rsyslog/rsyslog
1
0
Fork 0
mirror of https://github.com/rsyslog/rsyslog.git synced 2025-12-17 19:50:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master-candidate'

Browse Source
This commit is contained in:
Andre Lorbach 2015-12-02 16:10:11 +01:00
commit 6ae1c5c1db
6 changed files with 186 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,8 +1,6 @@
------------------------------------------------------------------------------
Version 8.15.0 [v8-stable] 2015-12-15
- KSI Support: Added patch to support libksi version 3.4.0.2 or higher.
Thanks to Henri Lakk for the patches.
libksi 3.4.0.2 or higher is required for ksi support now.
- KSI/GT Lib: Fixed multiple issues found using static analyzer
- gnutls fix: Added possible fix for gnutls issue #575
see also: https://github.com/rsyslog/rsyslog/issues/575
Thanks to Charles Southerland for the patch

29
runtime/librsgt.c
View File

@ -146,7 +146,7 @@ rsgtExit(void)
static inline gtfile
rsgtfileConstruct(gtctx ctx)
{
gtfile gf;
gtfile gf = NULL;
if((gf = calloc(1, sizeof(struct gtfile_s))) == NULL)
goto done;
gf->ctx = ctx;
@ -342,25 +342,18 @@ tlvWriteBlockHdr(gtfile gf) {
2 + hashOutputLengthOctets(gf->hashAlg) /* iv */ +
2 + 1 + gf->x_prev->len /* last hash */;
/* write top-level TLV object block-hdr */
r = tlv16Write(gf, 0x00, 0x0901, tlvlen);
CHKr(tlv16Write(gf, 0x00, 0x0901, tlvlen));
/* and now write the children */
/* hash-algo */
r = tlv8Write(gf, 0x00, 0x01, 1);
if(r != 0) goto done;
r = tlvbufAddOctet(gf, hashIdentifier(gf->hashAlg));
if(r != 0) goto done;
CHKr(tlv8Write(gf, 0x00, 0x01, 1));
CHKr(tlvbufAddOctet(gf, hashIdentifier(gf->hashAlg)));
/* block-iv */
r = tlv8Write(gf, 0x00, 0x02, hashOutputLengthOctets(gf->hashAlg));
if(r != 0) goto done;
r = tlvbufAddOctetString(gf, gf->IV, hashOutputLengthOctets(gf->hashAlg));
if(r != 0) goto done;
CHKr(tlv8Write(gf, 0x00, 0x02, hashOutputLengthOctets(gf->hashAlg)));
CHKr(tlvbufAddOctetString(gf, gf->IV, hashOutputLengthOctets(gf->hashAlg)));
/* last-hash */
r = tlv8Write(gf, 0x00, 0x03, gf->x_prev->len + 1);
if(r != 0) goto done;
r = tlvbufAddOctet(gf, gf->x_prev->hashID);
if(r != 0) goto done;
r = tlvbufAddOctetString(gf, gf->x_prev->data, gf->x_prev->len);
if(r != 0) goto done;
CHKr(tlv8Write(gf, 0x00, 0x03, gf->x_prev->len + 1));
CHKr(tlvbufAddOctet(gf, gf->x_prev->hashID));
CHKr(tlvbufAddOctetString(gf, gf->x_prev->data, gf->x_prev->len));
done: return r;
}
@ -420,6 +413,7 @@ readStateFile(gtfile gf)
if (gf->x_prev->data == NULL) {
free(gf->x_prev);
gf->x_prev = NULL;
goto err;
}
if(read(fd, gf->x_prev->data, gf->x_prev->len)
@ -432,7 +426,6 @@ readStateFile(gtfile gf)
return;
err:
gf->x_prev = malloc(sizeof(imprint_t));
gf->x_prev->hashID = hashIdentifier(gf->hashAlg);
gf->x_prev->len = hashOutputLengthOctets(gf->hashAlg);
@ -567,6 +560,8 @@ rsgtCtxOpenFile(gtctx ctx, unsigned char *logfn)
gf->statefilename = (uchar*) strdup(fn);
if(tlvOpen(gf, LOGSIGHDR, sizeof(LOGSIGHDR)-1) != 0) {
reportErr(ctx, "signature file open failed");
/* Free memory */
free(gf);
gf = NULL;
}
done: return gf;

5
runtime/librsgt_common.h
View File

@ -85,4 +85,9 @@ sigTypeName(uint8_t sigID)
#define RSGT_TYPE_MASK 0x1f
#define RSGT_FLAG_TLV16 0x80
/* check return state of operation and abort, if non-OK */
#define CHKr(code) if((r = code) != 0) goto done
/* check return state of operation and jump to donedecode, if non-OK */
#define CHKrDecode(code) if((r = code) != 0) goto donedecode
#endif /* #ifndef INCLUDED_LIBRSGTCM_H */

126
runtime/librsgt_read.c
View File

@ -61,9 +61,6 @@ uint8_t rsgt_read_showVerified = 0;
goto done; \
}
/* check return state of operation and abort, if non-OK */
#define CHKr(code) if((r = code) != 0) goto done
static void
errfunc(__attribute__((unused)) void *usrptr, uchar *emsg)
{
@ -389,7 +386,8 @@ rsgt_tlvRecRead(FILE *fp, tlvrecord_t *rec)
r = 0;
done:
if(rsgt_read_debug)
if(r == 0 && rsgt_read_debug)
/* Only show debug if no fail */
printf("debug: rsgt_tlvRecRead tlvtype %4.4x, len %u, r = %d\n", (unsigned) rec->tlvtype,
(unsigned) rec->tlvlen, r);
return r;
@ -450,7 +448,7 @@ static int
rsgt_tlvDecodeIMPRINT(tlvrecord_t *rec, imprint_t **imprint)
{
int r = 1;
imprint_t *imp;
imprint_t *imp = NULL;
if((imp = calloc(1, sizeof(imprint_t))) == NULL) {
r = RSGTE_OOM;
@ -468,8 +466,14 @@ rsgt_tlvDecodeIMPRINT(tlvrecord_t *rec, imprint_t **imprint)
*imprint = imp;
r = 0;
done:
if(rsgt_read_debug)
printf("debug: read tlvDecodeIMPRINT returned %d TLVLen=%d, HashID=%d\n", r, rec->tlvlen, imp->hashID);
if(r == 0) {
if(rsgt_read_debug)
printf("debug: read tlvDecodeIMPRINT returned %d TLVLen=%d, HashID=%d\n", r, rec->tlvlen, imp->hashID);
} else {
/* Free memory on FAIL!*/
if (imp != NULL)
rsgt_objfree(rec->tlvtype, imp);
}
return r;
}
@ -574,7 +578,7 @@ rsgt_tlvDecodeBLOCK_HDR(tlvrecord_t *rec, block_hdr_t **blockhdr)
{
int r = 1;
uint16_t strtidx = 0;
block_hdr_t *bh;
block_hdr_t *bh = NULL;
if((bh = calloc(1, sizeof(block_hdr_t))) == NULL) {
r = RSGTE_OOM;
goto done;
@ -589,8 +593,14 @@ rsgt_tlvDecodeBLOCK_HDR(tlvrecord_t *rec, block_hdr_t **blockhdr)
*blockhdr = bh;
r = 0;
done:
if(rsgt_read_debug)
printf("debug: rsgt_tlvDecodeBLOCK_HDR returned %d, tlvtype %4.4x\n", r, (unsigned) rec->tlvtype);
if (r == 0) {
if(rsgt_read_debug)
printf("debug: tlvDecodeBLOCK_HDR returned %d, tlvtype %4.4x\n", r, (unsigned) rec->tlvtype);
} else {
/* Free memory on FAIL!*/
if (bh != NULL)
rsgt_objfree(rec->tlvtype, bh);
}
return r;
}
@ -599,7 +609,7 @@ rsgt_tlvDecodeBLOCK_SIG(tlvrecord_t *rec, block_sig_t **blocksig)
{
int r = 1;
uint16_t strtidx = 0;
block_sig_t *bs;
block_sig_t *bs = NULL;
if((bs = calloc(1, sizeof(block_sig_t))) == NULL) {
r = RSGTE_OOM;
goto done;
@ -613,8 +623,14 @@ rsgt_tlvDecodeBLOCK_SIG(tlvrecord_t *rec, block_sig_t **blocksig)
*blocksig = bs;
r = 0;
done:
if(rsgt_read_debug)
printf("debug: rsgt_tlvDecodeBLOCK_SIG returned %d, tlvtype %4.4x\n", r, (unsigned) rec->tlvtype);
if(r == 0) {
if (rsgt_read_debug)
printf("debug: rsgt_tlvDecodeBLOCK_SIG returned %d, tlvtype %4.4x\n", r, (unsigned) rec->tlvtype);
} else {
/* Free memory on FAIL!*/
if (bs != NULL)
rsgt_objfree(rec->tlvtype, bs);
}
return r;
}
static int
@ -637,8 +653,8 @@ rsgt_tlvRecDecode(tlvrecord_t *rec, void *obj)
break;
}
done:
if(rsgt_read_debug)
printf("debug: rsgt_tlvRecDecode returned %d, tlvtype %4.4x\n", r, (unsigned) rec->tlvtype);
if(r == 0 && rsgt_read_debug)
printf("debug: tlvRecDecode returned %d, tlvtype %4.4x\n", r, (unsigned) rec->tlvtype);
return r;
}
@ -652,14 +668,15 @@ rsgt_tlvrdRecHash(FILE *fp, FILE *outfp, imprint_t **imp)
if(rec.tlvtype != 0x0902) {
r = RSGTE_MISS_REC_HASH;
rsgt_objfree(rec.tlvtype, *imp);
*imp = NULL;
goto done;
}
if(outfp != NULL)
if((r = rsgt_tlvwrite(outfp, &rec)) != 0) goto done;
r = 0;
done:
if(rsgt_read_debug)
printf("debug: rsgt_tlvrdRecHash returned %d, rec->tlvtype %4.4x\n", r, (unsigned) rec.tlvtype);
if(r == 0 && rsgt_read_debug)
printf("debug: tlvrdRecHash returned %d, rec->tlvtype %4.4x\n", r, (unsigned) rec.tlvtype);
return r;
}
@ -673,14 +690,15 @@ rsgt_tlvrdTreeHash(FILE *fp, FILE *outfp, imprint_t **imp)
if(rec.tlvtype != 0x0903) {
r = RSGTE_MISS_TREE_HASH;
rsgt_objfree(rec.tlvtype, *imp);
*imp = NULL;
goto done;
}
if(outfp != NULL)
if((r = rsgt_tlvwrite(outfp, &rec)) != 0) goto done;
r = 0;
done:
if(rsgt_read_debug)
printf("debug: rsgt_tlvrdTreeHash returned %d, rec->tlvtype %4.4x\n", r, (unsigned) rec.tlvtype);
if(r == 0 && rsgt_read_debug)
printf("debug: tlvrdTreeHash returned %d, rec->tlvtype %4.4x\n", r, (unsigned) rec.tlvtype);
return r;
}
@ -847,6 +865,10 @@ rsgt_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose)
void
rsgt_objfree(uint16_t tlvtype, void *obj)
{
// check if obj is valid
if (obj == NULL )
return;
switch(tlvtype) {
case 0x0901:
free(((block_hdr_t*)obj)->iv);
@ -1061,10 +1083,12 @@ rsgt_vrfy_chkTreeHash(gtfile gf, FILE *sigfp, FILE *nsigfp,
}
r = 0;
done:
if(rsgt_read_debug)
printf("debug: rsgt_vrfy_chkTreeHash returned %d, hashID=%d, Length=%d\n", r, imp->hashID, hashOutputLengthOctets(imp->hashID));
if(imp != NULL)
if(imp != NULL) {
if(rsgt_read_debug)
printf("debug: rsgt_vrfy_chkTreeHash returned %d, hashID=%d, Length=%d\n", r, imp->hashID, hashOutputLengthOctets(imp->hashID));
/* Free memory */
rsgt_objfree(0x0903, imp);
}
return r;
}
@ -1253,7 +1277,12 @@ verifyBLOCK_HDR(FILE *sigfp, FILE *nsigfp)
}
if (nsigfp != NULL)
if ((r = rsgt_tlvwrite(nsigfp, &rec)) != 0) goto done;
done: rsgt_objfree(rec.tlvtype, bh);
done:
/* if (r == 0 || r == RSGTE_IO)*/ {
/* Only free memory if return is OK or error was RSGTE_IO was (happened in rsksi_tlvwrite) */
if (bh != NULL)
rsgt_objfree(rec.tlvtype, bh);
}
if(rsgt_read_debug)
printf("debug: verifyBLOCK_HDR returned %d\n", r);
return r;
@ -1373,6 +1402,7 @@ int rsgt_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose)
/* Free mem*/
free(imp->data);
free(imp);
imp = NULL;
break;
case 0x0902:
/* Split Data into HEADER and BLOCK */
@ -1389,7 +1419,7 @@ int rsgt_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose)
}
/* Check OLD encoded HASH ALGO */
CHKr(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
CHKrDecode(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
if(!(subrec.tlvtype == 0x00 && subrec.tlvlen == 1)) {
r = RSGTE_FMT;
goto donedecode;
@ -1397,7 +1427,7 @@ int rsgt_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose)
bh->hashID = subrec.data[0];
/* Check OLD encoded BLOCK_IV */
CHKr(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
CHKrDecode(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
if(!(subrec.tlvtype == 0x01)) {
r = RSGTE_INVLTYP;
goto donedecode;
@ -1406,7 +1436,7 @@ int rsgt_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose)
memcpy(bh->iv, subrec.data, subrec.tlvlen);
/* Check OLD encoded LAST HASH */
CHKr(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
CHKrDecode(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
