leviathan
/
openssl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8

Browse Source 
This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo",
which is sensible considering we already have "SubjectPublicKeyInfo".
We also add "EncryptedPrivateKeyInfo", and use it for a special decoder
that detects and decrypts an EncryptedPrivateKeyInfo structured DER
blob into a PrivateKeyInfo structured DER blob and passes that on to
the next decoder implementation.

The result of this change is that PKCS#8 decryption should only happen
once per decoding instead of once for every expected key type.
Furthermore, this new decoder implementation sets the data type to the
OID of the algorithmIdentifier field, thus reducing how many decoder
implementations are tentativaly run further down the call chain.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15498)
master
Richard Levitte 2 years ago
parent 320fc032b9
commit 6a2b8ff392
18 changed files with 435 additions and 231 deletions
Show Stats Download Patch File Download Diff File

2
apps/rsa.c
Unescape View File

@ -322,7 +322,7 @@ int rsa_main(int argc, char **argv)
if (traditional)
output_structure = "pkcs1"; /* "type-specific" would work too */
else
output_structure = "pkcs8";
output_structure = "PrivateKeyInfo";
}
}

2
crypto/asn1/d2i_pr.c
Unescape View File

@ -32,7 +32,7 @@ d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp,
EVP_PKEY *pkey = NULL, *bak_a = NULL;
EVP_PKEY **ppkey = &pkey;
const char *key_name = NULL;
const char *input_structures[] = { "type-specific", "pkcs8", NULL };
const char *input_structures[] = { "type-specific", "PrivateKeyInfo", NULL };
int i, ret;
if (keytype != EVP_PKEY_NONE) {

2
crypto/asn1/i2d_evp.c
Unescape View File

@ -97,7 +97,7 @@ int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp)
if (evp_pkey_is_provided(a)) {
static const struct type_and_structure_st output_info[] = {
{ "DER", "type-specific" },
{ "DER", "pkcs8" },
{ "DER", "PrivateKeyInfo" },
{ NULL, }
};

6
crypto/evp/evp_pkey.c
Unescape View File

@ -79,8 +79,8 @@ EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx,
p8_data = encoded_data;
len = encoded_len;
dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", "pkcs8", EVP_PKEY_NONE,
0, libctx, propq);
dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", "PrivateKeyInfo",
EVP_PKEY_NONE, 0, libctx, propq);
if (dctx == NULL
|| !OSSL_DECODER_from_data(dctx, &p8_data, &len))
/* try legacy */
@ -115,7 +115,7 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey)
const unsigned char *pp;
if ((ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection,
"DER", "pkcs8",
"DER", "PrivateKeyInfo",
NULL)) == NULL
|| !OSSL_ENCODER_to_data(ctx, &der, &derlen))
goto error;

2
crypto/pem/pem_local.h
Unescape View File

@ -31,7 +31,7 @@
* Properties, named according to the ASN.1 names used throughout libcrypto.
*/
# define PEM_STRUCTURE_PUBKEY "SubjectPublicKeyInfo"
# define PEM_STRUCTURE_PrivateKey "pkcs8"
# define PEM_STRUCTURE_PrivateKey "PrivateKeyInfo"
# define PEM_STRUCTURE_Parameters "type-specific"
# define PEM_STRUCTURE_RSAPrivateKey "type-specific"

2
crypto/pem/pem_pk8.c
Unescape View File

@ -74,7 +74,7 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid,
const char *outtype = isder ? "DER" : "PEM";
OSSL_ENCODER_CTX *ctx =
OSSL_ENCODER_CTX_new_for_pkey(x, OSSL_KEYMGMT_SELECT_ALL,
outtype, "pkcs8", propq);
outtype, "PrivateKeyInfo", propq);
if (ctx == NULL)
return 0;

4
doc/man3/OSSL_ENCODER_to_bio.pod
Unescape View File

@ -61,7 +61,7 @@ To encode a pkey as PKCS#8 with PEM format into a bio:
OSSL_ENCODER_CTX *ectx;
const char *format = "PEM";
const char *structure = "pkcs8"; /* PKCS#8 structure */
const char *structure = "PrivateKeyInfo"; /* PKCS#8 structure */
const unsigned char *pass = "my password";
ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey,
@ -86,7 +86,7 @@ AES-256-CBC into a buffer:
OSSL_ENCODER_CTX *ectx;
const char *format = "DER";
const char *structure = "pkcs8"; /* PKCS#8 structure */
const char *structure = "PrivateKeyInfo"; /* PKCS#8 structure */
const unsigned char *pass = "my password";
unsigned char *data = NULL;
size_t datalen;

10
doc/man7/openssl-glossary.pod
Unescape View File

@ -158,11 +158,13 @@ This is defined in IETF RFC 1421:
L<https://tools.ietf.org/html/rfc1421>
=item PKCS#8 (also known as "pkcs8" in some parts of OpenSSL)
=item PKCS#8
PKCS#8 is a specification of an ASN.1 structure that OpenSSL uses for
storing or transmitting any private key in a key type agnostic manner, and
has both an unencrypted and an encrypted form.
PKCS#8 is a specification of ASN.1 structures that OpenSSL uses for storing
or transmitting any private key in a key type agnostic manner.
There are two structures worth noting for OpenSSL use, one that contains the
key data in unencrypted form (known as "PrivateKeyInfo") and an encrypted
wrapper structure (known as "EncryptedPrivateKeyInfo").
This is specified in RFC 5208:

