diff options
| author | Ingo Franzki <ifranzki@linux.ibm.com> | 2023-02-08 17:26:20 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2023-02-24 09:53:07 +0000 |
| commit | 5e3b84505e44377b183e7529dab7585674b83936 (patch) | |
| tree | cad04fa7b51ef890a101b905b56789ff1ffa3b59 /crypto | |
| parent | 65def9de8088ae39d8f251e0b57f1a0f204daa14 (diff) | |
| download | openssl-new-5e3b84505e44377b183e7529dab7585674b83936.tar.gz | |
Add OSSL_FUNC_keymgmt_im/export_types function that gets the provider context
The provider functions OSSL_FUNC_keymgmt_import_types() and
OSSL_FUNC_keymgmt_export_types() do not get the provider context passed.
This makes it difficult for providers to implement these functions unless
its a static implementation returning a truly constant OSSL_PARAM array.
Some providers may have a need to return an OSSL_PARAM array that is
dependent on the provider configuration, or anything else that is contained
in its provider context.
Add extended variants of these functions that get the provider context passed.
The functions should still return a static and constant OSSL_PARAM array, but
may use the provider context to select the array to return dependent on its
context. The returned array must be constant at least until the provider is
unloaded.
Providers can implement only the original functions, or only the extended
functions, or both. Implementing at least one of those functions is required
if also the respective OSSL_FUNC_keymgmt_import() or OSSL_FUNC_keymgmt_export()
function is implemented. If an extended function is available, it is called by
evp_keymgmt_import_types() or evp_keymgmt_export_types(), otherwise the original
function is called.
This makes the code backward compatible. Existing providers will only implement
the original functions, so these functions will continued to be called.
Newer providers can choose to implement the extended functions, and thus can
benefit from the provider context being passed to the implementation.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20255)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/evp/evp_local.h | 2 | ||||
| -rw-r--r-- | crypto/evp/keymgmt_meth.c | 33 |
2 files changed, 33 insertions, 2 deletions
diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 8c26e8fd6d..759045e5a0 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -128,8 +128,10 @@ struct evp_keymgmt_st { /* Import and export routines */ OSSL_FUNC_keymgmt_import_fn *import; OSSL_FUNC_keymgmt_import_types_fn *import_types; + OSSL_FUNC_keymgmt_import_types_ex_fn *import_types_ex; OSSL_FUNC_keymgmt_export_fn *export; OSSL_FUNC_keymgmt_export_types_fn *export_types; + OSSL_FUNC_keymgmt_export_types_ex_fn *export_types_ex; OSSL_FUNC_keymgmt_dup_fn *dup; } /* EVP_KEYMGMT */ ; diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 7ddc69f587..796152e388 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -43,6 +43,7 @@ static void *keymgmt_from_algorithm(int name_id, int setparamfncnt = 0, getparamfncnt = 0; int setgenparamfncnt = 0; int importfncnt = 0, exportfncnt = 0; + int importtypesfncnt = 0, exporttypesfncnt = 0; if ((keymgmt = keymgmt_new()) == NULL) return NULL; @@ -154,10 +155,20 @@ static void *keymgmt_from_algorithm(int name_id, break; case OSSL_FUNC_KEYMGMT_IMPORT_TYPES: if (keymgmt->import_types == NULL) { - importfncnt++; + if (importtypesfncnt == 0) + importfncnt++; + importtypesfncnt++; keymgmt->import_types = OSSL_FUNC_keymgmt_import_types(fns); } break; + case OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX: + if (keymgmt->import_types_ex == NULL) { + if (importtypesfncnt == 0) + importfncnt++; + importtypesfncnt++; + keymgmt->import_types_ex = OSSL_FUNC_keymgmt_import_types_ex(fns); + } + break; case OSSL_FUNC_KEYMGMT_EXPORT: if (keymgmt->export == NULL) { exportfncnt++; @@ -166,10 +177,20 @@ static void *keymgmt_from_algorithm(int name_id, break; case OSSL_FUNC_KEYMGMT_EXPORT_TYPES: if (keymgmt->export_types == NULL) { - exportfncnt++; + if (exporttypesfncnt == 0) + exportfncnt++; + exporttypesfncnt++; keymgmt->export_types = OSSL_FUNC_keymgmt_export_types(fns); } break; + case OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX: + if (keymgmt->export_types_ex == NULL) { + if (exporttypesfncnt == 0) + exportfncnt++; + exporttypesfncnt++; + keymgmt->export_types_ex = OSSL_FUNC_keymgmt_export_types_ex(fns); + } + break; } } /* @@ -456,6 +477,10 @@ int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt, int selection) { + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); + + if (keymgmt->import_types_ex != NULL) + return keymgmt->import_types_ex(provctx, selection); if (keymgmt->import_types == NULL) return NULL; return keymgmt->import_types(selection); @@ -472,6 +497,10 @@ int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata, const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt, int selection) { + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); + + if (keymgmt->export_types_ex != NULL) + return keymgmt->export_types_ex(provctx, selection); if (keymgmt->export_types == NULL) return NULL; return keymgmt->export_types(selection); |