Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag

[openssl.git] / crypto / ct / ct_b64.c

diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c
index a257b8f0d52cf4a79fc494d9c504cf1e6da8b244..a1693a6c28aa924209abc965147be38d3b7e063f 100644 (file)
--- a/crypto/ct/ct_b64.c
+++ b/crypto/ct/ct_b64.c
@@ -63,32 +63,19 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
-/*
- * TODO(robpercival): These macros are getting duplicated all over the place.
- * Is there a single place they should be defined for re-use?
- * Also, is there a good reason they aren't functions?
- */
-#define n2s(c,s) ((s=(((unsigned int)((c)[0]))<<8) | \
-                     (((unsigned int)((c)[1])))), \
-                  c+=2)
+#include "ct_locl.h"
 
 /*
  * Decodes the base64 string |in| into |out|.
  * A new string will be malloc'd and assigned to |out|. This will be owned by
  * the caller. Do not provide a pre-allocated string in |out|.
  */
-static int CT_base64_decode(const char *in, unsigned char **out)
+static int ct_base64_decode(const char *in, unsigned char **out)
 {
-    size_t inlen;
+    size_t inlen = strlen(in);
     int outlen;
     unsigned char *outbuf = NULL;
 
-    if (in == NULL || out == NULL) {
-        CTerr(CT_F_CT_BASE64_DECODE, ERR_R_PASSED_NULL_PARAMETER);
-        goto err;
-    }
-
-    inlen = strlen(in);
     if (inlen == 0) {
         *out = NULL;
         return 0;
@@ -103,7 +90,6 @@ static int CT_base64_decode(const char *in, unsigned char **out)
 
     outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
     if (outlen < 0) {
-        OPENSSL_free(outbuf);
         CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);
         goto err;
     }
@@ -120,18 +106,10 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
                          const char *extensions_base64,
                          const char *signature_base64)
 {
-    SCT *sct;
+    SCT *sct = SCT_new();
     unsigned char *dec = NULL;
     int declen;
 
-    if (logid_base64 == NULL ||
-        extensions_base64 == NULL ||
-        signature_base64 == NULL) {
-        CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_PASSED_NULL_PARAMETER);
-        return NULL;
-    }
-
-    sct = SCT_new();
     if (sct == NULL) {
         CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
         return NULL;
@@ -146,7 +124,7 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
         goto err;
     }
 
-    declen = CT_base64_decode(logid_base64, &dec);
+    declen = ct_base64_decode(logid_base64, &dec);
     if (declen < 0) {
         CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
         goto err;
@@ -155,7 +133,7 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
         goto err;
     dec = NULL;
 
-    declen = CT_base64_decode(extensions_base64, &dec);
+    declen = ct_base64_decode(extensions_base64, &dec);
     if (declen < 0) {
         CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
         goto err;
@@ -163,13 +141,15 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
     SCT_set0_extensions(sct, dec, declen);
     dec = NULL;
 
-    declen = CT_base64_decode(signature_base64, &dec);
+    declen = ct_base64_decode(signature_base64, &dec);
     if (declen < 0) {
         CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
         goto err;
     }
     if (o2i_SCT_signature(sct, (const unsigned char **)&dec, declen) <= 0)
         goto err;
+    OPENSSL_free(dec);
+    dec = NULL;
 
     SCT_set_timestamp(sct, timestamp);
 
@@ -186,18 +166,20 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
 
 CTLOG *CTLOG_new_from_base64(const char *pkey_base64, const char *name)
 {
-    unsigned char *pkey_der;
-    int pkey_der_len;
+    unsigned char *pkey_der = NULL;
+    int pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
+    const unsigned char *p;
     EVP_PKEY *pkey = NULL;
     CTLOG *log = NULL;
 
-    pkey_der_len = CT_base64_decode(pkey_base64, &pkey_der);
     if (pkey_der_len <= 0) {
         CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
         return NULL;
     }
 
-    pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pkey_der, pkey_der_len);
+    p = pkey_der;
+    pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
+    OPENSSL_free(pkey_der);
     if (pkey == NULL) {
         CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
         return NULL;