]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/ct/ct_b64.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Copyright consolidation 07/10
[thirdparty/openssl.git] / crypto / ct / ct_b64.c
1 /*
2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <limits.h>
11 #include <string.h>
12
13 #include <openssl/ct.h>
14 #include <openssl/err.h>
15 #include <openssl/evp.h>
16
17 #include "ct_locl.h"
18
19 /*
20 * Decodes the base64 string |in| into |out|.
21 * A new string will be malloc'd and assigned to |out|. This will be owned by
22 * the caller. Do not provide a pre-allocated string in |out|.
23 */
24 static int ct_base64_decode(const char *in, unsigned char **out)
25 {
26 size_t inlen = strlen(in);
27 int outlen;
28 unsigned char *outbuf = NULL;
29
30 if (inlen == 0) {
31 *out = NULL;
32 return 0;
33 }
34
35 outlen = (inlen / 4) * 3;
36 outbuf = OPENSSL_malloc(outlen);
37 if (outbuf == NULL) {
38 CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);
39 goto err;
40 }
41
42 outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
43 if (outlen < 0) {
44 CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);
45 goto err;
46 }
47
48 *out = outbuf;
49 return outlen;
50 err:
51 OPENSSL_free(outbuf);
52 return -1;
53 }
54
55 SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
56 ct_log_entry_type_t entry_type, uint64_t timestamp,
57 const char *extensions_base64,
58 const char *signature_base64)
59 {
60 SCT *sct = SCT_new();
61 unsigned char *dec = NULL;
62 int declen;
63
64 if (sct == NULL) {
65 CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
66 return NULL;
67 }
68
69 /*
70 * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
71 * can only construct SCT versions that have been defined.
72 */
73 if (!SCT_set_version(sct, version)) {
74 CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
75 goto err;
76 }
77
78 declen = ct_base64_decode(logid_base64, &dec);
79 if (declen < 0) {
80 CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
81 goto err;
82 }
83 if (!SCT_set0_log_id(sct, dec, declen))
84 goto err;
85 dec = NULL;
86
87 declen = ct_base64_decode(extensions_base64, &dec);
88 if (declen < 0) {
89 CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
90 goto err;
91 }
92 SCT_set0_extensions(sct, dec, declen);
93 dec = NULL;
94
95 declen = ct_base64_decode(signature_base64, &dec);
96 if (declen < 0) {
97 CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
98 goto err;
99 }
100 if (o2i_SCT_signature(sct, (const unsigned char **)&dec, declen) <= 0)
101 goto err;
102 OPENSSL_free(dec);
103 dec = NULL;
104
105 SCT_set_timestamp(sct, timestamp);
106
107 if (!SCT_set_log_entry_type(sct, entry_type))
108 goto err;
109
110 return sct;
111
112 err:
113 OPENSSL_free(dec);
114 SCT_free(sct);
115 return NULL;
116 }
117
118 CTLOG *CTLOG_new_from_base64(const char *pkey_base64, const char *name)
119 {
120 unsigned char *pkey_der = NULL;
121 int pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
122 const unsigned char *p;
123 EVP_PKEY *pkey = NULL;
124 CTLOG *log = NULL;
125
126 if (pkey_der_len <= 0) {
127 CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
128 return NULL;
129 }
130
131 p = pkey_der;
132 pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
133 OPENSSL_free(pkey_der);
134 if (pkey == NULL) {
135 CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
136 return NULL;
137 }
138
139 log = CTLOG_new(pkey, name);
140 if (log == NULL) {
141 EVP_PKEY_free(pkey);
142 return NULL;
143 }
144
145 return log;
146 }
A mirror of the official openssl repository