1 /*
2 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* This file has quite some overlap with engines/e_loader_attic.c */
11
12 #include <string.h>
13 #include <sys/stat.h>
14 #include <ctype.h> /* isdigit */
15 #include <assert.h>
16
17 #include <openssl/core_dispatch.h>
18 #include <openssl/core_names.h>
19 #include <openssl/core_object.h>
20 #include <openssl/bio.h>
21 #include <openssl/err.h>
22 #include <openssl/params.h>
23 #include <openssl/decoder.h>
24 #include <openssl/proverr.h>
25 #include <openssl/store.h> /* The OSSL_STORE_INFO type numbers */
26 #include "internal/cryptlib.h"
27 #include "internal/o_dir.h"
28 #include "crypto/decoder.h"
29 #include "crypto/ctype.h" /* ossl_isdigit() */
30 #include "prov/implementations.h"
31 #include "prov/bio.h"
32 #include "file_store_local.h"
33
34 DEFINE_STACK_OF(OSSL_STORE_INFO)
35
36 #ifdef _WIN32
37 # define stat _stat
38 #endif
39
40 #ifndef S_ISDIR
41 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
42 #endif
43
44 static OSSL_FUNC_store_open_fn file_open;
45 static OSSL_FUNC_store_attach_fn file_attach;
46 static OSSL_FUNC_store_settable_ctx_params_fn file_settable_ctx_params;
47 static OSSL_FUNC_store_set_ctx_params_fn file_set_ctx_params;
48 static OSSL_FUNC_store_load_fn file_load;
49 static OSSL_FUNC_store_eof_fn file_eof;
50 static OSSL_FUNC_store_close_fn file_close;
51
52 /*
53 * This implementation makes full use of OSSL_DECODER, and then some.
54 * It uses its own internal decoder implementation that reads DER and
55 * passes that on to the data callback; this decoder is created with
56 * internal OpenSSL functions, thereby bypassing the need for a surrounding
57 * provider. This is ok, since this is a local decoder, not meant for
58 * public consumption. It also uses the libcrypto internal decoder
59 * setup function ossl_decoder_ctx_setup_for_pkey(), to allow the
60 * last resort decoder to be added first (and thereby be executed last).
61 * Finally, it sets up its own construct and cleanup functions.
62 *
63 * Essentially, that makes this implementation a kind of glorified decoder.
64 */
65
66 struct file_ctx_st {
67 void *provctx;
68 char *uri; /* The URI we currently try to load */
69 enum {
70 IS_FILE = 0, /* Read file and pass results */
71 IS_DIR /* Pass directory entry names */
72 } type;
73
74 union {
75 /* Used with |IS_FILE| */
76 struct {
77 BIO *file;
78
79 OSSL_DECODER_CTX *decoderctx;
80 char *input_type;
81 char *propq; /* The properties we got as a parameter */
82 } file;
83
84 /* Used with |IS_DIR| */
85 struct {
86 OPENSSL_DIR_CTX *ctx;
87 int end_reached;
88
89 /*
90 * When a search expression is given, these are filled in.
91 * |search_name| contains the file basename to look for.
92 * The string is exactly 8 characters long.
93 */
94 char search_name[9];
95
96 /*
97 * The directory reading utility we have combines opening with
98 * reading the first name. To make sure we can detect the end
99 * at the right time, we read early and cache the name.
100 */
101 const char *last_entry;
102 int last_errno;
103 } dir;
104 } _;
105
106 /* Expected object type. May be unspecified */
107 int expected_type;
108 };
109
free_file_ctx(struct file_ctx_st * ctx)110 static void free_file_ctx(struct file_ctx_st *ctx)
111 {
112 if (ctx == NULL)
113 return;
114
115 OPENSSL_free(ctx->uri);
116 if (ctx->type != IS_DIR) {
117 OSSL_DECODER_CTX_free(ctx->_.file.decoderctx);
118 OPENSSL_free(ctx->_.file.propq);
119 OPENSSL_free(ctx->_.file.input_type);
120 }
121 OPENSSL_free(ctx);
122 }
123
new_file_ctx(int type,const char * uri,void * provctx)124 static struct file_ctx_st *new_file_ctx(int type, const char *uri,
125 void *provctx)
126 {
127 struct file_ctx_st *ctx = NULL;
128
129 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL
130 && (uri == NULL || (ctx->uri = OPENSSL_strdup(uri)) != NULL)) {
131 ctx->type = type;
132 ctx->provctx = provctx;
133 return ctx;
134 }
135 free_file_ctx(ctx);
136 return NULL;
137 }
138
139 static OSSL_DECODER_CONSTRUCT file_load_construct;
140 static OSSL_DECODER_CLEANUP file_load_cleanup;
141
142 /*-
143 * Opening / attaching streams and directories
144 * -------------------------------------------
145 */
146
147 /*
148 * Function to service both file_open() and file_attach()
149 *
150 *
151 */
file_open_stream(BIO * source,const char * uri,void * provctx)152 static struct file_ctx_st *file_open_stream(BIO *source, const char *uri,
153 void *provctx)
154 {
155 struct file_ctx_st *ctx;
156
157 if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL) {
158 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
159 goto err;
160 }
161
162 ctx->_.file.file = source;
163
164 return ctx;
165 err:
166 free_file_ctx(ctx);
167 return NULL;
168 }
169
file_open_dir(const char * path,const char * uri,void * provctx)170 static void *file_open_dir(const char *path, const char *uri, void *provctx)
171 {
172 struct file_ctx_st *ctx;
173
174 if ((ctx = new_file_ctx(IS_DIR, uri, provctx)) == NULL) {
175 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
176 return NULL;
177 }
178
179 ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path);
180 ctx->_.dir.last_errno = errno;
181 if (ctx->_.dir.last_entry == NULL) {
182 if (ctx->_.dir.last_errno != 0) {
183 ERR_raise_data(ERR_LIB_SYS, ctx->_.dir.last_errno,
184 "Calling OPENSSL_DIR_read(\"%s\")", path);
185 goto err;
186 }
187 ctx->_.dir.end_reached = 1;
188 }
189 return ctx;
190 err:
191 file_close(ctx);
192 return NULL;
193 }
194
file_open(void * provctx,const char * uri)195 static void *file_open(void *provctx, const char *uri)
196 {
197 struct file_ctx_st *ctx = NULL;
198 struct stat st;
199 struct {
200 const char *path;
201 unsigned int check_absolute:1;
202 } path_data[2];
203 size_t path_data_n = 0, i;
204 const char *path;
205 BIO *bio;
206
207 ERR_set_mark();
208
209 /*
210 * First step, just take the URI as is.
211 */
212 path_data[path_data_n].check_absolute = 0;
213 path_data[path_data_n++].path = uri;
214
215 /*
216 * Second step, if the URI appears to start with the 'file' scheme,
217 * extract the path and make that the second path to check.
218 * There's a special case if the URI also contains an authority, then
219 * the full URI shouldn't be used as a path anywhere.
220 */
221 if (OPENSSL_strncasecmp(uri, "file:", 5) == 0) {
222 const char *p = &uri[5];
223
224 if (strncmp(&uri[5], "//", 2) == 0) {
225 path_data_n--; /* Invalidate using the full URI */
226 if (OPENSSL_strncasecmp(&uri[7], "localhost/", 10) == 0) {
227 p = &uri[16];
228 } else if (uri[7] == '/') {
229 p = &uri[7];
230 } else {
231 ERR_clear_last_mark();
232 ERR_raise(ERR_LIB_PROV, PROV_R_URI_AUTHORITY_UNSUPPORTED);
233 return NULL;
234 }
235 }
236
237 path_data[path_data_n].check_absolute = 1;
238 #ifdef _WIN32
239 /* Windows file: URIs with a drive letter start with a / */
240 if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
241 char c = tolower(p[1]);
242
243 if (c >= 'a' && c <= 'z') {
244 p++;
245 /* We know it's absolute, so no need to check */
246 path_data[path_data_n].check_absolute = 0;
247 }
248 }
249 #endif
250 path_data[path_data_n++].path = p;
251 }
252
253
254 for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) {
255 /*
256 * If the scheme "file" was an explicit part of the URI, the path must
257 * be absolute. So says RFC 8089
258 */
259 if (path_data[i].check_absolute && path_data[i].path[0] != '/') {
260 ERR_clear_last_mark();
