Align EVP_PKEY_get1_RSA() with EVP_PKEY_get0_RSA()

Fix EVP_PKEY_get0_RSA() for RSA-PSS

It currently returns NULL. This is OpenSSL 4088b926 + De Morgan.

ok jsing

Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.

This unbreaks the namespace build so it will pass again

ok tb@

Hide symbols in hkdf, evp, err, ecdsa, and ec

(part 2 of commit)

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Change the pkey.ptr from char * to void *

Now that EVP_PKEY is opaque, there is no reason to keep the ptr member
of the pkey union as a weird char pointer, a void pointer will do. This
avoids a few

Change the pkey.ptr from char * to void *

Now that EVP_PKEY is opaque, there is no reason to keep the ptr member
of the pkey union as a weird char pointer, a void pointer will do. This
avoids a few stupid casts and simplifies an upcoming diff.

ok jsing

show more ...

Port EVP raw key API from OpenSSL.

This will be needed to deal with Curve25519 based keys.

ok beck@ tb@

Prepare to provide EVP_PKEY_security_bits()

This also provides a pkey_security_bits member to the PKEY ASN.1 methods
and a corresponding setter EVP_PKEY_asn1_set_security_bits().

ok beck jsing

Add check for BIO_indent return value

CID 24778

ok jsing@ millert@ tb@

Include evp_locl.h where it will be needed once most structs from
evp.h will be moved to evp_locl.h in an upcoming bump.

ok inoguchi

Prepare to provide EVP_PKEY_new_CMAC_key()

sebastia ran into this when attempting to update security/hcxtools.
This will be tested via wycheproof.go once the symbol is public.

ok jsing, tested by s

Prepare to provide EVP_PKEY_new_CMAC_key()

sebastia ran into this when attempting to update security/hcxtools.
This will be tested via wycheproof.go once the symbol is public.

ok jsing, tested by sebastia

show more ...

Provide EVP_PKEY_get0_hmac(). From OpenSSL 1.1.1 which is still
freely licensed.

From jsing

Add a const qualifier to the argument of EVP_PKEY_size().

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the argument of EVP_PKEY_get0(3).

tested in a bulk build by sthen
ok beck (as part of a larger diff)

Add a const qualifier to the argument of EVP_PKEY_bits(3).

tested in a bulk build by sthen
ok beck (as part of a larger diff)

make ENGINE_finish() succeed on NULL and simplify callers as in
OpenSSL commit 7c96dbcdab9 by Rich Salz.

This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifnde

make ENGINE_finish() succeed on NULL and simplify callers as in
OpenSSL commit 7c96dbcdab9 by Rich Salz.

This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net
shows that almost nothing checks the return value of ENGINE_finish().
While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'.

ok jsing, tested by & ok inoguchi

show more ...

Provide EVP_PKEY_get0_EC_KEY() and 'if (ret)' vs 'if (ret != 0)' cosmetics.

ok jsing

Provide further parts of the OpenSSL 1.1 API: {DH,DSA}_get0_{key,pqg}(),
EVP_PKEY_get0_{DH,DSA,RSA}(), RSA_{g,s}et0_key().

ok jsing

Provide EVP_PKEY_up_ref().

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

No need to include asn1_mac.h here.

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need t

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

show more ...

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifn

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

show more ...

tags as requested by miod and tedu

malloc() result does not need a cast.
ok miod