/src/openssl/crypto/evp/keymgmt_meth.c

Source
/*
 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/crypto.h>
#include <openssl/core_dispatch.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include "internal/provider.h"
#include "internal/refcount.h"
#include "internal/core.h"
#include "crypto/evp.h"
#include "evp_local.h"

static void evp_keymgmt_free(void *data)
{
    EVP_KEYMGMT_free(data);
}

static int evp_keymgmt_up_ref(void *data)
{
    return EVP_KEYMGMT_up_ref(data);
}

static void *keymgmt_new(void)
{
    EVP_KEYMGMT *keymgmt = NULL;

    if ((keymgmt = OPENSSL_zalloc(sizeof(*keymgmt))) == NULL)
        return NULL;
    if (!CRYPTO_NEW_REF(&keymgmt->refcnt, 1)) {
        EVP_KEYMGMT_free(keymgmt);
        return NULL;
    }
    return keymgmt;
}

#ifndef FIPS_MODULE
static void help_get_legacy_alg_type_from_keymgmt(const char *keytype,
    void *arg)
{
    int *type = arg;

    if (*type == NID_undef)
        *type = evp_pkey_name2type(keytype);
}

static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT *keymgmt)
{
    int type = NID_undef;

    EVP_KEYMGMT_names_do_all(keymgmt, help_get_legacy_alg_type_from_keymgmt,
        &type);
    return type;
}
#endif

static void *keymgmt_from_algorithm(int name_id,
    const OSSL_ALGORITHM *algodef,
    OSSL_PROVIDER *prov)
{
    const OSSL_DISPATCH *fns = algodef->implementation;
    EVP_KEYMGMT *keymgmt = NULL;
    int setparamfncnt = 0, getparamfncnt = 0;
    int setgenparamfncnt = 0;
    int importfncnt = 0, exportfncnt = 0;
    int importtypesfncnt = 0, exporttypesfncnt = 0;
    int getgenparamfncnt = 0;

    if ((keymgmt = keymgmt_new()) == NULL)
        return NULL;

    keymgmt->name_id = name_id;
    if ((keymgmt->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
        EVP_KEYMGMT_free(keymgmt);
        return NULL;
    }
    keymgmt->description = algodef->algorithm_description;

