]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/store/store_lib.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright year
[thirdparty/openssl.git] / crypto / store / store_lib.c
1 /*
2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdlib.h>
11 #include <string.h>
12 #include <assert.h>
13
14 /* We need to use some STORE deprecated APIs */
15 #define OPENSSL_SUPPRESS_DEPRECATED
16
17 #include "e_os.h"
18
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/trace.h>
22 #include <openssl/core_names.h>
23 #include <openssl/provider.h>
24 #include <openssl/param_build.h>
25 #include <openssl/store.h>
26 #include "internal/thread_once.h"
27 #include "internal/cryptlib.h"
28 #include "internal/provider.h"
29 #include "internal/bio.h"
30 #include "crypto/store.h"
31 #include "store_local.h"
32
33 static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
34
35 OSSL_STORE_CTX *
36 OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
37 const UI_METHOD *ui_method, void *ui_data,
38 OSSL_STORE_post_process_info_fn post_process,
39 void *post_process_data)
40 {
41 const OSSL_STORE_LOADER *loader = NULL;
42 OSSL_STORE_LOADER *fetched_loader = NULL;
43 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
44 OSSL_STORE_CTX *ctx = NULL;
45 char *propq_copy = NULL;
46 char scheme_copy[256], *p, *schemes[2];
47 size_t schemes_n = 0;
48 size_t i;
49
50 /*
51 * Put the file scheme first. If the uri does represent an existing file,
52 * possible device name and all, then it should be loaded. Only a failed
53 * attempt at loading a local file should have us try something else.
54 */
55 schemes[schemes_n++] = "file";
56
57 /*
58 * Now, check if we have something that looks like a scheme, and add it
59 * as a second scheme. However, also check if there's an authority start
60 * (://), because that will invalidate the previous file scheme. Also,
61 * check that this isn't actually the file scheme, as there's no point
62 * going through that one twice!
63 */
64 OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
65 if ((p = strchr(scheme_copy, ':')) != NULL) {
66 *p++ = '\0';
67 if (strcasecmp(scheme_copy, "file") != 0) {
68 if (strncmp(p, "//", 2) == 0)
69 schemes_n--; /* Invalidate the file scheme */
70 schemes[schemes_n++] = scheme_copy;
71 }
72 }
73
74 ERR_set_mark();
75
76 /*
77 * Try each scheme until we find one that could open the URI.
78 *
79 * For each scheme, we look for the engine implementation first, and
80 * failing that, we then try to fetch a provided implementation.
81 * This is consistent with how we handle legacy / engine implementations
82 * elsewhere.
83 */
84 for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
85 OSSL_TRACE1(STORE, "Looking up scheme %s\n", schemes[i]);
86 #ifndef OPENSSL_NO_DEPRECATED_3_0
87 if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) {
88 if (loader->open_ex != NULL)
89 loader_ctx = loader->open_ex(loader, uri, libctx, propq,
90 ui_method, ui_data);
91 else
92 loader_ctx = loader->open(loader, uri, ui_method, ui_data);
93 }
94 #endif
95 if (loader == NULL
96 && (fetched_loader =
97 OSSL_STORE_LOADER_fetch(schemes[i], libctx, propq)) != NULL) {
98 const OSSL_PROVIDER *provider =
99 OSSL_STORE_LOADER_provider(fetched_loader);
100 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
101
102 loader_ctx = fetched_loader->p_open(provctx, uri);
103 if (loader_ctx == NULL) {
104 OSSL_STORE_LOADER_free(fetched_loader);
105 fetched_loader = NULL;
106 } else if (propq != NULL) {
107 OSSL_PARAM params[2];
108
109 params[0] = OSSL_PARAM_construct_utf8_string(
110 OSSL_STORE_PARAM_PROPERTIES, (char *)propq, 0);
111 params[1] = OSSL_PARAM_construct_end();
112
113 if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
114 (void)fetched_loader->p_close(loader_ctx);
115 OSSL_STORE_LOADER_free(fetched_loader);
116 fetched_loader = NULL;
117 }
118 }
119 loader = fetched_loader;
120 }
121 }
122
123 if (loader != NULL)
124 OSSL_TRACE1(STORE, "Found loader for scheme %s\n", schemes[i]);
125
126 if (loader_ctx == NULL)
127 goto err;
128
129 OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
130
131 if ((propq != NULL && (propq_copy = OPENSSL_strdup(propq)) == NULL)
132 || (ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
133 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
134 goto err;
135 }
136
137 if (ui_method != NULL
138 && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
139 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
140 goto err;
141 }
142 ctx->properties = propq_copy;
143 ctx->fetched_loader = fetched_loader;
144 ctx->loader = loader;
145 ctx->loader_ctx = loader_ctx;
146 ctx->post_process = post_process;
147 ctx->post_process_data = post_process_data;
148
149 /*
150 * If the attempt to open with the 'file' scheme loader failed and the
151 * other scheme loader succeeded, the failure to open with the 'file'
152 * scheme loader leaves an error on the error stack. Let's remove it.
153 */
154 ERR_pop_to_mark();
155
156 return ctx;
157
158 err:
159 ERR_clear_last_mark();
160 if (loader_ctx != NULL) {
161 /*
162 * Temporary structure so OSSL_STORE_close() can work even when
163 * |ctx| couldn't be allocated properly
164 */
165 OSSL_STORE_CTX tmpctx = { NULL, };
166
167 tmpctx.fetched_loader = fetched_loader;
168 tmpctx.loader = loader;
169 tmpctx.loader_ctx = loader_ctx;
170
171 /*
172 * We ignore a returned error because we will return NULL anyway in
173 * this case, so if something goes wrong when closing, that'll simply
174 * just add another entry on the error stack.
175 */
176 (void)ossl_store_close_it(&tmpctx);
177 }
178 OSSL_STORE_LOADER_free(fetched_loader);
179 OPENSSL_free(propq_copy);
180 OPENSSL_free(ctx);
181 return NULL;
182 }
183
184 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
185 const UI_METHOD *ui_method, void *ui_data,
186 OSSL_STORE_post_process_info_fn post_process,
187 void *post_process_data)
188 {
189 return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, post_process,
190 post_process_data);
191 }
192
193 #ifndef OPENSSL_NO_DEPRECATED_3_0
194 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
195 {
196 va_list args;
197 int ret;
198
199 va_start(args, cmd);
200 ret = OSSL_STORE_vctrl(ctx, cmd, args);
201 va_end(args);
202
203 return ret;
204 }
205
206 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
207 {
208 if (ctx->fetched_loader != NULL) {
209 if (ctx->fetched_loader->p_set_ctx_params != NULL) {
210 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
211
212 switch (cmd) {
213 case OSSL_STORE_C_USE_SECMEM:
214 {
215 int on = *(va_arg(args, int *));
216
217 params[0] = OSSL_PARAM_construct_int("use_secmem", &on);
218 }
219 break;
220 default:
221 break;
222 }
223
224 return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
225 params);
226 }
227 } else if (ctx->loader->ctrl != NULL) {
228 return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
229 }
230
231 /*
232 * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
233 * if there was one that ignored our params, which usually returns 1.
234 */
235 return 1;
236 }
237 #endif
238
239 int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
240 {
241 int ret = 1;
242
243 if (ctx->loading) {
244 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
245 return 0;
246 }
247
248 ctx->expected_type = expected_type;
249 if (ctx->fetched_loader != NULL
250 && ctx->fetched_loader->p_set_ctx_params != NULL) {
251 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
252
253 params[0] =
254 OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type);
255 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, params);
256 }
257 #ifndef OPENSSL_NO_DEPRECATED_3_0
258 if (ctx->fetched_loader == NULL
259 && ctx->loader->expect != NULL) {
260 ret = ctx->loader->expect(ctx->loader_ctx, expected_type);
261 }
262 #endif
263 return ret;
264 }
265
266 int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search)
267 {
268 int ret = 1;
269
270 if (ctx->loading) {
271 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
272 return 0;
273 }
274 if (search == NULL) {
275 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
276 return 0;
277 }
278
279 if (ctx->fetched_loader != NULL) {
280 OSSL_PARAM_BLD *bld;
281 OSSL_PARAM *params;
282 /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
283 void *name_der = NULL;
284 int name_der_sz;
285 /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
