diff options
author | Richard Levitte <levitte@openssl.org> | 2021-05-27 12:34:03 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-06-09 17:00:10 +0200 |
commit | 6a2b8ff392a304bbb106528653397b864acc53fa (patch) | |
tree | 75bd836ad9cec6eec65f270fd4db4b893f73b939 /test | |
parent | 320fc032b98cc452c5dc96600b16da40b155123b (diff) | |
download | openssl-6a2b8ff392a304bbb106528653397b864acc53fa.tar.gz |
Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8
This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo",
which is sensible considering we already have "SubjectPublicKeyInfo".
We also add "EncryptedPrivateKeyInfo", and use it for a special decoder
that detects and decrypts an EncryptedPrivateKeyInfo structured DER
blob into a PrivateKeyInfo structured DER blob and passes that on to
the next decoder implementation.
The result of this change is that PKCS#8 decryption should only happen
once per decoding instead of once for every expected key type.
Furthermore, this new decoder implementation sets the data type to the
OID of the algorithmIdentifier field, thus reducing how many decoder
implementations are tentativaly run further down the call chain.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15498)
Diffstat (limited to 'test')
-rw-r--r-- | test/endecode_test.c | 10 | ||||
-rw-r--r-- | test/evp_pkey_provided_test.c | 4 |
2 files changed, 8 insertions, 6 deletions
diff --git a/test/endecode_test.c b/test/endecode_test.c index f800d7738c..d28ea3c812 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -526,7 +526,7 @@ static int test_unprotected_via_DER(const char *type, EVP_PKEY *key) return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - "DER", "pkcs8", NULL, NULL, + "DER", "PrivateKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_mem, check_unprotected_PKCS8_DER, dump_der, 0); @@ -548,7 +548,7 @@ static int test_unprotected_via_PEM(const char *type, EVP_PKEY *key) return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - "PEM", "pkcs8", NULL, NULL, + "PEM", "PrivateKeyInfo", NULL, NULL, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_text, check_unprotected_PKCS8_PEM, dump_pem, 0); @@ -703,7 +703,8 @@ static int test_protected_via_DER(const char *type, EVP_PKEY *key) return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "DER", "pkcs8", pass, pass_cipher, + "DER", "PrivateKeyInfo", + pass, pass_cipher, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_mem, check_protected_PKCS8_DER, dump_der, 0); @@ -725,7 +726,8 @@ static int test_protected_via_PEM(const char *type, EVP_PKEY *key) return test_encode_decode(__FILE__, __LINE__, type, key, OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - "PEM", "pkcs8", pass, pass_cipher, + "PEM", "PrivateKeyInfo", + pass, pass_cipher, encode_EVP_PKEY_prov, decode_EVP_PKEY_prov, test_text, check_protected_PKCS8_PEM, dump_pem, 0); diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index bdfa3cd754..f075f40b0c 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -176,14 +176,14 @@ static int test_print_key_type_using_encoder(const char *alg, int type, case PRIV_PEM: output_type = "PEM"; - output_structure = "pkcs8"; + output_structure = "PrivateKeyInfo"; selection = OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; break; case PRIV_DER: output_type = "DER"; - output_structure = "pkcs8"; + output_structure = "PrivateKeyInfo"; selection = OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; break; |