From: beck Date: Wed, 24 Nov 2021 01:12:43 +0000 (+0000) Subject: Make the certificate transparency code build with the rest of the library X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=aff4783b2de3fd9c8b45e987654b59aed9e7bbde;p=openbsd Make the certificate transparency code build with the rest of the library Do not expose it yet, this will wait for an upcoming bump ok tb@ --- diff --git a/lib/libcrypto/Makefile b/lib/libcrypto/Makefile index fba3871e73d..1a026f7c60e 100644 --- a/lib/libcrypto/Makefile +++ b/lib/libcrypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.50 2021/11/20 18:10:52 jsing Exp $ +# $OpenBSD: Makefile,v 1.51 2021/11/24 01:12:43 beck Exp $ LIB= crypto LIBREBUILD=y @@ -18,7 +18,7 @@ CFLAGS+= -Wall -Wundef .if ${COMPILER_VERSION:L} == "clang" CFLAGS+= -Werror .endif -CFLAGS+= -DLIBRESSL_INTERNAL +CFLAGS+= -DLIBRESSL_INTERNAL -DLIBRESSL_CRYPTO_INTERNAL .if !defined(NOPIC) CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN @@ -112,6 +112,10 @@ SRCS+= comp_lib.c comp_err.c c_rle.c c_zlib.c SRCS+= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c SRCS+= conf_mall.c conf_sap.c +# ct/ +SRCS += ct_b64.c ct_err.c ct_log.c ct_oct.c ct_policy.c +SRCS += ct_prn.c ct_sct.c ct_sct_ctx.c ct_vfy.c ct_x509v3.c + # curve25519/ SRCS+= curve25519.c curve25519-generic.c @@ -301,6 +305,7 @@ SRCS+= pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c ${LCRYPTO_SRC}/cms \ ${LCRYPTO_SRC}/comp \ ${LCRYPTO_SRC}/conf \ + ${LCRYPTO_SRC}/ct \ ${LCRYPTO_SRC}/curve25519 \ ${LCRYPTO_SRC}/des \ ${LCRYPTO_SRC}/dh \ @@ -360,6 +365,8 @@ HDRS=\ ${LCRYPTO_SRC}/conf/conf.h \ ${LCRYPTO_SRC}/conf/conf_api.h \ ${LCRYPTO_SRC}/crypto.h \ + ${LCRYPTO_SRC}/ct/ct.h \ + ${LCRYPTO_SRC}/ct/cterr.h \ ${LCRYPTO_SRC}/curve25519/curve25519.h \ ${LCRYPTO_SRC}/des/des.h \ ${LCRYPTO_SRC}/dh/dh.h \ diff --git a/lib/libcrypto/cryptlib.h b/lib/libcrypto/cryptlib.h index d44738bf3c0..6c3731d9717 100644 --- a/lib/libcrypto/cryptlib.h +++ b/lib/libcrypto/cryptlib.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptlib.h,v 1.25 2016/11/04 17:30:30 miod Exp $ */ +/* $OpenBSD: cryptlib.h,v 1.26 2021/11/24 01:12:43 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,6 +72,9 @@ extern "C" { #define X509_CERT_DIR_EVP "SSL_CERT_DIR" #define X509_CERT_FILE_EVP "SSL_CERT_FILE" +#define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" +#define CTLOG_FILE_EVP "CTLOG_FILE" + void OPENSSL_cpuid_setup(void); #ifdef __cplusplus diff --git a/lib/libcrypto/err/err.h b/lib/libcrypto/err/err.h index 22cdb2987fa..20fa9084a6c 100644 --- a/lib/libcrypto/err/err.h +++ b/lib/libcrypto/err/err.h @@ -1,4 +1,4 @@ -/* $OpenBSD: err.h,v 1.25 2017/02/20 23:21:19 beck Exp $ */ +/* $OpenBSD: err.h,v 1.26 2021/11/24 01:12:43 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -196,6 +196,7 @@ typedef struct err_state_st { #define ERR_LIB_HMAC 48 #define ERR_LIB_JPAKE 49 #define ERR_LIB_GOST 50 +#define ERR_LIB_CT 51 #define ERR_LIB_USER 128 @@ -234,6 +235,7 @@ typedef struct err_state_st { #define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) #define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),__FILE__,__LINE__) #define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) +#define CTerr(f, r) ERR_PUT_error(ERR_LIB_CT,(f),(r),__FILE__,__LINE__) #endif #ifdef LIBRESSL_INTERNAL @@ -270,6 +272,7 @@ typedef struct err_state_st { #define HMACerror(r) ERR_PUT_error(ERR_LIB_HMAC,(0xfff),(r),__FILE__,__LINE__) #define JPAKEerror(r) ERR_PUT_error(ERR_LIB_JPAKE,(0xfff),(r),__FILE__,__LINE__) #define GOSTerror(r) ERR_PUT_error(ERR_LIB_GOST,(0xfff),(r),__FILE__,__LINE__) +#define CTerror(r) ERR_PUT_error(ERR_LIB_CT,(0xfff),(r),__FILE__,__LINE__) #endif #define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)<<24L)| \ diff --git a/lib/libcrypto/objects/obj_mac.num b/lib/libcrypto/objects/obj_mac.num index 26d3d458cfa..cbde51906ee 100644 --- a/lib/libcrypto/objects/obj_mac.num +++ b/lib/libcrypto/objects/obj_mac.num @@ -1015,3 +1015,7 @@ id_ct_signedChecklist 1014 id_kp_bgpsec_router 1015 tlsfeature 1016 id_ct_ASPA 1017 +ct_precert_scts 1018 +ct_precert_poison 1019 +ct_precert_signer 1020 +ct_cert_scts 1021 diff --git a/lib/libcrypto/objects/objects.txt b/lib/libcrypto/objects/objects.txt index b2f1cc6121a..33b780ff337 100644 --- a/lib/libcrypto/objects/objects.txt +++ b/lib/libcrypto/objects/objects.txt @@ -1357,6 +1357,12 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme : dh-std-kdf : dh-cofactor-kdf +# RFC 6962 Extension OIDs (see http://www.ietf.org/rfc/rfc6962.txt) +1 3 6 1 4 1 11129 2 4 2 : ct_precert_scts : CT Precertificate SCTs +1 3 6 1 4 1 11129 2 4 3 : ct_precert_poison : CT Precertificate Poison +1 3 6 1 4 1 11129 2 4 4 : ct_precert_signer : CT Precertificate Signer +1 3 6 1 4 1 11129 2 4 5 : ct_cert_scts : CT Certificate SCTs + identified-organization 36 : teletrust teletrust 3 3 2 8 1 : brainpool brainpool 1 1 : brainpoolP160r1 diff --git a/lib/libcrypto/opensslfeatures.h b/lib/libcrypto/opensslfeatures.h index 49a5f15b597..b6b19040034 100644 --- a/lib/libcrypto/opensslfeatures.h +++ b/lib/libcrypto/opensslfeatures.h @@ -40,7 +40,9 @@ #define OPENSSL_NO_COMP /* XXX */ /* #define OPENSSL_NO_CRYPTO_MDEBUG */ /* #define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE */ -/* #define OPENSSL_NO_CT */ +#ifndef LIBRESSL_CRYPTO_INTERNAL +#define OPENSSL_NO_CT /* XXX until we expose it */ +#endif /* #define OPENSSL_NO_DECC_INIT */ /* #define OPENSSL_NO_DES */ /* #define OPENSSL_NO_DEVCRYPTOENG */ diff --git a/lib/libcrypto/ossl_typ.h b/lib/libcrypto/ossl_typ.h index 99f120644f3..64630841984 100644 --- a/lib/libcrypto/ossl_typ.h +++ b/lib/libcrypto/ossl_typ.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ossl_typ.h,v 1.14 2021/11/01 20:53:08 tb Exp $ */ +/* $OpenBSD: ossl_typ.h,v 1.15 2021/11/24 01:12:43 beck Exp $ */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * @@ -176,4 +176,12 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; typedef struct ocsp_response_st OCSP_RESPONSE; typedef struct ocsp_responder_id_st OCSP_RESPID; +#ifdef LIBRESSL_CRYPTO_INTERNAL +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; +#endif + #endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/lib/libcrypto/stack/safestack.h b/lib/libcrypto/stack/safestack.h