diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-07-22 15:34:25 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-08-24 10:02:25 +0200 |
| commit | 14c8a3d118e3ec5d0179d45c7f227d29a52f7697 (patch) | |
| tree | 695041784cf6e9493ae291ec252442b4d576829a /providers | |
| parent | bc8c3e1cd8691e6c8e6fe208377ee0d0e408af73 (diff) | |
CORE: Define provider-native abstract objects
This is placed as CORE because the core of libcrypto is the authority
for what is possible to do and what's required to make these abstract
objects work.
In essence, an abstract object is an OSSL_PARAM array with well
defined parameter keys and values:
- an object type, which is a number indicating what kind of
libcrypto structure the object in question can be used with. The
currently possible numbers are defined in <openssl/core_object.h>.
- an object data type, which is a string that indicates more closely
what the contents of the object are.
- the object data, an octet string. The exact encoding used depends
on the context in which it's used. For example, the decoder
sub-system accepts any encoding, as long as there is a decoder
implementation that takes that as input. If central code is to
handle the data directly, DER encoding is assumed. (*)
- an object reference, also an octet string. This octet string is
not the object contents, just a mere reference to a provider-native
object. (**)
- an object description, which is a human readable text string that
can be displayed if some software desires to do so.
The intent is that certain provider-native operations (called X
here) are able to return any sort of object that belong with other
operations, or an object that has no provider support otherwise.
(*) A future extension might be to be able to specify encoding.
(**) The possible mechanisms for dealing with object references are:
- An object loading function in the target operation. The exact
target operation is determined by the object type (for example,
OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT)
and the implementation to be fetched by its object data type (for
an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched).
This loading function is only useful for this if the implementations
that are involved (X and KEYMGMT, for example) are from the same
provider.
- An object exporter function in the operation X implementation.
That exporter function can be used to export the object data in
OSSL_PARAM form that can be imported by a target operation's
import function. This can be used when it's not possible to fetch
the target operation implementation from the same provider.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
Diffstat (limited to 'providers')
3 files changed, 20 insertions, 12 deletions
diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c index 6af1c0927d..b8b268217d 100644 --- a/providers/implementations/encode_decode/decode_der2key.c +++ b/providers/implementations/encode_decode/decode_der2key.c @@ -15,6 +15,7 @@ #include <openssl/core_dispatch.h> #include <openssl/core_names.h> +#include <openssl/core_object.h> #include <openssl/crypto.h> #include <openssl/params.h> #include <openssl/x509.h> @@ -157,16 +158,19 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, OPENSSL_free(der); if (key != NULL) { - OSSL_PARAM params[3]; + OSSL_PARAM params[4]; + int object_type = OSSL_OBJECT_PKEY; params[0] = - OSSL_PARAM_construct_utf8_string(OSSL_DECODER_PARAM_DATA_TYPE, + OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); + params[1] = + OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, (char *)ctx->desc->name, 0); /* The address of the key becomes the octet string */ - params[1] = - OSSL_PARAM_construct_octet_string(OSSL_DECODER_PARAM_REFERENCE, + params[2] = + OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, &key, sizeof(key)); - params[2] = OSSL_PARAM_construct_end(); + params[3] = OSSL_PARAM_construct_end(); ok = data_cb(params, data_cbarg); } diff --git a/providers/implementations/encode_decode/decode_ms2key.c b/providers/implementations/encode_decode/decode_ms2key.c index 453e8188b3..d8aa813ced 100644 --- a/providers/implementations/encode_decode/decode_ms2key.c +++ b/providers/implementations/encode_decode/decode_ms2key.c @@ -15,6 +15,7 @@ #include <openssl/core_dispatch.h> #include <openssl/core_names.h> +#include <openssl/core_object.h> #include <openssl/crypto.h> #include <openssl/params.h> #include <openssl/x509.h> @@ -131,16 +132,19 @@ static int ms2key_post(struct ms2key_ctx_st *ctx, EVP_PKEY *pkey, } if (key != NULL) { - OSSL_PARAM params[3]; + OSSL_PARAM params[4]; + int object_type = OSSL_OBJECT_PKEY; params[0] = - OSSL_PARAM_construct_utf8_string(OSSL_DECODER_PARAM_DATA_TYPE, + OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); + params[1] = + OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, (char *)ctx->desc->name, 0); /* The address of the key becomes the octet string */ - params[1] = - OSSL_PARAM_construct_octet_string(OSSL_DECODER_PARAM_REFERENCE, + params[2] = + OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, &key, sizeof(key)); - params[2] = OSSL_PARAM_construct_end(); + params[3] = OSSL_PARAM_construct_end(); ok = data_cb(params, data_cbarg); } diff --git a/providers/implementations/encode_decode/decode_pem2der.c b/providers/implementations/encode_decode/decode_pem2der.c index 7ba1cbe3d3..cbee397982 100644 --- a/providers/implementations/encode_decode/decode_pem2der.c +++ b/providers/implementations/encode_decode/decode_pem2der.c @@ -130,10 +130,10 @@ static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, OSSL_PARAM params[3]; params[0] = - OSSL_PARAM_construct_utf8_string(OSSL_DECODER_PARAM_DATA_TYPE, + OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, pem_name, 0); params[1] = - OSSL_PARAM_construct_octet_string(OSSL_DECODER_PARAM_DATA, + OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, der, der_len); params[2] = OSSL_PARAM_construct_end(); |