if(!(subrec.tlvtype == 0x02)) { r = RSGTE_INVLTYP; goto donedecode; }
bh->lastHash.hashID = subrec.data[0];
if(subrec.tlvlen != 1 + hashOutputLengthOctets(bh->lastHash.hashID)) {
@ -1421,7 +1451,7 @@ int rsgt_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose)
rsgt_printBLOCK_HDR(stdout, bh, verbose);
/* Check OLD encoded COUNT */
CHKr(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
CHKrDecode(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
if(!(subrec.tlvtype == 0x03 && subrec.tlvlen <= 8)) { r = RSGTE_INVLTYP; goto donedecode; }
bs->recCount = 0;
for(i = 0 ; i < subrec.tlvlen ; ++i) {
@ -1429,13 +1459,12 @@ int rsgt_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose)
}
/* Check OLD encoded SIG */
CHKr(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
CHKrDecode(rsgt_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
if(!(subrec.tlvtype == 0x0906)) { r = RSGTE_INVLTYP; goto donedecode; }
bs->sig.der.len = subrec.tlvlen;
bs->sigID = SIGID_RFC3161;
if((bs->sig.der.data = (uint8_t*)malloc(bs->sig.der.len)) == NULL) {r=RSGTE_OOM;goto donedecode;}
memcpy(bs->sig.der.data, subrec.data, bs->sig.der.len);
r = 0;
/* Debug output */
rsgt_printBLOCK_SIG(stdout, bs, verbose);
@ -1453,48 +1482,37 @@ int rsgt_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose)
2 + hashOutputLengthOctets(bh->hashID) /* iv */ +
2 + 1 + bh->lastHash.len /* last hash */;
/* write top-level TLV object block-hdr */
r = rsgt_tlv16Write(newsigfp, 0x00, 0x0901, tlvlen);
CHKrDecode(rsgt_tlv16Write(newsigfp, 0x00, 0x0901, tlvlen));
/* and now write the children */
/* hash-algo */
r = rsgt_tlv8Write(newsigfp, 0x00, 0x01, 1);
if(r != 0) goto done;
r = rsgt_tlvfileAddOctet(newsigfp, hashIdentifier(bh->hashID));
if(r != 0) goto done;
CHKrDecode(rsgt_tlv8Write(newsigfp, 0x00, 0x01, 1));
CHKrDecode(rsgt_tlvfileAddOctet(newsigfp, hashIdentifier(bh->hashID)));
/* block-iv */
r = rsgt_tlv8Write(newsigfp, 0x00, 0x02, hashOutputLengthOctets(bh->hashID));
if(r != 0) goto done;
r = rsgt_tlvfileAddOctetString(newsigfp, bh->iv, hashOutputLengthOctets(bh->hashID));
if(r != 0) goto done;
CHKrDecode(rsgt_tlv8Write(newsigfp, 0x00, 0x02, hashOutputLengthOctets(bh->hashID)));
CHKrDecode(rsgt_tlvfileAddOctetString(newsigfp, bh->iv, hashOutputLengthOctets(bh->hashID)));
/* last-hash */
r = rsgt_tlv8Write(newsigfp, 0x00, 0x03, bh->lastHash.len + 1);
if(r != 0) goto done;
r = rsgt_tlvfileAddOctet(newsigfp, bh->lastHash.hashID);
if(r != 0) goto done;
r = rsgt_tlvfileAddOctetString(newsigfp, bh->lastHash.data, bh->lastHash.len);
if(r != 0) goto done;
CHKrDecode(rsgt_tlv8Write(newsigfp, 0x00, 0x03, bh->lastHash.len + 1));
CHKrDecode(rsgt_tlvfileAddOctet(newsigfp, bh->lastHash.hashID));
CHKrDecode(rsgt_tlvfileAddOctetString(newsigfp, bh->lastHash.data, bh->lastHash.len));
/* Create Block Signature */
tlvlenRecords = rsgt_tlvGetInt64OctetSize(bs->recCount);
tlvlen = 2 + tlvlenRecords /* rec-count */ +
4 + bs->sig.der.len /* rfc-3161 */;
/* write top-level TLV object (block-sig */
r = rsgt_tlv16Write(newsigfp, 0x00, 0x0904, tlvlen);
if(r != 0) goto done;
CHKrDecode(rsgt_tlv16Write(newsigfp, 0x00, 0x0904, tlvlen));
/* and now write the children */
/* rec-count */
r = rsgt_tlv8Write(newsigfp, 0x00, 0x01, tlvlenRecords);
if(r != 0) goto done;
