1 /*
2 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* This file has quite some overlap with engines/e_loader_attic.c */
11
12 #include <string.h>
13 #include <sys/stat.h>
14 #include <ctype.h> /* isdigit */
15 #include <assert.h>
16
17 #include <openssl/core_dispatch.h>
18 #include <openssl/core_names.h>
19 #include <openssl/core_object.h>
20 #include <openssl/bio.h>
21 #include <openssl/err.h>
22 #include <openssl/params.h>
23 #include <openssl/decoder.h>
24 #include <openssl/proverr.h>
25 #include <openssl/store.h> /* The OSSL_STORE_INFO type numbers */
26 #include "internal/cryptlib.h"
27 #include "internal/o_dir.h"
28 #include "crypto/decoder.h"
29 #include "crypto/ctype.h" /* ossl_isdigit() */
30 #include "prov/implementations.h"
31 #include "prov/bio.h"
32 #include "file_store_local.h"
33
34 DEFINE_STACK_OF(OSSL_STORE_INFO)
35
36 #ifdef _WIN32
37 # define stat _stat
38 #endif
39
40 #ifndef S_ISDIR
41 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
42 #endif
43
44 static OSSL_FUNC_store_open_fn file_open;
45 static OSSL_FUNC_store_attach_fn file_attach;
46 static OSSL_FUNC_store_settable_ctx_params_fn file_settable_ctx_params;
47 static OSSL_FUNC_store_set_ctx_params_fn file_set_ctx_params;
48 static OSSL_FUNC_store_load_fn file_load;
49 static OSSL_FUNC_store_eof_fn file_eof;
50 static OSSL_FUNC_store_close_fn file_close;
51
52 /*
53 * This implementation makes full use of OSSL_DECODER, and then some.
54 * It uses its own internal decoder implementation that reads DER and
55 * passes that on to the data callback; this decoder is created with
56 * internal OpenSSL functions, thereby bypassing the need for a surrounding
57 * provider. This is ok, since this is a local decoder, not meant for
58 * public consumption.
59 * Finally, it sets up its own construct and cleanup functions.
60 *
61 * Essentially, that makes this implementation a kind of glorified decoder.
62 */
63
64 struct file_ctx_st {
65 void *provctx;
66 char *uri; /* The URI we currently try to load */
67 enum {
68 IS_FILE = 0, /* Read file and pass results */
69 IS_DIR /* Pass directory entry names */
70 } type;
71
72 union {
73 /* Used with |IS_FILE| */
74 struct {
75 BIO *file;
76
77 OSSL_DECODER_CTX *decoderctx;
78 char *input_type;
79 char *propq; /* The properties we got as a parameter */
80 } file;
81
82 /* Used with |IS_DIR| */
83 struct {
84 OPENSSL_DIR_CTX *ctx;
85 int end_reached;
86
87 /*
88 * When a search expression is given, these are filled in.
89 * |search_name| contains the file basename to look for.
90 * The string is exactly 8 characters long.
91 */
92 char search_name[9];
93
94 /*
95 * The directory reading utility we have combines opening with
96 * reading the first name. To make sure we can detect the end
97 * at the right time, we read early and cache the name.
98 */
99 const char *last_entry;
100 int last_errno;
101 } dir;
102 } _;
103
104 /* Expected object type. May be unspecified */
105 int expected_type;
106 };
107
free_file_ctx(struct file_ctx_st * ctx)108 static void free_file_ctx(struct file_ctx_st *ctx)
109 {
110 if (ctx == NULL)
111 return;
112
113 OPENSSL_free(ctx->uri);
114 if (ctx->type != IS_DIR) {
115 OSSL_DECODER_CTX_free(ctx->_.file.decoderctx);
116 OPENSSL_free(ctx->_.file.propq);
117 OPENSSL_free(ctx->_.file.input_type);
118 }
119 OPENSSL_free(ctx);
120 }
121
new_file_ctx(int type,const char * uri,void * provctx)122 static struct file_ctx_st *new_file_ctx(int type, const char *uri,
123 void *provctx)
124 {
125 struct file_ctx_st *ctx = NULL;
126
127 if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) != NULL
128 && (uri == NULL || (ctx->uri = OPENSSL_strdup(uri)) != NULL)) {
129 ctx->type = type;
130 ctx->provctx = provctx;
131 return ctx;
132 }
133 free_file_ctx(ctx);
134 return NULL;
135 }
136
137 static OSSL_DECODER_CONSTRUCT file_load_construct;
138 static OSSL_DECODER_CLEANUP file_load_cleanup;
139
140 /*-
141 * Opening / attaching streams and directories
142 * -------------------------------------------
143 */
144
145 /*
146 * Function to service both file_open() and file_attach()
147 *
148 *
149 */
file_open_stream(BIO * source,const char * uri,void * provctx)150 static struct file_ctx_st *file_open_stream(BIO *source, const char *uri,
151 void *provctx)
152 {
153 struct file_ctx_st *ctx;
154
155 if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL) {
156 ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB);
157 goto err;
158 }
159
160 ctx->_.file.file = source;
161
162 return ctx;
163 err:
164 free_file_ctx(ctx);
165 return NULL;
166 }
167
file_open_dir(const char * path,const char * uri,void * provctx)168 static void *file_open_dir(const char *path, const char *uri, void *provctx)
169 {
170 struct file_ctx_st *ctx;
171
172 if ((ctx = new_file_ctx(IS_DIR, uri, provctx)) == NULL) {
173 ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB);
174 return NULL;
175 }
176
177 ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path);
178 ctx->_.dir.last_errno = errno;
179 if (ctx->_.dir.last_entry == NULL) {
180 if (ctx->_.dir.last_errno != 0) {
181 ERR_raise_data(ERR_LIB_SYS, ctx->_.dir.last_errno,
182 "Calling OPENSSL_DIR_read(\"%s\")", path);
183 goto err;
184 }
185 ctx->_.dir.end_reached = 1;
186 }
187 return ctx;
188 err:
189 file_close(ctx);
190 return NULL;
191 }
192
file_open(void * provctx,const char * uri)193 static void *file_open(void *provctx, const char *uri)
194 {
195 struct file_ctx_st *ctx = NULL;
196 struct stat st;
197 struct {
198 const char *path;
199 unsigned int check_absolute:1;
200 } path_data[2];
201 size_t path_data_n = 0, i;
202 const char *path, *p = uri, *q;
203 BIO *bio;
204
205 ERR_set_mark();
206
207 /*
208 * First step, just take the URI as is.
209 */
210 path_data[path_data_n].check_absolute = 0;
211 path_data[path_data_n++].path = uri;
212
213 /*
214 * Second step, if the URI appears to start with the "file" scheme,
215 * extract the path and make that the second path to check.
216 * There's a special case if the URI also contains an authority, then
217 * the full URI shouldn't be used as a path anywhere.
218 */
219 if (CHECK_AND_SKIP_CASE_PREFIX(p, "file:")) {
220 q = p;
221 if (CHECK_AND_SKIP_CASE_PREFIX(q, "//")) {
222 path_data_n--; /* Invalidate using the full URI */
223 if (CHECK_AND_SKIP_CASE_PREFIX(q, "localhost/")
224 || CHECK_AND_SKIP_CASE_PREFIX(q, "/")) {
225 p = q - 1;
226 } else {
227 ERR_clear_last_mark();
228 ERR_raise(ERR_LIB_PROV, PROV_R_URI_AUTHORITY_UNSUPPORTED);
229 return NULL;
230 }
231 }
232
233 path_data[path_data_n].check_absolute = 1;
234 #ifdef _WIN32
235 /* Windows "file:" URIs with a drive letter start with a '/' */
236 if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
237 char c = tolower(p[1]);
238
239 if (c >= 'a' && c <= 'z') {
240 p++;
241 /* We know it's absolute, so no need to check */
242 path_data[path_data_n].check_absolute = 0;
243 }
244 }
245 #endif
246 path_data[path_data_n++].path = p;
247 }
248
249
250 for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) {
251 /*
252 * If the scheme "file" was an explicit part of the URI, the path must
253 * be absolute. So says RFC 8089
254 */
255 if (path_data[i].check_absolute && path_data[i].path[0] != '/') {
256 ERR_clear_last_mark();
