| 1 | /* |
|---|---|
| 2 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | */ |
| 9 | |
| 10 | #include "e_os.h" |
| 11 | #include <string.h> |
| 12 | #include <sys/stat.h> |
| 13 | #include <ctype.h> |
| 14 | #include <assert.h> |
| 15 | |
| 16 | #include <openssl/bio.h> |
| 17 | #include <openssl/dsa.h> /* For d2i_DSAPrivateKey */ |
| 18 | #include <openssl/err.h> |
| 19 | #include <openssl/evp.h> |
| 20 | #include <openssl/pem.h> |
| 21 | #include <openssl/pkcs12.h> /* For the PKCS8 stuff o.O */ |
| 22 | #include <openssl/rsa.h> /* For d2i_RSAPrivateKey */ |
| 23 | #include <openssl/safestack.h> |
| 24 | #include <openssl/store.h> |
| 25 | #include <openssl/ui.h> |
| 26 | #include <openssl/x509.h> /* For the PKCS8 stuff o.O */ |
| 27 | #include "crypto/asn1.h" |
| 28 | #include "crypto/ctype.h" |
| 29 | #include "internal/o_dir.h" |
| 30 | #include "internal/cryptlib.h" |
| 31 | #include "crypto/store.h" |
| 32 | #include "store_local.h" |
| 33 | |
| 34 | #ifdef _WIN32 |
| 35 | # define stat _stat |
| 36 | #endif |
| 37 | |
| 38 | #ifndef S_ISDIR |
| 39 | # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) |
| 40 | #endif |
| 41 | |
| 42 | /*- |
| 43 | * Password prompting |
| 44 | * ------------------ |
| 45 | */ |
| 46 | |
| 47 | static char *file_get_pass(const UI_METHOD *ui_method, char *pass, |
| 48 | size_t maxsize, const char *prompt_info, void *data) |
| 49 | { |
| 50 | UI *ui = UI_new(); |
| 51 | char *prompt = NULL; |
| 52 | |
| 53 | if (ui == NULL) { |
| 54 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); |
| 55 | return NULL; |
| 56 | } |
| 57 | |
| 58 | if (ui_method != NULL) |
| 59 | UI_set_method(ui, ui_method); |
| 60 | UI_add_user_data(ui, data); |
| 61 | |
| 62 | if ((prompt = UI_construct_prompt(ui, "pass phrase", |
| 63 | prompt_info)) == NULL) { |
| 64 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); |
| 65 | pass = NULL; |
| 66 | } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, |
| 67 | pass, 0, maxsize - 1)) { |
| 68 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); |
| 69 | pass = NULL; |
| 70 | } else { |
| 71 | switch (UI_process(ui)) { |
| 72 | case -2: |
| 73 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, |
| 74 | OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED); |
| 75 | pass = NULL; |
| 76 | break; |
| 77 | case -1: |
| 78 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); |
| 79 | pass = NULL; |
| 80 | break; |
| 81 | default: |
| 82 | break; |
| 83 | } |
| 84 | } |
| 85 | |
| 86 | OPENSSL_free(prompt); |
| 87 | UI_free(ui); |
| 88 | return pass; |
| 89 | } |
| 90 | |
| 91 | struct pem_pass_data { |
| 92 | const UI_METHOD *ui_method; |
| 93 | void *data; |
| 94 | const char *prompt_info; |
| 95 | }; |
| 96 | |
| 97 | static int file_fill_pem_pass_data(struct pem_pass_data *pass_data, |
| 98 | const char *prompt_info, |
| 99 | const UI_METHOD *ui_method, void *ui_data) |
| 100 | { |
| 101 | if (pass_data == NULL) |
| 102 | return 0; |
| 103 | pass_data->ui_method = ui_method; |
| 104 | pass_data->data = ui_data; |
| 105 | pass_data->prompt_info = prompt_info; |
| 106 | return 1; |
| 107 | } |
| 108 | |
| 109 | /* This is used anywhere a pem_password_cb is needed */ |
| 110 | static int file_get_pem_pass(char *buf, int num, int w, void *data) |
| 111 | { |
| 112 | struct pem_pass_data *pass_data = data; |
| 113 | char *pass = file_get_pass(pass_data->ui_method, buf, num, |
| 114 | pass_data->prompt_info, pass_data->data); |
| 115 | |
| 116 | return pass == NULL ? 0 : strlen(pass); |
| 117 | } |
| 118 | |
| 119 | /*- |
| 120 | * The file scheme decoders |
| 121 | * ------------------------ |
| 122 | * |
| 123 | * Each possible data type has its own decoder, which either operates |
| 124 | * through a given PEM name, or attempts to decode to see if the blob |
| 125 | * it's given is decodable for its data type. The assumption is that |
| 126 | * only the correct data type will match the content. |
| 127 | */ |
| 128 | |
| 129 | /*- |
| 130 | * The try_decode function is called to check if the blob of data can |
| 131 | * be used by this handler, and if it can, decodes it into a supported |
| 132 | * OpenSSL type and returns a OSSL_STORE_INFO with the decoded data. |
| 133 | * Input: |
| 134 | * pem_name: If this blob comes from a PEM file, this holds |
| 135 | * the PEM name. If it comes from another type of |
| 136 | * file, this is NULL. |
| 137 | * pem_header: If this blob comes from a PEM file, this holds |
| 138 | * the PEM headers. If it comes from another type of |
| 139 | * file, this is NULL. |
| 140 | * blob: The blob of data to match with what this handler |
| 141 | * can use. |
| 142 | * len: The length of the blob. |
| 143 | * handler_ctx: For a handler marked repeatable, this pointer can |
| 144 | * be used to create a context for the handler. IT IS |
| 145 | * THE HANDLER'S RESPONSIBILITY TO CREATE AND DESTROY |
| 146 | * THIS CONTEXT APPROPRIATELY, i.e. create on first call |
| 147 | * and destroy when about to return NULL. |
| 148 | * matchcount: A pointer to an int to count matches for this data. |
| 149 | * Usually becomes 0 (no match) or 1 (match!), but may |
| 150 | * be higher in the (unlikely) event that the data matches |
| 151 | * more than one possibility. The int will always be |
| 152 | * zero when the function is called. |
| 153 | * ui_method: Application UI method for getting a password, pin |
| 154 | * or any other interactive data. |
| 155 | * ui_data: Application data to be passed to ui_method when |
| 156 | * it's called. |
| 157 | * Output: |
| 158 | * a OSSL_STORE_INFO |
| 159 | */ |
| 160 | typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name, |
| 161 | const char *pem_header, |
| 162 | const unsigned char *blob, |
| 163 | size_t len, void **handler_ctx, |
| 164 | int *matchcount, |
| 165 | const UI_METHOD *ui_method, |
| 166 | void *ui_data); |
| 167 | /* |
| 168 | * The eof function should return 1 if there's no more data to be found |
| 169 | * with the handler_ctx, otherwise 0. This is only used when the handler is |
| 170 | * marked repeatable. |
| 171 | */ |
| 172 | typedef int (*file_eof_fn)(void *handler_ctx); |
| 173 | /* |
| 174 | * The destroy_ctx function is used to destroy the handler_ctx that was |
| 175 | * initiated by a repeatable try_decode function. This is only used when |
| 176 | * the handler is marked repeatable. |
| 177 | */ |
| 178 | typedef void (*file_destroy_ctx_fn)(void **handler_ctx); |
| 179 | |
| 180 | typedef struct file_handler_st { |
| 181 | const char *name; |
| 182 | file_try_decode_fn try_decode; |
| 183 | file_eof_fn eof; |
| 184 | file_destroy_ctx_fn destroy_ctx; |
| 185 | |
| 186 | /* flags */ |
| 187 | int repeatable; |
| 188 | } FILE_HANDLER; |
| 189 | |
| 190 | /* |
| 191 | * PKCS#12 decoder. It operates by decoding all of the blob content, |
| 192 | * extracting all the interesting data from it and storing them internally, |
| 193 | * then serving them one piece at a time. |
| 194 | */ |
| 195 | static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, |
| 196 | const char *pem_header, |
| 197 | const unsigned char *blob, |
| 198 | size_t len, void **pctx, |
| 199 | int *matchcount, |
| 200 | const UI_METHOD *ui_method, |
| 201 | void *ui_data) |
| 202 | { |
| 203 | OSSL_STORE_INFO *store_info = NULL; |
| 204 | STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; |
| 205 | |
| 206 | if (ctx == NULL) { |
| 207 | /* Initial parsing */ |
| 208 | PKCS12 *p12; |
| 209 | int ok = 0; |
| 210 | |
| 211 | if (pem_name != NULL) |
| 212 | /* No match, there is no PEM PKCS12 tag */ |
| 213 | return NULL; |
| 214 | |
| 215 | if ((p12 = d2i_PKCS12(NULL, &blob, len)) != NULL) { |
| 216 | char *pass = NULL; |
| 217 | char tpass[PEM_BUFSIZE]; |
| 218 | EVP_PKEY *pkey = NULL; |
| 219 | X509 *cert = NULL; |
| 220 | STACK_OF(X509) *chain = NULL; |
| 221 | |
| 222 | *matchcount = 1; |
| 223 | |
| 224 | if (PKCS12_verify_mac(p12, "", 0) |
| 225 | || PKCS12_verify_mac(p12, NULL, 0)) { |
| 226 | pass = ""; |
| 227 | } else { |
| 228 | if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE, |
| 229 | "PKCS12 import password", |
| 230 | ui_data)) == NULL) { |
| 231 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, |
| 232 | OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); |
| 233 | goto p12_end; |
| 234 | } |
| 235 | if (!PKCS12_verify_mac(p12, pass, strlen(pass))) { |
| 236 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, |
| 237 | OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC); |
| 238 | goto p12_end; |
| 239 | } |
| 240 | } |
| 241 | |
| 242 | if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) { |
| 243 | OSSL_STORE_INFO *osi_pkey = NULL; |
| 244 | OSSL_STORE_INFO *osi_cert = NULL; |
| 245 | OSSL_STORE_INFO *osi_ca = NULL; |
| 246 | |
| 247 | if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL |
| 248 | && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL |
| 249 | && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0 |
| 250 | && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL |
| 251 | && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) { |
| 252 | ok = 1; |
| 253 | osi_pkey = NULL; |
| 254 | osi_cert = NULL; |
| 255 | |
| 256 | while(sk_X509_num(chain) > 0) { |
| 257 | X509 *ca = sk_X509_value(chain, 0); |
| 258 | |
| 259 | if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL |
| 260 | || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) { |
| 261 | ok = 0; |
| 262 | break; |
| 263 | } |
| 264 | osi_ca = NULL; |
| 265 | (void)sk_X509_shift(chain); |
| 266 | } |
| 267 | } |
| 268 | if (!ok) { |
| 269 | OSSL_STORE_INFO_free(osi_ca); |
| 270 | OSSL_STORE_INFO_free(osi_cert); |
| 271 | OSSL_STORE_INFO_free(osi_pkey); |
| 272 | sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); |
| 273 | EVP_PKEY_free(pkey); |
| 274 | X509_free(cert); |
| 275 | sk_X509_pop_free(chain, X509_free); |
| 276 | ctx = NULL; |
| 277 | } |
| 278 | *pctx = ctx; |
| 279 | } |
| 280 | } |
| 281 | p12_end: |
| 282 | PKCS12_free(p12); |
| 283 | if (!ok) |
| 284 | return NULL; |
| 285 | } |
| 286 | |
| 287 | if (ctx != NULL) { |
| 288 | *matchcount = 1; |
| 289 | store_info = sk_OSSL_STORE_INFO_shift(ctx); |
| 290 | } |
| 291 | |
| 292 | return store_info; |
| 293 | } |
| 294 | |
| 295 | static int eof_PKCS12(void *ctx_) |
| 296 | { |
| 297 | STACK_OF(OSSL_STORE_INFO) *ctx = ctx_; |
| 298 | |
| 299 | return ctx == NULL || sk_OSSL_STORE_INFO_num(ctx) == 0; |
| 300 | } |
| 301 | |
| 302 | static void destroy_ctx_PKCS12(void **pctx) |
| 303 | { |
| 304 | STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; |
| 305 | |
| 306 | sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); |
| 307 | *pctx = NULL; |
| 308 | } |
| 309 | |
| 310 | static FILE_HANDLER PKCS12_handler = { |
| 311 | "PKCS12", |
| 312 | try_decode_PKCS12, |
| 313 | eof_PKCS12, |
| 314 | destroy_ctx_PKCS12, |
| 315 | 1 /* repeatable */ |
| 316 | }; |
| 317 | |
| 318 | /* |
| 319 | * Encrypted PKCS#8 decoder. It operates by just decrypting the given blob |
| 320 | * into a new blob, which is returned as an EMBEDDED STORE_INFO. The whole |
| 321 | * decoding process will then start over with the new blob. |
| 322 | */ |
| 323 | static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name, |
| 324 | const char *pem_header, |
| 325 | const unsigned char *blob, |
| 326 | size_t len, void **pctx, |
| 327 | int *matchcount, |
| 328 | const UI_METHOD *ui_method, |
| 329 | void *ui_data) |
| 330 | { |
| 331 | X509_SIG *p8 = NULL; |
| 332 | char kbuf[PEM_BUFSIZE]; |
| 333 | char *pass = NULL; |
| 334 | const X509_ALGOR *dalg = NULL; |
| 335 | const ASN1_OCTET_STRING *doct = NULL; |
| 336 | OSSL_STORE_INFO *store_info = NULL; |
| 337 | BUF_MEM *mem = NULL; |
| 338 | unsigned char *new_data = NULL; |
| 339 | int new_data_len; |
| 340 | |
| 341 | if (pem_name != NULL) { |
