/*
* Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdlib.h>
#include <string.h>
#include <assert.h>
/* We need to use some STORE deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
#include "internal/e_os.h"
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/trace.h>
#include <openssl/core_names.h>
#include <openssl/provider.h>
#include <openssl/param_build.h>
#include <openssl/store.h>
#include "internal/thread_once.h"
#include "internal/cryptlib.h"
#include "internal/provider.h"
#include "internal/bio.h"
#include "crypto/store.h"
#include "store_local.h"
static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
static int loader_set_params(OSSL_STORE_LOADER *loader,
OSSL_STORE_LOADER_CTX *loader_ctx,
const OSSL_PARAM params[], const char *propq)
{
if (params != NULL) {
if (!loader->p_set_ctx_params(loader_ctx, params))
return 0;
}
if (propq != NULL) {
OSSL_PARAM propp[2];
if (OSSL_PARAM_locate_const(params,
OSSL_STORE_PARAM_PROPERTIES) != NULL)
/* use the propq from params */
return 1;
propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES,
(char *)propq, 0);
propp[1] = OSSL_PARAM_construct_end();
if (!loader->p_set_ctx_params(loader_ctx, propp))
return 0;
}
return 1;
}
OSSL_STORE_CTX *
OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
const UI_METHOD *ui_method, void *ui_data,
const OSSL_PARAM params[],
OSSL_STORE_post_process_info_fn post_process,
void *post_process_data)
{
struct ossl_passphrase_data_st pwdata = { 0 };
const OSSL_STORE_LOADER *loader = NULL;
OSSL_STORE_LOADER *fetched_loader = NULL;
OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
OSSL_STORE_CTX *ctx = NULL;
char *propq_copy = NULL;
int no_loader_found = 1;
char scheme_copy[256], *p, *schemes[2], *scheme = NULL;
size_t schemes_n = 0;
size_t i;
/*
* Put the file scheme first. If the uri does represent an existing file,
* possible device name and all, then it should be loaded. Only a failed
* attempt at loading a local file should have us try something else.
*/
schemes[schemes_n++] = "file";
/*
* Now, check if we have something that looks like a scheme, and add it
* as a second scheme. However, also check if there's an authority start
* (://), because that will invalidate the previous file scheme. Also,
* check that this isn't actually the file scheme, as there's no point
* going through that one twice!
*/
OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
if ((p = strchr(scheme_copy, ':')) != NULL) {
*p++ = '\0';
if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) {
if (HAS_PREFIX(p, "//"))
schemes_n--; /* Invalidate the file scheme */
schemes[schemes_n++] = scheme_copy;
}
}
ERR_set_mark();
if (ui_method != NULL
&& (!ossl_pw_set_ui_method(&pwdata, ui_method, ui_data)
|| !ossl_pw_enable_passphrase_caching(&pwdata))) {
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB);
goto err;
}
/*
* Try each scheme until we find one that could open the URI.
*
* For each scheme, we look for the engine implementation first, and
* failing that, we then try to fetch a provided implementation.
* This is consistent with how we handle legacy / engine i