/src/openssl/crypto/store/loader_file.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include "e_os.h" |
11 | | #include <string.h> |
12 | | #include <sys/stat.h> |
13 | | #include <ctype.h> |
14 | | #include <assert.h> |
15 | | |
16 | | #include <openssl/bio.h> |
17 | | #include <openssl/dsa.h> /* For d2i_DSAPrivateKey */ |
18 | | #include <openssl/err.h> |
19 | | #include <openssl/evp.h> |
20 | | #include <openssl/pem.h> |
21 | | #include <openssl/pkcs12.h> /* For the PKCS8 stuff o.O */ |
22 | | #include <openssl/rsa.h> /* For d2i_RSAPrivateKey */ |
23 | | #include <openssl/safestack.h> |
24 | | #include <openssl/store.h> |
25 | | #include <openssl/ui.h> |
26 | | #include <openssl/x509.h> /* For the PKCS8 stuff o.O */ |
27 | | #include "internal/asn1_int.h" |
28 | | #include "internal/ctype.h" |
29 | | #include "internal/o_dir.h" |
30 | | #include "internal/cryptlib.h" |
31 | | #include "internal/store_int.h" |
32 | | #include "store_locl.h" |
33 | | |
34 | | #ifdef _WIN32 |
35 | | # define stat _stat |
36 | | #endif |
37 | | |
38 | | #ifndef S_ISDIR |
39 | | # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) |
40 | | #endif |
41 | | |
42 | | /*- |
43 | | * Password prompting |
44 | | * ------------------ |
45 | | */ |
46 | | |
47 | | static char *file_get_pass(const UI_METHOD *ui_method, char *pass, |
48 | | size_t maxsize, const char *prompt_info, void *data) |
49 | 0 | { |
50 | 0 | UI *ui = UI_new(); |
51 | 0 | char *prompt = NULL; |
52 | 0 |
|
53 | 0 | if (ui == NULL) { |
54 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); |
55 | 0 | return NULL; |
56 | 0 | } |
57 | 0 |
|
58 | 0 | if (ui_method != NULL) |
59 | 0 | UI_set_method(ui, ui_method); |
60 | 0 | UI_add_user_data(ui, data); |
61 | 0 |
|
62 | 0 | if ((prompt = UI_construct_prompt(ui, "pass phrase", |
63 | 0 | prompt_info)) == NULL) { |
64 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); |
65 | 0 | pass = NULL; |
66 | 0 | } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, |
67 | 0 | pass, 0, maxsize - 1)) { |
68 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); |
69 | 0 | pass = NULL; |
70 | 0 | } else { |
71 | 0 | switch (UI_process(ui)) { |
72 | 0 | case -2: |
73 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, |
74 | 0 | OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED); |
75 | 0 | pass = NULL; |
76 | 0 | break; |
77 | 0 | case -1: |
78 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); |
79 | 0 | pass = NULL; |
80 | 0 | break; |
81 | 0 | default: |
82 | 0 | break; |
83 | 0 | } |
84 | 0 | } |
85 | 0 | |
86 | 0 | OPENSSL_free(prompt); |
87 | 0 | UI_free(ui); |
88 | 0 | return pass; |
89 | 0 | } |
90 | | |
91 | | struct pem_pass_data { |
92 | | const UI_METHOD *ui_method; |
93 | | void *data; |
94 | | const char *prompt_info; |
95 | | }; |
96 | | |
97 | | static int file_fill_pem_pass_data(struct pem_pass_data *pass_data, |
98 | | const char *prompt_info, |
99 | | const UI_METHOD *ui_method, void *ui_data) |
100 | 0 | { |
101 | 0 | if (pass_data == NULL) |
102 | 0 | return 0; |
103 | 0 | pass_data->ui_method = ui_method; |
104 | 0 | pass_data->data = ui_data; |
105 | 0 | pass_data->prompt_info = prompt_info; |
106 | 0 | return 1; |
107 | 0 | } |
108 | | |
109 | | /* This is used anywhere a pem_password_cb is needed */ |
110 | | static int file_get_pem_pass(char *buf, int num, int w, void *data) |
111 | 0 | { |
112 | 0 | struct pem_pass_data *pass_data = data; |
113 | 0 | char *pass = file_get_pass(pass_data->ui_method, buf, num, |
114 | 0 | pass_data->prompt_info, pass_data->data); |
115 | 0 |
|
116 | 0 | return pass == NULL ? 0 : strlen(pass); |
117 | 0 | } |
118 | | |
119 | | /*- |
120 | | * The file scheme decoders |
121 | | * ------------------------ |
122 | | * |
123 | | * Each possible data type has its own decoder, which either operates |
124 | | * through a given PEM name, or attempts to decode to see if the blob |
125 | | * it's given is decodable for its data type. The assumption is that |
126 | | * only the correct data type will match the content. |
127 | | */ |
128 | | |
129 | | /*- |
130 | | * The try_decode function is called to check if the blob of data can |
131 | | * be used by this handler, and if it can, decodes it into a supported |
132 | | * OpenSSL type and returns a OSSL_STORE_INFO with the decoded data. |
133 | | * Input: |
134 | | * pem_name: If this blob comes from a PEM file, this holds |
135 | | * the PEM name. If it comes from another type of |
136 | | * file, this is NULL. |
137 | | * pem_header: If this blob comes from a PEM file, this holds |
138 | | * the PEM headers. If it comes from another type of |
139 | | * file, this is NULL. |
140 | | * blob: The blob of data to match with what this handler |
141 | | * can use. |
142 | | * len: The length of the blob. |
143 | | * handler_ctx: For a handler marked repeatable, this pointer can |
144 | | * be used to create a context for the handler. IT IS |
145 | | * THE HANDLER'S RESPONSIBILITY TO CREATE AND DESTROY |
146 | | * THIS CONTEXT APPROPRIATELY, i.e. create on first call |
147 | | * and destroy when about to return NULL. |
148 | | * matchcount: A pointer to an int to count matches for this data. |
149 | | * Usually becomes 0 (no match) or 1 (match!), but may |
150 | | * be higher in the (unlikely) event that the data matches |
151 | | * more than one possibility. The int will always be |
152 | | * zero when the function is called. |
153 | | * ui_method: Application UI method for getting a password, pin |
154 | | * or any other interactive data. |
155 | | * ui_data: Application data to be passed to ui_method when |
156 | | * it's called. |
157 | | * Output: |
158 | | * a OSSL_STORE_INFO |
159 | | */ |
160 | | typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name, |
161 | | const char *pem_header, |
162 | | const unsigned char *blob, |
163 | | size_t len, void **handler_ctx, |
164 | | int *matchcount, |
165 | | const UI_METHOD *ui_method, |
166 | | void *ui_data); |
167 | | /* |
168 | | * The eof function should return 1 if there's no more data to be found |
169 | | * with the handler_ctx, otherwise 0. This is only used when the handler is |
