diff options
author | Richard Levitte <levitte@openssl.org> | 2020-08-27 10:07:09 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-09-08 16:45:11 +0200 |
commit | 4ce1025a8ac37d255f569147116dd776f9267cce (patch) | |
tree | b89c84f89e808f6cfd6be703bf33e323507f5587 /doc | |
parent | Add CMS AuthEnvelopedData with AES-GCM support (diff) | |
download | openssl-4ce1025a8ac37d255f569147116dd776f9267cce.tar.xz openssl-4ce1025a8ac37d255f569147116dd776f9267cce.zip |
PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys
PEM_write_bio_PrivateKey_traditional() didn't handle provider-native
keys very well. Originally, it would simply use the corresponding
encoder, which is likely to output modern PEM (not "traditional").
PEM_write_bio_PrivateKey_traditional() is now changed to try and get a
legacy copy of the input EVP_PKEY, and use that copy for traditional
output, if it has such support.
Internally, evp_pkey_copy_downgraded() is added, to be used when
evp_pkey_downgrade() is too intrusive for what it's needed for.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12738)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/internal/man3/evp_pkey_export_to_provider.pod | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/doc/internal/man3/evp_pkey_export_to_provider.pod b/doc/internal/man3/evp_pkey_export_to_provider.pod index 1c80365ca6..b34cf86619 100644 --- a/doc/internal/man3/evp_pkey_export_to_provider.pod +++ b/doc/internal/man3/evp_pkey_export_to_provider.pod @@ -2,7 +2,7 @@ =head1 NAME -evp_pkey_export_to_provider, evp_pkey_downgrade +evp_pkey_export_to_provider, evp_pkey_copy_downgraded, evp_pkey_downgrade - internal EVP_PKEY support functions for providers =head1 SYNOPSIS @@ -13,6 +13,7 @@ evp_pkey_export_to_provider, evp_pkey_downgrade void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx, EVP_KEYMGMT **keymgmt, const char *propquery); + int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); int evp_pkey_downgrade(EVP_PKEY *pk); =head1 DESCRIPTION @@ -29,6 +30,13 @@ default context), the name of the legacy type of I<pk>, and the I<propquery> If I<keymgmt> isn't NULL but I<*keymgmt> is, and the "origin" was successfully exported, then I<*keymgmt> is assigned the implicitly fetched B<EVP_KEYMGMT>. +evp_pkey_copy_downgraded() makes a copy of I<src> in legacy form into I<*dest>, +if there's a corresponding legacy implementation. This should be used if the +use of a downgraded key is temporary. +For example, L<PEM_write_bio_PrivateKey_traditional(3)> uses this to try its +best to get "traditional" PEM output even if the input B<EVP_PKEY> has a +provider-native internal key. + evp_pkey_downgrade() converts an B<EVP_PKEY> with a provider side "origin" key to one with a legacy "origin", if there's a corresponding legacy implementation. This clears the operation cache, except for the provider side "origin" key. |