summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/err/openssl.txt2
-rw-r--r--crypto/store/loader_file.c3
-rw-r--r--crypto/store/store_err.c4
-rw-r--r--crypto/store/store_lib.c37
-rw-r--r--crypto/store/store_locl.h3
-rw-r--r--crypto/store/store_register.c7
6 files changed, 54 insertions, 2 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 9b8a03ac21..228cde532d 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -757,6 +757,7 @@ OSSL_STORE_F_FILE_LOAD_TRY_DECODE:124:file_load_try_decode
OSSL_STORE_F_FILE_NAME_TO_URI:126:file_name_to_uri
OSSL_STORE_F_FILE_OPEN:120:file_open
OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO:127:ossl_store_attach_pem_bio
+OSSL_STORE_F_OSSL_STORE_EXPECT:130:OSSL_STORE_expect
OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT:128:\
ossl_store_file_attach_pem_bio_int
OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT:100:ossl_store_get0_loader_int
@@ -2149,6 +2150,7 @@ OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac
OSSL_STORE_R_INVALID_SCHEME:106:invalid scheme
OSSL_STORE_R_IS_NOT_A:112:is not a
OSSL_STORE_R_LOADER_INCOMPLETE:116:loader incomplete
+OSSL_STORE_R_LOADING_STARTED:117:loading started
OSSL_STORE_R_NOT_A_CERTIFICATE:100:not a certificate
OSSL_STORE_R_NOT_A_CRL:101:not a crl
OSSL_STORE_R_NOT_A_KEY:102:not a key
diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index 588a581632..048cbd3a69 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1295,6 +1295,7 @@ static OSSL_STORE_LOADER file_loader =
NULL,
file_open,
file_ctrl,
+ NULL,
file_load,
file_eof,
file_error,
diff --git a/crypto/store/store_err.c b/crypto/store/store_err.c
index c78b3899f7..8902195610 100644
--- a/crypto/store/store_err.c
+++ b/crypto/store/store_err.c
@@ -25,6 +25,8 @@ static const ERR_STRING_DATA OSSL_STORE_str_functs[] = {
{ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_OPEN, 0), "file_open"},
{ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO, 0),
"ossl_store_attach_pem_bio"},
+ {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_EXPECT, 0),
+ "OSSL_STORE_expect"},
{ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, 0),
"ossl_store_file_attach_pem_bio_int"},
{ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, 0),
@@ -87,6 +89,8 @@ static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"},
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE),
"loader incomplete"},
+ {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADING_STARTED),
+ "loading started"},
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE),
"not a certificate"},
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"},
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index fce2dbc2e2..bc619a306f 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -10,6 +10,10 @@
#include "e_os.h"
#include <stdlib.h>
#include <string.h>
+#include <assert.h>
+
+#include "e_os.h"
+
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/store.h>
@@ -24,6 +28,7 @@ struct ossl_store_ctx_st {
void *ui_data;
OSSL_STORE_post_process_info_fn post_process;
void *post_process_data;
+ int expected_type;
/* 0 before the first STORE_load(), 1 otherwise */
int loading;
@@ -128,6 +133,20 @@ int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
return 0;
}
+int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
+{
+ if (ctx->loading) {
+ OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_EXPECT,
+ OSSL_STORE_R_LOADING_STARTED);
+ return 0;
+ }
+
+ ctx->expected_type = expected_type;
+ if (ctx->loader->expect != NULL)
+ return ctx->loader->expect(ctx->loader_ctx, expected_type);
+ return 1;
+}
+
OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
{
OSSL_STORE_INFO *v = NULL;
@@ -150,6 +169,24 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
goto again;
}
+ if (v != NULL && ctx->expected_type != 0) {
+ int returned_type = OSSL_STORE_INFO_get_type(v);
+
+ if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
+ /*
+ * Soft assert here so those who want to harsly weed out faulty
+ * loaders can do so using a debugging version of libcrypto.
+ */
+ if (ctx->loader->expect != NULL)
+ assert(ctx->expected_type == returned_type);
+
+ if (ctx->expected_type != returned_type) {
+ OSSL_STORE_INFO_free(v);
+ goto again;
+ }
+ }
+ }
+
return v;
}
diff --git a/crypto/store/store_locl.h b/crypto/store/store_locl.h
index 789d332810..68265f826a 100644
--- a/crypto/store/store_locl.h
+++ b/crypto/store/store_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -75,6 +75,7 @@ struct ossl_store_loader_st {
ENGINE *engine;
OSSL_STORE_open_fn open;
OSSL_STORE_ctrl_fn ctrl;
+ OSSL_STORE_expect_fn expect;
OSSL_STORE_load_fn load;
OSSL_STORE_eof_fn eof;
OSSL_STORE_error_fn error;
diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c
index 855c28eda7..476cd7ac86 100644
--- a/crypto/store/store_register.c
+++ b/crypto/store/store_register.c
@@ -78,6 +78,13 @@ int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader,
return 1;
}
+int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+ OSSL_STORE_expect_fn expect_function)
+{
+ loader->expect = expect_function;
+ return 1;
+}
+
int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader,
OSSL_STORE_load_fn load_function)
{