Move CT viewer extension code to crypto/x509v3

ssl/t1_lib.c

@@ -110,9 +110,6 @@
  */
 
 #include <stdio.h>
-#include <time.h>
-#include <openssl/bio.h>
-#include <openssl/bn.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
@@ -4435,126 +4432,3 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
 	}
 
 #endif
-
-/* RFC6962 Signed Certificate Timestamp List X.509 extension parser */
-static int i2r_sctlist(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct,
-		       BIO *out, int indent)
-	{
-	BN_ULLONG timestamp;
-	struct tm tm1;
-	time_t unix_epoch = 0;
-	unsigned char* data = oct->data;
-	char month[4];
-	unsigned short listlen, sctlen = 0, fieldlen;
-	int signhash_nid;
-
-	if (oct->length < 2)
-		return 0;
-	n2s(data, listlen);
-	if (listlen != oct->length - 2)
-		return 0;
-
-	while (listlen > 0)
-		{
-		if (listlen < 2)
-			return 0;
-		n2s(data, sctlen);
-		listlen -= 2;
-
-		if ((sctlen < 1) || (sctlen > listlen))
-			return 0;
-		listlen -= sctlen;
-
-		BIO_printf(out, "%*sSigned Certificate Timestamp:", indent,
-			   "");
-
-		if (*data == 0)		/* SCT v1 */
-			{
-			/* Fixed-length header:
-			 *		struct {
-			 * (1 byte)	  Version sct_version;
-			 * (32 bytes)	  LogID id;
-			 * (8 bytes)	  uint64 timestamp;
-			 * (2 bytes + ?)  CtExtensions extensions;
-			 */
-			if (sctlen < 43)
-				return 0;
-			sctlen -= 43;
-
-			BIO_printf(out, "\n%*sVersion   : v1(0)", indent + 4,
-				   "");
-
-			BIO_printf(out, "\n%*sLog ID    : ", indent + 4, "");
-			BIO_hex_string(out, indent + 16, 16, data + 1, 32);
-
-			data += 33;
-			n2l8(data, timestamp);
-			OPENSSL_gmtime(&unix_epoch, &tm1);
-			OPENSSL_gmtime_adj(&tm1, timestamp / 86400000,
-					   (timestamp % 86400000) / 1000);
-			strftime(month, 4, "%b", &tm1);
-			BIO_printf(out, "\n%*sTimestamp : ", indent + 4, "");
-			BIO_printf(out, "%s %2d %02d:%02d:%02d.%03u %d UTC",
-				   month, tm1.tm_mday, tm1.tm_hour,
-				   tm1.tm_min, tm1.tm_sec,
-				   (unsigned int)(timestamp % 1000),
-				   tm1.tm_year + 1900);
-
-			n2s(data, fieldlen);
-			if (sctlen < fieldlen)
-				return 0;
-			sctlen -= fieldlen;
-			BIO_printf(out, "\n%*sExtensions: ", indent + 4, "");
-			if (fieldlen == 0)
-				BIO_printf(out, "none");
-			else
-				BIO_hex_string(out, indent + 16, 16, data,
-					       fieldlen);
-			data += fieldlen;
-
-			/* digitally-signed struct header:
-			 * (1 byte) Hash algorithm
-			 * (1 byte) Signature algorithm
-			 * (2 bytes + ?) Signature
-			 */
-			if (sctlen < 4)
-				return 0;
-			sctlen -= 4;
-
-			tls1_lookup_sigalg(NULL, NULL, &signhash_nid, data);
-			data += 2;
-			n2s(data, fieldlen);
-			if (sctlen != fieldlen)
-				return 0;
-			BIO_printf(out, "\n%*sSignature : ", indent + 4, "");
-			BIO_printf(out, "%s", OBJ_nid2ln(signhash_nid));
-			BIO_printf(out, "\n%*s            ", indent + 4, "");
-			BIO_hex_string(out, indent + 16, 16, data, fieldlen);
-			if (listlen > 0) BIO_printf(out, "\n");
-			data += fieldlen;
-			}
-		}
-
-	return 1;
-	}
-
-static X509V3_EXT_METHOD ext_method_ct_precert_scts =
-	{
-	NID_ct_precert_scts, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
-	0, 0, 0, 0, 0, 0, 0, 0, (X509V3_EXT_I2R)i2r_sctlist, NULL, NULL
-	};
-
-static X509V3_EXT_METHOD ext_method_ct_cert_scts =
-	{
-	NID_ct_cert_scts, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
-	0, 0, 0, 0, 0, 0, 0, 0, (X509V3_EXT_I2R)i2r_sctlist, NULL, NULL
-	};
-
-int X509V3_EXT_add_rfc6962(void)
-	{
-	if (!X509V3_EXT_add(&ext_method_ct_precert_scts))
-		return 0;
-	if (!X509V3_EXT_add(&ext_method_ct_cert_scts))
-		return 0;
-	return 1;
-	}