store_lib.c 31 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030
  1. /*
  2. * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdlib.h>
  10. #include <string.h>
  11. #include <assert.h>
  12. /* We need to use some STORE deprecated APIs */
  13. #define OPENSSL_SUPPRESS_DEPRECATED
  14. #include "e_os.h"
  15. #include <openssl/crypto.h>
  16. #include <openssl/err.h>
  17. #include <openssl/trace.h>
  18. #include <openssl/core_names.h>
  19. #include <openssl/provider.h>
  20. #include <openssl/param_build.h>
  21. #include <openssl/store.h>
  22. #include "internal/thread_once.h"
  23. #include "internal/cryptlib.h"
  24. #include "internal/provider.h"
  25. #include "internal/bio.h"
  26. #include "crypto/store.h"
  27. #include "store_local.h"
  28. static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
  29. static int loader_set_params(OSSL_STORE_LOADER *loader,
  30. OSSL_STORE_LOADER_CTX *loader_ctx,
  31. const OSSL_PARAM params[], const char *propq)
  32. {
  33. if (params != NULL) {
  34. if (!loader->p_set_ctx_params(loader_ctx, params))
  35. return 0;
  36. }
  37. if (propq != NULL) {
  38. OSSL_PARAM propp[2];
  39. if (OSSL_PARAM_locate_const(params,
  40. OSSL_STORE_PARAM_PROPERTIES) != NULL)
  41. /* use the propq from params */
  42. return 1;
  43. propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
  44. (char *)propq, 0);
  45. propp[1] = OSSL_PARAM_construct_end();
  46. if (!loader->p_set_ctx_params(loader_ctx, propp))
  47. return 0;
  48. }
  49. return 1;
  50. }
  51. OSSL_STORE_CTX *
  52. OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
  53. const UI_METHOD *ui_method, void *ui_data,
  54. const OSSL_PARAM params[],
  55. OSSL_STORE_post_process_info_fn post_process,
  56. void *post_process_data)
  57. {
  58. const OSSL_STORE_LOADER *loader = NULL;
  59. OSSL_STORE_LOADER *fetched_loader = NULL;
  60. OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
  61. OSSL_STORE_CTX *ctx = NULL;
  62. char *propq_copy = NULL;
  63. char scheme_copy[256], *p, *schemes[2];
  64. size_t schemes_n = 0;
  65. size_t i;
  66. /*
  67. * Put the file scheme first. If the uri does represent an existing file,
  68. * possible device name and all, then it should be loaded. Only a failed
  69. * attempt at loading a local file should have us try something else.
  70. */
  71. schemes[schemes_n++] = "file";
  72. /*
  73. * Now, check if we have something that looks like a scheme, and add it
  74. * as a second scheme. However, also check if there's an authority start
  75. * (://), because that will invalidate the previous file scheme. Also,
  76. * check that this isn't actually the file scheme, as there's no point
  77. * going through that one twice!
  78. */
  79. OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
  80. if ((p = strchr(scheme_copy, ':')) != NULL) {
  81. *p++ = '\0';
  82. if (strcasecmp(scheme_copy, "file") != 0) {
  83. if (strncmp(p, "//", 2) == 0)
  84. schemes_n--; /* Invalidate the file scheme */
  85. schemes[schemes_n++] = scheme_copy;
  86. }
  87. }
  88. ERR_set_mark();
  89. /*
  90. * Try each scheme until we find one that could open the URI.
  91. *
  92. * For each scheme, we look for the engine implementation first, and
  93. * failing that, we then try to fetch a provided implementation.
  94. * This is consistent with how we handle legacy / engine implementations
  95. * elsewhere.
  96. */
  97. for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
  98. OSSL_TRACE1(STORE, "Looking up scheme %s\n", schemes[i]);
  99. #ifndef OPENSSL_NO_DEPRECATED_3_0
  100. if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) {
  101. if (loader->open_ex != NULL)
  102. loader_ctx = loader->open_ex(loader, uri, libctx, propq,
  103. ui_method, ui_data);
  104. else
  105. loader_ctx = loader->open(loader, uri, ui_method, ui_data);
  106. }
  107. #endif
  108. if (loader == NULL
  109. && (fetched_loader =
  110. OSSL_STORE_LOADER_fetch(libctx, schemes[i], propq)) != NULL) {
  111. const OSSL_PROVIDER *provider =
  112. OSSL_STORE_LOADER_get0_provider(fetched_loader);
  113. void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
  114. loader_ctx = fetched_loader->p_open(provctx, uri);
  115. if (loader_ctx == NULL) {
  116. OSSL_STORE_LOADER_free(fetched_loader);
  117. fetched_loader = NULL;
  118. } else if(!loader_set_params(fetched_loader, loader_ctx,
  119. params, propq)) {
  120. (void)fetched_loader->p_close(loader_ctx);
  121. OSSL_STORE_LOADER_free(fetched_loader);
  122. fetched_loader = NULL;
  123. }
  124. loader = fetched_loader;
  125. }
  126. }
  127. if (loader != NULL)
  128. OSSL_TRACE1(STORE, "Found loader for scheme %s\n", schemes[i]);
  129. if (loader_ctx == NULL) {
  130. ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NO_LOADERS_FOUND,
  131. "No store loaders were found. For standard store "
  132. "loaders you need at least one of the default or base "
  133. "providers available. Did you forget to load them?");
  134. goto err;
  135. }
  136. OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
  137. if ((propq != NULL && (propq_copy = OPENSSL_strdup(propq)) == NULL)
  138. || (ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
  139. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  140. goto err;
  141. }
  142. if (ui_method != NULL
  143. && (!ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)
  144. || !ossl_pw_enable_passphrase_caching(&ctx->pwdata))) {
  145. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
  146. goto err;
  147. }
  148. ctx->properties = propq_copy;
  149. ctx->fetched_loader = fetched_loader;
  150. ctx->loader = loader;
  151. ctx->loader_ctx = loader_ctx;
  152. ctx->post_process = post_process;
  153. ctx->post_process_data = post_process_data;
  154. /*
  155. * If the attempt to open with the 'file' scheme loader failed and the
  156. * other scheme loader succeeded, the failure to open with the 'file'
  157. * scheme loader leaves an error on the error stack. Let's remove it.
  158. */
  159. ERR_pop_to_mark();
  160. return ctx;
  161. err:
  162. ERR_clear_last_mark();
  163. if (loader_ctx != NULL) {
  164. /*
  165. * Temporary structure so OSSL_STORE_close() can work even when
  166. * |ctx| couldn't be allocated properly
  167. */
  168. OSSL_STORE_CTX tmpctx = { NULL, };
  169. tmpctx.fetched_loader = fetched_loader;
  170. tmpctx.loader = loader;
  171. tmpctx.loader_ctx = loader_ctx;
  172. /*
  173. * We ignore a returned error because we will return NULL anyway in
  174. * this case, so if something goes wrong when closing, that'll simply
  175. * just add another entry on the error stack.
  176. */
  177. (void)ossl_store_close_it(&tmpctx);
  178. }
  179. OSSL_STORE_LOADER_free(fetched_loader);
  180. OPENSSL_free(propq_copy);
  181. OPENSSL_free(ctx);
  182. return NULL;
  183. }
  184. OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
  185. const UI_METHOD *ui_method, void *ui_data,
  186. OSSL_STORE_post_process_info_fn post_process,
  187. void *post_process_data)
  188. {
  189. return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL,
  190. post_process, post_process_data);
  191. }
  192. #ifndef OPENSSL_NO_DEPRECATED_3_0
  193. int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
  194. {
  195. va_list args;
  196. int ret;
  197. va_start(args, cmd);
  198. ret = OSSL_STORE_vctrl(ctx, cmd, args);
  199. va_end(args);
  200. return ret;
  201. }
  202. int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
  203. {
  204. if (ctx->fetched_loader != NULL) {
  205. if (ctx->fetched_loader->p_set_ctx_params != NULL) {
  206. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  207. switch (cmd) {
  208. case OSSL_STORE_C_USE_SECMEM:
  209. {
  210. int on = *(va_arg(args, int *));
  211. params[0] = OSSL_PARAM_construct_int("use_secmem", &on);
  212. }
  213. break;
  214. default:
  215. break;
  216. }
  217. return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
  218. params);
  219. }
  220. } else if (ctx->loader->ctrl != NULL) {
  221. return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
  222. }
  223. /*
  224. * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
  225. * if there was one that ignored our params, which usually returns 1.
  226. */
  227. return 1;
  228. }
  229. #endif
  230. int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
  231. {
  232. int ret = 1;
  233. if (ctx == NULL
  234. || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) {
  235. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
  236. return 0;
  237. }
  238. if (ctx->loading) {
  239. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
  240. return 0;
  241. }
  242. ctx->expected_type = expected_type;
  243. if (ctx->fetched_loader != NULL
  244. && ctx->fetched_loader->p_set_ctx_params != NULL) {
  245. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  246. params[0] =
  247. OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type);
  248. ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, params);
  249. }
  250. #ifndef OPENSSL_NO_DEPRECATED_3_0
  251. if (ctx->fetched_loader == NULL
  252. && ctx->loader->expect != NULL) {
  253. ret = ctx->loader->expect(ctx->loader_ctx, expected_type);
  254. }
  255. #endif
  256. return ret;
  257. }
  258. int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search)
  259. {
  260. int ret = 1;
  261. if (ctx->loading) {
  262. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
  263. return 0;
  264. }
  265. if (search == NULL) {
  266. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
  267. return 0;
  268. }
  269. if (ctx->fetched_loader != NULL) {
  270. OSSL_PARAM_BLD *bld;
  271. OSSL_PARAM *params;
  272. /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
  273. void *name_der = NULL;
  274. int name_der_sz;
  275. /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
  276. BIGNUM *number = NULL;
  277. if (ctx->fetched_loader->p_set_ctx_params == NULL) {
  278. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
  279. return 0;
  280. }
  281. if ((bld = OSSL_PARAM_BLD_new()) == NULL) {
  282. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  283. return 0;
  284. }
  285. ret = 0; /* Assume the worst */
  286. switch (search->search_type) {
  287. case OSSL_STORE_SEARCH_BY_NAME:
  288. if ((name_der_sz = i2d_X509_NAME(search->name,
  289. (unsigned char **)&name_der)) > 0
  290. && OSSL_PARAM_BLD_push_octet_string(bld,
  291. OSSL_STORE_PARAM_SUBJECT,
  292. name_der, name_der_sz))
  293. ret = 1;
  294. break;
  295. case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
  296. if ((name_der_sz = i2d_X509_NAME(search->name,
  297. (unsigned char **)&name_der)) > 0
  298. && (number = ASN1_INTEGER_to_BN(search->serial, NULL)) != NULL
  299. && OSSL_PARAM_BLD_push_octet_string(bld,
  300. OSSL_STORE_PARAM_ISSUER,
  301. name_der, name_der_sz)
  302. && OSSL_PARAM_BLD_push_BN(bld, OSSL_STORE_PARAM_SERIAL,
  303. number))
  304. ret = 1;
  305. break;
  306. case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
  307. if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST,
  308. EVP_MD_get0_name(search->digest),
  309. 0)
  310. && OSSL_PARAM_BLD_push_octet_string(bld,
  311. OSSL_STORE_PARAM_FINGERPRINT,
  312. search->string,
  313. search->stringlength))
  314. ret = 1;
  315. break;
  316. case OSSL_STORE_SEARCH_BY_ALIAS:
  317. if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_ALIAS,
  318. (char *)search->string,
  319. search->stringlength))
  320. ret = 1;
  321. break;
  322. }
  323. if (ret) {
  324. params = OSSL_PARAM_BLD_to_param(bld);
  325. ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
  326. params);
  327. OSSL_PARAM_free(params);
  328. }
  329. OSSL_PARAM_BLD_free(bld);
  330. OPENSSL_free(name_der);
  331. BN_free(number);
  332. } else {
  333. #ifndef OPENSSL_NO_DEPRECATED_3_0
  334. /* legacy loader section */
  335. if (ctx->loader->find == NULL) {
  336. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
  337. return 0;
  338. }
  339. ret = ctx->loader->find(ctx->loader_ctx, search);
  340. #endif
  341. }
  342. return ret;
  343. }
  344. OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
  345. {
  346. OSSL_STORE_INFO *v = NULL;
  347. ctx->loading = 1;
  348. again:
  349. if (OSSL_STORE_eof(ctx))
  350. return NULL;
  351. if (ctx->loader != NULL)
  352. OSSL_TRACE(STORE, "Loading next object\n");
  353. if (ctx->cached_info != NULL
  354. && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
  355. sk_OSSL_STORE_INFO_free(ctx->cached_info);
  356. ctx->cached_info = NULL;
  357. }
  358. if (ctx->cached_info != NULL) {
  359. v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
  360. } else {
  361. if (ctx->fetched_loader != NULL) {
  362. struct ossl_load_result_data_st load_data;
  363. load_data.v = NULL;
  364. load_data.ctx = ctx;
  365. if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
  366. ossl_store_handle_load_result,
  367. &load_data,
  368. ossl_pw_passphrase_callback_dec,
  369. &ctx->pwdata)) {
  370. if (!OSSL_STORE_eof(ctx))
  371. ctx->error_flag = 1;
  372. return NULL;
  373. }
  374. v = load_data.v;
  375. }
  376. #ifndef OPENSSL_NO_DEPRECATED_3_0
  377. if (ctx->fetched_loader == NULL)
  378. v = ctx->loader->load(ctx->loader_ctx,
  379. ctx->pwdata._.ui_method.ui_method,
  380. ctx->pwdata._.ui_method.ui_method_data);
  381. #endif
  382. }
  383. if (ctx->post_process != NULL && v != NULL) {
  384. v = ctx->post_process(v, ctx->post_process_data);
  385. /*
  386. * By returning NULL, the callback decides that this object should
  387. * be ignored.
  388. */
  389. if (v == NULL)
  390. goto again;
  391. }
  392. /* Clear any internally cached passphrase */
  393. (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
  394. if (v != NULL && ctx->expected_type != 0) {
  395. int returned_type = OSSL_STORE_INFO_get_type(v);
  396. if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
  397. if (ctx->expected_type != returned_type) {
  398. OSSL_STORE_INFO_free(v);
  399. goto again;
  400. }
  401. }
  402. }
  403. if (v != NULL)
  404. OSSL_TRACE1(STORE, "Got a %s\n",
  405. OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
  406. return v;
  407. }
  408. int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
  409. {
  410. int ret = 1;
  411. if (ctx->fetched_loader != NULL)
  412. ret = ctx->error_flag;
  413. #ifndef OPENSSL_NO_DEPRECATED_3_0
  414. if (ctx->fetched_loader == NULL)
  415. ret = ctx->loader->error(ctx->loader_ctx);
  416. #endif
  417. return ret;
  418. }
  419. int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
  420. {
  421. int ret = 1;
  422. if (ctx->fetched_loader != NULL)
  423. ret = ctx->loader->p_eof(ctx->loader_ctx);
  424. #ifndef OPENSSL_NO_DEPRECATED_3_0
  425. if (ctx->fetched_loader == NULL)
  426. ret = ctx->loader->eof(ctx->loader_ctx);
  427. #endif
  428. return ret != 0;
  429. }
  430. static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
  431. {
  432. int ret = 0;
  433. if (ctx == NULL)
  434. return 1;
  435. OSSL_TRACE1(STORE, "Closing %p\n", (void *)ctx->loader_ctx);
  436. if (ctx->fetched_loader != NULL)
  437. ret = ctx->loader->p_close(ctx->loader_ctx);
  438. #ifndef OPENSSL_NO_DEPRECATED_3_0
  439. if (ctx->fetched_loader == NULL)
  440. ret = ctx->loader->close(ctx->loader_ctx);
  441. #endif
  442. sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free);
  443. OSSL_STORE_LOADER_free(ctx->fetched_loader);
  444. OPENSSL_free(ctx->properties);
  445. ossl_pw_clear_passphrase_data(&ctx->pwdata);
  446. return ret;
  447. }
  448. int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
  449. {
  450. int ret = ossl_store_close_it(ctx);
  451. OPENSSL_free(ctx);
  452. return ret;
  453. }
  454. /*
  455. * Functions to generate OSSL_STORE_INFOs, one function for each type we
  456. * support having in them as well as a generic constructor.
  457. *
  458. * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
  459. * and will therefore be freed when the OSSL_STORE_INFO is freed.
  460. */
  461. OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data)
  462. {
  463. OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
  464. if (info == NULL)
  465. return NULL;
  466. info->type = type;
  467. info->_.data = data;
  468. return info;
  469. }
  470. OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
  471. {
  472. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL);
  473. if (info == NULL) {
  474. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  475. return NULL;
  476. }
  477. info->_.name.name = name;
  478. info->_.name.desc = NULL;
  479. return info;
  480. }
  481. int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
  482. {
  483. if (info->type != OSSL_STORE_INFO_NAME) {
  484. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
  485. return 0;
  486. }
  487. info->_.name.desc = desc;
  488. return 1;
  489. }
  490. OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
  491. {
  492. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params);
  493. if (info == NULL)
  494. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  495. return info;
  496. }
  497. OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
  498. {
  499. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey);
  500. if (info == NULL)
  501. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  502. return info;
  503. }
  504. OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
  505. {
  506. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey);
  507. if (info == NULL)
  508. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  509. return info;
  510. }
  511. OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
  512. {
  513. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509);
  514. if (info == NULL)
  515. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  516. return info;
  517. }
  518. OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
  519. {
  520. OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl);
  521. if (info == NULL)
  522. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  523. return info;
  524. }
  525. /*
  526. * Functions to try to extract data from a OSSL_STORE_INFO.
  527. */
  528. int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
  529. {
  530. return info->type;
  531. }
  532. void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info)
  533. {
  534. if (info->type == type)
  535. return info->_.data;
  536. return NULL;
  537. }
  538. const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
  539. {
  540. if (info->type == OSSL_STORE_INFO_NAME)
  541. return info->_.name.name;
  542. return NULL;
  543. }
  544. char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
  545. {
  546. if (info->type == OSSL_STORE_INFO_NAME) {
  547. char *ret = OPENSSL_strdup(info->_.name.name);
  548. if (ret == NULL)
  549. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  550. return ret;
  551. }
  552. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
  553. return NULL;
  554. }
  555. const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
  556. {
  557. if (info->type == OSSL_STORE_INFO_NAME)
  558. return info->_.name.desc;
  559. return NULL;
  560. }
  561. char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
  562. {
  563. if (info->type == OSSL_STORE_INFO_NAME) {
  564. char *ret = OPENSSL_strdup(info->_.name.desc
  565. ? info->_.name.desc : "");
  566. if (ret == NULL)
  567. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  568. return ret;
  569. }
  570. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
  571. return NULL;
  572. }
  573. EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
  574. {
  575. if (info->type == OSSL_STORE_INFO_PARAMS)
  576. return info->_.params;
  577. return NULL;
  578. }
  579. EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
  580. {
  581. if (info->type == OSSL_STORE_INFO_PARAMS) {
  582. EVP_PKEY_up_ref(info->_.params);
  583. return info->_.params;
  584. }
  585. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS);
  586. return NULL;
  587. }
  588. EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info)
  589. {
  590. if (info->type == OSSL_STORE_INFO_PUBKEY)
  591. return info->_.pubkey;
  592. return NULL;
  593. }
  594. EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info)
  595. {
  596. if (info->type == OSSL_STORE_INFO_PUBKEY) {
  597. EVP_PKEY_up_ref(info->_.pubkey);
  598. return info->_.pubkey;
  599. }
  600. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
  601. return NULL;
  602. }
  603. EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
