@@ -693,37 +693,8 @@ static int store_load(void *ctx, OSSL_CALLBACK *object_cb, void *object_cbarg,
693693 "No custom UI method provided, using the default UI method.\n" );
694694 }
695695
696- /* try fetching a private key */
697- if (store_ctx -> types_tried == 0 ) {
698- store_ctx -> types_tried ++ ;
699- if (store_ctx -> expected_type == 0 || store_ctx -> expected_type == OSSL_STORE_INFO_PKEY ) {
700- EVP_PKEY * key = UTIL_CTX_get_privkey_from_uri (store_ctx -> prov_ctx -> util_ctx ,
701- store_ctx -> uri , ui_method , ui_data );
702-
703- UTIL_CTX_set_ui_method (store_ctx -> prov_ctx -> util_ctx , ui_method , NULL );
704- if (key != NULL ) {
705- /* Workaround for EVP_PKEY without key management, needed since
706- * ossl_store_handle_load_result() doesn't support this case. */
707- cbdata -> v = OSSL_STORE_INFO_new_PKEY (key );
708- return 1 ;
709- }
710- }
711- }
712- /* try fetching a public key */
713- if (store_ctx -> types_tried == 1 ) {
714- store_ctx -> types_tried ++ ;
715- if (store_ctx -> expected_type == 0 || store_ctx -> expected_type == OSSL_STORE_INFO_PUBKEY ) {
716- EVP_PKEY * key = UTIL_CTX_get_pubkey_from_uri (store_ctx -> prov_ctx -> util_ctx ,
717- store_ctx -> uri , ui_method , ui_data );
718-
719- if (key != NULL ) {
720- cbdata -> v = OSSL_STORE_INFO_new_PUBKEY (key );
721- return 1 ;
722- }
723- }
724- }
725696 /* try fetching a certificate */
726- if (store_ctx -> types_tried == 2 ) {
697+ if (store_ctx -> types_tried == 0 ) {
727698 store_ctx -> types_tried ++ ;
728699 if (store_ctx -> expected_type == 0 || store_ctx -> expected_type == OSSL_STORE_INFO_CERT ) {
729700 X509 * cert = UTIL_CTX_get_cert_from_uri (store_ctx -> prov_ctx -> util_ctx ,
@@ -767,12 +738,46 @@ static int store_load(void *ctx, OSSL_CALLBACK *object_cb, void *object_cbarg,
767738 }
768739 }
769740 }
741+ /* try fetching a public key */
742+ if (store_ctx -> types_tried == 1 ) {
743+ store_ctx -> types_tried ++ ;
744+ if (store_ctx -> expected_type == 0 || store_ctx -> expected_type == OSSL_STORE_INFO_PUBKEY ) {
745+ EVP_PKEY * key = UTIL_CTX_get_pubkey_from_uri (store_ctx -> prov_ctx -> util_ctx ,
746+ store_ctx -> uri , ui_method , ui_data );
747+
748+ if (key != NULL ) {
749+ /* Workaround for EVP_PKEY without key management, needed since
750+ * ossl_store_handle_load_result() doesn't support this case. */
751+ cbdata -> v = OSSL_STORE_INFO_new_PUBKEY (key );
752+ return 1 ;
753+ }
754+ }
755+ }
756+ /* try fetching a private key */
757+ if (store_ctx -> types_tried == 2 ) {
758+ store_ctx -> types_tried ++ ;
759+ if (store_ctx -> expected_type == 0 || store_ctx -> expected_type == OSSL_STORE_INFO_PKEY ) {
760+ EVP_PKEY * key = UTIL_CTX_get_privkey_from_uri (store_ctx -> prov_ctx -> util_ctx ,
761+ store_ctx -> uri , ui_method , ui_data );
762+
763+ UTIL_CTX_set_ui_method (store_ctx -> prov_ctx -> util_ctx , ui_method , NULL );
764+ if (key != NULL ) {
765+ /* Workaround for EVP_PKEY without key management, needed since
766+ * ossl_store_handle_load_result() doesn't support this case. */
767+ cbdata -> v = OSSL_STORE_INFO_new_PKEY (key );
768+ return 1 ;
769+ }
770+ }
771+ }
770772 return 0 ;
771773}
772774
773775/*
774776 * Indicates whether all expected objects from the URI have been processed.
775- * The expected sequence is: a private key, a public key, and a certificate.
777+ * The expected sequence is:
778+ * 0 - OSSL_STORE_INFO_CERT - X.509 certificate (X509 *)
779+ * 1 - OSSL_STORE_INFO_PUBKEY - public key (EVP_PKEY *)
780+ * 2 - OSSL_STORE_INFO_PKEY - private key (EVP_PKEY *)
776781 * Once the counter reaches 3, all objects have been handled, making further
777782 * loading attempts unnecessary.
778783 */
0 commit comments