diff options
author | Richard Levitte <levitte@openssl.org> | 2021-08-30 13:22:18 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-09-05 21:42:54 +0200 |
commit | 0616afca39adb2ac61a36bc7179a0163d1ee48d0 (patch) | |
tree | 5bab468b37c4c8f36bc078a1313493cc6641b72b /providers | |
parent | 5b4cf28b6dc98c519cf9f469421696b6c984d50c (diff) |
OSSL_STORE 'file:' scheme: Set input structure for certificates and CRLs
When the user expects to load a certificate or a CRL through the
OSSL_STORE loading function, the 'file:' implementation sets the
corresponding structure names in the internal decoder context.
This is especially geared for PEM files, which often contain a mix of
objects, and password prompting should be avoided for objects that
need them, but aren't what the caller is looking for.
Fixes #16224
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16466)
(cherry picked from commit 821b3956ec698927281a5b29c55cd87eb7b2793d)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/storemgmt/file_store.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c index 6ccda2b33f..34cb70fdf8 100644 --- a/providers/implementations/storemgmt/file_store.c +++ b/providers/implementations/storemgmt/file_store.c @@ -437,6 +437,31 @@ static int file_setup_decoders(struct file_ctx_st *ctx) goto err; } + /* + * Where applicable, set the outermost structure name. + * The goal is to avoid the STORE object types that are + * potentially password protected but aren't interesting + * for this load. + */ + switch (ctx->expected_type) { + case OSSL_STORE_INFO_CERT: + if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx, + "Certificate")) { + ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); + goto err; + } + break; + case OSSL_STORE_INFO_CRL: + if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx, + "CertificateList")) { + ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB); + goto err; + } + break; + default: + break; + } + for (to_algo = ossl_any_to_obj_algorithm; to_algo->algorithm_names != NULL; to_algo++) { |