261 ERR_raise_data(ERR_LIB_PROV, PROV_R_PATH_MUST_BE_ABSOLUTE,
262 "Given path=%s", path_data[i].path);
263 return NULL;
264 }
265
266 if (stat(path_data[i].path, &st) < 0) {
267 ERR_raise_data(ERR_LIB_SYS, errno,
268 "calling stat(%s)",
269 path_data[i].path);
270 } else {
271 path = path_data[i].path;
272 }
273 }
274 if (path == NULL) {
275 ERR_clear_last_mark();
276 return NULL;
277 }
278
279 /* Successfully found a working path, clear possible collected errors */
280 ERR_pop_to_mark();
281
282 if (S_ISDIR(st.st_mode))
283 ctx = file_open_dir(path, uri, provctx);
284 else if ((bio = BIO_new_file(path, "rb")) == NULL
285 || (ctx = file_open_stream(bio, uri, provctx)) == NULL)
286 BIO_free_all(bio);
287
288 return ctx;
289 }
290
file_attach(void * provctx,OSSL_CORE_BIO * cin)291 void *file_attach(void *provctx, OSSL_CORE_BIO *cin)
292 {
293 struct file_ctx_st *ctx;
294 BIO *new_bio = ossl_bio_new_from_core_bio(provctx, cin);
295
296 if (new_bio == NULL)
297 return NULL;
298
299 ctx = file_open_stream(new_bio, NULL, provctx);
300 if (ctx == NULL)
301 BIO_free(new_bio);
302 return ctx;
303 }
304
305 /*-
306 * Setting parameters
307 * ------------------
308 */
309
file_settable_ctx_params(void * provctx)310 static const OSSL_PARAM *file_settable_ctx_params(void *provctx)
311 {
312 static const OSSL_PARAM known_settable_ctx_params[] = {
313 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES, NULL, 0),
314 OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT, NULL),
315 OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT, NULL, 0),
316 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, NULL, 0),
317 OSSL_PARAM_END
318 };
319 return known_settable_ctx_params;
320 }
321
file_set_ctx_params(void * loaderctx,const OSSL_PARAM params[])322 static int file_set_ctx_params(void *loaderctx, const OSSL_PARAM params[])
323 {
324 struct file_ctx_st *ctx = loaderctx;
325 const OSSL_PARAM *p;
326
327 if (params == NULL)
328 return 1;
329
330 if (ctx->type != IS_DIR) {
331 /* these parameters are ignored for directories */
332 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
333 if (p != NULL) {
334 OPENSSL_free(ctx->_.file.propq);
335 ctx->_.file.propq = NULL;
336 if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
337 return 0;
338 }
339 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_INPUT_TYPE);
340 if (p != NULL) {
341 OPENSSL_free(ctx->_.file.input_type);
342 ctx->_.file.input_type = NULL;
343 if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.input_type, 0))
344 return 0;
345 }
346 }
347 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_EXPECT);
348 if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->expected_type))
349 return 0;
350 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
351 if (p != NULL) {
352 const unsigned char *der = NULL;
353 size_t der_len = 0;
354 X509_NAME *x509_name;
355 unsigned long hash;
356 int ok;
357
358 if (ctx->type != IS_DIR) {
359 ERR_raise(ERR_LIB_PROV,
360 PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
361 return 0;
362 }
363
364 if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&der, &der_len)
365 || (x509_name = d2i_X509_NAME(NULL, &der, der_len)) == NULL)
366 return 0;
367 hash = X509_NAME_hash_ex(x509_name,
368 ossl_prov_ctx_get0_libctx(ctx->provctx), NULL,
369 &ok);
370 BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name),
371 "%08lx", hash);
372 X509_NAME_free(x509_name);
373 if (ok == 0)
374 return 0;
375 }
376 return 1;
377 }
378
379 /*-
380 * Loading an object from a stream
381 * -------------------------------
382 */
383
384 struct file_load_data_st {
385 OSSL_CALLBACK *object_cb;
386 void *object_cbarg;
387 };
388
file_load_construct(OSSL_DECODER_INSTANCE * decoder_inst,const OSSL_PARAM * params,void * construct_data)389 static int file_load_construct(OSSL_DECODER_INSTANCE *decoder_inst,
390 const OSSL_PARAM *params, void *construct_data)
391 {
392 struct file_load_data_st *data = construct_data;
393
394 /*
395 * At some point, we may find it justifiable to recognise PKCS#12 and
396 * handle it specially here, making |file_load()| return pass its
397 * contents one piece at ta time, like |e_loader_attic.c| does.
398 *
399 * However, that currently means parsing them out, which converts the
400 * DER encoded PKCS#12 into a bunch of EVP_PKEYs and X509s, just to
401 * have to re-encode them into DER to create an object abstraction for
402 * each of them.
403 * It's much simpler (less churn) to pass on the object abstraction we
404 * get to the load_result callback and leave it to that one to do the
405 * work. If that's libcrypto code, we know that it has much better
406 * possibilities to handle the EVP_PKEYs and X509s without the extra
407 * churn.
408 */
409
410 return data->object_cb(params, data->object_cbarg);
411 }
412
file_load_cleanup(void * construct_data)413 void file_load_cleanup(void *construct_data)
414 {
415 /* Nothing to do */
416 }
417
file_setup_decoders(struct file_ctx_st * ctx)418 static int file_setup_decoders(struct file_ctx_st *ctx)
419 {
420 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
421 const OSSL_ALGORITHM *to_algo = NULL;
422 int ok = 0;
423
424 /* Setup for this session, so only if not already done */
425 if (ctx->_.file.decoderctx == NULL) {
426 if ((ctx->_.file.decoderctx = OSSL_DECODER_CTX_new()) == NULL) {
427 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
428 goto err;
429 }
430
431 /* Make sure the input type is set */
432 if (!OSSL_DECODER_CTX_set_input_type(ctx->_.file.decoderctx,
433 ctx->_.file.input_type)) {
434 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
435 goto err;
436 }
437
438 /*
439 * Where applicable, set the outermost structure name.
440 * The goal is to avoid the STORE object types that are
441 * potentially password protected but aren't interesting
442 * for this load.
443 */
444 switch (ctx->expected_type) {
445 case OSSL_STORE_INFO_CERT:
446 if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
447 "Certificate")) {
448 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
449 goto err;
450 }
451 break;
452 case OSSL_STORE_INFO_CRL:
453 if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
454 "CertificateList")) {
455 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
456 goto err;
457 }
458 break;
459 default:
460 break;
461 }
462
463 for (to_algo = ossl_any_to_obj_algorithm;
464 to_algo->algorithm_names != NULL;
465 to_algo++) {
466 OSSL_DECODER *to_obj = NULL;
467 OSSL_DECODER_INSTANCE *to_obj_inst = NULL;
468
469 /*
470 * Create the internal last resort decoder implementation
471 * together with a "decoder instance".
472 * The decoder doesn't need any identification or to be
473 * attached to any provider, since it's only used locally.
474 */
475 to_obj = ossl_decoder_from_algorithm(0, to_algo, NULL);
476 if (to_obj != NULL)
477 to_obj_inst = ossl_decoder_instance_new(to_obj, ctx->provctx);
478 OSSL_DECODER_free(to_obj);
479 if (to_obj_inst == NULL)
480 goto err;
481
482 if (!ossl_decoder_ctx_add_decoder_inst(ctx->_.file.decoderctx,
483 to_obj_inst)) {
484 ossl_decoder_instance_free(to_obj_inst);
485 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
486 goto err;
487 }
488 }
489 /* Add on the usual extra decoders */
490 if (!OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx,
491 libctx, ctx->_.file.propq)) {
492 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
493 goto err;
494 }
495
496 /*
497 * Then install our constructor hooks, which just passes decoded
498 * data to the load callback
499 */
500 if (!OSSL_DECODER_CTX_set_construct(ctx->_.file.decoderctx,
501 file_load_construct)
502 || !OSSL_DECODER_CTX_set_cleanup(ctx->_.file.decoderctx,
503 file_load_cleanup)) {
504 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
505 goto err;
506 }
507 }
508
509 ok = 1;
510 err:
511 return ok;
512 }
513
file_load_file(struct file_ctx_st * ctx,OSSL_CALLBACK * object_cb,void * object_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg)514 static int file_load_file(struct file_ctx_st *ctx,
515 OSSL_CALLBACK *object_cb, void *object_cbarg,
516 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
517 {
518 struct file_load_data_st data;
519 int ret, err;
520
521 /* Setup the decoders (one time shot per session */
522
523 if (!file_setup_decoders(ctx))
524 return 0;
525
526 /* Setup for this object */
527
528 data.object_cb = object_cb;
529 data.object_cbarg = object_cbarg;
