From: Richard Levitte <levitte@openssl.org>
Date: Fri, 2 Jul 2021 10:29:23 +0000 (+0200)
Subject: PROV & STORE: Don't decode keys in the 'file:' store loader
X-Git-Tag: openssl-3.0.0-beta2~123
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0550cdeb802a2462c4d59e0fc15a1f773054bc65;p=thirdparty%2Fopenssl.git

PROV & STORE: Don't decode keys in the 'file:' store loader

This makes the 'file:' store loader only read the file, and only decode
down to a base level binary format, and simply pass that blob of data
back to the OSSL_FUNC_store_load() object callback.

This offloads the decoding into specific OpenSSL types to libcrypto,
which takes away the issue of origins, which provider is it that holds
the key (or other future types of objects).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15981)
---

diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 4f1e2de6500..02d0e29502f 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -419,13 +419,10 @@ void file_load_cleanup(void *construct_data)
 
 static int file_setup_decoders(struct file_ctx_st *ctx)
 {
-    EVP_PKEY *dummy; /* for ossl_decoder_ctx_setup_for_pkey() */
     OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
     OSSL_DECODER *to_obj = NULL; /* Last resort decoder */
     OSSL_DECODER_INSTANCE *to_obj_inst = NULL;
-    OSSL_DECODER_CLEANUP *old_cleanup = NULL;
-    void *old_construct_data = NULL;
-    int ok = 0, expect_evp_pkey = 0;
+    int ok = 0;
 
     /* Setup for this session, so only if not already done */
     if (ctx->_.file.decoderctx == NULL) {
@@ -434,11 +431,6 @@ static int file_setup_decoders(struct file_ctx_st *ctx)
             goto err;
         }
 
-        expect_evp_pkey = (ctx->expected_type == 0
-                           || ctx->expected_type == OSSL_STORE_INFO_PARAMS
-                           || ctx->expected_type == OSSL_STORE_INFO_PUBKEY
-                           || ctx->expected_type == OSSL_STORE_INFO_PKEY);
-
         /* Make sure the input type is set */
         if (!OSSL_DECODER_CTX_set_input_type(ctx->_.file.decoderctx,
                                              ctx->_.file.input_type)) {
@@ -472,33 +464,16 @@ static int file_setup_decoders(struct file_ctx_st *ctx)
          */
         to_obj_inst = NULL;
 
-        /*
-         * Add on the usual decoder context for keys, with a dummy object.
-         * Since we're setting up our own constructor, we don't need to care
-         * more than that...
-         */
-        if ((expect_evp_pkey
-             && !ossl_decoder_ctx_setup_for_pkey(ctx->_.file.decoderctx,
-                                                 &dummy, NULL,
-                                                 libctx, ctx->_.file.propq))
-            || !OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx,
-                                           libctx, ctx->_.file.propq)) {
+        /* Add on the usual extra decoders */
+        if (!OSSL_DECODER_CTX_add_extra(ctx->_.file.decoderctx,
+                                        libctx, ctx->_.file.propq)) {
             ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
             goto err;
         }
 
         /*
-         * Then we throw away the installed finalizer data, and install our
-         * own instead.
-         */
-        old_cleanup = OSSL_DECODER_CTX_get_cleanup(ctx->_.file.decoderctx);
-        old_construct_data =
-            OSSL_DECODER_CTX_get_construct_data(ctx->_.file.decoderctx);
-        if (old_cleanup != NULL)
-            old_cleanup(old_construct_data);
-
-        /*
-         * Set the hooks.
+         * Then install our constructor hooks, which just passes decoded
+         * data to the load callback
          */
         if (!OSSL_DECODER_CTX_set_construct(ctx->_.file.decoderctx,
                                             file_load_construct)