Header file cleanup for C++20 header-units

C++20 adds 'header units' as a stepping-stone to modules. Header
units are regular header-files that have a 'self-contained' property
-- t

Header file cleanup for C++20 header-units

C++20 adds 'header units' as a stepping-stone to modules. Header
units are regular header-files that have a 'self-contained' property
-- they do not require previously-included headers to provide typedefs
and what not.

This addresses 2 problems discovered when using clang modules (as a
proxy for C++20 header-units).

a) Some headers that pay attention to OPENSSL_NO_STDIO to determine
whether to declare certain FILE*-taking functions do not #include
<stdio.h> themselves, relying on their includer already having done
that. That breaks the above mentioned encapuslation requirement.
Fixed by conditionally including stdio.h in those headers. I chose to
always include stdio.h in such headers, even when they included
another such header that transitively included stdio. That way they
do not rely on an artifact of that intermediate header's behaviour.

b) Some headers have #includes inside 'extern "C" { ... }' regions.
That has a bad code-smell, but GCC and clang have extensions to permit
it with implementation-defined effects. Clang needs annotation on the
included files to know that they themselves are entirely inside a
similar region. GCC behavesq as-if there's an extern "C++" region
wrapping the included header (which must therefore wrap its contents
in extern "C", if that is what it wants. In effect the includer's
extern "C" region is just misleading. I didn't audit all the headers
for this, only those I noticed when addressing #a.

\#a is necessary to build the headers as a set of clang-modules. #b
is not necessary, but as I mentioned, avoids potentially
implementation-defined behaviour.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18221)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

ec.h: Explain use of strstr() for EVP_EC_gen() and add #include <string.h>

Fixes #17362

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

ec.h: Explain use of strstr() for EVP_EC_gen() and add #include <string.h>

Fixes #17362

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17380)

show more ...

Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros

These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as m

Fix d2i_ECPKParameters_fp and i2d_ECPKParameters_fp macros

These functions are part of the public API but we don't have tests
covering their usage.
They are actually implemented as macros and the absence of tests has
caused them to fall out-of-sync with the latest changes to ASN1 related
functions and cause compilation warnings.

This commit fixes the public headers to reflect these changes.

Fixes #12443

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16355)

show more ...

ECDSA_SIG_set0: r and s parameters cannot be NULL

Fixes #7731

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16129)

Add convenience functions and macros for asymmetric key generation

Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid

Add convenience functions and macros for asymmetric key generation

Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen().
Also export auxiliary function OSSL_EC_curve_nid2name()
and improve deprecation info on RSA and EC key generation/management functions.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14695)

show more ...

Fix typos

CLA: trivial

Signed-off-by: MichaM <contact-micha+github@posteo.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

Fix typos

CLA: trivial

Signed-off-by: MichaM <contact-micha+github@posteo.de>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14879)

show more ...

Deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm()

The functions are not needed and require returning octet ptr parameters
from providers that would like to s

Deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm()

The functions are not needed and require returning octet ptr parameters
from providers that would like to support them which complicates provider
implementations.

Fixes #12985

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14279)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)

Add EVP_PKEY functions to get EC conv form and field type

libssl at the moment downgrades an EVP_PKEY to an EC_KEY object in order
to get the conv form and field type. Instead we provide

Add EVP_PKEY functions to get EC conv form and field type

libssl at the moment downgrades an EVP_PKEY to an EC_KEY object in order
to get the conv form and field type. Instead we provide EVP_PKEY level
functions to do this.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)

show more ...

Deprecate EC_KEY + Update ec apps to use EVP_PKEY

Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@open

Deprecate EC_KEY + Update ec apps to use EVP_PKEY

Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)

show more ...

EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled
('no-ec' not configured). However

EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available

EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled
('no-ec' not configured). However, that makes it impossible to use
these functions with an engine or a provider that happens to implement
EC_KEY. This change solves that problem by shuffling these functions
to more appropriate places.

Partially fixes #13550

squash! EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available

By consequence, there are a number of places where we can remove the
check of OPENSSL_NO_EC. This requires some re-arrangements of
internal tables to translate between numeric identities and names.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13589)

show more ...

Deprecate EC_POINT_bn2point and EC_POINT_point2bn.

Fixes #10366

The one place that actually used was in the legacy printing of ecparams.
This has been replaced by the pointtobuf

Deprecate EC_POINT_bn2point and EC_POINT_point2bn.

Fixes #10366

The one place that actually used was in the legacy printing of ecparams.
This has been replaced by the pointtobuf variant.

The ecparam app was using one of these functions - this line has just been
removed as another PR will remove all the code generated lines..

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13294)

show more ...

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)

show more ...

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged fro

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)

show more ...

Add SM2 key management

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12536)

EC_KEY: add EC_KEY_decoded_from_explicit_params()

The function returns 1 when the encoding of a decoded EC key used
explicit encoding of the curve parameters.

Reviewed-by: David

EC_KEY: add EC_KEY_decoded_from_explicit_params()

The function returns 1 when the encoding of a decoded EC key used
explicit encoding of the curve parameters.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12683)

show more ...

EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers

Fixes #12852

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.c

EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers

Fixes #12852

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12853)

show more ...

EVP: Move the functions and controls for setting and getting distid

Those functions were located in the EC files, but is really broader
than that, even thought currently only used for SM

EVP: Move the functions and controls for setting and getting distid

Those functions were located in the EC files, but is really broader
than that, even thought currently only used for SM2. They should
therefore be in a more central location, which was also indicated by
diverse TODOs.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12789)

show more ...

EVP: Add support for delayed EVP_PKEY operation parameters

They get called "delayed parameters" because they may make it to the
implementation at a later time than when they're given.

EVP: Add support for delayed EVP_PKEY operation parameters

They get called "delayed parameters" because they may make it to the
implementation at a later time than when they're given.

This currently only covers the distinguished ID, as that's the only
EVP_PKEY operation parameter so far that has been possible to give
before the operation has been initialized.

This includes a re-implementation of EVP_PKEY_CTX_set1_id(),
EVP_PKEY_CTX_get1_id(), and EVP_PKEY_CTX_get1_id_len().

Also, the more rigorous controls of keytype and optype are restored.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12789)

show more ...

Add Explicit EC parameter support to providers.

This was added for backward compatability.
Added EC_GROUP_new_from_params() that supports explicit curve parameters.

This fixes t

Add Explicit EC parameter support to providers.

This was added for backward compatability.
Added EC_GROUP_new_from_params() that supports explicit curve parameters.

This fixes the 15-test_genec.t TODO.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12604)

show more ...

Correct the #define's of EVP_PKEY_CTRL_SET1_ID and EVP_PKEY_CTRL_GET1_ID{,_LEN}

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/1

Correct the #define's of EVP_PKEY_CTRL_SET1_ID and EVP_PKEY_CTRL_GET1_ID{,_LEN}

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)

show more ...

Add more complete support for libctx/propq in the EC code

Renames some "new_ex" functions to "new_with_libctx" and ensures that we
pass around the libctx AND the propq everywhere.

Add more complete support for libctx/propq in the EC code

Renames some "new_ex" functions to "new_with_libctx" and ensures that we
pass around the libctx AND the propq everywhere.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12159)

show more ...

Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic

We rename these function to EVP_PKEY_CTX_get_group_name and
EVP_PKEY_CTX_set_group_name so that they can be used for other

Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic

We rename these function to EVP_PKEY_CTX_get_group_name and
EVP_PKEY_CTX_set_group_name so that they can be used for other algorithms
other than EC.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)

show more ...

Move EC_METHOD to internal-only

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/

Move EC_METHOD to internal-only

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11928)

show more ...