crypto/store/store_lib.c

   1 /*
   2  * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include "e_os.h"
  11 #include <stdlib.h>
  12 #include <string.h>
  13 #include <openssl/crypto.h>
  14 #include <openssl/err.h>
  15 #include <openssl/store.h>
  16 #include "internal/thread_once.h"
  17 #include "internal/store_int.h"
  18 #include "store_locl.h"
  19
  20 struct ossl_store_ctx_st {
  21     const OSSL_STORE_LOADER *loader;
  22     OSSL_STORE_LOADER_CTX *loader_ctx;
  23     const UI_METHOD *ui_method;
  24     void *ui_data;
  25     OSSL_STORE_post_process_info_fn post_process;
  26     void *post_process_data;
  27 };
  28
  29 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
  30                                 void *ui_data,
  31                                 OSSL_STORE_post_process_info_fn post_process,
  32                                 void *post_process_data)
  33 {
  34     const OSSL_STORE_LOADER *loader = NULL;
  35     OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
  36     OSSL_STORE_CTX *ctx = NULL;
  37     char scheme_copy[256], *p, *schemes[2];
  38     size_t schemes_n = 0;
  39     size_t i;
  40
  41     /*
  42      * Put the file scheme first.  If the uri does represent an existing file,
  43      * possible device name and all, then it should be loaded.  Only a failed
  44      * attempt at loading a local file should have us try something else.
  45      */
  46     schemes[schemes_n++] = "file";
  47
  48     /*
  49      * Now, check if we have something that looks like a scheme, and add it
  50      * as a second scheme.  However, also check if there's an authority start
  51      * (://), because that will invalidate the previous file scheme.  Also,
  52      * check that this isn't actually the file scheme, as there's no point
  53      * going through that one twice!
  54      */
  55     OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
  56     if ((p = strchr(scheme_copy, ':')) != NULL) {
  57         *p++ = '\0';
  58         if (strcasecmp(scheme_copy, "file") != 0) {
  59             if (strncmp(p, "//", 2) == 0)
  60                 schemes_n--;         /* Invalidate the file scheme */
  61             schemes[schemes_n++] = scheme_copy;
  62         }
  63     }
  64
  65     ERR_set_mark();
  66
  67     /* Try each scheme until we find one that could open the URI */
  68     for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
  69         if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
  70             loader_ctx = loader->open(loader, uri, ui_method, ui_data);
  71     }
  72     if (loader_ctx == NULL)
  73         goto err;
  74
  75     if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
  76         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
  77         goto err;
  78     }
  79
  80     ctx->loader = loader;
  81     ctx->loader_ctx = loader_ctx;
  82     ctx->ui_method = ui_method;
  83     ctx->ui_data = ui_data;
  84     ctx->post_process = post_process;
  85     ctx->post_process_data = post_process_data;
  86
  87     /*
  88      * If the attempt to open with the 'file' scheme loader failed and the
  89      * other scheme loader succeeded, the failure to open with the 'file'
  90      * scheme loader leaves an error on the error stack.  Let's remove it.
  91      */
  92     ERR_pop_to_mark();
  93
  94     return ctx;
  95
  96  err:
  97     ERR_clear_last_mark();
  98     if (loader_ctx != NULL) {
  99         /*
 100          * We ignore a returned error because we will return NULL anyway in
 101          * this case, so if something goes wrong when closing, that'll simply
 102          * just add another entry on the error stack.
 103          */
 104         (void)loader->close(loader_ctx);
 105     }
 106     return NULL;
 107 }
 108
 109 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
 110 {
 111     va_list args;
 112     int ret = 0;
 113
 114     va_start(args, cmd);
 115     if (ctx->loader->ctrl != NULL)
 116         ret = ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
 117     va_end(args);
 118
 119     return ret;
 120 }
 121
 122 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
 123 {
 124     OSSL_STORE_INFO *v = NULL;
 125
 126  again:
 127     if (OSSL_STORE_eof(ctx))
 128         return NULL;
 129
 130     v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
 131
 132     if (ctx->post_process != NULL && v != NULL) {
 133         v = ctx->post_process(v, ctx->post_process_data);
 134
 135         /*
 136          * By returning NULL, the callback decides that this object should
 137          * be ignored.
