2 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/store.h>
18 #include "internal/thread_once.h"
19 #include "internal/store_int.h"
20 #include "store_locl.h"
22 struct ossl_store_ctx_st {
23 const OSSL_STORE_LOADER *loader;
24 OSSL_STORE_LOADER_CTX *loader_ctx;
25 const UI_METHOD *ui_method;
27 OSSL_STORE_post_process_info_fn post_process;
28 void *post_process_data;
31 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
33 OSSL_STORE_post_process_info_fn post_process,
34 void *post_process_data)
36 const OSSL_STORE_LOADER *loader = NULL;
37 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
38 OSSL_STORE_CTX *ctx = NULL;
39 char scheme_copy[256], *p, *schemes[2];
44 * Put the file scheme first. If the uri does represent an existing file,
45 * possible device name and all, then it should be loaded. Only a failed
46 * attempt at loading a local file should have us try something else.
48 schemes[schemes_n++] = "file";
51 * Now, check if we have something that looks like a scheme, and add it
52 * as a second scheme. However, also check if there's an authority start
53 * (://), because that will invalidate the previous file scheme. Also,
54 * check that this isn't actually the file scheme, as there's no point
55 * going through that one twice!
57 OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
58 if ((p = strchr(scheme_copy, ':')) != NULL) {
60 if (strcasecmp(scheme_copy, "file") != 0) {
61 if (strncmp(p, "//", 2) == 0)
62 schemes_n--; /* Invalidate the file scheme */
63 schemes[schemes_n++] = scheme_copy;
67 /* Try each scheme until we find one that could open the URI */
68 for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
69 if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
70 loader_ctx = loader->open(loader, uri, ui_method, ui_data);
72 if (loader_ctx == NULL)
75 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
76 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
81 ctx->loader_ctx = loader_ctx;
83 ctx->ui_method = ui_method;
84 ctx->ui_data = ui_data;
85 ctx->post_process = post_process;
86 ctx->post_process_data = post_process_data;
89 if (loader_ctx != NULL) {
91 * We ignore a returned error because we will return NULL anyway in
92 * this case, so if something goes wrong when closing, that'll simply
93 * just add another entry on the error stack.
95 (void)loader->close(loader_ctx);
100 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
106 if (ctx->loader->ctrl != NULL)
107 ret = ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
113 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
115 OSSL_STORE_INFO *v = NULL;
118 if (OSSL_STORE_eof(ctx))
121 v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
123 if (ctx->post_process != NULL && v != NULL) {
124 v = ctx->post_process(v, ctx->post_process_data);
127 * By returning NULL, the callback decides that this object should
137 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
139 return ctx->loader->error(ctx->loader_ctx);
142 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
144 return ctx->loader->eof(ctx->loader_ctx);
147 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
149 int loader_ret = ctx->loader->close(ctx->loader_ctx);
156 * Functions to generate OSSL_STORE_INFOs, one function for each type we
157 * support having in them as well as a generic constructor.
159 * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
160 * and will therefore be freed when the OSSL_STORE_INFO is freed.
162 static OSSL_STORE_INFO *store_info_new(int type, void *data)
164 OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
174 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
176 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
179 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
180 ERR_R_MALLOC_FAILURE);
184 info->_.name.name = name;
185 info->_.name.desc = NULL;
190 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
192 if (info->type != OSSL_STORE_INFO_NAME) {
193 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
194 ERR_R_PASSED_INVALID_ARGUMENT);
198 info->_.name.desc = desc;
202 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
204 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
207 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
208 ERR_R_MALLOC_FAILURE);
212 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
214 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
217 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
218 ERR_R_MALLOC_FAILURE);
222 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
224 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
227 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
228 ERR_R_MALLOC_FAILURE);
232 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
234 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
237 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
238 ERR_R_MALLOC_FAILURE);
243 * Functions to try to extract data from a OSSL_STORE_INFO.