r = rsgt_tlvfileAddInt64(newsigfp, bs->recCount);
if(r != 0) goto done;
CHKrDecode(rsgt_tlv8Write(newsigfp, 0x00, 0x01, tlvlenRecords));
CHKrDecode(rsgt_tlvfileAddInt64(newsigfp, bs->recCount));
/* rfc-3161 */
r = rsgt_tlv16Write(newsigfp, 0x00, 0x906, bs->sig.der.len);
if(r != 0) goto done;
r = rsgt_tlvfileAddOctetString(newsigfp, bs->sig.der.data, bs->sig.der.len);
CHKrDecode(rsgt_tlv16Write(newsigfp, 0x00, 0x906, bs->sig.der.len));
CHKrDecode(rsgt_tlvfileAddOctetString(newsigfp, bs->sig.der.data, bs->sig.der.len));
donedecode:
/* Set back to OLD default */
RSGT_FLAG_TLV16_RUNTIME = 0x20;
donedecode:
/* Free mem*/
if (bh != NULL) {
free(bh->iv);

29
runtime/librsksi.c
View File

@ -156,7 +156,7 @@ rsksiExit(void)
static inline ksifile
rsksifileConstruct(rsksictx ctx)
{
ksifile ksi;
ksifile ksi = NULL;
if((ksi = calloc(1, sizeof(struct ksifile_s))) == NULL)
goto done;
ksi->ctx = ctx;
@ -359,25 +359,18 @@ tlvWriteBlockHdrKSI(ksifile ksi) {
2 + hashOutputLengthOctetsKSI(ksi->hashAlg) /* iv */ +
2 + 1 + ksi->x_prev->len /* last hash */;
/* write top-level TLV object block-hdr */
r = tlv16WriteKSI(ksi, 0x00, 0x0901, tlvlen);
CHKr(tlv16WriteKSI(ksi, 0x00, 0x0901, tlvlen));
/* and now write the children */
/* hash-algo */
r = tlv8WriteKSI(ksi, 0x00, 0x01, 1);
if(r != 0) goto done;
r = tlvbufAddOctet(ksi, hashIdentifierKSI(ksi->hashAlg));
if(r != 0) goto done;
CHKr(tlv8WriteKSI(ksi, 0x00, 0x01, 1));
CHKr(tlvbufAddOctet(ksi, hashIdentifierKSI(ksi->hashAlg)));
/* block-iv */
r = tlv8WriteKSI(ksi, 0x00, 0x02, hashOutputLengthOctetsKSI(ksi->hashAlg));
if(r != 0) goto done;
r = tlvbufAddOctetString(ksi, ksi->IV, hashOutputLengthOctetsKSI(ksi->hashAlg));
if(r != 0) goto done;
CHKr(tlv8WriteKSI(ksi, 0x00, 0x02, hashOutputLengthOctetsKSI(ksi->hashAlg)));
CHKr(tlvbufAddOctetString(ksi, ksi->IV, hashOutputLengthOctetsKSI(ksi->hashAlg)));
/* last-hash */
r = tlv8WriteKSI(ksi, 0x00, 0x03, ksi->x_prev->len + 1);
if(r != 0) goto done;
r = tlvbufAddOctet(ksi, ksi->x_prev->hashID);
if(r != 0) goto done;
r = tlvbufAddOctetString(ksi, ksi->x_prev->data, ksi->x_prev->len);
if(r != 0) goto done;
CHKr(tlv8WriteKSI(ksi, 0x00, 0x03, ksi->x_prev->len + 1));
CHKr(tlvbufAddOctet(ksi, ksi->x_prev->hashID));
CHKr(tlvbufAddOctetString(ksi, ksi->x_prev->data, ksi->x_prev->len));
done: return r;
}
@ -439,6 +432,7 @@ readStateFile(ksifile ksi)
if (ksi->x_prev->data == NULL) {
free(ksi->x_prev);
ksi->x_prev = NULL;
goto err;
}
if(read(fd, ksi->x_prev->data, ksi->x_prev->len)
@ -451,7 +445,6 @@ readStateFile(ksifile ksi)
return;
err:
ksi->x_prev = malloc(sizeof(imprint_t));
ksi->x_prev->hashID = hashIdentifierKSI(ksi->hashAlg);
ksi->x_prev->len = hashOutputLengthOctetsKSI(ksi->hashAlg);
@ -587,6 +580,8 @@ rsksiCtxOpenFile(rsksictx ctx, unsigned char *logfn)
ksi->statefilename = (uchar*) strdup(fn);
if(tlvOpenKSI(ksi, LOGSIGHDR, sizeof(LOGSIGHDR)-1) != 0) {
reportErr(ctx, "signature file open failed");
/* Free memory */
free(ksi);
ksi = NULL;
}
done: return ksi;

135
runtime/librsksi_read.c
View File

@ -63,10 +63,6 @@ uint8_t rsksi_read_showVerified = 0;
goto done; \
}
/* check return state of operation and abort, if non-OK */
#define CHKr(code) if((r = code) != 0) goto done
/* if verbose==0, only the first and last two octets are shown,
* otherwise everything.
