]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/store/store_lib.c
projects / thirdparty / openssl.git / blob
? search:


4efa7eea038413909b925cf2630c3cfb2c15f548
[thirdparty/openssl.git] / crypto / store / store_lib.c
1 /*
2 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdlib.h>
11 #include <string.h>
12 #include <assert.h>
13
14 /* We need to use some STORE deprecated APIs */
15 #define OPENSSL_SUPPRESS_DEPRECATED
16
17 #include "e_os.h"
18
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/trace.h>
22 #include <openssl/core_names.h>
23 #include <openssl/provider.h>
24 #include <openssl/param_build.h>
25 #include <openssl/store.h>
26 #include "internal/thread_once.h"
27 #include "internal/cryptlib.h"
28 #include "internal/provider.h"
29 #include "internal/bio.h"
30 #include "crypto/store.h"
31 #include "store_local.h"
32
33 static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
34
35 static int loader_set_params(OSSL_STORE_LOADER *loader,
36 OSSL_STORE_LOADER_CTX *loader_ctx,
37 const OSSL_PARAM params[], const char *propq)
38 {
39 if (params != NULL) {
40 if (!loader->p_set_ctx_params(loader_ctx, params))
41 return 0;
42 }
43
44 if (propq != NULL) {
45 OSSL_PARAM propp[2];
46
47 if (OSSL_PARAM_locate_const(params,
48 OSSL_STORE_PARAM_PROPERTIES) != NULL)
49 /* use the propq from params */
50 return 1;
51
52 propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
53 (char *)propq, 0);
54 propp[1] = OSSL_PARAM_construct_end();
55
56 if (!loader->p_set_ctx_params(loader_ctx, propp))
57 return 0;
58 }
59 return 1;
60 }
61
62 OSSL_STORE_CTX *
63 OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
64 const UI_METHOD *ui_method, void *ui_data,
65 const OSSL_PARAM params[],
66 OSSL_STORE_post_process_info_fn post_process,
67 void *post_process_data)
68 {
69 const OSSL_STORE_LOADER *loader = NULL;
70 OSSL_STORE_LOADER *fetched_loader = NULL;
71 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
72 OSSL_STORE_CTX *ctx = NULL;
73 char *propq_copy = NULL;
74 int no_loader_found = 1;
75 char scheme_copy[256], *p, *schemes[2], *scheme = NULL;
76 size_t schemes_n = 0;
77 size_t i;
78
79 /*
80 * Put the file scheme first. If the uri does represent an existing file,
81 * possible device name and all, then it should be loaded. Only a failed
82 * attempt at loading a local file should have us try something else.
83 */
84 schemes[schemes_n++] = "file";
85
86 /*
87 * Now, check if we have something that looks like a scheme, and add it
88 * as a second scheme. However, also check if there's an authority start
89 * (://), because that will invalidate the previous file scheme. Also,
90 * check that this isn't actually the file scheme, as there's no point
91 * going through that one twice!
92 */
93 OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
94 if ((p = strchr(scheme_copy, ':')) != NULL) {
95 *p++ = '\0';
96 if (strcasecmp(scheme_copy, "file") != 0) {
97 if (HAS_PREFIX(p, "//"))
98 schemes_n--; /* Invalidate the file scheme */
99 schemes[schemes_n++] = scheme_copy;
100 }
101 }
102
103 ERR_set_mark();
104
105 /*
106 * Try each scheme until we find one that could open the URI.
107 *
108 * For each scheme, we look for the engine implementation first, and
109 * failing that, we then try to fetch a provided implementation.
110 * This is consistent with how we handle legacy / engine implementations
111 * elsewhere.
