check reviewer --reviewer=emilia (8359b57f) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

apps/s_client.c

+6 −6

Original line number	Diff line number	Diff line
		@@ -204,7 +204,7 @@ static int c_quiet = 0;
		static int c_ign_eof = 0;
		static int c_brief = 0;

		static void print_stuff(BIO berr, SSL con, int full);
		static void print_stuff(BIO berr, const SSL_CTX ctx, SSL *con, int full);
		static int ocsp_resp_cb(SSL s, void arg);

		static int saved_errno;
		@@ -2184,7 +2184,7 @@ int s_client_main(int argc, char **argv)
		print_ssl_summary(con);
		}

		print_stuff(bio_c_out, con, full_log);
		print_stuff(bio_c_out, ctx, con, full_log);
		if (full_log > 0)
		full_log--;

		@@ -2516,13 +2516,13 @@ int s_client_main(int argc, char **argv)
		ret = 0;
		shut:
		if (in_init)
		print_stuff(bio_c_out, con, full_log);
		print_stuff(bio_c_out, ctx, con, full_log);
		do_ssl_shutdown(con);
		BIO_closesocket(SSL_get_fd(con));
		end:
		if (con != NULL) {
		if (prexit != 0)
		print_stuff(bio_c_out, con, 1);
		print_stuff(bio_c_out, ctx, con, 1);
		SSL_free(con);
		}
		#if !defined(OPENSSL_NO_NEXTPROTONEG)
		@@ -2554,7 +2554,7 @@ int s_client_main(int argc, char **argv)
		return (ret);
		}

		static void print_stuff(BIO bio, SSL s, int full)
		static void print_stuff(BIO bio, const SSL_CTX ctx, SSL *s, int full)
		{
		X509 *peer = NULL;
		char buf[BUFSIZ];
		@@ -2634,7 +2634,7 @@ static void print_stuff(BIO bio, SSL s, int full)

		if (scts != NULL && sk_SCT_num(scts) > 0) {
		BIO_printf(bio, "---\n");
		SCT_LIST_print(scts, bio, 0, "\n---\n");
		SCT_LIST_print(scts, bio, 0, "\n---\n", SSL_CTX_get0_ctlog_store(ctx));
		BIO_printf(bio, "\n");
		}
		#endif

crypto/ct/ct_locl.h

+0 −2

Original line number	Diff line number	Diff line
		@@ -125,8 +125,6 @@ struct sct_st {
		ct_log_entry_type_t entry_type;
		/* Where this SCT was found, e.g. certificate, OCSP response, etc. */
		sct_source_t source;
		/* The CT log that produced this SCT. */
		const CTLOG *log;
		/* The result of the last attempt to validate this SCT. */
		sct_validation_status_t validation_status;
		};

crypto/ct/ct_prn.c

+12 −5

Original line number	Diff line number	Diff line
		@@ -96,7 +96,7 @@ static void timestamp_print(uint64_t timestamp, BIO *out)
		ASN1_GENERALIZEDTIME_free(gen);
		}

		void SCT_print(const SCT sct, BIO out, int indent)
		void SCT_print(const SCT sct, BIO out, int indent, const CTLOG *log)
		{
		BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, "");
		BIO_printf(out, "\n%*sVersion : ", indent + 4, "");
		@@ -109,9 +109,9 @@ void SCT_print(const SCT sct, BIO out, int indent)

		BIO_printf(out, "v1 (0x0)");

		if (sct->log != NULL) {
		if (log != NULL) {
		BIO_printf(out, "\n%*sLog : %s", indent + 4, "",
		SCT_get0_log_name(sct));
		CTLOG_get0_name(log));
		}

		BIO_printf(out, "\n%*sLog ID : ", indent + 4, "");
		@@ -133,13 +133,20 @@ void SCT_print(const SCT sct, BIO out, int indent)
		}

		void SCT_LIST_print(const STACK_OF(SCT) sct_list, BIO out, int indent,
		const char *separator)
		const char separator, const CTLOG_STORE log_store)
		{
		int i;

		for (i = 0; i < sk_SCT_num(sct_list); ++i) {
		SCT *sct = sk_SCT_value(sct_list, i);
		SCT_print(sct, out, indent);
		const CTLOG *log = NULL;

		if (log_store != NULL) {
		log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id,
		sct->log_id_len);
		}

		SCT_print(sct, out, indent, log);
		if (i < sk_SCT_num(sct_list) - 1)
		BIO_printf(out, "%s", separator);
		}

crypto/ct/ct_sct.c

+7 −27

Original line number	Diff line number	Diff line
		@@ -251,11 +251,6 @@ size_t SCT_get0_log_id(const SCT sct, unsigned char *log_id)
		return sct->log_id_len;
		}

		const char SCT_get0_log_name(const SCT sct)
		{
		return CTLOG_get0_name(sct->log);
		}

		uint64_t SCT_get_timestamp(const SCT *sct)
		{
		return sct->timestamp;
		@@ -327,18 +322,6 @@ int SCT_set_source(SCT *sct, sct_source_t source)
		}
		}

		const CTLOG SCT_get0_log(const SCT sct)
		{
		return sct->log;
		}

		int SCT_set0_log(SCT sct, const CTLOG_STORE ct_logs)
		{
		sct->log = CTLOG_STORE_get0_log_by_id(ct_logs, sct->log_id, sct->log_id_len);

		return sct->log != NULL;
		}

		sct_validation_status_t SCT_get_validation_status(const SCT *sct)
		{
		return sct->validation_status;
		@@ -349,20 +332,17 @@ int SCT_validate(SCT sct, const CT_POLICY_EVAL_CTX ctx)
		int is_sct_valid = -1;
		SCT_CTX *sctx = NULL;
		X509_PUBKEY pub = NULL, log_pkey = NULL;
		const CTLOG *log;

		switch (sct->version) {
		case SCT_VERSION_V1:
		if (sct->log == NULL)
		sct->log = CTLOG_STORE_get0_log_by_id(ctx->log_store,
		sct->log_id,
		CT_V1_HASHLEN);
		break;
		default:
		if (sct->version != SCT_VERSION_V1) {
		sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION;
		goto end;
		}

		if (sct->log == NULL) {
		log = CTLOG_STORE_get0_log_by_id(ctx->log_store,
		sct->log_id, sct->log_id_len);

		if (log == NULL) {
		sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG;
		goto end;
		}
		@@ -371,7 +351,7 @@ int SCT_validate(SCT sct, const CT_POLICY_EVAL_CTX ctx)
		if (sctx == NULL)
		goto err;

		if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(sct->log)) != 1)
		if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1)
		goto err;
		if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1)
		goto err;

crypto/ct/ct_x509v3.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -75,7 +75,7 @@ static char i2s_poison(const X509V3_EXT_METHOD method, void *val)
		static int i2r_SCT_LIST(X509V3_EXT_METHOD method, STACK_OF(SCT) sct_list,
		BIO *out, int indent)
		{
		SCT_LIST_print(sct_list, out, indent, "\n");
		SCT_LIST_print(sct_list, out, indent, "\n", NULL);
		return 1;
		}