286 BIGNUM *number = NULL;
287
288 if (ctx->fetched_loader->p_set_ctx_params == NULL) {
289 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
290 return 0;
291 }
292
293 if ((bld = OSSL_PARAM_BLD_new()) == NULL) {
294 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
295 return 0;
296 }
297
298 ret = 0; /* Assume the worst */
299
300 switch (search->search_type) {
301 case OSSL_STORE_SEARCH_BY_NAME:
302 if ((name_der_sz = i2d_X509_NAME(search->name,
303 (unsigned char **)&name_der)) > 0
304 && OSSL_PARAM_BLD_push_octet_string(bld,
305 OSSL_STORE_PARAM_SUBJECT,
306 name_der, name_der_sz))
307 ret = 1;
308 break;
309 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
310 if ((name_der_sz = i2d_X509_NAME(search->name,
311 (unsigned char **)&name_der)) > 0
312 && (number = ASN1_INTEGER_to_BN(search->serial, NULL)) != NULL
313 && OSSL_PARAM_BLD_push_octet_string(bld,
314 OSSL_STORE_PARAM_ISSUER,
315 name_der, name_der_sz)
316 && OSSL_PARAM_BLD_push_BN(bld, OSSL_STORE_PARAM_SERIAL,
317 number))
318 ret = 1;
319 break;
320 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
321 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST,
322 EVP_MD_name(search->digest), 0)
323 && OSSL_PARAM_BLD_push_octet_string(bld,
324 OSSL_STORE_PARAM_FINGERPRINT,
325 search->string,
326 search->stringlength))
327 ret = 1;
328 break;
329 case OSSL_STORE_SEARCH_BY_ALIAS:
330 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_ALIAS,
331 (char *)search->string,
332 search->stringlength))
333 ret = 1;
334 break;
335 }
336 if (ret) {
337 params = OSSL_PARAM_BLD_to_param(bld);
338 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
339 params);
340 OSSL_PARAM_BLD_free_params(params);
341 }
342 OSSL_PARAM_BLD_free(bld);
343 OPENSSL_free(name_der);
344 BN_free(number);
345 } else {
346 #ifndef OPENSSL_NO_DEPRECATED_3_0
347 /* legacy loader section */
348 if (ctx->loader->find == NULL) {
349 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
350 return 0;
351 }
352 ret = ctx->loader->find(ctx->loader_ctx, search);
353 #endif
354 }
355
356 return ret;
357 }
358
359 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
360 {
361 OSSL_STORE_INFO *v = NULL;
362
363 ctx->loading = 1;
364 again:
365 if (OSSL_STORE_eof(ctx))
366 return NULL;
367
368 if (ctx->loader != NULL)
369 OSSL_TRACE(STORE, "Loading next object\n");
370
371 if (ctx->cached_info != NULL
372 && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
373 sk_OSSL_STORE_INFO_free(ctx->cached_info);
374 ctx->cached_info = NULL;
375 }
376
377 if (ctx->cached_info != NULL) {
378 v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
379 } else {
380 if (ctx->fetched_loader != NULL) {
381 struct ossl_load_result_data_st load_data;
382
383 load_data.v = NULL;
384 load_data.ctx = ctx;
385
386 if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
387 ossl_store_handle_load_result,
388 &load_data,
389 ossl_pw_passphrase_callback_dec,
390 &ctx->pwdata)) {
391 if (!OSSL_STORE_eof(ctx))
392 ctx->error_flag = 1;
393 return NULL;
394 }
395 v = load_data.v;
396 }
397 #ifndef OPENSSL_NO_DEPRECATED_3_0
398 if (ctx->fetched_loader == NULL)
399 v = ctx->loader->load(ctx->loader_ctx,
400 ctx->pwdata._.ui_method.ui_method,
401 ctx->pwdata._.ui_method.ui_method_data);
402 #endif
403 }
404
405 if (ctx->post_process != NULL && v != NULL) {
406 v = ctx->post_process(v, ctx->post_process_data);
407
408 /*
409 * By returning NULL, the callback decides that this object should
410 * be ignored.
