openssl/doc/man3/OSSL_SERIALIZER.pod

=pod

=head1 NAME

OSSL_SERIALIZER,
OSSL_SERIALIZER_fetch,
OSSL_SERIALIZER_up_ref,
OSSL_SERIALIZER_free,
OSSL_SERIALIZER_provider,
OSSL_SERIALIZER_properties,
OSSL_SERIALIZER_is_a,
OSSL_SERIALIZER_number,
OSSL_SERIALIZER_do_all_provided,
OSSL_SERIALIZER_names_do_all
- Serializer method routines

=head1 SYNOPSIS

 #include <openssl/serializer.h>

 typedef struct ossl_serializer_st OSSL_SERIALIZER;

 OSSL_SERIALIZER *OSSL_SERIALIZER_fetch(OPENSSL_CTX *ctx, const char *name,
                                        const char *properties);
 int OSSL_SERIALIZER_up_ref(OSSL_SERIALIZER *serializer);
 void OSSL_SERIALIZER_free(OSSL_SERIALIZER *serializer);
 const OSSL_PROVIDER *OSSL_SERIALIZER_provider(const OSSL_SERIALIZER
                                               *serializer);
 const char *OSSL_SERIALIZER_properties(const OSSL_SERIALIZER *ser);
 int OSSL_SERIALIZER_is_a(const OSSL_SERIALIZER *serializer,
                          const char *name);
 int OSSL_SERIALIZER_number(const OSSL_SERIALIZER *serializer);
 void OSSL_SERIALIZER_do_all_provided(OPENSSL_CTX *libctx,
                                      void (*fn)(OSSL_SERIALIZER *serializer,
                                                 void *arg),
                                      void *arg);
 void OSSL_SERIALIZER_names_do_all(const OSSL_SERIALIZER *serializer,
                                   void (*fn)(const char *name, void *data),
                                   void *data);

=head1 DESCRIPTION

=for comment Future development should also talk about deserialization

B<OSSL_SERIALIZER> is a method for serializers, which know how to
serialize an object of some kind to a serialized form, such as PEM,
DER, or even human readable text.

OSSL_SERIALIZER_fetch() looks for an algorithm within the provider that
has been loaded into the B<OPENSSL_CTX> given by I<ctx>, having the
name given by I<name> and the properties given by I<properties>.
The I<name> determines what type of object the fetched serializer
method is expected to be able to serialize, and the properties are
used to determine the expected output type.
For known properties and the values they may have, please have a look
in L<provider-serializer(7)/Names and properties>.

OSSL_SERIALIZER_up_ref() increments the reference count for the given
I<serializer>.

OSSL_SERIALIZER_free() decrements the reference count for the given
I<serializer>, and when the count reaches zero, frees it.

OSSL_SERIALIZER_provider() returns the provider of the given
I<serializer>.

OSSL_SERIALIZER_provider() returns the property definition associated
with the given I<serializer>.

OSSL_SERIALIZER_is_a() checks if I<serializer> is an implementation of an
algorithm that's identifiable with I<name>.

OSSL_SERIALIZER_number() returns the internal dynamic number assigned to
the given I<serializer>.

OSSL_SERIALIZER_names_do_all() traverses all names for the given
I<serializer>, and calls I<fn> with each name and I<data>.

OSSL_SERIALIZER_do_all_provided() traverses all serializer
implementations by all activated providers in the library context
I<libctx>, and for each of the implementations, calls I<fn> with the
implementation method and I<data> as arguments.

=head1 NOTES

OSSL_SERIALIZER_fetch() may be called implicitly by other fetching
functions, using the same library context and properties.
Any other API that uses keys will typically do this.

=head1 RETURN VALUES

OSSL_SERIALIZER_fetch() returns a pointer to the key management
implementation represented by an OSSL_SERIALIZER object, or NULL on
error.

OSSL_SERIALIZER_up_ref() returns 1 on success, or 0 on error.

OSSL_SERIALIZER_free() doesn't return any value.

OSSL_SERIALIZER_provider() returns a pointer to a provider object, or
NULL on error.

OSSL_SERIALIZER_properties() returns a pointer to a property
definition string, or NULL on error.

OSSL_SERIALIZER_is_a() returns 1 of I<serializer> was identifiable,
otherwise 0.

OSSL_SERIALIZER_number() returns an integer.