31
providers/decoders.inc
Unescape View File

@ -15,7 +15,8 @@
#define DECODER_STRUCTURE_type_specific_params "type-specific"
#define DECODER_STRUCTURE_type_specific "type-specific"
#define DECODER_STRUCTURE_type_specific_no_pub "type-specific"
#define DECODER_STRUCTURE_PKCS8 "pkcs8"
#define DECODER_STRUCTURE_EncryptedPrivateKeyInfo "EncryptedPrivateKeyInfo"
#define DECODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo"
#define DECODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo"
#define DECODER_STRUCTURE_DH "dh"
#define DECODER_STRUCTURE_DHX "dhx"
@ -35,17 +36,17 @@
(ossl_##_structure##_##_input##_to_##_output##_decoder_functions) }
#ifndef OPENSSL_NO_DH
DECODER_w_structure("DH", der, PKCS8, dh, yes),
DECODER_w_structure("DH", der, PrivateKeyInfo, dh, yes),
DECODER_w_structure("DH", der, SubjectPublicKeyInfo, dh, yes),
DECODER_w_structure("DH", der, type_specific_params, dh, yes),
DECODER_w_structure("DH", der, DH, dh, yes),
DECODER_w_structure("DHX", der, PKCS8, dhx, yes),
DECODER_w_structure("DHX", der, PrivateKeyInfo, dhx, yes),
DECODER_w_structure("DHX", der, SubjectPublicKeyInfo, dhx, yes),
DECODER_w_structure("DHX", der, type_specific_params, dhx, yes),
DECODER_w_structure("DHX", der, DHX, dhx, yes),
#endif
#ifndef OPENSSL_NO_DSA
DECODER_w_structure("DSA", der, PKCS8, dsa, yes),
DECODER_w_structure("DSA", der, PrivateKeyInfo, dsa, yes),
DECODER_w_structure("DSA", der, SubjectPublicKeyInfo, dsa, yes),
DECODER_w_structure("DSA", der, type_specific, dsa, yes),
DECODER_w_structure("DSA", der, DSA, dsa, yes),
@ -53,30 +54,36 @@ DECODER("DSA", msblob, dsa, yes),
DECODER("DSA", pvk, dsa, yes),
#endif
#ifndef OPENSSL_NO_EC
DECODER_w_structure("EC", der, PKCS8, ec, yes),
DECODER_w_structure("EC", der, PrivateKeyInfo, ec, yes),
DECODER_w_structure("EC", der, SubjectPublicKeyInfo, ec, yes),
DECODER_w_structure("EC", der, type_specific_no_pub, ec, yes),
DECODER_w_structure("EC", der, EC, ec, yes),
DECODER_w_structure("ED25519", der, PKCS8, ed25519, yes),
DECODER_w_structure("ED25519", der, PrivateKeyInfo, ed25519, yes),
DECODER_w_structure("ED25519", der, SubjectPublicKeyInfo, ed25519, yes),
DECODER_w_structure("ED448", der, PKCS8, ed448, yes),
DECODER_w_structure("ED448", der, PrivateKeyInfo, ed448, yes),
DECODER_w_structure("ED448", der, SubjectPublicKeyInfo, ed448, yes),
DECODER_w_structure("X25519", der, PKCS8, x25519, yes),
DECODER_w_structure("X25519", der, PrivateKeyInfo, x25519, yes),
DECODER_w_structure("X25519", der, SubjectPublicKeyInfo, x25519, yes),
DECODER_w_structure("X448", der, PKCS8, x448, yes),
DECODER_w_structure("X448", der, PrivateKeyInfo, x448, yes),
DECODER_w_structure("X448", der, SubjectPublicKeyInfo, x448, yes),
# ifndef OPENSSL_NO_SM2
DECODER_w_structure("SM2", der, PKCS8, sm2, yes),
DECODER_w_structure("SM2", der, PrivateKeyInfo, sm2, yes),
DECODER_w_structure("SM2", der, SubjectPublicKeyInfo, sm2, yes),
# endif
#endif
DECODER_w_structure("RSA", der, PKCS8, rsa, yes),
DECODER_w_structure("RSA", der, PrivateKeyInfo, rsa, yes),
DECODER_w_structure("RSA", der, SubjectPublicKeyInfo, rsa, yes),
DECODER_w_structure("RSA", der, type_specific_keypair, rsa, yes),
DECODER_w_structure("RSA", der, RSA, rsa, yes),
DECODER_w_structure("RSA-PSS", der, PKCS8, rsapss, yes),
DECODER_w_structure("RSA-PSS", der, PrivateKeyInfo, rsapss, yes),
DECODER_w_structure("RSA-PSS", der, SubjectPublicKeyInfo, rsapss, yes),
DECODER("RSA", msblob, rsa, yes),
DECODER("RSA", pvk, rsa, yes),
DECODER("DER", pem, der, yes),
/*
* A decoder that recognises PKCS#8 EncryptedPrivateKeyInfo structure
* and decrypts it, passing on the unencrypted PrivateKeyInfo in DER
* form to the next decoder.
*/
DECODER_w_structure("DER", der, EncryptedPrivateKeyInfo, der, yes),

48
providers/encoders.inc
Unescape View File

@ -15,7 +15,7 @@
#define ENCODER_STRUCTURE_type_specific_params "type-specific"
#define ENCODER_STRUCTURE_type_specific "type-specific"
#define ENCODER_STRUCTURE_type_specific_no_pub "type-specific"
#define ENCODER_STRUCTURE_PKCS8 "pkcs8"
#define ENCODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo"
#define ENCODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo"
#define ENCODER_STRUCTURE_DH "dh"
#define ENCODER_STRUCTURE_DHX "dhx"
@ -127,70 +127,70 @@ ENCODER("DSA", dsa, yes, pvk),
#endif
/*
* Entries for PKCS#8 and SubjectPublicKeyInfo.
* Entries for PKCS#8 (PrivateKeyInfo) and SubjectPublicKeyInfo.
* The "der" ones are added convenience for any user that wants to use
* OSSL_ENCODER directly.
* The "pem" ones also support PEM_write_bio_PrivateKey() and
* PEM_write_bio_PUBKEY().
*/
ENCODER_w_structure("RSA", rsa, yes, der, PKCS8),
ENCODER_w_structure("RSA", rsa, yes, pem, PKCS8),
ENCODER_w_structure("RSA", rsa, yes, der, PrivateKeyInfo),
ENCODER_w_structure("RSA", rsa, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("RSA", rsa, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("RSA", rsa, yes, pem, SubjectPublicKeyInfo),
ENCODER_w_structure("RSA-PSS", rsapss, yes, der, PKCS8),
ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, PKCS8),
ENCODER_w_structure("RSA-PSS", rsapss, yes, der, PrivateKeyInfo),
ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("RSA-PSS", rsapss, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, SubjectPublicKeyInfo),
#ifndef OPENSSL_NO_DH
ENCODER_w_structure("DH", dh, yes, der, PKCS8),
ENCODER_w_structure("DH", dh, yes, pem, PKCS8),
ENCODER_w_structure("DH", dh, yes, der, PrivateKeyInfo),
ENCODER_w_structure("DH", dh, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("DH", dh, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("DH", dh, yes, pem, SubjectPublicKeyInfo),
ENCODER_w_structure("DHX", dhx, yes, der, PKCS8),
ENCODER_w_structure("DHX", dhx, yes, pem, PKCS8),
ENCODER_w_structure("DHX", dhx, yes, der, PrivateKeyInfo),
ENCODER_w_structure("DHX", dhx, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("DHX", dhx, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("DHX", dhx, yes, pem, SubjectPublicKeyInfo),
#endif
#ifndef OPENSSL_NO_DSA
ENCODER_w_structure("DSA", dsa, yes, der, PKCS8),
ENCODER_w_structure("DSA", dsa, yes, pem, PKCS8),
ENCODER_w_structure("DSA", dsa, yes, der, PrivateKeyInfo),
ENCODER_w_structure("DSA", dsa, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("DSA", dsa, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("DSA", dsa, yes, pem, SubjectPublicKeyInfo),
#endif
#ifndef OPENSSL_NO_EC
ENCODER_w_structure("EC", ec, yes, der, PKCS8),
ENCODER_w_structure("EC", ec, yes, pem, PKCS8),
ENCODER_w_structure("EC", ec, yes, der, PrivateKeyInfo),
ENCODER_w_structure("EC", ec, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("EC", ec, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("EC", ec, yes, pem, SubjectPublicKeyInfo),
ENCODER_w_structure("X25519", x25519, yes, der, PKCS8),
ENCODER_w_structure("X25519", x25519, yes, pem, PKCS8),
ENCODER_w_structure("X25519", x25519, yes, der, PrivateKeyInfo),
ENCODER_w_structure("X25519", x25519, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("X25519", x25519, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("X25519", x25519, yes, pem, SubjectPublicKeyInfo),
ENCODER_w_structure("X448", x448, yes, der, PKCS8),
ENCODER_w_structure("X448", x448, yes, pem, PKCS8),
ENCODER_w_structure("X448", x448, yes, der, PrivateKeyInfo),
ENCODER_w_structure("X448", x448, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("X448", x448, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("X448", x448, yes, pem, SubjectPublicKeyInfo),
ENCODER_w_structure("ED25519", ed25519, yes, der, PKCS8),
ENCODER_w_structure("ED25519", ed25519, yes, pem, PKCS8),
ENCODER_w_structure("ED25519", ed25519, yes, der, PrivateKeyInfo),
ENCODER_w_structure("ED25519", ed25519, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("ED25519", ed25519, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("ED25519", ed25519, yes, pem, SubjectPublicKeyInfo),
ENCODER_w_structure("ED448", ed448, yes, der, PKCS8),
ENCODER_w_structure("ED448", ed448, yes, pem, PKCS8),
ENCODER_w_structure("ED448", ed448, yes, der, PrivateKeyInfo),
ENCODER_w_structure("ED448", ed448, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("ED448", ed448, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("ED448", ed448, yes, pem, SubjectPublicKeyInfo),
# ifndef OPENSSL_NO_SM2
ENCODER_w_structure("SM2", sm2, yes, der, PKCS8),
ENCODER_w_structure("SM2", sm2, yes, pem, PKCS8),
ENCODER_w_structure("SM2", sm2, yes, der, PrivateKeyInfo),
ENCODER_w_structure("SM2", sm2, yes, pem, PrivateKeyInfo),
ENCODER_w_structure("SM2", sm2, yes, der, SubjectPublicKeyInfo),
ENCODER_w_structure("SM2", sm2, yes, pem, SubjectPublicKeyInfo),
# endif

2
providers/implementations/encode_decode/build.info
Unescape View File

@ -6,7 +6,7 @@ $DECODER_GOAL=../../libdefault.a
SOURCE[$ENCODER_GOAL]=endecoder_common.c
SOURCE[$DECODER_GOAL]=decode_der2key.c decode_pem2der.c \
SOURCE[$DECODER_GOAL]=decode_der2key.c decode_epki2pki.c decode_pem2der.c \
decode_msblob2key.c decode_pvk2key.c
SOURCE[$ENCODER_GOAL]=encode_key2any.c encode_key2text.c encode_key2ms.c