245 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
250 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
252 if (info->type == OSSL_STORE_INFO_NAME)
253 return info->_.name.name;
257 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
259 if (info->type == OSSL_STORE_INFO_NAME) {
260 char *ret = OPENSSL_strdup(info->_.name.name);
263 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
264 ERR_R_MALLOC_FAILURE);
267 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
268 OSSL_STORE_R_NOT_A_NAME);
272 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
274 if (info->type == OSSL_STORE_INFO_NAME)
275 return info->_.name.desc;
279 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
281 if (info->type == OSSL_STORE_INFO_NAME) {
282 char *ret = OPENSSL_strdup(info->_.name.desc
283 ? info->_.name.desc : "");
286 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
287 ERR_R_MALLOC_FAILURE);
290 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
291 OSSL_STORE_R_NOT_A_NAME);
295 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
297 if (info->type == OSSL_STORE_INFO_PARAMS)
298 return info->_.params;
302 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
304 if (info->type == OSSL_STORE_INFO_PARAMS) {
305 EVP_PKEY_up_ref(info->_.params);
306 return info->_.params;
308 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
309 OSSL_STORE_R_NOT_PARAMETERS);
313 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
315 if (info->type == OSSL_STORE_INFO_PKEY)
320 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
322 if (info->type == OSSL_STORE_INFO_PKEY) {
323 EVP_PKEY_up_ref(info->_.pkey);
326 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
327 OSSL_STORE_R_NOT_A_KEY);
331 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
333 if (info->type == OSSL_STORE_INFO_CERT)
338 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
340 if (info->type == OSSL_STORE_INFO_CERT) {
341 X509_up_ref(info->_.x509);
344 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
345 OSSL_STORE_R_NOT_A_CERTIFICATE);
349 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
351 if (info->type == OSSL_STORE_INFO_CRL)
356 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
358 if (info->type == OSSL_STORE_INFO_CRL) {
359 X509_CRL_up_ref(info->_.crl);
362 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
363 OSSL_STORE_R_NOT_A_CRL);
368 * Free the OSSL_STORE_INFO
370 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
373 switch (info->type) {
374 case OSSL_STORE_INFO_EMBEDDED:
375 BUF_MEM_free(info->_.embedded.blob);
376 OPENSSL_free(info->_.embedded.pem_name);
378 case OSSL_STORE_INFO_NAME:
379 OPENSSL_free(info->_.name.name);
380 OPENSSL_free(info->_.name.desc);
382 case OSSL_STORE_INFO_PARAMS:
383 EVP_PKEY_free(info->_.params);
385 case OSSL_STORE_INFO_PKEY:
386 EVP_PKEY_free(info->_.pkey);
388 case OSSL_STORE_INFO_CERT:
389 X509_free(info->_.x509);
391 case OSSL_STORE_INFO_CRL:
392 X509_CRL_free(info->_.crl);
399 /* Internal functions */
400 OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
403 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
406 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
407 ERR_R_MALLOC_FAILURE);
411 info->_.embedded.blob = embedded;
412 info->_.embedded.pem_name =
413 new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
415 if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
416 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
417 ERR_R_MALLOC_FAILURE);
418 OSSL_STORE_INFO_free(info);
425 BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
427 if (info->type == OSSL_STORE_INFO_EMBEDDED)
428 return info->_.embedded.blob;
432 char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
434 if (info->type == OSSL_STORE_INFO_EMBEDDED)
435 return info->_.embedded.pem_name;
439 OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
442 OSSL_STORE_CTX *ctx = NULL;
443 const OSSL_STORE_LOADER *loader = NULL;
444 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
446 if ((loader = ossl_store_get0_loader_int("file")) == NULL
447 || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
449 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
450 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
451 ERR_R_MALLOC_FAILURE);
455 ctx->loader = loader;
456 ctx->loader_ctx = loader_ctx;
458 ctx->ui_method = ui_method;
459 ctx->ui_data = ui_data;
460 ctx->post_process = NULL;
461 ctx->post_process_data = NULL;
464 if (loader_ctx != NULL)
466 * We ignore a returned error because we will return NULL anyway in
467 * this case, so if something goes wrong when closing, that'll simply
468 * just add another entry on the error stack.
470 (void)loader->close(loader_ctx);
474 int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
476 int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);