1 /* 2 * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * Here is an STORE loader for ENGINE backed keys. It relies on deprecated 12 * functions, and therefore need to have deprecation warnings suppressed. 13 * This file is not compiled at all in a '--api=3 no-deprecated' configuration. 14 */ 15 #define OPENSSL_SUPPRESS_DEPRECATED 16 17 #include "internal/e_os.h" 18 #include "apps.h" 19 20 #ifndef OPENSSL_NO_ENGINE 21 22 #include <stdarg.h> 23 #include <string.h> 24 #include <openssl/engine.h> 25 #include <openssl/store.h> 26 27 /* 28 * Support for legacy private engine keys via the 'org.openssl.engine:' scheme 29 * 30 * org.openssl.engine:{engineid}:{keyid} 31 * 32 * Note: we ONLY support ENGINE_load_private_key() and ENGINE_load_public_key() 33 * Note 2: This scheme has a precedent in code in PKIX-SSH. for exactly 34 * this sort of purpose. 35 */ 36 37 /* Local definition of OSSL_STORE_LOADER_CTX */ 38 struct ossl_store_loader_ctx_st { 39 ENGINE *e; /* Structural reference */ 40 char *keyid; 41 int expected; 42 int loaded; /* 0 = key not loaded yet, 1 = key loaded */ 43 }; 44 45 static OSSL_STORE_LOADER_CTX *OSSL_STORE_LOADER_CTX_new(ENGINE *e, char *keyid) 46 { 47 OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); 48 49 if (ctx != NULL) { 50 ctx->e = e; 51 ctx->keyid = keyid; 52 } 53 return ctx; 54 } 55 56 static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx) 57 { 58 if (ctx != NULL) { 59 ENGINE_free(ctx->e); 60 OPENSSL_free(ctx->keyid); 61 OPENSSL_free(ctx); 62 } 63 } 64 65 static OSSL_STORE_LOADER_CTX *engine_open(const OSSL_STORE_LOADER *loader, 66 const char *uri, 67 const UI_METHOD *ui_method, 68 void *ui_data) 69 { 70 const char *p = uri, *q; 71 ENGINE *e = NULL; 72 char *keyid = NULL; 73 OSSL_STORE_LOADER_CTX *ctx = NULL; 74 75 if (!CHECK_AND_SKIP_CASE_PREFIX(p, ENGINE_SCHEME_COLON)) 76 return NULL; 77 78 /* Look for engine ID */ 79 q = strchr(p, ':'); 80 if (q != NULL /* There is both an engine ID and a key ID */ 81 && p[0] != ':' /* The engine ID is at least one character */ 82 && q[1] != '\0') { /* The key ID is at least one character */ 83 char engineid[256]; 84 size_t engineid_l = q - p; 85 86 strncpy(engineid, p, engineid_l); 87 engineid[engineid_l] = '\0'; 88 e = ENGINE_by_id(engineid); 89 90 keyid = OPENSSL_strdup(q + 1); 91 } 92 93 if (e != NULL && keyid != NULL) 94 ctx = OSSL_STORE_LOADER_CTX_new(e, keyid); 95 96 if (ctx == NULL) { 97 OPENSSL_free(keyid); 98 ENGINE_free(e); 99 } 100 101 return ctx; 102 } 103 104 static int engine_expect(OSSL_STORE_LOADER_CTX *ctx, int expected) 105 { 106 if (expected == 0 107 || expected == OSSL_STORE_INFO_PUBKEY 108 || expected == OSSL_STORE_INFO_PKEY) { 109 ctx->expected = expected; 110 return 1; 111 } 112 return 0; 113 } 114 115 static OSSL_STORE_INFO *engine_load(OSSL_STORE_LOADER_CTX *ctx, 116 const UI_METHOD *ui_method, void *ui_data) 117 { 118 EVP_PKEY *pkey = NULL, *pubkey = NULL; 119 OSSL_STORE_INFO *info = NULL; 120 121 if (ctx->loaded == 0) { 122 if (ENGINE_init(ctx->e)) { 123 if (ctx->expected == 0 124 || ctx->expected == OSSL_STORE_INFO_PKEY) 125 pkey = ENGINE_load_private_key(ctx->e, ctx->keyid, 126 (UI_METHOD *)ui_method, ui_data); 127 if ((pkey == NULL && ctx->expected == 0) 128 || ctx->expected == OSSL_STORE_INFO_PUBKEY) 129 pubkey = ENGINE_load_public_key(ctx->e, ctx->keyid, 130 (UI_METHOD *)ui_method, ui_data); 131 ENGINE_finish(ctx->e); 132 } 133 } 134 135 ctx->loaded = 1; 136 137 if (pubkey != NULL) 138 info = OSSL_STORE_INFO_new_PUBKEY(pubkey); 139 else if (pkey != NULL) 140 info = OSSL_STORE_INFO_new_PKEY(pkey); 141 if (info == NULL) { 142 EVP_PKEY_free(pkey); 143 EVP_PKEY_free(pubkey); 144 } 145 return info; 146 } 147 148 static int engine_eof(OSSL_STORE_LOADER_CTX *ctx) 149 { 150 return ctx->loaded != 0; 151 } 152 153 static int engine_error(OSSL_STORE_LOADER_CTX *ctx) 154 { 155 return 0; 156 } 157 158 static int engine_close(OSSL_STORE_LOADER_CTX *ctx) 159 { 160 OSSL_STORE_LOADER_CTX_free(ctx); 161 return 1; 162 } 163 164 int setup_engine_loader(void) 165 { 166 OSSL_STORE_LOADER *loader = NULL; 167 168 if ((loader = OSSL_STORE_LOADER_new(NULL, ENGINE_SCHEME)) == NULL 169 || !OSSL_STORE_LOADER_set_open(loader, engine_open) 170 || !OSSL_STORE_LOADER_set_expect(loader, engine_expect) 171 || !OSSL_STORE_LOADER_set_load(loader, engine_load) 172 || !OSSL_STORE_LOADER_set_eof(loader, engine_eof) 173 || !OSSL_STORE_LOADER_set_error(loader, engine_error) 174 || !OSSL_STORE_LOADER_set_close(loader, engine_close) 175 || !OSSL_STORE_register_loader(loader)) { 176 OSSL_STORE_LOADER_free(loader); 177 loader = NULL; 178 } 179 180 return loader != NULL; 181 } 182 183 void destroy_engine_loader(void) 184 { 185 OSSL_STORE_LOADER *loader = OSSL_STORE_unregister_loader(ENGINE_SCHEME); 186 OSSL_STORE_LOADER_free(loader); 187 } 188 189 #else /* !OPENSSL_NO_ENGINE */ 190 191 int setup_engine_loader(void) 192 { 193 return 0; 194 } 195 196 void destroy_engine_loader(void) 197 { 198 } 199 200 #endif 201
Indexes created Sat Feb 28 05:31:39 UTC 2026