*/
@ -391,11 +387,12 @@ rsksi_tlvRecRead(FILE *fp, tlvrecord_t *rec)
goto done;
}
if(rsksi_read_debug)
printf("debug: read tlvtype %4.4x, len %u\n", (unsigned) rec->tlvtype,
(unsigned) rec->tlvlen);
r = 0;
done: return r;
if(r == 0 && rsksi_read_debug)
/* Only show debug if no fail */
printf("debug: read tlvtype %4.4x, len %u\n", (unsigned) rec->tlvtype,
(unsigned) rec->tlvlen);
}
/* decode a sub-tlv record from an existing record's memory buffer
@ -448,7 +445,7 @@ static int
rsksi_tlvDecodeIMPRINT(tlvrecord_t *rec, imprint_t **imprint)
{
int r = 1;
imprint_t *imp;
imprint_t *imp = NULL;
if((imp = calloc(1, sizeof(imprint_t))) == NULL) {
r = RSGTE_OOM;
@ -466,8 +463,14 @@ rsksi_tlvDecodeIMPRINT(tlvrecord_t *rec, imprint_t **imprint)
*imprint = imp;
r = 0;
done:
if(rsksi_read_debug)
printf("debug: read tlvDecodeIMPRINT returned %d TLVLen=%d, HashID=%d\n", r, rec->tlvlen, imp->hashID);
if(r == 0) {
if (rsksi_read_debug)
printf("debug: read tlvDecodeIMPRINT returned %d TLVLen=%d, HashID=%d\n", r, rec->tlvlen, imp->hashID);
} else {
/* Free memory on FAIL!*/
if (imp != NULL)
rsksi_objfree(rec->tlvtype, imp);
}
return r;
}
@ -560,7 +563,7 @@ rsksi_tlvDecodeBLOCK_HDR(tlvrecord_t *rec, block_hdr_t **blockhdr)
{
int r = 1;
uint16_t strtidx = 0;
block_hdr_t *bh;
block_hdr_t *bh = NULL;
if((bh = calloc(1, sizeof(block_hdr_t))) == NULL) {
r = RSGTE_OOM;
goto done;
@ -574,7 +577,16 @@ rsksi_tlvDecodeBLOCK_HDR(tlvrecord_t *rec, block_hdr_t **blockhdr)
}
*blockhdr = bh;
r = 0;
done: return r;
done:
if (r == 0) {
if(rsksi_read_debug)
printf("debug: tlvDecodeBLOCK_HDR returned %d, tlvtype %4.4x\n", r, (unsigned) rec->tlvtype);
} else {
/* Free memory on FAIL!*/
if (bh != NULL)
rsksi_objfree(rec->tlvtype, bh);
}
return r;
}
static int
@ -582,7 +594,7 @@ rsksi_tlvDecodeBLOCK_SIG(tlvrecord_t *rec, block_sig_t **blocksig)
{
int r = 1;
uint16_t strtidx = 0;
block_sig_t *bs;
block_sig_t *bs = NULL;
if((bs = calloc(1, sizeof(block_sig_t))) == NULL) {
r = RSGTE_OOM;
goto done;
@ -595,7 +607,16 @@ rsksi_tlvDecodeBLOCK_SIG(tlvrecord_t *rec, block_sig_t **blocksig)
}
*blocksig = bs;
r = 0;
done: return r;
done:
if(r == 0) {
if (rsksi_read_debug)
printf("debug: rsksi_tlvDecodeBLOCK_SIG returned %d, tlvtype %4.4x\n", r, (unsigned) rec->tlvtype);
} else {
/* Free memory on FAIL!*/
if (bs != NULL)
rsksi_objfree(rec->tlvtype, bs);
}
return r;
}
static int
rsksi_tlvRecDecode(tlvrecord_t *rec, void *obj)
@ -617,8 +638,8 @@ rsksi_tlvRecDecode(tlvrecord_t *rec, void *obj)
break;
}
done:
if(rsksi_read_debug)
printf("debug: read tlvRecDecode returned %d \n", r);
if(r == 0 && rsksi_read_debug)
printf("debug: tlvRecDecode returned %d, tlvtype %4.4x\n", r, (unsigned) rec->tlvtype);
return r;
}
@ -632,12 +653,16 @@ rsksi_tlvrdRecHash(FILE *fp, FILE *outfp, imprint_t **imp)
if(rec.tlvtype != 0x0902) {
r = RSGTE_MISS_REC_HASH;
rsksi_objfree(rec.tlvtype, *imp);
*imp = NULL;
goto done;
}
if(outfp != NULL)
if((r = rsksi_tlvwrite(outfp, &rec)) != 0) goto done;
r = 0;
done: return r;
done:
if(r == 0 && rsksi_read_debug)
printf("debug: tlvrdRecHash returned %d, rec->tlvtype %4.4x\n", r, (unsigned) rec.tlvtype);
return r;
}
static int
@ -650,12 +675,16 @@ rsksi_tlvrdTreeHash(FILE *fp, FILE *outfp, imprint_t **imp)
if(rec.tlvtype != 0x0903) {
r = RSGTE_MISS_TREE_HASH;
rsksi_objfree(rec.tlvtype, *imp);
*imp = NULL;
goto done;
}
if(outfp != NULL)
if((r = rsksi_tlvwrite(outfp, &rec)) != 0) goto done;
r = 0;
done: return r;
done:
if(r == 0 && rsksi_read_debug)
printf("debug: tlvrdTreeHash returned %d, rec->tlvtype %4.4x\n", r, (unsigned) rec.tlvtype);
return r;
}
/* read BLOCK_SIG during verification phase */
@ -821,6 +850,10 @@ rsksi_tlvprint(FILE *fp, uint16_t tlvtype, void *obj, uint8_t verbose)
void
rsksi_objfree(uint16_t tlvtype, void *obj)
{
// check if obj is valid
if (obj == NULL )
return;
switch(tlvtype) {
case 0x0901:
free(((block_hdr_t*)obj)->iv);
@ -1049,8 +1082,12 @@ rsksi_vrfy_chkTreeHash(ksifile ksi, FILE *sigfp, FILE *nsigfp,
}
r = 0;
done:
if(imp != NULL)
if(imp != NULL) {
if(rsgt_read_debug)
printf("debug: rsgt_vrfy_chkTreeHash returned %d, hashID=%d, Length=%d\n", r, imp->hashID, hashOutputLengthOctets(imp->hashID));
/* Free memory */
rsksi_objfree(0x0903, imp);
}
return r;
}
@ -1252,7 +1289,14 @@ verifyBLOCK_HDRKSI(FILE *sigfp, FILE *nsigfp)
}
if (nsigfp != NULL)
if ((r = rsksi_tlvwrite(nsigfp, &rec)) != 0) goto done;
done: rsksi_objfree(rec.tlvtype, bh);
done:
/*if (r == 0 || r == RSGTE_IO) */ {
/* Only free memory if return is OK or error was RSGTE_IO was (happened in rsksi_tlvwrite) */
if (bh != NULL)
rsksi_objfree(rec.tlvtype, bh);
}
if(rsksi_read_debug)
printf("debug: verifyBLOCK_HDRKSI returned %d\n", r);
return r;
}
@ -1394,6 +1438,7 @@ int rsksi_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose
/* Free mem*/
free(imp->data);
free(imp);
imp = NULL;
break;
case 0x0902:
/* Split Data into HEADER and BLOCK */
@ -1410,7 +1455,7 @@ int rsksi_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose
}
/* Check OLD encoded HASH ALGO */
CHKr(rsksi_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
CHKrDecode(rsksi_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
if(!(subrec.tlvtype == 0x00 && subrec.tlvlen == 1)) {
r = RSGTE_FMT;
goto donedecode;
@ -1418,7 +1463,7 @@ int rsksi_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose
bh->hashID = subrec.data[0];
/* Check OLD encoded BLOCK_IV */
CHKr(rsksi_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
CHKrDecode(rsksi_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
if(!(subrec.tlvtype == 0x01)) {
r = RSGTE_INVLTYP;
goto donedecode;
@ -1427,7 +1472,7 @@ int rsksi_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose
memcpy(bh->iv, subrec.data, subrec.tlvlen);
/* Check OLD encoded LAST HASH */
CHKr(rsksi_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
CHKrDecode(rsksi_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
if(!(subrec.tlvtype == 0x02)) { r = RSGTE_INVLTYP; goto donedecode; }
bh->lastHash.hashID = subrec.data[0];
if(subrec.tlvlen != 1 + hashOutputLengthOctetsKSI(bh->lastHash.hashID)) {
@ -1442,7 +1487,7 @@ int rsksi_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose
rsksi_printBLOCK_HDR(stdout, bh, verbose);
/* Check OLD encoded COUNT */
CHKr(rsksi_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
CHKrDecode(rsksi_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
if(!(subrec.tlvtype == 0x03 && subrec.tlvlen <= 8)) { r = RSGTE_INVLTYP; goto donedecode; }
bs->recCount = 0;
for(i = 0 ; i < subrec.tlvlen ; ++i) {
@ -1450,13 +1495,12 @@ int rsksi_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose
}
/* Check OLD encoded SIG */
CHKr(rsksi_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
CHKrDecode(rsksi_tlvDecodeSUBREC(&rec, &strtidx, &subrec));
if(!(subrec.tlvtype == 0x0906)) { r = RSGTE_INVLTYP; goto donedecode; }
bs->sig.der.len = subrec.tlvlen;
bs->sigID = SIGID_RFC3161;
if((bs->sig.der.data = (uint8_t*)malloc(bs->sig.der.len)) == NULL) {r=RSGTE_OOM;goto donedecode;}
memcpy(bs->sig.der.data, subrec.data, bs->sig.der.len);
r = 0;
/* Debug output */
rsksi_printBLOCK_SIG(stdout, bs, verbose);
@ -1474,48 +1518,37 @@ int rsksi_ConvertSigFile(char* name, FILE *oldsigfp, FILE *newsigfp, int verbose
2 + hashOutputLengthOctetsKSI(bh->hashID) /* iv */ +
2 + 1 + bh->lastHash.len /* last hash */;
/* write top-level TLV object block-hdr */
r = rsksi_tlv16Write(newsigfp, 0x00, 0x0901, tlvlen);
CHKrDecode(rsksi_tlv16Write(newsigfp, 0x00, 0x0901, tlvlen));
/* and now write the children */
/* hash-algo */
r = rsksi_tlv8Write(newsigfp, 0x00, 0x01, 1);
if(r != 0) goto done;
r = rsksi_tlvfileAddOctet(newsigfp, hashIdentifierKSI(bh->hashID));
if(r != 0) goto done;
CHKrDecode(rsksi_tlv8Write(newsigfp, 0x00, 0x01, 1));
CHKrDecode(rsksi_tlvfileAddOctet(newsigfp, hashIdentifierKSI(bh->hashID)));
/* block-iv */
r = rsksi_tlv8Write(newsigfp, 0x00, 0x02, hashOutputLengthOctetsKSI(bh->hashID));
if(r != 0) goto done;
r = rsksi_tlvfileAddOctetString(newsigfp, bh->iv, hashOutputLengthOctetsKSI(bh->hashID));
if(r != 0) goto done;
CHKrDecode(rsksi_tlv8Write(newsigfp, 0x00, 0x02, hashOutputLengthOctetsKSI(bh->hashID)));
CHKrDecode(rsksi_tlvfileAddOctetString(newsigfp, bh->iv, hashOutputLengthOctetsKSI(bh->hashID)));
/* last-hash */
r = rsksi_tlv8Write(newsigfp, 0x00, 0x03, bh->lastHash.len + 1);
if(r != 0) goto done;
r = rsksi_tlvfileAddOctet(newsigfp, bh->lastHash.hashID);
if(r != 0) goto done;
r = rsksi_tlvfileAddOctetString(newsigfp, bh->lastHash.data, bh->lastHash.len);
if(r != 0) goto done;
CHKrDecode(rsksi_tlv8Write(newsigfp, 0x00, 0x03, bh->lastHash.len + 1));
CHKrDecode(rsksi_tlvfileAddOctet(newsigfp, bh->lastHash.hashID));
CHKrDecode(rsksi_tlvfileAddOctetString(newsigfp, bh->lastHash.data, bh->lastHash.len));
/* Create Block Signature */
tlvlenRecords = rsksi_tlvGetInt64OctetSize(bs->recCount);
tlvlen = 2 + tlvlenRecords /* rec-count */ +
4 + bs->sig.der.len /* rfc-3161 */;
/* write top-level TLV object (block-sig */
r = rsksi_tlv16Write(newsigfp, 0x00, 0x0904, tlvlen);
if(r != 0) goto done;
CHKrDecode(rsksi_tlv16Write(newsigfp, 0x00, 0x0904, tlvlen));
/* and now write the children */
/* rec-count */
r = rsksi_tlv8Write(newsigfp, 0x00, 0x01, tlvlenRecords);
if(r != 0) goto done;
r = rsksi_tlvfileAddInt64(newsigfp, bs->recCount);
if(r != 0) goto done;
CHKrDecode(rsksi_tlv8Write(newsigfp, 0x00, 0x01, tlvlenRecords));
CHKrDecode(rsksi_tlvfileAddInt64(newsigfp, bs->recCount));
/* rfc-3161 */
r = rsksi_tlv16Write(newsigfp, 0x00, 0x906, bs->sig.der.len);
if(r != 0) goto done;
r = rsksi_tlvfileAddOctetString(newsigfp, bs->sig.der.data, bs->sig.der.len);
CHKrDecode(rsksi_tlv16Write(newsigfp, 0x00, 0x906, bs->sig.der.len));
CHKrDecode(rsksi_tlvfileAddOctetString(newsigfp, bs->sig.der.data, bs->sig.der.len));
donedecode:
/* Set back to OLD default */
RSKSI_FLAG_TLV16_RUNTIME = 0x20;
donedecode:
/* Free mem*/
if (bh != NULL) {
free(bh->iv);