1 | /* |
2 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include "e_os.h" |
11 | #include <string.h> |
12 | #include <sys/stat.h> |
13 | #include <ctype.h> |
14 | #include <assert.h> |
15 | |
16 | #include <openssl/bio.h> |
17 | #include <openssl/dsa.h> /* For d2i_DSAPrivateKey */ |
18 | #include <openssl/err.h> |
19 | #include <openssl/evp.h> |
20 | #include <openssl/pem.h> |
21 | #include <openssl/pkcs12.h> /* For the PKCS8 stuff o.O */ |
22 | #include <openssl/rsa.h> /* For d2i_RSAPrivateKey */ |
23 | #include <openssl/safestack.h> |
24 | #include <openssl/store.h> |
25 | #include <openssl/ui.h> |
26 | #include <openssl/x509.h> /* For the PKCS8 stuff o.O */ |
27 | #include "crypto/asn1.h" |
28 | #include "crypto/ctype.h" |
29 | #include "internal/o_dir.h" |
30 | #include "internal/cryptlib.h" |
31 | #include "crypto/store.h" |
32 | #include "store_local.h" |
33 | |
34 | #ifdef _WIN32 |
35 | # define stat _stat |
36 | #endif |
37 | |
38 | #ifndef S_ISDIR |
39 | # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) |
40 | #endif |
41 | |
42 | /*- |
43 | * Password prompting |
44 | * ------------------ |
45 | */ |
46 | |
47 | static char *file_get_pass(const UI_METHOD *ui_method, char *pass, |
48 | size_t maxsize, const char *prompt_info, void *data) |
49 | { |
50 | UI *ui = UI_new(); |
51 | char *prompt = NULL; |
52 | |
53 | if (ui == NULL) { |
54 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); |
55 | return NULL; |
56 | } |
57 | |
58 | if (ui_method != NULL) |
59 | UI_set_method(ui, ui_method); |
60 | UI_add_user_data(ui, data); |
61 | |
62 | if ((prompt = UI_construct_prompt(ui, "pass phrase" , |
63 | prompt_info)) == NULL) { |
64 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); |
65 | pass = NULL; |
66 | } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, |
67 | pass, 0, maxsize - 1)) { |
68 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); |
69 | pass = NULL; |
70 | } else { |
71 | switch (UI_process(ui)) { |
72 | case -2: |
73 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, |
74 | OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED); |
75 | pass = NULL; |
76 | break; |
77 | case -1: |
78 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); |
79 | pass = NULL; |
80 | break; |
81 | default: |
82 | break; |
83 | } |
84 | } |
85 | |
86 | OPENSSL_free(prompt); |
87 | UI_free(ui); |
88 | return pass; |
89 | } |
90 | |
91 | struct pem_pass_data { |
92 | const UI_METHOD *ui_method; |
93 | void *data; |
94 | const char *prompt_info; |
95 | }; |
96 | |
97 | static int file_fill_pem_pass_data(struct pem_pass_data *pass_data, |
98 | const char *prompt_info, |
99 | const UI_METHOD *ui_method, void *ui_data) |
100 | { |
101 | if (pass_data == NULL) |
102 | return 0; |
103 | pass_data->ui_method = ui_method; |
104 | pass_data->data = ui_data; |
105 | pass_data->prompt_info = prompt_info; |
106 | return 1; |
107 | } |
108 | |
109 | /* This is used anywhere a pem_password_cb is needed */ |
110 | static int file_get_pem_pass(char *buf, int num, int w, void *data) |
111 | { |
112 | struct pem_pass_data *pass_data = data; |
113 | char *pass = file_get_pass(pass_data->ui_method, buf, num, |
114 | pass_data->prompt_info, pass_data->data); |
115 | |
116 | return pass == NULL ? 0 : strlen(pass); |
117 | } |
118 | |
119 | /*- |
120 | * The file scheme decoders |
121 | * ------------------------ |
122 | * |
123 | * Each possible data type has its own decoder, which either operates |
124 | * through a given PEM name, or attempts to decode to see if the blob |
125 | * it's given is decodable for its data type. The assumption is that |
126 | * only the correct data type will match the content. |
127 | */ |
128 | |
129 | /*- |
130 | * The try_decode function is called to check if the blob of data can |
131 | * be used by this handler, and if it can, decodes it into a supported |
132 | * OpenSSL type and returns a OSSL_STORE_INFO with the decoded data. |
133 | * Input: |
134 | * pem_name: If this blob comes from a PEM file, this holds |
135 | * the PEM name. If it comes from another type of |
136 | * file, this is NULL. |
137 | * pem_header: If this blob comes from a PEM file, this holds |
138 | * the PEM headers. If it comes from another type of |
139 | * file, this is NULL. |
140 | * blob: The blob of data to match with what this handler |
141 | * can use. |
142 | * len: The length of the blob. |
143 | * handler_ctx: For a handler marked repeatable, this pointer can |
144 | * be used to create a context for the handler. IT IS |
145 | * THE HANDLER'S RESPONSIBILITY TO CREATE AND DESTROY |
146 | * THIS CONTEXT APPROPRIATELY, i.e. create on first call |
147 | * and destroy when about to return NULL. |
148 | * matchcount: A pointer to an int to count matches for this data. |
149 | * Usually becomes 0 (no match) or 1 (match!), but may |
150 | * be higher in the (unlikely) event that the data matches |
151 | * more than one possibility. The int will always be |
152 | * zero when the function is called. |
153 | * ui_method: Application UI method for getting a password, pin |
154 | * or any other interactive data. |
155 | * ui_data: Application data to be passed to ui_method when |
156 | * it's called. |
157 | * Output: |
158 | * a OSSL_STORE_INFO |
159 | */ |
160 | typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name, |
161 | const char *, |
162 | const unsigned char *blob, |
163 | size_t len, void **handler_ctx, |
164 | int *matchcount, |
165 | const UI_METHOD *ui_method, |
166 | void *ui_data); |
167 | /* |