257 ERR_raise_data(ERR_LIB_PROV, PROV_R_PATH_MUST_BE_ABSOLUTE,
258 "Given path=%s", path_data[i].path);
259 return NULL;
260 }
261
262 if (stat(path_data[i].path, &st) < 0) {
263 ERR_raise_data(ERR_LIB_SYS, errno,
264 "calling stat(%s)",
265 path_data[i].path);
266 } else {
267 path = path_data[i].path;
268 }
269 }
270 if (path == NULL) {
271 ERR_clear_last_mark();
272 return NULL;
273 }
274
275 /* Successfully found a working path, clear possible collected errors */
276 ERR_pop_to_mark();
277
278 if (S_ISDIR(st.st_mode))
279 ctx = file_open_dir(path, uri, provctx);
280 else if ((bio = BIO_new_file(path, "rb")) == NULL
281 || (ctx = file_open_stream(bio, uri, provctx)) == NULL)
282 BIO_free_all(bio);
283
284 return ctx;
285 }
286
file_attach(void * provctx,OSSL_CORE_BIO * cin)287 void *file_attach(void *provctx, OSSL_CORE_BIO *cin)
288 {
289 struct file_ctx_st *ctx;
290 BIO *new_bio = ossl_bio_new_from_core_bio(provctx, cin);
291
292 if (new_bio == NULL)
293 return NULL;
294
295 ctx = file_open_stream(new_bio, NULL, provctx);
296 if (ctx == NULL)
297 BIO_free(new_bio);
298 return ctx;
299 }
300
301 /*-
302 * Setting parameters
303 * ------------------
304 */
305
file_settable_ctx_params(void * provctx)306 static const OSSL_PARAM *file_settable_ctx_params(void *provctx)
307 {
308 static const OSSL_PARAM known_settable_ctx_params[] = {
309 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES, NULL, 0),
310 OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT, NULL),
311 OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT, NULL, 0),
312 OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, NULL, 0),
313 OSSL_PARAM_END
314 };
315 return known_settable_ctx_params;
316 }
317
file_set_ctx_params(void * loaderctx,const OSSL_PARAM params[])318 static int file_set_ctx_params(void *loaderctx, const OSSL_PARAM params[])
319 {
320 struct file_ctx_st *ctx = loaderctx;
321 const OSSL_PARAM *p;
322
323 if (params == NULL)
324 return 1;
325
326 if (ctx->type != IS_DIR) {
327 /* these parameters are ignored for directories */
328 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
329 if (p != NULL) {
330 OPENSSL_free(ctx->_.file.propq);
331 ctx->_.file.propq = NULL;
332 if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
333 return 0;
334 }
335 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_INPUT_TYPE);
336 if (p != NULL) {
337 OPENSSL_free(ctx->_.file.input_type);
338 ctx->_.file.input_type = NULL;
339 if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.input_type, 0))
340 return 0;
341 }
342 }
343 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_EXPECT);
344 if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->expected_type))
345 return 0;
346 p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT);
347 if (p != NULL) {
348 const unsigned char *der = NULL;
349 size_t der_len = 0;
350 X509_NAME *x509_name;
351 unsigned long hash;
352 int ok;
353
354 if (ctx->type != IS_DIR) {
355 ERR_raise(ERR_LIB_PROV,
356 PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
357 return 0;
358 }
359
360 if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&der, &der_len)
361 || (x509_name = d2i_X509_NAME(NULL, &der, der_len)) == NULL)
362 return 0;
363 hash = X509_NAME_hash_ex(x509_name,
364 ossl_prov_ctx_get0_libctx(ctx->provctx), NULL,
365 &ok);
366 BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name),
367 "%08lx", hash);
368 X509_NAME_free(x509_name);
369 if (ok == 0)
370 return 0;
371 }
372 return 1;
373 }
374
375 /*-
376 * Loading an object from a stream
377 * -------------------------------
378 */
379
380 struct file_load_data_st {
381 OSSL_CALLBACK *object_cb;
382 void *object_cbarg;
383 };
384
file_load_construct(OSSL_DECODER_INSTANCE * decoder_inst,const OSSL_PARAM * params,void * construct_data)385 static int file_load_construct(OSSL_DECODER_INSTANCE *decoder_inst,
386 const OSSL_PARAM *params, void *construct_data)
387 {
388 struct file_load_data_st *data = construct_data;
389
390 /*
391 * At some point, we may find it justifiable to recognise PKCS#12 and
392 * handle it specially here, making |file_load()| return pass its
393 * contents one piece at ta time, like |e_loader_attic.c| does.
394 *
395 * However, that currently means parsing them out, which converts the
396 * DER encoded PKCS#12 into a bunch of EVP_PKEYs and X509s, just to
397 * have to re-encode them into DER to create an object abstraction for
398 * each of them.
399 * It's much simpler (less churn) to pass on the object abstraction we
400 * get to the load_result callback and leave it to that one to do the
401 * work. If that's libcrypto code, we know that it has much better
402 * possibilities to handle the EVP_PKEYs and X509s without the extra
403 * churn.
404 */
405
406 return data->object_cb(params, data->object_cbarg);
407 }
408
file_load_cleanup(void * construct_data)409 void file_load_cleanup(void *construct_data)
410 {
411 /* Nothing to do */
412 }
413
file_setup_decoders(struct file_ctx_st * ctx)414 static int file_setup_decoders(struct file_ctx_st *ctx)
415 {
416 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
417 const OSSL_ALGORITHM *to_algo = NULL;
418 int ok = 0;
419
420 /* Setup for this session, so only if not already done */
421 if (ctx->_.file.decoderctx == NULL) {
422 if ((ctx->_.file.decoderctx = OSSL_DECODER_CTX_new()) == NULL) {
423 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
424 goto err;
425 }
426
427 /* Make sure the input type is set */
428 if (!OSSL_DECODER_CTX_set_input_type(ctx->_.file.decoderctx,
429 ctx->_.file.input_type)) {
430 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
431 goto err;
432 }
433
434 /*
435 * Where applicable, set the outermost structure name.
436 * The goal is to avoid the STORE object types that are
437 * potentially password protected but aren't interesting
438 * for this load.
439 */
440 switch (ctx->expected_type) {
441 case OSSL_STORE_INFO_CERT:
442 if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
443 "Certificate")) {
444 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
445 goto err;
446 }
447 break;
448 case OSSL_STORE_INFO_CRL:
449 if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
450 "CertificateList")) {
451 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
452 goto err;
453 }
454 break;
455 default:
456 break;
457 }
458
459 for (to_algo = ossl_any_to_obj_algorithm;
460 to_algo->algorithm_names != NULL;
461 to_algo++) {
462 OSSL_DECODER *to_obj = NULL;
463 OSSL_DECODER_INSTANCE *to_obj_inst = NULL;
464
465 /*
466 * Create the internal last resort decoder implementation
467 * together with a "decoder instance".
468 * The decoder doesn't need any identification or to be
469 * attached to any provider, since it's only used locally.
470 */
471 to_obj = ossl_decoder_from_algorithm(0, to_algo, NULL);
472 if (to_obj != NULL)
473 to_obj_inst = ossl_decoder_instance_new(to_obj, ctx->provctx);
474 OSSL_DECODER_free(to_obj);
475 if (to_obj_inst == NULL)
476 goto err;
477
478 if (!ossl_decoder_ctx_add_decoder_inst(ctx->_.file.decoderctx,
479 to_obj_inst)) {
480 ossl_decoder_instance_free(to_obj_inst);
481 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
482 goto err;
483 }
484 }
485 /* Add on the usual extra decoders */
486 if (!OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx,
487 libctx, ctx->_.file.propq)) {
488 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
489 goto err;
490 }
491
492 /*
493 * Then install our constructor hooks, which just passes decoded
494 * data to the load callback
495 */
496 if (!OSSL_DECODER_CTX_set_construct(ctx->_.file.decoderctx,
497 file_load_construct)
498 || !OSSL_DECODER_CTX_set_cleanup(ctx->_.file.decoderctx,
499 file_load_cleanup)) {
500 ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
501 goto err;
502 }
503 }
504
505 ok = 1;
506 err:
507 return ok;
508 }
509
file_load_file(struct file_ctx_st * ctx,OSSL_CALLBACK * object_cb,void * object_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg)510 static int file_load_file(struct file_ctx_st *ctx,
511 OSSL_CALLBACK *object_cb, void *object_cbarg,
512 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
513 {
514 struct file_load_data_st data;
515 int ret, err;
516
517 /* Setup the decoders (one time shot per session */
518
519 if (!file_setup_decoders(ctx))
520 return 0;
521
522 /* Setup for this object */
523
524 data.object_cb = object_cb;
525 data.object_cbarg = object_cbarg;
526 OSSL_DECODER_CTX_set_construct_data(ctx->_.file.decoderctx, &data);
527 OSSL_DECODER_CTX_set_passphrase_cb(ctx->_.file.decoderctx, pw_cb, pw_cbarg);
528
529 /* Launch */
530
531 ERR_set_mark();
532 ret = OSSL_DECODER_from_bio(ctx->_.file.decoderctx, ctx->_.file.file);
533 if (BIO_eof(ctx->_.file.file)
534 && ((err = ERR_peek_last_error()) != 0)
535 && ERR_GET_LIB(err) == ERR_LIB_OSSL_DECODER
536 && ERR_GET_REASON(err) == ERR_R_UNSUPPORTED)
537 ERR_pop_to_mark();
538 else
539 ERR_clear_last_mark();
540 return ret;
541 }
542
543 /*-
544 * Loading a name object from a directory
545 * --------------------------------------
546 */
547
file_name_to_uri(struct file_ctx_st * ctx,const char * name)548 static char *file_name_to_uri(struct file_ctx_st *ctx, const char *name)
549 {
550 char *data = NULL;
551
552 assert(name != NULL);
553 {
554 const char *pathsep = ossl_ends_with_dirsep(ctx->uri) ? "" : "/";
555 long calculated_length = strlen(ctx->uri) + strlen(pathsep)
556 + strlen(name) + 1 /* \0 */;
557
558 data = OPENSSL_zalloc(calculated_length);
559 if (data == NULL)
560 return NULL;
561
562 OPENSSL_strlcat(data, ctx->uri, calculated_length);
563 OPENSSL_strlcat(data, pathsep, calculated_length);
564 OPENSSL_strlcat(data, name, calculated_length);
565 }
566 return data;
567 }
568
file_name_check(struct file_ctx_st * ctx,const char * name)569 static int file_name_check(struct file_ctx_st *ctx, const char *name)
570 {
571 const char *p = NULL;
572 size_t len = strlen(ctx->_.dir.search_name);
573
574 /* If there are no search criteria, all names are accepted */
575 if (ctx->_.dir.search_name[0] == '\0')
576 return 1;
577
578 /* If the expected type isn't supported, no name is accepted */
579 if (ctx->expected_type != 0
580 && ctx->expected_type != OSSL_STORE_INFO_CERT
581 && ctx->expected_type != OSSL_STORE_INFO_CRL)
582 return 0;
583
584 /*
585 * First, check the basename
586 */
587 if (OPENSSL_strncasecmp(name, ctx->_.dir.search_name, len) != 0
588 || name[len] != '.')
589 return 0;
590 p = &name[len + 1];
591
592 /*
593 * Then, if the expected type is a CRL, check that the extension starts
594 * with 'r'
595 */
596 if (*p == 'r') {
597 p++;
598 if (ctx->expected_type != 0
599 && ctx->expected_type != OSSL_STORE_INFO_CRL)
600 return 0;
601 } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) {
602 return 0;
603 }
604
605 /*
606 * Last, check that the rest of the extension is a decimal number, at
607 * least one digit long.
608 */
609 if (!isdigit((unsigned char)*p))
610 return 0;
611 while (isdigit((unsigned char)*p))
612 p++;
613
614 #ifdef __VMS
615 /*
616 * One extra step here, check for a possible generation number.
617 */
618 if (*p == ';')
619 for (p++; *p != '\0'; p++)
620 if (!ossl_isdigit((unsigned char)*p))
621 break;
622 #endif
623
624 /*
625 * If we've reached the end of the string at this point, we've successfully
626 * found a fitting file name.
627 */
628 return *p == '\0';
629 }
630
file_load_dir_entry(struct file_ctx_st * ctx,OSSL_CALLBACK * object_cb,void * object_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg)631 static int file_load_dir_entry(struct file_ctx_st *ctx,
632 OSSL_CALLBACK *object_cb, void *object_cbarg,
633 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
634 {
635 /* Prepare as much as possible in advance */
636 static const int object_type = OSSL_OBJECT_NAME;
637 OSSL_PARAM object[] = {
638 OSSL_PARAM_int(OSSL_OBJECT_PARAM_TYPE, (int *)&object_type),
639 OSSL_PARAM_utf8_string(OSSL_OBJECT_PARAM_DATA, NULL, 0),
640 OSSL_PARAM_END
641 };
642 char *newname = NULL;
643 int ok;
644
645 /* Loop until we get an error or until we have a suitable name */
646 do {
647 if (ctx->_.dir.last_entry == NULL) {
648 if (!ctx->_.dir.end_reached) {
649 assert(ctx->_.dir.last_errno != 0);
650 ERR_raise(ERR_LIB_SYS, ctx->_.dir.last_errno);
651 }
652 /* file_eof() will tell if EOF was reached */
653 return 0;
654 }
655
656 /* flag acceptable names */
657 if (ctx->_.dir.last_entry[0] != '.'