index 690912b3065..dbcb9ef350a 100644 --- a/lib/libcrypto/stack/safestack.h +++ b/lib/libcrypto/stack/safestack.h @@ -1,4 +1,4 @@ -/* $OpenBSD: safestack.h,v 1.18 2019/08/11 14:14:14 jsing Exp $ */ +/* $OpenBSD: safestack.h,v 1.19 2021/11/24 01:12:43 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -2179,4 +2179,50 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) LHM_lh_stats_bio(SSL_SESSION,lh,out) #define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) +#ifdef LIBRESSL_CRYPTO_INTERNAL +#define sk_CTLOG_new(cmp) SKM_sk_new(CTLOG, (cmp)) +#define sk_CTLOG_new_null() SKM_sk_new_null(CTLOG) +#define sk_CTLOG_free(st) SKM_sk_free(CTLOG, (st)) +#define sk_CTLOG_num(st) SKM_sk_num(CTLOG, (st)) +#define sk_CTLOG_value(st, i) SKM_sk_value(CTLOG, (st), (i)) +#define sk_CTLOG_set(st, i, val) SKM_sk_set(CTLOG, (st), (i), (val)) +#define sk_CTLOG_zero(st) SKM_sk_zero(CTLOG, (st)) +#define sk_CTLOG_push(st, val) SKM_sk_push(CTLOG, (st), (val)) +#define sk_CTLOG_unshift(st, val) SKM_sk_unshift(CTLOG, (st), (val)) +#define sk_CTLOG_find(st, val) SKM_sk_find(CTLOG, (st), (val)) +#define sk_CTLOG_find_ex(st, val) SKM_sk_find_ex(CTLOG, (st), (val)) +#define sk_CTLOG_delete(st, i) SKM_sk_delete(CTLOG, (st), (i)) +#define sk_CTLOG_delete_ptr(st, ptr) SKM_sk_delete_ptr(CTLOG, (st), (ptr)) +#define sk_CTLOG_insert(st, val, i) SKM_sk_insert(CTLOG, (st), (val), (i)) +#define sk_CTLOG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CTLOG, (st), (cmp)) +#define sk_CTLOG_dup(st) SKM_sk_dup(CTLOG, st) +#define sk_CTLOG_pop_free(st, free_func) SKM_sk_pop_free(CTLOG, (st), (free_func)) +#define sk_CTLOG_shift(st) SKM_sk_shift(CTLOG, (st)) +#define sk_CTLOG_pop(st) SKM_sk_pop(CTLOG, (st)) +#define sk_CTLOG_sort(st) SKM_sk_sort(CTLOG, (st)) +#define sk_CTLOG_is_sorted(st) SKM_sk_is_sorted(CTLOG, (st)) + +#define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp)) +#define sk_SCT_new_null() SKM_sk_new_null(SCT) +#define sk_SCT_free(st) SKM_sk_free(SCT, (st)) +#define sk_SCT_num(st) SKM_sk_num(SCT, (st)) +#define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i)) +#define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val)) +#define sk_SCT_zero(st) SKM_sk_zero(SCT, (st)) +#define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val)) +#define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val)) +#define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val)) +#define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val)) +#define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i)) +#define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr)) +#define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i)) +#define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp)) +#define sk_SCT_dup(st) SKM_sk_dup(SCT, st) +#define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func)) +#define sk_SCT_shift(st) SKM_sk_shift(SCT, (st)) +#define sk_SCT_pop(st) SKM_sk_pop(SCT, (st)) +#define sk_SCT_sort(st) SKM_sk_sort(SCT, (st)) +#define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st)) +#endif + #endif /* !defined HEADER_SAFESTACK_H */