112 */
113 for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
114 scheme = schemes[i];
115 OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
116 #ifndef OPENSSL_NO_DEPRECATED_3_0
117 ERR_set_mark();
118 if ((loader = ossl_store_get0_loader_int(scheme)) != NULL) {
119 ERR_clear_last_mark();
120 no_loader_found = 0;
121 if (loader->open_ex != NULL)
122 loader_ctx = loader->open_ex(loader, uri, libctx, propq,
123 ui_method, ui_data);
124 else
125 loader_ctx = loader->open(loader, uri, ui_method, ui_data);
126 } else {
127 ERR_pop_to_mark();
128 }
129 #endif
130 if (loader == NULL
131 && (fetched_loader =
132 OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) {
133 const OSSL_PROVIDER *provider =
134 OSSL_STORE_LOADER_get0_provider(fetched_loader);
135 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
136
137 no_loader_found = 0;
138 loader_ctx = fetched_loader->p_open(provctx, uri);
139 if (loader_ctx == NULL) {
140 OSSL_STORE_LOADER_free(fetched_loader);
141 fetched_loader = NULL;
142 } else if (!loader_set_params(fetched_loader, loader_ctx,
143 params, propq)) {
144 (void)fetched_loader->p_close(loader_ctx);
145 OSSL_STORE_LOADER_free(fetched_loader);
146 fetched_loader = NULL;
147 }
148 loader = fetched_loader;
149 }
150 }
151
152 if (no_loader_found)
153 /*
154 * It's assumed that ossl_store_get0_loader_int() and
155 * OSSL_STORE_LOADER_fetch() report their own errors
156 */
157 goto err;
158
159 OSSL_TRACE1(STORE, "Found loader for scheme %s\n", scheme);
160
161 if (loader_ctx == NULL)
162 /*
163 * It's assumed that the loader's open() method reports its own
164 * errors
165 */
166 goto err;
167
168 OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
169
170 if ((propq != NULL && (propq_copy = OPENSSL_strdup(propq)) == NULL)
171 || (ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
172 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
173 goto err;
174 }
175
176 if (ui_method != NULL
177 && (!ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)
178 || !ossl_pw_enable_passphrase_caching(&ctx->pwdata))) {
179 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
180 goto err;
181 }
182 ctx->properties = propq_copy;
183 ctx->fetched_loader = fetched_loader;
184 ctx->loader = loader;
185 ctx->loader_ctx = loader_ctx;
186 ctx->post_process = post_process;
187 ctx->post_process_data = post_process_data;
188
189 /*
190 * If the attempt to open with the 'file' scheme loader failed and the
191 * other scheme loader succeeded, the failure to open with the 'file'
192 * scheme loader leaves an error on the error stack. Let's remove it.
193 */
194 ERR_pop_to_mark();
195
196 return ctx;
197
198 err:
199 ERR_clear_last_mark();
200 if (loader_ctx != NULL) {
201 /*
202 * Temporary structure so OSSL_STORE_close() can work even when
203 * |ctx| couldn't be allocated properly
204 */
205 OSSL_STORE_CTX tmpctx = { NULL, };
206
207 tmpctx.fetched_loader = fetched_loader;
208 tmpctx.loader = loader;
209 tmpctx.loader_ctx = loader_ctx;
210
211 /*
212 * We ignore a returned error because we will return NULL anyway in
213 * this case, so if something goes wrong when closing, that'll simply
214 * just add another entry on the error stack.
215 */
216 (void)ossl_store_close_it(&tmpctx);
217 }
218 OSSL_STORE_LOADER_free(fetched_loader);
219 OPENSSL_free(propq_copy);
220 OPENSSL_free(ctx);
221 return NULL;
222 }
223
224 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
225 const UI_METHOD *ui_method, void *ui_data,
226 OSSL_STORE_post_process_info_fn post_process,
227 void *post_process_data)
228 {
229 return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL,
230 post_process, post_process_data);
231 }
232
233 #ifndef OPENSSL_NO_DEPRECATED_3_0
234 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
235 {
236 va_list args;
237 int ret;
238
239 va_start(args, cmd);
240 ret = OSSL_STORE_vctrl(ctx, cmd, args);
241 va_end(args);
242
243 return ret;
244 }
245
246 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
247 {
248 if (ctx->fetched_loader != NULL) {
249 if (ctx->fetched_loader->p_set_ctx_params != NULL) {
250 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
251
252 switch (cmd) {
253 case OSSL_STORE_C_USE_SECMEM:
254 {
255 int on = *(va_arg(args, int *));
256
257 params[0] = OSSL_PARAM_construct_int("use_secmem", &on);
258 }
259 break;
260 default:
261 break;
262 }
263
264 return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
265 params);
266 }
267 } else if (ctx->loader->ctrl != NULL) {
268 return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
269 }
270
271 /*
272 * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
273 * if there was one that ignored our params, which usually returns 1.
