xref: /openbsd/lib/libcrypto/ct/ct_x509v3.c (revision 73471bf0) 
1 /*	$OpenBSD: ct_x509v3.c,v 1.4 2021/12/05 09:37:46 tb Exp $ */
2 /*
3  * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4  *
5  * Licensed under the OpenSSL license (the "License").  You may not use
6  * this file except in compliance with the License.  You can obtain a copy
7  * in the file LICENSE in the source distribution or at
8  * https://www.openssl.org/source/license.html
9  */
10 
11 #ifdef OPENSSL_NO_CT
12 # error "CT is disabled"
13 #endif
14 
15 #include <string.h>
16 
17 #include "ct_local.h"
18 
19 static char *
20 i2s_poison(const X509V3_EXT_METHOD *method, void *val)
21 {
22 	return strdup("NULL");
23 }
24 
25 static void *
26 s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
27 {
28 	return ASN1_NULL_new();
29 }
30 
31 static int
32 i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, BIO *out,
33     int indent)
34 {
35 	SCT_LIST_print(sct_list, out, indent, "\n", NULL);
36 	return 1;
37 }
38 
39 static int
40 set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
41 {
42 	if (s != NULL) {
43 		int i;
44 
45 		for (i = 0; i < sk_SCT_num(s); i++) {
46 			int res = SCT_set_source(sk_SCT_value(s, i), source);
47 
48 			if (res != 1) {
49 				return 0;
50 			}
51 		}
52 	}
53 	return 1;
54 }
55 
56 static STACK_OF(SCT) *
57 x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
58 {
59 	STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
60 
61 	if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
62 		SCT_LIST_free(s);
63 		*a = NULL;
64 		return NULL;
65 	}
66 	return s;
67 }
68 
69 static STACK_OF(SCT) *
70 ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
71 {
72 	STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
73 
74 	if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
75 		SCT_LIST_free(s);
76 		*a = NULL;
77 		return NULL;
78 	}
79 	return s;
80 }
81 
82 /* Handlers for X509v3/OCSP Certificate Transparency extensions */
83 const X509V3_EXT_METHOD v3_ct_scts[3] = {
84 	/* X509v3 extension in certificates that contains SCTs */
85 	{ NID_ct_precert_scts, 0, NULL,
86 	  NULL, (X509V3_EXT_FREE)SCT_LIST_free,
87 	  (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
88 	  NULL, NULL,
89 	  NULL, NULL,
90 	  (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
91 	  NULL },
92 
93 	/* X509v3 extension to mark a certificate as a pre-certificate */
94 	{ NID_ct_precert_poison, 0, &ASN1_NULL_it,
95 	  NULL, NULL, NULL, NULL,
96 	  i2s_poison, s2i_poison,
97 	  NULL, NULL,
98 	  NULL, NULL,
99 	  NULL },
100 
101 	/* OCSP extension that contains SCTs */
102 	{ NID_ct_cert_scts, 0, NULL,
103 	  0, (X509V3_EXT_FREE)SCT_LIST_free,
104 	  (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
105 	  NULL, NULL,
106 	  NULL, NULL,
107 	  (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
108 	  NULL },
109 };
110