projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 320fc03) | patch
Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8
authorRichard Levitte <levitte@openssl.org>
Thu, 27 May 2021 10:34:03 +0000 (12:34 +0200)
committerRichard Levitte <levitte@openssl.org>
Wed, 9 Jun 2021 15:00:10 +0000 (17:00 +0200)
commit6a2b8ff392a304bbb106528653397b864acc53fa
tree75bd836ad9cec6eec65f270fd4db4b893f73b939tree | snapshot
parent320fc032b98cc452c5dc96600b16da40b155123bcommit | diff
Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8

This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo",
which is sensible considering we already have "SubjectPublicKeyInfo".
We also add "EncryptedPrivateKeyInfo", and use it for a special decoder
that detects and decrypts an EncryptedPrivateKeyInfo structured DER
blob into a PrivateKeyInfo structured DER blob and passes that on to
the next decoder implementation.

The result of this change is that PKCS#8 decryption should only happen
once per decoding instead of once for every expected key type.
Furthermore, this new decoder implementation sets the data type to the
OID of the algorithmIdentifier field, thus reducing how many decoder
implementations are tentativaly run further down the call chain.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15498)
18 files changed:
apps/rsa.c diff | blob | history
crypto/asn1/d2i_pr.c diff | blob | history
crypto/asn1/i2d_evp.c diff | blob | history
crypto/evp/evp_pkey.c diff | blob | history
crypto/pem/pem_local.h diff | blob | history
crypto/pem/pem_pk8.c diff | blob | history
doc/man3/OSSL_ENCODER_to_bio.pod diff | blob | history
doc/man7/openssl-glossary.pod diff | blob | history
providers/decoders.inc diff | blob | history
providers/encoders.inc diff | blob | history
providers/implementations/encode_decode/build.info diff | blob | history
providers/implementations/encode_decode/decode_der2key.c diff | blob | history
providers/implementations/encode_decode/decode_epki2pki.c [new file with mode: 0644] blob
providers/implementations/encode_decode/decode_pem2der.c diff | blob | history
providers/implementations/encode_decode/encode_key2any.c diff | blob | history
providers/implementations/include/prov/implementations.h diff | blob | history
test/endecode_test.c diff | blob | history
test/evp_pkey_provided_test.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.