2 files changed, 149 insertions, 151 deletions
diff --git a/src/lib/libcrypto/ct/ct_local.h b/src/lib/libcrypto/ct/ct_local.h
index 14d1e5d7e9..109d50255b 100644
--- a/src/lib/libcrypto/ct/ct_local.h
+++ b/src/lib/libcrypto/ct/ct_local.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ct_local.h,v 1.4 2021/12/05 09:37:46 tb Exp $ */
+/*      $OpenBSD: ct_local.h,v 1.5 2021/12/18 15:59:50 jsing Exp $ */
 /*
 * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
@@ -9,26 +9,24 @@
 */
 #include <stddef.h>
 #include <openssl/ct.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/safestack.h>
-/*
+/* Number of bytes in an SCT v1 LogID - see RFC 6962 section 3.2. */
- * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT
+#define CT_V1_LOG_ID_LEN        32
- * sct_list <1..2^16-1>; } SignedCertificateTimestampList;
- */
+/* Maximum size of an SCT - see RFC 6962 section 3.3. */
 #define MAX_SCT_SIZE            65535
 #define MAX_SCT_LIST_SIZE       MAX_SCT_SIZE
 /*
- * Macros to read and write integers in network-byte order.
+ * Macros to write integers in network-byte order.
 */
-#define n2s(c,s)        ((s=(((unsigned int)((c)[0]))<< 8)| \
-                            (((unsigned int)((c)[1]))    )),c+=2)
 #define s2n(s,c)        ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
                          c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
@@ -36,15 +34,6 @@
                          c[1]=(unsigned char)(((l)>> 8)&0xff), \
                          c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
-#define n2l8(c,l)       (l =((uint64_t)(*((c)++)))<<56, \
-                         l|=((uint64_t)(*((c)++)))<<48, \
-                         l|=((uint64_t)(*((c)++)))<<40, \
-                         l|=((uint64_t)(*((c)++)))<<32, \
-                         l|=((uint64_t)(*((c)++)))<<24, \
-                         l|=((uint64_t)(*((c)++)))<<16, \
-                         l|=((uint64_t)(*((c)++)))<< 8, \
-                         l|=((uint64_t)(*((c)++))))
 #define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
diff --git a/src/lib/libcrypto/ct/ct_oct.c b/src/lib/libcrypto/ct/ct_oct.c
index 1163c8b364..4ea58aeb8a 100644
--- a/src/lib/libcrypto/ct/ct_oct.c
+++ b/src/lib/libcrypto/ct/ct_oct.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ct_oct.c,v 1.4 2021/12/05 09:37:46 tb Exp $ */
+/*      $OpenBSD: ct_oct.c,v 1.5 2021/12/18 15:59:50 jsing Exp $ */
 /*
 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 *
@@ -20,148 +20,164 @@
 #include <openssl/ct.h>
 #include <openssl/err.h>
+#include "bytestring.h"
 #include "ct_local.h"
-int
+static int
-o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
+o2i_SCT_signature_internal(SCT *sct, CBS *cbs)
 {
-        size_t siglen;
+        uint8_t hash_alg, sig_alg;
-        size_t len_remaining = len;
+        CBS signature;
-        const unsigned char *p;
        if (sct->version != SCT_VERSION_V1) {
                CTerror(CT_R_UNSUPPORTED_VERSION);
-                return -1;
+                return 0;
        }
        /*
-         * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
+         * Parse a digitally-signed element - see RFC 6962 section 3.2 and
-         * Signature algorithm (2 bytes + ?) Signature
+         * RFC 5246 sections 4.7 and 7.4.1.4.1.
-         *
-         * This explicitly rejects empty signatures: they're invalid for
-         * all supported algorithms.
         */
-        if (len <= 4) {
+        if (!CBS_get_u8(cbs, &hash_alg))
-                CTerror(CT_R_SCT_INVALID_SIGNATURE);
+                goto err_invalid;
-                return -1;
+        if (!CBS_get_u8(cbs, &sig_alg))
-        }
+                goto err_invalid;
+        if (!CBS_get_u16_length_prefixed(cbs, &signature))
+                goto err_invalid;
+        if (CBS_len(cbs) != 0)
+                goto err_invalid;
-        p = *in;
-        /* Get hash and signature algorithm */
-        sct->hash_alg = *p++;
-        sct->sig_alg = *p++;
-        if (SCT_get_signature_nid(sct) == NID_undef) {
-                CTerror(CT_R_SCT_INVALID_SIGNATURE);
-                return -1;
-        }
        /*
-         * Retrieve signature and check it is consistent with the buffer 
+         * Reject empty signatures since they are invalid for all supported
-         * length
+         * algorithms (this really should be done by SCT_set1_signature()).