170 | | * marked repeatable. |
171 | | */ |
172 | | typedef int (*file_eof_fn)(void *handler_ctx); |
173 | | /* |
174 | | * The destroy_ctx function is used to destroy the handler_ctx that was |
175 | | * intiated by a repeatable try_decode fuction. This is only used when |
176 | | * the handler is marked repeatable. |
177 | | */ |
178 | | typedef void (*file_destroy_ctx_fn)(void **handler_ctx); |
179 | | |
180 | | typedef struct file_handler_st { |
181 | | const char *name; |
182 | | file_try_decode_fn try_decode; |
183 | | file_eof_fn eof; |
184 | | file_destroy_ctx_fn destroy_ctx; |
185 | | |
186 | | /* flags */ |
187 | | int repeatable; |
188 | | } FILE_HANDLER; |
189 | | |
190 | | /* |
191 | | * PKCS#12 decoder. It operates by decoding all of the blob content, |
192 | | * extracting all the interesting data from it and storing them internally, |
193 | | * then serving them one piece at a time. |
194 | | */ |
195 | | static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, |
196 | | const char *pem_header, |
197 | | const unsigned char *blob, |
198 | | size_t len, void **pctx, |
199 | | int *matchcount, |
200 | | const UI_METHOD *ui_method, |
201 | | void *ui_data) |
202 | 0 | { |
203 | 0 | OSSL_STORE_INFO *store_info = NULL; |
204 | 0 | STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; |
205 | 0 |
|
206 | 0 | if (ctx == NULL) { |
207 | 0 | /* Initial parsing */ |
208 | 0 | PKCS12 *p12; |
209 | 0 | int ok = 0; |
210 | 0 |
|
211 | 0 | if (pem_name != NULL) |
212 | 0 | /* No match, there is no PEM PKCS12 tag */ |
213 | 0 | return NULL; |
214 | 0 | |
215 | 0 | if ((p12 = d2i_PKCS12(NULL, &blob, len)) != NULL) { |
216 | 0 | char *pass = NULL; |
217 | 0 | char tpass[PEM_BUFSIZE]; |
218 | 0 | EVP_PKEY *pkey = NULL; |
219 | 0 | X509 *cert = NULL; |
220 | 0 | STACK_OF(X509) *chain = NULL; |
221 | 0 |
|
222 | 0 | *matchcount = 1; |
223 | 0 |
|
224 | 0 | if (PKCS12_verify_mac(p12, "", 0) |
225 | 0 | || PKCS12_verify_mac(p12, NULL, 0)) { |
226 | 0 | pass = ""; |
227 | 0 | } else { |
228 | 0 | if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE, |
229 | 0 | "PKCS12 import password", |
230 | 0 | ui_data)) == NULL) { |
231 | 0 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, |
232 | 0 | OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); |
233 | 0 | goto p12_end; |
234 | 0 | } |
235 | 0 | if (!PKCS12_verify_mac(p12, pass, strlen(pass))) { |
236 | 0 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, |
237 | 0 | OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC); |
238 | 0 | goto p12_end; |
239 | 0 | } |
240 | 0 | } |
241 | 0 |
|
242 | 0 | if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) { |
243 | 0 | OSSL_STORE_INFO *osi_pkey = NULL; |
244 | 0 | OSSL_STORE_INFO *osi_cert = NULL; |
245 | 0 | OSSL_STORE_INFO *osi_ca = NULL; |
246 | 0 |
|
247 | 0 | if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL |
248 | 0 | && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL |
249 | 0 | && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0 |
250 | 0 | && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL |
251 | 0 | && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) { |
252 | 0 | ok = 1; |
253 | 0 | osi_pkey = NULL; |
254 | 0 | osi_cert = NULL; |
255 | 0 |
|
256 | 0 | while(sk_X509_num(chain) > 0) { |
257 | 0 | X509 *ca = sk_X509_value(chain, 0); |
258 | 0 |
|
259 | 0 | if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL |
260 | 0 | || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) { |
261 | 0 | ok = 0; |
262 | 0 | break; |
263 | 0 | } |
264 | 0 | osi_ca = NULL; |
265 | 0 | (void)sk_X509_shift(chain); |
266 | 0 | } |
267 | 0 | } |
268 | 0 | if (!ok) { |
269 | 0 | OSSL_STORE_INFO_free(osi_ca); |
270 | 0 | OSSL_STORE_INFO_free(osi_cert); |
271 | 0 | OSSL_STORE_INFO_free(osi_pkey); |
272 | 0 | sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); |
273 | 0 | EVP_PKEY_free(pkey); |
274 | 0 | X509_free(cert); |
275 | 0 | sk_X509_pop_free(chain, X509_free); |
276 | 0 | ctx = NULL; |
277 | 0 | } |
278 | 0 | *pctx = ctx; |
279 | 0 | } |
280 | 0 | } |
281 | 0 | p12_end: |
282 | 0 | PKCS12_free(p12); |
283 | 0 | if (!ok) |
284 | 0 | return NULL; |
285 | 0 | } |
286 | 0 | |
287 | 0 | if (ctx != NULL) { |
288 | 0 | *matchcount = 1; |
289 | 0 | store_info = sk_OSSL_STORE_INFO_shift(ctx); |
290 | 0 | } |
291 | 0 |
|
292 | 0 | return store_info; |
293 | 0 | } |
294 | | |
295 | | static int eof_PKCS12(void *ctx_) |
296 | 0 | { |
297 | 0 | STACK_OF(OSSL_STORE_INFO) *ctx = ctx_; |
298 | 0 |
|
299 | 0 | return ctx == NULL || sk_OSSL_STORE_INFO_num(ctx) == 0; |
300 | 0 | } |
301 | | |
302 | | static void destroy_ctx_PKCS12(void **pctx) |
303 | 0 | { |
304 | 0 | STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; |
305 | 0 |
|
306 | 0 | sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); |
307 | 0 | *pctx = NULL; |
308 | 0 | } |
309 | | |
310 | | static FILE_HANDLER PKCS12_handler = { |
311 | | "PKCS12", |
312 | | try_decode_PKCS12, |
313 | | eof_PKCS12, |
314 | | destroy_ctx_PKCS12, |
315 | | 1 /* repeatable */ |
316 | | }; |
317 | | |
318 | | /* |
319 | | * Encrypted PKCS#8 decoder. It operates by just decrypting the given blob |
320 | | * into a new blob, which is returned as an EMBEDDED STORE_INFO. The whole |
321 | | * decoding process will then start over with the new blob. |
322 | | */ |
323 | | static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name, |
324 | | const char *pem_header, |
325 | | const unsigned char *blob, |
326 | | size_t len, void **pctx, |
327 | | int *matchcount, |
328 | | const UI_METHOD *ui_method, |
329 | | void *ui_data) |
330 | 0 | { |
331 | 0 | X509_SIG *p8 = NULL; |
332 | 0 | char kbuf[PEM_BUFSIZE]; |
333 | 0 | char *pass = NULL; |
334 | 0 | const X509_ALGOR *dalg = NULL; |
335 | 0 | const ASN1_OCTET_STRING *doct = NULL; |
336 | 0 | OSSL_STORE_INFO *store_info = NULL; |
337 | 0 | BUF_MEM *mem = NULL; |
338 | 0 | unsigned char *new_data = NULL; |
339 | 0 | int new_data_len; |
340 | 0 |
|
341 | 0 | if (pem_name != NULL) { |
342 | 0 | if (strcmp(pem_name, PEM_STRING_PKCS8) != 0) |
343 | 0 | return NULL; |
