[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Mon May 22 12:12:17 UTC 2017
The branch master has been updated
via 2b10cb5c0e21bce283f4c73477d97f6bd8b4a7ec (commit)
via b1a3030e3705f497a69ab72be433bdbe85affe6a (commit)
via c9cf4bc815e08ee53e84da4b4c8300dad1d4d178 (commit)
via 2d8e9dbd2c62f29f777dd3002a39419d45a891dd (commit)
via 8dcb87fdbaba2be3e75fdaf16382c827165d2af5 (commit)
via 8368a3abb8a2f5d1bde3ba891b4ce2b082e4f512 (commit)
via 3a490bbb1c9355bc0fefc50742ecc056d84332c1 (commit)
from e2580e70d5c644c5dadd33ffa8bb23223959b87a (commit)
- Log -----------------------------------------------------------------
commit 2b10cb5c0e21bce283f4c73477d97f6bd8b4a7ec
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date: Thu Apr 20 18:47:53 2017 -0400
Fixed merge nonsense
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
commit b1a3030e3705f497a69ab72be433bdbe85affe6a
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date: Mon Apr 10 17:11:01 2017 -0400
Newlines!
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
commit c9cf4bc815e08ee53e84da4b4c8300dad1d4d178
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date: Sat Apr 8 09:33:17 2017 -0400
Update the test to assert that the SCT is from an X.509 extension
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
commit 2d8e9dbd2c62f29f777dd3002a39419d45a891dd
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date: Sat Apr 8 09:21:19 2017 -0400
Style fixes and use the source parameter so the OCSP path works
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
commit 8dcb87fdbaba2be3e75fdaf16382c827165d2af5
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date: Fri Apr 7 20:58:50 2017 -0400
This is an int
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
commit 8368a3abb8a2f5d1bde3ba891b4ce2b082e4f512
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date: Fri Apr 7 20:56:12 2017 -0400
Don't use a for-loop decleration
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
commit 3a490bbb1c9355bc0fefc50742ecc056d84332c1
Author: Alex Gaynor <alex.gaynor at gmail.com>
Date: Fri Apr 7 20:49:27 2017 -0400
Fixed #3020 -- set entry type on SCTs from X.509 and OCSP extensions
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
-----------------------------------------------------------------------
Summary of changes:
crypto/ct/ct_x509v3.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++--
test/ct_test.c | 17 ++++++++---------
2 files changed, 54 insertions(+), 11 deletions(-)
diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c
index 805ada0..ec186d1 100644
--- a/crypto/ct/ct_x509v3.c
+++ b/crypto/ct/ct_x509v3.c
@@ -30,12 +30,56 @@ static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
return 1;
}
+static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
+{
+ if (s != NULL) {
+ int i;
+
+ for (i = 0; i < sk_SCT_num(s); i++) {
+ int res = SCT_set_source(sk_SCT_value(s, i), source);
+
+ if (res != 1) {
+ return 0;
+ }
+ }
+ }
+ return 1;
+}
+
+static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+ const unsigned char **pp,
+ long len)
+{
+ STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+ if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
+ SCT_LIST_free(s);
+ *a = NULL;
+ return NULL;
+ }
+ return s;
+}
+
+static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+ const unsigned char **pp,
+ long len)
+{
+ STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+ if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
+ SCT_LIST_free(s);
+ *a = NULL;
+ return NULL;
+ }
+ return s;
+}
+
/* Handlers for X509v3/OCSP Certificate Transparency extensions */
const X509V3_EXT_METHOD v3_ct_scts[3] = {
/* X509v3 extension in certificates that contains SCTs */
{ NID_ct_precert_scts, 0, NULL,
NULL, (X509V3_EXT_FREE)SCT_LIST_free,
- (X509V3_EXT_D2I)d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+ (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
NULL, NULL,
NULL, NULL,
(X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
@@ -52,7 +96,7 @@ const X509V3_EXT_METHOD v3_ct_scts[3] = {
/* OCSP extension that contains SCTs */
{ NID_ct_cert_scts, 0, NULL,
0, (X509V3_EXT_FREE)SCT_LIST_free,
- (X509V3_EXT_D2I)d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+ (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
NULL, NULL,
NULL, NULL,
(X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
diff --git a/test/ct_test.c b/test/ct_test.c
index 583db44..6b36a43 100644
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -262,6 +262,7 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
if (fixture.certificate_file != NULL) {
int sct_extension_index;
+ int i;
X509_EXTENSION *sct_extension = NULL;
if (!TEST_ptr(cert = load_pem_cert(fixture.certs_dir,
@@ -289,18 +290,16 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
expected_sct_text))
goto end;
- if (fixture.test_validity) {
- int i;
-
- scts = X509V3_EXT_d2i(sct_extension);
- for (i = 0; i < sk_SCT_num(scts); ++i) {
- SCT *sct_i = sk_SCT_value(scts, i);
+ scts = X509V3_EXT_d2i(sct_extension);
+ for (i = 0; i < sk_SCT_num(scts); ++i) {
+ SCT *sct_i = sk_SCT_value(scts, i);
- if (!TEST_true(SCT_set_source(sct_i,
- SCT_SOURCE_X509V3_EXTENSION)))
- goto end;
+ if (!TEST_int_eq(SCT_get_source(sct_i), SCT_SOURCE_X509V3_EXTENSION)) {
+ goto end;
}
+ }
+ if (fixture.test_validity) {
if (!assert_validity(fixture, scts, ct_policy_ctx))
goto end;
}
More information about the openssl-commits
mailing list