source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/ct/ct_log.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago

prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新
ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新
以下のOSSをアップデート
・mruby-1.3.0
・musl-1.1.18
・onigmo-6.1.3
・tcc-0.9.27
以下のOSSを追加
・openssl-1.1.0e
・curl-7.57.0
・zlib-1.2.11
以下のmrbgemsを追加
・iij/mruby-digest
・iij/mruby-env
・iij/mruby-errno
・iij/mruby-iijson
・iij/mruby-ipaddr
・iij/mruby-mock
・iij/mruby-require
・iij/mruby-tls-openssl
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc
File size: 7.2 KB
Line 
1/*
2 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdlib.h>
11#include <string.h>
12
13#include <openssl/conf.h>
14#include <openssl/ct.h>
15#include <openssl/err.h>
16#include <openssl/evp.h>
17#include <openssl/safestack.h>
18
19#include "internal/cryptlib.h"
20
21/*
22 * Information about a CT log server.
23 */
24struct ctlog_st {
25 char *name;
26 uint8_t log_id[CT_V1_HASHLEN];
27 EVP_PKEY *public_key;
28};
29
30/*
31 * A store for multiple CTLOG instances.
32 * It takes ownership of any CTLOG instances added to it.
33 */
34struct ctlog_store_st {
35 STACK_OF(CTLOG) *logs;
36};
37
38/* The context when loading a CT log list from a CONF file. */
39typedef struct ctlog_store_load_ctx_st {
40 CTLOG_STORE *log_store;
41 CONF *conf;
42 size_t invalid_log_entries;
43} CTLOG_STORE_LOAD_CTX;
44
45/*
46 * Creates an empty context for loading a CT log store.
47 * It should be populated before use.
48 */
49static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new();
50
51/*
52 * Deletes a CT log store load context.
53 * Does not delete any of the fields.
54 */
55static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx);
56
57static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new()
58{
59 CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
60
61 if (ctx == NULL)
62 CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE);
63
64 return ctx;
65}
66
67static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx)
68{
69 OPENSSL_free(ctx);
70}
71
72/* Converts a log's public key into a SHA256 log ID */
73static int ct_v1_log_id_from_pkey(EVP_PKEY *pkey,
74 unsigned char log_id[CT_V1_HASHLEN])
75{
76 int ret = 0;
77 unsigned char *pkey_der = NULL;
78 int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der);
79
80 if (pkey_der_len <= 0) {
81 CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID);
82 goto err;
83 }
84
85 SHA256(pkey_der, pkey_der_len, log_id);
86 ret = 1;
87err:
88 OPENSSL_free(pkey_der);
89 return ret;
90}
91
92CTLOG_STORE *CTLOG_STORE_new(void)
93{
94 CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
95
96 if (ret == NULL) {
97 CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE);
98 return NULL;
99 }
100
101 ret->logs = sk_CTLOG_new_null();
102 if (ret->logs == NULL)
103 goto err;
104
105 return ret;
106err:
107 OPENSSL_free(ret);
108 return NULL;
109}
110
111void CTLOG_STORE_free(CTLOG_STORE *store)
112{
113 if (store != NULL) {
114 sk_CTLOG_pop_free(store->logs, CTLOG_free);
115 OPENSSL_free(store);
116 }
117}
118
119static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section)
120{
121 const char *description = NCONF_get_string(conf, section, "description");
122 char *pkey_base64;
123
124 if (description == NULL) {
125 CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION);
126 return 0;
127 }
128
129 pkey_base64 = NCONF_get_string(conf, section, "key");
130 if (pkey_base64 == NULL) {
131 CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY);
132 return 0;
133 }
134
135 return CTLOG_new_from_base64(ct_log, pkey_base64, description);
136}
137
138int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
139{
140 const char *fpath = getenv(CTLOG_FILE_EVP);
141
142 if (fpath == NULL)
143 fpath = CTLOG_FILE;
144
145 return CTLOG_STORE_load_file(store, fpath);
146}
147
148/*
149 * Called by CONF_parse_list, which stops if this returns <= 0,
150 * Otherwise, one bad log entry would stop loading of any of
151 * the following log entries.
152 * It may stop parsing and returns -1 on any internal (malloc) error.
153 */
154static int ctlog_store_load_log(const char *log_name, int log_name_len,
155 void *arg)
156{
157 CTLOG_STORE_LOAD_CTX *load_ctx = arg;
158 CTLOG *ct_log = NULL;
159 /* log_name may not be null-terminated, so fix that before using it */
160 char *tmp;
161 int ret = 0;
162
163 /* log_name will be NULL for empty list entries */
164 if (log_name == NULL)
165 return 1;
166
167 tmp = OPENSSL_strndup(log_name, log_name_len);
168 if (tmp == NULL)
169 goto mem_err;
170
171 ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp);
172 OPENSSL_free(tmp);
173
174 if (ret < 0) {
175 /* Propagate any internal error */
176 return ret;
177 }
178 if (ret == 0) {
179 /* If we can't load this log, record that fact and skip it */
180 ++load_ctx->invalid_log_entries;
181 return 1;
182 }
183
184 if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) {
185 goto mem_err;
186 }
187 return 1;
188
189mem_err:
190 CTLOG_free(ct_log);
191 CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE);
192 return -1;
193}
194
195int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file)
196{
197 int ret = 0;
198 char *enabled_logs;
199 CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new();
200
201 load_ctx->log_store = store;
202 load_ctx->conf = NCONF_new(NULL);
203 if (load_ctx->conf == NULL)
204 goto end;
205
206 if (NCONF_load(load_ctx->conf, file, NULL) <= 0) {
207 CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
208 goto end;
209 }
210
211 enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs");
212 if (enabled_logs == NULL) {
213 CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
214 goto end;
215 }
216
217 if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) ||
218 load_ctx->invalid_log_entries > 0) {
219 CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
220 goto end;
221 }
222
223 ret = 1;
224end:
225 NCONF_free(load_ctx->conf);
226 ctlog_store_load_ctx_free(load_ctx);
227 return ret;
228}
229
230/*
231 * Initialize a new CTLOG object.
232 * Takes ownership of the public key.
233 * Copies the name.
234 */
235CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name)
236{
237 CTLOG *ret = OPENSSL_zalloc(sizeof(*ret));
238
239 if (ret == NULL) {
240 CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
241 return NULL;
242 }
243
244 ret->name = OPENSSL_strdup(name);
245 if (ret->name == NULL) {
246 CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
247 goto err;
248 }
249
250 if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
251 goto err;
252
253 ret->public_key = public_key;
254 return ret;
255err:
256 CTLOG_free(ret);
257 return NULL;
258}
259
260/* Frees CT log and associated structures */
261void CTLOG_free(CTLOG *log)
262{
263 if (log != NULL) {
264 OPENSSL_free(log->name);
265 EVP_PKEY_free(log->public_key);
266 OPENSSL_free(log);
267 }
268}
269
270const char *CTLOG_get0_name(const CTLOG *log)
271{
272 return log->name;
273}
274
275void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
276 size_t *log_id_len)
277{
278 *log_id = log->log_id;
279 *log_id_len = CT_V1_HASHLEN;
280}
281
282EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log)
283{
284 return log->public_key;
285}
286
287/*
288 * Given a log ID, finds the matching log.
289 * Returns NULL if no match found.
290 */
291const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
292 const uint8_t *log_id,
293 size_t log_id_len)
294{
295 int i;
296
297 for (i = 0; i < sk_CTLOG_num(store->logs); ++i) {
298 const CTLOG *log = sk_CTLOG_value(store->logs, i);
299 if (memcmp(log->log_id, log_id, log_id_len) == 0)
300 return log;
301 }
302
303 return NULL;
304}
Note: See TracBrowser for help on using the repository browser.