1 files changed, 131 insertions, 129 deletions
diff --git a/src/lib/libcrypto/ct/ct_b64.c b/src/lib/libcrypto/ct/ct_b64.c
index 4abe11ca29..8ca5f469df 100644
--- a/src/lib/libcrypto/ct/ct_b64.c
+++ b/src/lib/libcrypto/ct/ct_b64.c
@@ -21,109 +21,110 @@
 * A new string will be malloc'd and assigned to |out|. This will be owned by
 * the caller. Do not provide a pre-allocated string in |out|.
 */
-static int ct_base64_decode(const char *in, unsigned char **out)
+static int
+ct_base64_decode(const char *in, unsigned char **out)
 {
-    size_t inlen = strlen(in);
+        size_t inlen = strlen(in);
-    int outlen, i;
+        int outlen, i;
-    unsigned char *outbuf = NULL;
+        unsigned char *outbuf = NULL;
-    if (inlen == 0) {
+        if (inlen == 0) {
-        *out = NULL;
+                *out = NULL;
-        return 0;
+                return 0;
-    }
+        }
-    outlen = (inlen / 4) * 3;
+        outlen = (inlen / 4) * 3;
-    outbuf = OPENSSL_malloc(outlen);
+        outbuf = OPENSSL_malloc(outlen);
-    if (outbuf == NULL) {
+        if (outbuf == NULL) {
-        CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);
+                CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);
-        goto err;
+                goto err;
-    }
+        }
-    outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
+        outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
-    if (outlen < 0) {
+        if (outlen < 0) {
-        CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);
+                CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);
-        goto err;
+                goto err;
-    }
+        }
-    /* Subtract padding bytes from |outlen|.  Any more than 2 is malformed. */
+        /* Subtract padding bytes from |outlen|.  Any more than 2 is malformed. */
-    i = 0;
+        i = 0;
-    while (in[--inlen] == '=') {
+        while (in[--inlen] == '=') {
-        --outlen;
+                --outlen;
-        if (++i > 2)
+                if (++i > 2)
-            goto err;
+                        goto err;
-    }
+        }
-    *out = outbuf;
+        *out = outbuf;
-    return outlen;
+        return outlen;
-err:
+ err:
-    OPENSSL_free(outbuf);
+        OPENSSL_free(outbuf);
-    return -1;
+        return -1;
 }
-SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
+SCT *
-                         ct_log_entry_type_t entry_type, uint64_t timestamp,
+SCT_new_from_base64(unsigned char version, const char *logid_base64,
-                         const char *extensions_base64,
+    ct_log_entry_type_t entry_type, uint64_t timestamp,
-                         const char *signature_base64)
+    const char *extensions_base64, const char *signature_base64)
 {
-    SCT *sct = SCT_new();
+        SCT *sct = SCT_new();
-    unsigned char *dec = NULL;
+        unsigned char *dec = NULL;
-    const unsigned char* p = NULL;
+        const unsigned char* p = NULL;
-    int declen;
+        int declen;
-    if (sct == NULL) {
+        if (sct == NULL) {
-        CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
+                CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
-        return NULL;
+                return NULL;
-    }
+        }
-    /*
+        /*
-     * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
+         * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
-     * can only construct SCT versions that have been defined.
+         * can only construct SCT versions that have been defined.
-     */
+         */
-    if (!SCT_set_version(sct, version)) {
+        if (!SCT_set_version(sct, version)) {
-        CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
+                CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
-        goto err;
+                goto err;
-    }
+        }
-    declen = ct_base64_decode(logid_base64, &dec);
+        declen = ct_base64_decode(logid_base64, &dec);
-    if (declen < 0) {
+        if (declen < 0) {
-        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+                CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
-        goto err;
+                goto err;
-    }
+        }
-    if (!SCT_set0_log_id(sct, dec, declen))
+        if (!SCT_set0_log_id(sct, dec, declen))
-        goto err;
+                goto err;
-    dec = NULL;
+        dec = NULL;
-    declen = ct_base64_decode(extensions_base64, &dec);
+        declen = ct_base64_decode(extensions_base64, &dec);
-    if (declen < 0) {
+        if (declen < 0) {
-        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+                CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
-        goto err;
+                goto err;
-    }
+        }
-    SCT_set0_extensions(sct, dec, declen);
+        SCT_set0_extensions(sct, dec, declen);
-    dec = NULL;
+        dec = NULL;
-    declen = ct_base64_decode(signature_base64, &dec);
+        declen = ct_base64_decode(signature_base64, &dec);
-    if (declen < 0) {
+        if (declen < 0) {
-        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+                CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
-        goto err;
+                goto err;
-    }
+        }
-    p = dec;
+        p = dec;
-    if (o2i_SCT_signature(sct, &p, declen) <= 0)
+        if (o2i_SCT_signature(sct, &p, declen) <= 0)
-        goto err;
+                goto err;
-    OPENSSL_free(dec);
+        OPENSSL_free(dec);
-    dec = NULL;
+        dec = NULL;
-    SCT_set_timestamp(sct, timestamp);
+        SCT_set_timestamp(sct, timestamp);
-    if (!SCT_set_log_entry_type(sct, entry_type))
+        if (!SCT_set_log_entry_type(sct, entry_type))
-        goto err;
+                goto err;
-    return sct;
+        return sct;
 err:
-    OPENSSL_free(dec);
+        OPENSSL_free(dec);
-    SCT_free(sct);
+        SCT_free(sct);
-    return NULL;
+        return NULL;
 }
 /*
@@ -132,37 +133,38 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
 * 0 on decoding failure, or invalid parameter if any
 * -1 on internal (malloc) failure
 */
-int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
+int
+CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
 {
-    unsigned char *pkey_der = NULL;
+        unsigned char *pkey_der = NULL;
-    int pkey_der_len;
+        int pkey_der_len;
-    const unsigned char *p;
+        const unsigned char *p;
-    EVP_PKEY *pkey = NULL;
+        EVP_PKEY *pkey = NULL;
-    if (ct_log == NULL) {
+        if (ct_log == NULL) {
-        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);
+                CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);
-        return 0;
+                return 0;
-    }
+        }
-    pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
+        pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
-    if (pkey_der_len < 0) {
+        if (pkey_der_len < 0) {
-        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+                CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
-        return 0;
+                return 0;
-    }
+        }
-    p = pkey_der;
+        p = pkey_der;
-    pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
+        pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
-    OPENSSL_free(pkey_der);
+        OPENSSL_free(pkey_der);
-    if (pkey == NULL) {
+        if (pkey == NULL) {
-        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+                CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
-        return 0;
+                return 0;
-    }
+        }
-    *ct_log = CTLOG_new(pkey, name);
+        *ct_log = CTLOG_new(pkey, name);
-    if (*ct_log == NULL) {
+        if (*ct_log == NULL) {
-        EVP_PKEY_free(pkey);
+                EVP_PKEY_free(pkey);
-        return 0;
+                return 0;
-    }
+        }
-    return 1;
+        return 1;
 }

diff --git a/src/lib/libcrypto/ct/ct_b64.c b/src/lib/libcrypto/ct/ct_b64.c index 4abe11ca29..8ca5f469df 100644 --- a/src/lib/libcrypto/ct/ct_b64.c +++ b/src/lib/libcrypto/ct/ct_b64.c
@@ -21,109 +21,110 @@
21	* A new string will be malloc'd and assigned to \|out\|. This will be owned by	21	* A new string will be malloc'd and assigned to \|out\|. This will be owned by
22	* the caller. Do not provide a pre-allocated string in \|out\|.	22	* the caller. Do not provide a pre-allocated string in \|out\|.
23	*/	23	*/
24	static int ct_base64_decode(const char in, unsigned char *out)	24	static int
		25	ct_base64_decode(const char in, unsigned char *out)
25	{	26	{
26	size_t inlen = strlen(in);	27	size_t inlen = strlen(in);
27	int outlen, i;	28	int outlen, i;
28	unsigned char *outbuf = NULL;	29	unsigned char *outbuf = NULL;
29		30
30	if (inlen == 0) {	31	if (inlen == 0) {
31	*out = NULL;	32	*out = NULL;
32	return 0;	33	return 0;
33	}	34	}
34		35
35	outlen = (inlen / 4) * 3;	36	outlen = (inlen / 4) * 3;
36	outbuf = OPENSSL_malloc(outlen);	37	outbuf = OPENSSL_malloc(outlen);
37	if (outbuf == NULL) {	38	if (outbuf == NULL) {
38	CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);	39	CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);
39	goto err;	40	goto err;
40	}	41	}
41		42
42	outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);	43	outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
43	if (outlen < 0) {	44	if (outlen < 0) {
44	CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);	45	CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);
45	goto err;	46	goto err;
46	}	47	}
47		48
48	/* Subtract padding bytes from \|outlen\|. Any more than 2 is malformed. */	49	/* Subtract padding bytes from \|outlen\|. Any more than 2 is malformed. */
49	i = 0;	50	i = 0;
50	while (in[--inlen] == '=') {	51	while (in[--inlen] == '=') {
51	--outlen;	52	--outlen;
52	if (++i > 2)	53	if (++i > 2)
53	goto err;	54	goto err;
54	}	55	}
55		56
56	*out = outbuf;	57	*out = outbuf;
57	return outlen;	58	return outlen;
58	err:	59	err:
59	OPENSSL_free(outbuf);	60	OPENSSL_free(outbuf);
60	return -1;	61	return -1;
61	}	62	}
62		63
63	SCT SCT_new_from_base64(unsigned char version, const char logid_base64,	64	SCT *
64	ct_log_entry_type_t entry_type, uint64_t timestamp,	65	SCT_new_from_base64(unsigned char version, const char *logid_base64,
65	const char *extensions_base64,	66	ct_log_entry_type_t entry_type, uint64_t timestamp,
66	const char *signature_base64)	67	const char extensions_base64, const char signature_base64)
67	{	68	{
68	SCT *sct = SCT_new();	69	SCT *sct = SCT_new();
69	unsigned char *dec = NULL;	70	unsigned char *dec = NULL;
70	const unsigned char* p = NULL;	71	const unsigned char* p = NULL;
71	int declen;	72	int declen;
72		73
73	if (sct == NULL) {	74	if (sct == NULL) {
74	CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);	75	CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
75	return NULL;	76	return NULL;
76	}	77	}
77		78
78	/*	79	/*
79	* RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we	80	* RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
80	* can only construct SCT versions that have been defined.	81	* can only construct SCT versions that have been defined.