411 */
412 if (v == NULL)
413 goto again;
414 }
415
416 if (v != NULL && ctx->expected_type != 0) {
417 int returned_type = OSSL_STORE_INFO_get_type(v);
418
419 if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
420 if (ctx->expected_type != returned_type) {
421 OSSL_STORE_INFO_free(v);
422 goto again;
423 }
424 }
425 }
426
427 if (v != NULL)
428 OSSL_TRACE1(STORE, "Got a %s\n",
429 OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
430
431 return v;
432 }
433
434 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
435 {
436 int ret = 1;
437
438 if (ctx->fetched_loader != NULL)
439 ret = ctx->error_flag;
440 #ifndef OPENSSL_NO_DEPRECATED_3_0
441 if (ctx->fetched_loader == NULL)
442 ret = ctx->loader->error(ctx->loader_ctx);
443 #endif
444 return ret;
445 }
446
447 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
448 {
449 int ret = 1;
450
451 if (ctx->fetched_loader != NULL)
452 ret = ctx->loader->p_eof(ctx->loader_ctx);
453 #ifndef OPENSSL_NO_DEPRECATED_3_0
454 if (ctx->fetched_loader == NULL)
455 ret = ctx->loader->eof(ctx->loader_ctx);
456 #endif
457 return ret;
458 }
459
460 static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
461 {
462 int ret = 0;
463
464 if (ctx == NULL)
465 return 1;
466 OSSL_TRACE1(STORE, "Closing %p\n", (void *)ctx->loader_ctx);
467
468 if (ctx->fetched_loader != NULL)
469 ret = ctx->loader->p_close(ctx->loader_ctx);
470 #ifndef OPENSSL_NO_DEPRECATED_3_0
471 if (ctx->fetched_loader == NULL)
472 ret = ctx->loader->close(ctx->loader_ctx);
473 #endif
474
475 sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free);
476 OSSL_STORE_LOADER_free(ctx->fetched_loader);
477 OPENSSL_free(ctx->properties);
478 ossl_pw_clear_passphrase_data(&ctx->pwdata);
479 return ret;
480 }
481
482 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
483 {
484 int ret = ossl_store_close_it(ctx);
485
486 OPENSSL_free(ctx);
487 return ret;
488 }
489
490 /*
491 * Functions to generate OSSL_STORE_INFOs, one function for each type we
492 * support having in them as well as a generic constructor.
493 *
494 * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
495 * and will therefore be freed when the OSSL_STORE_INFO is freed.
496 */
497 OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data)
498 {
499 OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
500
501 if (info == NULL)
502 return NULL;
503
504 info->type = type;
505 info->_.data = data;
506 return info;
507 }
508
509 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
510 {
511 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL);
512
513 if (info == NULL) {
514 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
515 return NULL;
516 }
517
518 info->_.name.name = name;
519 info->_.name.desc = NULL;
520
521 return info;
522 }
523
524 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
525 {
526 if (info->type != OSSL_STORE_INFO_NAME) {
527 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
528 return 0;
529 }
530
531 info->_.name.desc = desc;
532
533 return 1;
534 }
535 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
536 {
537 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params);
538
539 if (info == NULL)
540 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
541 return info;
542 }
543
544 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
545 {
546 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey);
547
548 if (info == NULL)
549 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
550 return info;
551 }
552
553 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
554 {
555 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey);
556
557 if (info == NULL)
558 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
559 return info;
560 }
561
562 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
563 {
564 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509);
565
566 if (info == NULL)
567 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
568 return info;
569 }
570
571 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
572 {
573 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl);
574
575 if (info == NULL)
576 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
577 return info;
578 }
579
580 /*
581 * Functions to try to extract data from a OSSL_STORE_INFO.
582 */
583 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
584 {
585 return info->type;
586 }
587
588 void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info)
589 {
590 if (info->type == type)
591 return info->_.data;
592 return NULL;
593 }
594
595 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
596 {
597 if (info->type == OSSL_STORE_INFO_NAME)
598 return info->_.name.name;
599 return NULL;
600 }
601
602 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
603 {
604 if (info->type == OSSL_STORE_INFO_NAME) {
605 char *ret = OPENSSL_strdup(info->_.name.name);
606
607 if (ret == NULL)
608 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
609 return ret;
610 }
611 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
612 return NULL;
613 }
614
615 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
616 {
617 if (info->type == OSSL_STORE_INFO_NAME)
618 return info->_.name.desc;
619 return NULL;
620 }
621