344 | 0 | *matchcount = 1; |
345 | 0 | } |
346 | 0 |
|
347 | 0 | if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL) |
348 | 0 | return NULL; |
349 | 0 | |
350 | 0 | *matchcount = 1; |
351 | 0 |
|
352 | 0 | if ((mem = BUF_MEM_new()) == NULL) { |
353 | 0 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, |
354 | 0 | ERR_R_MALLOC_FAILURE); |
355 | 0 | goto nop8; |
356 | 0 | } |
357 | 0 |
|
358 | 0 | if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE, |
359 | 0 | "PKCS8 decrypt password", ui_data)) == NULL) { |
360 | 0 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, |
361 | 0 | OSSL_STORE_R_BAD_PASSWORD_READ); |
362 | 0 | goto nop8; |
363 | 0 | } |
364 | 0 |
|
365 | 0 | X509_SIG_get0(p8, &dalg, &doct); |
366 | 0 | if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length, |
367 | 0 | &new_data, &new_data_len, 0)) |
368 | 0 | goto nop8; |
369 | 0 | |
370 | 0 | mem->data = (char *)new_data; |
371 | 0 | mem->max = mem->length = (size_t)new_data_len; |
372 | 0 | X509_SIG_free(p8); |
373 | 0 |
|
374 | 0 | store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem); |
375 | 0 | if (store_info == NULL) { |
376 | 0 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, |
377 | 0 | ERR_R_MALLOC_FAILURE); |
378 | 0 | goto nop8; |
379 | 0 | } |
380 | 0 |
|
381 | 0 | return store_info; |
382 | 0 | nop8: |
383 | 0 | X509_SIG_free(p8); |
384 | 0 | BUF_MEM_free(mem); |
385 | 0 | return NULL; |
386 | 0 | } |
387 | | |
388 | | static FILE_HANDLER PKCS8Encrypted_handler = { |
389 | | "PKCS8Encrypted", |
390 | | try_decode_PKCS8Encrypted |
391 | | }; |
392 | | |
393 | | /* |
394 | | * Private key decoder. Decodes all sorts of private keys, both PKCS#8 |
395 | | * encoded ones and old style PEM ones (with the key type is encoded into |
396 | | * the PEM name). |
397 | | */ |
398 | | int pem_check_suffix(const char *pem_str, const char *suffix); |
399 | | static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, |
400 | | const char *pem_header, |
401 | | const unsigned char *blob, |
402 | | size_t len, void **pctx, |
403 | | int *matchcount, |
404 | | const UI_METHOD *ui_method, |
405 | | void *ui_data) |
406 | 0 | { |
407 | 0 | OSSL_STORE_INFO *store_info = NULL; |
408 | 0 | EVP_PKEY *pkey = NULL; |
409 | 0 | const EVP_PKEY_ASN1_METHOD *ameth = NULL; |
410 | 0 |
|
411 | 0 | if (pem_name != NULL) { |
412 | 0 | if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) { |
413 | 0 | PKCS8_PRIV_KEY_INFO *p8inf = |
414 | 0 | d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len); |
415 | 0 |
|
416 | 0 | *matchcount = 1; |
417 | 0 | if (p8inf != NULL) |
418 | 0 | pkey = EVP_PKCS82PKEY(p8inf); |
419 | 0 | PKCS8_PRIV_KEY_INFO_free(p8inf); |
420 | 0 | } else { |
421 | 0 | int slen; |
422 | 0 |
|
423 | 0 | if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0 |
424 | 0 | && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name, |
425 | 0 | slen)) != NULL) { |
426 | 0 | *matchcount = 1; |
427 | 0 | pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len); |
428 | 0 | } |
429 | 0 | } |
430 | 0 | } else { |
431 | 0 | int i; |
432 | 0 |
|
433 | 0 | for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { |
434 | 0 | EVP_PKEY *tmp_pkey = NULL; |
435 | 0 | const unsigned char *tmp_blob = blob; |
436 | 0 |
|
437 | 0 | ameth = EVP_PKEY_asn1_get0(i); |
438 | 0 | if (ameth->pkey_flags & ASN1_PKEY_ALIAS) |
439 | 0 | continue; |
440 | 0 | |
441 | 0 | tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len); |
442 | 0 | if (tmp_pkey != NULL) { |
443 | 0 | if (pkey != NULL) |
444 | 0 | EVP_PKEY_free(tmp_pkey); |
445 | 0 | else |
446 | 0 | pkey = tmp_pkey; |
447 | 0 | (*matchcount)++; |
448 | 0 | } |
449 | 0 | } |
450 | 0 |
|
451 | 0 | if (*matchcount > 1) { |
452 | 0 | EVP_PKEY_free(pkey); |
453 | 0 | pkey = NULL; |
454 | 0 | } |
455 | 0 | } |
456 | 0 | if (pkey == NULL) |
457 | 0 | /* No match */ |
458 | 0 | return NULL; |
459 | 0 | |
460 | 0 | store_info = OSSL_STORE_INFO_new_PKEY(pkey); |
461 | 0 | if (store_info == NULL) |
462 | 0 | EVP_PKEY_free(pkey); |
463 | 0 |
|
464 | 0 | return store_info; |
465 | 0 | } |
466 | | |
467 | | static FILE_HANDLER PrivateKey_handler = { |
468 | | "PrivateKey", |
469 | | try_decode_PrivateKey |
470 | | }; |
471 | | |
472 | | /* |
473 | | * Public key decoder. Only supports SubjectPublicKeyInfo formated keys. |
474 | | */ |
475 | | static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name, |
476 | | const char *pem_header, |
477 | | const unsigned char *blob, |
478 | | size_t len, void **pctx, |
479 | | int *matchcount, |
480 | | const UI_METHOD *ui_method, |
481 | | void *ui_data) |
482 | | { |
483 | | OSSL_STORE_INFO *store_info = NULL; |
484 | | EVP_PKEY *pkey = NULL; |
485 | | |
486 | | if (pem_name != NULL) { |
487 | | if (strcmp(pem_name, PEM_STRING_PUBLIC) != 0) |
488 | | /* No match */ |
489 | | return NULL; |
490 | | *matchcount = 1; |
491 | | } |
492 | | |
493 | | if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) { |
494 | | *matchcount = 1; |
495 | | store_info = OSSL_STORE_INFO_new_PKEY(pkey); |
496 | | } |
497 | | |
498 | | return store_info; |
499 | | } |
500 | | |
501 | | static FILE_HANDLER PUBKEY_handler = { |
502 | | "PUBKEY", |
503 | | try_decode_PUBKEY |
504 | | }; |
505 | | |
506 | | /* |
507 | | * Key parameter decoder. |
508 | | */ |
509 | | static OSSL_STORE_INFO *try_decode_params(const char *pem_name, |
510 | | const char *pem_header, |
511 | | const unsigned char *blob, |
512 | | size_t len, void **pctx, |
513 | | int *matchcount, |
514 | | const UI_METHOD *ui_method, |
515 | | void *ui_data) |
516 | 0 | { |
517 | 0 | OSSL_STORE_INFO *store_info = NULL; |
518 | 0 | int slen = 0; |
519 | 0 | EVP_PKEY *pkey = NULL; |
520 | 0 | const EVP_PKEY_ASN1_METHOD *ameth = NULL; |
521 | 0 | int ok = 0; |
522 | 0 |
|
523 | 0 | if (pem_name != NULL) { |
524 | 0 | if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0) |
525 | 0 | return NULL; |
526 | 0 | *matchcount = 1; |
527 | 0 | } |
528 | 0 |
|
529 | 0 | if (slen > 0) { |
530 | 0 | if ((pkey = EVP_PKEY_new()) == NULL) { |
531 | 0 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); |
532 | 0 | return NULL; |
