store_lib.c 33 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084
  1. /*
  2. * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdlib.h>
  10. #include <string.h>
  11. #include <assert.h>
  12. /* We need to use some STORE deprecated APIs */
  13. #define OPENSSL_SUPPRESS_DEPRECATED
  14. #include "internal/e_os.h"
  15. #include <openssl/crypto.h>
  16. #include <openssl/err.h>
  17. #include <openssl/trace.h>
  18. #include <openssl/core_names.h>
  19. #include <openssl/provider.h>
  20. #include <openssl/param_build.h>
  21. #include <openssl/store.h>
  22. #include "internal/thread_once.h"
  23. #include "internal/cryptlib.h"
  24. #include "internal/provider.h"
  25. #include "internal/bio.h"
  26. #include "crypto/store.h"
  27. #include "store_local.h"
  28. static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
  29. static int loader_set_params(OSSL_STORE_LOADER *loader,
  30. OSSL_STORE_LOADER_CTX *loader_ctx,
  31. const OSSL_PARAM params[], const char *propq)
  32. {
  33. if (params != NULL) {
  34. if (!loader->p_set_ctx_params(loader_ctx, params))
  35. return 0;
  36. }
  37. if (propq != NULL) {
  38. OSSL_PARAM propp[2];
  39. if (OSSL_PARAM_locate_const(params,
  40. OSSL_STORE_PARAM_PROPERTIES) != NULL)
  41. /* use the propq from params */
  42. return 1;
  43. propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
  44. (char *)propq, 0);
  45. propp[1] = OSSL_PARAM_construct_end();
  46. if (!loader->p_set_ctx_params(loader_ctx, propp))
  47. return 0;
  48. }
  49. return 1;
  50. }
  51. OSSL_STORE_CTX *
  52. OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
  53. const UI_METHOD *ui_method, void *ui_data,
  54. const OSSL_PARAM params[],
  55. OSSL_STORE_post_process_info_fn post_process,
  56. void *post_process_data)
  57. {
  58. struct ossl_passphrase_data_st pwdata = { 0 };
  59. const OSSL_STORE_LOADER *loader = NULL;
  60. OSSL_STORE_LOADER *fetched_loader = NULL;
  61. OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
  62. OSSL_STORE_CTX *ctx = NULL;
  63. char *propq_copy = NULL;
  64. int no_loader_found = 1;
  65. char scheme_copy[256], *p, *schemes[2], *scheme = NULL;
  66. size_t schemes_n = 0;
  67. size_t i;
  68. /*
  69. * Put the file scheme first. If the uri does represent an existing file,
  70. * possible device name and all, then it should be loaded. Only a failed
  71. * attempt at loading a local file should have us try something else.
  72. */
  73. schemes[schemes_n++] = "file";
  74. /*
  75. * Now, check if we have something that looks like a scheme, and add it
  76. * as a second scheme. However, also check if there's an authority start
  77. * (://), because that will invalidate the previous file scheme. Also,
  78. * check that this isn't actually the file scheme, as there's no point
  79. * going through that one twice!
  80. */
  81. OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
  82. if ((p = strchr(scheme_copy, ':')) != NULL) {
  83. *p++ = '\0';
  84. if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) {
  85. if (HAS_PREFIX(p, "//"))
  86. schemes_n--; /* Invalidate the file scheme */
  87. schemes[schemes_n++] = scheme_copy;
  88. }
  89. }
  90. ERR_set_mark();
  91. if (ui_method != NULL
  92. && (!ossl_pw_set_ui_method(&pwdata, ui_method, ui_data)
  93. || !ossl_pw_enable_passphrase_caching(&pwdata))) {
  94. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
  95. goto err;
  96. }
  97. /*
  98. * Try each scheme until we find one that could open the URI.
  99. *
  100. * For each scheme, we look for the engine implementation first, and
  101. * failing that, we then try to fetch a provided implementation.
  102. * This is consistent with how we handle legacy / engine implementations
  103. * elsewhere.
  104. */
  105. for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
  106. scheme = schemes[i];
  107. OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
  108. #ifndef OPENSSL_NO_DEPRECATED_3_0
  109. ERR_set_mark();
  110. if ((loader = ossl_store_get0_loader_int(scheme)) != NULL) {
  111. ERR_clear_last_mark();
  112. no_loader_found = 0;
  113. if (loader->open_ex != NULL)
  114. loader_ctx = loader->open_ex(loader, uri, libctx, propq,
  115. ui_method, ui_data);
  116. else
  117. loader_ctx = loader->open(loader, uri, ui_method, ui_data);
  118. } else {
  119. ERR_pop_to_mark();
  120. }
  121. #endif
  122. if (loader == NULL
  123. && (fetched_loader =
  124. OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) {
  125. const OSSL_PROVIDER *provider =
  126. OSSL_STORE_LOADER_get0_provider(fetched_loader);
  127. void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
  128. no_loader_found = 0;
  129. if (fetched_loader->p_open_ex != NULL) {
  130. loader_ctx =
  131. fetched_loader->p_open_ex(provctx, uri, params,
  132. ossl_pw_passphrase_callback_dec,
  133. &pwdata);
  134. } else {
  135. loader_ctx = fetched_loader->p_open(provctx, uri);
  136. if (loader_ctx != NULL &&
  137. !loader_set_params(fetched_loader, loader_ctx,
  138. params, propq)) {
  139. (void)fetched_loader->p_close(loader_ctx);
  140. loader_ctx = NULL;
  141. }
  142. }
  143. if (loader_ctx == NULL) {
  144. OSSL_STORE_LOADER_free(fetched_loader);
  145. fetched_loader = NULL;
  146. }
  147. loader = fetched_loader;
  148. /* Clear any internally cached passphrase */
  149. (void)ossl_pw_clear_passphrase_cache(&pwdata);
  150. }
  151. }
  152. if (no_loader_found)
  153. /*
  154. * It's assumed that ossl_store_get0_loader_int() and
  155. * OSSL_STORE_LOADER_fetch() report their own errors
  156. */
  157. goto err;
  158. OSSL_TRACE1(STORE, "Found loader for scheme %s\n", scheme);
  159. if (loader_ctx == NULL)
  160. /*
  161. * It's assumed that the loader's open() method reports its own
  162. * errors
  163. */
  164. goto err;
  165. OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
  166. if ((propq != NULL && (propq_copy = OPENSSL_strdup(propq)) == NULL)
  167. || (ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
  168. goto err;
  169. ctx->properties = propq_copy;
  170. ctx->fetched_loader = fetched_loader;
  171. ctx->loader = loader;
  172. ctx->loader_ctx = loader_ctx;
  173. ctx->post_process = post_process;
  174. ctx->post_process_data = post_process_data;
  175. ctx->pwdata = pwdata;
  176. /*
  177. * If the attempt to open with the 'file' scheme loader failed and the
  178. * other scheme loader succeeded, the failure to open with the 'file'
  179. * scheme loader leaves an error on the error stack. Let's remove it.
  180. */
  181. ERR_pop_to_mark();
  182. return ctx;
  183. err:
  184. ERR_clear_last_mark();
  185. if (loader_ctx != NULL) {
  186. /*
  187. * Temporary structure so OSSL_STORE_close() can work even when
  188. * |ctx| couldn't be allocated properly
  189. */
  190. OSSL_STORE_CTX tmpctx = { NULL, };
  191. tmpctx.fetched_loader = fetched_loader;
  192. tmpctx.loader = loader;
  193. tmpctx.loader_ctx = loader_ctx;
  194. /*
  195. * We ignore a returned error because we will return NULL anyway in
  196. * this case, so if something goes wrong when closing, that'll simply
  197. * just add another entry on the error stack.
  198. */
  199. (void)ossl_store_close_it(&tmpctx);
  200. }
  201. /* Coverity false positive, the reference counting is confusing it */
  202. /* coverity[pass_freed_arg] */
  203. OSSL_STORE_LOADER_free(fetched_loader);
  204. OPENSSL_free(propq_copy);
  205. OPENSSL_free(ctx);
  206. return NULL;
  207. }
  208. OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
  209. const UI_METHOD *ui_method, void *ui_data,
  210. OSSL_STORE_post_process_info_fn post_process,
  211. void *post_process_data)
  212. {
  213. return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL,
  214. post_process, post_process_data);
  215. }
  216. #ifndef OPENSSL_NO_DEPRECATED_3_0
  217. int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
  218. {
  219. va_list args;
  220. int ret;
  221. va_start(args, cmd);
  222. ret = OSSL_STORE_vctrl(ctx, cmd, args);
  223. va_end(args);
  224. return ret;
  225. }
  226. int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
  227. {
  228. if (ctx->fetched_loader != NULL) {
  229. if (ctx->fetched_loader->p_set_ctx_params != NULL) {
  230. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  231. switch (cmd) {
  232. case OSSL_STORE_C_USE_SECMEM:
  233. {
  234. int on = *(va_arg(args, int *));
  235. params[0] = OSSL_PARAM_construct_int("use_secmem", &on);
  236. }
  237. break;
  238. default:
  239. break;
  240. }
  241. return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
  242. params);
  243. }
  244. } else if (ctx->loader->ctrl != NULL) {
  245. return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
  246. }
  247. /*
  248. * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
  249. * if there was one that ignored our params, which usually returns 1.
  250. */
  251. return 1;
  252. }
  253. #endif
  254. int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
  255. {
  256. int ret = 1;
  257. if (ctx == NULL
  258. || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) {
  259. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
  260. return 0;
  261. }
  262. if (ctx->loading) {
  263. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
  264. return 0;
  265. }
  266. ctx->expected_type = expected_type;
  267. if (ctx->fetched_loader != NULL
  268. && ctx->fetched_loader->p_set_ctx_params != NULL) {
  269. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  270. params[0] =
  271. OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type);
  272. ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, params);
  273. }
  274. #ifndef OPENSSL_NO_DEPRECATED_3_0
  275. if (ctx->fetched_loader == NULL
  276. && ctx->loader->expect != NULL) {
  277. ret = ctx->loader->expect(ctx->loader_ctx, expected_type);
  278. }
  279. #endif
  280. return ret;
  281. }
  282. int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search)
  283. {
  284. int ret = 1;
  285. if (ctx->loading) {
  286. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
  287. return 0;
  288. }
  289. if (search == NULL) {
  290. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
  291. return 0;
  292. }
  293. if (ctx->fetched_loader != NULL) {
  294. OSSL_PARAM_BLD *bld;
  295. OSSL_PARAM *params;
  296. /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
  297. void *name_der = NULL;
  298. int name_der_sz;
  299. /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
  300. BIGNUM *number = NULL;
  301. if (ctx->fetched_loader->p_set_ctx_params == NULL) {
  302. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
  303. return 0;
  304. }
  305. if ((bld = OSSL_PARAM_BLD_new()) == NULL) {
  306. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
  307. return 0;
  308. }
  309. ret = 0; /* Assume the worst */
  310. switch (search->search_type) {
  311. case OSSL_STORE_SEARCH_BY_NAME:
  312. if ((name_der_sz = i2d_X509_NAME(search->name,
  313. (unsigned char **)&name_der)) > 0
  314. && OSSL_PARAM_BLD_push_octet_string(bld,
  315. OSSL_STORE_PARAM_SUBJECT,
  316. name_der, name_der_sz))
  317. ret = 1;
  318. break;
  319. case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
  320. if ((name_der_sz = i2d_X509_NAME(search->name,
  321. (unsigned char **)&name_der)) > 0
  322. && (number = ASN1_INTEGER_to_BN(search->serial, NULL)) != NULL
  323. && OSSL_PARAM_BLD_push_octet_string(bld,
  324. OSSL_STORE_PARAM_ISSUER,
  325. name_der, name_der_sz)
  326. && OSSL_PARAM_BLD_push_BN(bld, OSSL_STORE_PARAM_SERIAL,
  327. number))
  328. ret = 1;
  329. break;
  330. case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
  331. if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST,
  332. EVP_MD_get0_name(search->digest),
  333. 0)
  334. && OSSL_PARAM_BLD_push_octet_string(bld,
  335. OSSL_STORE_PARAM_FINGERPRINT,
  336. search->string,
  337. search->stringlength))
  338. ret = 1;
  339. break;
  340. case OSSL_STORE_SEARCH_BY_ALIAS:
  341. if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_ALIAS,
  342. (char *)search->string,
  343. search->stringlength))
  344. ret = 1;
  345. break;
  346. }
  347. if (ret) {
  348. params = OSSL_PARAM_BLD_to_param(bld);
  349. ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
  350. params);
  351. OSSL_PARAM_free(params);
  352. }
  353. OSSL_PARAM_BLD_free(bld);
  354. OPENSSL_free(name_der);
  355. BN_free(number);
  356. } else {
  357. #ifndef OPENSSL_NO_DEPRECATED_3_0
  358. /* legacy loader section */
  359. if (ctx->loader->find == NULL) {
  360. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
  361. return 0;
  362. }
  363. ret = ctx->loader->find(ctx->loader_ctx, search);
  364. #endif
  365. }
  366. return ret;
  367. }
  368. OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
  369. {
  370. OSSL_STORE_INFO *v = NULL;
  371. ctx->loading = 1;
  372. again:
  373. if (OSSL_STORE_eof(ctx))
  374. return NULL;
  375. if (ctx->loader != NULL)
  376. OSSL_TRACE(STORE, "Loading next object\n");
  377. if (ctx->cached_info != NULL
  378. && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
  379. sk_OSSL_STORE_INFO_free(ctx->cached_info);
  380. ctx->cached_info = NULL;
  381. }
  382. if (ctx->cached_info != NULL) {
  383. v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
  384. } else {
  385. if (ctx->fetched_loader != NULL) {
  386. struct ossl_load_result_data_st load_data;
  387. load_data.v = NULL;
  388. load_data.ctx = ctx;
  389. ctx->error_flag = 0;
  390. if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
  391. ossl_store_handle_load_result,
  392. &load_data,
  393. ossl_pw_passphrase_callback_dec,
  394. &ctx->pwdata)) {
  395. ctx->error_flag = 1;
  396. return NULL;
  397. }
  398. v = load_data.v;
  399. }
  400. #ifndef OPENSSL_NO_DEPRECATED_3_0
  401. if (ctx->fetched_loader == NULL)
  402. v = ctx->loader->load(ctx->loader_ctx,
  403. ctx->pwdata._.ui_method.ui_method,
  404. ctx->pwdata._.ui_method.ui_method_data);
  405. #endif
  406. }
  407. if (ctx->post_process != NULL && v != NULL) {
  408. v = ctx->post_process(v, ctx->post_process_data);
  409. /*
  410. * By returning NULL, the callback decides that this object should
  411. * be ignored.
  412. */
  413. if (v == NULL)
  414. goto again;
  415. }
  416. /* Clear any internally cached passphrase */
  417. (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
  418. if (v != NULL && ctx->expected_type != 0) {
  419. int returned_type = OSSL_STORE_INFO_get_type(v);
  420. if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
  421. if (ctx->expected_type != returned_type) {
  422. OSSL_STORE_INFO_free(v);
  423. goto again;
  424. }
  425. }
  426. }
  427. if (v != NULL)
  428. OSSL_TRACE1(STORE, "Got a %s\n",
  429. OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
  430. return v;
  431. }
  432. int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
  433. const UI_METHOD *ui_method, void *ui_data,
  434. const OSSL_PARAM params[])
  435. {
  436. OSSL_STORE_LOADER *fetched_loader = NULL;
  437. char scheme[256], *p;
  438. int res = 0;
  439. struct ossl_passphrase_data_st pwdata = {0};
  440. OPENSSL_strlcpy(scheme, uri, sizeof(scheme));
  441. if ((p = strchr(scheme, ':')) != NULL)
  442. *p++ = '\0';
  443. else /* We don't work without explicit scheme */
  444. return 0;
  445. if (ui_method != NULL
  446. && (!ossl_pw_set_ui_method(&pwdata, ui_method, ui_data)
  447. || !ossl_pw_enable_passphrase_caching(&pwdata))) {
  448. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
  449. return 0;
  450. }
  451. OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
  452. fetched_loader = OSSL_STORE_LOADER_fetch(libctx, scheme, propq);
  453. if (fetched_loader != NULL && fetched_loader->p_delete != NULL) {
  454. const OSSL_PROVIDER *provider =
  455. OSSL_STORE_LOADER_get0_provider(fetched_loader);
  456. void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
  457. /*
  458. * It's assumed that the loader's delete() method reports its own
  459. * errors
  460. */
  461. OSSL_TRACE1(STORE, "Performing URI delete %s\n", uri);
  462. res = fetched_loader->p_delete(provctx, uri, params,
  463. ossl_pw_passphrase_callback_dec,
  464. &pwdata);
  465. }
  466. /* Clear any internally cached passphrase */
  467. (void)ossl_pw_clear_passphrase_cache(&pwdata);
  468. OSSL_STORE_LOADER_free(fetched_loader);
  469. return res;
  470. }
  471. int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
  472. {
  473. int ret = 1;
  474. if (ctx->fetched_loader != NULL)
  475. ret = ctx->error_flag;
  476. #ifndef OPENSSL_NO_DEPRECATED_3_0
  477. if (ctx->fetched_loader == NULL)
  478. ret = ctx->loader->error(ctx->loader_ctx);
  479. #endif
  480. return ret;
  481. }
  482. int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
  483. {
  484. int ret = 1;
  485. if (ctx->fetched_loader != NULL)
  486. ret = ctx->loader->p_eof(ctx->loader_ctx);
  487. #ifndef OPENSSL_NO_DEPRECATED_3_0
  488. if (ctx->fetched_loader == NULL)
  489. ret = ctx->loader->eof(ctx->loader_ctx);
  490. #endif
  491. return ret != 0;
  492. }
  493. static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
  494. {
  495. int ret = 0;
  496. if (ctx == NULL)
  497. return 1;
  498. OSSL_TRACE1(STORE, "Closing %p\n", (void *)ctx->loader_ctx);
  499. if (ctx->fetched_loader != NULL)
  500. ret = ctx->loader->p_close(ctx->loader_ctx);
  501. #ifndef OPENSSL_NO_DEPRECATED_3_0
  502. if (ctx->fetched_loader == NULL)
  503. ret = ctx->loader->closefn(ctx->loader_ctx);
  504. #endif
  505. sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free);
  506. OSSL_STORE_LOADER_free(ctx->fetched_loader);
  507. OPENSSL_free(ctx->properties);
  508. ossl_pw_clear_passphrase_data(&ctx->pwdata);
  509. return ret;
  510. }
  511. int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
  512. {
  513. int ret = ossl_store_close_it(ctx);
  514. OPENSSL_free(ctx);
  515. return ret;
  516. }
  517. /*
  518. * Functions to generate OSSL_STORE_INFOs, one function for each type we
  519. * support having in them as well as a generic constructor.
  520. *
  521. * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
  522. * and will therefore be freed when the OSSL_STORE_INFO is freed.
  523. */
  524. OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data)
  525. {
  526. OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
  527. if (info == NULL)
  528. return NULL;
  529. info->type = type;
  530. info->_.data = data;
  531. return info;
  532. }
  533. OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
  534. {
  535. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL);
  536. if (info == NULL) {
  537. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  538. return NULL;
  539. }
  540. info->_.name.name = name;
  541. info->_.name.desc = NULL;
  542. return info;
  543. }
  544. int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
  545. {
  546. if (info->type != OSSL_STORE_INFO_NAME) {
  547. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
  548. return 0;
  549. }
  550. info->_.name.desc = desc;
  551. return 1;
  552. }
  553. OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
  554. {
  555. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params);
  556. if (info == NULL)
  557. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  558. return info;
  559. }
  560. OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
  561. {
  562. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey);
  563. if (info == NULL)
  564. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  565. return info;
  566. }
  567. OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
  568. {
  569. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey);
  570. if (info == NULL)
  571. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  572. return info;
  573. }
  574. OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
  575. {
  576. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509);
  577. if (info == NULL)
  578. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  579. return info;
  580. }
  581. OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
  582. {
  583. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl);
  584. if (info == NULL)
  585. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_OSSL_STORE_LIB);
  586. return info;
  587. }
  588. /*
  589. * Functions to try to extract data from an OSSL_STORE_INFO.
  590. */
  591. int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
  592. {
  593. return info->type;
  594. }
  595. void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info)
  596. {
  597. if (info->type == type)
  598. return info->_.data;
  599. return NULL;
  600. }
  601. const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
  602. {
  603. if (info->type == OSSL_STORE_INFO_NAME)
  604. return info->_.name.name;
  605. return NULL;
  606. }
  607. char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
  608. {
  609. if (info->type == OSSL_STORE_INFO_NAME)
  610. return OPENSSL_strdup(info->_.name.name);
  611. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
  612. return NULL;
  613. }
  614. const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
  615. {
  616. if (info->type == OSSL_STORE_INFO_NAME)
  617. return info->_.name.desc;
  618. return NULL;
  619. }
  620. char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
  621. {
  622. if (info->type == OSSL_STORE_INFO_NAME)
  623. return OPENSSL_strdup(info->_.name.desc ? info->_.name.desc : "");
  624. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
  625. return NULL;
  626. }
  627. EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
  628. {
  629. if (info->type == OSSL_STORE_INFO_PARAMS)
  630. return info->_.params;
  631. return NULL;
  632. }
  633. EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
  634. {
  635. if (info->type == OSSL_STORE_INFO_PARAMS) {
  636. EVP_PKEY_up_ref(info->_.params);
  637. return info->_.params;
  638. }
  639. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS);
  640. return NULL;
  641. }
  642. EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info)
  643. {
  644. if (info->type == OSSL_STORE_INFO_PUBKEY)
  645. return info->_.pubkey;
  646. return NULL;
  647. }
  648. EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info)
  649. {
  650. if (info->type == OSSL_STORE_INFO_PUBKEY) {
  651. EVP_PKEY_up_ref(info->_.pubkey);
  652. return info->_.pubkey;
  653. }
  654. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
  655. return NULL;
  656. }
  657. EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
  658. {
  659. if (info->type == OSSL_STORE_INFO_PKEY)
  660. return info->_.pkey;
  661. return NULL;
  662. }
  663. EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
  664. {
  665. if (info->type == OSSL_STORE_INFO_PKEY) {
  666. EVP_PKEY_up_ref(info->_.pkey);
  667. return info->_.pkey;
  668. }
  669. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PRIVATE_KEY);
  670. return NULL;
  671. }
  672. X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
  673. {
  674. if (info->type == OSSL_STORE_INFO_CERT)
  675. return info->_.x509;
  676. return NULL;
  677. }
  678. X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
  679. {
  680. if (info->type == OSSL_STORE_INFO_CERT) {
  681. X509_up_ref(info->_.x509);
  682. return info->_.x509;
  683. }
  684. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE);
  685. return NULL;
  686. }
  687. X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
  688. {
  689. if (info->type == OSSL_STORE_INFO_CRL)
  690. return info->_.crl;
  691. return NULL;
  692. }
  693. X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
  694. {
  695. if (info->type == OSSL_STORE_INFO_CRL) {
  696. X509_CRL_up_ref(info->_.crl);
  697. return info->_.crl;
  698. }
  699. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL);
  700. return NULL;
  701. }
  702. /*
  703. * Free the OSSL_STORE_INFO
  704. */
  705. void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
  706. {
  707. if (info != NULL) {
  708. switch (info->type) {
  709. case OSSL_STORE_INFO_NAME:
  710. OPENSSL_free(info->_.name.name);
  711. OPENSSL_free(info->_.name.desc);
  712. break;
  713. case OSSL_STORE_INFO_PARAMS:
  714. EVP_PKEY_free(info->_.params);
  715. break;
  716. case OSSL_STORE_INFO_PUBKEY:
  717. EVP_PKEY_free(info->_.pubkey);
  718. break;
  719. case OSSL_STORE_INFO_PKEY:
  720. EVP_PKEY_free(info->_.pkey);
  721. break;
  722. case OSSL_STORE_INFO_CERT:
  723. X509_free(info->_.x509);
  724. break;
  725. case OSSL_STORE_INFO_CRL:
  726. X509_CRL_free(info->_.crl);
  727. break;
  728. }
  729. OPENSSL_free(info);
  730. }
  731. }
  732. int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
  733. {
  734. int ret = 0;
  735. if (ctx->fetched_loader != NULL) {
  736. void *provctx =
  737. ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader));
  738. const OSSL_PARAM *params;
  739. const OSSL_PARAM *p_subject = NULL;
  740. const OSSL_PARAM *p_issuer = NULL;
  741. const OSSL_PARAM *p_serial = NULL;
  742. const OSSL_PARAM *p_fingerprint = NULL;
  743. const OSSL_PARAM *p_alias = NULL;
  744. if (ctx->fetched_loader->p_settable_ctx_params == NULL)
  745. return 0;
  746. params = ctx->fetched_loader->p_settable_ctx_params(provctx);
  747. p_subject = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
  748. p_issuer = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ISSUER);
  749. p_serial = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SERIAL);
  750. p_fingerprint =
  751. OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT);
  752. p_alias = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ALIAS);
  753. switch (search_type) {
  754. case OSSL_STORE_SEARCH_BY_NAME:
  755. ret = (p_subject != NULL);
  756. break;
  757. case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
  758. ret = (p_issuer != NULL && p_serial != NULL);
  759. break;
  760. case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
  761. ret = (p_fingerprint != NULL);
  762. break;
  763. case OSSL_STORE_SEARCH_BY_ALIAS:
  764. ret = (p_alias != NULL);
  765. break;
  766. }
  767. }
  768. #ifndef OPENSSL_NO_DEPRECATED_3_0
  769. if (ctx->fetched_loader == NULL) {
  770. OSSL_STORE_SEARCH tmp_search;
  771. if (ctx->loader->find == NULL)
  772. return 0;
  773. tmp_search.search_type = search_type;
  774. ret = ctx->loader->find(NULL, &tmp_search);
  775. }
  776. #endif
  777. return ret;
  778. }
  779. /* Search term constructors */
  780. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
  781. {
  782. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  783. if (search == NULL)
  784. return NULL;
  785. search->search_type = OSSL_STORE_SEARCH_BY_NAME;
  786. search->name = name;
  787. return search;
  788. }
  789. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
  790. const ASN1_INTEGER *serial)
  791. {
  792. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  793. if (search == NULL)
  794. return NULL;
  795. search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
  796. search->name = name;
  797. search->serial = serial;
  798. return search;
  799. }
  800. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
  801. const unsigned char
  802. *bytes, size_t len)
  803. {
  804. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  805. if (search == NULL)
  806. return NULL;
  807. if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) {
  808. ERR_raise_data(ERR_LIB_OSSL_STORE,
  809. OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
  810. "%s size is %d, fingerprint size is %zu",
  811. EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len);
  812. OPENSSL_free(search);
  813. return NULL;
  814. }
  815. search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
  816. search->digest = digest;
  817. search->string = bytes;
  818. search->stringlength = len;
  819. return search;
  820. }
  821. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
  822. {
  823. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  824. if (search == NULL)
  825. return NULL;
  826. search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
  827. search->string = (const unsigned char *)alias;
  828. search->stringlength = strlen(alias);
  829. return search;
  830. }
  831. /* Search term destructor */
  832. void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
  833. {
  834. OPENSSL_free(search);
  835. }
  836. /* Search term accessors */
  837. int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
  838. {
  839. return criterion->search_type;
  840. }
  841. X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion)
  842. {
  843. return criterion->name;
  844. }
  845. const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
  846. *criterion)
  847. {
  848. return criterion->serial;
  849. }
  850. const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
  851. *criterion, size_t *length)
  852. {
  853. *length = criterion->stringlength;
  854. return criterion->string;
  855. }
  856. const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
  857. {
  858. return (const char *)criterion->string;
  859. }
  860. const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
  861. {
  862. return criterion->digest;
  863. }
  864. OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
  865. OSSL_LIB_CTX *libctx, const char *propq,
  866. const UI_METHOD *ui_method, void *ui_data,
  867. const OSSL_PARAM params[],
  868. OSSL_STORE_post_process_info_fn post_process,
  869. void *post_process_data)
  870. {
  871. const OSSL_STORE_LOADER *loader = NULL;
  872. OSSL_STORE_LOADER *fetched_loader = NULL;
  873. OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
  874. OSSL_STORE_CTX *ctx = NULL;
  875. if (scheme == NULL)
  876. scheme = "file";
  877. OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
  878. ERR_set_mark();
  879. #ifndef OPENSSL_NO_DEPRECATED_3_0
  880. if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
  881. loader_ctx = loader->attach(loader, bp, libctx, propq,
  882. ui_method, ui_data);
  883. #endif
  884. if (loader == NULL
  885. && (fetched_loader =
  886. OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) {
  887. const OSSL_PROVIDER *provider =
  888. OSSL_STORE_LOADER_get0_provider(fetched_loader);
  889. void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
  890. OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp);
  891. if (cbio == NULL
  892. || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
  893. OSSL_STORE_LOADER_free(fetched_loader);
  894. fetched_loader = NULL;
  895. } else if (!loader_set_params(fetched_loader, loader_ctx,
  896. params, propq)) {
  897. (void)fetched_loader->p_close(loader_ctx);
  898. OSSL_STORE_LOADER_free(fetched_loader);
  899. fetched_loader = NULL;
  900. }
  901. loader = fetched_loader;
  902. ossl_core_bio_free(cbio);
  903. }
  904. if (loader_ctx == NULL) {
  905. ERR_clear_last_mark();
  906. return NULL;
  907. }
  908. if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
  909. ERR_clear_last_mark();
  910. return NULL;
  911. }
  912. if (ui_method != NULL
  913. && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
  914. ERR_clear_last_mark();
  915. OPENSSL_free(ctx);
  916. return NULL;
  917. }
  918. ctx->fetched_loader = fetched_loader;
  919. ctx->loader = loader;
  920. ctx->loader_ctx = loader_ctx;
  921. ctx->post_process = post_process;
  922. ctx->post_process_data = post_process_data;
  923. /*
  924. * ossl_store_get0_loader_int will raise an error if the loader for
  925. * the scheme cannot be retrieved. But if a loader was successfully
  926. * fetched then we remove this error from the error stack.
  927. */
  928. ERR_pop_to_mark();
  929. return ctx;
  930. }