git.ipfire.org Git - thirdparty/openssl.git/commit

author	Richard Levitte <levitte@openssl.org>
	Thu, 25 Jul 2024 09:56:13 +0000 (11:56 +0200)
committer	Richard Levitte <levitte@openssl.org>
	Tue, 27 Aug 2024 11:56:20 +0000 (13:56 +0200)
commit	0941666728c44d701496004ebd5bf96ac7b715fb
tree	064081f4505c9ab07c3a6a1ac334ab7d5eec7658	tree
parent	c07a34e18b098b77ce7ecb14273b7c75f59b5871	commit \| diff

Amend the design of AlgorithmIdentifier parameter passing

I realised that any application that passes AlgorithmIdentifier parameters
to and from a provider may also be interested in the full AlgorithmIdentifier
of the implementation invocation.

Likewise, any application that wants to get the full AlgorithmIdentifier
from an implementation invocation may also want to pass AlgorithmIdentifier
parameters to that same implementation invocation.

These amendments should be useful to cover all intended uses of the legacy
ctrls for PKCS7 and CMS:

- EVP_PKEY_CTRL_PKCS7_ENCRYPT
- EVP_PKEY_CTRL_PKCS7_DECRYPT
- EVP_PKEY_CTRL_PKCS7_SIGN
- EVP_PKEY_CTRL_CMS_ENCRYPT
- EVP_PKEY_CTRL_CMS_DECRYPT
- EVP_PKEY_CTRL_CMS_SIGN

It should also cover a number of other cases that were previously implemented
through EVP_PKEY_ASN1_METHOD, as well as all sorts of other cases where the
application has had to assemble a X509_ALGOR on their own.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25000)

doc/designs/passing-algorithmidentifier-parameters.md		diff \| blob \| blame \| history
doc/man3/EVP_EncryptInit.pod		diff \| blob \| blame \| history
util/perl/OpenSSL/paramnames.pm		diff \| blob \| blame \| history