From eb8dd9dca1228af0cd132f515509051ecfabf6f6 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Mon, 14 Apr 2025 17:32:06 +0000 Subject: This commit was manufactured by cvs2git to create tag 'tb_20250414'. --- src/lib/libcrypto/ct/ct_oct.c | 464 ------------------------------------------ 1 file changed, 464 deletions(-) delete mode 100644 src/lib/libcrypto/ct/ct_oct.c (limited to 'src/lib/libcrypto/ct/ct_oct.c') diff --git a/src/lib/libcrypto/ct/ct_oct.c b/src/lib/libcrypto/ct/ct_oct.c deleted file mode 100644 index 1f5e5c75d0..0000000000 --- a/src/lib/libcrypto/ct/ct_oct.c +++ /dev/null @@ -1,464 +0,0 @@ -/* $OpenBSD: ct_oct.c,v 1.9 2023/07/08 07:22:58 beck Exp $ */ -/* - * Written by Rob Stradling (rob@comodo.com) and Stephen Henson - * (steve@openssl.org) for the OpenSSL project 2014. - */ -/* ==================================================================== - * Copyright (c) 2014 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifdef OPENSSL_NO_CT -# error "CT is disabled" -#endif - -#include -#include - -#include -#include -#include -#include - -#include "bytestring.h" -#include "ct_local.h" - -int -o2i_SCT_signature(SCT *sct, CBS *cbs) -{ - uint8_t hash_alg, sig_alg; - CBS signature; - - if (sct->version != SCT_VERSION_V1) { - CTerror(CT_R_UNSUPPORTED_VERSION); - return 0; - } - - /* - * Parse a digitally-signed element - see RFC 6962 section 3.2 and - * RFC 5246 sections 4.7 and 7.4.1.4.1. - */ - if (!CBS_get_u8(cbs, &hash_alg)) - goto err_invalid; - if (!CBS_get_u8(cbs, &sig_alg)) - goto err_invalid; - if (!CBS_get_u16_length_prefixed(cbs, &signature)) - goto err_invalid; - if (CBS_len(cbs) != 0) - goto err_invalid; - - /* - * Reject empty signatures since they are invalid for all supported - * algorithms (this really should be done by SCT_set1_signature()). - */ - if (CBS_len(&signature) == 0) - goto err_invalid; - - sct->hash_alg = hash_alg; - sct->sig_alg = sig_alg; - - if (SCT_get_signature_nid(sct) == NID_undef) - goto err_invalid; - - if (!SCT_set1_signature(sct, CBS_data(&signature), CBS_len(&signature))) - return 0; - - return 1; - - err_invalid: - CTerror(CT_R_SCT_INVALID_SIGNATURE); - return 0; -} - -static int -o2i_SCT_internal(SCT **out_sct, CBS *cbs) -{ - SCT *sct = NULL; - uint8_t version; - - *out_sct = NULL; - - if ((sct = SCT_new()) == NULL) - goto err; - - if (CBS_len(cbs) > MAX_SCT_SIZE) - goto err_invalid; - if (!CBS_peek_u8(cbs, &version)) - goto err_invalid; - - sct->version = version; - - if (version == SCT_VERSION_V1) { - CBS extensions, log_id; - uint64_t timestamp; - - /* - * Parse a v1 SignedCertificateTimestamp - see RFC 6962 - * section 3.2. - */ - if (!CBS_get_u8(cbs, &version)) - goto err_invalid; - if (!CBS_get_bytes(cbs, &log_id, CT_V1_LOG_ID_LEN)) - goto err_invalid; - if (!CBS_get_u64(cbs, ×tamp)) - goto err_invalid; - if (!CBS_get_u16_length_prefixed(cbs, &extensions)) - goto err_invalid; - - if (!CBS_stow(&log_id, &sct->log_id, &sct->log_id_len)) - goto err; - - sct->timestamp = timestamp; - - if (!CBS_stow(&extensions, &sct->ext, &sct->ext_len)) - goto err; - - if (!o2i_SCT_signature(sct, cbs)) - goto err; - - if (CBS_len(cbs) != 0) - goto err_invalid; - } else { - /* If not V1 just cache encoding. */ - if (!CBS_stow(cbs, &sct->sct, &sct->sct_len)) - goto err; - } - - *out_sct = sct; - - return 1; - - err_invalid: - CTerror(CT_R_SCT_INVALID); - err: - SCT_free(sct); - - return 0; -} - -SCT * -o2i_SCT(SCT **psct, const unsigned char **in, size_t len) -{ - SCT *sct; - CBS cbs; - - CBS_init(&cbs, *in, len); - - if (psct != NULL) { - SCT_free(*psct); - *psct = NULL; - } - - if (!o2i_SCT_internal(&sct, &cbs)) - return NULL; - - if (psct != NULL) - *psct = sct; - - *in = CBS_data(&cbs); - - return sct; -} -LCRYPTO_ALIAS(o2i_SCT); - -int -i2o_SCT_signature(const SCT *sct, unsigned char **out) -{ - size_t len; - unsigned char *p = NULL, *pstart = NULL; - - if (!SCT_signature_is_complete(sct)) { - CTerror(CT_R_SCT_INVALID_SIGNATURE); - goto err; - } - - if (sct->version != SCT_VERSION_V1) { - CTerror(CT_R_UNSUPPORTED_VERSION); - goto err; - } - - /* - * (1 byte) Hash algorithm - * (1 byte) Signature algorithm - * (2 bytes + ?) Signature - */ - len = 4 + sct->sig_len; - - if (out != NULL) { - if (*out != NULL) { - p = *out; - *out += len; - } else { - pstart = p = malloc(len); - if (p == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - *out = p; - } - - *p++ = sct->hash_alg; - *p++ = sct->sig_alg; - s2n(sct->sig_len, p); - memcpy(p, sct->sig, sct->sig_len); - } - - return len; - err: - free(pstart); - return -1; -} - -int -i2o_SCT(const SCT *sct, unsigned char **out) -{ - size_t len; - unsigned char *p = NULL, *pstart = NULL; - - if (!SCT_is_complete(sct)) { - CTerror(CT_R_SCT_NOT_SET); - goto err; - } - /* - * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes) - * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions - * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2 - * bytes + ?) Signature - */ - if (sct->version == SCT_VERSION_V1) - len = 43 + sct->ext_len + 4 + sct->sig_len; - else - len = sct->sct_len; - - if (out == NULL) - return len; - - if (*out != NULL) { - p = *out; - *out += len; - } else { - pstart = p = malloc(len); - if (p == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - goto err; - } - *out = p; - } - - if (sct->version == SCT_VERSION_V1) { - *p++ = sct->version; - memcpy(p, sct->log_id, CT_V1_HASHLEN); - p += CT_V1_HASHLEN; - l2n8(sct->timestamp, p); - s2n(sct->ext_len, p); - if (sct->ext_len > 0) { - memcpy(p, sct->ext, sct->ext_len); - p += sct->ext_len; - } - if (i2o_SCT_signature(sct, &p) <= 0) - goto err; - } else { - memcpy(p, sct->sct, len); - } - - return len; - err: - free(pstart); - return -1; -} -LCRYPTO_ALIAS(i2o_SCT); - -STACK_OF(SCT) * -o2i_SCT_LIST(STACK_OF(SCT) **out_scts, const unsigned char **pp, size_t len) -{ - CBS cbs, cbs_scts, cbs_sct; - STACK_OF(SCT) *scts = NULL; - - CBS_init(&cbs, *pp, len); - - if (CBS_len(&cbs) > MAX_SCT_LIST_SIZE) - goto err_invalid; - if (!CBS_get_u16_length_prefixed(&cbs, &cbs_scts)) - goto err_invalid; - if (CBS_len(&cbs) != 0) - goto err_invalid; - - if (out_scts != NULL) { - SCT_LIST_free(*out_scts); - *out_scts = NULL; - } - - if ((scts = sk_SCT_new_null()) == NULL) - return NULL; - - while (CBS_len(&cbs_scts) > 0) { - SCT *sct; - - if (!CBS_get_u16_length_prefixed(&cbs_scts, &cbs_sct)) - goto err_invalid; - - if (!o2i_SCT_internal(&sct, &cbs_sct)) - goto err; - if (!sk_SCT_push(scts, sct)) { - SCT_free(sct); - goto err; - } - } - - if (out_scts != NULL) - *out_scts = scts; - - *pp = CBS_data(&cbs); - - return scts; - - err_invalid: - CTerror(CT_R_SCT_LIST_INVALID); - err: - SCT_LIST_free(scts); - - return NULL; -} -LCRYPTO_ALIAS(o2i_SCT_LIST); - -int -i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp) -{ - int len, sct_len, i, is_pp_new = 0; - size_t len2; - unsigned char *p = NULL, *p2; - - if (pp != NULL) { - if (*pp == NULL) { - if ((len = i2o_SCT_LIST(a, NULL)) == -1) { - CTerror(CT_R_SCT_LIST_INVALID); - return -1; - } - if ((*pp = malloc(len)) == NULL) { - CTerror(ERR_R_MALLOC_FAILURE); - return -1; - } - is_pp_new = 1; - } - p = *pp + 2; - } - - len2 = 2; - for (i = 0; i < sk_SCT_num(a); i++) { - if (pp != NULL) { - p2 = p; - p += 2; - if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1) - goto err; - s2n(sct_len, p2); - } else { - if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1) - goto err; - } - len2 += 2 + sct_len; - } - - if (len2 > MAX_SCT_LIST_SIZE) - goto err; - - if (pp != NULL) { - p = *pp; - s2n(len2 - 2, p); - if (!is_pp_new) - *pp += len2; - } - return len2; - - err: - if (is_pp_new) { - free(*pp); - *pp = NULL; - } - return -1; -} -LCRYPTO_ALIAS(i2o_SCT_LIST); - -STACK_OF(SCT) * -d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len) -{ - ASN1_OCTET_STRING *oct = NULL; - STACK_OF(SCT) *sk = NULL; - const unsigned char *p; - - p = *pp; - if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL) - return NULL; - - p = oct->data; - if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL) - *pp += len; - - ASN1_OCTET_STRING_free(oct); - return sk; -} -LCRYPTO_ALIAS(d2i_SCT_LIST); - -int -i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out) -{ - ASN1_OCTET_STRING oct; - int len; - - oct.data = NULL; - if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1) - return -1; - - len = i2d_ASN1_OCTET_STRING(&oct, out); - free(oct.data); - return len; -} -LCRYPTO_ALIAS(i2d_SCT_LIST); -- cgit v1.2.3-55-g6feb