Adapt existing KEYMGMT implementations to the redesigned interface

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)

3 files changed, 241 insertions, 206 deletions

diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index c385d81044..079173d69f 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -13,15 +13,19 @@
 #include <openssl/dh.h>
 #include <openssl/params.h>
 #include "internal/param_build.h"
+#include "crypto/dh.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 
-static OSSL_OP_keymgmt_importdomparams_fn dh_importdomparams;
-static OSSL_OP_keymgmt_exportdomparams_fn dh_exportdomparams;
-static OSSL_OP_keymgmt_get_key_params_fn dh_get_domparam_params;
-static OSSL_OP_keymgmt_importkey_fn dh_importkey;
-static OSSL_OP_keymgmt_exportkey_fn dh_exportkey;
-static OSSL_OP_keymgmt_get_key_params_fn dh_get_key_params;
+static OSSL_OP_keymgmt_new_fn dh_newdata;
+static OSSL_OP_keymgmt_free_fn dh_freedata;
+static OSSL_OP_keymgmt_has_fn dh_has;
+static OSSL_OP_keymgmt_import_fn dh_import;
+static OSSL_OP_keymgmt_export_fn dh_export;
+static OSSL_OP_keymgmt_get_params_fn dh_get_params;
+
+#define DH_POSSIBLE_SELECTIONS                 \
+    (OSSL_KEYMGMT_SELECT_KEY | OSSL_KEYMGMT_FLAG_DOMAIN_PARAMETERS)
 
 static int params_to_domparams(DH *dh, const OSSL_PARAM params[])
 {
@@ -128,70 +132,80 @@ static int key_to_params(DH *dh, OSSL_PARAM_BLD *tmpl)
     return 1;
 }
 
-static void *dh_importdomparams(void *provctx, const OSSL_PARAM params[])
+static void *dh_newdata(void *provctx)
 {
-    DH *dh;
-
-    if ((dh = DH_new()) == NULL
-        || !params_to_domparams(dh, params)) {
-        DH_free(dh);
-        dh = NULL;
-    }
-    return dh;
+    return DH_new();
 }
 
-static int dh_exportdomparams(void *domparams, OSSL_CALLBACK *param_cb,
-                              void *cbarg)
+static void dh_freedata(void *keydata)
 {
-    DH *dh = domparams;
-    OSSL_PARAM_BLD tmpl;
-    OSSL_PARAM *params = NULL;
-    int ret;
+    DH_free(keydata);
+}
 
-    ossl_param_bld_init(&tmpl);
-    if (dh == NULL
-        || !domparams_to_params(dh, &tmpl)
-        || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
-        return 0;
-    ret = param_cb(params, cbarg);
-    ossl_param_bld_free(params);
-    return ret;
+static int dh_has(void *keydata, int selection)
+{
+    DH *dh = keydata;
+    int ok = 0;
+
+    if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
+        ok = 1;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+        ok = ok && (DH_get0_pub_key(dh) != NULL);
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+        ok = ok && (DH_get0_priv_key(dh) != NULL);
+    if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
+        ok = ok && (DH_get0_p(dh) != NULL && DH_get0_g(dh) != NULL);
+    return ok;
 }
 
-static void *dh_importkey(void *provctx, const OSSL_PARAM params[])
+static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
 {
-    DH *dh;
-
-    if ((dh = DH_new()) == NULL
-        || !params_to_key(dh, params)) {
-        DH_free(dh);
-        dh = NULL;
-    }
-    return dh;
+    DH *dh = keydata;
+    int ok = 0;
+
+    if (dh == NULL)
+        return 0;
+
+    if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
+        ok = 1;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+        ok = ok && params_to_domparams(dh, params);
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+        ok = ok && params_to_key(dh, params);
+
+    return ok;
 }
 
