2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/ct.h>
14 #include <openssl/err.h>
15 #include <openssl/evp.h>
20 * Decodes the base64 string |in| into |out|.
21 * A new string will be malloc'd and assigned to |out|. This will be owned by
22 * the caller. Do not provide a pre-allocated string in |out|.
24 static int ct_base64_decode(const char *in
, unsigned char **out
)
26 size_t inlen
= strlen(in
);
28 unsigned char *outbuf
= NULL
;
35 outlen
= (inlen
/ 4) * 3;
36 outbuf
= OPENSSL_malloc(outlen
);
40 outlen
= EVP_DecodeBlock(outbuf
, (unsigned char *)in
, inlen
);
42 ERR_raise(ERR_LIB_CT
, CT_R_BASE64_DECODE_ERROR
);
46 /* Subtract padding bytes from |outlen|. Any more than 2 is malformed. */
48 while (in
[--inlen
] == '=') {
61 SCT
*SCT_new_from_base64(unsigned char version
, const char *logid_base64
,
62 ct_log_entry_type_t entry_type
, uint64_t timestamp
,
63 const char *extensions_base64
,
64 const char *signature_base64
)
67 unsigned char *dec
= NULL
;
68 const unsigned char* p
= NULL
;
72 ERR_raise(ERR_LIB_CT
, ERR_R_CT_LIB
);
77 * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
78 * can only construct SCT versions that have been defined.
80 if (!SCT_set_version(sct
, version
)) {
81 ERR_raise(ERR_LIB_CT
, CT_R_SCT_UNSUPPORTED_VERSION
);
85 declen
= ct_base64_decode(logid_base64
, &dec
);
87 ERR_raise(ERR_LIB_CT
, X509_R_BASE64_DECODE_ERROR
);
90 if (!SCT_set0_log_id(sct
, dec
, declen
))
94 declen
= ct_base64_decode(extensions_base64
, &dec
);
96 ERR_raise(ERR_LIB_CT
, X509_R_BASE64_DECODE_ERROR
);
99 SCT_set0_extensions(sct
, dec
, declen
);
102 declen
= ct_base64_decode(signature_base64
, &dec
);
104 ERR_raise(ERR_LIB_CT
, X509_R_BASE64_DECODE_ERROR
);
109 if (o2i_SCT_signature(sct
, &p
, declen
) <= 0)
114 SCT_set_timestamp(sct
, timestamp
);
116 if (!SCT_set_log_entry_type(sct
, entry_type
))
128 * Allocate, build and returns a new |ct_log| from input |pkey_base64|
129 * It returns 1 on success,
130 * 0 on decoding failure, or invalid parameter if any
131 * -1 on internal (malloc) failure
133 int CTLOG_new_from_base64_ex(CTLOG
**ct_log
, const char *pkey_base64
,
134 const char *name
, OSSL_LIB_CTX
*libctx
,
137 unsigned char *pkey_der
= NULL
;
139 const unsigned char *p
;
140 EVP_PKEY
*pkey
= NULL
;
142 if (ct_log
== NULL
) {
143 ERR_raise(ERR_LIB_CT
, ERR_R_PASSED_INVALID_ARGUMENT
);
147 pkey_der_len
= ct_base64_decode(pkey_base64
, &pkey_der
);
148 if (pkey_der_len
< 0) {
149 ERR_raise(ERR_LIB_CT
, CT_R_LOG_CONF_INVALID_KEY
);
154 pkey
= d2i_PUBKEY_ex(NULL
, &p
, pkey_der_len
, libctx
, propq
);
155 OPENSSL_free(pkey_der
);
157 ERR_raise(ERR_LIB_CT
, CT_R_LOG_CONF_INVALID_KEY
);
161 *ct_log
= CTLOG_new_ex(pkey
, name
, libctx
, propq
);
162 if (*ct_log
== NULL
) {
170 int CTLOG_new_from_base64(CTLOG
**ct_log
, const char *pkey_base64
,
173 return CTLOG_new_from_base64_ex(ct_log
, pkey_base64
, name
, NULL
, NULL
);