168 | * The eof function should return 1 if there's no more data to be found |
169 | * with the handler_ctx, otherwise 0. This is only used when the handler is |
170 | * marked repeatable. |
171 | */ |
172 | typedef int (*file_eof_fn)(void *handler_ctx); |
173 | /* |
174 | * The destroy_ctx function is used to destroy the handler_ctx that was |
175 | * initiated by a repeatable try_decode function. This is only used when |
176 | * the handler is marked repeatable. |
177 | */ |
178 | typedef void (*file_destroy_ctx_fn)(void **handler_ctx); |
179 | |
180 | typedef struct file_handler_st { |
181 | const char *name; |
182 | file_try_decode_fn try_decode; |
183 | file_eof_fn eof; |
184 | file_destroy_ctx_fn destroy_ctx; |
185 | |
186 | /* flags */ |
187 | int repeatable; |
188 | } FILE_HANDLER; |
189 | |
190 | /* |
191 | * PKCS#12 decoder. It operates by decoding all of the blob content, |
192 | * extracting all the interesting data from it and storing them internally, |
193 | * then serving them one piece at a time. |
194 | */ |
195 | static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, |
196 | const char *, |
197 | const unsigned char *blob, |
198 | size_t len, void **pctx, |
199 | int *matchcount, |
200 | const UI_METHOD *ui_method, |
201 | void *ui_data) |
202 | { |
203 | OSSL_STORE_INFO *store_info = NULL; |
204 | STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; |
205 | |
206 | if (ctx == NULL) { |
207 | /* Initial parsing */ |
208 | PKCS12 *p12; |
209 | int ok = 0; |
210 | |
211 | if (pem_name != NULL) |
212 | /* No match, there is no PEM PKCS12 tag */ |
213 | return NULL; |
214 | |
215 | if ((p12 = d2i_PKCS12(NULL, &blob, len)) != NULL) { |
216 | char *pass = NULL; |
217 | char tpass[PEM_BUFSIZE]; |
218 | EVP_PKEY *pkey = NULL; |
219 | X509 *cert = NULL; |
220 | STACK_OF(X509) *chain = NULL; |
221 | |
222 | *matchcount = 1; |
223 | |
224 | if (PKCS12_verify_mac(p12, "" , 0) |
225 | || PKCS12_verify_mac(p12, NULL, 0)) { |
226 | pass = "" ; |
227 | } else { |
228 | if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE, |
229 | "PKCS12 import password" , |
230 | ui_data)) == NULL) { |
231 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, |
232 | OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); |
233 | goto p12_end; |
234 | } |
235 | if (!PKCS12_verify_mac(p12, pass, strlen(pass))) { |
236 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, |
237 | OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC); |
238 | goto p12_end; |
239 | } |
240 | } |
241 | |
242 | if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) { |
243 | OSSL_STORE_INFO *osi_pkey = NULL; |
244 | OSSL_STORE_INFO *osi_cert = NULL; |
245 | OSSL_STORE_INFO *osi_ca = NULL; |
246 | |
247 | if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL |
248 | && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL |
249 | && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0 |
250 | && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL |
251 | && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) { |
252 | ok = 1; |
253 | osi_pkey = NULL; |
254 | osi_cert = NULL; |
255 | |
256 | while(sk_X509_num(chain) > 0) { |
257 | X509 *ca = sk_X509_value(chain, 0); |
258 | |
259 | if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL |
260 | || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) { |
261 | ok = 0; |
262 | break; |
263 | } |
264 | osi_ca = NULL; |
265 | (void)sk_X509_shift(chain); |
266 | } |
267 | } |
268 | if (!ok) { |
269 | OSSL_STORE_INFO_free(osi_ca); |
270 | OSSL_STORE_INFO_free(osi_cert); |
271 | OSSL_STORE_INFO_free(osi_pkey); |
272 | sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); |
273 | EVP_PKEY_free(pkey); |
274 | X509_free(cert); |
275 | sk_X509_pop_free(chain, X509_free); |
276 | ctx = NULL; |
277 | } |
278 | *pctx = ctx; |
279 | } |
280 | } |
281 | p12_end: |
282 | PKCS12_free(p12); |
283 | if (!ok) |
284 | return NULL; |
285 | } |
286 | |
287 | if (ctx != NULL) { |
288 | *matchcount = 1; |
289 | store_info = sk_OSSL_STORE_INFO_shift(ctx); |
290 | } |
291 | |
292 | return store_info; |
293 | } |
294 | |
295 | static int eof_PKCS12(void *ctx_) |
296 | { |
297 | STACK_OF(OSSL_STORE_INFO) *ctx = ctx_; |
298 | |
299 | return ctx == NULL || sk_OSSL_STORE_INFO_num(ctx) == 0; |
300 | } |
301 | |
302 | static void destroy_ctx_PKCS12(void **pctx) |
303 | { |
304 | STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; |
305 | |
306 | sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); |
307 | *pctx = NULL; |
308 | } |
309 | |
310 | static FILE_HANDLER PKCS12_handler = { |
311 | "PKCS12" , |
312 | try_decode_PKCS12, |
313 | eof_PKCS12, |
314 | destroy_ctx_PKCS12, |
315 | 1 /* repeatable */ |
316 | }; |
317 | |
318 | /* |
319 | * Encrypted PKCS#8 decoder. It operates by just decrypting the given blob |
320 | * into a new blob, which is returned as an EMBEDDED STORE_INFO. The whole |
321 | * decoding process will then start over with the new blob. |
322 | */ |
323 | static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name, |
324 | const char *, |
325 | const unsigned char *blob, |
326 | size_t len, void **pctx, |
327 | int *matchcount, |
328 | const UI_METHOD *ui_method, |
329 | void *ui_data) |
330 | { |
331 | X509_SIG *p8 = NULL; |
332 | char kbuf[PEM_BUFSIZE]; |
333 | char *pass = NULL; |
334 | const X509_ALGOR *dalg = NULL; |
335 | const ASN1_OCTET_STRING *doct = NULL; |
336 | OSSL_STORE_INFO *store_info = NULL; |
337 | BUF_MEM *mem = NULL; |
338 | unsigned char *new_data = NULL; |
339 | int new_data_len; |
