OSSL_STORE: Add OSSL_STORE_vctrl()
[openssl.git] / crypto / store / store_lib.c
1 /*
2  * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 #include "e_os.h"
11 #include <stdlib.h>
12 #include <string.h>
13 #include <openssl/crypto.h>
14 #include <openssl/err.h>
15 #include <openssl/store.h>
16 #include "internal/thread_once.h"
17 #include "internal/store_int.h"
18 #include "store_locl.h"
19
20 struct ossl_store_ctx_st {
21     const OSSL_STORE_LOADER *loader;
22     OSSL_STORE_LOADER_CTX *loader_ctx;
23     const UI_METHOD *ui_method;
24     void *ui_data;
25     OSSL_STORE_post_process_info_fn post_process;
26     void *post_process_data;
27 };
28
29 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
30                                 void *ui_data,
31                                 OSSL_STORE_post_process_info_fn post_process,
32                                 void *post_process_data)
33 {
34     const OSSL_STORE_LOADER *loader = NULL;
35     OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
36     OSSL_STORE_CTX *ctx = NULL;
37     char scheme_copy[256], *p, *schemes[2];
38     size_t schemes_n = 0;
39     size_t i;
40
41     /*
42      * Put the file scheme first.  If the uri does represent an existing file,
43      * possible device name and all, then it should be loaded.  Only a failed
44      * attempt at loading a local file should have us try something else.
45      */
46     schemes[schemes_n++] = "file";
47
48     /*
49      * Now, check if we have something that looks like a scheme, and add it
50      * as a second scheme.  However, also check if there's an authority start
51      * (://), because that will invalidate the previous file scheme.  Also,
52      * check that this isn't actually the file scheme, as there's no point
53      * going through that one twice!
54      */
55     OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
56     if ((p = strchr(scheme_copy, ':')) != NULL) {
57         *p++ = '\0';
58         if (strcasecmp(scheme_copy, "file") != 0) {
59             if (strncmp(p, "//", 2) == 0)
60                 schemes_n--;         /* Invalidate the file scheme */
61             schemes[schemes_n++] = scheme_copy;
62         }
63     }
64
65     ERR_set_mark();
66
67     /* Try each scheme until we find one that could open the URI */
68     for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
69         if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
70             loader_ctx = loader->open(loader, uri, ui_method, ui_data);
71     }
72     if (loader_ctx == NULL)
73         goto err;
74
75     if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
76         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
77         goto err;
78     }
79
80     ctx->loader = loader;
81     ctx->loader_ctx = loader_ctx;
82     ctx->ui_method = ui_method;
83     ctx->ui_data = ui_data;
84     ctx->post_process = post_process;
85     ctx->post_process_data = post_process_data;
86
87     /*
88      * If the attempt to open with the 'file' scheme loader failed and the
89      * other scheme loader succeeded, the failure to open with the 'file'
90      * scheme loader leaves an error on the error stack.  Let's remove it.
91      */
92     ERR_pop_to_mark();
93
94     return ctx;
95
96  err:
97     ERR_clear_last_mark();
98     if (loader_ctx != NULL) {
99         /*
100          * We ignore a returned error because we will return NULL anyway in
101          * this case, so if something goes wrong when closing, that'll simply
102          * just add another entry on the error stack.
103          */
104         (void)loader->close(loader_ctx);
105     }
106     return NULL;
107 }
108
109 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
110 {
111     va_list args;
112     int ret;
113
114     va_start(args, cmd);
115     ret = OSSL_STORE_vctrl(ctx, cmd, args);
116     va_end(args);
117
118     return ret;
119 }
120
121 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
122 {
123     if (ctx->loader->ctrl != NULL)
124         return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
125     return 0;
126 }
127
128 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
129 {
130     OSSL_STORE_INFO *v = NULL;
131
132  again:
133     if (OSSL_STORE_eof(ctx))
134         return NULL;
135
136     v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
137
138     if (ctx->post_process != NULL && v != NULL) {
139         v = ctx->post_process(v, ctx->post_process_data);
140
141         /*
142          * By returning NULL, the callback decides that this object should
143          * be ignored.