    for (; fns->function_id != 0; fns++) {
        switch (fns->function_id) {
        case OSSL_FUNC_KEYMGMT_NEW:
            if (keymgmt->new == NULL)
                keymgmt->new = OSSL_FUNC_keymgmt_new(fns);
            break;
        case OSSL_FUNC_KEYMGMT_GEN_INIT:
            if (keymgmt->gen_init == NULL)
                keymgmt->gen_init = OSSL_FUNC_keymgmt_gen_init(fns);
            break;
        case OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE:
            if (keymgmt->gen_set_template == NULL)
                keymgmt->gen_set_template = OSSL_FUNC_keymgmt_gen_set_template(fns);
            break;
        case OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS:
            if (keymgmt->gen_set_params == NULL) {
                setgenparamfncnt++;
                keymgmt->gen_set_params = OSSL_FUNC_keymgmt_gen_set_params(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS:
            if (keymgmt->gen_settable_params == NULL) {
                setgenparamfncnt++;
                keymgmt->gen_settable_params = OSSL_FUNC_keymgmt_gen_settable_params(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS:
            if (keymgmt->gen_get_params == NULL) {
                getgenparamfncnt++;
                keymgmt->gen_get_params = OSSL_FUNC_keymgmt_gen_get_params(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS:
            if (keymgmt->gen_gettable_params == NULL) {
                getgenparamfncnt++;
                keymgmt->gen_gettable_params = OSSL_FUNC_keymgmt_gen_gettable_params(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_GEN:
            if (keymgmt->gen == NULL)
                keymgmt->gen = OSSL_FUNC_keymgmt_gen(fns);
            break;
        case OSSL_FUNC_KEYMGMT_GEN_CLEANUP:
            if (keymgmt->gen_cleanup == NULL)
                keymgmt->gen_cleanup = OSSL_FUNC_keymgmt_gen_cleanup(fns);
            break;
        case OSSL_FUNC_KEYMGMT_FREE:
            if (keymgmt->free == NULL)
                keymgmt->free = OSSL_FUNC_keymgmt_free(fns);
            break;
        case OSSL_FUNC_KEYMGMT_LOAD:
            if (keymgmt->load == NULL)
                keymgmt->load = OSSL_FUNC_keymgmt_load(fns);
            break;
        case OSSL_FUNC_KEYMGMT_GET_PARAMS:
            if (keymgmt->get_params == NULL) {
                getparamfncnt++;
                keymgmt->get_params = OSSL_FUNC_keymgmt_get_params(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS:
            if (keymgmt->gettable_params == NULL) {
                getparamfncnt++;
                keymgmt->gettable_params = OSSL_FUNC_keymgmt_gettable_params(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_SET_PARAMS:
            if (keymgmt->set_params == NULL) {
                setparamfncnt++;
                keymgmt->set_params = OSSL_FUNC_keymgmt_set_params(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS:
            if (keymgmt->settable_params == NULL) {
                setparamfncnt++;
                keymgmt->settable_params = OSSL_FUNC_keymgmt_settable_params(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME:
            if (keymgmt->query_operation_name == NULL)
                keymgmt->query_operation_name = OSSL_FUNC_keymgmt_query_operation_name(fns);
            break;
        case OSSL_FUNC_KEYMGMT_HAS:
            if (keymgmt->has == NULL)
                keymgmt->has = OSSL_FUNC_keymgmt_has(fns);
            break;
        case OSSL_FUNC_KEYMGMT_DUP:
            if (keymgmt->dup == NULL)
                keymgmt->dup = OSSL_FUNC_keymgmt_dup(fns);
            break;
        case OSSL_FUNC_KEYMGMT_VALIDATE:
            if (keymgmt->validate == NULL)
                keymgmt->validate = OSSL_FUNC_keymgmt_validate(fns);
            break;
        case OSSL_FUNC_KEYMGMT_MATCH:
            if (keymgmt->match == NULL)
                keymgmt->match = OSSL_FUNC_keymgmt_match(fns);
            break;
        case OSSL_FUNC_KEYMGMT_IMPORT:
            if (keymgmt->import == NULL) {
                importfncnt++;
                keymgmt->import = OSSL_FUNC_keymgmt_import(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_IMPORT_TYPES:
            if (keymgmt->import_types == NULL) {
                if (importtypesfncnt == 0)
                    importfncnt++;
                importtypesfncnt++;
                keymgmt->import_types = OSSL_FUNC_keymgmt_import_types(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX:
            if (keymgmt->import_types_ex == NULL) {
                if (importtypesfncnt == 0)
                    importfncnt++;
                importtypesfncnt++;
                keymgmt->import_types_ex = OSSL_FUNC_keymgmt_import_types_ex(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_EXPORT:
            if (keymgmt->export == NULL) {
                exportfncnt++;
                keymgmt->export = OSSL_FUNC_keymgmt_export(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_EXPORT_TYPES:
            if (keymgmt->export_types == NULL) {
                if (exporttypesfncnt == 0)
                    exportfncnt++;
                exporttypesfncnt++;
                keymgmt->export_types = OSSL_FUNC_keymgmt_export_types(fns);
            }
            break;
        case OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX:
            if (keymgmt->export_types_ex == NULL) {
                if (exporttypesfncnt == 0)
                    exportfncnt++;
                exporttypesfncnt++;
                keymgmt->export_types_ex = OSSL_FUNC_keymgmt_export_types_ex(fns);
            }
            break;
        }
    }
    /*
     * Try to check that the method is sensible.
     * At least one constructor and the destructor are MANDATORY
     * The functions 'has' is MANDATORY
     * It makes no sense being able to free stuff if you can't create it.
     * It makes no sense providing OSSL_PARAM descriptors for import and
     * export if you can't import or export.
     */
    if (keymgmt->free == NULL
        || (keymgmt->new == NULL
            && keymgmt->gen == NULL
            && keymgmt->load == NULL)
        || keymgmt->has == NULL
        || (getparamfncnt != 0 && getparamfncnt != 2)
        || (setparamfncnt != 0 && setparamfncnt != 2)
        || (setgenparamfncnt != 0 && setgenparamfncnt != 2)
        || (getgenparamfncnt != 0 && getgenparamfncnt != 2)
        || (importfncnt != 0 && importfncnt != 2)
        || (exportfncnt != 0 && exportfncnt != 2)
        || (keymgmt->gen != NULL
            && (keymgmt->gen_init == NULL
                || keymgmt->gen_cleanup == NULL))) {
        EVP_KEYMGMT_free(keymgmt);
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
        return NULL;
    }
    keymgmt->prov = prov;
    if (prov != NULL && !ossl_provider_up_ref(prov)) {
        EVP_KEYMGMT_free(keymgmt);
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
        return NULL;
    }

#ifndef FIPS_MODULE
    keymgmt->legacy_alg = get_legacy_alg_type_from_keymgmt(keymgmt);
#endif

    return keymgmt;
}

EVP_KEYMGMT *evp_keymgmt_fetch_from_prov(OSSL_PROVIDER *prov,
    const char *name,
    const char *properties)
{
    return evp_generic_fetch_from_prov(prov, OSSL_OP_KEYMGMT,
        name, properties,
        keymgmt_from_algorithm,
        evp_keymgmt_up_ref,
        evp_keymgmt_free);
}

EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
    const char *properties)
{
    return evp_generic_fetch(ctx, OSSL_OP_KEYMGMT, algorithm, properties,
        keymgmt_from_algorithm,
        evp_keymgmt_up_ref,
        evp_keymgmt_free);
}

int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt)
{
    int ref = 0;

    CRYPTO_UP_REF(&keymgmt->refcnt, &ref);
    return 1;
}

void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt)
{
    int ref = 0;

    if (keymgmt == NULL)
        return;

    CRYPTO_DOWN_REF(&keymgmt->refcnt, &ref);
    if (ref > 0)
        return;
    OPENSSL_free(keymgmt->type_name);
    ossl_provider_free(keymgmt->prov);
    CRYPTO_FREE_REF(&keymgmt->refcnt);
    OPENSSL_free(keymgmt);
}

const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt)
{
    return keymgmt->prov;
}

int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt)
{
    return keymgmt->name_id;
}

int evp_keymgmt_get_legacy_alg(const EVP_KEYMGMT *keymgmt)
{
    return keymgmt->legacy_alg;
}

const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt)
{
    return keymgmt->description;
}

const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt)
{
    return keymgmt->type_name;
}

int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name)
{
    return keymgmt != NULL
        && evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name);
}

void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx,
    void (*fn)(EVP_KEYMGMT *keymgmt, void *arg),
    void *arg)
{
    evp_generic_do_all(libctx, OSSL_OP_KEYMGMT,
        (void (*)(void *, void *))fn, arg,
        keymgmt_from_algorithm,
        evp_keymgmt_up_ref,
        evp_keymgmt_free);
}

int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt,
    void (*fn)(const char *name, void *data),
    void *data)
{
    if (keymgmt->prov != NULL)
        return evp_names_do_all(keymgmt->prov, keymgmt->name_id, fn, data);

    return 1;
}

/*
 * Internal API that interfaces with the method function pointers
 */
void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt)
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));

    /*
     * 'new' is currently mandatory on its own, but when new
     * constructors appear, it won't be quite as mandatory,
     * so we have a check for future cases.
     */
    if (keymgmt->new == NULL)
        return NULL;
    return keymgmt->new(provctx);
}

void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keydata)
{
    /* This is mandatory, no need to check for its presence */
    keymgmt->free(keydata);
}

void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection,
    const OSSL_PARAM params[])
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));

    if (keymgmt->gen_init == NULL)
        return NULL;
    return keymgmt->gen_init(provctx, selection, params);
}

int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx,
    void *templ)
{
    /*
     * It's arguable if we actually should return success in this case, as
     * it allows the caller to set a template key, which is then ignored.
     * However, this is how the legacy methods (EVP_PKEY_METHOD) operate,
     * so we do this in the interest of backward compatibility.
     */
    if (keymgmt->gen_set_template == NULL)
        return 1;
    return keymgmt->gen_set_template(genctx, templ);
}

int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx,
    const OSSL_PARAM params[])
{
    if (keymgmt->gen_set_params == NULL)
        return 0;
    return keymgmt->gen_set_params(genctx, params);
}

const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt)
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));

    if (keymgmt->gen_settable_params == NULL)
        return NULL;
    return keymgmt->gen_settable_params(NULL, provctx);
}

int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt, void *genctx,
    OSSL_PARAM params[])
{
    if (keymgmt->gen_get_params == NULL)
        return 0;
    return keymgmt->gen_get_params(genctx, params);
}

const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt)
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));

    if (keymgmt->gen_gettable_params == NULL)
        return NULL;
    return keymgmt->gen_gettable_params(NULL, provctx);
}

void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
    OSSL_CALLBACK *cb, void *cbarg)
{
    void *ret;
    const char *desc = keymgmt->description != NULL ? keymgmt->description : "";

    if (keymgmt->gen == NULL) {
        ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_NOT_SUPPORTED,
            "%s key generation:%s", keymgmt->type_name, desc);
        return NULL;
    }

    ERR_set_mark();
    ret = keymgmt->gen(genctx, cb, cbarg);
    if (ret == NULL && ERR_count_to_mark() == 0)
        ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_FAILURE,
            "%s key generation:%s", keymgmt->type_name, desc);
    ERR_clear_last_mark();
    return ret;
}

void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx)
{
    if (keymgmt->gen_cleanup != NULL)
        keymgmt->gen_cleanup(genctx);
}

int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt)
{
    return keymgmt != NULL && keymgmt->load != NULL;
}

void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt,
    const void *objref, size_t objref_sz)
{
    if (evp_keymgmt_has_load(keymgmt))
        return keymgmt->load(objref, objref_sz);
    return NULL;
}

int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, void *keydata,
    OSSL_PARAM params[])
{
    if (keymgmt->get_params == NULL)
        return 1;
    return keymgmt->get_params(keydata, params);
}

const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt)
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));

    if (keymgmt->gettable_params == NULL)
        return NULL;
    return keymgmt->gettable_params(provctx);
}

int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, void *keydata,
    const OSSL_PARAM params[])
{
    if (keymgmt->set_params == NULL)
        return 1;
    return keymgmt->set_params(keydata, params);
}

const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt)
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));

    if (keymgmt->settable_params == NULL)
        return NULL;
    return keymgmt->settable_params(provctx);
}

int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keydata, int selection)
{
    /* This is mandatory, no need to check for its presence */
    return keymgmt->has(keydata, selection);
}

