add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(),
EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new().
Otherwise may result in memory errors.

Reviewed-

add checks for the return values of BN_new(), sk_RSA_PRIME_INFO_new_reserve(),
EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new().
Otherwise may result in memory errors.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16892)

show more ...

pvk: use PVK KDF

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15968)

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_,

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)

show more ...

Pass library context and property query into private key decoders

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mr

Pass library context and property query into private key decoders

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)

show more ...

Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dal

Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14587)

show more ...

pem: remove references to EVP_sha1()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

pem: fix coverity 1474426: uninitialised scalar variable.

Based on the value, it would with work properly or produce an error. Most likely seems to have been the former.

Reviewed-b

pem: fix coverity 1474426: uninitialised scalar variable.

Based on the value, it would with work properly or produce an error. Most likely seems to have been the former.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14638)

show more ...

PROV: Add type specific MSBLOB and PVK decoding for the MS->key decoders

To make this cleaner, decoder_ms2key.c is split into decoder_msblob2key.c
and decoder_pvk2key.c.

This re

PROV: Add type specific MSBLOB and PVK decoding for the MS->key decoders

To make this cleaner, decoder_ms2key.c is split into decoder_msblob2key.c
and decoder_pvk2key.c.

This required a great deal of refactoring of crypto/pem/pvkfmt.c, to
make cleaner internal functions that our decoder implementations can
use.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14314)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14512)

Make the EVP_PKEY_get0* functions have a const return type

OTC have decided that the EVP_PKEY_get0* functions should have a const
return type. This is a breaking change to emphasise that

Make the EVP_PKEY_get0* functions have a const return type

OTC have decided that the EVP_PKEY_get0* functions should have a const
return type. This is a breaking change to emphasise that these values
should be considered as immutable.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)

show more ...

MSBLOB & PVK: Make it possible to write EVP_PKEYs with provided internal key

So far, the MSBLOB and PVK writers could only handle EVP_PKEYs with
legacy internal keys.

Specially

MSBLOB & PVK: Make it possible to write EVP_PKEYs with provided internal key

So far, the MSBLOB and PVK writers could only handle EVP_PKEYs with
legacy internal keys.

Specially to be able to compile the loader_attic engine, we use the C
macro OPENSSL_NO_PROVIDER_CODE to avoid building the provider specific
things when we don't need them. The alternative is to suck half of
crypto/evp/ into loader_attic, and that's just not feasible.

Fixes #13503

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13661)

show more ...

PEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4'

All these functions are usable with RSA keys, there's no reason why
they should be unaccessible when DSA or RC4 are disabl

PEM: Unlock MSBLOB and PVK functions from 'no-dsa' and 'no-rc4'

All these functions are usable with RSA keys, there's no reason why
they should be unaccessible when DSA or RC4 are disabled.

When DSA is disabled, it's not possible to use these functions for
DSA EVP_PKEYs. That's fine, and supported.

When RC4 is disabled, it's not possible to use these functions to
write encrypted PVK output. That doesn't even depend on the
definition of OPENSSL_NO_RC4, but if the RC4 algorithm is accessible
via EVP, something that isn't known when building libcrypto.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13648)

show more ...

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using ut

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)

show more ...

Unexport internal MSBLOB and PVK functions

The following internal functions are affected:

ossl_do_blob_header
ossl_do_PVK_header
ossl_b2i
ossl_b2i_bio

Unexport internal MSBLOB and PVK functions

The following internal functions are affected:

ossl_do_blob_header
ossl_do_PVK_header
ossl_b2i
ossl_b2i_bio

This is reflected by moving include/internal/pem.h to include/crypto/pem.h
engines/e_loader_attic gets the source code added to it to have
continued access to those functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13195)

show more ...

PEM: Fix i2b_PvK to use EVP_Encrypt calls consistently

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12574)

PEM: Make general MSBLOB reader functions exposed internally

Fly-by fix is to move crypto/include/internal/pem_int.h to
include/internal/pem.h.

Reviewed-by: Shane Lontis <shane.

PEM: Make general MSBLOB reader functions exposed internally

Fly-by fix is to move crypto/include/internal/pem_int.h to
include/internal/pem.h.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12574)

show more ...

Cast the unsigned char to unsigned int before shifting left

This is needed to avoid automatic promotion to signed int.

Fixes #11853

[extended tests]

Reviewed-by: R

Cast the unsigned char to unsigned int before shifting left

This is needed to avoid automatic promotion to signed int.

Fixes #11853

[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11857)

show more ...

OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files

This involves exposing two pvkfmt.c functions, but only internally.

Reviewed-by: David von Oheimb <david.von.oh

OSSL_STORE: Make the 'file' scheme loader handle MSBLOB and PVK files

This involves exposing two pvkfmt.c functions, but only internally.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11756)

show more ...

i2b_PVK_bio: don't set PEM_R_BIO_WRITE_FAILURE in case of success

but in case of an error

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: B

i2b_PVK_bio: don't set PEM_R_BIO_WRITE_FAILURE in case of success

but in case of an error

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11380)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)

Deprecate the low level DSA functions.

Use of the low level DSA functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by: Matt Casw

Deprecate the low level DSA functions.

Use of the low level DSA functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10977)

show more ...

PEM: constify PEM_write_ routines

There's no reason why the object to be written, or the key string
given by the caller should be non-const.

This makes the IMPLEMENT_PEM_..._con

PEM: constify PEM_write_ routines

There's no reason why the object to be written, or the key string
given by the caller should be non-const.

This makes the IMPLEMENT_PEM_..._const and DECLARE_PEM_..._const
macros superfluous, so we keep them around but mark them deprecated.

In all places where IMPLEMENT_PEM_..._const and DECLARE_PEM_..._const
are used, they are replaced with the corresponding macros without
'_const'.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10452)

show more ...

Explicitly test against NULL; do not use !p or similar

Also added blanks lines after declarations in a couple of places.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Review

Explicitly test against NULL; do not use !p or similar

Also added blanks lines after declarations in a couple of places.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9916)

show more ...

Fix SCA vulnerability when using PVK and MSBLOB key formats

This commit addresses a side-channel vulnerability present when
PVK and MSBLOB key formats are loaded into OpenSSL.
The pu

Fix SCA vulnerability when using PVK and MSBLOB key formats

This commit addresses a side-channel vulnerability present when
PVK and MSBLOB key formats are loaded into OpenSSL.
The public key was not computed using a constant-time exponentiation
function.

This issue was discovered and reported by the NISEC group at TAU Finland.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9587)

show more ...

Following the license change, modify the boilerplates in crypto/pem/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Following the license change, modify the boilerplates in crypto/pem/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7806)

show more ...