Mechanical KNF in preparation for changing

author: beck <> 2021-10-28 11:55:43 +0000
committer: beck <> 2021-10-28 11:55:43 +0000
commit: ec2d356d7b85eac502fd0bf0af74ea37d008b0e9 (patch)
tree: 1f2e0d435ff5311db6957d62b59e97937f97ecbc /src/lib/libcrypto/ct/ct_oct.c
parent: f15d6960d6008073b238e45bb377f5a72d1161fc (diff)
download: openbsd-ec2d356d7b85eac502fd0bf0af74ea37d008b0e9.tar.gz
openbsd-ec2d356d7b85eac502fd0bf0af74ea37d008b0e9.tar.bz2
openbsd-ec2d356d7b85eac502fd0bf0af74ea37d008b0e9.zip
1 files changed, 356 insertions, 351 deletions
diff --git a/src/lib/libcrypto/ct/ct_oct.c b/src/lib/libcrypto/ct/ct_oct.c
index d4b6645af4..7a45bdb5bf 100644
--- a/src/lib/libcrypto/ct/ct_oct.c
+++ b/src/lib/libcrypto/ct/ct_oct.c
@@ -21,387 +21,392 @@
 #include "ct_local.h"
-int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
+int
+o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
 {
-    size_t siglen;
+        size_t siglen;
-    size_t len_remaining = len;
+        size_t len_remaining = len;
-    const unsigned char *p;
+        const unsigned char *p;
-    if (sct->version != SCT_VERSION_V1) {
+        if (sct->version != SCT_VERSION_V1) {
-        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+                CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
-        return -1;
+                return -1;
-    }
+        }
-    /*
+        /*
-     * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
+         * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
-     * Signature algorithm (2 bytes + ?) Signature
+         * Signature algorithm (2 bytes + ?) Signature
-     *
+         *
-     * This explicitly rejects empty signatures: they're invalid for
+         * This explicitly rejects empty signatures: they're invalid for
-     * all supported algorithms.
+         * all supported algorithms.
-     */
+         */
-    if (len <= 4) {
+        if (len <= 4) {
-        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+                CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
-        return -1;
+                return -1;
-    }
+        }
-    p = *in;
+        p = *in;
-    /* Get hash and signature algorithm */
+        /* Get hash and signature algorithm */
-    sct->hash_alg = *p++;
+        sct->hash_alg = *p++;
-    sct->sig_alg = *p++;
+        sct->sig_alg = *p++;
-    if (SCT_get_signature_nid(sct) == NID_undef) {
+        if (SCT_get_signature_nid(sct) == NID_undef) {
-        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+                CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
-        return -1;
+                return -1;
-    }
+        }
-    /* Retrieve signature and check it is consistent with the buffer length */
+        /* Retrieve signature and check it is consistent with the buffer length */
-    n2s(p, siglen);
+        n2s(p, siglen);
-    len_remaining -= (p - *in);
+        len_remaining -= (p - *in);
-    if (siglen > len_remaining) {
+        if (siglen > len_remaining) {
-        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+                CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
-        return -1;
+                return -1;
-    }
+        }
-    if (SCT_set1_signature(sct, p, siglen) != 1)
+        if (SCT_set1_signature(sct, p, siglen) != 1)
-        return -1;
+                return -1;
-    len_remaining -= siglen;
+        len_remaining -= siglen;
-    *in = p + siglen;
+        *in = p + siglen;
-    return len - len_remaining;
+        return len - len_remaining;
 }
 SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
 {
-    SCT *sct = NULL;
+        SCT *sct = NULL;
-    const unsigned char *p;
+        const unsigned char *p;
-    if (len == 0 || len > MAX_SCT_SIZE) {
+        if (len == 0 || len > MAX_SCT_SIZE) {
-        CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+                CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
-        goto err;
+                goto err;
-    }
+        }
-    if ((sct = SCT_new()) == NULL)
+        if ((sct = SCT_new()) == NULL)
-        goto err;
+                goto err;
-    p = *in;
+        p = *in;
-    sct->version = *p;
+        sct->version = *p;
-    if (sct->version == SCT_VERSION_V1) {
+        if (sct->version == SCT_VERSION_V1) {
-        int sig_len;
+                int sig_len;
-        size_t len2;
+                size_t len2;
-        /*-
+                /*-
-         * Fixed-length header:
+                 * Fixed-length header:
-         *   struct {
+                 *   struct {
-         *     Version sct_version;     (1 byte)
+                 *     Version sct_version;     (1 byte)
-         *     log_id id;               (32 bytes)
+                 *     log_id id;               (32 bytes)
-         *     uint64 timestamp;        (8 bytes)
+                 *     uint64 timestamp;        (8 bytes)
-         *     CtExtensions extensions; (2 bytes + ?)
+                 *     CtExtensions extensions; (2 bytes + ?)
-         *   }
+                 *   }
-         */
+                 */
-        if (len < 43) {
+                if (len < 43) {
-            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+                        CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
-            goto err;
+                        goto err;
-        }
+                }
-        len -= 43;
+                len -= 43;
-        p++;
+                p++;
-        sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
+                sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
-        if (sct->log_id == NULL)
+                if (sct->log_id == NULL)
-            goto err;
+                        goto err;
-        sct->log_id_len = CT_V1_HASHLEN;
+                sct->log_id_len = CT_V1_HASHLEN;
-        p += CT_V1_HASHLEN;
+                p += CT_V1_HASHLEN;
-        n2l8(p, sct->timestamp);
+                n2l8(p, sct->timestamp);
-        n2s(p, len2);
+                n2s(p, len2);
-        if (len < len2) {
+                if (len < len2) {
-            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+                        CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
-            goto err;
+                        goto err;
-        }
+                }
-        if (len2 > 0) {
+                if (len2 > 0) {
-            sct->ext = BUF_memdup(p, len2);
+                        sct->ext = BUF_memdup(p, len2);
-            if (sct->ext == NULL)
+                        if (sct->ext == NULL)
-                goto err;
+                                goto err;
-        }
+                }
-        sct->ext_len = len2;
+                sct->ext_len = len2;
-        p += len2;
+                p += len2;
-        len -= len2;
+                len -= len2;
-        sig_len = o2i_SCT_signature(sct, &p, len);
+                sig_len = o2i_SCT_signature(sct, &p, len);
-        if (sig_len <= 0) {
+                if (sig_len <= 0) {
-            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+                        CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
-            goto err;
+                        goto err;
-        }
+                }
-        len -= sig_len;
+                len -= sig_len;
-        *in = p + len;
+                *in = p + len;
-    } else {
+        } else {
-        /* If not V1 just cache encoding */
+                /* If not V1 just cache encoding */
-        sct->sct = BUF_memdup(p, len);
+                sct->sct = BUF_memdup(p, len);
-        if (sct->sct == NULL)
+                if (sct->sct == NULL)
-            goto err;
+                        goto err;
-        sct->sct_len = len;
+                sct->sct_len = len;
-        *in = p + len;
+                *in = p + len;
-    }
+        }
-    if (psct != NULL) {
+        if (psct != NULL) {
-        SCT_free(*psct);
+                SCT_free(*psct);
-        *psct = sct;
+                *psct = sct;
-    }
+        }
-    return sct;
+        return sct;
-err:
+ err:
-    SCT_free(sct);
+        SCT_free(sct);
-    return NULL;
+        return NULL;
 }
-int i2o_SCT_signature(const SCT *sct, unsigned char **out)
+int
+i2o_SCT_signature(const SCT *sct, unsigned char **out)
 {
-    size_t len;
+        size_t len;
-    unsigned char *p = NULL, *pstart = NULL;
+        unsigned char *p = NULL, *pstart = NULL;
-    if (!SCT_signature_is_complete(sct)) {
+        if (!SCT_signature_is_complete(sct)) {
-        CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+                CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
-        goto err;
+                goto err;
-    }
+        }
-    if (sct->version != SCT_VERSION_V1) {
+        if (sct->version != SCT_VERSION_V1) {
-        CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+                CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
-        goto err;
+                goto err;
-    }
+        }
-    /*
+        /*
-    * (1 byte) Hash algorithm
+         * (1 byte) Hash algorithm
-    * (1 byte) Signature algorithm
+         * (1 byte) Signature algorithm
-    * (2 bytes + ?) Signature
+         * (2 bytes + ?) Signature
-    */
+         */
-    len = 4 + sct->sig_len;
+        len = 4 + sct->sig_len;
-    if (out != NULL) {
+        if (out != NULL) {
-        if (*out != NULL) {
+                if (*out != NULL) {
-            p = *out;
+                        p = *out;
-            *out += len;
+                        *out += len;
-        } else {
+                } else {
-            pstart = p = OPENSSL_malloc(len);
+                        pstart = p = OPENSSL_malloc(len);
-            if (p == NULL) {
+                        if (p == NULL) {
-                CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
+                                CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
-                goto err;
+                                goto err;
-            }
+                        }
-            *out = p;
+                        *out = p;
-        }
+                }
-        *p++ = sct->hash_alg;
+                *p++ = sct->hash_alg;
-        *p++ = sct->sig_alg;
+                *p++ = sct->sig_alg;
-        s2n(sct->sig_len, p);
+                s2n(sct->sig_len, p);
-        memcpy(p, sct->sig, sct->sig_len);
+                memcpy(p, sct->sig, sct->sig_len);
-    }
+        }
-    return len;
+        return len;
-err:
+ err:
-    OPENSSL_free(pstart);
+        OPENSSL_free(pstart);
-    return -1;
+        return -1;
 }
-int i2o_SCT(const SCT *sct, unsigned char **out)
+int
+i2o_SCT(const SCT *sct, unsigned char **out)
 {
-    size_t len;
+        size_t len;
-    unsigned char *p = NULL, *pstart = NULL;
+        unsigned char *p = NULL, *pstart = NULL;
-    if (!SCT_is_complete(sct)) {
+        if (!SCT_is_complete(sct)) {
-        CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
+                CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
-        goto err;
+                goto err;
-    }
+        }
-    /*
+        /*
-     * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
+         * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
-     * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
+         * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
-     * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
+         * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
-     * bytes + ?) Signature
+         * bytes + ?) Signature
-     */
+         */
-    if (sct->version == SCT_VERSION_V1)
+        if (sct->version == SCT_VERSION_V1)
-        len = 43 + sct->ext_len + 4 + sct->sig_len;
+                len = 43 + sct->ext_len + 4 + sct->sig_len;
-    else
+        else
-        len = sct->sct_len;
+                len = sct->sct_len;
-    if (out == NULL)
+        if (out == NULL)
-        return len;
+                return len;
-    if (*out != NULL) {
+        if (*out != NULL) {
-        p = *out;
+                p = *out;
-        *out += len;
+                *out += len;
-    } else {
+        } else {
-        pstart = p = OPENSSL_malloc(len);
+                pstart = p = OPENSSL_malloc(len);
-        if (p == NULL) {
+                if (p == NULL) {
-            CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
+                        CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
-            goto err;
+                        goto err;
-        }
+                }
-        *out = p;
+                *out = p;
-    }
+        }
-    if (sct->version == SCT_VERSION_V1) {
+        if (sct->version == SCT_VERSION_V1) {
-        *p++ = sct->version;
+                *p++ = sct->version;
-        memcpy(p, sct->log_id, CT_V1_HASHLEN);
+                memcpy(p, sct->log_id, CT_V1_HASHLEN);
-        p += CT_V1_HASHLEN;
+                p += CT_V1_HASHLEN;
-        l2n8(sct->timestamp, p);
+                l2n8(sct->timestamp, p);
-        s2n(sct->ext_len, p);
+                s2n(sct->ext_len, p);
-        if (sct->ext_len > 0) {
+                if (sct->ext_len > 0) {
-            memcpy(p, sct->ext, sct->ext_len);
+                        memcpy(p, sct->ext, sct->ext_len);
-            p += sct->ext_len;
+                        p += sct->ext_len;
-        }
+                }
-        if (i2o_SCT_signature(sct, &p) <= 0)
+                if (i2o_SCT_signature(sct, &p) <= 0)
-            goto err;
+                        goto err;
-    } else {
+        } else {
-        memcpy(p, sct->sct, len);
+                memcpy(p, sct->sct, len);
-    }
+        }
-    return len;
+        return len;
-err:
+ err:
-    OPENSSL_free(pstart);
+        OPENSSL_free(pstart);
-    return -1;
+        return -1;
 }
-STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+STACK_OF(SCT) *
-                            size_t len)
+o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, size_t len)
 {
-    STACK_OF(SCT) *sk = NULL;
+        STACK_OF(SCT) *sk = NULL;
-    size_t list_len, sct_len;
+        size_t list_len, sct_len;
-    if (len < 2 || len > MAX_SCT_LIST_SIZE) {
+        if (len < 2 || len > MAX_SCT_LIST_SIZE) {
-        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+                CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
-        return NULL;
+                return NULL;
-    }
+        }
-    n2s(*pp, list_len);
+        n2s(*pp, list_len);
-    if (list_len != len - 2) {
+        if (list_len != len - 2) {
-        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+                CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
-        return NULL;
+                return NULL;
-    }
+        }
-    if (a == NULL || *a == NULL) {
+        if (a == NULL || *a == NULL) {
-        sk = sk_SCT_new_null();
+                sk = sk_SCT_new_null();
-        if (sk == NULL)
+                if (sk == NULL)
-            return NULL;
+                        return NULL;
-    } else {
+        } else {
-        SCT *sct;
+                SCT *sct;
-        /* Use the given stack, but empty it first. */
+                /* Use the given stack, but empty it first. */
-        sk = *a;
+                sk = *a;
-        while ((sct = sk_SCT_pop(sk)) != NULL)
+                while ((sct = sk_SCT_pop(sk)) != NULL)
-            SCT_free(sct);
+                        SCT_free(sct);
-    }
+        }
-    while (list_len > 0) {
+        while (list_len > 0) {
-        SCT *sct;
+                SCT *sct;
-        if (list_len < 2) {
+                if (list_len < 2) {
-            CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+                        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
-            goto err;
+                        goto err;
-        }
+                }
-        n2s(*pp, sct_len);
+                n2s(*pp, sct_len);
-        list_len -= 2;
+                list_len -= 2;
-        if (sct_len == 0 || sct_len > list_len) {
+                if (sct_len == 0 || sct_len > list_len) {
-            CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+                        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
-            goto err;
+                        goto err;
-        }
+                }
-        list_len -= sct_len;
+                list_len -= sct_len;
-        if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
+                if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
-            goto err;
+                        goto err;
-        if (!sk_SCT_push(sk, sct)) {
+                if (!sk_SCT_push(sk, sct)) {
-            SCT_free(sct);
+                        SCT_free(sct);
-            goto err;
+                        goto err;
-        }
+                }
-    }
+        }
-    if (a != NULL && *a == NULL)
+        if (a != NULL && *a == NULL)
-        *a = sk;
+                *a = sk;
-    return sk;
+        return sk;
 err:
-    if (a == NULL || *a == NULL)
+        if (a == NULL || *a == NULL)
-        SCT_LIST_free(sk);
+                SCT_LIST_free(sk);
-    return NULL;
+        return NULL;
 }
-int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
+int
+i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
 {
-    int len, sct_len, i, is_pp_new = 0;
+        int len, sct_len, i, is_pp_new = 0;
-    size_t len2;
+        size_t len2;
-    unsigned char *p = NULL, *p2;
+        unsigned char *p = NULL, *p2;
-    if (pp != NULL) {
+        if (pp != NULL) {
-        if (*pp == NULL) {
+                if (*pp == NULL) {
-            if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
+                        if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
-                CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);
+                                CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);
-                return -1;
+                                return -1;
-            }
+                        }
-            if ((*pp = OPENSSL_malloc(len)) == NULL) {
+                        if ((*pp = OPENSSL_malloc(len)) == NULL) {
-                CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);
+                                CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);
-                return -1;
+                                return -1;
-            }
+                        }
-            is_pp_new = 1;
+                        is_pp_new = 1;
-        }
+                }
-        p = *pp + 2;
+                p = *pp + 2;
-    }
+        }
-    len2 = 2;
+        len2 = 2;
-    for (i = 0; i < sk_SCT_num(a); i++) {
+        for (i = 0; i < sk_SCT_num(a); i++) {
-        if (pp != NULL) {
+                if (pp != NULL) {
-            p2 = p;
+                        p2 = p;
-            p += 2;
+                        p += 2;
-            if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
+                        if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
-                goto err;
+                                goto err;
-            s2n(sct_len, p2);
+                        s2n(sct_len, p2);
-        } else {
+                } else {
-          if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
+                        if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
-              goto err;
+                                goto err;
-        }
+                }
-        len2 += 2 + sct_len;
+                len2 += 2 + sct_len;
-    }
+        }
-    if (len2 > MAX_SCT_LIST_SIZE)
+        if (len2 > MAX_SCT_LIST_SIZE)
-        goto err;
+                goto err;
-    if (pp != NULL) {
+        if (pp != NULL) {
-        p = *pp;
+                p = *pp;
-        s2n(len2 - 2, p);
+                s2n(len2 - 2, p);
-        if (!is_pp_new)
+                if (!is_pp_new)
-            *pp += len2;
+                        *pp += len2;
-    }
+        }
-    return len2;
+        return len2;
 err:
-    if (is_pp_new) {
+        if (is_pp_new) {
-        OPENSSL_free(*pp);
+                OPENSSL_free(*pp);
-        *pp = NULL;
+                *pp = NULL;
-    }
+        }
-    return -1;
+        return -1;
 }
-STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+STACK_OF(SCT) *
-                            long len)
+d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, long len)
 {
-    ASN1_OCTET_STRING *oct = NULL;
+        ASN1_OCTET_STRING *oct = NULL;
-    STACK_OF(SCT) *sk = NULL;
+        STACK_OF(SCT) *sk = NULL;
-    const unsigned char *p;
+        const unsigned char *p;
-    p = *pp;
+        p = *pp;
-    if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
+        if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
-        return NULL;
+                return NULL;
-    p = oct->data;
+        p = oct->data;
-    if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
+        if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
-        *pp += len;
+                *pp += len;
-    ASN1_OCTET_STRING_free(oct);
+        ASN1_OCTET_STRING_free(oct);
-    return sk;
+        return sk;
 }
-int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
+int
+i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
 {
-    ASN1_OCTET_STRING oct;
+        ASN1_OCTET_STRING oct;
-    int len;
+        int len;
-    oct.data = NULL;
+        oct.data = NULL;
-    if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
+        if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
-        return -1;
+                return -1;
-    len = i2d_ASN1_OCTET_STRING(&oct, out);
+        len = i2d_ASN1_OCTET_STRING(&oct, out);
-    OPENSSL_free(oct.data);
+        OPENSSL_free(oct.data);
-    return len;
+        return len;
 }
author	beck <>	2021-10-28 11:55:43 +0000
committer	beck <>	2021-10-28 11:55:43 +0000
commit	ec2d356d7b85eac502fd0bf0af74ea37d008b0e9 (patch)
tree	1f2e0d435ff5311db6957d62b59e97937f97ecbc /src/lib/libcrypto/ct/ct_oct.c
parent	f15d6960d6008073b238e45bb377f5a72d1161fc (diff)
download	openbsd-ec2d356d7b85eac502fd0bf0af74ea37d008b0e9.tar.gz openbsd-ec2d356d7b85eac502fd0bf0af74ea37d008b0e9.tar.bz2 openbsd-ec2d356d7b85eac502fd0bf0af74ea37d008b0e9.zip

diff --git a/src/lib/libcrypto/ct/ct_oct.c b/src/lib/libcrypto/ct/ct_oct.c index d4b6645af4..7a45bdb5bf 100644 --- a/src/lib/libcrypto/ct/ct_oct.c +++ b/src/lib/libcrypto/ct/ct_oct.c
@@ -21,387 +21,392 @@
21		21
22	#include "ct_local.h"	22	#include "ct_local.h"
23		23
24	int o2i_SCT_signature(SCT sct, const unsigned char *in, size_t len)	24	int
		25	o2i_SCT_signature(SCT sct, const unsigned char *in, size_t len)
25	{	26	{
26	size_t siglen;	27	size_t siglen;
27	size_t len_remaining = len;	28	size_t len_remaining = len;
28	const unsigned char *p;	29	const unsigned char *p;
29		30
30	if (sct->version != SCT_VERSION_V1) {	31	if (sct->version != SCT_VERSION_V1) {
31	CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);	32	CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
32	return -1;	33	return -1;
33	}	34	}
34	/*	35	/*
35	* digitally-signed struct header: (1 byte) Hash algorithm (1 byte)	36	* digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
36	* Signature algorithm (2 bytes + ?) Signature	37	* Signature algorithm (2 bytes + ?) Signature
37	*	38	*
38	* This explicitly rejects empty signatures: they're invalid for	39	* This explicitly rejects empty signatures: they're invalid for
39	* all supported algorithms.	40	* all supported algorithms.