int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata,
    int selection, int checktype)
{
    /* We assume valid if the implementation doesn't have a function */
    if (keymgmt->validate == NULL)
        return 1;
    return keymgmt->validate(keydata, selection, checktype);
}

int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt,
    const void *keydata1, const void *keydata2,
    int selection)
{
    /* We assume no match if the implementation doesn't have a function */
    if (keymgmt->match == NULL)
        return 0;
    return keymgmt->match(keydata1, keydata2, selection);
}

int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata,
    int selection, const OSSL_PARAM params[])
{
    if (keymgmt->import == NULL)
        return 0;
    return keymgmt->import(keydata, selection, params);
}

const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt,
    int selection)
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));

    if (keymgmt->import_types_ex != NULL)
        return keymgmt->import_types_ex(provctx, selection);
    if (keymgmt->import_types == NULL)
        return NULL;
    return keymgmt->import_types(selection);
}

int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata,
    int selection, OSSL_CALLBACK *param_cb, void *cbarg)
{
    if (keymgmt->export == NULL)
        return 0;
    return keymgmt->export(keydata, selection, param_cb, cbarg);
}

const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt,
    int selection)
{
    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));

    if (keymgmt->export_types_ex != NULL)
        return keymgmt->export_types_ex(provctx, selection);
    if (keymgmt->export_types == NULL)
        return NULL;
    return keymgmt->export_types(selection);
}

void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, const void *keydata_from,
    int selection)
{
    /* We assume no dup if the implementation doesn't have a function */
    if (keymgmt->dup == NULL)
        return NULL;
    return keymgmt->dup(keydata_from, selection);
}

