2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include "internal/cryptlib.h"
15 #include <openssl/buffer.h>
16 #include <openssl/x509.h>
17 #include <openssl/pem.h>
18 #include "x509_local.h"
20 DEFINE_STACK_OF(X509_INFO)
22 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
23 long argl, char **ret);
24 static int by_file_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd,
25 const char *argc, long argl, char **ret,
26 OPENSSL_CTX *libctx, const char *propq);
29 static X509_LOOKUP_METHOD x509_file_lookup = {
30 "Load file into cache",
35 by_file_ctrl, /* ctrl */
36 NULL, /* get_by_subject */
37 NULL, /* get_by_issuer_serial */
38 NULL, /* get_by_fingerprint */
39 NULL, /* get_by_alias */
40 NULL, /* get_by_subject_with_libctx */
41 by_file_ctrl_with_libctx, /* ctrl_with_libctx */
44 X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
46 return &x509_file_lookup;
49 static int by_file_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd,
50 const char *argp, long argl, char **ret,
51 OPENSSL_CTX *libctx, const char *propq)
57 case X509_L_FILE_LOAD:
58 if (argl == X509_FILETYPE_DEFAULT) {
59 file = ossl_safe_getenv(X509_get_default_cert_file_env());
61 ok = (X509_load_cert_crl_file_with_libctx(ctx, file,
66 ok = (X509_load_cert_crl_file_with_libctx(
67 ctx, X509_get_default_cert_file(),
68 X509_FILETYPE_PEM, libctx, propq) != 0);
71 X509err(0, X509_R_LOADING_DEFAULTS);
74 if (argl == X509_FILETYPE_PEM)
75 ok = (X509_load_cert_crl_file_with_libctx(ctx, argp,
79 ok = (X509_load_cert_file_with_libctx(ctx, argp, (int)argl,
87 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd,
88 const char *argp, long argl, char **ret)
90 return by_file_ctrl_with_libctx(ctx, cmd, argp, argl, ret, NULL, NULL);
93 int X509_load_cert_file_with_libctx(X509_LOOKUP *ctx, const char *file, int type,
94 OPENSSL_CTX *libctx, const char *propq)
101 in = BIO_new(BIO_s_file());
103 if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
104 X509err(0, ERR_R_SYS_LIB);
108 if (type != X509_FILETYPE_PEM && type != X509_FILETYPE_ASN1) {
109 X509err(0, X509_R_BAD_X509_FILETYPE);
112 x = X509_new_with_libctx(libctx, propq);
114 X509err(0, ERR_R_MALLOC_FAILURE);
118 if (type == X509_FILETYPE_PEM) {
120 if (PEM_read_bio_X509_AUX(in, &x, NULL, "") == NULL) {
121 if ((ERR_GET_REASON(ERR_peek_last_error()) ==
122 PEM_R_NO_START_LINE) && (count > 0)) {
126 X509err(0, ERR_R_PEM_LIB);
130 i = X509_STORE_add_cert(ctx->store_ctx, x);
138 } else if (type == X509_FILETYPE_ASN1) {
139 if (d2i_X509_bio(in, &x) == NULL) {
140 X509err(0, ERR_R_ASN1_LIB);
143 i = X509_STORE_add_cert(ctx->store_ctx, x);
149 X509err(0, X509_R_NO_CERTIFICATE_FOUND);
156 int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
158 return X509_load_cert_file_with_libctx(ctx, file, type, NULL, NULL);
161 int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
168 in = BIO_new(BIO_s_file());
170 if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
171 X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB);
175 if (type == X509_FILETYPE_PEM) {
177 x = PEM_read_bio_X509_CRL(in, NULL, NULL, "");
179 if ((ERR_GET_REASON(ERR_peek_last_error()) ==
180 PEM_R_NO_START_LINE) && (count > 0)) {
184 X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB);
188 i = X509_STORE_add_crl(ctx->store_ctx, x);
196 } else if (type == X509_FILETYPE_ASN1) {
197 x = d2i_X509_CRL_bio(in, NULL);
199 X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB);
202 i = X509_STORE_add_crl(ctx->store_ctx, x);
207 X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
211 X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_NO_CRL_FOUND);
218 int X509_load_cert_crl_file_with_libctx(X509_LOOKUP *ctx, const char *file,
219 int type, OPENSSL_CTX *libctx,
222 STACK_OF(X509_INFO) *inf;
227 if (type != X509_FILETYPE_PEM)
228 return X509_load_cert_file_with_libctx(ctx, file, type, libctx, propq);
229 in = BIO_new_file(file, "r");
231 X509err(0, ERR_R_SYS_LIB);
234 inf = PEM_X509_INFO_read_bio_with_libctx(in, NULL, NULL, "", libctx, propq);
237 X509err(0, ERR_R_PEM_LIB);
240 for (i = 0; i < sk_X509_INFO_num(inf); i++) {
241 itmp = sk_X509_INFO_value(inf, i);
243 if (!X509_STORE_add_cert(ctx->store_ctx, itmp->x509))
248 if (!X509_STORE_add_crl(ctx->store_ctx, itmp->crl))
254 X509err(0, X509_R_NO_CERTIFICATE_OR_CRL_FOUND);
256 sk_X509_INFO_pop_free(inf, X509_INFO_free);
260 int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
262 return X509_load_cert_crl_file_with_libctx(ctx, file, type, NULL, NULL);