40	*/	41	*/
41	if (len <= 4) {	42	if (len <= 4) {
42	CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);	43	CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
43	return -1;	44	return -1;
44	}	45	}
45		46
46	p = *in;	47	p = *in;
47	/* Get hash and signature algorithm */	48	/* Get hash and signature algorithm */
48	sct->hash_alg = *p++;	49	sct->hash_alg = *p++;
49	sct->sig_alg = *p++;	50	sct->sig_alg = *p++;
50	if (SCT_get_signature_nid(sct) == NID_undef) {	51	if (SCT_get_signature_nid(sct) == NID_undef) {
51	CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);	52	CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
52	return -1;	53	return -1;
53	}	54	}
54	/* Retrieve signature and check it is consistent with the buffer length */	55	/* Retrieve signature and check it is consistent with the buffer length */
55	n2s(p, siglen);	56	n2s(p, siglen);
56	len_remaining -= (p - *in);	57	len_remaining -= (p - *in);
57	if (siglen > len_remaining) {	58	if (siglen > len_remaining) {
58	CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);	59	CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
59	return -1;	60	return -1;
60	}	61	}
61		62
62	if (SCT_set1_signature(sct, p, siglen) != 1)	63	if (SCT_set1_signature(sct, p, siglen) != 1)
63	return -1;	64	return -1;
64	len_remaining -= siglen;	65	len_remaining -= siglen;
65	*in = p + siglen;	66	*in = p + siglen;
66		67
67	return len - len_remaining;	68	return len - len_remaining;
68	}	69	}
69		70
70	SCT o2i_SCT(SCT psct, const unsigned char *in, size_t len)	71	SCT o2i_SCT(SCT psct, const unsigned char *in, size_t len)
71	{	72	{
72	SCT *sct = NULL;	73	SCT *sct = NULL;
73	const unsigned char *p;	74	const unsigned char *p;
74		75
75	if (len == 0 \|\| len > MAX_SCT_SIZE) {	76	if (len == 0 \|\| len > MAX_SCT_SIZE) {
76	CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);	77	CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
77	goto err;	78	goto err;
78	}	79	}
79		80
80	if ((sct = SCT_new()) == NULL)	81	if ((sct = SCT_new()) == NULL)
81	goto err;	82	goto err;
82		83
83	p = *in;	84	p = *in;
84		85
85	sct->version = *p;	86	sct->version = *p;
86	if (sct->version == SCT_VERSION_V1) {	87	if (sct->version == SCT_VERSION_V1) {
87	int sig_len;	88	int sig_len;
88	size_t len2;	89	size_t len2;
89	/*-	90	/*-
90	* Fixed-length header:	91	* Fixed-length header:
91	* struct {	92	* struct {
92	* Version sct_version; (1 byte)	93	* Version sct_version; (1 byte)
93	* log_id id; (32 bytes)	94	* log_id id; (32 bytes)
94	* uint64 timestamp; (8 bytes)	95	* uint64 timestamp; (8 bytes)
95	* CtExtensions extensions; (2 bytes + ?)	96	* CtExtensions extensions; (2 bytes + ?)
96	* }	97	* }
97	*/	98	*/
98	if (len < 43) {	99	if (len < 43) {
99	CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);	100	CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
100	goto err;	101	goto err;
101	}	102	}
102	len -= 43;	103	len -= 43;
103	p++;	104	p++;
104	sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);	105	sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
105	if (sct->log_id == NULL)	106	if (sct->log_id == NULL)
106	goto err;	107	goto err;
107	sct->log_id_len = CT_V1_HASHLEN;	108	sct->log_id_len = CT_V1_HASHLEN;
108	p += CT_V1_HASHLEN;	109	p += CT_V1_HASHLEN;
109		110
110	n2l8(p, sct->timestamp);	111	n2l8(p, sct->timestamp);
111		112
112	n2s(p, len2);	113	n2s(p, len2);
113	if (len < len2) {	114	if (len < len2) {
114	CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);	115	CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
115	goto err;	116	goto err;
116	}	117	}
117	if (len2 > 0) {	118	if (len2 > 0) {
118	sct->ext = BUF_memdup(p, len2);	119	sct->ext = BUF_memdup(p, len2);
119	if (sct->ext == NULL)	120	if (sct->ext == NULL)
120	goto err;	121	goto err;
121	}	122	}
122	sct->ext_len = len2;	123	sct->ext_len = len2;
123	p += len2;	124	p += len2;
124	len -= len2;	125	len -= len2;
125		126
126	sig_len = o2i_SCT_signature(sct, &p, len);	127	sig_len = o2i_SCT_signature(sct, &p, len);
127	if (sig_len <= 0) {	128	if (sig_len <= 0) {
128	CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);	129	CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
129	goto err;	130	goto err;
130	}	131	}
131	len -= sig_len;	132	len -= sig_len;
132	*in = p + len;	133	*in = p + len;
133	} else {	134	} else {
134	/* If not V1 just cache encoding */	135	/* If not V1 just cache encoding */
135	sct->sct = BUF_memdup(p, len);	136	sct->sct = BUF_memdup(p, len);
136	if (sct->sct == NULL)	137	if (sct->sct == NULL)
137	goto err;	138	goto err;
138	sct->sct_len = len;	139	sct->sct_len = len;
139	*in = p + len;	140	*in = p + len;
140	}	141	}
141		142
142	if (psct != NULL) {	143	if (psct != NULL) {
143	SCT_free(*psct);	144	SCT_free(*psct);
144	*psct = sct;	145	*psct = sct;
145	}	146	}
146		147
147	return sct;	148	return sct;
148	err:	149	err:
149	SCT_free(sct);	150	SCT_free(sct);
150	return NULL;	151	return NULL;
151	}	152	}
152		153
153	int i2o_SCT_signature(const SCT sct, unsigned char *out)	154	int
		155	i2o_SCT_signature(const SCT sct, unsigned char *out)
154	{	156	{
155	size_t len;	157	size_t len;
156	unsigned char p = NULL, pstart = NULL;	158	unsigned char p = NULL, pstart = NULL;
157		159
158	if (!SCT_signature_is_complete(sct)) {	160	if (!SCT_signature_is_complete(sct)) {
159	CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);	161	CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
160	goto err;	162	goto err;
161	}	163	}
162		164
163	if (sct->version != SCT_VERSION_V1) {	165	if (sct->version != SCT_VERSION_V1) {
164	CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);	166	CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
165	goto err;	167	goto err;
166	}	168	}
167		169
168	/*	170	/*
169	* (1 byte) Hash algorithm	171	* (1 byte) Hash algorithm
170	* (1 byte) Signature algorithm	172	* (1 byte) Signature algorithm
171	* (2 bytes + ?) Signature	173	* (2 bytes + ?) Signature
172	*/	174	*/
173	len = 4 + sct->sig_len;	175	len = 4 + sct->sig_len;
174		176
175	if (out != NULL) {	177	if (out != NULL) {
176	if (*out != NULL) {	178	if (*out != NULL) {
177	p = *out;	179	p = *out;
178	*out += len;	180	*out += len;
179	} else {	181	} else {
180	pstart = p = OPENSSL_malloc(len);	182	pstart = p = OPENSSL_malloc(len);
181	if (p == NULL) {	183	if (p == NULL) {
182	CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);	184	CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
183	goto err;	185	goto err;
184	}	186	}
185	*out = p;	187	*out = p;
186	}	188	}
187		189
188	*p++ = sct->hash_alg;	190	*p++ = sct->hash_alg;
189	*p++ = sct->sig_alg;	191	*p++ = sct->sig_alg;
190	s2n(sct->sig_len, p);	192	s2n(sct->sig_len, p);
191	memcpy(p, sct->sig, sct->sig_len);	193	memcpy(p, sct->sig, sct->sig_len);
192	}	194	}
193		195
194	return len;	196	return len;
195	err:	197	err:
196	OPENSSL_free(pstart);	198	OPENSSL_free(pstart);
197	return -1;	199	return -1;
198	}	200	}
199		201
200	int i2o_SCT(const SCT sct, unsigned char *out)	202	int
		203	i2o_SCT(const SCT sct, unsigned char *out)
201	{	204	{
202	size_t len;	205	size_t len;
203	unsigned char p = NULL, pstart = NULL;	206	unsigned char p = NULL, pstart = NULL;
204		207
205	if (!SCT_is_complete(sct)) {	208	if (!SCT_is_complete(sct)) {
206	CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);	209	CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
207	goto err;	210	goto err;
208	}	211	}
209	/*	212	/*
210	* Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)	213	* Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
211	* log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions	214	* log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
212	* extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2	215	* extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
213	* bytes + ?) Signature	216	* bytes + ?) Signature
214	*/	217	*/
215	if (sct->version == SCT_VERSION_V1)	218	if (sct->version == SCT_VERSION_V1)
216	len = 43 + sct->ext_len + 4 + sct->sig_len;	219	len = 43 + sct->ext_len + 4 + sct->sig_len;
217	else	220	else
218	len = sct->sct_len;	221	len = sct->sct_len;
219		222
220	if (out == NULL)	223	if (out == NULL)
221	return len;	224	return len;
222		225
223	if (*out != NULL) {	226	if (*out != NULL) {
224	p = *out;	227	p = *out;
225	*out += len;	228	*out += len;
226	} else {	229	} else {
227	pstart = p = OPENSSL_malloc(len);	230	pstart = p = OPENSSL_malloc(len);
228	if (p == NULL) {	231	if (p == NULL) {
229	CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);	232	CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
230	goto err;	233	goto err;
231	}	234	}
232	*out = p;	235	*out = p;
233	}	236	}
234		237
235	if (sct->version == SCT_VERSION_V1) {	238	if (sct->version == SCT_VERSION_V1) {
236	*p++ = sct->version;	239	*p++ = sct->version;
237	memcpy(p, sct->log_id, CT_V1_HASHLEN);	240	memcpy(p, sct->log_id, CT_V1_HASHLEN);
238	p += CT_V1_HASHLEN;	241	p += CT_V1_HASHLEN;
239	l2n8(sct->timestamp, p);	242	l2n8(sct->timestamp, p);
240	s2n(sct->ext_len, p);	243	s2n(sct->ext_len, p);
241	if (sct->ext_len > 0) {	244	if (sct->ext_len > 0) {
242	memcpy(p, sct->ext, sct->ext_len);	245	memcpy(p, sct->ext, sct->ext_len);
243	p += sct->ext_len;	246	p += sct->ext_len;
244	}	247	}
245	if (i2o_SCT_signature(sct, &p) <= 0)	248	if (i2o_SCT_signature(sct, &p) <= 0)
246	goto err;	249	goto err;
247	} else {	250	} else {
248	memcpy(p, sct->sct, len);	251	memcpy(p, sct->sct, len);
249	}	252	}
250		253
251	return len;	254	return len;
252	err:	255	err:
253	OPENSSL_free(pstart);	256	OPENSSL_free(pstart);
254	return -1;	257	return -1;
255	}	258	}
256		259
257	STACK_OF(SCT) o2i_SCT_LIST(STACK_OF(SCT) a, const unsigned char *pp,	260	STACK_OF(SCT) *
258	size_t len)	261	o2i_SCT_LIST(STACK_OF(SCT) a, const unsigned char pp, size_t len)
259	{	262	{
260	STACK_OF(SCT) *sk = NULL;	263	STACK_OF(SCT) *sk = NULL;
261	size_t list_len, sct_len;	264	size_t list_len, sct_len;
262		265
263	if (len < 2 \|\| len > MAX_SCT_LIST_SIZE) {	266	if (len < 2 \|\| len > MAX_SCT_LIST_SIZE) {
264	CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);	267	CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
265	return NULL;	268	return NULL;
266	}	269	}
267		270
268	n2s(*pp, list_len);	271	n2s(*pp, list_len);
269	if (list_len != len - 2) {	272	if (list_len != len - 2) {
270	CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);	273	CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
271	return NULL;	274	return NULL;
272	}	275	}
273		276
274	if (a == NULL \|\| *a == NULL) {	277	if (a == NULL \|\| *a == NULL) {
275	sk = sk_SCT_new_null();	278	sk = sk_SCT_new_null();
276	if (sk == NULL)	279	if (sk == NULL)
277	return NULL;	280	return NULL;
278	} else {	281	} else {
279	SCT *sct;	282	SCT *sct;
280		283
281	/* Use the given stack, but empty it first. */	284	/* Use the given stack, but empty it first. */
282	sk = *a;	285	sk = *a;
283	while ((sct = sk_SCT_pop(sk)) != NULL)	286	while ((sct = sk_SCT_pop(sk)) != NULL)
284	SCT_free(sct);	287	SCT_free(sct);
285	}	288	}
286		289
287	while (list_len > 0) {	290	while (list_len > 0) {
288	SCT *sct;	291	SCT *sct;
289		292
290	if (list_len < 2) {	293	if (list_len < 2) {
291	CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);	294	CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
292	goto err;	295	goto err;
293	}	296	}
294	n2s(*pp, sct_len);	297	n2s(*pp, sct_len);
295	list_len -= 2;	298	list_len -= 2;
296		299
297	if (sct_len == 0 \|\| sct_len > list_len) {	300	if (sct_len == 0 \|\| sct_len > list_len) {
298	CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);	301	CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
299	goto err;	302	goto err;
300	}	303	}
301	list_len -= sct_len;	304	list_len -= sct_len;
302		305
303	if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)	306	if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
304	goto err;	307	goto err;
305	if (!sk_SCT_push(sk, sct)) {	308	if (!sk_SCT_push(sk, sct)) {
306	SCT_free(sct);	309	SCT_free(sct);
307	goto err;	310	goto err;
308	}	311	}
309	}	312	}
310		313
311	if (a != NULL && *a == NULL)	314	if (a != NULL && *a == NULL)
312	*a = sk;	315	*a = sk;
313	return sk;	316	return sk;
314		317
315	err:	318	err:
316	if (a == NULL \|\| *a == NULL)	319	if (a == NULL \|\| *a == NULL)
317	SCT_LIST_free(sk);	320	SCT_LIST_free(sk);
318	return NULL;	321	return NULL;
319	}	322	}
320		323
321	int i2o_SCT_LIST(const STACK_OF(SCT) a, unsigned char *pp)	324	int
		325	i2o_SCT_LIST(const STACK_OF(SCT) a, unsigned char *pp)
322	{	326	{
323	int len, sct_len, i, is_pp_new = 0;	327	int len, sct_len, i, is_pp_new = 0;
324	size_t len2;	328	size_t len2;
325	unsigned char p = NULL, p2;	329	unsigned char p = NULL, p2;
326		330
327	if (pp != NULL) {	331	if (pp != NULL) {
328	if (*pp == NULL) {	332	if (*pp == NULL) {
329	if ((len = i2o_SCT_LIST(a, NULL)) == -1) {	333	if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
330	CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);	334	CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);
331	return -1;	335	return -1;
332	}	336	}
333	if ((*pp = OPENSSL_malloc(len)) == NULL) {	337	if ((*pp = OPENSSL_malloc(len)) == NULL) {
334	CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);	338	CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);
335	return -1;	339	return -1;
336	}	340	}
337	is_pp_new = 1;	341	is_pp_new = 1;
338	}	342	}
339	p = *pp + 2;	343	p = *pp + 2;
340	}	344	}
341		345
342	len2 = 2;	346	len2 = 2;
343	for (i = 0; i < sk_SCT_num(a); i++) {	347	for (i = 0; i < sk_SCT_num(a); i++) {
344	if (pp != NULL) {	348	if (pp != NULL) {
345	p2 = p;	349	p2 = p;
346	p += 2;	350	p += 2;
347	if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)	351	if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
348	goto err;	352	goto err;
349	s2n(sct_len, p2);	353	s2n(sct_len, p2);
350	} else {	354	} else {
351	if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)	355	if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
352	goto err;	356	goto err;
353	}	357	}
354	len2 += 2 + sct_len;	358	len2 += 2 + sct_len;
355	}	359	}
356		360
357	if (len2 > MAX_SCT_LIST_SIZE)	361	if (len2 > MAX_SCT_LIST_SIZE)
358	goto err;	362	goto err;
359		363
360	if (pp != NULL) {	364	if (pp != NULL) {
361	p = *pp;	365	p = *pp;
362	s2n(len2 - 2, p);	366	s2n(len2 - 2, p);
363	if (!is_pp_new)	367	if (!is_pp_new)
364	*pp += len2;	368	*pp += len2;
365	}	369	}
366	return len2;	370	return len2;
367		371
368	err:	372	err:
369	if (is_pp_new) {	373	if (is_pp_new) {
370	OPENSSL_free(*pp);	374	OPENSSL_free(*pp);
371	*pp = NULL;	375	*pp = NULL;
372	}	376	}
373	return -1;	377	return -1;
374	}	378	}
375		379
376	STACK_OF(SCT) d2i_SCT_LIST(STACK_OF(SCT) a, const unsigned char *pp,	380	STACK_OF(SCT) *
377	long len)	381	d2i_SCT_LIST(STACK_OF(SCT) a, const unsigned char pp, long len)
378	{	382	{
379	ASN1_OCTET_STRING *oct = NULL;	383	ASN1_OCTET_STRING *oct = NULL;
380	STACK_OF(SCT) *sk = NULL;	384	STACK_OF(SCT) *sk = NULL;
381	const unsigned char *p;	385	const unsigned char *p;
382		386
383	p = *pp;	387	p = *pp;
384	if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)	388	if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
385	return NULL;	389	return NULL;
386		390
387	p = oct->data;	391	p = oct->data;
388	if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)	392	if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
389	*pp += len;	393	*pp += len;
390		394
391	ASN1_OCTET_STRING_free(oct);	395	ASN1_OCTET_STRING_free(oct);
392	return sk;	396	return sk;
393	}	397	}
394		398
395	int i2d_SCT_LIST(const STACK_OF(SCT) a, unsigned char *out)	399	int
		400	i2d_SCT_LIST(const STACK_OF(SCT) a, unsigned char *out)
396	{	401	{
397	ASN1_OCTET_STRING oct;	402	ASN1_OCTET_STRING oct;
398	int len;	403	int len;
399		404
400	oct.data = NULL;	405	oct.data = NULL;
401	if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)	406	if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
402	return -1;	407	return -1;
403		408
404	len = i2d_ASN1_OCTET_STRING(&oct, out);	409	len = i2d_ASN1_OCTET_STRING(&oct, out);
405	OPENSSL_free(oct.data);	410	OPENSSL_free(oct.data);
406	return len;	411	return len;
407	}	412	}