CORE & EVP: Specify OP_query_operation_name() for KEYMGMT

This will allow keymgmt implementation for key types that need it to specify the names of the diverse operation algorithms it can be used with. Currently, only one name per key type and operation is allowed. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10647)
2019-12-18 13:20:55 +01:00 · 2019-12-18 13:20:55 +01:00 · e62a45b60e
commit e62a45b60e
parent cc4ff1061e
4 changed files with 25 additions and 0 deletions
--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
@ -89,6 +89,7 @@ struct evp_keymgmt_st {
    OSSL_OP_keymgmt_exportkey_fn *exportkey;
    OSSL_OP_keymgmt_importkey_types_fn *importkey_types;
    OSSL_OP_keymgmt_exportkey_types_fn *exportkey_types;
+    OSSL_OP_keymgmt_query_operation_name_fn *query_operation_name;
 } /* EVP_KEYMGMT */ ;

 struct keymgmt_data_st {
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@ -118,6 +118,12 @@ static void *keymgmt_from_dispatch(int name_id,
            keymgmt->exportkey_types =
                OSSL_get_OP_keymgmt_exportkey_types(fns);
            break;
+        case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME:
+            if (keymgmt->query_operation_name != NULL)
+                break;
+            keymgmt->query_operation_name =
+                OSSL_get_OP_keymgmt_query_operation_name(fns);
+            break;
        }
    }
    /*
--- a/doc/man7/provider-keymgmt.pod
+++ b/doc/man7/provider-keymgmt.pod
@ -40,6 +40,9 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
 const OSSL_PARAM *OP_keymgmt_importkey_types(void);
 const OSSL_PARAM *OP_keymgmt_exportkey_types(void);

+ /* Discovery of supported operations */
+ const char *OP_keymgmt_query_operation_name(int operation_id);
+
 =head1 DESCRIPTION

 The KEYMGMT operation doesn't have much public visibility in OpenSSL
@ -158,6 +161,16 @@ OP_keymgmt_exportkey_types() should return a constant array of
 descriptor B<OSSL_PARAM>, for parameters that can be exported with
 OP_keymgmt_exportkeys().

+=head2 Supported operations
+
+OP_keymgmt_query_operation_name() should return the name of the
+supported algorithm for the operation I<operation_id>.  This is
+similar to provider_query_operation() (see L<provider-base(7)>),
+but only works as an advisory.  If this function is not present, or
+returns NULL, the caller is free to assume that there's an algorithm
+from the same provider, of the same name as the one used to fetch the
+keymgmt and try to use that.
+
 =head1 SEE ALSO

 L<provider(7)>
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@ -395,6 +395,11 @@ OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_exportkey,
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_importkey_types, (void))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_exportkey_types, (void))

+/* Discovery of supported operations */
+# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME    17
+OSSL_CORE_MAKE_FUNC(const char *,OP_keymgmt_query_operation_name,
+                    (int operation_id))
+
 /* Key Exchange */

 # define OSSL_FUNC_KEYEXCH_NEWCTX                      1