diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 71e1258326..71051a6587 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -89,6 +89,7 @@ struct evp_keymgmt_st { OSSL_OP_keymgmt_exportkey_fn *exportkey; OSSL_OP_keymgmt_importkey_types_fn *importkey_types; OSSL_OP_keymgmt_exportkey_types_fn *exportkey_types; + OSSL_OP_keymgmt_query_operation_name_fn *query_operation_name; } /* EVP_KEYMGMT */ ; struct keymgmt_data_st { diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 8091bcadb8..6318ddd3fb 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -118,6 +118,12 @@ static void *keymgmt_from_dispatch(int name_id, keymgmt->exportkey_types = OSSL_get_OP_keymgmt_exportkey_types(fns); break; + case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME: + if (keymgmt->query_operation_name != NULL) + break; + keymgmt->query_operation_name = + OSSL_get_OP_keymgmt_query_operation_name(fns); + break; } } /* diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index 40f1ad6327..1c868c5630 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -40,6 +40,9 @@ provider-keymgmt - The KEYMGMT library E-E provider functions const OSSL_PARAM *OP_keymgmt_importkey_types(void); const OSSL_PARAM *OP_keymgmt_exportkey_types(void); + /* Discovery of supported operations */ + const char *OP_keymgmt_query_operation_name(int operation_id); + =head1 DESCRIPTION The KEYMGMT operation doesn't have much public visibility in OpenSSL @@ -158,6 +161,16 @@ OP_keymgmt_exportkey_types() should return a constant array of descriptor B, for parameters that can be exported with OP_keymgmt_exportkeys(). +=head2 Supported operations + +OP_keymgmt_query_operation_name() should return the name of the +supported algorithm for the operation I. This is +similar to provider_query_operation() (see L), +but only works as an advisory. If this function is not present, or +returns NULL, the caller is free to assume that there's an algorithm +from the same provider, of the same name as the one used to fetch the +keymgmt and try to use that. + =head1 SEE ALSO L diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 6b4a205f1d..9f49599dab 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -395,6 +395,11 @@ OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_exportkey, OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_importkey_types, (void)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_exportkey_types, (void)) +/* Discovery of supported operations */ +# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 17 +OSSL_CORE_MAKE_FUNC(const char *,OP_keymgmt_query_operation_name, + (int operation_id)) + /* Key Exchange */ # define OSSL_FUNC_KEYEXCH_NEWCTX 1