The maximum key length for rc5 is 2040 bits so we should not attempt to
use keys longer than this.

Issue found by OSS-Fuzz and Guido Vranken.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8834)

(cherry picked from commit 792cb4ee8d82e4b063f707fc9f4992271ffd65ab)

This feature is enabled by default outside of FIPS builds
which ban such actions completely.

Encryption is always disallowed and will generate an error.
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9112)

(cherry picked from commit 2c840201e57e27fa9f1b26a970270a91813e32fe)

Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7852)

(cherry picked from commit f2f734d4f9e34643a1d3e5b79d2447cd643519f8)

Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6443)

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6217)

Only applies to algorithms that support it. Both raw private and public
keys can be obtained for X25519, Ed25519, X448, Ed448. Raw private keys
only can be obtained for HMAC, Poly1305 and SipHash

Fixes #6259
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6394)

Almost all *alloc failures now set an error code.
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5842)

methods :
 - EVP_PBE_scrypt
 - EVP_PKEY_meth_add0
 - EVP_PKEY_meth_new
 - EVP_PKEY_CTX_dup
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5783)

Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per
feedback.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

Not all algorithms will support this, since their keys are not a simple
block of data. But many can.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)

EVP_PKEY_asn1_find_str() would search through standard asn1 methods
first, then those added by the application, which EVP_PKEY_asn1_find()
worked the other way around.  Also, EVP_PKEY_asn1_find_str() didn't
handle aliases.

This change brings EVP_PKEY_asn1_find_str() closer to EVP_PKEY_asn1_find().

Fixes #5086
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5137)

EVP_PKEY_public_check() and EVP_PKEY_param_check()

Doc and test cases are added
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4647)

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4596)

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4503)

A new method is added to EVP_PKEY_METH as:

    int (*check) (EVP_PKEY_CTX *ctx);

and to EVP_PKEY_ASN1_METHOD as:

    int (*pkey_check) (EVP_PKEY_CTX *ctx);

This is used to check the validity of a specific key.

The order of calls is:
EVP_PKEY_check -> pmeth.check -> ameth.pkey_check.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4337)

AEAD cipher mode implementation is based on that used for AES:

  https://tools.ietf.org/html/rfc5116

TLS GCM cipher suites as specified in:

  https://tools.ietf.org/html/rfc6209Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4287)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4137)

Run perltidy on util/mkerr
Change some mkerr flags, write some doc comments
Make generated tables "const" when genearting lib-internal ones.
Add "state" file for mkerr
Renerate error tables and headers
Rationalize declaration of ERR_load_XXX_strings
Fix out-of-tree build
Add -static; sort flags/vars for options.
Also tweak code output
Moved engines/afalg to engines (from master)
Use -static flag
Standard engine #include's of errors
Don't linewrap err string tables unless necessary
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3392)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)

This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made. This
implementation expands the evptests by including the test cases from
RFC 5794 and ARIA official site rather than providing an individual
test case. Support for ARIA has been integrated into the command line
applications, but not TLS. Implemented modes are CBC, CFB1, CFB8,
CFB128, CTR, ECB and OFB128.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2337)

The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)

When doing in place encryption the overlapping buffer check can fail
incorrectly where we have done a partial block "Update" operation. This
fixes things to take account of any pending partial blocks.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2275)

Add Poly1305 as a "signed" digest.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2128)

New function EVP_PKEY_CTX_md() which takes a string and passes a digest
to a ctrl.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)

For now, checking that the size is non-zero will suffice.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)

Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1421)

and add EVPerr(PARTIALLY_OVERLAPPED)
Reviewed-by: NStephen Henson <steve@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
GH: #1330

Before the addition of this function, it was impossible to read the
symmetric key from an EVP_PKEY_HMAC type EVP_PKEY.
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1217)

Add script to find unused err/reason codes
Remove unused reason codes.
Remove entries for unused functions
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Make PKCS8_PRIV_KEY_INFO opaque. Several accessor functions already exist
for this structure. Two new ones were added to handle attributes.

The old handling of broken formats has been removed and the corresponding
structures simplified.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Rebuild error source files: the new mkerr.pl functionality will now
pick up and translate static function names properly.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Set a specific error if the parameters are otherwise valid but exceed the
memory limit.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This adds support for the ASN.1 structures in draft-josefsson-scrypt-kdf-03
Private keys encrypted by scrypt can now be decrypted transparently as long
as they don't exceed the memory limits.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>