PROV & STORE: Don't decode keys in the 'file:' store loader

This makes the 'file:' store loader only read the file, and only decode down to a base level binary format, and simply pass that blob of data back to the OSSL_FUNC_store_load() object callback. This offloads the decoding into specific OpenSSL types to libcrypto, which takes away the issue of origins, which provider is it that holds the key (or other future types of objects). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15981)
2025-03-01 19:28:10 +08:00 · 2021-07-02 12:29:23 +02:00 · 2021-07-02 12:29:23 +02:00 · 0550cdeb80
commit 0550cdeb80
parent a9fa32c2a0
1 changed files with 6 additions and 31 deletions
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@ -419,13 +419,10 @@ void file_load_cleanup(void *construct_data)

 static int file_setup_decoders(struct file_ctx_st *ctx)
 {
-    EVP_PKEY *dummy; /* for ossl_decoder_ctx_setup_for_pkey() */
    OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
    OSSL_DECODER *to_obj = NULL; /* Last resort decoder */
    OSSL_DECODER_INSTANCE *to_obj_inst = NULL;
-    OSSL_DECODER_CLEANUP *old_cleanup = NULL;
-    void *old_construct_data = NULL;
-    int ok = 0, expect_evp_pkey = 0;
+    int ok = 0;

    /* Setup for this session, so only if not already done */
    if (ctx->_.file.decoderctx == NULL) {
@ -434,11 +431,6 @@ static int file_setup_decoders(struct file_ctx_st *ctx)
            goto err;
        }

-        expect_evp_pkey = (ctx->expected_type == 0
-                           || ctx->expected_type == OSSL_STORE_INFO_PARAMS
-                           || ctx->expected_type == OSSL_STORE_INFO_PUBKEY
-                           || ctx->expected_type == OSSL_STORE_INFO_PKEY);
-
        /* Make sure the input type is set */
        if (!OSSL_DECODER_CTX_set_input_type(ctx->_.file.decoderctx,
                                             ctx->_.file.input_type)) {
@ -472,33 +464,16 @@ static int file_setup_decoders(struct file_ctx_st *ctx)
         */
        to_obj_inst = NULL;

-        /*
-         * Add on the usual decoder context for keys, with a dummy object.
-         * Since we're setting up our own constructor, we don't need to care
-         * more than that...
-         */
-        if ((expect_evp_pkey
-             && !ossl_decoder_ctx_setup_for_pkey(ctx->_.file.decoderctx,
-                                                 &dummy, NULL,
-                                                 libctx, ctx->_.file.propq))
-            || !OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx,
-                                           libctx, ctx->_.file.propq)) {
+        /* Add on the usual extra decoders */
+        if (!OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx,
+                                        libctx, ctx->_.file.propq)) {
            ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
            goto err;
        }

        /*
-         * Then we throw away the installed finalizer data, and install our
-         * own instead.
-         */
-        old_cleanup = OSSL_DECODER_CTX_get_cleanup(ctx->_.file.decoderctx);
-        old_construct_data =
-            OSSL_DECODER_CTX_get_construct_data(ctx->_.file.decoderctx);
-        if (old_cleanup != NULL)
-            old_cleanup(old_construct_data);
-
-        /*
-         * Set the hooks.
+         * Then install our constructor hooks, which just passes decoded
+         * data to the load callback
         */
        if (!OSSL_DECODER_CTX_set_construct(ctx->_.file.decoderctx,
                                            file_load_construct)