* reference.
*/
-DEFINE_STACK_OF(X509)
-
struct extracted_param_data_st {
int object_type;
const char *data_type;
static int try_pkcs12(struct extracted_param_data_st *, OSSL_STORE_INFO **,
OSSL_STORE_CTX *, OPENSSL_CTX *, const char *);
+#define SET_ERR_MARK() ERR_set_mark()
+#define CLEAR_ERR_MARK() \
+ do { \
+ int err = ERR_peek_last_error(); \
+ \
+ if (ERR_GET_LIB(err) == ERR_LIB_ASN1 \
+ && (ERR_GET_REASON(err) == ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE \
+ || ERR_GET_REASON(err) == ASN1_R_NO_MATCHING_CHOICE_TYPE \
+ || ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR)) \
+ ERR_pop_to_mark(); \
+ else \
+ ERR_clear_last_mark(); \
+ } while(0)
+#define RESET_ERR_MARK() \
+ do { \
+ CLEAR_ERR_MARK(); \
+ SET_ERR_MARK(); \
+ } while(0)
+
int ossl_store_handle_load_result(const OSSL_PARAM params[], void *arg)
{
struct ossl_load_result_data_st *cbdata = arg;
* The helper functions return 0 on actual errors, otherwise 1, even if
* they didn't fill out |*v|.
*/
- if (!try_name(&helper_data, v)
- || !try_key(&helper_data, v, ctx, provider, libctx, propq)
- || !try_cert(&helper_data, v, libctx, propq)
- || !try_crl(&helper_data, v, libctx, propq)
- || !try_pkcs12(&helper_data, v, ctx, libctx, propq))
- return 0;
+ SET_ERR_MARK();
+ if (!try_name(&helper_data, v))
+ goto err;
+ RESET_ERR_MARK();
+ if (!try_key(&helper_data, v, ctx, provider, libctx, propq))
+ goto err;
+ RESET_ERR_MARK();
+ if (!try_cert(&helper_data, v, libctx, propq))
+ goto err;
+ RESET_ERR_MARK();
+ if (!try_crl(&helper_data, v, libctx, propq))
+ goto err;
+ RESET_ERR_MARK();
+ if (!try_pkcs12(&helper_data, v, ctx, libctx, propq))
+ goto err;
+ CLEAR_ERR_MARK();
return (*v != NULL);
+ err:
+ return 0;
}
static int try_name(struct extracted_param_data_st *data, OSSL_STORE_INFO **v)
if (membio == NULL)
return 0;
- decoderctx = OSSL_DECODER_CTX_new_by_EVP_PKEY(&pk, "DER", libctx, propq);
+ decoderctx =
+ OSSL_DECODER_CTX_new_by_EVP_PKEY(&pk, "DER", NULL, libctx, propq);
(void)OSSL_DECODER_CTX_set_passphrase_cb(decoderctx, cb, cbarg);
/* No error if this couldn't be decoded */
const unsigned char *der = data->octet_data, *derp;
long der_len = (long)data->octet_data_size;
+ SET_ERR_MARK();
/* Try PUBKEY first, that's a real easy target */
derp = der;
pk = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, propq);
if (pk != NULL)
*store_info_new = OSSL_STORE_INFO_new_PUBKEY;
+ RESET_ERR_MARK();
/* Try private keys next */
if (pk == NULL) {
}
X509_SIG_free(p8);
}
+ RESET_ERR_MARK();
/*
* If the encrypted PKCS#8 couldn't be decrypted,
/* Try to unpack an unencrypted PKCS#8, that's easy */
derp = der;
p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, der_len);
+ RESET_ERR_MARK();
if (p8info != NULL) {
- pk = EVP_PKCS82PKEY_with_libctx(p8info, libctx, propq);
+ pk = EVP_PKCS82PKEY_ex(p8info, libctx, propq);
PKCS8_PRIV_KEY_INFO_free(p8info);
}
-
- /*
- * It wasn't PKCS#8, so we must try the hard way.
- * However, we can cheat a little bit, because we know
- * what's not yet fully supported in out decoders.
- * TODO(3.0) Eliminate these when we have decoder support.
- */
- if (pk == NULL) {
- derp = der;
- pk = d2i_PrivateKey_ex(EVP_PKEY_SM2, NULL,
- &derp, der_len,
- libctx, NULL);
- }
}
if (pk != NULL)
der = data->octet_data;
der_len = (long)data->octet_data_size;
}
-
- /*
- * Last, we try parameters. We cheat the same way we do for
- * private keys above.
- * TODO(3.0) Eliminate these when we have decoder support.
- */
- if (pk == NULL) {
- derp = der;
- pk = d2i_KeyParams(EVP_PKEY_SM2, NULL, &derp, der_len);
- if (pk != NULL)
- *store_info_new = OSSL_STORE_INFO_new_PARAMS;
- }
+ CLEAR_ERR_MARK();
return pk;
}