2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* This file has quite some overlap with engines/e_loader_attic.c */
12 #include "internal/e_os.h" /* To get strncasecmp() on Windows */
16 #include <ctype.h> /* isdigit */
19 #include <openssl/core_dispatch.h>
20 #include <openssl/core_names.h>
21 #include <openssl/core_object.h>
22 #include <openssl/bio.h>
23 #include <openssl/err.h>
24 #include <openssl/params.h>
25 #include <openssl/decoder.h>
26 #include <openssl/proverr.h>
27 #include <openssl/store.h> /* The OSSL_STORE_INFO type numbers */
28 #include "internal/cryptlib.h"
29 #include "internal/o_dir.h"
30 #include "crypto/decoder.h"
31 #include "crypto/ctype.h" /* ossl_isdigit() */
32 #include "prov/implementations.h"
34 #include "file_store_local.h"
36 DEFINE_STACK_OF(OSSL_STORE_INFO
)
43 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
46 static OSSL_FUNC_store_open_fn file_open
;
47 static OSSL_FUNC_store_attach_fn file_attach
;
48 static OSSL_FUNC_store_settable_ctx_params_fn file_settable_ctx_params
;
49 static OSSL_FUNC_store_set_ctx_params_fn file_set_ctx_params
;
50 static OSSL_FUNC_store_load_fn file_load
;
51 static OSSL_FUNC_store_eof_fn file_eof
;
52 static OSSL_FUNC_store_close_fn file_close
;
55 * This implementation makes full use of OSSL_DECODER, and then some.
56 * It uses its own internal decoder implementation that reads DER and
57 * passes that on to the data callback; this decoder is created with
58 * internal OpenSSL functions, thereby bypassing the need for a surrounding
59 * provider. This is ok, since this is a local decoder, not meant for
60 * public consumption. It also uses the libcrypto internal decoder
61 * setup function ossl_decoder_ctx_setup_for_pkey(), to allow the
62 * last resort decoder to be added first (and thereby be executed last).
63 * Finally, it sets up its own construct and cleanup functions.
65 * Essentially, that makes this implementation a kind of glorified decoder.
70 char *uri
; /* The URI we currently try to load */
72 IS_FILE
= 0, /* Read file and pass results */
73 IS_DIR
/* Pass directory entry names */
77 /* Used with |IS_FILE| */
81 OSSL_DECODER_CTX
*decoderctx
;
83 char *propq
; /* The properties we got as a parameter */
86 /* Used with |IS_DIR| */
92 * When a search expression is given, these are filled in.
93 * |search_name| contains the file basename to look for.
94 * The string is exactly 8 characters long.
99 * The directory reading utility we have combines opening with
100 * reading the first name. To make sure we can detect the end
101 * at the right time, we read early and cache the name.
103 const char *last_entry
;
108 /* Expected object type. May be unspecified */
112 static void free_file_ctx(struct file_ctx_st
*ctx
)
117 OPENSSL_free(ctx
->uri
);
118 if (ctx
->type
!= IS_DIR
) {
119 OSSL_DECODER_CTX_free(ctx
->_
.file
.decoderctx
);
120 OPENSSL_free(ctx
->_
.file
.propq
);
121 OPENSSL_free(ctx
->_
.file
.input_type
);
126 static struct file_ctx_st
*new_file_ctx(int type
, const char *uri
,
129 struct file_ctx_st
*ctx
= NULL
;
131 if ((ctx
= OPENSSL_zalloc(sizeof(*ctx
))) != NULL
132 && (uri
== NULL
|| (ctx
->uri
= OPENSSL_strdup(uri
)) != NULL
)) {
134 ctx
->provctx
= provctx
;
141 static OSSL_DECODER_CONSTRUCT file_load_construct
;
142 static OSSL_DECODER_CLEANUP file_load_cleanup
;
145 * Opening / attaching streams and directories
146 * -------------------------------------------
150 * Function to service both file_open() and file_attach()
154 static struct file_ctx_st
*file_open_stream(BIO
*source
, const char *uri
,
157 struct file_ctx_st
*ctx
;
159 if ((ctx
= new_file_ctx(IS_FILE
, uri
, provctx
)) == NULL
) {
160 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
164 ctx
->_
.file
.file
= source
;
172 static void *file_open_dir(const char *path
, const char *uri
, void *provctx
)
174 struct file_ctx_st
*ctx
;
176 if ((ctx
= new_file_ctx(IS_DIR
, uri
, provctx
)) == NULL
) {
177 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
181 ctx
->_
.dir
.last_entry
= OPENSSL_DIR_read(&ctx
->_
.dir
.ctx
, path
);
182 ctx
->_
.dir
.last_errno
= errno
;
183 if (ctx
->_
.dir
.last_entry
== NULL
) {
184 if (ctx
->_
.dir
.last_errno
!= 0) {
185 ERR_raise_data(ERR_LIB_SYS
, ctx
->_
.dir
.last_errno
,
186 "Calling OPENSSL_DIR_read(\"%s\")", path
);
189 ctx
->_
.dir
.end_reached
= 1;
197 static void *file_open(void *provctx
, const char *uri
)
199 struct file_ctx_st
*ctx
= NULL
;
203 unsigned int check_absolute
:1;
205 size_t path_data_n
= 0, i
;
206 const char *path
, *p
= uri
, *q
;
212 * First step, just take the URI as is.
214 path_data
[path_data_n
].check_absolute
= 0;
215 path_data
[path_data_n
++].path
= uri
;
218 * Second step, if the URI appears to start with the "file" scheme,
219 * extract the path and make that the second path to check.
220 * There's a special case if the URI also contains an authority, then
221 * the full URI shouldn't be used as a path anywhere.
223 if (CHECK_AND_SKIP_CASE_PREFIX(p
, "file:")) {
225 if (CHECK_AND_SKIP_CASE_PREFIX(q
, "//")) {
226 path_data_n
--; /* Invalidate using the full URI */
227 if (CHECK_AND_SKIP_CASE_PREFIX(q
, "localhost/")
228 || CHECK_AND_SKIP_CASE_PREFIX(q
, "/")) {
231 ERR_clear_last_mark();
232 ERR_raise(ERR_LIB_PROV
, PROV_R_URI_AUTHORITY_UNSUPPORTED
);
237 path_data
[path_data_n
].check_absolute
= 1;
239 /* Windows "file:" URIs with a drive letter start with a '/' */
240 if (p
[0] == '/' && p
[2] == ':' && p
[3] == '/') {
241 char c
= tolower(p
[1]);
243 if (c
>= 'a' && c
<= 'z') {
245 /* We know it's absolute, so no need to check */
246 path_data
[path_data_n
].check_absolute
= 0;
250 path_data
[path_data_n
++].path
= p
;
254 for (i
= 0, path
= NULL
; path
== NULL
&& i
< path_data_n
; i
++) {
256 * If the scheme "file" was an explicit part of the URI, the path must
257 * be absolute. So says RFC 8089
259 if (path_data
[i
].check_absolute
&& path_data
[i
].path
[0] != '/') {
260 ERR_clear_last_mark();
261 ERR_raise_data(ERR_LIB_PROV
, PROV_R_PATH_MUST_BE_ABSOLUTE
,
262 "Given path=%s", path_data
[i
].path
);
266 if (stat(path_data
[i
].path
, &st
) < 0) {
267 ERR_raise_data(ERR_LIB_SYS
, errno
,
271 path
= path_data
[i
].path
;
275 ERR_clear_last_mark();
279 /* Successfully found a working path, clear possible collected errors */
282 if (S_ISDIR(st
.st_mode
))
283 ctx
= file_open_dir(path
, uri
, provctx
);
284 else if ((bio
= BIO_new_file(path
, "rb")) == NULL
285 || (ctx
= file_open_stream(bio
, uri
, provctx
)) == NULL
)
291 void *file_attach(void *provctx
, OSSL_CORE_BIO
*cin
)
293 struct file_ctx_st
*ctx
;
294 BIO
*new_bio
= ossl_bio_new_from_core_bio(provctx
, cin
);
299 ctx
= file_open_stream(new_bio
, NULL
, provctx
);
310 static const OSSL_PARAM
*file_settable_ctx_params(void *provctx
)
312 static const OSSL_PARAM known_settable_ctx_params
[] = {
313 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES
, NULL
, 0),
314 OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT
, NULL
),
315 OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT
, NULL
, 0),
316 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE
, NULL
, 0),
319 return known_settable_ctx_params
;
322 static int file_set_ctx_params(void *loaderctx
, const OSSL_PARAM params
[])
324 struct file_ctx_st
*ctx
= loaderctx
;
330 if (ctx
->type
!= IS_DIR
) {
331 /* these parameters are ignored for directories */
332 p
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_PROPERTIES
);
334 OPENSSL_free(ctx
->_
.file
.propq
);
335 ctx
->_
.file
.propq
= NULL
;
336 if (!OSSL_PARAM_get_utf8_string(p
, &ctx
->_
.file
.propq
, 0))
339 p
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_INPUT_TYPE
);
341 OPENSSL_free(ctx
->_
.file
.input_type
);
342 ctx
->_
.file
.input_type
= NULL
;
343 if (!OSSL_PARAM_get_utf8_string(p
, &ctx
->_
.file
.input_type
, 0))
347 p
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_EXPECT
);
348 if (p
!= NULL
&& !OSSL_PARAM_get_int(p
, &ctx
->expected_type
))
350 p
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_SUBJECT
);
352 const unsigned char *der
= NULL
;
354 X509_NAME
*x509_name
;
358 if (ctx
->type
!= IS_DIR
) {
359 ERR_raise(ERR_LIB_PROV
,
360 PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES
);
364 if (!OSSL_PARAM_get_octet_string_ptr(p
, (const void **)&der
, &der_len
)
365 || (x509_name
= d2i_X509_NAME(NULL
, &der
, der_len
)) == NULL
)
367 hash
= X509_NAME_hash_ex(x509_name
,
368 ossl_prov_ctx_get0_libctx(ctx
->provctx
), NULL
,
370 BIO_snprintf(ctx
->_
.dir
.search_name
, sizeof(ctx
->_
.dir
.search_name
),
372 X509_NAME_free(x509_name
);
380 * Loading an object from a stream
381 * -------------------------------
384 struct file_load_data_st
{
385 OSSL_CALLBACK
*object_cb
;
389 static int file_load_construct(OSSL_DECODER_INSTANCE
*decoder_inst
,
390 const OSSL_PARAM
*params
, void *construct_data
)
392 struct file_load_data_st
*data
= construct_data
;
395 * At some point, we may find it justifiable to recognise PKCS#12 and
396 * handle it specially here, making |file_load()| return pass its
397 * contents one piece at ta time, like |e_loader_attic.c| does.
