2 * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
17 #include <openssl/crypto.h>
18 #include <openssl/err.h>
19 #include <openssl/store.h>
20 #include "internal/thread_once.h"
21 #include "internal/store_int.h"
22 #include "store_locl.h"
24 struct ossl_store_ctx_st {
25 const OSSL_STORE_LOADER *loader;
26 OSSL_STORE_LOADER_CTX *loader_ctx;
27 const UI_METHOD *ui_method;
29 OSSL_STORE_post_process_info_fn post_process;
30 void *post_process_data;
33 /* 0 before the first STORE_load(), 1 otherwise */
37 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
39 OSSL_STORE_post_process_info_fn post_process,
40 void *post_process_data)
42 const OSSL_STORE_LOADER *loader = NULL;
43 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
44 OSSL_STORE_CTX *ctx = NULL;
45 char scheme_copy[256], *p, *schemes[2];
50 * Put the file scheme first. If the uri does represent an existing file,
51 * possible device name and all, then it should be loaded. Only a failed
52 * attempt at loading a local file should have us try something else.
54 schemes[schemes_n++] = "file";
57 * Now, check if we have something that looks like a scheme, and add it
58 * as a second scheme. However, also check if there's an authority start
59 * (://), because that will invalidate the previous file scheme. Also,
60 * check that this isn't actually the file scheme, as there's no point
61 * going through that one twice!
63 OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
64 if ((p = strchr(scheme_copy, ':')) != NULL) {
66 if (strcasecmp(scheme_copy, "file") != 0) {
67 if (strncmp(p, "//", 2) == 0)
68 schemes_n--; /* Invalidate the file scheme */
69 schemes[schemes_n++] = scheme_copy;
75 /* Try each scheme until we find one that could open the URI */
76 for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
77 if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
78 loader_ctx = loader->open(loader, uri, ui_method, ui_data);
80 if (loader_ctx == NULL)
83 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
84 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
89 ctx->loader_ctx = loader_ctx;
90 ctx->ui_method = ui_method;
91 ctx->ui_data = ui_data;
92 ctx->post_process = post_process;
93 ctx->post_process_data = post_process_data;
96 * If the attempt to open with the 'file' scheme loader failed and the
97 * other scheme loader succeeded, the failure to open with the 'file'
98 * scheme loader leaves an error on the error stack. Let's remove it.
105 ERR_clear_last_mark();
106 if (loader_ctx != NULL) {
108 * We ignore a returned error because we will return NULL anyway in
109 * this case, so if something goes wrong when closing, that'll simply
110 * just add another entry on the error stack.
112 (void)loader->close(loader_ctx);
117 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
123 ret = OSSL_STORE_vctrl(ctx, cmd, args);
129 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
131 if (ctx->loader->ctrl != NULL)
132 return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
136 int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
139 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_EXPECT,
140 OSSL_STORE_R_LOADING_STARTED);
144 ctx->expected_type = expected_type;
145 if (ctx->loader->expect != NULL)
146 return ctx->loader->expect(ctx->loader_ctx, expected_type);
150 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
152 OSSL_STORE_INFO *v = NULL;
156 if (OSSL_STORE_eof(ctx))
159 v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
161 if (ctx->post_process != NULL && v != NULL) {
162 v = ctx->post_process(v, ctx->post_process_data);
165 * By returning NULL, the callback decides that this object should
172 if (v != NULL && ctx->expected_type != 0) {
173 int returned_type = OSSL_STORE_INFO_get_type(v);
175 if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
177 * Soft assert here so those who want to harsly weed out faulty
178 * loaders can do so using a debugging version of libcrypto.
180 if (ctx->loader->expect != NULL)
181 assert(ctx->expected_type == returned_type);
183 if (ctx->expected_type != returned_type) {
184 OSSL_STORE_INFO_free(v);
193 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
195 return ctx->loader->error(ctx->loader_ctx);
198 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
200 return ctx->loader->eof(ctx->loader_ctx);
203 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
205 int loader_ret = ctx->loader->close(ctx->loader_ctx);
212 * Functions to generate OSSL_STORE_INFOs, one function for each type we
213 * support having in them as well as a generic constructor.
215 * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
216 * and will therefore be freed when the OSSL_STORE_INFO is freed.
218 static OSSL_STORE_INFO *store_info_new(int type, void *data)
220 OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
230 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
232 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
235 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
236 ERR_R_MALLOC_FAILURE);
240 info->_.name.name = name;
241 info->_.name.desc = NULL;
246 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
248 if (info->type != OSSL_STORE_INFO_NAME) {
249 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
250 ERR_R_PASSED_INVALID_ARGUMENT);
254 info->_.name.desc = desc;
258 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
260 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
263 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
264 ERR_R_MALLOC_FAILURE);
268 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
270 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
273 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
274 ERR_R_MALLOC_FAILURE);
278 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
280 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
283 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
284 ERR_R_MALLOC_FAILURE);
288 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
290 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
293 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
294 ERR_R_MALLOC_FAILURE);
299 * Functions to try to extract data from a OSSL_STORE_INFO.
301 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
306 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
308 if (info->type == OSSL_STORE_INFO_NAME)
309 return info->_.name.name;
313 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
315 if (info->type == OSSL_STORE_INFO_NAME) {
316 char *ret = OPENSSL_strdup(info->_.name.name);
319 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
320 ERR_R_MALLOC_FAILURE);
323 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
324 OSSL_STORE_R_NOT_A_NAME);
328 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
330 if (info->type == OSSL_STORE_INFO_NAME)
331 return info->_.name.desc;
335 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
337 if (info->type == OSSL_STORE_INFO_NAME) {
338 char *ret = OPENSSL_strdup(info->_.name.desc
339 ? info->_.name.desc : "");
342 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
343 ERR_R_MALLOC_FAILURE);
346 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
347 OSSL_STORE_R_NOT_A_NAME);
351 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
353 if (info->type == OSSL_STORE_INFO_PARAMS)
354 return info->_.params;
358 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
360 if (info->type == OSSL_STORE_INFO_PARAMS) {
361 EVP_PKEY_up_ref(info->_.params);
362 return info->_.params;
364 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
365 OSSL_STORE_R_NOT_PARAMETERS);
369 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
371 if (info->type == OSSL_STORE_INFO_PKEY)
376 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
378 if (info->type == OSSL_STORE_INFO_PKEY) {
379 EVP_PKEY_up_ref(info->_.pkey);
382 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
383 OSSL_STORE_R_NOT_A_KEY);
387 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
389 if (info->type == OSSL_STORE_INFO_CERT)
394 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
396 if (info->type == OSSL_STORE_INFO_CERT) {
397 X509_up_ref(info->_.x509);
400 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
401 OSSL_STORE_R_NOT_A_CERTIFICATE);
405 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
407 if (info->type == OSSL_STORE_INFO_CRL)
412 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
414 if (info->type == OSSL_STORE_INFO_CRL) {
415 X509_CRL_up_ref(info->_.crl);
418 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
419 OSSL_STORE_R_NOT_A_CRL);
424 * Free the OSSL_STORE_INFO
426 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
429 switch (info->type) {
430 case OSSL_STORE_INFO_EMBEDDED:
431 BUF_MEM_free(info->_.embedded.blob);
432 OPENSSL_free(info->_.embedded.pem_name);
434 case OSSL_STORE_INFO_NAME:
435 OPENSSL_free(info->_.name.name);
436 OPENSSL_free(info->_.name.desc);
438 case OSSL_STORE_INFO_PARAMS:
439 EVP_PKEY_free(info->_.params);
441 case OSSL_STORE_INFO_PKEY:
442 EVP_PKEY_free(info->_.pkey);
444 case OSSL_STORE_INFO_CERT:
445 X509_free(info->_.x509);
447 case OSSL_STORE_INFO_CRL:
448 X509_CRL_free(info->_.crl);
455 /* Internal functions */
456 OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
459 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
462 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
463 ERR_R_MALLOC_FAILURE);
467 info->_.embedded.blob = embedded;
468 info->_.embedded.pem_name =
469 new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
471 if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
472 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
473 ERR_R_MALLOC_FAILURE);
474 OSSL_STORE_INFO_free(info);
481 BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
483 if (info->type == OSSL_STORE_INFO_EMBEDDED)
484 return info->_.embedded.blob;
488 char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
490 if (info->type == OSSL_STORE_INFO_EMBEDDED)
491 return info->_.embedded.pem_name;
495 OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
498 OSSL_STORE_CTX *ctx = NULL;
499 const OSSL_STORE_LOADER *loader = NULL;
500 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
502 if ((loader = ossl_store_get0_loader_int("file")) == NULL
503 || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
505 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
506 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
507 ERR_R_MALLOC_FAILURE);
511 ctx->loader = loader;
512 ctx->loader_ctx = loader_ctx;
514 ctx->ui_method = ui_method;
515 ctx->ui_data = ui_data;
516 ctx->post_process = NULL;
517 ctx->post_process_data = NULL;
520 if (loader_ctx != NULL)
522 * We ignore a returned error because we will return NULL anyway in
523 * this case, so if something goes wrong when closing, that'll simply
524 * just add another entry on the error stack.
526 (void)loader->close(loader_ctx);
530 int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
532 int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);