openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity
28,174 Commits 26 Branches 374 Tags 509 MiB
Commit Graph

5 Commits

Author SHA1 Message Date
Matt Caswell a28d06f3e9 Update copyright year 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
 2021-02-18 15:05:17 +00:00
Matt Caswell 9dc9c7f2d7 Document the newly added function EVP_PKEY_param_check_quick() 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
 2021-02-15 14:25:37 +10:00
Richard Levitte 68e9125182 DOCS: Improve documentation of the EVP_PKEY type 
This type was previously described in a note, which is hard to find
unless you already know where to look.

This change makes the description more prominent, and allows indexing
by adding it in the NAMES section.

The EVP_PKEY description is altered to conceptually allow an EVP_PKEY
to contain a private key without a corresponding public key.  This is
related to an OTC vote:

https://mta.openssl.org/pipermail/openssl-project/2020-December/002474.html

The description of EVP_PKEY for MAC purposes is amended to fit.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13629)
 2020-12-13 00:24:39 +01:00
Richard Levitte b305452f69 Redesign the KEYMGMT libcrypto <-> provider interface - the basics 
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:

1.  provider side domain parameters and key data isn't mutable. In
    other words, as soon as a key has been created in any (loaded,
    imported data, ...), it's set in stone.
2.  provider side domain parameters can be strictly separated from the
    key data.

This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:

- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key

To remedy all this, we:

1.  let go of the distinction between domain parameters and key
    material proper in the libcrypto <-> provider interface.

    As a consequence, functions that still need it gain a selection
    argument, which is a set of bits that indicate what parts of the
    key object are to be considered in a specific call.  This allows
    a reduction of very similar functions into one.

2.  Rework the libcrypto <-> provider interface so provider side key
    objects are created and destructed with a separate function, and
    get their data filled and extracted in through import and export.

(future work will see other key object constructors and other
functions to fill them with data)

Fixes #10979

squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics

Remedy 1 needs a rewrite:

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
 2020-02-07 09:37:56 +01:00
Shane Lontis 12603de634 Add RSA key validation to default provider 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10780)
 2020-01-29 20:32:32 +10:00