EVP: Add evp_pkey_make_provided() and refactor around it

The code to ensure that an EVP_PKEY is exported to providers is
repeated all over the place, enough that copying it again has the
usual future hazards with code copying.

Instead, we refactor that code into one function,
evp_pkey_make_provided(), and make sure to use that everywhere.
It relies on the creation of EVP_PKEY_CTX to figure out facts about
the input key, should it need to.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10850)

1 files changed, 58 insertions, 0 deletions

diff --git a/doc/internal/man3/evp_pkey_make_provided.pod b/doc/internal/man3/evp_pkey_make_provided.pod
new file mode 100644
index 0000000000..e5dde78c4f
--- /dev/null
+++ b/doc/internal/man3/evp_pkey_make_provided.pod
@@ -0,0 +1,58 @@
+=pod
+
+=head1 NAME
+
+evp_pkey_make_provided - internal EVP_PKEY support functions for providers
+
+=head1 SYNOPSIS
+
+ /* Only for EVP source */
+ #include "evp_local.h"
+
+ void *evp_pkey_make_provided(EVP_PKEY *pk, OPENSSL_CTX *libctx,
+                              EVP_KEYMGMT **keymgmt, const char *propquery,
+                              int domainparams);
+
+=head1 DESCRIPTION
+
+evp_pkey_make_provided() ensures that the B<EVP_PKEY> I<pk> is provided within
+the library context I<libctx> (NULL means the default context).  I<keymgmt>
+may point at a reference to a B<EVP_KEYMGMT>, and works as an input/output
+parameter.
+As input to this function, it can be used to specify a B<EVP_KEYMGMT> to be
+used for exporting.  If not (I<*keymgmt> is NULL), then this function will
+fetch an B<EVP_KEYMGMT> implicitly, using I<propquery> as property query string.
+As output from this function, I<*keymgmt> will be assigned the B<EVP_KEYMGMT>
+that was used, if the export was successful, otherwise it will be assigned NULL.
+I<domainparams> decides if I<pk> should be considered domain parameters or the
+actual key.
+
+=head1 RETURN VALUES
+
+evp_pkey_make_provided() returns the provider key data that was exported if
+I<pk> was successfully provided.  Otherwise, NULL is returned.
+
+=head1 NOTES
+
+Some functions calling evp_pkey_make_provided() may have received a const
+key, and may therefore have to cast the key to non-const form to call this
+function.  Since B<EVP_PKEY> is always dynamically allocated, this is OK.
+
+=head1 SEE ALSO
+
+L<OPENSSL_CTX(3)>, L<EVP_KEYMGMT(3)>
+
+=head1 HISTORY
+
+The functions described here were all added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut