const char *pass, const char *desc);
int load_key_cert_crl(const char *uri, int maybe_stdin,
const char *pass, const char *desc,
- EVP_PKEY **ppkey, X509 **pcert, X509_CRL **pcrl);
+ EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
+ X509 **pcert, X509_CRL **pcrl);
X509_STORE *setup_verify(const char *CAfile, int noCAfile,
const char *CApath, int noCApath,
const char *CAstore, int noCAstore);
if (desc == NULL)
desc = "certificate";
- (void)load_key_cert_crl(uri, maybe_stdin, pass, desc, NULL, &cert, NULL);
+ (void)load_key_cert_crl(uri, maybe_stdin, pass, desc,
+ NULL, NULL, &cert, NULL);
if (cert == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
ERR_print_errors(bio_err);
if (desc == NULL)
desc = "CRL";
- (void)load_key_cert_crl(uri, 0, NULL, desc, NULL, NULL, &crl);
+ (void)load_key_cert_crl(uri, 0, NULL, desc,
+ NULL, NULL, NULL, &crl);
if (crl == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
ERR_print_errors(bio_err);
#endif
}
} else {
- (void)load_key_cert_crl(uri, may_stdin, pass, desc, &pkey, NULL, NULL);
+ (void)load_key_cert_crl(uri, may_stdin, pass, desc,
+ &pkey, NULL, NULL, NULL);
}
if (pkey == NULL) {
#endif
}
} else {
- (void)load_key_cert_crl(uri, maybe_stdin, pass, desc, &pkey,
- NULL, NULL);
+ (void)load_key_cert_crl(uri, maybe_stdin, pass, desc,
+ NULL, &pkey, NULL, NULL);
}
if (pkey == NULL) {
BIO_printf(bio_err, "Unable to load %s\n", desc);
*/
int load_key_cert_crl(const char *uri, int maybe_stdin,
const char *pass, const char *desc,
- EVP_PKEY **ppkey, X509 **pcert, X509_CRL **pcrl)
+ EVP_PKEY **ppkey, EVP_PKEY **ppubkey,
+ X509 **pcert, X509_CRL **pcrl)
{
PW_CB_DATA uidata;
OSSL_STORE_CTX *ctx = NULL;
if (ppkey != NULL)
*ppkey = NULL;
+ if (ppubkey != NULL)
+ *ppubkey = NULL;
if (pcert != NULL)
*pcert = NULL;
if (pcrl != NULL)
case OSSL_STORE_INFO_PKEY:
if (ppkey != NULL && *ppkey == NULL)
err = ((*ppkey = OSSL_STORE_INFO_get1_PKEY(info)) == NULL);
+
+ /*
+ * An EVP_PKEY with private parts also holds the public parts,
+ * so if the caller asked for a public key, and we got a private
+ * key, we can still pass it back.
+ */
+ if (ppubkey != NULL && *ppubkey == NULL)
+ err = ((*ppubkey = OSSL_STORE_INFO_get1_PKEY(info)) == NULL);
+ break;
+ case OSSL_STORE_INFO_PUBKEY:
+ if (ppubkey != NULL && *ppubkey == NULL)
+ err = ((*ppubkey = OSSL_STORE_INFO_get1_PUBKEY(info)) == NULL);
break;
case OSSL_STORE_INFO_CERT:
if (pcert != NULL && *pcert == NULL)
PEM_write_bio_Parameters(out,
OSSL_STORE_INFO_get0_PARAMS(info));
break;
+ case OSSL_STORE_INFO_PUBKEY:
+ if (text)
+ EVP_PKEY_print_public(out, OSSL_STORE_INFO_get0_PUBKEY(info),
+ 0, NULL);
+ if (!noout)
+ PEM_write_bio_PUBKEY(out, OSSL_STORE_INFO_get0_PUBKEY(info));
+ break;
case OSSL_STORE_INFO_PKEY:
if (text)
EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info),
OSSL_STORE_R_LOADING_STARTED:117:loading started
OSSL_STORE_R_NOT_A_CERTIFICATE:100:not a certificate
OSSL_STORE_R_NOT_A_CRL:101:not a crl
-OSSL_STORE_R_NOT_A_KEY:102:not a key
OSSL_STORE_R_NOT_A_NAME:103:not a name
+OSSL_STORE_R_NOT_A_PRIVATE_KEY:102:not a private key
+OSSL_STORE_R_NOT_A_PUBLIC_KEY:122:not a public key
OSSL_STORE_R_NOT_PARAMETERS:104:not parameters
OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR:114:passphrase callback error
OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE:108:path must be absolute
if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) {
*matchcount = 1;
- store_info = OSSL_STORE_INFO_new_PKEY(pkey);
+ store_info = OSSL_STORE_INFO_new_PUBKEY(pkey);
}
return store_info;
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE),
"not a certificate"},
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"},
- {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_KEY), "not a key"},
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_NAME), "not a name"},
+ {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_PRIVATE_KEY),