Coverage Report

Created: 2025-12-10 06:24

Line	Count	Source
1		/*
2		* Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <openssl/crypto.h>
11		#include <openssl/core_dispatch.h>
12		#include <openssl/evp.h>
13		#include <openssl/err.h>
14		#include "internal/provider.h"
15		#include "internal/refcount.h"
16		#include "internal/core.h"
17		#include "crypto/evp.h"
18		#include "evp_local.h"
19
20		static void evp_keymgmt_free(void *data)
21	0	{
22	0	EVP_KEYMGMT_free(data);
23	0	}
24
25		static int evp_keymgmt_up_ref(void *data)
26	0	{
27	0	return EVP_KEYMGMT_up_ref(data);
28	0	}
29
30		static void *keymgmt_new(void)
31	0	{
32	0	EVP_KEYMGMT *keymgmt = NULL;
33
34	0	if ((keymgmt = OPENSSL_zalloc(sizeof(*keymgmt))) == NULL)
35	0	return NULL;
36	0	if (!CRYPTO_NEW_REF(&keymgmt->refcnt, 1)) {
37	0	EVP_KEYMGMT_free(keymgmt);
38	0	return NULL;
39	0	}
40	0	return keymgmt;
41	0	}
42
43		#ifndef FIPS_MODULE
44		static void help_get_legacy_alg_type_from_keymgmt(const char *keytype,
45		void *arg)
46	0	{
47	0	int *type = arg;
48
49	0	if (*type == NID_undef)
50	0	*type = evp_pkey_name2type(keytype);
51	0	}
52
53		static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT *keymgmt)
54	0	{
55	0	int type = NID_undef;
56
57	0	EVP_KEYMGMT_names_do_all(keymgmt, help_get_legacy_alg_type_from_keymgmt,
58	0	&type);
59	0	return type;
60	0	}
61		#endif
62
63		static void *keymgmt_from_algorithm(int name_id,
64		const OSSL_ALGORITHM *algodef,
65		OSSL_PROVIDER *prov)
66	0	{
67	0	const OSSL_DISPATCH *fns = algodef->implementation;
68	0	EVP_KEYMGMT *keymgmt = NULL;
69	0	int setparamfncnt = 0, getparamfncnt = 0;
70	0	int setgenparamfncnt = 0;
71	0	int importfncnt = 0, exportfncnt = 0;
72	0	int importtypesfncnt = 0, exporttypesfncnt = 0;
73	0	int getgenparamfncnt = 0;
74
75	0	if ((keymgmt = keymgmt_new()) == NULL)
76	0	return NULL;
77
78	0	keymgmt->name_id = name_id;
79	0	if ((keymgmt->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
80	0	EVP_KEYMGMT_free(keymgmt);
81	0	return NULL;
82	0	}
83	0	keymgmt->description = algodef->algorithm_description;
84
85	0	for (; fns->function_id != 0; fns++) {
86	0	switch (fns->function_id) {
87	0	case OSSL_FUNC_KEYMGMT_NEW:
88	0	if (keymgmt->new == NULL)
89	0	keymgmt->new = OSSL_FUNC_keymgmt_new(fns);
90	0	break;
91	0	case OSSL_FUNC_KEYMGMT_GEN_INIT:
92	0	if (keymgmt->gen_init == NULL)
93	0	keymgmt->gen_init = OSSL_FUNC_keymgmt_gen_init(fns);
94	0	break;
95	0	case OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE:
96	0	if (keymgmt->gen_set_template == NULL)
97	0	keymgmt->gen_set_template = OSSL_FUNC_keymgmt_gen_set_template(fns);
98	0	break;
99	0	case OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS:
100	0	if (keymgmt->gen_set_params == NULL) {
101	0	setgenparamfncnt++;
102	0	keymgmt->gen_set_params = OSSL_FUNC_keymgmt_gen_set_params(fns);
103	0	}
104	0	break;
105	0	case OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS:
106	0	if (keymgmt->gen_settable_params == NULL) {
107	0	setgenparamfncnt++;
108	0	keymgmt->gen_settable_params = OSSL_FUNC_keymgmt_gen_settable_params(fns);
109	0	}
110	0	break;
111	0	case OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS:
112	0	if (keymgmt->gen_get_params == NULL) {
113	0	getgenparamfncnt++;
114	0	keymgmt->gen_get_params = OSSL_FUNC_keymgmt_gen_get_params(fns);
115	0	}
116	0	break;
117	0	case OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS:
118	0	if (keymgmt->gen_gettable_params == NULL) {
119	0	getgenparamfncnt++;
120	0	keymgmt->gen_gettable_params = OSSL_FUNC_keymgmt_gen_gettable_params(fns);
121	0	}
122	0	break;
123	0	case OSSL_FUNC_KEYMGMT_GEN:
124	0	if (keymgmt->gen == NULL)
125	0	keymgmt->gen = OSSL_FUNC_keymgmt_gen(fns);
126	0	break;
127	0	case OSSL_FUNC_KEYMGMT_GEN_CLEANUP:
128	0	if (keymgmt->gen_cleanup == NULL)
129	0	keymgmt->gen_cleanup = OSSL_FUNC_keymgmt_gen_cleanup(fns);
130	0	break;
131	0	case OSSL_FUNC_KEYMGMT_FREE:
132	0	if (keymgmt->free == NULL)
133	0	keymgmt->free = OSSL_FUNC_keymgmt_free(fns);
134	0	break;
135	0	case OSSL_FUNC_KEYMGMT_LOAD:
136	0	if (keymgmt->load == NULL)
137	0	keymgmt->load = OSSL_FUNC_keymgmt_load(fns);
138	0	break;
139	0	case OSSL_FUNC_KEYMGMT_GET_PARAMS:
140	0	if (keymgmt->get_params == NULL) {
141	0	getparamfncnt++;
142	0	keymgmt->get_params = OSSL_FUNC_keymgmt_get_params(fns);
143	0	}
144	0	break;
145	0	case OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS:
146	0	if (keymgmt->gettable_params == NULL) {
147	0	getparamfncnt++;
148	0	keymgmt->gettable_params = OSSL_FUNC_keymgmt_gettable_params(fns);
149	0	}
150	0	break;
151	0	case OSSL_FUNC_KEYMGMT_SET_PARAMS:
152	0	if (keymgmt->set_params == NULL) {
