From: slontis <shane.lontis@oracle.com>
Date: Wed, 24 Jul 2024 06:20:14 +0000 (+1000)
Subject: Add KeyManagement keygen parameter getter/gettable functions.
X-Git-Tag: openssl-3.4.0-alpha1~237
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d9346c59f4bf91d5bfab23813f6f9d752b67397b;p=thirdparty%2Fopenssl.git

Add KeyManagement keygen parameter getter/gettable functions.

Added OSSL_FUNC_keymgmt_gen_get_params() and
OSSL_FUNC_keymgmt_gen_gettable_params()

This will allow a FIPS indicator parameter to be queried after keygen.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24978)
---

diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h
index 8c1ff35cf36..46650f1c59d 100644
--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
@@ -113,6 +113,8 @@ struct evp_keymgmt_st {
     /* Generation, a complex constructor */
     OSSL_FUNC_keymgmt_gen_init_fn *gen_init;
     OSSL_FUNC_keymgmt_gen_set_template_fn *gen_set_template;
+    OSSL_FUNC_keymgmt_gen_get_params_fn *gen_get_params;
+    OSSL_FUNC_keymgmt_gen_gettable_params_fn *gen_gettable_params;
     OSSL_FUNC_keymgmt_gen_set_params_fn *gen_set_params;
     OSSL_FUNC_keymgmt_gen_settable_params_fn *gen_settable_params;
     OSSL_FUNC_keymgmt_gen_fn *gen;
diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c
index e3bec60abcf..c9c09f7daca 100644
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@@ -60,6 +60,7 @@ static void *keymgmt_from_algorithm(int name_id,
     int setgenparamfncnt = 0;
     int importfncnt = 0, exportfncnt = 0;
     int importtypesfncnt = 0, exporttypesfncnt = 0;
+    int getgenparamfncnt = 0;
 
     if ((keymgmt = keymgmt_new()) == NULL)
         return NULL;
@@ -100,6 +101,20 @@ static void *keymgmt_from_algorithm(int name_id,
                     OSSL_FUNC_keymgmt_gen_settable_params(fns);
             }
             break;
+        case OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS:
+            if (keymgmt->gen_get_params == NULL) {
+                getgenparamfncnt++;
+                keymgmt->gen_get_params =
+                    OSSL_FUNC_keymgmt_gen_get_params(fns);
+            }
+            break;
+        case OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS:
+            if (keymgmt->gen_gettable_params == NULL) {
+                getgenparamfncnt++;
+                keymgmt->gen_gettable_params =
+                    OSSL_FUNC_keymgmt_gen_gettable_params(fns);
+            }
+            break;
         case OSSL_FUNC_KEYMGMT_GEN:
             if (keymgmt->gen == NULL)
                 keymgmt->gen = OSSL_FUNC_keymgmt_gen(fns);
@@ -225,6 +240,7 @@ static void *keymgmt_from_algorithm(int name_id,
         || (getparamfncnt != 0 && getparamfncnt != 2)
         || (setparamfncnt != 0 && setparamfncnt != 2)
         || (setgenparamfncnt != 0 && setgenparamfncnt != 2)
+        || (getgenparamfncnt != 0 && getgenparamfncnt != 2)
         || (importfncnt != 0 && importfncnt != 2)
         || (exportfncnt != 0 && exportfncnt != 2)
         || (keymgmt->gen != NULL
@@ -405,6 +421,23 @@ const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt)
     return keymgmt->gen_settable_params(NULL, provctx);
 }
 
+int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt, void *genctx,
+                               OSSL_PARAM params[])
+{
+    if (keymgmt->gen_get_params == NULL)
+        return 0;
+    return keymgmt->gen_get_params(genctx, params);
+}
+
+const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt)
+{
+    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
+
+    if (keymgmt->gen_gettable_params == NULL)
+        return NULL;
+    return keymgmt->gen_gettable_params(NULL, provctx);
+}
+
 void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
                       OSSL_CALLBACK *cb, void *cbarg)
 {
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 71485c949ce..eb8c37eaf63 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -732,6 +732,12 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
             return
                 ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx,
                                                   params);
+        if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
+            && ctx->keymgmt != NULL
+            && ctx->keymgmt->gen_get_params != NULL)
+            return
+                evp_keymgmt_gen_get_params(ctx->keymgmt, ctx->op.keymgmt.genctx,
+                                           params);
         break;
 #ifndef FIPS_MODULE
     case EVP_PKEY_STATE_UNKNOWN:
@@ -777,6 +783,13 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx)
         return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.algctx,
                                                       provctx);
     }
+    if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
+            && ctx->keymgmt != NULL
+            && ctx->keymgmt->gen_gettable_params != NULL) {
+        provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx->keymgmt));
+        return ctx->keymgmt->gen_gettable_params(ctx->op.keymgmt.genctx,
+                                                 provctx);
+    }
     return NULL;
 }
 
