[thirdparty/openssl.git] / crypto / evp / keymgmt_lib.c

/*
 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/core_names.h>
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "crypto/evp.h"
#include "crypto/asn1.h"
#include "internal/core.h"
#include "internal/provider.h"
#include "evp_local.h"

struct import_data_st {
    void *provctx;
    void *(*importfn)(const EVP_KEYMGMT *keymgmt, const OSSL_PARAM params[]);

    /* Result */
    void *provdata;
};

static int try_import(const OSSL_PARAM params[], void *arg)
{
    struct import_data_st *data = arg;

    data->provdata = data->importfn(data->provctx, params);
    return data->provdata != NULL;
}

void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
                                     int want_domainparams)
{
    void *provdata = NULL;
    size_t i, j;

    /*
     * If there is an underlying legacy key and it has changed, invalidate
     * the cache of provider keys.
     */
    if (pk->pkey.ptr != NULL) {
        /*
         * If there is no dirty counter, this key can't be used with
         * providers.
         */
        if (pk->ameth->dirty_cnt == NULL)
            return NULL;

        if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy)
            evp_keymgmt_clear_pkey_cache(pk);
    }

    /*
     * See if we have exported to this provider already.
     * If we have, return immediately.
     */
    for (i = 0;
         i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
         i++) {
        if (keymgmt == pk->pkeys[i].keymgmt
            && want_domainparams == pk->pkeys[i].domainparams)
            return pk->pkeys[i].provdata;
    }

    if (pk->pkey.ptr != NULL) {
        /* There is a legacy key, try to export that one to the provider */

        /* If the legacy key doesn't have an export function, give up */
        if (pk->ameth->export_to == NULL)
            return NULL;

        /* Otherwise, simply use it. */
        provdata = pk->ameth->export_to(pk, keymgmt, want_domainparams);

        /* Synchronize the dirty count, but only if we exported successfully */
        if (provdata != NULL)
            pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);

    } else {
        /*
         * Here, there is no legacy key, so we look at the already cached
         * provider keys, and import from the first that supports it
         * (i.e. use its export function), and export the imported data to
         * the new provider.
         */

        /* Setup for the export callback */
        struct import_data_st import_data;

        import_data.importfn =
            want_domainparams
            ? evp_keymgmt_importdomparams
            : evp_keymgmt_importkey;
        import_data.provdata = NULL;

        /*
         * If the given keymgmt doesn't have an import function, give up
         */
        if (import_data.importfn == NULL)
            return NULL;

        for (j = 0; j < i && pk->pkeys[j].keymgmt != NULL; j++) {
            int (*exportfn)(const EVP_KEYMGMT *keymgmt, void *provdata,
                            OSSL_CALLBACK *cb, void *cbarg) =
                want_domainparams
                ? evp_keymgmt_exportdomparams
                : evp_keymgmt_exportkey;

            if (exportfn != NULL) {
                import_data.provctx =
                    ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));

                /*
                 * The export function calls the callback (try_import), which
                 * does the import for us.
                 * Even though we got a success return, we double check that
                 * we actually got something, just in case some implementation
                 * forgets to check the return value.

                 */
                if (exportfn(pk->pkeys[j].keymgmt, pk->pkeys[j].provdata,
                             &try_import, &import_data)
                    && (provdata = import_data.provdata) != NULL)
                    break;
            }
        }
    }

    /*
     * TODO(3.0) Right now, we assume we have ample space.  We will
     * have to think about a cache aging scheme, though, if |i| indexes
     * outside the array.
     */
    if (!ossl_assert(i < OSSL_NELEM(pk->pkeys)))
        return NULL;

    evp_keymgmt_cache_pkey(pk, i, keymgmt, provdata, want_domainparams);

    return provdata;
}

void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk)
{
    size_t i;

    if (pk != NULL) {
        for (i = 0;
             i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
             i++) {
            EVP_KEYMGMT *keymgmt = pk->pkeys[i].keymgmt;
            void *provdata = pk->pkeys[i].provdata;

