OSSL_STORE: Make sure the called OSSL_DECODER knows what to expect

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
author: Richard Levitte <levitte@openssl.org> 2020-10-28 19:13:46 +0100
committer: Richard Levitte <levitte@openssl.org> 2020-11-11 11:42:06 +0100
commit: 9787b5b81fd9ca41427fa7b89de4d9518e988f6a (patch)
tree: 1e4536cd7f1b4baabb03ef45baae4fb1f7fd77a1 /crypto/store
parent: 8d8fee64005d0757ba75e2b24b730cfc7b8edbef (diff)
1 files changed, 32 insertions, 7 deletions
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 96df9d8e14..872efd56bb 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -253,9 +253,28 @@ static EVP_PKEY *try_key_value(struct extracted_param_data_st *data,
     OSSL_DECODER_CTX *decoderctx = NULL;
     const unsigned char *pdata = data->octet_data;
     size_t pdatalen = data->octet_data_size;
+    int selection = 0;
+
+    switch (ctx->expected_type) {
+    case 0:
+        break;
+    case OSSL_STORE_INFO_PARAMS:
+        selection = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS;
+        break;
+    case OSSL_STORE_INFO_PUBKEY:
+        selection =
+            OSSL_KEYMGMT_SELECT_PUBLIC_KEY
+            | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS;
+        break;
+    case OSSL_STORE_INFO_PKEY:
+        selection = OSSL_KEYMGMT_SELECT_ALL;
+        break;
+    default:
+        return NULL;
+    }
 
     decoderctx =
-        OSSL_DECODER_CTX_new_by_EVP_PKEY(&pk, NULL, NULL, NULL, 0,
+        OSSL_DECODER_CTX_new_by_EVP_PKEY(&pk, NULL, NULL, NULL, selection,
                                          libctx, propq);
     (void)OSSL_DECODER_CTX_set_passphrase_cb(decoderctx, cb, cbarg);
 
@@ -281,14 +300,20 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data,
 
     SET_ERR_MARK();
     /* Try PUBKEY first, that's a real easy target */
-    derp = der;
-    pk = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, propq);
-    if (pk != NULL)
-        *store_info_new = OSSL_STORE_INFO_new_PUBKEY;
-    RESET_ERR_MARK();
+    if (ctx->expected_type == 0
+        || ctx->expected_type == OSSL_STORE_INFO_PUBKEY) {
+        derp = der;
+        pk = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, propq);
+        if (pk != NULL)
+            *store_info_new = OSSL_STORE_INFO_new_PUBKEY;
+
+        RESET_ERR_MARK();
+    }
 
     /* Try private keys next */
-    if (pk == NULL) {
+    if (pk == NULL
+        && (ctx->expected_type == 0
+            || ctx->expected_type == OSSL_STORE_INFO_PKEY)) {
         unsigned char *new_der = NULL;
         X509_SIG *p8 = NULL;
         PKCS8_PRIV_KEY_INFO *p8info = NULL;
author	Richard Levitte <levitte@openssl.org>	2020-10-28 19:13:46 +0100
committer	Richard Levitte <levitte@openssl.org>	2020-11-11 11:42:06 +0100
commit	9787b5b81fd9ca41427fa7b89de4d9518e988f6a (patch)
tree	1e4536cd7f1b4baabb03ef45baae4fb1f7fd77a1 /crypto/store
parent	8d8fee64005d0757ba75e2b24b730cfc7b8edbef (diff)