         */
-        n2s(p, siglen);
+        if (CBS_len(&signature) == 0)
-        len_remaining -= (p - *in);
+                goto err_invalid;
-        if (siglen > len_remaining) {
-                CTerror(CT_R_SCT_INVALID_SIGNATURE);
+        sct->hash_alg = hash_alg;
+        sct->sig_alg = sig_alg;
+        if (SCT_get_signature_nid(sct) == NID_undef)
+                goto err_invalid;
+        if (!SCT_set1_signature(sct, CBS_data(&signature), CBS_len(&signature)))
+                return 0;
+        return 1;
+ err_invalid:
+        CTerror(CT_R_SCT_INVALID_SIGNATURE);
+        return 0;
+}
+int
+o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
+{
+        size_t sig_len;
+        CBS cbs;
+        CBS_init(&cbs, *in, len);
+        if (!o2i_SCT_signature_internal(sct, &cbs))
                return -1;
-        }
-        if (SCT_set1_signature(sct, p, siglen) != 1)
+        sig_len = len - CBS_len(&cbs);
+        if (sig_len > INT_MAX)
                return -1;
-        len_remaining -= siglen;
-        *in = p + siglen;
-        return len - len_remaining;
+        *in = CBS_data(&cbs);
+        return sig_len;
 }
-SCT *
+static int
-o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
+o2i_SCT_internal(SCT **out_sct, CBS *cbs)
 {
        SCT *sct = NULL;
-        const unsigned char *p;
+        uint8_t version;
-        /*
+        *out_sct = NULL;
-         * XXX paging Dr Sing. please report to this function for an emergency
-         * CBS/CBB implantation surgery. Stat.
-         */
-        if (len == 0 || len > MAX_SCT_SIZE) {
-                CTerror(CT_R_SCT_INVALID);
-                goto err;
-        }
        if ((sct = SCT_new()) == NULL)
                goto err;
-        p = *in;
+        if (CBS_len(cbs) > MAX_SCT_SIZE)
+                goto err_invalid;
+        if (!CBS_peek_u8(cbs, &version))
+                goto err_invalid;
-        sct->version = *p;
+        sct->version = version;
-        if (sct->version == SCT_VERSION_V1) {
-                int sig_len;
+        if (version == SCT_VERSION_V1) {
-                size_t len2;
+                CBS extensions, log_id;
-                /*-
+                uint64_t timestamp;
-                 * Fixed-length header:
-                 *   struct {
+                /*
-                 *     Version sct_version;     (1 byte)
+                 * Parse a v1 SignedCertificateTimestamp - see RFC 6962
-                 *     log_id id;               (32 bytes)
+                 * section 3.2.
-                 *     uint64 timestamp;        (8 bytes)
-                 *     CtExtensions extensions; (2 bytes + ?)
-                 *   }
                 */
-                if (len < 43) {
+                if (!CBS_get_u8(cbs, &version))
-                        CTerror(CT_R_SCT_INVALID);
+                        goto err_invalid;
-                        goto err;
+                if (!CBS_get_bytes(cbs, &log_id, CT_V1_LOG_ID_LEN))
-                }
+                        goto err_invalid;
-                len -= 43;
+                if (!CBS_get_u64(cbs, &timestamp))
-                p++;
+                        goto err_invalid;
-                sct->log_id = malloc(CT_V1_HASHLEN);
+                if (!CBS_get_u16_length_prefixed(cbs, &extensions))
-                if (sct->log_id == NULL)
+                        goto err_invalid;
+                if (!CBS_stow(&log_id, &sct->log_id, &sct->log_id_len))
                        goto err;
-                memcpy(sct->log_id, p, CT_V1_HASHLEN);
-                sct->log_id_len = CT_V1_HASHLEN;
-                p += CT_V1_HASHLEN;
-                n2l8(p, sct->timestamp);
+                sct->timestamp = timestamp;
-                n2s(p, len2);
+                if (!CBS_stow(&extensions, &sct->ext, &sct->ext_len))
-                if (len < len2) {
-                        CTerror(CT_R_SCT_INVALID);
                        goto err;
-                }
-                if (len2 > 0) {
-                        sct->ext = malloc(len2);
-                        if (sct->ext == NULL)
-                                goto err;
-                        memcpy(sct->ext, p, len2);
-                }
-                sct->ext_len = len2;
-                p += len2;
-                len -= len2;
-                sig_len = o2i_SCT_signature(sct, &p, len);
+                if (!o2i_SCT_signature_internal(sct, cbs))
-                if (sig_len <= 0) {
-                        CTerror(CT_R_SCT_INVALID);
                        goto err;
-                }
-                len -= sig_len;
+                if (CBS_len(cbs) != 0)
-                *in = p + len;
+                        goto err_invalid;
        } else {
-                /* If not V1 just cache encoding */
+                /* If not V1 just cache encoding. */
-                sct->sct = malloc(len);
+                if (!CBS_stow(cbs, &sct->sct, &sct->sct_len))
-                if (sct->sct == NULL)
                        goto err;
-                memcpy(sct->sct, p, len);
-                sct->sct_len = len;
-                *in = p + len;
        }
+        *out_sct = sct;
+        return 1;
+ err_invalid:
+        CTerror(CT_R_SCT_INVALID);
+ err:
+        SCT_free(sct);
+        return 0;
+}
+SCT *
+o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
+{
+        SCT *sct;
+        CBS cbs;
+        CBS_init(&cbs, *in, len);
        if (psct != NULL) {
                SCT_free(*psct);
-                *psct = sct;
+                *psct = NULL;
        }
+        if (!o2i_SCT_internal(&sct, &cbs))
+                return NULL;
+        if (psct != NULL)
+                *psct = sct;
+        *in = CBS_data(&cbs);
        return sct;
- err:
-        SCT_free(sct);
-        return NULL;
 }
 int
@@ -271,52 +287,39 @@ i2o_SCT(const SCT *sct, unsigned char **out)
 }
 STACK_OF(SCT) *
-o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, size_t len)
+o2i_SCT_LIST(STACK_OF(SCT) **scts, const unsigned char **pp, size_t len)
 {
+        CBS cbs, cbs_scts, cbs_sct;
        STACK_OF(SCT) *sk = NULL;
-        size_t list_len, sct_len;
-        if (len < 2 || len > MAX_SCT_LIST_SIZE) {
+        CBS_init(&cbs, *pp, len);
-                CTerror(CT_R_SCT_LIST_INVALID);
-                return NULL;
-        }
-        n2s(*pp, list_len);
+        if (CBS_len(&cbs) > MAX_SCT_LIST_SIZE)
-        if (list_len != len - 2) {
+                goto err_invalid;
-                CTerror(CT_R_SCT_LIST_INVALID);
+        if (!CBS_get_u16_length_prefixed(&cbs, &cbs_scts))
-                return NULL;
+                goto err_invalid;
-        }
+        if (CBS_len(&cbs) != 0)
+                goto err_invalid;
-        if (a == NULL || *a == NULL) {
+        if (scts == NULL || *scts == NULL) {
-                sk = sk_SCT_new_null();
+                if ((sk = sk_SCT_new_null()) == NULL)
-                if (sk == NULL)
                        return NULL;
        } else {
                SCT *sct;
                /* Use the given stack, but empty it first. */
-                sk = *a;
+                sk = *scts;
                while ((sct = sk_SCT_pop(sk)) != NULL)
                        SCT_free(sct);
        }
-        while (list_len > 0) {
+        while (CBS_len(&cbs_scts) > 0) {
                SCT *sct;
-                if (list_len < 2) {
+                if (!CBS_get_u16_length_prefixed(&cbs_scts, &cbs_sct))
-                        CTerror(CT_R_SCT_LIST_INVALID);
+                        goto err_invalid;
-                        goto err;
-                }
-                n2s(*pp, sct_len);
-                list_len -= 2;
-                if (sct_len == 0 || sct_len > list_len) {
+                if (!o2i_SCT_internal(&sct, &cbs_sct))
-                        CTerror(CT_R_SCT_LIST_INVALID);
-                        goto err;
-                }
-                list_len -= sct_len;
-                if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
                        goto err;
                if (!sk_SCT_push(sk, sct)) {
                        SCT_free(sct);
@@ -324,13 +327,19 @@ o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, size_t len)
                }
        }
-        if (a != NULL && *a == NULL)
+        if (scts != NULL && *scts == NULL)
-                *a = sk;
+                *scts = sk;
+        *pp = CBS_data(&cbs);
        return sk;
+ err_invalid:
