SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64, ct_log_entry_type_t entry_type, uint64_t timestamp, const char *extensions_base64, const char *signature_base64) { SCT *sct = SCT_new(); unsigned char *dec = NULL; int declen; if (sct == NULL) { CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE); return NULL; } /* * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we * can only construct SCT versions that have been defined. */ if (!SCT_set_version(sct, version)) { CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION); goto err; } declen = ct_base64_decode(logid_base64, &dec); if (declen < 0) { CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR); goto err; } if (!SCT_set0_log_id(sct, dec, declen)) goto err; dec = NULL; declen = ct_base64_decode(extensions_base64, &dec); if (declen < 0) { CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR); goto err; } SCT_set0_extensions(sct, dec, declen); dec = NULL; declen = ct_base64_decode(signature_base64, &dec); if (declen < 0) { CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR); goto err; } if (o2i_SCT_signature(sct, (const unsigned char **)&dec, declen) <= 0) goto err; OPENSSL_free(dec); dec = NULL; SCT_set_timestamp(sct, timestamp); if (!SCT_set_log_entry_type(sct, entry_type)) goto err; return sct; err: OPENSSL_free(dec); SCT_free(sct); return NULL; }
SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len) { SCT *sct = NULL; const unsigned char *p; if (len == 0 || len > MAX_SCT_SIZE) { CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); goto err; } if ((sct = SCT_new()) == NULL) goto err; p = *in; sct->version = *p; if (sct->version == SCT_VERSION_V1) { int sig_len; size_t len2; /*- * Fixed-length header: * struct { * Version sct_version; (1 byte) * log_id id; (32 bytes) * uint64 timestamp; (8 bytes) * CtExtensions extensions; (2 bytes + ?) * } */ if (len < 43) { CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); goto err; } len -= 43; p++; sct->log_id = BUF_memdup(p, CT_V1_HASHLEN); if (sct->log_id == NULL) goto err; sct->log_id_len = CT_V1_HASHLEN; p += CT_V1_HASHLEN; n2l8(p, sct->timestamp); n2s(p, len2); if (len < len2) { CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); goto err; } if (len2 > 0) { sct->ext = BUF_memdup(p, len2); if (sct->ext == NULL) goto err; } sct->ext_len = len2; p += len2; len -= len2; sig_len = o2i_SCT_signature(sct, &p, len); if (sig_len <= 0) { CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID); goto err; } len -= sig_len; *in = p + len; } else { /* If not V1 just cache encoding */ sct->sct = BUF_memdup(p, len); if (sct->sct == NULL) goto err; sct->sct_len = len; *in = p + len; } if (psct != NULL) { SCT_free(*psct); *psct = sct; } return sct; err: SCT_free(sct); return NULL; }