OSSL_STORE 'file:' scheme: Set input structure for certificates and CRLs

When the user expects to load a certificate or a CRL through the OSSL_STORE loading function, the 'file:' implementation sets the corresponding structure names in the internal decoder context. This is especially geared for PEM files, which often contain a mix of objects, and password prompting should be avoided for objects that need them, but aren't what the caller is looking for. Fixes #16224 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16466) (cherry picked from commit 821b3956ec698927281a5b29c55cd87eb7b2793d)
author: Richard Levitte <levitte@openssl.org> 2021-08-30 13:22:18 +0200
committer: Richard Levitte <levitte@openssl.org> 2021-09-05 21:42:54 +0200
commit: 0616afca39adb2ac61a36bc7179a0163d1ee48d0 (patch)
tree: 5bab468b37c4c8f36bc078a1313493cc6641b72b /providers
parent: 5b4cf28b6dc98c519cf9f469421696b6c984d50c (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 6ccda2b33f..34cb70fdf8 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -437,6 +437,31 @@ static int file_setup_decoders(struct file_ctx_st *ctx)
             goto err;
         }
 
+        /*
+         * Where applicable, set the outermost structure name.
+         * The goal is to avoid the STORE object types that are
+         * potentially password protected but aren't interesting
+         * for this load.
+         */
+        switch (ctx->expected_type) {
+        case OSSL_STORE_INFO_CERT:
+            if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
+                                                      "Certificate")) {
+                ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+                goto err;
+            }
+            break;
+        case OSSL_STORE_INFO_CRL:
+            if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
+                                                      "CertificateList")) {
+                ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+                goto err;
+            }
+            break;
+        default:
+            break;
+        }
+
         for (to_algo = ossl_any_to_obj_algorithm;
              to_algo->algorithm_names != NULL;
              to_algo++) {
author	Richard Levitte <levitte@openssl.org>	2021-08-30 13:22:18 +0200
committer	Richard Levitte <levitte@openssl.org>	2021-09-05 21:42:54 +0200
commit	0616afca39adb2ac61a36bc7179a0163d1ee48d0 (patch)
tree	5bab468b37c4c8f36bc078a1313493cc6641b72b /providers
parent	5b4cf28b6dc98c519cf9f469421696b6c984d50c (diff)