Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)

show more ...

Teach more of the ASN.1 code about libctx/propq

Make sure we pass libctx/propq down to all the layers so that objects that
are created during parsing have the right values. Then use this

Teach more of the ASN.1 code about libctx/propq

Make sure we pass libctx/propq down to all the layers so that objects that
are created during parsing have the right values. Then use this new
capability for PKCS7.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15591)

show more ...

Teach the ASN.1 code how to create embedded objects with libctx/propq

An ASN.1 object such as an X509 may have embedded objects in it such as
an X509_PUBKEY. If there is a libctx/propq i

Teach the ASN.1 code how to create embedded objects with libctx/propq

An ASN.1 object such as an X509 may have embedded objects in it such as
an X509_PUBKEY. If there is a libctx/propq in use then we need to make sure
we pass these down to the constructors of these embedded objects.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15591)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)

Add ossl_asn1 symbols

Partial fix for #12964

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using ut

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)

show more ...

Fix safestack issues in asn1t.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/

Fix safestack issues in asn1t.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11839)

In OpenSSL builds, declare STACK for datatypes ...

... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds

In OpenSSL builds, declare STACK for datatypes ...

... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds
and not non-deprecated builds.

Deprecate stack-of-block

Better documentation

Move some ASN1 struct typedefs to types.h

Update ParseC to handle this. Most of all, ParseC needed to be more
consistent. The handlers are "recursive", in so far that they are called
again and again until they terminate, which depends entirely on what the
"massager" returns. There's a comment at the beginning of ParseC that
explains how that works. {Richard Levtte}

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10669)

show more ...

Reorganize local header files

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
direc

Reorganize local header files

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like

'*_lcl.h', '*_local.h', or '*_int.h'

This commit changes the different suffixes to '*_local.h' uniformly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)

show more ...

Deprecated {OPENSSL,CRYPTO}_debug_mem_{push,pop}

They were only used for recursive ASN1 parsing.
Even if the internal memory-debugging facility remains,
this simplification seems wor

Deprecated {OPENSSL,CRYPTO}_debug_mem_{push,pop}

They were only used for recursive ASN1 parsing.
Even if the internal memory-debugging facility remains,
this simplification seems worthwhile.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9342)

show more ...

Following the license change, modify the boilerplates in crypto/asn1/

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7772)

Update copyright year

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5990)

Set error code on alloc failures

Almost all *alloc failures now set an error code.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.co

Set error code on alloc failures

Almost all *alloc failures now set an error code.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5842)

show more ...

asn1_item_embed_new(): if locking failed, don't call asn1_item_embed_free()

asn1_item_embed_free() will try unlocking and fail in this case, and
since the new item was just allocated on

asn1_item_embed_new(): if locking failed, don't call asn1_item_embed_free()

asn1_item_embed_free() will try unlocking and fail in this case, and
since the new item was just allocated on the heap, free it directly
with OPENSSL_free() instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4579)

show more ...

asn1_item_embed_new(): don't free an embedded item

The previous change with this intention didn't quite do it. An
embedded item must not be freed itself, but might potentially contain

asn1_item_embed_new(): don't free an embedded item

The previous change with this intention didn't quite do it. An
embedded item must not be freed itself, but might potentially contain
non-embedded elements, which must be freed.

So instead of calling ASN1_item_ex_free(), where we can't pass the
embed flag, we call asn1_item_embed_free() directly.

This changes asn1_item_embed_free() from being a static function to
being a private non-static function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4579)

show more ...

asn1_item_embed_new(): don't free an embedded item

An embedded item wasn't allocated separately on the heap, so don't
free it as if it was.

Issue discovered by Pavel Kopyl

asn1_item_embed_new(): don't free an embedded item

An embedded item wasn't allocated separately on the heap, so don't
free it as if it was.

Issue discovered by Pavel Kopyl

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4572)

show more ...

ASN.1: extend the possibilities to embed data instead of pointers

Also, when "allocating" or "deallocating" an embedded item, never call
prim_new() or prim_free(). Call prim_clear() ins

ASN.1: extend the possibilities to embed data instead of pointers

Also, when "allocating" or "deallocating" an embedded item, never call
prim_new() or prim_free(). Call prim_clear() instead.

Fixes #3191

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)

show more ...

Combined patch against master branch for the following issues:

Fixed a memory leak in ASN1_digest and ASN1_item_digest.
Reworked error handling in asn1_item_embed_new.
Fixed error ha

Combined patch against master branch for the following issues:

Fixed a memory leak in ASN1_digest and ASN1_item_digest.
Reworked error handling in asn1_item_embed_new.
Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup.
Fixed a memory leak in CRYPTO_free_ex_data.
Reworked error handing in x509_name_ex_d2i, x509_name_encode and x509_name_canon.
Check for null pointer in tls_process_cert_verify.

Fixes #2103 #2104 #2105 #2109 #2111 #2115

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2342)

show more ...

Rework error handling from asn1_do_lock method.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

Copyright consolidation 08/10

Reviewed-by: Richard Levitte <levitte@openssl.org>

Remove /* foo.c */ comments

This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1

Remove /* foo.c */ comments

This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

show more ...

Enable/disable crypto-mdebug just like other features

Also always abort() on leak failure.

Reviewed-by: Stephen Henson <steve@openssl.org>

Cleanup CRYPTO_{push,pop}_info

Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we

Cleanup CRYPTO_{push,pop}_info

Rename to OPENSSL_mem_debug_{push,pop}.
Remove simple calls; keep only calls used in recursive functions.
Ensure we always push, to simplify so that we can always pop

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Continue standardising malloc style for libcrypto

Continuing from previous commit ensure our style is consistent for malloc
return checks.

Reviewed-by: Kurt Roeckx <kurt@openssl

Continue standardising malloc style for libcrypto

Continuing from previous commit ensure our style is consistent for malloc
return checks.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

show more ...