store_lib.c 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023
  1. /*
  2. * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdlib.h>
  10. #include <string.h>
  11. #include <assert.h>
  12. /* We need to use some STORE deprecated APIs */
  13. #define OPENSSL_SUPPRESS_DEPRECATED
  14. #include "internal/e_os.h"
  15. #include <openssl/crypto.h>
  16. #include <openssl/err.h>
  17. #include <openssl/trace.h>
  18. #include <openssl/core_names.h>
  19. #include <openssl/provider.h>
  20. #include <openssl/param_build.h>
  21. #include <openssl/store.h>
  22. #include "internal/thread_once.h"
  23. #include "internal/cryptlib.h"
  24. #include "internal/provider.h"
  25. #include "internal/bio.h"
  26. #include "crypto/store.h"
  27. #include "store_local.h"
  28. static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
  29. static int loader_set_params(OSSL_STORE_LOADER *loader,
  30. OSSL_STORE_LOADER_CTX *loader_ctx,
  31. const OSSL_PARAM params[], const char *propq)
  32. {
  33. if (params != NULL) {
  34. if (!loader->p_set_ctx_params(loader_ctx, params))
  35. return 0;
  36. }
  37. if (propq != NULL) {
  38. OSSL_PARAM propp[2];
  39. if (OSSL_PARAM_locate_const(params,
  40. OSSL_STORE_PARAM_PROPERTIES) != NULL)
  41. /* use the propq from params */
  42. return 1;
  43. propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
  44. (char *)propq, 0);
  45. propp[1] = OSSL_PARAM_construct_end();
  46. if (!loader->p_set_ctx_params(loader_ctx, propp))
  47. return 0;
  48. }
  49. return 1;
  50. }
  51. OSSL_STORE_CTX *
  52. OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
  53. const UI_METHOD *ui_method, void *ui_data,
  54. const OSSL_PARAM params[],
  55. OSSL_STORE_post_process_info_fn post_process,
  56. void *post_process_data)
  57. {
  58. const OSSL_STORE_LOADER *loader = NULL;
  59. OSSL_STORE_LOADER *fetched_loader = NULL;
  60. OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
  61. OSSL_STORE_CTX *ctx = NULL;
  62. char *propq_copy = NULL;
  63. int no_loader_found = 1;
  64. char scheme_copy[256], *p, *schemes[2], *scheme = NULL;
  65. size_t schemes_n = 0;
  66. size_t i;
  67. /*
  68. * Put the file scheme first. If the uri does represent an existing file,
  69. * possible device name and all, then it should be loaded. Only a failed
  70. * attempt at loading a local file should have us try something else.
  71. */
  72. schemes[schemes_n++] = "file";
  73. /*
  74. * Now, check if we have something that looks like a scheme, and add it
  75. * as a second scheme. However, also check if there's an authority start
  76. * (://), because that will invalidate the previous file scheme. Also,
  77. * check that this isn't actually the file scheme, as there's no point
  78. * going through that one twice!
  79. */
  80. OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
  81. if ((p = strchr(scheme_copy, ':')) != NULL) {
  82. *p++ = '\0';
  83. if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) {
  84. if (HAS_PREFIX(p, "//"))
  85. schemes_n--; /* Invalidate the file scheme */
  86. schemes[schemes_n++] = scheme_copy;
  87. }
  88. }
  89. ERR_set_mark();
  90. /*
  91. * Try each scheme until we find one that could open the URI.
  92. *
  93. * For each scheme, we look for the engine implementation first, and
  94. * failing that, we then try to fetch a provided implementation.
  95. * This is consistent with how we handle legacy / engine implementations
  96. * elsewhere.
  97. */
  98. for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
  99. scheme = schemes[i];
  100. OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
  101. #ifndef OPENSSL_NO_DEPRECATED_3_0
  102. ERR_set_mark();
  103. if ((loader = ossl_store_get0_loader_int(scheme)) != NULL) {
  104. ERR_clear_last_mark();
  105. no_loader_found = 0;
  106. if (loader->open_ex != NULL)
  107. loader_ctx = loader->open_ex(loader, uri, libctx, propq,
  108. ui_method, ui_data);
  109. else
  110. loader_ctx = loader->open(loader, uri, ui_method, ui_data);
  111. } else {
  112. ERR_pop_to_mark();
  113. }
  114. #endif
  115. if (loader == NULL
  116. && (fetched_loader =
  117. OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) {
  118. const OSSL_PROVIDER *provider =
  119. OSSL_STORE_LOADER_get0_provider(fetched_loader);
  120. void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
  121. no_loader_found = 0;
  122. loader_ctx = fetched_loader->p_open(provctx, uri);
  123. if (loader_ctx == NULL) {
  124. OSSL_STORE_LOADER_free(fetched_loader);
  125. fetched_loader = NULL;
  126. } else if (!loader_set_params(fetched_loader, loader_ctx,
  127. params, propq)) {
  128. (void)fetched_loader->p_close(loader_ctx);
  129. OSSL_STORE_LOADER_free(fetched_loader);
  130. fetched_loader = NULL;
  131. }
  132. loader = fetched_loader;
  133. }
  134. }
  135. if (no_loader_found)
  136. /*
  137. * It's assumed that ossl_store_get0_loader_int() and
  138. * OSSL_STORE_LOADER_fetch() report their own errors
  139. */
  140. goto err;
  141. OSSL_TRACE1(STORE, "Found loader for scheme %s\n", scheme);
  142. if (loader_ctx == NULL)
  143. /*
  144. * It's assumed that the loader's open() method reports its own
  145. * errors
  146. */
  147. goto err;
  148. OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
  149. if ((propq != NULL && (propq_copy = OPENSSL_strdup(propq)) == NULL)
  150. || (ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
  151. goto err;
  152. if (ui_method != NULL
  153. && (!ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)
  154. || !ossl_pw_enable_passphrase_caching(&ctx->pwdata))) {
  155. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
  156. goto err;
  157. }
  158. ctx->properties = propq_copy;
  159. ctx->fetched_loader = fetched_loader;
  160. ctx->loader = loader;
  161. ctx->loader_ctx = loader_ctx;
  162. ctx->post_process = post_process;
  163. ctx->post_process_data = post_process_data;
  164. /*
  165. * If the attempt to open with the 'file' scheme loader failed and the
  166. * other scheme loader succeeded, the failure to open with the 'file'
  167. * scheme loader leaves an error on the error stack. Let's remove it.
  168. */
  169. ERR_pop_to_mark();
  170. return ctx;
  171. err:
  172. ERR_clear_last_mark();
  173. if (loader_ctx != NULL) {
  174. /*
  175. * Temporary structure so OSSL_STORE_close() can work even when
  176. * |ctx| couldn't be allocated properly
  177. */
  178. OSSL_STORE_CTX tmpctx = { NULL, };
  179. tmpctx.fetched_loader = fetched_loader;
  180. tmpctx.loader = loader;
  181. tmpctx.loader_ctx = loader_ctx;
  182. /*
  183. * We ignore a returned error because we will return NULL anyway in
  184. * this case, so if something goes wrong when closing, that'll simply
  185. * just add another entry on the error stack.
  186. */
  187. (void)ossl_store_close_it(&tmpctx);
  188. }
  189. /* Coverity false positive, the reference counting is confusing it */
  190. /* coverity[pass_freed_arg] */
  191. OSSL_STORE_LOADER_free(fetched_loader);
  192. OPENSSL_free(propq_copy);
  193. OPENSSL_free(ctx);
  194. return NULL;
  195. }
  196. OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
  197. const UI_METHOD *ui_method, void *ui_data,
  198. OSSL_STORE_post_process_info_fn post_process,
  199. void *post_process_data)
  200. {
  201. return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL,
  202. post_process, post_process_data);
  203. }
  204. #ifndef OPENSSL_NO_DEPRECATED_3_0
  205. int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
  206. {
  207. va_list args;
  208. int ret;
  209. va_start(args, cmd);
  210. ret = OSSL_STORE_vctrl(ctx, cmd, args);
  211. va_end(args);
  212. return ret;
  213. }
  214. int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
  215. {
  216. if (ctx->fetched_loader != NULL) {
  217. if (ctx->fetched_loader->p_set_ctx_params != NULL) {
  218. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  219. switch (cmd) {
  220. case OSSL_STORE_C_USE_SECMEM:
  221. {
  222. int on = *(va_arg(args, int *));
  223. params[0] = OSSL_PARAM_construct_int("use_secmem", &on);
  224. }
  225. break;
  226. default:
  227. break;
  228. }
  229. return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
  230. params);
  231. }
  232. } else if (ctx->loader->ctrl != NULL) {
  233. return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
  234. }
  235. /*
  236. * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
  237. * if there was one that ignored our params, which usually returns 1.
  238. */
  239. return 1;
  240. }
  241. #endif
  242. int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
  243. {
  244. int ret = 1;
  245. if (ctx == NULL
  246. || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) {
  247. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
  248. return 0;
  249. }
  250. if (ctx->loading) {
  251. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
  252. return 0;
  253. }
  254. ctx->expected_type = expected_type;
  255. if (ctx->fetched_loader != NULL
  256. && ctx->fetched_loader->p_set_ctx_params != NULL) {
  257. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  258. params[0] =
  259. OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type);
  260. ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, params);
  261. }
  262. #ifndef OPENSSL_NO_DEPRECATED_3_0
  263. if (ctx->fetched_loader == NULL
  264. && ctx->loader->expect != NULL) {
  265. ret = ctx->loader->expect(ctx->loader_ctx, expected_type);
  266. }
  267. #endif
  268. return ret;
  269. }
  270. int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search)
  271. {
  272. int ret = 1;
  273. if (ctx->loading) {
  274. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
  275. return 0;
  276. }
  277. if (search == NULL) {
  278. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
  279. return 0;
  280. }
  281. if (ctx->fetched_loader != NULL) {
  282. OSSL_PARAM_BLD *bld;
  283. OSSL_PARAM *params;
  284. /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
  285. void *name_der = NULL;
  286. int name_der_sz;
  287. /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
  288. BIGNUM *number = NULL;
  289. if (ctx->fetched_loader->p_set_ctx_params == NULL) {
  290. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
  291. return 0;
  292. }
  293. if ((bld = OSSL_PARAM_BLD_new()) == NULL) {
  294. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
  295. return 0;
  296. }
  297. ret = 0; /* Assume the worst */
  298. switch (search->search_type) {
  299. case OSSL_STORE_SEARCH_BY_NAME:
  300. if ((name_der_sz = i2d_X509_NAME(search->name,
  301. (unsigned char **)&name_der)) > 0
  302. && OSSL_PARAM_BLD_push_octet_string(bld,
  303. OSSL_STORE_PARAM_SUBJECT,
  304. name_der, name_der_sz))
  305. ret = 1;
  306. break;
  307. case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
  308. if ((name_der_sz = i2d_X509_NAME(search->name,
  309. (unsigned char **)&name_der)) > 0
  310. && (number = ASN1_INTEGER_to_BN(search->serial, NULL)) != NULL
  311. && OSSL_PARAM_BLD_push_octet_string(bld,
  312. OSSL_STORE_PARAM_ISSUER,
  313. name_der, name_der_sz)
  314. && OSSL_PARAM_BLD_push_BN(bld, OSSL_STORE_PARAM_SERIAL,
  315. number))
  316. ret = 1;
  317. break;
  318. case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
  319. if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST,
  320. EVP_MD_get0_name(search->digest),
  321. 0)
  322. && OSSL_PARAM_BLD_push_octet_string(bld,
  323. OSSL_STORE_PARAM_FINGERPRINT,
  324. search->string,
  325. search->stringlength))
  326. ret = 1;
  327. break;
  328. case OSSL_STORE_SEARCH_BY_ALIAS:
  329. if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_ALIAS,
  330. (char *)search->string,
  331. search->stringlength))
  332. ret = 1;
  333. break;
  334. }
  335. if (ret) {
  336. params = OSSL_PARAM_BLD_to_param(bld);
  337. ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
  338. params);
  339. OSSL_PARAM_free(params);
  340. }
  341. OSSL_PARAM_BLD_free(bld);
  342. OPENSSL_free(name_der);
  343. BN_free(number);
  344. } else {
  345. #ifndef OPENSSL_NO_DEPRECATED_3_0
  346. /* legacy loader section */
  347. if (ctx->loader->find == NULL) {
  348. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
  349. return 0;
  350. }
  351. ret = ctx->loader->find(ctx->loader_ctx, search);
  352. #endif
  353. }
  354. return ret;
  355. }
  356. OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
  357. {
  358. OSSL_STORE_INFO *v = NULL;
  359. ctx->loading = 1;
  360. again:
  361. if (OSSL_STORE_eof(ctx))
  362. return NULL;
  363. if (ctx->loader != NULL)
  364. OSSL_TRACE(STORE, "Loading next object\n");
  365. if (ctx->cached_info != NULL
  366. && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
  367. sk_OSSL_STORE_INFO_free(ctx->cached_info);
  368. ctx->cached_info = NULL;
  369. }
  370. if (ctx->cached_info != NULL) {
  371. v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
  372. } else {
  373. if (ctx->fetched_loader != NULL) {
  374. struct ossl_load_result_data_st load_data;
  375. load_data.v = NULL;
  376. load_data.ctx = ctx;
  377. if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
  378. ossl_store_handle_load_result,
  379. &load_data,
  380. ossl_pw_passphrase_callback_dec,
  381. &ctx->pwdata)) {
  382. if (!OSSL_STORE_eof(ctx))
  383. ctx->error_flag = 1;
  384. return NULL;
  385. }
  386. v = load_data.v;
  387. }
  388. #ifndef OPENSSL_NO_DEPRECATED_3_0
  389. if (ctx->fetched_loader == NULL)
  390. v = ctx->loader->load(ctx->loader_ctx,
  391. ctx->pwdata._.ui_method.ui_method,
  392. ctx->pwdata._.ui_method.ui_method_data);
  393. #endif
  394. }
  395. if (ctx->post_process != NULL && v != NULL) {
  396. v = ctx->post_process(v, ctx->post_process_data);
  397. /*
  398. * By returning NULL, the callback decides that this object should
  399. * be ignored.
  400. */
  401. if (v == NULL)
  402. goto again;
  403. }
  404. /* Clear any internally cached passphrase */
  405. (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
  406. if (v != NULL && ctx->expected_type != 0) {
  407. int returned_type = OSSL_STORE_INFO_get_type(v);
  408. if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
  409. if (ctx->expected_type != returned_type) {
  410. OSSL_STORE_INFO_free(v);
  411. goto again;
  412. }
  413. }
  414. }
  415. if (v != NULL)
  416. OSSL_TRACE1(STORE, "Got a %s\n",
  417. OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
  418. return v;
  419. }
  420. int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
  421. {
  422. int ret = 1;
  423. if (ctx->fetched_loader != NULL)
  424. ret = ctx->error_flag;
  425. #ifndef OPENSSL_NO_DEPRECATED_3_0
  426. if (ctx->fetched_loader == NULL)
  427. ret = ctx->loader->error(ctx->loader_ctx);
  428. #endif
  429. return ret;
  430. }
  431. int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
  432. {
  433. int ret = 1;
  434. if (ctx->fetched_loader != NULL)
  435. ret = ctx->loader->p_eof(ctx->loader_ctx);
  436. #ifndef OPENSSL_NO_DEPRECATED_3_0
  437. if (ctx->fetched_loader == NULL)
  438. ret = ctx->loader->eof(ctx->loader_ctx);
  439. #endif
  440. return ret != 0;
  441. }
  442. static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
  443. {
  444. int ret = 0;
  445. if (ctx == NULL)
  446. return 1;
  447. OSSL_TRACE1(STORE, "Closing %p\n", (void *)ctx->loader_ctx);
  448. if (ctx->fetched_loader != NULL)
  449. ret = ctx->loader->p_close(ctx->loader_ctx);
  450. #ifndef OPENSSL_NO_DEPRECATED_3_0
  451. if (ctx->fetched_loader == NULL)
  452. ret = ctx->loader->closefn(ctx->loader_ctx);
  453. #endif
  454. sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free);
  455. OSSL_STORE_LOADER_free(ctx->fetched_loader);
  456. OPENSSL_free(ctx->properties);
  457. ossl_pw_clear_passphrase_data(&ctx->pwdata);
  458. return ret;
  459. }
  460. int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
  461. {
  462. int ret = ossl_store_close_it(ctx);
  463. OPENSSL_free(ctx);
  464. return ret;
  465. }
  466. /*
  467. * Functions to generate OSSL_STORE_INFOs, one function for each type we
  468. * support having in them as well as a generic constructor.
