loader_file.c 52 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634
  1. /*
  2. * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some engine deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. #include "e_os.h"
  12. #include <string.h>
  13. #include <sys/stat.h>
  14. #include <ctype.h>
  15. #include <assert.h>
  16. #include <openssl/bio.h>
  17. #include <openssl/dsa.h> /* For d2i_DSAPrivateKey */
  18. #include <openssl/err.h>
  19. #include <openssl/evp.h>
  20. #include <openssl/pem.h>
  21. #include "internal/pem_int.h"
  22. #include <openssl/pkcs12.h> /* For the PKCS8 stuff o.O */
  23. #include <openssl/rsa.h> /* For d2i_RSAPrivateKey */
  24. #include <openssl/safestack.h>
  25. #include <openssl/store.h>
  26. #include <openssl/ui.h>
  27. #include <openssl/x509.h> /* For the PKCS8 stuff o.O */
  28. #include "crypto/asn1.h"
  29. #include "crypto/ctype.h"
  30. #include "internal/o_dir.h"
  31. #include "internal/cryptlib.h"
  32. #include "crypto/store.h"
  33. #include "crypto/evp.h"
  34. #include "store_local.h"
  35. DEFINE_STACK_OF(X509)
  36. #ifdef _WIN32
  37. # define stat _stat
  38. #endif
  39. #ifndef S_ISDIR
  40. # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
  41. #endif
  42. /*-
  43. * Password prompting
  44. * ------------------
  45. */
  46. static char *file_get_pass(const UI_METHOD *ui_method, char *pass,
  47. size_t maxsize, const char *desc, const char *info,
  48. void *data)
  49. {
  50. UI *ui = UI_new();
  51. char *prompt = NULL;
  52. if (ui == NULL) {
  53. OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
  54. return NULL;
  55. }
  56. if (ui_method != NULL)
  57. UI_set_method(ui, ui_method);
  58. UI_add_user_data(ui, data);
  59. if ((prompt = UI_construct_prompt(ui, desc, info)) == NULL) {
  60. OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
  61. pass = NULL;
  62. } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD,
  63. pass, 0, maxsize - 1)) {
  64. OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
  65. pass = NULL;
  66. } else {
  67. switch (UI_process(ui)) {
  68. case -2:
  69. OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS,
  70. OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED);
  71. pass = NULL;
  72. break;
  73. case -1:
  74. OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
  75. pass = NULL;
  76. break;
  77. default:
  78. break;
  79. }
  80. }
  81. OPENSSL_free(prompt);
  82. UI_free(ui);
  83. return pass;
  84. }
  85. struct pem_pass_data {
  86. const UI_METHOD *ui_method;
  87. void *data;
  88. const char *prompt_desc;
  89. const char *prompt_info;
  90. };
  91. static int file_fill_pem_pass_data(struct pem_pass_data *pass_data,
  92. const char *desc, const char *info,
  93. const UI_METHOD *ui_method, void *ui_data)
  94. {
  95. if (pass_data == NULL)
  96. return 0;
  97. pass_data->ui_method = ui_method;
  98. pass_data->data = ui_data;
  99. pass_data->prompt_desc = desc;
  100. pass_data->prompt_info = info;
  101. return 1;
  102. }
  103. /* This is used anywhere a pem_password_cb is needed */
  104. static int file_get_pem_pass(char *buf, int num, int w, void *data)
  105. {
  106. struct pem_pass_data *pass_data = data;
  107. char *pass = file_get_pass(pass_data->ui_method, buf, num,
  108. pass_data->prompt_desc, pass_data->prompt_info,
  109. pass_data->data);
  110. return pass == NULL ? 0 : strlen(pass);
  111. }
  112. /*-
  113. * The file scheme decoders
  114. * ------------------------
  115. *
  116. * Each possible data type has its own decoder, which either operates
  117. * through a given PEM name, or attempts to decode to see if the blob
  118. * it's given is decodable for its data type. The assumption is that
  119. * only the correct data type will match the content.
  120. */
  121. /*-
  122. * The try_decode function is called to check if the blob of data can
  123. * be used by this handler, and if it can, decodes it into a supported
  124. * OpenSSL type and returns a OSSL_STORE_INFO with the decoded data.
  125. * Input:
  126. * pem_name: If this blob comes from a PEM file, this holds
  127. * the PEM name. If it comes from another type of
  128. * file, this is NULL.
  129. * pem_header: If this blob comes from a PEM file, this holds
  130. * the PEM headers. If it comes from another type of
  131. * file, this is NULL.
  132. * blob: The blob of data to match with what this handler
  133. * can use.
  134. * len: The length of the blob.
  135. * handler_ctx: For a handler marked repeatable, this pointer can
  136. * be used to create a context for the handler. IT IS
  137. * THE HANDLER'S RESPONSIBILITY TO CREATE AND DESTROY
  138. * THIS CONTEXT APPROPRIATELY, i.e. create on first call
  139. * and destroy when about to return NULL.
  140. * matchcount: A pointer to an int to count matches for this data.
  141. * Usually becomes 0 (no match) or 1 (match!), but may
  142. * be higher in the (unlikely) event that the data matches
  143. * more than one possibility. The int will always be
  144. * zero when the function is called.
  145. * ui_method: Application UI method for getting a password, pin
  146. * or any other interactive data.
  147. * ui_data: Application data to be passed to ui_method when
  148. * it's called.
  149. * libctx: The library context to be used if applicable
  150. * propq: The property query string for any algorithm fetches
  151. * Output:
  152. * a OSSL_STORE_INFO
  153. */
  154. typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name,
  155. const char *pem_header,
  156. const unsigned char *blob,
  157. size_t len, void **handler_ctx,
  158. int *matchcount,
  159. const UI_METHOD *ui_method,
  160. void *ui_data, const char *uri,
  161. OPENSSL_CTX *libctx,
  162. const char *propq);
  163. /*
  164. * The eof function should return 1 if there's no more data to be found
  165. * with the handler_ctx, otherwise 0. This is only used when the handler is
  166. * marked repeatable.
  167. */
  168. typedef int (*file_eof_fn)(void *handler_ctx);
  169. /*
  170. * The destroy_ctx function is used to destroy the handler_ctx that was
  171. * initiated by a repeatable try_decode function. This is only used when
  172. * the handler is marked repeatable.
  173. */
  174. typedef void (*file_destroy_ctx_fn)(void **handler_ctx);
  175. typedef struct file_handler_st {
  176. const char *name;
  177. file_try_decode_fn try_decode;
  178. file_eof_fn eof;
  179. file_destroy_ctx_fn destroy_ctx;
  180. /* flags */
  181. int repeatable;
  182. } FILE_HANDLER;
  183. /*
  184. * PKCS#12 decoder. It operates by decoding all of the blob content,
  185. * extracting all the interesting data from it and storing them internally,
  186. * then serving them one piece at a time.
  187. */
  188. static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
  189. const char *pem_header,
  190. const unsigned char *blob,
  191. size_t len, void **pctx,
  192. int *matchcount,
  193. const UI_METHOD *ui_method,
  194. void *ui_data, const char *uri,
  195. OPENSSL_CTX *libctx,
  196. const char *propq)
  197. {
  198. OSSL_STORE_INFO *store_info = NULL;
  199. STACK_OF(OSSL_STORE_INFO) *ctx = *pctx;
  200. if (ctx == NULL) {
  201. /* Initial parsing */
  202. PKCS12 *p12;
  203. if (pem_name != NULL)
  204. /* No match, there is no PEM PKCS12 tag */
  205. return NULL;
  206. if ((p12 = d2i_PKCS12(NULL, &blob, len)) != NULL) {
  207. char *pass = NULL;
  208. char tpass[PEM_BUFSIZE];
  209. EVP_PKEY *pkey = NULL;
  210. X509 *cert = NULL;
  211. STACK_OF(X509) *chain = NULL;
  212. *matchcount = 1;
  213. if (PKCS12_verify_mac(p12, "", 0)
  214. || PKCS12_verify_mac(p12, NULL, 0)) {
  215. pass = "";
  216. } else {
  217. if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE,
  218. "PKCS12 import pass phrase", uri,
  219. ui_data)) == NULL) {
  220. OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
  221. OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR);
  222. goto p12_end;
  223. }
  224. if (!PKCS12_verify_mac(p12, pass, strlen(pass))) {
  225. OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
  226. OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC);
  227. goto p12_end;
  228. }
  229. }
  230. if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) {
  231. OSSL_STORE_INFO *osi_pkey = NULL;
  232. OSSL_STORE_INFO *osi_cert = NULL;
  233. OSSL_STORE_INFO *osi_ca = NULL;
  234. int ok = 1;
  235. if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL) {
  236. if (pkey != NULL) {
  237. if ((osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL
  238. /* clearing pkey here avoids case distinctions */
  239. && (pkey = NULL) == NULL
  240. && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0)
  241. osi_pkey = NULL;
  242. else
  243. ok = 0;
  244. }
  245. if (ok && cert != NULL) {
  246. if ((osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL
  247. /* clearing cert here avoids case distinctions */
  248. && (cert = NULL) == NULL
  249. && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0)
  250. osi_cert = NULL;
  251. else
  252. ok = 0;
  253. }
  254. while (ok && sk_X509_num(chain) > 0) {
  255. X509 *ca = sk_X509_value(chain, 0);
  256. if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) != NULL
  257. && sk_X509_shift(chain) != NULL
  258. && sk_OSSL_STORE_INFO_push(ctx, osi_ca) != 0)
  259. osi_ca = NULL;
  260. else
  261. ok = 0;
  262. }
  263. }
  264. EVP_PKEY_free(pkey);
  265. X509_free(cert);
  266. sk_X509_pop_free(chain, X509_free);
  267. OSSL_STORE_INFO_free(osi_pkey);
  268. OSSL_STORE_INFO_free(osi_cert);
  269. OSSL_STORE_INFO_free(osi_ca);
  270. if (!ok) {
  271. sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
  272. ctx = NULL;
  273. }
  274. *pctx = ctx;
  275. }
  276. }
  277. p12_end:
  278. PKCS12_free(p12);
  279. if (ctx == NULL)
  280. return NULL;
  281. }
  282. *matchcount = 1;
  283. store_info = sk_OSSL_STORE_INFO_shift(ctx);
  284. return store_info;
  285. }
  286. static int eof_PKCS12(void *ctx_)
  287. {
  288. STACK_OF(OSSL_STORE_INFO) *ctx = ctx_;
  289. return ctx == NULL || sk_OSSL_STORE_INFO_num(ctx) == 0;
  290. }
  291. static void destroy_ctx_PKCS12(void **pctx)
  292. {
  293. STACK_OF(OSSL_STORE_INFO) *ctx = *pctx;
  294. sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
  295. *pctx = NULL;
  296. }
  297. static FILE_HANDLER PKCS12_handler = {
  298. "PKCS12",
  299. try_decode_PKCS12,
  300. eof_PKCS12,
  301. destroy_ctx_PKCS12,
  302. 1 /* repeatable */
  303. };
  304. /*
  305. * Encrypted PKCS#8 decoder. It operates by just decrypting the given blob
  306. * into a new blob, which is returned as an EMBEDDED STORE_INFO. The whole
  307. * decoding process will then start over with the new blob.
  308. */
  309. static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
  310. const char *pem_header,
  311. const unsigned char *blob,
  312. size_t len, void **pctx,
  313. int *matchcount,
  314. const UI_METHOD *ui_method,
  315. void *ui_data,
  316. const char *uri,
  317. OPENSSL_CTX *libctx,
  318. const char *propq)
  319. {
  320. X509_SIG *p8 = NULL;
  321. char kbuf[PEM_BUFSIZE];
  322. char *pass = NULL;
  323. const X509_ALGOR *dalg = NULL;
  324. const ASN1_OCTET_STRING *doct = NULL;
  325. OSSL_STORE_INFO *store_info = NULL;
  326. BUF_MEM *mem = NULL;
  327. unsigned char *new_data = NULL;
  328. int new_data_len;
  329. if (pem_name != NULL) {
  330. if (strcmp(pem_name, PEM_STRING_PKCS8) != 0)
  331. return NULL;
  332. *matchcount = 1;
  333. }
  334. if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL)
  335. return NULL;
  336. *matchcount = 1;
  337. if ((mem = BUF_MEM_new()) == NULL) {
  338. OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
  339. ERR_R_MALLOC_FAILURE);
  340. goto nop8;
  341. }
  342. if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE,
  343. "PKCS8 decrypt pass phrase", uri,
  344. ui_data)) == NULL) {
  345. OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
  346. OSSL_STORE_R_BAD_PASSWORD_READ);
  347. goto nop8;
  348. }
  349. X509_SIG_get0(p8, &dalg, &doct);
  350. if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length,
  351. &new_data, &new_data_len, 0))
  352. goto nop8;
  353. mem->data = (char *)new_data;
  354. mem->max = mem->length = (size_t)new_data_len;
  355. X509_SIG_free(p8);
  356. store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
  357. if (store_info == NULL) {
  358. OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
  359. ERR_R_MALLOC_FAILURE);
  360. goto nop8;
  361. }
  362. return store_info;
  363. nop8:
  364. X509_SIG_free(p8);
  365. BUF_MEM_free(mem);
  366. return NULL;
  367. }
  368. static FILE_HANDLER PKCS8Encrypted_handler = {
  369. "PKCS8Encrypted",
  370. try_decode_PKCS8Encrypted
  371. };
  372. /*
  373. * Private key decoder. Decodes all sorts of private keys, both PKCS#8
  374. * encoded ones and old style PEM ones (with the key type is encoded into
  375. * the PEM name).
