STORE: Add the possibility to search for specific information

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
author: Richard Levitte <levitte@openssl.org> 2017-02-19 12:24:19 +0100
committer: Richard Levitte <levitte@openssl.org> 2018-02-23 07:40:42 +0100
commit: fac8673b8aed77231e23d51d78cd8eb995d21f5c (patch)
tree: eb8bdf19c6cb436f7149b19dc0c788776b4b9ba2 /include
parent: 7622baf8a7c3e9084f97a4f41406a29ef5d04fc3 (diff)
3 files changed, 57 insertions, 2 deletions
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index f5214ab1e5..2f242f1e7a 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -174,6 +174,7 @@ typedef struct ctlog_store_st CTLOG_STORE;
 typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX;
 
 typedef struct ossl_store_info_st OSSL_STORE_INFO;
+typedef struct ossl_store_search_st OSSL_STORE_SEARCH;
 
 #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
     defined(INTMAX_MAX) && defined(UINTMAX_MAX)
diff --git a/include/openssl/store.h b/include/openssl/store.h
index d4222512f7..7b43e8bd03 100644
--- a/include/openssl/store.h
+++ b/include/openssl/store.h
@@ -151,11 +151,54 @@ const char *OSSL_STORE_INFO_type_string(int type);
  */
 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info);
 
+
+/*-
+ *  Functions to construct a search URI from a base URI and search criteria
+ *  -----------------------------------------------------------------------
+ */
+
+/* OSSL_STORE search types */
+# define OSSL_STORE_SEARCH_BY_NAME              1 /* subject in certs, issuer in CRLs */
+# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL     2
+# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT   3
+# define OSSL_STORE_SEARCH_BY_ALIAS             4
+
+/* To check what search types the scheme handler supports */
+int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type);
+
+/* Search term constructors */
+/*
+ * The input is considered to be owned by the caller, and must therefore
+ * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH
+ */
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                      const ASN1_INTEGER
+                                                      *serial);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                        const unsigned char
+                                                        *bytes, size_t len);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias);
+
+/* Search term destructor */
+void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search);
+
+/* Search term accessors */
+int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion);
+X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion);
+const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                  *criterion);
+const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                  *criterion, size_t *length);
+const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion);
+const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion);
+
 /*
- * Add expected return type (which can be unspecified) to the loading channel.
- *  This MUST happen before the first STORE_load().
+ * Add search criterion and expected return type (which can be unspecified)
+ * to the loading channel.  This MUST happen before the first OSSL_STORE_load().
  */
 int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type);
+int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search);
 
 
 /*-
@@ -186,6 +229,10 @@ int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader,
 typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected);
 int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
                                  OSSL_STORE_expect_fn expect_function);
+typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                  OSSL_STORE_SEARCH *criteria);
+int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_find_fn find_function);
 typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx,
                                                const UI_METHOD *ui_method,
                                                void *ui_data);
diff --git a/include/openssl/storeerr.h b/include/openssl/storeerr.h
index 864a9070e3..0eb8e88a48 100644
--- a/include/openssl/storeerr.h
+++ b/include/openssl/storeerr.h
@@ -28,6 +28,7 @@ int ERR_load_OSSL_STORE_strings(void);
 # define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO           127
 # define OSSL_STORE_F_OSSL_STORE_EXPECT                   130
 # define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT  128
+# define OSSL_STORE_F_OSSL_STORE_FIND                     131
 # define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT          100
 # define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT           101
 # define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL            102
@@ -47,6 +48,10 @@ int ERR_load_OSSL_STORE_strings(void);
 # define OSSL_STORE_F_OSSL_STORE_OPEN                     114
 # define OSSL_STORE_F_OSSL_STORE_OPEN_INT                 115
 # define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT      117
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS          132
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL  133
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 136
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME           137
 # define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT    116
 # define OSSL_STORE_F_TRY_DECODE_PARAMS                   121
 # define OSSL_STORE_F_TRY_DECODE_PKCS12                   122
@@ -58,6 +63,7 @@ int ERR_load_OSSL_STORE_strings(void);
 # define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE              107
 # define OSSL_STORE_R_BAD_PASSWORD_READ                   115
 # define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC          113
+# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121
 # define OSSL_STORE_R_INVALID_SCHEME                      106
 # define OSSL_STORE_R_IS_NOT_A                            112
 # define OSSL_STORE_R_LOADER_INCOMPLETE                   116
@@ -72,6 +78,7 @@ int ERR_load_OSSL_STORE_strings(void);
 # define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109
 # define OSSL_STORE_R_UNREGISTERED_SCHEME                 105
 # define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE            110
+# define OSSL_STORE_R_UNSUPPORTED_OPERATION               118
 # define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED           111
 
 #endif
author	Richard Levitte <levitte@openssl.org>	2017-02-19 12:24:19 +0100
committer	Richard Levitte <levitte@openssl.org>	2018-02-23 07:40:42 +0100
commit	fac8673b8aed77231e23d51d78cd8eb995d21f5c (patch)
tree	eb8bdf19c6cb436f7149b19dc0c788776b4b9ba2 /include
parent	7622baf8a7c3e9084f97a4f41406a29ef5d04fc3 (diff)