/src/openssl/crypto/ct/ct_oct.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #ifdef OPENSSL_NO_CT |
11 | | # error "CT is disabled" |
12 | | #endif |
13 | | |
14 | | #include <limits.h> |
15 | | #include <string.h> |
16 | | |
17 | | #include <openssl/asn1.h> |
18 | | #include <openssl/buffer.h> |
19 | | #include <openssl/ct.h> |
20 | | #include <openssl/err.h> |
21 | | |
22 | | #include "ct_local.h" |
23 | | |
24 | | int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len) |
25 | 75.4k | { |
26 | 75.4k | size_t siglen; |
27 | 75.4k | size_t len_remaining = len; |
28 | 75.4k | const unsigned char *p; |
29 | | |
30 | 75.4k | if (sct->version != SCT_VERSION_V1) { |
31 | 0 | ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION); |
32 | 0 | return -1; |
33 | 0 | } |
34 | | /* |
35 | | * digitally-signed struct header: (1 byte) Hash algorithm (1 byte) |
36 | | * Signature algorithm (2 bytes + ?) Signature |
37 | | * |
38 | | * This explicitly rejects empty signatures: they're invalid for |
39 | | * all supported algorithms. |
40 | | */ |
41 | 75.4k | if (len <= 4) { |
42 | 4.01k | ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); |
43 | 4.01k | return -1; |
44 | 4.01k | } |
45 | | |
46 | 71.4k | p = *in; |
47 | | /* Get hash and signature algorithm */ |
48 | 71.4k | sct->hash_alg = *p++; |
49 | 71.4k | sct->sig_alg = *p++; |
50 | 71.4k | if (SCT_get_signature_nid(sct) == NID_undef) { |
51 | 7.16k | ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); |
52 | 7.16k | return -1; |
53 | 7.16k | } |
54 | | /* Retrieve signature and check it is consistent with the buffer length */ |
55 | 64.2k | n2s(p, siglen); |
56 | 64.2k | len_remaining -= (p - *in); |
57 | 64.2k | if (siglen > len_remaining) { |
58 | 4.95k | ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); |
59 | 4.95k | return -1; |
60 | 4.95k | } |
61 | | |
62 | 59.3k | if (SCT_set1_signature(sct, p, siglen) != 1) |
63 | 0 | return -1; |
64 | 59.3k | len_remaining -= siglen; |
65 | 59.3k | *in = p + siglen; |
66 | | |
67 | 59.3k | return (int)(len - len_remaining); |
68 | 59.3k | } |
69 | | |
70 | | SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len) |
71 | 906k | { |
72 | 906k | SCT *sct = NULL; |
73 | 906k | const unsigned char *p; |
74 | | |
75 | 906k | if (len == 0 || len > MAX_SCT_SIZE) { |
76 | 0 | ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); |
77 | 0 | goto err; |
78 | 0 | } |
79 | | |
80 | 906k | if ((sct = SCT_new()) == NULL) |
81 | 0 | goto err; |
82 | | |
83 | 906k | p = *in; |
84 | | |
85 | 906k | sct->version = *p; |
86 | 906k | if (sct->version == SCT_VERSION_V1) { |
87 | 81.2k | int sig_len; |
88 | 81.2k | size_t len2; |
89 | | /*- |
90 | | * Fixed-length header: |
91 | | * struct { |
92 | | * Version sct_version; (1 byte) |
93 | | * log_id id; (32 bytes) |
94 | | * uint64 timestamp; (8 bytes) |
95 | | * CtExtensions extensions; (2 bytes + ?) |
96 | | * } |
97 | | */ |
98 | 81.2k | if (len < 43) { |
99 | 2.05k | ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); |
100 | 2.05k | goto err; |
101 | 2.05k | } |
102 | 79.2k | len -= 43; |
103 | 79.2k | p++; |
