1 /*
2 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* This file has quite some overlap with engines/e_loader_attic.c */
11
12 #include <string.h>
13 #include <sys/stat.h>
14 #include <ctype.h> /* isdigit */
15 #include <assert.h>
16
17 #include <openssl/core_dispatch.h>
18 #include <openssl/core_names.h>
19 #include <openssl/core_object.h>
20 #include <openssl/bio.h>
21 #include <openssl/err.h>
22 #include <openssl/params.h>
23 #include <openssl/decoder.h>
24 #include <openssl/proverr.h>
25 #include <openssl/store.h> /* The OSSL_STORE_INFO type numbers */
26 #include "internal/cryptlib.h"
27 #include "internal/o_dir.h"
28 #include "crypto/decoder.h"
29 #include "crypto/ctype.h" /* ossl_isdigit() */
30 #include "prov/implementations.h"
31 #include "prov/bio.h"
32 #include "prov/providercommon.h"
33 #include "file_store_local.h"
34
35 DEFINE_STACK_OF(OSSL_STORE_INFO)
36
37 #ifdef _WIN32
38 # define stat _stat
39 #endif
40
41 #ifndef S_ISDIR
42 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
43 #endif
44
45 static OSSL_FUNC_store_open_fn file_open;
46 static OSSL_FUNC_store_attach_fn file_attach;
47 static OSSL_FUNC_store_settable_ctx_params_fn file_settable_ctx_params;
48 static OSSL_FUNC_store_set_ctx_params_fn file_set_ctx_params;
49 static OSSL_FUNC_store_load_fn file_load;
50 static OSSL_FUNC_store_eof_fn file_eof;
51 static OSSL_FUNC_store_close_fn file_close;
52
53 /*
54 * This implementation makes full use of OSSL_DECODER, and then some.
55 * It uses its own internal decoder implementation that reads DER and
56 * passes that on to the data callback; this decoder is created with
57 * internal OpenSSL functions, thereby bypassing the need for a surrounding
58 * provider. This is ok, since this is a local decoder, not meant for
59 * public consumption.
60 * Finally, it sets up its own construct and cleanup functions.
61 *
62 * Essentially, that makes this implementation a kind of glorified decoder.
63 */
64
65 struct file_ctx_st {
66 void *provctx;
67 char *uri; /* The URI we currently try to load */
68 enum {
69 IS_FILE = 0, /* Read file and pass results */
70 IS_DIR /* Pass directory entry names */
71 } type;
72
73 union {
74 /* Used with |IS_FILE| */
75 struct {
76 BIO *file;
77
78 OSSL_DECODER_CTX *decoderctx;
79 char *input_type;
80 char *propq; /* The properties we got as a parameter */
81 } file;
82
83 /* Used with |IS_DIR| */
84 struct {
85 OPENSSL_DIR_CTX *ctx;
86 int end_reached;
87
88 /*
89 * When a search expression is given, these are filled in.
90 * |search_name| contains the file basename to look for.
91 * The string is exactly 8 characters long.
92 */
93 char search_name[9];
94
95 /*
96 * The directory reading utility we have combines opening with
97 * reading the first name. To make sure we can detect the end
98 * at the right time, we read early and cache the name.
99 */
100 const char *last_entry;
101 int last_errno;
102 } dir;
103 } _;
104
105 /* Expected object type. May be unspecified */
106 int expected_type;
107 };
108
free_file_ctx(struct file_ctx_st * ctx)109 static void free_file_ctx(struct file_ctx_st *ctx)
110 {
111 if (ctx == NULL)
112 return;
113
114 OPENSSL_free(ctx->uri);
115 if (ctx->type != IS_DIR) {
116 OSSL_DECODER_CTX_free(ctx->_.file.decoderctx);
117 OPENSSL_free(ctx->_.file.propq);
118 OPENSSL_free(ctx->_.file.input_type);
119 }
120 OPENSSL_free(ctx);
121 }
122
new_file_ctx(int type,const char * uri,void * provctx)123 static struct file_ctx_st *new_file_ctx(int type, const char *uri,
124 void *provctx)
125 {
126 struct file_ctx_st *ctx = NULL;
127
128 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL
129 && (uri == NULL || (ctx->uri = OPENSSL_strdup(uri)) != NULL)) {
130 ctx->type = type;
131 ctx->provctx = provctx;
132 return ctx;
133 }
134 free_file_ctx(ctx);
135 return NULL;
136 }
137
138 static OSSL_DECODER_CONSTRUCT file_load_construct;
139 static OSSL_DECODER_CLEANUP file_load_cleanup;
140
141 /*-
142 * Opening / attaching streams and directories
143 * -------------------------------------------
144 */
145
146 /*
147 * Function to service both file_open() and file_attach()
148 *
149 *
150 */
file_open_stream(BIO * source,const char * uri,void * provctx)151 static struct file_ctx_st *file_open_stream(BIO *source, const char *uri,
152 void *provctx)
153 {
154 struct file_ctx_st *ctx;
155
156 if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL) {
157 ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB);
158 goto err;
159 }
160
161 ctx->_.file.file = source;
162
163 return ctx;
164 err:
165 free_file_ctx(ctx);
166 return NULL;
167 }
168
file_open_dir(const char * path,const char * uri,void * provctx)169 static void *file_open_dir(const char *path, const char *uri, void *provctx)
170 {
171 struct file_ctx_st *ctx;
172
173 if ((ctx = new_file_ctx(IS_DIR, uri, provctx)) == NULL) {
174 ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB);
175 return NULL;
176 }
177
178 ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path);
179 ctx->_.dir.last_errno = errno;
180 if (ctx->_.dir.last_entry == NULL) {
181 if (ctx->_.dir.last_errno != 0) {
182 ERR_raise_data(ERR_LIB_SYS, ctx->_.dir.last_errno,
183 "Calling OPENSSL_DIR_read(\"%s\")", path);
184 goto err;
185 }
186 ctx->_.dir.end_reached = 1;
187 }
188 return ctx;
189 err:
190 file_close(ctx);
191 return NULL;
192 }
193
file_open(void * provctx,const char * uri)194 static void *file_open(void *provctx, const char *uri)
195 {
196 struct file_ctx_st *ctx = NULL;
197 struct stat st;
198 struct {
199 const char *path;
200 unsigned int check_absolute:1;
201 } path_data[2];
202 size_t path_data_n = 0, i;
203 const char *path, *p = uri, *q;
204 BIO *bio;
205
206 ERR_set_mark();
207
208 /*
209 * First step, just take the URI as is.
210 */
211 path_data[path_data_n].check_absolute = 0;
212 path_data[path_data_n++].path = uri;
213
214 /*
215 * Second step, if the URI appears to start with the "file" scheme,
216 * extract the path and make that the second path to check.
217 * There's a special case if the URI also contains an authority, then
218 * the full URI shouldn't be used as a path anywhere.
219 */
220 if (CHECK_AND_SKIP_CASE_PREFIX(p, "file:")) {
221 q = p;
222 if (CHECK_AND_SKIP_CASE_PREFIX(q, "//")) {
223 path_data_n--; /* Invalidate using the full URI */
224 if (CHECK_AND_SKIP_CASE_PREFIX(q, "localhost/")
225 || CHECK_AND_SKIP_CASE_PREFIX(q, "/")) {
226 p = q - 1;
227 } else {
228 ERR_clear_last_mark();
229 ERR_raise(ERR_LIB_PROV, PROV_R_URI_AUTHORITY_UNSUPPORTED);
230 return NULL;
231 }
232 }
233
234 path_data[path_data_n].check_absolute = 1;
235 #ifdef _WIN32
236 /* Windows "file:" URIs with a drive letter start with a '/' */
237 if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
238 char c = tolower((unsigned char)p[1]);
239
240 if (c >= 'a' && c <= 'z') {
241 p++;
242 /* We know it's absolute, so no need to check */
243 path_data[path_data_n].check_absolute = 0;
244 }
245 }
246 #endif
247 path_data[path_data_n++].path = p;
248 }
249
250
251 for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) {
252 /*
253 * If the scheme "file" was an explicit part of the URI, the path must
254 * be absolute. So says RFC 8089
255 */
256 if (path_data[i].check_absolute && path_data[i].path[0] != '/') {
257 ERR_clear_last_mark();
258 ERR_raise_data(ERR_LIB_PROV, PROV_R_PATH_MUST_BE_ABSOLUTE,
259 "Given path=%s", path_data[i].path);
260 return NULL;
261 }
262
263 if (stat(path_data[i].path, &st) < 0) {
264 ERR_raise_data(ERR_LIB_SYS, errno,
265 "calling stat(%s)",
266 path_data[i].path);
267 } else {
268 path = path_data[i].path;
269 }
270 }
271 if (path == NULL) {
272 ERR_clear_last_mark();
273 return NULL;
274 }
275
276 /* Successfully found a working path, clear possible collected errors */
277 ERR_pop_to_mark();
278
279 if (S_ISDIR(st.st_mode))
280 ctx = file_open_dir(path, uri, provctx);
281 else if ((bio = BIO_new_file(path, "rb")) == NULL
282 || (ctx = file_open_stream(bio, uri, provctx)) == NULL)
283 BIO_free_all(bio);
284
285 return ctx;
286 }
287
file_attach(void * provctx,OSSL_CORE_BIO * cin)288 void *file_attach(void *provctx, OSSL_CORE_BIO *cin)
289 {
290 struct file_ctx_st *ctx;
291 BIO *new_bio = ossl_bio_new_from_core_bio(provctx, cin);
292
293 if (new_bio == NULL)
294 return NULL;
295
296 ctx = file_open_stream(new_bio, NULL, provctx);
297 if (ctx == NULL)
298 BIO_free(new_bio);
299 return ctx;
300 }
301
302 /*-
303 * Setting parameters
304 * ------------------
305 */
306
file_settable_ctx_params(void * provctx)307 static const OSSL_PARAM *file_settable_ctx_params(void *provctx)
308 {
309 static const OSSL_PARAM known_settable_ctx_params[] = {
310 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES, NULL, 0),
311 OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT, NULL),
312 OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT, NULL, 0),
313 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, NULL, 0),
314 OSSL_PARAM_END
315 };
316 return known_settable_ctx_params;
317 }
318
file_set_ctx_params(void * loaderctx,const OSSL_PARAM params[])319 static int file_set_ctx_params(void *loaderctx, const OSSL_PARAM params[])
320 {
321 struct file_ctx_st *ctx = loaderctx;
322 const OSSL_PARAM *p;
323
324 if (ossl_param_is_empty(params))
325 return 1;
326
327 if (ctx->type != IS_DIR) {
328 /* these parameters are ignored for directories */
329 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
330 if (p != NULL) {
331 OPENSSL_free(ctx->_.file.propq);
332 ctx->_.file.propq = NULL;
333 if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
334 return 0;
335 }
336 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_INPUT_TYPE);
337 if (p != NULL) {
338 OPENSSL_free(ctx->_.file.input_type);
339 ctx->_.file.input_type = NULL;
340 if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.input_type, 0))
341 return 0;
342 }
343 }
344 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_EXPECT);
345 if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->expected_type))
346 return 0;
347 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
348 if (p != NULL) {
349 const unsigned char *der = NULL;
350 size_t der_len = 0;
351 X509_NAME *x509_name;
352 unsigned long hash;
353 int ok;
354
355 if (ctx->type != IS_DIR) {
356 ERR_raise(ERR_LIB_PROV,
357 PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
358 return 0;
359 }
360
361 if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&der, &der_len)
362 || (x509_name = d2i_X509_NAME(NULL, &der, der_len)) == NULL)
363 return 0;
364 hash = X509_NAME_hash_ex(x509_name,
365 ossl_prov_ctx_get0_libctx(ctx->provctx), NULL,
366 &ok);
367 BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name),
368 "%08lx", hash);
369 X509_NAME_free(x509_name);
370 if (ok == 0)
371 return 0;
372 }
373 return 1;
374 }
375
376 /*-
377 * Loading an object from a stream
378 * -------------------------------
379 */
380
381 struct file_load_data_st {
382 OSSL_CALLBACK *object_cb;
383 void *object_cbarg;
384 };
385
file_load_construct(OSSL_DECODER_INSTANCE * decoder_inst,const OSSL_PARAM * params,void * construct_data)386 static int file_load_construct(OSSL_DECODER_INSTANCE *decoder_inst,
387 const OSSL_PARAM *params, void *construct_data)
388 {
389 struct file_load_data_st *data = construct_data;
390
391 /*
392 * At some point, we may find it justifiable to recognise PKCS#12 and
393 * handle it specially here, making |file_load()| return pass its
394 * contents one piece at ta time, like |e_loader_attic.c| does.
395 *
396 * However, that currently means parsing them out, which converts the
397 * DER encoded PKCS#12 into a bunch of EVP_PKEYs and X509s, just to
398 * have to re-encode them into DER to create an object abstraction for
399 * each of them.
