#include <openssl/safestack.h>
#include <openssl/x509.h>
#include <openssl/cterr.h>
-#ifdef __cplusplus
+#ifdef __cplusplus
extern "C" {
#endif
-
/* Minimum RSA key size, from RFC6962 */
#define SCT_MIN_RSA_BITS 2048
SCT_VALIDATION_STATUS_UNKNOWN_VERSION
} sct_validation_status_t;
-DEFINE_STACK_OF(SCT)
-DEFINE_STACK_OF(CTLOG)
+DECLARE_STACK_OF(SCT)
+DECLARE_STACK_OF(CTLOG)
/******************************************
* CT policy evaluation context functions *
* Creates a new SCT from some base64-encoded strings.
* The caller is responsible for calling SCT_free when finished with the SCT.
*/
-SCT *SCT_new_from_base64(unsigned char version,
- const char *logid_base64,
- ct_log_entry_type_t entry_type,
- uint64_t timestamp,
- const char *extensions_base64,
- const char *signature_base64);
+SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
+ ct_log_entry_type_t entry_type, uint64_t timestamp,
+ const char *extensions_base64, const char *signature_base64);
/*
* Frees the SCT and the underlying data structures.
* Set the version of an SCT.
* Returns 1 on success, 0 if the version is unrecognized.
*/
-__owur int SCT_set_version(SCT *sct, sct_version_t version);
+int SCT_set_version(SCT *sct, sct_version_t version);
/*
* Returns the log entry type of the SCT.
* Set the log entry type of an SCT.
* Returns 1 on success, 0 otherwise.
*/
-__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
+int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
/*
* Gets the ID of the log that an SCT came from.
* The SCT takes ownership of the specified pointer.
* Returns 1 on success, 0 otherwise.
*/
-__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
/*
* Set the log ID of an SCT.
* This makes a copy of the log_id.
* Returns 1 on success, 0 otherwise.
*/
-__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id,
+int SCT_set1_log_id(SCT *sct, const unsigned char *log_id,
size_t log_id_len);
/*
* NID_ecdsa_with_SHA256.
* Returns 1 on success, 0 otherwise.
*/
-__owur int SCT_set_signature_nid(SCT *sct, int nid);
+int SCT_set_signature_nid(SCT *sct, int nid);
/*
* Set *ext to point to the extension data for the SCT. ext must not be NULL.
* This takes a copy of the ext.
* Returns 1 on success, 0 otherwise.
*/
-__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext,
+int SCT_set1_extensions(SCT *sct, const unsigned char *ext,
size_t ext_len);
/*
* Set the signature of an SCT to be a copy of the *sig specified.
* Returns 1 on success, 0 otherwise.
*/
-__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig,
- size_t sig_len);
+int SCT_set1_signature(SCT *sct, const unsigned char *sig,
+ size_t sig_len);
/*
* The origin of this SCT, e.g. TLS extension, OCSP response, etc.
* Set the origin of this SCT, e.g. TLS extension, OCSP response, etc.
* Returns 1 on success, 0 otherwise.
*/
-__owur int SCT_set_source(SCT *sct, sct_source_t source);
+int SCT_set_source(SCT *sct, sct_source_t source);
/*
* Returns a text string describing the validation status of |sct|.
* Returns 0 if the SCT is invalid or could not be verified.
* Returns -1 if an error occurs.
*/
-__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
/*
* Validates the given list of SCTs with the provided context.
* Returns 0 if at least one SCT is invalid or could not be verified.
* Returns a negative integer if an error occurs.
*/
-__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts,
+int SCT_LIST_validate(const STACK_OF(SCT) *scts,
CT_POLICY_EVAL_CTX *ctx);
* Returns < 0 on error, >= 0 indicating bytes written (or would have been)
* on success.
*/
-__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
/*
* Convert TLS format SCT list to a stack of SCTs.
* Returns < 0 on error, >= 0 indicating bytes written (or would have been)
* on success.
*/
-__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
/*
* Parses an SCT list in DER format and returns it.
* to it.
* The length of the SCT in TLS format will be returned.
*/
-__owur int i2o_SCT(const SCT *sct, unsigned char **out);
+int i2o_SCT(const SCT *sct, unsigned char **out);
/*
* Parses an SCT in TLS format and returns it.
* Returns 1 on success, 0 on failure.
* Should be deleted by the caller using CTLOG_free when no longer needed.
*/
-int CTLOG_new_from_base64(CTLOG ** ct_log,
- const char *pkey_base64, const char *name);
+int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64,
+ const char *name);
/*
* Deletes a CT log instance and its fields.
const char *CTLOG_get0_name(const CTLOG *log);
/* Gets the ID of the CT log */
void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
- size_t *log_id_len);
+ size_t *log_id_len);
/* Gets the public key of the CT log */
EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
* Loads a CT log list into a |store| from a |file|.
* Returns 1 if loading is successful, or 0 otherwise.
*/
-__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
+int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
/*
* Loads the default CT log list into a |store|.
* Returns 1 if loading is successful, or 0 otherwise.
*/
-__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
-# ifdef __cplusplus
+#ifdef __cplusplus
}
-# endif
-# endif
+#endif
+#endif
#endif
}
outlen = (inlen / 4) * 3;
- outbuf = OPENSSL_malloc(outlen);
+ outbuf = malloc(outlen);
if (outbuf == NULL) {
- CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
goto err;
}
outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
if (outlen < 0) {
- CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);
+ CTerror(CT_R_BASE64_DECODE_ERROR);
goto err;
}
- /* Subtract padding bytes from |outlen|. Any more than 2 is malformed. */
+ /*
+ * Subtract padding bytes from |outlen|.
+ * Any more than 2 is malformed.
+ */
i = 0;
while (in[--inlen] == '=') {
--outlen;
*out = outbuf;
return outlen;
err:
- OPENSSL_free(outbuf);
+ free(outbuf);
return -1;
}
int declen;
if (sct == NULL) {
- CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
return NULL;
}
* can only construct SCT versions that have been defined.
*/
if (!SCT_set_version(sct, version)) {
- CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
+ CTerror(CT_R_SCT_UNSUPPORTED_VERSION);
goto err;
}
declen = ct_base64_decode(logid_base64, &dec);
if (declen < 0) {
- CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+ CTerror(X509_R_BASE64_DECODE_ERROR);
goto err;
}
if (!SCT_set0_log_id(sct, dec, declen))
declen = ct_base64_decode(extensions_base64, &dec);
if (declen < 0) {
- CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+ CTerror(X509_R_BASE64_DECODE_ERROR);
goto err;
}
SCT_set0_extensions(sct, dec, declen);
declen = ct_base64_decode(signature_base64, &dec);
if (declen < 0) {
- CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+ CTerror(X509_R_BASE64_DECODE_ERROR);
goto err;
}
p = dec;
if (o2i_SCT_signature(sct, &p, declen) <= 0)
goto err;
- OPENSSL_free(dec);
+ free(dec);
dec = NULL;
SCT_set_timestamp(sct, timestamp);
return sct;
err:
- OPENSSL_free(dec);
+ free(dec);
SCT_free(sct);
return NULL;
}
EVP_PKEY *pkey = NULL;
if (ct_log == NULL) {
- CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);
+ CTerror(ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
if (pkey_der_len < 0) {
- CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+ CTerror(CT_R_LOG_CONF_INVALID_KEY);
return 0;
}
p = pkey_der;
pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
- OPENSSL_free(pkey_der);
+ free(pkey_der);
if (pkey == NULL) {
- CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+ CTerror(CT_R_LOG_CONF_INVALID_KEY);
return 0;
}
#ifndef OPENSSL_NO_ERR
-static const ERR_STRING_DATA CT_str_functs[] = {
+static ERR_STRING_DATA CT_str_functs[] = {
{ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"},
{ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0),
"CTLOG_new_from_base64"},
- {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), "ctlog_new_from_conf"},
+ {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0),
+ "ctlog_new_from_conf"},
{ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0),
"ctlog_store_load_ctx_new"},
{ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0),
{ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"},
{ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"},
{ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"},
- {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), "SCT_new_from_base64"},
+ {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0),
+ "SCT_new_from_base64"},
{ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"},
- {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), "SCT_set1_extensions"},
+ {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0),
+ "SCT_set1_extensions"},
{ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"},
- {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), "SCT_set1_signature"},
+ {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0),
+ "SCT_set1_signature"},
{ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0),
"SCT_set_log_entry_type"},
{ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0),
{0, NULL}
};
