2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "internal/cryptlib.h"
11 #include "internal/nelem.h"
12 #include "internal/evp_int.h"
13 #include "internal/asn1_int.h"
14 #include "internal/provider.h"
17 static OSSL_PARAM *paramdefs_to_params(const OSSL_PARAM *paramdefs)
21 OSSL_PARAM *params, *q;
23 for (cnt = 1, p = paramdefs; p->key != NULL; p++, cnt++)
26 params = OPENSSL_zalloc(cnt * sizeof(*params));
28 for (p = paramdefs, q = params; ; p++, q++) {
33 q->data = NULL; /* In case the provider used it */
40 typedef union align_block_un {
44 #define ALIGN_SIZE sizeof(ALIGN_BLOCK)
46 static void *allocate_params_space(OSSL_PARAM *params)
48 unsigned char *data = NULL;
52 for (space = 0, p = params; p->key != NULL; p++)
53 space += ((p->return_size + ALIGN_SIZE - 1) / ALIGN_SIZE) * ALIGN_SIZE;
55 data = OPENSSL_zalloc(space);
57 for (space = 0, p = params; p->key != NULL; p++) {
58 p->data = data + space;
59 space += ((p->return_size + ALIGN_SIZE - 1) / ALIGN_SIZE) * ALIGN_SIZE;
65 void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
71 * If there is an underlying legacy key and it has changed, invalidate
72 * the cache of provider keys.
74 if (pk->pkey.ptr != NULL) {
76 * If there is no dirty counter, this key can't be used with
79 if (pk->ameth->dirty_cnt == NULL)
82 if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy)
84 i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
86 pk->pkeys[i].keymgmt->freekey(pk->pkeys[i].provkey);
87 pk->pkeys[i].keymgmt = NULL;
88 pk->pkeys[i].provkey = NULL;
93 * See if we have exported to this provider already.
94 * If we have, return immediately.
97 i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
99 if (keymgmt == pk->pkeys[i].keymgmt)
100 return pk->pkeys[i].provkey;
103 if (pk->pkey.ptr != NULL) {
104 /* There is a legacy key, try to export that one to the provider */
106 /* If the legacy key doesn't have an export function, give up */
107 if (pk->ameth->export_to == NULL)
110 /* Otherwise, simply use it */
111 provkey = pk->ameth->export_to(pk, keymgmt);
113 /* Synchronize the dirty count, but only if we exported successfully */
115 pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);
119 * Here, there is no legacy key, so we look at the already cached
120 * provider keys, and import from the first that supports it
121 * (i.e. use its export function), and export the imported data to
126 * If the given keymgmt doesn't have an import function, give up
128 if (keymgmt->importkey == NULL)
131 for (j = 0; j < i && pk->pkeys[j].keymgmt != NULL; j++) {
132 if (pk->pkeys[j].keymgmt->exportkey != NULL) {
133 const OSSL_PARAM *paramdefs = NULL;
134 OSSL_PARAM *params = NULL;
137 ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
139 paramdefs = pk->pkeys[j].keymgmt->exportkey_types();
141 * All params have 'data' set to NULL. In that case,
142 * the exportkey call should just fill in 'return_size'
143 * in all applicable params.
145 params = paramdefs_to_params(paramdefs);
146 /* Get 'return_size' filled */
147 pk->pkeys[j].keymgmt->exportkey(pk->pkeys[j].provkey, params);
150 * Allocate space and assign 'data' to point into the
153 data = allocate_params_space(params);
156 * Call the exportkey function a second time, to get
159 pk->pkeys[j].keymgmt->exportkey(pk->pkeys[j].provkey, params);
162 * We should have all the data at this point, so import
163 * into the new provider and hope to get a key back.
165 provkey = keymgmt->importkey(provctx, params);
166 OPENSSL_free(params);
176 * TODO(3.0) Right now, we assume we have ample space. We will
177 * have to think about a cache aging scheme, though, if |i| indexes
180 j = ossl_assert(i < OSSL_NELEM(pk->pkeys));
182 if (provkey != NULL) {
183 EVP_KEYMGMT_up_ref(keymgmt);
184 pk->pkeys[i].keymgmt = keymgmt;
185 pk->pkeys[i].provkey = provkey;