            pk->pkeys[i].keymgmt = NULL;
            pk->pkeys[i].provdata = NULL;
            if (pk->pkeys[i].domainparams)
                evp_keymgmt_freedomparams(keymgmt, provdata);
            else
                evp_keymgmt_freekey(keymgmt, provdata);
            EVP_KEYMGMT_free(keymgmt);
        }

        pk->cache.size = 0;
        pk->cache.bits = 0;
        pk->cache.security_bits = 0;
    }
}

void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt,
                            void *provdata, int domainparams)
{
    if (provdata != NULL) {
        EVP_KEYMGMT_up_ref(keymgmt);
        pk->pkeys[index].keymgmt = keymgmt;
        pk->pkeys[index].provdata = provdata;
        pk->pkeys[index].domainparams = domainparams;

        /*
         * Cache information about the domain parameters or key.  Only needed
         * for the "original" provider side key.
         *
         * This services functions like EVP_PKEY_size, EVP_PKEY_bits, etc
         */
        if (index == 0) {
            int ok;
            int bits = 0;
            int security_bits = 0;
            int size = 0;
            OSSL_PARAM params[4];

            params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits);
            params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS,
                                                 &security_bits);
            params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, &size);
            params[3] = OSSL_PARAM_construct_end();
            ok = domainparams
                ? evp_keymgmt_get_domparam_params(keymgmt, provdata, params)
                : evp_keymgmt_get_key_params(keymgmt, provdata, params);
            if (ok) {
                pk->cache.size = size;
                pk->cache.bits = bits;
                pk->cache.security_bits = security_bits;
            }
        }
    }
}

void *evp_keymgmt_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
                           const OSSL_PARAM params[], int domainparams)
{
    void *provdata = domainparams
        ? evp_keymgmt_importdomparams(keymgmt, params)
        : evp_keymgmt_importkey(keymgmt, params);

    evp_keymgmt_clear_pkey_cache(target);
    evp_keymgmt_cache_pkey(target, 0, keymgmt, provdata, domainparams);

    return provdata;
}

/* internal functions */
/* TODO(3.0) decide if these should be public or internal */
void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt,
                                  const OSSL_PARAM params[])
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));

    return keymgmt->importdomparams(provctx, params);
}

void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt,
                               const OSSL_PARAM params[])
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));

    return keymgmt->gendomparams(provctx, params);
}

void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt,
                               void *provdomparams)
{
    keymgmt->freedomparams(provdomparams);
}

int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt,
                                void *provdomparams,
                                OSSL_CALLBACK *param_cb, void *cbarg)
{
    return keymgmt->exportdomparams(provdomparams, param_cb, cbarg);
}

const OSSL_PARAM *evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt)
{
    return keymgmt->importdomparam_types();
}

/*
 * TODO(v3.0) investigate if we need this function.  'openssl provider' may
 * be a caller...
 */
const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt)
{
    return keymgmt->exportdomparam_types();
}

int evp_keymgmt_get_domparam_params(const EVP_KEYMGMT *keymgmt,
                                     void *provdomparams, OSSL_PARAM params[])
{
    if (keymgmt->get_domparam_params == NULL)
        return 1;
    return keymgmt->get_domparam_params(provdomparams, params);
}

const OSSL_PARAM *
evp_keymgmt_gettable_domparam_params(const EVP_KEYMGMT *keymgmt)
{
    if (keymgmt->gettable_domparam_params == NULL)
        return NULL;
    return keymgmt->gettable_domparam_params();
}


void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt,
                            const OSSL_PARAM params[])
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));

    return keymgmt->importkey(provctx, params);
}

void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams,
                         const OSSL_PARAM params[])
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));

    return keymgmt->genkey(provctx, domparams, params);
}

void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt,
                          void *id, size_t idlen)
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));

    return keymgmt->loadkey(provctx, id, idlen);
}

void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey)
{
    keymgmt->freekey(provkey);
}

int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey,
                          OSSL_CALLBACK *param_cb, void *cbarg)
{
    return keymgmt->exportkey(provkey, param_cb, cbarg);
}

const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt)
{
    return keymgmt->importkey_types();
}