=head1 SEE ALSO

L<provider(7)>, L<OSSL_SERIALIZER_CTX(3)>, L<OSSL_SERIALIZER_to_bio(3)>,
L<OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(3)>, L<OPENSSL_CTX(3)>

=head1 HISTORY

The functions described here were added in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
SERIALIZER: New API for serialization of objects through providers Serialization is needed to be able to take a provider object (such as the provider side key data) and output it in PEM form, DER form, text form (for display), and possibly other future forms (XML? JSON? JWK?) The idea is that a serializer should be able to handle objects it has intimate knowledge of, as well as object data in OSSL_PARAM form. The latter will allow libcrypto to serialize some object with a different provider than the one holding the data, if exporting of that data is allowed and there is a serializer that can handle it. We will provide serializers for the types of objects we know about, which should be useful together with any other provider that provides implementations of the same type of object. Serializers are selected by method name and a couple of additional properties: - format used to tell what format the output should be in. Possibilities could include "format=text", "format=pem", "format=der", "format=pem-pkcs1" (traditional), "format=der-pkcs1" (traditional) - type used to tell exactly what type of data should be output, for example "type=public" (the public part of a key), "type=private" (the private part of a key), "type=domainparams" (domain parameters). This also adds a passphrase callback function type, OSSL_PASSPHRASE_CALLBACK, which is a bit like OSSL_CALLBACK, but it takes a few extra arguments to place the result in. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394) 2019-11-18 08:29:06 +08:00			`=pod`

			`=head1 NAME`

			`OSSL_SERIALIZER,`
			`OSSL_SERIALIZER_fetch,`
			`OSSL_SERIALIZER_up_ref,`
			`OSSL_SERIALIZER_free,`
			`OSSL_SERIALIZER_provider,`
			`OSSL_SERIALIZER_properties,`
			`OSSL_SERIALIZER_is_a,`
			`OSSL_SERIALIZER_number,`
			`OSSL_SERIALIZER_do_all_provided,`
			`OSSL_SERIALIZER_names_do_all`
			`- Serializer method routines`

			`=head1 SYNOPSIS`

			`#include <openssl/serializer.h>`

			`typedef struct ossl_serializer_st OSSL_SERIALIZER;`

			`OSSL_SERIALIZER OSSL_SERIALIZER_fetch(OPENSSL_CTX ctx, const char *name,`
			`const char *properties);`
			`int OSSL_SERIALIZER_up_ref(OSSL_SERIALIZER *serializer);`
			`void OSSL_SERIALIZER_free(OSSL_SERIALIZER *serializer);`
			`const OSSL_PROVIDER *OSSL_SERIALIZER_provider(const OSSL_SERIALIZER`
			`*serializer);`
			`const char OSSL_SERIALIZER_properties(const OSSL_SERIALIZER ser);`
			`int OSSL_SERIALIZER_is_a(const OSSL_SERIALIZER *serializer,`
			`const char *name);`
			`int OSSL_SERIALIZER_number(const OSSL_SERIALIZER *serializer);`
			`void OSSL_SERIALIZER_do_all_provided(OPENSSL_CTX *libctx,`
			`void (fn)(OSSL_SERIALIZER serializer,`
			`void *arg),`
			`void *arg);`
			`void OSSL_SERIALIZER_names_do_all(const OSSL_SERIALIZER *serializer,`
			`void (fn)(const char name, void *data),`
			`void *data);`

			`=head1 DESCRIPTION`

			`=for comment Future development should also talk about deserialization`

			`B<OSSL_SERIALIZER> is a method for serializers, which know how to`
			`serialize an object of some kind to a serialized form, such as PEM,`
			`DER, or even human readable text.`

			`OSSL_SERIALIZER_fetch() looks for an algorithm within the provider that`
			`has been loaded into the B<OPENSSL_CTX> given by I<ctx>, having the`
			`name given by I<name> and the properties given by I<properties>.`
			`The I<name> determines what type of object the fetched serializer`
			`method is expected to be able to serialize, and the properties are`
			`used to determine the expected output type.`
			`For known properties and the values they may have, please have a look`
			`in L<provider-serializer(7)/Names and properties>.`

			`OSSL_SERIALIZER_up_ref() increments the reference count for the given`
			`I<serializer>.`

			`OSSL_SERIALIZER_free() decrements the reference count for the given`
			`I<serializer>, and when the count reaches zero, frees it.`

			`OSSL_SERIALIZER_provider() returns the provider of the given`
			`I<serializer>.`

			`OSSL_SERIALIZER_provider() returns the property definition associated`
			`with the given I<serializer>.`

			`OSSL_SERIALIZER_is_a() checks if I<serializer> is an implementation of an`
			`algorithm that's identifiable with I<name>.`

			`OSSL_SERIALIZER_number() returns the internal dynamic number assigned to`
			`the given I<serializer>.`

			`OSSL_SERIALIZER_names_do_all() traverses all names for the given`
			`I<serializer>, and calls I<fn> with each name and I<data>.`

