]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/store/store_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc
[thirdparty/openssl.git] / crypto / store / store_lib.c
1 /*
2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdlib.h>
11 #include <string.h>
12 #include <assert.h>
13
14 /* We need to use some STORE deprecated APIs */
15 #define OPENSSL_SUPPRESS_DEPRECATED
16
17 #include "e_os.h"
18
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/trace.h>
22 #include <openssl/core_names.h>
23 #include <openssl/provider.h>
24 #include <openssl/param_build.h>
25 #include <openssl/store.h>
26 #include "internal/thread_once.h"
27 #include "internal/cryptlib.h"
28 #include "internal/provider.h"
29 #include "internal/bio.h"
30 #include "crypto/store.h"
31 #include "store_local.h"
32
33 static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
34
35 OSSL_STORE_CTX *
36 OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
37 const UI_METHOD *ui_method, void *ui_data,
38 OSSL_STORE_post_process_info_fn post_process,
39 void *post_process_data)
40 {
41 const OSSL_STORE_LOADER *loader = NULL;
42 OSSL_STORE_LOADER *fetched_loader = NULL;
43 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
44 OSSL_STORE_CTX *ctx = NULL;
45 char *propq_copy = NULL;
46 char scheme_copy[256], *p, *schemes[2];
47 size_t schemes_n = 0;
48 size_t i;
49
50 /*
51 * Put the file scheme first. If the uri does represent an existing file,
52 * possible device name and all, then it should be loaded. Only a failed
53 * attempt at loading a local file should have us try something else.
54 */
55 schemes[schemes_n++] = "file";
56
57 /*
58 * Now, check if we have something that looks like a scheme, and add it
59 * as a second scheme. However, also check if there's an authority start
60 * (://), because that will invalidate the previous file scheme. Also,
61 * check that this isn't actually the file scheme, as there's no point
62 * going through that one twice!
63 */
64 OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
65 if ((p = strchr(scheme_copy, ':')) != NULL) {
66 *p++ = '\0';
67 if (strcasecmp(scheme_copy, "file") != 0) {
68 if (strncmp(p, "//", 2) == 0)
69 schemes_n--; /* Invalidate the file scheme */
70 schemes[schemes_n++] = scheme_copy;
71 }
72 }
73
74 ERR_set_mark();
75
76 /*
77 * Try each scheme until we find one that could open the URI.
78 *
79 * For each scheme, we look for the engine implementation first, and
80 * failing that, we then try to fetch a provided implementation.
81 * This is consistent with how we handle legacy / engine implementations
82 * elsewhere.
83 */
84 for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
85 OSSL_TRACE1(STORE, "Looking up scheme %s\n", schemes[i]);
86 #ifndef OPENSSL_NO_DEPRECATED_3_0
87 if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) {
88 if (loader->open_ex != NULL)
89 loader_ctx = loader->open_ex(loader, uri, libctx, propq,
90 ui_method, ui_data);
91 else
92 loader_ctx = loader->open(loader, uri, ui_method, ui_data);
93 }
94 #endif
95 if (loader == NULL
96 && (fetched_loader =
97 OSSL_STORE_LOADER_fetch(schemes[i], libctx, propq)) != NULL) {
98 const OSSL_PROVIDER *provider =
99 OSSL_STORE_LOADER_provider(fetched_loader);
100 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
101
102 loader_ctx = fetched_loader->p_open(provctx, uri);
103 if (loader_ctx == NULL) {
104 OSSL_STORE_LOADER_free(fetched_loader);
105 fetched_loader = NULL;
106 } else if (propq != NULL) {
107 OSSL_PARAM params[2];
108
109 params[0] = OSSL_PARAM_construct_utf8_string(
110 OSSL_STORE_PARAM_PROPERTIES, (char *)propq, 0);
111 params[1] = OSSL_PARAM_construct_end();
112
113 if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
114 (void)fetched_loader->p_close(loader_ctx);
115 OSSL_STORE_LOADER_free(fetched_loader);
116 fetched_loader = NULL;
117 }
118 }
119 loader = fetched_loader;
120 }
121 }
122
123 if (loader != NULL)
124 OSSL_TRACE1(STORE, "Found loader for scheme %s\n", schemes[i]);
125
126 if (loader_ctx == NULL)
127 goto err;
128
129 OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
130
131 if ((propq != NULL && (propq_copy = OPENSSL_strdup(propq)) == NULL)
132 || (ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
133 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
134 goto err;
135 }
136
137 if (ui_method != NULL
138 && (!ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)
139 || !ossl_pw_enable_passphrase_caching(&ctx->pwdata))) {
140 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
141 goto err;
142 }
143 ctx->properties = propq_copy;
144 ctx->fetched_loader = fetched_loader;
145 ctx->loader = loader;
146 ctx->loader_ctx = loader_ctx;
147 ctx->post_process = post_process;
148 ctx->post_process_data = post_process_data;
149
150 /*
151 * If the attempt to open with the 'file' scheme loader failed and the
152 * other scheme loader succeeded, the failure to open with the 'file'
153 * scheme loader leaves an error on the error stack. Let's remove it.
