return sct->log_id_len;
}
-const char *SCT_get0_log_name(const SCT *sct)
-{
- return CTLOG_get0_name(sct->log);
-}
-
uint64_t SCT_get_timestamp(const SCT *sct)
{
return sct->timestamp;
}
}
-int SCT_LIST_set_source(const STACK_OF(SCT) *scts, sct_source_t source)
-{
- int i, ret = 0;
-
- for (i = 0; i < sk_SCT_num(scts); ++i) {
- if (SCT_set_source(sk_SCT_value(scts, i), source))
- ++ret;
- }
-
- return ret;
-}
-
-const CTLOG *SCT_get0_log(const SCT *sct)
-{
- return sct->log;
-}
-
-int SCT_set0_log(SCT *sct, const CTLOG_STORE *ct_logs)
-{
- sct->log = CTLOG_STORE_get0_log_by_id(ct_logs, sct->log_id, sct->log_id_len);
-
- return sct->log != NULL;
-}
-
-int SCT_LIST_set0_logs(STACK_OF(SCT) *sct_list, const CTLOG_STORE *ct_logs)
-{
- int sct_logs_found = 0;
- int i;
-
- for (i = 0; i < sk_SCT_num(sct_list); ++i) {
- SCT *sct = sk_SCT_value(sct_list, i);
-
- if (sct->log == NULL)
- SCT_set0_log(sct, ct_logs);
- if (sct->log != NULL)
- ++sct_logs_found;
- }
-
- return sct_logs_found;
-}
-
sct_validation_status_t SCT_get_validation_status(const SCT *sct)
{
return sct->validation_status;
int is_sct_valid = -1;
SCT_CTX *sctx = NULL;
X509_PUBKEY *pub = NULL, *log_pkey = NULL;
+ const CTLOG *log;
- switch (sct->version) {
- case SCT_VERSION_V1:
- if (sct->log == NULL)
- sct->log = CTLOG_STORE_get0_log_by_id(ctx->log_store,
- sct->log_id,
- CT_V1_HASHLEN);
- break;
- default:
+ /*
+ * With an unrecognized SCT version we don't know what such an SCT means,
+ * let alone validate one. So we return validation failure (0).
+ */
+ if (sct->version != SCT_VERSION_V1) {
sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION;
- goto end;
+ return 0;
}
- if (sct->log == NULL) {
+ log = CTLOG_STORE_get0_log_by_id(ctx->log_store,
+ sct->log_id, sct->log_id_len);
+
+ /* Similarly, an SCT from an unknown log also cannot be validated. */
+ if (log == NULL) {
sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG;
- goto end;
+ return 0;
}
sctx = SCT_CTX_new();
if (sctx == NULL)
goto err;
- if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(sct->log)) != 1)
+ if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1)
goto err;
if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1)
goto err;
goto err;
}
+ /*
+ * XXX: Potential for optimization. This repeats some idempotent heavy
+ * lifting on the certificate for each candidate SCT, and appears to not
+ * use any information in the SCT itself, only the certificate is
+ * processed. So it may make more sense to to do this just once, perhaps
+ * associated with the shared (by all SCTs) policy eval ctx.
+ *
+ * XXX: Failure here is global (SCT independent) and represents either an
+ * issue with the certificate (e.g. duplicate extensions) or an out of
+ * memory condition. When the certificate is incompatible with CT, we just
+ * mark the SCTs invalid, rather than report a failure to determine the
+ * validation status. That way, callbacks that want to do "soft" SCT
+ * processing will not abort handshakes with false positive internal
+ * errors. Since the function does not distinguish between certificate
+ * issues (peer's fault) and internal problems (out fault) the safe thing
+ * to do is to report a validation failure and let the callback or
+ * application decide what to do.
+ */
if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
- goto err;
-
- sct->validation_status = SCT_verify(sctx, sct) == 1 ?
+ sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
+ else
+ sct->validation_status = SCT_verify(sctx, sct) == 1 ?
SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
end:
projects / openssl.git / blobdiff