Implement OpenSSL 3.0 OSSL_PARAM API binding for RSA key parameters (#377)

* Implement OSSL_PARAM API binding for RSA key parameters

- Enhanced param.c to support RSA key parameters (n, e, d, p, q, exponents, coefficients)
- Updated RSA parse function to use OSSL_PARAM API in OpenSSL 3.0+
- Added fallback to legacy RSA_get0_* functions for backward compatibility
- Exported RSA parameter definitions in param module
- Created comprehensive test suite for OSSL_PARAM functionality
- All tests passing (7/7)

Co-authored-by: zhaozg <[email protected]>

* Add OSSL_PARAM API usage documentation

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: zhaozg <[email protected]>

Author: Copilot

docs/OSSL_PARAM_USAGE.md

@@ -0,0 +1,136 @@
+# OSSL_PARAM API Usage Guide
+
+## Overview
+
+Starting with OpenSSL 3.0, the OSSL_PARAM API is the modern way to access cryptographic key parameters. lua-openssl now supports this API while maintaining backward compatibility with OpenSSL 1.x.
+
+## What is OSSL_PARAM?
+
+OSSL_PARAM is OpenSSL 3.0's unified parameter system that replaces many legacy key access functions. It provides a consistent interface for accessing parameters across different key types (RSA, EC, DH, etc.).
+
+## Supported Parameters
+
+### RSA Key Parameters
+
+The following RSA parameters are accessible via the param module:
+
+```lua
+local param = require("openssl").param
+
+-- Available RSA parameters:
+-- param.rsa.n   - Modulus (public)
+-- param.rsa.e   - Public exponent
+-- param.rsa.d   - Private exponent
+-- param.rsa["rsa-factor1"]     - Prime p
+-- param.rsa["rsa-factor2"]     - Prime q
+-- param.rsa["rsa-exponent1"]   - dmp1 (d mod (p-1))
+-- param.rsa["rsa-exponent2"]   - dmq1 (d mod (q-1))
+-- param.rsa["rsa-coefficient1"] - iqmp (q^-1 mod p)
+```
+
+### KDF Parameters
+
+KDF parameters continue to work as before. See `test/2.kdf.lua` for examples.
+
+## Usage Examples
+
+### Parsing RSA Key Parameters
+
+```lua
+local openssl = require("openssl")
+local rsa = openssl.rsa
+
+-- Generate an RSA key
+local key = rsa.generate_key(2048)
+
+-- Parse the key to access parameters
+local params = key:parse()
+
+-- Access parameters
+print("Key size:", params.size, "bytes")
+print("Key bits:", params.bits)
+
+-- Access public parameters (always available)
+print("Modulus n:", params.n)        -- BIGNUM object
+print("Exponent e:", params.e)       -- BIGNUM object
+
+-- Access private parameters (only for private keys)
+if params.d then
+  print("Private exponent d:", params.d)
+  print("Prime p:", params.p)
+  print("Prime q:", params.q)
+  print("CRT exponent dmp1:", params.dmp1)
+  print("CRT exponent dmq1:", params.dmq1)
+  print("CRT coefficient iqmp:", params.iqmp)
+end
+```
+
+### Checking Parameter Availability
+
+```lua
+local param = require("openssl").param
+
+-- Check what RSA parameters are defined
+for name, info in pairs(param.rsa) do
+  print(string.format("Parameter: %s, Type: %d", name, info.type))
+  if info.number_type then
+    print(string.format("  Number type: %s", info.number_type))
+  end
+end
+```
+
+## Implementation Details
+
+### OpenSSL 3.0+ Path
+
+When running on OpenSSL 3.0 or later, `rsa:parse()` uses the modern `EVP_PKEY_get_bn_param()` API to extract parameters. This is the recommended approach for new code.
+
+### OpenSSL 1.x Path
+
+On OpenSSL 1.x, or when the PARAM API fails (e.g., for legacy keys), the implementation automatically falls back to the traditional `RSA_get0_key()`, `RSA_get0_factors()`, and `RSA_get0_crt_params()` functions.
+
+### Compatibility
+
+The dual-path implementation ensures:
+- ✅ Works with OpenSSL 1.x (using legacy API)
+- ✅ Works with OpenSSL 3.0+ (using PARAM API)
+- ✅ Handles keys created with either API version
+- ✅ No changes required to existing code
+- ✅ Same behavior across versions
+
+## Testing
+
+The implementation includes comprehensive tests in `test/2.param.lua`:
+
+```bash
+# Run param tests
+cd test
+lua 2.param.lua
+```
+
+## Future Enhancements
+
+The current implementation focuses on RSA parameters. Future updates may include:
+- EC (Elliptic Curve) key parameters
+- DH (Diffie-Hellman) parameters
+- DSA parameters
+- General-purpose OSSL_PARAM array creation from Lua
+
+## References
+
+- [OpenSSL 3.0 Migration Guide](https://www.openssl.org/docs/man3.0/man7/migration_guide.html)
+- [OSSL_PARAM Documentation](https://www.openssl.org/docs/man3.0/man3/OSSL_PARAM.html)
+- [lua-openssl ROADMAP](ROADMAP.md)
+- [Task 2.5 Details](ROADMAP_CN.md#25-openssl-30-ossl_param-api-绑定)
+
+## Contributing
+
+To extend OSSL_PARAM support to other key types:
+
+1. Add parameter definitions to `src/param.c` (similar to `rsa_params[]`)
+2. Update `get_param_type()` to recognize the new parameters
+3. Export parameters in `luaopen_param()`
+4. Implement parameter access in the relevant module (e.g., `src/ec.c` for EC keys)
+5. Add tests to verify functionality
+
+See the RSA implementation as a reference example.

