2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "e_os.h" /* To get strncasecmp() on Windows */
14 #include <ctype.h> /* isdigit */
17 #include <openssl/core_dispatch.h>
18 #include <openssl/core_names.h>
19 #include <openssl/core_object.h>
20 #include <openssl/bio.h>
21 #include <openssl/err.h>
22 #include <openssl/params.h>
23 #include <openssl/decoder.h>
24 #include <openssl/proverr.h>
25 #include <openssl/store.h> /* The OSSL_STORE_INFO type numbers */
26 #include "internal/cryptlib.h"
27 #include "internal/o_dir.h"
28 #include "crypto/decoder.h"
29 #include "prov/implementations.h"
31 #include "file_store_local.h"
33 DEFINE_STACK_OF(OSSL_STORE_INFO)
40 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
43 static OSSL_FUNC_store_open_fn file_open;
44 static OSSL_FUNC_store_attach_fn file_attach;
45 static OSSL_FUNC_store_settable_ctx_params_fn file_settable_ctx_params;
46 static OSSL_FUNC_store_set_ctx_params_fn file_set_ctx_params;
47 static OSSL_FUNC_store_load_fn file_load;
48 static OSSL_FUNC_store_eof_fn file_eof;
49 static OSSL_FUNC_store_close_fn file_close;
52 * This implementation makes full use of OSSL_DECODER, and then some.
53 * It uses its own internal decoder implementation that reads DER and
54 * passes that on to the data callback; this decoder is created with
55 * internal OpenSSL functions, thereby bypassing the need for a surrounding
56 * provider. This is ok, since this is a local decoder, not meant for
57 * public consumption. It also uses the libcrypto internal decoder
58 * setup function ossl_decoder_ctx_setup_for_pkey(), to allow the
59 * last resort decoder to be added first (and thereby be executed last).
60 * Finally, it sets up its own construct and cleanup functions.
62 * Essentially, that makes this implementation a kind of glorified decoder.
67 char *uri; /* The URI we currently try to load */
69 IS_FILE = 0, /* Read file and pass results */
70 IS_DIR /* Pass directory entry names */
74 /* Used with |IS_FILE| */
78 OSSL_DECODER_CTX *decoderctx;
80 char *propq; /* The properties we got as a parameter */
83 /* Used with |IS_DIR| */
89 * When a search expression is given, these are filled in.
90 * |search_name| contains the file basename to look for.
91 * The string is exactly 8 characters long.
96 * The directory reading utility we have combines opening with
97 * reading the first name. To make sure we can detect the end
98 * at the right time, we read early and cache the name.
100 const char *last_entry;
105 /* Expected object type. May be unspecified */
109 static void free_file_ctx(struct file_ctx_st *ctx)
114 OPENSSL_free(ctx->uri);
115 if (ctx->type != IS_DIR) {
116 OSSL_DECODER_CTX_free(ctx->_.file.decoderctx);
117 OPENSSL_free(ctx->_.file.propq);
118 OPENSSL_free(ctx->_.file.input_type);
123 static struct file_ctx_st *new_file_ctx(int type, const char *uri,
126 struct file_ctx_st *ctx = NULL;
128 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL
129 && (uri == NULL || (ctx->uri = OPENSSL_strdup(uri)) != NULL)) {
131 ctx->provctx = provctx;
138 static OSSL_DECODER_CONSTRUCT file_load_construct;
139 static OSSL_DECODER_CLEANUP file_load_cleanup;
142 * Opening / attaching streams and directories
143 * -------------------------------------------
147 * Function to service both file_open() and file_attach()
151 static struct file_ctx_st *file_open_stream(BIO *source, const char *uri,
154 struct file_ctx_st *ctx;
156 if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL) {
157 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
161 ctx->_.file.file = source;
169 static void *file_open_dir(const char *path, const char *uri, void *provctx)
171 struct file_ctx_st *ctx;
173 if ((ctx = new_file_ctx(IS_DIR, uri, provctx)) == NULL) {
174 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
178 ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path);
179 ctx->_.dir.last_errno = errno;
180 if (ctx->_.dir.last_entry == NULL) {
181 if (ctx->_.dir.last_errno != 0) {
182 ERR_raise_data(ERR_LIB_SYS, ctx->_.dir.last_errno,
183 "Calling OPENSSL_DIR_read(\"%s\")", path);
186 ctx->_.dir.end_reached = 1;
194 static void *file_open(void *provctx, const char *uri)
196 struct file_ctx_st *ctx = NULL;
200 unsigned int check_absolute:1;
202 size_t path_data_n = 0, i;
209 * First step, just take the URI as is.
211 path_data[path_data_n].check_absolute = 0;
212 path_data[path_data_n++].path = uri;
215 * Second step, if the URI appears to start with the 'file' scheme,
216 * extract the path and make that the second path to check.
