-/* $OpenBSD: p8_pkey.c,v 1.17 2015/09/10 15:56:25 jsing Exp $ */
+/* $OpenBSD: p8_pkey.c,v 1.18 2018/08/24 20:07:41 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* Since the structure must still be valid use ASN1_OP_FREE_PRE */
if (operation == ASN1_OP_FREE_PRE) {
PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
- if (key->pkey != NULL &&
- key->pkey->type == V_ASN1_OCTET_STRING &&
- key->pkey->value.octet_string != NULL)
- explicit_bzero(key->pkey->value.octet_string->data,
- key->pkey->value.octet_string->length);
+ if (key->pkey != NULL)
+ explicit_bzero(key->pkey->data, key->pkey->length);
}
return 1;
}
{
.offset = offsetof(PKCS8_PRIV_KEY_INFO, pkey),
.field_name = "pkey",
- .item = &ASN1_ANY_it,
+ .item = &ASN1_OCTET_STRING_it,
},
{
.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
int ptype, void *pval, unsigned char *penc, int penclen)
{
- unsigned char **ppenc = NULL;
-
if (version >= 0) {
if (!ASN1_INTEGER_set(priv->version, version))
return 0;
}
- if (penc) {
- int pmtype;
- ASN1_OCTET_STRING *oct;
- oct = ASN1_OCTET_STRING_new();
- if (!oct)
- return 0;
- oct->data = penc;
- ppenc = &oct->data;
- oct->length = penclen;
- if (priv->broken == PKCS8_NO_OCTET)
- pmtype = V_ASN1_SEQUENCE;
- else
- pmtype = V_ASN1_OCTET_STRING;
- ASN1_TYPE_set(priv->pkey, pmtype, oct);
- }
- if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) {
- /* If call fails do not swallow 'enc' */
- if (ppenc)
- *ppenc = NULL;
+ if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
return 0;
- }
+ if (penc != NULL)
+ ASN1_STRING_set0(priv->pkey, penc, penclen);
return 1;
}
PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen,
X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8)
{
- if (ppkalg)
+ if (ppkalg != NULL)
*ppkalg = p8->pkeyalg->algorithm;
- if (p8->pkey->type == V_ASN1_OCTET_STRING) {
- p8->broken = PKCS8_OK;
- if (pk) {
- *pk = p8->pkey->value.octet_string->data;
- *ppklen = p8->pkey->value.octet_string->length;
- }
- } else if (p8->pkey->type == V_ASN1_SEQUENCE) {
- p8->broken = PKCS8_NO_OCTET;
- if (pk) {
- *pk = p8->pkey->value.sequence->data;
- *ppklen = p8->pkey->value.sequence->length;
- }
- } else
- return 0;
- if (pa)
+ if (pk != NULL) {
+ *pk = ASN1_STRING_data(p8->pkey);
+ *ppklen = ASN1_STRING_length(p8->pkey);
+ }
+ if (pa != NULL)
*pa = p8->pkeyalg;
return 1;
}
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8)
+{
+ return p8->attributes;
+}
+
+int
+PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+ const unsigned char *bytes, int len)
+{
+ if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes,
+ len) != NULL)
+ return 1;
+ return 0;
+}
+
-/* $OpenBSD: evp_pkey.c,v 1.20 2018/05/13 06:48:00 tb Exp $ */
+/* $OpenBSD: evp_pkey.c,v 1.21 2018/08/24 20:07:41 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
return NULL;
}
-PKCS8_PRIV_KEY_INFO *
-EVP_PKEY2PKCS8(EVP_PKEY *pkey)
-{
- return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
-}
-
/* Turn a private key into a PKCS8 structure */
PKCS8_PRIV_KEY_INFO *
-EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
+EVP_PKEY2PKCS8(EVP_PKEY *pkey)
{
PKCS8_PRIV_KEY_INFO *p8;
EVPerror(ERR_R_MALLOC_FAILURE);
return NULL;
}
- p8->broken = broken;
if (pkey->ameth) {
if (pkey->ameth->priv_encode) {
return NULL;
}
-PKCS8_PRIV_KEY_INFO *
-PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
-{
- switch (broken) {
- case PKCS8_OK:
- p8->broken = PKCS8_OK;
- return p8;
- break;
-
- case PKCS8_NO_OCTET:
- p8->broken = PKCS8_NO_OCTET;
- p8->pkey->type = V_ASN1_SEQUENCE;
- return p8;
- break;
-
- default:
- EVPerror(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
- return NULL;
- }
-}
-
/* EVP_PKEY attribute functions */
int
-/* $OpenBSD: p12_attr.c,v 1.11 2018/05/13 14:15:01 tb Exp $ */
+/* $OpenBSD: p12_attr.c,v 1.12 2018/08/24 20:07:41 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
int
PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
{
- unsigned char us_val;
+ unsigned char us_val = (unsigned char)usage;
- us_val = (unsigned char) usage;
- if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
- V_ASN1_BIT_STRING, &us_val, 1))
- return 1;
- else
- return 0;
+ return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage, V_ASN1_BIT_STRING,
+ &us_val, 1);
}
/* Add a friendlyname to a safebag */
-/* $OpenBSD: x509.h,v 1.71 2018/08/24 19:59:32 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.72 2018/08/24 20:07:42 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
/* PKCS#8 private key info structure */
-struct pkcs8_priv_key_info_st
- {
- int broken; /* Flag for various broken formats */
-#define PKCS8_OK 0
-#define PKCS8_NO_OCTET 1
-#define PKCS8_EMBEDDED_PARAM 2
-#define PKCS8_NS_DB 3
-#define PKCS8_NEG_PRIVKEY 4
+struct pkcs8_priv_key_info_st {
ASN1_INTEGER *version;
X509_ALGOR *pkeyalg;
- ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
+ ASN1_OCTET_STRING *pkey;
STACK_OF(X509_ATTRIBUTE) *attributes;
- };
+};
#ifdef __cplusplus
}
EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
int version, int ptype, void *pval,
X509_ALGOR **pa,
PKCS8_PRIV_KEY_INFO *p8);
+const STACK_OF(X509_ATTRIBUTE) *PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
+int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+ const unsigned char *bytes, int len);
+
int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
int ptype, void *pval,
unsigned char *penc, int penclen);
projects / openbsd / commitdiff