274 */
275 return 1;
276 }
277 #endif
278
279 int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
280 {
281 int ret = 1;
282
283 if (ctx == NULL
284 || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) {
285 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
286 return 0;
287 }
288 if (ctx->loading) {
289 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
290 return 0;
291 }
292
293 ctx->expected_type = expected_type;
294 if (ctx->fetched_loader != NULL
295 && ctx->fetched_loader->p_set_ctx_params != NULL) {
296 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
297
298 params[0] =
299 OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type);
300 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, params);
301 }
302 #ifndef OPENSSL_NO_DEPRECATED_3_0
303 if (ctx->fetched_loader == NULL
304 && ctx->loader->expect != NULL) {
305 ret = ctx->loader->expect(ctx->loader_ctx, expected_type);
306 }
307 #endif
308 return ret;
309 }
310
311 int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search)
312 {
313 int ret = 1;
314
315 if (ctx->loading) {
316 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
317 return 0;
318 }
319 if (search == NULL) {
320 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
321 return 0;
322 }
323
324 if (ctx->fetched_loader != NULL) {
325 OSSL_PARAM_BLD *bld;
326 OSSL_PARAM *params;
327 /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
328 void *name_der = NULL;
329 int name_der_sz;
330 /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
331 BIGNUM *number = NULL;
332
333 if (ctx->fetched_loader->p_set_ctx_params == NULL) {
334 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
335 return 0;
336 }
337
338 if ((bld = OSSL_PARAM_BLD_new()) == NULL) {
339 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
340 return 0;
341 }
342
343 ret = 0; /* Assume the worst */
344
345 switch (search->search_type) {
346 case OSSL_STORE_SEARCH_BY_NAME:
347 if ((name_der_sz = i2d_X509_NAME(search->name,
348 (unsigned char **)&name_der)) > 0
349 && OSSL_PARAM_BLD_push_octet_string(bld,
350 OSSL_STORE_PARAM_SUBJECT,
351 name_der, name_der_sz))
352 ret = 1;
353 break;
354 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
355 if ((name_der_sz = i2d_X509_NAME(search->name,
356 (unsigned char **)&name_der)) > 0
357 && (number = ASN1_INTEGER_to_BN(search->serial, NULL)) != NULL
358 && OSSL_PARAM_BLD_push_octet_string(bld,
359 OSSL_STORE_PARAM_ISSUER,
360 name_der, name_der_sz)
361 && OSSL_PARAM_BLD_push_BN(bld, OSSL_STORE_PARAM_SERIAL,
362 number))
363 ret = 1;
364 break;
365 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
366 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST,
367 EVP_MD_get0_name(search->digest),
368 0)
369 && OSSL_PARAM_BLD_push_octet_string(bld,
370 OSSL_STORE_PARAM_FINGERPRINT,
371 search->string,
372 search->stringlength))
373 ret = 1;
374 break;
375 case OSSL_STORE_SEARCH_BY_ALIAS:
376 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_ALIAS,
377 (char *)search->string,
378 search->stringlength))
379 ret = 1;
380 break;
381 }
382 if (ret) {
383 params = OSSL_PARAM_BLD_to_param(bld);
384 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
385 params);
386 OSSL_PARAM_free(params);
387 }
388 OSSL_PARAM_BLD_free(bld);
389 OPENSSL_free(name_der);
390 BN_free(number);
391 } else {
392 #ifndef OPENSSL_NO_DEPRECATED_3_0
393 /* legacy loader section */
394 if (ctx->loader->find == NULL) {
395 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
396 return 0;
397 }
398 ret = ctx->loader->find(ctx->loader_ctx, search);
399 #endif
400 }
401