  376. */
  377. int pem_check_suffix(const char *pem_str, const char *suffix);
  378. static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
  379. const char *pem_header,
  380. const unsigned char *blob,
  381. size_t len, void **pctx,
  382. int *matchcount,
  383. const UI_METHOD *ui_method,
  384. void *ui_data, const char *uri,
  385. OPENSSL_CTX *libctx,
  386. const char *propq)
  387. {
  388. OSSL_STORE_INFO *store_info = NULL;
  389. EVP_PKEY *pkey = NULL;
  390. const EVP_PKEY_ASN1_METHOD *ameth = NULL;
  391. if (pem_name != NULL) {
  392. if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) {
  393. PKCS8_PRIV_KEY_INFO *p8inf =
  394. d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len);
  395. *matchcount = 1;
  396. if (p8inf != NULL)
  397. pkey = evp_pkcs82pkey_int(p8inf, libctx, propq);
  398. PKCS8_PRIV_KEY_INFO_free(p8inf);
  399. } else {
  400. int slen;
  401. if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0
  402. && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name,
  403. slen)) != NULL) {
  404. *matchcount = 1;
  405. pkey = d2i_PrivateKey_ex(ameth->pkey_id, NULL, &blob, len,
  406. libctx, propq);
  407. }
  408. }
  409. } else {
  410. int i;
  411. #ifndef OPENSSL_NO_ENGINE
  412. ENGINE *curengine = ENGINE_get_first();
  413. while (curengine != NULL) {
  414. ENGINE_PKEY_ASN1_METHS_PTR asn1meths =
  415. ENGINE_get_pkey_asn1_meths(curengine);
  416. if (asn1meths != NULL) {
  417. const int *nids = NULL;
  418. int nids_n = asn1meths(curengine, NULL, &nids, 0);
  419. for (i = 0; i < nids_n; i++) {
  420. EVP_PKEY_ASN1_METHOD *ameth2 = NULL;
  421. EVP_PKEY *tmp_pkey = NULL;
  422. const unsigned char *tmp_blob = blob;
  423. if (!asn1meths(curengine, &ameth2, NULL, nids[i]))
  424. continue;
  425. if (ameth2 == NULL
  426. || ameth2->pkey_flags & ASN1_PKEY_ALIAS)
  427. continue;
  428. tmp_pkey =
  429. d2i_PrivateKey_ex(ameth2->pkey_id, NULL,
  430. &tmp_blob, len, libctx, propq);
  431. if (tmp_pkey != NULL) {
  432. if (pkey != NULL)
  433. EVP_PKEY_free(tmp_pkey);
  434. else
  435. pkey = tmp_pkey;
  436. (*matchcount)++;
  437. }
  438. }
  439. }
  440. curengine = ENGINE_get_next(curengine);
  441. }
  442. #endif
  443. for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
  444. EVP_PKEY *tmp_pkey = NULL;
  445. const unsigned char *tmp_blob = blob;
  446. ameth = EVP_PKEY_asn1_get0(i);
  447. if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
  448. continue;
  449. tmp_pkey = d2i_PrivateKey_ex(ameth->pkey_id, NULL, &tmp_blob, len,
  450. libctx, propq);
  451. if (tmp_pkey != NULL) {
  452. if (pkey != NULL)
  453. EVP_PKEY_free(tmp_pkey);
  454. else
  455. pkey = tmp_pkey;
  456. (*matchcount)++;
  457. }
  458. }
  459. if (*matchcount > 1) {
  460. EVP_PKEY_free(pkey);
  461. pkey = NULL;
  462. }
  463. }
  464. if (pkey == NULL)
  465. /* No match */
  466. return NULL;
  467. store_info = OSSL_STORE_INFO_new_PKEY(pkey);
  468. if (store_info == NULL)
  469. EVP_PKEY_free(pkey);
  470. return store_info;
  471. }
  472. static FILE_HANDLER PrivateKey_handler = {
  473. "PrivateKey",
  474. try_decode_PrivateKey
  475. };
  476. /*
  477. * Public key decoder. Only supports SubjectPublicKeyInfo formatted keys.
  478. */
  479. static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name,
  480. const char *pem_header,
  481. const unsigned char *blob,
  482. size_t len, void **pctx,
  483. int *matchcount,
  484. const UI_METHOD *ui_method,
  485. void *ui_data, const char *uri,
  486. OPENSSL_CTX *libctx,
  487. const char *propq)
  488. {
  489. OSSL_STORE_INFO *store_info = NULL;
  490. EVP_PKEY *pkey = NULL;
  491. if (pem_name != NULL) {
  492. if (strcmp(pem_name, PEM_STRING_PUBLIC) != 0)
  493. /* No match */
  494. return NULL;
  495. *matchcount = 1;
  496. }
  497. if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) {
  498. *matchcount = 1;
  499. store_info = OSSL_STORE_INFO_new_PKEY(pkey);
  500. }
  501. return store_info;
  502. }
  503. static FILE_HANDLER PUBKEY_handler = {
  504. "PUBKEY",
  505. try_decode_PUBKEY
  506. };
  507. /*
  508. * Key parameter decoder.
  509. */
  510. static OSSL_STORE_INFO *try_decode_params(const char *pem_name,
  511. const char *pem_header,
  512. const unsigned char *blob,
  513. size_t len, void **pctx,
  514. int *matchcount,
  515. const UI_METHOD *ui_method,
  516. void *ui_data, const char *uri,
  517. OPENSSL_CTX *libctx,
  518. const char *propq)
  519. {
  520. OSSL_STORE_INFO *store_info = NULL;
  521. int slen = 0;
  522. EVP_PKEY *pkey = NULL;
  523. const EVP_PKEY_ASN1_METHOD *ameth = NULL;
  524. int ok = 0;
  525. if (pem_name != NULL) {
  526. if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0)
  527. return NULL;
  528. *matchcount = 1;
  529. }
  530. if (slen > 0) {
  531. if ((pkey = EVP_PKEY_new()) == NULL) {
  532. OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
  533. return NULL;
  534. }
  535. if (EVP_PKEY_set_type_str(pkey, pem_name, slen)
  536. && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL
  537. && ameth->param_decode != NULL
  538. && ameth->param_decode(pkey, &blob, len))
  539. ok = 1;
  540. } else {
  541. int i;
  542. EVP_PKEY *tmp_pkey = NULL;
  543. for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
  544. const unsigned char *tmp_blob = blob;
  545. if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) {
  546. OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
  547. break;
  548. }
  549. ameth = EVP_PKEY_asn1_get0(i);
  550. if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
  551. continue;
  552. if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id)
  553. && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL
  554. && ameth->param_decode != NULL
  555. && ameth->param_decode(tmp_pkey, &tmp_blob, len)) {
  556. if (pkey != NULL)
  557. EVP_PKEY_free(tmp_pkey);
  558. else
  559. pkey = tmp_pkey;
  560. tmp_pkey = NULL;
  561. (*matchcount)++;
  562. }
  563. }
  564. EVP_PKEY_free(tmp_pkey);
  565. if (*matchcount == 1) {
  566. ok = 1;
  567. }
  568. }
  569. if (ok)
  570. store_info = OSSL_STORE_INFO_new_PARAMS(pkey);
  571. if (store_info == NULL)
  572. EVP_PKEY_free(pkey);
  573. return store_info;
  574. }
  575. static FILE_HANDLER params_handler = {
  576. "params",
  577. try_decode_params
  578. };
  579. /*
  580. * X.509 certificate decoder.
  581. */
  582. static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name,
  583. const char *pem_header,
  584. const unsigned char *blob,
  585. size_t len, void **pctx,
  586. int *matchcount,
  587. const UI_METHOD *ui_method,
  588. void *ui_data,
  589. const char *uri,
  590. OPENSSL_CTX *libctx,
  591. const char *propq)
  592. {
  593. OSSL_STORE_INFO *store_info = NULL;
  594. X509 *cert = NULL;
  595. /*
  596. * In most cases, we can try to interpret the serialized data as a trusted
  597. * cert (X509 + X509_AUX) and fall back to reading it as a normal cert
  598. * (just X509), but if the PEM name specifically declares it as a trusted
  599. * cert, then no fallback should be engaged. |ignore_trusted| tells if
  600. * the fallback can be used (1) or not (0).
  601. */
  602. int ignore_trusted = 1;
  603. if (pem_name != NULL) {
  604. if (strcmp(pem_name, PEM_STRING_X509_TRUSTED) == 0)
  605. ignore_trusted = 0;
  606. else if (strcmp(pem_name, PEM_STRING_X509_OLD) != 0
  607. && strcmp(pem_name, PEM_STRING_X509) != 0)
  608. /* No match */
  609. return NULL;
  610. *matchcount = 1;
  611. }
  612. if ((cert = d2i_X509_AUX(NULL, &blob, len)) != NULL
  613. || (ignore_trusted && (cert = d2i_X509(NULL, &blob, len)) != NULL)) {
  614. *matchcount = 1;
  615. store_info = OSSL_STORE_INFO_new_CERT(cert);
  616. }
  617. if (store_info == NULL)
  618. X509_free(cert);
  619. return store_info;
  620. }
  621. static FILE_HANDLER X509Certificate_handler = {
  622. "X509Certificate",
  623. try_decode_X509Certificate
  624. };
  625. /*
  626. * X.509 CRL decoder.
  627. */
  628. static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name,
  629. const char *pem_header,
  630. const unsigned char *blob,
  631. size_t len, void **pctx,
  632. int *matchcount,
  633. const UI_METHOD *ui_method,
  634. void *ui_data, const char *uri,
  635. OPENSSL_CTX *libctx,
  636. const char *propq)
  637. {
  638. OSSL_STORE_INFO *store_info = NULL;
  639. X509_CRL *crl = NULL;
  640. if (pem_name != NULL) {
  641. if (strcmp(pem_name, PEM_STRING_X509_CRL) != 0)
  642. /* No match */
  643. return NULL;
  644. *matchcount = 1;
  645. }
  646. if ((crl = d2i_X509_CRL(NULL, &blob, len)) != NULL) {
  647. *matchcount = 1;
  648. store_info = OSSL_STORE_INFO_new_CRL(crl);
  649. }
  650. if (store_info == NULL)
  651. X509_CRL_free(crl);
  652. return store_info;
  653. }
  654. static FILE_HANDLER X509CRL_handler = {
  655. "X509CRL",
  656. try_decode_X509CRL
  657. };
  658. /*
  659. * To finish it all off, we collect all the handlers.
  660. */
  661. static const FILE_HANDLER *file_handlers[] = {
  662. &PKCS12_handler,
  663. &PKCS8Encrypted_handler,
  664. &X509Certificate_handler,
  665. &X509CRL_handler,
  666. &params_handler,
  667. &PUBKEY_handler,
  668. &PrivateKey_handler,
  669. };
  670. /*-
  671. * The loader itself
  672. * -----------------
  673. */
  674. struct ossl_store_loader_ctx_st {
  675. char *uri; /* The URI we currently try to load */
  676. enum {
  677. is_raw = 0,
  678. is_pem,
  679. is_dir
  680. } type;
  681. int errcnt;
  682. #define FILE_FLAG_SECMEM (1<<0)
  683. #define FILE_FLAG_ATTACHED (1<<1)
  684. unsigned int flags;
  685. union {
  686. struct { /* Used with is_raw and is_pem */
  687. BIO *file;
  688. /*
  689. * The following are used when the handler is marked as
  690. * repeatable
  691. */
  692. const FILE_HANDLER *last_handler;
  693. void *last_handler_ctx;
  694. } file;
  695. struct { /* Used with is_dir */
  696. OPENSSL_DIR_CTX *ctx;
  697. int end_reached;
  698. /*
  699. * When a search expression is given, these are filled in.
  700. * |search_name| contains the file basename to look for.
  701. * The string is exactly 8 characters long.
  702. */
  703. char search_name[9];
  704. /*
  705. * The directory reading utility we have combines opening with
  706. * reading the first name. To make sure we can detect the end
  707. * at the right time, we read early and cache the name.
