diff options
author | Richard Levitte <levitte@openssl.org> | 2020-02-12 14:28:50 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-02-22 01:19:54 +0100 |
commit | 3f7ce7f1029c01c2c4d00e14ffc9630d26f485a4 (patch) | |
tree | b9256d3cf61c639bb444c04e52ebff524fcba07c /doc/internal | |
parent | 8e90e3d53665854d76d6d46491b38f0e2a802428 (diff) |
Refactor evp_pkey_make_provided() to do legacy to provider export
Previously, evp-keymgmt_util_export_to_provider() took care of all
kinds of exports of EVP_PKEYs to provider side keys, be it from its
legacy key or from another provider side key. This works most of the
times, but there may be cases where the caller wants to be a bit more
in control of what sort of export happens when.
Also, when it's time to remove all legacy stuff, that job will be much
easier if we have a better separation between legacy support and
support of provided stuff, as far as we can take it.
This changes moves the support of legacy key to provider side key
export from evp-keymgmt_util_export_to_provider() to
evp_pkey_make_provided(), and makes sure the latter is called from all
EVP_PKEY functions that handle legacy stuff.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11074)
Diffstat (limited to 'doc/internal')
-rw-r--r-- | doc/internal/man3/evp_keymgmt_util_export_to_provider.pod | 16 | ||||
-rw-r--r-- | doc/internal/man3/evp_pkey_make_provided.pod | 8 |
2 files changed, 15 insertions, 9 deletions
diff --git a/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod b/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod index 38e71334c8..2c8b7b2f24 100644 --- a/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod +++ b/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod @@ -21,17 +21,15 @@ evp_keymgmt_util_fromdata =head1 DESCRIPTION -evp_keymgmt_util_export_to_provider() exports the key material from -the given key I<pk> to a provider via a B<EVP_KEYMGMT> interface, if -this hasn't already been done. +evp_keymgmt_util_export_to_provider() exports cached key material +(provider side key material) from the given key I<pk> to a provider +via a B<EVP_KEYMGMT> interface, if this hasn't already been done. It maintains a cache of provider key references in I<pk> to keep track -of all such exports. +of all provider side keys. -If I<pk> has an assigned legacy key, a check is done to see if any of -its key material has changed since last export, i.e. the legacy key's -is_dirty() method returns 1. -If it has, the cache of already exported keys is cleared, and a new -export is made with the new key material. +To export a legacy key, use L<evp_pkey_make_provided(3)> instead, as +this function deals purely with provider side keys and will not care +to look at any legacy key. evp_keymgmt_util_clear_pkey_cache() can be used to explicitly clear the cache of provider key references. diff --git a/doc/internal/man3/evp_pkey_make_provided.pod b/doc/internal/man3/evp_pkey_make_provided.pod index 12cbe0c365..3eb17e707b 100644 --- a/doc/internal/man3/evp_pkey_make_provided.pod +++ b/doc/internal/man3/evp_pkey_make_provided.pod @@ -24,6 +24,14 @@ fetch an B<EVP_KEYMGMT> implicitly, using I<propquery> as property query string. As output from this function, I<*keymgmt> will be assigned the B<EVP_KEYMGMT> that was used, if the export was successful, otherwise it will be assigned NULL. +If I<pk> has an assigned legacy key, a check is done to see if any of +its key material has changed since last export, by comparing the +result of the legacy key's dirty_cnt() method with a copy of that +result from last time evp_pkey_make_provided() was run with this +B<EVP_PKEY>. +If it has, the cache of already exported keys is cleared, and a new +export is made with the new legacy key material. + =head1 RETURN VALUES evp_pkey_make_provided() returns the provider key data that was exported if |