2 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "internal/e_os.h"
13 #include <openssl/core.h>
14 #include <openssl/core_names.h>
15 #include <openssl/core_object.h>
16 #include <openssl/err.h>
17 #include <openssl/pkcs12.h>
18 #include <openssl/provider.h>
19 #include <openssl/decoder.h>
20 #include <openssl/store.h>
21 #include "internal/provider.h"
22 #include "internal/passphrase.h"
23 #include "crypto/evp.h"
24 #include "crypto/x509.h"
25 #include "store_local.h"
27 #ifndef OSSL_OBJECT_PKCS12
29 * The object abstraction doesn't know PKCS#12, but we want to indicate
30 * it anyway, so we create our own. Since the public macros use positive
31 * numbers, negative ones should be fine. They must never slip out from
32 * this translation unit anyway.
34 # define OSSL_OBJECT_PKCS12 -1
38 * ossl_store_handle_load_result() is initially written to be a companion
39 * to our 'file:' scheme provider implementation, but has been made generic
40 * to serve others as well.
42 * This result handler takes any object abstraction (see provider-object(7))
43 * and does the best it can with it. If the object is passed by value (not
44 * by reference), the contents are currently expected to be DER encoded.
45 * If an object type is specified, that will be respected; otherwise, this
46 * handler will guess the contents, by trying the following in order:
48 * 1. Decode it into an EVP_PKEY, using OSSL_DECODER.
49 * 2. Decode it into an X.509 certificate, using d2i_X509 / d2i_X509_AUX.
50 * 3. Decode it into an X.509 CRL, using d2i_X509_CRL.
51 * 4. Decode it into a PKCS#12 structure, using d2i_PKCS12 (*).
53 * For the 'file:' scheme implementation, this is division of labor. Since
54 * the libcrypto <-> provider interface currently doesn't support certain
55 * structures as first class objects, they must be unpacked from DER here
56 * rather than in the provider. The current exception is asymmetric keys,
57 * which can reside within the provider boundary, most of all thanks to
58 * OSSL_FUNC_keymgmt_load(), which allows loading the key material by
62 struct extracted_param_data_st
{
64 const char *data_type
;
65 const char *data_structure
;
66 const char *utf8_data
;
67 const void *octet_data
;
68 size_t octet_data_size
;
74 static int try_name(struct extracted_param_data_st
*, OSSL_STORE_INFO
**);
75 static int try_key(struct extracted_param_data_st
*, OSSL_STORE_INFO
**,
76 OSSL_STORE_CTX
*, const OSSL_PROVIDER
*,
77 OSSL_LIB_CTX
*, const char *);
78 static int try_cert(struct extracted_param_data_st
*, OSSL_STORE_INFO
**,
79 OSSL_LIB_CTX
*, const char *);
80 static int try_crl(struct extracted_param_data_st
*, OSSL_STORE_INFO
**,
81 OSSL_LIB_CTX
*, const char *);
82 static int try_pkcs12(struct extracted_param_data_st
*, OSSL_STORE_INFO
**,
83 OSSL_STORE_CTX
*, OSSL_LIB_CTX
*, const char *);
85 int ossl_store_handle_load_result(const OSSL_PARAM params
[], void *arg
)
87 struct ossl_load_result_data_st
*cbdata
= arg
;
88 OSSL_STORE_INFO
**v
= &cbdata
->v
;
89 OSSL_STORE_CTX
*ctx
= cbdata
->ctx
;
90 const OSSL_PROVIDER
*provider
=
91 OSSL_STORE_LOADER_get0_provider(ctx
->fetched_loader
);
92 OSSL_LIB_CTX
*libctx
= ossl_provider_libctx(provider
);
93 const char *propq
= ctx
->properties
;
95 struct extracted_param_data_st helper_data
;
97 memset(&helper_data
, 0, sizeof(helper_data
));
98 helper_data
.object_type
= OSSL_OBJECT_UNKNOWN
;
100 if ((p
= OSSL_PARAM_locate_const(params
, OSSL_OBJECT_PARAM_TYPE
)) != NULL
101 && !OSSL_PARAM_get_int(p
, &helper_data
.object_type
))
103 p
= OSSL_PARAM_locate_const(params
, OSSL_OBJECT_PARAM_DATA_TYPE
);
105 && !OSSL_PARAM_get_utf8_string_ptr(p
, &helper_data
.data_type
))
107 p
= OSSL_PARAM_locate_const(params
, OSSL_OBJECT_PARAM_DATA
);
109 && !OSSL_PARAM_get_octet_string_ptr(p
, &helper_data
.octet_data
,
110 &helper_data
.octet_data_size
)
111 && !OSSL_PARAM_get_utf8_string_ptr(p
, &helper_data
.utf8_data
))
113 p
= OSSL_PARAM_locate_const(params
, OSSL_OBJECT_PARAM_DATA_STRUCTURE
);
115 && !OSSL_PARAM_get_utf8_string_ptr(p
, &helper_data
.data_structure
))
117 p
= OSSL_PARAM_locate_const(params
, OSSL_OBJECT_PARAM_REFERENCE
);
118 if (p
!= NULL
&& !OSSL_PARAM_get_octet_string_ptr(p
, &helper_data
.ref
,
119 &helper_data
.ref_size
))
121 p
= OSSL_PARAM_locate_const(params
, OSSL_OBJECT_PARAM_DESC
);
122 if (p
!= NULL
&& !OSSL_PARAM_get_utf8_string_ptr(p
, &helper_data
.desc
))
126 * The helper functions return 0 on actual errors, otherwise 1, even if
127 * they didn't fill out |*v|.
130 if (*v
== NULL
&& !try_name(&helper_data
, v
))
134 if (*v
== NULL
&& !try_key(&helper_data
, v
, ctx
, provider
, libctx
, propq
))
138 if (*v
== NULL
&& !try_cert(&helper_data
, v
, libctx
, propq
))
142 if (*v
== NULL
&& !try_crl(&helper_data
, v
, libctx
, propq
))
146 if (*v
== NULL
&& !try_pkcs12(&helper_data
, v
, ctx
, libctx
, propq
))
151 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_UNSUPPORTED
);
155 ERR_clear_last_mark();
159 static int try_name(struct extracted_param_data_st
*data
, OSSL_STORE_INFO
**v
)
161 if (data
->object_type
== OSSL_OBJECT_NAME
) {
162 char *newname
= NULL
, *newdesc
= NULL
;
164 if (data
->utf8_data
== NULL
)
166 if ((newname
= OPENSSL_strdup(data
->utf8_data
)) == NULL
167 || (data
->desc
!= NULL
168 && (newdesc
= OPENSSL_strdup(data
->desc
)) == NULL
)
169 || (*v
= OSSL_STORE_INFO_new_NAME(newname
)) == NULL
) {
170 OPENSSL_free(newname
);
171 OPENSSL_free(newdesc
);
174 OSSL_STORE_INFO_set0_NAME_description(*v
, newdesc
);
180 * For the rest of the object types, the provider code may not know what
181 * type of data it gave us, so we may need to figure that out on our own.
182 * Therefore, we do check for OSSL_OBJECT_UNKNOWN everywhere below, and
183 * only return 0 on error if the object type is known.
186 static EVP_PKEY
*try_key_ref(struct extracted_param_data_st
*data
,
188 const OSSL_PROVIDER
*provider
,
189 OSSL_LIB_CTX
*libctx
, const char *propq
)
192 EVP_KEYMGMT
*keymgmt
= NULL
;
193 void *keydata
= NULL
;
194 int try_fallback
= 2;
196 /* If we have an object reference, we must have a data type */
197 if (data
->data_type
== NULL
)
200 keymgmt
= EVP_KEYMGMT_fetch(libctx
, data
->data_type
, propq
);
202 while (keymgmt
!= NULL
&& keydata
== NULL
&& try_fallback
-- > 0) {
204 * There are two possible cases
206 * 1. The keymgmt is from the same provider as the loader,
207 * so we can use evp_keymgmt_load()
208 * 2. The keymgmt is from another provider, then we must
209 * do the export/import dance.
211 if (EVP_KEYMGMT_get0_provider(keymgmt
) == provider
) {
212 /* no point trying fallback here */
214 keydata
= evp_keymgmt_load(keymgmt
, data
->ref
, data
->ref_size
);
216 struct evp_keymgmt_util_try_import_data_st import_data
;
217 OSSL_FUNC_store_export_object_fn
*export_object
=
218 ctx
->fetched_loader
->p_export_object
;
220 import_data
.keymgmt
= keymgmt
;
221 import_data
.keydata
= NULL
;
222 import_data
.selection
= OSSL_KEYMGMT_SELECT_ALL
;
224 if (export_object
!= NULL
) {
226 * No need to check for errors here, the value of
227 * |import_data.keydata| is as much an indicator.
229 (void)export_object(ctx
->loader_ctx
,
230 data
->ref
, data
->ref_size
,
231 &evp_keymgmt_util_try_import
,
235 keydata
= import_data
.keydata
;
238 if (keydata
== NULL
&& try_fallback
> 0) {
239 EVP_KEYMGMT_free(keymgmt
);
240 keymgmt
= evp_keymgmt_fetch_from_prov((OSSL_PROVIDER
*)provider
,
241 data
->data_type
, propq
);
242 if (keymgmt
!= NULL
) {
248 if (keydata
!= NULL
) {
250 pk
= evp_keymgmt_util_make_pkey(keymgmt
, keydata
);
252 ERR_clear_last_mark();
254 EVP_KEYMGMT_free(keymgmt
);
259 static EVP_PKEY
*try_key_value(struct extracted_param_data_st
*data
,
261 OSSL_PASSPHRASE_CALLBACK
*cb
, void *cbarg
,
262 OSSL_LIB_CTX
*libctx
, const char *propq
)
265 OSSL_DECODER_CTX
*decoderctx
= NULL
;
266 const unsigned char *pdata
= data
->octet_data
;
267 size_t pdatalen
= data
->octet_data_size
;
270 switch (ctx
->expected_type
) {
273 case OSSL_STORE_INFO_PARAMS
:
274 selection
= OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
;
276 case OSSL_STORE_INFO_PUBKEY
:
278 OSSL_KEYMGMT_SELECT_PUBLIC_KEY
279 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
;
281 case OSSL_STORE_INFO_PKEY
:
282 selection
= OSSL_KEYMGMT_SELECT_ALL
;
289 OSSL_DECODER_CTX_new_for_pkey(&pk
, NULL
, data
->data_structure
,
290 data
->data_type
, selection
, libctx
,
292 (void)OSSL_DECODER_CTX_set_passphrase_cb(decoderctx
, cb
, cbarg
);
294 /* No error if this couldn't be decoded */
295 (void)OSSL_DECODER_from_data(decoderctx
, &pdata
, &pdatalen
);
297 OSSL_DECODER_CTX_free(decoderctx
);
302 typedef OSSL_STORE_INFO
*store_info_new_fn(EVP_PKEY
*);
304 static EVP_PKEY
*try_key_value_legacy(struct extracted_param_data_st
*data
,
305 store_info_new_fn
**store_info_new
,
307 OSSL_PASSPHRASE_CALLBACK
*cb
, void *cbarg
,
308 OSSL_LIB_CTX
*libctx
, const char *propq
)
311 const unsigned char *der
= data
->octet_data
, *derp
;
312 long der_len
= (long)data
->octet_data_size
;
314 /* Try PUBKEY first, that's a real easy target */
315 if (ctx
->expected_type
== 0
316 || ctx
->expected_type
== OSSL_STORE_INFO_PUBKEY
) {
318 pk
= d2i_PUBKEY_ex(NULL
, &derp
, der_len
, libctx
, propq
);
321 *store_info_new
= OSSL_STORE_INFO_new_PUBKEY
;
324 /* Try private keys next */
326 && (ctx
->expected_type
== 0
327 || ctx
->expected_type
== OSSL_STORE_INFO_PKEY
)) {
328 unsigned char *new_der
= NULL
;
330 PKCS8_PRIV_KEY_INFO
*p8info
= NULL
;
332 /* See if it's an encrypted PKCS#8 and decrypt it. */
334 p8
= d2i_X509_SIG(NULL
, &derp
, der_len
);
337 char pbuf
[PEM_BUFSIZE
];
340 if (!cb(pbuf
, sizeof(pbuf
), &plen
, NULL
, cbarg
)) {
341 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_BAD_PASSWORD_READ
);
343 const X509_ALGOR
*alg
= NULL
;
344 const ASN1_OCTET_STRING
*oct
= NULL
;
347 X509_SIG_get0(p8
, &alg
, &oct
);
350 * No need to check the returned value, |new_der|
351 * will be NULL on error anyway.
353 PKCS12_pbe_crypt(alg
, pbuf
, plen
,
354 oct
->data
, oct
->length
,
363 * If the encrypted PKCS#8 couldn't be decrypted,
367 /* Try to unpack an unencrypted PKCS#8, that's easy */
369 p8info
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
, der_len
);
371 if (p8info
!= NULL
) {
372 pk
= EVP_PKCS82PKEY_ex(p8info
, libctx
, propq
);
373 PKCS8_PRIV_KEY_INFO_free(p8info
);
378 *store_info_new
= OSSL_STORE_INFO_new_PKEY
;
380 OPENSSL_free(new_der
);
386 static int try_key(struct extracted_param_data_st
*data
, OSSL_STORE_INFO
**v
,
387 OSSL_STORE_CTX
*ctx
, const OSSL_PROVIDER
*provider
,
388 OSSL_LIB_CTX
*libctx
, const char *propq
)
390 store_info_new_fn
*store_info_new
= NULL
;
392 if (data
->object_type
== OSSL_OBJECT_UNKNOWN
393 || data
->object_type
== OSSL_OBJECT_PKEY
) {
396 /* Prefer key by reference than key by value */
397 if (data
->object_type
== OSSL_OBJECT_PKEY
&& data
->ref
!= NULL
) {
398 pk
= try_key_ref(data
, ctx
, provider
, libctx
, propq
);
401 * If for some reason we couldn't get a key, it's an error.
402 * It indicates that while decoders could make a key reference,
403 * the keymgmt somehow couldn't handle it, or doesn't have a
404 * OSSL_FUNC_keymgmt_load function.
408 } else if (data
->octet_data
!= NULL
) {
409 OSSL_PASSPHRASE_CALLBACK
*cb
= ossl_pw_passphrase_callback_dec
;
410 void *cbarg
= &ctx
->pwdata
;
412 pk
= try_key_value(data
, ctx
, cb
, cbarg
, libctx
, propq
);
415 * Desperate last maneuver, in case the decoders don't support
416 * the data we have, then we try on our own to at least get an
417 * engine provided legacy key.
418 * This is the same as der2key_decode() does, but in a limited
419 * way and within the walls of libcrypto.
422 pk
= try_key_value_legacy(data
, &store_info_new
, ctx
,
423 cb
, cbarg
, libctx
, propq
);
427 data
->object_type
= OSSL_OBJECT_PKEY
;
429 if (store_info_new
== NULL
) {
431 * We determined the object type for OSSL_STORE_INFO, which
432 * makes an explicit difference between an EVP_PKEY with just
433 * (domain) parameters and an EVP_PKEY with actual key
435 * The logic is that an EVP_PKEY with actual key material
436 * always has the public half.
438 if (evp_keymgmt_util_has(pk
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
439 store_info_new
= OSSL_STORE_INFO_new_PKEY
;
440 else if (evp_keymgmt_util_has(pk
,
441 OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
442 store_info_new
= OSSL_STORE_INFO_new_PUBKEY
;
444 store_info_new
= OSSL_STORE_INFO_new_PARAMS
;
446 *v
= store_info_new(pk
);
456 static int try_cert(struct extracted_param_data_st
*data
, OSSL_STORE_INFO
**v
,
457 OSSL_LIB_CTX
*libctx
, const char *propq
)
459 if (data
->object_type
== OSSL_OBJECT_UNKNOWN
460 || data
->object_type
== OSSL_OBJECT_CERT
) {
462 * In most cases, we can try to interpret the serialized
463 * data as a trusted cert (X509 + X509_AUX) and fall back
464 * to reading it as a normal cert (just X509), but if
465 * |data_type| (the PEM name) specifically declares it as a
466 * trusted cert, then no fallback should be engaged.
467 * |ignore_trusted| tells if the fallback can be used (1)
470 int ignore_trusted
= 1;
471 X509
*cert
= X509_new_ex(libctx
, propq
);
476 /* If we have a data type, it should be a PEM name */
477 if (data
->data_type
!= NULL
478 && (OPENSSL_strcasecmp(data
->data_type
, PEM_STRING_X509_TRUSTED
) == 0))
481 if (d2i_X509_AUX(&cert
, (const unsigned char **)&data
->octet_data
,
482 data
->octet_data_size
) == NULL
484 || d2i_X509(&cert
, (const unsigned char **)&data
->octet_data
,
485 data
->octet_data_size
) == NULL
)) {
491 /* We determined the object type */
492 data
->object_type
= OSSL_OBJECT_CERT
;
493 *v
= OSSL_STORE_INFO_new_CERT(cert
);
502 static int try_crl(struct extracted_param_data_st
*data
, OSSL_STORE_INFO
**v
,
503 OSSL_LIB_CTX
*libctx
, const char *propq
)
505 if (data
->object_type
== OSSL_OBJECT_UNKNOWN
506 || data
->object_type
== OSSL_OBJECT_CRL
) {
509 crl
= d2i_X509_CRL(NULL
, (const unsigned char **)&data
->octet_data
,
510 data
->octet_data_size
);
513 /* We determined the object type */
514 data
->object_type
= OSSL_OBJECT_CRL
;
516 if (crl
!= NULL
&& !ossl_x509_crl_set0_libctx(crl
, libctx
, propq
)) {
522 *v
= OSSL_STORE_INFO_new_CRL(crl
);
530 static int try_pkcs12(struct extracted_param_data_st
*data
, OSSL_STORE_INFO
**v
,
532 OSSL_LIB_CTX
*libctx
, const char *propq
)
536 /* There is no specific object type for PKCS12 */
537 if (data
->object_type
== OSSL_OBJECT_UNKNOWN
) {
538 /* Initial parsing */
541 p12
= d2i_PKCS12(NULL
, (const unsigned char **)&data
->octet_data
,
542 data
->octet_data_size
);
546 char tpass
[PEM_BUFSIZE
+ 1];
548 EVP_PKEY
*pkey
= NULL
;
550 STACK_OF(X509
) *chain
= NULL
;
552 data
->object_type
= OSSL_OBJECT_PKCS12
;
554 ok
= 0; /* Assume decryption or parse error */
556 if (!PKCS12_mac_present(p12
)
557 || PKCS12_verify_mac(p12
, NULL
, 0)) {
559 } else if (PKCS12_verify_mac(p12
, "", 0)) {
562 static char prompt_info
[] = "PKCS12 import pass phrase";
563 OSSL_PARAM pw_params
[] = {
564 OSSL_PARAM_utf8_string(OSSL_PASSPHRASE_PARAM_INFO
,
566 sizeof(prompt_info
) - 1),
570 if (!ossl_pw_get_passphrase(tpass
, sizeof(tpass
) - 1,
572 pw_params
, 0, &ctx
->pwdata
)) {
573 ERR_raise(ERR_LIB_OSSL_STORE
,
574 OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR
);
579 * ossl_pw_get_passphrase() does not NUL terminate but
580 * we must do it for PKCS12_parse()
582 pass
[tpass_len
] = '\0';
583 if (!PKCS12_verify_mac(p12
, pass
, tpass_len
)) {
584 ERR_raise_data(ERR_LIB_OSSL_STORE
,
585 OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC
,
586 tpass_len
== 0 ? "empty password" :
587 "maybe wrong password");
592 if (PKCS12_parse(p12
, pass
, &pkey
, &cert
, &chain
)) {
593 STACK_OF(OSSL_STORE_INFO
) *infos
= NULL
;
594 OSSL_STORE_INFO
*osi_pkey
= NULL
;
595 OSSL_STORE_INFO
*osi_cert
= NULL
;
596 OSSL_STORE_INFO
*osi_ca
= NULL
;
598 ok
= 1; /* Parsing went through correctly! */
600 if ((infos
= sk_OSSL_STORE_INFO_new_null()) != NULL
) {
602 if ((osi_pkey
= OSSL_STORE_INFO_new_PKEY(pkey
)) != NULL
603 /* clearing pkey here avoids case distinctions */
604 && (pkey
= NULL
) == NULL
605 && sk_OSSL_STORE_INFO_push(infos
, osi_pkey
) != 0)
610 if (ok
&& cert
!= NULL
) {
611 if ((osi_cert
= OSSL_STORE_INFO_new_CERT(cert
)) != NULL
612 /* clearing cert here avoids case distinctions */
613 && (cert
= NULL
) == NULL
614 && sk_OSSL_STORE_INFO_push(infos
, osi_cert
) != 0)
619 while (ok
&& sk_X509_num(chain
) > 0) {
620 X509
*ca
= sk_X509_value(chain
, 0);
622 if ((osi_ca
= OSSL_STORE_INFO_new_CERT(ca
)) != NULL
623 && sk_X509_shift(chain
) != NULL
624 && sk_OSSL_STORE_INFO_push(infos
, osi_ca
) != 0)
632 OSSL_STACK_OF_X509_free(chain
);
633 OSSL_STORE_INFO_free(osi_pkey
);
634 OSSL_STORE_INFO_free(osi_cert
);
635 OSSL_STORE_INFO_free(osi_ca
);
637 sk_OSSL_STORE_INFO_pop_free(infos
, OSSL_STORE_INFO_free
);
640 ctx
->cached_info
= infos
;
643 OPENSSL_cleanse(tpass
, sizeof(tpass
));
646 *v
= sk_OSSL_STORE_INFO_shift(ctx
->cached_info
);