2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 /* We need to use some STORE deprecated APIs */
15 #define OPENSSL_SUPPRESS_DEPRECATED
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/trace.h>
22 #include <openssl/core_names.h>
23 #include <openssl/provider.h>
24 #include <openssl/param_build.h>
25 #include <openssl/store.h>
26 #include "internal/thread_once.h"
27 #include "internal/cryptlib.h"
28 #include "internal/provider.h"
29 #include "internal/bio.h"
30 #include "crypto/store.h"
31 #include "store_local.h"
33 static int ossl_store_close_it(OSSL_STORE_CTX
*ctx
);
36 OSSL_STORE_open_ex(const char *uri
, OSSL_LIB_CTX
*libctx
, const char *propq
,
37 const UI_METHOD
*ui_method
, void *ui_data
,
38 OSSL_STORE_post_process_info_fn post_process
,
39 void *post_process_data
)
41 const OSSL_STORE_LOADER
*loader
= NULL
;
42 OSSL_STORE_LOADER
*fetched_loader
= NULL
;
43 OSSL_STORE_LOADER_CTX
*loader_ctx
= NULL
;
44 OSSL_STORE_CTX
*ctx
= NULL
;
45 char *propq_copy
= NULL
;
46 char scheme_copy
[256], *p
, *schemes
[2];
51 * Put the file scheme first. If the uri does represent an existing file,
52 * possible device name and all, then it should be loaded. Only a failed
53 * attempt at loading a local file should have us try something else.
55 schemes
[schemes_n
++] = "file";
58 * Now, check if we have something that looks like a scheme, and add it
59 * as a second scheme. However, also check if there's an authority start
60 * (://), because that will invalidate the previous file scheme. Also,
61 * check that this isn't actually the file scheme, as there's no point
62 * going through that one twice!
64 OPENSSL_strlcpy(scheme_copy
, uri
, sizeof(scheme_copy
));
65 if ((p
= strchr(scheme_copy
, ':')) != NULL
) {
67 if (strcasecmp(scheme_copy
, "file") != 0) {
68 if (strncmp(p
, "//", 2) == 0)
69 schemes_n
--; /* Invalidate the file scheme */
70 schemes
[schemes_n
++] = scheme_copy
;
77 * Try each scheme until we find one that could open the URI.
79 * For each scheme, we look for the engine implementation first, and
80 * failing that, we then try to fetch a provided implementation.
81 * This is consistent with how we handle legacy / engine implementations
84 for (i
= 0; loader_ctx
== NULL
&& i
< schemes_n
; i
++) {
85 OSSL_TRACE1(STORE
, "Looking up scheme %s\n", schemes
[i
]);
86 #ifndef OPENSSL_NO_DEPRECATED_3_0
87 if ((loader
= ossl_store_get0_loader_int(schemes
[i
])) != NULL
) {
88 if (loader
->open_ex
!= NULL
)
89 loader_ctx
= loader
->open_ex(loader
, uri
, libctx
, propq
,
92 loader_ctx
= loader
->open(loader
, uri
, ui_method
, ui_data
);
97 OSSL_STORE_LOADER_fetch(schemes
[i
], libctx
, propq
)) != NULL
) {
98 const OSSL_PROVIDER
*provider
=
99 OSSL_STORE_LOADER_provider(fetched_loader
);
100 void *provctx
= OSSL_PROVIDER_get0_provider_ctx(provider
);
102 loader_ctx
= fetched_loader
->p_open(provctx
, uri
);
103 if (loader_ctx
== NULL
) {
104 OSSL_STORE_LOADER_free(fetched_loader
);
105 fetched_loader
= NULL
;
106 } else if (propq
!= NULL
) {
107 OSSL_PARAM params
[2];
109 params
[0] = OSSL_PARAM_construct_utf8_string(