533 | 0 | } |
534 | 0 |
|
535 | 0 |
|
536 | 0 | if (EVP_PKEY_set_type_str(pkey, pem_name, slen) |
537 | 0 | && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL |
538 | 0 | && ameth->param_decode != NULL |
539 | 0 | && ameth->param_decode(pkey, &blob, len)) |
540 | 0 | ok = 1; |
541 | 0 | } else { |
542 | 0 | int i; |
543 | 0 | EVP_PKEY *tmp_pkey = NULL; |
544 | 0 |
|
545 | 0 | for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { |
546 | 0 | const unsigned char *tmp_blob = blob; |
547 | 0 |
|
548 | 0 | if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) { |
549 | 0 | OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); |
550 | 0 | break; |
551 | 0 | } |
552 | 0 |
|
553 | 0 | ameth = EVP_PKEY_asn1_get0(i); |
554 | 0 | if (ameth->pkey_flags & ASN1_PKEY_ALIAS) |
555 | 0 | continue; |
556 | 0 | |
557 | 0 | if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id) |
558 | 0 | && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL |
559 | 0 | && ameth->param_decode != NULL |
560 | 0 | && ameth->param_decode(tmp_pkey, &tmp_blob, len)) { |
561 | 0 | if (pkey != NULL) |
562 | 0 | EVP_PKEY_free(tmp_pkey); |
563 | 0 | else |
564 | 0 | pkey = tmp_pkey; |
565 | 0 | tmp_pkey = NULL; |
566 | 0 | (*matchcount)++; |
567 | 0 | } |
568 | 0 | } |
569 | 0 |
|
570 | 0 | EVP_PKEY_free(tmp_pkey); |
571 | 0 | if (*matchcount == 1) { |
572 | 0 | ok = 1; |
573 | 0 | } |
574 | 0 | } |
575 | 0 |
|
576 | 0 | if (ok) |
577 | 0 | store_info = OSSL_STORE_INFO_new_PARAMS(pkey); |
578 | 0 | if (store_info == NULL) |
579 | 0 | EVP_PKEY_free(pkey); |
580 | 0 |
|
581 | 0 | return store_info; |
582 | 0 | } |
583 | | |
584 | | static FILE_HANDLER params_handler = { |
585 | | "params", |
586 | | try_decode_params |
587 | | }; |
588 | | |
589 | | /* |
590 | | * X.509 certificate decoder. |
591 | | */ |
592 | | static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name, |
593 | | const char *pem_header, |
594 | | const unsigned char *blob, |
595 | | size_t len, void **pctx, |
596 | | int *matchcount, |
597 | | const UI_METHOD *ui_method, |
598 | | void *ui_data) |
599 | | { |
600 | | OSSL_STORE_INFO *store_info = NULL; |
601 | | X509 *cert = NULL; |
602 | | |
603 | | /* |
604 | | * In most cases, we can try to interpret the serialized data as a trusted |
605 | | * cert (X509 + X509_AUX) and fall back to reading it as a normal cert |
606 | | * (just X509), but if the PEM name specifically declares it as a trusted |
607 | | * cert, then no fallback should be engaged. |ignore_trusted| tells if |
608 | | * the fallback can be used (1) or not (0). |
609 | | */ |
610 | | int ignore_trusted = 1; |
611 | | |
612 | | if (pem_name != NULL) { |
613 | | if (strcmp(pem_name, PEM_STRING_X509_TRUSTED) == 0) |
614 | | ignore_trusted = 0; |
615 | | else if (strcmp(pem_name, PEM_STRING_X509_OLD) != 0 |
616 | | && strcmp(pem_name, PEM_STRING_X509) != 0) |
617 | | /* No match */ |
618 | | return NULL; |
619 | | *matchcount = 1; |
620 | | } |
621 | | |
622 | | if ((cert = d2i_X509_AUX(NULL, &blob, len)) != NULL |
623 | | || (ignore_trusted && (cert = d2i_X509(NULL, &blob, len)) != NULL)) { |
624 | | *matchcount = 1; |
625 | | store_info = OSSL_STORE_INFO_new_CERT(cert); |
626 | | } |
627 | | |
628 | | if (store_info == NULL) |
629 | | X509_free(cert); |
630 | | |
631 | | return store_info; |
632 | | } |
633 | | |
634 | | static FILE_HANDLER X509Certificate_handler = { |
635 | | "X509Certificate", |
636 | | try_decode_X509Certificate |
637 | | }; |
638 | | |
639 | | /* |
640 | | * X.509 CRL decoder. |
641 | | */ |
642 | | static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name, |
643 | | const char *pem_header, |
644 | | const unsigned char *blob, |
645 | | size_t len, void **pctx, |
646 | | int *matchcount, |
647 | | const UI_METHOD *ui_method, |
648 | | void *ui_data) |
649 | | { |
650 | | OSSL_STORE_INFO *store_info = NULL; |
651 | | X509_CRL *crl = NULL; |
652 | | |
653 | | if (pem_name != NULL) { |
654 | | if (strcmp(pem_name, PEM_STRING_X509_CRL) != 0) |
655 | | /* No match */ |
656 | | return NULL; |
657 | | *matchcount = 1; |
658 | | } |
659 | | |
660 | | if ((crl = d2i_X509_CRL(NULL, &blob, len)) != NULL) { |
661 | | *matchcount = 1; |
662 | | store_info = OSSL_STORE_INFO_new_CRL(crl); |
663 | | } |
664 | | |
665 | | if (store_info == NULL) |
666 | | X509_CRL_free(crl); |
667 | | |
668 | | return store_info; |
669 | | } |
670 | | |
671 | | static FILE_HANDLER X509CRL_handler = { |
672 | | "X509CRL", |
673 | | try_decode_X509CRL |
674 | | }; |
675 | | |
676 | | /* |
677 | | * To finish it all off, we collect all the handlers. |
678 | | */ |
679 | | static const FILE_HANDLER *file_handlers[] = { |
680 | | &PKCS12_handler, |
681 | | &PKCS8Encrypted_handler, |
682 | | &X509Certificate_handler, |
683 | | &X509CRL_handler, |
684 | | ¶ms_handler, |
685 | | &PUBKEY_handler, |
686 | | &PrivateKey_handler, |
687 | | }; |
688 | | |
689 | | |
690 | | /*- |
691 | | * The loader itself |
692 | | * ----------------- |
693 | | */ |
694 | | |
695 | | struct ossl_store_loader_ctx_st { |
696 | | enum { |
697 | | is_raw = 0, |
698 | | is_pem, |
699 | | is_dir |
700 | | } type; |
701 | | int errcnt; |
702 | 0 | #define FILE_FLAG_SECMEM (1<<0) |
703 | | unsigned int flags; |
704 | | union { |
705 | | struct { /* Used with is_raw and is_pem */ |
706 | | BIO *file; |
707 | | |
708 | | /* |
709 | | * The following are used when the handler is marked as |
710 | | * repeatable |
711 | | */ |
712 | | const FILE_HANDLER *last_handler; |
713 | | void *last_handler_ctx; |
714 | | } file; |
715 | | struct { /* Used with is_dir */ |
716 | | OPENSSL_DIR_CTX *ctx; |
717 | | int end_reached; |
718 | | char *uri; |
719 | | |
720 | | /* |
721 | | * When a search expression is given, these are filled in. |
722 | | * |search_name| contains the file basename to look for. |
723 | | * The string is exactly 8 characters long. |
724 | | */ |
725 | | char search_name[9]; |
726 | | |
727 | | /* |
728 | | * The directory reading utility we have combines opening with |
729 | | * reading the first name. To make sure we can detect the end |
730 | | * at the right time, we read early and cache the name. |
