/src/openssl/crypto/ct/ct_oct.c

Source
/*
 * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#ifdef OPENSSL_NO_CT
#error "CT is disabled"
#endif

#include <limits.h>
#include <string.h>

#include <openssl/asn1.h>
#include <openssl/buffer.h>
#include <openssl/ct.h>
#include <openssl/err.h>

#include "ct_local.h"

#include <crypto/asn1.h>

int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
{
    size_t siglen;
    size_t len_remaining = len;
    const unsigned char *p;

    if (sct->version != SCT_VERSION_V1) {
        ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
        return -1;
    }
    /*
     * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
     * Signature algorithm (2 bytes + ?) Signature
     *
     * This explicitly rejects empty signatures: they're invalid for
     * all supported algorithms.
     */
    if (len <= 4) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
        return -1;
    }

    p = *in;
    /* Get hash and signature algorithm */
    sct->hash_alg = *p++;
    sct->sig_alg = *p++;
    if (SCT_get_signature_nid(sct) == NID_undef) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
        return -1;
    }
    /* Retrieve signature and check it is consistent with the buffer length */
    n2s(p, siglen);
    len_remaining -= (p - *in);
    if (siglen > len_remaining) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
        return -1;
    }

    if (SCT_set1_signature(sct, p, siglen) != 1)
        return -1;
    len_remaining -= siglen;
    *in = p + siglen;

    return (int)(len - len_remaining);
}

SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
{
    SCT *sct = NULL;
    const unsigned char *p;

    if (len == 0 || len > MAX_SCT_SIZE) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
        goto err;
    }

    if ((sct = SCT_new()) == NULL)
        goto err;

    p = *in;

    sct->version = *p;
    if (sct->version == SCT_VERSION_V1) {
        int sig_len;
        size_t len2;
        /*-
         * Fixed-length header:
         *   struct {
         *     Version sct_version;     (1 byte)
         *     log_id id;               (32 bytes)
         *     uint64 timestamp;        (8 bytes)
         *     CtExtensions extensions; (2 bytes + ?)
         *   }
         */
        if (len < 43) {
            ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
            goto err;
        }
        len -= 43;
        p++;
        sct->log_id = OPENSSL_memdup(p, CT_V1_HASHLEN);
        if (sct->log_id == NULL)
            goto err;
        sct->log_id_len = CT_V1_HASHLEN;
        p += CT_V1_HASHLEN;

        n2l8(p, sct->timestamp);

        n2s(p, len2);
        if (len < len2) {
            ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
            goto err;
        }
        if (len2 > 0) {
            sct->ext = OPENSSL_memdup(p, len2);
            if (sct->ext == NULL)
                goto err;
        }
        sct->ext_len = len2;
        p += len2;
        len -= len2;

        sig_len = o2i_SCT_signature(sct, &p, len);
        if (sig_len <= 0) {
            ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
            goto err;
        }
        len -= sig_len;
        *in = p + len;
    } else {
        /* If not V1 just cache encoding */
        sct->sct = OPENSSL_memdup(p, len);
        if (sct->sct == NULL)
            goto err;
        sct->sct_len = len;
        *in = p + len;
    }

    if (psct != NULL) {
        SCT_free(*psct);
        *psct = sct;
    }

    return sct;
err:
    SCT_free(sct);
    return NULL;
}

int i2o_SCT_signature(const SCT *sct, unsigned char **out)
{
    size_t len;
    unsigned char *p = NULL, *pstart = NULL;

    if (!SCT_signature_is_complete(sct)) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
        goto err;
    }

    if (sct->version != SCT_VERSION_V1) {
        ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
        goto err;
    }

    /*
     * (1 byte) Hash algorithm
     * (1 byte) Signature algorithm
     * (2 bytes + ?) Signature
     */
    len = 4 + sct->sig_len;

    if (out != NULL) {
        if (*out != NULL) {
            p = *out;
            *out += len;
        } else {
            pstart = p = OPENSSL_malloc(len);
            if (p == NULL)
                goto err;
            *out = p;
        }

        *p++ = sct->hash_alg;
        *p++ = sct->sig_alg;
        s2n(sct->sig_len, p);
        memcpy(p, sct->sig, sct->sig_len);
    }

    return (int)len;
err:
    OPENSSL_free(pstart);
    return -1;
}

int i2o_SCT(const SCT *sct, unsigned char **out)
{
    size_t len;
    unsigned char *p = NULL, *pstart = NULL;

    if (!SCT_is_complete(sct)) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET);
        goto err;
    }
    /*
     * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
     * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
     * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
     * bytes + ?) Signature
     */
    if (sct->version == SCT_VERSION_V1)
        len = 43 + sct->ext_len + 4 + sct->sig_len;
    else
        len = sct->sct_len;

    if (len > INT_MAX)
        return -1;
    if (out == NULL)
        return (int)len;

    if (*out != NULL) {
        p = *out;
        *out += len;
    } else {
        pstart = p = OPENSSL_malloc(len);
        if (p == NULL)
            goto err;
        *out = p;
    }

    if (sct->version == SCT_VERSION_V1) {
        *p++ = sct->version;
        memcpy(p, sct->log_id, CT_V1_HASHLEN);
        p += CT_V1_HASHLEN;
        l2n8(sct->timestamp, p);
        s2n(sct->ext_len, p);
        if (sct->ext_len > 0) {
            memcpy(p, sct->ext, sct->ext_len);
            p += sct->ext_len;
        }
        if (i2o_SCT_signature(sct, &p) <= 0)
            goto err;
    } else {
        memcpy(p, sct->sct, len);
    }

    return (int)len;
err:
    OPENSSL_free(pstart);
    return -1;
}

STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
    size_t len)
{
    STACK_OF(SCT) *sk = NULL;
    size_t list_len, sct_len;

    if (len < 2 || len > MAX_SCT_LIST_SIZE) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
        return NULL;
    }

    n2s(*pp, list_len);
    if (list_len != len - 2) {
        ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
        return NULL;
    }

    if (a == NULL || *a == NULL) {
        sk = sk_SCT_new_null();
        if (sk == NULL)
            return NULL;
    } else {
        SCT *sct;

        /* Use the given stack, but empty it first. */
        sk = *a;
        while ((sct = sk_SCT_pop(sk)) != NULL)
            SCT_free(sct);
    }

    while (list_len > 0) {
        SCT *sct;

        if (list_len < 2) {
            ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
            goto err;
        }
        n2s(*pp, sct_len);
        list_len -= 2;

        if (sct_len == 0 || sct_len > list_len) {
            ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
            goto err;
        }
        list_len -= sct_len;

        if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
            goto err;
        if (!sk_SCT_push(sk, sct)) {
            SCT_free(sct);
            goto err;
        }
    }

    if (a != NULL && *a == NULL)
        *a = sk;
    return sk;

err:
    if (a == NULL || *a == NULL)
        SCT_LIST_free(sk);
    return NULL;
}

int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
{
    int len, sct_len, i, is_pp_new = 0;
    size_t len2;
    unsigned char *p = NULL, *p2;

    if (pp != NULL) {
        if (*pp == NULL) {
            if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
                ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
                return -1;
            }
            if ((*pp = OPENSSL_malloc(len)) == NULL)
                return -1;
            is_pp_new = 1;
        }
        p = *pp + 2;
    }

    len2 = 2;
    for (i = 0; i < sk_SCT_num(a); i++) {
        if (pp != NULL) {
            p2 = p;
            p += 2;
            if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
                goto err;
            s2n(sct_len, p2);
        } else {
            if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
                goto err;
        }
        len2 += 2 + sct_len;
    }

    if (len2 > MAX_SCT_LIST_SIZE)
        goto err;

    if (pp != NULL) {
        p = *pp;
        s2n(len2 - 2, p);
        if (!is_pp_new)
            *pp += len2;
    }
    return (int)len2;

err:
    if (is_pp_new) {
        OPENSSL_free(*pp);
        *pp = NULL;
    }
    return -1;
}

STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
    long len)
{
    ASN1_OCTET_STRING *oct = NULL;
    STACK_OF(SCT) *sk = NULL;
    const unsigned char *p;

    p = *pp;
    if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
        return NULL;

    p = oct->data;
    if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
        *pp += len;

    ASN1_OCTET_STRING_free(oct);
    return sk;
}

int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
{
    ASN1_OCTET_STRING oct;
    int len;

    oct.data = NULL;
    if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
        return -1;

    len = i2d_ASN1_OCTET_STRING(&oct, out);
    OPENSSL_free(oct.data);
    return len;
}

Coverage Report

Created: 2026-03-09 06:55

Line	Count	Source
1		/*
2		* Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#ifdef OPENSSL_NO_CT
11		#error "CT is disabled"
12		#endif
13
14		#include <limits.h>
15		#include <string.h>
16
17		#include <openssl/asn1.h>
18		#include <openssl/buffer.h>
19		#include <openssl/ct.h>
20		#include <openssl/err.h>
21
22		#include "ct_local.h"
23
24		#include <crypto/asn1.h>
25
26		int o2i_SCT_signature(SCT sct, const unsigned char *in, size_t len)
27	0	{
28	0	size_t siglen;
29	0	size_t len_remaining = len;
30	0	const unsigned char *p;
31
32	0	if (sct->version != SCT_VERSION_V1) {
33	0	ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
34	0	return -1;
35	0	}
36		/*
37		* digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
38		* Signature algorithm (2 bytes + ?) Signature
39		*
40		* This explicitly rejects empty signatures: they're invalid for
41		* all supported algorithms.
42		*/
43	0	if (len <= 4) {
44	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
45	0	return -1;
46	0	}
47
48	0	p = *in;
49		/* Get hash and signature algorithm */
50	0	sct->hash_alg = *p++;
51	0	sct->sig_alg = *p++;
52	0	if (SCT_get_signature_nid(sct) == NID_undef) {
53	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
54	0	return -1;
55	0	}
56		/* Retrieve signature and check it is consistent with the buffer length */
57	0	n2s(p, siglen);
58	0	len_remaining -= (p - *in);
59	0	if (siglen > len_remaining) {
60	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
61	0	return -1;
62	0	}
63
64	0	if (SCT_set1_signature(sct, p, siglen) != 1)
65	0	return -1;
66	0	len_remaining -= siglen;
67	0	*in = p + siglen;
68
69	0	return (int)(len - len_remaining);
70	0	}
71
72		SCT o2i_SCT(SCT psct, const unsigned char *in, size_t len)
73	0	{
74	0	SCT *sct = NULL;
75	0	const unsigned char *p;
76
77	0	if (len == 0 \|\| len > MAX_SCT_SIZE) {
78	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
79	0	goto err;
80	0	}
81
82	0	if ((sct = SCT_new()) == NULL)
83	0	goto err;
84
85	0	p = *in;
86
87	0	sct->version = *p;
88	0	if (sct->version == SCT_VERSION_V1) {
89	0	int sig_len;
90	0	size_t len2;
91		/*-
92		* Fixed-length header:
93		* struct {
94		* Version sct_version; (1 byte)
95		* log_id id; (32 bytes)
96		* uint64 timestamp; (8 bytes)
97		* CtExtensions extensions; (2 bytes + ?)
98		* }
99		*/
100	0	if (len < 43) {
101	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
102	0	goto err;
103	0	}
104	0	len -= 43;
105	0	p++;
106	0	sct->log_id = OPENSSL_memdup(p, CT_V1_HASHLEN);
107	0	if (sct->log_id == NULL)
108	0	goto err;
109	0	sct->log_id_len = CT_V1_HASHLEN;
110	0	p += CT_V1_HASHLEN;
111
112	0	n2l8(p, sct->timestamp);
113
114	0	n2s(p, len2);
115	0	if (len < len2) {
116	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
117	0	goto err;
118	0	}
119	0	if (len2 > 0) {
120	0	sct->ext = OPENSSL_memdup(p, len2);
121	0	if (sct->ext == NULL)