144          */
145         if (v == NULL)
146             goto again;
147     }
148
149     return v;
150 }
151
152 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
153 {
154     return ctx->loader->error(ctx->loader_ctx);
155 }
156
157 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
158 {
159     return ctx->loader->eof(ctx->loader_ctx);
160 }
161
162 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
163 {
164     int loader_ret = ctx->loader->close(ctx->loader_ctx);
165
166     OPENSSL_free(ctx);
167     return loader_ret;
168 }
169
170 /*
171  * Functions to generate OSSL_STORE_INFOs, one function for each type we
172  * support having in them as well as a generic constructor.
173  *
174  * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
175  * and will therefore be freed when the OSSL_STORE_INFO is freed.
176  */
177 static OSSL_STORE_INFO *store_info_new(int type, void *data)
178 {
179     OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
180
181     if (info == NULL)
182         return NULL;
183
184     info->type = type;
185     info->_.data = data;
186     return info;
187 }
188
189 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
190 {
191     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
192
193     if (info == NULL) {
194         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
195                       ERR_R_MALLOC_FAILURE);
196         return NULL;
197     }
198
199     info->_.name.name = name;
200     info->_.name.desc = NULL;
201
202     return info;
203 }
204
205 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
206 {
207     if (info->type != OSSL_STORE_INFO_NAME) {
208         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
209                       ERR_R_PASSED_INVALID_ARGUMENT);
210         return 0;
211     }
212
213     info->_.name.desc = desc;
214
215     return 1;
216 }
217 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
218 {
219     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
220
221     if (info == NULL)
222         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
223                       ERR_R_MALLOC_FAILURE);
224     return info;
225 }
226
227 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
228 {
229     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
230
231     if (info == NULL)
232         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
233                       ERR_R_MALLOC_FAILURE);
234     return info;
235 }
236
237 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
238 {
239     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
240
241     if (info == NULL)
242         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
243                       ERR_R_MALLOC_FAILURE);
244     return info;
245 }
246
247 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
248 {
249     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
250
251     if (info == NULL)
252         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
253                       ERR_R_MALLOC_FAILURE);
254     return info;
255 }
256
257 /*
258  * Functions to try to extract data from a OSSL_STORE_INFO.
259  */
260 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
261 {
262     return info->type;
263 }
264
265 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
266 {
267     if (info->type == OSSL_STORE_INFO_NAME)
268         return info->_.name.name;
269     return NULL;
270 }
271
272 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
273 {
274     if (info->type == OSSL_STORE_INFO_NAME) {
275         char *ret = OPENSSL_strdup(info->_.name.name);
276
277         if (ret == NULL)
278             OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
279                           ERR_R_MALLOC_FAILURE);
280         return ret;
281     }
282     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
283                   OSSL_STORE_R_NOT_A_NAME);
284     return NULL;
285 }
286
287 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
288 {
289     if (info->type == OSSL_STORE_INFO_NAME)
290         return info->_.name.desc;
291     return NULL;
292 }
293
294 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
295 {
296     if (info->type == OSSL_STORE_INFO_NAME) {
297         char *ret = OPENSSL_strdup(info->_.name.desc
298                                    ? info->_.name.desc : "");
299
300         if (ret == NULL)
301             OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
302                      ERR_R_MALLOC_FAILURE);
303         return ret;
304     }
305     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
306                   OSSL_STORE_R_NOT_A_NAME);
307     return NULL;
308 }
309
310 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
311 {
312     if (info->type == OSSL_STORE_INFO_PARAMS)
313         return info->_.params;
314     return NULL;
315 }
316
317 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
318 {
319     if (info->type == OSSL_STORE_INFO_PARAMS) {
320         EVP_PKEY_up_ref(info->_.params);
321         return info->_.params;
322     }
323     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
324                   OSSL_STORE_R_NOT_PARAMETERS);
325     return NULL;
326 }
327