110 OSSL_STORE_PARAM_PROPERTIES
, (char *)propq
, 0);
111 params
[1] = OSSL_PARAM_construct_end();
113 if (!fetched_loader
->p_set_ctx_params(loader_ctx
, params
)) {
114 (void)fetched_loader
->p_close(loader_ctx
);
115 OSSL_STORE_LOADER_free(fetched_loader
);
116 fetched_loader
= NULL
;
119 loader
= fetched_loader
;
124 OSSL_TRACE1(STORE
, "Found loader for scheme %s\n", schemes
[i
]);
126 if (loader_ctx
== NULL
)
129 OSSL_TRACE2(STORE
, "Opened %s => %p\n", uri
, (void *)loader_ctx
);
131 if ((propq
!= NULL
&& (propq_copy
= OPENSSL_strdup(propq
)) == NULL
)
132 || (ctx
= OPENSSL_zalloc(sizeof(*ctx
))) == NULL
) {
133 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
137 if (ui_method
!= NULL
138 && (!ossl_pw_set_ui_method(&ctx
->pwdata
, ui_method
, ui_data
)
139 || !ossl_pw_enable_passphrase_caching(&ctx
->pwdata
))) {
140 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_CRYPTO_LIB
);
143 ctx
->properties
= propq_copy
;
144 ctx
->fetched_loader
= fetched_loader
;
145 ctx
->loader
= loader
;
146 ctx
->loader_ctx
= loader_ctx
;
147 ctx
->post_process
= post_process
;
148 ctx
->post_process_data
= post_process_data
;
151 * If the attempt to open with the 'file' scheme loader failed and the
152 * other scheme loader succeeded, the failure to open with the 'file'
153 * scheme loader leaves an error on the error stack. Let's remove it.
160 ERR_clear_last_mark();
161 if (loader_ctx
!= NULL
) {
163 * Temporary structure so OSSL_STORE_close() can work even when
164 * |ctx| couldn't be allocated properly
166 OSSL_STORE_CTX tmpctx
= { NULL
, };
168 tmpctx
.fetched_loader
= fetched_loader
;
169 tmpctx
.loader
= loader
;
170 tmpctx
.loader_ctx
= loader_ctx
;
173 * We ignore a returned error because we will return NULL anyway in
174 * this case, so if something goes wrong when closing, that'll simply
175 * just add another entry on the error stack.
177 (void)ossl_store_close_it(&tmpctx
);
179 OSSL_STORE_LOADER_free(fetched_loader
);
180 OPENSSL_free(propq_copy
);
185 OSSL_STORE_CTX
*OSSL_STORE_open(const char *uri
,
186 const UI_METHOD
*ui_method
, void *ui_data
,
187 OSSL_STORE_post_process_info_fn post_process
,
188 void *post_process_data
)
190 return OSSL_STORE_open_ex(uri
, NULL
, NULL
, ui_method
, ui_data
, post_process
,
194 #ifndef OPENSSL_NO_DEPRECATED_3_0
195 int OSSL_STORE_ctrl(OSSL_STORE_CTX
*ctx
, int cmd
, ...)
201 ret
= OSSL_STORE_vctrl(ctx
, cmd
, args
);
207 int OSSL_STORE_vctrl(OSSL_STORE_CTX
*ctx
, int cmd
, va_list args
)
209 if (ctx
->fetched_loader
!= NULL
) {
210 if (ctx
->fetched_loader
->p_set_ctx_params
!= NULL
) {
211 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
214 case OSSL_STORE_C_USE_SECMEM
:
216 int on
= *(va_arg(args
, int *));
218 params
[0] = OSSL_PARAM_construct_int("use_secmem", &on
);
225 return ctx
->fetched_loader
->p_set_ctx_params(ctx
->loader_ctx
,
228 } else if (ctx
->loader
->ctrl
!= NULL
) {
229 return ctx
->loader
->ctrl(ctx
->loader_ctx
, cmd
, args
);
233 * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
234 * if there was one that ignored our params, which usually returns 1.
240 int OSSL_STORE_expect(OSSL_STORE_CTX
*ctx
, int expected_type
)
245 || expected_type
< 0 || expected_type
> OSSL_STORE_INFO_CRL
) {
246 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_PASSED_INVALID_ARGUMENT
);
250 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_LOADING_STARTED
);
254 ctx
->expected_type
= expected_type
;
255 if (ctx
->fetched_loader
!= NULL
256 && ctx
->fetched_loader
->p_set_ctx_params
!= NULL
) {
257 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
260 OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT
, &expected_type
);
261 ret
= ctx
->fetched_loader
->p_set_ctx_params(ctx
->loader_ctx
, params
);
263 #ifndef OPENSSL_NO_DEPRECATED_3_0
264 if (ctx
->fetched_loader
== NULL
265 && ctx
->loader
->expect
!= NULL
) {
266 ret
= ctx
->loader
->expect(ctx
->loader_ctx
, expected_type
);
272 int OSSL_STORE_find(OSSL_STORE_CTX
*ctx
, const OSSL_STORE_SEARCH
*search
)
277 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_LOADING_STARTED
);
280 if (search
== NULL
) {
281 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_PASSED_NULL_PARAMETER
);
285 if (ctx
->fetched_loader
!= NULL
) {
288 /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
289 void *name_der
= NULL
;
291 /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
292 BIGNUM
*number
= NULL
;
294 if (ctx
->fetched_loader
->p_set_ctx_params
== NULL
) {
295 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_UNSUPPORTED_OPERATION
);
299 if ((bld
= OSSL_PARAM_BLD_new()) == NULL
) {
300 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
304 ret
= 0; /* Assume the worst */
306 switch (search
->search_type
) {
307 case OSSL_STORE_SEARCH_BY_NAME
:
308 if ((name_der_sz
= i2d_X509_NAME(search
->name
,
309 (unsigned char **)&name_der
)) > 0
310 && OSSL_PARAM_BLD_push_octet_string(bld
,
311 OSSL_STORE_PARAM_SUBJECT
,
312 name_der
, name_der_sz
))
315 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
:
316 if ((name_der_sz
= i2d_X509_NAME(search
->name
,
317 (unsigned char **)&name_der
)) > 0
318 && (number
= ASN1_INTEGER_to_BN(search
->serial
, NULL
)) != NULL
319 && OSSL_PARAM_BLD_push_octet_string(bld
,
320 OSSL_STORE_PARAM_ISSUER
,
321 name_der
, name_der_sz
)
322 && OSSL_PARAM_BLD_push_BN(bld
, OSSL_STORE_PARAM_SERIAL
,
326 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
:
327 if (OSSL_PARAM_BLD_push_utf8_string(bld
, OSSL_STORE_PARAM_DIGEST
,
328 EVP_MD_name(search
->digest
), 0)
329 && OSSL_PARAM_BLD_push_octet_string(bld
,
330 OSSL_STORE_PARAM_FINGERPRINT
,
332 search
->stringlength
))
335 case OSSL_STORE_SEARCH_BY_ALIAS
:
336 if (OSSL_PARAM_BLD_push_utf8_string(bld
, OSSL_STORE_PARAM_ALIAS
,
337 (char *)search
->string
,
338 search
->stringlength
))
343 params
= OSSL_PARAM_BLD_to_param(bld
);
344 ret
= ctx
->fetched_loader
->p_set_ctx_params(ctx
->loader_ctx
,
346 OSSL_PARAM_free(params
);
348 OSSL_PARAM_BLD_free(bld
);
349 OPENSSL_free(name_der
);
352 #ifndef OPENSSL_NO_DEPRECATED_3_0
353 /* legacy loader section */
354 if (ctx
->loader
->find
== NULL
) {
355 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_UNSUPPORTED_OPERATION
);
358 ret
= ctx
->loader
->find(ctx
->loader_ctx
, search
);
365 OSSL_STORE_INFO
*OSSL_STORE_load(OSSL_STORE_CTX
*ctx
)
367 OSSL_STORE_INFO
*v
= NULL
;
371 if (OSSL_STORE_eof(ctx
))
374 if (ctx
->loader
!= NULL
)
375 OSSL_TRACE(STORE
, "Loading next object\n");
377 if (ctx
->cached_info
!= NULL
378 && sk_OSSL_STORE_INFO_num(ctx
->cached_info
) == 0) {
379 sk_OSSL_STORE_INFO_free(ctx
->cached_info
);
380 ctx
->cached_info
= NULL
;
383 if (ctx
->cached_info
!= NULL
) {
384 v
= sk_OSSL_STORE_INFO_shift(ctx
->cached_info
);
386 if (ctx
->fetched_loader
!= NULL
) {
387 struct ossl_load_result_data_st load_data
;
392 if (!ctx
->fetched_loader
->p_load(ctx
->loader_ctx
,
393 ossl_store_handle_load_result
,
395 ossl_pw_passphrase_callback_dec
,
397 if (!OSSL_STORE_eof(ctx
))
403 #ifndef OPENSSL_NO_DEPRECATED_3_0
404 if (ctx
->fetched_loader
== NULL
)
405 v
= ctx
->loader
->load(ctx
->loader_ctx
,
406 ctx
->pwdata
._
.ui_method
.ui_method
,
407 ctx
->pwdata
._
.ui_method
.ui_method_data
);
411 if (ctx
->post_process
!= NULL
&& v
!= NULL
) {
412 v
= ctx
->post_process(v
, ctx
->post_process_data
);
415 * By returning NULL, the callback decides that this object should
422 /* Clear any internally cached passphrase */
423 (void)ossl_pw_clear_passphrase_cache(&ctx
->pwdata
);
425 if (v
!= NULL
&& ctx
->expected_type
!= 0) {
426 int returned_type
= OSSL_STORE_INFO_get_type(v
);
428 if (returned_type
!= OSSL_STORE_INFO_NAME
&& returned_type
!= 0) {
429 if (ctx
->expected_type
!= returned_type
) {
430 OSSL_STORE_INFO_free(v
);
437 OSSL_TRACE1(STORE
, "Got a %s\n",
438 OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v
)));
443 int OSSL_STORE_error(OSSL_STORE_CTX
*ctx
)
447 if (ctx
->fetched_loader
!= NULL
)
448 ret
= ctx
->error_flag
;
449 #ifndef OPENSSL_NO_DEPRECATED_3_0
450 if (ctx
->fetched_loader
== NULL
)
451 ret
= ctx
->loader
->error(ctx
->loader_ctx
);
456 int OSSL_STORE_eof(OSSL_STORE_CTX
*ctx
)
460 if (ctx
->fetched_loader
!= NULL
)
461 ret
= ctx
->loader
->p_eof(ctx
->loader_ctx
);
462 #ifndef OPENSSL_NO_DEPRECATED_3_0
463 if (ctx
->fetched_loader
== NULL
)
464 ret
= ctx
->loader
->eof(ctx
->loader_ctx
);
469 static int ossl_store_close_it(OSSL_STORE_CTX
*ctx
)
475 OSSL_TRACE1(STORE
, "Closing %p\n", (void *)ctx
->loader_ctx
);
477 if (ctx
->fetched_loader
!= NULL
)
478 ret
= ctx
->loader
->p_close(ctx
->loader_ctx
);
479 #ifndef OPENSSL_NO_DEPRECATED_3_0
480 if (ctx
->fetched_loader
== NULL
)
481 ret
= ctx
->loader
->close(ctx
->loader_ctx
);
484 sk_OSSL_STORE_INFO_pop_free(ctx
->cached_info
, OSSL_STORE_INFO_free
);
485 OSSL_STORE_LOADER_free(ctx
->fetched_loader
);
486 OPENSSL_free(ctx
->properties
);
487 ossl_pw_clear_passphrase_data(&ctx
->pwdata
);
491 int OSSL_STORE_close(OSSL_STORE_CTX
*ctx
)
493 int ret
= ossl_store_close_it(ctx
);
500 * Functions to generate OSSL_STORE_INFOs, one function for each type we
501 * support having in them as well as a generic constructor.
