crypto/store/store_lib.c

   1 /*
   2  * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdlib.h>
  11 #include <string.h>
  12
  13 #include "e_os.h"
  14
  15 #include <openssl/crypto.h>
  16 #include <openssl/err.h>
  17 #include <openssl/store.h>
  18 #include "internal/thread_once.h"
  19 #include "internal/store_int.h"
  20 #include "store_locl.h"
  21
  22 struct ossl_store_ctx_st {
  23     const OSSL_STORE_LOADER *loader;
  24     OSSL_STORE_LOADER_CTX *loader_ctx;
  25     const UI_METHOD *ui_method;
  26     void *ui_data;
  27     OSSL_STORE_post_process_info_fn post_process;
  28     void *post_process_data;
  29 };
  30
  31 OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
  32                                 void *ui_data,
  33                                 OSSL_STORE_post_process_info_fn post_process,
  34                                 void *post_process_data)
  35 {
  36     const OSSL_STORE_LOADER *loader = NULL;
  37     OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
  38     OSSL_STORE_CTX *ctx = NULL;
  39     char scheme_copy[256], *p, *schemes[2];
  40     size_t schemes_n = 0;
  41     size_t i;
  42
  43     /*
  44      * Put the file scheme first.  If the uri does represent an existing file,
  45      * possible device name and all, then it should be loaded.  Only a failed
  46      * attempt at loading a local file should have us try something else.
  47      */
  48     schemes[schemes_n++] = "file";
  49
  50     /*
  51      * Now, check if we have something that looks like a scheme, and add it
  52      * as a second scheme.  However, also check if there's an authority start
  53      * (://), because that will invalidate the previous file scheme.  Also,
  54      * check that this isn't actually the file scheme, as there's no point
  55      * going through that one twice!
  56      */
  57     OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
  58     if ((p = strchr(scheme_copy, ':')) != NULL) {
  59         *p++ = '\0';
  60         if (strcasecmp(scheme_copy, "file") != 0) {
  61             if (strncmp(p, "//", 2) == 0)
  62                 schemes_n--;         /* Invalidate the file scheme */
  63             schemes[schemes_n++] = scheme_copy;
  64         }
  65     }
  66
  67     /* Try each scheme until we find one that could open the URI */
  68     for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
  69         if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
  70             loader_ctx = loader->open(loader, uri, ui_method, ui_data);
  71     }
  72     if (loader_ctx == NULL)
  73         goto done;
  74
  75     if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
  76         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
  77         goto done;
  78     }
  79
  80     ctx->loader = loader;
  81     ctx->loader_ctx = loader_ctx;
  82     loader_ctx = NULL;
  83     ctx->ui_method = ui_method;
  84     ctx->ui_data = ui_data;
  85     ctx->post_process = post_process;
  86     ctx->post_process_data = post_process_data;
  87
  88  done:
  89     if (loader_ctx != NULL) {
  90         /*
  91          * We ignore a returned error because we will return NULL anyway in
  92          * this case, so if something goes wrong when closing, that'll simply
  93          * just add another entry on the error stack.
  94          */
  95         (void)loader->close(loader_ctx);
  96     }
  97     return ctx;
  98 }
  99
 100 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
 101 {
 102     va_list args;
 103     int ret = 0;
 104
 105     va_start(args, cmd);
 106     if (ctx->loader->ctrl != NULL)
 107         ret = ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
 108     va_end(args);
 109
 110     return ret;
 111 }
 112
 113 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
 114 {
 115     OSSL_STORE_INFO *v = NULL;
 116
 117  again:
 118     if (OSSL_STORE_eof(ctx))
 119         return NULL;
 120
 121     v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
 122
 123     if (ctx->post_process != NULL && v != NULL) {
 124         v = ctx->post_process(v, ctx->post_process_data);
 125
 126         /*
 127          * By returning NULL, the callback decides that this object should
 128          * be ignored.
 129          */
 130         if (v == NULL)
 131             goto again;
 132     }
 133
 134     return v;
 135 }
 136
 137 int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
 138 {
 139     return ctx->loader->error(ctx->loader_ctx);
 140 }
 141
 142 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
 143 {
 144     return ctx->loader->eof(ctx->loader_ctx);
 145 }
 146
 147 int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
 148 {
 149     int loader_ret = ctx->loader->close(ctx->loader_ctx);
 150
 151     OPENSSL_free(ctx);
 152     return loader_ret;
 153 }
 154
 155 /*
 156  * Functions to generate OSSL_STORE_INFOs, one function for each type we
 157  * support having in them.  Along with each of them, one macro that
 158  * can be used to determine what types are supported.
