]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/store/store_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
STORE: Move the built-in 'file:' loader to become an engine module
[thirdparty/openssl.git] / crypto / store / store_lib.c
1 /*
2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdlib.h>
11 #include <string.h>
12 #include <assert.h>
13
14 #include "e_os.h"
15
16 #include <openssl/crypto.h>
17 #include <openssl/err.h>
18 #include <openssl/trace.h>
19 #include <openssl/core_names.h>
20 #include <openssl/provider.h>
21 #include <openssl/param_build.h>
22 #include <openssl/store.h>
23 #include "internal/thread_once.h"
24 #include "internal/cryptlib.h"
25 #include "internal/provider.h"
26 #include "crypto/store.h"
27 #include "store_local.h"
28
29 static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
30
31 OSSL_STORE_CTX *
32 OSSL_STORE_open_with_libctx(const char *uri,
33 OPENSSL_CTX *libctx, const char *propq,
34 const UI_METHOD *ui_method, void *ui_data,
35 OSSL_STORE_post_process_info_fn post_process,
36 void *post_process_data)
37 {
38 const OSSL_STORE_LOADER *loader = NULL;
39 OSSL_STORE_LOADER *fetched_loader = NULL;
40 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
41 OSSL_STORE_CTX *ctx = NULL;
42 char *propq_copy = NULL;
43 char scheme_copy[256], *p, *schemes[2];
44 size_t schemes_n = 0;
45 size_t i;
46
47 /*
48 * Put the file scheme first. If the uri does represent an existing file,
49 * possible device name and all, then it should be loaded. Only a failed
50 * attempt at loading a local file should have us try something else.
51 */
52 schemes[schemes_n++] = "file";
53
54 /*
55 * Now, check if we have something that looks like a scheme, and add it
56 * as a second scheme. However, also check if there's an authority start
57 * (://), because that will invalidate the previous file scheme. Also,
58 * check that this isn't actually the file scheme, as there's no point
59 * going through that one twice!
60 */
61 OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
62 if ((p = strchr(scheme_copy, ':')) != NULL) {
63 *p++ = '\0';
64 if (strcasecmp(scheme_copy, "file") != 0) {
65 if (strncmp(p, "//", 2) == 0)
66 schemes_n--; /* Invalidate the file scheme */
67 schemes[schemes_n++] = scheme_copy;
68 }
69 }
70
71 ERR_set_mark();
72
73 /*
74 * Try each scheme until we find one that could open the URI.
75 *
76 * For each scheme, we look for the engine implementation first, and
77 * failing that, we then try to fetch a provided implementation.
78 * This is consistent with how we handle legacy / engine implementations
79 * elsewhere.
80 */
81 for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
82 OSSL_TRACE1(STORE, "Looking up scheme %s\n", schemes[i]);
83 if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) {
84 if (loader->open_with_libctx != NULL)
85 loader_ctx = loader->open_with_libctx(loader, uri, libctx, propq,
86 ui_method, ui_data);
87 else
88 loader_ctx = loader->open(loader, uri, ui_method, ui_data);
89 }
90 if (loader == NULL
91 && (fetched_loader =
92 OSSL_STORE_LOADER_fetch(schemes[i], libctx, propq)) != NULL) {
93 const OSSL_PROVIDER *provider =
94 OSSL_STORE_LOADER_provider(fetched_loader);
95 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
96
97 loader_ctx = fetched_loader->p_open(provctx, uri);
98 if (loader_ctx == NULL) {
99 OSSL_STORE_LOADER_free(fetched_loader);
100 fetched_loader = NULL;
101 } else if (propq != NULL) {
102 OSSL_PARAM params[] = {
103 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
104 NULL, 0),
105 OSSL_PARAM_END
106 };
107
108 params[0].data = (void *)propq;
109 if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
110 (void)fetched_loader->p_close(loader_ctx);
111 OSSL_STORE_LOADER_free(fetched_loader);
112 fetched_loader = NULL;
113 }
114 }
115 loader = fetched_loader;
116 }
117 }
118
119 if (loader != NULL)
120 OSSL_TRACE1(STORE, "Found loader for scheme %s\n", schemes[i]);
121
122 if (loader_ctx == NULL)
123 goto err;
124
125 OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
126
127 if ((propq != NULL && (propq_copy = OPENSSL_strdup(propq)) == NULL)
128 || (ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
129 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
130 goto err;
131 }
132
133 if ((ui_method != NULL
134 && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data))
135 || !ossl_pw_enable_passphrase_caching(&ctx->pwdata)) {
136 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
137 goto err;
138 }
139 ctx->properties = propq_copy;
140 ctx->fetched_loader = fetched_loader;
141 ctx->loader = loader;
142 ctx->loader_ctx = loader_ctx;
143 ctx->post_process = post_process;
144 ctx->post_process_data = post_process_data;
145
146 /*
147 * If the attempt to open with the 'file' scheme loader failed and the
148 * other scheme loader succeeded, the failure to open with the 'file'
149 * scheme loader leaves an error on the error stack. Let's remove it.
