1/* 2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10#ifdef OPENSSL_NO_CT 11# error "CT is disabled" 12#endif 13 14#include "ct_local.h" 15 16static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val) 17{ 18 return OPENSSL_strdup("NULL"); 19} 20 21static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) 22{ 23 return ASN1_NULL_new(); 24} 25 26static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, 27 BIO *out, int indent) 28{ 29 SCT_LIST_print(sct_list, out, indent, "\n", NULL); 30 return 1; 31} 32 33static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source) 34{ 35 if (s != NULL) { 36 int i; 37 38 for (i = 0; i < sk_SCT_num(s); i++) { 39 int res = SCT_set_source(sk_SCT_value(s, i), source); 40 41 if (res != 1) { 42 return 0; 43 } 44 } 45 } 46 return 1; 47} 48 49static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, 50 const unsigned char **pp, 51 long len) 52{ 53 STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); 54 55 if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) { 56 SCT_LIST_free(s); 57 *a = NULL; 58 return NULL; 59 } 60 return s; 61} 62 63static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, 64 const unsigned char **pp, 65 long len) 66{ 67 STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); 68 69 if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) { 70 SCT_LIST_free(s); 71 *a = NULL; 72 return NULL; 73 } 74 return s; 75} 76 77/* Handlers for X509v3/OCSP Certificate Transparency extensions */ 78const X509V3_EXT_METHOD v3_ct_scts[3] = { 79 /* X509v3 extension in certificates that contains SCTs */ 80 { NID_ct_precert_scts, 0, NULL, 81 NULL, (X509V3_EXT_FREE)SCT_LIST_free, 82 (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST, 83 NULL, NULL, 84 NULL, NULL, 85 (X509V3_EXT_I2R)i2r_SCT_LIST, NULL, 86 NULL }, 87 88 /* X509v3 extension to mark a certificate as a pre-certificate */ 89 { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL), 90 NULL, NULL, NULL, NULL, 91 i2s_poison, s2i_poison, 92 NULL, NULL, 93 NULL, NULL, 94 NULL }, 95 96 /* OCSP extension that contains SCTs */ 97 { NID_ct_cert_scts, 0, NULL, 98 0, (X509V3_EXT_FREE)SCT_LIST_free, 99 (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST, 100 NULL, NULL, 101 NULL, NULL, 102 (X509V3_EXT_I2R)i2r_SCT_LIST, NULL, 103 NULL }, 104}; 105