731 | | */ |
732 | | const char *last_entry; |
733 | | int last_errno; |
734 | | } dir; |
735 | | } _; |
736 | | |
737 | | /* Expected object type. May be unspecified */ |
738 | | int expected_type; |
739 | | }; |
740 | | |
741 | | static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx) |
742 | 0 | { |
743 | 0 | if (ctx->type == is_dir) { |
744 | 0 | OPENSSL_free(ctx->_.dir.uri); |
745 | 0 | } else { |
746 | 0 | if (ctx->_.file.last_handler != NULL) { |
747 | 0 | ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); |
748 | 0 | ctx->_.file.last_handler_ctx = NULL; |
749 | 0 | ctx->_.file.last_handler = NULL; |
750 | 0 | } |
751 | 0 | } |
752 | 0 | OPENSSL_free(ctx); |
753 | 0 | } |
754 | | |
755 | | static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, |
756 | | const char *uri, |
757 | | const UI_METHOD *ui_method, |
758 | | void *ui_data) |
759 | 0 | { |
760 | 0 | OSSL_STORE_LOADER_CTX *ctx = NULL; |
761 | 0 | struct stat st; |
762 | 0 | struct { |
763 | 0 | const char *path; |
764 | 0 | unsigned int check_absolute:1; |
765 | 0 | } path_data[2]; |
766 | 0 | size_t path_data_n = 0, i; |
767 | 0 | const char *path; |
768 | 0 |
|
769 | 0 | /* |
770 | 0 | * First step, just take the URI as is. |
771 | 0 | */ |
772 | 0 | path_data[path_data_n].check_absolute = 0; |
773 | 0 | path_data[path_data_n++].path = uri; |
774 | 0 |
|
775 | 0 | /* |
776 | 0 | * Second step, if the URI appears to start with the 'file' scheme, |
777 | 0 | * extract the path and make that the second path to check. |
778 | 0 | * There's a special case if the URI also contains an authority, then |
779 | 0 | * the full URI shouldn't be used as a path anywhere. |
780 | 0 | */ |
781 | 0 | if (strncasecmp(uri, "file:", 5) == 0) { |
782 | 0 | const char *p = &uri[5]; |
783 | 0 |
|
784 | 0 | if (strncmp(&uri[5], "//", 2) == 0) { |
785 | 0 | path_data_n--; /* Invalidate using the full URI */ |
786 | 0 | if (strncasecmp(&uri[7], "localhost/", 10) == 0) { |
787 | 0 | p = &uri[16]; |
788 | 0 | } else if (uri[7] == '/') { |
789 | 0 | p = &uri[7]; |
790 | 0 | } else { |
791 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, |
792 | 0 | OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED); |
793 | 0 | return NULL; |
794 | 0 | } |
795 | 0 | } |
796 | 0 |
|
797 | 0 | path_data[path_data_n].check_absolute = 1; |
798 | | #ifdef _WIN32 |
799 | | /* Windows file: URIs with a drive letter start with a / */ |
800 | | if (p[0] == '/' && p[2] == ':' && p[3] == '/') { |
801 | | char c = ossl_tolower(p[1]); |
802 | | |
803 | | if (c >= 'a' && c <= 'z') { |
804 | | p++; |
805 | | /* We know it's absolute, so no need to check */ |
806 | | path_data[path_data_n].check_absolute = 0; |
807 | | } |
808 | | } |
809 | | #endif |
810 | | path_data[path_data_n++].path = p; |
811 | 0 | } |
812 | 0 |
|
813 | 0 |
|
814 | 0 | for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) { |
815 | 0 | /* |
816 | 0 | * If the scheme "file" was an explicit part of the URI, the path must |
817 | 0 | * be absolute. So says RFC 8089 |
818 | 0 | */ |
819 | 0 | if (path_data[i].check_absolute && path_data[i].path[0] != '/') { |
820 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, |
821 | 0 | OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE); |
822 | 0 | ERR_add_error_data(1, path_data[i].path); |
823 | 0 | return NULL; |
824 | 0 | } |
825 | 0 |
|
826 | 0 | if (stat(path_data[i].path, &st) < 0) { |
827 | 0 | SYSerr(SYS_F_STAT, errno); |
828 | 0 | ERR_add_error_data(1, path_data[i].path); |
829 | 0 | } else { |
830 | 0 | path = path_data[i].path; |
831 | 0 | } |
832 | 0 | } |
833 | 0 | if (path == NULL) { |
834 | 0 | return NULL; |
835 | 0 | } |
836 | 0 | |
837 | 0 | /* Successfully found a working path, clear possible collected errors */ |
838 | 0 | ERR_clear_error(); |
839 | 0 |
|
840 | 0 | ctx = OPENSSL_zalloc(sizeof(*ctx)); |
841 | 0 | if (ctx == NULL) { |
842 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE); |
843 | 0 | return NULL; |
844 | 0 | } |
845 | 0 |
|
846 | 0 | if (S_ISDIR(st.st_mode)) { |
847 | 0 | /* |
848 | 0 | * Try to copy everything, even if we know that some of them must be |
849 | 0 | * NULL for the moment. This prevents errors in the future, when more |
850 | 0 | * components may be used. |
851 | 0 | */ |
852 | 0 | ctx->_.dir.uri = OPENSSL_strdup(uri); |
853 | 0 | ctx->type = is_dir; |
854 | 0 |
|
855 | 0 | if (ctx->_.dir.uri == NULL) |
856 | 0 | goto err; |
857 | 0 | |
858 | 0 | ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path); |
859 | 0 | ctx->_.dir.last_errno = errno; |
860 | 0 | if (ctx->_.dir.last_entry == NULL) { |
861 | 0 | if (ctx->_.dir.last_errno != 0) { |
862 | 0 | char errbuf[256]; |
863 | 0 | errno = ctx->_.dir.last_errno; |
864 | 0 | openssl_strerror_r(errno, errbuf, sizeof(errbuf)); |
865 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB); |
866 | 0 | ERR_add_error_data(1, errbuf); |
867 | 0 | goto err; |
868 | 0 | } |
869 | 0 | ctx->_.dir.end_reached = 1; |
870 | 0 | } |
871 | 0 | } else { |
872 | 0 | BIO *buff = NULL; |
873 | 0 | char peekbuf[4096] = { 0, }; |
874 | 0 |
|
875 | 0 | if ((buff = BIO_new(BIO_f_buffer())) == NULL |
876 | 0 | || (ctx->_.file.file = BIO_new_file(path, "rb")) == NULL) { |
877 | 0 | BIO_free_all(buff); |
878 | 0 | goto err; |
879 | 0 | } |
880 | 0 | |
881 | 0 | ctx->_.file.file = BIO_push(buff, ctx->_.file.file); |
882 | 0 | if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) { |
883 | 0 | peekbuf[sizeof(peekbuf) - 1] = '\0'; |
884 | 0 | if (strstr(peekbuf, "-----BEGIN ") != NULL) |
885 | 0 | ctx->type = is_pem; |
886 | 0 | } |
887 | 0 | } |
888 | 0 |
|
889 | 0 | return ctx; |
890 | 0 | err: |
891 | 0 | OSSL_STORE_LOADER_CTX_free(ctx); |
892 | 0 | return NULL; |
893 | 0 | } |
894 | | |
895 | | static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args) |
896 | 0 | { |
897 | 0 | int ret = 1; |
898 | 0 |
|
899 | 0 | switch (cmd) { |
900 | 0 | case OSSL_STORE_C_USE_SECMEM: |
901 | 0 | { |
902 | 0 | int on = *(va_arg(args, int *)); |
903 | 0 |
|
904 | 0 | switch (on) { |
905 | 0 | case 0: |
906 | 0 | ctx->flags &= ~FILE_FLAG_SECMEM; |
907 | 0 | break; |
908 | 0 | case 1: |