  469. *
  470. * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
  471. * and will therefore be freed when the OSSL_STORE_INFO is freed.
  472. */
  473. OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data)
  474. {
  475. OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
  476. if (info == NULL)
  477. return NULL;
  478. info->type = type;
  479. info->_.data = data;
  480. return info;
  481. }
  482. OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
  483. {
  484. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL);
  485. if (info == NULL) {
  486. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  487. return NULL;
  488. }
  489. info->_.name.name = name;
  490. info->_.name.desc = NULL;
  491. return info;
  492. }
  493. int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
  494. {
  495. if (info->type != OSSL_STORE_INFO_NAME) {
  496. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
  497. return 0;
  498. }
  499. info->_.name.desc = desc;
  500. return 1;
  501. }
  502. OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
  503. {
  504. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params);
  505. if (info == NULL)
  506. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  507. return info;
  508. }
  509. OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
  510. {
  511. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey);
  512. if (info == NULL)
  513. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  514. return info;
  515. }
  516. OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
  517. {
  518. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey);
  519. if (info == NULL)
  520. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  521. return info;
  522. }
  523. OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
  524. {
  525. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509);
  526. if (info == NULL)
  527. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  528. return info;
  529. }
  530. OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
  531. {
  532. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl);
  533. if (info == NULL)
  534. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  535. return info;
  536. }
  537. /*
  538. * Functions to try to extract data from an OSSL_STORE_INFO.
  539. */
  540. int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
  541. {
  542. return info->type;
  543. }
  544. void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info)
  545. {
  546. if (info->type == type)
  547. return info->_.data;
  548. return NULL;
  549. }
  550. const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
  551. {
  552. if (info->type == OSSL_STORE_INFO_NAME)
  553. return info->_.name.name;
  554. return NULL;
  555. }
  556. char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
  557. {
  558. if (info->type == OSSL_STORE_INFO_NAME)
  559. return OPENSSL_strdup(info->_.name.name);
  560. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
  561. return NULL;
  562. }
  563. const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
  564. {
  565. if (info->type == OSSL_STORE_INFO_NAME)
  566. return info->_.name.desc;
  567. return NULL;
  568. }
  569. char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
  570. {
  571. if (info->type == OSSL_STORE_INFO_NAME)
  572. return OPENSSL_strdup(info->_.name.desc ? info->_.name.desc : "");
  573. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
  574. return NULL;
  575. }
  576. EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
  577. {
  578. if (info->type == OSSL_STORE_INFO_PARAMS)
  579. return info->_.params;
  580. return NULL;
  581. }
  582. EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
  583. {
  584. if (info->type == OSSL_STORE_INFO_PARAMS) {
  585. EVP_PKEY_up_ref(info->_.params);
  586. return info->_.params;
  587. }
  588. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS);
  589. return NULL;
  590. }
  591. EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info)
  592. {
  593. if (info->type == OSSL_STORE_INFO_PUBKEY)
  594. return info->_.pubkey;
  595. return NULL;
  596. }
  597. EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info)
  598. {
  599. if (info->type == OSSL_STORE_INFO_PUBKEY) {
  600. EVP_PKEY_up_ref(info->_.pubkey);
  601. return info->_.pubkey;
  602. }
  603. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
  604. return NULL;
  605. }
  606. EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
  607. {
  608. if (info->type == OSSL_STORE_INFO_PKEY)
  609. return info->_.pkey;
  610. return NULL;
  611. }
  612. EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
  613. {
  614. if (info->type == OSSL_STORE_INFO_PKEY) {
  615. EVP_PKEY_up_ref(info->_.pkey);
  616. return info->_.pkey;
  617. }
  618. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PRIVATE_KEY);
  619. return NULL;
  620. }
  621. X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
  622. {
  623. if (info->type == OSSL_STORE_INFO_CERT)
  624. return info->_.x509;
  625. return NULL;
  626. }
  627. X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
  628. {
  629. if (info->type == OSSL_STORE_INFO_CERT) {
  630. X509_up_ref(info->_.x509);
  631. return info->_.x509;
  632. }
  633. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE);
  634. return NULL;
  635. }
  636. X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
  637. {
  638. if (info->type == OSSL_STORE_INFO_CRL)
  639. return info->_.crl;
  640. return NULL;
  641. }
  642. X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
  643. {
  644. if (info->type == OSSL_STORE_INFO_CRL) {
  645. X509_CRL_up_ref(info->_.crl);
  646. return info->_.crl;
  647. }
  648. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL);
  649. return NULL;
  650. }
  651. /*
  652. * Free the OSSL_STORE_INFO
  653. */
  654. void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
  655. {
  656. if (info != NULL) {
  657. switch (info->type) {
  658. case OSSL_STORE_INFO_NAME:
  659. OPENSSL_free(info->_.name.name);
  660. OPENSSL_free(info->_.name.desc);
  661. break;
  662. case OSSL_STORE_INFO_PARAMS:
  663. EVP_PKEY_free(info->_.params);
  664. break;
  665. case OSSL_STORE_INFO_PUBKEY:
  666. EVP_PKEY_free(info->_.pubkey);
  667. break;
  668. case OSSL_STORE_INFO_PKEY:
  669. EVP_PKEY_free(info->_.pkey);
  670. break;
  671. case OSSL_STORE_INFO_CERT:
  672. X509_free(info->_.x509);
  673. break;
  674. case OSSL_STORE_INFO_CRL:
  675. X509_CRL_free(info->_.crl);
  676. break;
  677. }
  678. OPENSSL_free(info);
  679. }
  680. }
  681. int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
  682. {
  683. int ret = 0;
  684. if (ctx->fetched_loader != NULL) {
  685. void *provctx =
  686. ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader));
  687. const OSSL_PARAM *params;
  688. const OSSL_PARAM *p_subject = NULL;
  689. const OSSL_PARAM *p_issuer = NULL;
  690. const OSSL_PARAM *p_serial = NULL;
  691. const OSSL_PARAM *p_fingerprint = NULL;
  692. const OSSL_PARAM *p_alias = NULL;
  693. if (ctx->fetched_loader->p_settable_ctx_params == NULL)
  694. return 0;
  695. params = ctx->fetched_loader->p_settable_ctx_params(provctx);
  696. p_subject = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
  697. p_issuer = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ISSUER);
  698. p_serial = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SERIAL);
  699. p_fingerprint =
  700. OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT);
  701. p_alias = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ALIAS);
  702. switch (search_type) {
  703. case OSSL_STORE_SEARCH_BY_NAME:
  704. ret = (p_subject != NULL);
  705. break;
  706. case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
  707. ret = (p_issuer != NULL && p_serial != NULL);
  708. break;
  709. case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
  710. ret = (p_fingerprint != NULL);
  711. break;
  712. case OSSL_STORE_SEARCH_BY_ALIAS:
  713. ret = (p_alias != NULL);
  714. break;
  715. }
  716. }
  717. #ifndef OPENSSL_NO_DEPRECATED_3_0
  718. if (ctx->fetched_loader == NULL) {
  719. OSSL_STORE_SEARCH tmp_search;
  720. if (ctx->loader->find == NULL)
  721. return 0;
  722. tmp_search.search_type = search_type;
  723. ret = ctx->loader->find(NULL, &tmp_search);
  724. }
  725. #endif
  726. return ret;
  727. }
  728. /* Search term constructors */
  729. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
  730. {
  731. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  732. if (search == NULL)
  733. return NULL;
  734. search->search_type = OSSL_STORE_SEARCH_BY_NAME;
  735. search->name = name;
  736. return search;
  737. }
  738. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
  739. const ASN1_INTEGER *serial)
  740. {
  741. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  742. if (search == NULL)
  743. return NULL;
  744. search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
  745. search->name = name;
  746. search->serial = serial;
  747. return search;
  748. }
  749. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
  750. const unsigned char
  751. *bytes, size_t len)
  752. {
  753. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  754. if (search == NULL)
  755. return NULL;
  756. if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) {
  757. ERR_raise_data(ERR_LIB_OSSL_STORE,
  758. OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
  759. "%s size is %d, fingerprint size is %zu",
  760. EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len);
  761. OPENSSL_free(search);
  762. return NULL;
  763. }
  764. search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
  765. search->digest = digest;
  766. search->string = bytes;
  767. search->stringlength = len;
  768. return search;
  769. }
  770. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
  771. {
  772. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  773. if (search == NULL)
  774. return NULL;
  775. search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
  776. search->string = (const unsigned char *)alias;
  777. search->stringlength = strlen(alias);
  778. return search;
  779. }
  780. /* Search term destructor */
  781. void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
  782. {
  783. OPENSSL_free(search);
  784. }
  785. /* Search term accessors */
  786. int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
  787. {
  788. return criterion->search_type;
  789. }
  790. X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion)
  791. {
  792. return criterion->name;
  793. }
  794. const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
  795. *criterion)
  796. {
  797. return criterion->serial;
  798. }
  799. const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
  800. *criterion, size_t *length)
  801. {
  802. *length = criterion->stringlength;
  803. return criterion->string;
  804. }
  805. const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
  806. {
  807. return (const char *)criterion->string;
  808. }
  809. const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
  810. {
  811. return criterion->digest;
  812. }
  813. OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
  814. OSSL_LIB_CTX *libctx, const char *propq,
  815. const UI_METHOD *ui_method, void *ui_data,
  816. const OSSL_PARAM params[],
  817. OSSL_STORE_post_process_info_fn post_process,
  818. void *post_process_data)
  819. {
  820. const OSSL_STORE_LOADER *loader = NULL;
  821. OSSL_STORE_LOADER *fetched_loader = NULL;
  822. OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
  823. OSSL_STORE_CTX *ctx = NULL;
  824. if (scheme == NULL)
  825. scheme = "file";
  826. OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
  827. ERR_set_mark();
  828. #ifndef OPENSSL_NO_DEPRECATED_3_0
  829. if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
  830. loader_ctx = loader->attach(loader, bp, libctx, propq,
  831. ui_method, ui_data);
  832. #endif
  833. if (loader == NULL
  834. && (fetched_loader =
  835. OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) {
  836. const OSSL_PROVIDER *provider =
  837. OSSL_STORE_LOADER_get0_provider(fetched_loader);
  838. void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
  839. OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp);
  840. if (cbio == NULL
  841. || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
  842. OSSL_STORE_LOADER_free(fetched_loader);
  843. fetched_loader = NULL;
  844. } else if (!loader_set_params(fetched_loader, loader_ctx,
  845. params, propq)) {
  846. (void)fetched_loader->p_close(loader_ctx);
  847. OSSL_STORE_LOADER_free(fetched_loader);
  848. fetched_loader = NULL;
  849. }
  850. loader = fetched_loader;
  851. ossl_core_bio_free(cbio);
  852. }
  853. if (loader_ctx == NULL) {
  854. ERR_clear_last_mark();
  855. return NULL;
  856. }
  857. if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
  858. ERR_clear_last_mark();
  859. return NULL;
  860. }
  861. if (ui_method != NULL
  862. && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
  863. ERR_clear_last_mark();
  864. OPENSSL_free(ctx);
  865. return NULL;
  866. }
  867. ctx->fetched_loader = fetched_loader;
  868. ctx->loader = loader;
  869. ctx->loader_ctx = loader_ctx;
  870. ctx->post_process = post_process;
  871. ctx->post_process_data = post_process_data;
  872. /*
  873. * ossl_store_get0_loader_int will raise an error if the loader for the
  874. * the scheme cannot be retrieved. But if a loader was successfully
  875. * fetched then we remove this error from the error stack.
  876. */
  877. ERR_pop_to_mark();
  878. return ctx;
  879. }