diff --git a/doc/man3/EVP_KEYMGMT.pod b/doc/man3/EVP_KEYMGMT.pod
index a801ae28e9e..a5887715be2 100644
--- a/doc/man3/EVP_KEYMGMT.pod
+++ b/doc/man3/EVP_KEYMGMT.pod
@@ -14,6 +14,7 @@ EVP_KEYMGMT_do_all_provided,
 EVP_KEYMGMT_names_do_all,
 EVP_KEYMGMT_gettable_params,
 EVP_KEYMGMT_settable_params,
+EVP_KEYMGMT_gen_gettable_params,
 EVP_KEYMGMT_gen_settable_params
 - EVP key management routines
 
@@ -41,6 +42,7 @@ EVP_KEYMGMT_gen_settable_params
  const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt);
  const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt);
  const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt);
+ const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt);
 
 =head1 DESCRIPTION
 
@@ -93,9 +95,10 @@ constant L<OSSL_PARAM(3)> array that describes the names and types of key
 parameters that can be retrieved or set.
 EVP_KEYMGMT_gettable_params() is used by L<EVP_PKEY_gettable_params(3)>.
 
-EVP_KEYMGMT_gen_settable_params() returns a constant L<OSSL_PARAM(3)> array that
-describes the names and types of key generation parameters that can be set via
-L<EVP_PKEY_CTX_set_params(3)>.
+EVP_KEYMGMT_gen_gettable_params() and EVP_KEYMGMT_gen_settable_params() return a
+constant L<OSSL_PARAM(3)> array that describes the names and types of key
+generation parameters that can be retrieved or set via
+L<EVP_PKEY_CTX_get_params(3)> or L<EVP_PKEY_CTX_set_params(3)> respectively.
 
 =head1 NOTES
 
@@ -127,9 +130,9 @@ EVP_KEYMGMT_get0_name() returns the algorithm name, or NULL on error.
 EVP_KEYMGMT_get0_description() returns a pointer to a description, or NULL if
 there isn't one.
 
-EVP_KEYMGMT_gettable_params(), EVP_KEYMGMT_settable_params() and
-EVP_KEYMGMT_gen_settable_params() return a constant L<OSSL_PARAM(3)> array or
-NULL on error.
+EVP_KEYMGMT_gettable_params(), EVP_KEYMGMT_settable_params(),
+EVP_KEYMGMT_gen_gettable_params() and EVP_KEYMGMT_gen_settable_params()
+return a constant L<OSSL_PARAM(3)> array or NULL on error.
 
 =head1 SEE ALSO
 
@@ -137,7 +140,8 @@ L<EVP_MD_fetch(3)>, L<OSSL_LIB_CTX(3)>
 
 =head1 HISTORY
 
-The functions described here were added in OpenSSL 3.0.
+The function EVP_KEYMGMT_gen_gettable_params() was added in OpenSSL 3.4.0
+All other functions described here were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod
index 023a6c883e2..f3b534aad64 100644
--- a/doc/man7/provider-keymgmt.pod
+++ b/doc/man7/provider-keymgmt.pod
@@ -22,7 +22,10 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
  void *OSSL_FUNC_keymgmt_gen_init(void *provctx, int selection,
                                   const OSSL_PARAM params[]);
  int OSSL_FUNC_keymgmt_gen_set_template(void *genctx, void *template);
+ int OSSL_FUNC_keymgmt_gen_get_params(void *genctx, OSSL_PARAM params[]);
  int OSSL_FUNC_keymgmt_gen_set_params(void *genctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *OSSL_FUNC_keymgmt_gen_gettable_params(void *genctx,
+                                                         void *provctx);
  const OSSL_PARAM *OSSL_FUNC_keymgmt_gen_settable_params(void *genctx,
                                                          void *provctx);
  void *OSSL_FUNC_keymgmt_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg);
@@ -97,6 +100,8 @@ macros in L<openssl-core_dispatch.h(7)>, as follows:
 
  OSSL_FUNC_keymgmt_gen_init             OSSL_FUNC_KEYMGMT_GEN_INIT
  OSSL_FUNC_keymgmt_gen_set_template     OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE
+ OSSL_FUNC_keymgmt_gen_get_params       OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS
+ OSSL_FUNC_keymgmt_gen_gettable_params  OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS
  OSSL_FUNC_keymgmt_gen_set_params       OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS
  OSSL_FUNC_keymgmt_gen_settable_params  OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS
  OSSL_FUNC_keymgmt_gen                  OSSL_FUNC_KEYMGMT_GEN
@@ -219,6 +224,7 @@ key object, but that is not mandatory.
 OSSL_FUNC_keymgmt_free() should free the passed I<keydata>.
 
