Coverage Report

Created: 2024-11-21 07:03

/src/openssl/crypto/ct/ct_oct.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#ifdef OPENSSL_NO_CT
11
# error "CT is disabled"
12
#endif
13
14
#include <limits.h>
15
#include <string.h>
16
17
#include <openssl/asn1.h>
18
#include <openssl/buffer.h>
19
#include <openssl/ct.h>
20
#include <openssl/err.h>
21
22
#include "ct_local.h"
23
24
int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
25
0
{
26
0
    size_t siglen;
27
0
    size_t len_remaining = len;
28
0
    const unsigned char *p;
29
30
0
    if (sct->version != SCT_VERSION_V1) {
31
0
        ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
32
0
        return -1;
33
0
    }
34
    /*
35
     * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
36
     * Signature algorithm (2 bytes + ?) Signature
37
     *
38
     * This explicitly rejects empty signatures: they're invalid for
39
     * all supported algorithms.
40
     */
41
0
    if (len <= 4) {
42
0
        ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
43
0
        return -1;
44
0
    }
45
46
0
    p = *in;
47
    /* Get hash and signature algorithm */
48
0
    sct->hash_alg = *p++;
49
0
    sct->sig_alg = *p++;
50
0
    if (SCT_get_signature_nid(sct) == NID_undef) {
51
0
        ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
52
0
        return -1;
53
0
    }
54
    /* Retrieve signature and check it is consistent with the buffer length */
55
0
    n2s(p, siglen);
56
0
    len_remaining -= (p - *in);
57
0
    if (siglen > len_remaining) {
58
0
        ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
59
0
        return -1;
60
0
    }
61
62
0
    if (SCT_set1_signature(sct, p, siglen) != 1)
63
0
        return -1;
64
0
    len_remaining -= siglen;
65
0
    *in = p + siglen;
66
67
0
    return len - len_remaining;
68
0
}
69
70
SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
71
0
{
72
0
    SCT *sct = NULL;
73
0
    const unsigned char *p;
74
75
0
    if (len == 0 || len > MAX_SCT_SIZE) {
76
0
        ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
77
0
        goto err;
78
0
    }
79
80
0
    if ((sct = SCT_new()) == NULL)
81
0
        goto err;
82
83
0
    p = *in;
84
85
0
    sct->version = *p;
86
0
    if (sct->version == SCT_VERSION_V1) {
87
0
        int sig_len;
88
0
        size_t len2;
89
        /*-
90
         * Fixed-length header:
91
         *   struct {
92
         *     Version sct_version;     (1 byte)
93
         *     log_id id;               (32 bytes)
94
         *     uint64 timestamp;        (8 bytes)
95
         *     CtExtensions extensions; (2 bytes + ?)
96
         *   }
97
         */
98
0
        if (len < 43) {
99
0
            ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
100
0
            goto err;
101
0
        }
102
0
        len -= 43;
103
0
        p++;
104
0
        sct->log_id = OPENSSL_memdup(p, CT_V1_HASHLEN);
105
0
        if (sct->log_id == NULL)
106
0
            goto err;
107
0
        sct->log_id_len = CT_V1_HASHLEN;
108
0
        p += CT_V1_HASHLEN;
109
110
0
        n2l8(p, sct->timestamp);
111
112
0
        n2s(p, len2);
113
0
        if (len < len2) {
114
0
            ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
115
0
            goto err;
116
0
        }
117
0
        if (len2 > 0) {
118
0
            sct->ext = OPENSSL_memdup(p, len2);
119
0
            if (sct->ext == NULL)
120
0
                goto err;
121
0
        }
122
0
        sct->ext_len = len2;
123
0
        p += len2;
124
0
        len -= len2;
125
126
0
        sig_len = o2i_SCT_signature(sct, &p, len);
127
0
        if (sig_len <= 0) {
128
0
            ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
129
0
            goto err;
130
0
        }
131
0
        len -= sig_len;