+ "not a private key"},
+ {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_PUBLIC_KEY),
+ "not a public key"},
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS),
"not parameters"},
{ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR),
return info;
}
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey)
+{
+ OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PUBKEY, pkey);
+
+ if (info == NULL)
+ ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
+ return info;
+}
+
OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
{
OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
return NULL;
}
+EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info)
+{
+ if (info->type == OSSL_STORE_INFO_PUBKEY)
+ return info->_.pubkey;
+ return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info)
+{
+ if (info->type == OSSL_STORE_INFO_PUBKEY) {
+ EVP_PKEY_up_ref(info->_.pubkey);
+ return info->_.pubkey;
+ }
+ OSSL_STOREerr(0, OSSL_STORE_R_NOT_A_PUBLIC_KEY);
+ return NULL;
+}
+
EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
{
if (info->type == OSSL_STORE_INFO_PKEY)
return info->_.pkey;
}
OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
- OSSL_STORE_R_NOT_A_KEY);
+ OSSL_STORE_R_NOT_A_PRIVATE_KEY);
return NULL;
}
case OSSL_STORE_INFO_PARAMS:
EVP_PKEY_free(info->_.params);
break;
+ case OSSL_STORE_INFO_PUBKEY:
+ EVP_PKEY_free(info->_.pubkey);
+ break;
case OSSL_STORE_INFO_PKEY:
EVP_PKEY_free(info->_.pkey);
break;
} name; /* when type == OSSL_STORE_INFO_NAME */
EVP_PKEY *params; /* when type == OSSL_STORE_INFO_PARAMS */
+ EVP_PKEY *pubkey; /* when type == OSSL_STORE_INFO_PUBKEY */
EVP_PKEY *pkey; /* when type == OSSL_STORE_INFO_PKEY */
X509 *x509; /* when type == OSSL_STORE_INFO_CERT */
X509_CRL *crl; /* when type == OSSL_STORE_INFO_CRL */
static char *type_strings[] = {
"Name", /* OSSL_STORE_INFO_NAME */
"Parameters", /* OSSL_STORE_INFO_PARAMS */
+ "Public key", /* OSSL_STORE_INFO_PUBKEY */
"Pkey", /* OSSL_STORE_INFO_PKEY */
"Certificate", /* OSSL_STORE_INFO_CERT */
"CRL" /* OSSL_STORE_INFO_CRL */
=head1 NAME
OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME,
-OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS,
+OSSL_STORE_INFO_get0_NAME_description,
+OSSL_STORE_INFO_get0_PARAMS, OSSL_STORE_INFO_get0_PUBKEY,
OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL,
OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description,
-OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY,
-OSSL_STORE_INFO_get1_CERT,
-OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free,
+OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PUBKEY,
+OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL,
+OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free,
OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description,
-OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT,
-OSSL_STORE_INFO_new_CRL - Functions to manipulate OSSL_STORE_INFO objects
+OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PUBKEY,
+OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL
+- Functions to manipulate OSSL_STORE_INFO objects
=head1 SYNOPSIS
char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info);
EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info);
EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info);
+ EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info);
+ EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info);
EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info);
EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info);
X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name);
int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params);
+ OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pubkey);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
short string describing it.
OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(),
-OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(),
-OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all take a
-B<OSSL_STORE_INFO> and return the held object of the appropriate OpenSSL
-type provided that's what's held.
+OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PUBKEY(),
+OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(),
+OSSL_STORE_INFO_get0_CRL()
+all take a B<OSSL_STORE_INFO> and return the object it holds if the
+B<OSSL_STORE_INFO> type (as returned by OSSL_STORE_INFO_get_type())
+matches the function, otherwise NULL.
OSSL_STORE_INFO_get1_NAME(), OSSL_STORE_INFO_get1_NAME_description(),
-OSSL_STORE_INFO_get1_PARAMS(), OSSL_STORE_INFO_get1_PKEY(),
-OSSL_STORE_INFO_get1_CERT() and OSSL_STORE_INFO_get1_CRL() all take a
-B<OSSL_STORE_INFO> and return a duplicate of the held object of the
-appropriate OpenSSL type provided that's what's held.
+OSSL_STORE_INFO_get1_PARAMS(), OSSL_STORE_INFO_get1_PUBKEY(),
+OSSL_STORE_INFO_get1_PKEY(), OSSL_STORE_INFO_get1_CERT() and
+OSSL_STORE_INFO_get1_CRL()
+all take a B<OSSL_STORE_INFO> and return a duplicate the object it
+holds if the B<OSSL_STORE_INFO> type (as returned by
+OSSL_STORE_INFO_get_type()) matches the function, otherwise NULL.
OSSL_STORE_INFO_free() frees a B<OSSL_STORE_INFO> and its contained type.
OSSL_STORE_INFO_new_NAME() , OSSL_STORE_INFO_new_PARAMS(),
-OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and
-OSSL_STORE_INFO_new_CRL() create a B<OSSL_STORE_INFO>
-object to hold the given input object.
+, OSSL_STORE_INFO_new_PUBKEY(), OSSL_STORE_INFO_new_PKEY(),
+OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL()
+create a B<OSSL_STORE_INFO> object to hold the given input object.
On success the input object is consumed.
Additionally, for B<OSSL_STORE_INFO_NAME>` objects,
*/
# define OSSL_STORE_INFO_NAME 1 /* char * */
# define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */
-# define OSSL_STORE_INFO_PKEY 3 /* EVP_PKEY * */
-# define OSSL_STORE_INFO_CERT 4 /* X509 * */
-# define OSSL_STORE_INFO_CRL 5 /* X509_CRL * */
+# define OSSL_STORE_INFO_PUBKEY 3 /* EVP_PKEY * */
+# define OSSL_STORE_INFO_PKEY 4 /* EVP_PKEY * */
+# define OSSL_STORE_INFO_CERT 5 /* X509 * */
+# define OSSL_STORE_INFO_CRL 6 /* X509_CRL * */
/*
* Functions to generate OSSL_STORE_INFOs, one function for each type we
OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name);
int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pubkey);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509);
OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info);
EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info);
EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info);
EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info);
EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info);
X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info);
# define OSSL_STORE_R_LOADING_STARTED 117
# define OSSL_STORE_R_NOT_A_CERTIFICATE 100
# define OSSL_STORE_R_NOT_A_CRL 101
-# define OSSL_STORE_R_NOT_A_KEY 102
# define OSSL_STORE_R_NOT_A_NAME 103
+# define OSSL_STORE_R_NOT_A_PRIVATE_KEY 102
+# define OSSL_STORE_R_NOT_A_PUBLIC_KEY 122
# define OSSL_STORE_R_NOT_PARAMETERS 104
# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR 114
# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE 108
EVP_KEYEXCH_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION:
EVP_KEYEXCH_settable_ctx_params ? 3_0_0 EXIST::FUNCTION:
d2i_PUBKEY_ex ? 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_INFO_new_PUBKEY ? 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_INFO_get0_PUBKEY ? 3_0_0 EXIST::FUNCTION:
+OSSL_STORE_INFO_get1_PUBKEY ? 3_0_0 EXIST::FUNCTION: