cert. - * If there is more than one extension with that NID, *is_duplicated is set to - * 1, otherwise 0 (unless it is NULL). - */ -static int -ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) -{ - int ret = X509_get_ext_by_NID(cert, nid, -1); - - if (is_duplicated != NULL) - *is_duplicated = ret >= 0 && - X509_get_ext_by_NID(cert, nid, ret) >= 0; - - return ret; -} - -/* - * Modifies a certificate by deleting extensions and copying the issuer and - * AKID from the presigner certificate, if necessary. - * Returns 1 on success, 0 otherwise. - */ -static int -ct_x509_cert_fixup(X509 *cert, X509 *presigner) -{ - int preidx, certidx; - int pre_akid_ext_is_dup, cert_akid_ext_is_dup; - - if (presigner == NULL) - return 1; - - preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier, - &pre_akid_ext_is_dup); - certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, - &cert_akid_ext_is_dup); - - /* An error occurred whilst searching for the extension */ - if (preidx < -1 || certidx < -1) - return 0; - /* Invalid certificate if they contain duplicate extensions */ - if (pre_akid_ext_is_dup || cert_akid_ext_is_dup) - return 0; - /* AKID must be present in both certificate or absent in both */ - if (preidx >= 0 && certidx == -1) - return 0; - if (preidx == -1 && certidx >= 0) - return 0; - /* Copy issuer name */ - if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner))) - return 0; - if (preidx != -1) { - /* Retrieve and copy AKID encoding */ - X509_EXTENSION *preext = X509_get_ext(presigner, preidx); - X509_EXTENSION *certext = X509_get_ext(cert, certidx); - ASN1_OCTET_STRING *preextdata; - - /* Should never happen */ - if (preext == NULL || certext == NULL) - return 0; - preextdata = X509_EXTENSION_get_data(preext); - if (preextdata == NULL || - !X509_EXTENSION_set_data(certext, preextdata)) - return 0; - } - return 1; -} - -int -SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) -{ - unsigned char *certder = NULL, *preder = NULL; - X509 *pretmp = NULL; - int certderlen = 0, prederlen = 0; - int idx = -1; - int poison_ext_is_dup, sct_ext_is_dup; - int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup); - - /* Duplicate poison extensions are present - error */ - if (poison_ext_is_dup) - goto err; - - /* If *cert doesn't have a poison extension, it isn't a precert */ - if (poison_idx == -1) { - /* cert isn't a precert, so we shouldn't have a presigner */ - if (presigner != NULL) - goto err; - - certderlen = i2d_X509(cert, &certder); - if (certderlen < 0) - goto err; - } - - /* See if cert has a precert SCTs extension */ - idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup); - /* Duplicate SCT extensions are present - error */ - if (sct_ext_is_dup) - goto err; - - if (idx >= 0 && poison_idx >= 0) { - /* - * cert can't both contain SCTs (i.e. have an SCT extension) and be a - * precert (i.e. have a poison extension). - */ - goto err; - } - - if (idx == -1) { - idx = poison_idx; - } - - /* - * If either a poison or SCT extension is present, remove it before encoding - * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see - * RFC5280) from cert, which is what the CT log signed when it produced the - * SCT. - */ - if (idx >= 0) { - X509_EXTENSION *ext; - - /* Take a copy of certificate so we don't modify passed version */ - pretmp = X509_dup(cert); - if (pretmp == NULL) - goto err; - - ext = X509_delete_ext(pretmp, idx); - X509_EXTENSION_free(ext); - - if (!ct_x509_cert_fixup(pretmp, presigner)) - goto err; - - prederlen = i2d_re_X509_tbs(pretmp, &preder); - if (prederlen <= 0) - goto err; - } - - X509_free(pretmp); - - free(sctx->certder); - sctx->certder = certder; - sctx->certderlen = certderlen; - - free(sctx->preder); - sctx->preder = preder; - sctx->prederlen = prederlen; - - return 1; - err: - free(certder); - free(preder); - X509_free(pretmp); - return 0; -} - -static int -ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, size_t *hash_len) -{ - int ret = 0; - unsigned char *md = NULL, *der = NULL; - int der_len; - unsigned int md_len; - - /* Reuse buffer if possible */ - if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) { - md = *hash; - } else { - md = malloc(SHA256_DIGEST_LENGTH); - if (md == NULL) - goto err; - } - - /* Calculate key hash */ - der_len = i2d_X509_PUBKEY(pkey, &der); - if (der_len <= 0) - goto err; - - if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL)) - goto err; - - if (md != *hash) { - free(*hash); - *hash = md; - *hash_len = SHA256_DIGEST_LENGTH; - } - - md = NULL; - ret = 1; - err: - free(md); - free(der); - return ret; -} - -int -SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer) -{ - return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer)); -} - -int -SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) -{ - return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen); -} - -int -SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) -{ - EVP_PKEY *pkey = X509_PUBKEY_get(pubkey); - - if (pkey == NULL) - return 0; - - if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) { - EVP_PKEY_free(pkey); - return 0; - } - - EVP_PKEY_free(sctx->pkey); - sctx->pkey = pkey; - return 1; -} - -void -SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms) -{ - sctx->epoch_time_in_ms = time_in_ms; -} diff --git a/src/lib/libcrypto/ct/ct_vfy.c b/src/lib/libcrypto/ct/ct_vfy.c deleted file mode 100644 index 424117263a..0000000000 --- a/src/lib/libcrypto/ct/ct_vfy.c +++ /dev/null @@ -1,195 +0,0 @@ -/* $OpenBSD: ct_vfy.c,v 1.6 2022/01/06 14:34:40 jsing Exp $ */ -/* - * Written by Rob Stradling (rob@comodo.com) and Stephen Henson - * (steve@openssl.org) for the OpenSSL project 2014. - */ -/* ==================================================================== - * Copyright (c) 2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include - -#include -#include -#include -#include - -#include "ct_local.h" - -typedef enum sct_signature_type_t { - SIGNATURE_TYPE_NOT_SET = -1, - SIGNATURE_TYPE_CERT_TIMESTAMP, - SIGNATURE_TYPE_TREE_HASH -} SCT_SIGNATURE_TYPE; - -/* - * Update encoding for SCT signature verification/generation to supplied - * EVP_MD_CTX. - */ -static int -sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct) -{ - CBB cbb, entry, extensions; - uint8_t *data = NULL; - size_t data_len; - int ret = 0; - - memset(&cbb, 0, sizeof(cbb)); - - if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET) - goto err; - if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL) - goto err; - - if (!CBB_init(&cbb, 0)) - goto err; - - /* - * Build the digitally-signed struct per RFC 6962 section 3.2. - */ - if (!CBB_add_u8(&cbb, sct->version)) - goto err; - if (!CBB_add_u8(&cbb, SIGNATURE_TYPE_CERT_TIMESTAMP)) - goto err; - if (!CBB_add_u64(&cbb, sct->timestamp)) - goto err; - if (!CBB_add_u16(&cbb, sct->entry_type)) - goto err; - - if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) { - if (!CBB_add_bytes(&cbb, sctx->ihash, sctx->ihashlen)) - goto err; - } - - if (!CBB_add_u24_length_prefixed(&cbb, &entry)) - goto err; - if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) { - if (sctx->preder == NULL) - goto err; - if (!CBB_add_bytes(&entry, sctx->preder, sctx->prederlen)) - goto err; - } else { - if (sctx->certder == NULL) - goto err; - if (!CBB_add_bytes(&entry, sctx->certder, sctx->certderlen)) - goto err; - } - - if (!CBB_add_u16_length_prefixed(&cbb, &extensions)) - goto err; - if (sct->ext_len > 0) { - if (!CBB_add_bytes(&extensions, sct->ext, sct->ext_len)) - goto err; - } - - if (!CBB_finish(&cbb, &data, &data_len)) - goto err; - - if (!EVP_DigestUpdate(ctx, data, data_len)) - goto err; - - ret = 1; - - err: - CBB_cleanup(&cbb); - free(data); - - return ret; -} - -int -SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct) -{ - EVP_MD_CTX *ctx = NULL; - int ret = 0; - - if (!SCT_is_complete(sct) || sctx->pkey == NULL || - sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET || - (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && - sctx->ihash == NULL)) { - CTerror(CT_R_SCT_NOT_SET); - return 0; - } - if (sct->version != SCT_VERSION_V1) { - CTerror(CT_R_SCT_UNSUPPORTED_VERSION); - return 0; - } - if (sct->log_id_len != sctx->pkeyhashlen || - memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) { - CTerror(CT_R_SCT_LOG_ID_MISMATCH); - return 0; - } - if (sct->timestamp > sctx->epoch_time_in_ms) { - CTerror(CT_R_SCT_FUTURE_TIMESTAMP); - return 0; - } - - if ((ctx = EVP_MD_CTX_new()) == NULL) - goto end; - - if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey)) - goto end; - - if (!sct_ctx_update(ctx, sctx, sct)) - goto end; - - /* Verify signature */ - /* If ret < 0 some other error: fall through without setting error */ - if ((ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len)) == 0) - CTerror(CT_R_SCT_INVALID_SIGNATURE); - - end: - EVP_MD_CTX_free(ctx); - - return ret; -} diff --git a/src/lib/libcrypto/ct/ct_x509v3.c b/src/lib/libcrypto/ct/ct_x509v3.c deleted file mode 100644 index b14ffc9532..0000000000 --- a/src/lib/libcrypto/ct/ct_x509v3.c +++ /dev/null @@ -1,201 +0,0 @@ -/* $OpenBSD: ct_x509v3.c,v 1.7 2024/07/13 15:08:58 tb Exp $ */ -/* - * Written by Rob Stradling (rob@comodo.com) and Stephen Henson - * (steve@openssl.org) for the OpenSSL project 2014. - */ -/* ==================================================================== - * Copyright (c) 2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifdef OPENSSL_NO_CT -# error "CT is disabled" -#endif - -#include - -#include "ct_local.h" - -static char * -i2s_poison(const X509V3_EXT_METHOD *method, void *val) -{ - return strdup("NULL"); -} - -static void * -s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) -{ - return ASN1_NULL_new(); -} - -static int -i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, BIO *out, - int indent) -{ - SCT_LIST_print(sct_list, out, indent, "\n", NULL); - return 1; -} - -static int -set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source) -{ - if (s != NULL) { - int i; - - for (i = 0; i < sk_SCT_num(s); i++) { - int res = SCT_set_source(sk_SCT_value(s, i), source); - - if (res != 1) { - return 0; - } - } - } - return 1; -} - -static STACK_OF(SCT) * -x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) -{ - STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); - - if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) { - SCT_LIST_free(s); - *a = NULL; - return NULL; - } - return s; -} - -static STACK_OF(SCT) * -ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) -{ - STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); - - if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) { - SCT_LIST_free(s); - *a = NULL; - return NULL; - } - return s; -} - -/* X509v3 extension in certificates that contains SCTs */ -static const X509V3_EXT_METHOD x509v3_ext_ct_precert_scts = { - .ext_nid = NID_ct_precert_scts, - .ext_flags = 0, - .it = NULL, - .ext_new = NULL, - .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, - .d2i = (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, - .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, - .i2s = NULL, - .s2i = NULL, - .i2v = NULL, - .v2i = NULL, - .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, - .r2i = NULL, - .usr_data = NULL, -}; - -const X509V3_EXT_METHOD * -x509v3_ext_method_ct_precert_scts(void) -{ - return &x509v3_ext_ct_precert_scts; -} - -/* X509v3 extension to mark a certificate as a pre-certificate */ -static const X509V3_EXT_METHOD x509v3_ext_ct_precert_poison = { - .ext_nid = NID_ct_precert_poison, - .ext_flags = 0, - .it = &ASN1_NULL_it, - .ext_new = NULL, - .ext_free = NULL, - .d2i = NULL, - .i2d = NULL, - .i2s = i2s_poison, - .s2i = s2i_poison, - .i2v = NULL, - .v2i = NULL, - .i2r = NULL, - .r2i = NULL, - .usr_data = NULL, -}; - -const X509V3_EXT_METHOD * -x509v3_ext_method_ct_precert_poison(void) -{ - return &x509v3_ext_ct_precert_poison; -} - -/* OCSP extension that contains SCTs */ -static const X509V3_EXT_METHOD x509v3_ext_ct_cert_scts = { - .ext_nid = NID_ct_cert_scts, - .ext_flags = 0, - .it = NULL, - .ext_new = NULL, - .ext_free = (X509V3_EXT_FREE)SCT_LIST_free, - .d2i = (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, - .i2d = (X509V3_EXT_I2D)i2d_SCT_LIST, - .i2s = NULL, - .s2i = NULL, - .i2v = NULL, - .v2i = NULL, - .i2r = (X509V3_EXT_I2R)i2r_SCT_LIST, - .r2i = NULL, - .usr_data = NULL, -}; - -const X509V3_EXT_METHOD * -x509v3_ext_method_ct_cert_scts(void) -{ - return &x509v3_ext_ct_cert_scts; -} -- cgit v1.2.3-55-g6feb