  604. {
  605. if (info->type == OSSL_STORE_INFO_PKEY)
  606. return info->_.pkey;
  607. return NULL;
  608. }
  609. EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
  610. {
  611. if (info->type == OSSL_STORE_INFO_PKEY) {
  612. EVP_PKEY_up_ref(info->_.pkey);
  613. return info->_.pkey;
  614. }
  615. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PRIVATE_KEY);
  616. return NULL;
  617. }
  618. X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
  619. {
  620. if (info->type == OSSL_STORE_INFO_CERT)
  621. return info->_.x509;
  622. return NULL;
  623. }
  624. X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
  625. {
  626. if (info->type == OSSL_STORE_INFO_CERT) {
  627. X509_up_ref(info->_.x509);
  628. return info->_.x509;
  629. }
  630. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE);
  631. return NULL;
  632. }
  633. X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
  634. {
  635. if (info->type == OSSL_STORE_INFO_CRL)
  636. return info->_.crl;
  637. return NULL;
  638. }
  639. X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
  640. {
  641. if (info->type == OSSL_STORE_INFO_CRL) {
  642. X509_CRL_up_ref(info->_.crl);
  643. return info->_.crl;
  644. }
  645. ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL);
  646. return NULL;
  647. }
  648. /*
  649. * Free the OSSL_STORE_INFO
  650. */
  651. void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
  652. {
  653. if (info != NULL) {
  654. switch (info->type) {
  655. case OSSL_STORE_INFO_NAME:
  656. OPENSSL_free(info->_.name.name);
  657. OPENSSL_free(info->_.name.desc);
  658. break;
  659. case OSSL_STORE_INFO_PARAMS:
  660. EVP_PKEY_free(info->_.params);
  661. break;
  662. case OSSL_STORE_INFO_PUBKEY:
  663. EVP_PKEY_free(info->_.pubkey);
  664. break;
  665. case OSSL_STORE_INFO_PKEY:
  666. EVP_PKEY_free(info->_.pkey);
  667. break;
  668. case OSSL_STORE_INFO_CERT:
  669. X509_free(info->_.x509);
  670. break;
  671. case OSSL_STORE_INFO_CRL:
  672. X509_CRL_free(info->_.crl);
  673. break;
  674. }
  675. OPENSSL_free(info);
  676. }
  677. }
  678. int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
  679. {
  680. int ret = 0;
  681. if (ctx->fetched_loader != NULL) {
  682. void *provctx =
  683. ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader));
  684. const OSSL_PARAM *params;
  685. const OSSL_PARAM *p_subject = NULL;
  686. const OSSL_PARAM *p_issuer = NULL;
  687. const OSSL_PARAM *p_serial = NULL;
  688. const OSSL_PARAM *p_fingerprint = NULL;
  689. const OSSL_PARAM *p_alias = NULL;
  690. if (ctx->fetched_loader->p_settable_ctx_params == NULL)
  691. return 0;
  692. params = ctx->fetched_loader->p_settable_ctx_params(provctx);
  693. p_subject = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
  694. p_issuer = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ISSUER);
  695. p_serial = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SERIAL);
  696. p_fingerprint =
  697. OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT);
  698. p_alias = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ALIAS);
  699. switch (search_type) {
  700. case OSSL_STORE_SEARCH_BY_NAME:
  701. ret = (p_subject != NULL);
  702. break;
  703. case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
  704. ret = (p_issuer != NULL && p_serial != NULL);
  705. break;
  706. case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
  707. ret = (p_fingerprint != NULL);
  708. break;
  709. case OSSL_STORE_SEARCH_BY_ALIAS:
  710. ret = (p_alias != NULL);
  711. break;
  712. }
  713. }
  714. #ifndef OPENSSL_NO_DEPRECATED_3_0
  715. if (ctx->fetched_loader == NULL) {
  716. OSSL_STORE_SEARCH tmp_search;
  717. if (ctx->loader->find == NULL)
  718. return 0;
  719. tmp_search.search_type = search_type;
  720. ret = ctx->loader->find(NULL, &tmp_search);
  721. }
  722. #endif
  723. return ret;
  724. }
  725. /* Search term constructors */
  726. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
  727. {
  728. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  729. if (search == NULL) {
  730. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  731. return NULL;
  732. }
  733. search->search_type = OSSL_STORE_SEARCH_BY_NAME;
  734. search->name = name;
  735. return search;
  736. }
  737. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
  738. const ASN1_INTEGER *serial)
  739. {
  740. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  741. if (search == NULL) {
  742. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  743. return NULL;
  744. }
  745. search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
  746. search->name = name;
  747. search->serial = serial;
  748. return search;
  749. }
  750. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
