summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2020-08-27 10:07:09 +0200
committerRichard Levitte <levitte@openssl.org>2020-09-08 16:45:11 +0200
commit4ce1025a8ac37d255f569147116dd776f9267cce (patch)
treeb89c84f89e808f6cfd6be703bf33e323507f5587 /doc
parentAdd CMS AuthEnvelopedData with AES-GCM support (diff)
downloadopenssl-4ce1025a8ac37d255f569147116dd776f9267cce.tar.xz
openssl-4ce1025a8ac37d255f569147116dd776f9267cce.zip
PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys
PEM_write_bio_PrivateKey_traditional() didn't handle provider-native keys very well. Originally, it would simply use the corresponding encoder, which is likely to output modern PEM (not "traditional"). PEM_write_bio_PrivateKey_traditional() is now changed to try and get a legacy copy of the input EVP_PKEY, and use that copy for traditional output, if it has such support. Internally, evp_pkey_copy_downgraded() is added, to be used when evp_pkey_downgrade() is too intrusive for what it's needed for. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12738)
Diffstat (limited to 'doc')
-rw-r--r--doc/internal/man3/evp_pkey_export_to_provider.pod10
1 files changed, 9 insertions, 1 deletions
diff --git a/doc/internal/man3/evp_pkey_export_to_provider.pod b/doc/internal/man3/evp_pkey_export_to_provider.pod
index 1c80365ca6..b34cf86619 100644
--- a/doc/internal/man3/evp_pkey_export_to_provider.pod
+++ b/doc/internal/man3/evp_pkey_export_to_provider.pod
@@ -2,7 +2,7 @@
=head1 NAME
-evp_pkey_export_to_provider, evp_pkey_downgrade
+evp_pkey_export_to_provider, evp_pkey_copy_downgraded, evp_pkey_downgrade
- internal EVP_PKEY support functions for providers
=head1 SYNOPSIS
@@ -13,6 +13,7 @@ evp_pkey_export_to_provider, evp_pkey_downgrade
void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx,
EVP_KEYMGMT **keymgmt,
const char *propquery);
+ int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src);
int evp_pkey_downgrade(EVP_PKEY *pk);
=head1 DESCRIPTION
@@ -29,6 +30,13 @@ default context), the name of the legacy type of I<pk>, and the I<propquery>
If I<keymgmt> isn't NULL but I<*keymgmt> is, and the "origin" was successfully
exported, then I<*keymgmt> is assigned the implicitly fetched B<EVP_KEYMGMT>.
+evp_pkey_copy_downgraded() makes a copy of I<src> in legacy form into I<*dest>,
+if there's a corresponding legacy implementation. This should be used if the
+use of a downgraded key is temporary.
+For example, L<PEM_write_bio_PrivateKey_traditional(3)> uses this to try its
+best to get "traditional" PEM output even if the input B<EVP_PKEY> has a
+provider-native internal key.
+
evp_pkey_downgrade() converts an B<EVP_PKEY> with a provider side "origin" key
to one with a legacy "origin", if there's a corresponding legacy implementation.
This clears the operation cache, except for the provider side "origin" key.