Only use the legacy route to decode a public key if we have to

We should use a provider to decode a SubjectPublicKeyInfo structure if
we can. We should only use the legacy route if we ar

Only use the legacy route to decode a public key if we have to

We should use a provider to decode a SubjectPublicKeyInfo structure if
we can. We should only use the legacy route if we are forcing legacy, or
if an ENGINE is in use.

Fixes #15393
Fixes #15327

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)

show more ...

Ensure that we consume all the data when decoding an SPKI

If we are decoding a SubjectPublicKeyInfo structure then we must use all
of the data and must not have bytes "left over".

Ensure that we consume all the data when decoding an SPKI

If we are decoding a SubjectPublicKeyInfo structure then we must use all
of the data and must not have bytes "left over".

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)

show more ...

Use the right class/tag when decoding an embedded key

When a key (SubjectPublicKeyInfo) is embedded in some other structure
it may use an implicit tag. However the decoders can only hand

Use the right class/tag when decoding an embedded key

When a key (SubjectPublicKeyInfo) is embedded in some other structure
it may use an implicit tag. However the decoders can only handle the
universal class and don't know how to interpret the implicit tag.
Therefore we modify the data into a form the decoders can handle.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)

show more ...

Fix CTLOG_new_from_base64_ex()

Ensure that the libctx/propq are passed to d2i_PUBKEY_ex()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/ope

Fix CTLOG_new_from_base64_ex()

Ensure that the libctx/propq are passed to d2i_PUBKEY_ex()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)

show more ...

Fix the expected output of printing certificates

Now that we are using provided keys when loading a certificate the pretty
printing formatting is cosmetically different. We need to adjus

Fix the expected output of printing certificates

Now that we are using provided keys when loading a certificate the pretty
printing formatting is cosmetically different. We need to adjust expected
test output accordingly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)

show more ...

EVP_PKEY_new_raw_private_key: Allow zero length keys

Allocate at least one byte to distinguish a zero length key
from an unset key.

Fixes #15632

Reviewed-by: Matt Caswe

EVP_PKEY_new_raw_private_key: Allow zero length keys

Allocate at least one byte to distinguish a zero length key
from an unset key.

Fixes #15632

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15643)

show more ...

Fix compilation on systems with empty _POSIX_TIMERS

Systems such as Tru64 ship with broken headers that
have _POSIX_TIMERS defined but empty.

CLA: trivial

Reviewed-by:

Fix compilation on systems with empty _POSIX_TIMERS

Systems such as Tru64 ship with broken headers that
have _POSIX_TIMERS defined but empty.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15598)

show more ...

evp: avoid some calls to EVP_CIPHER_CTX_get_iv_length() because it's been called already

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

evp: avoid some calls to EVP_CIPHER_CTX_get_iv_length() because it's been called already

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)

show more ...

evp: fix Coverity 1485670 argument cannot be negative

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)

evp: fix Coverity 1485669 improper use of negative value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)

evp: fix Coverity 1485668 argument cannot be negative

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)

pkcs12: fix Coverity 1485667 logically dead code

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)

evp: fix coverity 1485666 argument cannot be negative

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)

evp: fix improper use of negative value issues

Coverity issues 1485662, 1485663 & 1485664.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/op

evp: fix improper use of negative value issues

Coverity issues 1485662, 1485663 & 1485664.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)

show more ...

afalg: fix coverity 1485661 improper use of negative value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)

fix coverity 1485660 improper use of negative value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)

bio: improve error checking fixing coverity 1485659 & 1485665

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15635)

doc: add PKEY life cycle documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15637)

doc: build changes for PKEY life cycle documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15637)

doc: add build info for cipher life cycle documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15637)

doc: add references to cipher life cycle documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15637)

doc: add cipher life cycle documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15637)

doc: improve the cipher life cycle diagram

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15637)

doc-nits: support out of source execution

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15637)

doc: remove empty section

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15637)