X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fct%2Fct_log.c;h=6db4c3eba12084326131a7b9b3028c8c6893537f;hp=f5a01fdbd329e385d5caf2af0eba9155cc2edd80;hb=8dcb87fdbaba2be3e75fdaf16382c827165d2af5;hpb=a930afb6986fb8e22a59b2bfc5f1a19a8dc3388d diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c index f5a01fdbd3..6db4c3eba1 100644 --- a/crypto/ct/ct_log.c +++ b/crypto/ct/ct_log.c @@ -1,56 +1,10 @@ -/* Author: Adam Eijdenberg . */ -/* ==================================================================== - * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include @@ -104,15 +58,10 @@ static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new() { CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) { + if (ctx == NULL) CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE); - goto err; - } return ctx; -err: - ctlog_store_load_ctx_free(ctx); - return NULL; } static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx) @@ -144,8 +93,10 @@ CTLOG_STORE *CTLOG_STORE_new(void) { CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) - goto err; + if (ret == NULL) { + CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } ret->logs = sk_CTLOG_new_null(); if (ret->logs == NULL) @@ -153,7 +104,7 @@ CTLOG_STORE *CTLOG_STORE_new(void) return ret; err: - CTLOG_STORE_free(ret); + OPENSSL_free(ret); return NULL; } @@ -165,31 +116,23 @@ void CTLOG_STORE_free(CTLOG_STORE *store) } } -static CTLOG *ctlog_new_from_conf(const CONF *conf, const char *section) +static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section) { - CTLOG *ret = NULL; - char *description = NCONF_get_string(conf, section, "description"); + const char *description = NCONF_get_string(conf, section, "description"); char *pkey_base64; if (description == NULL) { CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION); - goto end; + return 0; } pkey_base64 = NCONF_get_string(conf, section, "key"); if (pkey_base64 == NULL) { CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY); - goto end; + return 0; } - ret = CTLOG_new_from_base64(pkey_base64, description); - if (ret == NULL) { - CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_INVALID); - goto end; - } - -end: - return ret; + return CTLOG_new_from_base64(ct_log, pkey_base64, description); } int CTLOG_STORE_load_default_file(CTLOG_STORE *store) @@ -203,28 +146,50 @@ int CTLOG_STORE_load_default_file(CTLOG_STORE *store) } /* - * Called by CONF_parse_list, which stops if this returns <= 0, so don't unless - * something very bad happens. Otherwise, one bad log entry would stop loading - * of any of the following log entries. + * Called by CONF_parse_list, which stops if this returns <= 0, + * Otherwise, one bad log entry would stop loading of any of + * the following log entries. + * It may stop parsing and returns -1 on any internal (malloc) error. */ static int ctlog_store_load_log(const char *log_name, int log_name_len, void *arg) { CTLOG_STORE_LOAD_CTX *load_ctx = arg; - CTLOG *ct_log; + CTLOG *ct_log = NULL; /* log_name may not be null-terminated, so fix that before using it */ - char *tmp = OPENSSL_strndup(log_name, log_name_len); + char *tmp; + int ret = 0; - ct_log = ctlog_new_from_conf(load_ctx->conf, tmp); + /* log_name will be NULL for empty list entries */ + if (log_name == NULL) + return 1; + + tmp = OPENSSL_strndup(log_name, log_name_len); + if (tmp == NULL) + goto mem_err; + + ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp); OPENSSL_free(tmp); - if (ct_log == NULL) { + + if (ret < 0) { + /* Propagate any internal error */ + return ret; + } + if (ret == 0) { /* If we can't load this log, record that fact and skip it */ ++load_ctx->invalid_log_entries; return 1; } - sk_CTLOG_push(load_ctx->log_store->logs, ct_log); + if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) { + goto mem_err; + } return 1; + +mem_err: + CTLOG_free(ct_log); + CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE); + return -1; } int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file) @@ -238,20 +203,24 @@ int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file) if (load_ctx->conf == NULL) goto end; - ret = NCONF_load(load_ctx->conf, file, NULL); - if (ret <= 0) { + if (NCONF_load(load_ctx->conf, file, NULL) <= 0) { CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID); goto end; } enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs"); - ret = CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx); - if (ret == 1 && load_ctx->invalid_log_entries > 0) { - ret = 0; + if (enabled_logs == NULL) { CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID); goto end; } + if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) || + load_ctx->invalid_log_entries > 0) { + CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID); + goto end; + } + + ret = 1; end: NCONF_free(load_ctx->conf); ctlog_store_load_ctx_free(load_ctx); @@ -265,35 +234,29 @@ end: */ CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name) { - CTLOG *ret = CTLOG_new_null(); + CTLOG *ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) - goto err; + if (ret == NULL) { + CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } ret->name = OPENSSL_strdup(name); - if (ret->name == NULL) + if (ret->name == NULL) { + CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE); goto err; + } - ret->public_key = public_key; if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1) goto err; + ret->public_key = public_key; return ret; err: CTLOG_free(ret); return NULL; } -CTLOG *CTLOG_new_null(void) -{ - CTLOG *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) - CTerr(CT_F_CTLOG_NEW_NULL, ERR_R_MALLOC_FAILURE); - - return ret; -} - /* Frees CT log and associated structures */ void CTLOG_free(CTLOG *log) { @@ -304,18 +267,19 @@ void CTLOG_free(CTLOG *log) } } -const char *CTLOG_get0_name(CTLOG *log) +const char *CTLOG_get0_name(const CTLOG *log) { return log->name; } -void CTLOG_get0_log_id(CTLOG *log, uint8_t **log_id, size_t *log_id_len) +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len) { *log_id = log->log_id; *log_id_len = CT_V1_HASHLEN; } -EVP_PKEY *CTLOG_get0_public_key(CTLOG *log) +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log) { return log->public_key; } @@ -324,14 +288,14 @@ EVP_PKEY *CTLOG_get0_public_key(CTLOG *log) * Given a log ID, finds the matching log. * Returns NULL if no match found. */ -CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, - const uint8_t *log_id, - size_t log_id_len) +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, + size_t log_id_len) { int i; for (i = 0; i < sk_CTLOG_num(store->logs); ++i) { - CTLOG *log = sk_CTLOG_value(store->logs, i); + const CTLOG *log = sk_CTLOG_value(store->logs, i); if (memcmp(log->log_id, log_id, log_id_len) == 0) return log; }