/*
 * TODO(v3.0) investigate if we need this function.  'openssl provider' may
 * be a caller...
 */
const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt)
{
    return keymgmt->exportkey_types();
}

int evp_keymgmt_get_key_params(const EVP_KEYMGMT *keymgmt,
                               void *provkey, OSSL_PARAM params[])
{
    if (keymgmt->get_key_params == NULL)
        return 1;
    return keymgmt->get_key_params(provkey, params);
}

const OSSL_PARAM *evp_keymgmt_gettable_key_params(const EVP_KEYMGMT *keymgmt)
{
    if (keymgmt->gettable_key_params == NULL)
        return NULL;
    return keymgmt->gettable_key_params();
}

int evp_keymgmt_validate_domparams(const EVP_KEYMGMT *keymgmt, void *provkey)
{
    /* if domainparams are not supported - then pass */
    if (keymgmt->validatedomparams == NULL)
        return 1;
    return keymgmt->validatedomparams(provkey);
}

int evp_keymgmt_validate_public(const EVP_KEYMGMT *keymgmt, void *provkey)
{
    return keymgmt->validatepublic(provkey);
}

int evp_keymgmt_validate_private(const EVP_KEYMGMT *keymgmt, void *provkey)
{
    return keymgmt->validateprivate(provkey);
}

int evp_keymgmt_validate_pairwise(const EVP_KEYMGMT *keymgmt, void *provkey)
{
    return keymgmt->validatepairwise(provkey);
}
Commit	Line	Data
70a1f7b4 RL	1	/*
	2	* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
6508e858	10	#include <openssl/core_names.h>
70a1f7b4 RL	11	#include "internal/cryptlib.h"
70a1f7b4 RL	12	#include "internal/nelem.h"
25f2138b DMSP	13	#include "crypto/evp.h"
25f2138b DMSP	14	#include "crypto/asn1.h"
1640d48c	15	#include "internal/core.h"
70a1f7b4	16	#include "internal/provider.h"
706457b7	17	#include "evp_local.h"
70a1f7b4	18
1640d48c RL	19	struct import_data_st {
1640d48c RL	20	void *provctx;
658608c4	21	void (importfn)(const EVP_KEYMGMT *keymgmt, const OSSL_PARAM params[]);
70a1f7b4	22
1640d48c RL	23	/* Result */
	24	void *provdata;
	25	};
70a1f7b4	26
1640d48c	27	static int try_import(const OSSL_PARAM params[], void *arg)
651101e1	28	{
1640d48c	29	struct import_data_st *data = arg;
70a1f7b4	30
1640d48c RL	31	data->provdata = data->importfn(data->provctx, params);
1640d48c RL	32	return data->provdata != NULL;
70a1f7b4 RL	33	}
70a1f7b4 RL	34
02f060d1 RL	35	void evp_keymgmt_export_to_provider(EVP_PKEY pk, EVP_KEYMGMT *keymgmt,
02f060d1 RL	36	int want_domainparams)
70a1f7b4	37	{
02f060d1	38	void *provdata = NULL;
70a1f7b4 RL	39	size_t i, j;
	40
	41	/*
	42	* If there is an underlying legacy key and it has changed, invalidate
	43	* the cache of provider keys.
	44	*/
	45	if (pk->pkey.ptr != NULL) {
	46	/*
	47	* If there is no dirty counter, this key can't be used with
	48	* providers.
	49	*/
	50	if (pk->ameth->dirty_cnt == NULL)
	51	return NULL;
	52
	53	if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy)
4cae07fe	54	evp_keymgmt_clear_pkey_cache(pk);
70a1f7b4 RL	55	}
	56
	57	/*
	58	* See if we have exported to this provider already.
	59	* If we have, return immediately.
	60	*/
	61	for (i = 0;
	62	i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
	63	i++) {
02f060d1 RL	64	if (keymgmt == pk->pkeys[i].keymgmt
	65	&& want_domainparams == pk->pkeys[i].domainparams)
	66	return pk->pkeys[i].provdata;
70a1f7b4 RL	67	}
	68
	69	if (pk->pkey.ptr != NULL) {
	70	/* There is a legacy key, try to export that one to the provider */
	71
	72	/* If the legacy key doesn't have an export function, give up */
	73	if (pk->ameth->export_to == NULL)
	74	return NULL;
	75
02f060d1 RL	76	/* Otherwise, simply use it. */
02f060d1 RL	77	provdata = pk->ameth->export_to(pk, keymgmt, want_domainparams);
70a1f7b4 RL	78
70a1f7b4 RL	79	/* Synchronize the dirty count, but only if we exported successfully */
02f060d1	80	if (provdata != NULL)
70a1f7b4 RL	81	pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);
	82
	83	} else {
	84	/*
	85	* Here, there is no legacy key, so we look at the already cached
	86	* provider keys, and import from the first that supports it
	87	* (i.e. use its export function), and export the imported data to
	88	* the new provider.
	89	*/
	90
1640d48c RL	91	/* Setup for the export callback */
	92	struct import_data_st import_data;
	93
	94	import_data.importfn =
658608c4 RL	95	want_domainparams
	96	? evp_keymgmt_importdomparams
	97	: evp_keymgmt_importkey;
1640d48c	98	import_data.provdata = NULL;
02f060d1	99
70a1f7b4 RL	100	/*
	101	* If the given keymgmt doesn't have an import function, give up
	102	*/
1640d48c	103	if (import_data.importfn == NULL)
70a1f7b4 RL	104	return NULL;
	105
	106	for (j = 0; j < i && pk->pkeys[j].keymgmt != NULL; j++) {
658608c4 RL	107	int (exportfn)(const EVP_KEYMGMT keymgmt, void *provdata,
658608c4 RL	108	OSSL_CALLBACK cb, void cbarg) =
1640d48c	109	want_domainparams
658608c4 RL	110	? evp_keymgmt_exportdomparams
658608c4 RL	111	: evp_keymgmt_exportkey;
02f060d1	112
1640d48c RL	113	if (exportfn != NULL) {
	114	import_data.provctx =
	115	ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
70a1f7b4 RL	116
70a1f7b4 RL	117	/*
1640d48c RL	118	* The export function calls the callback (try_import), which
	119	* does the import for us.
	120	* Even though we got a success return, we double check that
	121	* we actually got something, just in case some implementation
	122	* forgets to check the return value.
70a1f7b4	123
70a1f7b4	124	*/
658608c4 RL	125	if (exportfn(pk->pkeys[j].keymgmt, pk->pkeys[j].provdata,
658608c4 RL	126	&try_import, &import_data)
1640d48c	127	&& (provdata = import_data.provdata) != NULL)
70a1f7b4 RL	128	break;
	129	}
	130	}
	131	}
	132
	133	/*
	134	* TODO(3.0) Right now, we assume we have ample space. We will
	135	* have to think about a cache aging scheme, though, if \|i\| indexes
	136	* outside the array.
	137	*/
d5e66eab SL	138	if (!ossl_assert(i < OSSL_NELEM(pk->pkeys)))
d5e66eab SL	139	return NULL;
70a1f7b4	140
6508e858	141	evp_keymgmt_cache_pkey(pk, i, keymgmt, provdata, want_domainparams);
02f060d1 RL	142
02f060d1 RL	143	return provdata;
70a1f7b4	144	}
4cae07fe RL	145
	146	void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk)
	147	{
	148	size_t i;
	149
	150	if (pk != NULL) {
	151	for (i = 0;
	152	i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
	153	i++) {
	154	EVP_KEYMGMT *keymgmt = pk->pkeys[i].keymgmt;
02f060d1	155	void *provdata = pk->pkeys[i].provdata;
4cae07fe RL	156
4cae07fe RL	157	pk->pkeys[i].keymgmt = NULL;
02f060d1 RL	158	pk->pkeys[i].provdata = NULL;
02f060d1 RL	159	if (pk->pkeys[i].domainparams)
658608c4	160	evp_keymgmt_freedomparams(keymgmt, provdata);
02f060d1	161	else
658608c4	162	evp_keymgmt_freekey(keymgmt, provdata);
4cae07fe RL	163	EVP_KEYMGMT_free(keymgmt);
4cae07fe RL	164	}
6508e858 RL	165
	166	pk->cache.size = 0;
	167	pk->cache.bits = 0;
	168	pk->cache.security_bits = 0;
	169	}
	170	}
	171
	172	void evp_keymgmt_cache_pkey(EVP_PKEY pk, size_t index, EVP_KEYMGMT keymgmt,
	173	void *provdata, int domainparams)
	174	{
	175	if (provdata != NULL) {
	176	EVP_KEYMGMT_up_ref(keymgmt);
	177	pk->pkeys[index].keymgmt = keymgmt;
	178	pk->pkeys[index].provdata = provdata;
	179	pk->pkeys[index].domainparams = domainparams;
	180
	181	/*
	182	* Cache information about the domain parameters or key. Only needed
	183	* for the "original" provider side key.
	184	*
	185	* This services functions like EVP_PKEY_size, EVP_PKEY_bits, etc
	186	*/
	187	if (index == 0) {
	188	int ok;
	189	int bits = 0;
	190	int security_bits = 0;
	191	int size = 0;
	192	OSSL_PARAM params[4];
	193
	194	params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits);
	195	params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS,
	196	&security_bits);
	197	params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, &size);
	198	params[3] = OSSL_PARAM_construct_end();
	199	ok = domainparams
	200	? evp_keymgmt_get_domparam_params(keymgmt, provdata, params)
	201	: evp_keymgmt_get_key_params(keymgmt, provdata, params);
	202	if (ok) {
	203	pk->cache.size = size;
	204	pk->cache.bits = bits;
	205	pk->cache.security_bits = security_bits;
	206	}
	207	}
4cae07fe RL	208	}
4cae07fe RL	209	}
fa9faf01	210
46e2dd05 RL	211	void evp_keymgmt_fromdata(EVP_PKEY target, EVP_KEYMGMT *keymgmt,
	212	const OSSL_PARAM params[], int domainparams)
	213	{
46e2dd05	214	void *provdata = domainparams
658608c4 RL	215	? evp_keymgmt_importdomparams(keymgmt, params)
658608c4 RL	216	: evp_keymgmt_importkey(keymgmt, params);
46e2dd05 RL	217
46e2dd05 RL	218	evp_keymgmt_clear_pkey_cache(target);
6508e858	219	evp_keymgmt_cache_pkey(target, 0, keymgmt, provdata, domainparams);
46e2dd05 RL	220
	221	return provdata;
	222	}
fa9faf01 RL	223
	224	/* internal functions */
	225	/* TODO(3.0) decide if these should be public or internal */
	226	void evp_keymgmt_importdomparams(const EVP_KEYMGMT keymgmt,
	227	const OSSL_PARAM params[])
	228	{
	229	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
	230
	231	return keymgmt->importdomparams(provctx, params);
	232	}
	233
	234	void evp_keymgmt_gendomparams(const EVP_KEYMGMT keymgmt,
	235	const OSSL_PARAM params[])
	236	{
	237	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
	238
	239	return keymgmt->gendomparams(provctx, params);
	240	}
	241