  708. */
  709. const char *last_entry;
  710. int last_errno;
  711. } dir;
  712. } _;
  713. /* Expected object type. May be unspecified */
  714. int expected_type;
  715. OPENSSL_CTX *libctx;
  716. char *propq;
  717. };
  718. static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx)
  719. {
  720. if (ctx == NULL)
  721. return;
  722. OPENSSL_free(ctx->uri);
  723. if (ctx->type != is_dir) {
  724. if (ctx->_.file.last_handler != NULL) {
  725. ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx);
  726. ctx->_.file.last_handler_ctx = NULL;
  727. ctx->_.file.last_handler = NULL;
  728. }
  729. }
  730. OPENSSL_free(ctx->propq);
  731. OPENSSL_free(ctx);
  732. }
  733. static int file_find_type(OSSL_STORE_LOADER_CTX *ctx)
  734. {
  735. BIO *buff = NULL;
  736. char peekbuf[4096] = { 0, };
  737. if ((buff = BIO_new(BIO_f_buffer())) == NULL)
  738. return 0;
  739. ctx->_.file.file = BIO_push(buff, ctx->_.file.file);
  740. if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) {
  741. peekbuf[sizeof(peekbuf) - 1] = '\0';
  742. if (strstr(peekbuf, "-----BEGIN ") != NULL)
  743. ctx->type = is_pem;
  744. }
  745. return 1;
  746. }
  747. static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader,
  748. const char *uri,
  749. const UI_METHOD *ui_method,
  750. void *ui_data)
  751. {
  752. OSSL_STORE_LOADER_CTX *ctx = NULL;
  753. struct stat st;
  754. struct {
  755. const char *path;
  756. unsigned int check_absolute:1;
  757. } path_data[2];
  758. size_t path_data_n = 0, i;
  759. const char *path;
  760. /*
  761. * First step, just take the URI as is.
  762. */
  763. path_data[path_data_n].check_absolute = 0;
  764. path_data[path_data_n++].path = uri;
  765. /*
  766. * Second step, if the URI appears to start with the 'file' scheme,
  767. * extract the path and make that the second path to check.
  768. * There's a special case if the URI also contains an authority, then
  769. * the full URI shouldn't be used as a path anywhere.
  770. */
  771. if (strncasecmp(uri, "file:", 5) == 0) {
  772. const char *p = &uri[5];
  773. if (strncmp(&uri[5], "//", 2) == 0) {
  774. path_data_n--; /* Invalidate using the full URI */
  775. if (strncasecmp(&uri[7], "localhost/", 10) == 0) {
  776. p = &uri[16];
  777. } else if (uri[7] == '/') {
  778. p = &uri[7];
  779. } else {
  780. OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN,
  781. OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED);
  782. return NULL;
  783. }
  784. }
  785. path_data[path_data_n].check_absolute = 1;
  786. #ifdef _WIN32
  787. /* Windows file: URIs with a drive letter start with a / */
  788. if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
  789. char c = ossl_tolower(p[1]);
  790. if (c >= 'a' && c <= 'z') {
  791. p++;
  792. /* We know it's absolute, so no need to check */
  793. path_data[path_data_n].check_absolute = 0;
  794. }
  795. }
  796. #endif
  797. path_data[path_data_n++].path = p;
  798. }
  799. for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) {
  800. /*
  801. * If the scheme "file" was an explicit part of the URI, the path must
  802. * be absolute. So says RFC 8089
  803. */
  804. if (path_data[i].check_absolute && path_data[i].path[0] != '/') {
  805. OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN,
  806. OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE);
  807. ERR_add_error_data(1, path_data[i].path);
  808. return NULL;
  809. }
  810. if (stat(path_data[i].path, &st) < 0) {
  811. ERR_raise_data(ERR_LIB_SYS, errno,
  812. "calling stat(%s)",
  813. path_data[i].path);
  814. } else {
  815. path = path_data[i].path;
  816. }
  817. }
  818. if (path == NULL) {
  819. return NULL;
  820. }
  821. /* Successfully found a working path, clear possible collected errors */
  822. ERR_clear_error();
  823. ctx = OPENSSL_zalloc(sizeof(*ctx));
  824. if (ctx == NULL) {
  825. OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE);
  826. return NULL;
  827. }
  828. ctx->uri = OPENSSL_strdup(uri);
  829. if (ctx->uri == NULL) {
  830. OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE);
  831. goto err;
  832. }
  833. if (S_ISDIR(st.st_mode)) {
  834. ctx->type = is_dir;
  835. ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path);
  836. ctx->_.dir.last_errno = errno;
  837. if (ctx->_.dir.last_entry == NULL) {
  838. if (ctx->_.dir.last_errno != 0) {
  839. char errbuf[256];
  840. OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB);
  841. errno = ctx->_.dir.last_errno;
  842. if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
  843. ERR_add_error_data(1, errbuf);
  844. goto err;
  845. }
  846. ctx->_.dir.end_reached = 1;
  847. }
  848. } else if ((ctx->_.file.file = BIO_new_file(path, "rb")) == NULL
  849. || !file_find_type(ctx)) {
  850. BIO_free_all(ctx->_.file.file);
  851. goto err;
  852. }
  853. return ctx;
  854. err:
  855. OSSL_STORE_LOADER_CTX_free(ctx);
  856. return NULL;
  857. }
  858. static OSSL_STORE_LOADER_CTX *file_attach(const OSSL_STORE_LOADER *loader,
  859. BIO *bp, OPENSSL_CTX *libctx,
  860. const char *propq,
  861. const UI_METHOD *ui_method,
  862. void *ui_data)
  863. {
  864. OSSL_STORE_LOADER_CTX *ctx;
  865. if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL
  866. || (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL)) {
  867. OSSL_STOREerr(OSSL_STORE_F_FILE_ATTACH, ERR_R_MALLOC_FAILURE);
  868. OSSL_STORE_LOADER_CTX_free(ctx);
  869. return NULL;
  870. }
  871. ctx->libctx = libctx;
  872. ctx->flags |= FILE_FLAG_ATTACHED;
  873. ctx->_.file.file = bp;
  874. if (!file_find_type(ctx)) {
  875. /* Safety measure */
  876. ctx->_.file.file = NULL;
  877. OSSL_STORE_LOADER_CTX_free(ctx);
  878. ctx = NULL;
  879. }
  880. return ctx;
  881. }
  882. static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args)
  883. {
  884. int ret = 1;
  885. switch (cmd) {
  886. case OSSL_STORE_C_USE_SECMEM:
  887. {
  888. int on = *(va_arg(args, int *));
  889. switch (on) {
  890. case 0:
  891. ctx->flags &= ~FILE_FLAG_SECMEM;
  892. break;
  893. case 1:
  894. ctx->flags |= FILE_FLAG_SECMEM;
  895. break;
  896. default:
  897. OSSL_STOREerr(OSSL_STORE_F_FILE_CTRL,
  898. ERR_R_PASSED_INVALID_ARGUMENT);
  899. ret = 0;
  900. break;
  901. }
  902. }
  903. break;
  904. default:
  905. break;
  906. }
  907. return ret;
  908. }
  909. static int file_expect(OSSL_STORE_LOADER_CTX *ctx, int expected)
  910. {
  911. ctx->expected_type = expected;
  912. return 1;
  913. }
  914. static int file_find(OSSL_STORE_LOADER_CTX *ctx,
  915. const OSSL_STORE_SEARCH *search)
  916. {
  917. /*
  918. * If ctx == NULL, the library is looking to know if this loader supports
  919. * the given search type.
