2 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/store.h>
18 #include "internal/thread_once.h"
19 #include "internal/store_int.h"
20 #include "store_locl.h"
22 struct ossl_store_ctx_st {
23 const OSSL_STORE_LOADER *loader;
24 OSSL_STORE_LOADER_CTX *loader_ctx;
25 const UI_METHOD *ui_method;
27 OSSL_STORE_post_process_info_fn post_process;
28 void *post_process_data;
31 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
33 OSSL_STORE_post_process_info_fn post_process,
34 void *post_process_data)
36 const OSSL_STORE_LOADER *loader = NULL;
37 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
38 OSSL_STORE_CTX *ctx = NULL;
39 char scheme_copy[256], *p, *schemes[2];
44 * Put the file scheme first. If the uri does represent an existing file,
45 * possible device name and all, then it should be loaded. Only a failed
46 * attempt at loading a local file should have us try something else.
48 schemes[schemes_n++] = "file";
51 * Now, check if we have something that looks like a scheme, and add it
52 * as a second scheme. However, also check if there's an authority start
53 * (://), because that will invalidate the previous file scheme. Also,
54 * check that this isn't actually the file scheme, as there's no point
55 * going through that one twice!
57 OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
58 if ((p = strchr(scheme_copy, ':')) != NULL) {
60 if (strcasecmp(scheme_copy, "file") != 0) {
61 if (strncmp(p, "//", 2) == 0)
62 schemes_n--; /* Invalidate the file scheme */
63 schemes[schemes_n++] = scheme_copy;
69 /* Try each scheme until we find one that could open the URI */
70 for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
71 if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
72 loader_ctx = loader->open(loader, uri, ui_method, ui_data);
74 if (loader_ctx == NULL)
77 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
78 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
83 ctx->loader_ctx = loader_ctx;
84 ctx->ui_method = ui_method;
85 ctx->ui_data = ui_data;
86 ctx->post_process = post_process;
87 ctx->post_process_data = post_process_data;
90 * If the attempt to open with the 'file' scheme loader failed and the
91 * other scheme loader succeeded, the failure to open with the 'file'
92 * scheme loader leaves an error on the error stack. Let's remove it.
99 ERR_clear_last_mark();
100 if (loader_ctx != NULL) {
102 * We ignore a returned error because we will return NULL anyway in
103 * this case, so if something goes wrong when closing, that'll simply
104 * just add another entry on the error stack.
106 (void)loader->close(loader_ctx);
111 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
117 if (ctx->loader->ctrl != NULL)
118 ret = ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
124 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
126 OSSL_STORE_INFO *v = NULL;
129 if (OSSL_STORE_eof(ctx))
132 v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
134 if (ctx->post_process != NULL && v != NULL) {
135 v = ctx->post_process(v, ctx->post_process_data);
138 * By returning NULL, the callback decides that this object should
148 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
150 return ctx->loader->error(ctx->loader_ctx);
153 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
155 return ctx->loader->eof(ctx->loader_ctx);
158 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
160 int loader_ret = ctx->loader->close(ctx->loader_ctx);
167 * Functions to generate OSSL_STORE_INFOs, one function for each type we
168 * support having in them as well as a generic constructor.
170 * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
171 * and will therefore be freed when the OSSL_STORE_INFO is freed.
173 static OSSL_STORE_INFO *store_info_new(int type, void *data)
175 OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
185 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
187 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
190 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
191 ERR_R_MALLOC_FAILURE);
195 info->_.name.name = name;
196 info->_.name.desc = NULL;
201 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
203 if (info->type != OSSL_STORE_INFO_NAME) {
204 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
205 ERR_R_PASSED_INVALID_ARGUMENT);
209 info->_.name.desc = desc;
213 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
215 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
218 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
219 ERR_R_MALLOC_FAILURE);
223 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
225 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
228 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
229 ERR_R_MALLOC_FAILURE);
233 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
235 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
238 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
239 ERR_R_MALLOC_FAILURE);
243 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
245 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
248 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
249 ERR_R_MALLOC_FAILURE);
254 * Functions to try to extract data from a OSSL_STORE_INFO.
256 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
261 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
263 if (info->type == OSSL_STORE_INFO_NAME)
264 return info->_.name.name;
268 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
270 if (info->type == OSSL_STORE_INFO_NAME) {
271 char *ret = OPENSSL_strdup(info->_.name.name);
274 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
275 ERR_R_MALLOC_FAILURE);
278 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
279 OSSL_STORE_R_NOT_A_NAME);
283 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
285 if (info->type == OSSL_STORE_INFO_NAME)
286 return info->_.name.desc;
290 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
292 if (info->type == OSSL_STORE_INFO_NAME) {
293 char *ret = OPENSSL_strdup(info->_.name.desc
294 ? info->_.name.desc : "");
297 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
298 ERR_R_MALLOC_FAILURE);
301 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
302 OSSL_STORE_R_NOT_A_NAME);
306 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
308 if (info->type == OSSL_STORE_INFO_PARAMS)
309 return info->_.params;
313 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
315 if (info->type == OSSL_STORE_INFO_PARAMS) {
316 EVP_PKEY_up_ref(info->_.params);
317 return info->_.params;
319 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
320 OSSL_STORE_R_NOT_PARAMETERS);
324 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
326 if (info->type == OSSL_STORE_INFO_PKEY)
331 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
333 if (info->type == OSSL_STORE_INFO_PKEY) {
334 EVP_PKEY_up_ref(info->_.pkey);
337 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
338 OSSL_STORE_R_NOT_A_KEY);
342 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
344 if (info->type == OSSL_STORE_INFO_CERT)
349 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
351 if (info->type == OSSL_STORE_INFO_CERT) {
352 X509_up_ref(info->_.x509);
355 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
356 OSSL_STORE_R_NOT_A_CERTIFICATE);
360 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
362 if (info->type == OSSL_STORE_INFO_CRL)
367 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
369 if (info->type == OSSL_STORE_INFO_CRL) {
370 X509_CRL_up_ref(info->_.crl);
373 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
374 OSSL_STORE_R_NOT_A_CRL);
379 * Free the OSSL_STORE_INFO
381 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
384 switch (info->type) {
385 case OSSL_STORE_INFO_EMBEDDED:
386 BUF_MEM_free(info->_.embedded.blob);
387 OPENSSL_free(info->_.embedded.pem_name);
389 case OSSL_STORE_INFO_NAME:
390 OPENSSL_free(info->_.name.name);
391 OPENSSL_free(info->_.name.desc);
393 case OSSL_STORE_INFO_PARAMS:
394 EVP_PKEY_free(info->_.params);
396 case OSSL_STORE_INFO_PKEY:
397 EVP_PKEY_free(info->_.pkey);
399 case OSSL_STORE_INFO_CERT:
400 X509_free(info->_.x509);
402 case OSSL_STORE_INFO_CRL:
403 X509_CRL_free(info->_.crl);
410 /* Internal functions */
411 OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
414 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
417 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
418 ERR_R_MALLOC_FAILURE);
422 info->_.embedded.blob = embedded;
423 info->_.embedded.pem_name =
424 new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
426 if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
427 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
428 ERR_R_MALLOC_FAILURE);
429 OSSL_STORE_INFO_free(info);
436 BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
438 if (info->type == OSSL_STORE_INFO_EMBEDDED)
439 return info->_.embedded.blob;
443 char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
445 if (info->type == OSSL_STORE_INFO_EMBEDDED)
446 return info->_.embedded.pem_name;
450 OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
453 OSSL_STORE_CTX *ctx = NULL;
454 const OSSL_STORE_LOADER *loader = NULL;
455 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
457 if ((loader = ossl_store_get0_loader_int("file")) == NULL
458 || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
460 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
461 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
462 ERR_R_MALLOC_FAILURE);
466 ctx->loader = loader;
467 ctx->loader_ctx = loader_ctx;
469 ctx->ui_method = ui_method;
470 ctx->ui_data = ui_data;
471 ctx->post_process = NULL;
472 ctx->post_process_data = NULL;
475 if (loader_ctx != NULL)
477 * We ignore a returned error because we will return NULL anyway in
478 * this case, so if something goes wrong when closing, that'll simply
479 * just add another entry on the error stack.
481 (void)loader->close(loader_ctx);
485 int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
487 int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);