2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
16 #include <openssl/crypto.h>
17 #include <openssl/err.h>
18 #include <openssl/trace.h>
19 #include <openssl/core_names.h>
20 #include <openssl/provider.h>
21 #include <openssl/param_build.h>
22 #include <openssl/store.h>
23 #include "internal/thread_once.h"
24 #include "internal/cryptlib.h"
25 #include "internal/provider.h"
26 #include "crypto/store.h"
27 #include "store_local.h"
29 static int ossl_store_close_it(OSSL_STORE_CTX
*ctx
);
32 OSSL_STORE_open_with_libctx(const char *uri
,
33 OPENSSL_CTX
*libctx
, const char *propq
,
34 const UI_METHOD
*ui_method
, void *ui_data
,
35 OSSL_STORE_post_process_info_fn post_process
,
36 void *post_process_data
)
38 const OSSL_STORE_LOADER
*loader
= NULL
;
39 OSSL_STORE_LOADER
*fetched_loader
= NULL
;
40 OSSL_STORE_LOADER_CTX
*loader_ctx
= NULL
;
41 OSSL_STORE_CTX
*ctx
= NULL
;
42 char *propq_copy
= NULL
;
43 char scheme_copy
[256], *p
, *schemes
[2];
48 * Put the file scheme first. If the uri does represent an existing file,
49 * possible device name and all, then it should be loaded. Only a failed
50 * attempt at loading a local file should have us try something else.
52 schemes
[schemes_n
++] = "file";
55 * Now, check if we have something that looks like a scheme, and add it
56 * as a second scheme. However, also check if there's an authority start
57 * (://), because that will invalidate the previous file scheme. Also,
58 * check that this isn't actually the file scheme, as there's no point
59 * going through that one twice!
61 OPENSSL_strlcpy(scheme_copy
, uri
, sizeof(scheme_copy
));
62 if ((p
= strchr(scheme_copy
, ':')) != NULL
) {
64 if (strcasecmp(scheme_copy
, "file") != 0) {
65 if (strncmp(p
, "//", 2) == 0)
66 schemes_n
--; /* Invalidate the file scheme */
67 schemes
[schemes_n
++] = scheme_copy
;
74 * Try each scheme until we find one that could open the URI.
76 * For each scheme, we look for the engine implementation first, and
77 * failing that, we then try to fetch a provided implementation.
78 * This is consistent with how we handle legacy / engine implementations
81 for (i
= 0; loader_ctx
== NULL
&& i
< schemes_n
; i
++) {
82 OSSL_TRACE1(STORE
, "Looking up scheme %s\n", schemes
[i
]);
83 if ((loader
= ossl_store_get0_loader_int(schemes
[i
])) != NULL
) {
84 if (loader
->open_with_libctx
!= NULL
)
85 loader_ctx
= loader
->open_with_libctx(loader
, uri
, libctx
, propq
,
88 loader_ctx
= loader
->open(loader
, uri
, ui_method
, ui_data
);
92 OSSL_STORE_LOADER_fetch(schemes
[i
], libctx
, propq
)) != NULL
) {
93 const OSSL_PROVIDER
*provider
=
94 OSSL_STORE_LOADER_provider(fetched_loader
);
95 void *provctx
= OSSL_PROVIDER_get0_provider_ctx(provider
);
97 loader_ctx
= fetched_loader
->p_open(provctx
, uri
);
98 if (loader_ctx
== NULL
) {
99 OSSL_STORE_LOADER_free(fetched_loader
);
100 fetched_loader
= NULL
;
101 } else if (propq
!= NULL
) {
102 OSSL_PARAM params
[] = {
103 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES
,
108 params
[0].data
= (void *)propq
;
109 if (!fetched_loader
->p_set_ctx_params(loader_ctx
, params
)) {
110 (void)fetched_loader
->p_close(loader_ctx
);
111 OSSL_STORE_LOADER_free(fetched_loader
);
112 fetched_loader
= NULL
;
115 loader
= fetched_loader
;
120 OSSL_TRACE1(STORE
, "Found loader for scheme %s\n", schemes
[i
]);
122 if (loader_ctx
== NULL
)
125 OSSL_TRACE2(STORE
, "Opened %s => %p\n", uri
, (void *)loader_ctx
);
127 if ((propq
!= NULL
&& (propq_copy
= OPENSSL_strdup(propq
)) == NULL
)
128 || (ctx
= OPENSSL_zalloc(sizeof(*ctx
))) == NULL
) {
129 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
133 if ((ui_method
!= NULL
134 && !ossl_pw_set_ui_method(&ctx
->pwdata
, ui_method
, ui_data
))
135 || !ossl_pw_enable_passphrase_caching(&ctx
->pwdata
)) {
136 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_CRYPTO_LIB
);
139 ctx
->properties
= propq_copy
;
140 ctx
->fetched_loader
= fetched_loader
;
141 ctx
->loader
= loader
;
142 ctx
->loader_ctx
= loader_ctx
;
143 ctx
->post_process
= post_process
;
144 ctx
->post_process_data
= post_process_data
;
147 * If the attempt to open with the 'file' scheme loader failed and the
148 * other scheme loader succeeded, the failure to open with the 'file'
149 * scheme loader leaves an error on the error stack. Let's remove it.