340 | |
341 | if (pem_name != NULL) { |
342 | if (strcmp(pem_name, PEM_STRING_PKCS8) != 0) |
343 | return NULL; |
344 | *matchcount = 1; |
345 | } |
346 | |
347 | if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL) |
348 | return NULL; |
349 | |
350 | *matchcount = 1; |
351 | |
352 | if ((mem = BUF_MEM_new()) == NULL) { |
353 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, |
354 | ERR_R_MALLOC_FAILURE); |
355 | goto nop8; |
356 | } |
357 | |
358 | if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE, |
359 | "PKCS8 decrypt password" , ui_data)) == NULL) { |
360 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, |
361 | OSSL_STORE_R_BAD_PASSWORD_READ); |
362 | goto nop8; |
363 | } |
364 | |
365 | X509_SIG_get0(p8, &dalg, &doct); |
366 | if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length, |
367 | &new_data, &new_data_len, 0)) |
368 | goto nop8; |
369 | |
370 | mem->data = (char *)new_data; |
371 | mem->max = mem->length = (size_t)new_data_len; |
372 | X509_SIG_free(p8); |
373 | |
374 | store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem); |
375 | if (store_info == NULL) { |
376 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, |
377 | ERR_R_MALLOC_FAILURE); |
378 | goto nop8; |
379 | } |
380 | |
381 | return store_info; |
382 | nop8: |
383 | X509_SIG_free(p8); |
384 | BUF_MEM_free(mem); |
385 | return NULL; |
386 | } |
387 | |
388 | static FILE_HANDLER PKCS8Encrypted_handler = { |
389 | "PKCS8Encrypted" , |
390 | try_decode_PKCS8Encrypted |
391 | }; |
392 | |
393 | /* |
394 | * Private key decoder. Decodes all sorts of private keys, both PKCS#8 |
395 | * encoded ones and old style PEM ones (with the key type is encoded into |
396 | * the PEM name). |
397 | */ |
398 | int pem_check_suffix(const char *pem_str, const char *suffix); |
399 | static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, |
400 | const char *, |
401 | const unsigned char *blob, |
402 | size_t len, void **pctx, |
403 | int *matchcount, |
404 | const UI_METHOD *ui_method, |
405 | void *ui_data) |
406 | { |
407 | OSSL_STORE_INFO *store_info = NULL; |
408 | EVP_PKEY *pkey = NULL; |
409 | const EVP_PKEY_ASN1_METHOD *ameth = NULL; |
410 | |
411 | if (pem_name != NULL) { |
412 | if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) { |
413 | PKCS8_PRIV_KEY_INFO *p8inf = |
414 | d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len); |
415 | |
416 | *matchcount = 1; |
417 | if (p8inf != NULL) |
418 | pkey = EVP_PKCS82PKEY(p8inf); |
419 | PKCS8_PRIV_KEY_INFO_free(p8inf); |
420 | } else { |
421 | int slen; |
422 | |
423 | if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY" )) > 0 |
424 | && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name, |
425 | slen)) != NULL) { |
426 | *matchcount = 1; |
427 | pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len); |
428 | } |
429 | } |
430 | } else { |
431 | int i; |
432 | |
433 | for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { |
434 | EVP_PKEY *tmp_pkey = NULL; |
435 | const unsigned char *tmp_blob = blob; |
436 | |
437 | ameth = EVP_PKEY_asn1_get0(i); |
438 | if (ameth->pkey_flags & ASN1_PKEY_ALIAS) |
439 | continue; |
440 | |
441 | tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len); |
442 | if (tmp_pkey != NULL) { |
443 | if (pkey != NULL) |
444 | EVP_PKEY_free(tmp_pkey); |
445 | else |
446 | pkey = tmp_pkey; |
447 | (*matchcount)++; |
448 | } |
449 | } |
450 | |
451 | if (*matchcount > 1) { |
452 | EVP_PKEY_free(pkey); |
453 | pkey = NULL; |
454 | } |
455 | } |
456 | if (pkey == NULL) |
457 | /* No match */ |
458 | return NULL; |
459 | |
460 | store_info = OSSL_STORE_INFO_new_PKEY(pkey); |
461 | if (store_info == NULL) |
462 | EVP_PKEY_free(pkey); |
463 | |
464 | return store_info; |
465 | } |
466 | |
467 | static FILE_HANDLER PrivateKey_handler = { |
468 | "PrivateKey" , |
469 | try_decode_PrivateKey |
470 | }; |
471 | |
472 | /* |
473 | * Public key decoder. Only supports SubjectPublicKeyInfo formatted keys. |
474 | */ |
475 | static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name, |
476 | const char *, |
477 | const unsigned char *blob, |
478 | size_t len, void **pctx, |
479 | int *matchcount, |
480 | const UI_METHOD *ui_method, |
481 | void *ui_data) |
482 | { |
483 | OSSL_STORE_INFO *store_info = NULL; |
484 | EVP_PKEY *pkey = NULL; |
485 | |
486 | if (pem_name != NULL) { |
487 | if (strcmp(pem_name, PEM_STRING_PUBLIC) != 0) |
488 | /* No match */ |
489 | return NULL; |
490 | *matchcount = 1; |
491 | } |
492 | |
493 | if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) { |
494 | *matchcount = 1; |
495 | store_info = OSSL_STORE_INFO_new_PKEY(pkey); |
496 | } |
497 | |
498 | return store_info; |
499 | } |
500 | |
501 | static FILE_HANDLER PUBKEY_handler = { |
502 | "PUBKEY" , |
503 | try_decode_PUBKEY |
504 | }; |
505 | |
506 | /* |
507 | * Key parameter decoder. |
508 | */ |
509 | static OSSL_STORE_INFO *try_decode_params(const char *pem_name, |
510 | const char *, |
511 | const unsigned char *blob, |
512 | size_t len, void **pctx, |
513 | int *matchcount, |
514 | const UI_METHOD *ui_method, |
515 | void *ui_data) |
516 | { |
517 | OSSL_STORE_INFO *store_info = NULL; |
518 | int slen = 0; |
519 | EVP_PKEY *pkey = NULL; |
520 | const EVP_PKEY_ASN1_METHOD *ameth = NULL; |
521 | int ok = 0; |
522 | |
523 | if (pem_name != NULL) { |
524 | if ((slen = pem_check_suffix(pem_name, "PARAMETERS" )) == 0) |
525 | return NULL; |
526 | *matchcount = 1; |
527 | } |
528 | |
529 | if (slen > 0) { |
530 | if ((pkey = EVP_PKEY_new()) == NULL) { |