+        CTerror(CT_R_SCT_LIST_INVALID);
 err:
-        if (a == NULL || *a == NULL)
+        if (scts == NULL || *scts == NULL)
                SCT_LIST_free(sk);
        return NULL;
 }

diff --git a/src/lib/libcrypto/ct/ct_local.h b/src/lib/libcrypto/ct/ct_local.h index 14d1e5d7e9..109d50255b 100644 --- a/src/lib/libcrypto/ct/ct_local.h +++ b/src/lib/libcrypto/ct/ct_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ct_local.h,v 1.4 2021/12/05 09:37:46 tb Exp $ */	1	/* $OpenBSD: ct_local.h,v 1.5 2021/12/18 15:59:50 jsing Exp $ */
2	/*	2	/*
3	* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.	3	* Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
4	*	4	*
@@ -9,26 +9,24 @@
9	*/	9	*/
10		10
11	#include <stddef.h>	11	#include <stddef.h>
		12
12	#include <openssl/ct.h>	13	#include <openssl/ct.h>
13	#include <openssl/evp.h>	14	#include <openssl/evp.h>
14	#include <openssl/x509.h>	15	#include <openssl/x509.h>
15	#include <openssl/x509v3.h>	16	#include <openssl/x509v3.h>
16	#include <openssl/safestack.h>	17	#include <openssl/safestack.h>
17		18
18	/*	19	/* Number of bytes in an SCT v1 LogID - see RFC 6962 section 3.2. */
19	* From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT	20	#define CT_V1_LOG_ID_LEN 32
20	* sct_list <1..2^16-1>; } SignedCertificateTimestampList;	21
21	*/	22	/* Maximum size of an SCT - see RFC 6962 section 3.3. */
22	#define MAX_SCT_SIZE 65535	23	#define MAX_SCT_SIZE 65535
23	#define MAX_SCT_LIST_SIZE MAX_SCT_SIZE	24	#define MAX_SCT_LIST_SIZE MAX_SCT_SIZE
24		25
25	/*	26	/*
26	* Macros to read and write integers in network-byte order.	27	* Macros to write integers in network-byte order.
27	*/	28	*/
28		29
29	#define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)\| \
30	(((unsigned int)((c)[1])) )),c+=2)
31
32	#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \	30	#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
33	c[1]=(unsigned char)(((s) )&0xff)),c+=2)	31	c[1]=(unsigned char)(((s) )&0xff)),c+=2)
34		32
@@ -36,15 +34,6 @@
36	c[1]=(unsigned char)(((l)>> 8)&0xff), \	34	c[1]=(unsigned char)(((l)>> 8)&0xff), \
37	c[2]=(unsigned char)(((l) )&0xff)),c+=3)	35	c[2]=(unsigned char)(((l) )&0xff)),c+=3)
38		36
39	#define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \
40	l\|=((uint64_t)(*((c)++)))<<48, \
41	l\|=((uint64_t)(*((c)++)))<<40, \
42	l\|=((uint64_t)(*((c)++)))<<32, \
43	l\|=((uint64_t)(*((c)++)))<<24, \
44	l\|=((uint64_t)(*((c)++)))<<16, \
45	l\|=((uint64_t)(*((c)++)))<< 8, \
46	l\|=((uint64_t)(*((c)++))))
47
48	#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \	37	#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
49	*((c)++)=(unsigned char)(((l)>>48)&0xff), \	38	*((c)++)=(unsigned char)(((l)>>48)&0xff), \
50	*((c)++)=(unsigned char)(((l)>>40)&0xff), \	39	*((c)++)=(unsigned char)(((l)>>40)&0xff), \


diff --git a/src/lib/libcrypto/ct/ct_oct.c b/src/lib/libcrypto/ct/ct_oct.c index 1163c8b364..4ea58aeb8a 100644 --- a/src/lib/libcrypto/ct/ct_oct.c +++ b/src/lib/libcrypto/ct/ct_oct.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ct_oct.c,v 1.4 2021/12/05 09:37:46 tb Exp $ */	1	/* $OpenBSD: ct_oct.c,v 1.5 2021/12/18 15:59:50 jsing Exp $ */
2	/*	2	/*
3	* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.	3	* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4	*	4	*
@@ -20,148 +20,164 @@
20	#include <openssl/ct.h>	20	#include <openssl/ct.h>
21	#include <openssl/err.h>	21	#include <openssl/err.h>
22		22
		23	#include "bytestring.h"
23	#include "ct_local.h"	24	#include "ct_local.h"
24		25
25	int	26	static int
26	o2i_SCT_signature(SCT sct, const unsigned char *in, size_t len)	27	o2i_SCT_signature_internal(SCT sct, CBS cbs)
27	{	28	{
28	size_t siglen;	29	uint8_t hash_alg, sig_alg;
29	size_t len_remaining = len;	30	CBS signature;
30	const unsigned char *p;
31		31
32	if (sct->version != SCT_VERSION_V1) {	32	if (sct->version != SCT_VERSION_V1) {
33	CTerror(CT_R_UNSUPPORTED_VERSION);	33	CTerror(CT_R_UNSUPPORTED_VERSION);
34	return -1;	34	return 0;
35	}	35	}
		36
36	/*	37	/*
37	* digitally-signed struct header: (1 byte) Hash algorithm (1 byte)	38	* Parse a digitally-signed element - see RFC 6962 section 3.2 and
38	* Signature algorithm (2 bytes + ?) Signature	39	* RFC 5246 sections 4.7 and 7.4.1.4.1.