399 * However, that currently means parsing them out, which converts the
400 * DER encoded PKCS#12 into a bunch of EVP_PKEYs and X509s, just to
401 * have to re-encode them into DER to create an object abstraction for
403 * It's much simpler (less churn) to pass on the object abstraction we
404 * get to the load_result callback and leave it to that one to do the
405 * work. If that's libcrypto code, we know that it has much better
406 * possibilities to handle the EVP_PKEYs and X509s without the extra
410 return data
->object_cb(params
, data
->object_cbarg
);
413 void file_load_cleanup(void *construct_data
)
418 static int file_setup_decoders(struct file_ctx_st
*ctx
)
420 OSSL_LIB_CTX
*libctx
= ossl_prov_ctx_get0_libctx(ctx
->provctx
);
421 const OSSL_ALGORITHM
*to_algo
= NULL
;
424 /* Setup for this session, so only if not already done */
425 if (ctx
->_
.file
.decoderctx
== NULL
) {
426 if ((ctx
->_
.file
.decoderctx
= OSSL_DECODER_CTX_new()) == NULL
) {
427 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
431 /* Make sure the input type is set */
432 if (!OSSL_DECODER_CTX_set_input_type(ctx
->_
.file
.decoderctx
,
433 ctx
->_
.file
.input_type
)) {
434 ERR_raise(ERR_LIB_PROV
, ERR_R_OSSL_DECODER_LIB
);
439 * Where applicable, set the outermost structure name.
440 * The goal is to avoid the STORE object types that are
441 * potentially password protected but aren't interesting
444 switch (ctx
->expected_type
) {
445 case OSSL_STORE_INFO_CERT
:
446 if (!OSSL_DECODER_CTX_set_input_structure(ctx
->_
.file
.decoderctx
,
448 ERR_raise(ERR_LIB_PROV
, ERR_R_OSSL_DECODER_LIB
);
452 case OSSL_STORE_INFO_CRL
:
453 if (!OSSL_DECODER_CTX_set_input_structure(ctx
->_
.file
.decoderctx
,
454 "CertificateList")) {
455 ERR_raise(ERR_LIB_PROV
, ERR_R_OSSL_DECODER_LIB
);
463 for (to_algo
= ossl_any_to_obj_algorithm
;
464 to_algo
->algorithm_names
!= NULL
;
466 OSSL_DECODER
*to_obj
= NULL
;
467 OSSL_DECODER_INSTANCE
*to_obj_inst
= NULL
;
470 * Create the internal last resort decoder implementation
471 * together with a "decoder instance".
472 * The decoder doesn't need any identification or to be
473 * attached to any provider, since it's only used locally.
475 to_obj
= ossl_decoder_from_algorithm(0, to_algo
, NULL
);
477 to_obj_inst
= ossl_decoder_instance_new(to_obj
, ctx
->provctx
);
478 OSSL_DECODER_free(to_obj
);
479 if (to_obj_inst
== NULL
)
482 if (!ossl_decoder_ctx_add_decoder_inst(ctx
->_
.file
.decoderctx
,
484 ossl_decoder_instance_free(to_obj_inst
);
485 ERR_raise(ERR_LIB_PROV
, ERR_R_OSSL_DECODER_LIB
);
489 /* Add on the usual extra decoders */
490 if (!OSSL_DECODER_CTX_add_extra(ctx
->_
.file
.decoderctx
,
491 libctx
, ctx
->_
.file
.propq
)) {
492 ERR_raise(ERR_LIB_PROV
, ERR_R_OSSL_DECODER_LIB
);
497 * Then install our constructor hooks, which just passes decoded
498 * data to the load callback
500 if (!OSSL_DECODER_CTX_set_construct(ctx
->_
.file
.decoderctx
,
502 || !OSSL_DECODER_CTX_set_cleanup(ctx
->_
.file
.decoderctx
,
503 file_load_cleanup
)) {
504 ERR_raise(ERR_LIB_PROV
, ERR_R_OSSL_DECODER_LIB
);
514 static int file_load_file(struct file_ctx_st
*ctx
,
515 OSSL_CALLBACK
*object_cb
, void *object_cbarg
,
516 OSSL_PASSPHRASE_CALLBACK
*pw_cb
, void *pw_cbarg
)
518 struct file_load_data_st data
;
