123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 |
- =pod
- =head1 NAME
- OSSL_DECODER_CTX_new_for_pkey,
- OSSL_DECODER_CTX_set_passphrase,
- OSSL_DECODER_CTX_set_pem_password_cb,
- OSSL_DECODER_CTX_set_passphrase_ui,
- OSSL_DECODER_CTX_set_passphrase_cb
- - Decoder routines to decode EVP_PKEYs
- =head1 SYNOPSIS
- #include <openssl/decoder.h>
- OSSL_DECODER_CTX *
- OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey,
- const char *input_type,
- const char *input_struct,
- const char *keytype, int selection,
- OSSL_LIB_CTX *libctx, const char *propquery);
- int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx,
- const unsigned char *kstr,
- size_t klen);
- int OSSL_DECODER_CTX_set_pem_password_cb(OSSL_DECODER_CTX *ctx,
- pem_password_cb *cb,
- void *cbarg);
- int OSSL_DECODER_CTX_set_passphrase_ui(OSSL_DECODER_CTX *ctx,
- const UI_METHOD *ui_method,
- void *ui_data);
- int OSSL_DECODER_CTX_set_passphrase_cb(OSSL_DECODER_CTX *ctx,
- OSSL_PASSPHRASE_CALLBACK *cb,
- void *cbarg);
- =head1 DESCRIPTION
- OSSL_DECODER_CTX_new_for_pkey() is a utility function that creates a
- B<OSSL_DECODER_CTX>, finds all applicable decoder implementations and sets
- them up, so all the caller has to do next is call functions like
- L<OSSL_DECODER_from_bio(3)>. The caller may use the optional I<input_type>,
- I<input_struct>, I<keytype> and I<selection> to specify what the input is
- expected to contain. The I<pkey> must reference an B<EVP_PKEY *> variable
- that will be set to the newly created B<EVP_PKEY> on successful decoding.
- The referenced variable must be initialized to NULL before calling the
- function.
- Internally OSSL_DECODER_CTX_new_for_pkey() searches for all available
- L<EVP_KEYMGMT(3)> implementations, and then builds a list of all potential
- decoder implementations that may be able to process the encoded input into
- data suitable for B<EVP_PKEY>s. All these implementations are implicitly
- fetched using I<libctx> and I<propquery>.
- The search of decoder implementations can be limited with I<input_type> and
- I<input_struct> which specifies a starting input type and input structure.
- NULL is valid for both of them and signifies that the decoder implementations
- will find out the input type on their own.
- They are set with L<OSSL_DECODER_CTX_set_input_type(3)> and
- L<OSSL_DECODER_CTX_set_input_structure(3)>.
- See L</Input Types> and L</Input Structures> below for further information.
- The search of decoder implementations can also be limited with I<keytype>
- and I<selection>, which specifies the expected resulting keytype and contents.
- NULL and zero are valid and signify that the decoder implementations will
- find out the keytype and key contents on their own from the input they get.
- If no suitable decoder implementation is found,
- OSSL_DECODER_CTX_new_for_pkey() still creates a B<OSSL_DECODER_CTX>, but
- with no associated decoder (L<OSSL_DECODER_CTX_get_num_decoders(3)> returns
- zero). This helps the caller to distinguish between an error when creating
- the B<OSSL_ENCODER_CTX> and missing encoder implementation, and allows it to
- act accordingly.
- OSSL_DECODER_CTX_set_passphrase() gives the implementation a pass phrase to
- use when decrypting the encoded private key. Alternatively, a pass phrase
- callback may be specified with the following functions.
- OSSL_DECODER_CTX_set_pem_password_cb(), OSSL_DECODER_CTX_set_passphrase_ui()
- and OSSL_DECODER_CTX_set_passphrase_cb() set up a callback method that the
- implementation can use to prompt for a pass phrase, giving the caller the
- choice of preferred pass phrase callback form. These are called indirectly,
- through an internal B<OSSL_PASSPHRASE_CALLBACK> function.
- The internal B<OSSL_PASSPHRASE_CALLBACK> function caches the pass phrase, to
- be re-used in all decodings that are performed in the same decoding run (for
- example, within one L<OSSL_DECODER_from_bio(3)> call).
- =head2 Input Types
- Available input types depend on the implementations that available providers
- offer, and provider documentation should have the details.
- Among the known input types that OpenSSL decoder implementations offer
- for B<EVP_PKEY>s are C<DER>, C<PEM>, C<MSBLOB> and C<PVK>.
- See L<openssl-glossary(7)> for further information on what these input
- types mean.
- =head2 Input Structures
- Available input structures depend on the implementations that available
- providers offer, and provider documentation should have the details.
- Among the known input structures that OpenSSL decoder implementations
- offer for B<EVP_PKEY>s are C<pkcs8> and C<SubjectPublicKeyInfo>.
- OpenSSL decoder implementations also support the input structure
- C<type-specific>. This is the structure used for keys encoded
- according to key type specific specifications. For example, RSA keys
- encoded according to PKCS#1.
- =head2 Selections
- I<selection> can be any one of the values described in
- L<EVP_PKEY_fromdata(3)/Selections>.
- Additionally I<selection> can also be set to B<0> to indicate that the code will
- auto detect the selection.
- =head1 RETURN VALUES
- OSSL_DECODER_CTX_new_for_pkey() returns a pointer to a
- B<OSSL_DECODER_CTX>, or NULL if it couldn't be created.
- OSSL_DECODER_CTX_set_passphrase(), OSSL_DECODER_CTX_set_pem_password_cb(),
- OSSL_DECODER_CTX_set_passphrase_ui() and
- OSSL_DECODER_CTX_set_passphrase_cb() all return 1 on success, or 0 on
- failure.
- =head1 SEE ALSO
- L<provider(7)>, L<OSSL_DECODER(3)>, L<OSSL_DECODER_CTX(3)>
- =head1 HISTORY
- The functions described here were added in OpenSSL 3.0.
- =head1 COPYRIGHT
- Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|