diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-04-07 19:35:13 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-04-15 09:19:39 +0200 |
commit | 4a9fe33c8e12f4fefae0471c0834f8e674dc7e4e (patch) | |
tree | 479171af7347523257b843893173927cbbc6e572 /doc | |
parent | b9cd82f95bf99eab4e1b0420918e7139db091c4b (diff) | |
download | openssl-4a9fe33c8e12f4fefae0471c0834f8e674dc7e4e.tar.gz |
Implement provider-side keymgmt_dup function
To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function
to the provider API and implement it for all asym-key key
managements.
Use it when copying everything to an empty EVP_PKEY
which is the case with EVP_PKEY_dup().
Fixes #14658
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man7/provider-keymgmt.pod | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index 9a11b316c2..2937d915b9 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -55,6 +55,9 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions /* Key object copy */ int OSSL_FUNC_keymgmt_copy(void *keydata_to, const void *keydata_from, int selection); + /* Key object duplication, a constructor */ + void *OSSL_FUNC_keymgmt_dup(const void *keydata_from); + /* Key object validation */ int OSSL_FUNC_keymgmt_validate(const void *keydata, int selection, int checktype); @@ -119,6 +122,7 @@ macros in L<openssl-core_dispatch.h(7)>, as follows: OSSL_FUNC_keymgmt_export_types OSSL_FUNC_KEYMGMT_EXPORT_TYPES OSSL_FUNC_keymgmt_copy OSSL_FUNC_KEYMGMT_COPY + OSSL_FUNC_keymgmt_dup OSSL_FUNC_KEYMGMT_DUP =head2 Key Objects @@ -342,6 +346,9 @@ from I<keydata_from> to I<keydata_to>. It is assumed that the caller has ensured that I<keydata_to> and I<keydata_from> are both owned by the implementation of this function. +OSSL_FUNC_keymgmt_dup() should duplicate the key data I<keydata_from> and +create a new provider side key object with the data. + =head2 Common Information Parameters See L<OSSL_PARAM(3)> for further details on the parameters structure. @@ -379,8 +386,8 @@ Bits of security is defined in SP800-57. =head1 RETURN VALUES -OSSL_FUNC_keymgmt_new() should return a valid reference to the newly created provider -side key object, or NULL on failure. +OSSL_FUNC_keymgmt_new() and OSSL_FUNC_keymgmt_dup() should return a valid +reference to the newly created provider side key object, or NULL on failure. OSSL_FUNC_keymgmt_import(), OSSL_FUNC_keymgmt_export(), OSSL_FUNC_keymgmt_get_params() and OSSL_FUNC_keymgmt_set_params() should return 1 for success or 0 on error. |