diff options
author | slontis <shane.lontis@oracle.com> | 2024-07-24 16:20:14 +1000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-08-06 11:01:13 +0200 |
commit | d9346c59f4bf91d5bfab23813f6f9d752b67397b (patch) | |
tree | 428240bf53a0e76848631e800c42a611f1e52dde /crypto | |
parent | 7f8ff7ab140549a768a531d15189e54d56e52822 (diff) |
Add KeyManagement keygen parameter getter/gettable functions.
Added OSSL_FUNC_keymgmt_gen_get_params() and
OSSL_FUNC_keymgmt_gen_gettable_params()
This will allow a FIPS indicator parameter to be queried after keygen.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24978)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/evp_local.h | 2 | ||||
-rw-r--r-- | crypto/evp/keymgmt_meth.c | 33 | ||||
-rw-r--r-- | crypto/evp/pmeth_lib.c | 13 |
3 files changed, 48 insertions, 0 deletions
diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 8c1ff35cf3..46650f1c59 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -113,6 +113,8 @@ struct evp_keymgmt_st { /* Generation, a complex constructor */ OSSL_FUNC_keymgmt_gen_init_fn *gen_init; OSSL_FUNC_keymgmt_gen_set_template_fn *gen_set_template; + OSSL_FUNC_keymgmt_gen_get_params_fn *gen_get_params; + OSSL_FUNC_keymgmt_gen_gettable_params_fn *gen_gettable_params; OSSL_FUNC_keymgmt_gen_set_params_fn *gen_set_params; OSSL_FUNC_keymgmt_gen_settable_params_fn *gen_settable_params; OSSL_FUNC_keymgmt_gen_fn *gen; diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index e3bec60abc..c9c09f7dac 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -60,6 +60,7 @@ static void *keymgmt_from_algorithm(int name_id, int setgenparamfncnt = 0; int importfncnt = 0, exportfncnt = 0; int importtypesfncnt = 0, exporttypesfncnt = 0; + int getgenparamfncnt = 0; if ((keymgmt = keymgmt_new()) == NULL) return NULL; @@ -100,6 +101,20 @@ static void *keymgmt_from_algorithm(int name_id, OSSL_FUNC_keymgmt_gen_settable_params(fns); } break; + case OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS: + if (keymgmt->gen_get_params == NULL) { + getgenparamfncnt++; + keymgmt->gen_get_params = + OSSL_FUNC_keymgmt_gen_get_params(fns); + } + break; + case OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS: + if (keymgmt->gen_gettable_params == NULL) { + getgenparamfncnt++; + keymgmt->gen_gettable_params = + OSSL_FUNC_keymgmt_gen_gettable_params(fns); + } + break; case OSSL_FUNC_KEYMGMT_GEN: if (keymgmt->gen == NULL) keymgmt->gen = OSSL_FUNC_keymgmt_gen(fns); @@ -225,6 +240,7 @@ static void *keymgmt_from_algorithm(int name_id, || (getparamfncnt != 0 && getparamfncnt != 2) || (setparamfncnt != 0 && setparamfncnt != 2) || (setgenparamfncnt != 0 && setgenparamfncnt != 2) + || (getgenparamfncnt != 0 && getgenparamfncnt != 2) || (importfncnt != 0 && importfncnt != 2) || (exportfncnt != 0 && exportfncnt != 2) || (keymgmt->gen != NULL @@ -405,6 +421,23 @@ const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt) return keymgmt->gen_settable_params(NULL, provctx); } +int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt, void *genctx, + OSSL_PARAM params[]) +{ + if (keymgmt->gen_get_params == NULL) + return 0; + return keymgmt->gen_get_params(genctx, params); +} + +const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); + + if (keymgmt->gen_gettable_params == NULL) + return NULL; + return keymgmt->gen_gettable_params(NULL, provctx); +} + void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, OSSL_CALLBACK *cb, void *cbarg) { diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 71485c949c..eb8c37eaf6 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -732,6 +732,12 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) return ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx, params); + if (EVP_PKEY_CTX_IS_GEN_OP(ctx) + && ctx->keymgmt != NULL + && ctx->keymgmt->gen_get_params != NULL) + return + evp_keymgmt_gen_get_params(ctx->keymgmt, ctx->op.keymgmt.genctx, + params); break; #ifndef FIPS_MODULE case EVP_PKEY_STATE_UNKNOWN: @@ -777,6 +783,13 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx) return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.algctx, provctx); } + if (EVP_PKEY_CTX_IS_GEN_OP(ctx) + && ctx->keymgmt != NULL + && ctx->keymgmt->gen_gettable_params != NULL) { + provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx->keymgmt)); + return ctx->keymgmt->gen_gettable_params(ctx->op.keymgmt.genctx, + provctx); + } return NULL; } |