diff options
| author |   Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com> | 2023-10-10 14:33:42 +0000 |
|---|---|---|
| committer | Angelos Mouzakitis <a.mouzakitis@virtualopensystems.com> | 2023-10-10 14:33:42 +0000 |
| commit | af1a266670d040d2f4083ff309d732d648afba2a (patch) | |
| tree | 2fc46203448ddcc6f81546d379abfaeb323575e9 /roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store | |
| parent | e02cda008591317b1625707ff8e115a4841aa889 (diff) | |
Change-Id: Iaf8d18082d3991dec7c0ebbea540f092188eb4ec
Diffstat (limited to 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store')
8 files changed, 2761 insertions, 0 deletions
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/build.info b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/build.info new file mode 100644 index 000000000..7d882f313 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/build.info @@ -0,0 +1,4 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=\ + store_err.c store_init.c store_lib.c store_register.c store_strings.c \ + loader_file.c diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/loader_file.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/loader_file.c new file mode 100644 index 000000000..8f1d20e74 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/loader_file.c @@ -0,0 +1,1440 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "e_os.h" +#include <string.h> +#include <sys/stat.h> +#include <ctype.h> +#include <assert.h> + +#include <openssl/bio.h> +#include <openssl/dsa.h> /* For d2i_DSAPrivateKey */ +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/pem.h> +#include <openssl/pkcs12.h> /* For the PKCS8 stuff o.O */ +#include <openssl/rsa.h> /* For d2i_RSAPrivateKey */ +#include <openssl/safestack.h> +#include <openssl/store.h> +#include <openssl/ui.h> +#include <openssl/x509.h> /* For the PKCS8 stuff o.O */ +#include "crypto/asn1.h" +#include "crypto/ctype.h" +#include "internal/o_dir.h" +#include "internal/cryptlib.h" +#include "crypto/store.h" +#include "store_local.h" + +#ifdef _WIN32 +# define stat _stat +#endif + +#ifndef S_ISDIR +# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#endif + +/*- + * Password prompting + * ------------------ + */ + +static char *file_get_pass(const UI_METHOD *ui_method, char *pass, + size_t maxsize, const char *prompt_info, void *data) +{ + UI *ui = UI_new(); + char *prompt = NULL; + + if (ui == NULL) { + OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (ui_method != NULL) + UI_set_method(ui, ui_method); + UI_add_user_data(ui, data); + + if ((prompt = UI_construct_prompt(ui, "pass phrase", + prompt_info)) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); + pass = NULL; + } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, + pass, 0, maxsize - 1)) { + OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); + pass = NULL; + } else { + switch (UI_process(ui)) { + case -2: + OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, + OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED); + pass = NULL; + break; + case -1: + OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); + pass = NULL; + break; + default: + break; + } + } + + OPENSSL_free(prompt); + UI_free(ui); + return pass; +} + +struct pem_pass_data { + const UI_METHOD *ui_method; + void *data; + const char *prompt_info; +}; + +static int file_fill_pem_pass_data(struct pem_pass_data *pass_data, + const char *prompt_info, + const UI_METHOD *ui_method, void *ui_data) +{ + if (pass_data == NULL) + return 0; + pass_data->ui_method = ui_method; + pass_data->data = ui_data; + pass_data->prompt_info = prompt_info; + return 1; +} + +/* This is used anywhere a pem_password_cb is needed */ +static int file_get_pem_pass(char *buf, int num, int w, void *data) +{ + struct pem_pass_data *pass_data = data; + char *pass = file_get_pass(pass_data->ui_method, buf, num, + pass_data->prompt_info, pass_data->data); + + return pass == NULL ? 0 : strlen(pass); +} + +/*- + * The file scheme decoders + * ------------------------ + * + * Each possible data type has its own decoder, which either operates + * through a given PEM name, or attempts to decode to see if the blob + * it's given is decodable for its data type. The assumption is that + * only the correct data type will match the content. + */ + +/*- + * The try_decode function is called to check if the blob of data can + * be used by this handler, and if it can, decodes it into a supported + * OpenSSL type and returns a OSSL_STORE_INFO with the decoded data. + * Input: + * pem_name: If this blob comes from a PEM file, this holds + * the PEM name. If it comes from another type of + * file, this is NULL. + * pem_header: If this blob comes from a PEM file, this holds + * the PEM headers. If it comes from another type of + * file, this is NULL. + * blob: The blob of data to match with what this handler + * can use. + * len: The length of the blob. + * handler_ctx: For a handler marked repeatable, this pointer can + * be used to create a context for the handler. IT IS + * THE HANDLER'S RESPONSIBILITY TO CREATE AND DESTROY + * THIS CONTEXT APPROPRIATELY, i.e. create on first call + * and destroy when about to return NULL. + * matchcount: A pointer to an int to count matches for this data. + * Usually becomes 0 (no match) or 1 (match!), but may + * be higher in the (unlikely) event that the data matches + * more than one possibility. The int will always be + * zero when the function is called. + * ui_method: Application UI method for getting a password, pin + * or any other interactive data. + * ui_data: Application data to be passed to ui_method when + * it's called. + * Output: + * a OSSL_STORE_INFO + */ +typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **handler_ctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data); +/* + * The eof function should return 1 if there's no more data to be found + * with the handler_ctx, otherwise 0. This is only used when the handler is + * marked repeatable. + */ +typedef int (*file_eof_fn)(void *handler_ctx); +/* + * The destroy_ctx function is used to destroy the handler_ctx that was + * initiated by a repeatable try_decode function. This is only used when + * the handler is marked repeatable. + */ +typedef void (*file_destroy_ctx_fn)(void **handler_ctx); + +typedef struct file_handler_st { + const char *name; + file_try_decode_fn try_decode; + file_eof_fn eof; + file_destroy_ctx_fn destroy_ctx; + + /* flags */ + int repeatable; +} FILE_HANDLER; + +/* + * PKCS#12 decoder. It operates by decoding all of the blob content, + * extracting all the interesting data from it and storing them internally, + * then serving them one piece at a time. + */ +static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; + + if (ctx == NULL) { + /* Initial parsing */ + PKCS12 *p12; + int ok = 0; + + if (pem_name != NULL) + /* No match, there is no PEM PKCS12 tag */ + return NULL; + + if ((p12 = d2i_PKCS12(NULL, &blob, len)) != NULL) { + char *pass = NULL; + char tpass[PEM_BUFSIZE]; + EVP_PKEY *pkey = NULL; + X509 *cert = NULL; + STACK_OF(X509) *chain = NULL; + + *matchcount = 1; + + if (PKCS12_verify_mac(p12, "", 0) + || PKCS12_verify_mac(p12, NULL, 0)) { + pass = ""; + } else { + if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE, + "PKCS12 import password", + ui_data)) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, + OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); + goto p12_end; + } + if (!PKCS12_verify_mac(p12, pass, strlen(pass))) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12, + OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC); + goto p12_end; + } + } + + if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) { + OSSL_STORE_INFO *osi_pkey = NULL; + OSSL_STORE_INFO *osi_cert = NULL; + OSSL_STORE_INFO *osi_ca = NULL; + + if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL + && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL + && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0 + && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL + && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) { + ok = 1; + osi_pkey = NULL; + osi_cert = NULL; + + while(sk_X509_num(chain) > 0) { + X509 *ca = sk_X509_value(chain, 0); + + if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL + || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) { + ok = 0; + break; + } + osi_ca = NULL; + (void)sk_X509_shift(chain); + } + } + if (!ok) { + OSSL_STORE_INFO_free(osi_ca); + OSSL_STORE_INFO_free(osi_cert); + OSSL_STORE_INFO_free(osi_pkey); + sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); + EVP_PKEY_free(pkey); + X509_free(cert); + sk_X509_pop_free(chain, X509_free); + ctx = NULL; + } + *pctx = ctx; + } + } + p12_end: + PKCS12_free(p12); + if (!ok) + return NULL; + } + + if (ctx != NULL) { + *matchcount = 1; + store_info = sk_OSSL_STORE_INFO_shift(ctx); + } + + return store_info; +} + +static int eof_PKCS12(void *ctx_) +{ + STACK_OF(OSSL_STORE_INFO) *ctx = ctx_; + + return ctx == NULL || sk_OSSL_STORE_INFO_num(ctx) == 0; +} + +static void destroy_ctx_PKCS12(void **pctx) +{ + STACK_OF(OSSL_STORE_INFO) *ctx = *pctx; + + sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); + *pctx = NULL; +} + +static FILE_HANDLER PKCS12_handler = { + "PKCS12", + try_decode_PKCS12, + eof_PKCS12, + destroy_ctx_PKCS12, + 1 /* repeatable */ +}; + +/* + * Encrypted PKCS#8 decoder. It operates by just decrypting the given blob + * into a new blob, which is returned as an EMBEDDED STORE_INFO. The whole + * decoding process will then start over with the new blob. + */ +static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + X509_SIG *p8 = NULL; + char kbuf[PEM_BUFSIZE]; + char *pass = NULL; + const X509_ALGOR *dalg = NULL; + const ASN1_OCTET_STRING *doct = NULL; + OSSL_STORE_INFO *store_info = NULL; + BUF_MEM *mem = NULL; + unsigned char *new_data = NULL; + int new_data_len; + + if (pem_name != NULL) { + if (strcmp(pem_name, PEM_STRING_PKCS8) != 0) + return NULL; + *matchcount = 1; + } + + if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL) + return NULL; + + *matchcount = 1; + + if ((mem = BUF_MEM_new()) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, + ERR_R_MALLOC_FAILURE); + goto nop8; + } + + if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE, + "PKCS8 decrypt password", ui_data)) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, + OSSL_STORE_R_BAD_PASSWORD_READ); + goto nop8; + } + + X509_SIG_get0(p8, &dalg, &doct); + if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length, + &new_data, &new_data_len, 0)) + goto nop8; + + mem->data = (char *)new_data; + mem->max = mem->length = (size_t)new_data_len; + X509_SIG_free(p8); + + store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem); + if (store_info == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, + ERR_R_MALLOC_FAILURE); + goto nop8; + } + + return store_info; + nop8: + X509_SIG_free(p8); + BUF_MEM_free(mem); + return NULL; +} + +static FILE_HANDLER PKCS8Encrypted_handler = { + "PKCS8Encrypted", + try_decode_PKCS8Encrypted +}; + +/* + * Private key decoder. Decodes all sorts of private keys, both PKCS#8 + * encoded ones and old style PEM ones (with the key type is encoded into + * the PEM name). + */ +int pem_check_suffix(const char *pem_str, const char *suffix); +static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + EVP_PKEY *pkey = NULL; + const EVP_PKEY_ASN1_METHOD *ameth = NULL; + + if (pem_name != NULL) { + if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) { + PKCS8_PRIV_KEY_INFO *p8inf = + d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len); + + *matchcount = 1; + if (p8inf != NULL) + pkey = EVP_PKCS82PKEY(p8inf); + PKCS8_PRIV_KEY_INFO_free(p8inf); + } else { + int slen; + + if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0 + && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name, + slen)) != NULL) { + *matchcount = 1; + pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len); + } + } + } else { + int i; + + for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { + EVP_PKEY *tmp_pkey = NULL; + const unsigned char *tmp_blob = blob; + + ameth = EVP_PKEY_asn1_get0(i); + if (ameth->pkey_flags & ASN1_PKEY_ALIAS) + continue; + + tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len); + if (tmp_pkey != NULL) { + if (pkey != NULL) + EVP_PKEY_free(tmp_pkey); + else + pkey = tmp_pkey; + (*matchcount)++; + } + } + + if (*matchcount > 1) { + EVP_PKEY_free(pkey); + pkey = NULL; + } + } + if (pkey == NULL) + /* No match */ + return NULL; + + store_info = OSSL_STORE_INFO_new_PKEY(pkey); + if (store_info == NULL) + EVP_PKEY_free(pkey); + + return store_info; +} + +static FILE_HANDLER PrivateKey_handler = { + "PrivateKey", + try_decode_PrivateKey +}; + +/* + * Public key decoder. Only supports SubjectPublicKeyInfo formatted keys. + */ +static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + EVP_PKEY *pkey = NULL; + + if (pem_name != NULL) { + if (strcmp(pem_name, PEM_STRING_PUBLIC) != 0) + /* No match */ + return NULL; + *matchcount = 1; + } + + if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) { + *matchcount = 1; + store_info = OSSL_STORE_INFO_new_PKEY(pkey); + } + + return store_info; +} + +static FILE_HANDLER PUBKEY_handler = { + "PUBKEY", + try_decode_PUBKEY +}; + +/* + * Key parameter decoder. + */ +static OSSL_STORE_INFO *try_decode_params(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + int slen = 0; + EVP_PKEY *pkey = NULL; + const EVP_PKEY_ASN1_METHOD *ameth = NULL; + int ok = 0; + + if (pem_name != NULL) { + if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0) + return NULL; + *matchcount = 1; + } + + if (slen > 0) { + if ((pkey = EVP_PKEY_new()) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); + return NULL; + } + + + if (EVP_PKEY_set_type_str(pkey, pem_name, slen) + && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL + && ameth->param_decode != NULL + && ameth->param_decode(pkey, &blob, len)) + ok = 1; + } else { + int i; + EVP_PKEY *tmp_pkey = NULL; + + for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { + const unsigned char *tmp_blob = blob; + + if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB); + break; + } + + ameth = EVP_PKEY_asn1_get0(i); + if (ameth->pkey_flags & ASN1_PKEY_ALIAS) + continue; + + if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id) + && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL + && ameth->param_decode != NULL + && ameth->param_decode(tmp_pkey, &tmp_blob, len)) { + if (pkey != NULL) + EVP_PKEY_free(tmp_pkey); + else + pkey = tmp_pkey; + tmp_pkey = NULL; + (*matchcount)++; + } + } + + EVP_PKEY_free(tmp_pkey); + if (*matchcount == 1) { + ok = 1; + } + } + + if (ok) + store_info = OSSL_STORE_INFO_new_PARAMS(pkey); + if (store_info == NULL) + EVP_PKEY_free(pkey); + + return store_info; +} + +static FILE_HANDLER params_handler = { + "params", + try_decode_params +}; + +/* + * X.509 certificate decoder. + */ +static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + X509 *cert = NULL; + + /* + * In most cases, we can try to interpret the serialized data as a trusted + * cert (X509 + X509_AUX) and fall back to reading it as a normal cert + * (just X509), but if the PEM name specifically declares it as a trusted + * cert, then no fallback should be engaged. |ignore_trusted| tells if + * the fallback can be used (1) or not (0). + */ + int ignore_trusted = 1; + + if (pem_name != NULL) { + if (strcmp(pem_name, PEM_STRING_X509_TRUSTED) == 0) + ignore_trusted = 0; + else if (strcmp(pem_name, PEM_STRING_X509_OLD) != 0 + && strcmp(pem_name, PEM_STRING_X509) != 0) + /* No match */ + return NULL; + *matchcount = 1; + } + + if ((cert = d2i_X509_AUX(NULL, &blob, len)) != NULL + || (ignore_trusted && (cert = d2i_X509(NULL, &blob, len)) != NULL)) { + *matchcount = 1; + store_info = OSSL_STORE_INFO_new_CERT(cert); + } + + if (store_info == NULL) + X509_free(cert); + + return store_info; +} + +static FILE_HANDLER X509Certificate_handler = { + "X509Certificate", + try_decode_X509Certificate +}; + +/* + * X.509 CRL decoder. + */ +static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name, + const char *pem_header, + const unsigned char *blob, + size_t len, void **pctx, + int *matchcount, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *store_info = NULL; + X509_CRL *crl = NULL; + + if (pem_name != NULL) { + if (strcmp(pem_name, PEM_STRING_X509_CRL) != 0) + /* No match */ + return NULL; + *matchcount = 1; + } + + if ((crl = d2i_X509_CRL(NULL, &blob, len)) != NULL) { + *matchcount = 1; + store_info = OSSL_STORE_INFO_new_CRL(crl); + } + + if (store_info == NULL) + X509_CRL_free(crl); + + return store_info; +} + +static FILE_HANDLER X509CRL_handler = { + "X509CRL", + try_decode_X509CRL +}; + +/* + * To finish it all off, we collect all the handlers. + */ +static const FILE_HANDLER *file_handlers[] = { + &PKCS12_handler, + &PKCS8Encrypted_handler, + &X509Certificate_handler, + &X509CRL_handler, + ¶ms_handler, + &PUBKEY_handler, + &PrivateKey_handler, +}; + + +/*- + * The loader itself + * ----------------- + */ + +struct ossl_store_loader_ctx_st { + enum { + is_raw = 0, + is_pem, + is_dir + } type; + int errcnt; +#define FILE_FLAG_SECMEM (1<<0) + unsigned int flags; + union { + struct { /* Used with is_raw and is_pem */ + BIO *file; + + /* + * The following are used when the handler is marked as + * repeatable + */ + const FILE_HANDLER *last_handler; + void *last_handler_ctx; + } file; + struct { /* Used with is_dir */ + OPENSSL_DIR_CTX *ctx; + int end_reached; + char *uri; + + /* + * When a search expression is given, these are filled in. + * |search_name| contains the file basename to look for. + * The string is exactly 8 characters long. + */ + char search_name[9]; + + /* + * The directory reading utility we have combines opening with + * reading the first name. To make sure we can detect the end + * at the right time, we read early and cache the name. + */ + const char *last_entry; + int last_errno; + } dir; + } _; + + /* Expected object type. May be unspecified */ + int expected_type; +}; + +static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx) +{ + if (ctx->type == is_dir) { + OPENSSL_free(ctx->_.dir.uri); + } else { + if (ctx->_.file.last_handler != NULL) { + ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); + ctx->_.file.last_handler_ctx = NULL; + ctx->_.file.last_handler = NULL; + } + } + OPENSSL_free(ctx); +} + +static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, + const char *uri, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_LOADER_CTX *ctx = NULL; + struct stat st; + struct { + const char *path; + unsigned int check_absolute:1; + } path_data[2]; + size_t path_data_n = 0, i; + const char *path; + + /* + * First step, just take the URI as is. + */ + path_data[path_data_n].check_absolute = 0; + path_data[path_data_n++].path = uri; + + /* + * Second step, if the URI appears to start with the 'file' scheme, + * extract the path and make that the second path to check. + * There's a special case if the URI also contains an authority, then + * the full URI shouldn't be used as a path anywhere. + */ + if (strncasecmp(uri, "file:", 5) == 0) { + const char *p = &uri[5]; + + if (strncmp(&uri[5], "//", 2) == 0) { + path_data_n--; /* Invalidate using the full URI */ + if (strncasecmp(&uri[7], "localhost/", 10) == 0) { + p = &uri[16]; + } else if (uri[7] == '/') { + p = &uri[7]; + } else { + OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, + OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED); + return NULL; + } + } + + path_data[path_data_n].check_absolute = 1; +#ifdef _WIN32 + /* Windows file: URIs with a drive letter start with a / */ + if (p[0] == '/' && p[2] == ':' && p[3] == '/') { + char c = ossl_tolower(p[1]); + + if (c >= 'a' && c <= 'z') { + p++; + /* We know it's absolute, so no need to check */ + path_data[path_data_n].check_absolute = 0; + } + } +#endif + path_data[path_data_n++].path = p; + } + + + for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) { + /* + * If the scheme "file" was an explicit part of the URI, the path must + * be absolute. So says RFC 8089 + */ + if (path_data[i].check_absolute && path_data[i].path[0] != '/') { + OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, + OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE); + ERR_add_error_data(1, path_data[i].path); + return NULL; + } + + if (stat(path_data[i].path, &st) < 0) { + SYSerr(SYS_F_STAT, errno); + ERR_add_error_data(1, path_data[i].path); + } else { + path = path_data[i].path; + } + } + if (path == NULL) { + return NULL; + } + + /* Successfully found a working path, clear possible collected errors */ + ERR_clear_error(); + + ctx = OPENSSL_zalloc(sizeof(*ctx)); + if (ctx == NULL) { + OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (S_ISDIR(st.st_mode)) { + /* + * Try to copy everything, even if we know that some of them must be + * NULL for the moment. This prevents errors in the future, when more + * components may be used. + */ + ctx->_.dir.uri = OPENSSL_strdup(uri); + ctx->type = is_dir; + + if (ctx->_.dir.uri == NULL) + goto err; + + ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path); + ctx->_.dir.last_errno = errno; + if (ctx->_.dir.last_entry == NULL) { + if (ctx->_.dir.last_errno != 0) { + char errbuf[256]; + OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB); + errno = ctx->_.dir.last_errno; + if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) + ERR_add_error_data(1, errbuf); + goto err; + } + ctx->_.dir.end_reached = 1; + } + } else { + BIO *buff = NULL; + char peekbuf[4096] = { 0, }; + + if ((buff = BIO_new(BIO_f_buffer())) == NULL + || (ctx->_.file.file = BIO_new_file(path, "rb")) == NULL) { + BIO_free_all(buff); + goto err; + } + + ctx->_.file.file = BIO_push(buff, ctx->_.file.file); + if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) { + peekbuf[sizeof(peekbuf) - 1] = '\0'; + if (strstr(peekbuf, "-----BEGIN ") != NULL) + ctx->type = is_pem; + } + } + + return ctx; + err: + OSSL_STORE_LOADER_CTX_free(ctx); + return NULL; +} + +static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args) +{ + int ret = 1; + + switch (cmd) { + case OSSL_STORE_C_USE_SECMEM: + { + int on = *(va_arg(args, int *)); + + switch (on) { + case 0: + ctx->flags &= ~FILE_FLAG_SECMEM; + break; + case 1: + ctx->flags |= FILE_FLAG_SECMEM; + break; + default: + OSSL_STOREerr(OSSL_STORE_F_FILE_CTRL, + ERR_R_PASSED_INVALID_ARGUMENT); + ret = 0; + break; + } + } + break; + default: + break; + } + + return ret; +} + +static int file_expect(OSSL_STORE_LOADER_CTX *ctx, int expected) +{ + ctx->expected_type = expected; + return 1; +} + +static int file_find(OSSL_STORE_LOADER_CTX *ctx, OSSL_STORE_SEARCH *search) +{ + /* + * If ctx == NULL, the library is looking to know if this loader supports + * the given search type. + */ + + if (OSSL_STORE_SEARCH_get_type(search) == OSSL_STORE_SEARCH_BY_NAME) { + unsigned long hash = 0; + + if (ctx == NULL) + return 1; + + if (ctx->type != is_dir) { + OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, + OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES); + return 0; + } + + hash = X509_NAME_hash(OSSL_STORE_SEARCH_get0_name(search)); + BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name), + "%08lx", hash); + return 1; + } + + if (ctx != NULL) + OSSL_STOREerr(OSSL_STORE_F_FILE_FIND, + OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE); + return 0; +} + +/* Internal function to decode an already opened PEM file */ +OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp) +{ + OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + ctx->_.file.file = bp; + ctx->type = is_pem; + + return ctx; +} + +static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx, + const char *pem_name, + const char *pem_header, + unsigned char *data, size_t len, + const UI_METHOD *ui_method, + void *ui_data, int *matchcount) +{ + OSSL_STORE_INFO *result = NULL; + BUF_MEM *new_mem = NULL; + char *new_pem_name = NULL; + int t = 0; + + again: + { + size_t i = 0; + void *handler_ctx = NULL; + const FILE_HANDLER **matching_handlers = + OPENSSL_zalloc(sizeof(*matching_handlers) + * OSSL_NELEM(file_handlers)); + + if (matching_handlers == NULL) { + OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE, + ERR_R_MALLOC_FAILURE); + goto err; + } + + *matchcount = 0; + for (i = 0; i < OSSL_NELEM(file_handlers); i++) { + const FILE_HANDLER *handler = file_handlers[i]; + int try_matchcount = 0; + void *tmp_handler_ctx = NULL; + OSSL_STORE_INFO *tmp_result = + handler->try_decode(pem_name, pem_header, data, len, + &tmp_handler_ctx, &try_matchcount, + ui_method, ui_data); + + if (try_matchcount > 0) { + + matching_handlers[*matchcount] = handler; + + if (handler_ctx) + handler->destroy_ctx(&handler_ctx); + handler_ctx = tmp_handler_ctx; + + if ((*matchcount += try_matchcount) > 1) { + /* more than one match => ambiguous, kill any result */ + OSSL_STORE_INFO_free(result); + OSSL_STORE_INFO_free(tmp_result); + if (handler->destroy_ctx != NULL) + handler->destroy_ctx(&handler_ctx); + handler_ctx = NULL; + tmp_result = NULL; + result = NULL; + } + if (result == NULL) + result = tmp_result; + } + } + + if (*matchcount == 1 && matching_handlers[0]->repeatable) { + ctx->_.file.last_handler = matching_handlers[0]; + ctx->_.file.last_handler_ctx = handler_ctx; + } + + OPENSSL_free(matching_handlers); + } + + err: + OPENSSL_free(new_pem_name); + BUF_MEM_free(new_mem); + + if (result != NULL + && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) { + pem_name = new_pem_name = + ossl_store_info_get0_EMBEDDED_pem_name(result); + new_mem = ossl_store_info_get0_EMBEDDED_buffer(result); + data = (unsigned char *)new_mem->data; + len = new_mem->length; + OPENSSL_free(result); + result = NULL; + goto again; + } + + if (result != NULL) + ERR_clear_error(); + + return result; +} + +static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_INFO *result = NULL; + int try_matchcount = 0; + + if (ctx->_.file.last_handler != NULL) { + result = + ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0, + &ctx->_.file.last_handler_ctx, + &try_matchcount, + ui_method, ui_data); + + if (result == NULL) { + ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx); + ctx->_.file.last_handler_ctx = NULL; + ctx->_.file.last_handler = NULL; + } + } + return result; +} + +static void pem_free_flag(void *pem_data, int secure, size_t num) +{ + if (secure) + OPENSSL_secure_clear_free(pem_data, num); + else + OPENSSL_free(pem_data); +} +static int file_read_pem(BIO *bp, char **pem_name, char **pem_header, + unsigned char **data, long *len, + const UI_METHOD *ui_method, + void *ui_data, int secure) +{ + int i = secure + ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len, + PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE) + : PEM_read_bio(bp, pem_name, pem_header, data, len); + + if (i <= 0) + return 0; + + /* + * 10 is the number of characters in "Proc-Type:", which + * PEM_get_EVP_CIPHER_INFO() requires to be present. + * If the PEM header has less characters than that, it's + * not worth spending cycles on it. + */ + if (strlen(*pem_header) > 10) { + EVP_CIPHER_INFO cipher; + struct pem_pass_data pass_data; + + if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher) + || !file_fill_pem_pass_data(&pass_data, "PEM", ui_method, ui_data) + || !PEM_do_header(&cipher, *data, len, file_get_pem_pass, + &pass_data)) { + return 0; + } + } + return 1; +} + +static int file_read_asn1(BIO *bp, unsigned char **data, long *len) +{ + BUF_MEM *mem = NULL; + + if (asn1_d2i_read_bio(bp, &mem) < 0) + return 0; + + *data = (unsigned char *)mem->data; + *len = (long)mem->length; + OPENSSL_free(mem); + + return 1; +} + +static int ends_with_dirsep(const char *uri) +{ + if (*uri != '\0') + uri += strlen(uri) - 1; +#if defined __VMS + if (*uri == ']' || *uri == '>' || *uri == ':') + return 1; +#elif defined _WIN32 + if (*uri == '\\') + return 1; +#endif + return *uri == '/'; +} + +static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name, + char **data) +{ + assert(name != NULL); + assert(data != NULL); + { + const char *pathsep = ends_with_dirsep(ctx->_.dir.uri) ? "" : "/"; + long calculated_length = strlen(ctx->_.dir.uri) + strlen(pathsep) + + strlen(name) + 1 /* \0 */; + + *data = OPENSSL_zalloc(calculated_length); + if (*data == NULL) { + OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE); + return 0; + } + + OPENSSL_strlcat(*data, ctx->_.dir.uri, calculated_length); + OPENSSL_strlcat(*data, pathsep, calculated_length); + OPENSSL_strlcat(*data, name, calculated_length); + } + return 1; +} + +static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) +{ + const char *p = NULL; + + /* If there are no search criteria, all names are accepted */ + if (ctx->_.dir.search_name[0] == '\0') + return 1; + + /* If the expected type isn't supported, no name is accepted */ + if (ctx->expected_type != 0 + && ctx->expected_type != OSSL_STORE_INFO_CERT + && ctx->expected_type != OSSL_STORE_INFO_CRL) + return 0; + + /* + * First, check the basename + */ + if (strncasecmp(name, ctx->_.dir.search_name, + sizeof(ctx->_.dir.search_name) - 1) != 0 + || name[sizeof(ctx->_.dir.search_name) - 1] != '.') + return 0; + p = &name[sizeof(ctx->_.dir.search_name)]; + + /* + * Then, if the expected type is a CRL, check that the extension starts + * with 'r' + */ + if (*p == 'r') { + p++; + if (ctx->expected_type != 0 + && ctx->expected_type != OSSL_STORE_INFO_CRL) + return 0; + } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) { + return 0; + } + + /* + * Last, check that the rest of the extension is a decimal number, at + * least one digit long. + */ + if (!ossl_isdigit(*p)) + return 0; + while (ossl_isdigit(*p)) + p++; + +# ifdef __VMS + /* + * One extra step here, check for a possible generation number. + */ + if (*p == ';') + for (p++; *p != '\0'; p++) + if (!ossl_isdigit(*p)) + break; +# endif + + /* + * If we've reached the end of the string at this point, we've successfully + * found a fitting file name. + */ + return *p == '\0'; +} + +static int file_eof(OSSL_STORE_LOADER_CTX *ctx); +static int file_error(OSSL_STORE_LOADER_CTX *ctx); +static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx, + const UI_METHOD *ui_method, void *ui_data) +{ + OSSL_STORE_INFO *result = NULL; + + ctx->errcnt = 0; + ERR_clear_error(); + + if (ctx->type == is_dir) { + do { + char *newname = NULL; + + if (ctx->_.dir.last_entry == NULL) { + if (!ctx->_.dir.end_reached) { + char errbuf[256]; + assert(ctx->_.dir.last_errno != 0); + OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB); + errno = ctx->_.dir.last_errno; + ctx->errcnt++; + if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) + ERR_add_error_data(1, errbuf); + } + return NULL; + } + + if (ctx->_.dir.last_entry[0] != '.' + && file_name_check(ctx, ctx->_.dir.last_entry) + && !file_name_to_uri(ctx, ctx->_.dir.last_entry, &newname)) + return NULL; + + /* + * On the first call (with a NULL context), OPENSSL_DIR_read() + * cares about the second argument. On the following calls, it + * only cares that it isn't NULL. Therefore, we can safely give + * it our URI here. + */ + ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, + ctx->_.dir.uri); + ctx->_.dir.last_errno = errno; + if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0) + ctx->_.dir.end_reached = 1; + + if (newname != NULL + && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) { + OPENSSL_free(newname); + OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_OSSL_STORE_LIB); + return NULL; + } + } while (result == NULL && !file_eof(ctx)); + } else { + int matchcount = -1; + + again: + result = file_load_try_repeat(ctx, ui_method, ui_data); + if (result != NULL) + return result; + + if (file_eof(ctx)) + return NULL; + + do { + char *pem_name = NULL; /* PEM record name */ + char *pem_header = NULL; /* PEM record header */ + unsigned char *data = NULL; /* DER encoded data */ + long len = 0; /* DER encoded data length */ + + matchcount = -1; + if (ctx->type == is_pem) { + if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header, + &data, &len, ui_method, ui_data, + (ctx->flags & FILE_FLAG_SECMEM) != 0)) { + ctx->errcnt++; + goto endloop; + } + } else { + if (!file_read_asn1(ctx->_.file.file, &data, &len)) { + ctx->errcnt++; + goto endloop; + } + } + + result = file_load_try_decode(ctx, pem_name, pem_header, data, len, + ui_method, ui_data, &matchcount); + + if (result != NULL) + goto endloop; + + /* + * If a PEM name matches more than one handler, the handlers are + * badly coded. + */ + if (!ossl_assert(pem_name == NULL || matchcount <= 1)) { + ctx->errcnt++; + goto endloop; + } + + if (matchcount > 1) { + OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, + OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE); + } else if (matchcount == 1) { + /* + * If there are other errors on the stack, they already show + * what the problem is. + */ + if (ERR_peek_error() == 0) { + OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, + OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE); + if (pem_name != NULL) + ERR_add_error_data(3, "PEM type is '", pem_name, "'"); + } + } + if (matchcount > 0) + ctx->errcnt++; + + endloop: + pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); + pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0); + pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len); + } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx)); + + /* We bail out on ambiguity */ + if (matchcount > 1) + return NULL; + + if (result != NULL + && ctx->expected_type != 0 + && ctx->expected_type != OSSL_STORE_INFO_get_type(result)) { + OSSL_STORE_INFO_free(result); + goto again; + } + } + + return result; +} + +static int file_error(OSSL_STORE_LOADER_CTX *ctx) +{ + return ctx->errcnt > 0; +} + +static int file_eof(OSSL_STORE_LOADER_CTX *ctx) +{ + if (ctx->type == is_dir) + return ctx->_.dir.end_reached; + + if (ctx->_.file.last_handler != NULL + && !ctx->_.file.last_handler->eof(ctx->_.file.last_handler_ctx)) + return 0; + return BIO_eof(ctx->_.file.file); +} + +static int file_close(OSSL_STORE_LOADER_CTX *ctx) +{ + if (ctx->type == is_dir) { + OPENSSL_DIR_end(&ctx->_.dir.ctx); + } else { + BIO_free_all(ctx->_.file.file); + } + OSSL_STORE_LOADER_CTX_free(ctx); + return 1; +} + +int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx) +{ + OSSL_STORE_LOADER_CTX_free(ctx); + return 1; +} + +static OSSL_STORE_LOADER file_loader = + { + "file", + NULL, + file_open, + file_ctrl, + file_expect, + file_find, + file_load, + file_eof, + file_error, + file_close + }; + +static void store_file_loader_deinit(void) +{ + ossl_store_unregister_loader_int(file_loader.scheme); +} + +int ossl_store_file_loader_init(void) +{ + int ret = ossl_store_register_loader_int(&file_loader); + + OPENSSL_atexit(store_file_loader_deinit); + return ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_err.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_err.c new file mode 100644 index 000000000..5a8a8404d --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_err.c @@ -0,0 +1,146 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/err.h> +#include <openssl/storeerr.h> + +#ifndef OPENSSL_NO_ERR + +static const ERR_STRING_DATA OSSL_STORE_str_functs[] = { + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_CTRL, 0), "file_ctrl"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_FIND, 0), "file_find"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_GET_PASS, 0), + "file_get_pass"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD, 0), "file_load"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD_TRY_DECODE, 0), + "file_load_try_decode"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_NAME_TO_URI, 0), + "file_name_to_uri"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_OPEN, 0), "file_open"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO, 0), + "ossl_store_attach_pem_bio"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_EXPECT, 0), + "OSSL_STORE_expect"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, 0), + "ossl_store_file_attach_pem_bio_int"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FIND, 0), + "OSSL_STORE_find"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, 0), + "ossl_store_get0_loader_int"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT, 0), + "OSSL_STORE_INFO_get1_CERT"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL, 0), + "OSSL_STORE_INFO_get1_CRL"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME, 0), + "OSSL_STORE_INFO_get1_NAME"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION, 0), + "OSSL_STORE_INFO_get1_NAME_description"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS, 0), + "OSSL_STORE_INFO_get1_PARAMS"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY, 0), + "OSSL_STORE_INFO_get1_PKEY"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT, 0), + "OSSL_STORE_INFO_new_CERT"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL, 0), + "OSSL_STORE_INFO_new_CRL"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED, 0), + "ossl_store_info_new_EMBEDDED"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME, 0), + "OSSL_STORE_INFO_new_NAME"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS, 0), + "OSSL_STORE_INFO_new_PARAMS"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY, 0), + "OSSL_STORE_INFO_new_PKEY"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION, 0), + "OSSL_STORE_INFO_set0_NAME_description"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INIT_ONCE, 0), + "ossl_store_init_once"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_LOADER_NEW, 0), + "OSSL_STORE_LOADER_new"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN, 0), + "OSSL_STORE_open"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN_INT, 0), ""}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, 0), + "ossl_store_register_loader_int"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS, 0), + "OSSL_STORE_SEARCH_by_alias"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL, 0), + "OSSL_STORE_SEARCH_by_issuer_serial"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, 0), + "OSSL_STORE_SEARCH_by_key_fingerprint"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME, 0), + "OSSL_STORE_SEARCH_by_name"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, 0), + "ossl_store_unregister_loader_int"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PARAMS, 0), + "try_decode_params"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS12, 0), + "try_decode_PKCS12"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, 0), + "try_decode_PKCS8Encrypted"}, + {0, NULL} +}; + +static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = { + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE), + "ambiguous content type"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_BAD_PASSWORD_READ), + "bad password read"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC), + "error verifying pkcs12 mac"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST), + "fingerprint size does not match digest"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME), + "invalid scheme"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE), + "loader incomplete"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADING_STARTED), + "loading started"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE), + "not a certificate"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_KEY), "not a key"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_NAME), "not a name"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS), + "not parameters"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR), + "passphrase callback error"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE), + "path must be absolute"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES), + "search only supported for directories"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED), + "ui process interrupted or cancelled"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNREGISTERED_SCHEME), + "unregistered scheme"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE), + "unsupported content type"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_OPERATION), + "unsupported operation"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE), + "unsupported search type"}, + {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED), + "uri authority unsupported"}, + {0, NULL} +}; + +#endif + +int ERR_load_OSSL_STORE_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(OSSL_STORE_str_functs[0].error) == NULL) { + ERR_load_strings_const(OSSL_STORE_str_functs); + ERR_load_strings_const(OSSL_STORE_str_reasons); + } +#endif + return 1; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_init.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_init.c new file mode 100644 index 000000000..0103c8db8 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_init.c @@ -0,0 +1,33 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/err.h> +#include "crypto/store.h" +#include "store_local.h" + +static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT; +DEFINE_RUN_ONCE_STATIC(do_store_init) +{ + return OPENSSL_init_crypto(0, NULL) + && ossl_store_file_loader_init(); +} + +int ossl_store_init_once(void) +{ + if (!RUN_ONCE(&store_init, do_store_init)) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INIT_ONCE, ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; +} + +void ossl_store_cleanup_int(void) +{ + ossl_store_destroy_loaders_int(); +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_lib.