]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/store/store_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
STORE: Fix OSSL_STORE_open_ex() error reporting
[thirdparty/openssl.git] / crypto / store / store_lib.c
1 /*
2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdlib.h>
11 #include <string.h>
12 #include <assert.h>
13
14 /* We need to use some STORE deprecated APIs */
15 #define OPENSSL_SUPPRESS_DEPRECATED
16
17 #include "e_os.h"
18
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/trace.h>
22 #include <openssl/core_names.h>
23 #include <openssl/provider.h>
24 #include <openssl/param_build.h>
25 #include <openssl/store.h>
26 #include "internal/thread_once.h"
27 #include "internal/cryptlib.h"
28 #include "internal/provider.h"
29 #include "internal/bio.h"
30 #include "crypto/store.h"
31 #include "store_local.h"
32
33 static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
34
35 static int loader_set_params(OSSL_STORE_LOADER *loader,
36 OSSL_STORE_LOADER_CTX *loader_ctx,
37 const OSSL_PARAM params[], const char *propq)
38 {
39 if (params != NULL) {
40 if (!loader->p_set_ctx_params(loader_ctx, params))
41 return 0;
42 }
43
44 if (propq != NULL) {
45 OSSL_PARAM propp[2];
46
47 if (OSSL_PARAM_locate_const(params,
48 OSSL_STORE_PARAM_PROPERTIES) != NULL)
49 /* use the propq from params */
50 return 1;
51
52 propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
53 (char *)propq, 0);
54 propp[1] = OSSL_PARAM_construct_end();
55
56 if (!loader->p_set_ctx_params(loader_ctx, propp))
57 return 0;
58 }
59 return 1;
60 }
61
62 OSSL_STORE_CTX *
63 OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
64 const UI_METHOD *ui_method, void *ui_data,
65 const OSSL_PARAM params[],
66 OSSL_STORE_post_process_info_fn post_process,
67 void *post_process_data)
68 {
69 const OSSL_STORE_LOADER *loader = NULL;
70 OSSL_STORE_LOADER *fetched_loader = NULL;
71 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
72 OSSL_STORE_CTX *ctx = NULL;
73 char *propq_copy = NULL;
74 int no_loader_found = 1;
75 char scheme_copy[256], *p, *schemes[2];
76 size_t schemes_n = 0;
77 size_t i;
78
79 /*
80 * Put the file scheme first. If the uri does represent an existing file,
81 * possible device name and all, then it should be loaded. Only a failed
82 * attempt at loading a local file should have us try something else.
83 */
84 schemes[schemes_n++] = "file";
85
86 /*
87 * Now, check if we have something that looks like a scheme, and add it
88 * as a second scheme. However, also check if there's an authority start
89 * (://), because that will invalidate the previous file scheme. Also,
90 * check that this isn't actually the file scheme, as there's no point
91 * going through that one twice!
92 */
93 OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
94 if ((p = strchr(scheme_copy, ':')) != NULL) {
95 *p++ = '\0';
96 if (strcasecmp(scheme_copy, "file") != 0) {
97 if (strncmp(p, "//", 2) == 0)
98 schemes_n--; /* Invalidate the file scheme */
99 schemes[schemes_n++] = scheme_copy;
100 }
101 }
102
103 ERR_set_mark();
104
105 /*
106 * Try each scheme until we find one that could open the URI.
107 *
108 * For each scheme, we look for the engine implementation first, and
109 * failing that, we then try to fetch a provided implementation.
110 * This is consistent with how we handle legacy / engine implementations
111 * elsewhere.
112 */
113 for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
114 OSSL_TRACE1(STORE, "Looking up scheme %s\n", schemes[i]);
115 #ifndef OPENSSL_NO_DEPRECATED_3_0
116 if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) {
117 no_loader_found = 0;
118 if (loader->open_ex != NULL)
119 loader_ctx = loader->open_ex(loader, uri, libctx, propq,
120 ui_method, ui_data);
121 else
122 loader_ctx = loader->open(loader, uri, ui_method, ui_data);
123 }
124 #endif
125 if (loader == NULL
126 && (fetched_loader =
127 OSSL_STORE_LOADER_fetch(libctx, schemes[i], propq)) != NULL) {
128 const OSSL_PROVIDER *provider =
129 OSSL_STORE_LOADER_get0_provider(fetched_loader);
130 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
131
132 no_loader_found = 0;
133 loader_ctx = fetched_loader->p_open(provctx, uri);
134 if (loader_ctx == NULL) {
135 OSSL_STORE_LOADER_free(fetched_loader);
136 fetched_loader = NULL;
137 } else if(!loader_set_params(fetched_loader, loader_ctx,
138 params, propq)) {
139 (void)fetched_loader->p_close(loader_ctx);
140 OSSL_STORE_LOADER_free(fetched_loader);
141 fetched_loader = NULL;
142 }
143 loader = fetched_loader;
144 }
145 }
146
147 if (no_loader_found)
148 /*
149 * It's assumed that ossl_store_get0_loader_int() and
150 * OSSL_STORE_LOADER_fetch() report their own errors
151 */
152 goto err;
153
154 OSSL_TRACE1(STORE, "Found loader for scheme %s\n", schemes[i]);
155
156 if (loader_ctx == NULL)
157 /*
158 * It's assumed that the loader's open() method reports its own
159 * errors
160 */
161 goto err;
162
163 OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
164
165 if ((propq != NULL && (propq_copy = OPENSSL_strdup(propq)) == NULL)
166 || (ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
167 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
168 goto err;
169 }
170
171 if (ui_method != NULL
172 && (!ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)
173 || !ossl_pw_enable_passphrase_caching(&ctx->pwdata))) {
174 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
175 goto err;
176 }
177 ctx->properties = propq_copy;
178 ctx->fetched_loader = fetched_loader;
179 ctx->loader = loader;
180 ctx->loader_ctx = loader_ctx;
181 ctx->post_process = post_process;
182 ctx->post_process_data = post_process_data;
183
184 /*
185 * If the attempt to open with the 'file' scheme loader failed and the
186 * other scheme loader succeeded, the failure to open with the 'file'
187 * scheme loader leaves an error on the error stack. Let's remove it.
188 */
189 ERR_pop_to_mark();
190
191 return ctx;
192
193 err:
194 ERR_clear_last_mark();
195 if (loader_ctx != NULL) {
196 /*
197 * Temporary structure so OSSL_STORE_close() can work even when
198 * |ctx| couldn't be allocated properly
199 */
200 OSSL_STORE_CTX tmpctx = { NULL, };
201
202 tmpctx.fetched_loader = fetched_loader;
203 tmpctx.loader = loader;
204 tmpctx.loader_ctx = loader_ctx;
205
206 /*
207 * We ignore a returned error because we will return NULL anyway in
208 * this case, so if something goes wrong when closing, that'll simply
209 * just add another entry on the error stack.
210 */
211 (void)ossl_store_close_it(&tmpctx);
212 }
213 OSSL_STORE_LOADER_free(fetched_loader);
214 OPENSSL_free(propq_copy);
215 OPENSSL_free(ctx);
216 return NULL;
217 }
218
219 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
220 const UI_METHOD *ui_method, void *ui_data,
221 OSSL_STORE_post_process_info_fn post_process,
222 void *post_process_data)
223 {
224 return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL,
225 post_process, post_process_data);
226 }
227
228 #ifndef OPENSSL_NO_DEPRECATED_3_0
229 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
230 {
231 va_list args;
232 int ret;
233
234 va_start(args, cmd);
235 ret = OSSL_STORE_vctrl(ctx, cmd, args);
236 va_end(args);
237
238 return ret;
239 }
240
241 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
242 {
243 if (ctx->fetched_loader != NULL) {
244 if (ctx->fetched_loader->p_set_ctx_params != NULL) {
245 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
246
247 switch (cmd) {
248 case OSSL_STORE_C_USE_SECMEM:
249 {
250 int on = *(va_arg(args, int *));
251
252 params[0] = OSSL_PARAM_construct_int("use_secmem", &on);
253 }
254 break;
255 default:
256 break;
257 }
258
259 return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
260 params);
261 }
262 } else if (ctx->loader->ctrl != NULL) {
263 return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
264 }
265
266 /*
267 * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
268 * if there was one that ignored our params, which usually returns 1.
269 */
270 return 1;
271 }
272 #endif
273
274 int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
275 {
276 int ret = 1;
277
278 if (ctx == NULL
279 || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) {
280 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
281 return 0;
282 }
283 if (ctx->loading) {
284 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
285 return 0;
286 }
287
288 ctx->expected_type = expected_type;
289 if (ctx->fetched_loader != NULL
290 && ctx->fetched_loader->p_set_ctx_params != NULL) {
291 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
292
293 params[0] =
294 OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type);
295 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, params);
296 }
297 #ifndef OPENSSL_NO_DEPRECATED_3_0
298 if (ctx->fetched_loader == NULL
299 && ctx->loader->expect != NULL) {
300 ret = ctx->loader->expect(ctx->loader_ctx, expected_type);
301 }
302 #endif
303 return ret;
304 }
305
306 int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search)
307 {
308 int ret = 1;
309
310 if (ctx->loading) {
311 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
312 return 0;
313 }
314 if (search == NULL) {
315 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
316 return 0;
317 }
318
319 if (ctx->fetched_loader != NULL) {
320 OSSL_PARAM_BLD *bld;
321 OSSL_PARAM *params;
322 /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
323 void *name_der = NULL;
324 int name_der_sz;
325 /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
326 BIGNUM *number = NULL;
327
328 if (ctx->fetched_loader->p_set_ctx_params == NULL) {
329 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
330 return 0;
331 }
332
333 if ((bld = OSSL_PARAM_BLD_new()) == NULL) {
334 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
335 return 0;
336 }
337
338 ret = 0; /* Assume the worst */
339
340 switch (search->search_type) {
341 case OSSL_STORE_SEARCH_BY_NAME:
342 if ((name_der_sz = i2d_X509_NAME(search->name,
343 (unsigned char **)&name_der)) > 0
344 && OSSL_PARAM_BLD_push_octet_string(bld,
345 OSSL_STORE_PARAM_SUBJECT,
346 name_der, name_der_sz))
347 ret = 1;
348 break;
349 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
350 if ((name_der_sz = i2d_X509_NAME(search->name,
351 (unsigned char **)&name_der)) > 0
352 && (number = ASN1_INTEGER_to_BN(search->serial, NULL)) != NULL
353 && OSSL_PARAM_BLD_push_octet_string(bld,
354 OSSL_STORE_PARAM_ISSUER,
355 name_der, name_der_sz)
356 && OSSL_PARAM_BLD_push_BN(bld, OSSL_STORE_PARAM_SERIAL,
357 number))
358 ret = 1;
359 break;
360 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
361 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST,
362 EVP_MD_get0_name(search->digest),
363 0)
364 && OSSL_PARAM_BLD_push_octet_string(bld,
365 OSSL_STORE_PARAM_FINGERPRINT,
366 search->string,
367 search->stringlength))
368 ret = 1;
369 break;
370 case OSSL_STORE_SEARCH_BY_ALIAS:
371 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_ALIAS,
372 (char *)search->string,
373 search->stringlength))
374 ret = 1;
375 break;
376 }
377 if (ret) {
378 params = OSSL_PARAM_BLD_to_param(bld);
379 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
380 params);
381 OSSL_PARAM_free(params);
382 }
383 OSSL_PARAM_BLD_free(bld);
384 OPENSSL_free(name_der);
385 BN_free(number);
386 } else {
387 #ifndef OPENSSL_NO_DEPRECATED_3_0
388 /* legacy loader section */
389 if (ctx->loader->find == NULL) {
390 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
391 return 0;
392 }
393 ret = ctx->loader->find(ctx->loader_ctx, search);
394 #endif
395 }
396
397 return ret;
398 }
399
400 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
401 {
402 OSSL_STORE_INFO *v = NULL;
403
404 ctx->loading = 1;
405 again:
406 if (OSSL_STORE_eof(ctx))
407 return NULL;
408
409 if (ctx->loader != NULL)
410 OSSL_TRACE(STORE, "Loading next object\n");
411
412 if (ctx->cached_info != NULL
413 && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
414 sk_OSSL_STORE_INFO_free(ctx->cached_info);
415 ctx->cached_info = NULL;
416 }
417
418 if (ctx->cached_info != NULL) {
419 v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
420 } else {
421 if (ctx->fetched_loader != NULL) {
422 struct ossl_load_result_data_st load_data;
423
424 load_data.v = NULL;
425 load_data.ctx = ctx;
426
427 if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
428 ossl_store_handle_load_result,
429 &load_data,
430 ossl_pw_passphrase_callback_dec,
431 &ctx->pwdata)) {
432 if (!OSSL_STORE_eof(ctx))
433 ctx->error_flag = 1;
434 return NULL;
435 }
436 v = load_data.v;
437 }
438 #ifndef OPENSSL_NO_DEPRECATED_3_0
439 if (ctx->fetched_loader == NULL)
440 v = ctx->loader->load(ctx->loader_ctx,
441 ctx->pwdata._.ui_method.ui_method,
442 ctx->pwdata._.ui_method.ui_method_data);
443 #endif
444 }
445
446 if (ctx->post_process != NULL && v != NULL) {
447 v = ctx->post_process(v, ctx->post_process_data);
448
449 /*
450 * By returning NULL, the callback decides that this object should
451 * be ignored.
452 */
453 if (v == NULL)
454 goto again;
455 }
456
457 /* Clear any internally cached passphrase */
458 (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
459
460 if (v != NULL && ctx->expected_type != 0) {
461 int returned_type = OSSL_STORE_INFO_get_type(v);
462
463 if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
464 if (ctx->expected_type != returned_type) {
465 OSSL_STORE_INFO_free(v);
466 goto again;
467 }
468 }
469 }
470
471 if (v != NULL)
472 OSSL_TRACE1(STORE, "Got a %s\n",
473 OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
474
475 return v;
476 }
477
478 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
479 {
480 int ret = 1;
481
482 if (ctx->fetched_loader != NULL)
483 ret = ctx->error_flag;
484 #ifndef OPENSSL_NO_DEPRECATED_3_0
485 if (ctx->fetched_loader == NULL)
486 ret = ctx->loader->error(ctx->loader_ctx);
487 #endif
488 return ret;
489 }
490
491 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
492 {
493 int ret = 1;
494
495 if (ctx->fetched_loader != NULL)
496 ret = ctx->loader->p_eof(ctx->loader_ctx);
497 #ifndef OPENSSL_NO_DEPRECATED_3_0
498 if (ctx->fetched_loader == NULL)
499 ret = ctx->loader->eof(ctx->loader_ctx);
500 #endif
501 return ret != 0;
502 }
503
504 static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
505 {
506 int ret = 0;
507
508 if (ctx == NULL)
509 return 1;
510 OSSL_TRACE1(STORE, "Closing %p\n", (void *)ctx->loader_ctx);
511
512 if (ctx->fetched_loader != NULL)
513 ret = ctx->loader->p_close(ctx->loader_ctx);
514 #ifndef OPENSSL_NO_DEPRECATED_3_0
515 if (ctx->fetched_loader == NULL)
516 ret = ctx->loader->close(ctx->loader_ctx);
517 #endif
518
519 sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free);
520 OSSL_STORE_LOADER_free(ctx->fetched_loader);
521 OPENSSL_free(ctx->properties);
522 ossl_pw_clear_passphrase_data(&ctx->pwdata);
523 return ret;
524 }
525
526 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
527 {
528 int ret = ossl_store_close_it(ctx);
529
530 OPENSSL_free(ctx);
531 return ret;
532 }
533
534 /*
535 * Functions to generate OSSL_STORE_INFOs, one function for each type we
536 * support having in them as well as a generic constructor.
537 *
538 * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
539 * and will therefore be freed when the OSSL_STORE_INFO is freed.
540 */
541 OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data)
542 {
543 OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
544
545 if (info == NULL)
546 return NULL;
547
548 info->type = type;
549 info->_.data = data;
550 return info;
551 }
552
553 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
554 {
555 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL);
556
557 if (info == NULL) {
558 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
559 return NULL;
560 }
561
562 info->_.name.name = name;
563 info->_.name.desc = NULL;
564
565 return info;
566 }
567
568 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
569 {
570 if (info->type != OSSL_STORE_INFO_NAME) {
571 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
572 return 0;
573 }
574
575 info->_.name.desc = desc;
576
577 return 1;
578 }
579 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
580 {
581 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params);
582
583 if (info == NULL)
584 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
585 return info;
586 }
587
588 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
589 {
590 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey);
591
592 if (info == NULL)
593 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
594 return info;
595 }
596
597 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
598 {
599 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey);
600
601 if (info == NULL)
602 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
603 return info;
604 }
605
606 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
607 {
608 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509);
609
610 if (info == NULL)
611 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
612 return info;
613 }
614
615 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
616 {
617 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl);
618
619 if (info == NULL)
620 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
621 return info;
622 }
623
624 /*
625 * Functions to try to extract data from a OSSL_STORE_INFO.
626 */
627 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
628 {
629 return info->type;
630 }
631
632 void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info)
633 {
634 if (info->type == type)
635 return info->_.data;
636 return NULL;
637 }
638
639 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
640 {
641 if (info->type == OSSL_STORE_INFO_NAME)
642 return info->_.name.name;
643 return NULL;
644 }
645
646 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
647 {
648 if (info->type == OSSL_STORE_INFO_NAME) {
649 char *ret = OPENSSL_strdup(info->_.name.name);
650
651 if (ret == NULL)
652 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
653 return ret;
654 }
655 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
656 return NULL;
657 }
658
659 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
660 {
661 if (info->type == OSSL_STORE_INFO_NAME)
662 return info->_.name.desc;
663 return NULL;
664 }
665
666 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
667 {
668 if (info->type == OSSL_STORE_INFO_NAME) {
669 char *ret = OPENSSL_strdup(info->_.name.desc
670 ? info->_.name.desc : "");
671
672 if (ret == NULL)
673 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
674 return ret;
675 }
676 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
677 return NULL;
678 }
679
680 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
681 {
682 if (info->type == OSSL_STORE_INFO_PARAMS)
683 return info->_.params;
684 return NULL;
685 }
686
687 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
688 {
689 if (info->type == OSSL_STORE_INFO_PARAMS) {
690 EVP_PKEY_up_ref(info->_.params);
691 return info->_.params;
692 }
693 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS);
694 return NULL;
695 }
696
697 EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info)
698 {
699 if (info->type == OSSL_STORE_INFO_PUBKEY)
700 return info->_.pubkey;
701 return NULL;
702 }
703
704 EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info)
705 {
706 if (info->type == OSSL_STORE_INFO_PUBKEY) {
707 EVP_PKEY_up_ref(info->_.pubkey);
708 return info->_.pubkey;
709 }
710 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
711 return NULL;
712 }
713
714 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
715 {
716 if (info->type == OSSL_STORE_INFO_PKEY)
717 return info->_.pkey;
718 return NULL;
719 }
720
721 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
722 {
723 if (info->type == OSSL_STORE_INFO_PKEY) {
724 EVP_PKEY_up_ref(info->_.pkey);
725 return info->_.pkey;
726 }
727 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PRIVATE_KEY);
728 return NULL;
729 }
730
731 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
732 {
733 if (info->type == OSSL_STORE_INFO_CERT)
734 return info->_.x509;
735 return NULL;
736 }
737
738 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
739 {
740 if (info->type == OSSL_STORE_INFO_CERT) {
741 X509_up_ref(info->_.x509);
742 return info->_.x509;
743 }
744 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE);
745 return NULL;
746 }
747
748 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
749 {
750 if (info->type == OSSL_STORE_INFO_CRL)
751 return info->_.crl;
752 return NULL;
753 }
754
755 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
756 {
757 if (info->type == OSSL_STORE_INFO_CRL) {
758 X509_CRL_up_ref(info->_.crl);
759 return info->_.crl;
760 }
761 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL);
762 return NULL;
763 }
764
765 /*
766 * Free the OSSL_STORE_INFO
767 */
768 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
769 {
770 if (info != NULL) {
771 switch (info->type) {
772 case OSSL_STORE_INFO_NAME:
773 OPENSSL_free(info->_.name.name);
774 OPENSSL_free(info->_.name.desc);
775 break;
776 case OSSL_STORE_INFO_PARAMS:
777 EVP_PKEY_free(info->_.params);
778 break;
779 case OSSL_STORE_INFO_PUBKEY:
780 EVP_PKEY_free(info->_.pubkey);
781 break;
782 case OSSL_STORE_INFO_PKEY:
783 EVP_PKEY_free(info->_.pkey);
784 break;
785 case OSSL_STORE_INFO_CERT:
786 X509_free(info->_.x509);
787 break;
788 case OSSL_STORE_INFO_CRL:
789 X509_CRL_free(info->_.crl);
790 break;
791 }
792 OPENSSL_free(info);
793 }
794 }
795
796 int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
797 {
798 int ret = 0;
799
800 if (ctx->fetched_loader != NULL) {
801 void *provctx =
802 ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader));
803 const OSSL_PARAM *params;
804 const OSSL_PARAM *p_subject = NULL;
805 const OSSL_PARAM *p_issuer = NULL;
806 const OSSL_PARAM *p_serial = NULL;
807 const OSSL_PARAM *p_fingerprint = NULL;
808 const OSSL_PARAM *p_alias = NULL;
809
810 if (ctx->fetched_loader->p_settable_ctx_params == NULL)
811 return 0;
812
813 params = ctx->fetched_loader->p_settable_ctx_params(provctx);
814 p_subject = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
815 p_issuer = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ISSUER);
816 p_serial = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SERIAL);
817 p_fingerprint =
818 OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT);
819 p_alias = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ALIAS);
820
821 switch (search_type) {
822 case OSSL_STORE_SEARCH_BY_NAME:
823 ret = (p_subject != NULL);
824 break;
825 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
826 ret = (p_issuer != NULL && p_serial != NULL);
827 break;
828 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
829 ret = (p_fingerprint != NULL);
830 break;
831 case OSSL_STORE_SEARCH_BY_ALIAS:
832 ret = (p_alias != NULL);
833 break;
834 }
835 }
836 #ifndef OPENSSL_NO_DEPRECATED_3_0
837 if (ctx->fetched_loader == NULL) {
838 OSSL_STORE_SEARCH tmp_search;
839
840 if (ctx->loader->find == NULL)
841 return 0;
842 tmp_search.search_type = search_type;
843 ret = ctx->loader->find(NULL, &tmp_search);
844 }
845 #endif
846 return ret;
847 }
848
849 /* Search term constructors */
850 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
851 {
852 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
853
854 if (search == NULL) {
855 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
856 return NULL;
857 }
858
859 search->search_type = OSSL_STORE_SEARCH_BY_NAME;
860 search->name = name;
861 return search;
862 }
863
864 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
865 const ASN1_INTEGER *serial)
866 {
867 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
868
869 if (search == NULL) {
870 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
871 return NULL;
872 }
873
874 search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
875 search->name = name;
876 search->serial = serial;
877 return search;
878 }
879
880 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
881 const unsigned char
882 *bytes, size_t len)
883 {
884 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
885
886 if (search == NULL) {
887 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
888 return NULL;
889 }
890
891 if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) {
892 ERR_raise_data(ERR_LIB_OSSL_STORE,
893 OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
894 "%s size is %d, fingerprint size is %zu",
895 EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len);
896 OPENSSL_free(search);
897 return NULL;
898 }
899
900 search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
901 search->digest = digest;
902 search->string = bytes;
903 search->stringlength = len;
904 return search;
905 }
906
907 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
908 {
909 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
910
911 if (search == NULL) {
912 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
913 return NULL;
914 }
915
916 search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
917 search->string = (const unsigned char *)alias;
918 search->stringlength = strlen(alias);
919 return search;
920 }
921
922 /* Search term destructor */
923 void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
924 {
925 OPENSSL_free(search);
926 }
927
928 /* Search term accessors */
929 int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
930 {
931 return criterion->search_type;
932 }
933
934 X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion)
935 {
936 return criterion->name;
937 }
938
939 const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
940 *criterion)
941 {
942 return criterion->serial;
943 }
944
945 const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
946 *criterion, size_t *length)
947 {
948 *length = criterion->stringlength;
949 return criterion->string;
950 }
951
952 const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
953 {
954 return (const char *)criterion->string;
955 }
956
957 const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
958 {
959 return criterion->digest;
960 }
961
962 OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
963 OSSL_LIB_CTX *libctx, const char *propq,
964 const UI_METHOD *ui_method, void *ui_data,
965 const OSSL_PARAM params[],
966 OSSL_STORE_post_process_info_fn post_process,
967 void *post_process_data)
968 {
969 const OSSL_STORE_LOADER *loader = NULL;
970 OSSL_STORE_LOADER *fetched_loader = NULL;
971 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
972 OSSL_STORE_CTX *ctx = NULL;
973
974 if (scheme == NULL)
975 scheme = "file";
976
977 OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
978 ERR_set_mark();
979 #ifndef OPENSSL_NO_DEPRECATED_3_0
980 if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
981 loader_ctx = loader->attach(loader, bp, libctx, propq,
982 ui_method, ui_data);
983 #endif
984 if (loader == NULL
985 && (fetched_loader =
986 OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) {
987 const OSSL_PROVIDER *provider =
988 OSSL_STORE_LOADER_get0_provider(fetched_loader);
989 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
990 OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp);
991
992 if (cbio == NULL
993 || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
994 OSSL_STORE_LOADER_free(fetched_loader);
995 fetched_loader = NULL;
996 } else if (!loader_set_params(fetched_loader, loader_ctx,
997 params, propq)) {
998 (void)fetched_loader->p_close(loader_ctx);
999 OSSL_STORE_LOADER_free(fetched_loader);
1000 fetched_loader = NULL;
1001 }
1002 loader = fetched_loader;
1003 ossl_core_bio_free(cbio);
1004 }
1005
1006 if (loader_ctx == NULL) {
1007 ERR_clear_last_mark();
1008 return NULL;
1009 }
1010
1011 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
1012 ERR_clear_last_mark();
1013 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
1014 return NULL;
1015 }
1016
1017 if (ui_method != NULL
1018 && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
1019 ERR_clear_last_mark();
1020 OPENSSL_free(ctx);
1021 return NULL;
1022 }
1023
1024 ctx->fetched_loader = fetched_loader;
1025 ctx->loader = loader;
1026 ctx->loader_ctx = loader_ctx;
1027 ctx->post_process = post_process;
1028 ctx->post_process_data = post_process_data;
1029
1030 /*
1031 * ossl_store_get0_loader_int will raise an error if the loader for the
1032 * the scheme cannot be retrieved. But if a loader was successfully
1033 * fetched then we remove this error from the error stack.
1034 */
1035 ERR_pop_to_mark();
1036
1037 return ctx;
1038 }
A mirror of the official openssl repository