Add functions to set values into an EVP_PKEY

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)

crypto/evp/p_lib.c

@@ -2138,3 +2138,107 @@ int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name,
         return 0;
     return 1;
 }
+
+int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in)
+{
+    OSSL_PARAM params[2];
+
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL
+        || key_name == NULL)
+        return 0;
+
+    params[0] = OSSL_PARAM_construct_int(key_name, &in);
+    params[1] = OSSL_PARAM_construct_end();
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in)
+{
+    OSSL_PARAM params[2];
+
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL
+        || key_name == NULL)
+        return 0;
+
+    params[0] = OSSL_PARAM_construct_size_t(key_name, &in);
+    params[1] = OSSL_PARAM_construct_end();
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn)
+{
+    OSSL_PARAM params[2];
+    unsigned char buffer[2048];
+    int bsize = 0;
+
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL
+        || key_name == NULL
+        || bn == NULL)
+        return 0;
+
+    bsize = BN_num_bytes(bn);
+    if (!ossl_assert(bsize <= (int)sizeof(buffer)))
+        return 0;
+
+    if (BN_bn2nativepad(bn, buffer, bsize) < 0)
+        return 0;
+    params[0] = OSSL_PARAM_construct_BN(key_name, buffer, bsize);
+    params[1] = OSSL_PARAM_construct_end();
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
+                                   char *str)
+{
+    OSSL_PARAM params[2];
+
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL
+        || key_name == NULL)
+        return 0;
+
+    params[0] = OSSL_PARAM_construct_utf8_string(key_name, str, 0);
+    params[1] = OSSL_PARAM_construct_end();
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
+                                    unsigned char *buf, size_t bsize)
+{
+    OSSL_PARAM params[2];
+
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL
+        || key_name == NULL)
+        return 0;
+
+    params[0] = OSSL_PARAM_construct_octet_string(key_name, buf, bsize);
+    params[1] = OSSL_PARAM_construct_end();
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey)
+{
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL)
+        return 0;
+    return EVP_KEYMGMT_settable_params(pkey->keymgmt);
+}
+
+int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[])
+{
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL)
+        return 0;
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}

doc/man3/EVP_PKEY_settable_params.pod

@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_settable_params, EVP_PKEY_set_params,
+EVP_PKEY_set_int_param, EVP_PKEY_set_size_t_param, EVP_PKEY_set_bn_param,
+EVP_PKEY_set_utf8_string_param, EVP_PKEY_set_octet_string_param
+- set key parameters into a key
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey);
+ int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
+ int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in);
+ int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in);
+ int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn);
+ int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
+                                    char *str);
+ int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
+                                     unsigned char *buf, size_t bsize);
+
+=head1 DESCRIPTION
+
+These functions can be used to set additional parameters into an existing
+B<EVP_PKEY>.
+
+EVP_PKEY_set_params() sets one or more I<params> into a I<pkey>.
+See L<OSSL_PARAM(3)> for information about parameters.
+
+EVP_PKEY_settable_params() returns a constant list of I<params> indicating
+the names and types of key parameters that can be set.
+See L<OSSL_PARAM(3)> for information about parameters.
+
+EVP_PKEY_set_int_param() sets an integer value I<in> into a key I<pkey> for the
+associated field I<key_name>.
+
+EVP_PKEY_set_size_t_param() sets an size_t value I<in> into a key I<pkey> for
+the associated field I<key_name>.
+
+EVP_PKEY_set_bn_param() sets the BIGNUM value I<bn> into a key I<pkey> for the
+associated field I<key_name>.
+
+EVP_PKEY_set_utf8_string_param() sets the UTF8 string I<str> into a key I<pkey>
+for the associated field I<key_name>.
+
+EVP_PKEY_set_octet_string_param() sets the octet string value I<buf> with a
+size I<bsize> into a key I<pkey> for the associated field I<key_name>.
+
+=head1 NOTES
+
+These functions only work for B<EVP_PKEY>s that contain a provider side key.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_settable_params() returns NULL on error or if it is not supported,
+
+All other methods return 1 if a value was successfully set, or 0 if
+there was an error.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_gettable_params(3)>,
+L<EVP_PKEY_CTX_new(3)>, L<provider-keymgmt(7)>, L<OSSL_PARAM(3)>,
+
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
+

include/openssl/evp.h

@@ -1795,6 +1795,16 @@ int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
                                     unsigned char *buf, size_t max_buf_sz,
                                     size_t *out_sz);
 
+const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey);
+int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
+int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in);
+int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in);
+int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn);
+int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
+                                   char *str);
+int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
+                                    unsigned char *buf, size_t bsize);
+
 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);

util/libcrypto.num

@@ -5287,3 +5287,10 @@ PEM_write_bio_PUBKEY_ex                 ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get_group_name                 ?	3_0_0	EXIST::FUNCTION:
 CRYPTO_atomic_or                        ?	3_0_0	EXIST::FUNCTION:
 CRYPTO_atomic_load                      ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_settable_params                ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_params                     ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_int_param                  ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_size_t_param               ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_bn_param                   ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_utf8_string_param          ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_octet_string_param         ?	3_0_0	EXIST::FUNCTION: