OSSL_STORE_expect(): Improve error handling and documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)

2 files changed, 11 insertions, 4 deletions

diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 1a62d7f6ff..2c7c9f3226 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -241,6 +241,11 @@ int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
 {
     int ret = 1;
 
+    if (ctx == NULL
+            || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) {
+        ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
     if (ctx->loading) {
         ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED);
         return 0;
diff --git a/doc/man3/OSSL_STORE_expect.pod b/doc/man3/OSSL_STORE_expect.pod
index ac414e9701..8b79f35337 100644
--- a/doc/man3/OSSL_STORE_expect.pod
+++ b/doc/man3/OSSL_STORE_expect.pod
@@ -21,11 +21,13 @@ OSSL_STORE_find
 
 OSSL_STORE_expect() helps applications filter what OSSL_STORE_load() returns
 by specifying a B<OSSL_STORE_INFO> type.
-For example, if C<file:/foo/bar/store.pem> contains several different objects
-and only the certificates are interesting, the application can simply say
+By default, no expectations on the types of objects to be loaded are made.
+I<expected_type> may be 0 to indicate explicitly that no expectation is made,
+or it may be any of the known object types (see
+L<OSSL_STORE_INFO(3)/SUPPORTED OBJECTS>) except for B<OSSL_STORE_INFO_NAME>.
+For example, if C<file:/foo/bar/store.pem> contains several objects of different
+type and only certificates are interesting, the application can simply say
 that it expects the type B<OSSL_STORE_INFO_CERT>.
-All known object types (see L<OSSL_STORE_INFO(3)/SUPPORTED OBJECTS>)
-except for B<OSSL_STORE_INFO_NAME> are supported.
 
 OSSL_STORE_find() helps applications specify a criterion for a more fine
 grained search of objects.