Improves CTLOG_STORE setters (a1bb7708) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

crypto/ct/ct_policy.c

+10 −6

Original line number	Diff line number	Diff line
		@@ -30,20 +30,24 @@ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)

		void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
		{
		X509_free(ctx->cert);
		X509_free(ctx->issuer);
		OPENSSL_free(ctx);
		}

		void CT_POLICY_EVAL_CTX_set0_cert(CT_POLICY_EVAL_CTX ctx, X509 cert)
		void CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX ctx, X509 cert)
		{
		if (X509_up_ref(cert))
		ctx->cert = cert;
		}

		void CT_POLICY_EVAL_CTX_set0_issuer(CT_POLICY_EVAL_CTX ctx, X509 issuer)
		void CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX ctx, X509 issuer)
		{
		if (X509_up_ref(issuer))
		ctx->issuer = issuer;
		}

		void CT_POLICY_EVAL_CTX_set0_log_store(CT_POLICY_EVAL_CTX *ctx,
		void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
		CTLOG_STORE *log_store)
		{
		ctx->log_store = log_store;

include/openssl/ct.h

+6 −6

Original line number	Diff line number	Diff line
		@@ -64,26 +64,26 @@ DEFINE_STACK_OF(CTLOG)
		/* Creates a new, empty policy evaluation context */
		CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);

		/* Deletes a policy evaluation context */
		/* Deletes a policy evaluation context and anything it owns. */
		void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);

		/* Gets the peer certificate that the SCTs are for */
		X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);

		/* Sets the certificate associated with the received SCTs */
		void CT_POLICY_EVAL_CTX_set0_cert(CT_POLICY_EVAL_CTX ctx, X509 cert);
		void CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX ctx, X509 cert);

		/* Gets the issuer of the aforementioned certificate */
		X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);

		/* Sets the issuer of the certificate associated with the received SCTs */
		void CT_POLICY_EVAL_CTX_set0_issuer(CT_POLICY_EVAL_CTX ctx, X509 issuer);
		void CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX ctx, X509 issuer);

		/* Gets the CT logs that are trusted sources of SCTs */
		const CTLOG_STORE CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX ctx);

		/* Sets the log store that is in use */
		void CT_POLICY_EVAL_CTX_set0_log_store(CT_POLICY_EVAL_CTX *ctx,
		/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */
		void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
		CTLOG_STORE *log_store);

		/*****************

ssl/ssl_lib.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -4171,9 +4171,9 @@ int ssl_validate_ct(SSL *s)
		}

		issuer = sk_X509_value(s->verified_chain, 1);
		CT_POLICY_EVAL_CTX_set0_cert(ctx, cert);
		CT_POLICY_EVAL_CTX_set0_issuer(ctx, issuer);
		CT_POLICY_EVAL_CTX_set0_log_store(ctx, s->ctx->ctlog_store);
		CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
		CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
		CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);

		scts = SSL_get0_peer_scts(s);

test/ct_test.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -294,7 +294,8 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
		expected_sct_text[sct_text_len] = '\0';
		}

		CT_POLICY_EVAL_CTX_set0_log_store(ct_policy_ctx, fixture.ctlog_store);
		CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(
		ct_policy_ctx, fixture.ctlog_store);

		if (fixture.certificate_file != NULL) {
		int sct_extension_index;
		@@ -307,7 +308,7 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
		goto end;
		}

		CT_POLICY_EVAL_CTX_set0_cert(ct_policy_ctx, cert);
		CT_POLICY_EVAL_CTX_set1_cert(ct_policy_ctx, cert);

		if (fixture.issuer_file != NULL) {
		issuer = load_pem_cert(fixture.certs_dir, fixture.issuer_file);
		@@ -318,7 +319,7 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture)
		goto end;
		}

		CT_POLICY_EVAL_CTX_set0_issuer(ct_policy_ctx, issuer);
		CT_POLICY_EVAL_CTX_set1_issuer(ct_policy_ctx, issuer);
		}

		sct_extension_index =

util/libcrypto.num

+6 −3

Original line number	Diff line number	Diff line
		@@ -291,7 +291,7 @@ CRYPTO_gcm128_setiv 291 1_1_0 EXIST::FUNCTION:
		ASN1_PCTX_set_oid_flags 292 1_1_0 EXIST::FUNCTION:
		d2i_ASN1_INTEGER 293 1_1_0 EXIST::FUNCTION:
		i2d_PKCS7_ENCRYPT 294 1_1_0 EXIST::FUNCTION:
		CT_POLICY_EVAL_CTX_set0_issuer 295 1_1_0 EXIST::FUNCTION:CT
		CT_POLICY_EVAL_CTX_set0_issuer 295 1_1_0 NOEXIST::FUNCTION:
		X509_NAME_ENTRY_set 296 1_1_0 EXIST::FUNCTION:
		PKCS8_set0_pbe 297 1_1_0 EXIST::FUNCTION:
		PEM_write_bio_DSA_PUBKEY 298 1_1_0 EXIST::FUNCTION:DSA
		@@ -457,7 +457,7 @@ DH_new_method 457 1_1_0 EXIST::FUNCTION:DH
		BF_ecb_encrypt 458 1_1_0 EXIST::FUNCTION:BF
		PEM_write_bio_DHparams 459 1_1_0 EXIST::FUNCTION:DH
		EVP_DigestFinal 460 1_1_0 EXIST::FUNCTION:
		CT_POLICY_EVAL_CTX_set0_log_store 461 1_1_0 EXIST::FUNCTION:CT
		CT_POLICY_EVAL_CTX_set0_log_store 461 1_1_0 NOEXIST::FUNCTION:
		X509v3_asid_add_id_or_range 462 1_1_0 EXIST::FUNCTION:RFC3779
		X509_NAME_ENTRY_create_by_NID 463 1_1_0 EXIST::FUNCTION:
		EC_KEY_METHOD_get_init 464 1_1_0 EXIST::FUNCTION:EC
		@@ -1390,7 +1390,7 @@ EVP_PKEY_asn1_free 1375 1_1_0 EXIST::FUNCTION:
		ENGINE_unregister_DH 1376 1_1_0 EXIST::FUNCTION:ENGINE
		PROXY_CERT_INFO_EXTENSION_it 1377 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
		PROXY_CERT_INFO_EXTENSION_it 1377 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
		CT_POLICY_EVAL_CTX_set0_cert 1378 1_1_0 EXIST::FUNCTION:CT
		CT_POLICY_EVAL_CTX_set0_cert 1378 1_1_0 NOEXIST::FUNCTION:
		X509_NAME_hash 1379 1_1_0 EXIST::FUNCTION:
		SCT_set_timestamp 1380 1_1_0 EXIST::FUNCTION:CT
		UI_new 1381 1_1_0 EXIST::FUNCTION:UI
		@@ -4190,3 +4190,6 @@ X509_get_proxy_pathlen 4136 1_1_0 EXIST::FUNCTION:
		DSA_bits 4137 1_1_0 EXIST::FUNCTION:DSA
		EVP_PKEY_set1_tls_encodedpoint 4138 1_1_0 EXIST::FUNCTION:
		EVP_PKEY_get1_tls_encodedpoint 4139 1_1_0 EXIST::FUNCTION:
		CT_POLICY_EVAL_CTX_set1_cert 4140 1_1_0 EXIST::FUNCTION:CT
		CT_POLICY_EVAL_CTX_set1_issuer 4141 1_1_0 EXIST::FUNCTION:CT
		CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE 4142 1_1_0 EXIST::FUNCTION:CT