2 * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 /* We need to use some STORE deprecated APIs */
15 #define OPENSSL_SUPPRESS_DEPRECATED
17 #include "internal/e_os.h"
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/trace.h>
22 #include <openssl/core_names.h>
23 #include <openssl/provider.h>
24 #include <openssl/param_build.h>
25 #include <openssl/store.h>
26 #include "internal/thread_once.h"
27 #include "internal/cryptlib.h"
28 #include "internal/provider.h"
29 #include "internal/bio.h"
30 #include "crypto/store.h"
31 #include "store_local.h"
33 static int ossl_store_close_it(OSSL_STORE_CTX
*ctx
);
35 static int loader_set_params(OSSL_STORE_LOADER
*loader
,
36 OSSL_STORE_LOADER_CTX
*loader_ctx
,
37 const OSSL_PARAM params
[], const char *propq
)
40 if (!loader
->p_set_ctx_params(loader_ctx
, params
))
47 if (OSSL_PARAM_locate_const(params
,
48 OSSL_STORE_PARAM_PROPERTIES
) != NULL
)
49 /* use the propq from params */
52 propp
[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES
,
54 propp
[1] = OSSL_PARAM_construct_end();
56 if (!loader
->p_set_ctx_params(loader_ctx
, propp
))
63 OSSL_STORE_open_ex(const char *uri
, OSSL_LIB_CTX
*libctx
, const char *propq
,
64 const UI_METHOD
*ui_method
, void *ui_data
,
65 const OSSL_PARAM params
[],
66 OSSL_STORE_post_process_info_fn post_process
,
67 void *post_process_data
)
69 struct ossl_passphrase_data_st pwdata
= { 0 };
70 const OSSL_STORE_LOADER
*loader
= NULL
;
71 OSSL_STORE_LOADER
*fetched_loader
= NULL
;
72 OSSL_STORE_LOADER_CTX
*loader_ctx
= NULL
;
73 OSSL_STORE_CTX
*ctx
= NULL
;
74 char *propq_copy
= NULL
;
75 int no_loader_found
= 1;
76 char scheme_copy
[256], *p
, *schemes
[2], *scheme
= NULL
;
81 * Put the file scheme first. If the uri does represent an existing file,
82 * possible device name and all, then it should be loaded. Only a failed
83 * attempt at loading a local file should have us try something else.
85 schemes
[schemes_n
++] = "file";
88 * Now, check if we have something that looks like a scheme, and add it
89 * as a second scheme. However, also check if there's an authority start
90 * (://), because that will invalidate the previous file scheme. Also,
91 * check that this isn't actually the file scheme, as there's no point
92 * going through that one twice!
94 OPENSSL_strlcpy(scheme_copy
, uri
, sizeof(scheme_copy
));
95 if ((p
= strchr(scheme_copy
, ':')) != NULL
) {
97 if (OPENSSL_strcasecmp(scheme_copy
, "file") != 0) {
98 if (HAS_PREFIX(p
, "//"))
99 schemes_n
--; /* Invalidate the file scheme */
100 schemes
[schemes_n
++] = scheme_copy
;
106 if (ui_method
!= NULL
107 && (!ossl_pw_set_ui_method(&pwdata
, ui_method
, ui_data
)
108 || !ossl_pw_enable_passphrase_caching(&pwdata
))) {
109 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_CRYPTO_LIB
);
114 * Try each scheme until we find one that could open the URI.
116 * For each scheme, we look for the engine implementation first, and
117 * failing that, we then try to fetch a provided implementation.
118 * This is consistent with how we handle legacy / engine implementations
121 for (i
= 0; loader_ctx
== NULL
&& i
< schemes_n
; i
++) {
123 OSSL_TRACE1(STORE
, "Looking up scheme %s\n", scheme
);
124 #ifndef OPENSSL_NO_DEPRECATED_3_0
126 if ((loader
= ossl_store_get0_loader_int(scheme
)) != NULL
) {
127 ERR_clear_last_mark();
129 if (loader
->open_ex
!= NULL
)
130 loader_ctx
= loader
->open_ex(loader
, uri
, libctx
, propq
,
133 loader_ctx
= loader
->open(loader
, uri
, ui_method
, ui_data
);
140 OSSL_STORE_LOADER_fetch(libctx
, scheme
, propq
)) != NULL
) {
141 const OSSL_PROVIDER
*provider
=
142 OSSL_STORE_LOADER_get0_provider(fetched_loader
);
143 void *provctx
= OSSL_PROVIDER_get0_provider_ctx(provider
);
146 if (fetched_loader
->p_open_ex
!= NULL
) {
148 fetched_loader
->p_open_ex(provctx
, uri
, params
,
149 ossl_pw_passphrase_callback_dec
,
152 loader_ctx
= fetched_loader
->p_open(provctx
, uri
);
153 if (loader_ctx
!= NULL
&&
154 !loader_set_params(fetched_loader
, loader_ctx
,
156 (void)fetched_loader
->p_close(loader_ctx
);
160 if (loader_ctx
== NULL
) {
161 OSSL_STORE_LOADER_free(fetched_loader
);
162 fetched_loader
= NULL
;
164 loader
= fetched_loader
;
166 /* Clear any internally cached passphrase */
167 (void)ossl_pw_clear_passphrase_cache(&pwdata
);
173 * It's assumed that ossl_store_get0_loader_int() and
174 * OSSL_STORE_LOADER_fetch() report their own errors
178 OSSL_TRACE1(STORE
, "Found loader for scheme %s\n", scheme
);
180 if (loader_ctx
== NULL
)
182 * It's assumed that the loader's open() method reports its own
187 OSSL_TRACE2(STORE
, "Opened %s => %p\n", uri
, (void *)loader_ctx
);
189 if ((propq
!= NULL
&& (propq_copy
= OPENSSL_strdup(propq
)) == NULL
)
190 || (ctx
= OPENSSL_zalloc(sizeof(*ctx
))) == NULL
)
193 ctx
->properties
= propq_copy
;
194 ctx
->fetched_loader
= fetched_loader
;
195 ctx
->loader
= loader
;
196 ctx
->loader_ctx
= loader_ctx
;
197 ctx
->post_process
= post_process
;
198 ctx
->post_process_data
= post_process_data
;
199 ctx
->pwdata
= pwdata
;
202 * If the attempt to open with the 'file' scheme loader failed and the
203 * other scheme loader succeeded, the failure to open with the 'file'
204 * scheme loader leaves an error on the error stack. Let's remove it.
211 ERR_clear_last_mark();
212 if (loader_ctx
!= NULL
) {
214 * Temporary structure so OSSL_STORE_close() can work even when
215 * |ctx| couldn't be allocated properly
217 OSSL_STORE_CTX tmpctx
= { NULL
, };
219 tmpctx
.fetched_loader
= fetched_loader
;
220 tmpctx
.loader
= loader
;
221 tmpctx
.loader_ctx
= loader_ctx
;
224 * We ignore a returned error because we will return NULL anyway in
225 * this case, so if something goes wrong when closing, that'll simply
226 * just add another entry on the error stack.
228 (void)ossl_store_close_it(&tmpctx
);
230 /* Coverity false positive, the reference counting is confusing it */
231 /* coverity[pass_freed_arg] */
232 OSSL_STORE_LOADER_free(fetched_loader
);
233 OPENSSL_free(propq_copy
);
238 OSSL_STORE_CTX
*OSSL_STORE_open(const char *uri
,
239 const UI_METHOD
*ui_method
, void *ui_data
,
240 OSSL_STORE_post_process_info_fn post_process
,
241 void *post_process_data
)
243 return OSSL_STORE_open_ex(uri
, NULL
, NULL
, ui_method
, ui_data
, NULL
,
244 post_process
, post_process_data
);
247 #ifndef OPENSSL_NO_DEPRECATED_3_0
248 int OSSL_STORE_ctrl(OSSL_STORE_CTX
*ctx
, int cmd
, ...)
254 ret
= OSSL_STORE_vctrl(ctx
, cmd
, args
);
260 int OSSL_STORE_vctrl(OSSL_STORE_CTX
*ctx
, int cmd
, va_list args
)
262 if (ctx
->fetched_loader
!= NULL
) {
263 if (ctx
->fetched_loader
->p_set_ctx_params
!= NULL
) {
264 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
267 case OSSL_STORE_C_USE_SECMEM
:
269 int on
= *(va_arg(args
, int *));
271 params
[0] = OSSL_PARAM_construct_int("use_secmem", &on
);
278 return ctx
->fetched_loader
->p_set_ctx_params(ctx
->loader_ctx
,
281 } else if (ctx
->loader
->ctrl
!= NULL
) {
282 return ctx
->loader
->ctrl(ctx
->loader_ctx
, cmd
, args
);
286 * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
287 * if there was one that ignored our params, which usually returns 1.
293 int OSSL_STORE_expect(OSSL_STORE_CTX
*ctx
, int expected_type
)
298 || expected_type
< 0 || expected_type
> OSSL_STORE_INFO_CRL
) {
299 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_PASSED_INVALID_ARGUMENT
);
303 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_LOADING_STARTED
);
307 ctx
->expected_type
= expected_type
;
308 if (ctx
->fetched_loader
!= NULL
309 && ctx
->fetched_loader
->p_set_ctx_params
!= NULL
) {
310 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
313 OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT
, &expected_type
);
314 ret
= ctx
->fetched_loader
->p_set_ctx_params(ctx
->loader_ctx
, params
);
316 #ifndef OPENSSL_NO_DEPRECATED_3_0
317 if (ctx
->fetched_loader
== NULL
318 && ctx
->loader
->expect
!= NULL
) {
319 ret
= ctx
->loader
->expect(ctx
->loader_ctx
, expected_type
);
325 int OSSL_STORE_find(OSSL_STORE_CTX
*ctx
, const OSSL_STORE_SEARCH
*search
)
330 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_LOADING_STARTED
);
333 if (search
== NULL
) {
334 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_PASSED_NULL_PARAMETER
);
338 if (ctx
->fetched_loader
!= NULL
) {
341 /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
342 void *name_der
= NULL
;
344 /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
345 BIGNUM
*number
= NULL
;
347 if (ctx
->fetched_loader
->p_set_ctx_params
== NULL
) {
348 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_UNSUPPORTED_OPERATION
);
352 if ((bld
= OSSL_PARAM_BLD_new()) == NULL
) {
353 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_CRYPTO_LIB
);
357 ret
= 0; /* Assume the worst */
359 switch (search
->search_type
) {
360 case OSSL_STORE_SEARCH_BY_NAME
:
361 if ((name_der_sz
= i2d_X509_NAME(search
->name
,
362 (unsigned char **)&name_der
)) > 0
363 && OSSL_PARAM_BLD_push_octet_string(bld
,
364 OSSL_STORE_PARAM_SUBJECT
,
365 name_der
, name_der_sz
))
368 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
:
369 if ((name_der_sz
= i2d_X509_NAME(search
->name
,
370 (unsigned char **)&name_der
)) > 0
371 && (number
= ASN1_INTEGER_to_BN(search
->serial
, NULL
)) != NULL
372 && OSSL_PARAM_BLD_push_octet_string(bld
,
373 OSSL_STORE_PARAM_ISSUER
,
374 name_der
, name_der_sz
)
375 && OSSL_PARAM_BLD_push_BN(bld
, OSSL_STORE_PARAM_SERIAL
,
379 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
:
380 if (OSSL_PARAM_BLD_push_utf8_string(bld
, OSSL_STORE_PARAM_DIGEST
,
381 EVP_MD_get0_name(search
->digest
),
383 && OSSL_PARAM_BLD_push_octet_string(bld
,
384 OSSL_STORE_PARAM_FINGERPRINT
,
386 search
->stringlength
))
389 case OSSL_STORE_SEARCH_BY_ALIAS
:
390 if (OSSL_PARAM_BLD_push_utf8_string(bld
, OSSL_STORE_PARAM_ALIAS
,
391 (char *)search
->string
,
392 search
->stringlength
))
397 params
= OSSL_PARAM_BLD_to_param(bld
);
398 ret
= ctx
->fetched_loader
->p_set_ctx_params(ctx
->loader_ctx
,
400 OSSL_PARAM_free(params
);
402 OSSL_PARAM_BLD_free(bld
);
403 OPENSSL_free(name_der
);
406 #ifndef OPENSSL_NO_DEPRECATED_3_0
407 /* legacy loader section */
408 if (ctx
->loader
->find
== NULL
) {
409 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_UNSUPPORTED_OPERATION
);
412 ret
= ctx
->loader
->find(ctx
->loader_ctx
, search
);
419 OSSL_STORE_INFO
*OSSL_STORE_load(OSSL_STORE_CTX
*ctx
)
421 OSSL_STORE_INFO
*v
= NULL
;
425 if (OSSL_STORE_eof(ctx
))
428 if (ctx
->loader
!= NULL
)
429 OSSL_TRACE(STORE
, "Loading next object\n");
431 if (ctx
->cached_info
!= NULL
432 && sk_OSSL_STORE_INFO_num(ctx
->cached_info
) == 0) {
433 sk_OSSL_STORE_INFO_free(ctx
->cached_info
);
434 ctx
->cached_info
= NULL
;
437 if (ctx
->cached_info
!= NULL
) {
438 v
= sk_OSSL_STORE_INFO_shift(ctx
->cached_info
);
440 if (ctx
->fetched_loader
!= NULL
) {
441 struct ossl_load_result_data_st load_data
;
447 if (!ctx
->fetched_loader
->p_load(ctx
->loader_ctx
,
448 ossl_store_handle_load_result
,
450 ossl_pw_passphrase_callback_dec
,
457 #ifndef OPENSSL_NO_DEPRECATED_3_0
458 if (ctx
->fetched_loader
== NULL
)
459 v
= ctx
->loader
->load(ctx
->loader_ctx
,
460 ctx
->pwdata
._
.ui_method
.ui_method
,
461 ctx
->pwdata
._
.ui_method
.ui_method_data
);
465 if (ctx
->post_process
!= NULL
&& v
!= NULL
) {
466 v
= ctx
->post_process(v
, ctx
->post_process_data
);
469 * By returning NULL, the callback decides that this object should
476 /* Clear any internally cached passphrase */
477 (void)ossl_pw_clear_passphrase_cache(&ctx
->pwdata
);
479 if (v
!= NULL
&& ctx
->expected_type
!= 0) {
480 int returned_type
= OSSL_STORE_INFO_get_type(v
);
482 if (returned_type
!= OSSL_STORE_INFO_NAME
&& returned_type
!= 0) {
483 if (ctx
->expected_type
!= returned_type
) {
484 OSSL_STORE_INFO_free(v
);
491 OSSL_TRACE1(STORE
, "Got a %s\n",
492 OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v
)));
497 int OSSL_STORE_delete(const char *uri
, OSSL_LIB_CTX
*libctx
, const char *propq
,
498 const UI_METHOD
*ui_method
, void *ui_data
,
499 const OSSL_PARAM params
[])
501 OSSL_STORE_LOADER
*fetched_loader
= NULL
;
502 char scheme
[256], *p
;
504 struct ossl_passphrase_data_st pwdata
= {0};
506 OPENSSL_strlcpy(scheme
, uri
, sizeof(scheme
));
507 if ((p
= strchr(scheme
, ':')) != NULL
)
509 else /* We don't work without explicit scheme */
512 if (ui_method
!= NULL
513 && (!ossl_pw_set_ui_method(&pwdata
, ui_method
, ui_data
)
514 || !ossl_pw_enable_passphrase_caching(&pwdata
))) {
515 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_CRYPTO_LIB
);
519 OSSL_TRACE1(STORE
, "Looking up scheme %s\n", scheme
);
520 fetched_loader
= OSSL_STORE_LOADER_fetch(libctx
, scheme
, propq
);
522 if (fetched_loader
!= NULL
&& fetched_loader
->p_delete
!= NULL
) {
523 const OSSL_PROVIDER
*provider
=
524 OSSL_STORE_LOADER_get0_provider(fetched_loader
);
525 void *provctx
= OSSL_PROVIDER_get0_provider_ctx(provider
);
528 * It's assumed that the loader's delete() method reports its own
531 OSSL_TRACE1(STORE
, "Performing URI delete %s\n", uri
);
532 res
= fetched_loader
->p_delete(provctx
, uri
, params
,
533 ossl_pw_passphrase_callback_dec
,
536 /* Clear any internally cached passphrase */
537 (void)ossl_pw_clear_passphrase_cache(&pwdata
);
539 OSSL_STORE_LOADER_free(fetched_loader
);
544 int OSSL_STORE_error(OSSL_STORE_CTX
*ctx
)
548 if (ctx
->fetched_loader
!= NULL
)
549 ret
= ctx
->error_flag
;
550 #ifndef OPENSSL_NO_DEPRECATED_3_0
551 if (ctx
->fetched_loader
== NULL
)
552 ret
= ctx
->loader
->error(ctx
->loader_ctx
);
557 int OSSL_STORE_eof(OSSL_STORE_CTX
*ctx
)
561 if (ctx
->fetched_loader
!= NULL
)
562 ret
= ctx
->loader
->p_eof(ctx
->loader_ctx
);
563 #ifndef OPENSSL_NO_DEPRECATED_3_0
564 if (ctx
->fetched_loader
== NULL
)
565 ret
= ctx
->loader
->eof(ctx
->loader_ctx
);
570 static int ossl_store_close_it(OSSL_STORE_CTX
*ctx
)
576 OSSL_TRACE1(STORE
, "Closing %p\n", (void *)ctx
->loader_ctx
);
578 if (ctx
->fetched_loader
!= NULL
)
579 ret
= ctx
->loader
->p_close(ctx
->loader_ctx
);
580 #ifndef OPENSSL_NO_DEPRECATED_3_0
581 if (ctx
->fetched_loader
== NULL
)
582 ret
= ctx
->loader
->closefn(ctx
->loader_ctx
);
585 sk_OSSL_STORE_INFO_pop_free(ctx
->cached_info
, OSSL_STORE_INFO_free
);
586 OSSL_STORE_LOADER_free(ctx
->fetched_loader
);
587 OPENSSL_free(ctx
->properties
);
588 ossl_pw_clear_passphrase_data(&ctx
->pwdata
);
592 int OSSL_STORE_close(OSSL_STORE_CTX
*ctx
)
594 int ret
= ossl_store_close_it(ctx
);
601 * Functions to generate OSSL_STORE_INFOs, one function for each type we
602 * support having in them as well as a generic constructor.
604 * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
605 * and will therefore be freed when the OSSL_STORE_INFO is freed.
607 OSSL_STORE_INFO
*OSSL_STORE_INFO_new(int type
, void *data
)
609 OSSL_STORE_INFO
*info
= OPENSSL_zalloc(sizeof(*info
));
619 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_NAME(char *name
)
621 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME
, NULL
);
624 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_OSSL_STORE_LIB
);
628 info
->_
.name
.name
= name
;
629 info
->_
.name
.desc
= NULL
;
634 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO
*info
, char *desc
)
636 if (info
->type
!= OSSL_STORE_INFO_NAME
) {
637 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_PASSED_INVALID_ARGUMENT
);
641 info
->_
.name
.desc
= desc
;
645 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_PARAMS(EVP_PKEY
*params
)
647 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS
, params
);
650 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_OSSL_STORE_LIB
);
654 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY
*pkey
)
656 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY
, pkey
);
659 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_OSSL_STORE_LIB
);
663 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_PKEY(EVP_PKEY
*pkey
)
665 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY
, pkey
);
668 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_OSSL_STORE_LIB
);
672 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_CERT(X509
*x509
)
674 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT
, x509
);
677 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_OSSL_STORE_LIB
);
681 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_CRL(X509_CRL
*crl
)
683 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL
, crl
);
686 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_OSSL_STORE_LIB
);
691 * Functions to try to extract data from an OSSL_STORE_INFO.
693 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO
*info
)
698 void *OSSL_STORE_INFO_get0_data(int type
, const OSSL_STORE_INFO
*info
)
700 if (info
->type
== type
)
705 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO
*info
)
707 if (info
->type
== OSSL_STORE_INFO_NAME
)
708 return info
->_
.name
.name
;
712 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO
*info
)
714 if (info
->type
== OSSL_STORE_INFO_NAME
)
715 return OPENSSL_strdup(info
->_
.name
.name
);
716 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_NAME
);
720 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO
*info
)
722 if (info
->type
== OSSL_STORE_INFO_NAME
)
723 return info
->_
.name
.desc
;
727 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO
*info
)
729 if (info
->type
== OSSL_STORE_INFO_NAME
)
730 return OPENSSL_strdup(info
->_
.name
.desc
? info
->_
.name
.desc
: "");
731 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_NAME
);
735 EVP_PKEY
*OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO
*info
)
737 if (info
->type
== OSSL_STORE_INFO_PARAMS
)
738 return info
->_
.params
;
742 EVP_PKEY
*OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO
*info
)
744 if (info
->type
== OSSL_STORE_INFO_PARAMS
) {
745 EVP_PKEY_up_ref(info
->_
.params
);
746 return info
->_
.params
;
748 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_PARAMETERS
);
752 EVP_PKEY
*OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO
*info
)
754 if (info
->type
== OSSL_STORE_INFO_PUBKEY
)
755 return info
->_
.pubkey
;
759 EVP_PKEY
*OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO
*info
)
761 if (info
->type
== OSSL_STORE_INFO_PUBKEY
) {
762 EVP_PKEY_up_ref(info
->_
.pubkey
);
763 return info
->_
.pubkey
;
765 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_PUBLIC_KEY
);
769 EVP_PKEY
*OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO
*info
)
771 if (info
->type
== OSSL_STORE_INFO_PKEY
)
776 EVP_PKEY
*OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO
*info
)
778 if (info
->type
== OSSL_STORE_INFO_PKEY
) {
779 EVP_PKEY_up_ref(info
->_
.pkey
);
782 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_PRIVATE_KEY
);
786 X509
*OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO
*info
)
788 if (info
->type
== OSSL_STORE_INFO_CERT
)
793 X509
*OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO
*info
)
795 if (info
->type
== OSSL_STORE_INFO_CERT
) {
796 X509_up_ref(info
->_
.x509
);
799 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_CERTIFICATE
);
803 X509_CRL
*OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO
*info
)
805 if (info
->type
== OSSL_STORE_INFO_CRL
)
810 X509_CRL
*OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO
*info
)
812 if (info
->type
== OSSL_STORE_INFO_CRL
) {
813 X509_CRL_up_ref(info
->_
.crl
);
816 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_CRL
);
821 * Free the OSSL_STORE_INFO
823 void OSSL_STORE_INFO_free(OSSL_STORE_INFO
*info
)
826 switch (info
->type
) {
827 case OSSL_STORE_INFO_NAME
:
828 OPENSSL_free(info
->_
.name
.name
);
829 OPENSSL_free(info
->_
.name
.desc
);
831 case OSSL_STORE_INFO_PARAMS
:
832 EVP_PKEY_free(info
->_
.params
);
834 case OSSL_STORE_INFO_PUBKEY
:
835 EVP_PKEY_free(info
->_
.pubkey
);
837 case OSSL_STORE_INFO_PKEY
:
838 EVP_PKEY_free(info
->_
.pkey
);
840 case OSSL_STORE_INFO_CERT
:
841 X509_free(info
->_
.x509
);
843 case OSSL_STORE_INFO_CRL
:
844 X509_CRL_free(info
->_
.crl
);
851 int OSSL_STORE_supports_search(OSSL_STORE_CTX
*ctx
, int search_type
)
855 if (ctx
->fetched_loader
!= NULL
) {
857 ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx
->fetched_loader
));
858 const OSSL_PARAM
*params
;
859 const OSSL_PARAM
*p_subject
= NULL
;
860 const OSSL_PARAM
*p_issuer
= NULL
;
861 const OSSL_PARAM
*p_serial
= NULL
;
862 const OSSL_PARAM
*p_fingerprint
= NULL
;
863 const OSSL_PARAM
*p_alias
= NULL
;
865 if (ctx
->fetched_loader
->p_settable_ctx_params
== NULL
)
868 params
= ctx
->fetched_loader
->p_settable_ctx_params(provctx
);
869 p_subject
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_SUBJECT
);
870 p_issuer
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_ISSUER
);
871 p_serial
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_SERIAL
);
873 OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_FINGERPRINT
);
874 p_alias
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_ALIAS
);
876 switch (search_type
) {
877 case OSSL_STORE_SEARCH_BY_NAME
:
878 ret
= (p_subject
!= NULL
);
880 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
:
881 ret
= (p_issuer
!= NULL
&& p_serial
!= NULL
);
883 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
:
884 ret
= (p_fingerprint
!= NULL
);
886 case OSSL_STORE_SEARCH_BY_ALIAS
:
887 ret
= (p_alias
!= NULL
);
891 #ifndef OPENSSL_NO_DEPRECATED_3_0
892 if (ctx
->fetched_loader
== NULL
) {
893 OSSL_STORE_SEARCH tmp_search
;
895 if (ctx
->loader
->find
== NULL
)
897 tmp_search
.search_type
= search_type
;
898 ret
= ctx
->loader
->find(NULL
, &tmp_search
);
904 /* Search term constructors */
905 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_name(X509_NAME
*name
)
907 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
912 search
->search_type
= OSSL_STORE_SEARCH_BY_NAME
;
917 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME
*name
,
918 const ASN1_INTEGER
*serial
)
920 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
925 search
->search_type
= OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
;
927 search
->serial
= serial
;
931 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD
*digest
,
935 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
940 if (digest
!= NULL
&& len
!= (size_t)EVP_MD_get_size(digest
)) {
941 ERR_raise_data(ERR_LIB_OSSL_STORE
,
942 OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST
,
943 "%s size is %d, fingerprint size is %zu",
944 EVP_MD_get0_name(digest
), EVP_MD_get_size(digest
), len
);
945 OPENSSL_free(search
);
949 search
->search_type
= OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
;
950 search
->digest
= digest
;
951 search
->string
= bytes
;
952 search
->stringlength
= len
;
956 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_alias(const char *alias
)
958 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
963 search
->search_type
= OSSL_STORE_SEARCH_BY_ALIAS
;
964 search
->string
= (const unsigned char *)alias
;
965 search
->stringlength
= strlen(alias
);
969 /* Search term destructor */
970 void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH
*search
)
972 OPENSSL_free(search
);
975 /* Search term accessors */
976 int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH
*criterion
)
978 return criterion
->search_type
;
981 X509_NAME
*OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH
*criterion
)
983 return criterion
->name
;
986 const ASN1_INTEGER
*OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
989 return criterion
->serial
;
992 const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
993 *criterion
, size_t *length
)
995 *length
= criterion
->stringlength
;
996 return criterion
->string
;
999 const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH
*criterion
)
1001 return (const char *)criterion
->string
;
1004 const EVP_MD
*OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH
*criterion
)
1006 return criterion
->digest
;
1009 OSSL_STORE_CTX
*OSSL_STORE_attach(BIO
*bp
, const char *scheme
,
1010 OSSL_LIB_CTX
*libctx
, const char *propq
,
1011 const UI_METHOD
*ui_method
, void *ui_data
,
1012 const OSSL_PARAM params
[],
1013 OSSL_STORE_post_process_info_fn post_process
,
1014 void *post_process_data
)
1016 const OSSL_STORE_LOADER
*loader
= NULL
;
1017 OSSL_STORE_LOADER
*fetched_loader
= NULL
;
1018 OSSL_STORE_LOADER_CTX
*loader_ctx
= NULL
;
1019 OSSL_STORE_CTX
*ctx
= NULL
;
1024 OSSL_TRACE1(STORE
, "Looking up scheme %s\n", scheme
);
1026 #ifndef OPENSSL_NO_DEPRECATED_3_0
1027 if ((loader
= ossl_store_get0_loader_int(scheme
)) != NULL
)
1028 loader_ctx
= loader
->attach(loader
, bp
, libctx
, propq
,
1029 ui_method
, ui_data
);
1032 && (fetched_loader
=
1033 OSSL_STORE_LOADER_fetch(libctx
, scheme
, propq
)) != NULL
) {
1034 const OSSL_PROVIDER
*provider
=
1035 OSSL_STORE_LOADER_get0_provider(fetched_loader
);
1036 void *provctx
= OSSL_PROVIDER_get0_provider_ctx(provider
);
1037 OSSL_CORE_BIO
*cbio
= ossl_core_bio_new_from_bio(bp
);
1040 || (loader_ctx
= fetched_loader
->p_attach(provctx
, cbio
)) == NULL
) {
1041 OSSL_STORE_LOADER_free(fetched_loader
);
1042 fetched_loader
= NULL
;
1043 } else if (!loader_set_params(fetched_loader
, loader_ctx
,
1045 (void)fetched_loader
->p_close(loader_ctx
);
1046 OSSL_STORE_LOADER_free(fetched_loader
);
1047 fetched_loader
= NULL
;
1049 loader
= fetched_loader
;
1050 ossl_core_bio_free(cbio
);
1053 if (loader_ctx
== NULL
) {
1054 ERR_clear_last_mark();
1058 if ((ctx
= OPENSSL_zalloc(sizeof(*ctx
))) == NULL
) {
1059 ERR_clear_last_mark();
1063 if (ui_method
!= NULL
1064 && !ossl_pw_set_ui_method(&ctx
->pwdata
, ui_method
, ui_data
)) {
1065 ERR_clear_last_mark();
1070 ctx
->fetched_loader
= fetched_loader
;
1071 ctx
->loader
= loader
;
1072 ctx
->loader_ctx
= loader_ctx
;
1073 ctx
->post_process
= post_process
;
1074 ctx
->post_process_data
= post_process_data
;
1077 * ossl_store_get0_loader_int will raise an error if the loader for
1078 * the scheme cannot be retrieved. But if a loader was successfully
1079 * fetched then we remove this error from the error stack.