217 * There's a special case if the URI also contains an authority, then
218 * the full URI shouldn't be used as a path anywhere.
220 if (strncasecmp(uri, "file:", 5) == 0) {
221 const char *p = &uri[5];
223 if (strncmp(&uri[5], "//", 2) == 0) {
224 path_data_n--; /* Invalidate using the full URI */
225 if (strncasecmp(&uri[7], "localhost/", 10) == 0) {
227 } else if (uri[7] == '/') {
230 ERR_clear_last_mark();
231 ERR_raise(ERR_LIB_PROV, PROV_R_URI_AUTHORITY_UNSUPPORTED);
236 path_data[path_data_n].check_absolute = 1;
238 /* Windows file: URIs with a drive letter start with a / */
239 if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
240 char c = tolower(p[1]);
242 if (c >= 'a' && c <= 'z') {
244 /* We know it's absolute, so no need to check */
245 path_data[path_data_n].check_absolute = 0;
249 path_data[path_data_n++].path = p;
253 for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) {
255 * If the scheme "file" was an explicit part of the URI, the path must
256 * be absolute. So says RFC 8089
258 if (path_data[i].check_absolute && path_data[i].path[0] != '/') {
259 ERR_clear_last_mark();
260 ERR_raise_data(ERR_LIB_PROV, PROV_R_PATH_MUST_BE_ABSOLUTE,
261 "Given path=%s", path_data[i].path);
265 if (stat(path_data[i].path, &st) < 0) {
266 ERR_raise_data(ERR_LIB_SYS, errno,
270 path = path_data[i].path;
274 ERR_clear_last_mark();
278 /* Successfully found a working path, clear possible collected errors */
281 if (S_ISDIR(st.st_mode))
282 ctx = file_open_dir(path, uri, provctx);
283 else if ((bio = BIO_new_file(path, "rb")) == NULL
284 || (ctx = file_open_stream(bio, uri, provctx)) == NULL)
290 void *file_attach(void *provctx, OSSL_CORE_BIO *cin)
292 struct file_ctx_st *ctx;
293 BIO *new_bio = ossl_bio_new_from_core_bio(provctx, cin);
298 ctx = file_open_stream(new_bio, NULL, provctx);
309 static const OSSL_PARAM *file_settable_ctx_params(void *provctx)
311 static const OSSL_PARAM known_settable_ctx_params[] = {
312 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES, NULL, 0),
313 OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT, NULL),
314 OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT, NULL, 0),
315 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, NULL, 0),
318 return known_settable_ctx_params;
321 static int file_set_ctx_params(void *loaderctx, const OSSL_PARAM params[])
323 struct file_ctx_st *ctx = loaderctx;
329 if (ctx->type != IS_DIR) {
330 /* these parameters are ignored for directories */
331 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
333 OPENSSL_free(ctx->_.file.propq);
334 ctx->_.file.propq = NULL;
335 if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
338 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_INPUT_TYPE);
340 OPENSSL_free(ctx->_.file.input_type);
341 ctx->_.file.input_type = NULL;
342 if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.input_type, 0))
346 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_EXPECT);
347 if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->expected_type))
349 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
351 const unsigned char *der = NULL;
353 X509_NAME *x509_name;
357 if (ctx->type != IS_DIR) {
358 ERR_raise(ERR_LIB_PROV,
359 PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
363 if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&der, &der_len)
364 || (x509_name = d2i_X509_NAME(NULL, &der, der_len)) == NULL)
366 hash = X509_NAME_hash_ex(x509_name,
367 ossl_prov_ctx_get0_libctx(ctx->provctx), NULL,
369 BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name),
371 X509_NAME_free(x509_name);
379 * Loading an object from a stream
380 * -------------------------------
383 struct file_load_data_st {
384 OSSL_CALLBACK *object_cb;
388 static int file_load_construct(OSSL_DECODER_INSTANCE *decoder_inst,
389 const OSSL_PARAM *params, void *construct_data)
391 struct file_load_data_st *data = construct_data;
394 * At some point, we may find it justifiable to recognise PKCS#12 and
395 * handle it specially here, making |file_load()| return pass its
396 * contents one piece at ta time, like |e_loader_attic.c| does.