-static int dh_exportkey(void *key, OSSL_CALLBACK *param_cb, void *cbarg)
+static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
+                     void *cbarg)
 {
-    DH *dh = key;
+    DH *dh = keydata;
     OSSL_PARAM_BLD tmpl;
     OSSL_PARAM *params = NULL;
-    int ret;
+    int ok = 1;
+
+    if (dh == NULL)
+        return 0;
 
     ossl_param_bld_init(&tmpl);
-    if (dh == NULL
-        || !key_to_params(dh, &tmpl)
+
+    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+        ok = ok && domparams_to_params(dh, &tmpl);
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+        ok = ok && key_to_params(dh, &tmpl);
+
+    if (!ok
         || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
         return 0;
-    ret = param_cb(params, cbarg);
+
+    ok = param_cb(params, cbarg);
     ossl_param_bld_free(params);
-    return ret;
+    return ok;
 }
 
-/*
- * Same function for domain parameters and for keys.
- * "dpk" = "domain parameters & keys"
- */
-static ossl_inline int dh_get_dpk_params(void *key, OSSL_PARAM params[])
+static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
 {
     DH *dh = key;
     OSSL_PARAM *p;
@@ -208,33 +222,12 @@ static ossl_inline int dh_get_dpk_params(void *key, OSSL_PARAM params[])
     return 1;
 }
 
-/*
- * We have wrapper functions to make sure we get signatures right, see
- * the forward declarations at the beginning of this file.
- */
-static int dh_get_domparam_params(void *domparams, OSSL_PARAM params[])
-{
-    return dh_get_dpk_params(domparams, params);
-}
-
-static int dh_get_key_params(void *key, OSSL_PARAM params[])
-{
-    return dh_get_dpk_params(key, params);
-}
-
 const OSSL_DISPATCH dh_keymgmt_functions[] = {
-    /*
-     * TODO(3.0) When implementing OSSL_FUNC_KEYMGMT_GENKEY, remember to also
-     * implement OSSL_FUNC_KEYMGMT_EXPORTKEY.
-     */
-    { OSSL_FUNC_KEYMGMT_IMPORTDOMPARAMS, (void (*)(void))dh_importdomparams },
-    { OSSL_FUNC_KEYMGMT_EXPORTDOMPARAMS, (void (*)(void))dh_exportdomparams },
-    { OSSL_FUNC_KEYMGMT_GET_DOMPARAM_PARAMS,
-      (void (*) (void))dh_get_domparam_params },
-    { OSSL_FUNC_KEYMGMT_FREEDOMPARAMS, (void (*)(void))DH_free },
-    { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))dh_importkey },
-    { OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))dh_exportkey },
-    { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DH_free },
-    { OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS,  (void (*) (void))dh_get_key_params },
+    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dh_newdata },
+    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },
+    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has },
+    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import },
+    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export },
+    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },
     { 0, NULL }
 };
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index 5a53a439d9..8876c3b7e3 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -12,19 +12,22 @@
 #include <openssl/bn.h>
 #include <openssl/params.h>
 #include "internal/param_build.h"
+#include "crypto/dsa.h"
 #include "prov/implementations.h"
 #include "prov/providercommon.h"
 #include "prov/provider_ctx.h"
 #include "crypto/dsa.h"
 
-static OSSL_OP_keymgmt_importdomparams_fn dsa_importdomparams;
-static OSSL_OP_keymgmt_exportdomparams_fn dsa_exportdomparams;
-static OSSL_OP_keymgmt_get_domparam_params_fn dsa_get_domparam_params;
-static OSSL_OP_keymgmt_importkey_fn dsa_importkey;
-static OSSL_OP_keymgmt_exportkey_fn dsa_exportkey;
-static OSSL_OP_keymgmt_get_key_params_fn dsa_get_key_params;
+static OSSL_OP_keymgmt_new_fn dsa_newdata;
+static OSSL_OP_keymgmt_free_fn dsa_freedata;
+static OSSL_OP_keymgmt_has_fn dsa_has;
+static OSSL_OP_keymgmt_import_fn dsa_import;
+static OSSL_OP_keymgmt_export_fn dsa_export;
+static OSSL_OP_keymgmt_get_params_fn dsa_get_params;
 
 #define DSA_DEFAULT_MD "SHA256"
+#define DSA_POSSIBLE_SELECTIONS                 \
+    (OSSL_KEYMGMT_SELECT_KEY | OSSL_KEYMGMT_FLAG_DOMAIN_PARAMETERS)
 
 static int params_to_domparams(DSA *dsa, const OSSL_PARAM params[])
 {
@@ -136,70 +139,80 @@ static int key_to_params(DSA *dsa, OSSL_PARAM_BLD *tmpl)
     return 1;
 }
 
