2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 /* We need to use some STORE deprecated APIs */
15 #define OPENSSL_SUPPRESS_DEPRECATED
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/trace.h>
22 #include <openssl/core_names.h>
23 #include <openssl/provider.h>
24 #include <openssl/param_build.h>
25 #include <openssl/store.h>
26 #include "internal/thread_once.h"
27 #include "internal/cryptlib.h"
28 #include "internal/provider.h"
29 #include "crypto/store.h"
30 #include "store_local.h"
32 static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
35 OSSL_STORE_open_with_libctx(const char *uri,
36 OPENSSL_CTX *libctx, const char *propq,
37 const UI_METHOD *ui_method, void *ui_data,
38 OSSL_STORE_post_process_info_fn post_process,
39 void *post_process_data)
41 const OSSL_STORE_LOADER *loader = NULL;
42 OSSL_STORE_LOADER *fetched_loader = NULL;
43 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
44 OSSL_STORE_CTX *ctx = NULL;
45 char *propq_copy = NULL;
46 char scheme_copy[256], *p, *schemes[2];
51 * Put the file scheme first. If the uri does represent an existing file,
52 * possible device name and all, then it should be loaded. Only a failed
53 * attempt at loading a local file should have us try something else.
55 schemes[schemes_n++] = "file";
58 * Now, check if we have something that looks like a scheme, and add it
59 * as a second scheme. However, also check if there's an authority start
60 * (://), because that will invalidate the previous file scheme. Also,
61 * check that this isn't actually the file scheme, as there's no point
62 * going through that one twice!
64 OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
65 if ((p = strchr(scheme_copy, ':')) != NULL) {
67 if (strcasecmp(scheme_copy, "file") != 0) {
68 if (strncmp(p, "//", 2) == 0)
69 schemes_n--; /* Invalidate the file scheme */
70 schemes[schemes_n++] = scheme_copy;
77 * Try each scheme until we find one that could open the URI.
79 * For each scheme, we look for the engine implementation first, and
80 * failing that, we then try to fetch a provided implementation.
81 * This is consistent with how we handle legacy / engine implementations
84 for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
85 OSSL_TRACE1(STORE, "Looking up scheme %s\n", schemes[i]);
86 #ifndef OPENSSL_NO_DEPRECATED_3_0
87 if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) {
88 if (loader->open_with_libctx != NULL)
89 loader_ctx = loader->open_with_libctx(loader, uri, libctx, propq,
92 loader_ctx = loader->open(loader, uri, ui_method, ui_data);
97 OSSL_STORE_LOADER_fetch(schemes[i], libctx, propq)) != NULL) {
98 const OSSL_PROVIDER *provider =
99 OSSL_STORE_LOADER_provider(fetched_loader);
100 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
102 loader_ctx = fetched_loader->p_open(provctx, uri);
103 if (loader_ctx == NULL) {
104 OSSL_STORE_LOADER_free(fetched_loader);
105 fetched_loader = NULL;
106 } else if (propq != NULL) {
107 OSSL_PARAM params[] = {
108 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
113 params[0].data = (void *)propq;
114 if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
115 (void)fetched_loader->p_close(loader_ctx);
116 OSSL_STORE_LOADER_free(fetched_loader);
117 fetched_loader = NULL;
120 loader = fetched_loader;
125 OSSL_TRACE1(STORE, "Found loader for scheme %s\n", schemes[i]);
127 if (loader_ctx == NULL)
130 OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
132 if ((propq != NULL && (propq_copy = OPENSSL_strdup(propq)) == NULL)
133 || (ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
134 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
138 if (ui_method != NULL
139 && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
140 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
143 ctx->properties = propq_copy;
144 ctx->fetched_loader = fetched_loader;
145 ctx->loader = loader;
146 ctx->loader_ctx = loader_ctx;
147 ctx->post_process = post_process;
148 ctx->post_process_data = post_process_data;
151 * If the attempt to open with the 'file' scheme loader failed and the
152 * other scheme loader succeeded, the failure to open with the 'file'
153 * scheme loader leaves an error on the error stack. Let's remove it.