398 * However, that currently means parsing them out, which converts the
399 * DER encoded PKCS#12 into a bunch of EVP_PKEYs and X509s, just to
400 * have to re-encode them into DER to create an object abstraction for
402 * It's much simpler (less churn) to pass on the object abstraction we
403 * get to the load_result callback and leave it to that one to do the
404 * work. If that's libcrypto code, we know that it has much better
405 * possibilities to handle the EVP_PKEYs and X509s without the extra
409 return data->object_cb(params, data->object_cbarg);
412 void file_load_cleanup(void *construct_data)
417 static int file_setup_decoders(struct file_ctx_st *ctx)
419 EVP_PKEY *dummy; /* for ossl_decoder_ctx_setup_for_pkey() */
420 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
421 OSSL_DECODER *to_obj = NULL; /* Last resort decoder */
422 OSSL_DECODER_INSTANCE *to_obj_inst = NULL;
423 OSSL_DECODER_CLEANUP *old_cleanup = NULL;
424 void *old_construct_data = NULL;
425 int ok = 0, expect_evp_pkey = 0;
427 /* Setup for this session, so only if not already done */
428 if (ctx->_.file.decoderctx == NULL) {
429 if ((ctx->_.file.decoderctx = OSSL_DECODER_CTX_new()) == NULL) {
430 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
434 expect_evp_pkey = (ctx->expected_type == 0
435 || ctx->expected_type == OSSL_STORE_INFO_PARAMS
436 || ctx->expected_type == OSSL_STORE_INFO_PUBKEY
437 || ctx->expected_type == OSSL_STORE_INFO_PKEY);
439 /* Make sure the input type is set */
440 if (!OSSL_DECODER_CTX_set_input_type(ctx->_.file.decoderctx,
441 ctx->_.file.input_type)) {
442 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
447 * Create the internal last resort decoder implementation together
448 * with a "decoder instance".
449 * The decoder doesn't need any identification or to be attached to
450 * any provider, since it's only used locally.
452 to_obj = ossl_decoder_from_algorithm(0, &ossl_der_to_obj_algorithm,
456 to_obj_inst = ossl_decoder_instance_new(to_obj, ctx->provctx);
457 if (to_obj_inst == NULL)
460 if (!ossl_decoder_ctx_add_decoder_inst(ctx->_.file.decoderctx,
462 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
467 * OSSL_DECODER_INSTANCE shouldn't be freed from this point on.
468 * That's going to happen whenever the OSSL_DECODER_CTX is freed.
473 * Add on the usual decoder context for keys, with a dummy object.
474 * Since we're setting up our own constructor, we don't need to care
478 && !ossl_decoder_ctx_setup_for_pkey(ctx->_.file.decoderctx,
480 libctx, ctx->_.file.propq))
481 || !OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx,
482 libctx, ctx->_.file.propq)) {
483 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
488 * Then we throw away the installed finalizer data, and install our
491 old_cleanup = OSSL_DECODER_CTX_get_cleanup(ctx->_.file.decoderctx);
493 OSSL_DECODER_CTX_get_construct_data(ctx->_.file.decoderctx);
494 if (old_cleanup != NULL)
495 old_cleanup(old_construct_data);
500 if (!OSSL_DECODER_CTX_set_construct(ctx->_.file.decoderctx,
502 || !OSSL_DECODER_CTX_set_cleanup(ctx->_.file.decoderctx,
503 file_load_cleanup)) {
504 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
511 OSSL_DECODER_free(to_obj);
515 static int file_load_file(struct file_ctx_st *ctx,
516 OSSL_CALLBACK *object_cb, void *object_cbarg,
517 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
519 struct file_load_data_st data;
521 /* Setup the decoders (one time shot per session */
523 if (!file_setup_decoders(ctx))
526 /* Setup for this object */
528 data.object_cb = object_cb;
529 data.object_cbarg = object_cbarg;
530 OSSL_DECODER_CTX_set_construct_data(ctx->_.file.decoderctx, &data);
531 OSSL_DECODER_CTX_set_passphrase_cb(ctx->_.file.decoderctx, pw_cb, pw_cbarg);
535 return OSSL_DECODER_from_bio(ctx->_.file.decoderctx, ctx->_.file.file);
539 * Loading a name object from a directory
540 * --------------------------------------
543 static char *file_name_to_uri(struct file_ctx_st *ctx, const char *name)
547 assert(name != NULL);
549 const char *pathsep = ossl_ends_with_dirsep(ctx->uri) ? "" : "/";
550 long calculated_length = strlen(ctx->uri) + strlen(pathsep)
551 + strlen(name) + 1 /* \0 */;
553 data = OPENSSL_zalloc(calculated_length);
555 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
559 OPENSSL_strlcat(data, ctx->uri, calculated_length);
560 OPENSSL_strlcat(data, pathsep, calculated_length);
561 OPENSSL_strlcat(data, name, calculated_length);
566 static int file_name_check(struct file_ctx_st *ctx, const char *name)
568 const char *p = NULL;
570 /* If there are no search criteria, all names are accepted */
571 if (ctx->_.dir.search_name[0] == '\0')
574 /* If the expected type isn't supported, no name is accepted */
575 if (ctx->expected_type != 0
576 && ctx->expected_type != OSSL_STORE_INFO_CERT
577 && ctx->expected_type != OSSL_STORE_INFO_CRL)
581 * First, check the basename
583 if (strncasecmp(name, ctx->_.dir.search_name,
584 sizeof(ctx->_.dir.search_name) - 1) != 0
585 || name[sizeof(ctx->_.dir.search_name) - 1] != '.')