154 */
155 ERR_pop_to_mark();
156
157 return ctx;
158
159 err:
160 ERR_clear_last_mark();
161 if (loader_ctx != NULL) {
162 /*
163 * Temporary structure so OSSL_STORE_close() can work even when
164 * |ctx| couldn't be allocated properly
165 */
166 OSSL_STORE_CTX tmpctx = { NULL, };
167
168 tmpctx.fetched_loader = fetched_loader;
169 tmpctx.loader = loader;
170 tmpctx.loader_ctx = loader_ctx;
171
172 /*
173 * We ignore a returned error because we will return NULL anyway in
174 * this case, so if something goes wrong when closing, that'll simply
175 * just add another entry on the error stack.
176 */
177 (void)ossl_store_close_it(&tmpctx);
178 }
179 OSSL_STORE_LOADER_free(fetched_loader);
180 OPENSSL_free(propq_copy);
181 OPENSSL_free(ctx);
182 return NULL;
183 }
184
185 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
186 const UI_METHOD *ui_method, void *ui_data,
187 OSSL_STORE_post_process_info_fn post_process,
188 void *post_process_data)
189 {
190 return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, post_process,
191 post_process_data);
192 }
193
194 #ifndef OPENSSL_NO_DEPRECATED_3_0
195 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
196 {
197 va_list args;
198 int ret;
199
200 va_start(args, cmd);
201 ret = OSSL_STORE_vctrl(ctx, cmd, args);
202 va_end(args);
203
204 return ret;
205 }
206
207 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
208 {
209 if (ctx->fetched_loader != NULL) {
210 if (ctx->fetched_loader->p_set_ctx_params != NULL) {
211 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
212
213 switch (cmd) {
214 case OSSL_STORE_C_USE_SECMEM:
215 {
216 int on = *(va_arg(args, int *));
217
218 params[0] = OSSL_PARAM_construct_int("use_secmem", &on);
219 }
220 break;
221 default:
222 break;
223 }
224
225 return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
226 params);
227 }
228 } else if (ctx->loader->ctrl != NULL) {
229 return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
230 }
231
232 /*
233 * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
234 * if there was one that ignored our params, which usually returns 1.
235 */
236 return 1;
237 }
238 #endif
239
240 int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
241 {
242 int ret = 1;
243
244 if (ctx == NULL
245 || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) {
246 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
247 return 0;
248 }
249 if (ctx->loading) {
250 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
251 return 0;
252 }
253
254 ctx->expected_type = expected_type;
255 if (ctx->fetched_loader != NULL
256 && ctx->fetched_loader->p_set_ctx_params != NULL) {
257 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
258
259 params[0] =
260 OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type);
261 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, params);
262 }
263 #ifndef OPENSSL_NO_DEPRECATED_3_0
264 if (ctx->fetched_loader == NULL
265 && ctx->loader->expect != NULL) {
266 ret = ctx->loader->expect(ctx->loader_ctx, expected_type);
267 }
268 #endif
269 return ret;
270 }
271
272 int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search)
273 {
274 int ret = 1;
275
276 if (ctx->loading) {
277 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
278 return 0;
279 }
280 if (search == NULL) {
281 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
282 return 0;
283 }
284
285 if (ctx->fetched_loader != NULL) {
286 OSSL_PARAM_BLD *bld;
287 OSSL_PARAM *params;
288 /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
289 void *name_der = NULL;
