STORE: Use the 'expect' param to limit the amount of decoders used

In the provider file: scheme loader implementation, the OSSL_DECODER_CTX was set up with all sorts of implementations, even if the caller has declared a limited expectation on what should be loaded, which means that even though a certificate is expected, all the diverse decoders to produce an EVP_PKEY are added to the decoding change. This optimization looks more closely at the expected type, and only adds the EVP_PKEY related decoder implementations to the chain if there is no expectation, or if the expectation is one of OSSL_STORE_INFO_PARAMS, OSSL_STORE_INFO_PUBKEY, OSSL_STORE_INFO_PKEY. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15066)
author: Richard Levitte <levitte@openssl.org> 2021-04-28 11:02:36 +0200
committer: Richard Levitte <levitte@openssl.org> 2021-04-30 11:15:00 +0200
commit: e73fc81345ae2cdcc4be55768345d8a00fed6453 (patch)
tree: 4ba902772a1ce02d5a78249f22b05e97b73e7722 /providers
parent: 38230e30118e434ca1c41d05d03fe2c41042d97d (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 37f2fcee67..033efb40ac 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -415,7 +415,7 @@ static int file_setup_decoders(struct file_ctx_st *ctx)
     OSSL_DECODER_INSTANCE *to_obj_inst = NULL;
     OSSL_DECODER_CLEANUP *old_cleanup = NULL;
     void *old_construct_data = NULL;
-    int ok = 0;
+    int ok = 0, expect_evp_pkey = 0;
 
     /* Setup for this session, so only if not already done */
     if (ctx->_.file.decoderctx == NULL) {
@@ -424,6 +424,11 @@ static int file_setup_decoders(struct file_ctx_st *ctx)
             goto err;
         }
 
+        expect_evp_pkey = (ctx->expected_type == 0
+                           || ctx->expected_type == OSSL_STORE_INFO_PARAMS
+                           || ctx->expected_type == OSSL_STORE_INFO_PUBKEY
+                           || ctx->expected_type == OSSL_STORE_INFO_PKEY);
+
         /* Make sure the input type is set */
         if (!OSSL_DECODER_CTX_set_input_type(ctx->_.file.decoderctx,
                                              ctx->_.file.input_type)) {
@@ -462,9 +467,10 @@ static int file_setup_decoders(struct file_ctx_st *ctx)
          * Since we're setting up our own constructor, we don't need to care
          * more than that...
          */
-        if (!ossl_decoder_ctx_setup_for_pkey(ctx->_.file.decoderctx,
-                                             &dummy, NULL,
-                                             libctx, ctx->_.file.propq)
+        if ((expect_evp_pkey
+             && !ossl_decoder_ctx_setup_for_pkey(ctx->_.file.decoderctx,
+                                                 &dummy, NULL,
+                                                 libctx, ctx->_.file.propq))
             || !OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx,
                                            libctx, ctx->_.file.propq)) {
             ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
author	Richard Levitte <levitte@openssl.org>	2021-04-28 11:02:36 +0200
committer	Richard Levitte <levitte@openssl.org>	2021-04-30 11:15:00 +0200
commit	e73fc81345ae2cdcc4be55768345d8a00fed6453 (patch)
tree	4ba902772a1ce02d5a78249f22b05e97b73e7722 /providers
parent	38230e30118e434ca1c41d05d03fe2c41042d97d (diff)