-static void *dsa_importdomparams(void *provctx, const OSSL_PARAM params[])
+static void *dsa_newdata(void *provctx)
 {
-    DSA *dsa;
-
-    if ((dsa = DSA_new()) == NULL
-        || !params_to_domparams(dsa, params)) {
-        DSA_free(dsa);
-        dsa = NULL;
-    }
-    return dsa;
+    return DSA_new();
 }
 
-static int dsa_exportdomparams(void *domparams,
-                               OSSL_CALLBACK *param_cb, void *cbarg)
+static void dsa_freedata(void *keydata)
 {
-    DSA *dsa = domparams;
-    OSSL_PARAM_BLD tmpl;
-    OSSL_PARAM *params = NULL;
-    int ret;
+    DSA_free(keydata);
+}
 
-    ossl_param_bld_init(&tmpl);
-    if (dsa == NULL
-        || !domparams_to_params(dsa, &tmpl)
-        || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
-        return 0;
-    ret = param_cb(params, cbarg);
-    ossl_param_bld_free(params);
-    return ret;
+static int dsa_has(void *keydata, int selection)
+{
+    DSA *dsa = keydata;
+    int ok = 0;
+
+    if ((selection & DSA_POSSIBLE_SELECTIONS) != 0)
+        ok = 1;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+        ok = ok && (DSA_get0_pub_key(dsa) != NULL);
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+        ok = ok && (DSA_get0_priv_key(dsa) != NULL);
+    if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
+        ok = ok && (DSA_get0_p(dsa) != NULL && DSA_get0_g(dsa) != NULL);
+    return ok;
 }
 
-static void *dsa_importkey(void *provctx, const OSSL_PARAM params[])
+static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
 {
-    DSA *dsa;
-
-    if ((dsa = DSA_new()) == NULL
-        || !params_to_key(dsa, params)) {
-        DSA_free(dsa);
-        dsa = NULL;
-    }
-    return dsa;
+    DSA *dsa = keydata;
+    int ok = 0;
+
+    if (dsa == NULL)
+        return 0;
+
+    if ((selection & DSA_POSSIBLE_SELECTIONS) != 0)
+        ok = 1;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+        ok = ok && params_to_domparams(dsa, params);
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+        ok = ok && params_to_key(dsa, params);
+
+    return ok;
 }
 
-static int dsa_exportkey(void *key, OSSL_CALLBACK *param_cb, void *cbarg)
+static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
+                      void *cbarg)
 {
-    DSA *dsa = key;
+    DSA *dsa = keydata;
     OSSL_PARAM_BLD tmpl;
     OSSL_PARAM *params = NULL;
-    int ret;
+    int ok = 1;
+
+    if (dsa == NULL)
+        return 0;
 
     ossl_param_bld_init(&tmpl);
-    if (dsa == NULL
-        || !key_to_params(dsa, &tmpl)
+
+    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+        ok = ok && domparams_to_params(dsa, &tmpl);
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+        ok = ok && key_to_params(dsa, &tmpl);
+
+    if (!ok
         || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
         return 0;
-    ret = param_cb(params, cbarg);
+
+    ok = param_cb(params, cbarg);
     ossl_param_bld_free(params);
-    return ret;
+    return ok;
 }
 
-/*
- * Same function for domain parameters and for keys.
- * "dpk" = "domain parameters & keys"
- */
-static ossl_inline int dsa_get_dpk_params(void *key, OSSL_PARAM params[])
+static ossl_inline int dsa_get_params(void *key, OSSL_PARAM params[])
 {
     DSA *dsa = key;
     OSSL_PARAM *p;
@@ -219,29 +232,12 @@ static ossl_inline int dsa_get_dpk_params(void *key, OSSL_PARAM params[])
     return 1;
 }
 