104 | 79.2k | sct->log_id = OPENSSL_memdup(p, CT_V1_HASHLEN); |
105 | 79.2k | if (sct->log_id == NULL) |
106 | 0 | goto err; |
107 | 79.2k | sct->log_id_len = CT_V1_HASHLEN; |
108 | 79.2k | p += CT_V1_HASHLEN; |
109 | | |
110 | 79.2k | n2l8(p, sct->timestamp); |
111 | | |
112 | 79.2k | n2s(p, len2); |
113 | 79.2k | if (len < len2) { |
114 | 3.77k | ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); |
115 | 3.77k | goto err; |
116 | 3.77k | } |
117 | 75.4k | if (len2 > 0) { |
118 | 18.0k | sct->ext = OPENSSL_memdup(p, len2); |
119 | 18.0k | if (sct->ext == NULL) |
120 | 0 | goto err; |
121 | 18.0k | } |
122 | 75.4k | sct->ext_len = len2; |
123 | 75.4k | p += len2; |
124 | 75.4k | len -= len2; |
125 | | |
126 | 75.4k | sig_len = o2i_SCT_signature(sct, &p, len); |
127 | 75.4k | if (sig_len <= 0) { |
128 | 16.1k | ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); |
129 | 16.1k | goto err; |
130 | 16.1k | } |
131 | 59.3k | len -= sig_len; |
132 | 59.3k | *in = p + len; |
133 | 825k | } else { |
134 | | /* If not V1 just cache encoding */ |
135 | 825k | sct->sct = OPENSSL_memdup(p, len); |
136 | 825k | if (sct->sct == NULL) |
137 | 0 | goto err; |
138 | 825k | sct->sct_len = len; |
139 | 825k | *in = p + len; |
140 | 825k | } |
141 | | |
142 | 884k | if (psct != NULL) { |
143 | 0 | SCT_free(*psct); |
144 | 0 | *psct = sct; |
145 | 0 | } |
146 | | |
147 | 884k | return sct; |
148 | 21.9k | err: |
149 | 21.9k | SCT_free(sct); |
150 | 21.9k | return NULL; |
151 | 906k | } |
152 | | |
153 | | int i2o_SCT_signature(const SCT *sct, unsigned char **out) |
154 | 10.7k | { |
155 | 10.7k | size_t len; |
156 | 10.7k | unsigned char *p = NULL, *pstart = NULL; |
157 | | |
158 | 10.7k | if (!SCT_signature_is_complete(sct)) { |
159 | 0 | ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); |
160 | 0 | goto err; |
161 | 0 | } |
162 | | |
163 | 10.7k | if (sct->version != SCT_VERSION_V1) { |
164 | 0 | ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION); |
165 | 0 | goto err; |
166 | 0 | } |
167 | | |
168 | | /* |
169 | | * (1 byte) Hash algorithm |
170 | | * (1 byte) Signature algorithm |
171 | | * (2 bytes + ?) Signature |
172 | | */ |
173 | 10.7k | len = 4 + sct->sig_len; |
174 | | |
175 | 10.7k | if (out != NULL) { |
176 | 10.7k | if (*out != NULL) { |
177 | 10.7k | p = *out; |
178 | 10.7k | *out += len; |
179 | 10.7k | } else { |
180 | 0 | pstart = p = OPENSSL_malloc(len); |
181 | 0 | if (p == NULL) |
182 | 0 | goto err; |
183 | 0 | *out = p; |
184 | 0 | } |
185 | | |
186 | 10.7k | *p++ = sct->hash_alg; |
187 | 10.7k | *p++ = sct->sig_alg; |
188 | 10.7k | s2n(sct->sig_len, p); |
189 | 10.7k | memcpy(p, sct->sig, sct->sig_len); |
190 | 10.7k | } |
191 | | |
192 | 10.7k | return (int)len; |
193 | 0 | err: |
194 | 0 | OPENSSL_free(pstart); |
195 | 0 | return -1; |
196 | 10.7k | } |
197 | | |
198 | | int i2o_SCT(const SCT *sct, unsigned char **out) |
199 | 156k | { |
200 | 156k | size_t len; |
201 | 156k | unsigned char *p = NULL, *pstart = NULL; |
202 | | |
203 | 156k | if (!SCT_is_complete(sct)) { |
204 | 216 | ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET); |