531 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); |
532 | return NULL; |
533 | } |
534 | |
535 | |
536 | if (EVP_PKEY_set_type_str(pkey, pem_name, slen) |
537 | && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL |
538 | && ameth->param_decode != NULL |
539 | && ameth->param_decode(pkey, &blob, len)) |
540 | ok = 1; |
541 | } else { |
542 | int i; |
543 | EVP_PKEY *tmp_pkey = NULL; |
544 | |
545 | for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { |
546 | const unsigned char *tmp_blob = blob; |
547 | |
548 | if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) { |
549 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); |
550 | break; |
551 | } |
552 | |
553 | ameth = EVP_PKEY_asn1_get0(i); |
554 | if (ameth->pkey_flags & ASN1_PKEY_ALIAS) |
555 | continue; |
556 | |
557 | if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id) |
558 | && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL |
559 | && ameth->param_decode != NULL |
560 | && ameth->param_decode(tmp_pkey, &tmp_blob, len)) { |
561 | if (pkey != NULL) |
562 | EVP_PKEY_free(tmp_pkey); |
563 | else |
564 | pkey = tmp_pkey; |
565 | tmp_pkey = NULL; |
566 | (*matchcount)++; |
567 | } |
568 | } |
569 | |
570 | EVP_PKEY_free(tmp_pkey); |
571 | if (*matchcount == 1) { |
572 | ok = 1; |
573 | } |
574 | } |
575 | |
576 | if (ok) |
577 | store_info = OSSL_STORE_INFO_new_PARAMS(pkey); |
578 | if (store_info == NULL) |
579 | EVP_PKEY_free(pkey); |
580 | |
581 | return store_info; |
582 | } |
583 | |
584 | static FILE_HANDLER params_handler = { |
585 | "params" , |
586 | try_decode_params |
587 | }; |
588 | |
589 | /* |
590 | * X.509 certificate decoder. |
591 | */ |
592 | static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name, |
593 | const char *, |
594 | const unsigned char *blob, |
595 | size_t len, void **pctx, |
596 | int *matchcount, |
597 | const UI_METHOD *ui_method, |
598 | void *ui_data) |
599 | { |
600 | OSSL_STORE_INFO *store_info = NULL; |
601 | X509 *cert = NULL; |
602 | |
603 | /* |
604 | * In most cases, we can try to interpret the serialized data as a trusted |
605 | * cert (X509 + X509_AUX) and fall back to reading it as a normal cert |
606 | * (just X509), but if the PEM name specifically declares it as a trusted |
607 | * cert, then no fallback should be engaged. |ignore_trusted| tells if |
608 | * the fallback can be used (1) or not (0). |
609 | */ |
610 | int ignore_trusted = 1; |
611 | |
612 | if (pem_name != NULL) { |
613 | if (strcmp(pem_name, PEM_STRING_X509_TRUSTED) == 0) |
614 | ignore_trusted = 0; |
615 | else if (strcmp(pem_name, PEM_STRING_X509_OLD) != 0 |
616 | && strcmp(pem_name, PEM_STRING_X509) != 0) |
617 | /* No match */ |
618 | return NULL; |
619 | *matchcount = 1; |
620 | } |
621 | |
622 | if ((cert = d2i_X509_AUX(NULL, &blob, len)) != NULL |
623 | || (ignore_trusted && (cert = d2i_X509(NULL, &blob, len)) != NULL)) { |
624 | *matchcount = 1; |
625 | store_info = OSSL_STORE_INFO_new_CERT(cert); |
626 | } |
627 | |
628 | if (store_info == NULL) |
629 | X509_free(cert); |
630 | |
631 | return store_info; |
632 | } |
633 | |
634 | static FILE_HANDLER X509Certificate_handler = { |
635 | "X509Certificate" , |
636 | try_decode_X509Certificate |
637 | }; |
638 | |
639 | /* |
640 | * X.509 CRL decoder. |
641 | */ |
642 | static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name, |
643 | const char *, |
644 | const unsigned char *blob, |
645 | size_t len, void **pctx, |
646 | int *matchcount, |
647 | const UI_METHOD *ui_method, |
648 | void *ui_data) |
649 | { |
650 | OSSL_STORE_INFO *store_info = NULL; |
651 | X509_CRL *crl = NULL; |
652 | |
653 | if (pem_name != NULL) { |
654 | if (strcmp(pem_name, PEM_STRING_X509_CRL) != 0) |
655 | /* No match */ |
656 | return NULL; |
657 | *matchcount = 1; |
658 | } |
659 | |
660 | if ((crl = d2i_X509_CRL(NULL, &blob, len)) != NULL) { |
661 | *matchcount = 1; |
662 | store_info = OSSL_STORE_INFO_new_CRL(crl); |
663 | } |
664 | |
665 | if (store_info == NULL) |
666 | X509_CRL_free(crl); |
667 | |
668 | return store_info; |
669 | } |
670 | |
671 | static FILE_HANDLER X509CRL_handler = { |
672 | "X509CRL" , |
673 | try_decode_X509CRL |
674 | }; |
675 | |
676 | /* |
677 | * To finish it all off, we collect all the handlers. |
678 | */ |
679 | static const FILE_HANDLER *file_handlers[] = { |
680 | &PKCS12_handler, |
681 | &PKCS8Encrypted_handler, |
682 | &X509Certificate_handler, |
683 | &X509CRL_handler, |
684 | ¶ms_handler, |
685 | &PUBKEY_handler, |
686 | &PrivateKey_handler, |
687 | }; |
688 | |
689 | |
690 | /*- |
691 | * The loader itself |
692 | * ----------------- |
693 | */ |
694 | |
695 | struct ossl_store_loader_ctx_st { |
696 | enum { |
697 | is_raw = 0, |
698 | is_pem, |
699 | is_dir |
700 | } type; |
701 | int errcnt; |
702 | #define FILE_FLAG_SECMEM (1<<0) |
703 | unsigned int flags; |
704 | union { |
705 | struct { /* Used with is_raw and is_pem */ |
706 | BIO *file; |
707 | |
708 | /* |
709 | * The following are used when the handler is marked as |
710 | * repeatable |
711 | */ |
712 | const FILE_HANDLER *last_handler; |
713 | void *last_handler_ctx; |
714 | } file; |
715 | struct { /* Used with is_dir */ |
716 | OPENSSL_DIR_CTX *ctx; |
717 | int end_reached; |
718 | char *uri; |
719 | |
720 | /* |
721 | * When a search expression is given, these are filled in. |
722 | * |search_name| contains the file basename to look for. |
723 | * The string is exactly 8 characters long. |
724 | */ |
725 | char search_name[9]; |
726 | |
727 | /* |
728 | * The directory reading utility we have combines opening with |
729 | * reading the first name. To make sure we can detect the end |
730 | * at the right time, we read early and cache the name. |
731 | */ |
732 | const char *last_entry; |
733 | int last_errno; |
734 | } dir; |
735 | } _; |
736 | |
737 | /* Expected object type. May be unspecified */ |
738 | int expected_type; |
739 | }; |
740 | |
741 | static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx) |
742 | { |
743 | if (ctx->type == is_dir) { |
744 | OPENSSL_free(ctx->_.dir.uri); |
745 | } else { |
746 | if (ctx->_.file.last_handler != NULL) { |
747 | ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); |
748 | ctx->_.file.last_handler_ctx = NULL; |
749 | ctx->_.file.last_handler = NULL; |
750 | } |
751 | } |
752 | OPENSSL_free(ctx); |
753 | } |
754 | |
755 | static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, |
756 | const char *uri, |
757 | const UI_METHOD *ui_method, |
758 | void *ui_data) |
759 | { |
760 | OSSL_STORE_LOADER_CTX *ctx = NULL; |
761 | struct stat st; |
762 | struct { |
763 | const char *path; |
764 | unsigned int check_absolute:1; |
765 | } path_data[2]; |
766 | size_t path_data_n = 0, i; |
767 | const char *path; |
768 | |
769 | /* |
770 | * First step, just take the URI as is. |
771 | */ |
772 | path_data[path_data_n].check_absolute = 0; |
773 | path_data[path_data_n++].path = uri; |
774 | |
775 | /* |
776 | * Second step, if the URI appears to start with the 'file' scheme, |
777 | * extract the path and make that the second path to check. |
778 | * There's a special case if the URI also contains an authority, then |
779 | * the full URI shouldn't be used as a path anywhere. |
780 | */ |
781 | if (strncasecmp(uri, "file:" , 5) == 0) { |
782 | const char *p = &uri[5]; |
783 | |
784 | if (strncmp(&uri[5], "//" , 2) == 0) { |
785 | path_data_n--; /* Invalidate using the full URI */ |
786 | if (strncasecmp(&uri[7], "localhost/" , 10) == 0) { |
787 | p = &uri[16]; |
788 | } else if (uri[7] == '/') { |
789 | p = &uri[7]; |
790 | } else { |
791 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, |
792 | OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED); |
793 | return NULL; |
794 | } |
795 | } |
796 | |
797 | path_data[path_data_n].check_absolute = 1; |
798 | #ifdef _WIN32 |
799 | /* Windows file: URIs with a drive letter start with a / */ |
800 | if (p[0] == '/' && p[2] == ':' && p[3] == '/') { |
801 | char c = ossl_tolower(p[1]); |
802 | |
803 | if (c >= 'a' && c <= 'z') { |
804 | p++; |
805 | /* We know it's absolute, so no need to check */ |
806 | path_data[path_data_n].check_absolute = 0; |
807 | } |
808 | } |
809 | #endif |
810 | path_data[path_data_n++].path = p; |
811 | } |
812 | |
813 | |
814 | for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) { |
815 | /* |
816 | * If the scheme "file" was an explicit part of the URI, the path must |
817 | * be absolute. So says RFC 8089 |
818 | */ |
819 | if (path_data[i].check_absolute && path_data[i].path[0] != '/') { |
820 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, |
821 | OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE); |
822 | ERR_add_error_data(1, path_data[i].path); |
823 | return NULL; |
824 | } |
825 | |
826 | if (stat(path_data[i].path, &st) < 0) { |
827 | ERR_raise_data(ERR_LIB_SYS, errno, |
828 | "calling stat(%s)" , |
829 | path_data[i].path); |
830 | } else { |
831 | path = path_data[i].path; |
832 | } |
833 | } |
834 | if (path == NULL) { |
835 | return NULL; |
836 | } |
837 | |
838 | /* Successfully found a working path, clear possible collected errors */ |
839 | ERR_clear_error(); |
840 | |
841 | ctx = OPENSSL_zalloc(sizeof(*ctx)); |
842 | if (ctx == NULL) { |
843 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE); |
844 | return NULL; |
845 | } |
846 | |
847 | if (S_ISDIR(st.st_mode)) { |
848 | /* |
849 | * Try to copy everything, even if we know that some of them must be |
850 | * NULL for the moment. This prevents errors in the future, when more |
851 | * components may be used. |
852 | */ |
853 | ctx->_.dir.uri = OPENSSL_strdup(uri); |
854 | ctx->type = is_dir; |
855 | |
856 | if (ctx->_.dir.uri == NULL) |
857 | goto err; |
858 | |
859 | ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path); |
860 | ctx->_.dir.last_errno = errno; |
861 | if (ctx->_.dir.last_entry == NULL) { |
862 | if (ctx->_.dir.last_errno != 0) { |
863 | char errbuf[256]; |
864 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB); |
865 | errno = ctx->_.dir.last_errno; |
866 | if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) |
867 | ERR_add_error_data(1, errbuf); |
868 | goto err; |
869 | } |
870 | ctx->_.dir.end_reached = 1; |
871 | } |
872 | } else { |
873 | BIO *buff = NULL; |
874 | char peekbuf[4096] = { 0, }; |
875 | |
876 | if ((buff = BIO_new(BIO_f_buffer())) == NULL |
877 | || (ctx->_.file.file = BIO_new_file(path, "rb" )) == NULL) { |
878 | BIO_free_all(buff); |
879 | goto err; |
880 | } |
881 | |
882 | ctx->_.file.file = BIO_push(buff, ctx->_.file.file); |
883 | if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) { |
884 | peekbuf[sizeof(peekbuf) - 1] = '\0'; |
885 | if (strstr(peekbuf, "-----BEGIN " ) != NULL) |
886 | ctx->type = is_pem; |
887 | } |
888 | } |
889 | |
890 | return ctx; |
891 | err: |
892 | OSSL_STORE_LOADER_CTX_free(ctx); |
893 | return NULL; |
894 | } |
895 | |
896 | static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args) |
897 | { |
898 | int ret = 1; |
899 | |
900 | switch (cmd) { |
901 | case OSSL_STORE_C_USE_SECMEM: |
902 | { |
