crypto/store/store_lib.c

   1 /*
   2  * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdlib.h>
  11 #include <string.h>
  12
  13 #include "e_os.h"
  14
  15 #include <openssl/crypto.h>
  16 #include <openssl/err.h>
  17 #include <openssl/store.h>
  18 #include "internal/thread_once.h"
  19 #include "internal/store_int.h"
  20 #include "store_locl.h"
  21
  22 struct ossl_store_ctx_st {
  23     const OSSL_STORE_LOADER *loader;
  24     OSSL_STORE_LOADER_CTX *loader_ctx;
  25     const UI_METHOD *ui_method;
  26     void *ui_data;
  27     OSSL_STORE_post_process_info_fn post_process;
  28     void *post_process_data;
  29 };
  30
  31 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
  32                                 void *ui_data,
  33                                 OSSL_STORE_post_process_info_fn post_process,
  34                                 void *post_process_data)
  35 {
  36     const OSSL_STORE_LOADER *loader = NULL;
  37     OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
  38     OSSL_STORE_CTX *ctx = NULL;
  39     char scheme_copy[256], *p, *schemes[2];
  40     size_t schemes_n = 0;
  41     size_t i;
  42
  43     /*
  44      * Put the file scheme first.  If the uri does represent an existing file,
  45      * possible device name and all, then it should be loaded.  Only a failed
  46      * attempt at loading a local file should have us try something else.
  47      */
  48     schemes[schemes_n++] = "file";
  49
  50     /*
  51      * Now, check if we have something that looks like a scheme, and add it
  52      * as a second scheme.  However, also check if there's an authority start
  53      * (://), because that will invalidate the previous file scheme.  Also,
  54      * check that this isn't actually the file scheme, as there's no point
  55      * going through that one twice!
  56      */
  57     OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
  58     if ((p = strchr(scheme_copy, ':')) != NULL) {
  59         *p++ = '\0';
  60         if (strcasecmp(scheme_copy, "file") != 0) {
  61             if (strncmp(p, "//", 2) == 0)
  62                 schemes_n--;         /* Invalidate the file scheme */
  63             schemes[schemes_n++] = scheme_copy;
  64         }
  65     }
  66
  67     /* Try each scheme until we find one that could open the URI */
  68     for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
  69         if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
  70             loader_ctx = loader->open(loader, uri, ui_method, ui_data);
  71     }
  72     if (loader_ctx == NULL)
  73         goto done;
  74
  75     if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
  76         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
  77         goto done;
  78     }
  79
  80     ctx->loader = loader;
  81     ctx->loader_ctx = loader_ctx;
  82     loader_ctx = NULL;
  83     ctx->ui_method = ui_method;
  84     ctx->ui_data = ui_data;
  85     ctx->post_process = post_process;
  86     ctx->post_process_data = post_process_data;
  87
  88  done:
  89     if (loader_ctx != NULL) {
  90         /*
  91          * We ignore a returned error because we will return NULL anyway in
  92          * this case, so if something goes wrong when closing, that'll simply
  93          * just add another entry on the error stack.
  94          */
  95         (void)loader->close(loader_ctx);
  96     }
  97     return ctx;
  98 }
  99
 100 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
 101 {
 102     va_list args;
 103     int ret = 0;
 104
 105     va_start(args, cmd);
 106     if (ctx->loader->ctrl != NULL)
 107         ret = ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
 108     va_end(args);
 109
 110     return ret;
 111 }
 112
 113 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
 114 {
 115     OSSL_STORE_INFO *v = NULL;
 116
 117  again:
 118     if (OSSL_STORE_eof(ctx))
 119         return NULL;
 120
 121     v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
 122
 123     if (ctx->post_process != NULL && v != NULL) {
 124         v = ctx->post_process(v, ctx->post_process_data);
 125
 126         /*
 127          * By returning NULL, the callback decides that this object should
 128          * be ignored.
 129          */
 130         if (v == NULL)
 131             goto again;
 132     }
 133
 134     return v;
 135 }
 136
 137 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
 138 {
 139     return ctx->loader->error(ctx->loader_ctx);
 140 }
 141
 142 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
 143 {
 144     return ctx->loader->eof(ctx->loader_ctx);
 145 }
 146
 147 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
 148 {
 149     int loader_ret = ctx->loader->close(ctx->loader_ctx);
 150
 151     OPENSSL_free(ctx);
 152     return loader_ret;
 153 }
 154
 155 /*
 156  * Functions to generate OSSL_STORE_INFOs, one function for each type we
 157  * support having in them as well as a generic constructor.
 158  *
 159  * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
 160  * and will therefore be freed when the OSSL_STORE_INFO is freed.
 161  */
 162 static OSSL_STORE_INFO *store_info_new(int type, void *data)
 163 {
 164     OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
 165
 166     if (info == NULL)
 167         return NULL;
 168
 169     info->type = type;
 170     info->_.data = data;
 171     return info;
 172 }
 173
 174 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
 175 {
 176     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
 177
 178     if (info == NULL) {
 179         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
 180                       ERR_R_MALLOC_FAILURE);
 181         return NULL;
 182     }
 183
 184     info->_.name.name = name;
 185     info->_.name.desc = NULL;
 186
 187     return info;
 188 }
 189
 190 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
 191 {
 192     if (info->type != OSSL_STORE_INFO_NAME) {
 193         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
 194                       ERR_R_PASSED_INVALID_ARGUMENT);
 195         return 0;
 196     }
 197
 198     info->_.name.desc = desc;
 199
 200     return 1;
 201 }
 202 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
 203 {
 204     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
 205
 206     if (info == NULL)
 207         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
 208                       ERR_R_MALLOC_FAILURE);
 209     return info;
 210 }
 211
 212 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
 213 {
 214     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
 215
 216     if (info == NULL)
 217         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
 218                       ERR_R_MALLOC_FAILURE);
 219     return info;
 220 }
 221
 222 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
 223 {
 224     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
 225
 226     if (info == NULL)
 227         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
 228                       ERR_R_MALLOC_FAILURE);
 229     return info;
 230 }
 231
 232 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
 233 {
 234     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
 235
 236     if (info == NULL)
 237         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
 238                       ERR_R_MALLOC_FAILURE);
 239     return info;
 240 }
 241
 242 /*
 243  * Functions to try to extract data from a OSSL_STORE_INFO.
 244  */
 245 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
 246 {
 247     return info->type;
 248 }
 249
 250 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
 251 {
 252     if (info->type == OSSL_STORE_INFO_NAME)
 253         return info->_.name.name;
 254     return NULL;
 255 }
 256
 257 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
 258 {
 259     if (info->type == OSSL_STORE_INFO_NAME) {
 260         char *ret = OPENSSL_strdup(info->_.name.name);
 261
 262         if (ret == NULL)
 263             OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
 264                           ERR_R_MALLOC_FAILURE);
 265         return ret;
 266     }
 267     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
 268                   OSSL_STORE_R_NOT_A_NAME);
 269     return NULL;
 270 }
 271
 272 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
 273 {
 274     if (info->type == OSSL_STORE_INFO_NAME)
 275         return info->_.name.desc;
 276     return NULL;
 277 }
 278
 279 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
 280 {
 281     if (info->type == OSSL_STORE_INFO_NAME) {
 282         char *ret = OPENSSL_strdup(info->_.name.desc
 283                                    ? info->_.name.desc : "");
 284
 285         if (ret == NULL)
 286             OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
 287                      ERR_R_MALLOC_FAILURE);
 288         return ret;
 289     }
 290     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
 291                   OSSL_STORE_R_NOT_A_NAME);
 292     return NULL;
 293 }
 294
 295 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
 296 {
 297     if (info->type == OSSL_STORE_INFO_PARAMS)
 298         return info->_.params;
 299     return NULL;
 300 }
 301
 302 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
 303 {
 304     if (info->type == OSSL_STORE_INFO_PARAMS) {
 305         EVP_PKEY_up_ref(info->_.params);
 306         return info->_.params;
 307     }
 308     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
 309                   OSSL_STORE_R_NOT_PARAMETERS);
 310     return NULL;
 311 }
 312
 313 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
 314 {
 315     if (info->type == OSSL_STORE_INFO_PKEY)
 316         return info->_.pkey;
 317     return NULL;
 318 }
 319
 320 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
 321 {
 322     if (info->type == OSSL_STORE_INFO_PKEY) {
 323         EVP_PKEY_up_ref(info->_.pkey);
 324         return info->_.pkey;
