Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

Decoder resolution performance optimizations

This refactors decoder functionality to reduce calls to
OSSL_DECODER_is_a / EVP_KEYMGMT_is_a, which are substantial bottlenecks
in the pe

Decoder resolution performance optimizations

This refactors decoder functionality to reduce calls to
OSSL_DECODER_is_a / EVP_KEYMGMT_is_a, which are substantial bottlenecks
in the performance of repeated decode operations (see #15199).

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17921)

show more ...

DECODER: Adapt addition of extra decoder implementations

The new PKCS#8 decoder implementation decodes from DER to DER.
OSSL_DECODER_CTX_add_extra() wasn't suited for this case; we had t

DECODER: Adapt addition of extra decoder implementations

The new PKCS#8 decoder implementation decodes from DER to DER.
OSSL_DECODER_CTX_add_extra() wasn't suited for this case; we had to
modify it to walk through all existing decoder implementations, and
filter out those that aren't suitable.
This also turns out to fix the possibility to have more than one extra
decoder implementation that produces the same type of encoding, for
example several different wrapper formats that all decoder into DER.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15498)

show more ...

ENCODER: use property definitions instead of getting implementation parameters

The OSSL_ENCODER library used to ask each encoder implementation for
certain data in form of parameters to

ENCODER: use property definitions instead of getting implementation parameters

The OSSL_ENCODER library used to ask each encoder implementation for
certain data in form of parameters to place them correctly in the
encoder chain, if at all. These parameters were duplicates of
properties of those same implementations, and therefore unnecessarily
redundant.

Now that we have functionality to query property definition values,
those duplicates are no longer needed, and are therefore not looked at
any more.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15570)

show more ...

ENCODER: Drop OSSL_ENCODER_PARAM_INPUT_TYPE

This was a poor substitute for using the name of the decoder implementation,
and since there is functionality to get the latter now, this para

ENCODER: Drop OSSL_ENCODER_PARAM_INPUT_TYPE

This was a poor substitute for using the name of the decoder implementation,
and since there is functionality to get the latter now, this parameter
can be dropped.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15570)

show more ...

DECODER: use property definitions instead of getting implementation parameters

The OSSL_DECODER library used to ask each decoder implementation for
certain data in form of parameters to

DECODER: use property definitions instead of getting implementation parameters

The OSSL_DECODER library used to ask each decoder implementation for
certain data in form of parameters to place them correctly in the
decoder chain, if at all. These parameters were duplicates of
properties of those same implementations, and therefore unnecessarily
redundant.

Now that we have functionality to query property definition values,
those duplicates are no longer needed, and are therefore not looked at
any more.

This adds the "global" error reason ERR_R_INVALID_PROPERTY_DEFINITION,
which can be re-used elsewhere.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15570)

show more ...

encoder: add a _name() function for encoders and decoders

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15211)

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)

CORE: Add an algorithm_description field to OSSL_ALGORITHM

This corresponds to the |info| field in EVP_PKEY_ASN1_METHOD, as well
as the generic use of OBJ_nid2ln() as a one line descript

CORE: Add an algorithm_description field to OSSL_ALGORITHM

This corresponds to the |info| field in EVP_PKEY_ASN1_METHOD, as well
as the generic use of OBJ_nid2ln() as a one line description.

We also add the base functionality to make use of this field.

Fixes #14514

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)

show more ...

ENCODER: Add support for OSSL_FUNC_encoder_does_selection()

OSSL_FUNC_encoder_does_selection() is a dispatchable encoder implementation
function that should return 1 if the given |select

ENCODER: Add support for OSSL_FUNC_encoder_does_selection()

OSSL_FUNC_encoder_does_selection() is a dispatchable encoder implementation
function that should return 1 if the given |selection| is supported by an
encoder implementation and 0 if not. This can be used by libcrypto
functionality to figure out if an encoder implementation should be
considered or not.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)

show more ...

ENCODER: Add support for specifying the outermost output structure

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13167)

DECODER: Add support for OSSL_FUNC_decoder_does_selection()

OSSL_FUNC_decoder_does_selection() is a dispatchable decoder implementation
function that should return 1 if the given |select

DECODER: Add support for OSSL_FUNC_decoder_does_selection()

OSSL_FUNC_decoder_does_selection() is a dispatchable decoder implementation
function that should return 1 if the given |selection| is supported by an
decoder implementation and 0 if not. This can be used by libcrypto
functionality to figure out if an encoder implementation should be
considered or not.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)

show more ...

DECODER: Add support for specifying the outermost input structure

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13248)

ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER

OSSL_ENCODER was developed before OSSL_DECODER, so the idea of
chaining and the resulting API came later. This series

ENCODER: Refactor the OSSL_ENCODER API to be more like OSSL_DECODER

OSSL_ENCODER was developed before OSSL_DECODER, so the idea of
chaining and the resulting API came later. This series of changes
brings the same sort of API and functionality back to OSSL_ENCODER,
making the two APIs more consistent with each other.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12873)

show more ...

OSSL_ENCODER / OSSL_DECODER post-rename cleanup

There are a few remaining spots where 'deser' wasn't changed to 'decoder'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged fr

OSSL_ENCODER / OSSL_DECODER post-rename cleanup

There are a few remaining spots where 'deser' wasn't changed to 'decoder'

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)

show more ...

CORE: Generalise internal pass phrase prompter

The pass phrase prompter that's part of OSSL_ENCODER and OSSL_DECODER
is really a passphrase callback bridge between the diverse forms of

CORE: Generalise internal pass phrase prompter

The pass phrase prompter that's part of OSSL_ENCODER and OSSL_DECODER
is really a passphrase callback bridge between the diverse forms of
prompters that exist within OpenSSL: pem_password_cb, ui_method and
OSSL_PASSPHRASE_CALLBACK.

This can be generalised, to be re-used by other parts of OpenSSL, and
to thereby allow the users to specify whatever form of pass phrase
callback they need, while being able to pass that on to other APIs
that are called internally, in the form that those APIs demand.

Additionally, we throw in the possibility to cache pass phrases during
a "session" (we leave it to each API to define what a "session" is).
This is useful for any API that implements discovery and therefore may
need to get the same password more than once, such as OSSL_DECODER and
OSSL_STORE.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)

show more ...

Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE

Fixes #12455

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openss

Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE

Fixes #12455

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12660)

show more ...