diff options
author | Richard Levitte <levitte@openssl.org> | 2019-11-18 01:34:26 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-11-29 20:55:16 +0100 |
commit | 866234ac35e665f20c646059b1d92c5e9eb0c7ab (patch) | |
tree | 53cbf9072506794da60fdadc02c8d97676e7f125 /doc/man7 | |
parent | 1793d270f3c6f6b859e40ef1fa7bea1fd7e447c8 (diff) |
SERIALIZER: add support for serializing EVP_PKEYs
The following public functions is added:
- OSSL_SERIALIZER_CTX_new_by_EVP_PKEY()
- OSSL_SERIALIZER_CTX_set_cipher()
- OSSL_SERIALIZER_CTX_set_passphrase()
- OSSL_SERIALIZER_CTX_set_passphrase_cb()
- OSSL_SERIALIZER_CTX_set_passphrase_ui()
OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() selects a suitable serializer
for the given EVP_PKEY, and sets up the OSSL_SERIALIZER_CTX to
function together with OSSL_SERIALIZER_to_bio() and
OSSL_SERIALIZER_to_fp().
OSSL_SERIALIZER_CTX_set_cipher() indicates what cipher should be used
to produce an encrypted serialization of the EVP_PKEY. This is passed
directly to the provider using OSSL_SERIALIZER_CTX_set_params().
OSSL_SERIALIZER_CTX_set_passphrase() can be used to set a pass phrase
to be used for the encryption. This is passed directly to the
provider using OSSL_SERIALIZER_CTX_set_params().
OSSL_SERIALIZER_CTX_set_passphrase_cb() and
OSSL_SERIALIZER_CTX_set_passphrase_ui() sets up a callback to be used
to prompt for a passphrase. This is stored in the context, and is
called via an internal intermediary at the time of serialization.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
Diffstat (limited to 'doc/man7')
-rw-r--r-- | doc/man7/provider-serializer.pod | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/doc/man7/provider-serializer.pod b/doc/man7/provider-serializer.pod index e43e293d60..b23a8b64e2 100644 --- a/doc/man7/provider-serializer.pod +++ b/doc/man7/provider-serializer.pod @@ -193,6 +193,55 @@ Both serialization functions also take an B<OSSL_PASSPHRASE_CALLBACK> function pointer along with a pointer to application data I<cbarg>, which should be used when a pass phrase prompt is needed. +=head2 Serializer parameters + +Parameters currently recognised by built-in serializers are as +follows: + +=over 4 + +=item "cipher" (B<OSSL_SERIALIZER_PARAM_CIPHER>) <UTF8 string> + +The name of the encryption cipher to be used when generating encrypted +serialization. This is used when serializing private keys, as well as +other objects that need protection. + +If this name is invalid for the serialization implementation, the +implementation should refuse to perform the serialization, i.e. +OP_serializer_serialize_data() and OP_serializer_serialize_object() +should return an error. + +=item "properties" (B<OSSL_SERIALIZER_PARAM_PROPERTIES>) <UTF8 string> + +The properties to be queried when trying to fetch the algorithm given +with the "cipher" parameter. +This must be given together with the "cipher" parameter to be +considered valid. + +The serialization implementation isn't obligated to use this value. +However, it is recommended that implementations that do not handle +property strings return an error on receiving this parameter unless +its value NULL or the empty string. + +=item "passphrase" (B<OSSL_SERIALIZER_PARAM_PASS>) <octet string> + +A pass phrase provided by the application. When this is given, the +built-in serializers will not attempt to use the passphrase callback. + +=back + +Parameters currently recognised by the built-in pass phrase callback: + +=over 4 + +=item "info" (B<OSSL_PASSPHRASE_PARAM_INFO>) <UTF8 string> + +A string of information that will become part of the pass phrase +prompt. This could be used to give the user information on what kind +of object it's being prompted for. + +=back + =head1 RETURN VALUES OP_serializer_newctx() returns a pointer to a context, or NULL on |