1 files changed, 0 insertions, 195 deletions
diff --git a/src/lib/libcrypto/ct/ct_vfy.c b/src/lib/libcrypto/ct/ct_vfy.c
deleted file mode 100644
index 424117263a..0000000000
--- a/src/lib/libcrypto/ct/ct_vfy.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/*      $OpenBSD: ct_vfy.c,v 1.6 2022/01/06 14:34:40 jsing Exp $ */
-/*
- * Written by Rob Stradling (rob@comodo.com) and Stephen Henson
- * (steve@openssl.org) for the OpenSSL project 2014.
- */
-/* ====================================================================
- * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <string.h>
-#include <openssl/ct.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include "ct_local.h"
-typedef enum sct_signature_type_t {
-        SIGNATURE_TYPE_NOT_SET = -1,
-        SIGNATURE_TYPE_CERT_TIMESTAMP,
-        SIGNATURE_TYPE_TREE_HASH
-} SCT_SIGNATURE_TYPE;
-/*
- * Update encoding for SCT signature verification/generation to supplied
- * EVP_MD_CTX.
- */
-static int
-sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
-{
-        CBB cbb, entry, extensions;
-        uint8_t *data = NULL;
-        size_t data_len;
-        int ret = 0;
-        memset(&cbb, 0, sizeof(cbb));
-        if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
-                goto err;
-        if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
-                goto err;
-        if (!CBB_init(&cbb, 0))
-                goto err;
-        /*
-         * Build the digitally-signed struct per RFC 6962 section 3.2.
-         */
-        if (!CBB_add_u8(&cbb, sct->version))
-                goto err;
-        if (!CBB_add_u8(&cbb, SIGNATURE_TYPE_CERT_TIMESTAMP))
-                goto err;
-        if (!CBB_add_u64(&cbb, sct->timestamp))
-                goto err;
-        if (!CBB_add_u16(&cbb, sct->entry_type))
-                goto err;
-        if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) {
-                if (!CBB_add_bytes(&cbb, sctx->ihash, sctx->ihashlen))
-                        goto err;
-        }
-        if (!CBB_add_u24_length_prefixed(&cbb, &entry))
-                goto err;
-        if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) {
-                if (sctx->preder == NULL)
-                        goto err;
-                if (!CBB_add_bytes(&entry, sctx->preder, sctx->prederlen))
-                        goto err;
-        } else {
-                if (sctx->certder == NULL)
-                        goto err;
-                if (!CBB_add_bytes(&entry, sctx->certder, sctx->certderlen))
-                        goto err;
-        }
-        if (!CBB_add_u16_length_prefixed(&cbb, &extensions))
-                goto err;
-        if (sct->ext_len > 0) {
-                if (!CBB_add_bytes(&extensions, sct->ext, sct->ext_len))
-                        goto err;
-        }
-        if (!CBB_finish(&cbb, &data, &data_len))
-                goto err;
-        if (!EVP_DigestUpdate(ctx, data, data_len))
-                goto err;
-        ret = 1;
- err:
-        CBB_cleanup(&cbb);
-        free(data);
-        return ret;
-}
-int
-SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
-{
-        EVP_MD_CTX *ctx = NULL;
-        int ret = 0;
-        if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
-            sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
-            (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT &&
-            sctx->ihash == NULL)) {
-                CTerror(CT_R_SCT_NOT_SET);
-                return 0;
-        }
-        if (sct->version != SCT_VERSION_V1) {
-                CTerror(CT_R_SCT_UNSUPPORTED_VERSION);
-                return 0;
-        }
-        if (sct->log_id_len != sctx->pkeyhashlen ||
-            memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
-                CTerror(CT_R_SCT_LOG_ID_MISMATCH);
-                return 0;
-        }
-        if (sct->timestamp > sctx->epoch_time_in_ms) {
-                CTerror(CT_R_SCT_FUTURE_TIMESTAMP);
-                return 0;
-        }
-        if ((ctx = EVP_MD_CTX_new()) == NULL)
-                goto end;
-        if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
-                goto end;
-        if (!sct_ctx_update(ctx, sctx, sct))
-                goto end;
-        /* Verify signature */
-        /* If ret < 0 some other error: fall through without setting error */
-        if ((ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len)) == 0)
-                CTerror(CT_R_SCT_INVALID_SIGNATURE);
- end:
-        EVP_MD_CTX_free(ctx);
-        return ret;
-}

diff --git a/src/lib/libcrypto/ct/ct_vfy.c b/src/lib/libcrypto/ct/ct_vfy.c deleted file mode 100644 index 424117263a..0000000000 --- a/src/lib/libcrypto/ct/ct_vfy.c +++ /dev/null
@@ -1,195 +0,0 @@
1	/* $OpenBSD: ct_vfy.c,v 1.6 2022/01/06 14:34:40 jsing Exp $ */
2	/*
3	* Written by Rob Stradling (rob@comodo.com) and Stephen Henson
4	* (steve@openssl.org) for the OpenSSL project 2014.
5	*/
6	/* ====================================================================
7	* Copyright (c) 2014 The OpenSSL Project. All rights reserved.
8	*
9	* Redistribution and use in source and binary forms, with or without
10	* modification, are permitted provided that the following conditions
11	* are met:
12	*
13	* 1. Redistributions of source code must retain the above copyright
14	* notice, this list of conditions and the following disclaimer.
15	*
16	* 2. Redistributions in binary form must reproduce the above copyright
17	* notice, this list of conditions and the following disclaimer in
18	* the documentation and/or other materials provided with the
19	* distribution.
20	*
21	* 3. All advertising materials mentioning features or use of this
22	* software must display the following acknowledgment:
23	* "This product includes software developed by the OpenSSL Project
24	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25	*
26	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27	* endorse or promote products derived from this software without
28	* prior written permission. For written permission, please contact
29	* licensing@OpenSSL.org.
30	*
31	* 5. Products derived from this software may not be called "OpenSSL"
32	* nor may "OpenSSL" appear in their names without prior written
33	* permission of the OpenSSL Project.
34	*
35	* 6. Redistributions of any form whatsoever must retain the following
36	* acknowledgment:
37	* "This product includes software developed by the OpenSSL Project
38	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39	*
40	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51	* OF THE POSSIBILITY OF SUCH DAMAGE.
52	* ====================================================================
53	*
54	* This product includes cryptographic software written by Eric Young
55	* (eay@cryptsoft.com). This product includes software written by Tim
56	* Hudson (tjh@cryptsoft.com).
57	*
58	*/
59
60	#include <string.h>
61
62	#include <openssl/ct.h>
63	#include <openssl/err.h>
64	#include <openssl/evp.h>
65	#include <openssl/x509.h>
66
67	#include "ct_local.h"
68
69	typedef enum sct_signature_type_t {
70	SIGNATURE_TYPE_NOT_SET = -1,
71	SIGNATURE_TYPE_CERT_TIMESTAMP,
72	SIGNATURE_TYPE_TREE_HASH
73	} SCT_SIGNATURE_TYPE;
74
75	/*
76	* Update encoding for SCT signature verification/generation to supplied
77	* EVP_MD_CTX.
78	*/
79	static int
80	sct_ctx_update(EVP_MD_CTX ctx, const SCT_CTX sctx, const SCT *sct)
81	{
82	CBB cbb, entry, extensions;
83	uint8_t *data = NULL;
84	size_t data_len;
85	int ret = 0;
86
87	memset(&cbb, 0, sizeof(cbb));
88
89	if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
90	goto err;
91	if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
92	goto err;
93
94	if (!CBB_init(&cbb, 0))
95	goto err;
96
97	/*
98	* Build the digitally-signed struct per RFC 6962 section 3.2.
99	*/
100	if (!CBB_add_u8(&cbb, sct->version))
101	goto err;
102	if (!CBB_add_u8(&cbb, SIGNATURE_TYPE_CERT_TIMESTAMP))
103	goto err;
104	if (!CBB_add_u64(&cbb, sct->timestamp))
105	goto err;
106	if (!CBB_add_u16(&cbb, sct->entry_type))
107	goto err;
108
109	if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) {
110	if (!CBB_add_bytes(&cbb, sctx->ihash, sctx->ihashlen))
111	goto err;
112	}
113
114	if (!CBB_add_u24_length_prefixed(&cbb, &entry))
115	goto err;
116	if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT) {
117	if (sctx->preder == NULL)
118	goto err;
119	if (!CBB_add_bytes(&entry, sctx->preder, sctx->prederlen))
120	goto err;
121	} else {
122	if (sctx->certder == NULL)
123	goto err;
124	if (!CBB_add_bytes(&entry, sctx->certder, sctx->certderlen))
125	goto err;
126	}
127
128	if (!CBB_add_u16_length_prefixed(&cbb, &extensions))
129	goto err;
130	if (sct->ext_len > 0) {
131	if (!CBB_add_bytes(&extensions, sct->ext, sct->ext_len))
132	goto err;
133	}
134
135	if (!CBB_finish(&cbb, &data, &data_len))
136	goto err;
137
138	if (!EVP_DigestUpdate(ctx, data, data_len))
139	goto err;
140
141	ret = 1;
142
143	err:
144	CBB_cleanup(&cbb);
145	free(data);
146
147	return ret;
148	}
149
150	int
151	SCT_CTX_verify(const SCT_CTX sctx, const SCT sct)
152	{
153	EVP_MD_CTX *ctx = NULL;
154	int ret = 0;
155
156	if (!SCT_is_complete(sct) \|\| sctx->pkey == NULL \|\|
157	sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET \|\|
158	(sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT &&
159	sctx->ihash == NULL)) {
160	CTerror(CT_R_SCT_NOT_SET);
161	return 0;
162	}
163	if (sct->version != SCT_VERSION_V1) {
164	CTerror(CT_R_SCT_UNSUPPORTED_VERSION);
165	return 0;
166	}
167	if (sct->log_id_len != sctx->pkeyhashlen \|\|
168	memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
169	CTerror(CT_R_SCT_LOG_ID_MISMATCH);
170	return 0;
171	}
172	if (sct->timestamp > sctx->epoch_time_in_ms) {
173	CTerror(CT_R_SCT_FUTURE_TIMESTAMP);
174	return 0;
175	}
176
177	if ((ctx = EVP_MD_CTX_new()) == NULL)
178	goto end;
179
180	if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
181	goto end;
182
183	if (!sct_ctx_update(ctx, sctx, sct))
184	goto end;
185
186	/* Verify signature */
187	/* If ret < 0 some other error: fall through without setting error */
188	if ((ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len)) == 0)
189	CTerror(CT_R_SCT_INVALID_SIGNATURE);
190
191	end:
192	EVP_MD_CTX_free(ctx);
193
194	return ret;
195	}