290 int name_der_sz;
291 /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
292 BIGNUM *number = NULL;
293
294 if (ctx->fetched_loader->p_set_ctx_params == NULL) {
295 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
296 return 0;
297 }
298
299 if ((bld = OSSL_PARAM_BLD_new()) == NULL) {
300 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
301 return 0;
302 }
303
304 ret = 0; /* Assume the worst */
305
306 switch (search->search_type) {
307 case OSSL_STORE_SEARCH_BY_NAME:
308 if ((name_der_sz = i2d_X509_NAME(search->name,
309 (unsigned char **)&name_der)) > 0
310 && OSSL_PARAM_BLD_push_octet_string(bld,
311 OSSL_STORE_PARAM_SUBJECT,
312 name_der, name_der_sz))
313 ret = 1;
314 break;
315 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
316 if ((name_der_sz = i2d_X509_NAME(search->name,
317 (unsigned char **)&name_der)) > 0
318 && (number = ASN1_INTEGER_to_BN(search->serial, NULL)) != NULL
319 && OSSL_PARAM_BLD_push_octet_string(bld,
320 OSSL_STORE_PARAM_ISSUER,
321 name_der, name_der_sz)
322 && OSSL_PARAM_BLD_push_BN(bld, OSSL_STORE_PARAM_SERIAL,
323 number))
324 ret = 1;
325 break;
326 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
327 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST,
328 EVP_MD_name(search->digest), 0)
329 && OSSL_PARAM_BLD_push_octet_string(bld,
330 OSSL_STORE_PARAM_FINGERPRINT,
331 search->string,
332 search->stringlength))
333 ret = 1;
334 break;
335 case OSSL_STORE_SEARCH_BY_ALIAS:
336 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_ALIAS,
337 (char *)search->string,
338 search->stringlength))
339 ret = 1;
340 break;
341 }
342 if (ret) {
343 params = OSSL_PARAM_BLD_to_param(bld);
344 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
345 params);
346 OSSL_PARAM_free(params);
347 }
348 OSSL_PARAM_BLD_free(bld);
349 OPENSSL_free(name_der);
350 BN_free(number);
351 } else {
352 #ifndef OPENSSL_NO_DEPRECATED_3_0
353 /* legacy loader section */
354 if (ctx->loader->find == NULL) {
355 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
356 return 0;
357 }
358 ret = ctx->loader->find(ctx->loader_ctx, search);
359 #endif
360 }
361
362 return ret;
363 }
364
365 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
366 {
367 OSSL_STORE_INFO *v = NULL;
368
369 ctx->loading = 1;
370 again:
371 if (OSSL_STORE_eof(ctx))
372 return NULL;
373
374 if (ctx->loader != NULL)
375 OSSL_TRACE(STORE, "Loading next object\n");
376
377 if (ctx->cached_info != NULL
378 && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
379 sk_OSSL_STORE_INFO_free(ctx->cached_info);
380 ctx->cached_info = NULL;
381 }
382
383 if (ctx->cached_info != NULL) {
384 v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
385 } else {
386 if (ctx->fetched_loader != NULL) {
387 struct ossl_load_result_data_st load_data;
388
389 load_data.v = NULL;
390 load_data.ctx = ctx;
391
392 if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
393 ossl_store_handle_load_result,
394 &load_data,
395 ossl_pw_passphrase_callback_dec,
396 &ctx->pwdata)) {
397 if (!OSSL_STORE_eof(ctx))
398 ctx->error_flag = 1;
399 return NULL;
400 }
401 v = load_data.v;
402 }
403 #ifndef OPENSSL_NO_DEPRECATED_3_0
404 if (ctx->fetched_loader == NULL)
405 v = ctx->loader->load(ctx->loader_ctx,
406 ctx->pwdata._.ui_method.ui_method,
407 ctx->pwdata._.ui_method.ui_method_data);
408 #endif
409 }
410
411 if (ctx->post_process != NULL && v != NULL) {
412 v = ctx->post_process(v, ctx->post_process_data);
413
414 /*
415 * By returning NULL, the callback decides that this object should
416 * be ignored.
417 */
418 if (v == NULL)
419 goto again;
420 }
421
422 /* Clear any internally cached passphrase */
423 (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
424
425 if (v != NULL && ctx->expected_type != 0) {
426 int returned_type = OSSL_STORE_INFO_get_type(v);
427
428 if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
429 if (ctx->expected_type != returned_type) {
430 OSSL_STORE_INFO_free(v);
431 goto again;
432 }
433 }
434 }
435
436 if (v != NULL)
437 OSSL_TRACE1(STORE, "Got a %s\n",
438 OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
439
440 return v;
441 }
442
443 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
444 {
445 int ret = 1;
446
447 if (ctx->fetched_loader != NULL)
448 ret = ctx->error_flag;
449 #ifndef OPENSSL_NO_DEPRECATED_3_0
450 if (ctx->fetched_loader == NULL)
451 ret = ctx->loader->error(ctx->loader_ctx);
452 #endif
453 return ret;
454 }
455
456 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
457 {
458 int ret = 1;
459
460 if (ctx->fetched_loader != NULL)
461 ret = ctx->loader->p_eof(ctx->loader_ctx);
462 #ifndef OPENSSL_NO_DEPRECATED_3_0
463 if (ctx->fetched_loader == NULL)
464 ret = ctx->loader->eof(ctx->loader_ctx);
465 #endif
466 return ret != 0;
467 }
468
469 static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
470 {
471 int ret = 0;
472
473 if (ctx == NULL)
474 return 1;
475 OSSL_TRACE1(STORE, "Closing %p\n", (void *)ctx->loader_ctx);
476
477 if (ctx->fetched_loader != NULL)
478 ret = ctx->loader->p_close(ctx->loader_ctx);
479 #ifndef OPENSSL_NO_DEPRECATED_3_0
480 if (ctx->fetched_loader == NULL)
481 ret = ctx->loader->close(ctx->loader_ctx);
482 #endif
483
484 sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free);
485 OSSL_STORE_LOADER_free(ctx->fetched_loader);
486 OPENSSL_free(ctx->properties);
487 ossl_pw_clear_passphrase_data(&ctx->pwdata);
488 return ret;
489 }
490
491 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
492 {
493 int ret = ossl_store_close_it(ctx);
494
495 OPENSSL_free(ctx);
496 return ret;
497 }
498
499 /*
500 * Functions to generate OSSL_STORE_INFOs, one function for each type we
501 * support having in them as well as a generic constructor.
502 *
503 * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
504 * and will therefore be freed when the OSSL_STORE_INFO is freed.
505 */
506 OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data)
507 {
508 OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
509
510 if (info == NULL)
511 return NULL;
512
513 info->type = type;
514 info->_.data = data;
515 return info;
516 }
517
518 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
519 {
520 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL);
521
522 if (info == NULL) {
523 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
524 return NULL;
525 }
526
527 info->_.name.name = name;
528 info->_.name.desc = NULL;
529
530 return info;
531 }
532
533 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
534 {
535 if (info->type != OSSL_STORE_INFO_NAME) {
536 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
537 return 0;
538 }
539
540 info->_.name.desc = desc;
541
542 return 1;
543 }
544 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
545 {
546 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params);
547
548 if (info == NULL)
549 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
550 return info;
551 }
552
553 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
554 {
555 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey);
556
557 if (info == NULL)
558 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
559 return info;
560 }
561
562 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
563 {
564 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey);
565
566 if (info == NULL)
567 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
568 return info;
569 }
570
571 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
572 {
573 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509);
574
575 if (info == NULL)
576 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
577 return info;
578 }
579
580 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
581 {
582 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl);
583
584 if (info == NULL)
585 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
586 return info;
587 }
588
589 /*
590 * Functions to try to extract data from a OSSL_STORE_INFO.
591 */
592 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
593 {
594 return info->type;
595 }
596
597 void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info)
598 {
599 if (info->type == type)
600 return info->_.data;
601 return NULL;
602 }
603
604 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
605 {
606 if (info->type == OSSL_STORE_INFO_NAME)
607 return info->_.name.name;
608 return NULL;
609 }
610
611 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
612 {
613 if (info->type == OSSL_STORE_INFO_NAME) {
614 char *ret = OPENSSL_strdup(info->_.name.name);
615
616 if (ret == NULL)
617 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
618 return ret;
619 }
620 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
621 return NULL;
622 }
623
624 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
625 {
626 if (info->type == OSSL_STORE_INFO_NAME)
