1 files changed, 57 insertions, 56 deletions
diff --git a/src/lib/libcrypto/ct/ct_vfy.c b/src/lib/libcrypto/ct/ct_vfy.c
index e88f9394b8..424117263a 100644
--- a/src/lib/libcrypto/ct/ct_vfy.c
+++ b/src/lib/libcrypto/ct/ct_vfy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ct_vfy.c,v 1.5 2021/12/18 16:34:52 tb Exp $ */
+/*      $OpenBSD: ct_vfy.c,v 1.6 2022/01/06 14:34:40 jsing Exp $ */
 /*
 * Written by Rob Stradling (rob@comodo.com) and Stephen Henson
 * (steve@openssl.org) for the OpenSSL project 2014.
@@ -79,70 +79,72 @@ typedef enum sct_signature_type_t {
 static int
 sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
 {
-        unsigned char tmpbuf[12];
+        CBB cbb, entry, extensions;
-        unsigned char *p, *der;
+        uint8_t *data = NULL;
-        size_t derlen;
+        size_t data_len;
+        int ret = 0;
-        /*+
-         * digitally-signed struct {
+        memset(&cbb, 0, sizeof(cbb));
-         *   (1 byte) Version sct_version;
-         *   (1 byte) SignatureType signature_type = certificate_timestamp;
-         *   (8 bytes) uint64 timestamp;
-         *   (2 bytes) LogEntryType entry_type;
-         *   (? bytes) select(entry_type) {
-         *     case x509_entry: ASN.1Cert;
-         *     case precert_entry: PreCert;
-         *   } signed_entry;
-         *   (2 bytes + sct->ext_len) CtExtensions extensions;
-         * }
-         */
        if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
-                return 0;
+                goto err;
        if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
-                return 0;
+                goto err;
-        p = tmpbuf;
+        if (!CBB_init(&cbb, 0))
-        *p++ = sct->version;
+                goto err;
-        *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
-        l2n8(sct->timestamp, p);
-        s2n(sct->entry_type, p);
-        if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
+        /*
-                return 0;
+         * Build the digitally-signed struct per RFC 6962 section 3.2.
+         */
+        if (!CBB_add_u8(&cbb, sct->version))
+                goto err;
+        if (!CBB_add_u8(&cbb, SIGNATURE_TYPE_CERT_TIMESTAMP))
+                goto err;
+        if (!CBB_add_u64(&cbb, sct->timestamp))
+                goto err;
+        if (!CBB_add_u16(&cbb, sct->entry_type))
+                goto err;
+        if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) {
+                if (!CBB_add_bytes(&cbb, sctx->ihash, sctx->ihashlen))
+                        goto err;
+        }
-        if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
+        if (!CBB_add_u24_length_prefixed(&cbb, &entry))
-                der = sctx->certder;
+                goto err;
-                derlen = sctx->certderlen;
+        if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) {
+                if (sctx->preder == NULL)
+                        goto err;
+                if (!CBB_add_bytes(&entry, sctx->preder, sctx->prederlen))
+                        goto err;
        } else {
-                if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
+                if (sctx->certder == NULL)
-                        return 0;
+                        goto err;
-                der = sctx->preder;
+                if (!CBB_add_bytes(&entry, sctx->certder, sctx->certderlen))
-                derlen = sctx->prederlen;
+                        goto err;
        }
-        /* If no encoding available, fatal error */
+        if (!CBB_add_u16_length_prefixed(&cbb, &extensions))
-        if (der == NULL)
+                goto err;
-                return 0;
+        if (sct->ext_len > 0) {
+                if (!CBB_add_bytes(&extensions, sct->ext, sct->ext_len))
+                        goto err;
+        }
-        /* Include length first */
+        if (!CBB_finish(&cbb, &data, &data_len))
-        p = tmpbuf;
+                goto err;
-        l2n3(derlen, p);
-        if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
+        if (!EVP_DigestUpdate(ctx, data, data_len))
-                return 0;
+                goto err;
-        if (!EVP_DigestUpdate(ctx, der, derlen))
-                return 0;
-        /* Add any extensions */
+        ret = 1;
-        p = tmpbuf;
-        s2n(sct->ext_len, p);
-        if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
-                return 0;
-        if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
+ err:
-                return 0;
+        CBB_cleanup(&cbb);
+        free(data);
-        return 1;
+        return ret;
 }
 int
@@ -172,8 +174,7 @@ SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
                return 0;
        }
-        ctx = EVP_MD_CTX_new();
+        if ((ctx = EVP_MD_CTX_new()) == NULL)
-        if (ctx == NULL)
                goto end;
        if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
@@ -183,12 +184,12 @@ SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
                goto end;
        /* Verify signature */
-        ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
        /* If ret < 0 some other error: fall through without setting error */
-        if (ret == 0)
+        if ((ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len)) == 0)
                CTerror(CT_R_SCT_INVALID_SIGNATURE);
 end:
        EVP_MD_CTX_free(ctx);
        return ret;
 }

diff --git a/src/lib/libcrypto/ct/ct_vfy.c b/src/lib/libcrypto/ct/ct_vfy.c index e88f9394b8..424117263a 100644 --- a/src/lib/libcrypto/ct/ct_vfy.c +++ b/src/lib/libcrypto/ct/ct_vfy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ct_vfy.c,v 1.5 2021/12/18 16:34:52 tb Exp $ */	1	/* $OpenBSD: ct_vfy.c,v 1.6 2022/01/06 14:34:40 jsing Exp $ */
2	/*	2	/*
3	* Written by Rob Stradling (rob@comodo.com) and Stephen Henson	3	* Written by Rob Stradling (rob@comodo.com) and Stephen Henson
4	* (steve@openssl.org) for the OpenSSL project 2014.	4	* (steve@openssl.org) for the OpenSSL project 2014.
@@ -79,70 +79,72 @@ typedef enum sct_signature_type_t {
79	static int	79	static int
80	sct_ctx_update(EVP_MD_CTX ctx, const SCT_CTX sctx, const SCT *sct)	80	sct_ctx_update(EVP_MD_CTX ctx, const SCT_CTX sctx, const SCT *sct)
81	{	81	{
82	unsigned char tmpbuf[12];	82	CBB cbb, entry, extensions;
83	unsigned char p, der;	83	uint8_t *data = NULL;
84	size_t derlen;	84	size_t data_len;
85		85	int ret = 0;
86	/*+	86
87	* digitally-signed struct {	87	memset(&cbb, 0, sizeof(cbb));
88	* (1 byte) Version sct_version;	88
89	* (1 byte) SignatureType signature_type = certificate_timestamp;
90	* (8 bytes) uint64 timestamp;
91	* (2 bytes) LogEntryType entry_type;
92	* (? bytes) select(entry_type) {
93	* case x509_entry: ASN.1Cert;
94	* case precert_entry: PreCert;
95	* } signed_entry;
96	* (2 bytes + sct->ext_len) CtExtensions extensions;
97	* }
98	*/
99	if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)	89	if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
100	return 0;	90	goto err;
101	if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)	91	if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
102	return 0;	92	goto err;
103		93
104	p = tmpbuf;	94	if (!CBB_init(&cbb, 0))
105	*p++ = sct->version;	95	goto err;
106	*p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
107	l2n8(sct->timestamp, p);
108	s2n(sct->entry_type, p);
109		96
110	if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))	97	/*
111	return 0;	98	* Build the digitally-signed struct per RFC 6962 section 3.2.
		99	*/
		100	if (!CBB_add_u8(&cbb, sct->version))
		101	goto err;
		102	if (!CBB_add_u8(&cbb, SIGNATURE_TYPE_CERT_TIMESTAMP))
		103	goto err;
		104	if (!CBB_add_u64(&cbb, sct->timestamp))
		105	goto err;
		106	if (!CBB_add_u16(&cbb, sct->entry_type))
		107	goto err;
		108
		109	if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) {
		110	if (!CBB_add_bytes(&cbb, sctx->ihash, sctx->ihashlen))
		111	goto err;
		112	}
112		113
113	if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {	114	if (!CBB_add_u24_length_prefixed(&cbb, &entry))
114	der = sctx->certder;	115	goto err;
115	derlen = sctx->certderlen;	116	if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) {
		117	if (sctx->preder == NULL)
		118	goto err;
		119	if (!CBB_add_bytes(&entry, sctx->preder, sctx->prederlen))
		120	goto err;
116	} else {	121	} else {
117	if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))	122	if (sctx->certder == NULL)
118	return 0;	123	goto err;
119	der = sctx->preder;	124	if (!CBB_add_bytes(&entry, sctx->certder, sctx->certderlen))
120	derlen = sctx->prederlen;	125	goto err;
121	}	126	}
122		127
123	/* If no encoding available, fatal error */	128	if (!CBB_add_u16_length_prefixed(&cbb, &extensions))
124	if (der == NULL)	129	goto err;
125	return 0;	130	if (sct->ext_len > 0) {
		131	if (!CBB_add_bytes(&extensions, sct->ext, sct->ext_len))
		132	goto err;
		133	}
126		134
127	/* Include length first */	135	if (!CBB_finish(&cbb, &data, &data_len))
128	p = tmpbuf;	136	goto err;
129	l2n3(derlen, p);
130		137
131	if (!EVP_DigestUpdate(ctx, tmpbuf, 3))	138	if (!EVP_DigestUpdate(ctx, data, data_len))
132	return 0;	139	goto err;
133	if (!EVP_DigestUpdate(ctx, der, derlen))
134	return 0;
135		140
136	/* Add any extensions */	141	ret = 1;
137	p = tmpbuf;
138	s2n(sct->ext_len, p);
139	if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
140	return 0;
141		142
142	if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))	143	err:
143	return 0;	144	CBB_cleanup(&cbb);
		145	free(data);
144		146
145	return 1;	147	return ret;
146	}	148	}
147		149
148	int	150	int
@@ -172,8 +174,7 @@ SCT_CTX_verify(const SCT_CTX sctx, const SCT sct)
172	return 0;	174	return 0;
173	}	175	}
174		176
175	ctx = EVP_MD_CTX_new();	177	if ((ctx = EVP_MD_CTX_new()) == NULL)
176	if (ctx == NULL)
177	goto end;	178	goto end;
178		179
179	if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))	180	if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
@@ -183,12 +184,12 @@ SCT_CTX_verify(const SCT_CTX sctx, const SCT sct)
183	goto end;	184	goto end;
184		185
185	/* Verify signature */	186	/* Verify signature */
186	ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
187	/* If ret < 0 some other error: fall through without setting error */	187	/* If ret < 0 some other error: fall through without setting error */
188	if (ret == 0)	188	if ((ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len)) == 0)
189	CTerror(CT_R_SCT_INVALID_SIGNATURE);	189	CTerror(CT_R_SCT_INVALID_SIGNATURE);
190		190
191	end:	191	end:
192	EVP_MD_CTX_free(ctx);	192	EVP_MD_CTX_free(ctx);
		193
193	return ret;	194	return ret;
194	}	195	}