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_lib.c new file mode 100644 index 000000000..fb8184d2d --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_lib.c @@ -0,0 +1,681 @@ +/* + * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "e_os.h" +#include <stdlib.h> +#include <string.h> +#include <assert.h> + +#include "e_os.h" + +#include <openssl/crypto.h> +#include <openssl/err.h> +#include <openssl/store.h> +#include "internal/thread_once.h" +#include "crypto/store.h" +#include "store_local.h" + +struct ossl_store_ctx_st { + const OSSL_STORE_LOADER *loader; + OSSL_STORE_LOADER_CTX *loader_ctx; + const UI_METHOD *ui_method; + void *ui_data; + OSSL_STORE_post_process_info_fn post_process; + void *post_process_data; + int expected_type; + + /* 0 before the first STORE_load(), 1 otherwise */ + int loading; +}; + +OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, + void *ui_data, + OSSL_STORE_post_process_info_fn post_process, + void *post_process_data) +{ + const OSSL_STORE_LOADER *loader = NULL; + OSSL_STORE_LOADER_CTX *loader_ctx = NULL; + OSSL_STORE_CTX *ctx = NULL; + char scheme_copy[256], *p, *schemes[2]; + size_t schemes_n = 0; + size_t i; + + /* + * Put the file scheme first. If the uri does represent an existing file, + * possible device name and all, then it should be loaded. Only a failed + * attempt at loading a local file should have us try something else. + */ + schemes[schemes_n++] = "file"; + + /* + * Now, check if we have something that looks like a scheme, and add it + * as a second scheme. However, also check if there's an authority start + * (://), because that will invalidate the previous file scheme. Also, + * check that this isn't actually the file scheme, as there's no point + * going through that one twice! + */ + OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy)); + if ((p = strchr(scheme_copy, ':')) != NULL) { + *p++ = '\0'; + if (strcasecmp(scheme_copy, "file") != 0) { + if (strncmp(p, "//", 2) == 0) + schemes_n--; /* Invalidate the file scheme */ + schemes[schemes_n++] = scheme_copy; + } + } + + ERR_set_mark(); + + /* Try each scheme until we find one that could open the URI */ + for (i = 0; loader_ctx == NULL && i < schemes_n; i++) { + if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) + loader_ctx = loader->open(loader, uri, ui_method, ui_data); + } + if (loader_ctx == NULL) + goto err; + + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE); + goto err; + } + + ctx->loader = loader; + ctx->loader_ctx = loader_ctx; + ctx->ui_method = ui_method; + ctx->ui_data = ui_data; + ctx->post_process = post_process; + ctx->post_process_data = post_process_data; + + /* + * If the attempt to open with the 'file' scheme loader failed and the + * other scheme loader succeeded, the failure to open with the 'file' + * scheme loader leaves an error on the error stack. Let's remove it. + */ + ERR_pop_to_mark(); + + return ctx; + + err: + ERR_clear_last_mark(); + if (loader_ctx != NULL) { + /* + * We ignore a returned error because we will return NULL anyway in + * this case, so if something goes wrong when closing, that'll simply + * just add another entry on the error stack. + */ + (void)loader->close(loader_ctx); + } + return NULL; +} + +int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...) +{ + va_list args; + int ret; + + va_start(args, cmd); + ret = OSSL_STORE_vctrl(ctx, cmd, args); + va_end(args); + + return ret; +} + +int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args) +{ + if (ctx->loader->ctrl != NULL) + return ctx->loader->ctrl(ctx->loader_ctx, cmd, args); + return 0; +} + +int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type) +{ + if (ctx->loading) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_EXPECT, + OSSL_STORE_R_LOADING_STARTED); + return 0; + } + + ctx->expected_type = expected_type; + if (ctx->loader->expect != NULL) + return ctx->loader->expect(ctx->loader_ctx, expected_type); + return 1; +} + +int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search) +{ + if (ctx->loading) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND, + OSSL_STORE_R_LOADING_STARTED); + return 0; + } + if (ctx->loader->find == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND, + OSSL_STORE_R_UNSUPPORTED_OPERATION); + return 0; + } + + return ctx->loader->find(ctx->loader_ctx, search); +} + +OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx) +{ + OSSL_STORE_INFO *v = NULL; + + ctx->loading = 1; + again: + if (OSSL_STORE_eof(ctx)) + return NULL; + + v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data); + + if (ctx->post_process != NULL && v != NULL) { + v = ctx->post_process(v, ctx->post_process_data); + + /* + * By returning NULL, the callback decides that this object should + * be ignored. + */ + if (v == NULL) + goto again; + } + + if (v != NULL && ctx->expected_type != 0) { + int returned_type = OSSL_STORE_INFO_get_type(v); + + if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) { + /* + * Soft assert here so those who want to harsly weed out faulty + * loaders can do so using a debugging version of libcrypto. + */ + if (ctx->loader->expect != NULL) + assert(ctx->expected_type == returned_type); + + if (ctx->expected_type != returned_type) { + OSSL_STORE_INFO_free(v); + goto again; + } + } + } + + return v; +} + +int OSSL_STORE_error(OSSL_STORE_CTX *ctx) +{ + return ctx->loader->error(ctx->loader_ctx); +} + +int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) +{ + return ctx->loader->eof(ctx->loader_ctx); +} + +int OSSL_STORE_close(OSSL_STORE_CTX *ctx) +{ + int loader_ret = ctx->loader->close(ctx->loader_ctx); + + OPENSSL_free(ctx); + return loader_ret; +} + +/* + * Functions to generate OSSL_STORE_INFOs, one function for each type we + * support having in them as well as a generic constructor. + * + * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO + * and will therefore be freed when the OSSL_STORE_INFO is freed. + */ +static OSSL_STORE_INFO *store_info_new(int type, void *data) +{ + OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info)); + + if (info == NULL) + return NULL; + + info->type = type; + info->_.data = data; + return info; +} + +OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL); + + if (info == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + info->_.name.name = name; + info->_.name.desc = NULL; + + return info; +} + +int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc) +{ + if (info->type != OSSL_STORE_INFO_NAME) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION, + ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + + info->_.name.desc = desc; + + return 1; +} +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params); + + if (info == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS, + ERR_R_MALLOC_FAILURE); + return info; +} + +OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey); + + if (info == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY, + ERR_R_MALLOC_FAILURE); + return info; +} + +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509); + + if (info == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT, + ERR_R_MALLOC_FAILURE); + return info; +} + +OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl); + + if (info == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL, + ERR_R_MALLOC_FAILURE); + return info; +} + +/* + * Functions to try to extract data from a OSSL_STORE_INFO. + */ +int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info) +{ + return info->type; +} + +const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_NAME) + return info->_.name.name; + return NULL; +} + +char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_NAME) { + char *ret = OPENSSL_strdup(info->_.name.name); + + if (ret == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME, + ERR_R_MALLOC_FAILURE); + return ret; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME, + OSSL_STORE_R_NOT_A_NAME); + return NULL; +} + +const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_NAME) + return info->_.name.desc; + return NULL; +} + +char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_NAME) { + char *ret = OPENSSL_strdup(info->_.name.desc + ? info->_.name.desc : ""); + + if (ret == NULL) + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION, + ERR_R_MALLOC_FAILURE); + return ret; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION, + OSSL_STORE_R_NOT_A_NAME); + return NULL; +} + +EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_PARAMS) + return info->_.params; + return NULL; +} + +EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_PARAMS) { + EVP_PKEY_up_ref(info->_.params); + return info->_.params; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS, + OSSL_STORE_R_NOT_PARAMETERS); + return NULL; +} + +EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_PKEY) + return info->_.pkey; + return NULL; +} + +EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_PKEY) { + EVP_PKEY_up_ref(info->_.pkey); + return info->_.pkey; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY, + OSSL_STORE_R_NOT_A_KEY); + return NULL; +} + +X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_CERT) + return info->_.x509; + return NULL; +} + +X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_CERT) { + X509_up_ref(info->_.x509); + return info->_.x509; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT, + OSSL_STORE_R_NOT_A_CERTIFICATE); + return NULL; +} + +X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_CRL) + return info->_.crl; + return