 325     }
 326     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
 327                   OSSL_STORE_R_NOT_A_KEY);
 328     return NULL;
 329 }
 330
 331 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
 332 {
 333     if (info->type == OSSL_STORE_INFO_CERT)
 334         return info->_.x509;
 335     return NULL;
 336 }
 337
 338 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
 339 {
 340     if (info->type == OSSL_STORE_INFO_CERT) {
 341         X509_up_ref(info->_.x509);
 342         return info->_.x509;
 343     }
 344     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
 345                   OSSL_STORE_R_NOT_A_CERTIFICATE);
 346     return NULL;
 347 }
 348
 349 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
 350 {
 351     if (info->type == OSSL_STORE_INFO_CRL)
 352         return info->_.crl;
 353     return NULL;
 354 }
 355
 356 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
 357 {
 358     if (info->type == OSSL_STORE_INFO_CRL) {
 359         X509_CRL_up_ref(info->_.crl);
 360         return info->_.crl;
 361     }
 362     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
 363                   OSSL_STORE_R_NOT_A_CRL);
 364     return NULL;
 365 }
 366
 367 /*
 368  * Free the OSSL_STORE_INFO
 369  */
 370 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
 371 {
 372     if (info != NULL) {
 373         switch (info->type) {
 374         case OSSL_STORE_INFO_EMBEDDED:
 375             BUF_MEM_free(info->_.embedded.blob);
 376             OPENSSL_free(info->_.embedded.pem_name);
 377             break;
 378         case OSSL_STORE_INFO_NAME:
 379             OPENSSL_free(info->_.name.name);
 380             OPENSSL_free(info->_.name.desc);
 381             break;
 382         case OSSL_STORE_INFO_PARAMS:
 383             EVP_PKEY_free(info->_.params);
 384             break;
 385         case OSSL_STORE_INFO_PKEY:
 386             EVP_PKEY_free(info->_.pkey);
 387             break;
 388         case OSSL_STORE_INFO_CERT:
 389             X509_free(info->_.x509);
 390             break;
 391         case OSSL_STORE_INFO_CRL:
 392             X509_CRL_free(info->_.crl);
 393             break;
 394         }
 395         OPENSSL_free(info);
 396     }
 397 }
 398
 399 /* Internal functions */
 400 OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
 401                                               BUF_MEM *embedded)
 402 {
 403     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
 404
 405     if (info == NULL) {
 406         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
 407                       ERR_R_MALLOC_FAILURE);
 408         return NULL;
 409     }
 410
 411     info->_.embedded.blob = embedded;
 412     info->_.embedded.pem_name =
 413         new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
 414
 415     if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
 416         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
 417                       ERR_R_MALLOC_FAILURE);
 418         OSSL_STORE_INFO_free(info);
 419         info = NULL;
 420     }
 421
 422     return info;
 423 }
 424
 425 BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
 426 {
 427     if (info->type == OSSL_STORE_INFO_EMBEDDED)
 428         return info->_.embedded.blob;
 429     return NULL;
 430 }
 431
 432 char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
 433 {
 434     if (info->type == OSSL_STORE_INFO_EMBEDDED)
 435         return info->_.embedded.pem_name;
 436     return NULL;
 437 }
 438
 439 OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
 440                                           void *ui_data)
 441 {
 442     OSSL_STORE_CTX *ctx = NULL;
 443     const OSSL_STORE_LOADER *loader = NULL;
 444     OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
 445
 446     if ((loader = ossl_store_get0_loader_int("file")) == NULL
 447         || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
 448         goto done;
 449     if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
 450         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
 451                      ERR_R_MALLOC_FAILURE);
 452         goto done;
 453     }
 454
 455     ctx->loader = loader;
 456     ctx->loader_ctx = loader_ctx;
 457     loader_ctx = NULL;
 458     ctx->ui_method = ui_method;
 459     ctx->ui_data = ui_data;
 460     ctx->post_process = NULL;
 461     ctx->post_process_data = NULL;
 462
 463  done:
 464     if (loader_ctx != NULL)
 465         /*
 466          * We ignore a returned error because we will return NULL anyway in
 467          * this case, so if something goes wrong when closing, that'll simply
 468          * just add another entry on the error stack.
 469          */
 470         (void)loader->close(loader_ctx);
 471     return ctx;
 472 }
 473
 474 int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
 475 {
 476     int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);
 477
 478     OPENSSL_free(ctx);
 479     return loader_ret;
 480 }