909 | 0 | ctx->flags |= FILE_FLAG_SECMEM; |
910 | 0 | break; |
911 | 0 | default: |
912 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_CTRL, |
913 | 0 | ERR_R_PASSED_INVALID_ARGUMENT); |
914 | 0 | ret = 0; |
915 | 0 | break; |
916 | 0 | } |
917 | 0 | } |
918 | 0 | break; |
919 | 0 | default: |
920 | 0 | break; |
921 | 0 | } |
922 | 0 | |
923 | 0 | return ret; |
924 | 0 | } |
925 | | |
926 | | static int file_expect(OSSL_STORE_LOADER_CTX *ctx, int expected) |
927 | 0 | { |
928 | 0 | ctx->expected_type = expected; |
929 | 0 | return 1; |
930 | 0 | } |
931 | | |
932 | | static int file_find(OSSL_STORE_LOADER_CTX *ctx, OSSL_STORE_SEARCH *search) |
933 | 0 | { |
934 | 0 | /* |
935 | 0 | * If ctx == NULL, the library is looking to know if this loader supports |
936 | 0 | * the given search type. |
937 | 0 | */ |
938 | 0 |
|
939 | 0 | if (OSSL_STORE_SEARCH_get_type(search) == OSSL_STORE_SEARCH_BY_NAME) { |
940 | 0 | unsigned long hash = 0; |
941 | 0 |
|
942 | 0 | if (ctx == NULL) |
943 | 0 | return 1; |
944 | 0 | |
945 | 0 | if (ctx->type != is_dir) { |
946 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, |
947 | 0 | OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES); |
948 | 0 | return 0; |
949 | 0 | } |
950 | 0 |
|
951 | 0 | hash = X509_NAME_hash(OSSL_STORE_SEARCH_get0_name(search)); |
952 | 0 | BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name), |
953 | 0 | "%08lx", hash); |
954 | 0 | return 1; |
955 | 0 | } |
956 | 0 | |
957 | 0 | if (ctx != NULL) |
958 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, |
959 | 0 | OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE); |
960 | 0 | return 0; |
961 | 0 | } |
962 | | |
963 | | /* Internal function to decode an already opened PEM file */ |
964 | | OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp) |
965 | 0 | { |
966 | 0 | OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); |
967 | 0 |
|
968 | 0 | if (ctx == NULL) { |
969 | 0 | OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, |
970 | 0 | ERR_R_MALLOC_FAILURE); |
971 | 0 | return NULL; |
972 | 0 | } |
973 | 0 |
|
974 | 0 | ctx->_.file.file = bp; |
975 | 0 | ctx->type = is_pem; |
976 | 0 |
|
977 | 0 | return ctx; |
978 | 0 | } |
979 | | |
980 | | static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, |
981 | | const char *pem_name, |
982 | | const char *pem_header, |
983 | | unsigned char *data, size_t len, |
984 | | const UI_METHOD *ui_method, |
985 | | void *ui_data, int *matchcount) |
986 | 0 | { |
987 | 0 | OSSL_STORE_INFO *result = NULL; |
988 | 0 | BUF_MEM *new_mem = NULL; |
989 | 0 | char *new_pem_name = NULL; |
990 | 0 | int t = 0; |
991 | 0 |
|
992 | 0 | again: |
993 | 0 | { |
994 | 0 | size_t i = 0; |
995 | 0 | void *handler_ctx = NULL; |
996 | 0 | const FILE_HANDLER **matching_handlers = |
997 | 0 | OPENSSL_zalloc(sizeof(*matching_handlers) |
998 | 0 | * OSSL_NELEM(file_handlers)); |
999 | 0 |
|
1000 | 0 | if (matching_handlers == NULL) { |
1001 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE, |
1002 | 0 | ERR_R_MALLOC_FAILURE); |
1003 | 0 | goto err; |
1004 | 0 | } |
1005 | 0 |
|
1006 | 0 | *matchcount = 0; |
1007 | 0 | for (i = 0; i < OSSL_NELEM(file_handlers); i++) { |
1008 | 0 | const FILE_HANDLER *handler = file_handlers[i]; |
1009 | 0 | int try_matchcount = 0; |
1010 | 0 | void *tmp_handler_ctx = NULL; |
1011 | 0 | OSSL_STORE_INFO *tmp_result = |
1012 | 0 | handler->try_decode(pem_name, pem_header, data, len, |
1013 | 0 | &tmp_handler_ctx, &try_matchcount, |
1014 | 0 | ui_method, ui_data); |
1015 | 0 |
|
1016 | 0 | if (try_matchcount > 0) { |
1017 | 0 |
|
1018 | 0 | matching_handlers[*matchcount] = handler; |
1019 | 0 |
|
1020 | 0 | if (handler_ctx) |
1021 | 0 | handler->destroy_ctx(&handler_ctx); |
1022 | 0 | handler_ctx = tmp_handler_ctx; |
1023 | 0 |
|
1024 | 0 | if ((*matchcount += try_matchcount) > 1) { |
1025 | 0 | /* more than one match => ambiguous, kill any result */ |
1026 | 0 | OSSL_STORE_INFO_free(result); |
1027 | 0 | OSSL_STORE_INFO_free(tmp_result); |
1028 | 0 | if (handler->destroy_ctx != NULL) |
1029 | 0 | handler->destroy_ctx(&handler_ctx); |
1030 | 0 | handler_ctx = NULL; |
1031 | 0 | tmp_result = NULL; |
1032 | 0 | result = NULL; |
1033 | 0 | } |
1034 | 0 | if (result == NULL) |
1035 | 0 | result = tmp_result; |
1036 | 0 | } |
1037 | 0 | } |
1038 | 0 |
|
1039 | 0 | if (*matchcount == 1 && matching_handlers[0]->repeatable) { |
1040 | 0 | ctx->_.file.last_handler = matching_handlers[0]; |
1041 | 0 | ctx->_.file.last_handler_ctx = handler_ctx; |
1042 | 0 | } |
1043 | 0 |
|
1044 | 0 | OPENSSL_free(matching_handlers); |
1045 | 0 | } |
1046 | 0 |
|
1047 | 0 | err: |
1048 | 0 | OPENSSL_free(new_pem_name); |
1049 | 0 | BUF_MEM_free(new_mem); |
1050 | 0 |
|
1051 | 0 | if (result != NULL |
1052 | 0 | && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) { |
1053 | 0 | pem_name = new_pem_name = |
1054 | 0 | ossl_store_info_get0_EMBEDDED_pem_name(result); |
1055 | 0 | new_mem = ossl_store_info_get0_EMBEDDED_buffer(result); |
1056 | 0 | data = (unsigned char *)new_mem->data; |
1057 | 0 | len = new_mem->length; |
1058 | 0 | OPENSSL_free(result); |
1059 | 0 | result = NULL; |
1060 | 0 | goto again; |
1061 | 0 | } |
1062 | 0 |
|
1063 | 0 | if (result != NULL) |
1064 | 0 | ERR_clear_error(); |
1065 | 0 |
|
1066 | 0 | return result; |
1067 | 0 | } |
1068 | | |
1069 | | static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx, |
1070 | | const UI_METHOD *ui_method, |
1071 | | void *ui_data) |
1072 | 0 | { |
1073 | 0 | OSSL_STORE_INFO *result = NULL; |
1074 | 0 | int try_matchcount = 0; |
1075 | 0 |
|
1076 | 0 | if (ctx->_.file.last_handler != NULL) { |
1077 | 0 | result = |
1078 | 0 | ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0, |
1079 | 0 | &ctx->_.file.last_handler_ctx, |
1080 | 0 | &try_matchcount, |
1081 | 0 | ui_method, ui_data); |
1082 | 0 |
|
1083 | 0 | if (result == NULL) { |
1084 | 0 | ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); |
1085 | 0 | ctx->_.file.last_handler_ctx = NULL; |
1086 | 0 | ctx->_.file.last_handler = NULL; |
1087 | 0 | } |
1088 | 0 | } |
1089 | 0 | return result; |
1090 | 0 | } |
1091 | | |
