2 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/store.h>
18 #include "internal/thread_once.h"
19 #include "internal/store_int.h"
20 #include "store_locl.h"
22 struct ossl_store_ctx_st {
23 const OSSL_STORE_LOADER *loader;
24 OSSL_STORE_LOADER_CTX *loader_ctx;
25 const UI_METHOD *ui_method;
27 OSSL_STORE_post_process_info_fn post_process;
28 void *post_process_data;
31 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
33 OSSL_STORE_post_process_info_fn post_process,
34 void *post_process_data)
36 const OSSL_STORE_LOADER *loader = NULL;
37 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
38 OSSL_STORE_CTX *ctx = NULL;
39 char scheme_copy[256], *p, *schemes[2];
44 * Put the file scheme first. If the uri does represent an existing file,
45 * possible device name and all, then it should be loaded. Only a failed
46 * attempt at loading a local file should have us try something else.
48 schemes[schemes_n++] = "file";
51 * Now, check if we have something that looks like a scheme, and add it
52 * as a second scheme. However, also check if there's an authority start
53 * (://), because that will invalidate the previous file scheme. Also,
54 * check that this isn't actually the file scheme, as there's no point
55 * going through that one twice!
57 OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
58 if ((p = strchr(scheme_copy, ':')) != NULL) {
60 if (strcasecmp(scheme_copy, "file") != 0) {
61 if (strncmp(p, "//", 2) == 0)
62 schemes_n--; /* Invalidate the file scheme */
63 schemes[schemes_n++] = scheme_copy;
67 /* Try each scheme until we find one that could open the URI */
68 for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
69 if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
70 loader_ctx = loader->open(loader, uri, ui_method, ui_data);
72 if (loader_ctx == NULL)
75 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
76 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
81 ctx->loader_ctx = loader_ctx;
83 ctx->ui_method = ui_method;
84 ctx->ui_data = ui_data;
85 ctx->post_process = post_process;
86 ctx->post_process_data = post_process_data;
89 if (loader_ctx != NULL) {
91 * We ignore a returned error because we will return NULL anyway in
92 * this case, so if something goes wrong when closing, that'll simply
93 * just add another entry on the error stack.
95 (void)loader->close(loader_ctx);
100 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
106 if (ctx->loader->ctrl != NULL)
107 ret = ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
113 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
115 OSSL_STORE_INFO *v = NULL;
118 if (OSSL_STORE_eof(ctx))
121 v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
123 if (ctx->post_process != NULL && v != NULL) {
124 v = ctx->post_process(v, ctx->post_process_data);
127 * By returning NULL, the callback decides that this object should
137 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
139 return ctx->loader->error(ctx->loader_ctx);
142 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
144 return ctx->loader->eof(ctx->loader_ctx);
147 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
149 int loader_ret = ctx->loader->close(ctx->loader_ctx);
156 * Functions to generate OSSL_STORE_INFOs, one function for each type we
157 * support having in them. Along with each of them, one macro that
158 * can be used to determine what types are supported.
160 * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
161 * and will therefore be freed when the OSSL_STORE_INFO is freed.
163 static OSSL_STORE_INFO *store_info_new(int type, void *data)
165 OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
175 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
177 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
180 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
181 ERR_R_MALLOC_FAILURE);
185 info->_.name.name = name;
186 info->_.name.desc = NULL;
191 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
193 if (info->type != OSSL_STORE_INFO_NAME) {
194 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
195 ERR_R_PASSED_INVALID_ARGUMENT);
199 info->_.name.desc = desc;
203 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
205 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
208 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
209 ERR_R_MALLOC_FAILURE);
213 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
215 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
218 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
219 ERR_R_MALLOC_FAILURE);
223 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
225 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
228 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
229 ERR_R_MALLOC_FAILURE);
233 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
235 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
238 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
239 ERR_R_MALLOC_FAILURE);
244 * Functions to try to extract data from a OSSL_STORE_INFO.
246 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
251 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
253 if (info->type == OSSL_STORE_INFO_NAME)
254 return info->_.name.name;
258 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
260 if (info->type == OSSL_STORE_INFO_NAME) {
261 char *ret = OPENSSL_strdup(info->_.name.name);
264 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
265 ERR_R_MALLOC_FAILURE);
268 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
269 OSSL_STORE_R_NOT_A_NAME);
273 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
275 if (info->type == OSSL_STORE_INFO_NAME)
276 return info->_.name.desc;
280 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
282 if (info->type == OSSL_STORE_INFO_NAME) {
283 char *ret = OPENSSL_strdup(info->_.name.desc
284 ? info->_.name.desc : "");
287 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
288 ERR_R_MALLOC_FAILURE);
291 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
292 OSSL_STORE_R_NOT_A_NAME);
296 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
298 if (info->type == OSSL_STORE_INFO_PARAMS)
299 return info->_.params;
303 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
305 if (info->type == OSSL_STORE_INFO_PARAMS) {
306 EVP_PKEY_up_ref(info->_.params);
307 return info->_.params;
309 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
310 OSSL_STORE_R_NOT_PARAMETERS);
314 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
316 if (info->type == OSSL_STORE_INFO_PKEY)
321 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
323 if (info->type == OSSL_STORE_INFO_PKEY) {
324 EVP_PKEY_up_ref(info->_.pkey);
327 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
328 OSSL_STORE_R_NOT_A_KEY);
332 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
334 if (info->type == OSSL_STORE_INFO_CERT)
339 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
341 if (info->type == OSSL_STORE_INFO_CERT) {
342 X509_up_ref(info->_.x509);
345 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
346 OSSL_STORE_R_NOT_A_CERTIFICATE);
350 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
352 if (info->type == OSSL_STORE_INFO_CRL)
357 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
359 if (info->type == OSSL_STORE_INFO_CRL) {
360 X509_CRL_up_ref(info->_.crl);
363 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
364 OSSL_STORE_R_NOT_A_CRL);
369 * Free the OSSL_STORE_INFO
371 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
374 switch (info->type) {
375 case OSSL_STORE_INFO_EMBEDDED:
376 BUF_MEM_free(info->_.embedded.blob);
377 OPENSSL_free(info->_.embedded.pem_name);
379 case OSSL_STORE_INFO_NAME:
380 OPENSSL_free(info->_.name.name);
381 OPENSSL_free(info->_.name.desc);
383 case OSSL_STORE_INFO_PARAMS:
384 EVP_PKEY_free(info->_.params);
386 case OSSL_STORE_INFO_PKEY:
387 EVP_PKEY_free(info->_.pkey);
389 case OSSL_STORE_INFO_CERT:
390 X509_free(info->_.x509);
392 case OSSL_STORE_INFO_CRL:
393 X509_CRL_free(info->_.crl);
400 /* Internal functions */
401 OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
404 OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
407 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
408 ERR_R_MALLOC_FAILURE);
412 info->_.embedded.blob = embedded;
413 info->_.embedded.pem_name =
414 new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
416 if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
417 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
418 ERR_R_MALLOC_FAILURE);
419 OSSL_STORE_INFO_free(info);
426 BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
428 if (info->type == OSSL_STORE_INFO_EMBEDDED)
429 return info->_.embedded.blob;
433 char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
435 if (info->type == OSSL_STORE_INFO_EMBEDDED)
436 return info->_.embedded.pem_name;
440 OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
443 OSSL_STORE_CTX *ctx = NULL;
444 const OSSL_STORE_LOADER *loader = NULL;
445 OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
447 if ((loader = ossl_store_get0_loader_int("file")) == NULL
448 || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
450 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
451 OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
452 ERR_R_MALLOC_FAILURE);
456 ctx->loader = loader;
457 ctx->loader_ctx = loader_ctx;
459 ctx->ui_method = ui_method;
460 ctx->ui_data = ui_data;
461 ctx->post_process = NULL;
462 ctx->post_process_data = NULL;
465 if (loader_ctx != NULL)
467 * We ignore a returned error because we will return NULL anyway in
468 * this case, so if something goes wrong when closing, that'll simply
469 * just add another entry on the error stack.
471 (void)loader->close(loader_ctx);
475 int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
477 int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);