521 /* Setup the decoders (one time shot per session */
523 if (!file_setup_decoders(ctx
))
526 /* Setup for this object */
528 data
.object_cb
= object_cb
;
529 data
.object_cbarg
= object_cbarg
;
530 OSSL_DECODER_CTX_set_construct_data(ctx
->_
.file
.decoderctx
, &data
);
531 OSSL_DECODER_CTX_set_passphrase_cb(ctx
->_
.file
.decoderctx
, pw_cb
, pw_cbarg
);
536 ret
= OSSL_DECODER_from_bio(ctx
->_
.file
.decoderctx
, ctx
->_
.file
.file
);
537 if (BIO_eof(ctx
->_
.file
.file
)
538 && ((err
= ERR_peek_last_error()) != 0)
539 && ERR_GET_LIB(err
) == ERR_LIB_OSSL_DECODER
540 && ERR_GET_REASON(err
) == ERR_R_UNSUPPORTED
)
543 ERR_clear_last_mark();
548 * Loading a name object from a directory
549 * --------------------------------------
552 static char *file_name_to_uri(struct file_ctx_st
*ctx
, const char *name
)
556 assert(name
!= NULL
);
558 const char *pathsep
= ossl_ends_with_dirsep(ctx
->uri
) ? "" : "/";
559 long calculated_length
= strlen(ctx
->uri
) + strlen(pathsep
)
560 + strlen(name
) + 1 /* \0 */;
562 data
= OPENSSL_zalloc(calculated_length
);
564 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
568 OPENSSL_strlcat(data
, ctx
->uri
, calculated_length
);
569 OPENSSL_strlcat(data
, pathsep
, calculated_length
);
570 OPENSSL_strlcat(data
, name
, calculated_length
);
575 static int file_name_check(struct file_ctx_st
*ctx
, const char *name
)
577 const char *p
= NULL
;
578 size_t len
= strlen(ctx
->_
.dir
.search_name
);
580 /* If there are no search criteria, all names are accepted */
581 if (ctx
->_
.dir
.search_name
[0] == '\0')
584 /* If the expected type isn't supported, no name is accepted */
585 if (ctx
->expected_type
!= 0
586 && ctx
->expected_type
!= OSSL_STORE_INFO_CERT
587 && ctx
->expected_type
!= OSSL_STORE_INFO_CRL
)
591 * First, check the basename
593 if (strncasecmp(name
, ctx
->_
.dir
.search_name
, len
) != 0 || name
[len
] != '.')
598 * Then, if the expected type is a CRL, check that the extension starts
603 if (ctx
->expected_type
!= 0
604 && ctx
->expected_type
!= OSSL_STORE_INFO_CRL
)
606 } else if (ctx
->expected_type
== OSSL_STORE_INFO_CRL
) {
611 * Last, check that the rest of the extension is a decimal number, at
612 * least one digit long.
621 * One extra step here, check for a possible generation number.
624 for (p
++; *p
!= '\0'; p
++)
625 if (!ossl_isdigit(*p
))
630 * If we've reached the end of the string at this point, we've successfully
631 * found a fitting file name.
636 static int file_load_dir_entry(struct file_ctx_st
*ctx
,
637 OSSL_CALLBACK
*object_cb
, void *object_cbarg
,
638 OSSL_PASSPHRASE_CALLBACK
*pw_cb
, void *pw_cbarg
)
640 /* Prepare as much as possible in advance */
641 static const int object_type
= OSSL_OBJECT_NAME
;
642 OSSL_PARAM object
[] = {
643 OSSL_PARAM_int(OSSL_OBJECT_PARAM_TYPE
, (int *)&object_type
),
644 OSSL_PARAM_utf8_string(OSSL_OBJECT_PARAM_DATA
, NULL
, 0),
647 char *newname
= NULL
;
650 /* Loop until we get an error or until we have a suitable name */
652 if (ctx
->_
.dir
.last_entry
== NULL
) {
653 if (!ctx
->_
.dir
.end_reached
) {
654 assert(ctx
->_
.dir
.last_errno
!= 0);
655 ERR_raise(ERR_LIB_SYS
, ctx
->_
.dir
.last_errno
);
657 /* file_eof() will tell if EOF was reached */
661 /* flag acceptable names */
662 if (ctx
->_
.dir
.last_entry
[0] != '.'
663 && file_name_check(ctx
, ctx
->_
.dir
.last_entry
)) {
665 /* If we can't allocate the new name, we fail */
667 file_name_to_uri(ctx
, ctx
->_
.dir
.last_entry
)) == NULL
)
672 * On the first call (with a NULL context), OPENSSL_DIR_read()
673 * cares about the second argument. On the following calls, it
674 * only cares that it isn't NULL. Therefore, we can safely give
677 ctx
->_
.dir
.last_entry
= OPENSSL_DIR_read(&ctx
->_
.dir
.ctx
, ctx
->uri
);
678 ctx
->_
.dir
.last_errno
= errno
;
679 if (ctx
->_
.dir
.last_entry
== NULL
&& ctx
->_
.dir
.last_errno
== 0)
680 ctx
->_
.dir
.end_reached
= 1;
681 } while (newname
== NULL
);
683 object
[1].data
= newname
;
684 object
[1].data_size
= strlen(newname
);
685 ok
= object_cb(object
, object_cbarg
);
686 OPENSSL_free(newname
);
691 * Loading, local dispatcher
692 * -------------------------
695 static int file_load(void *loaderctx
,
696 OSSL_CALLBACK
*object_cb
, void *object_cbarg
,
697 OSSL_PASSPHRASE_CALLBACK
*pw_cb
, void *pw_cbarg
)
699 struct file_ctx_st
*ctx
= loaderctx
;
703 return file_load_file(ctx
, object_cb
, object_cbarg
, pw_cb
, pw_cbarg
);
706 file_load_dir_entry(ctx
, object_cb
, object_cbarg
, pw_cb
, pw_cbarg
);
711 /* ctx->type has an unexpected value */
717 * Eof detection and closing
718 * -------------------------
721 static int file_eof(void *loaderctx
)
723 struct file_ctx_st
*ctx
= loaderctx
;
727 return ctx
->_
.dir
.end_reached
;
730 * BIO_pending() checks any filter BIO.
731 * BIO_eof() checks the source BIO.
733 return !BIO_pending(ctx
->_
.file
.file
)
734 && BIO_eof(ctx
->_
.file
.file
);
737 /* ctx->type has an unexpected value */
742 static int file_close_dir(struct file_ctx_st
*ctx
)
744 if (ctx
->_
.dir
.ctx
!= NULL
)
745 OPENSSL_DIR_end(&ctx
->_
.dir
.ctx
);
750 static int file_close_stream(struct file_ctx_st
*ctx
)
753 * This frees either the provider BIO filter (for file_attach()) OR
754 * the allocated file BIO (for file_open()).
756 BIO_free(ctx
->_
.file
.file
);
757 ctx
->_
.file
.file
= NULL
;
763 static int file_close(void *loaderctx
)
765 struct file_ctx_st
*ctx
= loaderctx
;
769 return file_close_dir(ctx
);
771 return file_close_stream(ctx
);
774 /* ctx->type has an unexpected value */
779 const OSSL_DISPATCH ossl_file_store_functions
[] = {
780 { OSSL_FUNC_STORE_OPEN
, (void (*)(void))file_open
},
781 { OSSL_FUNC_STORE_ATTACH
, (void (*)(void))file_attach
},
782 { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS
,
783 (void (*)(void))file_settable_ctx_params
},
784 { OSSL_FUNC_STORE_SET_CTX_PARAMS
, (void (*)(void))file_set_ctx_params
},
785 { OSSL_FUNC_STORE_LOAD
, (void (*)(void))file_load
},
786 { OSSL_FUNC_STORE_EOF
, (void (*)(void))file_eof
},
787 { OSSL_FUNC_STORE_CLOSE
, (void (*)(void))file_close
},