1092 | | static void pem_free_flag(void *pem_data, int secure, size_t num) |
1093 | 0 | { |
1094 | 0 | if (secure) |
1095 | 0 | OPENSSL_secure_clear_free(pem_data, num); |
1096 | 0 | else |
1097 | 0 | OPENSSL_free(pem_data); |
1098 | 0 | } |
1099 | | static int file_read_pem(BIO *bp, char **pem_name, char **pem_header, |
1100 | | unsigned char **data, long *len, |
1101 | | const UI_METHOD *ui_method, |
1102 | | void *ui_data, int secure) |
1103 | 0 | { |
1104 | 0 | int i = secure |
1105 | 0 | ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len, |
1106 | 0 | PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE) |
1107 | 0 | : PEM_read_bio(bp, pem_name, pem_header, data, len); |
1108 | 0 |
|
1109 | 0 | if (i <= 0) |
1110 | 0 | return 0; |
1111 | 0 | |
1112 | 0 | /* |
1113 | 0 | * 10 is the number of characters in "Proc-Type:", which |
1114 | 0 | * PEM_get_EVP_CIPHER_INFO() requires to be present. |
1115 | 0 | * If the PEM header has less characters than that, it's |
1116 | 0 | * not worth spending cycles on it. |
1117 | 0 | */ |
1118 | 0 | if (strlen(*pem_header) > 10) { |
1119 | 0 | EVP_CIPHER_INFO cipher; |
1120 | 0 | struct pem_pass_data pass_data; |
1121 | 0 |
|
1122 | 0 | if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher) |
1123 | 0 | || !file_fill_pem_pass_data(&pass_data, "PEM", ui_method, ui_data) |
1124 | 0 | || !PEM_do_header(&cipher, *data, len, file_get_pem_pass, |
1125 | 0 | &pass_data)) { |
1126 | 0 | return 0; |
1127 | 0 | } |
1128 | 0 | } |
1129 | 0 | return 1; |
1130 | 0 | } |
1131 | | |
1132 | | static int file_read_asn1(BIO *bp, unsigned char **data, long *len) |
1133 | 0 | { |
1134 | 0 | BUF_MEM *mem = NULL; |
1135 | 0 |
|
1136 | 0 | if (asn1_d2i_read_bio(bp, &mem) < 0) |
1137 | 0 | return 0; |
1138 | 0 | |
1139 | 0 | *data = (unsigned char *)mem->data; |
1140 | 0 | *len = (long)mem->length; |
1141 | 0 | OPENSSL_free(mem); |
1142 | 0 |
|
1143 | 0 | return 1; |
1144 | 0 | } |
1145 | | |
1146 | | static int ends_with_dirsep(const char *uri) |
1147 | 0 | { |
1148 | 0 | if (*uri != '\0') |
1149 | 0 | uri += strlen(uri) - 1; |
1150 | | #if defined __VMS |
1151 | | if (*uri == ']' || *uri == '>' || *uri == ':') |
1152 | | return 1; |
1153 | | #elif defined _WIN32 |
1154 | | if (*uri == '\\') |
1155 | | return 1; |
1156 | | #endif |
1157 | | return *uri == '/'; |
1158 | 0 | } |
1159 | | |
1160 | | static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name, |
1161 | | char **data) |
1162 | 0 | { |
1163 | 0 | assert(name != NULL); |
1164 | 0 | assert(data != NULL); |
1165 | 0 | { |
1166 | 0 | const char *pathsep = ends_with_dirsep(ctx->_.dir.uri) ? "" : "/"; |
1167 | 0 | long calculated_length = strlen(ctx->_.dir.uri) + strlen(pathsep) |
1168 | 0 | + strlen(name) + 1 /* \0 */; |
1169 | 0 |
|
1170 | 0 | *data = OPENSSL_zalloc(calculated_length); |
1171 | 0 | if (*data == NULL) { |
1172 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE); |
1173 | 0 | return 0; |
1174 | 0 | } |
1175 | 0 |
|
1176 | 0 | OPENSSL_strlcat(*data, ctx->_.dir.uri, calculated_length); |
1177 | 0 | OPENSSL_strlcat(*data, pathsep, calculated_length); |
1178 | 0 | OPENSSL_strlcat(*data, name, calculated_length); |
1179 | 0 | } |
1180 | 0 | return 1; |
1181 | 0 | } |
1182 | | |
1183 | | static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) |
1184 | 0 | { |
1185 | 0 | const char *p = NULL; |
1186 | 0 |
|
1187 | 0 | /* If there are no search criteria, all names are accepted */ |
1188 | 0 | if (ctx->_.dir.search_name[0] == '\0') |
1189 | 0 | return 1; |
1190 | 0 | |
1191 | 0 | /* If the expected type isn't supported, no name is accepted */ |
1192 | 0 | if (ctx->expected_type != 0 |
1193 | 0 | && ctx->expected_type != OSSL_STORE_INFO_CERT |
1194 | 0 | && ctx->expected_type != OSSL_STORE_INFO_CRL) |
1195 | 0 | return 0; |
1196 | 0 | |
1197 | 0 | /* |
1198 | 0 | * First, check the basename |
1199 | 0 | */ |
1200 | 0 | if (strncasecmp(name, ctx->_.dir.search_name, |
1201 | 0 | sizeof(ctx->_.dir.search_name) - 1) != 0 |
1202 | 0 | || name[sizeof(ctx->_.dir.search_name) - 1] != '.') |
1203 | 0 | return 0; |
1204 | 0 | p = &name[sizeof(ctx->_.dir.search_name)]; |
1205 | 0 |
|
1206 | 0 | /* |
1207 | 0 | * Then, if the expected type is a CRL, check that the extension starts |
1208 | 0 | * with 'r' |
1209 | 0 | */ |
1210 | 0 | if (*p == 'r') { |
1211 | 0 | p++; |
1212 | 0 | if (ctx->expected_type != 0 |
1213 | 0 | && ctx->expected_type != OSSL_STORE_INFO_CRL) |
1214 | 0 | return 0; |
1215 | 0 | } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) { |
1216 | 0 | return 0; |
1217 | 0 | } |
1218 | 0 | |
1219 | 0 | /* |
1220 | 0 | * Last, check that the rest of the extension is a decimal number, at |
1221 | 0 | * least one digit long. |
1222 | 0 | */ |
1223 | 0 | if (!ossl_isdigit(*p)) |
1224 | 0 | return 0; |
1225 | 0 | while (ossl_isdigit(*p)) |
1226 | 0 | p++; |
1227 | 0 |
|
1228 | | # ifdef __VMS |
1229 | | /* |
1230 | | * One extra step here, check for a possible generation number. |
1231 | | */ |
1232 | | if (*p == ';') |
1233 | | for (p++; *p != '\0'; p++) |
1234 | | if (!ossl_isdigit(*p)) |
1235 | | break; |
1236 | | # endif |
1237 | |
|
1238 | 0 | /* |
1239 | 0 | * If we've reached the end of the string at this point, we've successfully |
1240 | 0 | * found a fitting file name. |
1241 | 0 | */ |
1242 | 0 | return *p == '\0'; |
1243 | 0 | } |
1244 | | |
1245 | | static int file_eof(OSSL_STORE_LOADER_CTX *ctx); |
1246 | | static int file_error(OSSL_STORE_LOADER_CTX *ctx); |
1247 | | static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, |
1248 | | const UI_METHOD *ui_method, void *ui_data) |
1249 | 0 | { |
1250 | 0 | OSSL_STORE_INFO *result = NULL; |
1251 | 0 |
|
1252 | 0 | ctx->errcnt = 0; |
1253 | 0 | ERR_clear_error(); |
1254 | 0 |
|
1255 | 0 | if (ctx->type == is_dir) { |
1256 | 0 | do { |
1257 | 0 | char *newname = NULL; |
1258 | 0 |
|
1259 | 0 | if (ctx->_.dir.last_entry == NULL) { |
1260 | 0 | if (!ctx->_.dir.end_reached) { |
1261 | 0 | char errbuf[256]; |
1262 | 0 | assert(ctx->_.dir.last_errno != 0); |
1263 | 0 | errno = ctx->_.dir.last_errno; |
1264 | 0 | ctx->errcnt++; |