328 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
329 {
330     if (info->type == OSSL_STORE_INFO_PKEY)
331         return info->_.pkey;
332     return NULL;
333 }
334
335 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
336 {
337     if (info->type == OSSL_STORE_INFO_PKEY) {
338         EVP_PKEY_up_ref(info->_.pkey);
339         return info->_.pkey;
340     }
341     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
342                   OSSL_STORE_R_NOT_A_KEY);
343     return NULL;
344 }
345
346 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
347 {
348     if (info->type == OSSL_STORE_INFO_CERT)
349         return info->_.x509;
350     return NULL;
351 }
352
353 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
354 {
355     if (info->type == OSSL_STORE_INFO_CERT) {
356         X509_up_ref(info->_.x509);
357         return info->_.x509;
358     }
359     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
360                   OSSL_STORE_R_NOT_A_CERTIFICATE);
361     return NULL;
362 }
363
364 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
365 {
366     if (info->type == OSSL_STORE_INFO_CRL)
367         return info->_.crl;
368     return NULL;
369 }
370
371 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
372 {
373     if (info->type == OSSL_STORE_INFO_CRL) {
374         X509_CRL_up_ref(info->_.crl);
375         return info->_.crl;
376     }
377     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
378                   OSSL_STORE_R_NOT_A_CRL);
379     return NULL;
380 }
381
382 /*
383  * Free the OSSL_STORE_INFO
384  */
385 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
386 {
387     if (info != NULL) {
388         switch (info->type) {
389         case OSSL_STORE_INFO_EMBEDDED:
390             BUF_MEM_free(info->_.embedded.blob);
391             OPENSSL_free(info->_.embedded.pem_name);
392             break;
393         case OSSL_STORE_INFO_NAME:
394             OPENSSL_free(info->_.name.name);
395             OPENSSL_free(info->_.name.desc);
396             break;
397         case OSSL_STORE_INFO_PARAMS:
398             EVP_PKEY_free(info->_.params);
399             break;
400         case OSSL_STORE_INFO_PKEY:
401             EVP_PKEY_free(info->_.pkey);
402             break;
403         case OSSL_STORE_INFO_CERT:
404             X509_free(info->_.x509);
405             break;
406         case OSSL_STORE_INFO_CRL:
407             X509_CRL_free(info->_.crl);
408             break;
409         }
410         OPENSSL_free(info);
411     }
412 }
413
414 /* Internal functions */
415 OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
416                                               BUF_MEM *embedded)
417 {
418     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
419
420     if (info == NULL) {
421         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
422                       ERR_R_MALLOC_FAILURE);
423         return NULL;
424     }
425
426     info->_.embedded.blob = embedded;
427     info->_.embedded.pem_name =
428         new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
429
430     if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
431         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
432                       ERR_R_MALLOC_FAILURE);
433         OSSL_STORE_INFO_free(info);
434         info = NULL;
435     }
436
437     return info;
438 }
439
440 BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
441 {
442     if (info->type == OSSL_STORE_INFO_EMBEDDED)
443         return info->_.embedded.blob;
444     return NULL;
445 }
446
447 char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
448 {
449     if (info->type == OSSL_STORE_INFO_EMBEDDED)
450         return info->_.embedded.pem_name;
451     return NULL;
452 }
453
454 OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
455                                           void *ui_data)
456 {
457     OSSL_STORE_CTX *ctx = NULL;
458     const OSSL_STORE_LOADER *loader = NULL;
459     OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
460
461     if ((loader = ossl_store_get0_loader_int("file")) == NULL
462         || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
463         goto done;
464     if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
465         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
466                      ERR_R_MALLOC_FAILURE);
467         goto done;
468     }
469
470     ctx->loader = loader;
471     ctx->loader_ctx = loader_ctx;
472     loader_ctx = NULL;
473     ctx->ui_method = ui_method;
474     ctx->ui_data = ui_data;
475     ctx->post_process = NULL;
476     ctx->post_process_data = NULL;
477
478  done:
479     if (loader_ctx != NULL)
480         /*
481          * We ignore a returned error because we will return NULL anyway in
482          * this case, so if something goes wrong when closing, that'll simply
483          * just add another entry on the error stack.
484          */
485         (void)loader->close(loader_ctx);
486     return ctx;
487 }
488
489 int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
490 {
491     int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);
492
493     OPENSSL_free(ctx);
494     return loader_ret;
495 }