132
0
        *in = p + len;
133
0
    } else {
134
        /* If not V1 just cache encoding */
135
0
        sct->sct = OPENSSL_memdup(p, len);
136
0
        if (sct->sct == NULL)
137
0
            goto err;
138
0
        sct->sct_len = len;
139
0
        *in = p + len;
140
0
    }
141
142
0
    if (psct != NULL) {
143
0
        SCT_free(*psct);
144
0
        *psct = sct;
145
0
    }
146
147
0
    return sct;
148
0
err:
149
0
    SCT_free(sct);
150
0
    return NULL;
151
0
}
152
153
int i2o_SCT_signature(const SCT *sct, unsigned char **out)
154
0
{
155
0
    size_t len;
156
0
    unsigned char *p = NULL, *pstart = NULL;
157
158
0
    if (!SCT_signature_is_complete(sct)) {
159
0
        ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
160
0
        goto err;
161
0
    }
162
163
0
    if (sct->version != SCT_VERSION_V1) {
164
0
        ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
165
0
        goto err;
166
0
    }
167
168
    /*
169
    * (1 byte) Hash algorithm
170
    * (1 byte) Signature algorithm
171
    * (2 bytes + ?) Signature
172
    */
173
0
    len = 4 + sct->sig_len;
174
175
0
    if (out != NULL) {
176
0
        if (*out != NULL) {
177
0
            p = *out;
178
0
            *out += len;
179
0
        } else {
180
0
            pstart = p = OPENSSL_malloc(len);
181
0
            if (p == NULL)
182
0
                goto err;
183
0
            *out = p;
184
0
        }
185
186
0
        *p++ = sct->hash_alg;
187
0
        *p++ = sct->sig_alg;
188
0
        s2n(sct->sig_len, p);
189
0
        memcpy(p, sct->sig, sct->sig_len);
190
0
    }
191
192
0
    return len;
193
0
err:
194
0
    OPENSSL_free(pstart);
195
0
    return -1;
196
0
}
197
198
int i2o_SCT(const SCT *sct, unsigned char **out)
199
0
{
200
0
    size_t len;
201
0
    unsigned char *p = NULL, *pstart = NULL;
202
203
0
    if (!SCT_is_complete(sct)) {
204
0
        ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET);
205
0
        goto err;
206
0
    }
207
    /*
208
     * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
209
     * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
210
     * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
211
     * bytes + ?) Signature
212
     */
213
0
    if (sct->version == SCT_VERSION_V1)
214
0
        len = 43 + sct->ext_len + 4 + sct->sig_len;
215
0
    else
216
0
        len = sct->sct_len;
217
218
0
    if (out == NULL)
219
0
        return len;
220
221
0
    if (*out != NULL) {
222
0
        p = *out;
223
0
        *out += len;
224
0
    } else {
225
0
        pstart = p = OPENSSL_malloc(len);
226
0
        if (p == NULL)
227
0
            goto err;
228
0
        *out = p;
229
0
    }
230
231
0
    if (sct->version == SCT_VERSION_V1) {
232
0
        *p++ = sct->version;
233
0
        memcpy(p, sct->log_id, CT_V1_HASHLEN);
234
0
        p += CT_V1_HASHLEN;
235
0
        l2n8(sct->timestamp, p);
236
0
        s2n(sct->ext_len, p);
237
0
        if (sct->ext_len > 0) {
238
0
            memcpy(p, sct->ext, sct->ext_len);
239
0
            p += sct->ext_len;
240
0
        }
241
0
        if (i2o_SCT_signature(sct, &p) <= 0)
242
0
            goto err;
243
0
    } else {
244
0
        memcpy(p, sct->sct, len);
245
0
    }
246
247
0
    return len;
248
0
err:
249
0
    OPENSSL_free(pstart);
250
0
    return -1;
251
0
}
252
253
STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
254
                            size_t len)
255
0
{
256
0
    STACK_OF(SCT) *sk = NULL;
257
0
    size_t list_len, sct_len;
258
259
0
    if (len < 2 || len > MAX_SCT_LIST_SIZE) {
260
0
        ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
261
0
        return NULL;
262
0
    }
263
264
0
    n2s(*pp, list_len);
265
0
    if (list_len != len - 2) {
266
0
        ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
267
0
        return NULL;
268
0
    }
269
270
0
    if (a == NULL || *a == NULL) {
271
0
        sk = sk_SCT_new_null();
272
0
        if (sk == NULL)
273
0
            return NULL;
274
0
    } else {
275
0
        SCT *sct;
276
277
        /* Use the given stack, but empty it first. */
278
0
        sk = *a;
279
0
        while ((sct = sk_SCT_pop(sk)) != NULL)
280
0
            SCT_free(sct);
281
0
    }
282
283
0
    while (list_len > 0) {
284
0
        SCT *sct;
285
286
0
        if (list_len < 2) {
287
0
            ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
288
0
            goto err;
289
0
        }
290
0
        n2s(*pp, sct_len);
291
0
        list_len -= 2;
292
293
0
        if (sct_len == 0 || sct_len > list_len) {
294
0
            ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
295
0
            goto err;
296
0
        }
297
0
        list_len -= sct_len;
298
299
0
        if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
300
0
            goto err;
301
0
        if (!sk_SCT_push(sk, sct)) {
302
0
            SCT_free(sct);
303
0
            goto err;
304
0
        }
305
0
    }
306
307
0
    if (a != NULL && *a == NULL)
308
0
        *a = sk;
309
0
    return sk;
310
311
0
 err:
312
0
    if (a == NULL || *a == NULL)
313
0
        SCT_LIST_free(sk);
314
0
    return NULL;
315
0
}
316
317
int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
318
0
{
319
0
    int len, sct_len, i, is_pp_new = 0;
320
0
    size_t len2;
321
0
    unsigned char *p = NULL, *p2;
322
323
0
    if (pp != NULL) {
324
0
        if (*pp == NULL) {
325
0
            if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
326
0
                ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
327
0
                return -1;
328
0
            }
329
0
            if ((*pp = OPENSSL_malloc(len)) == NULL)
330
0
                return -1;
331
0
            is_pp_new = 1;
332
0
        }
333
0
        p = *pp + 2;
334
0
    }
335
336
0
    len2 = 2;
337
0
    for (i = 0; i < sk_SCT_num(a); i++) {
338
0
        if (pp != NULL) {
339
0
            p2 = p;
340
0
            p += 2;
341
0
            if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
342
0
                goto err;
343
0
            s2n(sct_len, p2);
344
0
        } else {
345
0
          if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
346
0
              goto err;
347
0
        }
348
0
        len2 += 2 + sct_len;
349
0
    }
350
351
0
    if (len2 > MAX_SCT_LIST_SIZE)
352
0
        goto err;
353
354
0
    if (pp != NULL) {
355
0
        p = *pp;
356
0
        s2n(len2 - 2, p);
357
0
        if (!is_pp_new)
358
0
            *pp += len2;
359
0
    }
360
0
    return len2;
361
362
0
 err:
363
0
    if (is_pp_new) {
364
0
        OPENSSL_free(*pp);
365
0
        *pp = NULL;
366
0
    }
367
0
    return -1;
368
0
}
369
370
STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
371
                            long len)
372
0
{
373
0
    ASN1_OCTET_STRING *oct = NULL;
374
0
    STACK_OF(SCT) *sk = NULL;
375
0
    const unsigned char *p;
376
377
0
    p = *pp;
378
0
    if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
379
0
        return NULL;
380
381
0
    p = oct->data;
382
0
    if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
383
0
        *pp += len;
384
385
0
    ASN1_OCTET_STRING_free(oct);
386
0
    return sk;
387
0
}
388
389
int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
390
0
{
391
0
    ASN1_OCTET_STRING oct;
392
0
    int len;
393
394
0
    oct.data = NULL;
395
0
    if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
396
0
        return -1;
397
398
0
    len = i2d_ASN1_OCTET_STRING(&oct, out);
399
0
    OPENSSL_free(oct.data);
400
0
    return len;
401
0
}