diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2007-11-20 13:37:51 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2007-11-20 13:37:51 +0000 |
| commit | 94e6ae7a697486716313062c5c6700c9e0d6423a (patch) | |
| tree | a7ca14b0f0e82a367934f452d4de8201b1b5a9b1 | |
| parent | f670738987247d43cad624bf432c6b615a950572 (diff) | |
| download | openssl-94e6ae7a697486716313062c5c6700c9e0d6423a.tar.gz | |
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
Make {d2i,i2d}_PrivateKey() fall back to PKCS#8 format if no legacy format
supported. Add support in d2i_AutoPrivateKey().
| -rw-r--r-- | crypto/asn1/asn1.h | 1 | ||||
| -rw-r--r-- | crypto/asn1/asn1_err.c | 3 | ||||
| -rw-r--r-- | crypto/asn1/d2i_pr.c | 38 | ||||
| -rw-r--r-- | crypto/asn1/i2d_pr.c | 7 |
4 files changed, 45 insertions, 4 deletions
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 1bf227d27f..2adb06e93f 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1185,6 +1185,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_D2I_ASN1_TYPE_BYTES 149 #define ASN1_F_D2I_ASN1_UINTEGER 150 #define ASN1_F_D2I_ASN1_UTCTIME 151 +#define ASN1_F_D2I_AUTOPRIVATEKEY 207 #define ASN1_F_D2I_NETSCAPE_RSA 152 #define ASN1_F_D2I_NETSCAPE_RSA_2 153 #define ASN1_F_D2I_PRIVATEKEY 154 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 2cb64aefca..480ed70764 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -147,6 +147,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"}, {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"}, {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"}, +{ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"}, {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"}, {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index e90cfa9db8..2828944777 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -64,6 +64,7 @@ #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +#include <openssl/x509.h> #include <openssl/asn1.h> #include "asn1_locl.h" @@ -101,9 +102,22 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, if (!ret->ameth->old_priv_decode || !ret->ameth->old_priv_decode(ret, pp, length)) { - ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); - goto err; - } + if (ret->ameth->priv_decode) + { + PKCS8_PRIV_KEY_INFO *p8=NULL; + p8=d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length); + if (!p8) goto err; + EVP_PKEY_free(ret); + ret = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + + } + else + { + ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); + goto err; + } + } if (a != NULL) (*a)=ret; return(ret); err: @@ -132,6 +146,24 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, keytype = EVP_PKEY_DSA; else if (sk_ASN1_TYPE_num(inkey) == 4) keytype = EVP_PKEY_EC; + else if (sk_ASN1_TYPE_num(inkey) == 3) + { /* This seems to be PKCS8, not traditional format */ + PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length); + EVP_PKEY *ret; + + sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); + if (!p8) + { + ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return NULL; + } + ret = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + if (a) { + *a = ret; + } + return ret; + } else keytype = EVP_PKEY_RSA; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); return d2i_PrivateKey(keytype, a, pp, length); diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c index 0ca7b70b16..e398b62666 100644 --- a/crypto/asn1/i2d_pr.c +++ b/crypto/asn1/i2d_pr.c @@ -59,6 +59,7 @@ #include <stdio.h> #include "cryptlib.h" #include <openssl/evp.h> +#include <openssl/x509.h> #include "asn1_locl.h" int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) @@ -67,6 +68,12 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) { return a->ameth->old_priv_encode(a, pp); } + if (a->ameth && a->ameth->priv_encode) { + PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); + int ret = i2d_PKCS8_PRIV_KEY_INFO(p8,pp); + PKCS8_PRIV_KEY_INFO_free(p8); + return ret; + } ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return(-1); } |