From d382e79632677f2457025be3d820e08d7ea12d85 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 30 Apr 2021 16:57:53 +0200
Subject: Make the -inform option to be respected if possible

Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.

The input type format is enforced only in case the file
type file store is used.

By default we use FORMAT_UNDEF meaning the input type
is not enforced.

Fixes #14569

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
---
 providers/fips-sources.checksums                 |  2 +-
 providers/fips.checksum                          |  2 +-
 providers/implementations/storemgmt/file_store.c | 33 ++++++++++++++----------
 3 files changed, 22 insertions(+), 15 deletions(-)

(limited to 'providers')

diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index a7ee231b15..fc8d6362df 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -452,7 +452,7 @@ a7f16a6480f5051d1197b992e042a73535d0922bdd3c962d2a96af780994e858  providers/impl
 1cb6ec2efb7b2bb131622aa95e245273f5967065eb0018392ed4ced50d0813b7  providers/implementations/signature/mac_legacy.c
 25fe1a61578d54c3e67b60646f3fd3d0a47ff1d4cd620ef1f1fca3341f2662a2  providers/implementations/signature/rsa.c
 c0a862433e5da909cf0c614d3f982765b67821c7a4cc6257ceb8c490b4dcf732  providers/implementations/signature/sm2sig.c
-c63cb744c26af304cf00006071d3ebd9325a4d65913b75a2bcb1d2e104c734fd  providers/implementations/storemgmt/file_store.c
+e2750b310565e74617310566c1ccfbd75559521117fd8936540fff54dd304902  providers/implementations/storemgmt/file_store.c
 291288936fe321e3e85048366f790f6b7983561cd8f80eec4c0e01d7c43614ab  providers/implementations/storemgmt/file_store_der2obj.c
 04ea01e48b8fee822acb376ab8679b4c627b32ab75c137bf23ebb4fe2a1c0703  providers/prov_running.c
 53a1e913fcc4a4e8e84009229cba60b9e29c7dc6536182fd290478331fad44b4  ssl/record/tls_pad.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index ff7a1c2c78..e28929484f 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-b998b19b940b606688e4711014407c48c3fca4c58b2fdc60ac64c1cef94861c1  providers/fips-sources.checksums
+de031c8fbe10ee9b6447dd230956217e599cf923ff36a1026b515c2a22158b37  providers/fips-sources.checksums
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 033efb40ac..b9bb3b36c0 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -149,15 +149,11 @@ static OSSL_DECODER_CLEANUP file_load_cleanup;
  *
  */
 static struct file_ctx_st *file_open_stream(BIO *source, const char *uri,
-                                            const char *input_type,
                                             void *provctx)
 {
     struct file_ctx_st *ctx;
 
-    if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL
-        || (input_type != NULL
-            && (ctx->_.file.input_type =
-                OPENSSL_strdup(input_type)) == NULL)) {
+    if ((ctx = new_file_ctx(IS_FILE, uri, provctx)) == NULL) {
         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -285,7 +281,7 @@ static void *file_open(void *provctx, const char *uri)
     if (S_ISDIR(st.st_mode))
         ctx = file_open_dir(path, uri, provctx);
     else if ((bio = BIO_new_file(path, "rb")) == NULL
-             || (ctx = file_open_stream(bio, uri, NULL, provctx)) == NULL)
+             || (ctx = file_open_stream(bio, uri, provctx)) == NULL)
         BIO_free_all(bio);
 
     return ctx;
@@ -299,7 +295,7 @@ void *file_attach(void *provctx, OSSL_CORE_BIO *cin)
     if (new_bio == NULL)
         return NULL;
 
-    ctx = file_open_stream(new_bio, NULL, NULL, provctx);
+    ctx = file_open_stream(new_bio, NULL, provctx);
     if (ctx == NULL)
         BIO_free(new_bio);
     return ctx;
@@ -316,6 +312,7 @@ static const OSSL_PARAM *file_settable_ctx_params(void *provctx)
         OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_PROPERTIES, NULL, 0),
         OSSL_PARAM_int(OSSL_STORE_PARAM_EXPECT, NULL),
         OSSL_PARAM_octet_string(OSSL_STORE_PARAM_SUBJECT, NULL, 0),
+        OSSL_PARAM_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, NULL, 0),
         OSSL_PARAM_END
     };
     return known_settable_ctx_params;
@@ -329,12 +326,22 @@ static int file_set_ctx_params(void *loaderctx, const OSSL_PARAM params[])
     if (params == NULL)
         return 1;
 
-    p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
-    if (p != NULL) {
-        OPENSSL_free(ctx->_.file.propq);
-        ctx->_.file.propq = NULL;
-        if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
-            return 0;
+    if (ctx->type != IS_DIR) {
+        /* these parameters are ignored for directories */
+        p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_PROPERTIES);
+        if (p != NULL) {
+            OPENSSL_free(ctx->_.file.propq);
+            ctx->_.file.propq = NULL;
+            if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.propq, 0))
+                return 0;
+        }
+        p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_INPUT_TYPE);
+        if (p != NULL) {
+            OPENSSL_free(ctx->_.file.input_type);
+            ctx->_.file.input_type = NULL;
+            if (!OSSL_PARAM_get_utf8_string(p, &ctx->_.file.input_type, 0))
+                return 0;
+        }
     }
     p = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_EXPECT);
     if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->expected_type))
-- 
cgit v1.2.3