diff options
author | Richard Levitte <levitte@openssl.org> | 2019-07-06 21:57:15 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-07-22 06:18:58 +0200 |
commit | 70a1f7b4d7a0611508f45ef884472b9d84cbe108 (patch) | |
tree | cd5bedc27008fca58dbd88c09b5eafd640ec6fe3 /doc | |
parent | a94a3e0d91378b5c478f687a0dbc51914d4ed497 (diff) |
Add evp_keymgmt_export_to_provider(), for key transfer between providers
This function is used to transport private key materia from whatever
is already attached to the EVP_PKEY to the new provider, using key
data export and import functionality.
If a legacy lower level key has been assigned to the EVP_PKEY, we use
its data to create a provider side key, and thereby have a bridge
between old style public key types and the EVP_PKEY on providers.
If successful, this function returns a reference to the appropriate
provider side data for the key.
This can be used by any operation that wants to use this key.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9312)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/internal/man3/evp_keymgmt_export_to_provider.pod | 50 | ||||
-rw-r--r-- | doc/man3/EVP_PKEY_ASN1_METHOD.pod | 10 |
2 files changed, 60 insertions, 0 deletions
diff --git a/doc/internal/man3/evp_keymgmt_export_to_provider.pod b/doc/internal/man3/evp_keymgmt_export_to_provider.pod new file mode 100644 index 0000000000..51234bd609 --- /dev/null +++ b/doc/internal/man3/evp_keymgmt_export_to_provider.pod @@ -0,0 +1,50 @@ +=pod + +=head1 NAME + +evp_keymgmt_export_to_provider - key material exporter to providers for EVP + +=head1 SYNOPSIS + + #include "internal/evp_int.h" + + void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); + +=head1 DESCRIPTION + +evp_keymgmt_export_to_provider() exports the key material from the +given key I<pk> to a provider via a B<EVP_KEYMGMT> interface, if this +hasn't already been done. +It maintains a cache of provider key references in I<pk> to keep track +of all such exports. + +If I<pk> has an assigned legacy key, a check is done to see if any of +its key material has changed since last export, i.e. the legacy key's +is_dirty() method returns 1. +If it has, the cache of already exported keys is cleared, and a new +export is made with the new key material. + +=head1 RETURN VALUES + +evp_keymgmt_export_to_provider() returns a pointer to the newly +created provider side key, or NULL on error. + +=head1 NOTES + +"Legacy key" is the term used for any key that has been assigned to an +B<EVP_PKEY> with EVP_PKEY_assign_RSA() and similar functions. + +=head1 SEE ALSO + +L<EVP_PKEY_ASN1_METHOD(3)>, L<EVP_PKEY_assign_RSA(3)> + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index 1d89c38f29..ed44749cc2 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -361,6 +361,16 @@ public key data for an EVP_PKEY. They MUST return 0 on error, or 1 on success. They are called by L<EVP_PKEY_new_raw_private_key(3)>, and L<EVP_PKEY_new_raw_public_key(3)> respectively. + size_t (*dirty) (const EVP_PKEY *pk); + void *(*export_to) (const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); + +dirty_cnt() returns the internal key's dirty count. +This can be used to synchronise different copies of the same keys. + +The export_to() method exports the key material from the given key to +a provider, through the L<EVP_KEYMGMT(3)> interface, if that provider +supports importing key material. + =head2 Functions EVP_PKEY_asn1_new() creates and returns a new B<EVP_PKEY_ASN1_METHOD> |