Avoid undefined behaviour with the <ctype.h> functions.

fix https://github.com/openssl/openssl/issues/25112

As defined in the C standard:

In all cases the argument is an

Avoid undefined behaviour with the <ctype.h> functions.

fix https://github.com/openssl/openssl/issues/25112

As defined in the C standard:

In all cases the argument is an int, the value of which shall
be representable as an unsigned char or shall equal the value
of the macro EOF. If the argument has any other value, the
behavior is undefined.

This is because they're designed to work with the int values returned
by getc or fgetc; they need extra work to handle a char value.

If EOF is -1 (as it almost always is), with 8-bit bytes, the allowed
inputs to the ctype.h functions are:

{-1, 0, 1, 2, 3, ..., 255}.

However, on platforms where char is signed, such as x86 with the
usual ABI, code like

char *p = ...;
... isspace(*p) ...

may pass in values in the range:

{-128, -127, -126, ..., -2, -1, 0, 1, ..., 127}.

This has two problems:

1. Inputs in the set {-128, -127, -126, ..., -2} are forbidden.

2. The non-EOF byte 0xff is conflated with the value EOF = -1, so
even though the input is not forbidden, it may give the wrong
answer.

Casting char inputs to unsigned char first works around this, by
mapping the (non-EOF character) range {-128, -127, ..., -1} to {128,
129, ..., 255}, leaving no collisions with EOF. So the above
fragment needs to be:

char *p = ...;
... isspace((unsigned char)*p) ...

This patch inserts unsigned char casts where necessary. Most of the
cases I changed, I compile-tested using -Wchar-subscripts -Werror on
NetBSD, which defines the ctype.h functions as macros so that they
trigger the warning when the argument has type char. The exceptions
are under #ifdef __VMS or #ifdef _WIN32. I left alone calls where
the input is int where the cast would obviously be wrong; and I left
alone calls where the input is already unsigned char so the cast is
unnecessary.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25113)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Cast the argument to unsigned char when calling isdigit()

Fixes #21123

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: T

Cast the argument to unsigned char when calling isdigit()

Fixes #21123

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21127)

show more ...

apps & al : Fix various typos, repeated words, align some spelling to LDP.
Mostly revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname

apps & al : Fix various typos, repeated words, align some spelling to LDP.
Mostly revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)

show more ...

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,

Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)

show more ...

Fix the checks of UI_add_input_string

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged f

Fix the checks of UI_add_input_string

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18424)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

str[n]casecmp => OPENSSL_strncasecmp

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)

Move e_os.h to include/internal

Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.

Since we don't seem to b

Move e_os.h to include/internal

Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.

Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)

show more ...

add OSSL_STACK_OF_X509_free() for commonly used pattern

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)

ossl_do_blob_header: fix return check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1702

ossl_do_blob_header: fix return check

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17028)

show more ...

Move more general parts of internal/cryptlib.h to new internal/common.h

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)

Add and use HAS_CASE_PREFIX(), CHECK_AND_SKIP_CASE_PREFIX(), and HAS_CASE_SUFFIX()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15847)

Fix file_name_check() in storemgmt/file_store.c and e_loader_attic.c

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://githu

Fix file_name_check() in storemgmt/file_store.c and e_loader_attic.c

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15892)

show more ...

Make sure to include "crypto/ctype.h" to get ossl_isdigit()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)

e_loader_attic: fix a use after free issue

Fixes #15116

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://g

e_loader_attic: fix a use after free issue

Fixes #15116

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15238)

show more ...

engine: fix double free on error path.

In function try_decode_PKCS8Encrypted, p8 is freed via X509_SIG_free() at line 481.
If function new_EMBEDDED() returns a null pointer at line 483,

engine: fix double free on error path.

In function try_decode_PKCS8Encrypted, p8 is freed via X509_SIG_free() at line 481.
If function new_EMBEDDED() returns a null pointer at line 483, the execution will goto nop8.
In the nop8 branch, p8 is freed again at line 491.

Bug reported by @Yunlongs

Fixes #14915

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14921)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)

Add X509_NAME_hash_ex() to be able to check if it failed due to unsupported SHA1

Deprecate X509_NAME_hash()
Document X509_NAME_hash_ex(), X509_NAME_hash(), X509_{subject,issuer}_name_has

Add X509_NAME_hash_ex() to be able to check if it failed due to unsupported SHA1

Deprecate X509_NAME_hash()
Document X509_NAME_hash_ex(), X509_NAME_hash(), X509_{subject,issuer}_name_hash()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13762)

show more ...

Remove unnecessary guards around MSBLOB and PVK readers and writers

The OPENSSL_NO_RC4 guard remain around protected PVK tests in
test/endecoder_test.c.

Reviewed-by: Paul Dale <

Remove unnecessary guards around MSBLOB and PVK readers and writers

The OPENSSL_NO_RC4 guard remain around protected PVK tests in
test/endecoder_test.c.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13648)

show more ...

e_loader_attic.c: Improve result handling of file_load_try_decode()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/4930)

Allow for PKCS#12 input without MAC in p12_kiss.c and e_loader_attic.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/4930)

e_loader_attic.c: Remove redundant 'pass phrase' sub-string from try_decode_PKCS12()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pul

e_loader_attic.c: Remove redundant 'pass phrase' sub-string from try_decode_PKCS12()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/4930)

show more ...

Avoid duplicate ends_with_dirsep functions

Refactor them into inline ossl_ends_with_dirsep function in
internal/cryptlib.h.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Mer

Avoid duplicate ends_with_dirsep functions

Refactor them into inline ossl_ends_with_dirsep function in
internal/cryptlib.h.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13306)

show more ...

Unexport internal MSBLOB and PVK functions

The following internal functions are affected:

ossl_do_blob_header
ossl_do_PVK_header
ossl_b2i
ossl_b2i_bio

Unexport internal MSBLOB and PVK functions

The following internal functions are affected:

ossl_do_blob_header
ossl_do_PVK_header
ossl_b2i
ossl_b2i_bio

This is reflected by moving include/internal/pem.h to include/crypto/pem.h
engines/e_loader_attic gets the source code added to it to have
continued access to those functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13195)

show more ...