*/
#include <stdio.h>
-#include <time.h>
-#include <openssl/bio.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/ocsp.h>
-#include <openssl/o_time.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
TLS_SIGALGS *salgs = NULL;
CERT *c = s->cert;
unsigned int is_suiteb = tls1_suiteb(s);
+ if (c->shared_sigalgs)
+ {
+ OPENSSL_free(c->shared_sigalgs);
+ c->shared_sigalgs = NULL;
+ }
/* If client use client signature algorithms if not NULL */
if (!s->server && c->client_sigalgs && !is_suiteb)
{
if (!c)
return 0;
+ if (c->peer_sigalgs)
+ OPENSSL_free(c->peer_sigalgs);
c->peer_sigalgs = OPENSSL_malloc(dsize);
if (!c->peer_sigalgs)
return 0;
}
#endif
-
-/* RFC6962 Signed Certificate Timestamp List X.509 extension parser */
-int i2r_sctlist(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct,
- BIO *out, int indent)
- {
- BN_ULLONG timestamp;
- struct tm tm1;
- time_t unix_epoch = 0;
- unsigned char* data = oct->data;
- char month[4];
- unsigned short listlen, sctlen = 0, fieldlen;
- int signhash_nid;
-
- if (oct->length < 2)
- return 0;
- n2s(data, listlen);
- if (listlen != oct->length - 2)
- return 0;
-
- while (listlen > 0)
- {
- if (listlen < 2)
- return 0;
- n2s(data, sctlen);
- listlen -= 2;
-
- if ((sctlen < 1) || (sctlen > listlen))
- return 0;
- listlen -= sctlen;
-
- BIO_printf(out, "%*sSigned Certificate Timestamp:", indent,
- "");
-
- if (*data == 0) /* SCT v1 */
- {
- /* Fixed-length header:
- * struct {
- * (1 byte) Version sct_version;
- * (32 bytes) LogID id;
- * (8 bytes) uint64 timestamp;
- * (2 bytes + ?) CtExtensions extensions;
- */
- if (sctlen < 43)
- return 0;
- sctlen -= 43;
-
- BIO_printf(out, "\n%*sVersion : v1(0)", indent + 4,
- "");
-
- BIO_printf(out, "\n%*sLog ID : ", indent + 4, "");
- BIO_hex_string(out, indent + 16, 16, data + 1, 32);
-
- data += 33;
- n2l8(data, timestamp);
- OPENSSL_gmtime(&unix_epoch, &tm1);
- OPENSSL_gmtime_adj(&tm1, timestamp / 86400000,
- (timestamp % 86400000) / 1000);
- strftime(month, 4, "%b", &tm1);
- BIO_printf(out, "\n%*sTimestamp : ", indent + 4, "");
- BIO_printf(out, "%s %2d %02d:%02d:%02d.%03u %d UTC",
- month, tm1.tm_mday, tm1.tm_hour,
- tm1.tm_min, tm1.tm_sec,
- (unsigned int)(timestamp % 1000),
- tm1.tm_year + 1900);
-
- n2s(data, fieldlen);
- if (sctlen < fieldlen)
- return 0;
- sctlen -= fieldlen;
- BIO_printf(out, "\n%*sExtensions: ", indent + 4, "");
- if (fieldlen == 0)
- BIO_printf(out, "none");
- else
- BIO_hex_string(out, indent + 16, 16, data,
- fieldlen);
- data += fieldlen;
-
- /* digitally-signed struct header:
- * (1 byte) Hash algorithm
- * (1 byte) Signature algorithm
- * (2 bytes + ?) Signature
- */
- if (sctlen < 4)
- return 0;
- sctlen -= 4;
-
- tls1_lookup_sigalg(NULL, NULL, &signhash_nid, data);
- data += 2;
- n2s(data, fieldlen);
- if (sctlen != fieldlen)
- return 0;
- BIO_printf(out, "\n%*sSignature : ", indent + 4, "");
- BIO_printf(out, "%s", OBJ_nid2ln(signhash_nid));
- BIO_printf(out, "\n%*s ", indent + 4, "");
- BIO_hex_string(out, indent + 16, 16, data, fieldlen);
- if (listlen > 0) BIO_printf(out, "\n");
- data += fieldlen;
- }
- }
-
- return 1;
- }
-
-static X509V3_EXT_METHOD ext_method_ct_precert_scts =
- {
- NID_ct_precert_scts, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
- 0, 0, 0, 0, 0, 0, 0, 0, (X509V3_EXT_I2R)i2r_sctlist, NULL, NULL
- };
-
-static X509V3_EXT_METHOD ext_method_ct_cert_scts =
- {
- NID_ct_cert_scts, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
- 0, 0, 0, 0, 0, 0, 0, 0, (X509V3_EXT_I2R)i2r_sctlist, NULL, NULL
- };
-
-int X509V3_EXT_add_rfc6962(void)
- {
- if (!X509V3_EXT_add(&ext_method_ct_precert_scts))
- return 0;
- if (!X509V3_EXT_add(&ext_method_ct_cert_scts))
- return 0;
- return 1;
- }