2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/ct.h>
14 #include <openssl/err.h>
15 #include <openssl/evp.h>
20 * Decodes the base64 string |in| into |out|.
21 * A new string will be malloc'd and assigned to |out|. This will be owned by
22 * the caller. Do not provide a pre-allocated string in |out|.
24 static int ct_base64_decode(const char *in
, unsigned char **out
)
26 size_t inlen
= strlen(in
);
28 unsigned char *outbuf
= NULL
;
35 outlen
= (inlen
/ 4) * 3;
36 outbuf
= OPENSSL_malloc(outlen
);
38 CTerr(CT_F_CT_BASE64_DECODE
, ERR_R_MALLOC_FAILURE
);
42 outlen
= EVP_DecodeBlock(outbuf
, (unsigned char *)in
, inlen
);
44 CTerr(CT_F_CT_BASE64_DECODE
, CT_R_BASE64_DECODE_ERROR
);
55 SCT
*SCT_new_from_base64(unsigned char version
, const char *logid_base64
,
56 ct_log_entry_type_t entry_type
, uint64_t timestamp
,
57 const char *extensions_base64
,
58 const char *signature_base64
)
61 unsigned char *dec
= NULL
;
65 CTerr(CT_F_SCT_NEW_FROM_BASE64
, ERR_R_MALLOC_FAILURE
);
70 * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
71 * can only construct SCT versions that have been defined.
73 if (!SCT_set_version(sct
, version
)) {
74 CTerr(CT_F_SCT_NEW_FROM_BASE64
, CT_R_SCT_UNSUPPORTED_VERSION
);
78 declen
= ct_base64_decode(logid_base64
, &dec
);
80 CTerr(CT_F_SCT_NEW_FROM_BASE64
, X509_R_BASE64_DECODE_ERROR
);
83 if (!SCT_set0_log_id(sct
, dec
, declen
))
87 declen
= ct_base64_decode(extensions_base64
, &dec
);
89 CTerr(CT_F_SCT_NEW_FROM_BASE64
, X509_R_BASE64_DECODE_ERROR
);
92 SCT_set0_extensions(sct
, dec
, declen
);
95 declen
= ct_base64_decode(signature_base64
, &dec
);
97 CTerr(CT_F_SCT_NEW_FROM_BASE64
, X509_R_BASE64_DECODE_ERROR
);
100 if (o2i_SCT_signature(sct
, (const unsigned char **)&dec
, declen
) <= 0)
105 SCT_set_timestamp(sct
, timestamp
);
107 if (!SCT_set_log_entry_type(sct
, entry_type
))
118 CTLOG
*CTLOG_new_from_base64(const char *pkey_base64
, const char *name
)
120 unsigned char *pkey_der
= NULL
;
121 int pkey_der_len
= ct_base64_decode(pkey_base64
, &pkey_der
);
122 const unsigned char *p
;
123 EVP_PKEY
*pkey
= NULL
;
126 if (pkey_der_len
<= 0) {
127 CTerr(CT_F_CTLOG_NEW_FROM_BASE64
, CT_R_LOG_CONF_INVALID_KEY
);
132 pkey
= d2i_PUBKEY(NULL
, &p
, pkey_der_len
);
133 OPENSSL_free(pkey_der
);
135 CTerr(CT_F_CTLOG_NEW_FROM_BASE64
, CT_R_LOG_CONF_INVALID_KEY
);
139 log
= CTLOG_new(pkey
, name
);