 OSSL_FUNC_keymgmt_gen_init(), OSSL_FUNC_keymgmt_gen_set_template(),
+OSSL_FUNC_keymgmt_gen_get_params(), OSSL_FUNC_keymgmt_gen_gettable_params(),
 OSSL_FUNC_keymgmt_gen_set_params(), OSSL_FUNC_keymgmt_gen_settable_params(),
 OSSL_FUNC_keymgmt_gen() and OSSL_FUNC_keymgmt_gen_cleanup() work together as a
 more elaborate context based key object constructor.
@@ -236,6 +242,13 @@ chooses can be used as a template for the key object to be generated.
 Typically, the generation of a DSA or DH key would get the domain
 parameters from this I<template>.
 
+OSSL_FUNC_keymgmt_gen_get_params() should retrieve parameters into
+I<params> in the key object generation context I<genctx>.
+
+OSSL_FUNC_keymgmt_gen_gettable_params() should return a constant array of
+descriptor L<OSSL_PARAM(3)>, for parameters that
+OSSL_FUNC_keymgmt_gen_get_params() can handle.
+
 OSSL_FUNC_keymgmt_gen_set_params() should set additional parameters from
 I<params> in the key object generation context I<genctx>.
 
@@ -466,6 +479,9 @@ The KEYMGMT interface was introduced in OpenSSL 3.0.
 Functions OSSL_FUNC_keymgmt_import_types_ex(), and OSSL_FUNC_keymgmt_export_types_ex()
 were added with OpenSSL 3.2.
 
+The functions OSSL_FUNC_keymgmt_gen_get_params() and
+OSSL_FUNC_keymgmt_gen_gettable_params() were added in OpenSSL 3.4.
+
 =head1 COPYRIGHT
 
 Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 70b79717b3e..32c60f223c7 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -818,6 +818,8 @@ int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx,
                                  void *templ);
 int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx,
                                const OSSL_PARAM params[]);
+int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt,
+                               void *genctx, OSSL_PARAM params[]);
 void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
                       OSSL_CALLBACK *cb, void *cbarg);
 void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx);
diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h
index fa4de4954c1..2769e753926 100644
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@@ -592,6 +592,8 @@ OSSL_CORE_MAKE_FUNC(void *, keymgmt_new, (void *provctx))
 # define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS         5
 # define OSSL_FUNC_KEYMGMT_GEN                         6
 # define OSSL_FUNC_KEYMGMT_GEN_CLEANUP                 7
+# define OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS              15
+# define OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS         16
 
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen_init,
                     (void *provctx, int selection, const OSSL_PARAM params[]))
@@ -602,6 +604,10 @@ OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_params,
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,
                     keymgmt_gen_settable_params,
                     (void *genctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_get_params,
+                    (void *genctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_gen_gettable_params,
+                    (void *genctx, void *provctx))
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen,
                     (void *genctx, OSSL_CALLBACK *cb, void *cbarg))
 OSSL_CORE_MAKE_FUNC(void, keymgmt_gen_cleanup, (void *genctx))
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 9fb55aa04df..5ce5dbb2343 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1790,6 +1790,7 @@ int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt,
 const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt);
 const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt);
 const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt);
+const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt);
 
 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 72ebbe037eb..7f958a4fa31 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5708,3 +5708,4 @@ i2d_OSSL_BASIC_ATTR_CONSTRAINTS         ?	3_4_0	EXIST::FUNCTION:
 OSSL_BASIC_ATTR_CONSTRAINTS_free        ?	3_4_0	EXIST::FUNCTION:
 OSSL_BASIC_ATTR_CONSTRAINTS_new         ?	3_4_0	EXIST::FUNCTION:
 OSSL_BASIC_ATTR_CONSTRAINTS_it          ?	3_4_0	EXIST::FUNCTION:
+EVP_KEYMGMT_gen_gettable_params         ?	3_4_0	EXIST::FUNCTION: