STORE: Add the possibility to search for specific information

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
author: Richard Levitte <levitte@openssl.org> 2017-02-19 12:24:19 +0100
committer: Richard Levitte <levitte@openssl.org> 2018-02-23 07:40:42 +0100
commit: fac8673b8aed77231e23d51d78cd8eb995d21f5c (patch)
tree: eb8bdf19c6cb436f7149b19dc0c788776b4b9ba2 /crypto
parent: 7622baf8a7c3e9084f97a4f41406a29ef5d04fc3 (diff)
6 files changed, 207 insertions, 1 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 228cde532d..756d1fc2b0 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -760,6 +760,7 @@ OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO:127:ossl_store_attach_pem_bio
 OSSL_STORE_F_OSSL_STORE_EXPECT:130:OSSL_STORE_expect
 OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT:128:\
 	ossl_store_file_attach_pem_bio_int
+OSSL_STORE_F_OSSL_STORE_FIND:131:OSSL_STORE_find
 OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT:100:ossl_store_get0_loader_int
 OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT:101:OSSL_STORE_INFO_get1_CERT
 OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL:102:OSSL_STORE_INFO_get1_CRL
@@ -781,6 +782,12 @@ OSSL_STORE_F_OSSL_STORE_LOADER_NEW:113:OSSL_STORE_LOADER_new
 OSSL_STORE_F_OSSL_STORE_OPEN:114:OSSL_STORE_open
 OSSL_STORE_F_OSSL_STORE_OPEN_INT:115:*
 OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT:117:ossl_store_register_loader_int
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS:132:OSSL_STORE_SEARCH_by_alias
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:133:\
+	OSSL_STORE_SEARCH_by_issuer_serial
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:136:\
+	OSSL_STORE_SEARCH_by_key_fingerprint
+OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME:137:OSSL_STORE_SEARCH_by_name
 OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT:116:\
 	ossl_store_unregister_loader_int
 OSSL_STORE_F_TRY_DECODE_PARAMS:121:try_decode_params
@@ -2147,6 +2154,8 @@ OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type
 OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE:107:ambiguous content type
 OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read
 OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac
+OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST:121:\
+	fingerprint size does not match digest
 OSSL_STORE_R_INVALID_SCHEME:106:invalid scheme
 OSSL_STORE_R_IS_NOT_A:112:is not a
 OSSL_STORE_R_LOADER_INCOMPLETE:116:loader incomplete
@@ -2162,6 +2171,7 @@ OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED:109:\
 	ui process interrupted or cancelled
 OSSL_STORE_R_UNREGISTERED_SCHEME:105:unregistered scheme
 OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE:110:unsupported content type
+OSSL_STORE_R_UNSUPPORTED_OPERATION:118:unsupported operation
 OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED:111:uri authority unsupported
 PEM_R_BAD_BASE64_DECODE:100:bad base64 decode
 PEM_R_BAD_DECRYPT:101:bad decrypt
diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index 7232b9858a..1fa7fc4c2d 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -1313,6 +1313,7 @@ static OSSL_STORE_LOADER file_loader =
         file_open,
         file_ctrl,
         file_expect,
+        NULL,
         file_load,
         file_eof,
         file_error,
diff --git a/crypto/store/store_err.c b/crypto/store/store_err.c
index 8902195610..e0280da809 100644
--- a/crypto/store/store_err.c
+++ b/crypto/store/store_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -29,6 +29,8 @@ static const ERR_STRING_DATA OSSL_STORE_str_functs[] = {
      "OSSL_STORE_expect"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, 0),
      "ossl_store_file_attach_pem_bio_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FIND, 0),
+     "OSSL_STORE_find"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, 0),
      "ossl_store_get0_loader_int"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT, 0),
@@ -66,6 +68,14 @@ static const ERR_STRING_DATA OSSL_STORE_str_functs[] = {
     {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN_INT, 0), ""},
     {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, 0),
      "ossl_store_register_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS, 0),
+     "OSSL_STORE_SEARCH_by_alias"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL, 0),
+     "OSSL_STORE_SEARCH_by_issuer_serial"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, 0),
+     "OSSL_STORE_SEARCH_by_key_fingerprint"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME, 0),
+     "OSSL_STORE_SEARCH_by_name"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, 0),
      "ossl_store_unregister_loader_int"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PARAMS, 0),
@@ -84,6 +94,8 @@ static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
     "bad password read"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC),
     "error verifying pkcs12 mac"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST),
+    "fingerprint size does not match digest"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME),
     "invalid scheme"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"},
@@ -108,6 +120,8 @@ static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
     "unregistered scheme"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE),
     "unsupported content type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_OPERATION),
+    "unsupported operation"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED),
     "uri authority unsupported"},
     {0, NULL}
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index bc619a306f..1c43547666 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -147,6 +147,22 @@ int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
     return 1;
 }
 