  751. const unsigned char
  752. *bytes, size_t len)
  753. {
  754. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  755. if (search == NULL) {
  756. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  757. return NULL;
  758. }
  759. if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) {
  760. ERR_raise_data(ERR_LIB_OSSL_STORE,
  761. OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
  762. "%s size is %d, fingerprint size is %zu",
  763. EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len);
  764. OPENSSL_free(search);
  765. return NULL;
  766. }
  767. search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
  768. search->digest = digest;
  769. search->string = bytes;
  770. search->stringlength = len;
  771. return search;
  772. }
  773. OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
  774. {
  775. OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
  776. if (search == NULL) {
  777. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  778. return NULL;
  779. }
  780. search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
  781. search->string = (const unsigned char *)alias;
  782. search->stringlength = strlen(alias);
  783. return search;
  784. }
  785. /* Search term destructor */
  786. void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
  787. {
  788. OPENSSL_free(search);
  789. }
  790. /* Search term accessors */
  791. int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
  792. {
  793. return criterion->search_type;
  794. }
  795. X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion)
  796. {
  797. return criterion->name;
  798. }
  799. const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
  800. *criterion)
  801. {
  802. return criterion->serial;
  803. }
  804. const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
  805. *criterion, size_t *length)
  806. {
  807. *length = criterion->stringlength;
  808. return criterion->string;
  809. }
  810. const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
  811. {
  812. return (const char *)criterion->string;
  813. }
  814. const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
  815. {
  816. return criterion->digest;
  817. }
  818. OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
  819. OSSL_LIB_CTX *libctx, const char *propq,
  820. const UI_METHOD *ui_method, void *ui_data,
  821. const OSSL_PARAM params[],
  822. OSSL_STORE_post_process_info_fn post_process,
  823. void *post_process_data)
  824. {
  825. const OSSL_STORE_LOADER *loader = NULL;
  826. OSSL_STORE_LOADER *fetched_loader = NULL;
  827. OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
  828. OSSL_STORE_CTX *ctx = NULL;
  829. if (scheme == NULL)
  830. scheme = "file";
  831. OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
  832. ERR_set_mark();
  833. #ifndef OPENSSL_NO_DEPRECATED_3_0
  834. if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
  835. loader_ctx = loader->attach(loader, bp, libctx, propq,
  836. ui_method, ui_data);
  837. #endif
  838. if (loader == NULL
  839. && (fetched_loader =
  840. OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) {
  841. const OSSL_PROVIDER *provider =
  842. OSSL_STORE_LOADER_get0_provider(fetched_loader);
  843. void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
  844. OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp);
  845. if (cbio == NULL
  846. || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
  847. OSSL_STORE_LOADER_free(fetched_loader);
  848. fetched_loader = NULL;
  849. } else if (!loader_set_params(fetched_loader, loader_ctx,
  850. params, propq)) {
  851. (void)fetched_loader->p_close(loader_ctx);
  852. OSSL_STORE_LOADER_free(fetched_loader);
  853. fetched_loader = NULL;
  854. }
  855. loader = fetched_loader;
  856. ossl_core_bio_free(cbio);
  857. }
  858. if (loader_ctx == NULL) {
  859. ERR_clear_last_mark();
  860. return NULL;
  861. }
  862. if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
  863. ERR_clear_last_mark();
  864. ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
  865. return NULL;
  866. }
  867. if (ui_method != NULL
  868. && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
  869. ERR_clear_last_mark();
  870. OPENSSL_free(ctx);
  871. return NULL;
  872. }
  873. ctx->fetched_loader = fetched_loader;
  874. ctx->loader = loader;
  875. ctx->loader_ctx = loader_ctx;
  876. ctx->post_process = post_process;
  877. ctx->post_process_data = post_process_data;
  878. /*
  879. * ossl_store_get0_loader_int will raise an error if the loader for the
  880. * the scheme cannot be retrieved. But if a loader was successfully
  881. * fetched then we remove this error from the error stack.
  882. */
  883. ERR_pop_to_mark();
  884. return ctx;
  885. }