From: Richard Levitte <levitte@openssl.org>
Date: Wed, 28 Oct 2020 18:13:46 +0000 (+0100)
Subject: OSSL_STORE: Make sure the called OSSL_DECODER knows what to expect
X-Git-Tag: openssl-3.0.0-alpha9~134
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9787b5b81fd9ca41427fa7b89de4d9518e988f6a;p=thirdparty%2Fopenssl.git

OSSL_STORE: Make sure the called OSSL_DECODER knows what to expect

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)
---

diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 96df9d8e141..872efd56bb8 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -253,9 +253,28 @@ static EVP_PKEY *try_key_value(struct extracted_param_data_st *data,
     OSSL_DECODER_CTX *decoderctx = NULL;
     const unsigned char *pdata = data->octet_data;
     size_t pdatalen = data->octet_data_size;
+    int selection = 0;
+
+    switch (ctx->expected_type) {
+    case 0:
+        break;
+    case OSSL_STORE_INFO_PARAMS:
+        selection = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS;
+        break;
+    case OSSL_STORE_INFO_PUBKEY:
+        selection =
+            OSSL_KEYMGMT_SELECT_PUBLIC_KEY
+            | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS;
+        break;
+    case OSSL_STORE_INFO_PKEY:
+        selection = OSSL_KEYMGMT_SELECT_ALL;
+        break;
+    default:
+        return NULL;
+    }
 
     decoderctx =
-        OSSL_DECODER_CTX_new_by_EVP_PKEY(&pk, NULL, NULL, NULL, 0,
+        OSSL_DECODER_CTX_new_by_EVP_PKEY(&pk, NULL, NULL, NULL, selection,
                                          libctx, propq);
     (void)OSSL_DECODER_CTX_set_passphrase_cb(decoderctx, cb, cbarg);
 
@@ -281,14 +300,20 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data,
 
     SET_ERR_MARK();
     /* Try PUBKEY first, that's a real easy target */
-    derp = der;
-    pk = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, propq);
-    if (pk != NULL)
-        *store_info_new = OSSL_STORE_INFO_new_PUBKEY;
-    RESET_ERR_MARK();
+    if (ctx->expected_type == 0
+        || ctx->expected_type == OSSL_STORE_INFO_PUBKEY) {
+        derp = der;
+        pk = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, propq);
+        if (pk != NULL)
+            *store_info_new = OSSL_STORE_INFO_new_PUBKEY;
+
+        RESET_ERR_MARK();
+    }
 
     /* Try private keys next */
-    if (pk == NULL) {
+    if (pk == NULL
+        && (ctx->expected_type == 0
+            || ctx->expected_type == OSSL_STORE_INFO_PKEY)) {
         unsigned char *new_der = NULL;
         X509_SIG *p8 = NULL;
         PKCS8_PRIV_KEY_INFO *p8info = NULL;