 159  *
 160  * In all cases, ownership of the object is transfered to the OSSL_STORE_INFO
 161  * and will therefore be freed when the OSSL_STORE_INFO is freed.
 162  */
 163 static OSSL_STORE_INFO *store_info_new(int type, void *data)
 164 {
 165     OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
 166
 167     if (info == NULL)
 168         return NULL;
 169
 170     info->type = type;
 171     info->_.data = data;
 172     return info;
 173 }
 174
 175 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
 176 {
 177     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
 178
 179     if (info == NULL) {
 180         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
 181                       ERR_R_MALLOC_FAILURE);
 182         return NULL;
 183     }
 184
 185     info->_.name.name = name;
 186     info->_.name.desc = NULL;
 187
 188     return info;
 189 }
 190
 191 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
 192 {
 193     if (info->type != OSSL_STORE_INFO_NAME) {
 194         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
 195                       ERR_R_PASSED_INVALID_ARGUMENT);
 196         return 0;
 197     }
 198
 199     info->_.name.desc = desc;
 200
 201     return 1;
 202 }
 203 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
 204 {
 205     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
 206
 207     if (info == NULL)
 208         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
 209                       ERR_R_MALLOC_FAILURE);
 210     return info;
 211 }
 212
 213 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
 214 {
 215     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
 216
 217     if (info == NULL)
 218         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
 219                       ERR_R_MALLOC_FAILURE);
 220     return info;
 221 }
 222
 223 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
 224 {
 225     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
 226
 227     if (info == NULL)
 228         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
 229                       ERR_R_MALLOC_FAILURE);
 230     return info;
 231 }
 232
 233 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
 234 {
 235     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
 236
 237     if (info == NULL)
 238         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
 239                       ERR_R_MALLOC_FAILURE);
 240     return info;
 241 }
 242
 243 /*
 244  * Functions to try to extract data from a OSSL_STORE_INFO.
 245  */
 246 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
 247 {
 248     return info->type;
 249 }
 250
 251 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
 252 {
 253     if (info->type == OSSL_STORE_INFO_NAME)
 254         return info->_.name.name;
 255     return NULL;
 256 }
 257
 258 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
 259 {
 260     if (info->type == OSSL_STORE_INFO_NAME) {
 261         char *ret = OPENSSL_strdup(info->_.name.name);
 262
 263         if (ret == NULL)
 264             OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
 265                           ERR_R_MALLOC_FAILURE);
 266         return ret;
 267     }
 268     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
 269                   OSSL_STORE_R_NOT_A_NAME);
 270     return NULL;
 271 }
 272
 273 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
 274 {
 275     if (info->type == OSSL_STORE_INFO_NAME)
 276         return info->_.name.desc;
 277     return NULL;
 278 }
 279
 280 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
 281 {
 282     if (info->type == OSSL_STORE_INFO_NAME) {
 283         char *ret = OPENSSL_strdup(info->_.name.desc
 284                                    ? info->_.name.desc : "");
 285
 286         if (ret == NULL)
 287             OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
 288                      ERR_R_MALLOC_FAILURE);
 289         return ret;
 290     }
 291     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
 292                   OSSL_STORE_R_NOT_A_NAME);
 293     return NULL;
 294 }
 295
 296 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
 297 {
 298     if (info->type == OSSL_STORE_INFO_PARAMS)
 299         return info->_.params;
 300     return NULL;
 301 }
 302
 303 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
 304 {
 305     if (info->type == OSSL_STORE_INFO_PARAMS) {
 306         EVP_PKEY_up_ref(info->_.params);
 307         return info->_.params;
 308     }
 309     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
 310                   OSSL_STORE_R_NOT_PARAMETERS);
 311     return NULL;
 312 }
 313
 314 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
 315 {
 316     if (info->type == OSSL_STORE_INFO_PKEY)
 317         return info->_.pkey;
 318     return NULL;
 319 }
 320
 321 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
 322 {
 323     if (info->type == OSSL_STORE_INFO_PKEY) {
 324         EVP_PKEY_up_ref(info->_.pkey);
 325         return info->_.pkey;
 326     }
 327     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
 328                   OSSL_STORE_R_NOT_A_KEY);
 329     return NULL;
 330 }
 331
 332 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
 333 {
 334     if (info->type == OSSL_STORE_INFO_CERT)
 335         return info->_.x509;
 336     return NULL;
 337 }
 338
 339 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
 340 {
 341     if (info->type == OSSL_STORE_INFO_CERT) {
 342         X509_up_ref(info->_.x509);
 343         return info->_.x509;
 344     }
 345     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
 346                   OSSL_STORE_R_NOT_A_CERTIFICATE);
 347     return NULL;
 348 }
 349
 350 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
 351 {
 352     if (info->type == OSSL_STORE_INFO_CRL)
 353         return info->_.crl;
 354     return NULL;
 355 }
 356
 357 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
 358 {
 359     if (info->type == OSSL_STORE_INFO_CRL) {
 360         X509_CRL_up_ref(info->_.crl);
 361         return info->_.crl;
 362     }
 363     OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
 364                   OSSL_STORE_R_NOT_A_CRL);
 365     return NULL;
 366 }
 367
 368 /*
 369  * Free the OSSL_STORE_INFO
 370  */
 371 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
 372 {
 373     if (info != NULL) {
 374         switch (info->type) {
 375         case OSSL_STORE_INFO_EMBEDDED:
 376             BUF_MEM_free(info->_.embedded.blob);
 377             OPENSSL_free(info->_.embedded.pem_name);
 378             break;
 379         case OSSL_STORE_INFO_NAME:
 380             OPENSSL_free(info->_.name.name);
 381             OPENSSL_free(info->_.name.desc);
 382             break;
 383         case OSSL_STORE_INFO_PARAMS:
 384             EVP_PKEY_free(info->_.params);
 385             break;
 386         case OSSL_STORE_INFO_PKEY:
 387             EVP_PKEY_free(info->_.pkey);
 388             break;
 389         case OSSL_STORE_INFO_CERT:
 390             X509_free(info->_.x509);
 391             break;
 392         case OSSL_STORE_INFO_CRL:
 393             X509_CRL_free(info->_.crl);
 394             break;
 395         }
 396         OPENSSL_free(info);
 397     }
 398 }
 399
 400 /* Internal functions */
 401 OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
 402                                               BUF_MEM *embedded)
 403 {
 404     OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
 405
 406     if (info == NULL) {
 407         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
 408                       ERR_R_MALLOC_FAILURE);
 409         return NULL;
 410     }
 411
 412     info->_.embedded.blob = embedded;
 413     info->_.embedded.pem_name =
 414         new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
 415
 416     if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
 417         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
 418                       ERR_R_MALLOC_FAILURE);
 419         OSSL_STORE_INFO_free(info);
 420         info = NULL;
 421     }
 422
 423     return info;
 424 }
 425
 426 BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
 427 {
 428     if (info->type == OSSL_STORE_INFO_EMBEDDED)
 429         return info->_.embedded.blob;
 430     return NULL;
 431 }
 432
 433 char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
 434 {
 435     if (info->type == OSSL_STORE_INFO_EMBEDDED)
 436         return info->_.embedded.pem_name;
 437     return NULL;
 438 }
 439
 440 OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
 441                                           void *ui_data)
 442 {
 443     OSSL_STORE_CTX *ctx = NULL;
 444     const OSSL_STORE_LOADER *loader = NULL;
 445     OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
 446
 447     if ((loader = ossl_store_get0_loader_int("file")) == NULL
 448         || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
 449         goto done;
 450     if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
 451         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
 452                      ERR_R_MALLOC_FAILURE);
 453         goto done;
 454     }
 455
 456     ctx->loader = loader;
 457     ctx->loader_ctx = loader_ctx;
 458     loader_ctx = NULL;
 459     ctx->ui_method = ui_method;
 460     ctx->ui_data = ui_data;
 461     ctx->post_process = NULL;
 462     ctx->post_process_data = NULL;
 463
 464  done:
 465     if (loader_ctx != NULL)
 466         /*
 467          * We ignore a returned error because we will return NULL anyway in
 468          * this case, so if something goes wrong when closing, that'll simply
 469          * just add another entry on the error stack.
 470          */
 471         (void)loader->close(loader_ctx);
 472     return ctx;
 473 }
 474
 475 int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
 476 {
 477     int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);
 478
 479     OPENSSL_free(ctx);
 480     return loader_ret;
 481 }