const correct X509_LOOKUP_METHOD

With this another family of global tables becomes const as it should
always have been.

ok beck jsing

Remove unnecessary stat() calls from by_dir

When searching for a CA or CRL file in by_dir, this stat()
was used to short circuit attempting to open the file with
X509_load_cert_file(). This was a de

Remove unnecessary stat() calls from by_dir

When searching for a CA or CRL file in by_dir, this stat()
was used to short circuit attempting to open the file with
X509_load_cert_file(). This was a deliberate TOCTOU introduced
to avoid setting an error on the error stack, when what you
really want to say is "we couldn't find a CA" and continue
merrily on your way.

As it so happens you really do not care why the load_file failed
in any of these cases, it all boils down to "I can't find the CA
or CRL". Instead we just omit the stat call, and clear the error
stack if the load_file fails. The fact that you don't have a CA or
CRL is caught later in the callers and is what you want, mimicing
the non by_dir behaviour instead of possibly some bizzaro file
system error.

Based on a similar change in Boring.

ok tb@

show more ...

Use a void pointer rather than char for method_data

This way we don't need to cast from BY_DIR * to char * and back in
its only consumer, the lovely by_dir.

Remove unused X509_LOOKUP_METHODs

None of these function pointers were ever set. Now that the structure is
opaque they won't ever be, so time for them to hit the bitbucket. Infinite
extensibility of

Remove unused X509_LOOKUP_METHODs

None of these function pointers were ever set. Now that the structure is
opaque they won't ever be, so time for them to hit the bitbucket. Infinite
extensibility of the toolkit results in complications, bugs, and dead code.

ok jsing

show more ...

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h

fix suggested by & ok jsing

show more ...

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Hide public symbols in libcrypto/x509 .c files

ok tb@

Merge a few additional X509error(ERR_R_MALLOC_FAILURE) calls
and various style improvements from the OpenSSL 1.1.1 branch,
which is still under a free license.

- No need to #include <openssl/lhash.h

Merge a few additional X509error(ERR_R_MALLOC_FAILURE) calls
and various style improvements from the OpenSSL 1.1.1 branch,
which is still under a free license.

- No need to #include <openssl/lhash.h>.
- BUF_MEM_free(3) and sk_pop_free(3) can handle NULL.
- sk_value(3) can handle -1.
- Test pointers with "== NULL" rather than with "!".
- Use the safer "p = malloc(sizeof(*p))" idiom.
- return is not a function.
- Delete very wrong commented out code.

Including parts of the these commits from the 2015 to 2018 time range:
25aaa98a b4faea50 90945fa3 f32b0abe 26a7d938 7fcdbd83 208056b2 5b37fef0

Requested by and OK tb@.

show more ...

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of un

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

show more ...

Remove unnecessary NULL check from get_cert_by_subject since
sk_BY_DIR_HASH_find already does it, removing ambiguity later in the function.

ok tb@

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Remove all getenv() calls, especially those wrapped by issetugid().
getenv()'s wrapped by issetugid() are safe, but issetugid() is correct
difficult to impliment on many operating systems. By accide

Remove all getenv() calls, especially those wrapped by issetugid().
getenv()'s wrapped by issetugid() are safe, but issetugid() is correct
difficult to impliment on many operating systems. By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems. Noone noticed & complained that
certain environment variables were not working.......
ok doug beck jsing, discussion with others

show more ...

If you do not support POSIX I/O then you're not tall enough to ride...

ok tedu@

Declare the x509_(mem|file|dir)_lookup symbols as static because they
shouldn't be used directly. They aren't part of the API; each module
(file, dir, mem) provides an actual function to export the

Declare the x509_(mem|file|dir)_lookup symbols as static because they
shouldn't be used directly. They aren't part of the API; each module
(file, dir, mem) provides an actual function to export the now-static
object.

OK miod@

show more ...

Use field names in struct initialisers.

No change to generated assembly.

Fix regression introduced in revision 1.15 by using strndup() instead of
strdup() to allocated directory list components.

ok jsing@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need t

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

show more ...

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifn

Explicitly include <openssl/opensslconf.h> in every file that references
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.

This also includes some miscellaneous sorting/tidying of headers.

show more ...

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

Unifdef -UNO_SYS_TYPES_H

Since this is a library, place issetugid() before every getenv()
ok miod

improve error checking. set error code on error, and check malloc return.
add missing unlock in one case. ok lteo miod

tags as requested by miod and tedu

malloc() result does not need a cast.
ok miod

no need for null check before free. from Brendan MacDonell