]> git.ipfire.org Git - thirdparty/openssl.git/commit
STORE: Use the 'expect' param to limit the amount of decoders used
authorRichard Levitte <levitte@openssl.org>
Wed, 28 Apr 2021 09:02:36 +0000 (11:02 +0200)
committerRichard Levitte <levitte@openssl.org>
Fri, 30 Apr 2021 09:15:00 +0000 (11:15 +0200)
commite73fc81345ae2cdcc4be55768345d8a00fed6453
tree4ba902772a1ce02d5a78249f22b05e97b73e7722
parent38230e30118e434ca1c41d05d03fe2c41042d97d
STORE: Use the 'expect' param to limit the amount of decoders used

In the provider file: scheme loader implementation, the OSSL_DECODER_CTX
was set up with all sorts of implementations, even if the caller has
declared a limited expectation on what should be loaded, which means
that even though a certificate is expected, all the diverse decoders
to produce an EVP_PKEY are added to the decoding change.

This optimization looks more closely at the expected type, and only
adds the EVP_PKEY related decoder implementations to the chain if
there is no expectation, or if the expectation is one of
OSSL_STORE_INFO_PARAMS, OSSL_STORE_INFO_PUBKEY, OSSL_STORE_INFO_PKEY.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15066)
providers/implementations/storemgmt/file_store.c