NULL; +} + +X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_CRL) { + X509_CRL_up_ref(info->_.crl); + return info->_.crl; + } + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL, + OSSL_STORE_R_NOT_A_CRL); + return NULL; +} + +/* + * Free the OSSL_STORE_INFO + */ +void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info) +{ + if (info != NULL) { + switch (info->type) { + case OSSL_STORE_INFO_EMBEDDED: + BUF_MEM_free(info->_.embedded.blob); + OPENSSL_free(info->_.embedded.pem_name); + break; + case OSSL_STORE_INFO_NAME: + OPENSSL_free(info->_.name.name); + OPENSSL_free(info->_.name.desc); + break; + case OSSL_STORE_INFO_PARAMS: + EVP_PKEY_free(info->_.params); + break; + case OSSL_STORE_INFO_PKEY: + EVP_PKEY_free(info->_.pkey); + break; + case OSSL_STORE_INFO_CERT: + X509_free(info->_.x509); + break; + case OSSL_STORE_INFO_CRL: + X509_CRL_free(info->_.crl); + break; + } + OPENSSL_free(info); + } +} + +int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type) +{ + OSSL_STORE_SEARCH tmp_search; + + if (ctx->loader->find == NULL) + return 0; + tmp_search.search_type = search_type; + return ctx->loader->find(NULL, &tmp_search); +} + +/* Search term constructors */ +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name) +{ + OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); + + if (search == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + search->search_type = OSSL_STORE_SEARCH_BY_NAME; + search->name = name; + return search; +} + +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, + const ASN1_INTEGER *serial) +{ + OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); + + if (search == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL; + search->name = name; + search->serial = serial; + return search; +} + +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, + const unsigned char + *bytes, size_t len) +{ + OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); + + if (search == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (digest != NULL && len != (size_t)EVP_MD_size(digest)) { + char buf1[20], buf2[20]; + + BIO_snprintf(buf1, sizeof(buf1), "%d", EVP_MD_size(digest)); + BIO_snprintf(buf2, sizeof(buf2), "%zu", len); + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, + OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST); + ERR_add_error_data(5, EVP_MD_name(digest), " size is ", buf1, + ", fingerprint size is ", buf2); + } + + search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT; + search->digest = digest; + search->string = bytes; + search->stringlength = len; + return search; +} + +OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias) +{ + OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); + + if (search == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + search->search_type = OSSL_STORE_SEARCH_BY_ALIAS; + search->string = (const unsigned char *)alias; + search->stringlength = strlen(alias); + return search; +} + +/* Search term destructor */ +void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search) +{ + OPENSSL_free(search); +} + +/* Search term accessors */ +int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion) +{ + return criterion->search_type; +} + +X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion) +{ + return criterion->name; +} + +const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH + *criterion) +{ + return criterion->serial; +} + +const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH + *criterion, size_t *length) +{ + *length = criterion->stringlength; + return criterion->string; +} + +const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion) +{ + return (const char *)criterion->string; +} + +const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion) +{ + return criterion->digest; +} + +/* Internal functions */ +OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name, + BUF_MEM *embedded) +{ + OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL); + + if (info == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED, + ERR_R_MALLOC_FAILURE); + return NULL; + } + + info->_.embedded.blob = embedded; + info->_.embedded.pem_name = + new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name); + + if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED, + ERR_R_MALLOC_FAILURE); + OSSL_STORE_INFO_free(info); + info = NULL; + } + + return info; +} + +BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_EMBEDDED) + return info->_.embedded.blob; + return NULL; +} + +char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info) +{ + if (info->type == OSSL_STORE_INFO_EMBEDDED) + return info->_.embedded.pem_name; + return NULL; +} + +OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method, + void *ui_data) +{ + OSSL_STORE_CTX *ctx = NULL; + const OSSL_STORE_LOADER *loader = NULL; + OSSL_STORE_LOADER_CTX *loader_ctx = NULL; + + if ((loader = ossl_store_get0_loader_int("file")) == NULL + || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL)) + goto done; + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO, + ERR_R_MALLOC_FAILURE); + goto done; + } + + ctx->loader = loader; + ctx->loader_ctx = loader_ctx; + loader_ctx = NULL; + ctx->ui_method = ui_method; + ctx->ui_data = ui_data; + ctx->post_process = NULL; + ctx->post_process_data = NULL; + + done: + if (loader_ctx != NULL) + /* + * We ignore a returned error because we will return NULL anyway in + * this case, so if something goes wrong when closing, that'll simply + * just add another entry on the error stack. + */ + (void)loader->close(loader_ctx); + return ctx; +} + +int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx) +{ + int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx); + + OPENSSL_free(ctx); + return loader_ret; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_local.h b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_local.h new file mode 100644 index 000000000..369dcb33f --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_local.h @@ -0,0 +1,132 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/thread_once.h" +#include <openssl/dsa.h> +#include <openssl/engine.h> +#include <openssl/evp.h> +#include <openssl/lhash.h> +#include <openssl/x509.h> +#include <openssl/store.h> + +/*- + * OSSL_STORE_INFO stuff + * --------------------- + */ + +struct ossl_store_info_st { + int type; + union { + void *data; /* used internally as generic pointer */ + + struct { + BUF_MEM *blob; + char *pem_name; + } embedded; /* when type == OSSL_STORE_INFO_EMBEDDED */ + + struct { + char *name; + char *desc; + } name; /* when type == OSSL_STORE_INFO_NAME */ + + EVP_PKEY *params; /* when type == OSSL_STORE_INFO_PARAMS */ + EVP_PKEY *pkey; /* when type == OSSL_STORE_INFO_PKEY */ + X509 *x509; /* when type == OSSL_STORE_INFO_CERT */ + X509_CRL *crl; /* when type == OSSL_STORE_INFO_CRL */ + } _; +}; + +DEFINE_STACK_OF(OSSL_STORE_INFO) + +/* + * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file + * handlers. It should never reach a calling application or any engine. + * However, it can be used by a FILE_HANDLER's try_decode function to signal + * that it has decoded the incoming blob into a new blob, and that the + * attempted decoding should be immediately restarted with the new blob, using + * the new PEM name. + */ +/* + * Because this is an internal type, we don't make it public. + */ +#define OSSL_STORE_INFO_EMBEDDED -1 +OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name, + BUF_MEM *embedded); +BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info); +char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info); + +/*- + * OSSL_STORE_SEARCH stuff + * ----------------------- + */ + +struct ossl_store_search_st { + int search_type; + + /* + * Used by OSSL_STORE_SEARCH_BY_NAME and + * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL + */ + X509_NAME *name; + + /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ + const ASN1_INTEGER *serial; + + /* Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT */ + const EVP_MD *digest; + + /* + * Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT and + * OSSL_STORE_SEARCH_BY_ALIAS + */ + const unsigned char *string; + size_t stringlength; +}; + +/*- + * OSSL_STORE_LOADER stuff + * ----------------------- + */ + +int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader); +OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme); + +/* loader stuff */ +struct ossl_store_loader_st { + const char *scheme; + ENGINE *engine; + OSSL_STORE_open_fn open; + OSSL_STORE_ctrl_fn ctrl; + OSSL_STORE_expect_fn expect; + OSSL_STORE_find_fn find; + OSSL_STORE_load_fn load; + OSSL_STORE_eof_fn eof; + OSSL_STORE_error_fn error; + OSSL_STORE_close_fn close; +}; +DEFINE_LHASH_OF(OSSL_STORE_LOADER); + +const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme); +void ossl_store_destroy_loaders_int(void); + +/*- + * OSSL_STORE init stuff + * --------------------- + */ + +int ossl_store_init_once(void); +int ossl_store_file_loader_init(void); + +/*- + * 'file' scheme stuff + * ------------------- + */ + +OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp); +int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx); diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_register.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_register.c new file mode 100644 index 000000000..3631d9b50 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_register.c @@ -0,0 +1,297 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> +#include "crypto/ctype.h" +#include <assert.h> + +#include <openssl/err.h> +#include <openssl/lhash.h> +#include "store_local.h" + +static CRYPTO_RWLOCK *registry_lock; +static CRYPTO_ONCE registry_init = CRYPTO_ONCE_STATIC_INIT; + +DEFINE_RUN_ONCE_STATIC(do_registry_init) +{ + registry_lock = CRYPTO_THREAD_lock_new(); + return registry_lock != NULL; +} + +/* + * Functions for manipulating OSSL_STORE_LOADERs + */ + +OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme) +{ + OSSL_STORE_LOADER *res = NULL; + + /* + * We usually don't check NULL arguments. For loaders, though, the + * scheme is crucial and must never be NULL, or the user will get + * mysterious errors when trying to register the created loader + * later on. + */ + if (scheme == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW, + OSSL_STORE_R_INVALID_SCHEME); + return NULL; + } + + if ((res = OPENSSL_zalloc(sizeof(*res))) == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + + res->engine = e; + res->scheme = scheme; + return res; +} + +const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader) +{ + return loader->engine; +} + +const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader) +{ + return loader->scheme; +} + +int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, + OSSL_STORE_open_fn open_function) +{ + loader->open = open_function; + return 1; +} + +int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, + OSSL_STORE_ctrl_fn ctrl_function) +{ + loader->ctrl = ctrl_function; + return 1; +} + +int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, + OSSL_STORE_expect_fn expect_function) +{ + loader->expect = expect_function; + return 1; +} + +int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, + OSSL_STORE_find_fn find_function) +{ + loader->find = find_function; + return 1; +} + +int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, + OSSL_STORE_load_fn load_function) +{ + loader->load = load_function; + return 1; +} + +int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, + OSSL_STORE_eof_fn eof_function) +{ + loader->eof = eof_function; + return 1; +} + +int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, + OSSL_STORE_error_fn error_function) +{ + loader->error = error_function; + return 1; +} + +int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, + OSSL_STORE_close_fn close_function) +{ + loader->close = close_function; + return 1; +} + +void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader) +{ + OPENSSL_free(loader); +} + +/* + * Functions for registering OSSL_STORE_LOADERs + */ + +static unsigned long store_loader_hash(const OSSL_STORE_LOADER *v) +{ + return OPENSSL_LH_strhash(v->scheme); +} + +static int store_loader_cmp(const OSSL_STORE_LOADER *a, + const OSSL_STORE_LOADER *b) +{ + assert(a->scheme != NULL && b->scheme != NULL); + return strcmp(a->scheme, b->scheme); +} + +static LHASH_OF(OSSL_STORE_LOADER) *loader_register = NULL; + +int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader) +{ + const char *scheme = loader->scheme; + int ok = 0; + + /* + * Check that the given scheme conforms to correct scheme syntax as per + * RFC 3986: + * + * scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." ) + */ + if (ossl_isalpha(*scheme)) + while (*scheme != '\0' + && (ossl_isalpha(*scheme) + || ossl_isdigit(*scheme) + || strchr("+-.", *scheme) != NULL)) + scheme++; + if (*scheme != '\0') { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, + OSSL_STORE_R_INVALID_SCHEME); + ERR_add_error_data(2, "scheme=", loader->scheme); + return 0; + } + + /* Check that functions we absolutely require are present */ + if (loader->open == NULL || loader->load == NULL || loader->eof == NULL + || loader->error == NULL || loader->close == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, + OSSL_STORE_R_LOADER_INCOMPLETE); + return 0; + } + + if (!RUN_ONCE(®istry_init, do_registry_init)) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, + ERR_R_MALLOC_FAILURE); + return 0; + } + CRYPTO_THREAD_write_lock(registry_lock); + + if (loader_register == NULL) { + loader_register = lh_OSSL_STORE_LOADER_new(store_loader_hash, + store_loader_cmp); + } + + if (loader_register != NULL + && (lh_OSSL_STORE_LOADER_insert(loader_register, loader) != NULL + || lh_OSSL_STORE_LOADER_error(loader_register) == 0)) + ok = 1; + + CRYPTO_THREAD_unlock(registry_lock); + + return ok; +} +int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader) +{ + if (!ossl_store_init_once()) + return 0; + return ossl_store_register_loader_int(loader); +} + +const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme) +{ + OSSL_STORE_LOADER template; + OSSL_STORE_LOADER *loader = NULL; + + template.scheme = scheme; + template.open = NULL; + template.load = NULL; + template.eof = NULL; + template.close = NULL; + + if (!ossl_store_init_once()) + return NULL; + + if (!RUN_ONCE(®istry_init, do_registry_init)) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, + ERR_R_MALLOC_FAILURE); + return NULL; + } + CRYPTO_THREAD_write_lock(registry_lock); + + loader = lh_OSSL_STORE_LOADER_retrieve(loader_register, &template); + + if (loader == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, + OSSL_STORE_R_UNREGISTERED_SCHEME); + ERR_add_error_data(2, "scheme=", scheme); + } + + CRYPTO_THREAD_unlock(registry_lock); + + return loader; +} + +OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme) +{ + OSSL_STORE_LOADER template; + OSSL_STORE_LOADER *loader = NULL; + + template.scheme = scheme; + template.open = NULL; + template.load = NULL; + template.eof = NULL; + template.close = NULL; + + if (!RUN_ONCE(®istry_init, do_registry_init)) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, + ERR_R_MALLOC_FAILURE); + return NULL; + } + CRYPTO_THREAD_write_lock(registry_lock); + + loader = lh_OSSL_STORE_LOADER_delete(loader_register, &template); + + if (loader == NULL) { + OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, + OSSL_STORE_R_UNREGISTERED_SCHEME); + ERR_add_error_data(2, "scheme=", scheme); + } + + CRYPTO_THREAD_unlock(registry_lock); + + return loader; +} +OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme) +{ + if (!ossl_store_init_once()) + return 0; + return ossl_store_unregister_loader_int(scheme); +} + +void ossl_store_destroy_loaders_int(void) +{ + assert(lh_OSSL_STORE_LOADER_num_items(loader_register) == 0); + lh_OSSL_STORE_LOADER_free(loader_register); + loader_register = NULL; + CRYPTO_THREAD_lock_free(registry_lock); + registry_lock = NULL; +} + +/* + * Functions to list OSSL_STORE loaders + */ + +IMPLEMENT_LHASH_DOALL_ARG_CONST(OSSL_STORE_LOADER, void); +int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER + *loader, void *do_arg), + void *do_arg) +{ + lh_OSSL_STORE_LOADER_doall_void(loader_register, do_function, do_arg); + return 1; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_strings.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_strings.c new file mode 100644 index 000000000..76cf31648 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/crypto/store/store_strings.c @@ -0,0 +1,28 @@ +/* + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/store.h> + +static char *type_strings[] = { + "Name", /* OSSL_STORE_INFO_NAME */ + "Parameters", /* OSSL_STORE_INFO_PARAMS */ + "Pkey", /* OSSL_STORE_INFO_PKEY */ + "Certificate", /* OSSL_STORE_INFO_CERT */ + "CRL" /* OSSL_STORE_INFO_CRL */ +}; + +const char *OSSL_STORE_INFO_type_string(int type) +{ + int types = sizeof(type_strings) / sizeof(type_strings[0]); + + if (type < 1 || type > types) + return NULL; + + return type_strings[type - 1]; +} |