src/param.c

@@ -86,18 +86,42 @@ static struct param_info kdf_params[] = {
   { NULL,                               0,                           0              }
 };
 
+/* RSA key parameters */
+static struct param_info rsa_params[] = {
+  { OSSL_PKEY_PARAM_RSA_N,              OSSL_PARAM_UNSIGNED_INTEGER, PARAM_T_BN     },
+  { OSSL_PKEY_PARAM_RSA_E,              OSSL_PARAM_UNSIGNED_INTEGER, PARAM_T_BN     },
+  { OSSL_PKEY_PARAM_RSA_D,              OSSL_PARAM_UNSIGNED_INTEGER, PARAM_T_BN     },
+  { OSSL_PKEY_PARAM_RSA_FACTOR1,        OSSL_PARAM_UNSIGNED_INTEGER, PARAM_T_BN     },
+  { OSSL_PKEY_PARAM_RSA_FACTOR2,        OSSL_PARAM_UNSIGNED_INTEGER, PARAM_T_BN     },
+  { OSSL_PKEY_PARAM_RSA_EXPONENT1,      OSSL_PARAM_UNSIGNED_INTEGER, PARAM_T_BN     },
+  { OSSL_PKEY_PARAM_RSA_EXPONENT2,      OSSL_PARAM_UNSIGNED_INTEGER, PARAM_T_BN     },
+  { OSSL_PKEY_PARAM_RSA_COEFFICIENT1,   OSSL_PARAM_UNSIGNED_INTEGER, PARAM_T_BN     },
+  { NULL,                               0,                           0              }
+};
+
 static int
 get_param_type(const char *name, PARAM_NUMBER_TYPE *nt)
 {
   int i;
 
+  /* Try KDF parameters first */
   for (i = 0; i < sizeof(kdf_params) / sizeof(kdf_params[0]); i++) {
     struct param_info *p = &kdf_params[i];
     if (p->name && strcmp(p->name, name) == 0) {
       *nt = p->number_type;
       return p->data_type;
     }
   }
+  
+  /* Try RSA parameters */
+  for (i = 0; i < sizeof(rsa_params) / sizeof(rsa_params[0]); i++) {
+    struct param_info *p = &rsa_params[i];
+    if (p->name && strcmp(p->name, name) == 0) {
+      *nt = p->number_type;
+      return p->data_type;
+    }
+  }
+  
   return 0;
 }
 
@@ -282,6 +306,7 @@ luaopen_param(lua_State *L)
 
   lua_newtable(L);
 
+  /* Export KDF parameters */
   lua_pushliteral(L, "kdf");
   lua_newtable(L);
 
@@ -343,6 +368,68 @@ luaopen_param(lua_State *L)
 
   lua_rawset(L, -3);
 
+  /* Export RSA parameters */
+  lua_pushliteral(L, "rsa");
+  lua_newtable(L);
+
+  for (i = 0; i < sizeof(rsa_params) / sizeof(rsa_params[0]); i++) {
+    struct param_info *p = &rsa_params[i];
+    if (p->name) {
+      lua_pushstring(L, p->name);
+      lua_newtable(L);
+      lua_pushliteral(L, "type");
+      lua_pushinteger(L, p->data_type);
+      lua_rawset(L, -3);
+      if (p->number_type) {
+        lua_pushliteral(L, "number_type");
+        switch ((int)p->number_type) {
+        case PARAM_T_INT:
+          lua_pushliteral(L, "int");
+          break;
+        case PARAM_T_UINT:
+          lua_pushliteral(L, "unsinged int");
+          break;
+        case PARAM_T_LONG:
+          lua_pushliteral(L, "long");
+          break;
+        case PARAM_T_ULONG:
+          lua_pushliteral(L, "unsinged long");
+          break;
+        case PARAM_T_INT32:
+          lua_pushliteral(L, "int32");
+          break;
+        case PARAM_T_UINT32:
+          lua_pushliteral(L, "uint32");
+          break;
+        case PARAM_T_INT64:
+          lua_pushliteral(L, "int64");
+          break;
+        case PARAM_T_UINT64:
+          lua_pushliteral(L, "uint64");
+          break;
+        case PARAM_T_SIZE_T:
+          lua_pushliteral(L, "size_t");
+          break;
+        case PARAM_T_TIME_T:
+          lua_pushliteral(L, "time_t");
+          break;
+        case PARAM_T_BN:
+          lua_pushliteral(L, "BIGNUM");
+          break;
+        case PARAM_T_DOUBLE:
+          lua_pushliteral(L, "double");
+          break;
+        default:
+          lua_pushliteral(L, "unknown");
+        }
+        lua_rawset(L, -3);
+      }
+      lua_rawset(L, -3);
+    }
+  }
+
+  lua_rawset(L, -3);
+
   return 1;
 }
 

src/rsa.c

@@ -22,6 +22,11 @@ RSA key generation, encryption, decryption, signing and signature verification.
 #include "openssl.h"
 #include "private.h"
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)
+#include <openssl/core_names.h>
+#include <openssl/params.h>
+#endif
+
 #if !defined(OPENSSL_NO_RSA)
 static int openssl_rsa_free(lua_State *L)
 {
@@ -174,28 +179,90 @@ parse RSA key components and parameters
 */
 static int openssl_rsa_parse(lua_State *L)
 {
-  const BIGNUM *n = NULL, *e = NULL, *d = NULL;
-  const BIGNUM *p = NULL, *q = NULL;
-  const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
-
   RSA *rsa = CHECK_OBJECT(1, RSA, "openssl.rsa");
-  RSA_get0_key(rsa, &n, &e, &d);
-  RSA_get0_factors(rsa, &p, &q);
-  RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
-
+  
   lua_newtable(L);
-  lua_pushinteger(L, RSA_size(rsa));
-  lua_setfield(L, -2, "size");
-  lua_pushinteger(L, RSA_bits(rsa));
-  lua_setfield(L, -2, "bits");
-  OPENSSL_PKEY_GET_BN(n, n);
-  OPENSSL_PKEY_GET_BN(e, e);
-  OPENSSL_PKEY_GET_BN(d, d);
-  OPENSSL_PKEY_GET_BN(p, p);
-  OPENSSL_PKEY_GET_BN(q, q);
-  OPENSSL_PKEY_GET_BN(dmp1, dmp1);
-  OPENSSL_PKEY_GET_BN(dmq1, dmq1);
-  OPENSSL_PKEY_GET_BN(iqmp, iqmp);
+  
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)
+  /* Try OpenSSL 3.0+ PARAM API first for keys created with new API */
+  EVP_PKEY *pkey = EVP_PKEY_new();
+  if (pkey && EVP_PKEY_set1_RSA(pkey, rsa)) {
+    BIGNUM *n = NULL, *e = NULL, *d = NULL;
+    BIGNUM *p = NULL, *q = NULL;
+    BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
+    int use_legacy = 0;
+    
+    /* Try to get parameters using PARAM API */
+    if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n)) {
+      use_legacy = 1;
+    } else {
+      EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e);
+      EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &d);
+      EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &p);
+      EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &q);
+      EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &dmp1);
+      EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &dmq1);
+      EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &iqmp);
+      
+      lua_pushinteger(L, RSA_size(rsa));
+      lua_setfield(L, -2, "size");
+      lua_pushinteger(L, RSA_bits(rsa));
+      lua_setfield(L, -2, "bits");
+      
+      OPENSSL_PKEY_GET_BN(n, n);
+      OPENSSL_PKEY_GET_BN(e, e);
+      OPENSSL_PKEY_GET_BN(d, d);
+      OPENSSL_PKEY_GET_BN(p, p);
+      OPENSSL_PKEY_GET_BN(q, q);
+      OPENSSL_PKEY_GET_BN(dmp1, dmp1);
+      OPENSSL_PKEY_GET_BN(dmq1, dmq1);
+      OPENSSL_PKEY_GET_BN(iqmp, iqmp);
+      
+      /* Clean up allocated BIGNUMs */
+      BN_free(n);
+      BN_free(e);
+      BN_free(d);
+      BN_free(p);
+      BN_free(q);
+      BN_free(dmp1);
+      BN_free(dmq1);
+      BN_free(iqmp);
+    }
+    
+    EVP_PKEY_free(pkey);
+    
+    if (!use_legacy) {
+      return 1;
+    }
+  }
+  
+  /* Fallback to legacy API if PARAM API fails or EVP_PKEY creation fails */
+#endif
+  
+  /* Legacy OpenSSL 1.x / 3.x compatibility path */
+  {
+    const BIGNUM *n = NULL, *e = NULL, *d = NULL;
+    const BIGNUM *p = NULL, *q = NULL;
+    const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
+
+    RSA_get0_key(rsa, &n, &e, &d);
+    RSA_get0_factors(rsa, &p, &q);
+    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+
+    lua_pushinteger(L, RSA_size(rsa));
+    lua_setfield(L, -2, "size");
+    lua_pushinteger(L, RSA_bits(rsa));
+    lua_setfield(L, -2, "bits");
+    OPENSSL_PKEY_GET_BN(n, n);
+    OPENSSL_PKEY_GET_BN(e, e);
+    OPENSSL_PKEY_GET_BN(d, d);
+    OPENSSL_PKEY_GET_BN(p, p);
+    OPENSSL_PKEY_GET_BN(q, q);
+    OPENSSL_PKEY_GET_BN(dmp1, dmp1);
+    OPENSSL_PKEY_GET_BN(dmq1, dmq1);
+    OPENSSL_PKEY_GET_BN(iqmp, iqmp);
+  }
+  
   return 1;
 }