903 | int on = *(va_arg(args, int *)); |
904 | |
905 | switch (on) { |
906 | case 0: |
907 | ctx->flags &= ~FILE_FLAG_SECMEM; |
908 | break; |
909 | case 1: |
910 | ctx->flags |= FILE_FLAG_SECMEM; |
911 | break; |
912 | default: |
913 | OSSL_STOREerr(OSSL_STORE_F_FILE_CTRL, |
914 | ERR_R_PASSED_INVALID_ARGUMENT); |
915 | ret = 0; |
916 | break; |
917 | } |
918 | } |
919 | break; |
920 | default: |
921 | break; |
922 | } |
923 | |
924 | return ret; |
925 | } |
926 | |
927 | static int file_expect(OSSL_STORE_LOADER_CTX *ctx, int expected) |
928 | { |
929 | ctx->expected_type = expected; |
930 | return 1; |
931 | } |
932 | |
933 | static int file_find(OSSL_STORE_LOADER_CTX *ctx, |
934 | const OSSL_STORE_SEARCH *search) |
935 | { |
936 | /* |
937 | * If ctx == NULL, the library is looking to know if this loader supports |
938 | * the given search type. |
939 | */ |
940 | |
941 | if (OSSL_STORE_SEARCH_get_type(search) == OSSL_STORE_SEARCH_BY_NAME) { |
942 | unsigned long hash = 0; |
943 | |
944 | if (ctx == NULL) |
945 | return 1; |
946 | |
947 | if (ctx->type != is_dir) { |
948 | OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, |
949 | OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES); |
950 | return 0; |
951 | } |
952 | |
953 | hash = X509_NAME_hash(OSSL_STORE_SEARCH_get0_name(search)); |
954 | BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name), |
955 | "%08lx" , hash); |
956 | return 1; |
957 | } |
958 | |
959 | if (ctx != NULL) |
960 | OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, |
961 | OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE); |
962 | return 0; |
963 | } |
964 | |
965 | /* Internal function to decode an already opened PEM file */ |
966 | OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp) |
967 | { |
968 | OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); |
969 | |
970 | if (ctx == NULL) { |
971 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, |
972 | ERR_R_MALLOC_FAILURE); |
973 | return NULL; |
974 | } |
975 | |
976 | ctx->_.file.file = bp; |
977 | ctx->type = is_pem; |
978 | |
979 | return ctx; |
980 | } |
981 | |
982 | static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, |
983 | const char *pem_name, |
984 | const char *, |
985 | unsigned char *data, size_t len, |
986 | const UI_METHOD *ui_method, |
987 | void *ui_data, int *matchcount) |
988 | { |
989 | OSSL_STORE_INFO *result = NULL; |
990 | BUF_MEM *new_mem = NULL; |
991 | char *new_pem_name = NULL; |
992 | int t = 0; |
993 | |
994 | again: |
995 | { |
996 | size_t i = 0; |
997 | void *handler_ctx = NULL; |
998 | const FILE_HANDLER **matching_handlers = |
999 | OPENSSL_zalloc(sizeof(*matching_handlers) |
1000 | * OSSL_NELEM(file_handlers)); |
1001 | |
1002 | if (matching_handlers == NULL) { |
1003 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE, |
1004 | ERR_R_MALLOC_FAILURE); |
1005 | goto err; |
1006 | } |
1007 | |
1008 | *matchcount = 0; |
1009 | for (i = 0; i < OSSL_NELEM(file_handlers); i++) { |
1010 | const FILE_HANDLER *handler = file_handlers[i]; |
1011 | int try_matchcount = 0; |
1012 | void *tmp_handler_ctx = NULL; |
1013 | OSSL_STORE_INFO *tmp_result = |
1014 | handler->try_decode(pem_name, pem_header, data, len, |
1015 | &tmp_handler_ctx, &try_matchcount, |
1016 | ui_method, ui_data); |
1017 | |
1018 | if (try_matchcount > 0) { |
1019 | |
1020 | matching_handlers[*matchcount] = handler; |
1021 | |
1022 | if (handler_ctx) |
1023 | handler->destroy_ctx(&handler_ctx); |
1024 | handler_ctx = tmp_handler_ctx; |
1025 | |
1026 | if ((*matchcount += try_matchcount) > 1) { |
1027 | /* more than one match => ambiguous, kill any result */ |
1028 | OSSL_STORE_INFO_free(result); |
1029 | OSSL_STORE_INFO_free(tmp_result); |
1030 | if (handler->destroy_ctx != NULL) |
1031 | handler->destroy_ctx(&handler_ctx); |
1032 | handler_ctx = NULL; |
1033 | tmp_result = NULL; |
1034 | result = NULL; |
1035 | } |
1036 | if (result == NULL) |
1037 | result = tmp_result; |
1038 | } |
1039 | } |
1040 | |
1041 | if (*matchcount == 1 && matching_handlers[0]->repeatable) { |
1042 | ctx->_.file.last_handler = matching_handlers[0]; |
1043 | ctx->_.file.last_handler_ctx = handler_ctx; |
1044 | } |
1045 | |
1046 | OPENSSL_free(matching_handlers); |
1047 | } |
1048 | |
1049 | err: |
1050 | OPENSSL_free(new_pem_name); |
1051 | BUF_MEM_free(new_mem); |
1052 | |
1053 | if (result != NULL |
1054 | && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) { |
1055 | pem_name = new_pem_name = |
1056 | ossl_store_info_get0_EMBEDDED_pem_name(result); |
1057 | new_mem = ossl_store_info_get0_EMBEDDED_buffer(result); |
1058 | data = (unsigned char *)new_mem->data; |
1059 | len = new_mem->length; |
1060 | OPENSSL_free(result); |
1061 | result = NULL; |
1062 | goto again; |
1063 | } |
1064 | |
1065 | if (result != NULL) |
1066 | ERR_clear_error(); |
1067 | |
1068 | return result; |
1069 | } |
1070 | |
1071 | static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx, |
1072 | const UI_METHOD *ui_method, |
1073 | void *ui_data) |
1074 | { |
1075 | OSSL_STORE_INFO *result = NULL; |
1076 | int try_matchcount = 0; |
1077 | |
1078 | if (ctx->_.file.last_handler != NULL) { |
1079 | result = |
1080 | ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0, |
1081 | &ctx->_.file.last_handler_ctx, |
1082 | &try_matchcount, |
1083 | ui_method, ui_data); |
1084 | |
1085 | if (result == NULL) { |
1086 | ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); |
1087 | ctx->_.file.last_handler_ctx = NULL; |
1088 | ctx->_.file.last_handler = NULL; |
1089 | } |
1090 | } |
1091 | return result; |
1092 | } |
1093 | |
1094 | static void pem_free_flag(void *pem_data, int secure, size_t num) |
1095 | { |
1096 | if (secure) |
1097 | OPENSSL_secure_clear_free(pem_data, num); |
1098 | else |
1099 | OPENSSL_free(pem_data); |
1100 | } |
1101 | static int file_read_pem(BIO *bp, char **pem_name, char **, |
1102 | unsigned char **data, long *len, |
1103 | const UI_METHOD *ui_method, |
1104 | void *ui_data, int secure) |
1105 | { |
1106 | int i = secure |
1107 | ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len, |
1108 | PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE) |
1109 | : PEM_read_bio(bp, pem_name, pem_header, data, len); |
1110 | |
1111 | if (i <= 0) |
1112 | return 0; |
1113 | |
1114 | /* |
1115 | * 10 is the number of characters in "Proc-Type:", which |
1116 | * PEM_get_EVP_CIPHER_INFO() requires to be present. |
1117 | * If the PEM header has less characters than that, it's |
1118 | * not worth spending cycles on it. |
1119 | */ |
1120 | if (strlen(*pem_header) > 10) { |
1121 | EVP_CIPHER_INFO cipher; |
1122 | struct pem_pass_data pass_data; |
1123 | |
1124 | if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher) |
1125 | || !file_fill_pem_pass_data(&pass_data, "PEM" , ui_method, ui_data) |
1126 | || !PEM_do_header(&cipher, *data, len, file_get_pem_pass, |
1127 | &pass_data)) { |
1128 | return 0; |
1129 | } |
1130 | } |
1131 | return 1; |
1132 | } |
1133 | |
1134 | static int file_read_asn1(BIO *bp, unsigned char **data, long *len) |
1135 | { |
1136 | BUF_MEM *mem = NULL; |
1137 | |
1138 | if (asn1_d2i_read_bio(bp, &mem) < 0) |
1139 | return 0; |
1140 | |
1141 | *data = (unsigned char *)mem->data; |
1142 | *len = (long)mem->length; |
1143 | OPENSSL_free(mem); |
1144 | |
1145 | return 1; |
1146 | } |
1147 | |
1148 | static int ends_with_dirsep(const char *uri) |
1149 | { |
1150 | if (*uri != '\0') |
1151 | uri += strlen(uri) - 1; |
1152 | #if defined __VMS |
1153 | if (*uri == ']' || *uri == '>' || *uri == ':') |
1154 | return 1; |
1155 | #elif defined _WIN32 |
1156 | if (*uri == '\\') |
1157 | return 1; |
1158 | #endif |
1159 | return *uri == '/'; |
1160 | } |
1161 | |
1162 | static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name, |
1163 | char **data) |
1164 | { |
1165 | assert(name != NULL); |
1166 | assert(data != NULL); |
1167 | { |
1168 | const char *pathsep = ends_with_dirsep(ctx->_.dir.uri) ? "" : "/" ; |
1169 | long calculated_length = strlen(ctx->_.dir.uri) + strlen(pathsep) |
1170 | + strlen(name) + 1 /* \0 */; |
1171 | |
1172 | *data = OPENSSL_zalloc(calculated_length); |
1173 | if (*data == NULL) { |
1174 | OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE); |
1175 | return 0; |
1176 | } |
1177 | |
1178 | OPENSSL_strlcat(*data, ctx->_.dir.uri, calculated_length); |
1179 | OPENSSL_strlcat(*data, pathsep, calculated_length); |
1180 | OPENSSL_strlcat(*data, name, calculated_length); |
1181 | } |
1182 | return 1; |
1183 | } |
1184 | |
1185 | static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) |
1186 | { |
1187 | const char *p = NULL; |
1188 | |
1189 | /* If there are no search criteria, all names are accepted */ |
1190 | if (ctx->_.dir.search_name[0] == '\0') |
1191 | return 1; |
1192 | |
1193 | /* If the expected type isn't supported, no name is accepted */ |
1194 | if (ctx->expected_type != 0 |
1195 | && ctx->expected_type != OSSL_STORE_INFO_CERT |
1196 | && ctx->expected_type != OSSL_STORE_INFO_CRL) |
1197 | return 0; |
1198 | |
1199 | /* |
1200 | * First, check the basename |
1201 | */ |
1202 | if (strncasecmp(name, ctx->_.dir.search_name, |
1203 | sizeof(ctx->_.dir.search_name) - 1) != 0 |
1204 | || name[sizeof(ctx->_.dir.search_name) - 1] != '.') |
1205 | return 0; |
1206 | p = &name[sizeof(ctx->_.dir.search_name)]; |
1207 | |
1208 | /* |
1209 | * Then, if the expected type is a CRL, check that the extension starts |
1210 | * with 'r' |
1211 | */ |
1212 | if (*p == 'r') { |
1213 | p++; |
1214 | if (ctx->expected_type != 0 |
1215 | && ctx->expected_type != OSSL_STORE_INFO_CRL) |
1216 | return 0; |
1217 | } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) { |
1218 | return 0; |
1219 | } |
1220 | |
1221 | /* |
1222 | * Last, check that the rest of the extension is a decimal number, at |
1223 | * least one digit long. |
1224 | */ |
1225 | if (!ossl_isdigit(*p)) |
1226 | return 0; |
1227 | while (ossl_isdigit(*p)) |
1228 | p++; |
1229 | |
1230 | # ifdef __VMS |
1231 | /* |
1232 | * One extra step here, check for a possible generation number. |
1233 | */ |
1234 | if (*p == ';') |
1235 | for (p++; *p != '\0'; p++) |
1236 | if (!ossl_isdigit(*p)) |
1237 | break; |
1238 | # endif |
1239 | |
1240 | /* |
1241 | * If we've reached the end of the string at this point, we've successfully |
1242 | * found a fitting file name. |
1243 | */ |
1244 | return *p == '\0'; |
1245 | } |
1246 | |
1247 | static int file_eof(OSSL_STORE_LOADER_CTX *ctx); |
1248 | static int file_error(OSSL_STORE_LOADER_CTX *ctx); |
1249 | static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, |
1250 | const UI_METHOD *ui_method, void *ui_data) |
1251 | { |
1252 | OSSL_STORE_INFO *result = NULL; |
1253 | |
1254 | ctx->errcnt = 0; |
1255 | ERR_clear_error(); |
1256 | |
1257 | if (ctx->type == is_dir) { |
1258 | do { |
1259 | char *newname = NULL; |
1260 | |
1261 | if (ctx->_.dir.last_entry == NULL) { |
1262 | if (!ctx->_.dir.end_reached) { |
1263 | char errbuf[256]; |
1264 | assert(ctx->_.dir.last_errno != 0); |
1265 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB); |