156 ERR_clear_last_mark();
157 if (loader_ctx
!= NULL
) {
159 * Temporary structure so OSSL_STORE_close() can work even when
160 * |ctx| couldn't be allocated properly
162 OSSL_STORE_CTX tmpctx
= { NULL
, };
164 tmpctx
.fetched_loader
= fetched_loader
;
165 tmpctx
.loader
= loader
;
166 tmpctx
.loader_ctx
= loader_ctx
;
169 * We ignore a returned error because we will return NULL anyway in
170 * this case, so if something goes wrong when closing, that'll simply
171 * just add another entry on the error stack.
173 (void)ossl_store_close_it(&tmpctx
);
175 OSSL_STORE_LOADER_free(fetched_loader
);
176 OPENSSL_free(propq_copy
);
180 OSSL_STORE_CTX
*OSSL_STORE_open(const char *uri
,
181 const UI_METHOD
*ui_method
, void *ui_data
,
182 OSSL_STORE_post_process_info_fn post_process
,
183 void *post_process_data
)
185 return OSSL_STORE_open_with_libctx(uri
, NULL
, NULL
, ui_method
, ui_data
,
186 post_process
, post_process_data
);
189 int OSSL_STORE_ctrl(OSSL_STORE_CTX
*ctx
, int cmd
, ...)
195 ret
= OSSL_STORE_vctrl(ctx
, cmd
, args
);
201 int OSSL_STORE_vctrl(OSSL_STORE_CTX
*ctx
, int cmd
, va_list args
)
203 if (ctx
->fetched_loader
!= NULL
) {
204 if (ctx
->fetched_loader
->p_set_ctx_params
!= NULL
) {
205 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
208 case OSSL_STORE_C_USE_SECMEM
:
210 int on
= *(va_arg(args
, int *));
212 params
[0] = OSSL_PARAM_construct_int("use_secmem", &on
);
219 return ctx
->fetched_loader
->p_set_ctx_params(ctx
->loader_ctx
,
222 } else if (ctx
->loader
->ctrl
!= NULL
) {
223 return ctx
->loader
->ctrl(ctx
->loader_ctx
, cmd
, args
);
227 * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
228 * if there was one that ignored our params, which usually returns 1.
233 int OSSL_STORE_expect(OSSL_STORE_CTX
*ctx
, int expected_type
)
238 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_LOADING_STARTED
);
242 ctx
->expected_type
= expected_type
;
243 if (ctx
->fetched_loader
!= NULL
244 && ctx
->fetched_loader
->p_set_ctx_params
!= NULL
) {
245 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
248 OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT
, &expected_type
);
249 ret
= ctx
->fetched_loader
->p_set_ctx_params(ctx
->loader_ctx
, params
);
251 #ifndef OPENSSL_NO_DEPRECATED_3_0
252 if (ctx
->fetched_loader
== NULL
253 && ctx
->loader
->expect
!= NULL
) {
254 ret
= ctx
->loader
->expect(ctx
->loader_ctx
, expected_type
);
260 int OSSL_STORE_find(OSSL_STORE_CTX
*ctx
, const OSSL_STORE_SEARCH
*search
)
265 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_LOADING_STARTED
);
269 if (ctx
->fetched_loader
!= NULL
) {
272 /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
273 void *name_der
= NULL
;
275 /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
276 BIGNUM
*number
= NULL
;
278 if (ctx
->fetched_loader
->p_set_ctx_params
== NULL
) {
279 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_UNSUPPORTED_OPERATION
);
283 if ((bld
= OSSL_PARAM_BLD_new()) == NULL
) {
284 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
288 ret
= 0; /* Assume the worst */
290 switch (search
->search_type
) {
291 case OSSL_STORE_SEARCH_BY_NAME
:
292 if ((name_der_sz
= i2d_X509_NAME(search
->name
,
293 (unsigned char **)&name_der
)) > 0
294 && OSSL_PARAM_BLD_push_octet_string(bld
,
295 OSSL_STORE_PARAM_SUBJECT
,
296 name_der
, name_der_sz
))
299 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
:
300 if ((name_der_sz
= i2d_X509_NAME(search
->name
,
301 (unsigned char **)&name_der
)) > 0
302 && (number
= ASN1_INTEGER_to_BN(search
->serial
, NULL
)) != NULL
303 && OSSL_PARAM_BLD_push_octet_string(bld
,
304 OSSL_STORE_PARAM_ISSUER
,
305 name_der
, name_der_sz
)
306 && OSSL_PARAM_BLD_push_BN(bld
, OSSL_STORE_PARAM_SERIAL
,
310 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
:
311 if (OSSL_PARAM_BLD_push_utf8_string(bld
, OSSL_STORE_PARAM_DIGEST
,
312 EVP_MD_name(search
->digest
), 0)
313 && OSSL_PARAM_BLD_push_octet_string(bld
,
314 OSSL_STORE_PARAM_FINGERPRINT
,
316 search
->stringlength
))
319 case OSSL_STORE_SEARCH_BY_ALIAS
:
320 if (OSSL_PARAM_BLD_push_utf8_string(bld
, OSSL_STORE_PARAM_ALIAS
,
321 (char *)search
->string
,
322 search
->stringlength
))
327 params
= OSSL_PARAM_BLD_to_param(bld
);
328 ret
= ctx
->fetched_loader
->p_set_ctx_params(ctx
->loader_ctx
,
330 OSSL_PARAM_BLD_free_params(params
);
332 OSSL_PARAM_BLD_free(bld
);
333 OPENSSL_free(name_der
);
336 /* legacy loader section */
337 if (ctx
->loader
->find
== NULL
) {
338 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_UNSUPPORTED_OPERATION
);
341 ret
= ctx
->loader
->find(ctx
->loader_ctx
, search
);
347 OSSL_STORE_INFO
*OSSL_STORE_load(OSSL_STORE_CTX
*ctx
)
349 OSSL_STORE_INFO
*v
= NULL
;
353 if (OSSL_STORE_eof(ctx
))
356 if (ctx
->loader
!= NULL
)
357 OSSL_TRACE(STORE
, "Loading next object\n");
359 if (ctx
->cached_info
!= NULL
360 && sk_OSSL_STORE_INFO_num(ctx
->cached_info
) == 0) {
361 sk_OSSL_STORE_INFO_free(ctx
->cached_info
);
362 ctx
->cached_info
= NULL
;
365 if (ctx
->cached_info
!= NULL
) {
366 v
= sk_OSSL_STORE_INFO_shift(ctx
->cached_info
);
368 if (ctx
->fetched_loader
!= NULL
) {
369 struct ossl_load_result_data_st load_data
;
374 if (!ctx
->fetched_loader
->p_load(ctx
->loader_ctx
,
375 ossl_store_handle_load_result
,
377 ossl_pw_passphrase_callback_dec
,
379 if (!OSSL_STORE_eof(ctx
))
385 if (ctx
->fetched_loader
== NULL
)
386 v
= ctx
->loader
->load(ctx
->loader_ctx
,
387 ctx
->pwdata
._
.ui_method
.ui_method
,
388 ctx
->pwdata
._
.ui_method
.ui_method_data
);
391 if (ctx
->post_process
!= NULL
&& v
!= NULL
) {
392 v
= ctx
->post_process(v
, ctx
->post_process_data
);
395 * By returning NULL, the callback decides that this object should
402 if (v
!= NULL
&& ctx
->expected_type
!= 0) {
403 int returned_type
= OSSL_STORE_INFO_get_type(v
);
405 if (returned_type
!= OSSL_STORE_INFO_NAME
&& returned_type
!= 0) {
406 if (ctx
->expected_type
!= returned_type
) {
407 OSSL_STORE_INFO_free(v
);
413 ossl_pw_clear_passphrase_cache(&ctx
->pwdata
);
415 OSSL_TRACE1(STORE
, "Got a %s\n",
416 OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v
)));
421 int OSSL_STORE_error(OSSL_STORE_CTX
*ctx
)
425 if (ctx
->fetched_loader
!= NULL
)
426 ret
= ctx
->error_flag
;
427 if (ctx
->fetched_loader
== NULL
)
428 ret
= ctx
->loader
->error(ctx
->loader_ctx
);
432 int OSSL_STORE_eof(OSSL_STORE_CTX
*ctx
)
436 if (ctx
->fetched_loader
!= NULL
)
437 ret
= ctx
->loader
->p_eof(ctx
->loader_ctx
);
438 if (ctx
->fetched_loader
== NULL
)
439 ret
= ctx
->loader
->eof(ctx
->loader_ctx
);
443 static int ossl_store_close_it(OSSL_STORE_CTX
*ctx
)
449 OSSL_TRACE1(STORE
, "Closing %p\n", (void *)ctx
->loader_ctx
);
451 if (ctx
->fetched_loader
!= NULL
)
452 ret
= ctx
->loader
->p_close(ctx
->loader_ctx
);
453 if (ctx
->fetched_loader
== NULL
)
454 ret
= ctx
->loader
->close(ctx
->loader_ctx
);
456 sk_OSSL_STORE_INFO_pop_free(ctx
->cached_info
, OSSL_STORE_INFO_free
);
457 OSSL_STORE_LOADER_free(ctx
->fetched_loader
);
458 OPENSSL_free(ctx
->properties
);
462 int OSSL_STORE_close(OSSL_STORE_CTX
*ctx
)
464 int ret
= ossl_store_close_it(ctx
);
471 * Functions to generate OSSL_STORE_INFOs, one function for each type we
472 * support having in them as well as a generic constructor.
474 * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
475 * and will therefore be freed when the OSSL_STORE_INFO is freed.
477 OSSL_STORE_INFO
*OSSL_STORE_INFO_new(int type
, void *data
)