503 * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
504 * and will therefore be freed when the OSSL_STORE_INFO is freed.
506 OSSL_STORE_INFO
*OSSL_STORE_INFO_new(int type
, void *data
)
508 OSSL_STORE_INFO
*info
= OPENSSL_zalloc(sizeof(*info
));
518 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_NAME(char *name
)
520 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME
, NULL
);
523 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
527 info
->_
.name
.name
= name
;
528 info
->_
.name
.desc
= NULL
;
533 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO
*info
, char *desc
)
535 if (info
->type
!= OSSL_STORE_INFO_NAME
) {
536 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_PASSED_INVALID_ARGUMENT
);
540 info
->_
.name
.desc
= desc
;
544 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_PARAMS(EVP_PKEY
*params
)
546 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS
, params
);
549 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
553 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY
*pkey
)
555 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY
, pkey
);
558 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
562 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_PKEY(EVP_PKEY
*pkey
)
564 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY
, pkey
);
567 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
571 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_CERT(X509
*x509
)
573 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT
, x509
);
576 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
580 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_CRL(X509_CRL
*crl
)
582 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL
, crl
);
585 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
590 * Functions to try to extract data from a OSSL_STORE_INFO.
592 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO
*info
)
597 void *OSSL_STORE_INFO_get0_data(int type
, const OSSL_STORE_INFO
*info
)
599 if (info
->type
== type
)
604 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO
*info
)
606 if (info
->type
== OSSL_STORE_INFO_NAME
)
607 return info
->_
.name
.name
;
611 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO
*info
)
613 if (info
->type
== OSSL_STORE_INFO_NAME
) {
614 char *ret
= OPENSSL_strdup(info
->_
.name
.name
);
617 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
620 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_NAME
);
624 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO
*info
)
626 if (info
->type
== OSSL_STORE_INFO_NAME
)
627 return info
->_
.name
.desc
;
631 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO
*info
)
633 if (info
->type
== OSSL_STORE_INFO_NAME
) {
634 char *ret
= OPENSSL_strdup(info
->_
.name
.desc
635 ? info
->_
.name
.desc
: "");
638 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
641 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_NAME
);
645 EVP_PKEY
*OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO
*info
)
647 if (info
->type
== OSSL_STORE_INFO_PARAMS
)
648 return info
->_
.params
;
652 EVP_PKEY
*OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO
*info
)
654 if (info
->type
== OSSL_STORE_INFO_PARAMS
) {
655 EVP_PKEY_up_ref(info
->_
.params
);
656 return info
->_
.params
;
658 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_PARAMETERS
);
662 EVP_PKEY
*OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO
*info
)
664 if (info
->type
== OSSL_STORE_INFO_PUBKEY
)
665 return info
->_
.pubkey
;
669 EVP_PKEY
*OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO
*info
)
671 if (info
->type
== OSSL_STORE_INFO_PUBKEY
) {
672 EVP_PKEY_up_ref(info
->_
.pubkey
);
673 return info
->_
.pubkey
;
675 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_PUBLIC_KEY
);
679 EVP_PKEY
*OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO
*info
)
681 if (info
->type
== OSSL_STORE_INFO_PKEY
)
686 EVP_PKEY
*OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO
*info
)
688 if (info
->type
== OSSL_STORE_INFO_PKEY
) {
689 EVP_PKEY_up_ref(info
->_
.pkey
);
692 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_PRIVATE_KEY
);
696 X509
*OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO
*info
)
698 if (info
->type
== OSSL_STORE_INFO_CERT
)
703 X509
*OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO
*info
)
705 if (info
->type
== OSSL_STORE_INFO_CERT
) {
706 X509_up_ref(info
->_
.x509
);
709 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_CERTIFICATE
);
713 X509_CRL
*OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO
*info
)
715 if (info
->type
== OSSL_STORE_INFO_CRL
)
720 X509_CRL
*OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO
*info
)
722 if (info
->type
== OSSL_STORE_INFO_CRL
) {
723 X509_CRL_up_ref(info
->_
.crl
);
726 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_CRL
);
731 * Free the OSSL_STORE_INFO
733 void OSSL_STORE_INFO_free(OSSL_STORE_INFO
*info
)
736 switch (info
->type
) {
737 case OSSL_STORE_INFO_NAME
:
738 OPENSSL_free(info
->_
.name
.name
);
739 OPENSSL_free(info
->_
.name
.desc
);
741 case OSSL_STORE_INFO_PARAMS
:
742 EVP_PKEY_free(info
->_
.params
);
744 case OSSL_STORE_INFO_PUBKEY
:
745 EVP_PKEY_free(info
->_
.pubkey
);
747 case OSSL_STORE_INFO_PKEY
:
748 EVP_PKEY_free(info
->_
.pkey
);
750 case OSSL_STORE_INFO_CERT
:
751 X509_free(info
->_
.x509
);
753 case OSSL_STORE_INFO_CRL
:
754 X509_CRL_free(info
->_
.crl
);
761 int OSSL_STORE_supports_search(OSSL_STORE_CTX
*ctx
, int search_type
)
765 if (ctx
->fetched_loader
!= NULL
) {
767 ossl_provider_ctx(OSSL_STORE_LOADER_provider(ctx
->fetched_loader
));
768 const OSSL_PARAM
*params
;
769 const OSSL_PARAM
*p_subject
= NULL
;
770 const OSSL_PARAM
*p_issuer
= NULL
;
771 const OSSL_PARAM
*p_serial
= NULL
;
772 const OSSL_PARAM
*p_fingerprint
= NULL
;
773 const OSSL_PARAM
*p_alias
= NULL
;
775 if (ctx
->fetched_loader
->p_settable_ctx_params
== NULL
)
778 params
= ctx
->fetched_loader
->p_settable_ctx_params(provctx
);
779 p_subject
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_SUBJECT
);
780 p_issuer
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_ISSUER
);
781 p_serial
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_SERIAL
);
783 OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_FINGERPRINT
);
784 p_alias
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_ALIAS
);
786 switch (search_type
) {
787 case OSSL_STORE_SEARCH_BY_NAME
:
788 ret
= (p_subject
!= NULL
);
790 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
:
791 ret
= (p_issuer
!= NULL
&& p_serial
!= NULL
);
793 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
:
794 ret
= (p_fingerprint
!= NULL
);
796 case OSSL_STORE_SEARCH_BY_ALIAS
:
797 ret
= (p_alias
!= NULL
);
801 #ifndef OPENSSL_NO_DEPRECATED_3_0
802 if (ctx
->fetched_loader
== NULL
) {
803 OSSL_STORE_SEARCH tmp_search
;
805 if (ctx
->loader
->find
== NULL
)
807 tmp_search
.search_type
= search_type
;
808 ret
= ctx
->loader
->find(NULL
, &tmp_search
);
814 /* Search term constructors */
815 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_name(X509_NAME
*name
)
817 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
819 if (search
== NULL
) {
820 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
824 search
->search_type
= OSSL_STORE_SEARCH_BY_NAME
;
829 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME
*name
,
830 const ASN1_INTEGER
*serial
)
832 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
834 if (search
== NULL
) {
835 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
839 search
->search_type
= OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
;
841 search
->serial
= serial
;
845 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD
*digest
,
849 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
851 if (search
== NULL
) {
852 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
856 if (digest
!= NULL
&& len