402 return ret;
403 }
404
405 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
406 {
407 OSSL_STORE_INFO *v = NULL;
408
409 ctx->loading = 1;
410 again:
411 if (OSSL_STORE_eof(ctx))
412 return NULL;
413
414 if (ctx->loader != NULL)
415 OSSL_TRACE(STORE, "Loading next object\n");
416
417 if (ctx->cached_info != NULL
418 && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
419 sk_OSSL_STORE_INFO_free(ctx->cached_info);
420 ctx->cached_info = NULL;
421 }
422
423 if (ctx->cached_info != NULL) {
424 v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
425 } else {
426 if (ctx->fetched_loader != NULL) {
427 struct ossl_load_result_data_st load_data;
428
429 load_data.v = NULL;
430 load_data.ctx = ctx;
431
432 if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
433 ossl_store_handle_load_result,
434 &load_data,
435 ossl_pw_passphrase_callback_dec,
436 &ctx->pwdata)) {
437 if (!OSSL_STORE_eof(ctx))
438 ctx->error_flag = 1;
439 return NULL;
440 }
441 v = load_data.v;
442 }
443 #ifndef OPENSSL_NO_DEPRECATED_3_0
444 if (ctx->fetched_loader == NULL)
445 v = ctx->loader->load(ctx->loader_ctx,
446 ctx->pwdata._.ui_method.ui_method,
447 ctx->pwdata._.ui_method.ui_method_data);
448 #endif
449 }
450
451 if (ctx->post_process != NULL && v != NULL) {
452 v = ctx->post_process(v, ctx->post_process_data);
453
454 /*
455 * By returning NULL, the callback decides that this object should
456 * be ignored.
457 */
458 if (v == NULL)
459 goto again;
460 }
461
462 /* Clear any internally cached passphrase */
463 (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
464
465 if (v != NULL && ctx->expected_type != 0) {
466 int returned_type = OSSL_STORE_INFO_get_type(v);
467
468 if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
469 if (ctx->expected_type != returned_type) {
470 OSSL_STORE_INFO_free(v);
471 goto again;
472 }
473 }
474 }
475
476 if (v != NULL)
477 OSSL_TRACE1(STORE, "Got a %s\n",
478 OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
479
480 return v;
481 }
482
483 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
484 {
485 int ret = 1;
486
487 if (ctx->fetched_loader != NULL)
488 ret = ctx->error_flag;
489 #ifndef OPENSSL_NO_DEPRECATED_3_0
490 if (ctx->fetched_loader == NULL)
491 ret = ctx->loader->error(ctx->loader_ctx);
492 #endif
493 return ret;
494 }
495
496 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
497 {
498 int ret = 1;
499
500 if (ctx->fetched_loader != NULL)
501 ret = ctx->loader->p_eof(ctx->loader_ctx);
502 #ifndef OPENSSL_NO_DEPRECATED_3_0
503 if (ctx->fetched_loader == NULL)
504 ret = ctx->loader->eof(ctx->loader_ctx);
505 #endif
506 return ret != 0;
507 }
508
509 static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
510 {
511 int ret = 0;
512
513 if (ctx == NULL)
514 return 1;
515 OSSL_TRACE1(STORE, "Closing %p\n", (void *)ctx->loader_ctx);
516
517 if (ctx->fetched_loader != NULL)
518 ret = ctx->loader->p_close(ctx->loader_ctx);
519 #ifndef OPENSSL_NO_DEPRECATED_3_0
520 if (ctx->fetched_loader == NULL)
521 ret = ctx->loader->closefn(ctx->loader_ctx);
522 #endif
523
524 sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free);
525 OSSL_STORE_LOADER_free(ctx->fetched_loader);
526 OPENSSL_free(ctx->properties);
527 ossl_pw_clear_passphrase_data(&ctx->pwdata);
528 return ret;
529 }
530
531 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
532 {
533 int ret = ossl_store_close_it(ctx);
534
535 OPENSSL_free(ctx);
536 return ret;
537 }
538
539 /*
540 * Functions to generate OSSL_STORE_INFOs, one function for each type we
541 * support having in them as well as a generic constructor.
542 *
543 * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
544 * and will therefore be freed when the OSSL_STORE_INFO is freed.
545 */
546 OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data)
547 {
548 OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
549
550 if (info == NULL)
551 return NULL;
552
553 info->type = type;
554 info->_.data = data;
555 return info;
556 }
557
558 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
559 {
560 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL);
561
562 if (info == NULL) {
563 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
564 return NULL;
565 }
566
567 info->_.name.name = name;
568 info->_.name.desc = NULL;
569
570 return info;
571 }
572
573 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
574 {
575 if (info->type != OSSL_STORE_INFO_NAME) {
576 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
577 return 0;
578 }
579
580 info->_.name.desc = desc;
581
582 return 1;
583 }
584 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
585 {
586 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params);
587
588 if (info == NULL)
589 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
590 return info;
591 }
592
593 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
594 {
595 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey);
596
597 if (info == NULL)
598 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
599 return info;
600 }
601
602 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
603 {
604 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey);
605
606 if (info == NULL)
607 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
608 return info;
609 }
610
611 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
612 {
613 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509);
614
615 if (info == NULL)
616 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
617 return info;
618 }
619
620 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
621 {
622 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl);
623
624 if (info == NULL)
625 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
626 return info;
627 }
628
629 /*
630 * Functions to try to extract data from a OSSL_STORE_INFO.
631 */
632 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
633 {
634 return info->type;
635 }
636
637 void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info)
638 {
639 if (info->type == type)
640 return info->_.data;
641 return NULL;
642 }
643
644 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
645 {
646 if (info->type == OSSL_STORE_INFO_NAME)
647 return info->_.name.name;
648 return NULL;
649 }
650
651 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
652 {
653 if (info->type == OSSL_STORE_INFO_NAME) {
654 char *ret = OPENSSL_strdup(info->_.name.name);
655
656 if (ret == NULL)
657 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
658 return ret;
659 }
660 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
661 return NULL;
662 }
663
664 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
665 {
666 if (info->type == OSSL_STORE_INFO_NAME)
667 return info->_.name.desc;
668 return NULL;
669 }
670
671 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
672 {
673 if (info->type == OSSL_STORE_INFO_NAME) {
674 char *ret = OPENSSL_strdup(info->_.name.desc
675 ? info->_.name.desc : "");
676
677 if (ret == NULL)
678 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
679 return ret;
680 }
681 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
682 return NULL;
683 }
684
685 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
686 {
687 if (info->type == OSSL_STORE_INFO_PARAMS)
688 return info->_.params;
689 return NULL;
690 }
691
692 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
693 {
694 if (info->type == OSSL_STORE_INFO_PARAMS) {
695 EVP_PKEY_up_ref(info->_.params);
696 return info->_.params;
697 }
698 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS);
699 return NULL;
700 }
701
702 EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info)
703 {
704 if (info->type == OSSL_STORE_INFO_PUBKEY)
705 return info->_.pubkey;
706 return NULL;
707 }
708
709 EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info)
710 {
711 if (info->type == OSSL_STORE_INFO_PUBKEY) {
712 EVP_PKEY_up_ref(info->_.pubkey);
713 return info->_.pubkey;
714 }
715 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
716 return NULL;
717 }
718
719 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
720 {