39	*
40	* This explicitly rejects empty signatures: they're invalid for
41	* all supported algorithms.
42	*/	40	*/
43	if (len <= 4) {	41	if (!CBS_get_u8(cbs, &hash_alg))
44	CTerror(CT_R_SCT_INVALID_SIGNATURE);	42	goto err_invalid;
45	return -1;	43	if (!CBS_get_u8(cbs, &sig_alg))
46	}	44	goto err_invalid;
		45	if (!CBS_get_u16_length_prefixed(cbs, &signature))
		46	goto err_invalid;
		47	if (CBS_len(cbs) != 0)
		48	goto err_invalid;
47		49
48	p = *in;
49	/* Get hash and signature algorithm */
50	sct->hash_alg = *p++;
51	sct->sig_alg = *p++;
52	if (SCT_get_signature_nid(sct) == NID_undef) {
53	CTerror(CT_R_SCT_INVALID_SIGNATURE);
54	return -1;
55	}
56	/*	50	/*
57	* Retrieve signature and check it is consistent with the buffer	51	* Reject empty signatures since they are invalid for all supported
58	* length	52	* algorithms (this really should be done by SCT_set1_signature()).
59	*/	53	*/
60	n2s(p, siglen);	54	if (CBS_len(&signature) == 0)
61	len_remaining -= (p - *in);	55	goto err_invalid;
62	if (siglen > len_remaining) {	56
63	CTerror(CT_R_SCT_INVALID_SIGNATURE);	57	sct->hash_alg = hash_alg;
		58	sct->sig_alg = sig_alg;
		59
		60	if (SCT_get_signature_nid(sct) == NID_undef)
		61	goto err_invalid;
		62
		63	if (!SCT_set1_signature(sct, CBS_data(&signature), CBS_len(&signature)))
		64	return 0;
		65
		66	return 1;
		67
		68	err_invalid:
		69	CTerror(CT_R_SCT_INVALID_SIGNATURE);
		70	return 0;
		71	}
		72
		73	int
		74	o2i_SCT_signature(SCT sct, const unsigned char *in, size_t len)
		75	{
		76	size_t sig_len;
		77	CBS cbs;
		78
		79	CBS_init(&cbs, *in, len);
		80
		81	if (!o2i_SCT_signature_internal(sct, &cbs))
64	return -1;	82	return -1;
65	}
66		83
67	if (SCT_set1_signature(sct, p, siglen) != 1)	84	sig_len = len - CBS_len(&cbs);
		85	if (sig_len > INT_MAX)
68	return -1;	86	return -1;
69	len_remaining -= siglen;
70	*in = p + siglen;
71		87
72	return len - len_remaining;	88	*in = CBS_data(&cbs);
		89
		90	return sig_len;
73	}	91	}
74		92
75	SCT *	93	static int
76	o2i_SCT(SCT psct, const unsigned char in, size_t len)	94	o2i_SCT_internal(SCT *out_sct, CBS cbs)
77	{	95	{
78	SCT *sct = NULL;	96	SCT *sct = NULL;
79	const unsigned char *p;	97	uint8_t version;
80		98
81	/*	99	*out_sct = NULL;
82	* XXX paging Dr Sing. please report to this function for an emergency
83	* CBS/CBB implantation surgery. Stat.
84	*/
85
86	if (len == 0 \|\| len > MAX_SCT_SIZE) {
87	CTerror(CT_R_SCT_INVALID);
88	goto err;
89	}
90		100
91	if ((sct = SCT_new()) == NULL)	101	if ((sct = SCT_new()) == NULL)
92	goto err;	102	goto err;
93		103
94	p = *in;	104	if (CBS_len(cbs) > MAX_SCT_SIZE)
		105	goto err_invalid;
		106	if (!CBS_peek_u8(cbs, &version))
		107	goto err_invalid;
95		108
96	sct->version = *p;	109	sct->version = version;
97	if (sct->version == SCT_VERSION_V1) {	110
98	int sig_len;	111	if (version == SCT_VERSION_V1) {
99	size_t len2;	112	CBS extensions, log_id;
100	/*-	113	uint64_t timestamp;
101	* Fixed-length header:	114
102	* struct {	115	/*
103	* Version sct_version; (1 byte)	116	* Parse a v1 SignedCertificateTimestamp - see RFC 6962
104	* log_id id; (32 bytes)	117	* section 3.2.
105	* uint64 timestamp; (8 bytes)
106	* CtExtensions extensions; (2 bytes + ?)
107	* }
108	*/	118	*/
109	if (len < 43) {	119	if (!CBS_get_u8(cbs, &version))
110	CTerror(CT_R_SCT_INVALID);	120	goto err_invalid;
111	goto err;	121	if (!CBS_get_bytes(cbs, &log_id, CT_V1_LOG_ID_LEN))
112	}	122	goto err_invalid;
113	len -= 43;	123	if (!CBS_get_u64(cbs, &timestamp))
114	p++;	124	goto err_invalid;
115	sct->log_id = malloc(CT_V1_HASHLEN);	125	if (!CBS_get_u16_length_prefixed(cbs, &extensions))
116	if (sct->log_id == NULL)	126	goto err_invalid;
		127
		128	if (!CBS_stow(&log_id, &sct->log_id, &sct->log_id_len))
117	goto err;	129	goto err;
118	memcpy(sct->log_id, p, CT_V1_HASHLEN);
119	sct->log_id_len = CT_V1_HASHLEN;
120	p += CT_V1_HASHLEN;
121		130
122	n2l8(p, sct->timestamp);	131	sct->timestamp = timestamp;
123		132
124	n2s(p, len2);	133	if (!CBS_stow(&extensions, &sct->ext, &sct->ext_len))
125	if (len < len2) {
126	CTerror(CT_R_SCT_INVALID);
127	goto err;	134	goto err;
128	}
129	if (len2 > 0) {
130	sct->ext = malloc(len2);
131	if (sct->ext == NULL)
132	goto err;
133	memcpy(sct->ext, p, len2);
134	}
135	sct->ext_len = len2;
136	p += len2;
137	len -= len2;
138		135
139	sig_len = o2i_SCT_signature(sct, &p, len);	136	if (!o2i_SCT_signature_internal(sct, cbs))
140	if (sig_len <= 0) {
141	CTerror(CT_R_SCT_INVALID);
142	goto err;	137	goto err;
143	}	138
144	len -= sig_len;	139	if (CBS_len(cbs) != 0)
145	*in = p + len;	140	goto err_invalid;
146	} else {	141	} else {
147	/* If not V1 just cache encoding */	142	/* If not V1 just cache encoding. */
148	sct->sct = malloc(len);	143	if (!CBS_stow(cbs, &sct->sct, &sct->sct_len))
149	if (sct->sct == NULL)
150	goto err;	144	goto err;
151	memcpy(sct->sct, p, len);
152	sct->sct_len = len;
153	*in = p + len;
154	}	145	}
155		146
		147	*out_sct = sct;
		148
		149	return 1;
		150
		151	err_invalid:
		152	CTerror(CT_R_SCT_INVALID);
		153	err:
		154	SCT_free(sct);
		155
		156	return 0;
		157	}
		158
		159	SCT *
		160	o2i_SCT(SCT psct, const unsigned char in, size_t len)
		161	{
		162	SCT *sct;
		163	CBS cbs;
		164
		165	CBS_init(&cbs, *in, len);
		166
156	if (psct != NULL) {	167	if (psct != NULL) {
157	SCT_free(*psct);	168	SCT_free(*psct);
158	*psct = sct;	169	*psct = NULL;
159	}	170	}
160		171
		172	if (!o2i_SCT_internal(&sct, &cbs))
		173	return NULL;
		174
		175	if (psct != NULL)
		176	*psct = sct;
		177
		178	*in = CBS_data(&cbs);
		179
161	return sct;	180	return sct;
162	err:
163	SCT_free(sct);
164	return NULL;
165	}	181	}
166		182
167	int	183	int
@@ -271,52 +287,39 @@ i2o_SCT(const SCT sct, unsigned char *out)
271	}	287	}
272		288
273	STACK_OF(SCT) *	289	STACK_OF(SCT) *
274	o2i_SCT_LIST(STACK_OF(SCT) a, const unsigned char pp, size_t len)	290	o2i_SCT_LIST(STACK_OF(SCT) scts, const unsigned char pp, size_t len)
275	{	291	{
		292	CBS cbs, cbs_scts, cbs_sct;
276	STACK_OF(SCT) *sk = NULL;	293	STACK_OF(SCT) *sk = NULL;
277	size_t list_len, sct_len;
278		294
279	if (len < 2 \|\| len > MAX_SCT_LIST_SIZE) {	295	CBS_init(&cbs, *pp, len);
280	CTerror(CT_R_SCT_LIST_INVALID);
281	return NULL;
282	}
283		296
284	n2s(*pp, list_len);	297	if (CBS_len(&cbs) > MAX_SCT_LIST_SIZE)
285	if (list_len != len - 2) {	298	goto err_invalid;
286	CTerror(CT_R_SCT_LIST_INVALID);	299	if (!CBS_get_u16_length_prefixed(&cbs, &cbs_scts))
287	return NULL;	300	goto err_invalid;
288	}	301	if (CBS_len(&cbs) != 0)
		302	goto err_invalid;
289		303
290	if (a == NULL \|\| *a == NULL) {	304	if (scts == NULL \|\| *scts == NULL) {
291	sk = sk_SCT_new_null();	305	if ((sk = sk_SCT_new_null()) == NULL)
292	if (sk == NULL)
293	return NULL;	306	return NULL;
294	} else {	307	} else {
295	SCT *sct;	308	SCT *sct;
296		309
297	/* Use the given stack, but empty it first. */	310	/* Use the given stack, but empty it first. */
298	sk = *a;	311	sk = *scts;
299	while ((sct = sk_SCT_pop(sk)) != NULL)	312	while ((sct = sk_SCT_pop(sk)) != NULL)
300	SCT_free(sct);	313	SCT_free(sct);
301	}	314	}
302		315
303	while (list_len > 0) {	316	while (CBS_len(&cbs_scts) > 0) {
304	SCT *sct;	317	SCT *sct;
305		318
306	if (list_len < 2) {	319	if (!CBS_get_u16_length_prefixed(&cbs_scts, &cbs_sct))
307	CTerror(CT_R_SCT_LIST_INVALID);	320	goto err_invalid;
308	goto err;
309	}
310	n2s(*pp, sct_len);
311	list_len -= 2;
312		321
313	if (sct_len == 0 \|\| sct_len > list_len) {	322	if (!o2i_SCT_internal(&sct, &cbs_sct))
314	CTerror(CT_R_SCT_LIST_INVALID);
315	goto err;
316	}
317	list_len -= sct_len;
318
319	if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
320	goto err;	323	goto err;
321	if (!sk_SCT_push(sk, sct)) {	324	if (!sk_SCT_push(sk, sct)) {
322	SCT_free(sct);	325	SCT_free(sct);
@@ -324,13 +327,19 @@ o2i_SCT_LIST(STACK_OF(SCT) a, const unsigned char pp, size_t len)
324	}	327	}
325	}	328	}
326		329
327	if (a != NULL && *a == NULL)	330	if (scts != NULL && *scts == NULL)
328	*a = sk;	331	*scts = sk;
		332
		333	*pp = CBS_data(&cbs);
		334
329	return sk;	335	return sk;
330		336
		337	err_invalid:
		338	CTerror(CT_R_SCT_LIST_INVALID);
331	err:	339	err:
332	if (a == NULL \|\| *a == NULL)	340	if (scts == NULL \|\| *scts == NULL)
333	SCT_LIST_free(sk);	341	SCT_LIST_free(sk);
		342
334	return NULL;	343	return NULL;
335	}	344	}
336		345