diff options
Diffstat (limited to 'src/include/openssl/pkcs8.h')
-rw-r--r-- | src/include/openssl/pkcs8.h | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/src/include/openssl/pkcs8.h b/src/include/openssl/pkcs8.h index bb6b03c..6b51f85 100644 --- a/src/include/openssl/pkcs8.h +++ b/src/include/openssl/pkcs8.h @@ -106,6 +106,14 @@ OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_pbe(X509_SIG *pkcs8, const uint8_t *pass_raw, size_t pass_raw_len); +/* PKCS12_get_key_and_certs parses a PKCS#12 structure from |in|, authenticates + * and decrypts it using |password|, sets |*out_key| to the included private + * key and appends the included certificates to |out_certs|. It returns one on + * success and zero on error. The caller takes ownership of the outputs. */ +OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key, + STACK_OF(X509) *out_certs, + CBS *in, const char *password); + /* Deprecated functions. */ @@ -127,17 +135,6 @@ OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *pkcs8, const char *pass, int pass_len); -/* PKCS12_get_key_and_certs parses a PKCS#12 structure from |in|, authenticates - * and decrypts it using |password|, sets |*out_key| to the included private - * key and appends the included certificates to |out_certs|. It returns one on - * success and zero on error. The caller takes ownership of the outputs. */ -OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key, - STACK_OF(X509) *out_certs, - CBS *in, const char *password); - - -/* Deprecated functions. */ - /* PKCS12_PBE_add does nothing. It exists for compatibility with OpenSSL. */ OPENSSL_EXPORT void PKCS12_PBE_add(void); @@ -169,9 +166,21 @@ OPENSSL_EXPORT int PKCS12_parse(const PKCS12 *p12, const char *password, EVP_PKEY **out_pkey, X509 **out_cert, STACK_OF(X509) **out_ca_certs); +/* PKCS12_verify_mac returns one if |password| is a valid password for |p12| + * and zero otherwise. Since |PKCS12_parse| doesn't take a length parameter, + * it's not actually possible to use a non-NUL-terminated password to actually + * get anything from a |PKCS12|. Thus |password| and |password_len| may be + * |NULL| and zero, respectively, or else |password_len| may be -1, or else + * |password[password_len]| must be zero and no other NUL bytes may appear in + * |password|. If the |password_len| checks fail, zero is returned + * immediately. */ +OPENSSL_EXPORT int PKCS12_verify_mac(const PKCS12 *p12, const char *password, + int password_len); + /* PKCS12_free frees |p12| and its contents. */ OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12); + #if defined(__cplusplus) } /* extern C */ #endif |