1265 | 0 | openssl_strerror_r(errno, errbuf, sizeof(errbuf)); |
1266 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB); |
1267 | 0 | ERR_add_error_data(1, errbuf); |
1268 | 0 | } |
1269 | 0 | return NULL; |
1270 | 0 | } |
1271 | 0 |
|
1272 | 0 | if (ctx->_.dir.last_entry[0] != '.' |
1273 | 0 | && file_name_check(ctx, ctx->_.dir.last_entry) |
1274 | 0 | && !file_name_to_uri(ctx, ctx->_.dir.last_entry, &newname)) |
1275 | 0 | return NULL; |
1276 | 0 | |
1277 | 0 | /* |
1278 | 0 | * On the first call (with a NULL context), OPENSSL_DIR_read() |
1279 | 0 | * cares about the second argument. On the following calls, it |
1280 | 0 | * only cares that it isn't NULL. Therefore, we can safely give |
1281 | 0 | * it our URI here. |
1282 | 0 | */ |
1283 | 0 | ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, |
1284 | 0 | ctx->_.dir.uri); |
1285 | 0 | ctx->_.dir.last_errno = errno; |
1286 | 0 | if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0) |
1287 | 0 | ctx->_.dir.end_reached = 1; |
1288 | 0 |
|
1289 | 0 | if (newname != NULL |
1290 | 0 | && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) { |
1291 | 0 | OPENSSL_free(newname); |
1292 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_OSSL_STORE_LIB); |
1293 | 0 | return NULL; |
1294 | 0 | } |
1295 | 0 | } while (result == NULL && !file_eof(ctx)); |
1296 | 0 | } else { |
1297 | 0 | int matchcount = -1; |
1298 | 0 |
|
1299 | 0 | again: |
1300 | 0 | result = file_load_try_repeat(ctx, ui_method, ui_data); |
1301 | 0 | if (result != NULL) |
1302 | 0 | return result; |
1303 | 0 | |
1304 | 0 | if (file_eof(ctx)) |
1305 | 0 | return NULL; |
1306 | 0 | |
1307 | 0 | do { |
1308 | 0 | char *pem_name = NULL; /* PEM record name */ |
1309 | 0 | char *pem_header = NULL; /* PEM record header */ |
1310 | 0 | unsigned char *data = NULL; /* DER encoded data */ |
1311 | 0 | long len = 0; /* DER encoded data length */ |
1312 | 0 |
|
1313 | 0 | matchcount = -1; |
1314 | 0 | if (ctx->type == is_pem) { |
1315 | 0 | if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header, |
1316 | 0 | &data, &len, ui_method, ui_data, |
1317 | 0 | (ctx->flags & FILE_FLAG_SECMEM) != 0)) { |
1318 | 0 | ctx->errcnt++; |
1319 | 0 | goto endloop; |
1320 | 0 | } |
1321 | 0 | } else { |
1322 | 0 | if (!file_read_asn1(ctx->_.file.file, &data, &len)) { |
1323 | 0 | ctx->errcnt++; |
1324 | 0 | goto endloop; |
1325 | 0 | } |
1326 | 0 | } |
1327 | 0 | |
1328 | 0 | result = file_load_try_decode(ctx, pem_name, pem_header, data, len, |
1329 | 0 | ui_method, ui_data, &matchcount); |
1330 | 0 |
|
1331 | 0 | if (result != NULL) |
1332 | 0 | goto endloop; |
1333 | 0 | |
1334 | 0 | /* |
1335 | 0 | * If a PEM name matches more than one handler, the handlers are |
1336 | 0 | * badly coded. |
1337 | 0 | */ |
1338 | 0 | if (!ossl_assert(pem_name == NULL || matchcount <= 1)) { |
1339 | 0 | ctx->errcnt++; |
1340 | 0 | goto endloop; |
1341 | 0 | } |
1342 | 0 | |
1343 | 0 | if (matchcount > 1) { |
1344 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, |
1345 | 0 | OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE); |
1346 | 0 | } else if (matchcount == 1) { |
1347 | 0 | /* |
1348 | 0 | * If there are other errors on the stack, they already show |
1349 | 0 | * what the problem is. |
1350 | 0 | */ |
1351 | 0 | if (ERR_peek_error() == 0) { |
1352 | 0 | OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, |
1353 | 0 | OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE); |
1354 | 0 | if (pem_name != NULL) |
1355 | 0 | ERR_add_error_data(3, "PEM type is '", pem_name, "'"); |
1356 | 0 | } |
1357 | 0 | } |
1358 | 0 | if (matchcount > 0) |
1359 | 0 | ctx->errcnt++; |
1360 | 0 |
|
1361 | 0 | endloop: |
1362 | 0 | pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); |
1363 | 0 | pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); |
1364 | 0 | pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len); |
1365 | 0 | } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx)); |
1366 | 0 |
|
1367 | 0 | /* We bail out on ambiguity */ |
1368 | 0 | if (matchcount > 1) |
1369 | 0 | return NULL; |
1370 | 0 | |
1371 | 0 | if (result != NULL |
1372 | 0 | && ctx->expected_type != 0 |
1373 | 0 | && ctx->expected_type != OSSL_STORE_INFO_get_type(result)) { |
1374 | 0 | OSSL_STORE_INFO_free(result); |
1375 | 0 | goto again; |
1376 | 0 | } |
1377 | 0 | } |
1378 | 0 | |
1379 | 0 | return result; |
1380 | 0 | } |
1381 | | |
1382 | | static int file_error(OSSL_STORE_LOADER_CTX *ctx) |
1383 | 0 | { |
1384 | 0 | return ctx->errcnt > 0; |
1385 | 0 | } |
1386 | | |
1387 | | static int file_eof(OSSL_STORE_LOADER_CTX *ctx) |
1388 | 0 | { |
1389 | 0 | if (ctx->type == is_dir) |
1390 | 0 | return ctx->_.dir.end_reached; |
1391 | 0 | |
1392 | 0 | if (ctx->_.file.last_handler != NULL |
1393 | 0 | && !ctx->_.file.last_handler->eof(ctx->_.file.last_handler_ctx)) |
1394 | 0 | return 0; |
1395 | 0 | return BIO_eof(ctx->_.file.file); |
1396 | 0 | } |
1397 | | |
1398 | | static int file_close(OSSL_STORE_LOADER_CTX *ctx) |
1399 | 0 | { |
1400 | 0 | if (ctx->type == is_dir) { |
1401 | 0 | OPENSSL_DIR_end(&ctx->_.dir.ctx); |
1402 | 0 | } else { |
1403 | 0 | BIO_free_all(ctx->_.file.file); |
1404 | 0 | } |
1405 | 0 | OSSL_STORE_LOADER_CTX_free(ctx); |
1406 | 0 | return 1; |
1407 | 0 | } |
1408 | | |
1409 | | int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx) |
1410 | 0 | { |
1411 | 0 | OSSL_STORE_LOADER_CTX_free(ctx); |
1412 | 0 | return 1; |
1413 | 0 | } |
1414 | | |
1415 | | static OSSL_STORE_LOADER file_loader = |
1416 | | { |
1417 | | "file", |
1418 | | NULL, |
1419 | | file_open, |
1420 | | file_ctrl, |
1421 | | file_expect, |
1422 | | file_find, |
1423 | | file_load, |
1424 | | file_eof, |
1425 | | file_error, |
1426 | | file_close |
1427 | | }; |
1428 | | |
1429 | | static void store_file_loader_deinit(void) |
1430 | 0 | { |
1431 | 0 | ossl_store_unregister_loader_int(file_loader.scheme); |
1432 | 0 | } |
1433 | | |
1434 | | int ossl_store_file_loader_init(void) |
1435 | 0 | { |
1436 | 0 | int ret = ossl_store_register_loader_int(&file_loader); |
1437 | 0 |
|
1438 | 0 | OPENSSL_atexit(store_file_loader_deinit); |
1439 | 0 | return ret; |
1440 | 0 | } |