1266 | errno = ctx->_.dir.last_errno; |
1267 | ctx->errcnt++; |
1268 | if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) |
1269 | ERR_add_error_data(1, errbuf); |
1270 | } |
1271 | return NULL; |
1272 | } |
1273 | |
1274 | if (ctx->_.dir.last_entry[0] != '.' |
1275 | && file_name_check(ctx, ctx->_.dir.last_entry) |
1276 | && !file_name_to_uri(ctx, ctx->_.dir.last_entry, &newname)) |
1277 | return NULL; |
1278 | |
1279 | /* |
1280 | * On the first call (with a NULL context), OPENSSL_DIR_read() |
1281 | * cares about the second argument. On the following calls, it |
1282 | * only cares that it isn't NULL. Therefore, we can safely give |
1283 | * it our URI here. |
1284 | */ |
1285 | ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, |
1286 | ctx->_.dir.uri); |
1287 | ctx->_.dir.last_errno = errno; |
1288 | if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0) |
1289 | ctx->_.dir.end_reached = 1; |
1290 | |
1291 | if (newname != NULL |
1292 | && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) { |
1293 | OPENSSL_free(newname); |
1294 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_OSSL_STORE_LIB); |
1295 | return NULL; |
1296 | } |
1297 | } while (result == NULL && !file_eof(ctx)); |
1298 | } else { |
1299 | int matchcount = -1; |
1300 | |
1301 | again: |
1302 | result = file_load_try_repeat(ctx, ui_method, ui_data); |
1303 | if (result != NULL) |
1304 | return result; |
1305 | |
1306 | if (file_eof(ctx)) |
1307 | return NULL; |
1308 | |
1309 | do { |
1310 | char *pem_name = NULL; /* PEM record name */ |
1311 | char * = NULL; /* PEM record header */ |
1312 | unsigned char *data = NULL; /* DER encoded data */ |
1313 | long len = 0; /* DER encoded data length */ |
1314 | |
1315 | matchcount = -1; |
1316 | if (ctx->type == is_pem) { |
1317 | if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header, |
1318 | &data, &len, ui_method, ui_data, |
1319 | (ctx->flags & FILE_FLAG_SECMEM) != 0)) { |
1320 | ctx->errcnt++; |
1321 | goto endloop; |
1322 | } |
1323 | } else { |
1324 | if (!file_read_asn1(ctx->_.file.file, &data, &len)) { |
1325 | ctx->errcnt++; |
1326 | goto endloop; |
1327 | } |
1328 | } |
1329 | |
1330 | result = file_load_try_decode(ctx, pem_name, pem_header, data, len, |
1331 | ui_method, ui_data, &matchcount); |
1332 | |
1333 | if (result != NULL) |
1334 | goto endloop; |
1335 | |
1336 | /* |
1337 | * If a PEM name matches more than one handler, the handlers are |
1338 | * badly coded. |
1339 | */ |
1340 | if (!ossl_assert(pem_name == NULL || matchcount <= 1)) { |
1341 | ctx->errcnt++; |
1342 | goto endloop; |
1343 | } |
1344 | |
1345 | if (matchcount > 1) { |
1346 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, |
1347 | OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE); |
1348 | } else if (matchcount == 1) { |
1349 | /* |
1350 | * If there are other errors on the stack, they already show |
1351 | * what the problem is. |
1352 | */ |
1353 | if (ERR_peek_error() == 0) { |
1354 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, |
1355 | OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE); |
1356 | if (pem_name != NULL) |
1357 | ERR_add_error_data(3, "PEM type is '" , pem_name, "'" ); |
1358 | } |
1359 | } |
1360 | if (matchcount > 0) |
1361 | ctx->errcnt++; |
1362 | |
1363 | endloop: |
1364 | pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); |
1365 | pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); |
1366 | pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len); |
1367 | } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx)); |
1368 | |
1369 | /* We bail out on ambiguity */ |
1370 | if (matchcount > 1) |
1371 | return NULL; |
1372 | |
1373 | if (result != NULL |
1374 | && ctx->expected_type != 0 |
1375 | && ctx->expected_type != OSSL_STORE_INFO_get_type(result)) { |
1376 | OSSL_STORE_INFO_free(result); |
1377 | goto again; |
1378 | } |
1379 | } |
1380 | |
1381 | return result; |
1382 | } |
1383 | |
1384 | static int file_error(OSSL_STORE_LOADER_CTX *ctx) |
1385 | { |
1386 | return ctx->errcnt > 0; |
1387 | } |
1388 | |
1389 | static int file_eof(OSSL_STORE_LOADER_CTX *ctx) |
1390 | { |
1391 | if (ctx->type == is_dir) |
1392 | return ctx->_.dir.end_reached; |
1393 | |
1394 | if (ctx->_.file.last_handler != NULL |
1395 | && !ctx->_.file.last_handler->eof(ctx->_.file.last_handler_ctx)) |
1396 | return 0; |
1397 | return BIO_eof(ctx->_.file.file); |
1398 | } |
1399 | |
1400 | static int file_close(OSSL_STORE_LOADER_CTX *ctx) |
1401 | { |
1402 | if (ctx->type == is_dir) { |
1403 | OPENSSL_DIR_end(&ctx->_.dir.ctx); |
1404 | } else { |
1405 | BIO_free_all(ctx->_.file.file); |
1406 | } |
1407 | OSSL_STORE_LOADER_CTX_free(ctx); |
1408 | return 1; |
1409 | } |
1410 | |
1411 | int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx) |
1412 | { |
1413 | OSSL_STORE_LOADER_CTX_free(ctx); |
1414 | return 1; |
1415 | } |
1416 | |
1417 | static OSSL_STORE_LOADER file_loader = |
1418 | { |
1419 | "file" , |
1420 | NULL, |
1421 | file_open, |
1422 | file_ctrl, |
1423 | file_expect, |
1424 | file_find, |
1425 | file_load, |
1426 | file_eof, |
1427 | file_error, |
1428 | file_close |
1429 | }; |
1430 | |
1431 | static void store_file_loader_deinit(void) |
1432 | { |
1433 | ossl_store_unregister_loader_int(file_loader.scheme); |
1434 | } |
1435 | |
1436 | int ossl_store_file_loader_init(void) |
1437 | { |
1438 | int ret = ossl_store_register_loader_int(&file_loader); |
1439 | |
1440 | OPENSSL_atexit(store_file_loader_deinit); |
1441 | return ret; |
1442 | } |
1443 | |