Add KeyManagement keygen parameter getter/gettable functions.

Added OSSL_FUNC_keymgmt_gen_get_params() and OSSL_FUNC_keymgmt_gen_gettable_params() This will allow a FIPS indicator parameter to be queried after keygen. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24978)
author: slontis <shane.lontis@oracle.com> 2024-07-24 16:20:14 +1000
committer: Tomas Mraz <tomas@openssl.org> 2024-08-06 11:01:13 +0200
commit: d9346c59f4bf91d5bfab23813f6f9d752b67397b (patch)
tree: 428240bf53a0e76848631e800c42a611f1e52dde /crypto
parent: 7f8ff7ab140549a768a531d15189e54d56e52822 (diff)
3 files changed, 48 insertions, 0 deletions
diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h
index 8c1ff35cf3..46650f1c59 100644
--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
@@ -113,6 +113,8 @@ struct evp_keymgmt_st {
     /* Generation, a complex constructor */
     OSSL_FUNC_keymgmt_gen_init_fn *gen_init;
     OSSL_FUNC_keymgmt_gen_set_template_fn *gen_set_template;
+    OSSL_FUNC_keymgmt_gen_get_params_fn *gen_get_params;
+    OSSL_FUNC_keymgmt_gen_gettable_params_fn *gen_gettable_params;
     OSSL_FUNC_keymgmt_gen_set_params_fn *gen_set_params;
     OSSL_FUNC_keymgmt_gen_settable_params_fn *gen_settable_params;
     OSSL_FUNC_keymgmt_gen_fn *gen;
diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c
index e3bec60abc..c9c09f7dac 100644
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@@ -60,6 +60,7 @@ static void *keymgmt_from_algorithm(int name_id,
     int setgenparamfncnt = 0;
     int importfncnt = 0, exportfncnt = 0;
     int importtypesfncnt = 0, exporttypesfncnt = 0;
+    int getgenparamfncnt = 0;
 
     if ((keymgmt = keymgmt_new()) == NULL)
         return NULL;
@@ -100,6 +101,20 @@ static void *keymgmt_from_algorithm(int name_id,
                     OSSL_FUNC_keymgmt_gen_settable_params(fns);
             }
             break;
+        case OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS:
+            if (keymgmt->gen_get_params == NULL) {
+                getgenparamfncnt++;
+                keymgmt->gen_get_params =
+                    OSSL_FUNC_keymgmt_gen_get_params(fns);
+            }
+            break;
+        case OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS:
+            if (keymgmt->gen_gettable_params == NULL) {
+                getgenparamfncnt++;
+                keymgmt->gen_gettable_params =
+                    OSSL_FUNC_keymgmt_gen_gettable_params(fns);
+            }
+            break;
         case OSSL_FUNC_KEYMGMT_GEN:
             if (keymgmt->gen == NULL)
                 keymgmt->gen = OSSL_FUNC_keymgmt_gen(fns);
@@ -225,6 +240,7 @@ static void *keymgmt_from_algorithm(int name_id,
         || (getparamfncnt != 0 && getparamfncnt != 2)
         || (setparamfncnt != 0 && setparamfncnt != 2)
         || (setgenparamfncnt != 0 && setgenparamfncnt != 2)
+        || (getgenparamfncnt != 0 && getgenparamfncnt != 2)
         || (importfncnt != 0 && importfncnt != 2)
         || (exportfncnt != 0 && exportfncnt != 2)
         || (keymgmt->gen != NULL
@@ -405,6 +421,23 @@ const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt)
     return keymgmt->gen_settable_params(NULL, provctx);
 }
 
+int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt, void *genctx,
+                               OSSL_PARAM params[])
+{
+    if (keymgmt->gen_get_params == NULL)
+        return 0;
+    return keymgmt->gen_get_params(genctx, params);
+}
+
+const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt)
+{
+    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
+
+    if (keymgmt->gen_gettable_params == NULL)
+        return NULL;
+    return keymgmt->gen_gettable_params(NULL, provctx);
+}
+
 void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
                       OSSL_CALLBACK *cb, void *cbarg)
 {
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 71485c949c..eb8c37eaf6 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -732,6 +732,12 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
             return
                 ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx,
                                                   params);
+        if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
+            && ctx->keymgmt != NULL
+            && ctx->keymgmt->gen_get_params != NULL)
+            return
+                evp_keymgmt_gen_get_params(ctx->keymgmt, ctx->op.keymgmt.genctx,
+                                           params);
         break;
 #ifndef FIPS_MODULE
     case EVP_PKEY_STATE_UNKNOWN:
@@ -777,6 +783,13 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx)
         return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.algctx,
                                                       provctx);
     }
+    if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
+            && ctx->keymgmt != NULL
+            && ctx->keymgmt->gen_gettable_params != NULL) {
+        provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx->keymgmt));
+        return ctx->keymgmt->gen_gettable_params(ctx->op.keymgmt.genctx,
+                                                 provctx);
+    }
     return NULL;
 }
author	slontis <shane.lontis@oracle.com>	2024-07-24 16:20:14 +1000
committer	Tomas Mraz <tomas@openssl.org>	2024-08-06 11:01:13 +0200
commit	d9346c59f4bf91d5bfab23813f6f9d752b67397b (patch)
tree	428240bf53a0e76848631e800c42a611f1e52dde /crypto
parent	7f8ff7ab140549a768a531d15189e54d56e52822 (diff)