153	0	setparamfncnt++;
154	0	keymgmt->set_params = OSSL_FUNC_keymgmt_set_params(fns);
155	0	}
156	0	break;
157	0	case OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS:
158	0	if (keymgmt->settable_params == NULL) {
159	0	setparamfncnt++;
160	0	keymgmt->settable_params = OSSL_FUNC_keymgmt_settable_params(fns);
161	0	}
162	0	break;
163	0	case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME:
164	0	if (keymgmt->query_operation_name == NULL)
165	0	keymgmt->query_operation_name = OSSL_FUNC_keymgmt_query_operation_name(fns);
166	0	break;
167	0	case OSSL_FUNC_KEYMGMT_HAS:
168	0	if (keymgmt->has == NULL)
169	0	keymgmt->has = OSSL_FUNC_keymgmt_has(fns);
170	0	break;
171	0	case OSSL_FUNC_KEYMGMT_DUP:
172	0	if (keymgmt->dup == NULL)
173	0	keymgmt->dup = OSSL_FUNC_keymgmt_dup(fns);
174	0	break;
175	0	case OSSL_FUNC_KEYMGMT_VALIDATE:
176	0	if (keymgmt->validate == NULL)
177	0	keymgmt->validate = OSSL_FUNC_keymgmt_validate(fns);
178	0	break;
179	0	case OSSL_FUNC_KEYMGMT_MATCH:
180	0	if (keymgmt->match == NULL)
181	0	keymgmt->match = OSSL_FUNC_keymgmt_match(fns);
182	0	break;
183	0	case OSSL_FUNC_KEYMGMT_IMPORT:
184	0	if (keymgmt->import == NULL) {
185	0	importfncnt++;
186	0	keymgmt->import = OSSL_FUNC_keymgmt_import(fns);
187	0	}
188	0	break;
189	0	case OSSL_FUNC_KEYMGMT_IMPORT_TYPES:
190	0	if (keymgmt->import_types == NULL) {
191	0	if (importtypesfncnt == 0)
192	0	importfncnt++;
193	0	importtypesfncnt++;
194	0	keymgmt->import_types = OSSL_FUNC_keymgmt_import_types(fns);
195	0	}
196	0	break;
197	0	case OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX:
198	0	if (keymgmt->import_types_ex == NULL) {
199	0	if (importtypesfncnt == 0)
200	0	importfncnt++;
201	0	importtypesfncnt++;
202	0	keymgmt->import_types_ex = OSSL_FUNC_keymgmt_import_types_ex(fns);
203	0	}
204	0	break;
205	0	case OSSL_FUNC_KEYMGMT_EXPORT:
206	0	if (keymgmt->export == NULL) {
207	0	exportfncnt++;
208	0	keymgmt->export = OSSL_FUNC_keymgmt_export(fns);
209	0	}
210	0	break;
211	0	case OSSL_FUNC_KEYMGMT_EXPORT_TYPES:
212	0	if (keymgmt->export_types == NULL) {
213	0	if (exporttypesfncnt == 0)
214	0	exportfncnt++;
215	0	exporttypesfncnt++;
216	0	keymgmt->export_types = OSSL_FUNC_keymgmt_export_types(fns);
217	0	}
218	0	break;
219	0	case OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX:
220	0	if (keymgmt->export_types_ex == NULL) {
221	0	if (exporttypesfncnt == 0)
222	0	exportfncnt++;
223	0	exporttypesfncnt++;
224	0	keymgmt->export_types_ex = OSSL_FUNC_keymgmt_export_types_ex(fns);
225	0	}
226	0	break;
227	0	}
228	0	}
229		/*
230		* Try to check that the method is sensible.
231		* At least one constructor and the destructor are MANDATORY
232		* The functions 'has' is MANDATORY
233		* It makes no sense being able to free stuff if you can't create it.
234		* It makes no sense providing OSSL_PARAM descriptors for import and
235		* export if you can't import or export.
236		*/
237	0	if (keymgmt->free == NULL
238	0	\|\| (keymgmt->new == NULL
239	0	&& keymgmt->gen == NULL
240	0	&& keymgmt->load == NULL)
241	0	\|\| keymgmt->has == NULL
242	0	\|\| (getparamfncnt != 0 && getparamfncnt != 2)
243	0	\|\| (setparamfncnt != 0 && setparamfncnt != 2)
244	0	\|\| (setgenparamfncnt != 0 && setgenparamfncnt != 2)
245	0	\|\| (getgenparamfncnt != 0 && getgenparamfncnt != 2)
246	0	\|\| (importfncnt != 0 && importfncnt != 2)
247	0	\|\| (exportfncnt != 0 && exportfncnt != 2)
248	0	\|\| (keymgmt->gen != NULL
249	0	&& (keymgmt->gen_init == NULL
250	0	\|\| keymgmt->gen_cleanup == NULL))) {
251	0	EVP_KEYMGMT_free(keymgmt);
252	0	ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
253	0	return NULL;
254	0	}
255	0	keymgmt->prov = prov;
256	0	if (prov != NULL && !ossl_provider_up_ref(prov)) {
257	0	EVP_KEYMGMT_free(keymgmt);
258	0	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
259	0	return NULL;
260	0	}
261
262	0	#ifndef FIPS_MODULE
263	0	keymgmt->legacy_alg = get_legacy_alg_type_from_keymgmt(keymgmt);
264	0	#endif
265
266	0	return keymgmt;
267	0	}
268
269		EVP_KEYMGMT evp_keymgmt_fetch_from_prov(OSSL_PROVIDER prov,
270		const char *name,
271		const char *properties)
272	0	{
273	0	return evp_generic_fetch_from_prov(prov, OSSL_OP_KEYMGMT,
274	0	name, properties,
275	0	keymgmt_from_algorithm,
276	0	evp_keymgmt_up_ref,
277	0	evp_keymgmt_free);
278	0	}
279
280		EVP_KEYMGMT EVP_KEYMGMT_fetch(OSSL_LIB_CTX ctx, const char *algorithm,
281		const char *properties)
282	0	{
283	0	return evp_generic_fetch(ctx, OSSL_OP_KEYMGMT, algorithm, properties,
284	0	keymgmt_from_algorithm,
285	0	evp_keymgmt_up_ref,
286	0	evp_keymgmt_free);
287	0	}
288
289		int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt)