  920. */
  921. if (OSSL_STORE_SEARCH_get_type(search) == OSSL_STORE_SEARCH_BY_NAME) {
  922. unsigned long hash = 0;
  923. if (ctx == NULL)
  924. return 1;
  925. if (ctx->type != is_dir) {
  926. OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
  927. OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
  928. return 0;
  929. }
  930. hash = X509_NAME_hash(OSSL_STORE_SEARCH_get0_name(search));
  931. BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name),
  932. "%08lx", hash);
  933. return 1;
  934. }
  935. if (ctx != NULL)
  936. OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
  937. OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE);
  938. return 0;
  939. }
  940. static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx,
  941. const char *pem_name,
  942. const char *pem_header,
  943. unsigned char *data, size_t len,
  944. const UI_METHOD *ui_method,
  945. void *ui_data, int *matchcount)
  946. {
  947. OSSL_STORE_INFO *result = NULL;
  948. BUF_MEM *new_mem = NULL;
  949. char *new_pem_name = NULL;
  950. int t = 0;
  951. again:
  952. {
  953. size_t i = 0;
  954. void *handler_ctx = NULL;
  955. const FILE_HANDLER **matching_handlers =
  956. OPENSSL_zalloc(sizeof(*matching_handlers)
  957. * OSSL_NELEM(file_handlers));
  958. if (matching_handlers == NULL) {
  959. OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE,
  960. ERR_R_MALLOC_FAILURE);
  961. goto err;
  962. }
  963. *matchcount = 0;
  964. for (i = 0; i < OSSL_NELEM(file_handlers); i++) {
  965. const FILE_HANDLER *handler = file_handlers[i];
  966. int try_matchcount = 0;
  967. void *tmp_handler_ctx = NULL;
  968. OSSL_STORE_INFO *tmp_result =
  969. handler->try_decode(pem_name, pem_header, data, len,
  970. &tmp_handler_ctx, &try_matchcount,
  971. ui_method, ui_data, ctx->uri,
  972. ctx->libctx, ctx->propq);
  973. if (try_matchcount > 0) {
  974. matching_handlers[*matchcount] = handler;
  975. if (handler_ctx)
  976. handler->destroy_ctx(&handler_ctx);
  977. handler_ctx = tmp_handler_ctx;
  978. if ((*matchcount += try_matchcount) > 1) {
  979. /* more than one match => ambiguous, kill any result */
  980. OSSL_STORE_INFO_free(result);
  981. OSSL_STORE_INFO_free(tmp_result);
  982. if (handler->destroy_ctx != NULL)
  983. handler->destroy_ctx(&handler_ctx);
  984. handler_ctx = NULL;
  985. tmp_result = NULL;
  986. result = NULL;
  987. }
  988. if (result == NULL)
  989. result = tmp_result;
  990. }
  991. }
  992. if (*matchcount == 1 && matching_handlers[0]->repeatable) {
  993. ctx->_.file.last_handler = matching_handlers[0];
  994. ctx->_.file.last_handler_ctx = handler_ctx;
  995. }
  996. OPENSSL_free(matching_handlers);
  997. }
  998. err:
  999. OPENSSL_free(new_pem_name);
  1000. BUF_MEM_free(new_mem);
  1001. if (result != NULL
  1002. && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) {
  1003. pem_name = new_pem_name =
  1004. ossl_store_info_get0_EMBEDDED_pem_name(result);
  1005. new_mem = ossl_store_info_get0_EMBEDDED_buffer(result);
  1006. data = (unsigned char *)new_mem->data;
  1007. len = new_mem->length;
  1008. OPENSSL_free(result);
  1009. result = NULL;
  1010. goto again;
  1011. }
  1012. if (result != NULL)
  1013. ERR_clear_error();
  1014. return result;
  1015. }
  1016. static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx,
  1017. const UI_METHOD *ui_method,
  1018. void *ui_data)
  1019. {
  1020. OSSL_STORE_INFO *result = NULL;
  1021. int try_matchcount = 0;
  1022. if (ctx->_.file.last_handler != NULL) {
  1023. result =
  1024. ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0,
  1025. &ctx->_.file.last_handler_ctx,
  1026. &try_matchcount,
  1027. ui_method, ui_data, ctx->uri,
  1028. ctx->libctx, ctx->propq);
  1029. if (result == NULL) {
  1030. ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx);
  1031. ctx->_.file.last_handler_ctx = NULL;
  1032. ctx->_.file.last_handler = NULL;
  1033. }
  1034. }
  1035. return result;
  1036. }
  1037. static void pem_free_flag(void *pem_data, int secure, size_t num)
  1038. {
  1039. if (secure)
  1040. OPENSSL_secure_clear_free(pem_data, num);
  1041. else
  1042. OPENSSL_free(pem_data);
  1043. }
  1044. static int file_read_pem(BIO *bp, char **pem_name, char **pem_header,
  1045. unsigned char **data, long *len,
  1046. const UI_METHOD *ui_method, void *ui_data,
  1047. const char *uri, int secure)
  1048. {
  1049. int i = secure
  1050. ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len,
  1051. PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE)
  1052. : PEM_read_bio(bp, pem_name, pem_header, data, len);
  1053. if (i <= 0)
  1054. return 0;
  1055. /*
  1056. * 10 is the number of characters in "Proc-Type:", which
  1057. * PEM_get_EVP_CIPHER_INFO() requires to be present.
  1058. * If the PEM header has less characters than that, it's
  1059. * not worth spending cycles on it.