658 && file_name_check(ctx, ctx->_.dir.last_entry)) {
659
660 /* If we can't allocate the new name, we fail */
661 if ((newname =
662 file_name_to_uri(ctx, ctx->_.dir.last_entry)) == NULL)
663 return 0;
664 }
665
666 /*
667 * On the first call (with a NULL context), OPENSSL_DIR_read()
668 * cares about the second argument. On the following calls, it
669 * only cares that it isn't NULL. Therefore, we can safely give
670 * it our URI here.
671 */
672 ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, ctx->uri);
673 ctx->_.dir.last_errno = errno;
674 if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0)
675 ctx->_.dir.end_reached = 1;
676 } while (newname == NULL);
677
678 object[1].data = newname;
679 object[1].data_size = strlen(newname);
680 ok = object_cb(object, object_cbarg);
681 OPENSSL_free(newname);
682 return ok;
683 }
684
685 /*-
686 * Loading, local dispatcher
687 * -------------------------
688 */
689
file_load(void * loaderctx,OSSL_CALLBACK * object_cb,void * object_cbarg,OSSL_PASSPHRASE_CALLBACK * pw_cb,void * pw_cbarg)690 static int file_load(void *loaderctx,
691 OSSL_CALLBACK *object_cb, void *object_cbarg,
692 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
693 {
694 struct file_ctx_st *ctx = loaderctx;
695
696 switch (ctx->type) {
697 case IS_FILE:
698 return file_load_file(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg);
699 case IS_DIR:
700 return
701 file_load_dir_entry(ctx, object_cb, object_cbarg, pw_cb, pw_cbarg);
702 default:
703 break;
704 }
705
706 /* ctx->type has an unexpected value */
707 assert(0);
708 return 0;
709 }
710
711 /*-
712 * Eof detection and closing
713 * -------------------------
714 */
715
file_eof(void * loaderctx)716 static int file_eof(void *loaderctx)
717 {
718 struct file_ctx_st *ctx = loaderctx;
719
720 switch (ctx->type) {
721 case IS_DIR:
722 return ctx->_.dir.end_reached;
723 case IS_FILE:
724 /*
725 * BIO_pending() checks any filter BIO.
726 * BIO_eof() checks the source BIO.
727 */
728 return !BIO_pending(ctx->_.file.file)
729 && BIO_eof(ctx->_.file.file);
730 }
731
732 /* ctx->type has an unexpected value */
733 assert(0);
734 return 1;
735 }
736
file_close_dir(struct file_ctx_st * ctx)737 static int file_close_dir(struct file_ctx_st *ctx)
738 {
739 if (ctx->_.dir.ctx != NULL)
740 OPENSSL_DIR_end(&ctx->_.dir.ctx);
741 free_file_ctx(ctx);
742 return 1;
743 }
744
file_close_stream(struct file_ctx_st * ctx)745 static int file_close_stream(struct file_ctx_st *ctx)
746 {
747 /*
748 * This frees either the provider BIO filter (for file_attach()) OR
749 * the allocated file BIO (for file_open()).
750 */
751 BIO_free(ctx->_.file.file);
752 ctx->_.file.file = NULL;
753
754 free_file_ctx(ctx);
755 return 1;
756 }
757
file_close(void * loaderctx)758 static int file_close(void *loaderctx)
759 {
760 struct file_ctx_st *ctx = loaderctx;
761
762 switch (ctx->type) {
763 case IS_DIR:
764 return file_close_dir(ctx);
765 case IS_FILE:
766 return file_close_stream(ctx);
767 }
768
769 /* ctx->type has an unexpected value */
770 assert(0);
771 return 1;
772 }
773
774 const OSSL_DISPATCH ossl_file_store_functions[] = {
775 { OSSL_FUNC_STORE_OPEN, (void (*)(void))file_open },
776 { OSSL_FUNC_STORE_ATTACH, (void (*)(void))file_attach },
777 { OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS,
778 (void (*)(void))file_settable_ctx_params },
779 { OSSL_FUNC_STORE_SET_CTX_PARAMS, (void (*)(void))file_set_ctx_params },
780 { OSSL_FUNC_STORE_LOAD, (void (*)(void))file_load },
781 { OSSL_FUNC_STORE_EOF, (void (*)(void))file_eof },
782 { OSSL_FUNC_STORE_CLOSE, (void (*)(void))file_close },
783 OSSL_DISPATCH_END,
784 };
785