diff options
| author | jsing <> | 2021-12-20 17:19:19 +0000 |
|---|---|---|
| committer | jsing <> | 2021-12-20 17:19:19 +0000 |
| commit | f20fd19915db394794cad8e73cb4c603b7b5ba42 (patch) | |
| tree | 561efd7a5ac1fe5d9957197f5a7e77a12f180540 | |
| parent | be535a760b2cea8255aff7cbab4a1ad130768389 (diff) | |
| download | openbsd-f20fd19915db394794cad8e73cb4c603b7b5ba42.tar.gz openbsd-f20fd19915db394794cad8e73cb4c603b7b5ba42.tar.bz2 openbsd-f20fd19915db394794cad8e73cb4c603b7b5ba42.zip | |
Convert SCT_new_from_base64() to use CBS for o2i_SCT_signature().
Remove the existing o2i_SCT_signature() function and rename
o2i_SCT_signature_internal() to replace it.
ok inoguchi@ tb@
| -rw-r--r-- | src/lib/libcrypto/ct/ct_b64.c | 13 | ||||
| -rw-r--r-- | src/lib/libcrypto/ct/ct_local.h | 8 | ||||
| -rw-r--r-- | src/lib/libcrypto/ct/ct_oct.c | 28 |
3 files changed, 16 insertions, 33 deletions
diff --git a/src/lib/libcrypto/ct/ct_b64.c b/src/lib/libcrypto/ct/ct_b64.c index cc1fecbc30..bfc69a7da3 100644 --- a/src/lib/libcrypto/ct/ct_b64.c +++ b/src/lib/libcrypto/ct/ct_b64.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ct_b64.c,v 1.5 2021/12/18 16:34:52 tb Exp $ */ | 1 | /* $OpenBSD: ct_b64.c,v 1.6 2021/12/20 17:19:19 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Rob Stradling (rob@comodo.com) and Stephen Henson | 3 | * Written by Rob Stradling (rob@comodo.com) and Stephen Henson |
| 4 | * (steve@openssl.org) for the OpenSSL project 2014. | 4 | * (steve@openssl.org) for the OpenSSL project 2014. |
| @@ -64,6 +64,7 @@ | |||
| 64 | #include <openssl/err.h> | 64 | #include <openssl/err.h> |
| 65 | #include <openssl/evp.h> | 65 | #include <openssl/evp.h> |
| 66 | 66 | ||
| 67 | #include "bytestring.h" | ||
| 67 | #include "ct_local.h" | 68 | #include "ct_local.h" |
| 68 | 69 | ||
| 69 | /* | 70 | /* |
| @@ -119,12 +120,12 @@ SCT_new_from_base64(unsigned char version, const char *logid_base64, | |||
| 119 | ct_log_entry_type_t entry_type, uint64_t timestamp, | 120 | ct_log_entry_type_t entry_type, uint64_t timestamp, |
| 120 | const char *extensions_base64, const char *signature_base64) | 121 | const char *extensions_base64, const char *signature_base64) |
| 121 | { | 122 | { |
| 122 | SCT *sct = SCT_new(); | ||
| 123 | unsigned char *dec = NULL; | 123 | unsigned char *dec = NULL; |
| 124 | const unsigned char* p = NULL; | ||
| 125 | int declen; | 124 | int declen; |
| 125 | SCT *sct; | ||
| 126 | CBS cbs; | ||
| 126 | 127 | ||
| 127 | if (sct == NULL) { | 128 | if ((sct = SCT_new()) == NULL) { |
| 128 | CTerror(ERR_R_MALLOC_FAILURE); | 129 | CTerror(ERR_R_MALLOC_FAILURE); |
| 129 | return NULL; | 130 | return NULL; |
| 130 | } | 131 | } |
| @@ -161,8 +162,8 @@ SCT_new_from_base64(unsigned char version, const char *logid_base64, | |||
| 161 | goto err; | 162 | goto err; |
| 162 | } | 163 | } |
| 163 | 164 | ||
| 164 | p = dec; | 165 | CBS_init(&cbs, dec, declen); |
| 165 | if (o2i_SCT_signature(sct, &p, declen) <= 0) | 166 | if (!o2i_SCT_signature(sct, &cbs)) |
| 166 | goto err; | 167 | goto err; |
| 167 | free(dec); | 168 | free(dec); |
| 168 | dec = NULL; | 169 | dec = NULL; |
diff --git a/src/lib/libcrypto/ct/ct_local.h b/src/lib/libcrypto/ct/ct_local.h index bfc074a13a..cd19ed096a 100644 --- a/src/lib/libcrypto/ct/ct_local.h +++ b/src/lib/libcrypto/ct/ct_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ct_local.h,v 1.7 2021/12/18 17:26:54 tb Exp $ */ | 1 | /* $OpenBSD: ct_local.h,v 1.8 2021/12/20 17:19:19 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. | 3 | * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. |
| 4 | */ | 4 | */ |
| @@ -55,9 +55,11 @@ | |||
| 55 | 55 | ||
| 56 | #include <openssl/ct.h> | 56 | #include <openssl/ct.h> |
| 57 | #include <openssl/evp.h> | 57 | #include <openssl/evp.h> |
| 58 | #include <openssl/safestack.h> | ||
| 58 | #include <openssl/x509.h> | 59 | #include <openssl/x509.h> |
| 59 | #include <openssl/x509v3.h> | 60 | #include <openssl/x509v3.h> |
| 60 | #include <openssl/safestack.h> | 61 | |
| 62 | #include "bytestring.h" | ||
| 61 | 63 | ||
| 62 | /* Number of bytes in an SCT v1 LogID - see RFC 6962 section 3.2. */ | 64 | /* Number of bytes in an SCT v1 LogID - see RFC 6962 section 3.2. */ |
| 63 | #define CT_V1_LOG_ID_LEN 32 | 65 | #define CT_V1_LOG_ID_LEN 32 |
| @@ -250,7 +252,7 @@ int i2o_SCT_signature(const SCT *sct, unsigned char **out); | |||
| 250 | * If an error occurs, the SCT's signature NID may be updated whilst the | 252 | * If an error occurs, the SCT's signature NID may be updated whilst the |
| 251 | * signature field itself remains unset. | 253 | * signature field itself remains unset. |
| 252 | */ | 254 | */ |
| 253 | int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len); | 255 | int o2i_SCT_signature(SCT *sct, CBS *cbs); |
| 254 | 256 | ||
| 255 | /* | 257 | /* |
| 256 | * Handlers for Certificate Transparency X509v3/OCSP extensions | 258 | * Handlers for Certificate Transparency X509v3/OCSP extensions |
diff --git a/src/lib/libcrypto/ct/ct_oct.c b/src/lib/libcrypto/ct/ct_oct.c index 773e62a254..3dae7d8456 100644 --- a/src/lib/libcrypto/ct/ct_oct.c +++ b/src/lib/libcrypto/ct/ct_oct.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ct_oct.c,v 1.6 2021/12/18 16:34:52 tb Exp $ */ | 1 | /* $OpenBSD: ct_oct.c,v 1.7 2021/12/20 17:19:19 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Written by Rob Stradling (rob@comodo.com) and Stephen Henson | 3 | * Written by Rob Stradling (rob@comodo.com) and Stephen Henson |
| 4 | * (steve@openssl.org) for the OpenSSL project 2014. | 4 | * (steve@openssl.org) for the OpenSSL project 2014. |
| @@ -72,8 +72,8 @@ | |||
| 72 | #include "bytestring.h" | 72 | #include "bytestring.h" |
| 73 | #include "ct_local.h" | 73 | #include "ct_local.h" |
| 74 | 74 | ||
| 75 | static int | 75 | int |
| 76 | o2i_SCT_signature_internal(SCT *sct, CBS *cbs) | 76 | o2i_SCT_signature(SCT *sct, CBS *cbs) |
| 77 | { | 77 | { |
| 78 | uint8_t hash_alg, sig_alg; | 78 | uint8_t hash_alg, sig_alg; |
| 79 | CBS signature; | 79 | CBS signature; |
| @@ -119,26 +119,6 @@ o2i_SCT_signature_internal(SCT *sct, CBS *cbs) | |||
| 119 | return 0; | 119 | return 0; |
| 120 | } | 120 | } |
| 121 | 121 | ||
| 122 | int | ||
| 123 | o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len) | ||
| 124 | { | ||
| 125 | size_t sig_len; | ||
| 126 | CBS cbs; | ||
| 127 | |||
| 128 | CBS_init(&cbs, *in, len); | ||
| 129 | |||
| 130 | if (!o2i_SCT_signature_internal(sct, &cbs)) | ||
| 131 | return -1; | ||
| 132 | |||
| 133 | sig_len = len - CBS_len(&cbs); | ||
| 134 | if (sig_len > INT_MAX) | ||
| 135 | return -1; | ||
| 136 | |||
| 137 | *in = CBS_data(&cbs); | ||
| 138 | |||
| 139 | return sig_len; | ||
| 140 | } | ||
| 141 | |||
| 142 | static int | 122 | static int |
| 143 | o2i_SCT_internal(SCT **out_sct, CBS *cbs) | 123 | o2i_SCT_internal(SCT **out_sct, CBS *cbs) |
| 144 | { | 124 | { |
| @@ -182,7 +162,7 @@ o2i_SCT_internal(SCT **out_sct, CBS *cbs) | |||
| 182 | if (!CBS_stow(&extensions, &sct->ext, &sct->ext_len)) | 162 | if (!CBS_stow(&extensions, &sct->ext, &sct->ext_len)) |
| 183 | goto err; | 163 | goto err; |
| 184 | 164 | ||
| 185 | if (!o2i_SCT_signature_internal(sct, cbs)) | 165 | if (!o2i_SCT_signature(sct, cbs)) |
| 186 | goto err; | 166 | goto err; |
| 187 | 167 | ||
| 188 | if (CBS_len(cbs) != 0) | 168 | if (CBS_len(cbs) != 0) |