#
14c8a3d1 |
| 22-Jul-2020 |
Richard Levitte |
CORE: Define provider-native abstract objects This is placed as CORE because the core of libcrypto is the authority for what is possible to do and what's required to make these abstract
CORE: Define provider-native abstract objects This is placed as CORE because the core of libcrypto is the authority for what is possible to do and what's required to make these abstract objects work. In essence, an abstract object is an OSSL_PARAM array with well defined parameter keys and values: - an object type, which is a number indicating what kind of libcrypto structure the object in question can be used with. The currently possible numbers are defined in <openssl/core_object.h>. - an object data type, which is a string that indicates more closely what the contents of the object are. - the object data, an octet string. The exact encoding used depends on the context in which it's used. For example, the decoder sub-system accepts any encoding, as long as there is a decoder implementation that takes that as input. If central code is to handle the data directly, DER encoding is assumed. (*) - an object reference, also an octet string. This octet string is not the object contents, just a mere reference to a provider-native object. (**) - an object description, which is a human readable text string that can be displayed if some software desires to do so. The intent is that certain provider-native operations (called X here) are able to return any sort of object that belong with other operations, or an object that has no provider support otherwise. (*) A future extension might be to be able to specify encoding. (**) The possible mechanisms for dealing with object references are: - An object loading function in the target operation. The exact target operation is determined by the object type (for example, OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT) and the implementation to be fetched by its object data type (for an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched). This loading function is only useful for this if the implementations that are involved (X and KEYMGMT, for example) are from the same provider. - An object exporter function in the operation X implementation. That exporter function can be used to export the object data in OSSL_PARAM form that can be imported by a target operation's import function. This can be used when it's not possible to fetch the target operation implementation from the same provider. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12512)
show more ...
|