Remove keymgmt_copy function from the provider API

It is superceded by the keymgmt_dup. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14793)
2025-03-19 19:50:42 +08:00 · 2021-04-08 19:02:44 +02:00 · 2021-04-08 19:02:44 +02:00 · 85fcc3fb77
commit 85fcc3fb77
parent b4f447c038
8 changed files with 20 additions and 63 deletions
--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
@ -112,7 +112,6 @@ struct evp_keymgmt_st {
    OSSL_FUNC_keymgmt_import_types_fn *import_types;
    OSSL_FUNC_keymgmt_export_fn *export;
    OSSL_FUNC_keymgmt_export_types_fn *export_types;
-    OSSL_FUNC_keymgmt_copy_fn *copy;
    OSSL_FUNC_keymgmt_dup_fn *dup;
 } /* EVP_KEYMGMT */ ;

--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@ -441,26 +441,8 @@ int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection)
    if (to_keymgmt == NULL)
        to_keymgmt = from->keymgmt;

-    if (to_keymgmt == from->keymgmt && to_keymgmt->copy != NULL) {
-        /* Make sure there's somewhere to copy to */
-        if (to_keydata == NULL
-            && ((to_keydata = alloc_keydata = evp_keymgmt_newdata(to_keymgmt))
-                == NULL)) {
-            ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-
-        /*
-         * |to| and |from| have the same keymgmt, and the copy function is
-         * implemented, so just copy and be done
-         */
-        if (!evp_keymgmt_copy(to_keymgmt, to_keydata, from->keydata,
-                              selection)) {
-            evp_keymgmt_freedata(to_keymgmt, alloc_keydata);
-            return 0;
-        }
-    } else if (to_keymgmt == from->keymgmt && to_keymgmt->dup != NULL
-               && to_keydata == NULL) {
+    if (to_keymgmt == from->keymgmt && to_keymgmt->dup != NULL
+        && to_keydata == NULL) {
        to_keydata = alloc_keydata = evp_keymgmt_dup(to_keymgmt,
                                                     from->keydata,
                                                     selection);
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@ -129,10 +129,6 @@ static void *keymgmt_from_algorithm(int name_id,
            if (keymgmt->has == NULL)
                keymgmt->has = OSSL_FUNC_keymgmt_has(fns);
            break;
-        case OSSL_FUNC_KEYMGMT_COPY:
-            if (keymgmt->copy == NULL)
-                keymgmt->copy = OSSL_FUNC_keymgmt_copy(fns);
-            break;
        case OSSL_FUNC_KEYMGMT_DUP:
            if (keymgmt->dup == NULL)
                keymgmt->dup = OSSL_FUNC_keymgmt_dup(fns);
@ -467,16 +463,6 @@ const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt,
    return keymgmt->export_types(selection);
 }

-int evp_keymgmt_copy(const EVP_KEYMGMT *keymgmt,
-                     void *keydata_to, const void *keydata_from,
-                     int selection)
-{
-    /* We assume no copy if the implementation doesn't have a function */
-    if (keymgmt->copy == NULL)
-        return 0;
-    return keymgmt->copy(keydata_to, keydata_from, selection);
-}
-
 void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, const void *keydata_from,
                      int selection)
 {
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@ -180,10 +180,12 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)

    /*
     * If |to| is provided, we know that |from| is legacy at this point.
-     * Try exporting |from| to |to|'s keymgmt, then use evp_keymgmt_copy()
+     * Try exporting |from| to |to|'s keymgmt, then use evp_keymgmt_dup()
     * to copy the appropriate data to |to|'s keydata.
+     * We cannot override existing data so do it only if there is no keydata
+     * in |to| yet.
     */
-    if (to->keymgmt != NULL) {
+    if (to->keymgmt != NULL && to->keydata == NULL) {
        EVP_KEYMGMT *to_keymgmt = to->keymgmt;
        void *from_keydata =
            evp_pkey_export_to_provider((EVP_PKEY *)from, NULL, &to_keymgmt,
@ -196,8 +198,9 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
        if (from_keydata == NULL)
            ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES);
        else
-            ok = evp_keymgmt_copy(to->keymgmt, to->keydata, from_keydata,
-                                  SELECT_PARAMETERS);
+            ok = (to->keydata = evp_keymgmt_dup(to->keymgmt,
+                                                from_keydata,
+                                                SELECT_PARAMETERS)) != NULL;
        goto end;
    }

--- a/doc/man7/provider-keymgmt.pod
+++ b/doc/man7/provider-keymgmt.pod
@ -52,9 +52,6 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
                              OSSL_CALLBACK *param_cb, void *cbarg);
 const OSSL_PARAM *OSSL_FUNC_keymgmt_export_types(int selection);

- /* Key object copy */
- int OSSL_FUNC_keymgmt_copy(void *keydata_to, const void *keydata_from, int selection);
-
 /* Key object duplication, a constructor */
 void *OSSL_FUNC_keymgmt_dup(const void *keydata_from, int selection);

@ -121,7 +118,6 @@ macros in L<openssl-core_dispatch.h(7)>, as follows:
 OSSL_FUNC_keymgmt_export               OSSL_FUNC_KEYMGMT_EXPORT
 OSSL_FUNC_keymgmt_export_types         OSSL_FUNC_KEYMGMT_EXPORT_TYPES

- OSSL_FUNC_keymgmt_copy                 OSSL_FUNC_KEYMGMT_COPY
 OSSL_FUNC_keymgmt_dup                  OSSL_FUNC_KEYMGMT_DUP

 =head2 Key Objects
@ -324,7 +320,7 @@ I<selection> in I<keydata1> and I<keydata2> match.  It is assumed that
 the caller has ensured that I<keydata1> and I<keydata2> are both owned
 by the implementation of this function.

-=head2 Key Object Import, Export and Copy Functions
+=head2 Key Object Import, Export and Duplication Functions

 OSSL_FUNC_keymgmt_import() should import data indicated by I<selection> into
 I<keydata> with values taken from the B<OSSL_PARAM> array I<params>.
@ -341,11 +337,6 @@ OSSL_FUNC_keymgmt_export_types() should return a constant array of descriptor
 B<OSSL_PARAM> for data indicated by I<selection>, that the
 OSSL_FUNC_keymgmt_export() callback can expect to receive.

-OSSL_FUNC_keymgmt_copy() should copy data subsets indicated by I<selection>
-from I<keydata_from> to I<keydata_to>.  It is assumed that the caller
-has ensured that I<keydata_to> and I<keydata_from> are both owned by
-the implementation of this function.
-
 OSSL_FUNC_keymgmt_dup() should duplicate data subsets indicated by
 I<selection> or the whole key data I<keydata_from> and create a new
 provider side key object with the data.
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@ -810,9 +810,6 @@ int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata,
                       int selection, OSSL_CALLBACK *param_cb, void *cbarg);
 const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt,
                                           int selection);
-int evp_keymgmt_copy(const EVP_KEYMGMT *keymgmt,
-                     void *keydata_to, const void *keydata_from,
-                     int selection);
 void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt,
                      const void *keydata_from, int selection);

--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@ -595,13 +595,8 @@ OSSL_CORE_MAKE_FUNC(int, keymgmt_export,
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_export_types,
                    (int selection))

-/* Copy function, only works for matching keymgmt */
-# define OSSL_FUNC_KEYMGMT_COPY                       44
-OSSL_CORE_MAKE_FUNC(int, keymgmt_copy,
-                    (void *keydata_to, const void *keydata_from,
-                     int selection))
 /* Dup function, constructor */
-# define OSSL_FUNC_KEYMGMT_DUP                        45
+# define OSSL_FUNC_KEYMGMT_DUP                        44
 OSSL_CORE_MAKE_FUNC(void *, keymgmt_dup,
                    (const void *keydata_from, int selection))

--- a/test/tls-provider.c
+++ b/test/tls-provider.c
@ -52,7 +52,7 @@ typedef struct xorkey_st {
 static OSSL_FUNC_keymgmt_new_fn xor_newdata;
 static OSSL_FUNC_keymgmt_free_fn xor_freedata;
 static OSSL_FUNC_keymgmt_has_fn xor_has;
-static OSSL_FUNC_keymgmt_copy_fn xor_copy;
+static OSSL_FUNC_keymgmt_dup_fn xor_dup;
 static OSSL_FUNC_keymgmt_gen_init_fn xor_gen_init;
 static OSSL_FUNC_keymgmt_gen_set_params_fn xor_gen_set_params;
 static OSSL_FUNC_keymgmt_gen_settable_params_fn xor_gen_settable_params;
@ -440,9 +440,9 @@ static int xor_has(const void *vkey, int selection)
    return ok;
 }

-static int xor_copy(void *vtokey, const void *vfromkey, int selection)
+static void *xor_dup(const void *vfromkey, int selection)
 {
-    XORKEY *tokey = vtokey;
+    XORKEY *tokey = xor_newdata(NULL);
    const XORKEY *fromkey = vfromkey;
    int ok = 0;

@ -466,7 +466,11 @@ static int xor_copy(void *vtokey, const void *vfromkey, int selection)
            }
        }
    }
-    return ok;
+    if (!ok) {
+        xor_freedata(tokey);
+        tokey = NULL;
+    }
+    return tokey;
 }

 static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[])
@ -706,7 +710,7 @@ static const OSSL_DISPATCH xor_keymgmt_functions[] = {
    { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
    { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
-    { OSSL_FUNC_KEYMGMT_COPY, (void (*)(void))xor_copy },
+    { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup },
    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freedata },
    { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import },
    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types },