160 ERR_clear_last_mark();
161 if (loader_ctx != NULL) {
163 * Temporary structure so OSSL_STORE_close() can work even when
164 * |ctx| couldn't be allocated properly
166 OSSL_STORE_CTX tmpctx = { NULL, };
168 tmpctx.fetched_loader = fetched_loader;
169 tmpctx.loader = loader;
170 tmpctx.loader_ctx = loader_ctx;
173 * We ignore a returned error because we will return NULL anyway in
174 * this case, so if something goes wrong when closing, that'll simply
175 * just add another entry on the error stack.
177 (void)ossl_store_close_it(&tmpctx);
179 OSSL_STORE_LOADER_free(fetched_loader);
180 OPENSSL_free(propq_copy);
184 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
185 const UI_METHOD *ui_method, void *ui_data,
186 OSSL_STORE_post_process_info_fn post_process,
187 void *post_process_data)
189 return OSSL_STORE_open_with_libctx(uri, NULL, NULL, ui_method, ui_data,
190 post_process, post_process_data);
193 #ifndef OPENSSL_NO_DEPRECATED_3_0
194 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
200 ret = OSSL_STORE_vctrl(ctx, cmd, args);
206 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
208 if (ctx->fetched_loader != NULL) {
209 if (ctx->fetched_loader->p_set_ctx_params != NULL) {
210 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
213 case OSSL_STORE_C_USE_SECMEM:
215 int on = *(va_arg(args, int *));
217 params[0] = OSSL_PARAM_construct_int("use_secmem", &on);
224 return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
227 } else if (ctx->loader->ctrl != NULL) {
228 return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
232 * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as
233 * if there was one that ignored our params, which usually returns 1.
239 int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
244 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
248 ctx->expected_type = expected_type;
249 if (ctx->fetched_loader != NULL
250 && ctx->fetched_loader->p_set_ctx_params != NULL) {
251 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
254 OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type);
255 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, params);
257 #ifndef OPENSSL_NO_DEPRECATED_3_0
258 if (ctx->fetched_loader == NULL
259 && ctx->loader->expect != NULL) {
260 ret = ctx->loader->expect(ctx->loader_ctx, expected_type);
266 int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search)
271 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
275 if (ctx->fetched_loader != NULL) {
278 /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/
279 void *name_der = NULL;
281 /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
282 BIGNUM *number = NULL;
284 if (ctx->fetched_loader->p_set_ctx_params == NULL) {
285 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
289 if ((bld = OSSL_PARAM_BLD_new()) == NULL) {
290 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
294 ret = 0; /* Assume the worst */
296 switch (search->search_type) {
297 case OSSL_STORE_SEARCH_BY_NAME:
298 if ((name_der_sz = i2d_X509_NAME(search->name,
299 (unsigned char **)&name_der)) > 0
300 && OSSL_PARAM_BLD_push_octet_string(bld,
301 OSSL_STORE_PARAM_SUBJECT,
302 name_der, name_der_sz))
305 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
306 if ((name_der_sz = i2d_X509_NAME(search->name,
307 (unsigned char **)&name_der)) > 0
308 && (number = ASN1_INTEGER_to_BN(search->serial, NULL)) != NULL
309 && OSSL_PARAM_BLD_push_octet_string(bld,
310 OSSL_STORE_PARAM_ISSUER,
311 name_der, name_der_sz)
312 && OSSL_PARAM_BLD_push_BN(bld, OSSL_STORE_PARAM_SERIAL,
316 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
317 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST,
318 EVP_MD_name(search->digest), 0)
319 && OSSL_PARAM_BLD_push_octet_string(bld,
320 OSSL_STORE_PARAM_FINGERPRINT,
322 search->stringlength))
325 case OSSL_STORE_SEARCH_BY_ALIAS:
326 if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_ALIAS,
327 (char *)search->string,
328 search->stringlength))
333 params = OSSL_PARAM_BLD_to_param(bld);
334 ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
336 OSSL_PARAM_BLD_free_params(params);
338 OSSL_PARAM_BLD_free(bld);
339 OPENSSL_free(name_der);
342 #ifndef OPENSSL_NO_DEPRECATED_3_0
343 /* legacy loader section */
344 if (ctx->loader->find == NULL) {
345 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION);
348 ret = ctx->loader->find(ctx->loader_ctx, search);
355 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
357 OSSL_STORE_INFO *v = NULL;
361 if (OSSL_STORE_eof(ctx))
364 if (ctx->loader != NULL)
365 OSSL_TRACE(STORE, "Loading next object\n");
367 if (ctx->cached_info != NULL
368 && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
369 sk_OSSL_STORE_INFO_free(ctx->cached_info);
370 ctx->cached_info = NULL;
373 if (ctx->cached_info != NULL) {
374 v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
376 if (ctx->fetched_loader != NULL) {
377 struct ossl_load_result_data_st load_data;
382 if (!ctx->fetched_loader->p_load(ctx->loader_ctx,
383 ossl_store_handle_load_result,
385 ossl_pw_passphrase_callback_dec,
387 if (!OSSL_STORE_eof(ctx))
393 #ifndef OPENSSL_NO_DEPRECATED_3_0
394 if (ctx->fetched_loader == NULL)
395 v = ctx->loader->load(ctx->loader_ctx,
396 ctx->pwdata._.ui_method.ui_method,
397 ctx->pwdata._.ui_method.ui_method_data);
401 if (ctx->post_process != NULL && v != NULL) {
402 v = ctx->post_process(v, ctx->post_process_data);
405 * By returning NULL, the callback decides that this object should
412 if (v != NULL && ctx->expected_type != 0) {
413 int returned_type = OSSL_STORE_INFO_get_type(v);
415 if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
416 if (ctx->expected_type != returned_type) {
417 OSSL_STORE_INFO_free(v);
424 OSSL_TRACE1(STORE, "Got a %s\n",
425 OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v)));
430 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
434 if (ctx->fetched_loader != NULL)
435 ret = ctx->error_flag;
436 #ifndef OPENSSL_NO_DEPRECATED_3_0
437 if (ctx->fetched_loader == NULL)
438 ret = ctx->loader->error(ctx->loader_ctx);
443 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
447 if (ctx->fetched_loader != NULL)
448 ret = ctx->loader->p_eof(ctx->loader_ctx);
449 #ifndef OPENSSL_NO_DEPRECATED_3_0
450 if (ctx->fetched_loader == NULL)
451 ret = ctx->loader->eof(ctx->loader_ctx);
456 static int ossl_store_close_it(OSSL_STORE_CTX *ctx)
462 OSSL_TRACE1(STORE, "Closing %p\n", (void *)ctx->loader_ctx);
464 if (ctx->fetched_loader != NULL)
465 ret = ctx->loader->p_close(ctx->loader_ctx);
466 #ifndef OPENSSL_NO_DEPRECATED_3_0
467 if (ctx->fetched_loader == NULL)
468 ret = ctx->loader->close(ctx->loader_ctx);
471 sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free);
472 OSSL_STORE_LOADER_free(ctx->fetched_loader);
473 OPENSSL_free(ctx->properties);
474 ossl_pw_clear_passphrase_data(&ctx->pwdata);
478 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
480 int ret = ossl_store_close_it(ctx);
487 * Functions to generate OSSL_STORE_INFOs, one function for each type we
488 * support having in them as well as a generic constructor.
490 * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
491 * and will therefore be freed when the OSSL_STORE_INFO is freed.
493 OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data)
495 OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
505 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
507 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL);
510 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
514 info->_.name.name = name;
515 info->_.name.desc = NULL;
520 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
522 if (info->type != OSSL_STORE_INFO_NAME) {
523 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
527 info->_.name.desc = desc;
531 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
533 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params);
536 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
540 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
542 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey);
545 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
549 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
551 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey);
554 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
558 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
560 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509);
563 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
567 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
569 OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl);
572 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
577 * Functions to try to extract data from a OSSL_STORE_INFO.
579 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
584 void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info)
586 if (info->type == type)
591 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
593 if (info->type == OSSL_STORE_INFO_NAME)
594 return info->_.name.name;
598 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
600 if (info->type == OSSL_STORE_INFO_NAME) {
601 char *ret = OPENSSL_strdup(info->_.name.name);
604 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
607 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
611 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
613 if (info->type == OSSL_STORE_INFO_NAME)
614 return info->_.name.desc;
618 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
620 if (info->type == OSSL_STORE_INFO_NAME) {
621 char *ret = OPENSSL_strdup(info->_.name.desc
622 ? info->_.name.desc : "");
625 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
628 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME);
632 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
634 if (info->type == OSSL_STORE_INFO_PARAMS)
635 return info->_.params;
639 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
641 if (info->type == OSSL_STORE_INFO_PARAMS) {
642 EVP_PKEY_up_ref(info->_.params);
643 return info->_.params;
645 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS);
649 EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info)
651 if (info->type == OSSL_STORE_INFO_PUBKEY)
652 return info->_.pubkey;
656 EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info)
658 if (info->type == OSSL_STORE_INFO_PUBKEY) {
659 EVP_PKEY_up_ref(info->_.pubkey);
660 return info->_.pubkey;
662 OSSL_STOREerr(0, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
666 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
668 if (info->type == OSSL_STORE_INFO_PKEY)
673 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
675 if (info->type == OSSL_STORE_INFO_PKEY) {
676 EVP_PKEY_up_ref(info->_.pkey);
679 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PRIVATE_KEY);
683 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
685 if (info->type == OSSL_STORE_INFO_CERT)
690 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
692 if (info->type == OSSL_STORE_INFO_CERT) {
693 X509_up_ref(info->_.x509);
696 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE);
700 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
702 if (info->type == OSSL_STORE_INFO_CRL)
707 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
709 if (info->type == OSSL_STORE_INFO_CRL) {
710 X509_CRL_up_ref(info->_.crl);
713 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL);
718 * Free the OSSL_STORE_INFO
720 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
723 switch (info->type) {
724 case OSSL_STORE_INFO_NAME:
725 OPENSSL_free(info->_.name.name);
726 OPENSSL_free(info->_.name.desc);
728 case OSSL_STORE_INFO_PARAMS:
729 EVP_PKEY_free(info->_.params);
731 case OSSL_STORE_INFO_PUBKEY:
732 EVP_PKEY_free(info->_.pubkey);
734 case OSSL_STORE_INFO_PKEY:
735 EVP_PKEY_free(info->_.pkey);
737 case OSSL_STORE_INFO_CERT:
738 X509_free(info->_.x509);
740 case OSSL_STORE_INFO_CRL:
741 X509_CRL_free(info->_.crl);
748 int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
752 if (ctx->fetched_loader != NULL) {
754 ossl_provider_ctx(OSSL_STORE_LOADER_provider(ctx->fetched_loader));
755 const OSSL_PARAM *params;
756 const OSSL_PARAM *p_subject = NULL;
757 const OSSL_PARAM *p_issuer = NULL;
758 const OSSL_PARAM *p_serial = NULL;
759 const OSSL_PARAM *p_fingerprint = NULL;
760 const OSSL_PARAM *p_alias = NULL;
762 if (ctx->fetched_loader->p_settable_ctx_params == NULL)
