crypto/store/store_lib.c

   1 /*
   2  * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include "e_os.h"
  11 #include <stdlib.h>
  12 #include <string.h>
  13 #include <openssl/crypto.h>
  14 #include <openssl/err.h>
  15 #include <openssl/store.h>
  16 #include "internal/thread_once.h"
  17 #include "internal/store_int.h"
  18 #include "store_locl.h"
  19
  20 struct ossl_store_ctx_st {
  21     const OSSL_STORE_LOADER *loader;
  22     OSSL_STORE_LOADER_CTX *loader_ctx;
  23     const UI_METHOD *ui_method;
  24     void *ui_data;
  25     OSSL_STORE_post_process_info_fn post_process;
  26     void *post_process_data;
  27
  28     /* 0 before the first STORE_load(), 1 otherwise */
  29     int loading;
  30 };
  31
  32 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
  33                                 void *ui_data,
  34                                 OSSL_STORE_post_process_info_fn post_process,
  35                                 void *post_process_data)
  36 {
  37     const OSSL_STORE_LOADER *loader = NULL;
  38     OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
  39     OSSL_STORE_CTX *ctx = NULL;
  40     char scheme_copy[256], *p, *schemes[2];
  41     size_t schemes_n = 0;
  42     size_t i;
  43
  44     /*
  45      * Put the file scheme first.  If the uri does represent an existing file,
  46      * possible device name and all, then it should be loaded.  Only a failed
  47      * attempt at loading a local file should have us try something else.
  48      */
  49     schemes[schemes_n++] = "file";
  50
  51     /*
  52      * Now, check if we have something that looks like a scheme, and add it
  53      * as a second scheme.  However, also check if there's an authority start
  54      * (://), because that will invalidate the previous file scheme.  Also,
  55      * check that this isn't actually the file scheme, as there's no point
  56      * going through that one twice!
  57      */
  58     OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
  59     if ((p = strchr(scheme_copy, ':')) != NULL) {
  60         *p++ = '\0';
  61         if (strcasecmp(scheme_copy, "file") != 0) {
  62             if (strncmp(p, "//", 2) == 0)
  63                 schemes_n--;         /* Invalidate the file scheme */
  64             schemes[schemes_n++] = scheme_copy;
  65         }
  66     }
  67
  68     ERR_set_mark();
  69
  70     /* Try each scheme until we find one that could open the URI */
  71     for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
  72         if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
  73             loader_ctx = loader->open(loader, uri, ui_method, ui_data);
  74     }
  75     if (loader_ctx == NULL)
  76         goto err;
  77
  78     if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
  79         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
  80         goto err;
  81     }
  82
  83     ctx->loader = loader;
  84     ctx->loader_ctx = loader_ctx;
  85     ctx->ui_method = ui_method;
  86     ctx->ui_data = ui_data;
  87     ctx->post_process = post_process;
  88     ctx->post_process_data = post_process_data;
  89
  90     /*
  91      * If the attempt to open with the 'file' scheme loader failed and the
  92      * other scheme loader succeeded, the failure to open with the 'file'
  93      * scheme loader leaves an error on the error stack.  Let's remove it.
  94      */
  95     ERR_pop_to_mark();
  96
  97     return ctx;
  98
  99  err:
 100     ERR_clear_last_mark();
 101     if (loader_ctx != NULL) {
 102         /*
 103          * We ignore a returned error because we will return NULL anyway in
 104          * this case, so if something goes wrong when closing, that'll simply
 105          * just add another entry on the error stack.
 106          */
 107         (void)loader->close(loader_ctx);
 108     }
 109     return NULL;
 110 }
 111
 112 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
 113 {
 114     va_list args;
 115     int ret;
 116
 117     va_start(args, cmd);
 118     ret = OSSL_STORE_vctrl(ctx, cmd, args);
 119     va_end(args);
 120
 121     return ret;
 122 }
 123
 124 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
 125 {
 126     if (ctx->loader->ctrl != NULL)
 127         return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
 128     return 0;
 129 }
 130
 131 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
 132 {
 133     OSSL_STORE_INFO *v = NULL;
 134
 135     ctx->loading = 1;
 136  again:
 137     if (OSSL_STORE_eof(ctx))
 138         return NULL;
 139
 140     v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
 141
 142     if (ctx->post_process != NULL && v != NULL) {
 143         v = ctx->post_process(v, ctx->post_process_data);
 144
 145         /*
 146          * By returning NULL, the callback decides that this object should
 147          * be ignored.
 148          */
 149         if (v == NULL)
 150             goto again;
 151     }
 152
 153     return v;
 154 }
 155
 156 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
 157 {
 158     return ctx->loader->error(ctx->loader_ctx);
 159 }
 160
 161 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
 162 {
 163     return ctx->loader->eof(ctx->loader_ctx);
 164 }
 165
 166 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
 167 {
 168     int loader_ret = ctx->loader->close(ctx->loader_ctx);
 169
 170     OPENSSL_free(ctx);
 171     return loader_ret;
 172 }
 173
 174 /*
 175  * Functions to generate OSSL_STORE_INFOs, one function for each type we
 176  * support having in them as well as a generic constructor.
 177  *
 178  * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
 179  * and will therefore be freed when the OSSL_STORE_INFO is freed.
 180  */
 181 static OSSL_STORE_INFO *store_info_new(int type, void *data)
 182 {
 183     OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
 184
 185     if (info == NULL)
 186         return NULL;
 187
 188     info->type = type;
 189     info->_.data = data;
 190     return info;
 191 }
 192
 193 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
 194 {
 195     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
 196
 197     if (info == NULL) {
 198         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
 199                       ERR_R_MALLOC_FAILURE);
 200         return NULL;
 201     }
 202
 203     info->_.name.name = name;
 204     info->_.name.desc = NULL;
 205
 206     return info;
 207 }
 208
 209 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
 210 {
 211     if (info->type != OSSL_STORE_INFO_NAME) {
 212         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
 213                       ERR_R_PASSED_INVALID_ARGUMENT);
 214         return 0;
 215     }
 216
 217     info->_.name.desc = desc;
 218
 219     return 1;
 220 }
 221 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
 222 {
 223     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
 224
 225     if (info == NULL)
 226         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
 227                       ERR_R_MALLOC_FAILURE);
 228     return info;
 229 }
 230
 231 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
 232 {
 233     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
 234
 235     if (info == NULL)
 236         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
 237                       ERR_R_MALLOC_FAILURE);
 238     return info;
 239 }
 240
 241 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
 242 {
 243     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
 244
 245     if (info == NULL)
 246         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
 247                       ERR_R_MALLOC_FAILURE);
 248     return info;
 249 }
 250
 251 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
 252 {
 253     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
 254
 255     if (info == NULL)
 256         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
 257                       ERR_R_MALLOC_FAILURE);
 258     return info;
 259 }
 260
 261 /*
 262  * Functions to try to extract data from a OSSL_STORE_INFO.
 263  */
 264 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
 265 {
 266     return info->type;
 267 }
 268
 269 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
 270 {
 271     if (info->type == OSSL_STORE_INFO_NAME)
 272         return info->_.name.name;
 273     return NULL;
 274 }
 275
 276 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
 277 {
 278     if (info->type == OSSL_STORE_INFO_NAME) {
 279         char *ret = OPENSSL_strdup(info->_.name.name);
 280
 281         if (ret == NULL)
 282             OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
 283                           ERR_R_MALLOC_FAILURE);
 284         return ret;
 285     }
 286     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
 287                   OSSL_STORE_R_NOT_A_NAME);
 288     return NULL;
 289 }
 290
 291 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
 292 {
 293     if (info->type == OSSL_STORE_INFO_NAME)
 294         return info->_.name.desc;
 295     return NULL;
 296 }
 297
 298 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
 299 {
 300     if (info->type == OSSL_STORE_INFO_NAME) {
 301         char *ret = OPENSSL_strdup(info->_.name.desc
 302                                    ? info->_.name.desc : "");
 303
 304         if (ret == NULL)
 305             OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
 306                      ERR_R_MALLOC_FAILURE);
 307         return ret;
 308     }
 309     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
 310                   OSSL_STORE_R_NOT_A_NAME);
 311     return NULL;
 312 }
 313
 314 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
 315 {
 316     if (info->type == OSSL_STORE_INFO_PARAMS)
 317         return info->_.params;
 318     return NULL;
 319 }
 320
 321 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
 322 {
 323     if (info->type == OSSL_STORE_INFO_PARAMS) {
 324         EVP_PKEY_up_ref(info->_.params);
 325         return info->_.params;
 326     }
 327     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
 328                   OSSL_STORE_R_NOT_PARAMETERS);
 329     return NULL;
 330 }
 331
 332 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
 333 {
 334     if (info->type == OSSL_STORE_INFO_PKEY)
 335         return info->_.pkey;
 336     return NULL;
 337 }
 338
 339 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
 340 {
 341     if (info->type == OSSL_STORE_INFO_PKEY) {
 342         EVP_PKEY_up_ref(info->_.pkey);
 343         return info->_.pkey;
 344     }
 345     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
 346                   OSSL_STORE_R_NOT_A_KEY);
 347     return NULL;
 348 }
 349
 350 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
 351 {
 352     if (info->type == OSSL_STORE_INFO_CERT)
 353         return info->_.x509;
 354     return NULL;
 355 }
 356
 357 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
 358 {
 359     if (info->type == OSSL_STORE_INFO_CERT) {
 360         X509_up_ref(info->_.x509);
 361         return info->_.x509;
 362     }
 363     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
 364                   OSSL_STORE_R_NOT_A_CERTIFICATE);
 365     return NULL;
 366 }
 367
 368 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
 369 {
 370     if (info->type == OSSL_STORE_INFO_CRL)
 371         return info->_.crl;
 372     return NULL;
 373 }
 374
 375 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
 376 {
 377     if (info->type == OSSL_STORE_INFO_CRL) {
 378         X509_CRL_up_ref(info->_.crl);
 379         return info->_.crl;
 380     }
 381     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
 382                   OSSL_STORE_R_NOT_A_CRL);
 383     return NULL;
 384 }
 385
 386 /*
 387  * Free the OSSL_STORE_INFO
 388  */
 389 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
 390 {
 391     if (info != NULL) {
 392         switch (info->type) {
 393         case OSSL_STORE_INFO_EMBEDDED:
 394             BUF_MEM_free(info->_.embedded.blob);
 395             OPENSSL_free(info->_.embedded.pem_name);
 396             break;
 397         case OSSL_STORE_INFO_NAME:
 398             OPENSSL_free(info->_.name.name);
 399             OPENSSL_free(info->_.name.desc);
 400             break;
 401         case OSSL_STORE_INFO_PARAMS:
 402             EVP_PKEY_free(info->_.params);
 403             break;
 404         case OSSL_STORE_INFO_PKEY:
 405             EVP_PKEY_free(info->_.pkey);
 406             break;
 407         case OSSL_STORE_INFO_CERT:
 408             X509_free(info->_.x509);
 409             break;
 410         case OSSL_STORE_INFO_CRL:
 411             X509_CRL_free(info->_.crl);
 412             break;
 413         }
 414         OPENSSL_free(info);
 415     }
 416 }
 417
 418 /* Internal functions */
 419 OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
 420                                               BUF_MEM *embedded)
 421 {
 422     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
 423
 424     if (info == NULL) {
 425         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
 426                       ERR_R_MALLOC_FAILURE);
 427         return NULL;
 428     }
 429
 430     info->_.embedded.blob = embedded;
 431     info->_.embedded.pem_name =
 432         new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
 433
 434     if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
 435         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
 436                       ERR_R_MALLOC_FAILURE);
 437         OSSL_STORE_INFO_free(info);
 438         info = NULL;
 439     }
 440
 441     return info;
 442 }
 443
 444 BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
 445 {
 446     if (info->type == OSSL_STORE_INFO_EMBEDDED)
 447         return info->_.embedded.blob;
 448     return NULL;
 449 }
 450
 451 char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
 452 {
 453     if (info->type == OSSL_STORE_INFO_EMBEDDED)
 454         return info->_.embedded.pem_name;
 455     return NULL;
 456 }
 457
 458 OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
 459                                           void *ui_data)
 460 {
 461     OSSL_STORE_CTX *ctx = NULL;
 462     const OSSL_STORE_LOADER *loader = NULL;
 463     OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
 464
 465     if ((loader = ossl_store_get0_loader_int("file")) == NULL
 466         || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
 467         goto done;
 468     if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
 469         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
 470                      ERR_R_MALLOC_FAILURE);
 471         goto done;
 472     }
 473
 474     ctx->loader = loader;
 475     ctx->loader_ctx = loader_ctx;
 476     loader_ctx = NULL;
 477     ctx->ui_method = ui_method;
 478     ctx->ui_data = ui_data;
 479     ctx->post_process = NULL;
 480     ctx->post_process_data = NULL;
 481
 482  done:
 483     if (loader_ctx != NULL)
 484         /*
 485          * We ignore a returned error because we will return NULL anyway in
 486          * this case, so if something goes wrong when closing, that'll simply
 487          * just add another entry on the error stack.
 488          */
 489         (void)loader->close(loader_ctx);
 490     return ctx;
 491 }
 492
 493 int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
 494 {
 495     int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);
 496
 497     OPENSSL_free(ctx);
 498     return loader_ret;
 499 }