root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

KEYMGMT: Add a keydata matching function 

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
This commit is contained in:
Richard Levitte 2020-02-05 12:53:14 +01:00
parent 157ded39ee
commit bee5d6cd3f
5 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/evp/evp_local.h
View File

@ -85,6 +85,7 @@ struct evp_keymgmt_st {
OSSL_OP_keymgmt_query_operation_name_fn *query_operation_name; OSSL_OP_keymgmt_query_operation_name_fn *query_operation_name;
OSSL_OP_keymgmt_has_fn *has; OSSL_OP_keymgmt_has_fn *has;
OSSL_OP_keymgmt_validate_fn *validate; OSSL_OP_keymgmt_validate_fn *validate;
OSSL_OP_keymgmt_match_fn *match;
/* Import and export routines */ /* Import and export routines */
OSSL_OP_keymgmt_import_fn *import; OSSL_OP_keymgmt_import_fn *import;

14
crypto/evp/keymgmt_meth.c
View File

@ -95,6 +95,10 @@ static void *keymgmt_from_dispatch(int name_id,
if (keymgmt->validate == NULL) if (keymgmt->validate == NULL)
keymgmt->validate = OSSL_get_OP_keymgmt_validate(fns); keymgmt->validate = OSSL_get_OP_keymgmt_validate(fns);
break; break;
case OSSL_FUNC_KEYMGMT_MATCH:
if (keymgmt->match == NULL)
keymgmt->match = OSSL_get_OP_keymgmt_match(fns);
break;
case OSSL_FUNC_KEYMGMT_IMPORT: case OSSL_FUNC_KEYMGMT_IMPORT:
if (keymgmt->import == NULL) { if (keymgmt->import == NULL) {
importfncnt++; importfncnt++;
@ -290,6 +294,16 @@ int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata,
return keymgmt->validate(keydata, selection); return keymgmt->validate(keydata, selection);
} }
int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt,
const void *keydata1, const void *keydata2,
int selection)
{
/* We assume no match if the implementation doesn't have a function */
if (keymgmt->match == NULL)
return 0;
return keymgmt->match(keydata1, keydata2, selection);
}
int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata,
int selection, const OSSL_PARAM params[]) int selection, const OSSL_PARAM params[])
{ {

8
doc/man7/provider-keymgmt.pod
View File

@ -26,6 +26,8 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
/* Key object content checks */ /* Key object content checks */
int OP_keymgmt_has(void *keydata, int selection); int OP_keymgmt_has(void *keydata, int selection);
int OP_keymgmt_match(const void *keydata1, const void *keydata2,
int selection);
/* Discovery of supported operations */ /* Discovery of supported operations */
const char *OP_keymgmt_query_operation_name(int operation_id); const char *OP_keymgmt_query_operation_name(int operation_id);
@ -84,6 +86,7 @@ macros in L<openssl-core_numbers.h(7)>, as follows:
OP_keymgmt_has OSSL_FUNC_KEYMGMT_HAS OP_keymgmt_has OSSL_FUNC_KEYMGMT_HAS
OP_keymgmt_validate OSSL_FUNC_KEYMGMT_VALIDATE OP_keymgmt_validate OSSL_FUNC_KEYMGMT_VALIDATE
OP_keymgmt_match OSSL_FUNC_KEYMGMT_MATCH
OP_keymgmt_import OSSL_FUNC_KEYMGMT_IMPORT OP_keymgmt_import OSSL_FUNC_KEYMGMT_IMPORT
OP_keymgmt_import_types OSSL_FUNC_KEYMGMT_IMPORT_TYPES OP_keymgmt_import_types OSSL_FUNC_KEYMGMT_IMPORT_TYPES
@ -239,6 +242,11 @@ B<OSSL_KEYMGMT_SELECT_PUBLIC_KEY> (or B<OSSL_KEYMGMT_SELECT_KEYPAIR>
for short) is expected to check that the pairwise consistency of for short) is expected to check that the pairwise consistency of
I<keydata> is valid. I<keydata> is valid.
OP_keymgmt_match() should check if the data subset indicated by
I<selection> in I<keydata1> and I<keydata2> match. It is assumed that
the caller has ensured that I<keydata1> and I<keydata2> are both owned
by the implementation of this function.
=head2 Key Object Import and Export Functions =head2 Key Object Import and Export Functions
OP_keymgmt_import() should import data indicated by I<selection> into OP_keymgmt_import() should import data indicated by I<selection> into

3
include/crypto/evp.h
View File

@ -638,6 +638,9 @@ const OSSL_PARAM *evp_keymgmt_settable_params(const EVP_KEYMGMT *keymgmt);
int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection);
int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata,
int selection); int selection);
int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt,
const void *keydata1, const void *keydata2,
int selection);
int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata,
int selection, const OSSL_PARAM params[]); int selection, const OSSL_PARAM params[]);

6
include/openssl/core_numbers.h
View File

@ -412,6 +412,12 @@ OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_has, (void *keydata, int selection))
# define OSSL_FUNC_KEYMGMT_VALIDATE 22 # define OSSL_FUNC_KEYMGMT_VALIDATE 22
OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_validate, (void *keydata, int selection)) OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_validate, (void *keydata, int selection))
/* Key checks - matching */
# define OSSL_FUNC_KEYMGMT_MATCH 23
OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_match,
(const void *keydata1, const void *keydata2,
int selection))
/* Import and export functions, with ddiscovery */ /* Import and export functions, with ddiscovery */
# define OSSL_FUNC_KEYMGMT_IMPORT 40 # define OSSL_FUNC_KEYMGMT_IMPORT 40
# define OSSL_FUNC_KEYMGMT_IMPORT_TYPES 41 # define OSSL_FUNC_KEYMGMT_IMPORT_TYPES 41