721 if (info->type == OSSL_STORE_INFO_PKEY)
722 return info->_.pkey;
723 return NULL;
724 }
725
726 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
727 {
728 if (info->type == OSSL_STORE_INFO_PKEY) {
729 EVP_PKEY_up_ref(info->_.pkey);
730 return info->_.pkey;
731 }
732 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PRIVATE_KEY);
733 return NULL;
734 }
735
736 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
737 {
738 if (info->type == OSSL_STORE_INFO_CERT)
739 return info->_.x509;
740 return NULL;
741 }
742
743 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
744 {
745 if (info->type == OSSL_STORE_INFO_CERT) {
746 X509_up_ref(info->_.x509);
747 return info->_.x509;
748 }
749 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE);
750 return NULL;
751 }
752
753 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
754 {
755 if (info->type == OSSL_STORE_INFO_CRL)
756 return info->_.crl;
757 return NULL;
758 }
759
760 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
761 {
762 if (info->type == OSSL_STORE_INFO_CRL) {
763 X509_CRL_up_ref(info->_.crl);
764 return info->_.crl;
765 }
766 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL);
767 return NULL;
768 }
769
770 /*
771 * Free the OSSL_STORE_INFO
772 */
773 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
774 {
775 if (info != NULL) {
776 switch (info->type) {
777 case OSSL_STORE_INFO_NAME:
778 OPENSSL_free(info->_.name.name);
779 OPENSSL_free(info->_.name.desc);
780 break;
781 case OSSL_STORE_INFO_PARAMS:
782 EVP_PKEY_free(info->_.params);
783 break;
784 case OSSL_STORE_INFO_PUBKEY:
785 EVP_PKEY_free(info->_.pubkey);
786 break;
787 case OSSL_STORE_INFO_PKEY:
788 EVP_PKEY_free(info->_.pkey);
789 break;
790 case OSSL_STORE_INFO_CERT:
791 X509_free(info->_.x509);
792 break;
793 case OSSL_STORE_INFO_CRL:
794 X509_CRL_free(info->_.crl);
795 break;
796 }
797 OPENSSL_free(info);
798 }
799 }
800
801 int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
802 {
803 int ret = 0;
804
805 if (ctx->fetched_loader != NULL) {
806 void *provctx =
807 ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader));
808 const OSSL_PARAM *params;
809 const OSSL_PARAM *p_subject = NULL;
810 const OSSL_PARAM *p_issuer = NULL;
811 const OSSL_PARAM *p_serial = NULL;
812 const OSSL_PARAM *p_fingerprint = NULL;
813 const OSSL_PARAM *p_alias = NULL;
814
815 if (ctx->fetched_loader->p_settable_ctx_params == NULL)
816 return 0;
817
818 params = ctx->fetched_loader->p_settable_ctx_params(provctx);
819 p_subject = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
820 p_issuer = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ISSUER);
821 p_serial = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SERIAL);
822 p_fingerprint =
823 OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT);
824 p_alias = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ALIAS);
825
826 switch (search_type) {
827 case OSSL_STORE_SEARCH_BY_NAME:
828 ret = (p_subject != NULL);
829 break;
830 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
831 ret = (p_issuer != NULL && p_serial != NULL);
832 break;
833 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
834 ret = (p_fingerprint != NULL);
835 break;
836 case OSSL_STORE_SEARCH_BY_ALIAS:
837 ret = (p_alias != NULL);
838 break;
839 }
840 }
841 #ifndef OPENSSL_NO_DEPRECATED_3_0
842 if (ctx->fetched_loader == NULL) {
843 OSSL_STORE_SEARCH tmp_search;
844
845 if (ctx->loader->find == NULL)
846 return 0;
847 tmp_search.search_type = search_type;
848 ret = ctx->loader->find(NULL, &tmp_search);
849 }
850 #endif
851 return ret;
852 }
853
854 /* Search term constructors */
855 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
856 {
857 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
858
859 if (search == NULL) {
860 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
861 return NULL;
862 }
863
864 search->search_type = OSSL_STORE_SEARCH_BY_NAME;
865 search->name = name;
866 return search;
867 }
868
869 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
870 const ASN1_INTEGER *serial)
871 {
872 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
873
874 if (search == NULL) {
875 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
876 return NULL;
877 }
878
879 search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
880 search->name = name;
881 search->serial = serial;
882 return search;
883 }
884
885 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
886 const unsigned char
887 *bytes, size_t len)
888 {
