git.ipfire.org Git - thirdparty/openssl.git/commit

author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Sun, 19 Jan 2025 15:51:07 +0000 (02:51 +1100)
committer	Viktor Dukhovni <openssl-users@dukhovni.org>
	Tue, 21 Jan 2025 06:19:07 +0000 (17:19 +1100)
commit	35f6e7ea02b599d5aaf220b4720cbadd946d8023
tree	ceee2a365d6c3958ae002127ab8f7f075431dc59	tree
parent	c3144e102571517df6c15ccc049fa3660ab3cb0a	commit \| diff

Make the provider context available to encoders

At the moment the provider context is only available to
encoders that encrypt, but it is useful more generally.

A similar change has already been merged to "master" on the
decoder side, this is the mirror change for encoders.  The
only significant difference is that PEM_ASN1_write_bio needed
to be "extended" (cloned) to allow it to pass the provider context
down to the `k2d` function it uses to encode the data.

I had to "hold my nose" and live with the random "20" added to the data
size in order to accomodate encryption with padding, which may produce
one more cipher block than the input length.  This really should ask
the EVP layer about the block length of the cipher, and allocate the
right amount.  This should be a separate fix for both the old
PEM_ASN1_write_bio() and the new PEM_ASN1_write_bio_ctx().

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26475)

crypto/pem/pem_lib.c		diff \| blob \| blame \| history
doc/man3/PEM_read.pod		diff \| blob \| blame \| history
include/openssl/asn1.h.in		diff \| blob \| blame \| history
include/openssl/pem.h		diff \| blob \| blame \| history
providers/implementations/encode_decode/encode_key2any.c		diff \| blob \| blame \| history
util/libcrypto.num		diff \| blob \| blame \| history
util/missingcrypto.txt		diff \| blob \| blame \| history