622 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
623 {
624 if (info->type == OSSL_STORE_INFO_NAME) {
625 char *ret = OPENSSL_strdup(info->_.name.desc
626 ? info->_.name.desc : "");
627
628 if (ret == NULL)
629 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
630 return ret;
631 }
632 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
633 return NULL;
634 }
635
636 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
637 {
638 if (info->type == OSSL_STORE_INFO_PARAMS)
639 return info->_.params;
640 return NULL;
641 }
642
643 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
644 {
645 if (info->type == OSSL_STORE_INFO_PARAMS) {
646 EVP_PKEY_up_ref(info->_.params);
647 return info->_.params;
648 }
649 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS);
650 return NULL;
651 }
652
653 EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info)
654 {
655 if (info->type == OSSL_STORE_INFO_PUBKEY)
656 return info->_.pubkey;
657 return NULL;
658 }
659
660 EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info)
661 {
662 if (info->type == OSSL_STORE_INFO_PUBKEY) {
663 EVP_PKEY_up_ref(info->_.pubkey);
664 return info->_.pubkey;
665 }
666 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
667 return NULL;
668 }
669
670 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
671 {
672 if (info->type == OSSL_STORE_INFO_PKEY)
673 return info->_.pkey;
674 return NULL;
675 }
676
677 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
678 {
679 if (info->type == OSSL_STORE_INFO_PKEY) {
680 EVP_PKEY_up_ref(info->_.pkey);
681 return info->_.pkey;
682 }
683 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PRIVATE_KEY);
684 return NULL;
685 }
686
687 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
688 {
689 if (info->type == OSSL_STORE_INFO_CERT)
690 return info->_.x509;
691 return NULL;
692 }
693
694 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
695 {
696 if (info->type == OSSL_STORE_INFO_CERT) {
697 X509_up_ref(info->_.x509);
698 return info->_.x509;
699 }
700 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE);
701 return NULL;
702 }
703
704 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
705 {
706 if (info->type == OSSL_STORE_INFO_CRL)
707 return info->_.crl;
708 return NULL;
709 }
710
711 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
712 {
713 if (info->type == OSSL_STORE_INFO_CRL) {
714 X509_CRL_up_ref(info->_.crl);
715 return info->_.crl;
716 }
717 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL);
718 return NULL;
719 }
720
721 /*
722 * Free the OSSL_STORE_INFO
723 */
724 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
725 {
726 if (info != NULL) {
727 switch (info->type) {
728 case OSSL_STORE_INFO_NAME:
729 OPENSSL_free(info->_.name.name);
730 OPENSSL_free(info->_.name.desc);
731 break;
732 case OSSL_STORE_INFO_PARAMS:
733 EVP_PKEY_free(info->_.params);
734 break;
735 case OSSL_STORE_INFO_PUBKEY:
736 EVP_PKEY_free(info->_.pubkey);
737 break;
738 case OSSL_STORE_INFO_PKEY:
739 EVP_PKEY_free(info->_.pkey);
740 break;
741 case OSSL_STORE_INFO_CERT:
742 X509_free(info->_.x509);
743 break;
744 case OSSL_STORE_INFO_CRL:
745 X509_CRL_free(info->_.crl);
746 break;
747 }
748 OPENSSL_free(info);
749 }
750 }
751
752 int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
753 {
754 int ret = 0;
755
756 if (ctx->fetched_loader != NULL) {
757 void *provctx =
758 ossl_provider_ctx(OSSL_STORE_LOADER_provider(ctx->fetched_loader));
759 const OSSL_PARAM *params;
760 const OSSL_PARAM *p_subject = NULL;
761 const OSSL_PARAM *p_issuer = NULL;
762 const OSSL_PARAM *p_serial = NULL;
763 const OSSL_PARAM *p_fingerprint = NULL;
764 const OSSL_PARAM *p_alias = NULL;
765
766 if (ctx->fetched_loader->p_settable_ctx_params == NULL)
767 return 0;
768
769 params = ctx->fetched_loader->p_settable_ctx_params(provctx);
770 p_subject = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
771 p_issuer = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ISSUER);
772 p_serial = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SERIAL);
773 p_fingerprint =
774 OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT);
775 p_alias = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ALIAS);
776
777 switch (search_type) {
778 case OSSL_STORE_SEARCH_BY_NAME:
779 ret = (p_subject != NULL);
780 break;
781 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
782 ret = (p_issuer != NULL && p_serial != NULL);
783 break;
784 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
785 ret = (p_fingerprint != NULL);
786 break;
787 case OSSL_STORE_SEARCH_BY_ALIAS:
788 ret = (p_alias != NULL);
789 break;
790 }
791 }
792 #ifndef OPENSSL_NO_DEPRECATED_3_0
793 if (ctx->fetched_loader == NULL) {
794 OSSL_STORE_SEARCH tmp_search;
795
796 if (ctx->loader->find == NULL)
797 return 0;
798 tmp_search.search_type = search_type;
799 ret = ctx->loader->find(NULL, &tmp_search);
800 }
801 #endif
802 return ret;
803 }
804
805 /* Search term constructors */
806 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
807 {
808 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
809
810 if (search == NULL) {
811 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
812 return NULL;
813 }
814
815 search->search_type = OSSL_STORE_SEARCH_BY_NAME;
816 search->name = name;
817 return search;
818 }
819
820 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
821 const ASN1_INTEGER *serial)
822 {
823 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
824
825 if (search == NULL) {
826 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
827 return NULL;
828 }
829
830 search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
831 search->name = name;
832 search->serial = serial;
833 return search;
834 }
835
836 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
837 const unsigned char
838 *bytes, size_t len)
839 {
840 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
841
842 if (search == NULL) {
843 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
844 return NULL;
845 }
846
847 if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
848 ERR_raise_data(ERR_LIB_OSSL_STORE,
849 OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
850 "%s size is %d, fingerprint size is %zu",
851 EVP_MD_name(digest), EVP_MD_size(digest), len);
852 OPENSSL_free(search);
853 return NULL;
854 }
855
856 search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
857 search->digest = digest;
858 search->string = bytes;
859 search->stringlength = len;
860 return search;
861 }
862
863 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
864 {
865 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
866
867 if (search == NULL) {
868 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
869 return NULL;
870 }
871
872 search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
873 search->string = (const unsigned char *)alias;
874 search->stringlength = strlen(alias);
875 return search;
876 }
877
878 /* Search term destructor */
879 void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
880 {
881 OPENSSL_free(search);
882 }
883
884 /* Search term accessors */
885 int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
886 {
887 return criterion->search_type;
888 }
889
890 X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion)
891 {
892 return criterion->name;
893 }
894
895 const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
896 *criterion)
897 {
898 return criterion->serial;
899 }
900
901 const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
902 *criterion, size_t *length)
903 {
904 *length = criterion->stringlength;
905 return criterion->string;
906 }
907
908 const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
909 {
910 return (const char *)criterion->string;
911 }
912
913 const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
914 {
915 return criterion->digest;
916 }
917
918 OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
919 OSSL_LIB_CTX *libctx, const char *propq,
920 const UI_METHOD *ui_method, void *ui_data,
921 OSSL_STORE_post_process_info_fn post_process,
922 void *post_process_data)
923 {
924 const OSSL_STORE_LOADER *loader = NULL;
925 OSSL_STORE_LOADER *fetched_loader = NULL;
926 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
927 OSSL_STORE_CTX *ctx = NULL;
928
929 if (scheme == NULL)
930 scheme = "file";
931
932 OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
933 ERR_set_mark();
934 #ifndef OPENSSL_NO_DEPRECATED_3_0
935 if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
936 loader_ctx = loader->attach(loader, bp, libctx, propq,
937 ui_method, ui_data);
938 #endif
939 if (loader == NULL
940 && (fetched_loader =
941 OSSL_STORE_LOADER_fetch(scheme, libctx, propq)) != NULL) {
942 const OSSL_PROVIDER *provider =
943 OSSL_STORE_LOADER_provider(fetched_loader);
944 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
945 OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp);
946
947 if (cbio == NULL
948 || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
949 OSSL_STORE_LOADER_free(fetched_loader);
950 fetched_loader = NULL;
951 } else if (propq != NULL) {
952 OSSL_PARAM params[] = {
953 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
954 NULL, 0),
955 OSSL_PARAM_END
956 };
957
958 params[0].data = (void *)propq;
959 if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
960 (void)fetched_loader->p_close(loader_ctx);
961 OSSL_STORE_LOADER_free(fetched_loader);
962 fetched_loader = NULL;
963 }
964 }
965 loader = fetched_loader;
966 ossl_core_bio_free(cbio);
967 }
968
969 if (loader_ctx == NULL) {
970 ERR_clear_last_mark();
971 return NULL;
972 }
973
974 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
975 ERR_clear_last_mark();
976 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
977 return NULL;
978 }
979
980 if (ui_method != NULL
981 && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
982 ERR_clear_last_mark();
983 OPENSSL_free(ctx);
984 return NULL;
985 }
986
987 ctx->fetched_loader = fetched_loader;
988 ctx->loader = loader;
989 ctx->loader_ctx = loader_ctx;
990 ctx->post_process = post_process;
991 ctx->post_process_data = post_process_data;
992
993 /*
994 * ossl_store_get0_loader_int will raise an error if the loader for the
995 * the scheme cannot be retrieved. But if a loader was successfully
996 * fetched then we remove this error from the error stack.
997 */
998 ERR_pop_to_mark();
999
1000 return ctx;
1001 }
A mirror of the official openssl repository