150 */
151 ERR_pop_to_mark();
152
153 return ctx;
154
155 err:
156 ERR_clear_last_mark();
157 if (loader_ctx != NULL) {
158 /*
159 * Temporary structure so OSSL_STORE_close() can work even when
160 * |ctx| couldn't be allocated properly
161 */
162 OSSL_STORE_CTX tmpctx = { NULL, };
163
164 tmpctx.fetched_loader = fetched_loader;
165 tmpctx.loader = loader;
166 tmpctx.loader_ctx = loader_ctx;
167
168 /*
169 * We ignore a returned error because we will return NULL anyway in
170 * this case, so if something goes wrong when closing, that'll simply
171 * just add another entry on the error stack.
172 */
173 (void)ossl_store_close_it(&tmpctx);
174 }
175 OSSL_STORE_LOADER_free(fetched_loader);
176 OPENSSL_free(propq_copy);
177 return NULL;
178 }
179
180 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
181 const UI_METHOD *ui_method, void *ui_data,
182 OSSL_STORE_post_process_info_fn post_process,
183 void *post_process_data)
184 {
185 return OSSL_STORE_open_with_libctx(uri, NULL, NULL, ui_method, ui_data,
186 post_process, post_process_data);
187 }
188
189 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
190 {
191 va_list args;
192 int ret;
193
194 va_start(args, cmd);
195 ret = OSSL_STORE_vctrl(ctx, cmd, args);
196 va_end(args);
197
198 return ret;
199 }
200
201 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
202 {
203 if (ctx->fetched_loader != NULL) {
204 if (ctx->fetched_loader->p_set_ctx_params != NULL) {
205 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
206
207 switch (cmd) {
208 case OSSL_STORE_C_USE_SECMEM:
209 {
210 int on = *(va_arg(args, int *));
211
212 params[0] = OSSL_PARAM_construct_int("use_secmem", &on);
213 }
214 break;
215 default:
216 break;
217 }
218
219 return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
220 params);
221 }
222 } else if (ctx->loader->ctrl != NULL) {
223 return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
224 }
225
226 /*
227 * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
228 * if there was one that ignored our params, which usually returns 1.
229 */
230 return 1;
231 }
232
233 int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
234 {
235 int ret = 1;
236
237 if (ctx->loading) {
238 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
239 return 0;
240 }
241
242 ctx->expected_type = expected_type;
243 if (ctx->fetched_loader != NULL
244 && ctx->fetched_loader->p_set_ctx_params != NULL) {
245 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
246
247 params[0] =
248 OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type);
249 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, params);
250 }
251 #ifndef OPENSSL_NO_DEPRECATED_3_0
252 if (ctx->fetched_loader == NULL
253 && ctx->loader->expect != NULL) {
254 ret = ctx->loader->expect(ctx->loader_ctx, expected_type);
255 }
256 #endif
257 return ret;
258 }
259
260 int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search)
261 {
262 int ret = 1;
263
264 if (ctx->loading) {
265 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
266 return 0;
267 }
268
269 if (ctx->fetched_loader != NULL) {
270 OSSL_PARAM_BLD *bld;
271 OSSL_PARAM *params;
272 /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
273 void *name_der = NULL;
274 int name_der_sz;
275 /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
276 BIGNUM *number = NULL;
277
278 if (ctx->fetched_loader->p_set_ctx_params == NULL) {
279 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
280 return 0;
281 }
282
283 if ((bld = OSSL_PARAM_BLD_new()) == NULL) {
284 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
285 return 0;
286 }
287
288 ret = 0; /* Assume the worst */
289
290 switch (search->search_type) {
291 case OSSL_STORE_SEARCH_BY_NAME:
292 if ((name_der_sz = i2d_X509_NAME(search->name,
293 (unsigned char **)&name_der)) > 0
294 && OSSL_PARAM_BLD_push_octet_string(bld,
295 OSSL_STORE_PARAM_SUBJECT,
296 name_der, name_der_sz))
297 ret = 1;
298 break;
299 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
300 if ((name_der_sz = i2d_X509_NAME(search->name,
301 (unsigned char **)&name_der)) > 0
302 && (number = ASN1_INTEGER_to_BN(search->serial, NULL)) != NULL
303 && OSSL_PARAM_BLD_push_octet_string(bld,
304 OSSL_STORE_PARAM_ISSUER,
305 name_der, name_der_sz)
306 && OSSL_PARAM_BLD_push_BN(bld, OSSL_STORE_PARAM_SERIAL,
307 number))
308 ret = 1;
309 break;
310 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
311 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST,
312 EVP_MD_name(search->digest), 0)
313 && OSSL_PARAM_BLD_push_octet_string(bld,
314 OSSL_STORE_PARAM_FINGERPRINT,
315 search->string,
316 search->stringlength))
317 ret = 1;
318 break;
319 case OSSL_STORE_SEARCH_BY_ALIAS:
320 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_ALIAS,
321 (char *)search->string,
322 search->stringlength))
323 ret = 1;
324 break;
325 }
326 if (ret) {
327 params = OSSL_PARAM_BLD_to_param(bld);
328 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
329 params);
330 OSSL_PARAM_BLD_free_params(params);
331 }
332 OSSL_PARAM_BLD_free(bld);
333 OPENSSL_free(name_der);
334 BN_free(number);
335 } else {
336 /* legacy loader section */
337 if (ctx->loader->find == NULL) {
338 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
339 return 0;
340 }
341 ret = ctx->loader->find(ctx->loader_ctx, search);
342 }
343
344 return ret;
345 }
346
347 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
348 {
349 OSSL_STORE_INFO *v = NULL;
350
351 ctx->loading = 1;
352 again:
353 if (OSSL_STORE_eof(ctx))
354 return NULL;
355
356 if (ctx->loader != NULL)
357 OSSL_TRACE(STORE, "Loading next object\n");
358
359 if (ctx->cached_info != NULL
360 && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
361 sk_OSSL_STORE_INFO_free(ctx->cached_info);
362 ctx->cached_info = NULL;
363 }
364
365 if (ctx->cached_info != NULL) {
366 v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
367 } else {
368 if (ctx->fetched_loader != NULL) {
369 struct ossl_load_result_data_st load_data;
370
371 load_data.v = NULL;
372 load_data.ctx = ctx;
373
374 if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
375 ossl_store_handle_load_result,
376 &load_data,
377 ossl_pw_passphrase_callback_dec,
378 &ctx->pwdata)) {
379 if (!OSSL_STORE_eof(ctx))
380 ctx->error_flag = 1;
381 return NULL;
382 }
383 v = load_data.v;
384 }
385 if (ctx->fetched_loader == NULL)
386 v = ctx->loader->load(ctx->loader_ctx,
387 ctx->pwdata._.ui_method.ui_method,
388 ctx->pwdata._.ui_method.ui_method_data);
389 }
390
391 if (ctx->post_process != NULL && v != NULL) {
392 v = ctx->post_process(v, ctx->post_process_data);
393
394 /*
395 * By returning NULL, the callback decides that this object should
396 * be ignored.
397 */
398 if (v == NULL)
399 goto again;
400 }
401
402 if (v != NULL && ctx->expected_type != 0) {
403 int returned_type = OSSL_STORE_INFO_get_type(v);
404
405 if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
406 if (ctx->expected_type != returned_type) {
407 OSSL_STORE_INFO_free(v);
408 goto again;
409 }
410 }
411 }
412
413 ossl_pw_clear_passphrase_cache(&ctx->pwdata);
414 if (v != NULL)
415 OSSL_TRACE1(STORE, "Got a %s\n",
416 OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
417
418 return v;
419 }
420
421 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
422 {
423 int ret = 1;
424
425 if (ctx->fetched_loader != NULL)
426 ret = ctx->error_flag;
427 if (ctx->fetched_loader == NULL)
428 ret = ctx->loader->error(ctx->loader_ctx);
429 return ret;
430 }
431
432 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
433 {
434 int ret = 1;
435
436 if (ctx->fetched_loader != NULL)
437 ret = ctx->loader->p_eof(ctx->loader_ctx);
438 if (ctx->fetched_loader == NULL)
439 ret = ctx->loader->eof(ctx->loader_ctx);
440 return ret;
441 }
442
443 static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
444 {
445 int ret = 0;
446
447 if (ctx == NULL)
448 return 1;
449 OSSL_TRACE1(STORE, "Closing %p\n", (void *)ctx->loader_ctx);
450
451 if (ctx->fetched_loader != NULL)
452 ret = ctx->loader->p_close(ctx->loader_ctx);
453 if (ctx->fetched_loader == NULL)
454 ret = ctx->loader->close(ctx->loader_ctx);
455
456 sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free);
457 OSSL_STORE_LOADER_free(ctx->fetched_loader);
458 OPENSSL_free(ctx->properties);
459 return ret;
460 }
461
462 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
463 {
464 int ret = ossl_store_close_it(ctx);
465
466 OPENSSL_free(ctx);
467 return ret;
468 }
469
470 /*
471 * Functions to generate OSSL_STORE_INFOs, one function for each type we
472 * support having in them as well as a generic constructor.
473 *
474 * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
475 * and will therefore be freed when the OSSL_STORE_INFO is freed.
476 */
477 OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data)
478 {
479 OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
480
481 if (info == NULL)
482 return NULL;
483
484 info->type = type;
485 info->_.data = data;
486 return info;
487 }
488
489 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
490 {
491 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL);
492
493 if (info == NULL) {
494 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
495 return NULL;
496 }
497
498 info->_.name.name = name;
499 info->_.name.desc = NULL;
500
501 return info;
502 }
503
504 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
505 {
506 if (info->type != OSSL_STORE_INFO_NAME) {
507 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
508 return 0;
509 }
510
511 info->_.name.desc = desc;
512
513 return 1;
514 }
515 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
516 {
517 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params);
518
519 if (info == NULL)
520 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
521 return info;
522 }
523
524 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
525 {
526 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey);
527
528 if (info == NULL)
529 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
530 return info;
531 }
532
533 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
534 {
535 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey);
536
537 if (info == NULL)
538 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
539 return info;
540 }
541
542 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
543 {
544 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509);
545
546 if (info == NULL)
547 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
548 return info;
549 }
550
551 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
552 {
553 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl);
554
555 if (info == NULL)
556 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
557 return info;
558 }
559
560 /*
561 * Functions to try to extract data from a OSSL_STORE_INFO.
562 */
563 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
564 {
565 return info->type;
566 }
567
568 void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info)
569 {
570 if (info->type == type)
571 return info->_.data;
572 return NULL;
573 }
574
575 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
576 {
577 if (info->type == OSSL_STORE_INFO_NAME)
578 return info->_.name.name;
579 return NULL;
580 }
581
582 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
583 {
584 if (info->type == OSSL_STORE_INFO_NAME) {
585 char *ret = OPENSSL_strdup(info->_.name.name);
586
587 if (ret == NULL)
588 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
589 return ret;
590 }
591 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
592 return NULL;
593 }
594
595 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
596 {
597 if (info->type == OSSL_STORE_INFO_NAME)
598 return info->_.name.desc;
599 return NULL;
600 }
601
602 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
603 {
604 if (info->type == OSSL_STORE_INFO_NAME) {
605 char *ret = OPENSSL_strdup(info->_.name.desc
606 ? info->_.name.desc : "");
607
608 if (ret == NULL)
609 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
610 return ret;
611 }
612 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
613 return NULL;
614 }
615
616 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
617 {
618 if (info->type == OSSL_STORE_INFO_PARAMS)
619 return info->_.params;
620 return NULL;
621 }
622
623 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
624 {
625 if (info->type == OSSL_STORE_INFO_PARAMS) {
626 EVP_PKEY_up_ref(info->_.params);
627 return info->_.params;
628 }
629 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS);
630 return NULL;
631 }
632
633 EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info)
634 {
635 if (info->type == OSSL_STORE_INFO_PUBKEY)
636 return info->_.pubkey;
637 return NULL;
638 }
639
640 EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info)
641 {
642 if (info->type == OSSL_STORE_INFO_PUBKEY) {
643 EVP_PKEY_up_ref(info->_.pubkey);
644 return info->_.pubkey;
645 }
646 OSSL_STOREerr(0, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
647 return NULL;
648 }
649
650 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
651 {
652 if (info->type == OSSL_STORE_INFO_PKEY)
653 return info->_.pkey;
654 return NULL;
655 }
656
657 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
658 {
659 if (info->type == OSSL_STORE_INFO_PKEY) {
660 EVP_PKEY_up_ref(info->_.pkey);
661 return info->_.pkey;
662 }
663 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PRIVATE_KEY);
664 return NULL;
665 }
666
667 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
668 {
669 if (info->type == OSSL_STORE_INFO_CERT)
670 return info->_.x509;
671 return NULL;
672 }
673
674 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
675 {
676 if (info->type == OSSL_STORE_INFO_CERT) {
677 X509_up_ref(info->_.x509);
678 return info->_.x509;
679 }
680 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE);
681 return NULL;
682 }
683
684 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
685 {
686 if (info->type == OSSL_STORE_INFO_CRL)
687 return info->_.crl;
688 return NULL;
689 }
690
691 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
692 {
693 if (info->type == OSSL_STORE_INFO_CRL) {
694 X509_CRL_up_ref(info->_.crl);
695 return info->_.crl;
696 }
697 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL);
698 return NULL;
699 }
700
701 /*
702 * Free the OSSL_STORE_INFO
703 */
704 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
705 {
706 if (info != NULL) {
707 switch (info->type) {
708 case OSSL_STORE_INFO_NAME:
709 OPENSSL_free(info->_.name.name);
710 OPENSSL_free(info->_.name.desc);
711 break;
712 case OSSL_STORE_INFO_PARAMS:
713 EVP_PKEY_free(info->_.params);
714 break;
715 case OSSL_STORE_INFO_PUBKEY:
716 EVP_PKEY_free(info->_.pubkey);
717 break;
718 case OSSL_STORE_INFO_PKEY:
719 EVP_PKEY_free(info->_.pkey);
720 break;
721 case OSSL_STORE_INFO_CERT:
722 X509_free(info->_.x509);
723 break;
724 case OSSL_STORE_INFO_CRL:
725 X509_CRL_free(info->_.crl);
726 break;
727 }
728 OPENSSL_free(info);
729 }
730 }
731
732 int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
733 {
734 int ret = 0;
735
736 if (ctx->fetched_loader != NULL) {
737 void *provctx =
738 ossl_provider_ctx(OSSL_STORE_LOADER_provider(ctx->fetched_loader));
739 const OSSL_PARAM *params;
740 const OSSL_PARAM *p_subject = NULL;
741 const OSSL_PARAM *p_issuer = NULL;
742 const OSSL_PARAM *p_serial = NULL;
743 const OSSL_PARAM *p_fingerprint = NULL;
744 const OSSL_PARAM *p_alias = NULL;
745
746 if (ctx->fetched_loader->p_settable_ctx_params == NULL)
747 return 0;
748
749 params = ctx->fetched_loader->p_settable_ctx_params(provctx);
750 p_subject = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
751 p_issuer = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ISSUER);
752 p_serial = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SERIAL);
753 p_fingerprint =
754 OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT);
755 p_alias = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ALIAS);
756
757 switch (search_type) {
758 case OSSL_STORE_SEARCH_BY_NAME:
759 ret = (p_subject != NULL);
760 break;
761 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
762 ret = (p_issuer != NULL && p_serial != NULL);
763 break;
764 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
765 ret = (p_fingerprint != NULL);
766 break;
767 case OSSL_STORE_SEARCH_BY_ALIAS:
768 ret = (p_alias != NULL);
769 break;
770 }
771 }
772 if (ctx->fetched_loader == NULL) {
773 OSSL_STORE_SEARCH tmp_search;
774
775 if (ctx->loader->find == NULL)
776 return 0;
777 tmp_search.search_type = search_type;
778 ret = ctx->loader->find(NULL, &tmp_search);
779 }
780 return ret;
781 }
782
783 /* Search term constructors */
784 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
785 {
786 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
787
788 if (search == NULL) {
789 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
790 return NULL;
791 }
792
793 search->search_type = OSSL_STORE_SEARCH_BY_NAME;
794 search->name = name;
795 return search;
796 }
797
798 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
799 const ASN1_INTEGER *serial)
800 {
801 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
802
803 if (search == NULL) {
804 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
805 return NULL;
806 }
807
808 search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
809 search->name = name;
810 search->serial = serial;
811 return search;
812 }
813
814 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
815 const unsigned char
816 *bytes, size_t len)
817 {
818 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
819
820 if (search == NULL) {
821 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
822 return NULL;
823 }
824
825 if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
826 ERR_raise_data(ERR_LIB_OSSL_STORE,
827 OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
828 "%s size is %d, fingerprint size is %zu",
829 EVP_MD_name(digest), EVP_MD_size(digest), len);
830 return NULL;
831 }
832
833 search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
834 search->digest = digest;
835 search->string = bytes;
836 search->stringlength = len;
837 return search;
838 }
839
840 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
841 {
842 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
843
844 if (search == NULL) {
845 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
846 return NULL;
847 }
848
849 search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
850 search->string = (const unsigned char *)alias;
851 search->stringlength = strlen(alias);
852 return search;
853 }
854
855 /* Search term destructor */
856 void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
857 {
858 OPENSSL_free(search);
859 }
860
861 /* Search term accessors */
862 int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
863 {
864 return criterion->search_type;
865 }
866
867 X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion)
868 {
869 return criterion->name;
870 }
871
872 const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
873 *criterion)
874 {
875 return criterion->serial;
876 }
877
878 const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
879 *criterion, size_t *length)
880 {
881 *length = criterion->stringlength;
882 return criterion->string;
883 }
884
885 const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
886 {
887 return (const char *)criterion->string;
888 }
889
890 const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
891 {
892 return criterion->digest;
893 }
894
895 OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
896 OPENSSL_CTX *libctx, const char *propq,
897 const UI_METHOD *ui_method, void *ui_data,
898 OSSL_STORE_post_process_info_fn post_process,
899 void *post_process_data)
900 {
901 const OSSL_STORE_LOADER *loader = NULL;
902 OSSL_STORE_LOADER *fetched_loader = NULL;
903 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
904 OSSL_STORE_CTX *ctx = NULL;
905
906 if (scheme == NULL)
907 scheme = "file";
908
909 OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
910 if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
911 loader_ctx = loader->attach(loader, bp, libctx, propq,
912 ui_method, ui_data);
913 if (loader == NULL
914 && (fetched_loader =
915 OSSL_STORE_LOADER_fetch(scheme, libctx, propq)) != NULL) {
916 const OSSL_PROVIDER *provider =
917 OSSL_STORE_LOADER_provider(fetched_loader);
918 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
919
920 if ((loader_ctx =
921 fetched_loader->p_attach(provctx, (OSSL_CORE_BIO *)bp)) == NULL) {
922 OSSL_STORE_LOADER_free(fetched_loader);
923 fetched_loader = NULL;
924 } else if (propq != NULL) {
925 OSSL_PARAM params[] = {
926 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
927 NULL, 0),
928 OSSL_PARAM_END
929 };
930
931 params[0].data = (void *)propq;
932 if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
933 (void)fetched_loader->p_close(loader_ctx);
934 OSSL_STORE_LOADER_free(fetched_loader);
935 fetched_loader = NULL;
936 }
937 }
938 loader = fetched_loader;
939 }
940
941 if (loader_ctx == NULL)
942 return NULL;
943
944 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
945 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
946 return NULL;
947 }
948
949 (void)ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
950 ctx->fetched_loader = fetched_loader;
951 ctx->loader = loader;
952 ctx->loader_ctx = loader_ctx;
953 ctx->post_process = post_process;
954 ctx->post_process_data = post_process_data;
955
956 return ctx;
957 }
A mirror of the official openssl repository