89
providers/implementations/encode_decode/decode_der2key.c
Unescape View File

@ -41,8 +41,7 @@ typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);
typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);
typedef void free_key_fn(void *);
typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long,
struct der2key_ctx_st *,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg);
struct der2key_ctx_st *);
struct keytype_desc_st {
const char *keytype_name;
const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
@ -65,7 +64,7 @@ struct keytype_desc_st {
d2i_of_void *d2i_private_key; /* From type-specific DER */
d2i_of_void *d2i_public_key; /* From type-specific DER */
d2i_of_void *d2i_key_params; /* From type-specific DER */
d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PKCS#8, possibly encrypted */
d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */
d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */
/*
@ -114,36 +113,13 @@ typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf,
OSSL_LIB_CTX *libctx, const char *propq);
static void *der2key_decode_p8(const unsigned char **input_der,
long input_der_len, struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg,
key_from_pkcs8_t *key_from_pkcs8)
{
X509_SIG *p8 = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
const X509_ALGOR *alg = NULL;
void *key = NULL;
ctx->flag_fatal = 0;
ERR_set_mark();
if ((p8 = d2i_X509_SIG(NULL, input_der, input_der_len)) != NULL) {
char pbuf[PEM_BUFSIZE];
size_t plen = 0;
ERR_clear_last_mark();
if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg))
ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
else
p8inf = PKCS8_decrypt_ex(p8, pbuf, plen, PROV_LIBCTX_OF(ctx->provctx), NULL);
if (p8inf == NULL)
ctx->flag_fatal = 1;
X509_SIG_free(p8);
} else {
/* Pop any errors that might have been raised by d2i_X509_SIG. */
ERR_pop_to_mark();
p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len);
}
if (p8inf != NULL
if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL
&& PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)
&& OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type)
key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL);
@ -247,8 +223,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
derp = der;
if (ctx->desc->d2i_PKCS8 != NULL) {
key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx,
pw_cb, pw_cbarg);
key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx);
if (ctx->flag_fatal)
goto end;
} else if (ctx->desc->d2i_private_key != NULL) {
@ -360,10 +335,9 @@ static int der2key_export_object(void *vctx,
# define dh_d2i_key_params (d2i_of_void *)d2i_DHparams
static void *dh_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
struct der2key_ctx_st *ctx)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
return der2key_decode_p8(der, der_len, ctx,
(key_from_pkcs8_t *)ossl_dh_key_from_pkcs8);
}
@ -396,10 +370,9 @@ static void dh_adjust(void *key, struct der2key_ctx_st *ctx)
# define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams
static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
struct der2key_ctx_st *ctx)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
return der2key_decode_p8(der, der_len, ctx,
(key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);
}
@ -422,10 +395,9 @@ static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)
# define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters
static void *ec_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
struct der2key_ctx_st *ctx)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
return der2key_decode_p8(der, der_len, ctx,
(key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
}
@ -452,10 +424,9 @@ static void ec_adjust(void *key, struct der2key_ctx_st *ctx)
*/
static void *ecx_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
struct der2key_ctx_st *ctx)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
return der2key_decode_p8(der, der_len, ctx,
(key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8);
}
@ -511,10 +482,9 @@ static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)
# define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters
static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
struct der2key_ctx_st *ctx)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
return der2key_decode_p8(der, der_len, ctx,
(key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
}
@ -533,10 +503,9 @@ static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
#define rsa_d2i_key_params NULL
static void *rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
struct der2key_ctx_st *ctx)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
return der2key_decode_p8(der, der_len, ctx,
(key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8);
}
@ -650,8 +619,8 @@ static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
keytype##_adjust, \
keytype##_free
#define DO_PKCS8(keytype) \
"pkcs8", keytype##_evp_type, \
#define DO_PrivateKeyInfo(keytype) \
"PrivateKeyInfo", keytype##_evp_type, \
( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
NULL, \
NULL, \
@ -785,42 +754,42 @@ static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
}
#ifndef OPENSSL_NO_DH
MAKE_DECODER("DH", dh, dh, PKCS8);
MAKE_DECODER("DH", dh, dh, PrivateKeyInfo);
MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
MAKE_DECODER("DH", dh, dh, type_specific_params);
MAKE_DECODER("DH", dh, dh, DH);
MAKE_DECODER("DHX", dhx, dhx, PKCS8);
MAKE_DECODER("DHX", dhx, dhx, PrivateKeyInfo);
MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
MAKE_DECODER("DHX", dhx, dhx, DHX);
#endif
#ifndef OPENSSL_NO_DSA
MAKE_DECODER("DSA", dsa, dsa, PKCS8);
MAKE_DECODER("DSA", dsa, dsa, PrivateKeyInfo);
MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
MAKE_DECODER("DSA", dsa, dsa, type_specific);
MAKE_DECODER("DSA", dsa, dsa, DSA);
#endif
#ifndef OPENSSL_NO_EC
MAKE_DECODER("EC", ec, ec, PKCS8);
MAKE_DECODER("EC", ec, ec, PrivateKeyInfo);
MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
MAKE_DECODER("EC", ec, ec, EC);
MAKE_DECODER("X25519", x25519, ecx, PKCS8);
MAKE_DECODER("X25519", x25519, ecx, PrivateKeyInfo);
MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
MAKE_DECODER("X448", x448, ecx, PKCS8);
MAKE_DECODER("X448", x448, ecx, PrivateKeyInfo);
MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
MAKE_DECODER("ED25519", ed25519, ecx, PKCS8);
MAKE_DECODER("ED25519", ed25519, ecx, PrivateKeyInfo);
MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
MAKE_DECODER("ED448", ed448, ecx, PKCS8);
MAKE_DECODER("ED448", ed448, ecx, PrivateKeyInfo);
MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
# ifndef OPENSSL_NO_SM2
MAKE_DECODER("SM2", sm2, ec, PKCS8);
MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo);
MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
# endif
#endif
MAKE_DECODER("RSA", rsa, rsa, PKCS8);
MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo);
MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
MAKE_DECODER("RSA", rsa, rsa, RSA);
MAKE_DECODER("RSA-PSS", rsapss, rsapss, PKCS8);
MAKE_DECODER("RSA-PSS", rsapss, rsapss, PrivateKeyInfo);
MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);

153
providers/implementations/encode_decode/decode_epki2pki.c
Unescape View File

@ -0,0 +1,153 @@
/*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/core.h>
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/core_object.h>
#include <openssl/asn1.h>
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/pkcs12.h>
#include <openssl/x509.h>
#include <openssl/proverr.h>
#include "internal/asn1.h"
#include "internal/sizes.h"
#include "prov/bio.h"
#include "prov/implementations.h"
#include "endecoder_local.h"
static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
/*
* Context used for EncryptedPrivateKeyInfo to PrivateKeyInfo decoding.
*/
struct epki2pki_ctx_st {
PROV_CTX *provctx;
};
static void *epki2pki_newctx(void *provctx)
{
struct epki2pki_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx != NULL)
ctx->provctx = provctx;
return ctx;
}
static void epki2pki_freectx(void *vctx)
{
struct epki2pki_ctx_st *ctx = vctx;
OPENSSL_free(ctx);
}
/*
* The selection parameter in epki2pki_decode() is not used by this function
* because it's not relevant just to decode EncryptedPrivateKeyInfo to
* PrivateKeyInfo.
*/
static int epki2pki_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
OSSL_CALLBACK *data_cb, void *data_cbarg,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
struct epki2pki_ctx_st *ctx = vctx;
BUF_MEM *mem = NULL;
unsigned char *der = NULL;
const unsigned char *pder = NULL;
long der_len = 0;
X509_SIG *p8 = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
const X509_ALGOR *alg = NULL;
BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin);
int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
BIO_free(in);
/* We return "empty handed". This is not an error. */
if (!ok)
return 1;
pder = der = (unsigned char *)mem->data;
der_len = (long)mem->length;
OPENSSL_free(mem);
ok = 1; /* Assume good */
ERR_set_mark();
if ((p8 = d2i_X509_SIG(NULL, &pder, der_len)) != NULL) {
char pbuf[1024];
size_t plen = 0;
ERR_clear_last_mark();
if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
} else {
const ASN1_OCTET_STRING *oct;
unsigned char *new_der = NULL;
int new_der_len = 0;
X509_SIG_get0(p8, &alg, &oct);
if (!PKCS12_pbe_crypt_ex(alg, pbuf, plen,
oct->data, oct->length,
&new_der, &new_der_len, 0,
PROV_LIBCTX_OF(ctx->provctx), NULL)) {
ok = 0;
} else {
OPENSSL_free(der);
der = new_der;
der_len = new_der_len;
}
alg = NULL;
}
X509_SIG_free(p8);
} else {
ERR_pop_to_mark();
}
ERR_set_mark();
pder = der;
p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pder, der_len);
ERR_pop_to_mark();
if (p8inf != NULL && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)) {
/*
* We have something and recognised it as PrivateKeyInfo, so let's
* pass all the applicable data to the callback.
*/
char keytype[OSSL_MAX_NAME_SIZE];
OSSL_PARAM params[5], *p = params;
int objtype = OSSL_OBJECT_PKEY;
OBJ_obj2txt(keytype, sizeof(keytype), alg->algorithm, 0);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
keytype, 0);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE,
"PrivateKeyInfo", 0);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA,
der, der_len);
*p++ = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &objtype);
*p = OSSL_PARAM_construct_end();
ok = data_cb(params, data_cbarg);
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
OPENSSL_free(der);
return ok;
}
const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[] = {
{ OSSL_FUNC_DECODER_NEWCTX, (void (*)(void))epki2pki_newctx },
{ OSSL_FUNC_DECODER_FREECTX, (void (*)(void))epki2pki_freectx },
{ OSSL_FUNC_DECODER_DECODE, (void (*)(void))epki2pki_decode },
{ 0, NULL }
};

4
providers/implementations/encode_decode/decode_pem2der.c
Unescape View File

@ -101,8 +101,8 @@ static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
* These entries should be in longest to shortest order to avoid
* mixups.
*/
{ "ENCRYPTED PRIVATE KEY", "pkcs8" },
{ "PRIVATE KEY", "pkcs8" },
{ "ENCRYPTED PRIVATE KEY", "EncryptedPrivateKeyInfo" },
{ "PRIVATE KEY", "PrivateKeyInfo" },
{ "PUBLIC KEY", "SubjectPublicKeyInfo" },
{ "PARAMETERS", NULL }

228
providers/implementations/encode_decode/encode_key2any.c
Unescape View File

@ -128,12 +128,14 @@ static X509_SIG *key_to_encp8(const void *key, int key_nid,
{
PKCS8_PRIV_KEY_INFO *p8info =
key_to_p8info(key, key_nid, params, params_type, k2d);
X509_SIG *p8 = p8info_to_encp8(p8info, ctx);
X509_SIG *p8 = NULL;
if (p8info == NULL)
if (p8info == NULL) {
free_asn1_data(params_type, params);
PKCS8_PRIV_KEY_INFO_free(p8info);
} else {
p8 = p8info_to_encp8(p8info, ctx);
PKCS8_PRIV_KEY_INFO_free(p8info);
}
return p8;
}
@ -162,81 +164,141 @@ static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid,
}
/*
* key_to_pkcs8_* produce encoded output with the key data pkcs8
* in a structure. For private keys, that structure is PKCS#8, and for
* public keys, it's X.509 SubjectPublicKeyInfo. Parameters don't have
* any defined envelopment of that kind.
* key_to_epki_* produce encoded output with the private key data in a
* EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require
* that there's an intent to encrypt, anything else is an error.
* They are currently only called from the corresponding key_to_pki_ function.
*
* key_to_pki_* primarly produce encoded output with the private key data
* in a PrivateKeyInfo structure (also defined by PKCS#8). However, if
* there is an intent to encrypt the data, the corresponding key_to_epki_*
* function is used instead.
*
* key_to_spki_* produce encoded output with the public key data in an
* X.509 SubjectPublicKeyInfo.
*
* Key parameters don't have any defined envelopment of this kind, but are
* included in some manner in the output from the functions described above,
* either in the AlgorithmIdentifier's parameter field, or as part of the
* key data itself.
*/
static int key_to_pkcs8_der_priv_bio(BIO *out, const void *key,
int key_nid,
ossl_unused const char *pemname,
key_to_paramstring_fn *p2s,
i2d_of_void *k2d,
struct key2any_ctx_st *ctx)
static int key_to_epki_der_priv_bio(BIO *out, const void *key,
int key_nid,
ossl_unused const char *pemname,
key_to_paramstring_fn *p2s,
i2d_of_void *k2d,
struct key2any_ctx_st *ctx)
{
int ret = 0;
void *str = NULL;
int strtype = V_ASN1_UNDEF;
X509_SIG *p8;
if (!ctx->cipher_intent)
return 0;
if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
&str, &strtype))
return 0;
if (ctx->cipher_intent) {
X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
if (p8 != NULL)
ret = i2d_PKCS8_bio(out, p8);
if (p8 != NULL)
ret = i2d_PKCS8_bio(out, p8);
X509_SIG_free(p8);
X509_SIG_free(p8);
} else {
PKCS8_PRIV_KEY_INFO *p8info =
key_to_p8info(key, key_nid, str, strtype, k2d);
return ret;
}
if (p8info != NULL)
ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
else
free_asn1_data(strtype, str);
static int key_to_epki_pem_priv_bio(BIO *out, const void *key,
int key_nid,
ossl_unused const char *pemname,
key_to_paramstring_fn *p2s,
i2d_of_void *k2d,
struct key2any_ctx_st *ctx)
{
int ret = 0;
void *str = NULL;
int strtype = V_ASN1_UNDEF;
X509_SIG *p8;
PKCS8_PRIV_KEY_INFO_free(p8info);
}
if (!ctx->cipher_intent)
return 0;
if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
&str, &strtype))
return 0;
p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
if (p8 != NULL)
ret = PEM_write_bio_PKCS8(out, p8);
X509_SIG_free(p8);
return ret;
}
static int key_to_pkcs8_pem_priv_bio(BIO *out, const void *key,
int key_nid,
ossl_unused const char *pemname,
key_to_paramstring_fn *p2s,
i2d_of_void *k2d,
struct key2any_ctx_st *ctx)
static int key_to_pki_der_priv_bio(BIO *out, const void *key,
int key_nid,
ossl_unused const char *pemname,
key_to_paramstring_fn *p2s,
i2d_of_void *k2d,
struct key2any_ctx_st *ctx)
{
int ret = 0;
void *str = NULL;
int strtype = V_ASN1_UNDEF;
PKCS8_PRIV_KEY_INFO *p8info;
if (ctx->cipher_intent)
return key_to_epki_der_priv_bio(out, key, key_nid, pemname,
p2s, k2d, ctx);
if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
&str, &strtype))
return 0;
if (ctx->cipher_intent) {
X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
if (p8 != NULL)
ret = PEM_write_bio_PKCS8(out, p8);
if (p8info != NULL)
ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
else
free_asn1_data(strtype, str);
X509_SIG_free(p8);
} else {
PKCS8_PRIV_KEY_INFO *p8info =
key_to_p8info(key, key_nid, str, strtype, k2d);
PKCS8_PRIV_KEY_INFO_free(p8info);
if (p8info != NULL)
ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
else
free_asn1_data(strtype, str);
return ret;
}
PKCS8_PRIV_KEY_INFO_free(p8info);
}
static int key_to_pki_pem_priv_bio(BIO *out, const void *key,
int key_nid,
ossl_unused const char *pemname,
key_to_paramstring_fn *p2s,
i2d_of_void *k2d,
struct key2any_ctx_st *ctx)
{
int ret = 0;
void *str = NULL;
int strtype = V_ASN1_UNDEF;
PKCS8_PRIV_KEY_INFO *p8info;
if (ctx->cipher_intent)
return key_to_epki_pem_priv_bio(out, key, key_nid, pemname,
p2s, k2d, ctx);
if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
&str, &strtype))
return 0;
p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
if (p8info != NULL)
ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
else
free_asn1_data(strtype, str);
PKCS8_PRIV_KEY_INFO_free(p8info);
return ret;
}
@ -427,7 +489,7 @@ static int dh_spki_pub_to_der(const void *dh, unsigned char **pder)
return ret;
}
static int dh_pkcs8_priv_to_der(const void *dh, unsigned char **pder)
static int dh_pki_priv_to_der(const void *dh, unsigned char **pder)
{
const BIGNUM *bn = NULL;
ASN1_INTEGER *priv_key = NULL;
@ -540,7 +602,7 @@ static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder)
return ret;
}
static int dsa_pkcs8_priv_to_der(const void *dsa, unsigned char **pder)
static int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder)
{
const BIGNUM *bn = NULL;
ASN1_INTEGER *priv_key = NULL;
@ -639,7 +701,7 @@ static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder)
return i2o_ECPublicKey(eckey, pder);
}
static int ec_pkcs8_priv_to_der(const void *veckey, unsigned char **pder)
static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder)
{
EC_KEY *eckey = (EC_KEY *)veckey;
unsigned int old_flags;
@ -700,7 +762,7 @@ static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder)
return ecxkey->keylen;
}
static int ecx_pkcs8_priv_to_der(const void *vecxkey, unsigned char **pder)
static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder)
{
const ECX_KEY *ecxkey = vecxkey;
ASN1_OCTET_STRING oct;
@ -826,7 +888,7 @@ static int prepare_rsa_params(const void *rsa, int nid, int save,
* RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey|
* field as well as the SubjectPublicKeyInfo |subjectPublicKey| field.
*/
#define rsa_pkcs8_priv_to_der rsa_type_specific_priv_to_der
#define rsa_pki_priv_to_der rsa_type_specific_priv_to_der
#define rsa_spki_pub_to_der rsa_type_specific_pub_to_der
#define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey
#define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey
@ -1041,10 +1103,18 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout,
* the same.
*/
/* PKCS#8 is a structure for private keys only */
#define DO_PKCS8_selection_mask DO_PRIVATE_KEY_selection_mask
#define DO_PKCS8(impl, type, output) \
DO_PRIVATE_KEY(impl, type, pkcs8, output)
/*
* PKCS#8 defines two structures for private keys only:
* - PrivateKeyInfo (raw unencrypted form)
* - EncryptedPrivateKeyInfo (encrypted wrapping)
*
* To allow a certain amount of flexibility, we allow the routines
* for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a
* passphrase callback has been passed to them.
*/
#define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
#define DO_PrivateKeyInfo(impl, type, output) \
DO_PRIVATE_KEY(impl, type, pki, output)
/* SubjectPublicKeyInfo is a structure for public keys only */
#define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask
@ -1258,55 +1328,55 @@ MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, pem);
* For PEM, these are expected to be used by PEM_write_bio_PrivateKey(),
* PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters().
*/
MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS8, der);
MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS8, pem);
MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der);
MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem);
MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der);
MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem);
MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS8, der);
MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS8, pem);
MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der);
MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem);
MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der);
MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem);
#ifndef OPENSSL_NO_DH
MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS8, der);
MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS8, pem);
MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der);
MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem);
MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der);
MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem);
MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PKCS8, der);
MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PKCS8, pem);
MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der);
MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem);
MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der);
MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem);
#endif
#ifndef OPENSSL_NO_DSA
MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PKCS8, der);
MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PKCS8, pem);
MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der);
MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem);
MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der);
MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem);
#endif
#ifndef OPENSSL_NO_EC
MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PKCS8, der);
MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PKCS8, pem);
MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der);
MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem);
MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
# ifndef OPENSSL_NO_SM2
MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PKCS8, der);
MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PKCS8, pem);
MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der);
MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem);
MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
# endif
MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PKCS8, der);
MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PKCS8, pem);
MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der);
MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem);
MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der);
MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem);
MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PKCS8, der);
MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PKCS8, pem);
MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der);
MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem);
MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem);
MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PKCS8, der);
MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PKCS8, pem);
MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der);
MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem);
MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der);
MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem);
MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PKCS8, der);
MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PKCS8, pem);
MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der);
MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem);
MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem);
#endif

67
providers/implementations/include/prov/implementations.h
Unescape View File

@ -323,8 +323,8 @@ extern const OSSL_DISPATCH ossl_rsa_asym_kem_functions[];
/* Encoders */
extern const OSSL_DISPATCH ossl_rsa_to_PKCS1_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsa_to_PKCS1_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsa_to_PKCS8_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsa_to_PKCS8_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsa_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsa_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsa_to_RSA_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsa_to_RSA_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsa_to_SubjectPublicKeyInfo_der_encoder_functions[];
@ -337,8 +337,8 @@ extern const OSSL_DISPATCH ossl_rsa_to_type_specific_keypair_pem_encoder_functio
extern const OSSL_DISPATCH ossl_rsapss_to_PKCS1_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsapss_to_PKCS1_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsapss_to_PKCS8_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsapss_to_PKCS8_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsapss_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsapss_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsapss_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsapss_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_rsapss_to_text_encoder_functions[];
@ -347,8 +347,8 @@ extern const OSSL_DISPATCH ossl_dh_to_DH_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dh_to_DH_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dh_to_PKCS3_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dh_to_PKCS3_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dh_to_PKCS8_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dh_to_PKCS8_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dh_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dh_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dh_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dh_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dh_to_type_specific_params_der_encoder_functions[];
@ -357,8 +357,8 @@ extern const OSSL_DISPATCH ossl_dh_to_text_encoder_functions[];
extern const OSSL_DISPATCH ossl_dhx_to_DHX_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dhx_to_DHX_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dhx_to_PKCS8_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dhx_to_PKCS8_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dhx_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dhx_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dhx_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dhx_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dhx_to_X9_42_der_encoder_functions[];
@ -369,8 +369,8 @@ extern const OSSL_DISPATCH ossl_dhx_to_text_encoder_functions[];
extern const OSSL_DISPATCH ossl_dsa_to_DSA_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dsa_to_DSA_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dsa_to_PKCS8_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dsa_to_PKCS8_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dsa_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dsa_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dsa_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_dsa_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_dsa_to_type_specific_pem_encoder_functions[];
@ -382,8 +382,8 @@ extern const OSSL_DISPATCH ossl_dsa_to_text_encoder_functions[];
extern const OSSL_DISPATCH ossl_ec_to_EC_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ec_to_EC_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ec_to_blob_encoder_functions[];
extern const OSSL_DISPATCH ossl_ec_to_PKCS8_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ec_to_PKCS8_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ec_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ec_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ec_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ec_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ec_to_X9_62_der_encoder_functions[];
@ -396,8 +396,8 @@ extern const OSSL_DISPATCH ossl_ec_to_text_encoder_functions[];
extern const OSSL_DISPATCH ossl_sm2_to_SM2_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_sm2_to_SM2_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_sm2_to_blob_encoder_functions[];
extern const OSSL_DISPATCH ossl_sm2_to_PKCS8_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_sm2_to_PKCS8_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_sm2_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_sm2_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_sm2_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_sm2_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_sm2_to_type_specific_no_pub_pem_encoder_functions[];
@ -405,84 +405,85 @@ extern const OSSL_DISPATCH ossl_sm2_to_type_specific_no_pub_der_encoder_function
extern const OSSL_DISPATCH ossl_sm2_to_text_encoder_functions[];
#endif
extern const OSSL_DISPATCH ossl_ed25519_to_PKCS8_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed25519_to_PKCS8_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed25519_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed25519_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed25519_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed25519_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed25519_to_OSSL_current_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed25519_to_text_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed448_to_PKCS8_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed448_to_PKCS8_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed448_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed448_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed448_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed448_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed448_to_OSSL_current_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_ed448_to_text_encoder_functions[];
extern const OSSL_DISPATCH ossl_x25519_to_PKCS8_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_x25519_to_PKCS8_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_x25519_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_x25519_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_x25519_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_x25519_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_x25519_to_OSSL_current_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_x25519_to_text_encoder_functions[];
extern const OSSL_DISPATCH ossl_x448_to_PKCS8_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_x448_to_PKCS8_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_x448_to_PrivateKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_x448_to_PrivateKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_x448_to_SubjectPublicKeyInfo_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_x448_to_SubjectPublicKeyInfo_pem_encoder_functions[];
extern const OSSL_DISPATCH ossl_x448_to_OSSL_current_der_encoder_functions[];
extern const OSSL_DISPATCH ossl_x448_to_text_encoder_functions[];
/* Decoders */
extern const OSSL_DISPATCH ossl_PKCS8_der_to_dh_decoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_dh_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_dh_decoder_functions[];
extern const OSSL_DISPATCH ossl_type_specific_params_der_to_dh_decoder_functions[];
extern const OSSL_DISPATCH ossl_DH_der_to_dh_decoder_functions[];
extern const OSSL_DISPATCH ossl_PKCS8_der_to_dhx_decoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_dhx_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_dhx_decoder_functions[];
extern const OSSL_DISPATCH ossl_type_specific_params_der_to_dhx_decoder_functions[];
extern const OSSL_DISPATCH ossl_DHX_der_to_dhx_decoder_functions[];
extern const OSSL_DISPATCH ossl_PKCS8_der_to_dsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_dsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_dsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_type_specific_der_to_dsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_DSA_der_to_dsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_msblob_to_dsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_pvk_to_dsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_PKCS8_der_to_ec_decoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ec_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ec_decoder_functions[];
extern const OSSL_DISPATCH ossl_type_specific_no_pub_der_to_ec_decoder_functions[];
extern const OSSL_DISPATCH ossl_EC_der_to_ec_decoder_functions[];
extern const OSSL_DISPATCH ossl_PKCS8_der_to_x25519_decoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_x25519_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_x25519_decoder_functions[];
extern const OSSL_DISPATCH ossl_PKCS8_der_to_x448_decoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_x448_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_x448_decoder_functions[];
extern const OSSL_DISPATCH ossl_PKCS8_der_to_ed25519_decoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ed25519_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ed25519_decoder_functions[];
extern const OSSL_DISPATCH ossl_PKCS8_der_to_ed448_decoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_ed448_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_ed448_decoder_functions[];
#ifndef OPENSSL_NO_SM2
extern const OSSL_DISPATCH ossl_PKCS8_der_to_sm2_decoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_sm2_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_sm2_decoder_functions[];
#endif
extern const OSSL_DISPATCH ossl_PKCS8_der_to_rsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_rsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_rsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_type_specific_keypair_der_to_rsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_RSA_der_to_rsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_msblob_to_rsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_pvk_to_rsa_decoder_functions[];
extern const OSSL_DISPATCH ossl_PKCS8_der_to_rsapss_decoder_functions[];
extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_rsapss_decoder_functions[];
extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_rsapss_decoder_functions[];
extern const OSSL_DISPATCH ossl_EncryptedPrivateKeyInfo_der_to_der_decoder_functions[];
extern const OSSL_DISPATCH ossl_pem_to_der_decoder_functions[];
extern const OSSL_DISPATCH ossl_file_store_functions[];

10
test/endecode_test.c
Unescape View File

@ -526,7 +526,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key)
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
"DER", "pkcs8", NULL, NULL,
"DER", "PrivateKeyInfo", NULL, NULL,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_mem, check_unprotected_PKCS8_DER,
dump_der, 0);
@ -548,7 +548,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key)
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
"PEM", "pkcs8", NULL, NULL,
"PEM", "PrivateKeyInfo", NULL, NULL,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_text, check_unprotected_PKCS8_PEM,
dump_pem, 0);
@ -703,7 +703,8 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key)
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
| OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
"DER", "pkcs8", pass, pass_cipher,
"DER", "PrivateKeyInfo",
pass, pass_cipher,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_mem, check_protected_PKCS8_DER,
dump_der, 0);
@ -725,7 +726,8 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key)
return test_encode_decode(__FILE__, __LINE__, type, key,
OSSL_KEYMGMT_SELECT_KEYPAIR
| OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
"PEM", "pkcs8", pass, pass_cipher,
"PEM", "PrivateKeyInfo",
pass, pass_cipher,
encode_EVP_PKEY_prov, decode_EVP_PKEY_prov,
test_text, check_protected_PKCS8_PEM,
dump_pem, 0);

4
test/evp_pkey_provided_test.c
Unescape View File

@ -176,14 +176,14 @@ static int test_print_key_type_using_encoder(const char *alg, int type,
case PRIV_PEM:
output_type = "PEM";
output_structure = "pkcs8";
output_structure = "PrivateKeyInfo";
selection = OSSL_KEYMGMT_SELECT_KEYPAIR
| OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
break;
case PRIV_DER:
output_type = "DER";
output_structure = "pkcs8";
output_structure = "PrivateKeyInfo";
selection = OSSL_KEYMGMT_SELECT_KEYPAIR
| OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
break;