+int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search)
+{
+    if (ctx->loading) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
+                      OSSL_STORE_R_LOADING_STARTED);
+        return 0;
+    }
+    if (ctx->loader->find == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
+                      OSSL_STORE_R_UNSUPPORTED_OPERATION);
+        return 0;
+    }
+
+    return ctx->loader->find(ctx->loader_ctx, search);
+}
+
 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
 {
     OSSL_STORE_INFO *v = NULL;
@@ -452,6 +468,135 @@ void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
     }
 }
 
+int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
+{
+    OSSL_STORE_SEARCH tmp_search;
+
+    if (ctx->loader->find == NULL)
+        return 0;
+    tmp_search.search_type = search_type;
+    return ctx->loader->find(NULL, &tmp_search);
+}
+
+/* Search term constructors */
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_NAME;
+    search->name = name;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                    const ASN1_INTEGER *serial)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
+    search->name = name;
+    search->serial = serial;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                        const unsigned char
+                                                        *bytes, size_t len)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
+        char buf1[20], buf2[20];
+
+        BIO_snprintf(buf1, sizeof(buf1), "%d", EVP_MD_size(digest));
+        BIO_snprintf(buf2, sizeof(buf2), "%zu", len);
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
+                      OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST);
+        ERR_add_error_data(5, EVP_MD_name(digest), " size is ", buf1,
+                           ", fingerprint size is ", buf2);
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
+    search->digest = digest;
+    search->string = bytes;
+    search->stringlength = len;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
+    search->string = (const unsigned char *)alias;
+    search->stringlength = strlen(alias);
+    return search;
+}
+
+/* Search term destructor */
+void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
+{
+    OPENSSL_free(search);
+}
+
+/* Search term accessors */
+int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->search_type;
+}
+
+X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->name;
+}
+
+const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                 *criterion)
+{
+    return criterion->serial;
+}
+
+const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                  *criterion, size_t *length)
+{
+    *length = criterion->stringlength;
+    return criterion->string;
+}
+
+const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
+{
+    return (const char *)criterion->string;
+}
+
+const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->digest;
+}
+
 /* Internal functions */
 OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
                                               BUF_MEM *embedded)
diff --git a/crypto/store/store_locl.h b/crypto/store/store_locl.h
index 68265f826a..369dcb33f2 100644
--- a/crypto/store/store_locl.h
+++ b/crypto/store/store_locl.h
@@ -62,6 +62,34 @@ BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info);
 char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info);
 
 /*-
+ *  OSSL_STORE_SEARCH stuff
+ *  -----------------------
+ */
+
+struct ossl_store_search_st {
+    int search_type;
+
+    /*
+     * Used by OSSL_STORE_SEARCH_BY_NAME and
+     * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
+     */
+    X509_NAME *name;
+
+    /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
+    const ASN1_INTEGER *serial;
+
+    /* Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT */
+    const EVP_MD *digest;
+
+    /*
+     * Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT and
+     * OSSL_STORE_SEARCH_BY_ALIAS
+     */
+    const unsigned char *string;
+    size_t stringlength;
+};
+
+/*-
  *  OSSL_STORE_LOADER stuff
  *  -----------------------
  */
@@ -76,6 +104,7 @@ struct ossl_store_loader_st {
     OSSL_STORE_open_fn open;
     OSSL_STORE_ctrl_fn ctrl;
     OSSL_STORE_expect_fn expect;
+    OSSL_STORE_find_fn find;
     OSSL_STORE_load_fn load;
     OSSL_STORE_eof_fn eof;
     OSSL_STORE_error_fn error;
diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c
index 476cd7ac86..e68cb3c568 100644
--- a/crypto/store/store_register.c
+++ b/crypto/store/store_register.c
@@ -85,6 +85,13 @@ int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
     return 1;
 }
 
+int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_find_fn find_function)
+{
+    loader->find = find_function;
+    return 1;
+}
+
 int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader,
                                OSSL_STORE_load_fn load_function)
 {
author	Richard Levitte <levitte@openssl.org>	2017-02-19 12:24:19 +0100
committer	Richard Levitte <levitte@openssl.org>	2018-02-23 07:40:42 +0100
commit	fac8673b8aed77231e23d51d78cd8eb995d21f5c (patch)
tree	eb8bdf19c6cb436f7149b19dc0c788776b4b9ba2 /crypto
parent	7622baf8a7c3e9084f97a4f41406a29ef5d04fc3 (diff)