290	0	{
291	0	int ref = 0;
292
293	0	CRYPTO_UP_REF(&keymgmt->refcnt, &ref);
294	0	return 1;
295	0	}
296
297		void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt)
298	0	{
299	0	int ref = 0;
300
301	0	if (keymgmt == NULL)
302	0	return;
303
304	0	CRYPTO_DOWN_REF(&keymgmt->refcnt, &ref);
305	0	if (ref > 0)
306	0	return;
307	0	OPENSSL_free(keymgmt->type_name);
308	0	ossl_provider_free(keymgmt->prov);
309	0	CRYPTO_FREE_REF(&keymgmt->refcnt);
310	0	OPENSSL_free(keymgmt);
311	0	}
312
313		const OSSL_PROVIDER EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT keymgmt)
314	0	{
315	0	return keymgmt->prov;
316	0	}
317
318		int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt)
319	0	{
320	0	return keymgmt->name_id;
321	0	}
322
323		int evp_keymgmt_get_legacy_alg(const EVP_KEYMGMT *keymgmt)
324	0	{
325	0	return keymgmt->legacy_alg;
326	0	}
327
328		const char EVP_KEYMGMT_get0_description(const EVP_KEYMGMT keymgmt)
329	0	{
330	0	return keymgmt->description;
331	0	}
332
333		const char EVP_KEYMGMT_get0_name(const EVP_KEYMGMT keymgmt)
334	0	{
335	0	return keymgmt->type_name;
336	0	}
337
338		int EVP_KEYMGMT_is_a(const EVP_KEYMGMT keymgmt, const char name)
339	0	{
340	0	return keymgmt != NULL
341	0	&& evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name);
342	0	}
343
344		void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx,
345		void (fn)(EVP_KEYMGMT keymgmt, void *arg),
346		void *arg)
347	0	{
348	0	evp_generic_do_all(libctx, OSSL_OP_KEYMGMT,
349	0	(void ()(void , void *))fn, arg,
350	0	keymgmt_from_algorithm,
351	0	evp_keymgmt_up_ref,
352	0	evp_keymgmt_free);
353	0	}
354
355		int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt,
356		void (fn)(const char name, void *data),
357		void *data)
358	0	{
359	0	if (keymgmt->prov != NULL)
360	0	return evp_names_do_all(keymgmt->prov, keymgmt->name_id, fn, data);
361
362	0	return 1;
363	0	}
364
365		/*
366		* Internal API that interfaces with the method function pointers
367		*/
368		void evp_keymgmt_newdata(const EVP_KEYMGMT keymgmt)
369	0	{
370	0	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
371
372		/*
373		* 'new' is currently mandatory on its own, but when new
374		* constructors appear, it won't be quite as mandatory,
375		* so we have a check for future cases.
376		*/
377	0	if (keymgmt->new == NULL)
378	0	return NULL;
379	0	return keymgmt->new(provctx);
380	0	}
381
382		void evp_keymgmt_freedata(const EVP_KEYMGMT keymgmt, void keydata)
383	0	{
384		/* This is mandatory, no need to check for its presence */
385	0	keymgmt->free(keydata);
386	0	}
387
388		void evp_keymgmt_gen_init(const EVP_KEYMGMT keymgmt, int selection,
389		const OSSL_PARAM params[])
390	0	{
391	0	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
392
393	0	if (keymgmt->gen_init == NULL)
394	0	return NULL;
395	0	return keymgmt->gen_init(provctx, selection, params);
396	0	}
397
398		int evp_keymgmt_gen_set_template(const EVP_KEYMGMT keymgmt, void genctx,
399		void *templ)
400	0	{
401		/*
402		* It's arguable if we actually should return success in this case, as
403		* it allows the caller to set a template key, which is then ignored.
404		* However, this is how the legacy methods (EVP_PKEY_METHOD) operate,
405		* so we do this in the interest of backward compatibility.
406		*/
407	0	if (keymgmt->gen_set_template == NULL)
408	0	return 1;
409	0	return keymgmt->gen_set_template(genctx, templ);
410	0	}
411
412		int evp_keymgmt_gen_set_params(const EVP_KEYMGMT keymgmt, void genctx,
413		const OSSL_PARAM params[])
414	0	{
415	0	if (keymgmt->gen_set_params == NULL)
416	0	return 0;
417	0	return keymgmt->gen_set_params(genctx, params);
418	0	}
419
420		const OSSL_PARAM EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT keymgmt)
421	0	{
422	0	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
423
424	0	if (keymgmt->gen_settable_params == NULL)
425	0	return NULL;
426	0	return keymgmt->gen_settable_params(NULL, provctx);
427	0	}
428
429		int evp_keymgmt_gen_get_params(const EVP_KEYMGMT keymgmt, void genctx,
430		OSSL_PARAM params[])
431	0	{
432	0	if (keymgmt->gen_get_params == NULL)
433	0	return 0;
434	0	return keymgmt->gen_get_params(genctx, params);
435	0	}
436
437		const OSSL_PARAM EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT keymgmt)
438	0	{
439	0	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
440
441	0	if (keymgmt->gen_gettable_params == NULL)
442	0	return NULL;
443	0	return keymgmt->gen_gettable_params(NULL, provctx);
444	0	}
445
446		void evp_keymgmt_gen(const EVP_KEYMGMT keymgmt, void *genctx,
447		OSSL_CALLBACK cb, void cbarg)
448	0	{
449	0	void *ret;
450	0	const char *desc = keymgmt->description != NULL ? keymgmt->description : "";
451
452	0	if (keymgmt->gen == NULL) {
453	0	ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_NOT_SUPPORTED,
454	0	"%s key generation:%s", keymgmt->type_name, desc);
455	0	return NULL;
456	0	}
457
458	0	ERR_set_mark();
459	0	ret = keymgmt->gen(genctx, cb, cbarg);
460	0	if (ret == NULL && ERR_count_to_mark() == 0)
461	0	ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_FAILURE,
462	0	"%s key generation:%s", keymgmt->type_name, desc);
463	0	ERR_clear_last_mark();
464	0	return ret;
465	0	}
466
467		void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT keymgmt, void genctx)
468	0	{
469	0	if (keymgmt->gen_cleanup != NULL)
470	0	keymgmt->gen_cleanup(genctx);
471	0	}
472
473		int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt)
474	0	{
475	0	return keymgmt != NULL && keymgmt->load != NULL;
476	0	}
477
478		void evp_keymgmt_load(const EVP_KEYMGMT keymgmt,
479		const void *objref, size_t objref_sz)
480	0	{
481	0	if (evp_keymgmt_has_load(keymgmt))
482	0	return keymgmt->load(objref, objref_sz);
483	0	return NULL;
484	0	}
485
486		int evp_keymgmt_get_params(const EVP_KEYMGMT keymgmt, void keydata,
487		OSSL_PARAM params[])
488	0	{
489	0	if (keymgmt->get_params == NULL)
490	0	return 1;
491	0	return keymgmt->get_params(keydata, params);
492	0	}
493
494		const OSSL_PARAM EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT keymgmt)
495	0	{
496	0	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
497
498	0	if (keymgmt->gettable_params == NULL)
499	0	return NULL;
500	0	return keymgmt->gettable_params(provctx);
501	0	}
502
503		int evp_keymgmt_set_params(const EVP_KEYMGMT keymgmt, void keydata,
504		const OSSL_PARAM params[])
505	0	{
506	0	if (keymgmt->set_params == NULL)
507	0	return 1;
508	0	return keymgmt->set_params(keydata, params);
509	0	}
510
511		const OSSL_PARAM EVP_KEYMGMT_settable_params(const EVP_KEYMGMT keymgmt)
512	0	{
513	0	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
514
515	0	if (keymgmt->settable_params == NULL)
516	0	return NULL;
517	0	return keymgmt->settable_params(provctx);
518	0	}
519
520		int evp_keymgmt_has(const EVP_KEYMGMT keymgmt, void keydata, int selection)
521	0	{
522		/* This is mandatory, no need to check for its presence */
523	0	return keymgmt->has(keydata, selection);
524	0	}
525
526		int evp_keymgmt_validate(const EVP_KEYMGMT keymgmt, void keydata,
527		int selection, int checktype)
528	0	{
529		/* We assume valid if the implementation doesn't have a function */
530	0	if (keymgmt->validate == NULL)
531	0	return 1;
532	0	return keymgmt->validate(keydata, selection, checktype);
533	0	}
534
535		int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt,
536		const void keydata1, const void keydata2,
537		int selection)
538	0	{
539		/* We assume no match if the implementation doesn't have a function */
540	0	if (keymgmt->match == NULL)
541	0	return 0;
542	0	return keymgmt->match(keydata1, keydata2, selection);
543	0	}
544
545		int evp_keymgmt_import(const EVP_KEYMGMT keymgmt, void keydata,
546		int selection, const OSSL_PARAM params[])
547	0	{
548	0	if (keymgmt->import == NULL)
549	0	return 0;
550	0	return keymgmt->import(keydata, selection, params);
551	0	}
552
553		const OSSL_PARAM evp_keymgmt_import_types(const EVP_KEYMGMT keymgmt,
554		int selection)
555	0	{
556	0	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
557
558	0	if (keymgmt->import_types_ex != NULL)
559	0	return keymgmt->import_types_ex(provctx, selection);
560	0	if (keymgmt->import_types == NULL)
561	0	return NULL;
562	0	return keymgmt->import_types(selection);
563	0	}
564
565		int evp_keymgmt_export(const EVP_KEYMGMT keymgmt, void keydata,
566		int selection, OSSL_CALLBACK param_cb, void cbarg)
567	0	{
568	0	if (keymgmt->export == NULL)
569	0	return 0;
570	0	return keymgmt->export(keydata, selection, param_cb, cbarg);
571	0	}
572
573		const OSSL_PARAM evp_keymgmt_export_types(const EVP_KEYMGMT keymgmt,
574		int selection)
575	0	{
576	0	void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
577
578	0	if (keymgmt->export_types_ex != NULL)
579	0	return keymgmt->export_types_ex(provctx, selection);
580	0	if (keymgmt->export_types == NULL)
581	0	return NULL;
582	0	return keymgmt->export_types(selection);
583	0	}
584
585		void evp_keymgmt_dup(const EVP_KEYMGMT keymgmt, const void *keydata_from,
586		int selection)
587	0	{
588		/* We assume no dup if the implementation doesn't have a function */
589	0	if (keymgmt->dup == NULL)
590	0	return NULL;
591	0	return keymgmt->dup(keydata_from, selection);
592	0	}