205 | 216 | goto err; |
206 | 216 | } |
207 | | /* |
208 | | * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes) |
209 | | * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions |
210 | | * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2 |
211 | | * bytes + ?) Signature |
212 | | */ |
213 | 156k | if (sct->version == SCT_VERSION_V1) |
214 | 4.05k | len = 43 + sct->ext_len + 4 + sct->sig_len; |
215 | 152k | else |
216 | 152k | len = sct->sct_len; |
217 | | |
218 | 156k | if (len > INT_MAX) |
219 | 0 | return -1; |
220 | 156k | if (out == NULL) |
221 | 78.4k | return (int)len; |
222 | | |
223 | 77.5k | if (*out != NULL) { |
224 | 77.5k | p = *out; |
225 | 77.5k | *out += len; |
226 | 77.5k | } else { |
227 | 0 | pstart = p = OPENSSL_malloc(len); |
228 | 0 | if (p == NULL) |
229 | 0 | goto err; |
230 | 0 | *out = p; |
231 | 0 | } |
232 | | |
233 | 77.5k | if (sct->version == SCT_VERSION_V1) { |
234 | 1.90k | *p++ = sct->version; |
235 | 1.90k | memcpy(p, sct->log_id, CT_V1_HASHLEN); |
236 | 1.90k | p += CT_V1_HASHLEN; |
237 | 1.90k | l2n8(sct->timestamp, p); |
238 | 1.90k | s2n(sct->ext_len, p); |
239 | 1.90k | if (sct->ext_len > 0) { |
240 | 1.15k | memcpy(p, sct->ext, sct->ext_len); |
241 | 1.15k | p += sct->ext_len; |
242 | 1.15k | } |
243 | 1.90k | if (i2o_SCT_signature(sct, &p) <= 0) |
244 | 0 | goto err; |
245 | 75.6k | } else { |
246 | 75.6k | memcpy(p, sct->sct, len); |
247 | 75.6k | } |
248 | | |
249 | 77.5k | return (int)len; |
250 | 216 | err: |
251 | 216 | OPENSSL_free(pstart); |
252 | 216 | return -1; |
253 | 77.5k | } |
254 | | |
255 | | STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, |
256 | | size_t len) |
257 | 91.4k | { |
258 | 91.4k | STACK_OF(SCT) *sk = NULL; |
259 | 91.4k | size_t list_len, sct_len; |
260 | | |
261 | 91.4k | if (len < 2 || len > MAX_SCT_LIST_SIZE) { |
262 | 5.00k | ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); |
263 | 5.00k | return NULL; |
264 | 5.00k | } |
265 | | |
266 | 86.4k | n2s(*pp, list_len); |
267 | 86.4k | if (list_len != len - 2) { |
268 | 7.77k | ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); |
269 | 7.77k | return NULL; |
270 | 7.77k | } |
271 | | |
272 | 78.6k | if (a == NULL || *a == NULL) { |
273 | 78.6k | sk = sk_SCT_new_null(); |
274 | 78.6k | if (sk == NULL) |
275 | 0 | return NULL; |
276 | 78.6k | } else { |
277 | 0 | SCT *sct; |
278 | | |
279 | | /* Use the given stack, but empty it first. */ |
280 | 0 | sk = *a; |
281 | 0 | while ((sct = sk_SCT_pop(sk)) != NULL) |
282 | 0 | SCT_free(sct); |
283 | 0 | } |
284 | | |
285 | 963k | while (list_len > 0) { |
286 | 918k | SCT *sct; |
287 | | |
288 | 918k | if (list_len < 2) { |
289 | 5.05k | ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); |
290 | 5.05k | goto err; |
291 | 5.05k | } |
292 | 913k | n2s(*pp, sct_len); |
293 | 913k | list_len -= 2; |
294 | | |
295 | 913k | if (sct_len == 0 || sct_len > list_len) { |
296 | 7.03k | ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); |
297 | 7.03k | goto err; |
298 | 7.03k | } |
299 | 906k | list_len -= sct_len; |
300 | | |
301 | 906k | if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL) |