81	*/	82	*/
82	if (!SCT_set_version(sct, version)) {	83	if (!SCT_set_version(sct, version)) {
83	CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);	84	CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
84	goto err;	85	goto err;
85	}	86	}
86		87
87	declen = ct_base64_decode(logid_base64, &dec);	88	declen = ct_base64_decode(logid_base64, &dec);
88	if (declen < 0) {	89	if (declen < 0) {
89	CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);	90	CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
90	goto err;	91	goto err;
91	}	92	}
92	if (!SCT_set0_log_id(sct, dec, declen))	93	if (!SCT_set0_log_id(sct, dec, declen))
93	goto err;	94	goto err;
94	dec = NULL;	95	dec = NULL;
95		96
96	declen = ct_base64_decode(extensions_base64, &dec);	97	declen = ct_base64_decode(extensions_base64, &dec);
97	if (declen < 0) {	98	if (declen < 0) {
98	CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);	99	CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
99	goto err;	100	goto err;
100	}	101	}
101	SCT_set0_extensions(sct, dec, declen);	102	SCT_set0_extensions(sct, dec, declen);
102	dec = NULL;	103	dec = NULL;
103		104
104	declen = ct_base64_decode(signature_base64, &dec);	105	declen = ct_base64_decode(signature_base64, &dec);
105	if (declen < 0) {	106	if (declen < 0) {
106	CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);	107	CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
107	goto err;	108	goto err;
108	}	109	}
109		110
110	p = dec;	111	p = dec;
111	if (o2i_SCT_signature(sct, &p, declen) <= 0)	112	if (o2i_SCT_signature(sct, &p, declen) <= 0)
112	goto err;	113	goto err;
113	OPENSSL_free(dec);	114	OPENSSL_free(dec);
114	dec = NULL;	115	dec = NULL;
115		116
116	SCT_set_timestamp(sct, timestamp);	117	SCT_set_timestamp(sct, timestamp);
117		118
118	if (!SCT_set_log_entry_type(sct, entry_type))	119	if (!SCT_set_log_entry_type(sct, entry_type))
119	goto err;	120	goto err;
120		121
121	return sct;	122	return sct;
122		123
123	err:	124	err:
124	OPENSSL_free(dec);	125	OPENSSL_free(dec);
125	SCT_free(sct);	126	SCT_free(sct);
126	return NULL;	127	return NULL;
127	}	128	}
128		129
129	/*	130	/*
@@ -132,37 +133,38 @@ SCT SCT_new_from_base64(unsigned char version, const char logid_base64,
132	* 0 on decoding failure, or invalid parameter if any	133	* 0 on decoding failure, or invalid parameter if any
133	* -1 on internal (malloc) failure	134	* -1 on internal (malloc) failure
134	*/	135	*/
135	int CTLOG_new_from_base64(CTLOG *ct_log, const char pkey_base64, const char *name)	136	int
		137	CTLOG_new_from_base64(CTLOG *ct_log, const char pkey_base64, const char *name)
136	{	138	{
137	unsigned char *pkey_der = NULL;	139	unsigned char *pkey_der = NULL;
138	int pkey_der_len;	140	int pkey_der_len;
139	const unsigned char *p;	141	const unsigned char *p;
140	EVP_PKEY *pkey = NULL;	142	EVP_PKEY *pkey = NULL;
141		143
142	if (ct_log == NULL) {	144	if (ct_log == NULL) {
143	CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);	145	CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);
144	return 0;	146	return 0;
145	}	147	}
146		148
147	pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);	149	pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
148	if (pkey_der_len < 0) {	150	if (pkey_der_len < 0) {
149	CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);	151	CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
150	return 0;	152	return 0;
151	}	153	}
152		154
153	p = pkey_der;	155	p = pkey_der;
154	pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);	156	pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
155	OPENSSL_free(pkey_der);	157	OPENSSL_free(pkey_der);
156	if (pkey == NULL) {	158	if (pkey == NULL) {
157	CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);	159	CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
158	return 0;	160	return 0;
159	}	161	}
160		162
161	*ct_log = CTLOG_new(pkey, name);	163	*ct_log = CTLOG_new(pkey, name);
162	if (*ct_log == NULL) {	164	if (*ct_log == NULL) {
163	EVP_PKEY_free(pkey);	165	EVP_PKEY_free(pkey);
164	return 0;	166	return 0;
165	}	167	}
166		168
167	return 1;	169	return 1;
168	}	170	}