When the user expects to load a certificate or a CRL through the
OSSL_STORE loading function, the 'file:' implementation sets the
corresponding structure names in the internal decoder context.
This is especially geared for PEM files, which often contain a mix of
objects, and password prompting should be avoided for objects that
need them, but aren't what the caller is looking for.
Fixes #16224
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16466)
(cherry picked from commit
821b3956ec698927281a5b29c55cd87eb7b2793d)
goto err;
}
+ /*
+ * Where applicable, set the outermost structure name.
+ * The goal is to avoid the STORE object types that are
+ * potentially password protected but aren't interesting
+ * for this load.
+ */
+ switch (ctx->expected_type) {
+ case OSSL_STORE_INFO_CERT:
+ if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
+ "Certificate")) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+ break;
+ case OSSL_STORE_INFO_CRL:
+ if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
+ "CertificateList")) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
+ goto err;
+ }
+ break;
+ default:
+ break;
+ }
+
for (to_algo = ossl_any_to_obj_algorithm;
to_algo->algorithm_names != NULL;
to_algo++) {