302 | 21.9k | goto err; |
303 | 884k | if (!sk_SCT_push(sk, sct)) { |
304 | 0 | SCT_free(sct); |
305 | 0 | goto err; |
306 | 0 | } |
307 | 884k | } |
308 | | |
309 | 44.6k | if (a != NULL && *a == NULL) |
310 | 0 | *a = sk; |
311 | 44.6k | return sk; |
312 | | |
313 | 34.0k | err: |
314 | 34.0k | if (a == NULL || *a == NULL) |
315 | 34.0k | SCT_LIST_free(sk); |
316 | 34.0k | return NULL; |
317 | 78.6k | } |
318 | | |
319 | | int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp) |
320 | 5.97k | { |
321 | 5.97k | int len, sct_len, i, is_pp_new = 0; |
322 | 5.97k | size_t len2; |
323 | 5.97k | unsigned char *p = NULL, *p2; |
324 | | |
325 | 5.97k | if (pp != NULL) { |
326 | 2.98k | if (*pp == NULL) { |
327 | 2.98k | if ((len = i2o_SCT_LIST(a, NULL)) == -1) { |
328 | 1.06k | ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); |
329 | 1.06k | return -1; |
330 | 1.06k | } |
331 | 1.92k | if ((*pp = OPENSSL_malloc(len)) == NULL) |
332 | 0 | return -1; |
333 | 1.92k | is_pp_new = 1; |
334 | 1.92k | } |
335 | 1.92k | p = *pp + 2; |
336 | 1.92k | } |
337 | | |
338 | 4.91k | len2 = 2; |
339 | 1.02M | for (i = 0; i < sk_SCT_num(a); i++) { |
340 | 1.02M | if (pp != NULL) { |
341 | 506k | p2 = p; |
342 | 506k | p += 2; |
343 | 506k | if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1) |
344 | 0 | goto err; |
345 | 506k | s2n(sct_len, p2); |
346 | 516k | } else { |
347 | 516k | if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1) |
348 | 1.06k | goto err; |
349 | 516k | } |
350 | 1.02M | len2 += 2 + sct_len; |
351 | 1.02M | } |
352 | | |
353 | 3.85k | if (len2 > MAX_SCT_LIST_SIZE) |
354 | 0 | goto err; |
355 | | |
356 | 3.85k | if (pp != NULL) { |
357 | 1.92k | p = *pp; |
358 | 1.92k | s2n(len2 - 2, p); |
359 | 1.92k | if (!is_pp_new) |
360 | 0 | *pp += len2; |
361 | 1.92k | } |
362 | 3.85k | return (int)len2; |
363 | | |
364 | 1.06k | err: |
365 | 1.06k | if (is_pp_new) { |
366 | 0 | OPENSSL_free(*pp); |
367 | 0 | *pp = NULL; |
368 | 0 | } |
369 | 1.06k | return -1; |
370 | 3.85k | } |
371 | | |
372 | | STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, |
373 | | long len) |
374 | 108k | { |
375 | 108k | ASN1_OCTET_STRING *oct = NULL; |
376 | 108k | STACK_OF(SCT) *sk = NULL; |
377 | 108k | const unsigned char *p; |
378 | | |
379 | 108k | p = *pp; |
380 | 108k | if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL) |
381 | 17.1k | return NULL; |
382 | | |
383 | 91.4k | p = oct->data; |
384 | 91.4k | if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL) |
385 | 44.6k | *pp += len; |
386 | | |
387 | 91.4k | ASN1_OCTET_STRING_free(oct); |
388 | 91.4k | return sk; |
389 | 108k | } |
390 | | |
391 | | int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out) |
392 | 2.98k | { |
393 | 2.98k | ASN1_OCTET_STRING oct; |
394 | 2.98k | int len; |
395 | | |
396 | 2.98k | oct.data = NULL; |
397 | 2.98k | if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1) |
398 | 1.06k | return -1; |
399 | | |
400 | 1.92k | len = i2d_ASN1_OCTET_STRING(&oct, out); |
401 | 1.92k | OPENSSL_free(oct.data); |
402 | 1.92k | return len; |
403 | 2.98k | } |