765 params = ctx->fetched_loader->p_settable_ctx_params(provctx);
766 p_subject = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
767 p_issuer = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ISSUER);
768 p_serial = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SERIAL);
770 OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT);
771 p_alias = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ALIAS);
773 switch (search_type) {
774 case OSSL_STORE_SEARCH_BY_NAME:
775 ret = (p_subject != NULL);
777 case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
778 ret = (p_issuer != NULL && p_serial != NULL);
780 case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
781 ret = (p_fingerprint != NULL);
783 case OSSL_STORE_SEARCH_BY_ALIAS:
784 ret = (p_alias != NULL);
788 #ifndef OPENSSL_NO_DEPRECATED_3_0
789 if (ctx->fetched_loader == NULL) {
790 OSSL_STORE_SEARCH tmp_search;
792 if (ctx->loader->find == NULL)
794 tmp_search.search_type = search_type;
795 ret = ctx->loader->find(NULL, &tmp_search);
801 /* Search term constructors */
802 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
804 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
806 if (search == NULL) {
807 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
811 search->search_type = OSSL_STORE_SEARCH_BY_NAME;
816 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
817 const ASN1_INTEGER *serial)
819 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
821 if (search == NULL) {
822 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
826 search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
828 search->serial = serial;
832 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
836 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
838 if (search == NULL) {
839 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
843 if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
844 ERR_raise_data(ERR_LIB_OSSL_STORE,
845 OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
846 "%s size is %d, fingerprint size is %zu",
847 EVP_MD_name(digest), EVP_MD_size(digest), len);
851 search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
852 search->digest = digest;
853 search->string = bytes;
854 search->stringlength = len;
858 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
860 OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
862 if (search == NULL) {
863 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
867 search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
868 search->string = (const unsigned char *)alias;
869 search->stringlength = strlen(alias);
873 /* Search term destructor */
874 void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
876 OPENSSL_free(search);
879 /* Search term accessors */
880 int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
882 return criterion->search_type;
885 X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion)
887 return criterion->name;
890 const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
893 return criterion->serial;
896 const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
897 *criterion, size_t *length)
899 *length = criterion->stringlength;
900 return criterion->string;
903 const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
905 return (const char *)criterion->string;
908 const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
910 return criterion->digest;
913 OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
914 OPENSSL_CTX *libctx, const char *propq,
915 const UI_METHOD *ui_method, void *ui_data,
916 OSSL_STORE_post_process_info_fn post_process,
917 void *post_process_data)
919 const OSSL_STORE_LOADER *loader = NULL;
920 OSSL_STORE_LOADER *fetched_loader = NULL;
921 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
922 OSSL_STORE_CTX *ctx = NULL;
927 OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme);
928 #ifndef OPENSSL_NO_DEPRECATED_3_0
929 if ((loader = ossl_store_get0_loader_int(scheme)) != NULL)
930 loader_ctx = loader->attach(loader, bp, libctx, propq,
935 OSSL_STORE_LOADER_fetch(scheme, libctx, propq)) != NULL) {
936 const OSSL_PROVIDER *provider =
937 OSSL_STORE_LOADER_provider(fetched_loader);
938 void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
941 fetched_loader->p_attach(provctx, (OSSL_CORE_BIO *)bp)) == NULL) {
942 OSSL_STORE_LOADER_free(fetched_loader);
943 fetched_loader = NULL;
944 } else if (propq != NULL) {
945 OSSL_PARAM params[] = {
946 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
951 params[0].data = (void *)propq;
952 if (!fetched_loader->p_set_ctx_params(loader_ctx, params)) {
953 (void)fetched_loader->p_close(loader_ctx);
954 OSSL_STORE_LOADER_free(fetched_loader);
955 fetched_loader = NULL;
958 loader = fetched_loader;
961 if (loader_ctx == NULL)
964 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
965 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
969 if (ui_method != NULL
970 && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) {
974 ctx->fetched_loader = fetched_loader;
975 ctx->loader = loader;
976 ctx->loader_ctx = loader_ctx;
977 ctx->post_process = post_process;
978 ctx->post_process_data = post_process_data;