479 OSSL_STORE_INFO
*info
= OPENSSL_zalloc(sizeof(*info
));
489 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_NAME(char *name
)
491 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME
, NULL
);
494 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
498 info
->_
.name
.name
= name
;
499 info
->_
.name
.desc
= NULL
;
504 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO
*info
, char *desc
)
506 if (info
->type
!= OSSL_STORE_INFO_NAME
) {
507 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_PASSED_INVALID_ARGUMENT
);
511 info
->_
.name
.desc
= desc
;
515 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_PARAMS(EVP_PKEY
*params
)
517 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS
, params
);
520 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
524 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY
*pkey
)
526 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY
, pkey
);
529 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
533 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_PKEY(EVP_PKEY
*pkey
)
535 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY
, pkey
);
538 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
542 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_CERT(X509
*x509
)
544 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT
, x509
);
547 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
551 OSSL_STORE_INFO
*OSSL_STORE_INFO_new_CRL(X509_CRL
*crl
)
553 OSSL_STORE_INFO
*info
= OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL
, crl
);
556 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
561 * Functions to try to extract data from a OSSL_STORE_INFO.
563 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO
*info
)
568 void *OSSL_STORE_INFO_get0_data(int type
, const OSSL_STORE_INFO
*info
)
570 if (info
->type
== type
)
575 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO
*info
)
577 if (info
->type
== OSSL_STORE_INFO_NAME
)
578 return info
->_
.name
.name
;
582 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO
*info
)
584 if (info
->type
== OSSL_STORE_INFO_NAME
) {
585 char *ret
= OPENSSL_strdup(info
->_
.name
.name
);
588 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
591 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_NAME
);
595 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO
*info
)
597 if (info
->type
== OSSL_STORE_INFO_NAME
)
598 return info
->_
.name
.desc
;
602 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO
*info
)
604 if (info
->type
== OSSL_STORE_INFO_NAME
) {
605 char *ret
= OPENSSL_strdup(info
->_
.name
.desc
606 ? info
->_
.name
.desc
: "");
609 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
612 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_NAME
);
616 EVP_PKEY
*OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO
*info
)
618 if (info
->type
== OSSL_STORE_INFO_PARAMS
)
619 return info
->_
.params
;
623 EVP_PKEY
*OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO
*info
)
625 if (info
->type
== OSSL_STORE_INFO_PARAMS
) {
626 EVP_PKEY_up_ref(info
->_
.params
);
627 return info
->_
.params
;
629 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_PARAMETERS
);
633 EVP_PKEY
*OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO
*info
)
635 if (info
->type
== OSSL_STORE_INFO_PUBKEY
)
636 return info
->_
.pubkey
;
640 EVP_PKEY
*OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO
*info
)
642 if (info
->type
== OSSL_STORE_INFO_PUBKEY
) {
643 EVP_PKEY_up_ref(info
->_
.pubkey
);
644 return info
->_
.pubkey
;
646 OSSL_STOREerr(0, OSSL_STORE_R_NOT_A_PUBLIC_KEY
);
650 EVP_PKEY
*OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO
*info
)
652 if (info
->type
== OSSL_STORE_INFO_PKEY
)
657 EVP_PKEY
*OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO
*info
)
659 if (info
->type
== OSSL_STORE_INFO_PKEY
) {
660 EVP_PKEY_up_ref(info
->_
.pkey
);
663 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_PRIVATE_KEY
);
667 X509
*OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO
*info
)
669 if (info
->type
== OSSL_STORE_INFO_CERT
)
674 X509
*OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO
*info
)
676 if (info
->type
== OSSL_STORE_INFO_CERT
) {
677 X509_up_ref(info
->_
.x509
);
680 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_CERTIFICATE
);
684 X509_CRL
*OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO
*info
)
686 if (info
->type
== OSSL_STORE_INFO_CRL
)
691 X509_CRL
*OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO
*info
)
693 if (info
->type
== OSSL_STORE_INFO_CRL
) {
694 X509_CRL_up_ref(info
->_
.crl
);
697 ERR_raise(ERR_LIB_OSSL_STORE
, OSSL_STORE_R_NOT_A_CRL
);
702 * Free the OSSL_STORE_INFO
704 void OSSL_STORE_INFO_free(OSSL_STORE_INFO
*info
)
707 switch (info
->type
) {
708 case OSSL_STORE_INFO_NAME
:
709 OPENSSL_free(info
->_
.name
.name
);
710 OPENSSL_free(info
->_
.name
.desc
);
712 case OSSL_STORE_INFO_PARAMS
:
713 EVP_PKEY_free(info
->_
.params
);
715 case OSSL_STORE_INFO_PUBKEY
:
716 EVP_PKEY_free(info
->_
.pubkey
);
718 case OSSL_STORE_INFO_PKEY
:
719 EVP_PKEY_free(info
->_
.pkey
);
721 case OSSL_STORE_INFO_CERT
:
722 X509_free(info
->_
.x509
);
724 case OSSL_STORE_INFO_CRL
:
725 X509_CRL_free(info
->_
.crl
);
732 int OSSL_STORE_supports_search(OSSL_STORE_CTX
*ctx
, int search_type
)
736 if (ctx
->fetched_loader
!= NULL
) {
738 ossl_provider_ctx(OSSL_STORE_LOADER_provider(ctx
->fetched_loader
));
739 const OSSL_PARAM
*params
;
740 const OSSL_PARAM
*p_subject
= NULL
;
741 const OSSL_PARAM
*p_issuer
= NULL
;
742 const OSSL_PARAM
*p_serial
= NULL
;
743 const OSSL_PARAM
*p_fingerprint
= NULL
;
744 const OSSL_PARAM
*p_alias
= NULL
;
746 if (ctx
->fetched_loader
->p_settable_ctx_params
== NULL
)
749 params
= ctx
->fetched_loader
->p_settable_ctx_params(provctx
);
750 p_subject
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_SUBJECT
);
751 p_issuer
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_ISSUER
);
752 p_serial
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_SERIAL
);
754 OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_FINGERPRINT
);
755 p_alias
= OSSL_PARAM_locate_const(params
, OSSL_STORE_PARAM_ALIAS
);
757 switch (search_type
) {
758 case OSSL_STORE_SEARCH_BY_NAME
:
759 ret
= (p_subject
!= NULL
);
761 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
:
762 ret
= (p_issuer
!= NULL
&& p_serial
!= NULL
);
764 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
:
765 ret
= (p_fingerprint
!= NULL
);
767 case OSSL_STORE_SEARCH_BY_ALIAS
:
768 ret
= (p_alias
!= NULL
);
772 if (ctx
->fetched_loader
== NULL
) {
773 OSSL_STORE_SEARCH tmp_search
;
775 if (ctx
->loader
->find
== NULL
)
777 tmp_search
.search_type
= search_type
;
778 ret
= ctx
->loader
->find(NULL
, &tmp_search
);
783 /* Search term constructors */
784 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_name(X509_NAME
*name
)
786 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
788 if (search
== NULL
) {
789 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
793 search
->search_type
= OSSL_STORE_SEARCH_BY_NAME
;
798 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME
*name
,
799 const ASN1_INTEGER
*serial
)
801 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
803 if (search
== NULL
) {
804 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
808 search
->search_type
= OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
;
810 search
->serial
= serial
;
814 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD
*digest
,
818 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
820 if (search
== NULL
) {
821 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
825 if (digest
!= NULL
&& len
!= (size_t)EVP_MD_size(digest
)) {
826 ERR_raise_data(ERR_LIB_OSSL_STORE
,
827 OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST
,
828 "%s size is %d, fingerprint size is %zu",
829 EVP_MD_name(digest
), EVP_MD_size(digest
), len
);
833 search
->search_type
= OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
;
834 search
->digest
= digest
;
835 search
->string
= bytes
;
836 search
->stringlength
= len
;
840 OSSL_STORE_SEARCH
*OSSL_STORE_SEARCH_by_alias(const char *alias
)
842 OSSL_STORE_SEARCH
*search
= OPENSSL_zalloc(sizeof(*search
));
844 if (search
== NULL
) {
845 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
849 search
->search_type
= OSSL_STORE_SEARCH_BY_ALIAS
;
850 search
->string
= (const unsigned char *)alias
;
851 search
->stringlength
= strlen(alias
);
855 /* Search term destructor */
856 void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH
*search
)
858 OPENSSL_free(search
);
861 /* Search term accessors */
862 int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH
*criterion
)
864 return criterion
->search_type
;
867 X509_NAME
*OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH
*criterion
)
869 return criterion
->name
;
872 const ASN1_INTEGER
*OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
875 return criterion
->serial
;
878 const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
879 *criterion
, size_t *length
)
881 *length
= criterion
->stringlength
;
882 return criterion
->string
;
885 const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH
*criterion
)
887 return (const char *)criterion
->string
;
890 const EVP_MD
*OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH
*criterion
)
892 return criterion
->digest
;
895 OSSL_STORE_CTX
*OSSL_STORE_attach(BIO
*bp
, const char *scheme
,
896 OPENSSL_CTX
*libctx
, const char *propq
,
897 const UI_METHOD
*ui_method
, void *ui_data
,
898 OSSL_STORE_post_process_info_fn post_process
,
899 void *post_process_data
)
901 const OSSL_STORE_LOADER
*loader
= NULL
;
902 OSSL_STORE_LOADER
*fetched_loader
= NULL
;
903 OSSL_STORE_LOADER_CTX
*loader_ctx
= NULL
;
904 OSSL_STORE_CTX
*ctx
= NULL
;
909 OSSL_TRACE1(STORE
, "Looking up scheme %s\n", scheme
);
910 if ((loader
= ossl_store_get0_loader_int(scheme
)) != NULL
)
911 loader_ctx
= loader
->attach(loader
, bp
, libctx
, propq
,
915 OSSL_STORE_LOADER_fetch(scheme
, libctx
, propq
)) != NULL
) {
916 const OSSL_PROVIDER
*provider
=
917 OSSL_STORE_LOADER_provider(fetched_loader
);
918 void *provctx
= OSSL_PROVIDER_get0_provider_ctx(provider
);
921 fetched_loader
->p_attach(provctx
, (OSSL_CORE_BIO
*)bp
)) == NULL
) {
922 OSSL_STORE_LOADER_free(fetched_loader
);
923 fetched_loader
= NULL
;
924 } else if (propq
!= NULL
) {
925 OSSL_PARAM params
[] = {
926 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES
,
931 params
[0].data
= (void *)propq
;
932 if (!fetched_loader
->p_set_ctx_params(loader_ctx
, params
)) {
933 (void)fetched_loader
->p_close(loader_ctx
);
934 OSSL_STORE_LOADER_free(fetched_loader
);
935 fetched_loader
= NULL
;
938 loader
= fetched_loader
;
941 if (loader_ctx
== NULL
)
944 if ((ctx
= OPENSSL_zalloc(sizeof(*ctx
))) == NULL
) {
945 ERR_raise(ERR_LIB_OSSL_STORE
, ERR_R_MALLOC_FAILURE
);
949 (void)ossl_pw_set_ui_method(&ctx
->pwdata
, ui_method
, ui_data
);
950 ctx
->fetched_loader
= fetched_loader
;
951 ctx
->loader
= loader
;
952 ctx
->loader_ctx
= loader_ctx
;
953 ctx
->post_process
= post_process
;
954 ctx
->post_process_data
= post_process_data
;