122	0	goto err;
123	0	}
124	0	sct->ext_len = len2;
125	0	p += len2;
126	0	len -= len2;
127
128	0	sig_len = o2i_SCT_signature(sct, &p, len);
129	0	if (sig_len <= 0) {
130	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID);
131	0	goto err;
132	0	}
133	0	len -= sig_len;
134	0	*in = p + len;
135	0	} else {
136		/* If not V1 just cache encoding */
137	0	sct->sct = OPENSSL_memdup(p, len);
138	0	if (sct->sct == NULL)
139	0	goto err;
140	0	sct->sct_len = len;
141	0	*in = p + len;
142	0	}
143
144	0	if (psct != NULL) {
145	0	SCT_free(*psct);
146	0	*psct = sct;
147	0	}
148
149	0	return sct;
150	0	err:
151	0	SCT_free(sct);
152	0	return NULL;
153	0	}
154
155		int i2o_SCT_signature(const SCT sct, unsigned char *out)
156	0	{
157	0	size_t len;
158	0	unsigned char p = NULL, pstart = NULL;
159
160	0	if (!SCT_signature_is_complete(sct)) {
161	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE);
162	0	goto err;
163	0	}
164
165	0	if (sct->version != SCT_VERSION_V1) {
166	0	ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION);
167	0	goto err;
168	0	}
169
170		/*
171		* (1 byte) Hash algorithm
172		* (1 byte) Signature algorithm
173		* (2 bytes + ?) Signature
174		*/
175	0	len = 4 + sct->sig_len;
176
177	0	if (out != NULL) {
178	0	if (*out != NULL) {
179	0	p = *out;
180	0	*out += len;
181	0	} else {
182	0	pstart = p = OPENSSL_malloc(len);
183	0	if (p == NULL)
184	0	goto err;
185	0	*out = p;
186	0	}
187
188	0	*p++ = sct->hash_alg;
189	0	*p++ = sct->sig_alg;
190	0	s2n(sct->sig_len, p);
191	0	memcpy(p, sct->sig, sct->sig_len);
192	0	}
193
194	0	return (int)len;
195	0	err:
196	0	OPENSSL_free(pstart);
197	0	return -1;
198	0	}
199
200		int i2o_SCT(const SCT sct, unsigned char *out)
201	0	{
202	0	size_t len;
203	0	unsigned char p = NULL, pstart = NULL;
204
205	0	if (!SCT_is_complete(sct)) {
206	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET);
207	0	goto err;
208	0	}
209		/*
210		* Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
211		* log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
212		* extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
213		* bytes + ?) Signature
214		*/
215	0	if (sct->version == SCT_VERSION_V1)
216	0	len = 43 + sct->ext_len + 4 + sct->sig_len;
217	0	else
218	0	len = sct->sct_len;
219
220	0	if (len > INT_MAX)
221	0	return -1;
222	0	if (out == NULL)
223	0	return (int)len;
224
225	0	if (*out != NULL) {
226	0	p = *out;
227	0	*out += len;
228	0	} else {
229	0	pstart = p = OPENSSL_malloc(len);
230	0	if (p == NULL)
231	0	goto err;
232	0	*out = p;
233	0	}
234
235	0	if (sct->version == SCT_VERSION_V1) {
236	0	*p++ = sct->version;
237	0	memcpy(p, sct->log_id, CT_V1_HASHLEN);
238	0	p += CT_V1_HASHLEN;
239	0	l2n8(sct->timestamp, p);
240	0	s2n(sct->ext_len, p);
241	0	if (sct->ext_len > 0) {
242	0	memcpy(p, sct->ext, sct->ext_len);
243	0	p += sct->ext_len;
244	0	}
245	0	if (i2o_SCT_signature(sct, &p) <= 0)
246	0	goto err;
247	0	} else {
248	0	memcpy(p, sct->sct, len);
249	0	}
250
251	0	return (int)len;
252	0	err:
253	0	OPENSSL_free(pstart);
254	0	return -1;
255	0	}
256
257		STACK_OF(SCT) o2i_SCT_LIST(STACK_OF(SCT) a, const unsigned char *pp,
258		size_t len)
259	0	{
260	0	STACK_OF(SCT) *sk = NULL;
261	0	size_t list_len, sct_len;
262
263	0	if (len < 2 \|\| len > MAX_SCT_LIST_SIZE) {
264	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
265	0	return NULL;
266	0	}
267
268	0	n2s(*pp, list_len);
269	0	if (list_len != len - 2) {
270	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
271	0	return NULL;
272	0	}
273
274	0	if (a == NULL \|\| *a == NULL) {
275	0	sk = sk_SCT_new_null();
276	0	if (sk == NULL)
277	0	return NULL;
278	0	} else {
279	0	SCT *sct;
280
281		/* Use the given stack, but empty it first. */
282	0	sk = *a;
283	0	while ((sct = sk_SCT_pop(sk)) != NULL)
284	0	SCT_free(sct);
285	0	}
286
287	0	while (list_len > 0) {
288	0	SCT *sct;
289
290	0	if (list_len < 2) {
291	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
292	0	goto err;
293	0	}
294	0	n2s(*pp, sct_len);
295	0	list_len -= 2;
296
297	0	if (sct_len == 0 \|\| sct_len > list_len) {
298	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
299	0	goto err;
300	0	}
301	0	list_len -= sct_len;
302
303	0	if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
304	0	goto err;
305	0	if (!sk_SCT_push(sk, sct)) {
306	0	SCT_free(sct);
307	0	goto err;
308	0	}
309	0	}
310
311	0	if (a != NULL && *a == NULL)
312	0	*a = sk;
313	0	return sk;
314
315	0	err:
316	0	if (a == NULL \|\| *a == NULL)
317	0	SCT_LIST_free(sk);
318	0	return NULL;
319	0	}
320
321		int i2o_SCT_LIST(const STACK_OF(SCT) a, unsigned char *pp)
322	0	{
323	0	int len, sct_len, i, is_pp_new = 0;
324	0	size_t len2;
325	0	unsigned char p = NULL, p2;
326
327	0	if (pp != NULL) {
328	0	if (*pp == NULL) {
329	0	if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
330	0	ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID);
331	0	return -1;
332	0	}
333	0	if ((*pp = OPENSSL_malloc(len)) == NULL)
334	0	return -1;
335	0	is_pp_new = 1;
336	0	}
337	0	p = *pp + 2;
338	0	}
339
340	0	len2 = 2;
341	0	for (i = 0; i < sk_SCT_num(a); i++) {
342	0	if (pp != NULL) {
343	0	p2 = p;
344	0	p += 2;
345	0	if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
346	0	goto err;
347	0	s2n(sct_len, p2);
348	0	} else {
349	0	if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
350	0	goto err;
351	0	}
352	0	len2 += 2 + sct_len;
353	0	}
354
355	0	if (len2 > MAX_SCT_LIST_SIZE)
356	0	goto err;
357
358	0	if (pp != NULL) {
359	0	p = *pp;
360	0	s2n(len2 - 2, p);
361	0	if (!is_pp_new)
362	0	*pp += len2;
363	0	}
364	0	return (int)len2;
365
366	0	err:
367	0	if (is_pp_new) {
368	0	OPENSSL_free(*pp);
369	0	*pp = NULL;
370	0	}
371	0	return -1;
372	0	}
373
374		STACK_OF(SCT) d2i_SCT_LIST(STACK_OF(SCT) a, const unsigned char *pp,
375		long len)
376	0	{
377	0	ASN1_OCTET_STRING *oct = NULL;
378	0	STACK_OF(SCT) *sk = NULL;
379	0	const unsigned char *p;
380
381	0	p = *pp;
382	0	if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
383	0	return NULL;
384
385	0	p = oct->data;
386	0	if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
387	0	*pp += len;
388
389	0	ASN1_OCTET_STRING_free(oct);
390	0	return sk;
391	0	}
392
393		int i2d_SCT_LIST(const STACK_OF(SCT) a, unsigned char *out)
394	0	{
395	0	ASN1_OCTET_STRING oct;
396	0	int len;
397
398	0	oct.data = NULL;
399	0	if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
400	0	return -1;
401
402	0	len = i2d_ASN1_OCTET_STRING(&oct, out);
403	0	OPENSSL_free(oct.data);
404	0	return len;
405	0	}