587 p = &name[sizeof(ctx->_.dir.search_name)];
590 * Then, if the expected type is a CRL, check that the extension starts
595 if (ctx->expected_type != 0
596 && ctx->expected_type != OSSL_STORE_INFO_CRL)
598 } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) {
603 * Last, check that the rest of the extension is a decimal number, at
604 * least one digit long.
613 * One extra step here, check for a possible generation number.
616 for (p++; *p != '\0'; p++)
617 if (!ossl_isdigit(*p))
622 * If we've reached the end of the string at this point, we've successfully
623 * found a fitting file name.
628 static int file_load_dir_entry(struct file_ctx_st *ctx,
629 OSSL_CALLBACK *object_cb, void *object_cbarg,
630 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
632 /* Prepare as much as possible in advance */
633 static const int object_type = OSSL_OBJECT_NAME;
634 OSSL_PARAM object[] = {
635 OSSL_PARAM_int(OSSL_OBJECT_PARAM_TYPE, (int *)&object_type),
636 OSSL_PARAM_utf8_string(OSSL_OBJECT_PARAM_DATA, NULL, 0),
639 char *newname = NULL;
642 /* Loop until we get an error or until we have a suitable name */
644 if (ctx->_.dir.last_entry == NULL) {
645 if (!ctx->_.dir.end_reached) {
646 assert(ctx->_.dir.last_errno != 0);
647 ERR_raise(ERR_LIB_SYS, ctx->_.dir.last_errno);
649 /* file_eof() will tell if EOF was reached */
653 /* flag acceptable names */
654 if (ctx->_.dir.last_entry[0] != '.'
655 && file_name_check(ctx, ctx->_.dir.last_entry)) {
657 /* If we can't allocate the new name, we fail */
659 file_name_to_uri(ctx, ctx->_.dir.last_entry)) == NULL)
664 * On the first call (with a NULL context), OPENSSL_DIR_read()
665 * cares about the second argument. On the following calls, it
666 * only cares that it isn't NULL. Therefore, we can safely give
669 ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, ctx->uri);
670 ctx->_.dir.last_errno = errno;
671 if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0)
672 ctx->_.dir.end_reached = 1;
673 } while (newname == NULL);
675 object[1].data = newname;
676 object[1].data_size = strlen(newname);
677 ok = object_cb(object, object_cbarg);
678 OPENSSL_free(newname);
683 * Loading, local dispatcher
684 * -------------------------
687 static int file_load(void *loaderctx,
688 OSSL_CALLBACK *object_cb, void *object_cbarg,
689 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
691 struct file_ctx_st *ctx = loaderctx;
695 return file_load_file(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg);
698 file_load_dir_entry(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg);
703 /* ctx->type has an unexpected value */
709 * Eof detection and closing
710 * -------------------------
713 static int file_eof(void *loaderctx)
715 struct file_ctx_st *ctx = loaderctx;
719 return ctx->_.dir.end_reached;
722 * BIO_pending() checks any filter BIO.
723 * BIO_eof() checks the source BIO.
725 return !BIO_pending(ctx->_.file.file)
726 && BIO_eof(ctx->_.file.file);
729 /* ctx->type has an unexpected value */
734 static int file_close_dir(struct file_ctx_st *ctx)
736 if (ctx->_.dir.ctx != NULL)
737 OPENSSL_DIR_end(&ctx->_.dir.ctx);
742 static int file_close_stream(struct file_ctx_st *ctx)
745 * This frees either the provider BIO filter (for file_attach()) OR
746 * the allocated file BIO (for file_open()).
748 BIO_free(ctx->_.file.file);
749 ctx->_.file.file = NULL;
755 static int file_close(void *loaderctx)
757 struct file_ctx_st *ctx = loaderctx;
761 return file_close_dir(ctx);
763 return file_close_stream(ctx);
766 /* ctx->type has an unexpected value */
771 const OSSL_DISPATCH ossl_file_store_functions[] = {
772 { OSSL_FUNC_STORE_OPEN, (void (*)(void))file_open },
773 { OSSL_FUNC_STORE_ATTACH, (void (*)(void))file_attach },
774 { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS,
775 (void (*)(void))file_settable_ctx_params },
776 { OSSL_FUNC_STORE_SET_CTX_PARAMS, (void (*)(void))file_set_ctx_params },
777 { OSSL_FUNC_STORE_LOAD, (void (*)(void))file_load },
778 { OSSL_FUNC_STORE_EOF, (void (*)(void))file_eof },
779 { OSSL_FUNC_STORE_CLOSE, (void (*)(void))file_close },