2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "e_os.h" /* To get strncasecmp() on Windows */
16 #include <openssl/core.h>
17 #include <openssl/core_dispatch.h>
18 #include <openssl/core_names.h>
19 #include <openssl/core_object.h>
20 #include <openssl/crypto.h>
21 #include <openssl/bio.h>
22 #include <openssl/err.h>
23 #include <openssl/buffer.h>
24 #include <openssl/params.h>
25 #include <openssl/decoder.h>
26 #include <openssl/store.h> /* The OSSL_STORE_INFO type numbers */
27 #include "internal/o_dir.h"
28 #include "internal/pem.h" /* For PVK and "blob" PEM headers */
29 #include "crypto/decoder.h"
30 #include "prov/implementations.h"
32 #include "prov/provider_ctx.h"
33 #include "prov/providercommonerr.h"
34 #include "file_store_local.h"
36 DEFINE_STACK_OF(OSSL_STORE_INFO
)
43 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
46 static OSSL_FUNC_store_open_fn file_open
;
47 static OSSL_FUNC_store_attach_fn file_attach
;
48 static OSSL_FUNC_store_settable_ctx_params_fn file_settable_ctx_params
;
49 static OSSL_FUNC_store_set_ctx_params_fn file_set_ctx_params
;
50 static OSSL_FUNC_store_load_fn file_load
;
51 static OSSL_FUNC_store_eof_fn file_eof
;
52 static OSSL_FUNC_store_close_fn file_close
;
55 * This implementation makes full use of OSSL_DECODER, and then some.
56 * It uses its own internal decoder implementation that reads DER and
57 * passes that on to the data callback; this decoder is created with
58 * internal OpenSSL functions, thereby bypassing the need for a surrounding
59 * provider. This is ok, since this is a local decoder, not meant for
60 * public consumption. It also uses the libcrypto internal decoder
61 * setup function ossl_decoder_ctx_setup_for_EVP_PKEY(), to allow the
62 * last resort decoder to be added first (and thereby be executed last).
63 * Finally, it sets up its own construct and cleanup functions.
65 * Essentially, that makes this implementation a kind of glorified decoder.
70 char *uri
; /* The URI we currently try to load */
72 IS_FILE
= 0, /* Read file and pass results */
73 IS_DIR
/* Pass directory entry names */
77 unsigned int flag_attached
:1;
78 unsigned int flag_buffered
:1;
81 /* Used with |IS_FILE| */
85 OSSL_DECODER_CTX
*decoderctx
;
87 char *propq
; /* The properties we got as a parameter */
90 /* Used with |IS_DIR| */
96 * When a search expression is given, these are filled in.
97 * |search_name| contains the file basename to look for.
98 * The string is exactly 8 characters long.
103 * The directory reading utility we have combines opening with
104 * reading the first name. To make sure we can detect the end
105 * at the right time, we read early and cache the name.
107 const char *last_entry
;
112 /* Expected object type. May be unspecified */
116 static void free_file_ctx(struct file_ctx_st
*ctx
)
121 OPENSSL_free(ctx
->uri
);
122 if (ctx
->type
!= IS_DIR
) {
123 OSSL_DECODER_CTX_free(ctx
->_
.file
.decoderctx
);
124 OPENSSL_free(ctx
->_
.file
.propq
);
125 OPENSSL_free(ctx
->_
.file
.input_type
);
130 static struct file_ctx_st
*new_file_ctx(int type
, const char *uri
,
133 struct file_ctx_st
*ctx
= NULL
;
135 if ((ctx
= OPENSSL_zalloc(sizeof(*ctx
))) != NULL
136 && (uri
== NULL
|| (ctx
->uri
= OPENSSL_strdup(uri
)) != NULL
)) {
138 ctx
->provctx
= provctx
;
145 static OSSL_DECODER_CONSTRUCT file_load_construct
;
146 static OSSL_DECODER_CLEANUP file_load_cleanup
;
149 * Opening / attaching streams and directories
150 * -------------------------------------------
154 * Function to service both file_open() and file_attach()
158 static struct file_ctx_st
*file_open_stream(BIO
*source
, const char *uri
,
159 const char *input_type
,
162 struct file_ctx_st
*ctx
;
164 if ((ctx
= new_file_ctx(IS_FILE
, uri
, provctx
)) == NULL
165 || (input_type
!= NULL
166 && (ctx
->_
.file
.input_type
=
167 OPENSSL_strdup(input_type
)) == NULL
)) {
168 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
172 ctx
->_
.file
.file
= source
;
180 static void *file_open_dir(const char *path
, const char *uri
, void *provctx
)
182 struct file_ctx_st
*ctx
;
184 if ((ctx
= new_file_ctx(IS_DIR
, uri
, provctx
)) == NULL
) {
185 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
189 ctx
->_
.dir
.last_entry
= OPENSSL_DIR_read(&ctx
->_
.dir
.ctx
, path
);
190 ctx
->_
.dir
.last_errno
= errno
;
191 if (ctx
->_
.dir
.last_entry
== NULL
) {
192 if (ctx
->_
.dir
.last_errno
!= 0) {
193 ERR_raise_data(ERR_LIB_SYS
, ctx
->_
.dir
.last_errno
,
194 "Calling OPENSSL_DIR_read(\"%s\")", path
);
197 ctx
->_
.dir
.end_reached
= 1;
205 static void *file_open(void *provctx
, const char *uri
)
207 struct file_ctx_st
*ctx
= NULL
;
211 unsigned int check_absolute
:1;
213 size_t path_data_n
= 0, i
;
220 * First step, just take the URI as is.
222 path_data
[path_data_n
].check_absolute
= 0;
223 path_data
[path_data_n
++].path
= uri
;
226 * Second step, if the URI appears to start with the 'file' scheme,
227 * extract the path and make that the second path to check.
228 * There's a special case if the URI also contains an authority, then
229 * the full URI shouldn't be used as a path anywhere.
231 if (strncasecmp(uri
, "file:", 5) == 0) {
232 const char *p
= &uri
[5];
234 if (strncmp(&uri
[5], "//", 2) == 0) {
235 path_data_n
--; /* Invalidate using the full URI */
236 if (strncasecmp(&uri
[7], "localhost/", 10) == 0) {
238 } else if (uri
[7] == '/') {
241 ERR_clear_last_mark();
242 ERR_raise(ERR_LIB_PROV
, PROV_R_URI_AUTHORITY_UNSUPPORTED
);
247 path_data
[path_data_n
].check_absolute
= 1;
249 /* Windows file: URIs with a drive letter start with a / */
250 if (p
[0] == '/' && p
[2] == ':' && p
[3] == '/') {
251 char c
= tolower(p
[1]);
253 if (c
>= 'a' && c
<= 'z') {
255 /* We know it's absolute, so no need to check */
256 path_data
[path_data_n
].check_absolute
= 0;
260 path_data
[path_data_n
++].path
= p
;
264 for (i
= 0, path
= NULL
; path
== NULL
&& i
< path_data_n
; i
++) {
266 * If the scheme "file" was an explicit part of the URI, the path must
267 * be absolute. So says RFC 8089
269 if (path_data
[i
].check_absolute
&& path_data
[i
].path
[0] != '/') {
270 ERR_clear_last_mark();
271 ERR_raise_data(ERR_LIB_PROV
, PROV_R_PATH_MUST_BE_ABSOLUTE
,
272 "Given path=%s", path_data
[i
].path
);
276 if (stat(path_data
[i
].path
, &st
) < 0) {
277 ERR_raise_data(ERR_LIB_SYS
, errno
,
281 path
= path_data
[i
].path
;
285 ERR_clear_last_mark();
289 /* Successfully found a working path, clear possible collected errors */
292 if (S_ISDIR(st
.st_mode
))
293 ctx
= file_open_dir(path
, uri
, provctx
);
294 else if ((bio
= BIO_new_file(path
, "rb")) == NULL
295 || (ctx
= file_open_stream(bio
, uri
, NULL
, provctx
)) == NULL
)
302 * Attached input streams must be treated very very carefully to avoid
305 * This implementation tries to support input streams that can't be reset,
306 * such as standard input. However, OSSL_DECODER assumes resettable streams,
307 * and because the PEM decoder may read quite a bit of the input file to skip
308 * past any non-PEM text that precedes the PEM block, we may need to detect
309 * if the input stream is a PEM file early.
311 * If the input stream supports BIO_tell(), we assume that it also supports
312 * BIO_seek(), making it a resettable stream and therefore safe to fully
313 * unleash OSSL_DECODER.
315 * If the input stream doesn't support BIO_tell(), we must assume that we
316 * have a non-resettable stream, and must tread carefully. We do so by
317 * trying to detect if the input is PEM, MSBLOB or PVK, and if not, we
318 * assume that it's DER.
320 * To detect if an input stream is PEM, MSBLOB or PVK, we use the buffer BIO
321 * filter, which allows us a 4KiB resettable read-ahead. We *hope* that 4KiB
322 * will be enough to find the start of the PEM block.
324 * It should be possible to use this same technique to detect other file
327 * An alternative technique would be to have an endlessly caching BIO filter.
328 * That would take away the need for all the detection here, and simply leave
329 * it for OSSL_DECODER to find out on its own while supporting its demand for
330 * resettable input streams.
331 * That's a possible future development.
334 # define INPUT_TYPE_ANY NULL
335 # define INPUT_TYPE_DER "DER"
336 # define INPUT_TYPE_PEM "PEM"
337 # define INPUT_TYPE_MSBLOB "MSBLOB"
338 # define INPUT_TYPE_PVK "PVK"
340 void *file_attach(void *provctx
, OSSL_CORE_BIO
*cin
)
342 BIO
*new_bio
= bio_new_from_core_bio(provctx
, cin
);
343 BIO
*new_bio_tmp
= NULL
;
345 char peekbuf
[4096] = { 0, };
347 const char *input_type
= NULL
;
348 unsigned int flag_attached
= 1;
349 unsigned int flag_buffered
= 0;
350 struct file_ctx_st
*ctx
= NULL
;
355 /* Try to get the current position */
356 loc
= BIO_tell(new_bio
);
358 if ((buff
= BIO_new(BIO_f_buffer())) == NULL
359 || (new_bio_tmp
= BIO_push(buff
, new_bio
)) == NULL
)
362 /* Assumption, if we can't detect PEM */
363 input_type
= INPUT_TYPE_DER
;
365 new_bio
= new_bio_tmp
;
367 if (BIO_buffer_peek(new_bio
, peekbuf
, sizeof(peekbuf
) - 1) > 0) {
368 #ifndef OPENSSL_NO_DSA
369 const unsigned char *p
= NULL
;
370 unsigned int magic
= 0, bitlen
= 0;
371 int isdss
= 0, ispub
= -1;
372 # ifndef OPENSSL_NO_RC4
373 unsigned int saltlen
= 0, keylen
= 0;
377 peekbuf
[sizeof(peekbuf
) - 1] = '\0';
378 if (strstr(peekbuf
, "-----BEGIN ") != NULL
)
379 input_type
= INPUT_TYPE_PEM
;
380 #ifndef OPENSSL_NO_DSA
381 else if (p
= (unsigned char *)peekbuf
,
382 ossl_do_blob_header(&p
, sizeof(peekbuf
), &magic
, &bitlen
,
384 input_type
= INPUT_TYPE_MSBLOB
;
385 # ifndef OPENSSL_NO_RC4
386 else if (p
= (unsigned char *)peekbuf
,
387 ossl_do_PVK_header(&p
, sizeof(peekbuf
), 0, &saltlen
, &keylen
))
388 input_type
= INPUT_TYPE_PVK
;
394 * After peeking, we know that the underlying source BIO has moved ahead
395 * from its earlier position and that if it supports BIO_tell(), that
396 * should be a number that differs from |loc|. Otherwise, we will get
397 * the same value, which may one of:
399 * - zero (the source BIO doesn't support BIO_tell() / BIO_seek() /
401 * - -1 (the underlying operating system / C library routines do not
402 * support BIO_tell() / BIO_seek() / BIO_reset())
404 * If it turns out that the source BIO does support BIO_tell(), we pop
405 * the buffer BIO filter and mark this input as |INPUT_TYPE_ANY|, which
406 * fully unleashes OSSL_DECODER to do its thing.
408 if (BIO_tell(new_bio
) != loc
) {
409 /* In this case, anything goes */
410 input_type
= INPUT_TYPE_ANY
;
412 /* Restore the source BIO like it was when entering this function */
413 new_bio
= BIO_pop(buff
);
415 (void)BIO_seek(new_bio
, loc
);
420 if ((ctx
= file_open_stream(new_bio
, NULL
, input_type
, provctx
)) == NULL
)
423 ctx
->flag_attached
= flag_attached
;
424 ctx
->flag_buffered
= flag_buffered
;
429 new_bio
= BIO_pop(buff
);
432 BIO_free(new_bio
); /* Removes the provider BIO filter */
441 static const OSSL_PARAM
*file_settable_ctx_params(void *provctx
)
443 static const OSSL_PARAM known_settable_ctx_params
[] = {
444 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES
, NULL
, 0),
445 OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT
, NULL
),
446 OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT
, NULL
, 0),
449 return known_settable_ctx_params
;
452 static int file_set_ctx_params(void *loaderctx
, const OSSL_PARAM params
[])
454 struct file_ctx_st
*ctx
= loaderctx
;
457 p
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_PROPERTIES
);
459 OPENSSL_free(ctx
->_
.file
.propq
);
460 ctx
->_
.file
.propq
= NULL
;
461 if (!OSSL_PARAM_get_utf8_string(p
, &ctx
->_
.file
.propq
, 0))
464 p
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_EXPECT
);
465 if (p
!= NULL
&& !OSSL_PARAM_get_int(p
, &ctx
->expected_type
))
467 p
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_SUBJECT
);
469 const unsigned char *der
= NULL
;
471 X509_NAME
*x509_name
;
474 if (ctx
->type
!= IS_DIR
) {
475 ERR_raise(ERR_LIB_PROV
,
476 PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES
);
480 if (!OSSL_PARAM_get_octet_string_ptr(p
, (const void **)&der
, &der_len
)
481 || (x509_name
= d2i_X509_NAME(NULL
, &der
, der_len
)) == NULL
)
483 hash
= X509_NAME_hash(x509_name
);
484 BIO_snprintf(ctx
->_
.dir
.search_name
, sizeof(ctx
->_
.dir
.search_name
),
486 X509_NAME_free(x509_name
);
492 * Loading an object from a stream
493 * -------------------------------
496 struct file_load_data_st
{
497 OSSL_CALLBACK
*object_cb
;
501 static int file_load_construct(OSSL_DECODER_INSTANCE
*decoder_inst
,
502 const OSSL_PARAM
*params
, void *construct_data
)
504 struct file_load_data_st
*data
= construct_data
;
507 * At some point, we may find it justifiable to recognise PKCS#12 and
508 * handle it specially here, making |file_load()| return pass its
509 * contents one piece at ta time, like |e_loader_attic.c| does.
511 * However, that currently means parsing them out, which converts the
512 * DER encoded PKCS#12 into a bunch of EVP_PKEYs and X509s, just to
513 * have to re-encode them into DER to create an object abstraction for
515 * It's much simpler (less churn) to pass on the object abstraction we
516 * get to the load_result callback and leave it to that one to do the
517 * work. If that's libcrypto code, we know that it has much better
518 * possibilities to handle the EVP_PKEYs and X509s without the extra
522 return data
->object_cb(params
, data
->object_cbarg
);
525 void file_load_cleanup(void *construct_data
)
530 static int file_setup_decoders(struct file_ctx_st
*ctx
)
532 EVP_PKEY
*dummy
; /* for OSSL_DECODER_CTX_new_by_EVP_PKEY() */
533 OSSL_LIB_CTX
*libctx
= ossl_prov_ctx_get0_library_context(ctx
->provctx
);
534 OSSL_DECODER
*to_obj
= NULL
; /* Last resort decoder */
535 OSSL_DECODER_INSTANCE
*to_obj_inst
= NULL
;
536 OSSL_DECODER_CLEANUP
*old_cleanup
= NULL
;
537 void *old_construct_data
= NULL
;
540 /* Setup for this session, so only if not already done */
541 if (ctx
->_
.file
.decoderctx
== NULL
) {
542 if ((ctx
->_
.file
.decoderctx
= OSSL_DECODER_CTX_new()) == NULL
) {
543 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
547 /* Make sure the input type is set */
548 if (!OSSL_DECODER_CTX_set_input_type(ctx
->_
.file
.decoderctx
,
549 ctx
->_
.file
.input_type
)) {
550 ERR_raise(ERR_LIB_PROV
, ERR_R_OSSL_DECODER_LIB
);
555 * Create the internal last resort decoder implementation together
556 * with a "decoder instance".
557 * The decoder doesn't need any identification or to be attached to
558 * any provider, since it's only used locally.
560 to_obj
= ossl_decoder_from_dispatch(0, &ossl_der_to_obj_algorithm
,
564 to_obj_inst
= ossl_decoder_instance_new(to_obj
, ctx
->provctx
);
565 if (to_obj_inst
== NULL
)
568 if (!ossl_decoder_ctx_add_decoder_inst(ctx
->_
.file
.decoderctx
,
570 ERR_raise(ERR_LIB_PROV
, ERR_R_OSSL_DECODER_LIB
);
575 * OSSL_DECODER_INSTANCE shouldn't be freed from this point on.
576 * That's going to happen whenever the OSSL_DECODER_CTX is freed.
581 * Add on the usual decoder context for keys, with a dummy object.
582 * Since we're setting up our own constructor, we don't need to care
585 if (!ossl_decoder_ctx_setup_for_EVP_PKEY(ctx
->_
.file
.decoderctx
,
587 libctx
, ctx
->_
.file
.propq
)
588 || !OSSL_DECODER_CTX_add_extra(ctx
->_
.file
.decoderctx
,
589 libctx
, ctx
->_
.file
.propq
)) {
590 ERR_raise(ERR_LIB_PROV
, ERR_R_OSSL_DECODER_LIB
);
595 * Then we throw away the installed finalizer data, and install our
598 old_cleanup
= OSSL_DECODER_CTX_get_cleanup(ctx
->_
.file
.decoderctx
);
600 OSSL_DECODER_CTX_get_construct_data(ctx
->_
.file
.decoderctx
);
601 if (old_cleanup
!= NULL
)
602 old_cleanup(old_construct_data
);
607 if (!OSSL_DECODER_CTX_set_construct(ctx
->_
.file
.decoderctx
,
609 || !OSSL_DECODER_CTX_set_cleanup(ctx
->_
.file
.decoderctx
,
610 file_load_cleanup
)) {
611 ERR_raise(ERR_LIB_PROV
, ERR_R_OSSL_DECODER_LIB
);
618 OSSL_DECODER_free(to_obj
);
622 static int file_load_file(struct file_ctx_st
*ctx
,
623 OSSL_CALLBACK
*object_cb
, void *object_cbarg
,
624 OSSL_PASSPHRASE_CALLBACK
*pw_cb
, void *pw_cbarg
)
626 struct file_load_data_st data
;
628 /* Setup the decoders (one time shot per session */
630 if (!file_setup_decoders(ctx
))
633 /* Setup for this object */
635 data
.object_cb
= object_cb
;
636 data
.object_cbarg
= object_cbarg
;
637 OSSL_DECODER_CTX_set_construct_data(ctx
->_
.file
.decoderctx
, &data
);
638 OSSL_DECODER_CTX_set_passphrase_cb(ctx
->_
.file
.decoderctx
, pw_cb
, pw_cbarg
);
642 return OSSL_DECODER_from_bio(ctx
->_
.file
.decoderctx
, ctx
->_
.file
.file
);
646 * Loading a name object from a directory
647 * --------------------------------------
650 static int ends_with_dirsep(const char *uri
)
653 uri
+= strlen(uri
) - 1;
655 if (*uri
== ']' || *uri
== '>' || *uri
== ':')
657 #elif defined(_WIN32)
664 static char *file_name_to_uri(struct file_ctx_st
*ctx
, const char *name
)
668 assert(name
!= NULL
);
670 const char *pathsep
= ends_with_dirsep(ctx
->uri
) ? "" : "/";
671 long calculated_length
= strlen(ctx
->uri
) + strlen(pathsep
)
672 + strlen(name
) + 1 /* \0 */;
674 data
= OPENSSL_zalloc(calculated_length
);
676 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
680 OPENSSL_strlcat(data
, ctx
->uri
, calculated_length
);
681 OPENSSL_strlcat(data
, pathsep
, calculated_length
);
682 OPENSSL_strlcat(data
, name
, calculated_length
);
687 static int file_name_check(struct file_ctx_st
*ctx
, const char *name
)
689 const char *p
= NULL
;
691 /* If there are no search criteria, all names are accepted */
692 if (ctx
->_
.dir
.search_name
[0] == '\0')
695 /* If the expected type isn't supported, no name is accepted */
696 if (ctx
->expected_type
!= 0
697 && ctx
->expected_type
!= OSSL_STORE_INFO_CERT
698 && ctx
->expected_type
!= OSSL_STORE_INFO_CRL
)
702 * First, check the basename
704 if (strncasecmp(name
, ctx
->_
.dir
.search_name
,
705 sizeof(ctx
->_
.dir
.search_name
) - 1) != 0
706 || name
[sizeof(ctx
->_
.dir
.search_name
) - 1] != '.')
708 p
= &name
[sizeof(ctx
->_
.dir
.search_name
)];
711 * Then, if the expected type is a CRL, check that the extension starts
716 if (ctx
->expected_type
!= 0
717 && ctx
->expected_type
!= OSSL_STORE_INFO_CRL
)
719 } else if (ctx
->expected_type
== OSSL_STORE_INFO_CRL
) {
724 * Last, check that the rest of the extension is a decimal number, at
725 * least one digit long.
734 * One extra step here, check for a possible generation number.
737 for (p
++; *p
!= '\0'; p
++)
738 if (!ossl_isdigit(*p
))
743 * If we've reached the end of the string at this point, we've successfully
744 * found a fitting file name.
749 static int file_load_dir_entry(struct file_ctx_st
*ctx
,
750 OSSL_CALLBACK
*object_cb
, void *object_cbarg
,
751 OSSL_PASSPHRASE_CALLBACK
*pw_cb
, void *pw_cbarg
)
753 /* Prepare as much as possible in advance */
754 static const int object_type
= OSSL_OBJECT_NAME
;
755 OSSL_PARAM object
[] = {
756 OSSL_PARAM_int(OSSL_OBJECT_PARAM_TYPE
, (int *)&object_type
),
757 OSSL_PARAM_utf8_string(OSSL_OBJECT_PARAM_DATA
, NULL
, 0),
760 char *newname
= NULL
;
763 /* Loop until we get an error or until we have a suitable name */
765 if (ctx
->_
.dir
.last_entry
== NULL
) {
766 if (!ctx
->_
.dir
.end_reached
) {
767 assert(ctx
->_
.dir
.last_errno
!= 0);
768 ERR_raise(ERR_LIB_SYS
, ctx
->_
.dir
.last_errno
);
770 /* file_eof() will tell if EOF was reached */
774 /* flag acceptable names */
775 if (ctx
->_
.dir
.last_entry
[0] != '.'
776 && file_name_check(ctx
, ctx
->_
.dir
.last_entry
)) {
778 /* If we can't allocate the new name, we fail */
780 file_name_to_uri(ctx
, ctx
->_
.dir
.last_entry
)) == NULL
)
785 * On the first call (with a NULL context), OPENSSL_DIR_read()
786 * cares about the second argument. On the following calls, it
787 * only cares that it isn't NULL. Therefore, we can safely give
790 ctx
->_
.dir
.last_entry
= OPENSSL_DIR_read(&ctx
->_
.dir
.ctx
, ctx
->uri
);
791 ctx
->_
.dir
.last_errno
= errno
;
792 if (ctx
->_
.dir
.last_entry
== NULL
&& ctx
->_
.dir
.last_errno
== 0)
793 ctx
->_
.dir
.end_reached
= 1;
794 } while (newname
== NULL
);
796 object
[1].data
= newname
;
797 object
[1].data_size
= strlen(newname
);
798 ok
= object_cb(object
, object_cbarg
);
799 OPENSSL_free(newname
);
804 * Loading, local dispatcher
805 * -------------------------
808 static int file_load(void *loaderctx
,
809 OSSL_CALLBACK
*object_cb
, void *object_cbarg
,
810 OSSL_PASSPHRASE_CALLBACK
*pw_cb
, void *pw_cbarg
)
812 struct file_ctx_st
*ctx
= loaderctx
;
816 return file_load_file(ctx
, object_cb
, object_cbarg
, pw_cb
, pw_cbarg
);
819 file_load_dir_entry(ctx
, object_cb
, object_cbarg
, pw_cb
, pw_cbarg
);
824 /* ctx->type has an unexpected value */
830 * Eof detection and closing
831 * -------------------------
834 static int file_eof(void *loaderctx
)
836 struct file_ctx_st
*ctx
= loaderctx
;
840 return ctx
->_
.dir
.end_reached
;
843 * BIO_pending() checks any filter BIO.
844 * BIO_eof() checks the source BIO.
846 return !BIO_pending(ctx
->_
.file
.file
)
847 && BIO_eof(ctx
->_
.file
.file
);
850 /* ctx->type has an unexpected value */
855 static int file_close_dir(struct file_ctx_st
*ctx
)
857 if (ctx
->_
.dir
.ctx
!= NULL
)
858 OPENSSL_DIR_end(&ctx
->_
.dir
.ctx
);
863 static int file_close_stream(struct file_ctx_st
*ctx
)
865 if (ctx
->flag_buffered
) {
867 * file_attach() pushed a BIO_f_buffer() on top of the regular BIO.
870 BIO
*buff
= ctx
->_
.file
.file
;
873 ctx
->_
.file
.file
= BIO_pop(ctx
->_
.file
.file
);
879 * If it was attached, we only free the top, as that's the provider BIO
880 * filter. Otherwise, it was entirely allocated by this implementation,
881 * and can safely be completely freed.
883 if (ctx
->flag_attached
)
884 BIO_free(ctx
->_
.file
.file
);
886 BIO_free_all(ctx
->_
.file
.file
);
888 /* To avoid double free */
889 ctx
->_
.file
.file
= NULL
;
895 static int file_close(void *loaderctx
)
897 struct file_ctx_st
*ctx
= loaderctx
;
901 return file_close_dir(ctx
);
903 return file_close_stream(ctx
);
906 /* ctx->type has an unexpected value */
911 const OSSL_DISPATCH ossl_file_store_functions
[] = {
912 { OSSL_FUNC_STORE_OPEN
, (void (*)(void))file_open
},
913 { OSSL_FUNC_STORE_ATTACH
, (void (*)(void))file_attach
},
914 { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS
,
915 (void (*)(void))file_settable_ctx_params
},
916 { OSSL_FUNC_STORE_SET_CTX_PARAMS
, (void (*)(void))file_set_ctx_params
},
917 { OSSL_FUNC_STORE_LOAD
, (void (*)(void))file_load
},
918 { OSSL_FUNC_STORE_EOF
, (void (*)(void))file_eof
},
919 { OSSL_FUNC_STORE_CLOSE
, (void (*)(void))file_close
},