[openssl/openssl] 5e3b84: Add OSSL_FUNC_keymgmt_im/export_types function tha...

Ingo Franzki noreply at github.com
Fri Feb 24 10:06:33 UTC 2023 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 5e3b84505e44377b183e7529dab7585674b83936
      https://github.com/openssl/openssl/commit/5e3b84505e44377b183e7529dab7585674b83936
  Author: Ingo Franzki <ifranzki at linux.ibm.com>
  Date:   2023-02-24 (Fri, 24 Feb 2023)

  Changed paths:
    M crypto/evp/evp_local.h
    M crypto/evp/keymgmt_meth.c
    M doc/man7/provider-keymgmt.pod
    M include/openssl/core_dispatch.h
    M test/tls-provider.c

  Log Message:
  -----------
  Add OSSL_FUNC_keymgmt_im/export_types function that gets the provider context

The provider functions OSSL_FUNC_keymgmt_import_types() and
OSSL_FUNC_keymgmt_export_types() do not get the provider context passed.
This makes it difficult for providers to implement these functions unless
its a static implementation returning a truly constant OSSL_PARAM array.
Some providers may have a need to return an OSSL_PARAM array that is
dependent on the provider configuration, or anything else that is contained
in its provider context.

Add extended variants of these functions that get the provider context passed.
The functions should still return a static and constant OSSL_PARAM array, but
may use the provider context to select the array to return dependent on its
context. The returned array must be constant at least until the provider is
unloaded.

Providers can implement only the original functions, or only the extended
functions, or both. Implementing at least one of those functions is required
if also the respective OSSL_FUNC_keymgmt_import() or OSSL_FUNC_keymgmt_export()
function is implemented. If an extended function is available, it is called by
evp_keymgmt_import_types() or evp_keymgmt_export_types(), otherwise the original
function is called.

This makes the code backward compatible. Existing providers will only implement
the original functions, so these functions will continued to be called.
Newer providers can choose to implement the extended functions, and thus can
benefit from the provider context being passed to the implementation.

Signed-off-by: Ingo Franzki <ifranzki at linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20255)

More information about the openssl-commits mailing list