diff options
| author | Richard Levitte <levitte@openssl.org> | 2021-01-28 09:00:58 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2021-02-24 10:17:14 +0100 |
| commit | 10315851d0230646947213ac148747bc64c56798 (patch) | |
| tree | e42ace1a1251dc13083d5a1258f4b2fddec63916 /include | |
| parent | Remove disabled TLS 1.3 ciphers from the SSL(_CTX) (diff) | |
| download | openssl-10315851d0230646947213ac148747bc64c56798.tar.xz openssl-10315851d0230646947213ac148747bc64c56798.zip | |
X509: Refactor X509_PUBKEY processing to include provider side keys
When a SubjectPublicKeyInfo (SPKI) is decoded into an X509_PUBKEY
structure, the corresponding EVP_PKEY is automatically added as well.
This used to only support our built-in keytypes, and only in legacy
form.
This is now refactored by making The ASN1 implementation of the
X509_PUBKEY an EXTERN_ASN1, resulting in a more manual implementation
of the basic support routines. Specifically, the d2i routine will do
what was done in the callback before, and try to interpret the input
as an EVP_PKEY, first in legacy form, and then using OSSL_DECODER.
Fixes #13893
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14281)
Diffstat (limited to 'include')
| -rw-r--r-- | include/crypto/x509.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/crypto/x509.h b/include/crypto/x509.h index 809f6e328e..67fd88dbc4 100644 --- a/include/crypto/x509.h +++ b/include/crypto/x509.h @@ -327,4 +327,7 @@ int X509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq, /* Calculate default key identifier according to RFC 5280 section 4.2.1.2 (1) */ ASN1_OCTET_STRING *x509_pubkey_hash(X509_PUBKEY *pubkey); +/* A variant of d2i_PUBKEY() that is guaranteed to only return legacy keys */ +EVP_PKEY *d2i_PUBKEY_legacy(EVP_PKEY **a, + const unsigned char **in, long length); #endif |