-/*
- * We have wrapper functions to make sure we get signatures right, see
- * the forward declarations at the beginning of this file.
- */
-static int dsa_get_domparam_params(void *domparams, OSSL_PARAM params[])
-{
-    return dsa_get_dpk_params(domparams, params);
-}
-
-static int dsa_get_key_params(void *key, OSSL_PARAM params[])
-{
-    return dsa_get_dpk_params(key, params);
-}
-
 const OSSL_DISPATCH dsa_keymgmt_functions[] = {
-    { OSSL_FUNC_KEYMGMT_IMPORTDOMPARAMS, (void (*)(void))dsa_importdomparams },
-    { OSSL_FUNC_KEYMGMT_EXPORTDOMPARAMS, (void (*)(void))dsa_exportdomparams },
-    { OSSL_FUNC_KEYMGMT_FREEDOMPARAMS, (void (*)(void))DSA_free },
-    { OSSL_FUNC_KEYMGMT_GET_DOMPARAM_PARAMS,
-      (void (*) (void))dsa_get_domparam_params },
-    { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))dsa_importkey },
-    { OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))dsa_exportkey },
-    { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DSA_free },
-    { OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS,  (void (*) (void))dsa_get_key_params },
+    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dsa_newdata },
+    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dsa_freedata },
+    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dsa_has },
+    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dsa_import },
+    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dsa_export },
+    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dsa_get_params },
     { 0, NULL }
 };
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index e205a412f3..813833ddc4 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -20,14 +20,19 @@
 #include "prov/providercommon.h"
 #include "crypto/rsa.h"
 
-static OSSL_OP_keymgmt_importkey_fn rsa_importkey;
-static OSSL_OP_keymgmt_exportkey_fn rsa_exportkey;
-static OSSL_OP_keymgmt_get_key_params_fn rsa_get_key_params;
-static OSSL_OP_keymgmt_validate_public_fn rsa_validatekey_public;
-static OSSL_OP_keymgmt_validate_private_fn rsa_validatekey_private;
-static OSSL_OP_keymgmt_validate_pairwise_fn rsa_validatekey_pairwise;
+static OSSL_OP_keymgmt_new_fn rsa_newdata;
+static OSSL_OP_keymgmt_free_fn rsa_freedata;
+static OSSL_OP_keymgmt_has_fn rsa_has;
+static OSSL_OP_keymgmt_import_fn rsa_import;
+static OSSL_OP_keymgmt_import_types_fn rsa_import_types;
+static OSSL_OP_keymgmt_export_fn rsa_export;
+static OSSL_OP_keymgmt_export_types_fn rsa_export_types;
+static OSSL_OP_keymgmt_get_params_fn rsa_get_params;
+static OSSL_OP_keymgmt_validate_fn rsa_validate;
 
 #define RSA_DEFAULT_MD "SHA256"
+#define RSA_POSSIBLE_SELECTIONS                 \
+    (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS)
 
 DEFINE_STACK_OF(BIGNUM)
 DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
@@ -162,33 +167,73 @@ static int key_to_params(RSA *rsa, OSSL_PARAM_BLD *tmpl)
     return ret;
 }
 
-static void *rsa_importkey(void *provctx, const OSSL_PARAM params[])
+static void *rsa_newdata(void *provctx)
 {
-    RSA *rsa;
+    return RSA_new();
+}
 
-    if ((rsa = RSA_new()) == NULL
-        || !params_to_key(rsa, params)) {
-        RSA_free(rsa);
-        rsa = NULL;
-    }
-    return rsa;
+static void rsa_freedata(void *keydata)
+{
+    RSA_free(keydata);
 }
 
-static int rsa_exportkey(void *key, OSSL_CALLBACK *param_callback, void *cbarg)
+static int rsa_has(void *keydata, int selection)
 {
-    RSA *rsa = key;
+    RSA *rsa = keydata;
+    int ok = 0;
+
+    if ((selection & RSA_POSSIBLE_SELECTIONS) != 0)
+        ok = 1;
+
+    ok = ok && (RSA_get0_e(rsa) != NULL);
+    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+        ok = ok && (RSA_get0_n(rsa) != NULL);
+    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+        ok = ok && (RSA_get0_d(rsa) != NULL);
+    return ok;
+}
+
+static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[])
+{
+    RSA *rsa = keydata;
+    int ok = 1;
+
+    if (rsa == NULL)
+        return 0;
+
+    /* TODO(3.0) PSS and OAEP should bring on parameters */
+
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+        ok = ok && params_to_key(rsa, params);
+
+    return ok;
+}
+
+static int rsa_export(void *keydata, int selection,
+                      OSSL_CALLBACK *param_callback, void *cbarg)
+{
+    RSA *rsa = keydata;
     OSSL_PARAM_BLD tmpl;
     OSSL_PARAM *params = NULL;
-    int ret;
+    int ok = 1;
+
+    if (rsa == NULL)
+        return 0;
+
+    /* TODO(3.0) PSS and OAEP should bring on parameters */
 