!= (size_t)EVP_MD_size(digest
)) {
857 ERR_raise_data(ERR_LIB_OSSL_STORE
,
858 OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST
,
859 "%s size is %d, fingerprint size is %zu",
860 EVP_MD_name(digest
), EVP_MD_size(digest
), len
);
861 OPENSSL_free(search
);
865 search
->search_type
= OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
;
866 search
->digest
= digest
;
867 search
->string
= bytes
;
868 search
->stringlength
= len
;
872 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_alias(const char *alias
)
874 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
876 if (search
== NULL
) {
877 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
881 search
->search_type
= OSSL_STORE_SEARCH_BY_ALIAS
;
882 search
->string
= (const unsigned char *)alias
;
883 search
->stringlength
= strlen(alias
);
887 /* Search term destructor */
888 void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH
*search
)
890 OPENSSL_free(search
);
893 /* Search term accessors */
894 int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH
*criterion
)
896 return criterion
->search_type
;
899 X509_NAME
*OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH
*criterion
)
901 return criterion
->name
;
904 const ASN1_INTEGER
*OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
907 return criterion
->serial
;
910 const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
911 *criterion
, size_t *length
)
913 *length
= criterion
->stringlength
;
914 return criterion
->string
;
917 const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH
*criterion
)
919 return (const char *)criterion
->string
;
922 const EVP_MD
*OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH
*criterion
)
924 return criterion
->digest
;
927 OSSL_STORE_CTX
*OSSL_STORE_attach(BIO
*bp
, const char *scheme
,
928 OSSL_LIB_CTX
*libctx
, const char *propq
,
929 const UI_METHOD
*ui_method
, void *ui_data
,
930 OSSL_STORE_post_process_info_fn post_process
,
931 void *post_process_data
)
933 const OSSL_STORE_LOADER
*loader
= NULL
;
934 OSSL_STORE_LOADER
*fetched_loader
= NULL
;
935 OSSL_STORE_LOADER_CTX
*loader_ctx
= NULL
;
936 OSSL_STORE_CTX
*ctx
= NULL
;
941 OSSL_TRACE1(STORE
, "Looking up scheme %s\n", scheme
);
943 #ifndef OPENSSL_NO_DEPRECATED_3_0
944 if ((loader
= ossl_store_get0_loader_int(scheme
)) != NULL
)
945 loader_ctx
= loader
->attach(loader
, bp
, libctx
, propq
,
950 OSSL_STORE_LOADER_fetch(scheme
, libctx
, propq
)) != NULL
) {
951 const OSSL_PROVIDER
*provider
=
952 OSSL_STORE_LOADER_provider(fetched_loader
);
953 void *provctx
= OSSL_PROVIDER_get0_provider_ctx(provider
);
954 OSSL_CORE_BIO
*cbio
= ossl_core_bio_new_from_bio(bp
);
957 || (loader_ctx
= fetched_loader
->p_attach(provctx
, cbio
)) == NULL
) {
958 OSSL_STORE_LOADER_free(fetched_loader
);
959 fetched_loader
= NULL
;
960 } else if (propq
!= NULL
) {
961 OSSL_PARAM params
[] = {
962 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES
,
967 params
[0].data
= (void *)propq
;
968 if (!fetched_loader
->p_set_ctx_params(loader_ctx
, params
)) {
969 (void)fetched_loader
->p_close(loader_ctx
);
970 OSSL_STORE_LOADER_free(fetched_loader
);
971 fetched_loader
= NULL
;
974 loader
= fetched_loader
;
975 ossl_core_bio_free(cbio
);
978 if (loader_ctx
== NULL
) {
979 ERR_clear_last_mark();
983 if ((ctx
= OPENSSL_zalloc(sizeof(*ctx
))) == NULL
) {
984 ERR_clear_last_mark();
985 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
989 if (ui_method
!= NULL
990 && !ossl_pw_set_ui_method(&ctx
->pwdata
, ui_method
, ui_data
)) {
991 ERR_clear_last_mark();
996 ctx
->fetched_loader
= fetched_loader
;
997 ctx
->loader
= loader
;
998 ctx
->loader_ctx
= loader_ctx
;
999 ctx
->post_process
= post_process
;
1000 ctx
->post_process_data
= post_process_data
;
1003 * ossl_store_get0_loader_int will raise an error if the loader for the
1004 * the scheme cannot be retrieved. But if a loader was successfully
1005 * fetched then we remove this error from the error stack.