From: Richard Levitte <levitte@openssl.org>
Date: Thu, 29 Jun 2017 19:47:54 +0000 (+0200)
Subject: STORE: Make sure the loader to be registered is complete
X-Git-Tag: OpenSSL_1_1_1-pre1~1146
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5ee407460b3b68aa4695f17cf8c43e0d07cb18a8;p=oweals%2Fopenssl.git

STORE: Make sure the loader to be registered is complete

Most of the loader function pointers are crucial, they must be defined
unconditionally.  Therefore, let's make sure OSSL_STORE_register_loader
refuses to register incomplete loaders

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3805)
---

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 87aea05511..4eaef1ae11 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1990,6 +1990,7 @@ OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read
 OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac
 OSSL_STORE_R_INVALID_SCHEME:106:invalid scheme
 OSSL_STORE_R_IS_NOT_A:112:is not a
+OSSL_STORE_R_LOADER_INCOMPLETE:116:loader incomplete
 OSSL_STORE_R_NOT_A_CERTIFICATE:100:not a certificate
 OSSL_STORE_R_NOT_A_CRL:101:not a crl
 OSSL_STORE_R_NOT_A_KEY:102:not a key
diff --git a/crypto/store/store_err.c b/crypto/store/store_err.c
index aad643b163..86a15c9a97 100644
--- a/crypto/store/store_err.c
+++ b/crypto/store/store_err.c
@@ -85,6 +85,8 @@ static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME),
     "invalid scheme"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE),
+    "loader incomplete"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE),
     "not a certificate"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"},
diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c
index c7feec39d6..7af1925f23 100644
--- a/crypto/store/store_register.c
+++ b/crypto/store/store_register.c
@@ -153,6 +153,14 @@ int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader)
         return 0;
     }
 
+    /* Check that functions we absolutely require are present */
+    if (loader->open == NULL || loader->load == NULL || loader->eof == NULL
+        || loader->error == NULL || loader->close == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      OSSL_STORE_R_LOADER_INCOMPLETE);
+        return 0;
+    }
+
     if (!RUN_ONCE(&registry_init, do_registry_init)) {
         OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
                       ERR_R_MALLOC_FAILURE);
diff --git a/include/openssl/storeerr.h b/include/openssl/storeerr.h
index 4e0818d7ac..b1d23de64a 100644
--- a/include/openssl/storeerr.h
+++ b/include/openssl/storeerr.h
@@ -62,6 +62,7 @@ int ERR_load_OSSL_STORE_strings(void);
 # define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC          113
 # define OSSL_STORE_R_INVALID_SCHEME                      106
 # define OSSL_STORE_R_IS_NOT_A                            112
+# define OSSL_STORE_R_LOADER_INCOMPLETE                   116
 # define OSSL_STORE_R_NOT_A_CERTIFICATE                   100
 # define OSSL_STORE_R_NOT_A_CRL                           101
 # define OSSL_STORE_R_NOT_A_KEY                           102