627 return info->_.name.desc;
628 return NULL;
629 }
630
631 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
632 {
633 if (info->type == OSSL_STORE_INFO_NAME) {
634 char *ret = OPENSSL_strdup(info->_.name.desc
635 ? info->_.name.desc : "");
636
637 if (ret == NULL)
638 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
639 return ret;
640 }
641 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
642 return NULL;
643 }
644
645 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
646 {
647 if (info->type == OSSL_STORE_INFO_PARAMS)
648 return info->_.params;
649 return NULL;
650 }
651
652 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
653 {
654 if (info->type == OSSL_STORE_INFO_PARAMS) {
655 EVP_PKEY_up_ref(info->_.params);
656 return info->_.params;
657 }
658 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS);
659 return NULL;
660 }
661
662 EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info)
663 {
664 if (info->type == OSSL_STORE_INFO_PUBKEY)
665 return info->_.pubkey;
666 return NULL;
667 }
668
669 EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info)
670 {
671 if (info->type == OSSL_STORE_INFO_PUBKEY) {
672 EVP_PKEY_up_ref(info->_.pubkey);
673 return info->_.pubkey;
674 }
675 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
676 return NULL;
677 }
678
679 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
680 {
681 if (info->type == OSSL_STORE_INFO_PKEY)
682 return info->_.pkey;
683 return NULL;
684 }
685
686 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
687 {
688 if (info->type == OSSL_STORE_INFO_PKEY) {
689 EVP_PKEY_up_ref(info->_.pkey);
690 return info->_.pkey;
691 }
692 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PRIVATE_KEY);
693 return NULL;
694 }
695
696 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
697 {
698 if (info->type == OSSL_STORE_INFO_CERT)
699 return info->_.x509;
700 return NULL;
701 }
702
703 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
704 {
705 if (info->type == OSSL_STORE_INFO_CERT) {
706 X509_up_ref(info->_.x509);
707 return info->_.x509;
708 }
709 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE);
710 return NULL;
711 }
712
713 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
714 {
715 if (info->type == OSSL_STORE_INFO_CRL)
716 return info->_.crl;
717 return NULL;
718 }
719
720 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
721 {
722 if (info->type == OSSL_STORE_INFO_CRL) {
723 X509_CRL_up_ref(info->_.crl);
724 return info->_.crl;
725 }
726 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL);
727 return NULL;
728 }
729
730 /*
731 * Free the OSSL_STORE_INFO
732 */
733 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
734 {
735 if (info != NULL) {
736 switch (info->type) {
737 case OSSL_STORE_INFO_NAME:
738 OPENSSL_free(info->_.name.name);
739 OPENSSL_free(info->_.name.desc);
740 break;
741 case OSSL_STORE_INFO_PARAMS:
742 EVP_PKEY_free(info->_.params);
743 break;
744 case OSSL_STORE_INFO_PUBKEY:
745 EVP_PKEY_free(info->_.pubkey);
746 break;
747 case OSSL_STORE_INFO_PKEY:
748 EVP_PKEY_free(info->_.pkey);
749 break;
750 case OSSL_STORE_INFO_CERT:
751 X509_free(info->_.x509);
752 break;
753 case OSSL_STORE_INFO_CRL:
754 X509_CRL_free(info->_.crl);
755 break;
756 }
757 OPENSSL_free(info);
758 }
759 }
760
761 int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
762 {
763 int ret = 0;
764
765 if (ctx->fetched_loader != NULL) {
766 void *provctx =
767 ossl_provider_ctx(OSSL_STORE_LOADER_provider(ctx->fetched_loader));
768 const OSSL_PARAM *params;
769 const OSSL_PARAM *p_subject = NULL;
770 const OSSL_PARAM *p_issuer = NULL;
771 const OSSL_PARAM *p_serial = NULL;
772 const OSSL_PARAM *p_fingerprint = NULL;
773 const OSSL_PARAM *p_alias = NULL;
774
775 if (ctx->fetched_loader->p_settable_ctx_params == NULL)
776 return 0;
777
778 params = ctx->fetched_loader->p_settable_ctx_params(provctx);
779 p_subject = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
780 p_issuer = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ISSUER);
781 p_serial = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SERIAL);
782 p_fingerprint =
783 OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT);
784 p_alias = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ALIAS);
785
786 switch (search_type) {
787 case OSSL_STORE_SEARCH_BY_NAME:
788 ret = (p_subject != NULL);
789 break;
790 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
791 ret = (p_issuer != NULL && p_serial != NULL);
792 break;
793 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
794 ret = (p_fingerprint != NULL);
795 break;
796 case OSSL_STORE_SEARCH_BY_ALIAS:
797 ret = (p_alias != NULL);
798 break;
799 }
800 }
801 #ifndef OPENSSL_NO_DEPRECATED_3_0
802 if (ctx->fetched_loader == NULL) {
803 OSSL_STORE_SEARCH tmp_search;
804
805 if (ctx->loader->find == NULL)
806 return 0;
807 tmp_search.search_type = search_type;
808 ret = ctx->loader->find(NULL, &tmp_search);
809 }
810 #endif
811 return ret;
812 }
813
814 /* Search term constructors */
815 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
816 {
817 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
818
819 if (search == NULL) {
820 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
821 return NULL;
822 }
823
824 search->search_type = OSSL_STORE_SEARCH_BY_NAME;
825 search->name = name;
826 return search;
827 }
828
829 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
830 const ASN1_INTEGER *serial)
831 {
832 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
833
834 if (search == NULL) {
835 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
836 return NULL;
837 }
838
839 search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
840 search->name = name;
841 search->serial = serial;
842 return search;
843 }
844
845 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
846 const unsigned char
847 *bytes, size_t len)
848 {
849 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
850
851 if (search == NULL) {
852 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
853 return NULL;
854 }
855
856 if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
857 ERR_raise_data(ERR_LIB_OSSL_STORE,
858 OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
859 "%s size is %d, fingerprint size is %zu",
860 EVP_MD_name(digest), EVP_MD_size(digest), len);
861 OPENSSL_free(search);
862 return NULL;
863 }
864
865 search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
866 search->digest = digest;
867 search->string = bytes;
868 search->stringlength = len;
869 return search;
870 }
871
872 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
873 {
874 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
875
876 if (search == NULL) {
877 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
878 return NULL;
879 }
880
881 search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
882 search->string = (const unsigned char *)alias;
883 search->stringlength = strlen(alias);
884 return search;
885 }
886
887 /* Search term destructor */
888 void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
889 {
890 OPENSSL_free(search);
891 }
892
893 /* Search term accessors */
894 int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
895 {
896 return criterion->search_type;
897 }
898
899 X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion)
900 {
901 return criterion->name;
902 }
903
904 const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
905 *criterion)
906 {
907 return criterion->serial;
908 }
909
910 const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
911 *criterion, size_t *length)
912 {
913 *length = criterion->stringlength;
914 return criterion->string;
915 }
916
917 const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
918 {
919 return (const char *)criterion->string;
920 }
921
922 const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
923 {
924 return criterion->digest;
925 }
926
927 OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
928 OSSL_LIB_CTX *libctx, const char *propq,
929 const UI_METHOD *ui_method, void *ui_data,
930 OSSL_STORE_post_process_info_fn post_process,
931 void *post_process_data)
932 {
933 const OSSL_STORE_LOADER *loader = NULL;
934 OSSL_STORE_LOADER *fetched_loader = NULL;
935 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
936 OSSL_STORE_CTX *ctx = NULL;
937
938 if (scheme == NULL)
939 scheme = "file";
940
941 OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
942 ERR_set_mark();
943 #ifndef OPENSSL_NO_DEPRECATED_3_0
944 if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
945 loader_ctx = loader->attach(loader, bp, libctx, propq,
946 ui_method, ui_data);
947 #endif
948 if (loader == NULL
949 && (fetched_loader =
950 OSSL_STORE_LOADER_fetch(scheme, libctx, propq)) != NULL) {
951 const OSSL_PROVIDER *provider =
952 OSSL_STORE_LOADER_provider(fetched_loader);
953 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
954 OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp);
955
956 if (cbio == NULL
957 || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
958 OSSL_STORE_LOADER_free(fetched_loader);
959 fetched_loader = NULL;
960 } else if (propq != NULL) {
961 OSSL_PARAM params[] = {
962 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
963 NULL, 0),
964 OSSL_PARAM_END
965 };
966
967 params[0].data = (void *)propq;
968 if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
969 (void)fetched_loader->p_close(loader_ctx);
970 OSSL_STORE_LOADER_free(fetched_loader);
971 fetched_loader = NULL;
972 }
973 }
974 loader = fetched_loader;
975 ossl_core_bio_free(cbio);
976 }
977
978 if (loader_ctx == NULL) {
979 ERR_clear_last_mark();
980 return NULL;
981 }
982
983 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
984 ERR_clear_last_mark();
985 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
986 return NULL;
987 }
988
989 if (ui_method != NULL
990 && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
991 ERR_clear_last_mark();
992 OPENSSL_free(ctx);
993 return NULL;
994 }
995
996 ctx->fetched_loader = fetched_loader;
997 ctx->loader = loader;
998 ctx->loader_ctx = loader_ctx;
999 ctx->post_process = post_process;
1000 ctx->post_process_data = post_process_data;
1001
1002 /*
1003 * ossl_store_get0_loader_int will raise an error if the loader for the
1004 * the scheme cannot be retrieved. But if a loader was successfully
1005 * fetched then we remove this error from the error stack.
1006 */
1007 ERR_pop_to_mark();
1008
1009 return ctx;
1010 }
A mirror of the official openssl repository