diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-11-21 22:28:31 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-11-21 22:28:31 +0000 |
commit | 52664f5081939c96c5867fd02278f7575f1cab2d (patch) | |
tree | f2a5a01dcf50d2f54aa8114adf8ed59867754ed6 /crypto/pem | |
parent | a716d727347d6cd81534327901b509c6f5763f83 (diff) | |
download | openssl-52664f5081939c96c5867fd02278f7575f1cab2d.tar.gz |
Transparent support for PKCS#8 private keys in RSA/DSA.
New universal public key format.
Fix CRL+cert load problem in by_file.c
Make verify report errors when loading files or dirs
Diffstat (limited to 'crypto/pem')
-rw-r--r-- | crypto/pem/pem.h | 6 | ||||
-rw-r--r-- | crypto/pem/pem_all.c | 86 |
2 files changed, 88 insertions, 4 deletions
diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index ce2c1a3596..9260a11b8a 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -108,6 +108,7 @@ extern "C" { #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" #define PEM_STRING_X509_CRL "X509 CRL" #define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +#define PEM_STRING_PUBLIC "PUBLIC KEY" #define PEM_STRING_RSA "RSA PRIVATE KEY" #define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" #define PEM_STRING_DSA "DSA PRIVATE KEY" @@ -549,6 +550,7 @@ DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) DECLARE_PEM_rw(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) #endif @@ -556,7 +558,7 @@ DECLARE_PEM_rw(RSAPublicKey, RSA) DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) -DECLARE_PEM_rw(DSAPublicKey, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw(DSAparams, DSA) @@ -570,6 +572,8 @@ DECLARE_PEM_rw(DHparams, DH) DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY); + int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, char *, int, pem_password_cb *, void *); int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index 80f4037262..93f5d7ba79 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -65,6 +65,9 @@ #include <openssl/pkcs7.h> #include <openssl/pem.h> +static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); +static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa); + IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509) IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) @@ -84,17 +87,92 @@ IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, #ifndef NO_RSA -IMPLEMENT_PEM_rw_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) +/* We treat RSA or DSA private keys as a special case. + * + * For private keys we read in an EVP_PKEY structure with + * PEM_read_bio_PrivateKey() and extract the relevant private + * key: this means can handle "traditional" and PKCS#8 formats + * transparently. + */ + +static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa) +{ + RSA *rtmp; + if(!key) return NULL; + rtmp = EVP_PKEY_rget_RSA(key); + EVP_PKEY_free(key); + if(!rtmp) return NULL; + if(rsa) { + RSA_free(*rsa); + *rsa = rtmp; + } + return rtmp; +} + +RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, + void *u) +{ + EVP_PKEY *pktmp; + pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); + return pkey_get_rsa(pktmp, rsa); +} + +#ifndef NO_FP_API + +RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, + void *u) +{ + EVP_PKEY *pktmp; + pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); + return pkey_get_rsa(pktmp, rsa); +} +#endif + +IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) +IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) #endif #ifndef NO_DSA -IMPLEMENT_PEM_rw_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) +static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) +{ + DSA *dtmp; + if(!key) return NULL; + dtmp = EVP_PKEY_rget_DSA(key); + EVP_PKEY_free(key); + if(!dtmp) return NULL; + if(dsa) { + DSA_free(*dsa); + *dsa = dtmp; + } + return dtmp; +} + +DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, + void *u) +{ + EVP_PKEY *pktmp; + pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); + return pkey_get_dsa(pktmp, dsa); +} + +IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) +IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) + +#ifndef NO_FP_API + +DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, + void *u) +{ + EVP_PKEY *pktmp; + pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); + return pkey_get_dsa(pktmp, dsa); +} -IMPLEMENT_PEM_rw(DSAPublicKey, DSA, PEM_STRING_DSA_PUBLIC, DSAPublicKey) +#endif IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) @@ -115,3 +193,5 @@ IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) */ IMPLEMENT_PEM_read(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey) IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey) + +IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY); |