400 * It's much simpler (less churn) to pass on the object abstraction we
401 * get to the load_result callback and leave it to that one to do the
402 * work. If that's libcrypto code, we know that it has much better
403 * possibilities to handle the EVP_PKEYs and X509s without the extra
404 * churn.
405 */
406
407 return data->object_cb(params, data->object_cbarg);
408 }
409
file_load_cleanup(void * construct_data)410 void file_load_cleanup(void *construct_data)
411 {
412 /* Nothing to do */
413 }
414
file_setup_decoders(struct file_ctx_st * ctx)415 static int file_setup_decoders(struct file_ctx_st *ctx)
416 {
417 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
418 const OSSL_ALGORITHM *to_algo = NULL;
419 int ok = 0;
420
421 /* Setup for this session, so only if not already done */
422 if (ctx->_.file.decoderctx == NULL) {
423 if ((ctx->_.file.decoderctx = OSSL_DECODER_CTX_new()) == NULL) {
424 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
425 goto err;
426 }
427
428 /* Make sure the input type is set */
429 if (!OSSL_DECODER_CTX_set_input_type(ctx->_.file.decoderctx,
430 ctx->_.file.input_type)) {
431 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
432 goto err;
433 }
434
435 /*
436 * Where applicable, set the outermost structure name.
437 * The goal is to avoid the STORE object types that are
438 * potentially password protected but aren't interesting
439 * for this load.
440 */
441 switch (ctx->expected_type) {
442 case OSSL_STORE_INFO_CERT:
443 if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
444 "Certificate")) {
445 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
446 goto err;
447 }
448 break;
449 case OSSL_STORE_INFO_CRL:
450 if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
451 "CertificateList")) {
452 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
453 goto err;
454 }
455 break;
456 default:
457 break;
458 }
459
460 for (to_algo = ossl_any_to_obj_algorithm;
461 to_algo->algorithm_names != NULL;
462 to_algo++) {
463 OSSL_DECODER *to_obj = NULL;
464 OSSL_DECODER_INSTANCE *to_obj_inst = NULL;
465
466 /*
467 * Create the internal last resort decoder implementation
468 * together with a "decoder instance".
469 * The decoder doesn't need any identification or to be
470 * attached to any provider, since it's only used locally.
471 */
472 to_obj = ossl_decoder_from_algorithm(0, to_algo, NULL);
473 if (to_obj != NULL)
474 to_obj_inst = ossl_decoder_instance_new(to_obj, ctx->provctx);
475 OSSL_DECODER_free(to_obj);
476 if (to_obj_inst == NULL)
477 goto err;
478
479 if (!ossl_decoder_ctx_add_decoder_inst(ctx->_.file.decoderctx,
480 to_obj_inst)) {
481 ossl_decoder_instance_free(to_obj_inst);
482 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
483 goto err;
484 }
485 }
486 /* Add on the usual extra decoders */
487 if (!OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx,
488 libctx, ctx->_.file.propq)) {
489 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
490 goto err;
491 }
492
493 /*
494 * Then install our constructor hooks, which just passes decoded
495 * data to the load callback
496 */
497 if (!OSSL_DECODER_CTX_set_construct(ctx->_.file.decoderctx,
498 file_load_construct)
499 || !OSSL_DECODER_CTX_set_cleanup(ctx->_.file.decoderctx,
500 file_load_cleanup)) {
501 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
502 goto err;
503 }
504 }
505
506 ok = 1;
507 err:
508 return ok;
509 }
510
file_load_file(struct file_ctx_st * ctx,OSSL_CALLBACK * object_cb,void * object_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg)511 static int file_load_file(struct file_ctx_st *ctx,
512 OSSL_CALLBACK *object_cb, void *object_cbarg,
513 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
514 {
515 struct file_load_data_st data;
516 int ret, err;
517
518 /* Setup the decoders (one time shot per session */
519
520 if (!file_setup_decoders(ctx))
521 return 0;
522
523 /* Setup for this object */
524
525 data.object_cb = object_cb;
526 data.object_cbarg = object_cbarg;
527 OSSL_DECODER_CTX_set_construct_data(ctx->_.file.decoderctx, &data);
528 OSSL_DECODER_CTX_set_passphrase_cb(ctx->_.file.decoderctx, pw_cb, pw_cbarg);
529
530 /* Launch */
531
532 ERR_set_mark();
533 ret = OSSL_DECODER_from_bio(ctx->_.file.decoderctx, ctx->_.file.file);
534 if (BIO_eof(ctx->_.file.file)
535 && ((err = ERR_peek_last_error()) != 0)
536 && ERR_GET_LIB(err) == ERR_LIB_OSSL_DECODER
537 && ERR_GET_REASON(err) == ERR_R_UNSUPPORTED)
538 ERR_pop_to_mark();
539 else
540 ERR_clear_last_mark();
541 return ret;
542 }
543
544 /*-
545 * Loading a name object from a directory
546 * --------------------------------------
547 */
548
file_name_to_uri(struct file_ctx_st * ctx,const char * name)549 static char *file_name_to_uri(struct file_ctx_st *ctx, const char *name)
550 {
551 char *data = NULL;
552
553 assert(name != NULL);
554 {
555 const char *pathsep = ossl_ends_with_dirsep(ctx->uri) ? "" : "/";
556 long calculated_length = strlen(ctx->uri) + strlen(pathsep)
557 + strlen(name) + 1 /* \0 */;
558
559 data = OPENSSL_zalloc(calculated_length);
560 if (data == NULL)
561 return NULL;
562
563 OPENSSL_strlcat(data, ctx->uri, calculated_length);
564 OPENSSL_strlcat(data, pathsep, calculated_length);
565 OPENSSL_strlcat(data, name, calculated_length);
566 }
567 return data;
568 }
569
file_name_check(struct file_ctx_st * ctx,const char * name)570 static int file_name_check(struct file_ctx_st *ctx, const char *name)
571 {
572 const char *p = NULL;
573 size_t len = strlen(ctx->_.dir.search_name);
574
575 /* If there are no search criteria, all names are accepted */
576 if (ctx->_.dir.search_name[0] == '\0')
577 return 1;
578
579 /* If the expected type isn't supported, no name is accepted */
580 if (ctx->expected_type != 0
581 && ctx->expected_type != OSSL_STORE_INFO_CERT
582 && ctx->expected_type != OSSL_STORE_INFO_CRL)
583 return 0;
584
585 /*
586 * First, check the basename
587 */
588 if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0
589 || name[len] != '.')
590 return 0;
591 p = &name[len + 1];
592
593 /*
594 * Then, if the expected type is a CRL, check that the extension starts
595 * with 'r'
596 */
597 if (*p == 'r') {
598 p++;
599 if (ctx->expected_type != 0
600 && ctx->expected_type != OSSL_STORE_INFO_CRL)
601 return 0;
602 } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) {
603 return 0;
604 }
605
606 /*
607 * Last, check that the rest of the extension is a decimal number, at
608 * least one digit long.
609 */
610 if (!isdigit((unsigned char)*p))
611 return 0;
612 while (isdigit((unsigned char)*p))
613 p++;
614
615 #ifdef __VMS
616 /*
617 * One extra step here, check for a possible generation number.
618 */
619 if (*p == ';')
620 for (p++; *p != '\0'; p++)
621 if (!ossl_isdigit((unsigned char)*p))
622 break;
623 #endif
624
625 /*
626 * If we've reached the end of the string at this point, we've successfully
627 * found a fitting file name.
628 */
629 return *p == '\0';
630 }
631
file_load_dir_entry(struct file_ctx_st * ctx,OSSL_CALLBACK * object_cb,void * object_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg)632 static int file_load_dir_entry(struct file_ctx_st *ctx,
633 OSSL_CALLBACK *object_cb, void *object_cbarg,
634 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
635 {
636 /* Prepare as much as possible in advance */
637 static const int object_type = OSSL_OBJECT_NAME;
638 OSSL_PARAM object[] = {
639 OSSL_PARAM_int(OSSL_OBJECT_PARAM_TYPE, (int *)&object_type),
640 OSSL_PARAM_utf8_string(OSSL_OBJECT_PARAM_DATA, NULL, 0),
641 OSSL_PARAM_END
642 };
643 char *newname = NULL;
644 int ok;
645
646 /* Loop until we get an error or until we have a suitable name */
647 do {
648 if (ctx->_.dir.last_entry == NULL) {
649 if (!ctx->_.dir.end_reached) {
650 assert(ctx->_.dir.last_errno != 0);
651 ERR_raise(ERR_LIB_SYS, ctx->_.dir.last_errno);
652 }
653 /* file_eof() will tell if EOF was reached */
654 return 0;
655 }
656
657 /* flag acceptable names */
658 if (ctx->_.dir.last_entry[0] != '.'
659 && file_name_check(ctx, ctx->_.dir.last_entry)) {
660
661 /* If we can't allocate the new name, we fail */
662 if ((newname =
663 file_name_to_uri(ctx, ctx->_.dir.last_entry)) == NULL)
664 return 0;
665 }
666
667 /*
668 * On the first call (with a NULL context), OPENSSL_DIR_read()
669 * cares about the second argument. On the following calls, it
670 * only cares that it isn't NULL. Therefore, we can safely give
671 * it our URI here.
672 */
673 ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, ctx->uri);
674 ctx->_.dir.last_errno = errno;
675 if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0)
676 ctx->_.dir.end_reached = 1;
677 } while (newname == NULL);
678
679 object[1].data = newname;
680 object[1].data_size = strlen(newname);
681 ok = object_cb(object, object_cbarg);
682 OPENSSL_free(newname);
683 return ok;
684 }
685
686 /*-
687 * Loading, local dispatcher
688 * -------------------------
689 */
690
file_load(void * loaderctx,OSSL_CALLBACK * object_cb,void * object_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg)691 static int file_load(void *loaderctx,
692 OSSL_CALLBACK *object_cb, void *object_cbarg,
693 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
694 {
695 struct file_ctx_st *ctx = loaderctx;
696
697 switch (ctx->type) {
698 case IS_FILE:
699 return file_load_file(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg);
700 case IS_DIR:
701 return
702 file_load_dir_entry(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg);
703 default:
704 break;
705 }
706
707 /* ctx->type has an unexpected value */
708 assert(0);
709 return 0;
710 }
711
712 /*-
713 * Eof detection and closing
714 * -------------------------
715 */
716
file_eof(void * loaderctx)717 static int file_eof(void *loaderctx)
718 {
719 struct file_ctx_st *ctx = loaderctx;
720
721 switch (ctx->type) {
722 case IS_DIR:
723 return ctx->_.dir.end_reached;
724 case IS_FILE:
725 /*
726 * BIO_pending() checks any filter BIO.
727 * BIO_eof() checks the source BIO.
728 */
729 return !BIO_pending(ctx->_.file.file)
730 && BIO_eof(ctx->_.file.file);
731 }
732
733 /* ctx->type has an unexpected value */
734 assert(0);
735 return 1;
736 }
737
file_close_dir(struct file_ctx_st * ctx)738 static int file_close_dir(struct file_ctx_st *ctx)
739 {
740 if (ctx->_.dir.ctx != NULL)
741 OPENSSL_DIR_end(&ctx->_.dir.ctx);
742 free_file_ctx(ctx);
743 return 1;
744 }
745
file_close_stream(struct file_ctx_st * ctx)746 static int file_close_stream(struct file_ctx_st *ctx)
747 {
748 /*
749 * This frees either the provider BIO filter (for file_attach()) OR
750 * the allocated file BIO (for file_open()).
751 */
752 BIO_free(ctx->_.file.file);
753 ctx->_.file.file = NULL;
754
755 free_file_ctx(ctx);
756 return 1;
757 }
758
file_close(void * loaderctx)759 static int file_close(void *loaderctx)
760 {
761 struct file_ctx_st *ctx = loaderctx;
762
763 switch (ctx->type) {
764 case IS_DIR:
765 return file_close_dir(ctx);
766 case IS_FILE:
767 return file_close_stream(ctx);
768 }
769
770 /* ctx->type has an unexpected value */
771 assert(0);
772 return 1;
773 }
774
775 const OSSL_DISPATCH ossl_file_store_functions[] = {
776 { OSSL_FUNC_STORE_OPEN, (void (*)(void))file_open },
777 { OSSL_FUNC_STORE_ATTACH, (void (*)(void))file_attach },
778 { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS,
779 (void (*)(void))file_settable_ctx_params },
780 { OSSL_FUNC_STORE_SET_CTX_PARAMS, (void (*)(void))file_set_ctx_params },
781 { OSSL_FUNC_STORE_LOAD, (void (*)(void))file_load },
782 { OSSL_FUNC_STORE_EOF, (void (*)(void))file_eof },
783 { OSSL_FUNC_STORE_CLOSE, (void (*)(void))file_close },
784 OSSL_DISPATCH_END,
785 };
786
