diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-07-05 00:31:42 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-07-22 06:17:38 +0200 |
| commit | a94a3e0d91378b5c478f687a0dbc51914d4ed497 (patch) | |
| tree | a649885fc1d6560a2928c610d9adaaf4ec6dbfcc /util | |
| parent | 7312ef3fc4a7d391272f3ba8075eabf81a229ad2 (diff) | |
Add basic EVP_KEYMGMT API and libcrypto <-> provider interface
The idea with the key management "operation" is to support the
following set of functionality:
- Key domain parameter generation
- Key domain parameter import
- Key domain parameter export
- Key generation
- Key import
- Key export
- Key loading (HSM / hidden key support)
With that set of function, we can support handling domain parameters
on one provider, key handling on another, and key usage on a third,
with transparent export / import of applicable data. Of course, if a
provider doesn't offer export / import functionality, then all
operations surrounding a key must be performed with the same
provider.
This method also avoids having to do anything special with legacy
assignment of libcrypto key structures, i.e. EVP_PKEY_assign_RSA().
They will simply be used as keys to be exported from whenever they are
used with provider based operations.
This change only adds the EVP_KEYMGMT API and the libcrypto <->
provider interface. Further changes will integrate them into existing
libcrypto functionality.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9312)
Diffstat (limited to 'util')
| -rw-r--r-- | util/libcrypto.num | 4 | ||||
| -rw-r--r-- | util/private.num | 1 |
2 files changed, 5 insertions, 0 deletions
diff --git a/util/libcrypto.num b/util/libcrypto.num index 648aed9d85..1992504c91 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4685,3 +4685,7 @@ EVP_KEYEXCH_up_ref 4790 3_0_0 EXIST::FUNCTION: EVP_KEYEXCH_fetch 4791 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_dh_pad 4792 3_0_0 EXIST::FUNCTION:DH EVP_PKEY_CTX_set_params 4793 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_fetch 4794 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_up_ref 4795 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_free 4796 3_0_0 EXIST::FUNCTION: +EVP_KEYMGMT_provider 4797 3_0_0 EXIST::FUNCTION: diff --git a/util/private.num b/util/private.num index f63319dd96..3307e3e239 100644 --- a/util/private.num +++ b/util/private.num @@ -24,6 +24,7 @@ CRYPTO_EX_new datatype DTLS_timer_cb datatype EVP_KDF datatype EVP_KDF_CTX datatype +EVP_KEYMGMT datatype EVP_MAC datatype EVP_MAC_CTX datatype EVP_PKEY_gen_cb datatype |