diff options
Diffstat (limited to 'src/lib/libcrypto/ct/ct_sct.c')
| -rw-r--r-- | src/lib/libcrypto/ct/ct_sct.c | 74 |
1 files changed, 40 insertions, 34 deletions
diff --git a/src/lib/libcrypto/ct/ct_sct.c b/src/lib/libcrypto/ct/ct_sct.c index ca915b763e..5108f39d66 100644 --- a/src/lib/libcrypto/ct/ct_sct.c +++ b/src/lib/libcrypto/ct/ct_sct.c | |||
| @@ -17,15 +17,17 @@ | |||
| 17 | #include <openssl/tls1.h> | 17 | #include <openssl/tls1.h> |
| 18 | #include <openssl/x509.h> | 18 | #include <openssl/x509.h> |
| 19 | 19 | ||
| 20 | #include <string.h> | ||
| 21 | |||
| 20 | #include "ct_local.h" | 22 | #include "ct_local.h" |
| 21 | 23 | ||
| 22 | SCT * | 24 | SCT * |
| 23 | SCT_new(void) | 25 | SCT_new(void) |
| 24 | { | 26 | { |
| 25 | SCT *sct = OPENSSL_zalloc(sizeof(*sct)); | 27 | SCT *sct = calloc(1, sizeof(*sct)); |
| 26 | 28 | ||
| 27 | if (sct == NULL) { | 29 | if (sct == NULL) { |
| 28 | CTerr(CT_F_SCT_NEW, ERR_R_MALLOC_FAILURE); | 30 | CTerror(ERR_R_MALLOC_FAILURE); |
| 29 | return NULL; | 31 | return NULL; |
| 30 | } | 32 | } |
| 31 | 33 | ||
| @@ -40,11 +42,11 @@ SCT_free(SCT *sct) | |||
| 40 | if (sct == NULL) | 42 | if (sct == NULL) |
| 41 | return; | 43 | return; |
| 42 | 44 | ||
| 43 | OPENSSL_free(sct->log_id); | 45 | free(sct->log_id); |
| 44 | OPENSSL_free(sct->ext); | 46 | free(sct->ext); |
| 45 | OPENSSL_free(sct->sig); | 47 | free(sct->sig); |
| 46 | OPENSSL_free(sct->sct); | 48 | free(sct->sct); |
| 47 | OPENSSL_free(sct); | 49 | free(sct); |
| 48 | } | 50 | } |
| 49 | 51 | ||
| 50 | void | 52 | void |
| @@ -57,7 +59,7 @@ int | |||
| 57 | SCT_set_version(SCT *sct, sct_version_t version) | 59 | SCT_set_version(SCT *sct, sct_version_t version) |
| 58 | { | 60 | { |
| 59 | if (version != SCT_VERSION_V1) { | 61 | if (version != SCT_VERSION_V1) { |
| 60 | CTerr(CT_F_SCT_SET_VERSION, CT_R_UNSUPPORTED_VERSION); | 62 | CTerror(CT_R_UNSUPPORTED_VERSION); |
| 61 | return 0; | 63 | return 0; |
| 62 | } | 64 | } |
| 63 | sct->version = version; | 65 | sct->version = version; |
| @@ -78,7 +80,7 @@ SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type) | |||
| 78 | case CT_LOG_ENTRY_TYPE_NOT_SET: | 80 | case CT_LOG_ENTRY_TYPE_NOT_SET: |
| 79 | break; | 81 | break; |
| 80 | } | 82 | } |
| 81 | CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE); | 83 | CTerror(CT_R_UNSUPPORTED_ENTRY_TYPE); |
| 82 | return 0; | 84 | return 0; |
| 83 | } | 85 | } |
| 84 | 86 | ||
| @@ -86,11 +88,11 @@ int | |||
| 86 | SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len) | 88 | SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len) |
| 87 | { | 89 | { |
| 88 | if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { | 90 | if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { |
| 89 | CTerr(CT_F_SCT_SET0_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH); | 91 | CTerror(CT_R_INVALID_LOG_ID_LENGTH); |
| 90 | return 0; | 92 | return 0; |
| 91 | } | 93 | } |
| 92 | 94 | ||
| 93 | OPENSSL_free(sct->log_id); | 95 | free(sct->log_id); |
| 94 | sct->log_id = log_id; | 96 | sct->log_id = log_id; |
| 95 | sct->log_id_len = log_id_len; | 97 | sct->log_id_len = log_id_len; |
| 96 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; | 98 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; |
| @@ -101,21 +103,22 @@ int | |||
| 101 | SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len) | 103 | SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len) |
| 102 | { | 104 | { |
| 103 | if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { | 105 | if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { |
| 104 | CTerr(CT_F_SCT_SET1_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH); | 106 | CTerror(CT_R_INVALID_LOG_ID_LENGTH); |
| 105 | return 0; | 107 | return 0; |
| 106 | } | 108 | } |
| 107 | 109 | ||
| 108 | OPENSSL_free(sct->log_id); | 110 | free(sct->log_id); |
| 109 | sct->log_id = NULL; | 111 | sct->log_id = NULL; |
| 110 | sct->log_id_len = 0; | 112 | sct->log_id_len = 0; |
| 111 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; | 113 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; |
| 112 | 114 | ||
| 113 | if (log_id != NULL && log_id_len > 0) { | 115 | if (log_id != NULL && log_id_len > 0) { |
| 114 | sct->log_id = OPENSSL_memdup(log_id, log_id_len); | 116 | sct->log_id = malloc(log_id_len); |
| 115 | if (sct->log_id == NULL) { | 117 | if (sct->log_id == NULL) { |
| 116 | CTerr(CT_F_SCT_SET1_LOG_ID, ERR_R_MALLOC_FAILURE); | 118 | CTerror(ERR_R_MALLOC_FAILURE); |
| 117 | return 0; | 119 | return 0; |
| 118 | } | 120 | } |
| 121 | memcpy(sct->log_id, log_id, log_id_len); | ||
| 119 | sct->log_id_len = log_id_len; | 122 | sct->log_id_len = log_id_len; |
| 120 | } | 123 | } |
| 121 | return 1; | 124 | return 1; |
| @@ -134,17 +137,17 @@ SCT_set_signature_nid(SCT *sct, int nid) | |||
| 134 | { | 137 | { |
| 135 | switch (nid) { | 138 | switch (nid) { |
| 136 | case NID_sha256WithRSAEncryption: | 139 | case NID_sha256WithRSAEncryption: |
| 137 | sct->hash_alg = TLSEXT_hash_sha256; | 140 | sct->hash_alg = 4; /* XXX */ |
| 138 | sct->sig_alg = TLSEXT_signature_rsa; | 141 | sct->sig_alg = 1; /* XXX */ |
| 139 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; | 142 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; |
| 140 | return 1; | 143 | return 1; |
| 141 | case NID_ecdsa_with_SHA256: | 144 | case NID_ecdsa_with_SHA256: |
| 142 | sct->hash_alg = TLSEXT_hash_sha256; | 145 | sct->hash_alg = 4; /* XXX */ |
| 143 | sct->sig_alg = TLSEXT_signature_ecdsa; | 146 | sct->sig_alg = 3; /* XXX */ |
| 144 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; | 147 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; |
| 145 | return 1; | 148 | return 1; |
| 146 | default: | 149 | default: |
| 147 | CTerr(CT_F_SCT_SET_SIGNATURE_NID, CT_R_UNRECOGNIZED_SIGNATURE_NID); | 150 | CTerror(CT_R_UNRECOGNIZED_SIGNATURE_NID); |
| 148 | return 0; | 151 | return 0; |
| 149 | } | 152 | } |
| 150 | } | 153 | } |
| @@ -152,7 +155,7 @@ SCT_set_signature_nid(SCT *sct, int nid) | |||
| 152 | void | 155 | void |
| 153 | SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len) | 156 | SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len) |
| 154 | { | 157 | { |
| 155 | OPENSSL_free(sct->ext); | 158 | free(sct->ext); |
| 156 | sct->ext = ext; | 159 | sct->ext = ext; |
| 157 | sct->ext_len = ext_len; | 160 | sct->ext_len = ext_len; |
| 158 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; | 161 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; |
| @@ -161,17 +164,18 @@ SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len) | |||
| 161 | int | 164 | int |
| 162 | SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len) | 165 | SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len) |
| 163 | { | 166 | { |
| 164 | OPENSSL_free(sct->ext); | 167 | free(sct->ext); |
| 165 | sct->ext = NULL; | 168 | sct->ext = NULL; |
| 166 | sct->ext_len = 0; | 169 | sct->ext_len = 0; |
| 167 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; | 170 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; |
| 168 | 171 | ||
| 169 | if (ext != NULL && ext_len > 0) { | 172 | if (ext != NULL && ext_len > 0) { |
| 170 | sct->ext = OPENSSL_memdup(ext, ext_len); | 173 | sct->ext = malloc(ext_len); |
| 171 | if (sct->ext == NULL) { | 174 | if (sct->ext == NULL) { |
| 172 | CTerr(CT_F_SCT_SET1_EXTENSIONS, ERR_R_MALLOC_FAILURE); | 175 | CTerror(ERR_R_MALLOC_FAILURE); |
| 173 | return 0; | 176 | return 0; |
| 174 | } | 177 | } |
| 178 | memcpy(sct->ext, ext, ext_len); | ||
| 175 | sct->ext_len = ext_len; | 179 | sct->ext_len = ext_len; |
| 176 | } | 180 | } |
| 177 | return 1; | 181 | return 1; |
| @@ -180,7 +184,7 @@ SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len) | |||
| 180 | void | 184 | void |
| 181 | SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len) | 185 | SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len) |
| 182 | { | 186 | { |
| 183 | OPENSSL_free(sct->sig); | 187 | free(sct->sig); |
| 184 | sct->sig = sig; | 188 | sct->sig = sig; |
| 185 | sct->sig_len = sig_len; | 189 | sct->sig_len = sig_len; |
| 186 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; | 190 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; |
| @@ -189,17 +193,18 @@ SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len) | |||
| 189 | int | 193 | int |
| 190 | SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len) | 194 | SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len) |
| 191 | { | 195 | { |
| 192 | OPENSSL_free(sct->sig); | 196 | free(sct->sig); |
| 193 | sct->sig = NULL; | 197 | sct->sig = NULL; |
| 194 | sct->sig_len = 0; | 198 | sct->sig_len = 0; |
| 195 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; | 199 | sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; |
| 196 | 200 | ||
| 197 | if (sig != NULL && sig_len > 0) { | 201 | if (sig != NULL && sig_len > 0) { |
| 198 | sct->sig = OPENSSL_memdup(sig, sig_len); | 202 | sct->sig = malloc(sig_len); |
| 199 | if (sct->sig == NULL) { | 203 | if (sct->sig == NULL) { |
| 200 | CTerr(CT_F_SCT_SET1_SIGNATURE, ERR_R_MALLOC_FAILURE); | 204 | CTerror(ERR_R_MALLOC_FAILURE); |
| 201 | return 0; | 205 | return 0; |
| 202 | } | 206 | } |
| 207 | memcpy(sct->sig, sig, sig_len); | ||
| 203 | sct->sig_len = sig_len; | 208 | sct->sig_len = sig_len; |
| 204 | } | 209 | } |
| 205 | return 1; | 210 | return 1; |
| @@ -234,14 +239,15 @@ int | |||
| 234 | SCT_get_signature_nid(const SCT *sct) | 239 | SCT_get_signature_nid(const SCT *sct) |
| 235 | { | 240 | { |
| 236 | if (sct->version == SCT_VERSION_V1) { | 241 | if (sct->version == SCT_VERSION_V1) { |
| 237 | if (sct->hash_alg == TLSEXT_hash_sha256) { | 242 | /* XXX sigalg numbers */ |
| 243 | if (sct->hash_alg == 4) { | ||
| 238 | switch (sct->sig_alg) { | 244 | switch (sct->sig_alg) { |
| 239 | case TLSEXT_signature_ecdsa: | 245 | case 3: |
| 240 | return NID_ecdsa_with_SHA256; | 246 | return NID_ecdsa_with_SHA256; |
| 241 | case TLSEXT_signature_rsa: | 247 | case 1: |
| 242 | return NID_sha256WithRSAEncryption; | 248 | return NID_sha256WithRSAEncryption; |
| 243 | default: | 249 | default: |
| 244 | return NID_undef; | 250 | return NID_undef; |
| 245 | } | 251 | } |
| 246 | } | 252 | } |
| 247 | } | 253 | } |
| @@ -278,8 +284,8 @@ SCT_is_complete(const SCT *sct) | |||
| 278 | int | 284 | int |
| 279 | SCT_signature_is_complete(const SCT *sct) | 285 | SCT_signature_is_complete(const SCT *sct) |
| 280 | { | 286 | { |
| 281 | return SCT_get_signature_nid(sct) != NID_undef && sct->sig != NULL && | 287 | return SCT_get_signature_nid(sct) != NID_undef && |
| 282 | sct->sig_len > 0; | 288 | sct->sig != NULL && sct->sig_len > 0; |
| 283 | } | 289 | } |
| 284 | 290 | ||
| 285 | sct_source_t | 291 | sct_source_t |