889 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
890
891 if (search == NULL) {
892 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
893 return NULL;
894 }
895
896 if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) {
897 ERR_raise_data(ERR_LIB_OSSL_STORE,
898 OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
899 "%s size is %d, fingerprint size is %zu",
900 EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len);
901 OPENSSL_free(search);
902 return NULL;
903 }
904
905 search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
906 search->digest = digest;
907 search->string = bytes;
908 search->stringlength = len;
909 return search;
910 }
911
912 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
913 {
914 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
915
916 if (search == NULL) {
917 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
918 return NULL;
919 }
920
921 search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
922 search->string = (const unsigned char *)alias;
923 search->stringlength = strlen(alias);
924 return search;
925 }
926
927 /* Search term destructor */
928 void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
929 {
930 OPENSSL_free(search);
931 }
932
933 /* Search term accessors */
934 int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
935 {
936 return criterion->search_type;
937 }
938
939 X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion)
940 {
941 return criterion->name;
942 }
943
944 const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
945 *criterion)
946 {
947 return criterion->serial;
948 }
949
950 const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
951 *criterion, size_t *length)
952 {
953 *length = criterion->stringlength;
954 return criterion->string;
955 }
956
957 const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
958 {
959 return (const char *)criterion->string;
960 }
961
962 const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
963 {
964 return criterion->digest;
965 }
966
967 OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
968 OSSL_LIB_CTX *libctx, const char *propq,
969 const UI_METHOD *ui_method, void *ui_data,
970 const OSSL_PARAM params[],
971 OSSL_STORE_post_process_info_fn post_process,
972 void *post_process_data)
973 {
974 const OSSL_STORE_LOADER *loader = NULL;
975 OSSL_STORE_LOADER *fetched_loader = NULL;
976 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
977 OSSL_STORE_CTX *ctx = NULL;
978
979 if (scheme == NULL)
980 scheme = "file";
981
982 OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
983 ERR_set_mark();
984 #ifndef OPENSSL_NO_DEPRECATED_3_0
985 if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
986 loader_ctx = loader->attach(loader, bp, libctx, propq,
987 ui_method, ui_data);
988 #endif
989 if (loader == NULL
990 && (fetched_loader =
991 OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) {
992 const OSSL_PROVIDER *provider =
993 OSSL_STORE_LOADER_get0_provider(fetched_loader);
994 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
995 OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp);
996
997 if (cbio == NULL
998 || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) {
999 OSSL_STORE_LOADER_free(fetched_loader);
1000 fetched_loader = NULL;
1001 } else if (!loader_set_params(fetched_loader, loader_ctx,
1002 params, propq)) {
1003 (void)fetched_loader->p_close(loader_ctx);
1004 OSSL_STORE_LOADER_free(fetched_loader);
1005 fetched_loader = NULL;
1006 }
1007 loader = fetched_loader;
1008 ossl_core_bio_free(cbio);
1009 }
1010
1011 if (loader_ctx == NULL) {
1012 ERR_clear_last_mark();
1013 return NULL;
1014 }
1015
1016 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
1017 ERR_clear_last_mark();
1018 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
1019 return NULL;
1020 }
1021
1022 if (ui_method != NULL
1023 && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
1024 ERR_clear_last_mark();
1025 OPENSSL_free(ctx);
1026 return NULL;
1027 }
1028
1029 ctx->fetched_loader = fetched_loader;
1030 ctx->loader = loader;
1031 ctx->loader_ctx = loader_ctx;
1032 ctx->post_process = post_process;
1033 ctx->post_process_data = post_process_data;
1034
1035 /*
1036 * ossl_store_get0_loader_int will raise an error if the loader for the
1037 * the scheme cannot be retrieved. But if a loader was successfully
1038 * fetched then we remove this error from the error stack.
1039 */
1040 ERR_pop_to_mark();
1041
1042 return ctx;
1043 }
A mirror of the official openssl repository