/*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
/* We need to use some STORE deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
-#include "e_os.h"
+#include "internal/e_os.h"
#include <openssl/crypto.h>
#include <openssl/err.h>
#include "internal/thread_once.h"
#include "internal/cryptlib.h"
#include "internal/provider.h"
+#include "internal/bio.h"
#include "crypto/store.h"
#include "store_local.h"
static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
+static int loader_set_params(OSSL_STORE_LOADER *loader,
+ OSSL_STORE_LOADER_CTX *loader_ctx,
+ const OSSL_PARAM params[], const char *propq)
+{
+ if (params != NULL) {
+ if (!loader->p_set_ctx_params(loader_ctx, params))
+ return 0;
+ }
+
+ if (propq != NULL) {
+ OSSL_PARAM propp[2];
+
+ if (OSSL_PARAM_locate_const(params,
+ OSSL_STORE_PARAM_PROPERTIES) != NULL)
+ /* use the propq from params */
+ return 1;
+
+ propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
+ (char *)propq, 0);
+ propp[1] = OSSL_PARAM_construct_end();
+
+ if (!loader->p_set_ctx_params(loader_ctx, propp))
+ return 0;
+ }
+ return 1;
+}
+
OSSL_STORE_CTX *
-OSSL_STORE_open_with_libctx(const char *uri,
- OPENSSL_CTX *libctx, const char *propq,
- const UI_METHOD *ui_method, void *ui_data,
- OSSL_STORE_post_process_info_fn post_process,
- void *post_process_data)
+OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
+ const UI_METHOD *ui_method, void *ui_data,
+ const OSSL_PARAM params[],
+ OSSL_STORE_post_process_info_fn post_process,
+ void *post_process_data)
{
const OSSL_STORE_LOADER *loader = NULL;
OSSL_STORE_LOADER *fetched_loader = NULL;
OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
OSSL_STORE_CTX *ctx = NULL;
char *propq_copy = NULL;
- char scheme_copy[256], *p, *schemes[2];
+ int no_loader_found = 1;
+ char scheme_copy[256], *p, *schemes[2], *scheme = NULL;
size_t schemes_n = 0;
size_t i;
OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
if ((p = strchr(scheme_copy, ':')) != NULL) {
*p++ = '\0';
- if (strcasecmp(scheme_copy, "file") != 0) {
- if (strncmp(p, "//", 2) == 0)
+ if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) {
+ if (HAS_PREFIX(p, "//"))
schemes_n--; /* Invalidate the file scheme */
schemes[schemes_n++] = scheme_copy;
}
* elsewhere.
*/
for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
- OSSL_TRACE1(STORE, "Looking up scheme %s\n", schemes[i]);
+ scheme = schemes[i];
+ OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
#ifndef OPENSSL_NO_DEPRECATED_3_0
- if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) {
- if (loader->open_with_libctx != NULL)
- loader_ctx = loader->open_with_libctx(loader, uri, libctx, propq,
- ui_method, ui_data);
+ ERR_set_mark();
+ if ((loader = ossl_store_get0_loader_int(scheme)) != NULL) {
+ ERR_clear_last_mark();
+ no_loader_found = 0;
+ if (loader->open_ex != NULL)
+ loader_ctx = loader->open_ex(loader, uri, libctx, propq,
+ ui_method, ui_data);
else
loader_ctx = loader->open(loader, uri, ui_method, ui_data);
+ } else {
+ ERR_pop_to_mark();
}
#endif
if (loader == NULL
&& (fetched_loader =
- OSSL_STORE_LOADER_fetch(schemes[i], libctx, propq)) != NULL) {
+ OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) {
const OSSL_PROVIDER *provider =
- OSSL_STORE_LOADER_provider(fetched_loader);
+ OSSL_STORE_LOADER_get0_provider(fetched_loader);
void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
+ no_loader_found = 0;
loader_ctx = fetched_loader->p_open(provctx, uri);
if (loader_ctx == NULL) {
OSSL_STORE_LOADER_free(fetched_loader);
fetched_loader = NULL;
- } else if (propq != NULL) {
- OSSL_PARAM params[] = {
- OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
- NULL, 0),
- OSSL_PARAM_END
- };
-
- params[0].data = (void *)propq;
- if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
- (void)fetched_loader->p_close(loader_ctx);
- OSSL_STORE_LOADER_free(fetched_loader);
- fetched_loader = NULL;
- }
+ } else if (!loader_set_params(fetched_loader, loader_ctx,
+ params, propq)) {
+ (void)fetched_loader->p_close(loader_ctx);
+ OSSL_STORE_LOADER_free(fetched_loader);
+ fetched_loader = NULL;
}
loader = fetched_loader;
}
}
- if (loader != NULL)
- OSSL_TRACE1(STORE, "Found loader for scheme %s\n", schemes[i]);
+ if (no_loader_found)
+ /*
+ * It's assumed that ossl_store_get0_loader_int() and
+ * OSSL_STORE_LOADER_fetch() report their own errors
+ */
+ goto err;
+
+ OSSL_TRACE1(STORE, "Found loader for scheme %s\n", scheme);
if (loader_ctx == NULL)
+ /*
+ * It's assumed that the loader's open() method reports its own
+ * errors
+ */
goto err;
OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
goto err;
}
- if ((ui_method != NULL
- && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data))
- || !ossl_pw_enable_passphrase_caching(&ctx->pwdata)) {
+ if (ui_method != NULL
+ && (!ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)
+ || !ossl_pw_enable_passphrase_caching(&ctx->pwdata))) {
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
goto err;
}
}
OSSL_STORE_LOADER_free(fetched_loader);
OPENSSL_free(propq_copy);
+ OPENSSL_free(ctx);
return NULL;
}
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data)
{
- return OSSL_STORE_open_with_libctx(uri, NULL, NULL, ui_method, ui_data,
- post_process, post_process_data);
+ return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL,
+ post_process, post_process_data);
}
#ifndef OPENSSL_NO_DEPRECATED_3_0
{
int ret = 1;
+ if (ctx == NULL
+ || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) {
+ ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
+ return 0;
+ }
if (ctx->loading) {
ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
return 0;
ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
return 0;
}
+ if (search == NULL) {
+ ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
if (ctx->fetched_loader != NULL) {
OSSL_PARAM_BLD *bld;
break;
case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST,
- EVP_MD_name(search->digest), 0)
+ EVP_MD_get0_name(search->digest),
+ 0)
&& OSSL_PARAM_BLD_push_octet_string(bld,
OSSL_STORE_PARAM_FINGERPRINT,
search->string,
params = OSSL_PARAM_BLD_to_param(bld);
ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
params);
- OSSL_PARAM_BLD_free_params(params);
+ OSSL_PARAM_free(params);
}
OSSL_PARAM_BLD_free(bld);
OPENSSL_free(name_der);
goto again;
}
+ /* Clear any internally cached passphrase */
+ (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
+
if (v != NULL && ctx->expected_type != 0) {
int returned_type = OSSL_STORE_INFO_get_type(v);
}
}
- ossl_pw_clear_passphrase_cache(&ctx->pwdata);
if (v != NULL)
OSSL_TRACE1(STORE, "Got a %s\n",
OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
if (ctx->fetched_loader == NULL)
ret = ctx->loader->eof(ctx->loader_ctx);
#endif
- return ret;
+ return ret != 0;
}
static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
ret = ctx->loader->p_close(ctx->loader_ctx);
#ifndef OPENSSL_NO_DEPRECATED_3_0
if (ctx->fetched_loader == NULL)
- ret = ctx->loader->close(ctx->loader_ctx);
+ ret = ctx->loader->closefn(ctx->loader_ctx);
#endif
sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free);
EVP_PKEY_up_ref(info->_.pubkey);
return info->_.pubkey;
}
- OSSL_STOREerr(0, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
+ ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
return NULL;
}
if (ctx->fetched_loader != NULL) {
void *provctx =
- ossl_provider_ctx(OSSL_STORE_LOADER_provider(ctx->fetched_loader));
+ ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader));
const OSSL_PARAM *params;
const OSSL_PARAM *p_subject = NULL;
const OSSL_PARAM *p_issuer = NULL;
return NULL;
}
- if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
+ if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) {
ERR_raise_data(ERR_LIB_OSSL_STORE,
OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
"%s size is %d, fingerprint size is %zu",
- EVP_MD_name(digest), EVP_MD_size(digest), len);
+ EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len);
+ OPENSSL_free(search);
return NULL;
}
}
OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
- OPENSSL_CTX *libctx, const char *propq,
+ OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
+ const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data)
{
scheme = "file";
OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
+ ERR_set_mark();
#ifndef OPENSSL_NO_DEPRECATED_3_0
if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
loader_ctx = loader->attach(loader, bp, libctx, propq,
#endif
if (loader == NULL
&& (fetched_loader =
- OSSL_STORE_LOADER_fetch(scheme, libctx, propq)) != NULL) {
+ OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) {
const OSSL_PROVIDER *provider =
- OSSL_STORE_LOADER_provider(fetched_loader);
+ OSSL_STORE_LOADER_get0_provider(fetched_loader);
void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
+ OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp);
- if ((loader_ctx =
- fetched_loader->p_attach(provctx, (OSSL_CORE_BIO *)bp)) == NULL) {
+ if (cbio == NULL
+ || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
+ OSSL_STORE_LOADER_free(fetched_loader);
+ fetched_loader = NULL;
+ } else if (!loader_set_params(fetched_loader, loader_ctx,
+ params, propq)) {
+ (void)fetched_loader->p_close(loader_ctx);
OSSL_STORE_LOADER_free(fetched_loader);
fetched_loader = NULL;
- } else if (propq != NULL) {
- OSSL_PARAM params[] = {
- OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
- NULL, 0),
- OSSL_PARAM_END
- };
-
- params[0].data = (void *)propq;
- if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
- (void)fetched_loader->p_close(loader_ctx);
- OSSL_STORE_LOADER_free(fetched_loader);
- fetched_loader = NULL;
- }
}
loader = fetched_loader;
+ ossl_core_bio_free(cbio);
}
- if (loader_ctx == NULL)
+ if (loader_ctx == NULL) {
+ ERR_clear_last_mark();
return NULL;
+ }
if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+ ERR_clear_last_mark();
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
return NULL;
}
- (void)ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
+ if (ui_method != NULL
+ && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
+ ERR_clear_last_mark();
+ OPENSSL_free(ctx);
+ return NULL;
+ }
+
ctx->fetched_loader = fetched_loader;
ctx->loader = loader;
ctx->loader_ctx = loader_ctx;
ctx->post_process = post_process;
ctx->post_process_data = post_process_data;
+ /*
+ * ossl_store_get0_loader_int will raise an error if the loader for the
+ * the scheme cannot be retrieved. But if a loader was successfully
+ * fetched then we remove this error from the error stack.
+ */
+ ERR_pop_to_mark();
+
return ctx;
}