Add selection support to the provider keymgmt_dup function

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)

2 files changed, 11 insertions, 5 deletions

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 0844e9be09..2e1ad081dc 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -507,7 +507,7 @@ static int dsa_pkey_copy(EVP_PKEY *to, EVP_PKEY *from)
     int ret;
 
     if (dsa != NULL) {
-        dupkey = ossl_dsa_dup(dsa);
+        dupkey = ossl_dsa_dup(dsa, OSSL_KEYMGMT_SELECT_ALL);
         if (dupkey == NULL)
             return 0;
     }
diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c
index 856203a200..2ef8cbc9f3 100644
--- a/crypto/dsa/dsa_backend.c
+++ b/crypto/dsa/dsa_backend.c
@@ -64,7 +64,7 @@ static ossl_inline int dsa_bn_dup_check(BIGNUM **out, const BIGNUM *f)
     return 1;
 }
 
-DSA *ossl_dsa_dup(const DSA *dsa)
+DSA *ossl_dsa_dup(const DSA *dsa, int selection)
 {
     DSA *dupkey = NULL;
 
@@ -77,14 +77,20 @@ DSA *ossl_dsa_dup(const DSA *dsa)
     if ((dupkey = ossl_dsa_new(dsa->libctx)) == NULL)
         return NULL;
 
-    if (!ossl_ffc_params_copy(&dupkey->params, &dsa->params))
+    if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0
+        && !ossl_ffc_params_copy(&dupkey->params, &dsa->params))
         goto err;
 
     dupkey->flags = dsa->flags;
 
-    if (!dsa_bn_dup_check(&dupkey->pub_key, dsa->pub_key))
+    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0
+        && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0
+            || !dsa_bn_dup_check(&dupkey->pub_key, dsa->pub_key)))
         goto err;
-    if (!dsa_bn_dup_check(&dupkey->priv_key, dsa->priv_key))
+
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
+        && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0
+            || !dsa_bn_dup_check(&dupkey->priv_key, dsa->priv_key)))
         goto err;
 
 #ifndef FIPS_MODULE