Harden OpenSSL crypto error checking and resource management

[Copilot]

Harden OpenSSL error checking and resource management in ccf::crypto:

• CHECK1 (openssl_wrappers.h): Threw only when error queue was non-empty. Now throws unconditionally on rc != 1; error message includes rc, ec, and best-effort error string.

• CHECK0 removed: Ambiguous semantics replaced by CHECKPOSITIVE(). Removal noted in CHANGELOG (Harden OpenSSL crypto error checking and resource management #7817).

• CHECKPOSITIVE (new): For OpenSSL APIs returning positive-on-success. Includes ERR_get_error() / error_string() and rc/ec in diagnostics.

• RSA OAEP params (rsa_key_pair.cpp, rsa_public_key.cpp): EVP_PKEY_CTX_set_rsa_padding, _set_rsa_oaep_md, _set_rsa_mgf1_md return values were unchecked. Wrapped with CHECKPOSITIVE().

• HKDF context leak (hash.cpp): Raw EVP_PKEY_CTX* leaked on throw. Replaced with Unique_EVP_PKEY_CTX RAII wrapper.

• Wrong check macro (ec_key_pair.cpp): X509_REQ_sign returns signature size (positive) on success, 0 on failure — corrected from CHECK1 to CHECKPOSITIVE.

• salt_length overflow (rsa_key_pair.cpp, rsa_public_key.cpp): size_t salt_length was passed directly to EVP_PKEY_CTX_set_rsa_pss_saltlen(int) without range checking. Added validation throwing std::invalid_argument if salt_length > INT_MAX.

OpenSSL doc links for CHECK1 → CHECKPOSITIVE replacements:

EVP_PKEY_CTX_set_rsa_padding / set_rsa_oaep_md / set_rsa_mgf1_md / set_rsa_pss_saltlen / set_signature_md
"return a positive value for success and 0 or a negative value for failure"
https://docs.openssl.org/master/man3/EVP_PKEY_CTX_ctrl/#return-values

EVP_PKEY_CTX_set_hkdf_md / set1_hkdf_salt / set1_hkdf_key / add1_hkdf_info
Same page as above — all are EVP_PKEY_CTX_ctrl wrappers
https://docs.openssl.org/master/man3/EVP_PKEY_CTX_ctrl/#return-values

sk_X509_push (→ OPENSSL_sk_push)
"returns the total number of elements in the stack after the push, or 0 on error"
https://docs.openssl.org/master/man3/OPENSSL_sk_push/#return-values

X509_REQ_sign
"returns the size of the signature in bytes [...] or 0 on failure"
https://docs.openssl.org/master/man3/X509_sign/#return-values

i2d_ECDSA_SIG
"returns the length of the DER encoded signature [...] or negative value on error"
https://docs.openssl.org/master/man3/i2d_ECDSA_SIG/#return-values

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[maxtropets]

@copilot based on the last commit I've done, update the PR title and description if needed

Also make them as concise as possible w/o losing any useful info

[Copilot]

@copilot based on the last commit I've done, update the PR title and description if needed

Also make them as concise as possible w/o losing any useful info

Updated the PR description to cover all four changes including the CHECK0 hardening and the X509_REQ_sign CHECK1→CHECK0 fix from 962d640. Kept the existing title — it still accurately covers everything.

[achamayou]

Goes in the right direction but please see and fix comment.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.

[Copilot]

@copilot based on the last commit I've done, update the PR title and description if needed

Also make them as concise as possible w/o losing any useful info

Updated the PR description to include the latest changes: rc/ec in error messages for better diagnostics, and CHANGELOG entry for CHECK0 removal. Title still fits — kept as is.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.