     ossl_param_bld_init(&tmpl);
-    if (rsa == NULL
-        || !key_to_params(rsa, &tmpl)
+
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+        ok = ok && key_to_params(rsa, &tmpl);
+
+    if (!ok
         || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
         return 0;
-    ret = param_callback(params, cbarg);
+
+    ok = param_callback(params, cbarg);
     ossl_param_bld_free(params);
-    return ret;
+    return ok;
 }
 
 /*
@@ -242,17 +287,21 @@ static const OSSL_PARAM rsa_key_types[] = {
  * so we at least pretend to have some limits.
  */
 
-static const OSSL_PARAM *rsa_exportkey_types(void)
+static const OSSL_PARAM *rsa_export_types(int selection)
 {
-    return rsa_key_types;
+    if ((selection & OSSL_KEYMGMT_SELECT_KEY) != 0)
+        return rsa_key_types;
+    return NULL;
 }
 
-static const OSSL_PARAM *rsa_importkey_types(void)
+static const OSSL_PARAM *rsa_import_types(int selection)
 {
-    return rsa_key_types;
+    if ((selection & OSSL_KEYMGMT_SELECT_KEY) != 0)
+        return rsa_key_types;
+    return NULL;
 }
 
-static int rsa_get_key_params(void *key, OSSL_PARAM params[])
+static int rsa_get_params(void *key, OSSL_PARAM params[])
 {
     RSA *rsa = key;
     OSSL_PARAM *p;
@@ -291,39 +340,36 @@ static int rsa_get_key_params(void *key, OSSL_PARAM params[])
     return 1;
 }
 
-static int rsa_validatekey_public(void *key)
-{
-    RSA *rsa = key;
-
-    return rsa_validate_public(rsa);
-}
-
-static int rsa_validatekey_private(void *key)
+static int rsa_validate(void *keydata, int selection)
 {
-    RSA *rsa = key;
-
-    return rsa_validate_private(rsa);
-}
-
-static int rsa_validatekey_pairwise(void *key)
-{
-    RSA *rsa = key;
-
-    return rsa_validate_pairwise(rsa);
+    RSA *rsa = keydata;
+    int ok = 0;
+
+    if ((selection & RSA_POSSIBLE_SELECTIONS) != 0)
+        ok = 1;
+
+    /* If the whole key is selected, we do a pairwise validation */
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
+        == OSSL_KEYMGMT_SELECT_KEYPAIR) {
+        ok = ok && rsa_validate_pairwise(rsa);
+    } else {
+        if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+            ok = ok && rsa_validate_private(rsa);
+        if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+            ok = ok && rsa_validate_public(rsa);
+    }
+    return ok;
 }
 
 const OSSL_DISPATCH rsa_keymgmt_functions[] = {
-    { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))rsa_importkey },
-    { OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES, (void (*)(void))rsa_importkey_types },
-    { OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))rsa_exportkey },
-    { OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES, (void (*)(void))rsa_exportkey_types },
-    { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))RSA_free },
-    { OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS,  (void (*) (void))rsa_get_key_params },
-    { OSSL_FUNC_KEYMGMT_VALIDATE_PUBLIC,
-          (void (*)(void))rsa_validatekey_public },
-    { OSSL_FUNC_KEYMGMT_VALIDATE_PRIVATE,
-          (void (*)(void))rsa_validatekey_private },
-    { OSSL_FUNC_KEYMGMT_VALIDATE_PAIRWISE,
-          (void (*)(void))rsa_validatekey_pairwise },
+    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata },
+    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata },
+    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has },
+    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import },
+    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types },
+    { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export },
+    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types },
+    { OSSL_FUNC_KEYMGMT_GET_PARAMS,  (void (*) (void))rsa_get_params },
+    { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate },
     { 0, NULL }
 };