530 OSSL_DECODER_CTX_set_construct_data(ctx->_.file.decoderctx, &data);
531 OSSL_DECODER_CTX_set_passphrase_cb(ctx->_.file.decoderctx, pw_cb, pw_cbarg);
532
533 /* Launch */
534
535 ERR_set_mark();
536 ret = OSSL_DECODER_from_bio(ctx->_.file.decoderctx, ctx->_.file.file);
537 if (BIO_eof(ctx->_.file.file)
538 && ((err = ERR_peek_last_error()) != 0)
539 && ERR_GET_LIB(err) == ERR_LIB_OSSL_DECODER
540 && ERR_GET_REASON(err) == ERR_R_UNSUPPORTED)
541 ERR_pop_to_mark();
542 else
543 ERR_clear_last_mark();
544 return ret;
545 }
546
547 /*-
548 * Loading a name object from a directory
549 * --------------------------------------
550 */
551
file_name_to_uri(struct file_ctx_st * ctx,const char * name)552 static char *file_name_to_uri(struct file_ctx_st *ctx, const char *name)
553 {
554 char *data = NULL;
555
556 assert(name != NULL);
557 {
558 const char *pathsep = ossl_ends_with_dirsep(ctx->uri) ? "" : "/";
559 long calculated_length = strlen(ctx->uri) + strlen(pathsep)
560 + strlen(name) + 1 /* \0 */;
561
562 data = OPENSSL_zalloc(calculated_length);
563 if (data == NULL) {
564 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
565 return NULL;
566 }
567
568 OPENSSL_strlcat(data, ctx->uri, calculated_length);
569 OPENSSL_strlcat(data, pathsep, calculated_length);
570 OPENSSL_strlcat(data, name, calculated_length);
571 }
572 return data;
573 }
574
file_name_check(struct file_ctx_st * ctx,const char * name)575 static int file_name_check(struct file_ctx_st *ctx, const char *name)
576 {
577 const char *p = NULL;
578 size_t len = strlen(ctx->_.dir.search_name);
579
580 /* If there are no search criteria, all names are accepted */
581 if (ctx->_.dir.search_name[0] == '\0')
582 return 1;
583
584 /* If the expected type isn't supported, no name is accepted */
585 if (ctx->expected_type != 0
586 && ctx->expected_type != OSSL_STORE_INFO_CERT
587 && ctx->expected_type != OSSL_STORE_INFO_CRL)
588 return 0;
589
590 /*
591 * First, check the basename
592 */
593 if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0
594 || name[len] != '.')
595 return 0;
596 p = &name[len + 1];
597
598 /*
599 * Then, if the expected type is a CRL, check that the extension starts
600 * with 'r'
601 */
602 if (*p == 'r') {
603 p++;
604 if (ctx->expected_type != 0
605 && ctx->expected_type != OSSL_STORE_INFO_CRL)
606 return 0;
607 } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) {
608 return 0;
609 }
610
611 /*
612 * Last, check that the rest of the extension is a decimal number, at
613 * least one digit long.
614 */
615 if (!isdigit((unsigned char)*p))
616 return 0;
617 while (isdigit((unsigned char)*p))
618 p++;
619
620 #ifdef __VMS
621 /*
622 * One extra step here, check for a possible generation number.
623 */
624 if (*p == ';')
625 for (p++; *p != '\0'; p++)
626 if (!ossl_isdigit((unsigned char)*p))
627 break;
628 #endif
629
630 /*
631 * If we've reached the end of the string at this point, we've successfully
632 * found a fitting file name.
633 */
634 return *p == '\0';
635 }
636
file_load_dir_entry(struct file_ctx_st * ctx,OSSL_CALLBACK * object_cb,void * object_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg)637 static int file_load_dir_entry(struct file_ctx_st *ctx,
638 OSSL_CALLBACK *object_cb, void *object_cbarg,
639 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
640 {
641 /* Prepare as much as possible in advance */
642 static const int object_type = OSSL_OBJECT_NAME;
643 OSSL_PARAM object[] = {
644 OSSL_PARAM_int(OSSL_OBJECT_PARAM_TYPE, (int *)&object_type),
645 OSSL_PARAM_utf8_string(OSSL_OBJECT_PARAM_DATA, NULL, 0),
646 OSSL_PARAM_END
647 };
648 char *newname = NULL;
649 int ok;
650
651 /* Loop until we get an error or until we have a suitable name */
652 do {
653 if (ctx->_.dir.last_entry == NULL) {
654 if (!ctx->_.dir.end_reached) {
655 assert(ctx->_.dir.last_errno != 0);
656 ERR_raise(ERR_LIB_SYS, ctx->_.dir.last_errno);
657 }
658 /* file_eof() will tell if EOF was reached */
659 return 0;
660 }
661
662 /* flag acceptable names */
663 if (ctx->_.dir.last_entry[0] != '.'