			`OSSL_SERIALIZER_do_all_provided() traverses all serializer`
			`implementations by all activated providers in the library context`
			`I<libctx>, and for each of the implementations, calls I<fn> with the`
			`implementation method and I<data> as arguments.`

			`=head1 NOTES`

			`OSSL_SERIALIZER_fetch() may be called implicitly by other fetching`
			`functions, using the same library context and properties.`
			`Any other API that uses keys will typically do this.`

			`=head1 RETURN VALUES`

			`OSSL_SERIALIZER_fetch() returns a pointer to the key management`
			`implementation represented by an OSSL_SERIALIZER object, or NULL on`
			`error.`

			`OSSL_SERIALIZER_up_ref() returns 1 on success, or 0 on error.`

			`OSSL_SERIALIZER_free() doesn't return any value.`

			`OSSL_SERIALIZER_provider() returns a pointer to a provider object, or`
			`NULL on error.`

			`OSSL_SERIALIZER_properties() returns a pointer to a property`
			`definition string, or NULL on error.`

			`OSSL_SERIALIZER_is_a() returns 1 of I<serializer> was identifiable,`
			`otherwise 0.`

			`OSSL_SERIALIZER_number() returns an integer.`

			`=head1 SEE ALSO`

SERIALIZER: add functions for serialization to file These functions are added: - OSSL_SERIALIZER_to_bio() - OSSL_SERIALIZER_to_fp() (unless 'no-stdio') OSSL_SERIALIZER_to_bio() and OSSL_SERIALIZER_to_fp() work as wrapper functions, and call an internal "do_output" function with the given serializer context and a BIO to output the serialized result to. The internal "do_output" function must have intimate knowledge of the object being output. This will defined independently with context creators for specific OpenSSL types. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394) 2019-11-18 08:32:22 +08:00			`L<provider(7)>, L<OSSL_SERIALIZER_CTX(3)>, L<OSSL_SERIALIZER_to_bio(3)>,`
SERIALIZER: add support for serializing EVP_PKEYs The following public functions is added: - OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() - OSSL_SERIALIZER_CTX_set_cipher() - OSSL_SERIALIZER_CTX_set_passphrase() - OSSL_SERIALIZER_CTX_set_passphrase_cb() - OSSL_SERIALIZER_CTX_set_passphrase_ui() OSSL_SERIALIZER_CTX_new_by_EVP_PKEY() selects a suitable serializer for the given EVP_PKEY, and sets up the OSSL_SERIALIZER_CTX to function together with OSSL_SERIALIZER_to_bio() and OSSL_SERIALIZER_to_fp(). OSSL_SERIALIZER_CTX_set_cipher() indicates what cipher should be used to produce an encrypted serialization of the EVP_PKEY. This is passed directly to the provider using OSSL_SERIALIZER_CTX_set_params(). OSSL_SERIALIZER_CTX_set_passphrase() can be used to set a pass phrase to be used for the encryption. This is passed directly to the provider using OSSL_SERIALIZER_CTX_set_params(). OSSL_SERIALIZER_CTX_set_passphrase_cb() and OSSL_SERIALIZER_CTX_set_passphrase_ui() sets up a callback to be used to prompt for a passphrase. This is stored in the context, and is called via an internal intermediary at the time of serialization. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394) 2019-11-18 08:34:26 +08:00			`L<OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(3)>, L<OPENSSL_CTX(3)>`
SERIALIZER: New API for serialization of objects through providers Serialization is needed to be able to take a provider object (such as the provider side key data) and output it in PEM form, DER form, text form (for display), and possibly other future forms (XML? JSON? JWK?) The idea is that a serializer should be able to handle objects it has intimate knowledge of, as well as object data in OSSL_PARAM form. The latter will allow libcrypto to serialize some object with a different provider than the one holding the data, if exporting of that data is allowed and there is a serializer that can handle it. We will provide serializers for the types of objects we know about, which should be useful together with any other provider that provides implementations of the same type of object. Serializers are selected by method name and a couple of additional properties: - format used to tell what format the output should be in. Possibilities could include "format=text", "format=pem", "format=der", "format=pem-pkcs1" (traditional), "format=der-pkcs1" (traditional) - type used to tell exactly what type of data should be output, for example "type=public" (the public part of a key), "type=private" (the private part of a key), "type=domainparams" (domain parameters). This also adds a passphrase callback function type, OSSL_PASSPHRASE_CALLBACK, which is a bit like OSSL_CALLBACK, but it takes a few extra arguments to place the result in. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394) 2019-11-18 08:29:06 +08:00
			`=head1 HISTORY`

			`The functions described here were added in OpenSSL 3.0.`

			`=head1 COPYRIGHT`

			`Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.`

			`Licensed under the Apache License 2.0 (the "License"). You may not use`
			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`