| 342 | if (strcmp(pem_name, PEM_STRING_PKCS8) != 0) |
| 343 | return NULL; |
| 344 | *matchcount = 1; |
| 345 | } |
| 346 | |
| 347 | if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL) |
| 348 | return NULL; |
| 349 | |
| 350 | *matchcount = 1; |
| 351 | |
| 352 | if ((mem = BUF_MEM_new()) == NULL) { |
| 353 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, |
| 354 | ERR_R_MALLOC_FAILURE); |
| 355 | goto nop8; |
| 356 | } |
| 357 | |
| 358 | if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE, |
| 359 | "PKCS8 decrypt password", ui_data)) == NULL) { |
| 360 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, |
| 361 | OSSL_STORE_R_BAD_PASSWORD_READ); |
| 362 | goto nop8; |
| 363 | } |
| 364 | |
| 365 | X509_SIG_get0(p8, &dalg, &doct); |
| 366 | if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length, |
| 367 | &new_data, &new_data_len, 0)) |
| 368 | goto nop8; |
| 369 | |
| 370 | mem->data = (char *)new_data; |
| 371 | mem->max = mem->length = (size_t)new_data_len; |
| 372 | X509_SIG_free(p8); |
| 373 | |
| 374 | store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem); |
| 375 | if (store_info == NULL) { |
| 376 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, |
| 377 | ERR_R_MALLOC_FAILURE); |
| 378 | goto nop8; |
| 379 | } |
| 380 | |
| 381 | return store_info; |
| 382 | nop8: |
| 383 | X509_SIG_free(p8); |
| 384 | BUF_MEM_free(mem); |
| 385 | return NULL; |
| 386 | } |
| 387 | |
| 388 | static FILE_HANDLER PKCS8Encrypted_handler = { |
| 389 | "PKCS8Encrypted", |
| 390 | try_decode_PKCS8Encrypted |
| 391 | }; |
| 392 | |
| 393 | /* |
| 394 | * Private key decoder. Decodes all sorts of private keys, both PKCS#8 |
| 395 | * encoded ones and old style PEM ones (with the key type is encoded into |
| 396 | * the PEM name). |
| 397 | */ |
| 398 | int pem_check_suffix(const char *pem_str, const char *suffix); |
| 399 | static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, |
| 400 | const char *pem_header, |
| 401 | const unsigned char *blob, |
| 402 | size_t len, void **pctx, |
| 403 | int *matchcount, |
| 404 | const UI_METHOD *ui_method, |
| 405 | void *ui_data) |
| 406 | { |
| 407 | OSSL_STORE_INFO *store_info = NULL; |
| 408 | EVP_PKEY *pkey = NULL; |
| 409 | const EVP_PKEY_ASN1_METHOD *ameth = NULL; |
| 410 | |
| 411 | if (pem_name != NULL) { |
| 412 | if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) { |
| 413 | PKCS8_PRIV_KEY_INFO *p8inf = |
| 414 | d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len); |
| 415 | |
| 416 | *matchcount = 1; |
| 417 | if (p8inf != NULL) |
| 418 | pkey = EVP_PKCS82PKEY(p8inf); |
| 419 | PKCS8_PRIV_KEY_INFO_free(p8inf); |
| 420 | } else { |
| 421 | int slen; |
| 422 | |
| 423 | if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0 |
| 424 | && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name, |
| 425 | slen)) != NULL) { |
| 426 | *matchcount = 1; |
| 427 | pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len); |
| 428 | } |
| 429 | } |
| 430 | } else { |
| 431 | int i; |
| 432 | |
| 433 | for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { |
| 434 | EVP_PKEY *tmp_pkey = NULL; |
| 435 | const unsigned char *tmp_blob = blob; |
| 436 | |
| 437 | ameth = EVP_PKEY_asn1_get0(i); |
| 438 | if (ameth->pkey_flags & ASN1_PKEY_ALIAS) |
| 439 | continue; |
| 440 | |
| 441 | tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len); |
| 442 | if (tmp_pkey != NULL) { |
| 443 | if (pkey != NULL) |
| 444 | EVP_PKEY_free(tmp_pkey); |
| 445 | else |
| 446 | pkey = tmp_pkey; |
| 447 | (*matchcount)++; |
| 448 | } |
| 449 | } |
| 450 | |
| 451 | if (*matchcount > 1) { |
| 452 | EVP_PKEY_free(pkey); |
| 453 | pkey = NULL; |
| 454 | } |
| 455 | } |
| 456 | if (pkey == NULL) |
| 457 | /* No match */ |
| 458 | return NULL; |
| 459 | |
| 460 | store_info = OSSL_STORE_INFO_new_PKEY(pkey); |
| 461 | if (store_info == NULL) |
| 462 | EVP_PKEY_free(pkey); |
| 463 | |
| 464 | return store_info; |
| 465 | } |
| 466 | |
| 467 | static FILE_HANDLER PrivateKey_handler = { |
| 468 | "PrivateKey", |
| 469 | try_decode_PrivateKey |
| 470 | }; |
| 471 | |
| 472 | /* |
| 473 | * Public key decoder. Only supports SubjectPublicKeyInfo formatted keys. |
| 474 | */ |
| 475 | static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name, |
| 476 | const char *pem_header, |
| 477 | const unsigned char *blob, |
| 478 | size_t len, void **pctx, |
| 479 | int *matchcount, |
| 480 | const UI_METHOD *ui_method, |
| 481 | void *ui_data) |
| 482 | { |
| 483 | OSSL_STORE_INFO *store_info = NULL; |
| 484 | EVP_PKEY *pkey = NULL; |
| 485 | |
| 486 | if (pem_name != NULL) { |
| 487 | if (strcmp(pem_name, PEM_STRING_PUBLIC) != 0) |
| 488 | /* No match */ |
| 489 | return NULL; |
| 490 | *matchcount = 1; |
| 491 | } |
| 492 | |
| 493 | if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) { |
| 494 | *matchcount = 1; |
| 495 | store_info = OSSL_STORE_INFO_new_PKEY(pkey); |
| 496 | } |
| 497 | |
| 498 | return store_info; |
| 499 | } |
| 500 | |
| 501 | static FILE_HANDLER PUBKEY_handler = { |
| 502 | "PUBKEY", |
| 503 | try_decode_PUBKEY |
| 504 | }; |
| 505 | |
| 506 | /* |
| 507 | * Key parameter decoder. |
| 508 | */ |
| 509 | static OSSL_STORE_INFO *try_decode_params(const char *pem_name, |
| 510 | const char *pem_header, |
| 511 | const unsigned char *blob, |
| 512 | size_t len, void **pctx, |
| 513 | int *matchcount, |
| 514 | const UI_METHOD *ui_method, |
| 515 | void *ui_data) |
| 516 | { |
| 517 | OSSL_STORE_INFO *store_info = NULL; |
| 518 | int slen = 0; |
| 519 | EVP_PKEY *pkey = NULL; |
| 520 | const EVP_PKEY_ASN1_METHOD *ameth = NULL; |
| 521 | int ok = 0; |
| 522 | |
| 523 | if (pem_name != NULL) { |
| 524 | if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0) |
| 525 | return NULL; |
| 526 | *matchcount = 1; |
| 527 | } |
| 528 | |
| 529 | if (slen > 0) { |
| 530 | if ((pkey = EVP_PKEY_new()) == NULL) { |
| 531 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); |