-static const ERR_STRING_DATA CT_str_reasons[] = {
- {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error"},
+static ERR_STRING_DATA CT_str_reasons[] = {
+ {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR),
+ "base64 decode error"},
{ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH),
"invalid log id length"},
{ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"},
{ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE),
"sct invalid signature"},
{ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"},
- {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"},
+ {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH),
+ "sct log id mismatch"},
{ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"},
{ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION),
"sct unsupported version"},
"unrecognized signature nid"},
{ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE),
"unsupported entry type"},
- {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), "unsupported version"},
+ {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION),
+ "unsupported version"},
{0, NULL}
};
#endif
-int ERR_load_CT_strings(void)
+int
+ERR_load_CT_strings(void)
{
-#ifndef OPENSSL_NO_ERR
if (ERR_func_error_string(CT_str_functs[0].error) == NULL) {
- ERR_load_strings_const(CT_str_functs);
- ERR_load_strings_const(CT_str_reasons);
+ ERR_load_strings(0, CT_str_functs);
+ ERR_load_strings(0, CT_str_reasons);
}
-#endif
return 1;
}
/* If version is not SCT_VERSION_V1, this contains the encoded SCT */
unsigned char *sct;
size_t sct_len;
- /* If version is SCT_VERSION_V1, fields below contain components of the SCT */
+ /*
+ * If version is SCT_VERSION_V1, fields below contain components of
+ * the SCT
+ */
unsigned char *log_id;
size_t log_id_len;
/*
/* pre-certificate encoding */
unsigned char *preder;
size_t prederlen;
- /* milliseconds since epoch (to check that the SCT isn't from the future) */
+ /*
+ * milliseconds since epoch (to check that the SCT isn't from the
+ * future)
+ */
uint64_t epoch_time_in_ms;
};
X509 *cert;
X509 *issuer;
CTLOG_STORE *log_store;
- /* milliseconds since epoch (to check that SCTs aren't from the future) */
+ /*
+ * milliseconds since epoch (to check that the SCT isn't from the
+ * future)
+ */
uint64_t epoch_time_in_ms;
};
* extension, both must have one.
* Returns 1 on success, 0 on failure.
*/
-__owur int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);
+int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);
/*
* Sets the issuer of the certificate that the SCT was created for.
* Issuer must not be NULL.
* Returns 1 on success, 0 on failure.
*/
-__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer);
+int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer);
/*
* Sets the public key of the issuer of the certificate that the SCT was created
* The public key must not be NULL.
* Returns 1 on success, 0 on failure.
*/
-__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
/*
* Sets the public key of the CT log that the SCT is from.
* Returns 1 on success, 0 on failure.
*/
-__owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
/*
* Sets the time to evaluate the SCT against, in milliseconds since the Unix
* Returns 1 if the SCT verifies successfully; any other value indicates
* failure. See EVP_DigestVerifyFinal() for the meaning of those values.
*/
-__owur int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct);
+int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct);
/*
* Does this SCT have the minimum fields populated to be usable?
* Returns 1 if so, 0 otherwise.
*/
-__owur int SCT_is_complete(const SCT *sct);
+int SCT_is_complete(const SCT *sct);
/*
* Does this SCT have the signature-related fields populated?
* This checks that the signature and hash algorithms are set to supported
* values and that the signature field is set.
*/
-__owur int SCT_signature_is_complete(const SCT *sct);
+int SCT_signature_is_complete(const SCT *sct);
/*
* TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature
* If |out| points to an allocated string, the signature will be written to it.
* The length of the signature in TLS format will be returned.
*/
-__owur int i2o_SCT_signature(const SCT *sct, unsigned char **out);
+int i2o_SCT_signature(const SCT *sct, unsigned char **out);
/*
* Parses an SCT signature in TLS format and populates the |sct| with it.
* If an error occurs, the SCT's signature NID may be updated whilst the
* signature field itself remains unset.
*/
-__owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len);
+int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len);
/*
* Handlers for Certificate Transparency X509v3/OCSP extensions
#include <openssl/evp.h>
#include <openssl/safestack.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
+
/*
* Information about a CT log server.
* Deletes a CT log store load context.
* Does not delete any of the fields.
*/
-static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx);
+static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx);
static CTLOG_STORE_LOAD_CTX *
ctlog_store_load_ctx_new(void)
{
- CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+ CTLOG_STORE_LOAD_CTX *ctx = calloc(1, sizeof(*ctx));
if (ctx == NULL)
- CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
return ctx;
}
static void
-ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx)
+ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX *ctx)
{
- OPENSSL_free(ctx);
+ free(ctx);
}
/* Converts a log's public key into a SHA256 log ID */
int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der);
if (pkey_der_len <= 0) {
- CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID);
+ CTerror(CT_R_LOG_KEY_INVALID);
goto err;
}
SHA256(pkey_der, pkey_der_len, log_id);
ret = 1;
err:
- OPENSSL_free(pkey_der);
+ free(pkey_der);
return ret;
}
CTLOG_STORE *
CTLOG_STORE_new(void)
{
- CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
+ CTLOG_STORE *ret = calloc(1, sizeof(*ret));
if (ret == NULL) {
- CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
return NULL;
}
goto err;
return ret;
-err:
- OPENSSL_free(ret);
+ err:
+ free(ret);
return NULL;
}
{
if (store != NULL) {
sk_CTLOG_pop_free(store->logs, CTLOG_free);
- OPENSSL_free(store);
+ free(store);
}
}
static int
ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section)
{
- const char *description = NCONF_get_string(conf, section, "description");
+ const char *description = NCONF_get_string(conf, section,
+ "description");
char *pkey_base64;
if (description == NULL) {
- CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION);
+ CTerror(CT_R_LOG_CONF_MISSING_DESCRIPTION);
return 0;
}
pkey_base64 = NCONF_get_string(conf, section, "key");
if (pkey_base64 == NULL) {
- CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY);
+ CTerror(CT_R_LOG_CONF_MISSING_KEY);
return 0;
}
int
CTLOG_STORE_load_default_file(CTLOG_STORE *store)
{
- const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
-
- if (fpath == NULL)
- fpath = CTLOG_FILE;
-
- return CTLOG_STORE_load_file(store, fpath);
+ return CTLOG_STORE_load_file(store, CTLOG_FILE);
}
/*
if (log_name == NULL)
return 1;
- tmp = OPENSSL_strndup(log_name, log_name_len);
+ tmp = strndup(log_name, log_name_len);
if (tmp == NULL)
goto mem_err;
ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp);
- OPENSSL_free(tmp);
+ free(tmp);
if (ret < 0) {
/* Propagate any internal error */
}
return 1;
-mem_err:
+ mem_err:
CTLOG_free(ct_log);
- CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
return -1;
}
goto end;
if (NCONF_load(load_ctx->conf, file, NULL) <= 0) {
- CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+ CTerror(CT_R_LOG_CONF_INVALID);
goto end;
}
enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs");
if (enabled_logs == NULL) {
- CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+ CTerror(CT_R_LOG_CONF_INVALID);
goto end;
}
if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) ||
load_ctx->invalid_log_entries > 0) {
- CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+ CTerror(CT_R_LOG_CONF_INVALID);
goto end;
}
ret = 1;
-end:
+ end:
NCONF_free(load_ctx->conf);
ctlog_store_load_ctx_free(load_ctx);
return ret;
CTLOG *
CTLOG_new(EVP_PKEY *public_key, const char *name)
{
- CTLOG *ret = OPENSSL_zalloc(sizeof(*ret));
+ CTLOG *ret = calloc(1, sizeof(*ret));
if (ret == NULL) {
- CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
return NULL;
}
- ret->name = OPENSSL_strdup(name);
+ ret->name = strdup(name);
if (ret->name == NULL) {
- CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
goto err;
}
CTLOG_free(CTLOG *log)
{
if (log != NULL) {
- OPENSSL_free(log->name);
+ free(log->name);
EVP_PKEY_free(log->public_key);
- OPENSSL_free(log);
+ free(log);
}
}
* Given a log ID, finds the matching log.
* Returns NULL if no match found.
*/
-const CTLOG
-*CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, const uint8_t *log_id,
+const CTLOG *
+CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, const uint8_t *log_id,
size_t log_id_len)
{
int i;
const unsigned char *p;
if (sct->version != SCT_VERSION_V1) {
- CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+ CTerror(CT_R_UNSUPPORTED_VERSION);
return -1;
}
/*
* all supported algorithms.
*/
if (len <= 4) {
- CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+ CTerror(CT_R_SCT_INVALID_SIGNATURE);
return -1;
}
sct->hash_alg = *p++;
sct->sig_alg = *p++;
if (SCT_get_signature_nid(sct) == NID_undef) {
- CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+ CTerror(CT_R_SCT_INVALID_SIGNATURE);
return -1;
}
- /* Retrieve signature and check it is consistent with the buffer length */
+ /*
+ * Retrieve signature and check it is consistent with the buffer
+ * length
+ */
n2s(p, siglen);
len_remaining -= (p - *in);
if (siglen > len_remaining) {
- CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+ CTerror(CT_R_SCT_INVALID_SIGNATURE);
return -1;
}
return len - len_remaining;
}
-SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
+SCT *
+o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
{
SCT *sct = NULL;
const unsigned char *p;
+ /*
+ * XXX paging Dr Sing. please report to this function for an emergency
+ * CBS/CBB implantation surgery. Stat.
+ */
+
if (len == 0 || len > MAX_SCT_SIZE) {
- CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+ CTerror(CT_R_SCT_INVALID);
goto err;
}
* }
*/
if (len < 43) {
- CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+ CTerror(CT_R_SCT_INVALID);
goto err;
}
len -= 43;
p++;
- sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
+ sct->log_id = malloc(CT_V1_HASHLEN);
if (sct->log_id == NULL)
goto err;
+ memcpy(sct->log_id, p, CT_V1_HASHLEN);
sct->log_id_len = CT_V1_HASHLEN;
p += CT_V1_HASHLEN;
n2s(p, len2);
if (len < len2) {
- CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+ CTerror(CT_R_SCT_INVALID);
goto err;
}
if (len2 > 0) {
- sct->ext = BUF_memdup(p, len2);
+ sct->ext = malloc(len2);
if (sct->ext == NULL)
goto err;
+ memcpy(sct->ext, p, len2);
}
sct->ext_len = len2;
p += len2;
sig_len = o2i_SCT_signature(sct, &p, len);
if (sig_len <= 0) {
- CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+ CTerror(CT_R_SCT_INVALID);
goto err;
}
len -= sig_len;
*in = p + len;
} else {
/* If not V1 just cache encoding */
- sct->sct = BUF_memdup(p, len);
+ sct->sct = malloc(len);
if (sct->sct == NULL)
goto err;
+ memcpy(sct->sct, p, len);
sct->sct_len = len;
*in = p + len;
}
unsigned char *p = NULL, *pstart = NULL;
if (!SCT_signature_is_complete(sct)) {
- CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+ CTerror(CT_R_SCT_INVALID_SIGNATURE);
goto err;
}
if (sct->version != SCT_VERSION_V1) {
- CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+ CTerror(CT_R_UNSUPPORTED_VERSION);
goto err;
}
p = *out;
*out += len;
} else {
- pstart = p = OPENSSL_malloc(len);
+ pstart = p = malloc(len);
if (p == NULL) {
- CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
goto err;
}
*out = p;
return len;
err:
- OPENSSL_free(pstart);
+ free(pstart);
return -1;
}
unsigned char *p = NULL, *pstart = NULL;
if (!SCT_is_complete(sct)) {
- CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
+ CTerror(CT_R_SCT_NOT_SET);
goto err;
}
/*
p = *out;
*out += len;
} else {
- pstart = p = OPENSSL_malloc(len);
+ pstart = p = malloc(len);
if (p == NULL) {
- CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
goto err;
}
*out = p;
return len;
err:
- OPENSSL_free(pstart);
+ free(pstart);
return -1;
}
size_t list_len, sct_len;
if (len < 2 || len > MAX_SCT_LIST_SIZE) {
- CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+ CTerror(CT_R_SCT_LIST_INVALID);
return NULL;
}
n2s(*pp, list_len);
if (list_len != len - 2) {
- CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+ CTerror(CT_R_SCT_LIST_INVALID);
return NULL;
}
SCT *sct;
if (list_len < 2) {
- CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+ CTerror(CT_R_SCT_LIST_INVALID);
goto err;
}
n2s(*pp, sct_len);
list_len -= 2;
if (sct_len == 0 || sct_len > list_len) {
- CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+ CTerror(CT_R_SCT_LIST_INVALID);
goto err;
}
list_len -= sct_len;
if (pp != NULL) {
if (*pp == NULL) {
if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
- CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);
+ CTerror(CT_R_SCT_LIST_INVALID);
return -1;
}
- if ((*pp = OPENSSL_malloc(len)) == NULL) {
- CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);
+ if ((*pp = malloc(len)) == NULL) {
+ CTerror(ERR_R_MALLOC_FAILURE);
return -1;
}
is_pp_new = 1;
err:
if (is_pp_new) {
- OPENSSL_free(*pp);
+ free(*pp);
*pp = NULL;
}
return -1;
return -1;
len = i2d_ASN1_OCTET_STRING(&oct, out);
- OPENSSL_free(oct.data);
+ free(oct.data);
return len;
}
CT_POLICY_EVAL_CTX *
CT_POLICY_EVAL_CTX_new(void)
{
- CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
+ CT_POLICY_EVAL_CTX *ctx = calloc(1, sizeof(CT_POLICY_EVAL_CTX));
if (ctx == NULL) {
- CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
return NULL;
}
return;
X509_free(ctx->cert);
X509_free(ctx->issuer);
- OPENSSL_free(ctx);
+ free(ctx);
}
int
ctx->epoch_time_in_ms = time_in_ms;
}
-X509*
+X509 *
CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
{
return ctx->cert;
}
-X509*
+X509 *
CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
{
return ctx->issuer;
const CTLOG_STORE *
CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
{
- return ctx->log_store;
+ return ctx->log_store;
}
uint64_t
#include "ct_local.h"
+/*
+ * XXX public api in OpenSSL 1.1.0 but this is the only thing that uses it.
+ * so I am stuffing it here for the moment.
+ */
+static int
+BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
+ int datalen)
+{
+ int i, j = 0;
+
+ if (datalen < 1)
+ return 1;
+
+ for (i = 0; i < datalen - 1; i++) {
+ if (i && !j)
+ BIO_printf(out, "%*s", indent, "");
+
+ BIO_printf(out, "%02X:", data[i]);
+
+ j = (j + 1) % width;
+ if (!j)
+ BIO_printf(out, "\n");
+ }
+
+ if (i && !j)
+ BIO_printf(out, "%*s", indent, "");
+ BIO_printf(out, "%02X", data[datalen - 1]);
+ return 1;
+}
+
static void
SCT_signature_algorithms_print(const SCT *sct, BIO *out)
{
if (gen == NULL)
return;
- ASN1_GENERALIZEDTIME_adj(gen, (time_t)0,(int)(timestamp / 86400000),
+ ASN1_GENERALIZEDTIME_adj(gen, (time_t)0, (int)(timestamp / 86400000),
(timestamp % 86400000) / 1000);
/*
* Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
* characters long with a final Z. Update it with fractional seconds.
*/
- BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
+ snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000));
if (ASN1_GENERALIZEDTIME_set_string(gen, genstr))
ASN1_GENERALIZEDTIME_print(out, gen);
case SCT_VALIDATION_STATUS_INVALID:
return "invalid";
case SCT_VALIDATION_STATUS_VALID:
- return "valid";
+ return "valid";
}
return "unknown status";
}
#include <openssl/tls1.h>
#include <openssl/x509.h>
+#include <string.h>
+
#include "ct_local.h"
SCT *
SCT_new(void)
{
- SCT *sct = OPENSSL_zalloc(sizeof(*sct));
+ SCT *sct = calloc(1, sizeof(*sct));
if (sct == NULL) {
- CTerr(CT_F_SCT_NEW, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
return NULL;
}
if (sct == NULL)
return;
- OPENSSL_free(sct->log_id);
- OPENSSL_free(sct->ext);
- OPENSSL_free(sct->sig);
- OPENSSL_free(sct->sct);
- OPENSSL_free(sct);
+ free(sct->log_id);
+ free(sct->ext);
+ free(sct->sig);
+ free(sct->sct);
+ free(sct);
}
void
SCT_set_version(SCT *sct, sct_version_t version)
{
if (version != SCT_VERSION_V1) {
- CTerr(CT_F_SCT_SET_VERSION, CT_R_UNSUPPORTED_VERSION);
+ CTerror(CT_R_UNSUPPORTED_VERSION);
return 0;
}
sct->version = version;
case CT_LOG_ENTRY_TYPE_NOT_SET:
break;
}
- CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE);
+ CTerror(CT_R_UNSUPPORTED_ENTRY_TYPE);
return 0;
}
SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len)
{
if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
- CTerr(CT_F_SCT_SET0_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
+ CTerror(CT_R_INVALID_LOG_ID_LENGTH);
return 0;
}
- OPENSSL_free(sct->log_id);
+ free(sct->log_id);
sct->log_id = log_id;
sct->log_id_len = log_id_len;
sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len)
{
if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
- CTerr(CT_F_SCT_SET1_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
+ CTerror(CT_R_INVALID_LOG_ID_LENGTH);
return 0;
}
- OPENSSL_free(sct->log_id);
+ free(sct->log_id);
sct->log_id = NULL;
sct->log_id_len = 0;
sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
if (log_id != NULL && log_id_len > 0) {
- sct->log_id = OPENSSL_memdup(log_id, log_id_len);
+ sct->log_id = malloc(log_id_len);
if (sct->log_id == NULL) {
- CTerr(CT_F_SCT_SET1_LOG_ID, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
return 0;
}
+ memcpy(sct->log_id, log_id, log_id_len);
sct->log_id_len = log_id_len;
}
return 1;
{
switch (nid) {
case NID_sha256WithRSAEncryption:
- sct->hash_alg = TLSEXT_hash_sha256;
- sct->sig_alg = TLSEXT_signature_rsa;
+ sct->hash_alg = 4; /* XXX */
+ sct->sig_alg = 1; /* XXX */
sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
return 1;
case NID_ecdsa_with_SHA256:
- sct->hash_alg = TLSEXT_hash_sha256;
- sct->sig_alg = TLSEXT_signature_ecdsa;
+ sct->hash_alg = 4; /* XXX */
+ sct->sig_alg = 3; /* XXX */
sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
return 1;
default:
- CTerr(CT_F_SCT_SET_SIGNATURE_NID, CT_R_UNRECOGNIZED_SIGNATURE_NID);
+ CTerror(CT_R_UNRECOGNIZED_SIGNATURE_NID);
return 0;
}
}
void
SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len)
{
- OPENSSL_free(sct->ext);
+ free(sct->ext);
sct->ext = ext;
sct->ext_len = ext_len;
sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
int
SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len)
{
- OPENSSL_free(sct->ext);
+ free(sct->ext);
sct->ext = NULL;
sct->ext_len = 0;
sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
if (ext != NULL && ext_len > 0) {
- sct->ext = OPENSSL_memdup(ext, ext_len);
+ sct->ext = malloc(ext_len);
if (sct->ext == NULL) {
- CTerr(CT_F_SCT_SET1_EXTENSIONS, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
return 0;
}
+ memcpy(sct->ext, ext, ext_len);
sct->ext_len = ext_len;
}
return 1;
void
SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len)
{
- OPENSSL_free(sct->sig);
+ free(sct->sig);
sct->sig = sig;
sct->sig_len = sig_len;
sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
int
SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len)
{
- OPENSSL_free(sct->sig);
+ free(sct->sig);
sct->sig = NULL;
sct->sig_len = 0;
sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
if (sig != NULL && sig_len > 0) {
- sct->sig = OPENSSL_memdup(sig, sig_len);
+ sct->sig = malloc(sig_len);
if (sct->sig == NULL) {
- CTerr(CT_F_SCT_SET1_SIGNATURE, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
return 0;
}
+ memcpy(sct->sig, sig, sig_len);
sct->sig_len = sig_len;
}
return 1;
SCT_get_signature_nid(const SCT *sct)
{
if (sct->version == SCT_VERSION_V1) {
- if (sct->hash_alg == TLSEXT_hash_sha256) {
+ /* XXX sigalg numbers */
+ if (sct->hash_alg == 4) {
switch (sct->sig_alg) {
- case TLSEXT_signature_ecdsa:
+ case 3:
return NID_ecdsa_with_SHA256;
- case TLSEXT_signature_rsa:
+ case 1:
return NID_sha256WithRSAEncryption;
default:
- return NID_undef;
+ return NID_undef;
}
}
}
int
SCT_signature_is_complete(const SCT *sct)
{
- return SCT_get_signature_nid(sct) != NID_undef && sct->sig != NULL &&
- sct->sig_len > 0;
+ return SCT_get_signature_nid(sct) != NID_undef &&
+ sct->sig != NULL && sct->sig_len > 0;
}
sct_source_t
SCT_CTX *
SCT_CTX_new(void)
{
- SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx));
+ SCT_CTX *sctx = calloc(1, sizeof(*sctx));
if (sctx == NULL)
- CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ CTerror(ERR_R_MALLOC_FAILURE);
return sctx;
}
if (sctx == NULL)
return;
EVP_PKEY_free(sctx->pkey);
- OPENSSL_free(sctx->pkeyhash);
- OPENSSL_free(sctx->ihash);
- OPENSSL_free(sctx->certder);
- OPENSSL_free(sctx->preder);
- OPENSSL_free(sctx);
+ free(sctx->pkeyhash);
+ free(sctx->ihash);
+ free(sctx->certder);
+ free(sctx->preder);
+ free(sctx);
}
/*
* AKID from the presigner certificate, if necessary.
* Returns 1 on success, 0 otherwise.
*/
-__owur static int
+static int
ct_x509_cert_fixup(X509 *cert, X509 *presigner)
{
int preidx, certidx;
X509_free(pretmp);
- OPENSSL_free(sctx->certder);
+ free(sctx->certder);
sctx->certder = certder;
sctx->certderlen = certderlen;
- OPENSSL_free(sctx->preder);
+ free(sctx->preder);
sctx->preder = preder;
sctx->prederlen = prederlen;
return 1;
err:
- OPENSSL_free(certder);
- OPENSSL_free(preder);
+ free(certder);
+ free(preder);
X509_free(pretmp);
return 0;
}
-__owur static int
+static int
ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash, size_t *hash_len)
{
int ret = 0;
if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {
md = *hash;
} else {
- md = OPENSSL_malloc(SHA256_DIGEST_LENGTH);
+ md = malloc(SHA256_DIGEST_LENGTH);
if (md == NULL)
goto err;
}
goto err;
if (md != *hash) {
- OPENSSL_free(*hash);
+ free(*hash);
*hash = md;
*hash_len = SHA256_DIGEST_LENGTH;
}
md = NULL;
ret = 1;
err:
- OPENSSL_free(md);
- OPENSSL_free(der);
+ free(md);
+ free(der);
return ret;
}
unsigned char tmpbuf[12];
unsigned char *p, *der;
size_t derlen;
+
/*+
* digitally-signed struct {
* (1 byte) Version sct_version;
if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
- (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
- CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET);
+ (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT &&
+ sctx->ihash == NULL)) {
+ CTerror(CT_R_SCT_NOT_SET);
return 0;
}
if (sct->version != SCT_VERSION_V1) {
- CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
+ CTerror(CT_R_SCT_UNSUPPORTED_VERSION);
return 0;
}
if (sct->log_id_len != sctx->pkeyhashlen ||
memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
- CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
+ CTerror(CT_R_SCT_LOG_ID_MISMATCH);
return 0;
}
if (sct->timestamp > sctx->epoch_time_in_ms) {
- CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_FUTURE_TIMESTAMP);
+ CTerror(CT_R_SCT_FUTURE_TIMESTAMP);
return 0;
}
ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
/* If ret < 0 some other error: fall through without setting error */
if (ret == 0)
- CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE);
+ CTerror(CT_R_SCT_INVALID_SIGNATURE);
end:
EVP_MD_CTX_free(ctx);
# error "CT is disabled"
#endif
+#include <string.h>
+
#include "ct_local.h"
static char *
i2s_poison(const X509V3_EXT_METHOD *method, void *val)
{
- return OPENSSL_strdup("NULL");
+ return strdup("NULL");
}
static void *
return s;
}
-static STACK_OF(SCT) *o
-csp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
+static STACK_OF(SCT) *
+ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
{
STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
NULL },
/* X509v3 extension to mark a certificate as a pre-certificate */
- { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
+ { NID_ct_precert_poison, 0, &ASN1_NULL_it,
NULL, NULL, NULL, NULL,
i2s_poison, s2i_poison,
NULL, NULL,
/*
- * Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
#ifndef HEADER_CTERR_H
# define HEADER_CTERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
-
# include <openssl/opensslconf.h>
# ifndef OPENSSL_NO_CT
-# ifdef __cplusplus
+#ifdef __cplusplus
extern "C"
-# endif
+#endif
+
int ERR_load_CT_strings(void);
/*
projects / openbsd / commitdiff