[openssl-commits] [openssl] master update

Richard Levitte levitte at openssl.org
Thu Jun 29 20:17:50 UTC 2017 

The branch master has been updated
       via  5ee407460b3b68aa4695f17cf8c43e0d07cb18a8 (commit)
       via  6f9c5062682c0f30d62af54b15ad6904e4dd8cb6 (commit)
      from  0e288c2af2f24121ebd5f0c58912d9429915c02a (commit)


- Log -----------------------------------------------------------------
commit 5ee407460b3b68aa4695f17cf8c43e0d07cb18a8
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Jun 29 21:47:54 2017 +0200

    STORE: Make sure the loader to be registered is complete
    
    Most of the loader function pointers are crucial, they must be defined
    unconditionally.  Therefore, let's make sure OSSL_STORE_register_loader
    refuses to register incomplete loaders
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/3805)

commit 6f9c5062682c0f30d62af54b15ad6904e4dd8cb6
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Jun 29 21:46:02 2017 +0200

    STORE: simplify store_loader_cmp()
    
    We have already made sure that the loader scheme isn't NULL, so
    checking if they are NULL or not when comparing registered loaders
    is redundant.  We still soft assert it, just to be entirely sure.
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/3805)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt        |  1 +
 crypto/store/store_err.c      |  2 ++
 crypto/store/store_register.c | 15 ++++++++++-----
 include/openssl/storeerr.h    |  1 +
 4 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 87aea05..4eaef1a 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1990,6 +1990,7 @@ OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read
 OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac
 OSSL_STORE_R_INVALID_SCHEME:106:invalid scheme
 OSSL_STORE_R_IS_NOT_A:112:is not a
+OSSL_STORE_R_LOADER_INCOMPLETE:116:loader incomplete
 OSSL_STORE_R_NOT_A_CERTIFICATE:100:not a certificate
 OSSL_STORE_R_NOT_A_CRL:101:not a crl
 OSSL_STORE_R_NOT_A_KEY:102:not a key
diff --git a/crypto/store/store_err.c b/crypto/store/store_err.c
index aad643b..86a15c9 100644
--- a/crypto/store/store_err.c
+++ b/crypto/store/store_err.c
@@ -85,6 +85,8 @@ static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME),
     "invalid scheme"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE),
+    "loader incomplete"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE),
     "not a certificate"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"},
diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c
index bde190e..7af1925 100644
--- a/crypto/store/store_register.c
+++ b/crypto/store/store_register.c
@@ -123,11 +123,8 @@ static unsigned long store_loader_hash(const OSSL_STORE_LOADER *v)
 static int store_loader_cmp(const OSSL_STORE_LOADER *a,
                             const OSSL_STORE_LOADER *b)
 {
-    if (a->scheme != NULL && b->scheme != NULL)
-        return strcmp(a->scheme, b->scheme);
-    else if (a->scheme == b->scheme)
-        return 0;
-    return a->scheme == NULL ? -1 : 1;
+    assert(a->scheme != NULL && b->scheme != NULL);
+    return strcmp(a->scheme, b->scheme);
 }
 
 static LHASH_OF(OSSL_STORE_LOADER) *loader_register = NULL;
@@ -156,6 +153,14 @@ int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader)
         return 0;
     }
 
+    /* Check that functions we absolutely require are present */
+    if (loader->open == NULL || loader->load == NULL || loader->eof == NULL
+        || loader->error == NULL || loader->close == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      OSSL_STORE_R_LOADER_INCOMPLETE);
+        return 0;
+    }
+
     if (!RUN_ONCE(&registry_init, do_registry_init)) {
         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
                       ERR_R_MALLOC_FAILURE);
diff --git a/include/openssl/storeerr.h b/include/openssl/storeerr.h
index 4e0818d..b1d23de 100644
--- a/include/openssl/storeerr.h
+++ b/include/openssl/storeerr.h
@@ -62,6 +62,7 @@ int ERR_load_OSSL_STORE_strings(void);
 # define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC          113
 # define OSSL_STORE_R_INVALID_SCHEME                      106
 # define OSSL_STORE_R_IS_NOT_A                            112
+# define OSSL_STORE_R_LOADER_INCOMPLETE                   116
 # define OSSL_STORE_R_NOT_A_CERTIFICATE                   100
 # define OSSL_STORE_R_NOT_A_CRL                           101
 # define OSSL_STORE_R_NOT_A_KEY                           102

More information about the openssl-commits mailing list