  1060. */
  1061. if (strlen(*pem_header) > 10) {
  1062. EVP_CIPHER_INFO cipher;
  1063. struct pem_pass_data pass_data;
  1064. if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher)
  1065. || !file_fill_pem_pass_data(&pass_data, "PEM pass phrase", uri,
  1066. ui_method, ui_data)
  1067. || !PEM_do_header(&cipher, *data, len, file_get_pem_pass,
  1068. &pass_data)) {
  1069. return 0;
  1070. }
  1071. }
  1072. return 1;
  1073. }
  1074. static OSSL_STORE_INFO *file_try_read_msblob(BIO *bp, int *matchcount)
  1075. {
  1076. #ifdef OPENSSL_NO_DSA
  1077. return NULL;
  1078. #else
  1079. OSSL_STORE_INFO *result = NULL;
  1080. int ispub = -1;
  1081. {
  1082. unsigned int magic = 0, bitlen = 0;
  1083. int isdss = 0;
  1084. unsigned char peekbuf[16] = { 0, };
  1085. const unsigned char *p = peekbuf;
  1086. if (BIO_buffer_peek(bp, peekbuf, sizeof(peekbuf)) <= 0)
  1087. return 0;
  1088. if (!ossl_do_blob_header(&p, sizeof(peekbuf), &magic, &bitlen,
  1089. &isdss, &ispub))
  1090. return 0;
  1091. }
  1092. (*matchcount)++;
  1093. {
  1094. EVP_PKEY *tmp = ispub
  1095. ? b2i_PublicKey_bio(bp)
  1096. : b2i_PrivateKey_bio(bp);
  1097. if (tmp == NULL
  1098. || (result = OSSL_STORE_INFO_new_PKEY(tmp)) == NULL) {
  1099. EVP_PKEY_free(tmp);
  1100. return 0;
  1101. }
  1102. }
  1103. return result;
  1104. #endif
  1105. }
  1106. static OSSL_STORE_INFO *file_try_read_PVK(BIO *bp, const UI_METHOD *ui_method,
  1107. void *ui_data, const char *uri,
  1108. int *matchcount)
  1109. {
  1110. #if defined(OPENSSL_NO_DSA) || defined(OPENSSL_NO_RC4)
  1111. return NULL;
  1112. #else
  1113. OSSL_STORE_INFO *result = NULL;
  1114. {
  1115. unsigned int saltlen = 0, keylen = 0;
  1116. unsigned char peekbuf[24] = { 0, };
  1117. const unsigned char *p = peekbuf;
  1118. if (BIO_buffer_peek(bp, peekbuf, sizeof(peekbuf)) <= 0)
  1119. return 0;
  1120. if (!ossl_do_PVK_header(&p, sizeof(peekbuf), 0, &saltlen, &keylen))
  1121. return 0;
  1122. }
  1123. (*matchcount)++;
  1124. {
  1125. EVP_PKEY *tmp = NULL;
  1126. struct pem_pass_data pass_data;
  1127. if (!file_fill_pem_pass_data(&pass_data, "PVK pass phrase", uri,
  1128. ui_method, ui_data)
  1129. || (tmp = b2i_PVK_bio(bp, file_get_pem_pass, &pass_data)) == NULL
  1130. || (result = OSSL_STORE_INFO_new_PKEY(tmp)) == NULL) {
  1131. EVP_PKEY_free(tmp);
  1132. return 0;
  1133. }
  1134. }
  1135. return result;
  1136. #endif
  1137. }
  1138. static int file_read_asn1(BIO *bp, unsigned char **data, long *len)
  1139. {
  1140. BUF_MEM *mem = NULL;
  1141. if (asn1_d2i_read_bio(bp, &mem) < 0)
  1142. return 0;
  1143. *data = (unsigned char *)mem->data;
  1144. *len = (long)mem->length;
  1145. OPENSSL_free(mem);
  1146. return 1;
  1147. }
  1148. static int ends_with_dirsep(const char *uri)
  1149. {
  1150. if (*uri != '\0')
  1151. uri += strlen(uri) - 1;
  1152. #if defined(__VMS)
  1153. if (*uri == ']' || *uri == '>' || *uri == ':')
  1154. return 1;
  1155. #elif defined(_WIN32)
  1156. if (*uri == '\\')
  1157. return 1;
  1158. #endif
  1159. return *uri == '/';
  1160. }
  1161. static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name,
  1162. char **data)
  1163. {
  1164. assert(name != NULL);
  1165. assert(data != NULL);
  1166. {
  1167. const char *pathsep = ends_with_dirsep(ctx->uri) ? "" : "/";
  1168. long calculated_length = strlen(ctx->uri) + strlen(pathsep)
  1169. + strlen(name) + 1 /* \0 */;
  1170. *data = OPENSSL_zalloc(calculated_length);
  1171. if (*data == NULL) {
  1172. OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE);
  1173. return 0;
  1174. }
  1175. OPENSSL_strlcat(*data, ctx->uri, calculated_length);
  1176. OPENSSL_strlcat(*data, pathsep, calculated_length);
  1177. OPENSSL_strlcat(*data, name, calculated_length);
  1178. }
  1179. return 1;
  1180. }
  1181. static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
  1182. {
  1183. const char *p = NULL;
  1184. /* If there are no search criteria, all names are accepted */
  1185. if (ctx->_.dir.search_name[0] == '\0')
  1186. return 1;
  1187. /* If the expected type isn't supported, no name is accepted */
  1188. if (ctx->expected_type != 0
  1189. && ctx->expected_type != OSSL_STORE_INFO_CERT
  1190. && ctx->expected_type != OSSL_STORE_INFO_CRL)
  1191. return 0;
  1192. /*
  1193. * First, check the basename
  1194. */
  1195. if (strncasecmp(name, ctx->_.dir.search_name,
  1196. sizeof(ctx->_.dir.search_name) - 1) != 0
  1197. || name[sizeof(ctx->_.dir.search_name) - 1] != '.')
  1198. return 0;
  1199. p = &name[sizeof(ctx->_.dir.search_name)];
  1200. /*
  1201. * Then, if the expected type is a CRL, check that the extension starts
  1202. * with 'r'
  1203. */
  1204. if (*p == 'r') {
  1205. p++;
  1206. if (ctx->expected_type != 0
  1207. && ctx->expected_type != OSSL_STORE_INFO_CRL)
  1208. return 0;
  1209. } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) {
  1210. return 0;
  1211. }
  1212. /*
  1213. * Last, check that the rest of the extension is a decimal number, at
  1214. * least one digit long.
  1215. */
  1216. if (!ossl_isdigit(*p))
  1217. return 0;
  1218. while (ossl_isdigit(*p))
  1219. p++;
  1220. #ifdef __VMS
  1221. /*
  1222. * One extra step here, check for a possible generation number.
  1223. */
  1224. if (*p == ';')
  1225. for (p++; *p != '\0'; p++)
  1226. if (!ossl_isdigit(*p))
  1227. break;
  1228. #endif
  1229. /*
  1230. * If we've reached the end of the string at this point, we've successfully
  1231. * found a fitting file name.
  1232. */
  1233. return *p == '\0';
  1234. }
  1235. static int file_eof(OSSL_STORE_LOADER_CTX *ctx);
  1236. static int file_error(OSSL_STORE_LOADER_CTX *ctx);
  1237. static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx,
  1238. const UI_METHOD *ui_method, void *ui_data)
  1239. {
  1240. OSSL_STORE_INFO *result = NULL;
  1241. ctx->errcnt = 0;
  1242. ERR_clear_error();
  1243. if (ctx->type == is_dir) {
  1244. do {
  1245. char *newname = NULL;
  1246. if (ctx->_.dir.last_entry == NULL) {
  1247. if (!ctx->_.dir.end_reached) {
  1248. char errbuf[256];
  1249. assert(ctx->_.dir.last_errno != 0);
  1250. OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB);
  1251. errno = ctx->_.dir.last_errno;
  1252. ctx->errcnt++;
  1253. if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
  1254. ERR_add_error_data(1, errbuf);
  1255. }
  1256. return NULL;
  1257. }
  1258. if (ctx->_.dir.last_entry[0] != '.'
  1259. && file_name_check(ctx, ctx->_.dir.last_entry)
  1260. && !file_name_to_uri(ctx, ctx->_.dir.last_entry, &newname))
  1261. return NULL;
  1262. /*
  1263. * On the first call (with a NULL context), OPENSSL_DIR_read()
  1264. * cares about the second argument. On the following calls, it
  1265. * only cares that it isn't NULL. Therefore, we can safely give
  1266. * it our URI here.
  1267. */
  1268. ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, ctx->uri);
  1269. ctx->_.dir.last_errno = errno;
  1270. if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0)
  1271. ctx->_.dir.end_reached = 1;
  1272. if (newname != NULL
  1273. && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) {
  1274. OPENSSL_free(newname);
  1275. OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_OSSL_STORE_LIB);
  1276. return NULL;
  1277. }
  1278. } while (result == NULL && !file_eof(ctx));
  1279. } else {
  1280. int matchcount = -1;
  1281. again:
  1282. result = file_load_try_repeat(ctx, ui_method, ui_data);
  1283. if (result != NULL)
  1284. return result;
  1285. if (file_eof(ctx))
  1286. return NULL;
  1287. do {
  1288. char *pem_name = NULL; /* PEM record name */
  1289. char *pem_header = NULL; /* PEM record header */
  1290. unsigned char *data = NULL; /* DER encoded data */
  1291. long len = 0; /* DER encoded data length */
  1292. matchcount = -1;
  1293. if (ctx->type == is_pem) {
  1294. if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header,
  1295. &data, &len, ui_method, ui_data, ctx->uri,
  1296. (ctx->flags & FILE_FLAG_SECMEM) != 0)) {
  1297. ctx->errcnt++;
  1298. goto endloop;
  1299. }
  1300. } else {
  1301. if ((result = file_try_read_msblob(ctx->_.file.file,
  1302. &matchcount)) != NULL
  1303. || (result = file_try_read_PVK(ctx->_.file.file,
  1304. ui_method, ui_data, ctx->uri,
  1305. &matchcount)) != NULL)
  1306. goto endloop;
  1307. if (!file_read_asn1(ctx->_.file.file, &data, &len)) {
  1308. ctx->errcnt++;
  1309. goto endloop;
  1310. }
  1311. }
  1312. result = file_load_try_decode(ctx, pem_name, pem_header, data, len,
  1313. ui_method, ui_data, &matchcount);
  1314. if (result != NULL)
  1315. goto endloop;
  1316. /*
  1317. * If a PEM name matches more than one handler, the handlers are
  1318. * badly coded.
  1319. */
  1320. if (!ossl_assert(pem_name == NULL || matchcount <= 1)) {
  1321. ctx->errcnt++;
  1322. goto endloop;
  1323. }
  1324. if (matchcount > 1) {
  1325. OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD,
  1326. OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE);
  1327. } else if (matchcount == 1) {
  1328. /*
  1329. * If there are other errors on the stack, they already show
  1330. * what the problem is.
  1331. */
  1332. if (ERR_peek_error() == 0) {
  1333. OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD,
  1334. OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE);
  1335. if (pem_name != NULL)
  1336. ERR_add_error_data(3, "PEM type is '", pem_name, "'");
  1337. }
  1338. }
  1339. if (matchcount > 0)
  1340. ctx->errcnt++;
  1341. endloop:
  1342. pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
  1343. pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
  1344. pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len);
  1345. } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx));
  1346. /* We bail out on ambiguity */
  1347. if (matchcount > 1) {
  1348. OSSL_STORE_INFO_free(result);
  1349. return NULL;
  1350. }
  1351. if (result != NULL
  1352. && ctx->expected_type != 0
  1353. && ctx->expected_type != OSSL_STORE_INFO_get_type(result)) {
  1354. OSSL_STORE_INFO_free(result);
  1355. goto again;
  1356. }
  1357. }
  1358. return result;
  1359. }
  1360. static int file_error(OSSL_STORE_LOADER_CTX *ctx)
  1361. {
  1362. return ctx->errcnt > 0;
  1363. }
  1364. static int file_eof(OSSL_STORE_LOADER_CTX *ctx)
  1365. {
  1366. if (ctx->type == is_dir)
  1367. return ctx->_.dir.end_reached;
  1368. if (ctx->_.file.last_handler != NULL
  1369. && !ctx->_.file.last_handler->eof(ctx->_.file.last_handler_ctx))
  1370. return 0;
  1371. return BIO_eof(ctx->_.file.file);
  1372. }
  1373. static int file_close(OSSL_STORE_LOADER_CTX *ctx)
  1374. {
  1375. if ((ctx->flags & FILE_FLAG_ATTACHED) == 0) {
  1376. if (ctx->type == is_dir)
  1377. OPENSSL_DIR_end(&ctx->_.dir.ctx);
  1378. else
  1379. BIO_free_all(ctx->_.file.file);
  1380. } else {
  1381. /*
  1382. * Because file_attach() called file_find_type(), we know that a
  1383. * BIO_f_buffer() has been pushed on top of the regular BIO.
  1384. */
  1385. BIO *buff = ctx->_.file.file;
  1386. /* Detach buff */
  1387. (void)BIO_pop(ctx->_.file.file);
  1388. /* Safety measure */
  1389. ctx->_.file.file = NULL;
  1390. BIO_free(buff);
  1391. }
  1392. OSSL_STORE_LOADER_CTX_free(ctx);
  1393. return 1;
  1394. }
  1395. static OSSL_STORE_LOADER file_loader =
  1396. {
  1397. "file",
  1398. NULL,
  1399. file_open,
  1400. file_attach,
  1401. file_ctrl,
  1402. file_expect,
  1403. file_find,
  1404. file_load,
  1405. file_eof,
  1406. file_error,
  1407. file_close
  1408. };
  1409. static void store_file_loader_deinit(void)
  1410. {
  1411. ossl_store_unregister_loader_int(file_loader.scheme);
  1412. }
  1413. int ossl_store_file_loader_init(void)
  1414. {
  1415. int ret = ossl_store_register_loader_int(&file_loader);
  1416. OPENSSL_atexit(store_file_loader_deinit);
  1417. return ret;
  1418. }