| 532 | return NULL; |
| 533 | } |
| 534 | |
| 535 | |
| 536 | if (EVP_PKEY_set_type_str(pkey, pem_name, slen) |
| 537 | && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL |
| 538 | && ameth->param_decode != NULL |
| 539 | && ameth->param_decode(pkey, &blob, len)) |
| 540 | ok = 1; |
| 541 | } else { |
| 542 | int i; |
| 543 | EVP_PKEY *tmp_pkey = NULL; |
| 544 | |
| 545 | for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { |
| 546 | const unsigned char *tmp_blob = blob; |
| 547 | |
| 548 | if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) { |
| 549 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); |
| 550 | break; |
| 551 | } |
| 552 | |
| 553 | ameth = EVP_PKEY_asn1_get0(i); |
| 554 | if (ameth->pkey_flags & ASN1_PKEY_ALIAS) |
| 555 | continue; |
| 556 | |
| 557 | if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id) |
| 558 | && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL |
| 559 | && ameth->param_decode != NULL |
| 560 | && ameth->param_decode(tmp_pkey, &tmp_blob, len)) { |
| 561 | if (pkey != NULL) |
| 562 | EVP_PKEY_free(tmp_pkey); |
| 563 | else |
| 564 | pkey = tmp_pkey; |
| 565 | tmp_pkey = NULL; |
| 566 | (*matchcount)++; |
| 567 | } |
| 568 | } |
| 569 | |
| 570 | EVP_PKEY_free(tmp_pkey); |
| 571 | if (*matchcount == 1) { |
| 572 | ok = 1; |
| 573 | } |
| 574 | } |
| 575 | |
| 576 | if (ok) |
| 577 | store_info = OSSL_STORE_INFO_new_PARAMS(pkey); |
| 578 | if (store_info == NULL) |
| 579 | EVP_PKEY_free(pkey); |
| 580 | |
| 581 | return store_info; |
| 582 | } |
| 583 | |
| 584 | static FILE_HANDLER params_handler = { |
| 585 | "params", |
| 586 | try_decode_params |
| 587 | }; |
| 588 | |
| 589 | /* |
| 590 | * X.509 certificate decoder. |
| 591 | */ |
| 592 | static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name, |
| 593 | const char *pem_header, |
| 594 | const unsigned char *blob, |
| 595 | size_t len, void **pctx, |
| 596 | int *matchcount, |
| 597 | const UI_METHOD *ui_method, |
| 598 | void *ui_data) |
| 599 | { |
| 600 | OSSL_STORE_INFO *store_info = NULL; |
| 601 | X509 *cert = NULL; |
| 602 | |
| 603 | /* |
| 604 | * In most cases, we can try to interpret the serialized data as a trusted |
| 605 | * cert (X509 + X509_AUX) and fall back to reading it as a normal cert |
| 606 | * (just X509), but if the PEM name specifically declares it as a trusted |
| 607 | * cert, then no fallback should be engaged. |ignore_trusted| tells if |
| 608 | * the fallback can be used (1) or not (0). |
| 609 | */ |
| 610 | int ignore_trusted = 1; |
| 611 | |
| 612 | if (pem_name != NULL) { |
| 613 | if (strcmp(pem_name, PEM_STRING_X509_TRUSTED) == 0) |
| 614 | ignore_trusted = 0; |
| 615 | else if (strcmp(pem_name, PEM_STRING_X509_OLD) != 0 |
| 616 | && strcmp(pem_name, PEM_STRING_X509) != 0) |
| 617 | /* No match */ |
| 618 | return NULL; |
| 619 | *matchcount = 1; |
| 620 | } |
| 621 | |
| 622 | if ((cert = d2i_X509_AUX(NULL, &blob, len)) != NULL |
| 623 | || (ignore_trusted && (cert = d2i_X509(NULL, &blob, len)) != NULL)) { |
| 624 | *matchcount = 1; |
| 625 | store_info = OSSL_STORE_INFO_new_CERT(cert); |
| 626 | } |
| 627 | |
| 628 | if (store_info == NULL) |
| 629 | X509_free(cert); |
| 630 | |
| 631 | return store_info; |
| 632 | } |
| 633 | |
| 634 | static FILE_HANDLER X509Certificate_handler = { |
| 635 | "X509Certificate", |
| 636 | try_decode_X509Certificate |
| 637 | }; |
| 638 | |
| 639 | /* |
| 640 | * X.509 CRL decoder. |
| 641 | */ |
| 642 | static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name, |
| 643 | const char *pem_header, |
| 644 | const unsigned char *blob, |
| 645 | size_t len, void **pctx, |
| 646 | int *matchcount, |
| 647 | const UI_METHOD *ui_method, |
| 648 | void *ui_data) |
| 649 | { |
| 650 | OSSL_STORE_INFO *store_info = NULL; |
| 651 | X509_CRL *crl = NULL; |
| 652 | |
| 653 | if (pem_name != NULL) { |
| 654 | if (strcmp(pem_name, PEM_STRING_X509_CRL) != 0) |
| 655 | /* No match */ |
| 656 | return NULL; |
| 657 | *matchcount = 1; |
| 658 | } |
| 659 | |
| 660 | if ((crl = d2i_X509_CRL(NULL, &blob, len)) != NULL) { |
| 661 | *matchcount = 1; |
| 662 | store_info = OSSL_STORE_INFO_new_CRL(crl); |
| 663 | } |
| 664 | |
| 665 | if (store_info == NULL) |
| 666 | X509_CRL_free(crl); |
| 667 | |
| 668 | return store_info; |
| 669 | } |
| 670 | |
| 671 | static FILE_HANDLER X509CRL_handler = { |
| 672 | "X509CRL", |
| 673 | try_decode_X509CRL |
| 674 | }; |
| 675 | |
| 676 | /* |
| 677 | * To finish it all off, we collect all the handlers. |
| 678 | */ |
| 679 | static const FILE_HANDLER *file_handlers[] = { |
| 680 | &PKCS12_handler, |
| 681 | &PKCS8Encrypted_handler, |
| 682 | &X509Certificate_handler, |
| 683 | &X509CRL_handler, |
| 684 | ¶ms_handler, |
| 685 | &PUBKEY_handler, |
| 686 | &PrivateKey_handler, |
| 687 | }; |
| 688 | |
| 689 | |
| 690 | /*- |
| 691 | * The loader itself |
| 692 | * ----------------- |
| 693 | */ |
| 694 | |
| 695 | struct ossl_store_loader_ctx_st { |
| 696 | enum { |
| 697 | is_raw = 0, |
| 698 | is_pem, |
| 699 | is_dir |
| 700 | } type; |
| 701 | int errcnt; |
| 702 | #define FILE_FLAG_SECMEM (1<<0) |
| 703 | unsigned int flags; |
| 704 | union { |
| 705 | struct { /* Used with is_raw and is_pem */ |
| 706 | BIO *file; |
| 707 | |
| 708 | /* |
| 709 | * The following are used when the handler is marked as |
| 710 | * repeatable |
| 711 | */ |
| 712 | const FILE_HANDLER *last_handler; |
| 713 | void *last_handler_ctx; |
| 714 | } file; |
| 715 | struct { /* Used with is_dir */ |
| 716 | OPENSSL_DIR_CTX *ctx; |
| 717 | int end_reached; |
| 718 | char *uri; |
| 719 | |
| 720 | /* |
| 721 | * When a search expression is given, these are filled in. |
| 722 | * |search_name| contains the file basename to look for. |
| 723 | * The string is exactly 8 characters long. |
| 724 | */ |
| 725 | char search_name[9]; |
| 726 | |
| 727 | /* |
| 728 | * The directory reading utility we have combines opening with |
| 729 | * reading the first name. To make sure we can detect the end |
| 730 | * at the right time, we read early and cache the name. |
| 731 | */ |
| 732 | const char *last_entry; |
| 733 | int last_errno; |
| 734 | } dir; |
| 735 | } _; |
| 736 | |
| 737 | /* Expected object type. May be unspecified */ |
| 738 | int expected_type; |
| 739 | }; |
| 740 | |
| 741 | static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx) |
| 742 | { |
| 743 | if (ctx->type == is_dir) { |
| 744 | OPENSSL_free(ctx->_.dir.uri); |
| 745 | } else { |
| 746 | if (ctx->_.file.last_handler != NULL) { |
| 747 | ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); |
| 748 | ctx->_.file.last_handler_ctx = NULL; |
| 749 | ctx->_.file.last_handler = NULL; |
| 750 | } |
| 751 | } |
| 752 | OPENSSL_free(ctx); |
| 753 | } |
| 754 | |
| 755 | static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, |
| 756 | const char *uri, |
| 757 | const UI_METHOD *ui_method, |
| 758 | void *ui_data) |
| 759 | { |
| 760 | OSSL_STORE_LOADER_CTX *ctx = NULL; |
| 761 | struct stat st; |
| 762 | struct { |
| 763 | const char *path; |
| 764 | unsigned int check_absolute:1; |
| 765 | } path_data[2]; |
| 766 | size_t path_data_n = 0, i; |
| 767 | const char *path; |
| 768 | |
| 769 | /* |
| 770 | * First step, just take the URI as is. |
| 771 | */ |
| 772 | path_data[path_data_n].check_absolute = 0; |
| 773 | path_data[path_data_n++].path = uri; |
| 774 | |
| 775 | /* |
| 776 | * Second step, if the URI appears to start with the 'file' scheme, |
| 777 | * extract the path and make that the second path to check. |
| 778 | * There's a special case if the URI also contains an authority, then |
| 779 | * the full URI shouldn't be used as a path anywhere. |
| 780 | */ |
| 781 | if (strncasecmp(uri, "file:", 5) == 0) { |
| 782 | const char *p = &uri[5]; |
| 783 | |
| 784 | if (strncmp(&uri[5], "//", 2) == 0) { |
| 785 | path_data_n--; /* Invalidate using the full URI */ |
| 786 | if (strncasecmp(&uri[7], "localhost/", 10) == 0) { |
| 787 | p = &uri[16]; |
| 788 | } else if (uri[7] == '/') { |
| 789 | p = &uri[7]; |
| 790 | } else { |
| 791 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, |
| 792 | OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED); |
| 793 | return NULL; |
| 794 | } |
| 795 | } |
| 796 | |
| 797 | path_data[path_data_n].check_absolute = 1; |
| 798 | #ifdef _WIN32 |
| 799 | /* Windows file: URIs with a drive letter start with a / */ |
| 800 | if (p[0] == '/' && p[2] == ':' && p[3] == '/') { |
| 801 | char c = ossl_tolower(p[1]); |
| 802 | |
| 803 | if (c >= 'a' && c <= 'z') { |
| 804 | p++; |
| 805 | /* We know it's absolute, so no need to check */ |
| 806 | path_data[path_data_n].check_absolute = 0; |
| 807 | } |
| 808 | } |
| 809 | #endif |
| 810 | path_data[path_data_n++].path = p; |
| 811 | } |
| 812 | |
| 813 | |
| 814 | for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) { |
| 815 | /* |
| 816 | * If the scheme "file" was an explicit part of the URI, the path must |
| 817 | * be absolute. So says RFC 8089 |
| 818 | */ |
| 819 | if (path_data[i].check_absolute && path_data[i].path[0] != '/') { |
| 820 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, |
| 821 | OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE); |
| 822 | ERR_add_error_data(1, path_data[i].path); |
| 823 | return NULL; |
| 824 | } |
| 825 | |
| 826 | if (stat(path_data[i].path, &st) < 0) { |
| 827 | ERR_raise_data(ERR_LIB_SYS, errno, |
| 828 | "calling stat(%s)", |
| 829 | path_data[i].path); |
| 830 | } else { |
| 831 | path = path_data[i].path; |
| 832 | } |
| 833 | } |
| 834 | if (path == NULL) { |
| 835 | return NULL; |
| 836 | } |
| 837 | |
| 838 | /* Successfully found a working path, clear possible collected errors */ |
| 839 | ERR_clear_error(); |
| 840 | |
| 841 | ctx = OPENSSL_zalloc(sizeof(*ctx)); |
| 842 | if (ctx == NULL) { |
| 843 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE); |
| 844 | return NULL; |
| 845 | } |
| 846 | |
| 847 | if (S_ISDIR(st.st_mode)) { |
| 848 | /* |
| 849 | * Try to copy everything, even if we know that some of them must be |
| 850 | * NULL for the moment. This prevents errors in the future, when more |
| 851 | * components may be used. |
| 852 | */ |
| 853 | ctx->_.dir.uri = OPENSSL_strdup(uri); |
| 854 | ctx->type = is_dir; |
| 855 | |
| 856 | if (ctx->_.dir.uri == NULL) |
| 857 | goto err; |
| 858 | |
| 859 | ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path); |
| 860 | ctx->_.dir.last_errno = errno; |
| 861 | if (ctx->_.dir.last_entry == NULL) { |
| 862 | if (ctx->_.dir.last_errno != 0) { |
| 863 | char errbuf[256]; |
| 864 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB); |
| 865 | errno = ctx->_.dir.last_errno; |
| 866 | if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) |
| 867 | ERR_add_error_data(1, errbuf); |
| 868 | goto err; |
| 869 | } |
| 870 | ctx->_.dir.end_reached = 1; |
| 871 | } |
| 872 | } else { |
| 873 | BIO *buff = NULL; |
| 874 | char peekbuf[4096] = { 0, }; |
| 875 | |
| 876 | if ((buff = BIO_new(BIO_f_buffer())) == NULL |
| 877 | || (ctx->_.file.file = BIO_new_file(path, "rb")) == NULL) { |
| 878 | BIO_free_all(buff); |
| 879 | goto err; |
| 880 | } |
| 881 | |
| 882 | ctx->_.file.file = BIO_push(buff, ctx->_.file.file); |
| 883 | if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) { |
| 884 | peekbuf[sizeof(peekbuf) - 1] = '\0'; |
| 885 | if (strstr(peekbuf, "-----BEGIN ") != NULL) |
| 886 | ctx->type = is_pem; |
| 887 | } |
| 888 | } |
| 889 | |
| 890 | return ctx; |
| 891 | err: |
| 892 | OSSL_STORE_LOADER_CTX_free(ctx); |
| 893 | return NULL; |
| 894 | } |
| 895 | |
| 896 | static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args) |
| 897 | { |
| 898 | int ret = 1; |
| 899 | |
| 900 | switch (cmd) { |
| 901 | case OSSL_STORE_C_USE_SECMEM: |
| 902 | { |
| 903 | int on = *(va_arg(args, int *)); |
| 904 | |
| 905 | switch (on) { |
| 906 | case 0: |
| 907 | ctx->flags &= ~FILE_FLAG_SECMEM; |
| 908 | break; |
| 909 | case 1: |
| 910 | ctx->flags |= FILE_FLAG_SECMEM; |
| 911 | break; |
| 912 | default: |
| 913 | OSSL_STOREerr(OSSL_STORE_F_FILE_CTRL, |
| 914 | ERR_R_PASSED_INVALID_ARGUMENT); |
| 915 | ret = 0; |
| 916 | break; |
| 917 | } |
| 918 | } |
| 919 | break; |
| 920 | default: |
| 921 | break; |
| 922 | } |
| 923 | |
| 924 | return ret; |
| 925 | } |
| 926 | |
| 927 | static int file_expect(OSSL_STORE_LOADER_CTX *ctx, int expected) |
| 928 | { |
| 929 | ctx->expected_type = expected; |
| 930 | return 1; |
| 931 | } |
| 932 | |
| 933 | static int file_find(OSSL_STORE_LOADER_CTX *ctx, |
| 934 | const OSSL_STORE_SEARCH *search) |
| 935 | { |
| 936 | /* |
| 937 | * If ctx == NULL, the library is looking to know if this loader supports |
| 938 | * the given search type. |
| 939 | */ |
| 940 | |
| 941 | if (OSSL_STORE_SEARCH_get_type(search) == OSSL_STORE_SEARCH_BY_NAME) { |
| 942 | unsigned long hash = 0; |
| 943 | |
| 944 | if (ctx == NULL) |
| 945 | return 1; |
| 946 | |
| 947 | if (ctx->type != is_dir) { |
| 948 | OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, |
| 949 | OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES); |
| 950 | return 0; |
| 951 | } |
| 952 | |
| 953 | hash = X509_NAME_hash(OSSL_STORE_SEARCH_get0_name(search)); |
| 954 | BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name), |
| 955 | "%08lx", hash); |
| 956 | return 1; |
| 957 | } |
| 958 | |
| 959 | if (ctx != NULL) |
| 960 | OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, |
| 961 | OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE); |
| 962 | return 0; |
| 963 | } |
| 964 | |
| 965 | /* Internal function to decode an already opened PEM file */ |
| 966 | OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp) |
| 967 | { |
| 968 | OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); |
| 969 | |
| 970 | if (ctx == NULL) { |
| 971 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, |
| 972 | ERR_R_MALLOC_FAILURE); |
| 973 | return NULL; |
| 974 | } |
| 975 | |
| 976 | ctx->_.file.file = bp; |
| 977 | ctx->type = is_pem; |
| 978 | |
| 979 | return ctx; |
| 980 | } |
| 981 | |
| 982 | static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, |
| 983 | const char *pem_name, |
| 984 | const char *pem_header, |
| 985 | unsigned char *data, size_t len, |
| 986 | const UI_METHOD *ui_method, |
| 987 | void *ui_data, int *matchcount) |
| 988 | { |
| 989 | OSSL_STORE_INFO *result = NULL; |
| 990 | BUF_MEM *new_mem = NULL; |
| 991 | char *new_pem_name = NULL; |
| 992 | int t = 0; |
| 993 | |
| 994 | again: |
| 995 | { |
| 996 | size_t i = 0; |
| 997 | void *handler_ctx = NULL; |
| 998 | const FILE_HANDLER **matching_handlers = |
| 999 | OPENSSL_zalloc(sizeof(*matching_handlers) |
| 1000 | * OSSL_NELEM(file_handlers)); |
| 1001 | |
| 1002 | if (matching_handlers == NULL) { |
| 1003 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE, |
| 1004 | ERR_R_MALLOC_FAILURE); |
| 1005 | goto err; |
| 1006 | } |
| 1007 | |
| 1008 | *matchcount = 0; |
| 1009 | for (i = 0; i < OSSL_NELEM(file_handlers); i++) { |
| 1010 | const FILE_HANDLER *handler = file_handlers[i]; |
| 1011 | int try_matchcount = 0; |
| 1012 | void *tmp_handler_ctx = NULL; |
| 1013 | OSSL_STORE_INFO *tmp_result = |
| 1014 | handler->try_decode(pem_name, pem_header, data, len, |
| 1015 | &tmp_handler_ctx, &try_matchcount, |
| 1016 | ui_method, ui_data); |
| 1017 | |
| 1018 | if (try_matchcount > 0) { |
| 1019 | |
| 1020 | matching_handlers[*matchcount] = handler; |
| 1021 | |
| 1022 | if (handler_ctx) |
| 1023 | handler->destroy_ctx(&handler_ctx); |
| 1024 | handler_ctx = tmp_handler_ctx; |
| 1025 | |
| 1026 | if ((*matchcount += try_matchcount) > 1) { |
| 1027 | /* more than one match => ambiguous, kill any result */ |
| 1028 | OSSL_STORE_INFO_free(result); |
| 1029 | OSSL_STORE_INFO_free(tmp_result); |
| 1030 | if (handler->destroy_ctx != NULL) |
| 1031 | handler->destroy_ctx(&handler_ctx); |
| 1032 | handler_ctx = NULL; |
| 1033 | tmp_result = NULL; |
| 1034 | result = NULL; |
| 1035 | } |
| 1036 | if (result == NULL) |
| 1037 | result = tmp_result; |
| 1038 | } |
| 1039 | } |
| 1040 | |
| 1041 | if (*matchcount == 1 && matching_handlers[0]->repeatable) { |
| 1042 | ctx->_.file.last_handler = matching_handlers[0]; |
| 1043 | ctx->_.file.last_handler_ctx = handler_ctx; |
| 1044 | } |
| 1045 | |
| 1046 | OPENSSL_free(matching_handlers); |
| 1047 | } |
| 1048 | |
| 1049 | err: |
| 1050 | OPENSSL_free(new_pem_name); |
| 1051 | BUF_MEM_free(new_mem); |
| 1052 | |
| 1053 | if (result != NULL |
| 1054 | && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) { |
| 1055 | pem_name = new_pem_name = |
| 1056 | ossl_store_info_get0_EMBEDDED_pem_name(result); |
| 1057 | new_mem = ossl_store_info_get0_EMBEDDED_buffer(result); |
| 1058 | data = (unsigned char *)new_mem->data; |
| 1059 | len = new_mem->length; |
| 1060 | OPENSSL_free(result); |
| 1061 | result = NULL; |
| 1062 | goto again; |
| 1063 | } |
| 1064 | |
| 1065 | if (result != NULL) |
| 1066 | ERR_clear_error(); |
| 1067 | |
| 1068 | return result; |
| 1069 | } |
| 1070 | |
| 1071 | static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx, |
| 1072 | const UI_METHOD *ui_method, |
| 1073 | void *ui_data) |
| 1074 | { |
| 1075 | OSSL_STORE_INFO *result = NULL; |
| 1076 | int try_matchcount = 0; |
| 1077 | |
| 1078 | if (ctx->_.file.last_handler != NULL) { |
| 1079 | result = |
| 1080 | ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0, |
| 1081 | &ctx->_.file.last_handler_ctx, |
| 1082 | &try_matchcount, |
| 1083 | ui_method, ui_data); |
| 1084 | |
| 1085 | if (result == NULL) { |
| 1086 | ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); |
| 1087 | ctx->_.file.last_handler_ctx = NULL; |
| 1088 | ctx->_.file.last_handler = NULL; |
| 1089 | } |
| 1090 | } |
| 1091 | return result; |
| 1092 | } |
| 1093 | |
| 1094 | static void pem_free_flag(void *pem_data, int secure, size_t num) |
| 1095 | { |
| 1096 | if (secure) |
| 1097 | OPENSSL_secure_clear_free(pem_data, num); |
| 1098 | else |
| 1099 | OPENSSL_free(pem_data); |
| 1100 | } |
| 1101 | static int file_read_pem(BIO *bp, char **pem_name, char **pem_header, |
| 1102 | unsigned char **data, long *len, |
| 1103 | const UI_METHOD *ui_method, |
| 1104 | void *ui_data, int secure) |
| 1105 | { |
| 1106 | int i = secure |
| 1107 | ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len, |
| 1108 | PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE) |
| 1109 | : PEM_read_bio(bp, pem_name, pem_header, data, len); |
| 1110 | |
| 1111 | if (i <= 0) |
| 1112 | return 0; |
| 1113 | |
| 1114 | /* |
| 1115 | * 10 is the number of characters in "Proc-Type:", which |
| 1116 | * PEM_get_EVP_CIPHER_INFO() requires to be present. |
| 1117 | * If the PEM header has less characters than that, it's |
| 1118 | * not worth spending cycles on it. |
| 1119 | */ |
| 1120 | if (strlen(*pem_header) > 10) { |
| 1121 | EVP_CIPHER_INFO cipher; |
| 1122 | struct pem_pass_data pass_data; |
| 1123 | |
| 1124 | if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher) |
| 1125 | || !file_fill_pem_pass_data(&pass_data, "PEM", ui_method, ui_data) |
| 1126 | || !PEM_do_header(&cipher, *data, len, file_get_pem_pass, |
| 1127 | &pass_data)) { |
| 1128 | return 0; |
| 1129 | } |
| 1130 | } |
| 1131 | return 1; |
| 1132 | } |
| 1133 | |
| 1134 | static int file_read_asn1(BIO *bp, unsigned char **data, long *len) |
| 1135 | { |
| 1136 | BUF_MEM *mem = NULL; |
| 1137 | |
| 1138 | if (asn1_d2i_read_bio(bp, &mem) < 0) |
| 1139 | return 0; |
| 1140 | |
| 1141 | *data = (unsigned char *)mem->data; |
| 1142 | *len = (long)mem->length; |
| 1143 | OPENSSL_free(mem); |
| 1144 | |
| 1145 | return 1; |
| 1146 | } |
| 1147 | |
| 1148 | static int ends_with_dirsep(const char *uri) |
| 1149 | { |
| 1150 | if (*uri != '\0') |
| 1151 | uri += strlen(uri) - 1; |
| 1152 | #if defined __VMS |
| 1153 | if (*uri == ']' || *uri == '>' || *uri == ':') |
| 1154 | return 1; |
| 1155 | #elif defined _WIN32 |
| 1156 | if (*uri == '\\') |
| 1157 | return 1; |
| 1158 | #endif |
| 1159 | return *uri == '/'; |
| 1160 | } |
| 1161 | |
| 1162 | static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name, |
| 1163 | char **data) |
| 1164 | { |
| 1165 | assert(name != NULL); |
| 1166 | assert(data != NULL); |
| 1167 | { |
| 1168 | const char *pathsep = ends_with_dirsep(ctx->_.dir.uri) ? "": "/"; |
| 1169 | long calculated_length = strlen(ctx->_.dir.uri) + strlen(pathsep) |
| 1170 | + strlen(name) + 1 /* \0 */; |
| 1171 | |
| 1172 | *data = OPENSSL_zalloc(calculated_length); |
| 1173 | if (*data == NULL) { |
| 1174 | OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE); |
| 1175 | return 0; |
| 1176 | } |
| 1177 | |
| 1178 | OPENSSL_strlcat(*data, ctx->_.dir.uri, calculated_length); |
| 1179 | OPENSSL_strlcat(*data, pathsep, calculated_length); |
| 1180 | OPENSSL_strlcat(*data, name, calculated_length); |
| 1181 | } |
| 1182 | return 1; |
| 1183 | } |
| 1184 | |
| 1185 | static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) |
| 1186 | { |
| 1187 | const char *p = NULL; |
| 1188 | |
| 1189 | /* If there are no search criteria, all names are accepted */ |
| 1190 | if (ctx->_.dir.search_name[0] == '\0') |
| 1191 | return 1; |
| 1192 | |
| 1193 | /* If the expected type isn't supported, no name is accepted */ |
| 1194 | if (ctx->expected_type != 0 |
| 1195 | && ctx->expected_type != OSSL_STORE_INFO_CERT |
| 1196 | && ctx->expected_type != OSSL_STORE_INFO_CRL) |
| 1197 | return 0; |
| 1198 | |
| 1199 | /* |
| 1200 | * First, check the basename |
| 1201 | */ |
| 1202 | if (strncasecmp(name, ctx->_.dir.search_name, |
| 1203 | sizeof(ctx->_.dir.search_name) - 1) != 0 |
| 1204 | || name[sizeof(ctx->_.dir.search_name) - 1] != '.') |
| 1205 | return 0; |
| 1206 | p = &name[sizeof(ctx->_.dir.search_name)]; |
| 1207 | |
| 1208 | /* |
| 1209 | * Then, if the expected type is a CRL, check that the extension starts |
| 1210 | * with 'r' |
| 1211 | */ |
| 1212 | if (*p == 'r') { |
| 1213 | p++; |
| 1214 | if (ctx->expected_type != 0 |
| 1215 | && ctx->expected_type != OSSL_STORE_INFO_CRL) |
| 1216 | return 0; |
| 1217 | } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) { |
| 1218 | return 0; |
| 1219 | } |
| 1220 | |
| 1221 | /* |
| 1222 | * Last, check that the rest of the extension is a decimal number, at |
| 1223 | * least one digit long. |
| 1224 | */ |
| 1225 | if (!ossl_isdigit(*p)) |
| 1226 | return 0; |
| 1227 | while (ossl_isdigit(*p)) |
| 1228 | p++; |
| 1229 | |
| 1230 | # ifdef __VMS |
| 1231 | /* |
| 1232 | * One extra step here, check for a possible generation number. |
| 1233 | */ |
| 1234 | if (*p == ';') |
| 1235 | for (p++; *p != '\0'; p++) |
| 1236 | if (!ossl_isdigit(*p)) |
| 1237 | break; |
| 1238 | # endif |
| 1239 | |
| 1240 | /* |
| 1241 | * If we've reached the end of the string at this point, we've successfully |
| 1242 | * found a fitting file name. |
| 1243 | */ |
| 1244 | return *p == '\0'; |
| 1245 | } |
| 1246 | |
| 1247 | static int file_eof(OSSL_STORE_LOADER_CTX *ctx); |
| 1248 | static int file_error(OSSL_STORE_LOADER_CTX *ctx); |
| 1249 | static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, |
| 1250 | const UI_METHOD *ui_method, void *ui_data) |
| 1251 | { |
| 1252 | OSSL_STORE_INFO *result = NULL; |
| 1253 | |
| 1254 | ctx->errcnt = 0; |
| 1255 | ERR_clear_error(); |
| 1256 | |
| 1257 | if (ctx->type == is_dir) { |
| 1258 | do { |
| 1259 | char *newname = NULL; |
| 1260 | |
| 1261 | if (ctx->_.dir.last_entry == NULL) { |
| 1262 | if (!ctx->_.dir.end_reached) { |
| 1263 | char errbuf[256]; |
| 1264 | assert(ctx->_.dir.last_errno != 0); |
| 1265 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB); |
| 1266 | errno = ctx->_.dir.last_errno; |
| 1267 | ctx->errcnt++; |
| 1268 | if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) |
| 1269 | ERR_add_error_data(1, errbuf); |
| 1270 | } |
| 1271 | return NULL; |
| 1272 | } |
| 1273 | |
| 1274 | if (ctx->_.dir.last_entry[0] != '.' |
| 1275 | && file_name_check(ctx, ctx->_.dir.last_entry) |
| 1276 | && !file_name_to_uri(ctx, ctx->_.dir.last_entry, &newname)) |
| 1277 | return NULL; |
| 1278 | |
| 1279 | /* |
| 1280 | * On the first call (with a NULL context), OPENSSL_DIR_read() |
| 1281 | * cares about the second argument. On the following calls, it |
| 1282 | * only cares that it isn't NULL. Therefore, we can safely give |
| 1283 | * it our URI here. |
| 1284 | */ |
| 1285 | ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, |
| 1286 | ctx->_.dir.uri); |
| 1287 | ctx->_.dir.last_errno = errno; |
| 1288 | if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0) |
| 1289 | ctx->_.dir.end_reached = 1; |
| 1290 | |
| 1291 | if (newname != NULL |
| 1292 | && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) { |
| 1293 | OPENSSL_free(newname); |
| 1294 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_OSSL_STORE_LIB); |
| 1295 | return NULL; |
| 1296 | } |
| 1297 | } while (result == NULL && !file_eof(ctx)); |
| 1298 | } else { |
| 1299 | int matchcount = -1; |
| 1300 | |
| 1301 | again: |
| 1302 | result = file_load_try_repeat(ctx, ui_method, ui_data); |
| 1303 | if (result != NULL) |
| 1304 | return result; |
| 1305 | |
| 1306 | if (file_eof(ctx)) |
| 1307 | return NULL; |
| 1308 | |
| 1309 | do { |
| 1310 | char *pem_name = NULL; /* PEM record name */ |
| 1311 | char *pem_header = NULL; /* PEM record header */ |
| 1312 | unsigned char *data = NULL; /* DER encoded data */ |
| 1313 | long len = 0; /* DER encoded data length */ |
| 1314 | |
| 1315 | matchcount = -1; |
| 1316 | if (ctx->type == is_pem) { |
| 1317 | if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header, |
| 1318 | &data, &len, ui_method, ui_data, |
| 1319 | (ctx->flags & FILE_FLAG_SECMEM) != 0)) { |
| 1320 | ctx->errcnt++; |
| 1321 | goto endloop; |
| 1322 | } |
| 1323 | } else { |
| 1324 | if (!file_read_asn1(ctx->_.file.file, &data, &len)) { |
| 1325 | ctx->errcnt++; |
| 1326 | goto endloop; |
| 1327 | } |
| 1328 | } |
| 1329 | |
| 1330 | result = file_load_try_decode(ctx, pem_name, pem_header, data, len, |
| 1331 | ui_method, ui_data, &matchcount); |
| 1332 | |
| 1333 | if (result != NULL) |
| 1334 | goto endloop; |
| 1335 | |
| 1336 | /* |
| 1337 | * If a PEM name matches more than one handler, the handlers are |
| 1338 | * badly coded. |
| 1339 | */ |
| 1340 | if (!ossl_assert(pem_name == NULL || matchcount <= 1)) { |
| 1341 | ctx->errcnt++; |
| 1342 | goto endloop; |
| 1343 | } |
| 1344 | |
| 1345 | if (matchcount > 1) { |
| 1346 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, |
| 1347 | OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE); |
| 1348 | } else if (matchcount == 1) { |
| 1349 | /* |
| 1350 | * If there are other errors on the stack, they already show |
| 1351 | * what the problem is. |
| 1352 | */ |
| 1353 | if (ERR_peek_error() == 0) { |
| 1354 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, |
| 1355 | OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE); |
| 1356 | if (pem_name != NULL) |
| 1357 | ERR_add_error_data(3, "PEM type is '", pem_name, "'"); |
| 1358 | } |
| 1359 | } |
| 1360 | if (matchcount > 0) |
| 1361 | ctx->errcnt++; |
| 1362 | |
| 1363 | endloop: |
| 1364 | pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); |
| 1365 | pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); |
| 1366 | pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len); |
| 1367 | } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx)); |
| 1368 | |
| 1369 | /* We bail out on ambiguity */ |
| 1370 | if (matchcount > 1) |
| 1371 | return NULL; |
| 1372 | |
| 1373 | if (result != NULL |
| 1374 | && ctx->expected_type != 0 |
| 1375 | && ctx->expected_type != OSSL_STORE_INFO_get_type(result)) { |
| 1376 | OSSL_STORE_INFO_free(result); |
| 1377 | goto again; |
| 1378 | } |
| 1379 | } |
| 1380 | |
| 1381 | return result; |
| 1382 | } |
| 1383 | |
| 1384 | static int file_error(OSSL_STORE_LOADER_CTX *ctx) |
| 1385 | { |
| 1386 | return ctx->errcnt > 0; |
| 1387 | } |
| 1388 | |
| 1389 | static int file_eof(OSSL_STORE_LOADER_CTX *ctx) |
| 1390 | { |
| 1391 | if (ctx->type == is_dir) |
| 1392 | return ctx->_.dir.end_reached; |
| 1393 | |
| 1394 | if (ctx->_.file.last_handler != NULL |
| 1395 | && !ctx->_.file.last_handler->eof(ctx->_.file.last_handler_ctx)) |
| 1396 | return 0; |
| 1397 | return BIO_eof(ctx->_.file.file); |
| 1398 | } |
| 1399 | |
| 1400 | static int file_close(OSSL_STORE_LOADER_CTX *ctx) |
| 1401 | { |
| 1402 | if (ctx->type == is_dir) { |
| 1403 | OPENSSL_DIR_end(&ctx->_.dir.ctx); |
| 1404 | } else { |
| 1405 | BIO_free_all(ctx->_.file.file); |
| 1406 | } |
| 1407 | OSSL_STORE_LOADER_CTX_free(ctx); |
| 1408 | return 1; |
| 1409 | } |
| 1410 | |
| 1411 | int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx) |
| 1412 | { |
| 1413 | OSSL_STORE_LOADER_CTX_free(ctx); |
| 1414 | return 1; |
| 1415 | } |
| 1416 | |
| 1417 | static OSSL_STORE_LOADER file_loader = |
| 1418 | { |
| 1419 | "file", |
| 1420 | NULL, |
| 1421 | file_open, |
| 1422 | file_ctrl, |
| 1423 | file_expect, |
| 1424 | file_find, |
| 1425 | file_load, |
| 1426 | file_eof, |
| 1427 | file_error, |
| 1428 | file_close |
| 1429 | }; |
| 1430 | |
| 1431 | static void store_file_loader_deinit(void) |
| 1432 | { |
| 1433 | ossl_store_unregister_loader_int(file_loader.scheme); |
| 1434 | } |
| 1435 | |
| 1436 | int ossl_store_file_loader_init(void) |
| 1437 | { |
| 1438 | int ret = ossl_store_register_loader_int(&file_loader); |
| 1439 | |
| 1440 | OPENSSL_atexit(store_file_loader_deinit); |
| 1441 | return ret; |
| 1442 | } |
| 1443 |
Generated on 2020-Jan-04 from project ClickHouse revision 19.17.6
Powered by 
Code Browser 2.1
Generator usage only permitted with license.