664 && file_name_check(ctx, ctx->_.dir.last_entry)) {
665
666 /* If we can't allocate the new name, we fail */
667 if ((newname =
668 file_name_to_uri(ctx, ctx->_.dir.last_entry)) == NULL)
669 return 0;
670 }
671
672 /*
673 * On the first call (with a NULL context), OPENSSL_DIR_read()
674 * cares about the second argument. On the following calls, it
675 * only cares that it isn't NULL. Therefore, we can safely give
676 * it our URI here.
677 */
678 ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, ctx->uri);
679 ctx->_.dir.last_errno = errno;
680 if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0)
681 ctx->_.dir.end_reached = 1;
682 } while (newname == NULL);
683
684 object[1].data = newname;
685 object[1].data_size = strlen(newname);
686 ok = object_cb(object, object_cbarg);
687 OPENSSL_free(newname);
688 return ok;
689 }
690
691 /*-
692 * Loading, local dispatcher
693 * -------------------------
694 */
695
file_load(void * loaderctx,OSSL_CALLBACK * object_cb,void * object_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg)696 static int file_load(void *loaderctx,
697 OSSL_CALLBACK *object_cb, void *object_cbarg,
698 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
699 {
700 struct file_ctx_st *ctx = loaderctx;
701
702 switch (ctx->type) {
703 case IS_FILE:
704 return file_load_file(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg);
705 case IS_DIR:
706 return
707 file_load_dir_entry(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg);
708 default:
709 break;
710 }
711
712 /* ctx->type has an unexpected value */
713 assert(0);
714 return 0;
715 }
716
717 /*-
718 * Eof detection and closing
719 * -------------------------
720 */
721
file_eof(void * loaderctx)722 static int file_eof(void *loaderctx)
723 {
724 struct file_ctx_st *ctx = loaderctx;
725
726 switch (ctx->type) {
727 case IS_DIR:
728 return ctx->_.dir.end_reached;
729 case IS_FILE:
730 /*
731 * BIO_pending() checks any filter BIO.
732 * BIO_eof() checks the source BIO.
733 */
734 return !BIO_pending(ctx->_.file.file)
735 && BIO_eof(ctx->_.file.file);
736 }
737
738 /* ctx->type has an unexpected value */
739 assert(0);
740 return 1;
741 }
742
file_close_dir(struct file_ctx_st * ctx)743 static int file_close_dir(struct file_ctx_st *ctx)
744 {
745 if (ctx->_.dir.ctx != NULL)
746 OPENSSL_DIR_end(&ctx->_.dir.ctx);
747 free_file_ctx(ctx);
748 return 1;
749 }
750
file_close_stream(struct file_ctx_st * ctx)751 static int file_close_stream(struct file_ctx_st *ctx)
752 {
753 /*
754 * This frees either the provider BIO filter (for file_attach()) OR
755 * the allocated file BIO (for file_open()).
756 */
757 BIO_free(ctx->_.file.file);
758 ctx->_.file.file = NULL;
759
760 free_file_ctx(ctx);
761 return 1;
762 }
763
file_close(void * loaderctx)764 static int file_close(void *loaderctx)
765 {
766 struct file_ctx_st *ctx = loaderctx;
767
768 switch (ctx->type) {
769 case IS_DIR:
770 return file_close_dir(ctx);
771 case IS_FILE:
772 return file_close_stream(ctx);
773 }
774
775 /* ctx->type has an unexpected value */
776 assert(0);
777 return 1;
778 }
779
780 const OSSL_DISPATCH ossl_file_store_functions[] = {
781 { OSSL_FUNC_STORE_OPEN, (void (*)(void))file_open },
782 { OSSL_FUNC_STORE_ATTACH, (void (*)(void))file_attach },
783 { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS,
784 (void (*)(void))file_settable_ctx_params },
785 { OSSL_FUNC_STORE_SET_CTX_PARAMS, (void (*)(void))file_set_ctx_params },
786 { OSSL_FUNC_STORE_LOAD, (void (*)(void))file_load },
787 { OSSL_FUNC_STORE_EOF, (void (*)(void))file_eof },
788 { OSSL_FUNC_STORE_CLOSE, (void (*)(void))file_close },
789 { 0, NULL },
790 };
791