X509: Refactor X509_PUBKEY processing to include provider side keys

When a SubjectPublicKeyInfo (SPKI) is decoded into an X509_PUBKEY structure, the corresponding EVP_PKEY is automatically added as well. This used to only support our built-in keytypes, and only in legacy form. This is now refactored by making The ASN1 implementation of the X509_PUBKEY an EXTERN_ASN1, resulting in a more manual implementation of the basic support routines. Specifically, the d2i routine will do what was done in the callback before, and try to interpret the input as an EVP_PKEY, first in legacy form, and then using OSSL_DECODER. Fixes #13893 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14281)
author: Richard Levitte <levitte@openssl.org> 2021-01-28 09:00:58 +0100
committer: Richard Levitte <levitte@openssl.org> 2021-02-24 10:17:14 +0100
commit: 10315851d0230646947213ac148747bc64c56798 (patch)
tree: e42ace1a1251dc13083d5a1258f4b2fddec63916 /include
parent: ce0b307ea01bc5e3e178cd4dba45f9bb9d4ba5df (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/crypto/x509.h b/include/crypto/x509.h
index 809f6e328e..67fd88dbc4 100644
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@@ -327,4 +327,7 @@ int X509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
 /* Calculate default key identifier according to RFC 5280 section 4.2.1.2 (1) */
 ASN1_OCTET_STRING *x509_pubkey_hash(X509_PUBKEY *pubkey);
 
+/* A variant of d2i_PUBKEY() that is guaranteed to only return legacy keys */
+EVP_PKEY *d2i_PUBKEY_legacy(EVP_PKEY **a,
+                            const unsigned char **in, long length);
 #endif
author	Richard Levitte <levitte@openssl.org>	2021-01-28 09:00:58 +0100
committer	Richard Levitte <levitte@openssl.org>	2021-02-24 10:17:14 +0100
commit	10315851d0230646947213ac148747bc64c56798 (patch)
tree	e42ace1a1251dc13083d5a1258f4b2fddec63916 /include
parent	ce0b307ea01bc5e3e178cd4dba45f9bb9d4ba5df (diff)