 138          */
 139         if (v == NULL)
 140             goto again;
 141     }
 142
 143     return v;
 144 }
 145
 146 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
 147 {
 148     return ctx->loader->error(ctx->loader_ctx);
 149 }
 150
 151 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
 152 {
 153     return ctx->loader->eof(ctx->loader_ctx);
 154 }
 155
 156 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
 157 {
 158     int loader_ret = ctx->loader->close(ctx->loader_ctx);
 159
 160     OPENSSL_free(ctx);
 161     return loader_ret;
 162 }
 163
 164 /*
 165  * Functions to generate OSSL_STORE_INFOs, one function for each type we
 166  * support having in them as well as a generic constructor.
 167  *
 168  * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
 169  * and will therefore be freed when the OSSL_STORE_INFO is freed.
 170  */
 171 static OSSL_STORE_INFO *store_info_new(int type, void *data)
 172 {
 173     OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
 174
 175     if (info == NULL)
 176         return NULL;
 177
 178     info->type = type;
 179     info->_.data = data;
 180     return info;
 181 }
 182
 183 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
 184 {
 185     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
 186
 187     if (info == NULL) {
 188         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
 189                       ERR_R_MALLOC_FAILURE);
 190         return NULL;
 191     }
 192
 193     info->_.name.name = name;
 194     info->_.name.desc = NULL;
 195
 196     return info;
 197 }
 198
 199 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
 200 {
 201     if (info->type != OSSL_STORE_INFO_NAME) {
 202         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
 203                       ERR_R_PASSED_INVALID_ARGUMENT);
 204         return 0;
 205     }
 206
 207     info->_.name.desc = desc;
 208
 209     return 1;
 210 }
 211 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
 212 {
 213     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
 214
 215     if (info == NULL)
 216         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
 217                       ERR_R_MALLOC_FAILURE);
 218     return info;
 219 }
 220
 221 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
 222 {
 223     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
 224
 225     if (info == NULL)
 226         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
 227                       ERR_R_MALLOC_FAILURE);
 228     return info;
 229 }
 230
 231 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
 232 {
 233     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
 234
 235     if (info == NULL)
 236         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
 237                       ERR_R_MALLOC_FAILURE);
 238     return info;
 239 }
 240
 241 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
 242 {
 243     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
 244
 245     if (info == NULL)
 246         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
 247                       ERR_R_MALLOC_FAILURE);
 248     return info;
 249 }
 250
 251 /*
 252  * Functions to try to extract data from a OSSL_STORE_INFO.
 253  */
 254 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
 255 {
 256     return info->type;
 257 }
 258
 259 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
 260 {
 261     if (info->type == OSSL_STORE_INFO_NAME)
 262         return info->_.name.name;
 263     return NULL;
 264 }
 265
 266 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
 267 {
 268     if (info->type == OSSL_STORE_INFO_NAME) {
 269         char *ret = OPENSSL_strdup(info->_.name.name);
 270
 271         if (ret == NULL)
 272             OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
 273                           ERR_R_MALLOC_FAILURE);
 274         return ret;
 275     }
 276     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
 277                   OSSL_STORE_R_NOT_A_NAME);
 278     return NULL;
 279 }
 280
 281 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
 282 {
 283     if (info->type == OSSL_STORE_INFO_NAME)
 284         return info->_.name.desc;
 285     return NULL;
 286 }
 287
 288 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
 289 {
 290     if (info->type == OSSL_STORE_INFO_NAME) {
 291         char *ret = OPENSSL_strdup(info->_.name.desc
 292                                    ? info->_.name.desc : "");
 293
 294         if (ret == NULL)
 295             OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
 296                      ERR_R_MALLOC_FAILURE);
 297         return ret;
 298     }
 299     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
 300                   OSSL_STORE_R_NOT_A_NAME);
 301     return NULL;
 302 }
 303
 304 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
 305 {
 306     if (info->type == OSSL_STORE_INFO_PARAMS)
 307         return info->_.params;
 308     return NULL;
 309 }
 310
 311 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
 312 {
 313     if (info->type == OSSL_STORE_INFO_PARAMS) {
 314         EVP_PKEY_up_ref(info->_.params);
 315         return info->_.params;
 316     }
 317     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
 318                   OSSL_STORE_R_NOT_PARAMETERS);
 319     return NULL;
 320 }
 321
 322 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
 323 {
 324     if (info->type == OSSL_STORE_INFO_PKEY)
 325         return info->_.pkey;
 326     return NULL;
 327 }
 328
 329 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
 330 {
 331     if (info->type == OSSL_STORE_INFO_PKEY) {
 332         EVP_PKEY_up_ref(info->_.pkey);
 333         return info->_.pkey;
 334     }
 335     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
 336                   OSSL_STORE_R_NOT_A_KEY);
 337     return NULL;
 338 }
 339
 340 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
 341 {
 342     if (info->type == OSSL_STORE_INFO_CERT)
 343         return info->_.x509;
 344     return NULL;
 345 }
 346
 347 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
 348 {
 349     if (info->type == OSSL_STORE_INFO_CERT) {
 350         X509_up_ref(info->_.x509);
 351         return info->_.x509;
 352     }
 353     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
 354                   OSSL_STORE_R_NOT_A_CERTIFICATE);
 355     return NULL;
 356 }
 357
 358 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
 359 {
 360     if (info->type == OSSL_STORE_INFO_CRL)
 361         return info->_.crl;
 362     return NULL;
 363 }
 364
 365 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
 366 {
 367     if (info->type == OSSL_STORE_INFO_CRL) {
 368         X509_CRL_up_ref(info->_.crl);
 369         return info->_.crl;
 370     }
 371     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
 372                   OSSL_STORE_R_NOT_A_CRL);
 373     return NULL;
 374 }
 375
 376 /*
 377  * Free the OSSL_STORE_INFO
 378  */
 379 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
 380 {
 381     if (info != NULL) {
 382         switch (info->type) {
 383         case OSSL_STORE_INFO_EMBEDDED:
 384             BUF_MEM_free(info->_.embedded.blob);
 385             OPENSSL_free(info->_.embedded.pem_name);
 386             break;
 387         case OSSL_STORE_INFO_NAME:
 388             OPENSSL_free(info->_.name.name);
 389             OPENSSL_free(info->_.name.desc);
 390             break;
 391         case OSSL_STORE_INFO_PARAMS:
 392             EVP_PKEY_free(info->_.params);
 393             break;
 394         case OSSL_STORE_INFO_PKEY:
 395             EVP_PKEY_free(info->_.pkey);
 396             break;
 397         case OSSL_STORE_INFO_CERT:
 398             X509_free(info->_.x509);
 399             break;
 400         case OSSL_STORE_INFO_CRL:
 401             X509_CRL_free(info->_.crl);
 402             break;
 403         }
 404         OPENSSL_free(info);
 405     }
 406 }
 407
 408 /* Internal functions */
 409 OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
 410                                               BUF_MEM *embedded)
 411 {
 412     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
 413
 414     if (info == NULL) {
 415         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
 416                       ERR_R_MALLOC_FAILURE);
 417         return NULL;
 418     }
 419
 420     info->_.embedded.blob = embedded;
 421     info->_.embedded.pem_name =
 422         new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
 423
 424     if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
 425         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
 426                       ERR_R_MALLOC_FAILURE);
 427         OSSL_STORE_INFO_free(info);
 428         info = NULL;
 429     }
 430
 431     return info;
 432 }
 433
 434 BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
 435 {
 436     if (info->type == OSSL_STORE_INFO_EMBEDDED)
 437         return info->_.embedded.blob;
 438     return NULL;
 439 }
 440
 441 char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
 442 {
 443     if (info->type == OSSL_STORE_INFO_EMBEDDED)
 444         return info->_.embedded.pem_name;
 445     return NULL;
 446 }
 447
 448 OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
 449                                           void *ui_data)
 450 {
 451     OSSL_STORE_CTX *ctx = NULL;
 452     const OSSL_STORE_LOADER *loader = NULL;
 453     OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
 454
 455     if ((loader = ossl_store_get0_loader_int("file")) == NULL
 456         || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
 457         goto done;
 458     if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
 459         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
 460                      ERR_R_MALLOC_FAILURE);
 461         goto done;
 462     }
 463
 464     ctx->loader = loader;
 465     ctx->loader_ctx = loader_ctx;
 466     loader_ctx = NULL;
 467     ctx->ui_method = ui_method;
 468     ctx->ui_data = ui_data;
 469     ctx->post_process = NULL;
 470     ctx->post_process_data = NULL;
 471
 472  done:
 473     if (loader_ctx != NULL)
 474         /*
 475          * We ignore a returned error because we will return NULL anyway in
 476          * this case, so if something goes wrong when closing, that'll simply
 477          * just add another entry on the error stack.
 478          */
 479         (void)loader->close(loader_ctx);
 480     return ctx;
 481 }
 482
 483 int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
 484 {
 485     int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);
 486
 487     OPENSSL_free(ctx);
 488     return loader_ret;
 489 }