Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Lan

Copyright year updates

Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)

show more ...

Make OPENSSL_sk_push return only 0 or 1

Most of the callers do not actually check for
the special -1 return condition because they do not
pass NULL to it. It is also extremely improb

Make OPENSSL_sk_push return only 0 or 1

Most of the callers do not actually check for
the special -1 return condition because they do not
pass NULL to it. It is also extremely improbable that
any code depends on this -1 return value in this condition
so it can be safely changed to 0 return.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/22930)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

stack: fix searching when the stack isn't sorted.

More specifically, don't sort the stack when searching when it isn't sorted.
This avoids a race condition.

Fixes #20135

stack: fix searching when the stack isn't sorted.

More specifically, don't sort the stack when searching when it isn't sorted.
This avoids a race condition.

Fixes #20135

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20782)

show more ...

Errors raised from OPENSSL_sk_set should have ERR_LIB_CRYPTO

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/op

Errors raised from OPENSSL_sk_set should have ERR_LIB_CRYPTO

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)

show more ...

stack: Do not add error if pop/shift/value accesses outside of the stack

This partially reverts commit 30eba7f35983a917f1007bce45040c0af3442e42.
This is legitimate use of the stack funct

stack: Do not add error if pop/shift/value accesses outside of the stack

This partially reverts commit 30eba7f35983a917f1007bce45040c0af3442e42.
This is legitimate use of the stack functions and no error
should be reported apart from the NULL return value.

Fixes #19389

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19400)

show more ...

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)

show more ...

stack.c: add missing direct error reporting and improve coding style

Doing so, had to fix sloppiness in using the stack API in crypto/conf/conf_def.c,
ssl/ssl_ciph.c, ssl/statem/statem_s

stack.c: add missing direct error reporting and improve coding style

Doing so, had to fix sloppiness in using the stack API in crypto/conf/conf_def.c,
ssl/ssl_ciph.c, ssl/statem/statem_srvr.c, and mostly in test/helpers/ssltestlib.c.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18918)

show more ...

Fix Coverity 1493746: constant expression result

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17034)

stack: increase the reallocation ratio

This change increases the reallocation ratio from 1.5 to 1.6.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/

stack: increase the reallocation ratio

This change increases the reallocation ratio from 1.5 to 1.6.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16930)

show more ...

Improve the implementation of X509_STORE_CTX_get1_issuer()

It is possible for the stack of X509_OBJECTs held in an X509_STORE_CTX to
have a custom compare function associated with it. No

Improve the implementation of X509_STORE_CTX_get1_issuer()

It is possible for the stack of X509_OBJECTs held in an X509_STORE_CTX to
have a custom compare function associated with it. Normally (by default)
this uses X509_NAME_cmp(). The X509_STORE_CTX_get1_issuer() function
assumed that it would always be X509_NAME_cmp().

By implementing OPENSSL_sk_find_all() function we can avoid explicitly
using X509_NAME_cmp() in X509_STORE_CTX_get1_issuer().

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14728)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)

Allow NULL arg to OPENSSL_sk_{dup,deep_copy} returning empty stack

This simplifies many usages

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openss

Allow NULL arg to OPENSSL_sk_{dup,deep_copy} returning empty stack

This simplifies many usages

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14040)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13533)

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using ut

Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call

This includes error reporting for libcrypto sub-libraries in surprising
places.

This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13318)

show more ...

ossl_bsearch(): New generic internal binary search utility function

OBJ_bsearch_ and OBJ_bsearch_ex_ are generic functions that don't
really belong with the OBJ API, but should rather be

ossl_bsearch(): New generic internal binary search utility function

OBJ_bsearch_ and OBJ_bsearch_ex_ are generic functions that don't
really belong with the OBJ API, but should rather be generic utility
functions. The ending underscore indicates that they are considered
internal, even though they are declared publicly.

Since crypto/stack/stack.c uses OBJ_bsearch_ex_, the stack API ends up
depending on the OBJ API, which is unnecessary, and carries along
other dependencies.

Therefor, a generic internal function is created, ossl_bsearch().
This removes the unecessary dependencies.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8899)

show more ...

Following the license change, modify the boilerplates in crypto/stack/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Following the license change, modify the boilerplates in crypto/stack/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7820)

show more ...

Revert "stack/stack.c: omit redundant NULL checks."

This reverts commit 8839324450b569a6253e0dd237ee3e417ef17771.

Removing these checks changes the behaviour of the API which is not

Revert "stack/stack.c: omit redundant NULL checks."

This reverts commit 8839324450b569a6253e0dd237ee3e417ef17771.

Removing these checks changes the behaviour of the API which is not
appropriate for a minor release. This also fixes a failure in the
fuzz tests when building with no-comp.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6895)

show more ...

stack/stack.c: omit redundant NULL checks.

Checks are left in OPENSSL_sk_shift, OPENSSL_sk_pop and OPENSSL_sk_num.
This is because these are used as "opportunistic" readers, pulling

stack/stack.c: omit redundant NULL checks.

Checks are left in OPENSSL_sk_shift, OPENSSL_sk_pop and OPENSSL_sk_num.
This is because these are used as "opportunistic" readers, pulling
whatever datai, if any, set by somebody else. All calls that add data
don't check for stack being NULL, because caller should have checked
if stack was actually created.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6860)

show more ...

Fix last(?) batch of malloc-NULL places

Add a script to find them in the future

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/o

Fix last(?) batch of malloc-NULL places

Add a script to find them in the future

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/6103)

show more ...

Update copyright year

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5990)

Set error code on alloc failures

Almost all *alloc failures now set an error code.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.co

Set error code on alloc failures

Almost all *alloc failures now set an error code.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5842)

show more ...

Add sk_TYPE_new_reserve() function

This is a combination of sk_new and sk_reserve, to make it more
convenient to allocate a new stack with reserved memory and comaprison
function (if

Add sk_TYPE_new_reserve() function

This is a combination of sk_new and sk_reserve, to make it more
convenient to allocate a new stack with reserved memory and comaprison
function (if any).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4559)

show more ...

stack/stack.c: various cleanups.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

stack/stack.c: various cleanups.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4455)

show more ...

Postpone allocation of STACK internal storage ... until a first push(),
insert() or an explicit call to OPENSSL_sk_reserve

Factorise STACK item deletion code

Reviewed-by: Andy P

Postpone allocation of STACK internal storage ... until a first push(),
insert() or an explicit call to OPENSSL_sk_reserve

Factorise STACK item deletion code

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4379)

show more ...