[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Mon May 22 12:12:17 UTC 2017


The branch master has been updated
       via  2b10cb5c0e21bce283f4c73477d97f6bd8b4a7ec (commit)
       via  b1a3030e3705f497a69ab72be433bdbe85affe6a (commit)
       via  c9cf4bc815e08ee53e84da4b4c8300dad1d4d178 (commit)
       via  2d8e9dbd2c62f29f777dd3002a39419d45a891dd (commit)
       via  8dcb87fdbaba2be3e75fdaf16382c827165d2af5 (commit)
       via  8368a3abb8a2f5d1bde3ba891b4ce2b082e4f512 (commit)
       via  3a490bbb1c9355bc0fefc50742ecc056d84332c1 (commit)
      from  e2580e70d5c644c5dadd33ffa8bb23223959b87a (commit)


- Log -----------------------------------------------------------------
commit 2b10cb5c0e21bce283f4c73477d97f6bd8b4a7ec
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date:   Thu Apr 20 18:47:53 2017 -0400

    Fixed merge nonsense
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3149)

commit b1a3030e3705f497a69ab72be433bdbe85affe6a
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date:   Mon Apr 10 17:11:01 2017 -0400

    Newlines!
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3149)

commit c9cf4bc815e08ee53e84da4b4c8300dad1d4d178
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date:   Sat Apr 8 09:33:17 2017 -0400

    Update the test to assert that the SCT is from an X.509 extension
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3149)

commit 2d8e9dbd2c62f29f777dd3002a39419d45a891dd
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date:   Sat Apr 8 09:21:19 2017 -0400

    Style fixes and use the source parameter so the OCSP path works
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3149)

commit 8dcb87fdbaba2be3e75fdaf16382c827165d2af5
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date:   Fri Apr 7 20:58:50 2017 -0400

    This is an int
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3149)

commit 8368a3abb8a2f5d1bde3ba891b4ce2b082e4f512
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date:   Fri Apr 7 20:56:12 2017 -0400

    Don't use a for-loop decleration
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3149)

commit 3a490bbb1c9355bc0fefc50742ecc056d84332c1
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date:   Fri Apr 7 20:49:27 2017 -0400

    Fixed #3020 -- set entry type on SCTs from X.509 and OCSP extensions
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3149)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ct/ct_x509v3.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++--
 test/ct_test.c        | 17 ++++++++---------
 2 files changed, 54 insertions(+), 11 deletions(-)

diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c
index 805ada0..ec186d1 100644
--- a/crypto/ct/ct_x509v3.c
+++ b/crypto/ct/ct_x509v3.c
@@ -30,12 +30,56 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
     return 1;
 }
 
+static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
+{
+    if (s != NULL) {
+        int i;
+
+        for (i = 0; i < sk_SCT_num(s); i++) {
+            int res = SCT_set_source(sk_SCT_value(s, i), source);
+
+            if (res != 1) {
+                return 0;
+            }
+        }
+    }
+    return 1;
+}
+
+static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+     STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+     if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
+         SCT_LIST_free(s);
+         *a = NULL;
+         return NULL;
+     }
+     return s;
+}
+
+static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+    STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+    if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
+        SCT_LIST_free(s);
+        *a = NULL;
+        return NULL;
+    }
+    return s;
+}
+
 /* Handlers for X509v3/OCSP Certificate Transparency extensions */
 const X509V3_EXT_METHOD v3_ct_scts[3] = {
     /* X509v3 extension in certificates that contains SCTs */
     { NID_ct_precert_scts, 0, NULL,
     NULL, (X509V3_EXT_FREE)SCT_LIST_free,
-    (X509V3_EXT_D2I)d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
     NULL, NULL,
     NULL, NULL,
     (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
@@ -52,7 +96,7 @@ const X509V3_EXT_METHOD v3_ct_scts[3] = {
     /* OCSP extension that contains SCTs */
     { NID_ct_cert_scts, 0, NULL,
     0, (X509V3_EXT_FREE)SCT_LIST_free,
-    (X509V3_EXT_D2I)d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
     NULL, NULL,
     NULL, NULL,
     (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
diff --git a/test/ct_test.c b/test/ct_test.c
index 583db44..6b36a43 100644
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -262,6 +262,7 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
 
     if (fixture.certificate_file != NULL) {
         int sct_extension_index;
+        int i;
         X509_EXTENSION *sct_extension = NULL;
 
         if (!TEST_ptr(cert = load_pem_cert(fixture.certs_dir,
@@ -289,18 +290,16 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
                                                expected_sct_text))
                     goto end;
 
-            if (fixture.test_validity) {
-                int i;
-
-                scts = X509V3_EXT_d2i(sct_extension);
-                for (i = 0; i < sk_SCT_num(scts); ++i) {
-                    SCT *sct_i = sk_SCT_value(scts, i);
+            scts = X509V3_EXT_d2i(sct_extension);
+            for (i = 0; i < sk_SCT_num(scts); ++i) {
+                SCT *sct_i = sk_SCT_value(scts, i);
 
-                    if (!TEST_true(SCT_set_source(sct_i,
-                                                  SCT_SOURCE_X509V3_EXTENSION)))
-                        goto end;
+                if (!TEST_int_eq(SCT_get_source(sct_i), SCT_SOURCE_X509V3_EXTENSION)) {
+                    goto end;
                 }
+            }
 
+            if (fixture.test_validity) {
                 if (!assert_validity(fixture, scts, ct_policy_ctx))
                     goto end;
             }


More information about the openssl-commits mailing list