From f6e7d1667b8dcbed22af63fba4416ba2ba9a27af Mon Sep 17 00:00:00 2001 From: jsing Date: Mon, 20 Dec 2021 17:19:19 +0000 Subject: [PATCH] Convert SCT_new_from_base64() to use CBS for o2i_SCT_signature(). Remove the existing o2i_SCT_signature() function and rename o2i_SCT_signature_internal() to replace it. ok inoguchi@ tb@ --- lib/libcrypto/ct/ct_b64.c | 13 +++++++------ lib/libcrypto/ct/ct_local.h | 8 +++++--- lib/libcrypto/ct/ct_oct.c | 28 ++++------------------------ 3 files changed, 16 insertions(+), 33 deletions(-) diff --git a/lib/libcrypto/ct/ct_b64.c b/lib/libcrypto/ct/ct_b64.c index cc1fecbc30f..bfc69a7da37 100644 --- a/lib/libcrypto/ct/ct_b64.c +++ b/lib/libcrypto/ct/ct_b64.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ct_b64.c,v 1.5 2021/12/18 16:34:52 tb Exp $ */ +/* $OpenBSD: ct_b64.c,v 1.6 2021/12/20 17:19:19 jsing Exp $ */ /* * Written by Rob Stradling (rob@comodo.com) and Stephen Henson * (steve@openssl.org) for the OpenSSL project 2014. @@ -64,6 +64,7 @@ #include #include +#include "bytestring.h" #include "ct_local.h" /* @@ -119,12 +120,12 @@ SCT_new_from_base64(unsigned char version, const char *logid_base64, ct_log_entry_type_t entry_type, uint64_t timestamp, const char *extensions_base64, const char *signature_base64) { - SCT *sct = SCT_new(); unsigned char *dec = NULL; - const unsigned char* p = NULL; int declen; + SCT *sct; + CBS cbs; - if (sct == NULL) { + if ((sct = SCT_new()) == NULL) { CTerror(ERR_R_MALLOC_FAILURE); return NULL; } @@ -161,8 +162,8 @@ SCT_new_from_base64(unsigned char version, const char *logid_base64, goto err; } - p = dec; - if (o2i_SCT_signature(sct, &p, declen) <= 0) + CBS_init(&cbs, dec, declen); + if (!o2i_SCT_signature(sct, &cbs)) goto err; free(dec); dec = NULL; diff --git a/lib/libcrypto/ct/ct_local.h b/lib/libcrypto/ct/ct_local.h index bfc074a13a3..cd19ed096a5 100644 --- a/lib/libcrypto/ct/ct_local.h +++ b/lib/libcrypto/ct/ct_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ct_local.h,v 1.7 2021/12/18 17:26:54 tb Exp $ */ +/* $OpenBSD: ct_local.h,v 1.8 2021/12/20 17:19:19 jsing Exp $ */ /* * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. */ @@ -55,9 +55,11 @@ #include #include +#include #include #include -#include + +#include "bytestring.h" /* Number of bytes in an SCT v1 LogID - see RFC 6962 section 3.2. */ #define CT_V1_LOG_ID_LEN 32 @@ -250,7 +252,7 @@ int i2o_SCT_signature(const SCT *sct, unsigned char **out); * If an error occurs, the SCT's signature NID may be updated whilst the * signature field itself remains unset. */ -int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len); +int o2i_SCT_signature(SCT *sct, CBS *cbs); /* * Handlers for Certificate Transparency X509v3/OCSP extensions diff --git a/lib/libcrypto/ct/ct_oct.c b/lib/libcrypto/ct/ct_oct.c index 773e62a254f..3dae7d8456f 100644 --- a/lib/libcrypto/ct/ct_oct.c +++ b/lib/libcrypto/ct/ct_oct.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ct_oct.c,v 1.6 2021/12/18 16:34:52 tb Exp $ */ +/* $OpenBSD: ct_oct.c,v 1.7 2021/12/20 17:19:19 jsing Exp $ */ /* * Written by Rob Stradling (rob@comodo.com) and Stephen Henson * (steve@openssl.org) for the OpenSSL project 2014. @@ -72,8 +72,8 @@ #include "bytestring.h" #include "ct_local.h" -static int -o2i_SCT_signature_internal(SCT *sct, CBS *cbs) +int +o2i_SCT_signature(SCT *sct, CBS *cbs) { uint8_t hash_alg, sig_alg; CBS signature; @@ -119,26 +119,6 @@ o2i_SCT_signature_internal(SCT *sct, CBS *cbs) return 0; } -int -o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len) -{ - size_t sig_len; - CBS cbs; - - CBS_init(&cbs, *in, len); - - if (!o2i_SCT_signature_internal(sct, &cbs)) - return -1; - - sig_len = len - CBS_len(&cbs); - if (sig_len > INT_MAX) - return -1; - - *in = CBS_data(&cbs); - - return sig_len; -} - static int o2i_SCT_internal(SCT **out_sct, CBS *cbs) { @@ -182,7 +162,7 @@ o2i_SCT_internal(SCT **out_sct, CBS *cbs) if (!CBS_stow(&extensions, &sct->ext, &sct->ext_len)) goto err; - if (!o2i_SCT_signature_internal(sct, cbs)) + if (!o2i_SCT_signature(sct, cbs)) goto err; if (CBS_len(cbs) != 0) -- 2.20.1