	242	void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt,
	243	void *provdomparams)
	244	{
	245	keymgmt->freedomparams(provdomparams);
	246	}
	247
	248	int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt,
1640d48c RL	249	void *provdomparams,
1640d48c RL	250	OSSL_CALLBACK param_cb, void cbarg)
fa9faf01	251	{
1640d48c	252	return keymgmt->exportdomparams(provdomparams, param_cb, cbarg);
fa9faf01 RL	253	}
	254
	255	const OSSL_PARAM evp_keymgmt_importdomparam_types(const EVP_KEYMGMT keymgmt)
	256	{
	257	return keymgmt->importdomparam_types();
	258	}
	259
1640d48c RL	260	/*
	261	* TODO(v3.0) investigate if we need this function. 'openssl provider' may
	262	* be a caller...
	263	*/
fa9faf01 RL	264	const OSSL_PARAM evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT keymgmt)
	265	{
	266	return keymgmt->exportdomparam_types();
	267	}
	268
6508e858 RL	269	int evp_keymgmt_get_domparam_params(const EVP_KEYMGMT *keymgmt,
	270	void *provdomparams, OSSL_PARAM params[])
	271	{
	272	if (keymgmt->get_domparam_params == NULL)
	273	return 1;
	274	return keymgmt->get_domparam_params(provdomparams, params);
	275	}
	276
	277	const OSSL_PARAM *
	278	evp_keymgmt_gettable_domparam_params(const EVP_KEYMGMT *keymgmt)
	279	{
	280	if (keymgmt->gettable_domparam_params == NULL)
	281	return NULL;
	282	return keymgmt->gettable_domparam_params();
	283	}
	284
fa9faf01 RL	285
	286	void evp_keymgmt_importkey(const EVP_KEYMGMT keymgmt,
	287	const OSSL_PARAM params[])
	288	{
	289	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
	290
	291	return keymgmt->importkey(provctx, params);
	292	}
	293
	294	void evp_keymgmt_genkey(const EVP_KEYMGMT keymgmt, void *domparams,
	295	const OSSL_PARAM params[])
	296	{
	297	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
	298
	299	return keymgmt->genkey(provctx, domparams, params);
	300	}
	301
	302	void evp_keymgmt_loadkey(const EVP_KEYMGMT keymgmt,
	303	void *id, size_t idlen)
	304	{
	305	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
	306
	307	return keymgmt->loadkey(provctx, id, idlen);
	308	}
	309
	310	void evp_keymgmt_freekey(const EVP_KEYMGMT keymgmt, void provkey)
	311	{
	312	keymgmt->freekey(provkey);
	313	}
	314
	315	int evp_keymgmt_exportkey(const EVP_KEYMGMT keymgmt, void provkey,
1640d48c	316	OSSL_CALLBACK param_cb, void cbarg)
fa9faf01	317	{
1640d48c	318	return keymgmt->exportkey(provkey, param_cb, cbarg);
fa9faf01 RL	319	}
	320
	321	const OSSL_PARAM evp_keymgmt_importkey_types(const EVP_KEYMGMT keymgmt)
	322	{
	323	return keymgmt->importkey_types();
	324	}
	325
1640d48c RL	326	/*
	327	* TODO(v3.0) investigate if we need this function. 'openssl provider' may
	328	* be a caller...
	329	*/
fa9faf01 RL	330	const OSSL_PARAM evp_keymgmt_exportkey_types(const EVP_KEYMGMT keymgmt)
	331	{
	332	return keymgmt->exportkey_types();
	333	}
6508e858 RL	334
	335	int evp_keymgmt_get_key_params(const EVP_KEYMGMT *keymgmt,
	336	void *provkey, OSSL_PARAM params[])
	337	{
	338	if (keymgmt->get_key_params == NULL)
	339	return 1;
	340	return keymgmt->get_key_params(provkey, params);
	341	}
	342
	343	const OSSL_PARAM evp_keymgmt_gettable_key_params(const EVP_KEYMGMT keymgmt)
	344	{
	345	if (keymgmt->gettable_key_params == NULL)
	346	return NULL;
	347	return keymgmt->gettable_key_params();
	348	}
12603de6 SL	349
	350	int evp_keymgmt_validate_domparams(const EVP_KEYMGMT keymgmt, void provkey)
	351	{
	352	/* if domainparams are not supported - then pass */
	353	if (keymgmt->validatedomparams == NULL)
	354	return 1;
	355	return keymgmt->validatedomparams(provkey);
	356	}
	357
	358	int evp_keymgmt_validate_public(const EVP_KEYMGMT keymgmt, void provkey)
	359	{
	360	return keymgmt->validatepublic(provkey);
	361	}
	362
	363	int evp_keymgmt_validate_private(const EVP_KEYMGMT keymgmt, void provkey)
	364	{
	365	return keymgmt->validateprivate(provkey);
	366	}
	367
	368	int evp_keymgmt_validate_pairwise(const EVP_KEYMGMT keymgmt, void provkey)
	369	{
	370	return keymgmt->validatepairwise(provkey);
	371	}