|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h
fix suggested by & ok jsing | 
| | 
| 
| 
| 
| 
| | Also be more consistent with variable naming.
ok tb@ | 
| | 
| 
| 
| | ok tb@ | 
| | 
| 
| 
| | ok tb@ | 
| | 
| 
| 
| 
| 
| 
| | Remove a comment that tells you not to call a function that internally
calls free, with a stack allocated pointer...
ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook | 
| | 
| 
| 
| | ok jsing@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| | Use calloc() instead of malloc() and setting all members manually to 0.
Avoid unnecessary else branch. | 
| | 
| 
| 
| 
| 
| | a pointless local scope.
suggested by jsing | 
| | 
| 
| 
| 
| 
| 
| 
| | local scope of a case branch. Move it into the proper location.
No binary change on amd64.
"sure" jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | There is no reason for print_error()'s third argument to be a UI *.
It may just as well be a void * to match what ERR_print_errors_cb()
expects. This avoids casting the function pointer. Also, there's no
need for a (void *) cast.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| | It is a bit silly to push an error on the stack without erroring out,
so error out if the ok_chars and cancel_chars overlap.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | If any of general_allocate_{prompt,string,boolean}() fail, the
UI_dup_* functions may leak the strings they strduped beforehand.
Instead, use strdup inside these functions, so we can free as
necessary.  This makes the UI_add_* and UI_dup_* simple wrappers
around general_allocate_{string,boolean}() that differ only in
passing a Boolean that indicates whether or not to use strdup.
Make a general cleanup pass over these functions, simplify the
logic and make it overall a bit easier to follow.  While there,
use strcspn() instead of a handrolled variant.
The only changes in behavior are that ERR_R_MALLOC_FAILURE is now
pushed onto the stack a bit more often and that UI_dup_input_string()
now returns -1 on failure to dup prompt like all the other UI_dup_*
functions.  This is not a problem since the manual already documents
that errors are signaled with <= 0. The only consumer of this function
according to Debian's codesearch is libp11, I sent them a PR to fix
their (already broken) error handling.
Addresses about 10 errors thrown by the LLVM static analyzer in ui/.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| | If sk_UI_STRING_new_null() fails, this must be due to a memory error,
so signal this to the user.
ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | UI_method_get_flusher(), UI_method_get_opener(),
UI_method_get_prompt_constructor(), UI_method_get_reader(), and
UI_method_get_writer().
tested in a bulk build by sthen
ok jsing | 
| | 
| 
| 
| 
| 
| | ^^^^^
tested in a bulk build by sthen
ok jsing | 
| | 
| 
| 
| 
| 
| | as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@ | 
| | 
| 
| 
| 
| | as reading passwords. allow ^C to break.
the pain was mine, the fix is miod's. | 
| | 
| 
| 
| | 15 years. | 
| | 
| 
| 
| | ok tedu@, miod@ | 
| | 
| 
| 
| 
| | NULL before an intrinsic strdup.
ok miod@ | 
| | 
| 
| 
| 
| 
| | intrinsics. This is the easy ones, a few left to check one at
a time.
ok miod@ deraadt@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.
ok beck@ miod@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| | ok miod | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | including it they get <openssl/opensslconf.h>. So instead of pulling in
<openssl/e_os2.h>, just pull in <openssl/opensslconf.h>.
"go ahead" miod@ | 
| | 
| 
| 
| | eyeballed before applying. Contributed by Cyril Roelandt on tech@ | 
| | 
| 
| 
| 
| 
| 
| 
| | This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@ | 
| | 
| 
| 
| | Suggested by miod@ | 
| | 
| 
| 
| 
| 
| | unchecked malloc at the same time.
ok beck@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | truncation is either desirable, not an issue, or is detected and handled later
ok deraadt@ | 
| | 
| 
| 
| 
| 
| | funcitons to check for incorrect use. keep BUF_strlcpy and BUF_strlcat
for API comptibility only.
ok tedu@ | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free | 
| | 
| 
| 
| 
| | where the return value is ignored changing to (void) snprintf.
ok deraadt@ | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  |