From 4a9fe33c8e12f4fefae0471c0834f8e674dc7e4e Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 7 Apr 2021 19:35:13 +0200
Subject: Implement provider-side keymgmt_dup function

To avoid mutating key data add OSSL_FUNC_KEYMGMT_DUP function
to the provider API and implement it for all asym-key key
managements.

Use it when copying everything to an empty EVP_PKEY
which is the case with EVP_PKEY_dup().

Fixes #14658

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14793)
---
 include/crypto/dh.h  | 1 +
 include/crypto/dsa.h | 1 +
 include/crypto/ecx.h | 1 +
 include/crypto/evp.h | 2 ++
 include/crypto/rsa.h | 1 +
 5 files changed, 6 insertions(+)

(limited to 'include/crypto')

diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index ab6115d986..8d5908549b 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -56,5 +56,6 @@ int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen,
                            const unsigned char *ukm, size_t ukmlen,
                            const EVP_MD *md,
                            OSSL_LIB_CTX *libctx, const char *propq);
+DH *ossl_dh_dup(const DH *dh);
 
 #endif  /* OSSL_CRYPTO_DH_H */
diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h
index 38c49c3295..4fad9ab73e 100644
--- a/include/crypto/dsa.h
+++ b/include/crypto/dsa.h
@@ -43,5 +43,6 @@ int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key,
                                    int *ret);
 int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret);
 int ossl_dsa_check_pairwise(const DSA *dsa);
+DSA *ossl_dsa_dup(const DSA *dsa);
 
 #endif
diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h
index 656ee94f09..fcb0bbde0f 100644
--- a/include/crypto/ecx.h
+++ b/include/crypto/ecx.h
@@ -83,6 +83,7 @@ void ossl_ecx_key_set0_libctx(ECX_KEY *key, OSSL_LIB_CTX *libctx);
 unsigned char *ossl_ecx_key_allocate_privkey(ECX_KEY *key);
 void ossl_ecx_key_free(ECX_KEY *key);
 int ossl_ecx_key_up_ref(ECX_KEY *key);
+ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key);
 
 int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
                 const uint8_t peer_public_value[32]);
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 8ea5a2bf35..5f48d38f98 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -813,6 +813,8 @@ const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt,
 int evp_keymgmt_copy(const EVP_KEYMGMT *keymgmt,
                      void *keydata_to, const void *keydata_from,
                      int selection);
+void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt,
+                      const void *keydata_from);
 
 /* Pulling defines out of C source files */
 
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index 73bf03f615..8c6ce49a7d 100644
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -63,6 +63,7 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
 int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
                              STACK_OF(BIGNUM_const) *exps,
                              STACK_OF(BIGNUM_const) *coeffs);
+RSA *ossl_rsa_dup(const RSA *rsa);
 
 int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
 int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]);
-- 
cgit v1.2.3