summaryrefslogtreecommitdiffstats
path: root/apps/rsa.c
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2021-05-27 12:34:03 +0200
committerRichard Levitte <levitte@openssl.org>2021-06-09 17:00:10 +0200
commit6a2b8ff392a304bbb106528653397b864acc53fa (patch)
tree75bd836ad9cec6eec65f270fd4db4b893f73b939 /apps/rsa.c
parent25-test_verify.t: Add test case: accept trusted self-signed EE cert with key ... (diff)
downloadopenssl-6a2b8ff392a304bbb106528653397b864acc53fa.tar.xz
openssl-6a2b8ff392a304bbb106528653397b864acc53fa.zip
Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8
This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo", which is sensible considering we already have "SubjectPublicKeyInfo". We also add "EncryptedPrivateKeyInfo", and use it for a special decoder that detects and decrypts an EncryptedPrivateKeyInfo structured DER blob into a PrivateKeyInfo structured DER blob and passes that on to the next decoder implementation. The result of this change is that PKCS#8 decryption should only happen once per decoding instead of once for every expected key type. Furthermore, this new decoder implementation sets the data type to the OID of the algorithmIdentifier field, thus reducing how many decoder implementations are tentativaly run further down the call chain. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15498)
Diffstat (limited to 'apps/rsa.c')
-rw-r--r--apps/rsa.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/rsa.c b/apps/rsa.c
index c4f65cac10..3e9d320ea3 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -322,7 +322,7 @@ int rsa_main(int argc, char **argv)
if (traditional)
output_structure = "pkcs1"; /* "type-specific" would work too */
else
- output_structure = "pkcs8";
+ output_structure = "PrivateKeyInfo";
}
}