diff options
author | Richard Levitte <levitte@openssl.org> | 2021-04-28 11:02:36 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-04-30 11:15:00 +0200 |
commit | e73fc81345ae2cdcc4be55768345d8a00fed6453 (patch) | |
tree | 4ba902772a1ce02d5a78249f22b05e97b73e7722 /providers | |
parent | 38230e30118e434ca1c41d05d03fe2c41042d97d (diff) |
STORE: Use the 'expect' param to limit the amount of decoders used
In the provider file: scheme loader implementation, the OSSL_DECODER_CTX
was set up with all sorts of implementations, even if the caller has
declared a limited expectation on what should be loaded, which means
that even though a certificate is expected, all the diverse decoders
to produce an EVP_PKEY are added to the decoding change.
This optimization looks more closely at the expected type, and only
adds the EVP_PKEY related decoder implementations to the chain if
there is no expectation, or if the expectation is one of
OSSL_STORE_INFO_PARAMS, OSSL_STORE_INFO_PUBKEY, OSSL_STORE_INFO_PKEY.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15066)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/storemgmt/file_store.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c index 37f2fcee67..033efb40ac 100644 --- a/providers/implementations/storemgmt/file_store.c +++ b/providers/implementations/storemgmt/file_store.c @@ -415,7 +415,7 @@ static int file_setup_decoders(struct file_ctx_st *ctx) OSSL_DECODER_INSTANCE *to_obj_inst = NULL; OSSL_DECODER_CLEANUP *old_cleanup = NULL; void *old_construct_data = NULL; - int ok = 0; + int ok = 0, expect_evp_pkey = 0; /* Setup for this session, so only if not already done */ if (ctx->_.file.decoderctx == NULL) { @@ -424,6 +424,11 @@ static int file_setup_decoders(struct file_ctx_st *ctx) goto err; } + expect_evp_pkey = (ctx->expected_type == 0 + || ctx->expected_type == OSSL_STORE_INFO_PARAMS + || ctx->expected_type == OSSL_STORE_INFO_PUBKEY + || ctx->expected_type == OSSL_STORE_INFO_PKEY); + /* Make sure the input type is set */ if (!OSSL_DECODER_CTX_set_input_type(ctx->_.file.decoderctx, ctx->_.file.input_type)) { @@ -462,9 +467,10 @@ static int file_setup_decoders(struct file_ctx_st *ctx) * Since we're setting up our own constructor, we don't need to care * more than that... */ - if (!ossl_decoder_ctx_setup_for_pkey(ctx->_.file.decoderctx, - &dummy, NULL, - libctx, ctx->_.file.propq) + if ((expect_evp_pkey + && !ossl_decoder_ctx_setup_for_pkey(ctx->_.file.decoderctx, + &dummy, NULL, + libctx, ctx->_.file.propq)) || !OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx, libctx, ctx->_.file.propq)) { ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); |