OSSL_STORE 'file:' scheme: Set input structure for certificates and CRLs

When the user expects to load a certificate or a CRL through the
OSSL_STORE loading function, the 'file:' implementation sets the
corresponding structure names in the internal decoder context.
This is especially geared for PEM files, which often contain a mix of
objects, and password prompting should be avoided for objects that
need them, but aren't what the caller is looking for.

Fixes #16224

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16466)
This commit is contained in:
Richard Levitte 2021-08-30 13:22:18 +02:00
parent 98408852c1
commit 821b3956ec

View File

@ -437,6 +437,31 @@ static int file_setup_decoders(struct file_ctx_st *ctx)
goto err;
}
/*
* Where applicable, set the outermost structure name.
* The goal is to avoid the STORE object types that are
* potentially password protected but aren't interesting
* for this load.
*/
switch (ctx->expected_type) {
case OSSL_STORE_INFO_CERT:
if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
"Certificate")) {
ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
goto err;
}
break;
case OSSL_STORE_INFO_CRL:
if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
"CertificateList")) {
ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
goto err;
}
break;
default:
break;
}
for (to_algo = ossl_any_to_obj_algorithm;
to_algo->algorithm_names != NULL;
to_algo++) {