VirtualBox

source: vbox/trunk/src/libs/openssl-3.0.1/crypto/ct/ct_b64.c@ 94082

Last change on this file since 94082 was 94082, checked in by vboxsync, 3 years ago

libs/openssl-3.0.1: started applying and adjusting our OpenSSL changes to 3.0.1. bugref:10128
File size: 4.4 KB
Line 
1/*
2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <limits.h>
11#include <string.h>
12
13#include <openssl/ct.h>
14#include <openssl/err.h>
15#include <openssl/evp.h>
16
17#include "ct_local.h"
18
19/*
20 * Decodes the base64 string |in| into |out|.
21 * A new string will be malloc'd and assigned to |out|. This will be owned by
22 * the caller. Do not provide a pre-allocated string in |out|.
23 */
24static int ct_base64_decode(const char *in, unsigned char **out)
25{
26 size_t inlen = strlen(in);
27 int outlen, i;
28 unsigned char *outbuf = NULL;
29
30 if (inlen == 0) {
31 *out = NULL;
32 return 0;
33 }
34
35 outlen = (inlen / 4) * 3;
36 outbuf = OPENSSL_malloc(outlen);
37 if (outbuf == NULL) {
38 ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
39 goto err;
40 }
41
42 outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
43 if (outlen < 0) {
44 ERR_raise(ERR_LIB_CT, CT_R_BASE64_DECODE_ERROR);
45 goto err;
46 }
47
48 /* Subtract padding bytes from |outlen|. Any more than 2 is malformed. */
49 i = 0;
50 while (in[--inlen] == '=') {
51 --outlen;
52 if (++i > 2)
53 goto err;
54 }
55
56 *out = outbuf;
57 return outlen;
58err:
59 OPENSSL_free(outbuf);
60 return -1;
61}
62
63SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
64 ct_log_entry_type_t entry_type, uint64_t timestamp,
65 const char *extensions_base64,
66 const char *signature_base64)
67{
68 SCT *sct = SCT_new();
69 unsigned char *dec = NULL;
70 const unsigned char* p = NULL;
71 int declen;
72
73 if (sct == NULL) {
74 ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE);
75 return NULL;
76 }
77
78 /*
79 * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
80 * can only construct SCT versions that have been defined.
81 */
82 if (!SCT_set_version(sct, version)) {
83 ERR_raise(ERR_LIB_CT, CT_R_SCT_UNSUPPORTED_VERSION);
84 goto err;
85 }
86
87 declen = ct_base64_decode(logid_base64, &dec);
88 if (declen < 0) {
89 ERR_raise(ERR_LIB_CT, X509_R_BASE64_DECODE_ERROR);
90 goto err;
91 }
92 if (!SCT_set0_log_id(sct, dec, declen))
93 goto err;
94 dec = NULL;
95
96 declen = ct_base64_decode(extensions_base64, &dec);
97 if (declen < 0) {
98 ERR_raise(ERR_LIB_CT, X509_R_BASE64_DECODE_ERROR);
99 goto err;
100 }
101 SCT_set0_extensions(sct, dec, declen);
102 dec = NULL;
103
104 declen = ct_base64_decode(signature_base64, &dec);
105 if (declen < 0) {
106 ERR_raise(ERR_LIB_CT, X509_R_BASE64_DECODE_ERROR);
107 goto err;
108 }
109
110 p = dec;
111 if (o2i_SCT_signature(sct, &p, declen) <= 0)
112 goto err;
113 OPENSSL_free(dec);
114 dec = NULL;
115
116 SCT_set_timestamp(sct, timestamp);
117
118 if (!SCT_set_log_entry_type(sct, entry_type))
119 goto err;
120
121 return sct;
122
123 err:
124 OPENSSL_free(dec);
125 SCT_free(sct);
126 return NULL;
127}
128
129/*
130 * Allocate, build and returns a new |ct_log| from input |pkey_base64|
131 * It returns 1 on success,
132 * 0 on decoding failure, or invalid parameter if any
133 * -1 on internal (malloc) failure
134 */
135int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64,
136 const char *name, OSSL_LIB_CTX *libctx,
137 const char *propq)
138{
139 unsigned char *pkey_der = NULL;
140 int pkey_der_len;
141 const unsigned char *p;
142 EVP_PKEY *pkey = NULL;
143
144 if (ct_log == NULL) {
145 ERR_raise(ERR_LIB_CT, ERR_R_PASSED_INVALID_ARGUMENT);
146 return 0;
147 }
148
149 pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
150 if (pkey_der_len < 0) {
151 ERR_raise(ERR_LIB_CT, CT_R_LOG_CONF_INVALID_KEY);
152 return 0;
153 }
154
155 p = pkey_der;
156 pkey = d2i_PUBKEY_ex(NULL, &p, pkey_der_len, libctx, propq);
157 OPENSSL_free(pkey_der);
158 if (pkey == NULL) {
159 ERR_raise(ERR_LIB_CT, CT_R_LOG_CONF_INVALID_KEY);
160 return 0;
161 }
162
163 *ct_log = CTLOG_new_ex(pkey, name, libctx, propq);
164 if (*ct_log == NULL) {
165 EVP_PKEY_free(pkey);
166 return 0;
167 }
168
169 return 1;
170}
171
172int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64,
173 const char *name)
174{
175 return CTLOG_new_from_base64_ex(ct_log, pkey_base64, name, NULL, NULL);
176}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette