1 | /*
|
---|
2 | * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
---|
3 | *
|
---|
4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
5 | * this file except in compliance with the License. You can obtain a copy
|
---|
6 | * in the file LICENSE in the source distribution or at
|
---|
7 | * https://www.openssl.org/source/license.html
|
---|
8 | */
|
---|
9 |
|
---|
10 | #include "e_os.h"
|
---|
11 | #include <stdlib.h>
|
---|
12 | #include <string.h>
|
---|
13 | #include <assert.h>
|
---|
14 |
|
---|
15 | #include "e_os.h"
|
---|
16 |
|
---|
17 | #include <openssl/crypto.h>
|
---|
18 | #include <openssl/err.h>
|
---|
19 | #include <openssl/store.h>
|
---|
20 | #include "internal/thread_once.h"
|
---|
21 | #include "crypto/store.h"
|
---|
22 | #include "store_local.h"
|
---|
23 |
|
---|
24 | struct ossl_store_ctx_st {
|
---|
25 | const OSSL_STORE_LOADER *loader;
|
---|
26 | OSSL_STORE_LOADER_CTX *loader_ctx;
|
---|
27 | const UI_METHOD *ui_method;
|
---|
28 | void *ui_data;
|
---|
29 | OSSL_STORE_post_process_info_fn post_process;
|
---|
30 | void *post_process_data;
|
---|
31 | int expected_type;
|
---|
32 |
|
---|
33 | /* 0 before the first STORE_load(), 1 otherwise */
|
---|
34 | int loading;
|
---|
35 | };
|
---|
36 |
|
---|
37 | OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
|
---|
38 | void *ui_data,
|
---|
39 | OSSL_STORE_post_process_info_fn post_process,
|
---|
40 | void *post_process_data)
|
---|
41 | {
|
---|
42 | const OSSL_STORE_LOADER *loader = NULL;
|
---|
43 | OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
|
---|
44 | OSSL_STORE_CTX *ctx = NULL;
|
---|
45 | char scheme_copy[256], *p, *schemes[2];
|
---|
46 | size_t schemes_n = 0;
|
---|
47 | size_t i;
|
---|
48 |
|
---|
49 | /*
|
---|
50 | * Put the file scheme first. If the uri does represent an existing file,
|
---|
51 | * possible device name and all, then it should be loaded. Only a failed
|
---|
52 | * attempt at loading a local file should have us try something else.
|
---|
53 | */
|
---|
54 | schemes[schemes_n++] = "file";
|
---|
55 |
|
---|
56 | /*
|
---|
57 | * Now, check if we have something that looks like a scheme, and add it
|
---|
58 | * as a second scheme. However, also check if there's an authority start
|
---|
59 | * (://), because that will invalidate the previous file scheme. Also,
|
---|
60 | * check that this isn't actually the file scheme, as there's no point
|
---|
61 | * going through that one twice!
|
---|
62 | */
|
---|
63 | OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
|
---|
64 | if ((p = strchr(scheme_copy, ':')) != NULL) {
|
---|
65 | *p++ = '\0';
|
---|
66 | if (strcasecmp(scheme_copy, "file") != 0) {
|
---|
67 | if (strncmp(p, "//", 2) == 0)
|
---|
68 | schemes_n--; /* Invalidate the file scheme */
|
---|
69 | schemes[schemes_n++] = scheme_copy;
|
---|
70 | }
|
---|
71 | }
|
---|
72 |
|
---|
73 | ERR_set_mark();
|
---|
74 |
|
---|
75 | /* Try each scheme until we find one that could open the URI */
|
---|
76 | for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
|
---|
77 | if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
|
---|
78 | loader_ctx = loader->open(loader, uri, ui_method, ui_data);
|
---|
79 | }
|
---|
80 | if (loader_ctx == NULL)
|
---|
81 | goto err;
|
---|
82 |
|
---|
83 | if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
|
---|
84 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
|
---|
85 | goto err;
|
---|
86 | }
|
---|
87 |
|
---|
88 | ctx->loader = loader;
|
---|
89 | ctx->loader_ctx = loader_ctx;
|
---|
90 | ctx->ui_method = ui_method;
|
---|
91 | ctx->ui_data = ui_data;
|
---|
92 | ctx->post_process = post_process;
|
---|
93 | ctx->post_process_data = post_process_data;
|
---|
94 |
|
---|
95 | /*
|
---|
96 | * If the attempt to open with the 'file' scheme loader failed and the
|
---|
97 | * other scheme loader succeeded, the failure to open with the 'file'
|
---|
98 | * scheme loader leaves an error on the error stack. Let's remove it.
|
---|
99 | */
|
---|
100 | ERR_pop_to_mark();
|
---|
101 |
|
---|
102 | return ctx;
|
---|
103 |
|
---|
104 | err:
|
---|
105 | ERR_clear_last_mark();
|
---|
106 | if (loader_ctx != NULL) {
|
---|
107 | /*
|
---|
108 | * We ignore a returned error because we will return NULL anyway in
|
---|
109 | * this case, so if something goes wrong when closing, that'll simply
|
---|
110 | * just add another entry on the error stack.
|
---|
111 | */
|
---|
112 | (void)loader->close(loader_ctx);
|
---|
113 | }
|
---|
114 | return NULL;
|
---|
115 | }
|
---|
116 |
|
---|
117 | int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
|
---|
118 | {
|
---|
119 | va_list args;
|
---|
120 | int ret;
|
---|
121 |
|
---|
122 | va_start(args, cmd);
|
---|
123 | ret = OSSL_STORE_vctrl(ctx, cmd, args);
|
---|
124 | va_end(args);
|
---|
125 |
|
---|
126 | return ret;
|
---|
127 | }
|
---|
128 |
|
---|
129 | int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
|
---|
130 | {
|
---|
131 | if (ctx->loader->ctrl != NULL)
|
---|
132 | return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
|
---|
133 | return 0;
|
---|
134 | }
|
---|
135 |
|
---|
136 | int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
|
---|
137 | {
|
---|
138 | if (ctx->loading) {
|
---|
139 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_EXPECT,
|
---|
140 | OSSL_STORE_R_LOADING_STARTED);
|
---|
141 | return 0;
|
---|
142 | }
|
---|
143 |
|
---|
144 | ctx->expected_type = expected_type;
|
---|
145 | if (ctx->loader->expect != NULL)
|
---|
146 | return ctx->loader->expect(ctx->loader_ctx, expected_type);
|
---|
147 | return 1;
|
---|
148 | }
|
---|
149 |
|
---|
150 | int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search)
|
---|
151 | {
|
---|
152 | if (ctx->loading) {
|
---|
153 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
|
---|
154 | OSSL_STORE_R_LOADING_STARTED);
|
---|
155 | return 0;
|
---|
156 | }
|
---|
157 | if (ctx->loader->find == NULL) {
|
---|
158 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
|
---|
159 | OSSL_STORE_R_UNSUPPORTED_OPERATION);
|
---|
160 | return 0;
|
---|
161 | }
|
---|
162 |
|
---|
163 | return ctx->loader->find(ctx->loader_ctx, search);
|
---|
164 | }
|
---|
165 |
|
---|
166 | OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
|
---|
167 | {
|
---|
168 | OSSL_STORE_INFO *v = NULL;
|
---|
169 |
|
---|
170 | ctx->loading = 1;
|
---|
171 | again:
|
---|
172 | if (OSSL_STORE_eof(ctx))
|
---|
173 | return NULL;
|
---|
174 |
|
---|
175 | v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
|
---|
176 |
|
---|
177 | if (ctx->post_process != NULL && v != NULL) {
|
---|
178 | v = ctx->post_process(v, ctx->post_process_data);
|
---|
179 |
|
---|
180 | /*
|
---|
181 | * By returning NULL, the callback decides that this object should
|
---|
182 | * be ignored.
|
---|
183 | */
|
---|
184 | if (v == NULL)
|
---|
185 | goto again;
|
---|
186 | }
|
---|
187 |
|
---|
188 | if (v != NULL && ctx->expected_type != 0) {
|
---|
189 | int returned_type = OSSL_STORE_INFO_get_type(v);
|
---|
190 |
|
---|
191 | if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
|
---|
192 | /*
|
---|
193 | * Soft assert here so those who want to harsly weed out faulty
|
---|
194 | * loaders can do so using a debugging version of libcrypto.
|
---|
195 | */
|
---|
196 | if (ctx->loader->expect != NULL)
|
---|
197 | assert(ctx->expected_type == returned_type);
|
---|
198 |
|
---|
199 | if (ctx->expected_type != returned_type) {
|
---|
200 | OSSL_STORE_INFO_free(v);
|
---|
201 | goto again;
|
---|
202 | }
|
---|
203 | }
|
---|
204 | }
|
---|
205 |
|
---|
206 | return v;
|
---|
207 | }
|
---|
208 |
|
---|
209 | int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
|
---|
210 | {
|
---|
211 | return ctx->loader->error(ctx->loader_ctx);
|
---|
212 | }
|
---|
213 |
|
---|
214 | int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
|
---|
215 | {
|
---|
216 | return ctx->loader->eof(ctx->loader_ctx);
|
---|
217 | }
|
---|
218 |
|
---|
219 | int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
|
---|
220 | {
|
---|
221 | int loader_ret = ctx->loader->close(ctx->loader_ctx);
|
---|
222 |
|
---|
223 | OPENSSL_free(ctx);
|
---|
224 | return loader_ret;
|
---|
225 | }
|
---|
226 |
|
---|
227 | /*
|
---|
228 | * Functions to generate OSSL_STORE_INFOs, one function for each type we
|
---|
229 | * support having in them as well as a generic constructor.
|
---|
230 | *
|
---|
231 | * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
|
---|
232 | * and will therefore be freed when the OSSL_STORE_INFO is freed.
|
---|
233 | */
|
---|
234 | static OSSL_STORE_INFO *store_info_new(int type, void *data)
|
---|
235 | {
|
---|
236 | OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
|
---|
237 |
|
---|
238 | if (info == NULL)
|
---|
239 | return NULL;
|
---|
240 |
|
---|
241 | info->type = type;
|
---|
242 | info->_.data = data;
|
---|
243 | return info;
|
---|
244 | }
|
---|
245 |
|
---|
246 | OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
|
---|
247 | {
|
---|
248 | OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
|
---|
249 |
|
---|
250 | if (info == NULL) {
|
---|
251 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
|
---|
252 | ERR_R_MALLOC_FAILURE);
|
---|
253 | return NULL;
|
---|
254 | }
|
---|
255 |
|
---|
256 | info->_.name.name = name;
|
---|
257 | info->_.name.desc = NULL;
|
---|
258 |
|
---|
259 | return info;
|
---|
260 | }
|
---|
261 |
|
---|
262 | int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
|
---|
263 | {
|
---|
264 | if (info->type != OSSL_STORE_INFO_NAME) {
|
---|
265 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
|
---|
266 | ERR_R_PASSED_INVALID_ARGUMENT);
|
---|
267 | return 0;
|
---|
268 | }
|
---|
269 |
|
---|
270 | info->_.name.desc = desc;
|
---|
271 |
|
---|
272 | return 1;
|
---|
273 | }
|
---|
274 | OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
|
---|
275 | {
|
---|
276 | OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
|
---|
277 |
|
---|
278 | if (info == NULL)
|
---|
279 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
|
---|
280 | ERR_R_MALLOC_FAILURE);
|
---|
281 | return info;
|
---|
282 | }
|
---|
283 |
|
---|
284 | OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
|
---|
285 | {
|
---|
286 | OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
|
---|
287 |
|
---|
288 | if (info == NULL)
|
---|
289 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
|
---|
290 | ERR_R_MALLOC_FAILURE);
|
---|
291 | return info;
|
---|
292 | }
|
---|
293 |
|
---|
294 | OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
|
---|
295 | {
|
---|
296 | OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
|
---|
297 |
|
---|
298 | if (info == NULL)
|
---|
299 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
|
---|
300 | ERR_R_MALLOC_FAILURE);
|
---|
301 | return info;
|
---|
302 | }
|
---|
303 |
|
---|
304 | OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
|
---|
305 | {
|
---|
306 | OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
|
---|
307 |
|
---|
308 | if (info == NULL)
|
---|
309 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
|
---|
310 | ERR_R_MALLOC_FAILURE);
|
---|
311 | return info;
|
---|
312 | }
|
---|
313 |
|
---|
314 | /*
|
---|
315 | * Functions to try to extract data from a OSSL_STORE_INFO.
|
---|
316 | */
|
---|
317 | int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
|
---|
318 | {
|
---|
319 | return info->type;
|
---|
320 | }
|
---|
321 |
|
---|
322 | const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
|
---|
323 | {
|
---|
324 | if (info->type == OSSL_STORE_INFO_NAME)
|
---|
325 | return info->_.name.name;
|
---|
326 | return NULL;
|
---|
327 | }
|
---|
328 |
|
---|
329 | char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
|
---|
330 | {
|
---|
331 | if (info->type == OSSL_STORE_INFO_NAME) {
|
---|
332 | char *ret = OPENSSL_strdup(info->_.name.name);
|
---|
333 |
|
---|
334 | if (ret == NULL)
|
---|
335 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
|
---|
336 | ERR_R_MALLOC_FAILURE);
|
---|
337 | return ret;
|
---|
338 | }
|
---|
339 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
|
---|
340 | OSSL_STORE_R_NOT_A_NAME);
|
---|
341 | return NULL;
|
---|
342 | }
|
---|
343 |
|
---|
344 | const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
|
---|
345 | {
|
---|
346 | if (info->type == OSSL_STORE_INFO_NAME)
|
---|
347 | return info->_.name.desc;
|
---|
348 | return NULL;
|
---|
349 | }
|
---|
350 |
|
---|
351 | char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
|
---|
352 | {
|
---|
353 | if (info->type == OSSL_STORE_INFO_NAME) {
|
---|
354 | char *ret = OPENSSL_strdup(info->_.name.desc
|
---|
355 | ? info->_.name.desc : "");
|
---|
356 |
|
---|
357 | if (ret == NULL)
|
---|
358 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
|
---|
359 | ERR_R_MALLOC_FAILURE);
|
---|
360 | return ret;
|
---|
361 | }
|
---|
362 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
|
---|
363 | OSSL_STORE_R_NOT_A_NAME);
|
---|
364 | return NULL;
|
---|
365 | }
|
---|
366 |
|
---|
367 | EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
|
---|
368 | {
|
---|
369 | if (info->type == OSSL_STORE_INFO_PARAMS)
|
---|
370 | return info->_.params;
|
---|
371 | return NULL;
|
---|
372 | }
|
---|
373 |
|
---|
374 | EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
|
---|
375 | {
|
---|
376 | if (info->type == OSSL_STORE_INFO_PARAMS) {
|
---|
377 | EVP_PKEY_up_ref(info->_.params);
|
---|
378 | return info->_.params;
|
---|
379 | }
|
---|
380 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
|
---|
381 | OSSL_STORE_R_NOT_PARAMETERS);
|
---|
382 | return NULL;
|
---|
383 | }
|
---|
384 |
|
---|
385 | EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
|
---|
386 | {
|
---|
387 | if (info->type == OSSL_STORE_INFO_PKEY)
|
---|
388 | return info->_.pkey;
|
---|
389 | return NULL;
|
---|
390 | }
|
---|
391 |
|
---|
392 | EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
|
---|
393 | {
|
---|
394 | if (info->type == OSSL_STORE_INFO_PKEY) {
|
---|
395 | EVP_PKEY_up_ref(info->_.pkey);
|
---|
396 | return info->_.pkey;
|
---|
397 | }
|
---|
398 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
|
---|
399 | OSSL_STORE_R_NOT_A_KEY);
|
---|
400 | return NULL;
|
---|
401 | }
|
---|
402 |
|
---|
403 | X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
|
---|
404 | {
|
---|
405 | if (info->type == OSSL_STORE_INFO_CERT)
|
---|
406 | return info->_.x509;
|
---|
407 | return NULL;
|
---|
408 | }
|
---|
409 |
|
---|
410 | X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
|
---|
411 | {
|
---|
412 | if (info->type == OSSL_STORE_INFO_CERT) {
|
---|
413 | X509_up_ref(info->_.x509);
|
---|
414 | return info->_.x509;
|
---|
415 | }
|
---|
416 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
|
---|
417 | OSSL_STORE_R_NOT_A_CERTIFICATE);
|
---|
418 | return NULL;
|
---|
419 | }
|
---|
420 |
|
---|
421 | X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
|
---|
422 | {
|
---|
423 | if (info->type == OSSL_STORE_INFO_CRL)
|
---|
424 | return info->_.crl;
|
---|
425 | return NULL;
|
---|
426 | }
|
---|
427 |
|
---|
428 | X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
|
---|
429 | {
|
---|
430 | if (info->type == OSSL_STORE_INFO_CRL) {
|
---|
431 | X509_CRL_up_ref(info->_.crl);
|
---|
432 | return info->_.crl;
|
---|
433 | }
|
---|
434 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
|
---|
435 | OSSL_STORE_R_NOT_A_CRL);
|
---|
436 | return NULL;
|
---|
437 | }
|
---|
438 |
|
---|
439 | /*
|
---|
440 | * Free the OSSL_STORE_INFO
|
---|
441 | */
|
---|
442 | void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
|
---|
443 | {
|
---|
444 | if (info != NULL) {
|
---|
445 | switch (info->type) {
|
---|
446 | case OSSL_STORE_INFO_EMBEDDED:
|
---|
447 | BUF_MEM_free(info->_.embedded.blob);
|
---|
448 | OPENSSL_free(info->_.embedded.pem_name);
|
---|
449 | break;
|
---|
450 | case OSSL_STORE_INFO_NAME:
|
---|
451 | OPENSSL_free(info->_.name.name);
|
---|
452 | OPENSSL_free(info->_.name.desc);
|
---|
453 | break;
|
---|
454 | case OSSL_STORE_INFO_PARAMS:
|
---|
455 | EVP_PKEY_free(info->_.params);
|
---|
456 | break;
|
---|
457 | case OSSL_STORE_INFO_PKEY:
|
---|
458 | EVP_PKEY_free(info->_.pkey);
|
---|
459 | break;
|
---|
460 | case OSSL_STORE_INFO_CERT:
|
---|
461 | X509_free(info->_.x509);
|
---|
462 | break;
|
---|
463 | case OSSL_STORE_INFO_CRL:
|
---|
464 | X509_CRL_free(info->_.crl);
|
---|
465 | break;
|
---|
466 | }
|
---|
467 | OPENSSL_free(info);
|
---|
468 | }
|
---|
469 | }
|
---|
470 |
|
---|
471 | int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
|
---|
472 | {
|
---|
473 | OSSL_STORE_SEARCH tmp_search;
|
---|
474 |
|
---|
475 | if (ctx->loader->find == NULL)
|
---|
476 | return 0;
|
---|
477 | tmp_search.search_type = search_type;
|
---|
478 | return ctx->loader->find(NULL, &tmp_search);
|
---|
479 | }
|
---|
480 |
|
---|
481 | /* Search term constructors */
|
---|
482 | OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
|
---|
483 | {
|
---|
484 | OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
|
---|
485 |
|
---|
486 | if (search == NULL) {
|
---|
487 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME,
|
---|
488 | ERR_R_MALLOC_FAILURE);
|
---|
489 | return NULL;
|
---|
490 | }
|
---|
491 |
|
---|
492 | search->search_type = OSSL_STORE_SEARCH_BY_NAME;
|
---|
493 | search->name = name;
|
---|
494 | return search;
|
---|
495 | }
|
---|
496 |
|
---|
497 | OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
|
---|
498 | const ASN1_INTEGER *serial)
|
---|
499 | {
|
---|
500 | OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
|
---|
501 |
|
---|
502 | if (search == NULL) {
|
---|
503 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL,
|
---|
504 | ERR_R_MALLOC_FAILURE);
|
---|
505 | return NULL;
|
---|
506 | }
|
---|
507 |
|
---|
508 | search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
|
---|
509 | search->name = name;
|
---|
510 | search->serial = serial;
|
---|
511 | return search;
|
---|
512 | }
|
---|
513 |
|
---|
514 | OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
|
---|
515 | const unsigned char
|
---|
516 | *bytes, size_t len)
|
---|
517 | {
|
---|
518 | OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
|
---|
519 |
|
---|
520 | if (search == NULL) {
|
---|
521 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
|
---|
522 | ERR_R_MALLOC_FAILURE);
|
---|
523 | return NULL;
|
---|
524 | }
|
---|
525 |
|
---|
526 | if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
|
---|
527 | char buf1[20], buf2[20];
|
---|
528 |
|
---|
529 | BIO_snprintf(buf1, sizeof(buf1), "%d", EVP_MD_size(digest));
|
---|
530 | BIO_snprintf(buf2, sizeof(buf2), "%zu", len);
|
---|
531 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
|
---|
532 | OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST);
|
---|
533 | ERR_add_error_data(5, EVP_MD_name(digest), " size is ", buf1,
|
---|
534 | ", fingerprint size is ", buf2);
|
---|
535 | }
|
---|
536 |
|
---|
537 | search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
|
---|
538 | search->digest = digest;
|
---|
539 | search->string = bytes;
|
---|
540 | search->stringlength = len;
|
---|
541 | return search;
|
---|
542 | }
|
---|
543 |
|
---|
544 | OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
|
---|
545 | {
|
---|
546 | OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
|
---|
547 |
|
---|
548 | if (search == NULL) {
|
---|
549 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS,
|
---|
550 | ERR_R_MALLOC_FAILURE);
|
---|
551 | return NULL;
|
---|
552 | }
|
---|
553 |
|
---|
554 | search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
|
---|
555 | search->string = (const unsigned char *)alias;
|
---|
556 | search->stringlength = strlen(alias);
|
---|
557 | return search;
|
---|
558 | }
|
---|
559 |
|
---|
560 | /* Search term destructor */
|
---|
561 | void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
|
---|
562 | {
|
---|
563 | OPENSSL_free(search);
|
---|
564 | }
|
---|
565 |
|
---|
566 | /* Search term accessors */
|
---|
567 | int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
|
---|
568 | {
|
---|
569 | return criterion->search_type;
|
---|
570 | }
|
---|
571 |
|
---|
572 | X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion)
|
---|
573 | {
|
---|
574 | return criterion->name;
|
---|
575 | }
|
---|
576 |
|
---|
577 | const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
|
---|
578 | *criterion)
|
---|
579 | {
|
---|
580 | return criterion->serial;
|
---|
581 | }
|
---|
582 |
|
---|
583 | const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
|
---|
584 | *criterion, size_t *length)
|
---|
585 | {
|
---|
586 | *length = criterion->stringlength;
|
---|
587 | return criterion->string;
|
---|
588 | }
|
---|
589 |
|
---|
590 | const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
|
---|
591 | {
|
---|
592 | return (const char *)criterion->string;
|
---|
593 | }
|
---|
594 |
|
---|
595 | const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
|
---|
596 | {
|
---|
597 | return criterion->digest;
|
---|
598 | }
|
---|
599 |
|
---|
600 | /* Internal functions */
|
---|
601 | OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
|
---|
602 | BUF_MEM *embedded)
|
---|
603 | {
|
---|
604 | OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
|
---|
605 |
|
---|
606 | if (info == NULL) {
|
---|
607 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
|
---|
608 | ERR_R_MALLOC_FAILURE);
|
---|
609 | return NULL;
|
---|
610 | }
|
---|
611 |
|
---|
612 | info->_.embedded.blob = embedded;
|
---|
613 | info->_.embedded.pem_name =
|
---|
614 | new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
|
---|
615 |
|
---|
616 | if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
|
---|
617 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
|
---|
618 | ERR_R_MALLOC_FAILURE);
|
---|
619 | OSSL_STORE_INFO_free(info);
|
---|
620 | info = NULL;
|
---|
621 | }
|
---|
622 |
|
---|
623 | return info;
|
---|
624 | }
|
---|
625 |
|
---|
626 | BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
|
---|
627 | {
|
---|
628 | if (info->type == OSSL_STORE_INFO_EMBEDDED)
|
---|
629 | return info->_.embedded.blob;
|
---|
630 | return NULL;
|
---|
631 | }
|
---|
632 |
|
---|
633 | char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
|
---|
634 | {
|
---|
635 | if (info->type == OSSL_STORE_INFO_EMBEDDED)
|
---|
636 | return info->_.embedded.pem_name;
|
---|
637 | return NULL;
|
---|
638 | }
|
---|
639 |
|
---|
640 | OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
|
---|
641 | void *ui_data)
|
---|
642 | {
|
---|
643 | OSSL_STORE_CTX *ctx = NULL;
|
---|
644 | const OSSL_STORE_LOADER *loader = NULL;
|
---|
645 | OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
|
---|
646 |
|
---|
647 | if ((loader = ossl_store_get0_loader_int("file")) == NULL
|
---|
648 | || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
|
---|
649 | goto done;
|
---|
650 | if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
|
---|
651 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
|
---|
652 | ERR_R_MALLOC_FAILURE);
|
---|
653 | goto done;
|
---|
654 | }
|
---|
655 |
|
---|
656 | ctx->loader = loader;
|
---|
657 | ctx->loader_ctx = loader_ctx;
|
---|
658 | loader_ctx = NULL;
|
---|
659 | ctx->ui_method = ui_method;
|
---|
660 | ctx->ui_data = ui_data;
|
---|
661 | ctx->post_process = NULL;
|
---|
662 | ctx->post_process_data = NULL;
|
---|
663 |
|
---|
664 | done:
|
---|
665 | if (loader_ctx != NULL)
|
---|
666 | /*
|
---|
667 | * We ignore a returned error because we will return NULL anyway in
|
---|
668 | * this case, so if something goes wrong when closing, that'll simply
|
---|
669 | * just add another entry on the error stack.
|
---|
670 | */
|
---|
671 | (void)loader->close(loader_ctx);
|
---|
672 | return ctx;
|
---|
673 | }
|
---|
674 |
|
---|
675 | int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
|
---|
676 | {
|
---|
677 | int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);
|
---|
678 |
|
---|
679 | OPENSSL_free(ctx);
|
---|
680 | return loader_ret;
|
---|
681 | }
|
---|