From rsalz at openssl.org Sun Nov 1 13:10:19 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 01 Nov 2015 13:10:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446383419.911065.31508.nullmailer@dev.openssl.org> The branch master has been updated via b92fafcc2f2c749c620db60901739fb6c32fc456 (commit) from b0700d2c8de79252ba605748a075cf2e5d670da1 (commit) - Log ----------------------------------------------------------------- commit b92fafcc2f2c749c620db60901739fb6c32fc456 Author: Rich Salz Date: Sun Nov 1 08:09:57 2015 -0500 Remove des_ver.h; broke build. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/des/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/des/Makefile b/crypto/des/Makefile index 1233fad..be24584 100644 --- a/crypto/des/Makefile +++ b/crypto/des/Makefile @@ -39,7 +39,7 @@ LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ SRC= $(LIBSRC) -HEADER= des_locl.h rpc_des.h spr.h des_ver.h +HEADER= des_locl.h rpc_des.h spr.h ALL= $(GENERAL) $(SRC) $(HEADER) From rsalz at openssl.org Sun Nov 1 13:17:04 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 01 Nov 2015 13:17:04 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446383824.981191.429.nullmailer@dev.openssl.org> The branch master has been updated via b06935f439af7150d3ae566922353c3f210e63ed (commit) from b92fafcc2f2c749c620db60901739fb6c32fc456 (commit) - Log ----------------------------------------------------------------- commit b06935f439af7150d3ae566922353c3f210e63ed Author: Rich Salz Date: Thu Oct 29 12:06:06 2015 -0400 Various README updates Close GH Issue 69 Close GH PR 457 Some other updates By Rich Salz, Alessandro Ghedini, Steve Marquess, Collin Anderson Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: README | 113 ++++++++++++++++++++--------------------------------------------- 1 file changed, 35 insertions(+), 78 deletions(-) diff --git a/README b/README index 1ee02b3..cc20f57 100644 --- a/README +++ b/README @@ -10,17 +10,17 @@ The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the - Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) - protocols as well as a full-strength general purpose cryptography library. - The project is managed by a worldwide community of volunteers that use the - Internet to communicate, plan, and develop the OpenSSL toolkit and its - related documentation. + Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as + well as a full-strength general purpose cryptograpic library. The project is + managed by a worldwide community of volunteers that use the Internet to + communicate, plan, and develop the OpenSSL toolkit and its related + documentation. - OpenSSL is based on the excellent SSLeay library developed from Eric A. Young + OpenSSL is descended from the SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the - OpenSSL license plus the SSLeay license) situation, which basically means - that you are free to get and use it for commercial and non-commercial - purposes as long as you fulfill the conditions of both licenses. + OpenSSL license plus the SSLeay license), which means that you are free to + get and use it for commercial and non-commercial purposes as long as you + fulfill the conditions of both licenses. OVERVIEW -------- @@ -28,90 +28,39 @@ The OpenSSL toolkit includes: libssl.a: - Implementation of SSLv2, SSLv3, TLSv1 and the required code to support - both SSLv2, SSLv3 and TLSv1 in the one server and client. + Provides the client and server-side implementations for SSLv3 and TLS. libcrypto.a: - General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not - actually logically part of it. It includes routines for the following: - - Ciphers - libdes - EAY's libdes DES encryption package which was floating - around the net for a few years, and was then relicensed by - him as part of SSLeay. It includes 15 'modes/variations' - of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb; - pcbc and a more general form of cfb and ofb) including desx - in cbc mode, a fast crypt(3), and routines to read - passwords from the keyboard. - RC4 encryption, - RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. - Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. - IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. - - Digests - MD5 and MD2 message digest algorithms, fast implementations, - SHA (SHA-0) and SHA-1 message digest algorithms, - MDC2 message digest. A DES based hash that is popular on smart cards. - - Public Key - RSA encryption/decryption/generation. - There is no limit on the number of bits. - DSA encryption/decryption/generation. - There is no limit on the number of bits. - Diffie-Hellman key-exchange/key generation. - There is no limit on the number of bits. - - X.509v3 certificates - X509 encoding/decoding into/from binary ASN1 and a PEM - based ASCII-binary encoding which supports encryption with a - private key. Program to generate RSA and DSA certificate - requests and to generate RSA and DSA certificates. - - Systems - The normal digital envelope routines and base64 encoding. Higher - level access to ciphers and digests by name. New ciphers can be - loaded at run time. The BIO io system which is a simple non-blocking - IO abstraction. Current methods supported are file descriptors, - sockets, socket accept, socket connect, memory buffer, buffering, SSL - client/server, file pointer, encryption, digest, non-blocking testing - and null. - - Data structures - A dynamically growing hashing system - A simple stack. - A Configuration loader that uses a format similar to MS .ini files. + Provides general cryptographic and X.509 support needed by SSL/TLS but + not logically part of it. openssl: A command line tool that can be used for: - Creation of RSA, DH and DSA key parameters + Creation of key parameters Creation of X.509 certificates, CSRs and CRLs - Calculation of Message Digests - Encryption and Decryption with Ciphers - SSL/TLS Client and Server Tests + Calculation of message digests + Encryption and decryption + SSL/TLS client and server tests Handling of S/MIME signed or encrypted mail + And more... INSTALLATION ------------ - To install this package under a Unix derivative, read the INSTALL file. For - a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read - INSTALL.VMS. - - Read the documentation in the doc/ directory. It is quite rough, but it - lists the functions; you will probably have to look at the code to work out - how to use them. Look at the example programs. - - PROBLEMS - -------- - - For some platforms, there are some known problems that may affect the user - or application author. We try to collect those in doc/PROBLEMS, with current - thoughts on how they should be solved in a future of OpenSSL. + See the appropriate file: + INSTALL Linux, Unix, etc. + INSTALL.DJGPP DOS platform with DJGPP + INSTALL.NW Netware + INSTALL.OS2 OS/2 + INSTALL.VMS VMS + INSTALL.W32 Windows (32bit) + INSTALL.W64 Windows (64bit) + INSTALL.WCE Windows CE SUPPORT ------- - See the OpenSSL website www.openssl.org for details of how to obtain + See the OpenSSL website www.openssl.org for details on how to obtain commercial technical support. If you have any problems with OpenSSL then please take the following steps @@ -159,3 +108,11 @@ ---------------------------- See CONTRIBUTING + + LEGALITIES + ---------- + + A number of nations, in particular the U.S., restrict the use or export + of cryptography. If you are potentially subject to such restrictions + you should seek competent professional legal advice before attempting to + develop or distribute cryptographic code. From rsalz at openssl.org Sun Nov 1 13:34:46 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 01 Nov 2015 13:34:46 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446384886.526374.2913.nullmailer@dev.openssl.org> The branch master has been updated via a2aaf8be7e3c22a61ef89f273aa85f482b955336 (commit) from b06935f439af7150d3ae566922353c3f210e63ed (commit) - Log ----------------------------------------------------------------- commit a2aaf8be7e3c22a61ef89f273aa85f482b955336 Author: Rich Salz Date: Sun Nov 1 08:34:13 2015 -0500 PR1279: Clean up CONTRIBUTING Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index a04dbea..1d46f7b 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -7,9 +7,9 @@ would like to submit a patch, send it to rt at openssl.org with the string "[PATCH]" in the subject. Please be sure to include a textual explanation of what your patch does. -You can also make GitHub pull requests. If you do this, please also send mail to -rt at openssl.org with a brief description and a link to the PR so that we can more -easily keep track of it. +You can also make GitHub pull requests. If you do this, please also send +mail to rt at openssl.org with a brief description and a link to the PR so +that we can more easily keep track of it. If you are unsure as to whether a feature will be useful for the general OpenSSL community please discuss it on the openssl-dev mailing list first. @@ -19,22 +19,11 @@ reason as to why that feature isn't implemented. Patches should be as up to date as possible, preferably relative to the current Git or the last snapshot. They should follow our coding style (see https://www.openssl.org/policies/codingstyle.html) and compile without -warnings using the --strict-warnings flag. OpenSSL compiles on many -varied platforms: try to ensure you only use portable features. +warnings using the --strict-warnings flag. OpenSSL compiles on many varied +platforms: try to ensure you only use portable features. -Note: For legal reasons, contributions from the US can be accepted only -if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov -(formerly BXA) with a copy to the ENC Encryption Request Coordinator; -please take some time to look at -http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic] -and -http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)) -for the details. If "your encryption source code is too large to serve as -an email attachment", they are glad to receive it by fax instead; hope you -have a cheap long-distance plan. - -Our preferred format for changes is "diff -u" output. You might -generate it like this: +Our preferred format for changes is "diff -u" output. One method is to use +"git diff" Another is to generate it something like this: # cd openssl-work # [your changes] From rsalz at openssl.org Sun Nov 1 13:40:22 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 01 Nov 2015 13:40:22 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1446385222.673207.4022.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 706c85da79f8efb5f4da661f4a5117a8bbd4343b (commit) from dfb23a5ac80bb9a74bd1f44a90ccff54bc3a8c31 (commit) - Log ----------------------------------------------------------------- commit 706c85da79f8efb5f4da661f4a5117a8bbd4343b Author: Rich Salz Date: Sun Nov 1 08:38:42 2015 -0500 Various README and CONTRIBUTING updates Close GH Issue 69 Close GH PR 457/RT4113 Some other updates By Rich Salz, Alessandro Ghedini, Steve Marquess, Collin Anderson (manual cherry-pick of a2aaf8be7e3c22a61ef89f273aa85f482b955336 and b06935f439af7150d3ae566922353c3f210e63ed) Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 32 +++++++++++++ README | 151 ++++++++++++++--------------------------------------------- 2 files changed, 68 insertions(+), 115 deletions(-) create mode 100644 CONTRIBUTING diff --git a/CONTRIBUTING b/CONTRIBUTING new file mode 100644 index 0000000..1d46f7b --- /dev/null +++ b/CONTRIBUTING @@ -0,0 +1,32 @@ +HOW TO CONTRIBUTE TO OpenSSL +---------------------------- + +Development is coordinated on the openssl-dev mailing list (see +http://www.openssl.org for information on subscribing). If you +would like to submit a patch, send it to rt at openssl.org with +the string "[PATCH]" in the subject. Please be sure to include a +textual explanation of what your patch does. + +You can also make GitHub pull requests. If you do this, please also send +mail to rt at openssl.org with a brief description and a link to the PR so +that we can more easily keep track of it. + +If you are unsure as to whether a feature will be useful for the general +OpenSSL community please discuss it on the openssl-dev mailing list first. +Someone may be already working on the same thing or there may be a good +reason as to why that feature isn't implemented. + +Patches should be as up to date as possible, preferably relative to the +current Git or the last snapshot. They should follow our coding style +(see https://www.openssl.org/policies/codingstyle.html) and compile without +warnings using the --strict-warnings flag. OpenSSL compiles on many varied +platforms: try to ensure you only use portable features. + +Our preferred format for changes is "diff -u" output. One method is to use +"git diff" Another is to generate it something like this: + +# cd openssl-work +# [your changes] +# ./Configure dist; make clean +# cd .. +# diff -ur openssl-orig openssl-work > mydiffs.patch diff --git a/README b/README index 2bdbfea..cc20f57 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2e-dev + OpenSSL 1.1.0-dev Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -10,17 +10,17 @@ The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the - Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) - protocols as well as a full-strength general purpose cryptography library. - The project is managed by a worldwide community of volunteers that use the - Internet to communicate, plan, and develop the OpenSSL toolkit and its - related documentation. + Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as + well as a full-strength general purpose cryptograpic library. The project is + managed by a worldwide community of volunteers that use the Internet to + communicate, plan, and develop the OpenSSL toolkit and its related + documentation. - OpenSSL is based on the excellent SSLeay library developed from Eric A. Young + OpenSSL is descended from the SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the - OpenSSL license plus the SSLeay license) situation, which basically means - that you are free to get and use it for commercial and non-commercial - purposes as long as you fulfill the conditions of both licenses. + OpenSSL license plus the SSLeay license), which means that you are free to + get and use it for commercial and non-commercial purposes as long as you + fulfill the conditions of both licenses. OVERVIEW -------- @@ -28,90 +28,39 @@ The OpenSSL toolkit includes: libssl.a: - Implementation of SSLv2, SSLv3, TLSv1 and the required code to support - both SSLv2, SSLv3 and TLSv1 in the one server and client. + Provides the client and server-side implementations for SSLv3 and TLS. libcrypto.a: - General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not - actually logically part of it. It includes routines for the following: - - Ciphers - libdes - EAY's libdes DES encryption package which was floating - around the net for a few years, and was then relicensed by - him as part of SSLeay. It includes 15 'modes/variations' - of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb; - pcbc and a more general form of cfb and ofb) including desx - in cbc mode, a fast crypt(3), and routines to read - passwords from the keyboard. - RC4 encryption, - RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. - Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. - IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. - - Digests - MD5 and MD2 message digest algorithms, fast implementations, - SHA (SHA-0) and SHA-1 message digest algorithms, - MDC2 message digest. A DES based hash that is popular on smart cards. - - Public Key - RSA encryption/decryption/generation. - There is no limit on the number of bits. - DSA encryption/decryption/generation. - There is no limit on the number of bits. - Diffie-Hellman key-exchange/key generation. - There is no limit on the number of bits. - - X.509v3 certificates - X509 encoding/decoding into/from binary ASN1 and a PEM - based ASCII-binary encoding which supports encryption with a - private key. Program to generate RSA and DSA certificate - requests and to generate RSA and DSA certificates. - - Systems - The normal digital envelope routines and base64 encoding. Higher - level access to ciphers and digests by name. New ciphers can be - loaded at run time. The BIO io system which is a simple non-blocking - IO abstraction. Current methods supported are file descriptors, - sockets, socket accept, socket connect, memory buffer, buffering, SSL - client/server, file pointer, encryption, digest, non-blocking testing - and null. - - Data structures - A dynamically growing hashing system - A simple stack. - A Configuration loader that uses a format similar to MS .ini files. + Provides general cryptographic and X.509 support needed by SSL/TLS but + not logically part of it. openssl: A command line tool that can be used for: - Creation of RSA, DH and DSA key parameters + Creation of key parameters Creation of X.509 certificates, CSRs and CRLs - Calculation of Message Digests - Encryption and Decryption with Ciphers - SSL/TLS Client and Server Tests + Calculation of message digests + Encryption and decryption + SSL/TLS client and server tests Handling of S/MIME signed or encrypted mail + And more... INSTALLATION ------------ - To install this package under a Unix derivative, read the INSTALL file. For - a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read - INSTALL.VMS. - - Read the documentation in the doc/ directory. It is quite rough, but it - lists the functions; you will probably have to look at the code to work out - how to use them. Look at the example programs. - - PROBLEMS - -------- - - For some platforms, there are some known problems that may affect the user - or application author. We try to collect those in doc/PROBLEMS, with current - thoughts on how they should be solved in a future of OpenSSL. + See the appropriate file: + INSTALL Linux, Unix, etc. + INSTALL.DJGPP DOS platform with DJGPP + INSTALL.NW Netware + INSTALL.OS2 OS/2 + INSTALL.VMS VMS + INSTALL.W32 Windows (32bit) + INSTALL.W64 Windows (64bit) + INSTALL.WCE Windows CE SUPPORT ------- - See the OpenSSL website www.openssl.org for details of how to obtain + See the OpenSSL website www.openssl.org for details on how to obtain commercial technical support. If you have any problems with OpenSSL then please take the following steps @@ -158,40 +107,12 @@ HOW TO CONTRIBUTE TO OpenSSL ---------------------------- - Development is coordinated on the openssl-dev mailing list (see - http://www.openssl.org for information on subscribing). If you - would like to submit a patch, send it to openssl-bugs at openssl.org with - the string "[PATCH]" in the subject. Please be sure to include a - textual explanation of what your patch does. - - If you are unsure as to whether a feature will be useful for the general - OpenSSL community please discuss it on the openssl-dev mailing list first. - Someone may be already working on the same thing or there may be a good - reason as to why that feature isn't implemented. - - Patches should be as up to date as possible, preferably relative to the - current Git or the last snapshot. They should follow our coding style - (see http://openssl.org/about/codingstyle.txt) and compile without - warnings using the --strict-warnings flag. OpenSSL compiles on many - varied platforms: try to ensure you only use portable features. - - Note: For legal reasons, contributions from the US can be accepted only - if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov - (formerly BXA) with a copy to the ENC Encryption Request Coordinator; - please take some time to look at - http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic] - and - http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)) - for the details. If "your encryption source code is too large to serve as - an email attachment", they are glad to receive it by fax instead; hope you - have a cheap long-distance plan. - - Our preferred format for changes is "diff -u" output. You might - generate it like this: - - # cd openssl-work - # [your changes] - # ./Configure dist; make clean - # cd .. - # diff -ur openssl-orig openssl-work > mydiffs.patch + See CONTRIBUTING + + LEGALITIES + ---------- + A number of nations, in particular the U.S., restrict the use or export + of cryptography. If you are potentially subject to such restrictions + you should seek competent professional legal advice before attempting to + develop or distribute cryptographic code. From rsalz at openssl.org Sun Nov 1 13:41:59 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 01 Nov 2015 13:41:59 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1446385319.601746.4424.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 0f5fdb73d7625c23461e66f158a293ade362f6c3 (commit) from 9f82c7b3aa125b8a91905f61836d79d96d62d5c6 (commit) - Log ----------------------------------------------------------------- commit 0f5fdb73d7625c23461e66f158a293ade362f6c3 Author: Rich Salz Date: Sun Nov 1 08:41:05 2015 -0500 Some README and CONTRIBUTING cleanups. Close GH Issue 69 Close GH PR 457/RT4113 Some other updates By Rich Salz, Alessandro Ghedini, Steve Marquess, Collin Anderson (manual cherry-pick of a2aaf8be7e3c22a61ef89f273aa85f482b955336 and b06935f439af7150d3ae566922353c3f210e63ed) Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 32 +++++++++++ README | 182 +++++++++++++---------------------------------------------- 2 files changed, 70 insertions(+), 144 deletions(-) create mode 100644 CONTRIBUTING diff --git a/CONTRIBUTING b/CONTRIBUTING new file mode 100644 index 0000000..1d46f7b --- /dev/null +++ b/CONTRIBUTING @@ -0,0 +1,32 @@ +HOW TO CONTRIBUTE TO OpenSSL +---------------------------- + +Development is coordinated on the openssl-dev mailing list (see +http://www.openssl.org for information on subscribing). If you +would like to submit a patch, send it to rt at openssl.org with +the string "[PATCH]" in the subject. Please be sure to include a +textual explanation of what your patch does. + +You can also make GitHub pull requests. If you do this, please also send +mail to rt at openssl.org with a brief description and a link to the PR so +that we can more easily keep track of it. + +If you are unsure as to whether a feature will be useful for the general +OpenSSL community please discuss it on the openssl-dev mailing list first. +Someone may be already working on the same thing or there may be a good +reason as to why that feature isn't implemented. + +Patches should be as up to date as possible, preferably relative to the +current Git or the last snapshot. They should follow our coding style +(see https://www.openssl.org/policies/codingstyle.html) and compile without +warnings using the --strict-warnings flag. OpenSSL compiles on many varied +platforms: try to ensure you only use portable features. + +Our preferred format for changes is "diff -u" output. One method is to use +"git diff" Another is to generate it something like this: + +# cd openssl-work +# [your changes] +# ./Configure dist; make clean +# cd .. +# diff -ur openssl-orig openssl-work > mydiffs.patch diff --git a/README b/README index e851aff..cc20f57 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ - OpenSSL 1.0.1q-dev + OpenSSL 1.1.0-dev - Copyright (c) 1998-2011 The OpenSSL Project + Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -10,17 +10,17 @@ The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the - Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) - protocols as well as a full-strength general purpose cryptography library. - The project is managed by a worldwide community of volunteers that use the - Internet to communicate, plan, and develop the OpenSSL toolkit and its - related documentation. + Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as + well as a full-strength general purpose cryptograpic library. The project is + managed by a worldwide community of volunteers that use the Internet to + communicate, plan, and develop the OpenSSL toolkit and its related + documentation. - OpenSSL is based on the excellent SSLeay library developed from Eric A. Young + OpenSSL is descended from the SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the - OpenSSL license plus the SSLeay license) situation, which basically means - that you are free to get and use it for commercial and non-commercial - purposes as long as you fulfill the conditions of both licenses. + OpenSSL license plus the SSLeay license), which means that you are free to + get and use it for commercial and non-commercial purposes as long as you + fulfill the conditions of both licenses. OVERVIEW -------- @@ -28,116 +28,39 @@ The OpenSSL toolkit includes: libssl.a: - Implementation of SSLv2, SSLv3, TLSv1 and the required code to support - both SSLv2, SSLv3 and TLSv1 in the one server and client. + Provides the client and server-side implementations for SSLv3 and TLS. libcrypto.a: - General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not - actually logically part of it. It includes routines for the following: - - Ciphers - libdes - EAY's libdes DES encryption package which was floating - around the net for a few years, and was then relicensed by - him as part of SSLeay. It includes 15 'modes/variations' - of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb; - pcbc and a more general form of cfb and ofb) including desx - in cbc mode, a fast crypt(3), and routines to read - passwords from the keyboard. - RC4 encryption, - RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. - Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. - IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. - - Digests - MD5 and MD2 message digest algorithms, fast implementations, - SHA (SHA-0) and SHA-1 message digest algorithms, - MDC2 message digest. A DES based hash that is popular on smart cards. - - Public Key - RSA encryption/decryption/generation. - There is no limit on the number of bits. - DSA encryption/decryption/generation. - There is no limit on the number of bits. - Diffie-Hellman key-exchange/key generation. - There is no limit on the number of bits. - - X.509v3 certificates - X509 encoding/decoding into/from binary ASN1 and a PEM - based ASCII-binary encoding which supports encryption with a - private key. Program to generate RSA and DSA certificate - requests and to generate RSA and DSA certificates. - - Systems - The normal digital envelope routines and base64 encoding. Higher - level access to ciphers and digests by name. New ciphers can be - loaded at run time. The BIO io system which is a simple non-blocking - IO abstraction. Current methods supported are file descriptors, - sockets, socket accept, socket connect, memory buffer, buffering, SSL - client/server, file pointer, encryption, digest, non-blocking testing - and null. - - Data structures - A dynamically growing hashing system - A simple stack. - A Configuration loader that uses a format similar to MS .ini files. + Provides general cryptographic and X.509 support needed by SSL/TLS but + not logically part of it. openssl: A command line tool that can be used for: - Creation of RSA, DH and DSA key parameters + Creation of key parameters Creation of X.509 certificates, CSRs and CRLs - Calculation of Message Digests - Encryption and Decryption with Ciphers - SSL/TLS Client and Server Tests + Calculation of message digests + Encryption and decryption + SSL/TLS client and server tests Handling of S/MIME signed or encrypted mail - - - PATENTS - ------- - - Various companies hold various patents for various algorithms in various - locations around the world. _YOU_ are responsible for ensuring that your use - of any algorithms is legal by checking if there are any patents in your - country. The file contains some of the patents that we know about or are - rumored to exist. This is not a definitive list. - - RSA Security holds software patents on the RC5 algorithm. If you - intend to use this cipher, you must contact RSA Security for - licensing conditions. Their web page is http://www.rsasecurity.com/. - - RC4 is a trademark of RSA Security, so use of this label should perhaps - only be used with RSA Security's permission. - - The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, - Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They - should be contacted if that algorithm is to be used; their web page is - http://www.ascom.ch/. - - NTT and Mitsubishi have patents and pending patents on the Camellia - algorithm, but allow use at no charge without requiring an explicit - licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html + And more... INSTALLATION ------------ - To install this package under a Unix derivative, read the INSTALL file. For - a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read - INSTALL.VMS. - - Read the documentation in the doc/ directory. It is quite rough, but it - lists the functions; you will probably have to look at the code to work out - how to use them. Look at the example programs. - - PROBLEMS - -------- - - For some platforms, there are some known problems that may affect the user - or application author. We try to collect those in doc/PROBLEMS, with current - thoughts on how they should be solved in a future of OpenSSL. + See the appropriate file: + INSTALL Linux, Unix, etc. + INSTALL.DJGPP DOS platform with DJGPP + INSTALL.NW Netware + INSTALL.OS2 OS/2 + INSTALL.VMS VMS + INSTALL.W32 Windows (32bit) + INSTALL.W64 Windows (64bit) + INSTALL.WCE Windows CE SUPPORT ------- - See the OpenSSL website www.openssl.org for details of how to obtain + See the OpenSSL website www.openssl.org for details on how to obtain commercial technical support. If you have any problems with OpenSSL then please take the following steps @@ -161,8 +84,7 @@ - Problem Description (steps that will reproduce the problem, if known) - Stack Traceback (if the application dumps core) - Report the bug to the OpenSSL project via the Request Tracker - (http://www.openssl.org/support/rt.html) by mail to: + Email the report to: rt at openssl.org @@ -185,40 +107,12 @@ HOW TO CONTRIBUTE TO OpenSSL ---------------------------- - Development is coordinated on the openssl-dev mailing list (see - http://www.openssl.org for information on subscribing). If you - would like to submit a patch, send it to openssl-bugs at openssl.org with - the string "[PATCH]" in the subject. Please be sure to include a - textual explanation of what your patch does. - - If you are unsure as to whether a feature will be useful for the general - OpenSSL community please discuss it on the openssl-dev mailing list first. - Someone may be already working on the same thing or there may be a good - reason as to why that feature isn't implemented. - - Patches should be as up to date as possible, preferably relative to the - current Git or the last snapshot. They should follow our coding style - (see http://openssl.org/about/codingstyle.txt) and compile without - warnings using the --strict-warnings flag. OpenSSL compiles on many - varied platforms: try to ensure you only use portable features. - - Note: For legal reasons, contributions from the US can be accepted only - if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov - (formerly BXA) with a copy to the ENC Encryption Request Coordinator; - please take some time to look at - http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic] - and - http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)) - for the details. If "your encryption source code is too large to serve as - an email attachment", they are glad to receive it by fax instead; hope you - have a cheap long-distance plan. - - Our preferred format for changes is "diff -u" output. You might - generate it like this: - - # cd openssl-work - # [your changes] - # ./Configure dist; make clean - # cd .. - # diff -ur openssl-orig openssl-work > mydiffs.patch + See CONTRIBUTING + + LEGALITIES + ---------- + A number of nations, in particular the U.S., restrict the use or export + of cryptography. If you are potentially subject to such restrictions + you should seek competent professional legal advice before attempting to + develop or distribute cryptographic code. From rsalz at openssl.org Mon Nov 2 06:57:42 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 02 Nov 2015 06:57:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446447462.706266.11493.nullmailer@dev.openssl.org> The branch master has been updated via 9f07c405bb66d4cba03b00f3a3c1df8bee300120 (commit) from a2aaf8be7e3c22a61ef89f273aa85f482b955336 (commit) - Log ----------------------------------------------------------------- commit 9f07c405bb66d4cba03b00f3a3c1df8bee300120 Author: Soheil Rashidi Date: Thu Oct 29 02:01:06 2015 +0330 Fixed typo in rsautl.pod Signed-off-by: Rich Salz Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/apps/rsautl.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/apps/rsautl.pod b/doc/apps/rsautl.pod index bc87674..6b98b51 100644 --- a/doc/apps/rsautl.pod +++ b/doc/apps/rsautl.pod @@ -56,7 +56,7 @@ the input is a certificate containing an RSA public key. =item B<-sign> sign the input data and output the signed result. This requires -and RSA private key. +an RSA private key. =item B<-verify> From matt at openssl.org Mon Nov 2 14:30:37 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 02 Nov 2015 14:30:37 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446474637.680629.12124.nullmailer@dev.openssl.org> The branch master has been updated via 1c2e5d560d5143d8fc1cf7e6b598199201e60a45 (commit) via 6929b4477b83c8e759ccc5dbc9483095e1c5a146 (commit) via 267b7789f83f7177c96a308a7b30ce4c234ceb52 (commit) from 9f07c405bb66d4cba03b00f3a3c1df8bee300120 (commit) - Log ----------------------------------------------------------------- commit 1c2e5d560d5143d8fc1cf7e6b598199201e60a45 Author: Matt Caswell Date: Fri Oct 30 17:01:01 2015 +0000 Remove a reachable assert from ssl3_write_bytes A buggy application that call SSL_write with a different length after a NBIO event could cause an OPENSSL_assert to be reached. The assert is not actually necessary because there was an explicit check a little further down that would catch this scenario. Therefore remove the assert an move the check a little higher up. Reviewed-by: Rich Salz commit 6929b4477b83c8e759ccc5dbc9483095e1c5a146 Author: Matt Caswell Date: Fri Oct 30 16:50:17 2015 +0000 Remove an OPENSSL_assert which could fail An OPENSSL_assert was being used which could fail (e.g. on a malloc failure). Reviewed-by: Rich Salz commit 267b7789f83f7177c96a308a7b30ce4c234ceb52 Author: Matt Caswell Date: Fri Oct 30 16:39:29 2015 +0000 Remove a trivially true OPENSSL_assert This OPENSSL_assert in (d)tls1_hearbeat is trivially always going to be true because it is testing the sum of values that have been set as constants just a few lines above and nothing has changed them. Therefore remove this. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/d1_lib.c | 6 ------ ssl/record/rec_layer_s3.c | 30 +++++++++++++++--------------- ssl/record/ssl3_record.c | 3 ++- ssl/t1_lib.c | 6 ------ 4 files changed, 17 insertions(+), 28 deletions(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 733973b..b865ad4 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -1023,12 +1023,6 @@ int dtls1_heartbeat(SSL *s) return -1; } - /* - * Check if padding is too long, payload and padding must not exceed 2^14 - * - 3 = 16381 bytes in total. - */ - OPENSSL_assert(payload + padding <= 16381); - /*- * Create HeartBeat message, we just use a sequence number * as payload to distuingish different messages and add diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index e59c203..c9f1b71 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -455,20 +455,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) } s->rwstate = SSL_NOTHING; - OPENSSL_assert(s->rlayer.wnum <= INT_MAX); tot = s->rlayer.wnum; - s->rlayer.wnum = 0; - - if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { - i = s->handshake_func(s); - if (i < 0) - return (i); - if (i == 0) { - SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - } - /* * ensure that if we end up with a smaller value of data to write out * than the the original len from a write which didn't complete for @@ -478,9 +465,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * promptly send beyond the end of the users buffer ... so we trap and * report the error in a way the user will notice */ - if (len < tot) { + if ((unsigned int)len < s->rlayer.wnum) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); - return (-1); + return -1; + } + + + s->rlayer.wnum = 0; + + if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) { + i = s->handshake_func(s); + if (i < 0) + return (i); + if (i == 0) { + SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); + return -1; + } } /* diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 86aaf4f..359d247 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -954,7 +954,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send) EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)); EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length); t = EVP_DigestSignFinal(mac_ctx, md, &md_size); - OPENSSL_assert(t > 0); + if (t <= 0) + return -1; if (!send && !SSL_USE_ETM(ssl) && FIPS_mode()) tls_fips_digest_extra(ssl->enc_read_ctx, mac_ctx, rec->input, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f42fb64..2db0d74 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3685,12 +3685,6 @@ int tls1_heartbeat(SSL *s) return -1; } - /* - * Check if padding is too long, payload and padding must not exceed 2^14 - * - 3 = 16381 bytes in total. - */ - OPENSSL_assert(payload + padding <= 16381); - /*- * Create HeartBeat message, we just use a sequence number * as payload to distuingish different messages and add From matt at openssl.org Mon Nov 2 14:35:04 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 02 Nov 2015 14:35:04 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446474904.541299.13496.nullmailer@dev.openssl.org> The branch master has been updated via f89ee71bc81017e04ac50f570d8aed87f495bcf2 (commit) from 1c2e5d560d5143d8fc1cf7e6b598199201e60a45 (commit) - Log ----------------------------------------------------------------- commit f89ee71bc81017e04ac50f570d8aed87f495bcf2 Author: Matt Caswell Date: Sun Nov 1 14:41:29 2015 +0000 Clarify the preferred way of creating patch files Clarify that git format-patch output is preferred for creating patch files. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index 1d46f7b..9d63d8a 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -22,8 +22,14 @@ current Git or the last snapshot. They should follow our coding style warnings using the --strict-warnings flag. OpenSSL compiles on many varied platforms: try to ensure you only use portable features. -Our preferred format for changes is "diff -u" output. One method is to use -"git diff" Another is to generate it something like this: +Our preferred format for patch files is "git format-patch" output. For example +to provide a patch file containing the last commit in your local git repository +use the following command: + +# git format-patch --stdout HEAD^ >mydiffs.patch + +Another method of creating an acceptable patch file without using git is as +follows: # cd openssl-work # [your changes] From matt at openssl.org Mon Nov 2 14:35:27 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 02 Nov 2015 14:35:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1446474927.244780.14310.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8f486d793b2b12d4cf275eb39f4b97dade1044e3 (commit) from 706c85da79f8efb5f4da661f4a5117a8bbd4343b (commit) - Log ----------------------------------------------------------------- commit 8f486d793b2b12d4cf275eb39f4b97dade1044e3 Author: Matt Caswell Date: Sun Nov 1 14:41:29 2015 +0000 Clarify the preferred way of creating patch files Clarify that git format-patch output is preferred for creating patch files. Reviewed-by: Richard Levitte (cherry picked from commit f89ee71bc81017e04ac50f570d8aed87f495bcf2) ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index 1d46f7b..9d63d8a 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -22,8 +22,14 @@ current Git or the last snapshot. They should follow our coding style warnings using the --strict-warnings flag. OpenSSL compiles on many varied platforms: try to ensure you only use portable features. -Our preferred format for changes is "diff -u" output. One method is to use -"git diff" Another is to generate it something like this: +Our preferred format for patch files is "git format-patch" output. For example +to provide a patch file containing the last commit in your local git repository +use the following command: + +# git format-patch --stdout HEAD^ >mydiffs.patch + +Another method of creating an acceptable patch file without using git is as +follows: # cd openssl-work # [your changes] From matt at openssl.org Mon Nov 2 14:35:40 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 02 Nov 2015 14:35:40 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1446474940.552024.14574.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 22ec08d7b76709750f8c9a8aaf7e86703e4eb56c (commit) from 0f5fdb73d7625c23461e66f158a293ade362f6c3 (commit) - Log ----------------------------------------------------------------- commit 22ec08d7b76709750f8c9a8aaf7e86703e4eb56c Author: Matt Caswell Date: Sun Nov 1 14:41:29 2015 +0000 Clarify the preferred way of creating patch files Clarify that git format-patch output is preferred for creating patch files. Reviewed-by: Richard Levitte (cherry picked from commit f89ee71bc81017e04ac50f570d8aed87f495bcf2) ----------------------------------------------------------------------- Summary of changes: CONTRIBUTING | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING b/CONTRIBUTING index 1d46f7b..9d63d8a 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -22,8 +22,14 @@ current Git or the last snapshot. They should follow our coding style warnings using the --strict-warnings flag. OpenSSL compiles on many varied platforms: try to ensure you only use portable features. -Our preferred format for changes is "diff -u" output. One method is to use -"git diff" Another is to generate it something like this: +Our preferred format for patch files is "git format-patch" output. For example +to provide a patch file containing the last commit in your local git repository +use the following command: + +# git format-patch --stdout HEAD^ >mydiffs.patch + +Another method of creating an acceptable patch file without using git is as +follows: # cd openssl-work # [your changes] From levitte at openssl.org Mon Nov 2 16:39:42 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 02 Nov 2015 16:39:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446482382.785860.8437.nullmailer@dev.openssl.org> The branch master has been updated via 009e9d99a325992096b6112c16b190e47fd1d166 (commit) via 2443030466c3715a9c48770022df72dab7acbb51 (commit) via f564acdaf5edc4ef4ce296221fd3ec4fd3276d1a (commit) via 7281cbaaa73368b44b148948debd38b9b60271e0 (commit) via 8976eb249aa4aae8c5c7a6f59a512cd22d2a9b8e (commit) via 0e474b8b6f328a4fadca7f4689e13d60f1d90515 (commit) via 4b72d5f80cd6f63329aa45936d84093c19e609d0 (commit) from f89ee71bc81017e04ac50f570d8aed87f495bcf2 (commit) - Log ----------------------------------------------------------------- commit 009e9d99a325992096b6112c16b190e47fd1d166 Author: Richard Levitte Date: Mon Nov 2 16:48:53 2015 +0100 Remove the state parameter from BIO_ctrl_set_connected The actual implementation has the state of the connection being controlled with the peer parameter, non-NULL meaning connected and NULL meaning connected. Reviewed-by: Andy Polyakov commit 2443030466c3715a9c48770022df72dab7acbb51 Author: Richard Levitte Date: Mon Nov 2 16:43:28 2015 +0100 BIO_s_datagram() ctrl doesn't support SEEK/TELL, so don't pretend it does Reviewed-by: Andy Polyakov commit f564acdaf5edc4ef4ce296221fd3ec4fd3276d1a Author: Richard Levitte Date: Sun Nov 1 15:56:21 2015 +0100 Correct or add comments indicating what controls belong to what Reviewed-by: Andy Polyakov commit 7281cbaaa73368b44b148948debd38b9b60271e0 Author: Richard Levitte Date: Sun Nov 1 15:48:58 2015 +0100 Remove PROXY controls that aren't used anywhere Reviewed-by: Andy Polyakov commit 8976eb249aa4aae8c5c7a6f59a512cd22d2a9b8e Author: Richard Levitte Date: Sun Nov 1 15:47:41 2015 +0100 Remove dummy argument from BIO_get_bind_mode Reviewed-by: Andy Polyakov commit 0e474b8b6f328a4fadca7f4689e13d60f1d90515 Author: Richard Levitte Date: Sun Nov 1 15:45:49 2015 +0100 Document how BIO_get_conn_ip and BIO_get_conn_int_port actually work No dummy arguments. Reviewed-by: Andy Polyakov commit 4b72d5f80cd6f63329aa45936d84093c19e609d0 Author: Richard Levitte Date: Sun Nov 1 15:42:04 2015 +0100 Have BIO_get_conn_int_port use BIO_ctrl instead BIO_int_ctrl BIO_int_ctrl isn't made for the purpose BIO_get_conn_int_port used it for. This also changes BIO_C_GET_CONNECT to actually return the port instead of assigning it to a pointer that was never returned back to the caller. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_conn.c | 31 ++++++++++++++++++++----------- crypto/bio/bss_dgram.c | 2 -- doc/crypto/BIO_s_accept.pod | 2 +- doc/crypto/BIO_s_connect.pod | 4 ++-- include/openssl/bio.h | 37 +++++++++++++------------------------ 5 files changed, 36 insertions(+), 40 deletions(-) diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 49b0f69..ba009aa 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -403,7 +403,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) { BIO *dbio; int *ip; - const char **pptr; + const char **pptr = NULL; long ret = 1; BIO_CONNECT *data; @@ -426,19 +426,28 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_GET_CONNECT: if (ptr != NULL) { pptr = (const char **)ptr; - if (num == 0) { - *pptr = data->param_hostname; + } - } else if (num == 1) { - *pptr = data->param_port; - } else if (num == 2) { - *pptr = (char *)&(data->ip[0]); - } else if (num == 3) { - *((int *)ptr) = data->port; + if (b->init) { + if (pptr != NULL) { + ret = 1; + if (num == 0) { + *pptr = data->param_hostname; + } else if (num == 1) { + *pptr = data->param_port; + } else if (num == 2) { + *pptr = (char *)&(data->ip[0]); + } else { + ret = 0; + } + } + if (num == 3) { + ret = data->port; } - if ((!b->init) || (ptr == NULL)) + } else { + if (pptr != NULL) *pptr = "not initialized"; - ret = 1; + ret = 0; } break; case BIO_C_SET_CONNECT: diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index e7371c9..9c6af4b 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -512,10 +512,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) switch (cmd) { case BIO_CTRL_RESET: num = 0; - case BIO_C_FILE_SEEK: ret = 0; break; - case BIO_C_FILE_TELL: case BIO_CTRL_INFO: ret = 0; break; diff --git a/doc/crypto/BIO_s_accept.pod b/doc/crypto/BIO_s_accept.pod index 80a8348..87d24a8 100644 --- a/doc/crypto/BIO_s_accept.pod +++ b/doc/crypto/BIO_s_accept.pod @@ -21,7 +21,7 @@ BIO_get_bind_mode, BIO_do_accept - accept BIO long BIO_set_accept_bios(BIO *b, char *bio); long BIO_set_bind_mode(BIO *b, long mode); - long BIO_get_bind_mode(BIO *b, long dummy); + long BIO_get_bind_mode(BIO *b); #define BIO_BIND_NORMAL 0 #define BIO_BIND_REUSEADDR_IF_UNUSED 1 diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod index 4efd567..7582432 100644 --- a/doc/crypto/BIO_s_connect.pod +++ b/doc/crypto/BIO_s_connect.pod @@ -21,8 +21,8 @@ BIO_set_nbio, BIO_do_connect - connect BIO long BIO_set_conn_int_port(BIO *b, char *port); char *BIO_get_conn_hostname(BIO *b); char *BIO_get_conn_port(BIO *b); - char *BIO_get_conn_ip(BIO *b, dummy); - long BIO_get_conn_int_port(BIO *b, int port); + char *BIO_get_conn_ip(BIO *b); + long BIO_get_conn_int_port(BIO *b); long BIO_set_nbio(BIO *b, long n); diff --git a/include/openssl/bio.h b/include/openssl/bio.h index f0fbc5b..09a9510 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -95,8 +95,8 @@ extern "C" { # define BIO_TYPE_BASE64 (11|0x0200)/* filter */ # define BIO_TYPE_CONNECT (12|0x0400|0x0100)/* socket - connect */ # define BIO_TYPE_ACCEPT (13|0x0400|0x0100)/* socket for accept */ -# define BIO_TYPE_PROXY_CLIENT (14|0x0200)/* client proxy BIO */ -# define BIO_TYPE_PROXY_SERVER (15|0x0200)/* server proxy BIO */ +/* # define BIO_TYPE_PROXY_CLIENT (14|0x0200)*/ /* client proxy BIO */ +/* # define BIO_TYPE_PROXY_SERVER (15|0x0200)*/ /* server proxy BIO */ # define BIO_TYPE_NBIO_TEST (16|0x0200)/* server proxy BIO */ # define BIO_TYPE_NULL_FILTER (17|0x0200) # define BIO_TYPE_BER (18|0x0200)/* BER -> bin filter */ @@ -398,7 +398,7 @@ struct bio_dgram_sctp_prinfo { # define BIO_C_SET_CONNECT 100 # define BIO_C_DO_STATE_MACHINE 101 # define BIO_C_SET_NBIO 102 -# define BIO_C_SET_PROXY_PARAM 103 +/* # define BIO_C_SET_PROXY_PARAM 103 */ # define BIO_C_SET_FD 104 # define BIO_C_GET_FD 105 # define BIO_C_SET_FILE_PTR 106 @@ -416,7 +416,7 @@ struct bio_dgram_sctp_prinfo { # define BIO_C_SET_ACCEPT 118 # define BIO_C_SSL_MODE 119 # define BIO_C_GET_MD_CTX 120 -# define BIO_C_GET_PROXY_PARAM 121 +/* # define BIO_C_GET_PROXY_PARAM 121 */ # define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ # define BIO_C_GET_CONNECT 123 # define BIO_C_GET_ACCEPT 124 @@ -466,11 +466,11 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) # define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) # define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) +# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL) # define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) -/* BIO_s_accept_socket() */ +/* BIO_s_accept() */ # define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) # define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ @@ -481,33 +481,22 @@ struct bio_dgram_sctp_prinfo { # define BIO_BIND_REUSEADDR_IF_UNUSED 1 # define BIO_BIND_REUSEADDR 2 # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) -# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +/* BIO_s_accept() and BIO_s_connect() */ # define BIO_do_connect(b) BIO_do_handshake(b) # define BIO_do_accept(b) BIO_do_handshake(b) # define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) -/* BIO_s_proxy_client() */ -# define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) -# define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) -/* BIO_set_nbio(b,n) */ -# define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) -/* BIO *BIO_get_filter_bio(BIO *bio); */ -# define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) -# define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) -# define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) - -# define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) -# define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) -# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) -# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) - +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ # define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) # define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) +/* BIO_s_file() */ # define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) # define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) +/* BIO_s_fd() and BIO_s_file() */ # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) # define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) @@ -600,8 +589,8 @@ int BIO_ctrl_reset_read_request(BIO *b); /* ctrl macros for dgram */ # define BIO_ctrl_dgram_connect(b,peer) \ (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) -# define BIO_ctrl_set_connected(b, state, peer) \ - (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) +# define BIO_ctrl_set_connected(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)peer) # define BIO_dgram_recv_timedout(b) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) # define BIO_dgram_send_timedout(b) \ From builds at travis-ci.org Mon Nov 2 16:56:41 2015 From: builds at travis-ci.org (Travis CI) Date: Mon, 02 Nov 2015 16:56:41 +0000 Subject: [openssl-commits] Broken: openssl/openssl#575 (master - 009e9d9) In-Reply-To: Message-ID: <563795c928c58_3a1deac31622b@5506ffab-46c6-41ba-a881-965e7f912e6d.mail> Build Update for openssl/openssl ------------------------------------- Build: #575 Status: Broken Duration: 16 minutes and 8 seconds Commit: 009e9d9 (master) Author: Richard Levitte Message: Remove the state parameter from BIO_ctrl_set_connected The actual implementation has the state of the connection being controlled with the peer parameter, non-NULL meaning connected and NULL meaning connected. Reviewed-by: Andy Polyakov View the changeset: https://github.com/openssl/openssl/compare/f89ee71bc810...009e9d99a325 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/88824611 -- You can configure recipients for build notifications in your .travis.yml file. See http://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Nov 2 20:59:18 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 02 Nov 2015 20:59:18 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446497958.011671.18261.nullmailer@dev.openssl.org> The branch master has been updated via 2c9be7d09f4566f7fb78d168acd5038dd4384ca5 (commit) from 009e9d99a325992096b6112c16b190e47fd1d166 (commit) - Log ----------------------------------------------------------------- commit 2c9be7d09f4566f7fb78d168acd5038dd4384ca5 Author: Richard Levitte Date: Mon Nov 2 21:18:34 2015 +0100 Fix usage of BIO_ctrl_set_connected Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/s_client.c b/apps/s_client.c index 9bad1b5..fc0174f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1379,7 +1379,7 @@ int s_client_main(int argc, char **argv) goto end; } - (void)BIO_ctrl_set_connected(sbio, 1, &peer); + (void)BIO_ctrl_set_connected(sbio, &peer); if (enable_timeouts) { timeout.tv_sec = 0; From builds at travis-ci.org Mon Nov 2 21:25:48 2015 From: builds at travis-ci.org (Travis CI) Date: Mon, 02 Nov 2015 21:25:48 +0000 Subject: [openssl-commits] Fixed: openssl/openssl#576 (master - 2c9be7d) In-Reply-To: Message-ID: <5637d4dc318f8_311ceab4558812@5506ffab-46c6-41ba-a881-965e7f912e6d.mail> Build Update for openssl/openssl ------------------------------------- Build: #576 Status: Fixed Duration: 26 minutes and 3 seconds Commit: 2c9be7d (master) Author: Richard Levitte Message: Fix usage of BIO_ctrl_set_connected Reviewed-by: Rich Salz View the changeset: https://github.com/openssl/openssl/compare/009e9d99a325...2c9be7d09f45 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/88874307 -- You can configure recipients for build notifications in your .travis.yml file. See http://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Wed Nov 4 14:38:16 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 04 Nov 2015 14:38:16 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446647896.561278.626.nullmailer@dev.openssl.org> The branch master has been updated via 3d866ea67e8b19777e88ac2a78ee4188e0983168 (commit) from 2c9be7d09f4566f7fb78d168acd5038dd4384ca5 (commit) - Log ----------------------------------------------------------------- commit 3d866ea67e8b19777e88ac2a78ee4188e0983168 Author: Matt Caswell Date: Mon Nov 2 15:37:45 2015 +0000 Minor EVP_SignInit_ex doc fix EVP_SignInit_ex was missing from the NAME section of its man page so typing "man EVP_SignInit_ex" failed to load the page. Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: doc/crypto/EVP_SignInit.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index 51d49c8..afb2942 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing +functions =head1 SYNOPSIS From matt at openssl.org Wed Nov 4 14:39:22 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 04 Nov 2015 14:39:22 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1446647962.653177.1609.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via ca3658e0000b7051ccf1610cbcf73adb87062869 (commit) from 8f486d793b2b12d4cf275eb39f4b97dade1044e3 (commit) - Log ----------------------------------------------------------------- commit ca3658e0000b7051ccf1610cbcf73adb87062869 Author: Matt Caswell Date: Mon Nov 2 15:37:45 2015 +0000 Minor EVP_SignInit_ex doc fix EVP_SignInit_ex was missing from the NAME section of its man page so typing "man EVP_SignInit_ex" failed to load the page. Reviewed-by: Stephen Henson (cherry picked from commit 3d866ea67e8b19777e88ac2a78ee4188e0983168) ----------------------------------------------------------------------- Summary of changes: doc/crypto/EVP_SignInit.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index 14ecc77..c63d6b3 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing +functions =head1 SYNOPSIS From matt at openssl.org Wed Nov 4 14:39:37 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 04 Nov 2015 14:39:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1446647977.928380.1863.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 1fe1c65c3ba96dd89e6c805331204428a27d4b6c (commit) from 22ec08d7b76709750f8c9a8aaf7e86703e4eb56c (commit) - Log ----------------------------------------------------------------- commit 1fe1c65c3ba96dd89e6c805331204428a27d4b6c Author: Matt Caswell Date: Mon Nov 2 15:37:45 2015 +0000 Minor EVP_SignInit_ex doc fix EVP_SignInit_ex was missing from the NAME section of its man page so typing "man EVP_SignInit_ex" failed to load the page. Reviewed-by: Stephen Henson (cherry picked from commit 3d866ea67e8b19777e88ac2a78ee4188e0983168) ----------------------------------------------------------------------- Summary of changes: doc/crypto/EVP_SignInit.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index 14ecc77..c63d6b3 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -2,7 +2,8 @@ =head1 NAME -EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions +EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal - EVP signing +functions =head1 SYNOPSIS From stevem at openssl.org Thu Nov 5 12:26:09 2015 From: stevem at openssl.org (Steve Marquess) Date: Thu, 05 Nov 2015 12:26:09 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1446726369.596175.27992.nullmailer@dev.openssl.org> The branch master has been updated via 8254a7290ce212f3f96ca18bf800e7ac10695985 (commit) from 85a91384a31f8ca359dae220bf4d2cc63f0d1f18 (commit) - Log ----------------------------------------------------------------- commit 8254a7290ce212f3f96ca18bf800e7ac10695985 Author: Steve Marquess Date: Thu Nov 5 07:25:48 2015 -0500 Update with multiple minor corrections ----------------------------------------------------------------------- Summary of changes: docs/fips/UserGuide-2.0.pdf | Bin 1776107 -> 1779955 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/fips/UserGuide-2.0.pdf b/docs/fips/UserGuide-2.0.pdf index 8ac47e8..85b5f0e 100644 Binary files a/docs/fips/UserGuide-2.0.pdf and b/docs/fips/UserGuide-2.0.pdf differ From matt at openssl.org Thu Nov 5 15:14:13 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 05 Nov 2015 15:14:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446736453.066625.19748.nullmailer@dev.openssl.org> The branch master has been updated via cf0113eb47111b437658844bfc1ea87c38ca19ad (commit) from 3d866ea67e8b19777e88ac2a78ee4188e0983168 (commit) - Log ----------------------------------------------------------------- commit cf0113eb47111b437658844bfc1ea87c38ca19ad Author: Matt Caswell Date: Fri Oct 30 16:28:50 2015 +0000 Ensure the dtls1_get_*_methods work with DTLS_ANY_VERSION The various dtls1_get*_methods did not handle the DTLS_ANY_VERSION case, so this needed to be added. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/methods.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/ssl/methods.c b/ssl/methods.c index 3319119..ef20c9c 100644 --- a/ssl/methods.c +++ b/ssl/methods.c @@ -258,12 +258,14 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method, */ static const SSL_METHOD *dtls1_get_method(int ver) { - if (ver == DTLS1_VERSION) - return (DTLSv1_method()); + if (ver == DTLS_ANY_VERSION) + return DTLS_method(); + else if (ver == DTLS1_VERSION) + return DTLSv1_method(); else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_method()); + return DTLSv1_2_method(); else - return (NULL); + return NULL; } IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, @@ -291,12 +293,14 @@ IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, static const SSL_METHOD *dtls1_get_server_method(int ver) { - if (ver == DTLS1_VERSION) - return (DTLSv1_server_method()); + if (ver == DTLS_ANY_VERSION) + return DTLS_server_method(); + else if (ver == DTLS1_VERSION) + return DTLSv1_server_method(); else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_server_method()); + return DTLSv1_2_server_method(); else - return (NULL); + return NULL; } IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, @@ -324,12 +328,14 @@ IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, static const SSL_METHOD *dtls1_get_client_method(int ver) { - if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) - return (DTLSv1_client_method()); + if (ver == DTLS_ANY_VERSION) + return DTLS_client_method(); + else if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) + return DTLSv1_client_method(); else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_client_method()); + return DTLSv1_2_client_method(); else - return (NULL); + return NULL; } IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, From matt at openssl.org Thu Nov 5 15:14:27 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 05 Nov 2015 15:14:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1446736467.398148.20607.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 0c0f1361b29080380031b709f470e5bb3644e484 (commit) from ca3658e0000b7051ccf1610cbcf73adb87062869 (commit) - Log ----------------------------------------------------------------- commit 0c0f1361b29080380031b709f470e5bb3644e484 Author: Matt Caswell Date: Wed Nov 4 14:46:03 2015 +0000 Ensure the dtls1_get_*_methods work with DTLS_ANY_VERSION The various dtls1_get*_methods did not handle the DTLS_ANY_VERSION case, so this needed to be added. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/d1_clnt.c | 14 ++++++++------ ssl/d1_meth.c | 14 ++++++++------ ssl/d1_srvr.c | 14 ++++++++------ 3 files changed, 24 insertions(+), 18 deletions(-) diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index feeaf6d..3a2038c 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -133,12 +133,14 @@ static int dtls1_get_hello_verify(SSL *s); static const SSL_METHOD *dtls1_get_client_method(int ver) { - if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) - return (DTLSv1_client_method()); + if (ver == DTLS_ANY_VERSION) + return DTLS_client_method(); + else if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER) + return DTLSv1_client_method(); else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_client_method()); + return DTLSv1_2_client_method(); else - return (NULL); + return NULL; } IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, @@ -147,13 +149,13 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, dtls1_connect, dtls1_get_client_method, DTLSv1_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, DTLSv1_2_client_method, ssl_undefined_function, dtls1_connect, dtls1_get_client_method, DTLSv1_2_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, DTLS_client_method, ssl_undefined_function, dtls1_connect, diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c index 7340774..899010e 100644 --- a/ssl/d1_meth.c +++ b/ssl/d1_meth.c @@ -64,12 +64,14 @@ static const SSL_METHOD *dtls1_get_method(int ver); static const SSL_METHOD *dtls1_get_method(int ver) { - if (ver == DTLS1_VERSION) - return (DTLSv1_method()); + if (ver == DTLS_ANY_VERSION) + return DTLS_method(); + else if (ver == DTLS1_VERSION) + return DTLSv1_method(); else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_method()); + return DTLSv1_2_method(); else - return (NULL); + return NULL; } IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, @@ -77,12 +79,12 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, dtls1_accept, dtls1_connect, dtls1_get_method, DTLSv1_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, DTLSv1_2_method, dtls1_accept, dtls1_connect, dtls1_get_method, DTLSv1_2_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, DTLS_method, dtls1_accept, dtls1_connect, dtls1_get_method, DTLSv1_2_enc_data) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 6c3bfb8..25c30a6 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -131,12 +131,14 @@ static int dtls1_send_hello_verify_request(SSL *s); static const SSL_METHOD *dtls1_get_server_method(int ver) { - if (ver == DTLS1_VERSION) - return (DTLSv1_server_method()); + if (ver == DTLS_ANY_VERSION) + return DTLS_server_method(); + else if (ver == DTLS1_VERSION) + return DTLSv1_server_method(); else if (ver == DTLS1_2_VERSION) - return (DTLSv1_2_server_method()); + return DTLSv1_2_server_method(); else - return (NULL); + return NULL; } IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, @@ -145,13 +147,13 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, ssl_undefined_function, dtls1_get_server_method, DTLSv1_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, DTLSv1_2_server_method, dtls1_accept, ssl_undefined_function, dtls1_get_server_method, DTLSv1_2_enc_data) - IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, +IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, DTLS_server_method, dtls1_accept, ssl_undefined_function, From steve at openssl.org Thu Nov 5 16:16:28 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 05 Nov 2015 16:16:28 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446740188.198477.11126.nullmailer@dev.openssl.org> The branch master has been updated via b8fb59897b707d53137a66ec054173c161a9f0ae (commit) via 525cc5e77718e213f6586e68ef59d62c1c2219a6 (commit) via f4c38857d75a8f95c0991feae514f8c3de3f060e (commit) from cf0113eb47111b437658844bfc1ea87c38ca19ad (commit) - Log ----------------------------------------------------------------- commit b8fb59897b707d53137a66ec054173c161a9f0ae Author: Dr. Stephen Henson Date: Tue Nov 3 14:09:18 2015 +0000 Rebuild error source files. Rebuild error source files: the new mkerr.pl functionality will now pick up and translate static function names properly. Reviewed-by: Richard Levitte commit 525cc5e77718e213f6586e68ef59d62c1c2219a6 Author: Dr. Stephen Henson Date: Tue Nov 3 14:00:41 2015 +0000 fix discrepancy Reviewed-by: Richard Levitte commit f4c38857d75a8f95c0991feae514f8c3de3f060e Author: Dr. Stephen Henson Date: Tue Nov 3 13:52:45 2015 +0000 Read function names from C source files. In mkerr.pl read parse functions names in C source files and use them for translation and sanity checks. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1_err.c | 70 ++++++++++++++--------------- crypto/bio/bio_err.c | 22 +++++----- crypto/bn/bn_err.c | 4 +- crypto/buffer/buf_err.c | 2 +- crypto/cms/cms_err.c | 36 +++++++-------- crypto/comp/comp_err.c | 10 ++--- crypto/conf/conf_err.c | 14 +++--- crypto/cpt_err.c | 2 +- crypto/dh/dh_err.c | 30 ++++++------- crypto/dsa/dsa_err.c | 26 +++++------ crypto/dso/dso_err.c | 54 +++++++++++------------ crypto/ec/ec_err.c | 74 +++++++++++++++---------------- crypto/ecdh/ech_err.c | 2 +- crypto/ecdsa/ecs_err.c | 4 +- crypto/engine/eng_err.c | 24 +++++----- crypto/evp/evp_err.c | 33 +++++++------- crypto/jpake/jpake_err.c | 4 +- crypto/objects/obj_err.c | 2 +- crypto/ocsp/ocsp_err.c | 14 +++--- crypto/pem/pem_err.c | 38 ++++++++-------- crypto/pkcs7/pkcs7err.c | 32 ++++++-------- crypto/rsa/rsa_err.c | 50 ++++++++++----------- crypto/store/str_err.c | 18 ++++---- crypto/store/str_lib.c | 2 +- crypto/ts/ts_err.c | 36 +++++++-------- crypto/ui/ui_err.c | 6 +-- crypto/x509/x509_err.c | 12 ++--- crypto/x509v3/v3err.c | 74 +++++++++++++++---------------- ssl/ssl_err.c | 112 +++++++++++++++++++++++++++++------------------ util/mkerr.pl | 15 ++++++- 30 files changed, 430 insertions(+), 392 deletions(-) diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 73dd53f..83e4e75 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -74,28 +74,28 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"}, {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"}, - {ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"}, + {ERR_FUNC(ASN1_F_APPEND_EXP), "append_exp"}, {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"}, - {ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"}, - {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"}, + {ERR_FUNC(ASN1_F_ASN1_CB), "asn1_cb"}, + {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "asn1_check_tlen"}, {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"}, - {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"}, - {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"}, + {ERR_FUNC(ASN1_F_ASN1_COLLECT), "asn1_collect"}, + {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "asn1_d2i_ex_primitive"}, {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"}, - {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"}, + {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "asn1_d2i_read_bio"}, {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, - {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"}, + {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "asn1_do_adb"}, {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"}, {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, - {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, - {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, + {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "asn1_ex_c2i"}, + {ERR_FUNC(ASN1_F_ASN1_FIND_END), "asn1_find_end"}, {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"}, {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, - {ERR_FUNC(ASN1_F_ASN1_GET_INT64), "ASN1_GET_INT64"}, + {ERR_FUNC(ASN1_F_ASN1_GET_INT64), "asn1_get_int64"}, {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, - {ERR_FUNC(ASN1_F_ASN1_GET_UINT64), "ASN1_GET_UINT64"}, + {ERR_FUNC(ASN1_F_ASN1_GET_UINT64), "asn1_get_uint64"}, {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW"}, {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, @@ -104,7 +104,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"}, {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_D2I), "asn1_item_embed_d2i"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_NEW), "ASN1_ITEM_EMBED_NEW"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_NEW), "asn1_item_embed_new"}, {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, @@ -114,7 +114,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, - {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, + {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "asn1_output_data"}, {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"}, {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, @@ -122,16 +122,16 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, - {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "ASN1_STRING_GET_INT64"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_GET_UINT64), "ASN1_STRING_GET_UINT64"}, + {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "asn1_str2type"}, + {ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "asn1_string_get_int64"}, + {ERR_FUNC(ASN1_F_ASN1_STRING_GET_UINT64), "asn1_string_get_uint64"}, {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, - {ERR_FUNC(ASN1_F_ASN1_STRING_TO_BN), "ASN1_STRING_TO_BN"}, + {ERR_FUNC(ASN1_F_ASN1_STRING_TO_BN), "asn1_string_to_bn"}, {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, - {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, - {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, - {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, + {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "asn1_template_ex_d2i"}, + {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "asn1_template_new"}, + {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "asn1_template_noexp_d2i"}, {ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"}, {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), @@ -141,18 +141,18 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"}, {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, - {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, - {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, + {ERR_FUNC(ASN1_F_B64_READ_ASN1), "b64_read_asn1"}, + {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_write_ASN1"}, {ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"}, - {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, + {ERR_FUNC(ASN1_F_BITSTR_CB), "bitstr_cb"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, - {ERR_FUNC(ASN1_F_BN_TO_ASN1_STRING), "BN_TO_ASN1_STRING"}, + {ERR_FUNC(ASN1_F_BN_TO_ASN1_STRING), "bn_to_asn1_string"}, {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"}, {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"}, {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"}, - {ERR_FUNC(ASN1_F_C2I_IBUF), "C2I_IBUF"}, - {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"}, + {ERR_FUNC(ASN1_F_C2I_IBUF), "c2i_ibuf"}, + {ERR_FUNC(ASN1_F_COLLECT_DATA), "collect_data"}, {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"}, {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"}, @@ -172,7 +172,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, - {ERR_FUNC(ASN1_F_DO_TCREATE), "DO_TCREATE"}, + {ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"}, {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, @@ -181,24 +181,24 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, - {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, - {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, - {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, + {ERR_FUNC(ASN1_F_LONG_C2I), "long_c2i"}, + {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "oid_module_init"}, + {ERR_FUNC(ASN1_F_PARSE_TAGGING), "parse_tagging"}, {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_SCRYPT), "PKCS5_pbe2_set_scrypt"}, {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"}, - {ERR_FUNC(ASN1_F_PKCS5_SCRYPT_SET), "PKCS5_SCRYPT_SET"}, + {ERR_FUNC(ASN1_F_PKCS5_SCRYPT_SET), "pkcs5_scrypt_set"}, {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, - {ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "STBL_MODULE_INIT"}, + {ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "stbl_module_init"}, {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, - {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"}, - {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"}, - {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"}, + {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "x509_name_encode"}, + {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "x509_name_ex_d2i"}, + {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "x509_name_ex_new"}, {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"}, {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"}, {0, NULL} diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c index d9007aa..776c1de 100644 --- a/crypto/bio/bio_err.c +++ b/crypto/bio/bio_err.c @@ -70,7 +70,7 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason) static ERR_STRING_DATA BIO_str_functs[] = { - {ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"}, + {ERR_FUNC(BIO_F_ACPT_STATE), "acpt_state"}, {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"}, {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"}, {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"}, @@ -80,7 +80,7 @@ static ERR_STRING_DATA BIO_str_functs[] = { {ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"}, {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"}, {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"}, - {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"}, + {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "bio_make_pair"}, {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"}, {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"}, {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"}, @@ -92,16 +92,16 @@ static ERR_STRING_DATA BIO_str_functs[] = { {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"}, {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"}, {ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"}, - {ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"}, - {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, - {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, - {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "DGRAM_SCTP_READ"}, - {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "DGRAM_SCTP_WRITE"}, - {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, - {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, - {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, + {ERR_FUNC(BIO_F_BUFFER_CTRL), "buffer_ctrl"}, + {ERR_FUNC(BIO_F_CONN_CTRL), "conn_ctrl"}, + {ERR_FUNC(BIO_F_CONN_STATE), "conn_state"}, + {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "dgram_sctp_read"}, + {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "dgram_sctp_write"}, + {ERR_FUNC(BIO_F_FILE_CTRL), "file_ctrl"}, + {ERR_FUNC(BIO_F_FILE_READ), "file_read"}, + {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "linebuffer_ctrl"}, {ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"}, - {ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"}, + {ERR_FUNC(BIO_F_MEM_WRITE), "mem_write"}, {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"}, {ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"}, {0, NULL} diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index 1096ec7..060a63d 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -70,7 +70,7 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) static ERR_STRING_DATA BN_str_functs[] = { - {ERR_FUNC(BN_F_BNRAND), "BNRAND"}, + {ERR_FUNC(BN_F_BNRAND), "bnrand"}, {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, @@ -87,7 +87,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, - {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, + {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "bn_expand_internal"}, {ERR_FUNC(BN_F_BN_GENCB_NEW), "BN_GENCB_new"}, {ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE), "BN_generate_dsa_nonce"}, {ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX), "BN_generate_prime_ex"}, diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c index 631eec3..34671aa 100644 --- a/crypto/buffer/buf_err.c +++ b/crypto/buffer/buf_err.c @@ -1,6 +1,6 @@ /* crypto/buffer/buf_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index 15572ea..f1e47e6 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -1,6 +1,6 @@ /* crypto/cms/cms_err.c */ /* ==================================================================== - * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,7 +70,7 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason) static ERR_STRING_DATA CMS_str_functs[] = { - {ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"}, + {ERR_FUNC(CMS_F_CHECK_CONTENT), "check_content"}, {ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"}, {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"}, {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD), @@ -78,13 +78,13 @@ static ERR_STRING_DATA CMS_str_functs[] = { {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"}, {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"}, {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"}, - {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"}, + {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "cms_add1_signingTime"}, {ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"}, {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"}, {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"}, - {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"}, - {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"}, + {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "cms_copy_content"}, + {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "cms_copy_messageDigest"}, {ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"}, {ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"}, {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"}, @@ -109,17 +109,17 @@ static ERR_STRING_DATA CMS_str_functs[] = { {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"}, {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"}, - {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"}, + {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "cms_enveloped_data_init"}, {ERR_FUNC(CMS_F_CMS_ENV_ASN1_CTRL), "cms_env_asn1_ctrl"}, {ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"}, {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), - "CMS_GET0_CERTIFICATE_CHOICES"}, + "cms_get0_certificate_choices"}, {ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"}, - {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"}, + {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "cms_get0_econtent_type"}, {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"}, {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), - "CMS_GET0_REVOCATION_CHOICES"}, - {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"}, + "cms_get0_revocation_choices"}, + {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "cms_get0_signed"}, {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"}, {ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"}, @@ -137,9 +137,9 @@ static ERR_STRING_DATA CMS_str_functs[] = { {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP), "CMS_RecipientInfo_kari_orig_id_cmp"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), - "CMS_RECIPIENTINFO_KEKRI_DECRYPT"}, + "cms_RecipientInfo_kekri_decrypt"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), - "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"}, + "cms_RecipientInfo_kekri_encrypt"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), @@ -147,9 +147,9 @@ static ERR_STRING_DATA CMS_str_functs[] = { {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), - "CMS_RECIPIENTINFO_KTRI_DECRYPT"}, + "cms_RecipientInfo_ktri_decrypt"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), - "CMS_RECIPIENTINFO_KTRI_ENCRYPT"}, + "cms_RecipientInfo_ktri_encrypt"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), @@ -162,19 +162,19 @@ static ERR_STRING_DATA CMS_str_functs[] = { "CMS_RecipientInfo_set0_password"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"}, - {ERR_FUNC(CMS_F_CMS_SD_ASN1_CTRL), "CMS_SD_ASN1_CTRL"}, + {ERR_FUNC(CMS_F_CMS_SD_ASN1_CTRL), "cms_sd_asn1_ctrl"}, {ERR_FUNC(CMS_F_CMS_SET1_IAS), "cms_set1_ias"}, {ERR_FUNC(CMS_F_CMS_SET1_KEYID), "cms_set1_keyid"}, {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"}, {ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"}, {ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"}, - {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"}, + {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "cms_signed_data_init"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), - "CMS_SIGNERINFO_CONTENT_SIGN"}, + "cms_SignerInfo_content_sign"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), - "CMS_SIGNERINFO_VERIFY_CERT"}, + "cms_signerinfo_verify_cert"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"}, {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c index 8ca159b..f3a772a 100644 --- a/crypto/comp/comp_err.c +++ b/crypto/comp/comp_err.c @@ -1,6 +1,6 @@ /* crypto/comp/comp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,10 +70,10 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) static ERR_STRING_DATA COMP_str_functs[] = { - {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"}, - {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"}, - {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"}, - {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"}, + {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "bio_zlib_flush"}, + {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "bio_zlib_new"}, + {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "bio_zlib_read"}, + {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "bio_zlib_write"}, {0, NULL} }; diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index bb5e2fe..6707787 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -1,6 +1,6 @@ /* crypto/conf/conf_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -76,11 +76,11 @@ static ERR_STRING_DATA CONF_str_functs[] = { {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, {ERR_FUNC(CONF_F_CONF_PARSE_LIST), "CONF_parse_list"}, - {ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"}, - {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"}, - {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, - {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"}, - {ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"}, + {ERR_FUNC(CONF_F_DEF_LOAD), "def_load"}, + {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "def_load_bio"}, + {ERR_FUNC(CONF_F_MODULE_INIT), "module_init"}, + {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "module_load_dso"}, + {ERR_FUNC(CONF_F_MODULE_RUN), "module_run"}, {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"}, {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"}, {ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"}, @@ -91,7 +91,7 @@ static ERR_STRING_DATA CONF_str_functs[] = { {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"}, {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"}, {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"}, - {ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"}, + {ERR_FUNC(CONF_F_STR_COPY), "str_copy"}, {0, NULL} }; diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c index 1f9a824..9f029cc 100644 --- a/crypto/cpt_err.c +++ b/crypto/cpt_err.c @@ -78,7 +78,7 @@ static ERR_STRING_DATA CRYPTO_str_functs[] = { {ERR_FUNC(CRYPTO_F_CRYPTO_NEW_EX_DATA), "CRYPTO_new_ex_data"}, {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, - {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, + {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "def_get_class"}, {ERR_FUNC(CRYPTO_F_FIPS_MODE_SET), "FIPS_mode_set"}, {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index d232498..6a53800 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* crypto/dh/dh_err.c */ /* ==================================================================== - * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,23 +70,23 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) static ERR_STRING_DATA DH_str_functs[] = { - {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, + {ERR_FUNC(DH_F_COMPUTE_KEY), "compute_key"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, - {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, - {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"}, - {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"}, - {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"}, + {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "dh_builtin_genparams"}, + {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"}, + {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"}, + {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "dh_cms_set_shared_info"}, {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, - {ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"}, - {ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"}, - {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"}, - {ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"}, - {ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"}, - {ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"}, - {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, + {ERR_FUNC(DH_F_DH_PARAM_DECODE), "dh_param_decode"}, + {ERR_FUNC(DH_F_DH_PRIV_DECODE), "dh_priv_decode"}, + {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "dh_priv_encode"}, + {ERR_FUNC(DH_F_DH_PUB_DECODE), "dh_pub_decode"}, + {ERR_FUNC(DH_F_DH_PUB_ENCODE), "dh_pub_encode"}, + {ERR_FUNC(DH_F_DO_DH_PRINT), "do_dh_print"}, + {ERR_FUNC(DH_F_GENERATE_KEY), "generate_key"}, {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, - {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"}, - {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"}, + {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "pkey_dh_derive"}, + {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "pkey_dh_keygen"}, {0, NULL} }; diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 75fb22e..913ebe7 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* crypto/dsa/dsa_err.c */ /* ==================================================================== - * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,31 +71,31 @@ static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, - {ERR_FUNC(DSA_F_DO_DSA_PRINT), "DO_DSA_PRINT"}, + {ERR_FUNC(DSA_F_DO_DSA_PRINT), "do_dsa_print"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"}, {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, - {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"}, + {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN2), "dsa_builtin_paramgen2"}, {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, - {ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "DSA_PARAM_DECODE"}, + {ERR_FUNC(DSA_F_DSA_PARAM_DECODE), "dsa_param_decode"}, {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, - {ERR_FUNC(DSA_F_DSA_PRIV_DECODE), "DSA_PRIV_DECODE"}, - {ERR_FUNC(DSA_F_DSA_PRIV_ENCODE), "DSA_PRIV_ENCODE"}, - {ERR_FUNC(DSA_F_DSA_PUB_DECODE), "DSA_PUB_DECODE"}, - {ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "DSA_PUB_ENCODE"}, + {ERR_FUNC(DSA_F_DSA_PRIV_DECODE), "dsa_priv_decode"}, + {ERR_FUNC(DSA_F_DSA_PRIV_ENCODE), "dsa_priv_encode"}, + {ERR_FUNC(DSA_F_DSA_PUB_DECODE), "dsa_pub_decode"}, + {ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "dsa_pub_encode"}, {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, - {ERR_FUNC(DSA_F_DSA_SIG_PRINT), "DSA_SIG_PRINT"}, + {ERR_FUNC(DSA_F_DSA_SIG_PRINT), "dsa_sig_print"}, {ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"}, {ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"}, - {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "OLD_DSA_PRIV_DECODE"}, - {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"}, - {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "PKEY_DSA_KEYGEN"}, - {ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"}, + {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "old_dsa_priv_decode"}, + {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "pkey_dsa_ctrl"}, + {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "pkey_dsa_keygen"}, + {ERR_FUNC(DSA_F_SIG_CB), "sig_cb"}, {0, NULL} }; diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c index e143cc0..546c616 100644 --- a/crypto/dso/dso_err.c +++ b/crypto/dso/dso_err.c @@ -1,6 +1,6 @@ /* crypto/dso/dso_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -75,18 +75,18 @@ static ERR_STRING_DATA DSO_str_functs[] = { {ERR_FUNC(DSO_F_BEOS_LOAD), "BEOS_LOAD"}, {ERR_FUNC(DSO_F_BEOS_NAME_CONVERTER), "BEOS_NAME_CONVERTER"}, {ERR_FUNC(DSO_F_BEOS_UNLOAD), "BEOS_UNLOAD"}, - {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, - {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, - {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, - {ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"}, - {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"}, - {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"}, - {ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"}, - {ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"}, - {ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"}, - {ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"}, - {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"}, - {ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"}, + {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "dlfcn_bind_func"}, + {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "dlfcn_bind_var"}, + {ERR_FUNC(DSO_F_DLFCN_LOAD), "dlfcn_load"}, + {ERR_FUNC(DSO_F_DLFCN_MERGER), "dlfcn_merger"}, + {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "dlfcn_name_converter"}, + {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "dlfcn_unload"}, + {ERR_FUNC(DSO_F_DL_BIND_FUNC), "dl_bind_func"}, + {ERR_FUNC(DSO_F_DL_BIND_VAR), "dl_bind_var"}, + {ERR_FUNC(DSO_F_DL_LOAD), "dl_load"}, + {ERR_FUNC(DSO_F_DL_MERGER), "dl_merger"}, + {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "dl_name_converter"}, + {ERR_FUNC(DSO_F_DL_UNLOAD), "dl_unload"}, {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"}, {ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"}, {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"}, @@ -104,21 +104,21 @@ static ERR_STRING_DATA DSO_str_functs[] = { {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, {ERR_FUNC(DSO_F_GLOBAL_LOOKUP_FUNC), "GLOBAL_LOOKUP_FUNC"}, {ERR_FUNC(DSO_F_PATHBYADDR), "PATHBYADDR"}, - {ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"}, - {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, - {ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"}, - {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, - {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, - {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, - {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "WIN32_GLOBALLOOKUP"}, + {ERR_FUNC(DSO_F_VMS_BIND_SYM), "vms_bind_sym"}, + {ERR_FUNC(DSO_F_VMS_LOAD), "vms_load"}, + {ERR_FUNC(DSO_F_VMS_MERGER), "vms_merger"}, + {ERR_FUNC(DSO_F_VMS_UNLOAD), "vms_unload"}, + {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "win32_bind_func"}, + {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "win32_bind_var"}, + {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "win32_globallookup"}, {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP_FUNC), "WIN32_GLOBALLOOKUP_FUNC"}, - {ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"}, - {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, - {ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"}, - {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, - {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "WIN32_PATHBYADDR"}, - {ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"}, - {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, + {ERR_FUNC(DSO_F_WIN32_JOINER), "win32_joiner"}, + {ERR_FUNC(DSO_F_WIN32_LOAD), "win32_load"}, + {ERR_FUNC(DSO_F_WIN32_MERGER), "win32_merger"}, + {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "win32_name_converter"}, + {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "win32_pathbyaddr"}, + {ERR_FUNC(DSO_F_WIN32_SPLITTER), "win32_splitter"}, + {ERR_FUNC(DSO_F_WIN32_UNLOAD), "win32_unload"}, {0, NULL} }; diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 13b32c7..b55db79 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* crypto/ec/ec_err.c */ /* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,38 +70,44 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason) static ERR_STRING_DATA EC_str_functs[] = { - {ERR_FUNC(EC_F_BN_TO_FELEM), "BN_TO_FELEM"}, + {ERR_FUNC(EC_F_BN_TO_FELEM), "BN_to_felem"}, {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"}, {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"}, {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"}, {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"}, - {ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "DO_EC_KEY_PRINT"}, - {ERR_FUNC(EC_F_ECDH_CMS_DECRYPT), "ECDH_CMS_DECRYPT"}, - {ERR_FUNC(EC_F_ECDH_CMS_SET_SHARED_INFO), "ECDH_CMS_SET_SHARED_INFO"}, - {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "ECKEY_PARAM2TYPE"}, - {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "ECKEY_PARAM_DECODE"}, - {ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "ECKEY_PRIV_DECODE"}, - {ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE), "ECKEY_PRIV_ENCODE"}, - {ERR_FUNC(EC_F_ECKEY_PUB_DECODE), "ECKEY_PUB_DECODE"}, - {ERR_FUNC(EC_F_ECKEY_PUB_ENCODE), "ECKEY_PUB_ENCODE"}, - {ERR_FUNC(EC_F_ECKEY_TYPE2PARAM), "ECKEY_TYPE2PARAM"}, + {ERR_FUNC(EC_F_DO_EC_KEY_PRINT), "do_EC_KEY_print"}, + {ERR_FUNC(EC_F_ECDH_CMS_DECRYPT), "ecdh_cms_decrypt"}, + {ERR_FUNC(EC_F_ECDH_CMS_SET_SHARED_INFO), "ecdh_cms_set_shared_info"}, + {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "eckey_param2type"}, + {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "eckey_param_decode"}, + {ERR_FUNC(EC_F_ECKEY_PRIV_DECODE), "eckey_priv_decode"}, + {ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE), "eckey_priv_encode"}, + {ERR_FUNC(EC_F_ECKEY_PUB_DECODE), "eckey_pub_decode"}, + {ERR_FUNC(EC_F_ECKEY_PUB_ENCODE), "eckey_pub_encode"}, + {ERR_FUNC(EC_F_ECKEY_TYPE2PARAM), "eckey_type2param"}, {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"}, {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"}, + {ERR_FUNC(EC_F_ECP_NISTZ256_GET_AFFINE), "ecp_nistz256_get_affine"}, + {ERR_FUNC(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE), + "ecp_nistz256_mult_precompute"}, + {ERR_FUNC(EC_F_ECP_NISTZ256_POINTS_MUL), "ecp_nistz256_points_mul"}, + {ERR_FUNC(EC_F_ECP_NISTZ256_PRE_COMP_NEW), "ecp_nistz256_pre_comp_new"}, + {ERR_FUNC(EC_F_ECP_NISTZ256_WINDOWED_MUL), "ecp_nistz256_windowed_mul"}, {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"}, {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"}, {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"}, {ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"}, - {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"}, - {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"}, - {ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"}, - {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"}, - {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"}, - {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"}, + {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "ec_asn1_group2curve"}, + {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "ec_asn1_group2fieldid"}, + {ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "ec_asn1_group2parameters"}, + {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "ec_asn1_group2pkparameters"}, + {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "ec_asn1_parameters2group"}, + {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "ec_asn1_pkparameters2group"}, {ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"}, {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), - "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"}, + "ec_GF2m_montgomery_point_multiply"}, {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GF2m_simple_group_check_discriminant"}, {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), @@ -184,7 +190,7 @@ static ERR_STRING_DATA EC_str_functs[] = { "EC_GROUP_get_trinomial_basis"}, {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, - {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"}, + {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "ec_group_new_from_data"}, {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"}, {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"}, {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"}, @@ -229,30 +235,24 @@ static ERR_STRING_DATA EC_str_functs[] = { "EC_POINT_set_Jprojective_coordinates_GFp"}, {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"}, - {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"}, + {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "ec_pre_comp_new"}, {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"}, {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"}, {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"}, {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"}, {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"}, {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"}, - {ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "NISTP224_PRE_COMP_NEW"}, - {ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "NISTP256_PRE_COMP_NEW"}, - {ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW), "NISTP521_PRE_COMP_NEW"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_GET_AFFINE), "ecp_nistz256_get_affine"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_POINTS_MUL), "ecp_nistz256_points_mul"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_WINDOWED_MUL), "ecp_nistz256_windowed_mul"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE), - "ecp_nistz256_mult_precompute"}, - {ERR_FUNC(EC_F_ECP_NISTZ256_PRE_COMP_NEW), "ecp_nistz256_pre_comp_new"}, + {ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "nistp224_pre_comp_new"}, + {ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "nistp256_pre_comp_new"}, + {ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW), "nistp521_pre_comp_new"}, {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, - {ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "OLD_EC_PRIV_DECODE"}, - {ERR_FUNC(EC_F_PKEY_EC_CTRL), "PKEY_EC_CTRL"}, - {ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "PKEY_EC_CTRL_STR"}, - {ERR_FUNC(EC_F_PKEY_EC_DERIVE), "PKEY_EC_DERIVE"}, - {ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "PKEY_EC_KEYGEN"}, - {ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "PKEY_EC_PARAMGEN"}, - {ERR_FUNC(EC_F_PKEY_EC_SIGN), "PKEY_EC_SIGN"}, + {ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE), "old_ec_priv_decode"}, + {ERR_FUNC(EC_F_PKEY_EC_CTRL), "pkey_ec_ctrl"}, + {ERR_FUNC(EC_F_PKEY_EC_CTRL_STR), "pkey_ec_ctrl_str"}, + {ERR_FUNC(EC_F_PKEY_EC_DERIVE), "pkey_ec_derive"}, + {ERR_FUNC(EC_F_PKEY_EC_KEYGEN), "pkey_ec_keygen"}, + {ERR_FUNC(EC_F_PKEY_EC_PARAMGEN), "pkey_ec_paramgen"}, + {ERR_FUNC(EC_F_PKEY_EC_SIGN), "pkey_ec_sign"}, {0, NULL} }; diff --git a/crypto/ecdh/ech_err.c b/crypto/ecdh/ech_err.c index 4781076..5b1f274 100644 --- a/crypto/ecdh/ech_err.c +++ b/crypto/ecdh/ech_err.c @@ -1,6 +1,6 @@ /* crypto/ecdh/ech_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/ecdsa/ecs_err.c b/crypto/ecdsa/ecs_err.c index 8a6f3d6..0a932f3 100644 --- a/crypto/ecdsa/ecs_err.c +++ b/crypto/ecdsa/ecs_err.c @@ -1,6 +1,6 @@ /* crypto/ecdsa/ecs_err.c */ /* ==================================================================== - * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,7 +70,7 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) static ERR_STRING_DATA ECDSA_str_functs[] = { - {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"}, + {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_new_method"}, {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, {ERR_FUNC(ECDSA_F_ECDSA_METHOD_NEW), "ECDSA_METHOD_new"}, diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c index bcc2348..da212c6 100644 --- a/crypto/engine/eng_err.c +++ b/crypto/engine/eng_err.c @@ -1,6 +1,6 @@ /* crypto/engine/eng_err.c */ /* ==================================================================== - * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,10 +70,10 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason) static ERR_STRING_DATA ENGINE_str_functs[] = { - {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"}, - {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"}, - {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"}, - {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"}, + {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "dynamic_ctrl"}, + {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "dynamic_get_data_ctx"}, + {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "dynamic_load"}, + {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "dynamic_set_data_ctx"}, {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"}, {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"}, {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"}, @@ -91,8 +91,8 @@ static ERR_STRING_DATA ENGINE_str_functs[] = { {ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH), "ENGINE_get_pkey_meth"}, {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"}, {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"}, - {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"}, - {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, + {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "engine_list_add"}, + {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "engine_list_remove"}, {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), @@ -104,13 +104,13 @@ static ERR_STRING_DATA ENGINE_str_functs[] = { {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"}, {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"}, {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"}, - {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"}, + {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "engine_table_register"}, {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"}, - {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"}, + {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "engine_unlocked_finish"}, {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"}, - {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"}, - {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"}, - {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"}, + {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "int_ctrl_helper"}, + {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "int_engine_configure"}, + {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "int_engine_module_init"}, {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"}, {0, NULL} }; diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index d718b60..e63b9a0 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -70,18 +70,18 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) static ERR_STRING_DATA EVP_str_functs[] = { - {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, + {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "aesni_init_key"}, {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"}, - {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, - {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"}, + {ERR_FUNC(EVP_F_AES_INIT_KEY), "aes_init_key"}, + {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"}, {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"}, - {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, - {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, + {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"}, + {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"}, {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"}, - {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "CMLL_T4_INIT_KEY"}, + {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "cmll_t4_init_key"}, {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, - {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"}, + {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "do_sigver_init"}, {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, @@ -145,15 +145,15 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_digestinit"}, {ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"}, {ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"}, - {ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"}, + {ERR_FUNC(EVP_F_INT_CTX_NEW), "int_ctx_new"}, {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, - {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"}, + {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_v2_PBKDF2_keyivgen"}, {ERR_FUNC(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN), "PKCS5_v2_scrypt_keyivgen"}, {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, - {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"}, - {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, - {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, + {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "pkey_set_type"}, + {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "rc2_magic_to_meth"}, + {ERR_FUNC(EVP_F_RC5_CTRL), "rc5_ctrl"}, {0, NULL} }; @@ -167,7 +167,8 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"}, {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"}, {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, + {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), + "camellia key setup failed"}, {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"}, {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"}, @@ -189,7 +190,8 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"}, {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, - {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS), "illegal scrypt parameters"}, + {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS), + "illegal scrypt parameters"}, {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"}, {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, @@ -215,7 +217,8 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, - {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"}, + {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), + "pkcs8 unknown broken type"}, {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, diff --git a/crypto/jpake/jpake_err.c b/crypto/jpake/jpake_err.c index be236d9..177bcc2 100644 --- a/crypto/jpake/jpake_err.c +++ b/crypto/jpake/jpake_err.c @@ -1,6 +1,6 @@ /* crypto/jpake/jpake_err.c */ /* ==================================================================== - * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -74,7 +74,7 @@ static ERR_STRING_DATA JPAKE_str_functs[] = { {ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"}, {ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS), "JPAKE_STEP3A_process"}, {ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS), "JPAKE_STEP3B_process"}, - {ERR_FUNC(JPAKE_F_VERIFY_ZKP), "VERIFY_ZKP"}, + {ERR_FUNC(JPAKE_F_VERIFY_ZKP), "verify_zkp"}, {0, NULL} }; diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c index 238aaa5..33a95ff 100644 --- a/crypto/objects/obj_err.c +++ b/crypto/objects/obj_err.c @@ -1,6 +1,6 @@ /* crypto/objects/obj_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c index 722043c..8f099d9 100644 --- a/crypto/ocsp/ocsp_err.c +++ b/crypto/ocsp/ocsp_err.c @@ -1,6 +1,6 @@ /* crypto/ocsp/ocsp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,23 +71,23 @@ static ERR_STRING_DATA OCSP_str_functs[] = { {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, - {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, + {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "d2i_ocsp_nonce"}, {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, - {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, - {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, - {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "ocsp_check_delegated"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "ocsp_check_ids"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "ocsp_check_issuer"}, {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, - {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, + {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "ocsp_match_issuerid"}, {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, - {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, + {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "parse_http_line1"}, {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, {0, NULL} }; diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c index e1f4fdb..56d37eb 100644 --- a/crypto/pem/pem_err.c +++ b/crypto/pem/pem_err.c @@ -1,6 +1,6 @@ /* crypto/pem/pem_err.c */ /* ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,23 +70,23 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) static ERR_STRING_DATA PEM_str_functs[] = { - {ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"}, + {ERR_FUNC(PEM_F_B2I_DSS), "b2i_dss"}, {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"}, - {ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"}, - {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"}, - {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"}, + {ERR_FUNC(PEM_F_B2I_RSA), "b2i_rsa"}, + {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "check_bitlen_dsa"}, + {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "check_bitlen_rsa"}, {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, - {ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"}, - {ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"}, - {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"}, - {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, - {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, - {ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"}, - {ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"}, - {ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"}, + {ERR_FUNC(PEM_F_DO_B2I), "do_b2i"}, + {ERR_FUNC(PEM_F_DO_B2I_BIO), "do_b2i_bio"}, + {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "do_blob_header"}, + {ERR_FUNC(PEM_F_DO_PK8PKEY), "do_pk8pkey"}, + {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "do_pk8pkey_fp"}, + {ERR_FUNC(PEM_F_DO_PVK_BODY), "do_PVK_body"}, + {ERR_FUNC(PEM_F_DO_PVK_HEADER), "do_PVK_header"}, + {ERR_FUNC(PEM_F_I2B_PVK), "i2b_PVK"}, {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"}, - {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, + {ERR_FUNC(PEM_F_LOAD_IV), "load_iv"}, {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, @@ -99,17 +99,17 @@ static ERR_STRING_DATA PEM_str_functs[] = { {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, - {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_READ_BIO_DHPARAMS"}, + {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_read_bio_DHparams"}, {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"}, - {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, - {ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_READ_DHPARAMS"}, - {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, + {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_read_bio_PrivateKey"}, + {ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_read_DHparams"}, + {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_read_PrivateKey"}, {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, - {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"}, + {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_write_PrivateKey"}, {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c index 323513f..797bd56 100644 --- a/crypto/pkcs7/pkcs7err.c +++ b/crypto/pkcs7/pkcs7err.c @@ -1,6 +1,6 @@ /* crypto/pkcs7/pkcs7err.c */ /* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -72,20 +72,19 @@ static ERR_STRING_DATA PKCS7_str_functs[] = { {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, - {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, + {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "do_pkcs7_signed_attrib"}, {ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), "PKCS7_add0_attrib_signing_time"}, - {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), - "PKCS7_add_attrib_smimecap"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, - {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_bio_add_digest"}, {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), - "PKCS7_COPY_EXISTING_DIGEST"}, + "pkcs7_copy_existing_digest"}, {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, @@ -93,11 +92,11 @@ static ERR_STRING_DATA PKCS7_str_functs[] = { {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, - {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, - {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, + {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "pkcs7_decrypt_rinfo"}, + {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "pkcs7_encode_rinfo"}, {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, - {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_find_digest"}, {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, @@ -117,13 +116,11 @@ static ERR_STRING_DATA PKCS7_str_functs[] = { }; static ERR_STRING_DATA PKCS7_str_reasons[] = { - {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, + {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), "cipher has no object identifier"}, {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"}, - {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), - "content and data present"}, + {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), "content and data present"}, {ERR_REASON(PKCS7_R_CTRL_ERROR), "ctrl error"}, {ERR_REASON(PKCS7_R_DECODE_ERROR), "decode error"}, {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), @@ -137,8 +134,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"}, {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE), "invalid mime type"}, {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"}, - {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE), - "invalid signed data type"}, + {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE), "invalid signed data type"}, {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR), "mime parse error"}, {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, @@ -153,8 +149,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), "no recipient matches certificate"}, - {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), - "no recipient matches key"}, + {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), "no recipient matches key"}, {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"}, {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"}, {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE), "no sig content type"}, @@ -186,8 +181,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"}, {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"}, {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"}, - {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), - "unsupported content type"}, + {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"}, {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"}, {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"}, {0, NULL} diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 18dfc71..f5e650b 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -1,6 +1,6 @@ /* crypto/rsa/rsa_err.c */ /* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,38 +70,38 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) static ERR_STRING_DATA RSA_str_functs[] = { - {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"}, - {ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"}, + {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"}, + {ERR_FUNC(RSA_F_DO_RSA_PRINT), "do_rsa_print"}, {ERR_FUNC(RSA_F_FIPS_RSA_SIGN_DIGEST), "FIPS_rsa_sign_digest"}, {ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_rsa_verify"}, {ERR_FUNC(RSA_F_FIPS_RSA_VERIFY_DIGEST), "FIPS_rsa_verify_digest"}, - {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"}, + {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"}, {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, - {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"}, - {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"}, - {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"}, - {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"}, - {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"}, - {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "RSA_ALGOR_TO_MD"}, - {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, + {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"}, + {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"}, + {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"}, + {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"}, + {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "pkey_rsa_verifyrecover"}, + {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "rsa_algor_to_md"}, + {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"}, {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"}, - {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "RSA_CMS_DECRYPT"}, - {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, - {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, - {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, - {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, + {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"}, + {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_eay_private_decrypt"}, + {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_eay_private_encrypt"}, + {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_eay_public_decrypt"}, + {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_eay_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, - {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "RSA_ITEM_VERIFY"}, + {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"}, {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, - {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "RSA_MGF1_TO_MD"}, + {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "rsa_mgf1_to_md"}, {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"}, - {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"}, - {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"}, - {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"}, - {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"}, + {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_null_private_decrypt"}, + {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_null_private_encrypt"}, + {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_null_public_decrypt"}, + {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_null_public_encrypt"}, {ERR_FUNC(RSA_F_RSA_OAEP_TO_CTX), "RSA_OAEP_TO_CTX"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), @@ -131,9 +131,9 @@ static ERR_STRING_DATA RSA_str_functs[] = { {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, - {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"}, - {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "RSA_PSS_TO_CTX"}, - {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, + {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"}, + {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "rsa_pss_to_ctx"}, + {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "rsa_pub_decode"}, {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), diff --git a/crypto/store/str_err.c b/crypto/store/str_err.c index 9858e60..000acbf 100644 --- a/crypto/store/str_err.c +++ b/crypto/store/str_err.c @@ -1,6 +1,6 @@ /* crypto/store/str_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,13 +70,13 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason) static ERR_STRING_DATA STORE_str_functs[] = { - {ERR_FUNC(STORE_F_MEM_DELETE), "MEM_DELETE"}, - {ERR_FUNC(STORE_F_MEM_GENERATE), "MEM_GENERATE"}, - {ERR_FUNC(STORE_F_MEM_LIST_END), "MEM_LIST_END"}, - {ERR_FUNC(STORE_F_MEM_LIST_NEXT), "MEM_LIST_NEXT"}, - {ERR_FUNC(STORE_F_MEM_LIST_START), "MEM_LIST_START"}, - {ERR_FUNC(STORE_F_MEM_MODIFY), "MEM_MODIFY"}, - {ERR_FUNC(STORE_F_MEM_STORE), "MEM_STORE"}, + {ERR_FUNC(STORE_F_MEM_DELETE), "mem_delete"}, + {ERR_FUNC(STORE_F_MEM_GENERATE), "mem_generate"}, + {ERR_FUNC(STORE_F_MEM_LIST_END), "mem_list_end"}, + {ERR_FUNC(STORE_F_MEM_LIST_NEXT), "mem_list_next"}, + {ERR_FUNC(STORE_F_MEM_LIST_START), "mem_list_start"}, + {ERR_FUNC(STORE_F_MEM_MODIFY), "mem_modify"}, + {ERR_FUNC(STORE_F_MEM_STORE), "mem_store"}, {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR), "STORE_ATTR_INFO_get0_cstr"}, {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN), "STORE_ATTR_INFO_get0_dn"}, @@ -98,7 +98,7 @@ static ERR_STRING_DATA STORE_str_functs[] = { "STORE_ATTR_INFO_set_number"}, {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR), "STORE_ATTR_INFO_set_sha1str"}, - {ERR_FUNC(STORE_F_STORE_CERTIFICATE), "STORE_CERTIFICATE"}, + {ERR_FUNC(STORE_F_STORE_CERTIFICATE), "STORE_store_certificate"}, {ERR_FUNC(STORE_F_STORE_CTRL), "STORE_ctrl"}, {ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY), "STORE_delete_arbitrary"}, {ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE), "STORE_delete_certificate"}, diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 55ca19d..1b554c3 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -266,7 +266,7 @@ int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], STORE_OBJECT *object; int i; - check_store(s, STORE_F_STORE_CERTIFICATE, + check_store(s, STORE_F_STORE_STORE_CERTIFICATE, store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); object = STORE_OBJECT_new(); diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c index 3f5b78f..54bb366 100644 --- a/crypto/ts/ts_err.c +++ b/crypto/ts/ts_err.c @@ -71,35 +71,35 @@ static ERR_STRING_DATA TS_str_functs[] = { {ERR_FUNC(TS_F_D2I_TS_RESP), "d2i_TS_RESP"}, - {ERR_FUNC(TS_F_DEF_SERIAL_CB), "DEF_SERIAL_CB"}, - {ERR_FUNC(TS_F_DEF_TIME_CB), "DEF_TIME_CB"}, - {ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_ADD_SIGNING_CERT"}, - {ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT), "ESS_CERT_ID_NEW_INIT"}, - {ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT), "ESS_SIGNING_CERT_NEW_INIT"}, - {ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN), "INT_TS_RESP_VERIFY_TOKEN"}, + {ERR_FUNC(TS_F_DEF_SERIAL_CB), "def_serial_cb"}, + {ERR_FUNC(TS_F_DEF_TIME_CB), "def_time_cb"}, + {ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_add_signing_cert"}, + {ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT), "ess_CERT_ID_new_init"}, + {ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT), "ess_SIGNING_CERT_new_init"}, + {ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN), "int_ts_RESP_verify_token"}, {ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO), "PKCS7_to_TS_TST_INFO"}, {ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"}, {ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"}, {ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS), "TS_ACCURACY_set_seconds"}, - {ERR_FUNC(TS_F_TS_CHECK_IMPRINTS), "TS_CHECK_IMPRINTS"}, - {ERR_FUNC(TS_F_TS_CHECK_NONCES), "TS_CHECK_NONCES"}, - {ERR_FUNC(TS_F_TS_CHECK_POLICY), "TS_CHECK_POLICY"}, - {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"}, - {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"}, - {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"}, + {ERR_FUNC(TS_F_TS_CHECK_IMPRINTS), "ts_check_imprints"}, + {ERR_FUNC(TS_F_TS_CHECK_NONCES), "ts_check_nonces"}, + {ERR_FUNC(TS_F_TS_CHECK_POLICY), "ts_check_policy"}, + {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "ts_check_signing_certs"}, + {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "ts_check_status_info"}, + {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "ts_compute_imprint"}, {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"}, {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"}, {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"}, {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"}, {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"}, {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"}, - {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"}, + {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "ts_get_status_text"}, {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"}, {ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"}, {ERR_FUNC(TS_F_TS_REQ_SET_NONCE), "TS_REQ_set_nonce"}, {ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID), "TS_REQ_set_policy_id"}, {ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE), "TS_RESP_create_response"}, - {ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO), "TS_RESP_CREATE_TST_INFO"}, + {ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO), "ts_RESP_create_tst_info"}, {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO), "TS_RESP_CTX_add_failure_info"}, {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD), "TS_RESP_CTX_add_md"}, @@ -112,12 +112,12 @@ static ERR_STRING_DATA TS_str_functs[] = { "TS_RESP_CTX_set_signer_cert"}, {ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO), "TS_RESP_CTX_set_status_info"}, - {ERR_FUNC(TS_F_TS_RESP_GET_POLICY), "TS_RESP_GET_POLICY"}, + {ERR_FUNC(TS_F_TS_RESP_GET_POLICY), "ts_RESP_get_policy"}, {ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION), - "TS_RESP_SET_GENTIME_WITH_PRECISION"}, + "TS_RESP_set_genTime_with_precision"}, {ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO), "TS_RESP_set_status_info"}, {ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"}, - {ERR_FUNC(TS_F_TS_RESP_SIGN), "TS_RESP_SIGN"}, + {ERR_FUNC(TS_F_TS_RESP_SIGN), "ts_RESP_sign"}, {ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"}, {ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN), "TS_RESP_verify_token"}, {ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"}, @@ -129,7 +129,7 @@ static ERR_STRING_DATA TS_str_functs[] = { {ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME), "TS_TST_INFO_set_time"}, {ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA), "TS_TST_INFO_set_tsa"}, {ERR_FUNC(TS_F_TS_VERIFY), "TS_VERIFY"}, - {ERR_FUNC(TS_F_TS_VERIFY_CERT), "TS_VERIFY_CERT"}, + {ERR_FUNC(TS_F_TS_VERIFY_CERT), "ts_verify_cert"}, {ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW), "TS_VERIFY_CTX_new"}, {0, NULL} }; diff --git a/crypto/ui/ui_err.c b/crypto/ui/ui_err.c index 8097da8..650eed7 100644 --- a/crypto/ui/ui_err.c +++ b/crypto/ui/ui_err.c @@ -1,6 +1,6 @@ /* crypto/ui/ui_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,8 +70,8 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason) static ERR_STRING_DATA UI_str_functs[] = { - {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"}, - {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"}, + {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "general_allocate_boolean"}, + {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "general_allocate_prompt"}, {ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"}, {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"}, {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"}, diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index 43cde18..a6fae61 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* crypto/x509/x509_err.c */ /* ==================================================================== - * Copyright (c) 1999-2012 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,11 +70,11 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) static ERR_STRING_DATA X509_str_functs[] = { - {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, - {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, - {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, - {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, - {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, + {ERR_FUNC(X509_F_ADD_CERT_DIR), "add_cert_dir"}, + {ERR_FUNC(X509_F_BY_FILE_CTRL), "by_file_ctrl"}, + {ERR_FUNC(X509_F_CHECK_POLICY), "check_policy"}, + {ERR_FUNC(X509_F_DIR_CTRL), "dir_ctrl"}, + {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "get_cert_by_subject"}, {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 0138f7a..f9eb064 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -1,6 +1,6 @@ /* crypto/x509v3/v3err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,63 +70,63 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason) static ERR_STRING_DATA X509V3_str_functs[] = { - {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "A2I_GENERAL_NAME"}, + {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"}, {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), - "ASIDENTIFIERCHOICE_CANONIZE"}, + "ASIdentifierChoice_canonize"}, {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), - "ASIDENTIFIERCHOICE_IS_CANONICAL"}, - {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, - {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, - {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, + "ASIdentifierChoice_is_canonical"}, + {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"}, + {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"}, + {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"}, {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, - {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, - {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, + {ERR_FUNC(X509V3_F_DO_EXT_I2D), "do_ext_i2d"}, + {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "do_ext_nconf"}, {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"}, + {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "gnames_from_sectname"}, {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, - {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, + {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "i2s_ASN1_IA5STRING"}, {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), - "I2V_AUTHORITY_INFO_ACCESS"}, - {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, - {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, - {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, - {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, - {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, - {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, - {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, + "i2v_AUTHORITY_INFO_ACCESS"}, + {ERR_FUNC(X509V3_F_NOTICE_SECTION), "notice_section"}, + {ERR_FUNC(X509V3_F_NREF_NOS), "nref_nos"}, + {ERR_FUNC(X509V3_F_POLICY_SECTION), "policy_section"}, + {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "process_pci_value"}, + {ERR_FUNC(X509V3_F_R2I_CERTPOL), "r2i_certpol"}, + {ERR_FUNC(X509V3_F_R2I_PCI), "r2i_pci"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "s2i_ASN1_IA5STRING"}, {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, - {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, - {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "SET_DIST_POINT_NAME"}, + {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "s2i_skey_id"}, + {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "set_dist_point_name"}, {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, - {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, + {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "v2i_ASIdentifiers"}, {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), - "V2I_AUTHORITY_INFO_ACCESS"}, - {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, - {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, - {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, + "v2i_AUTHORITY_INFO_ACCESS"}, + {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "v2i_AUTHORITY_KEYID"}, + {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "v2i_BASIC_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_CRLD), "v2i_crld"}, + {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "v2i_EXTENDED_KEY_USAGE"}, {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, - {ERR_FUNC(X509V3_F_V2I_IDP), "V2I_IDP"}, - {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, - {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, - {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, - {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, - {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, + {ERR_FUNC(X509V3_F_V2I_IDP), "v2i_idp"}, + {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "v2i_IPAddrBlocks"}, + {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "v2i_issuer_alt"}, + {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "v2i_NAME_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "v2i_POLICY_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "v2i_POLICY_MAPPINGS"}, + {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "v2i_subject_alt"}, {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), - "V3_ADDR_VALIDATE_PATH_INTERNAL"}, - {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, + "v3_addr_validate_path_internal"}, + {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "v3_generic_extension"}, {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, @@ -167,7 +167,6 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), "incorrect policy syntax tag"}, - {ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS), "invalid multiple rdns"}, {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"}, {ERR_REASON(X509V3_R_INVALID_ASRANGE), "invalid asrange"}, {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"}, @@ -175,6 +174,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { "invalid extension string"}, {ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"}, {ERR_REASON(X509V3_R_INVALID_IPADDRESS), "invalid ipaddress"}, + {ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS), "invalid multiple rdns"}, {ERR_REASON(X509V3_R_INVALID_NAME), "invalid name"}, {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"}, {ERR_REASON(X509V3_R_INVALID_NULL_NAME), "invalid null name"}, diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index cbc4f59..b66ebc4 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -70,7 +70,7 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason) static ERR_STRING_DATA SSL_str_functs[] = { - {ERR_FUNC(SSL_F_CHECK_SUITEB_CIPHER_LIST), "CHECK_SUITEB_CIPHER_LIST"}, + {ERR_FUNC(SSL_F_CHECK_SUITEB_CIPHER_LIST), "check_suiteb_cipher_list"}, {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"}, {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "do_dtls1_write"}, {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"}, @@ -83,11 +83,12 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"}, {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"}, {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "dtls1_get_message"}, - {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"}, + {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), + "DTLS1_GET_MESSAGE_FRAGMENT"}, {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "dtls1_get_record"}, {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "dtls1_handle_timeout"}, {ERR_FUNC(SSL_F_DTLS1_HEARTBEAT), "dtls1_heartbeat"}, - {ERR_FUNC(SSL_F_DTLS1_LISTEN), "DTLS1_LISTEN"}, + {ERR_FUNC(SSL_F_DTLS1_LISTEN), "dtls1_listen"}, {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "dtls1_output_cert_chain"}, {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"}, {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), @@ -111,7 +112,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "dtls1_send_server_hello"}, {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "dtls1_send_server_key_exchange"}, - {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "dtls1_write_app_data_bytes"}, + {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), + "dtls1_write_app_data_bytes"}, {ERR_FUNC(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC), "dtls_construct_change_cipher_spec"}, {ERR_FUNC(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST), @@ -132,10 +134,12 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL3_CONNECT), "ssl3_connect"}, {ERR_FUNC(SSL_F_SSL3_CTRL), "ssl3_ctrl"}, {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "ssl3_ctx_ctrl"}, - {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), "ssl3_digest_cached_records"}, - {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "ssl3_do_change_cipher_spec"}, + {ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS), + "ssl3_digest_cached_records"}, + {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), + "ssl3_do_change_cipher_spec"}, {ERR_FUNC(SSL_F_SSL3_ENC), "ssl3_enc"}, - {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, + {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "ssl3_generate_key_block"}, {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "ssl3_get_certificate_request"}, {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "ssl3_get_cert_status"}, @@ -185,10 +189,11 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "ssl3_write_bytes"}, {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "ssl3_write_pending"}, {ERR_FUNC(SSL_F_SSL_ADD_CERT_CHAIN), "ssl_add_cert_chain"}, - {ERR_FUNC(SSL_F_SSL_ADD_CERT_TO_BUF), "SSL_ADD_CERT_TO_BUF"}, + {ERR_FUNC(SSL_F_SSL_ADD_CERT_TO_BUF), "ssl_add_cert_to_buf"}, {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "ssl_add_clienthello_renegotiate_ext"}, - {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "ssl_add_clienthello_tlsext"}, + {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), + "ssl_add_clienthello_tlsext"}, {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT), "ssl_add_clienthello_use_srtp_ext"}, {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), @@ -197,7 +202,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { "SSL_add_file_cert_subjects_to_stack"}, {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "ssl_add_serverhello_renegotiate_ext"}, - {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "ssl_add_serverhello_tlsext"}, + {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), + "ssl_add_serverhello_tlsext"}, {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT), "ssl_add_serverhello_use_srtp_ext"}, {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "ssl_bad_method"}, @@ -210,11 +216,12 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_CERT_SET0_CHAIN), "ssl_cert_set0_chain"}, {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"}, {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), - "SSL_CHECK_SERVERHELLO_TLSEXT"}, + "ssl_check_serverhello_tlsext"}, {ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG), "ssl_check_srvr_ecc_cert_and_alg"}, - {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"}, - {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"}, + {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), + "ssl_cipher_process_rulestr"}, + {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "ssl_cipher_strength_sort"}, {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"}, {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"}, @@ -222,7 +229,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "ssl_create_cipher_list"}, {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"}, {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, - {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "SSL_CTX_MAKE_PROFILES"}, + {ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES), "ssl_ctx_make_profiles"}, {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), @@ -255,7 +262,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"}, {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "ssl_get_new_session"}, {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "ssl_get_prev_session"}, - {ERR_FUNC(SSL_F_SSL_GET_SERVER_CERT_INDEX), "SSL_GET_SERVER_CERT_INDEX"}, + {ERR_FUNC(SSL_F_SSL_GET_SERVER_CERT_INDEX), "ssl_get_server_cert_index"}, {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"}, {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "ssl_get_server_send_pkey"}, {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "ssl_get_sign_pkey"}, @@ -281,24 +288,26 @@ static ERR_STRING_DATA SSL_str_functs[] = { "ssl_prepare_serverhello_tlsext"}, {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, {ERR_FUNC(SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT), - "SSL_SCAN_CLIENTHELLO_TLSEXT"}, + "ssl_scan_clienthello_tlsext"}, {ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT), - "SSL_SCAN_SERVERHELLO_TLSEXT"}, + "ssl_scan_serverhello_tlsext"}, {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"}, {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), "SSL_SESSION_set1_id_context"}, {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "ssl_sess_cert_new"}, - {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"}, + {ERR_FUNC(SSL_F_SSL_SET_CERT), "ssl_set_cert"}, {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"}, {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"}, - {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"}, + {ERR_FUNC(SSL_F_SSL_SET_PKEY), "ssl_set_pkey"}, {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"}, {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"}, {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"}, - {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, - {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, + {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), + "SSL_set_session_id_context"}, + {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), + "SSL_set_session_ticket_ext"}, {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, {ERR_FUNC(SSL_F_SSL_SET_VERSION), "SSL_SET_VERSION"}, {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, @@ -317,8 +326,10 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"}, {ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT), "SSL_use_psk_identity_hint"}, {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"}, - {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"}, - {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"}, + {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), + "SSL_use_RSAPrivateKey_ASN1"}, + {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), + "SSL_use_RSAPrivateKey_file"}, {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "ssl_verify_cert_chain"}, {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"}, {ERR_FUNC(SSL_F_STATE_MACHINE), "STATE_MACHINE"}, @@ -330,13 +341,13 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_TLS1_ENC), "tls1_enc"}, {ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL), "tls1_export_keying_material"}, - {ERR_FUNC(SSL_F_TLS1_GET_CURVELIST), "TLS1_GET_CURVELIST"}, + {ERR_FUNC(SSL_F_TLS1_GET_CURVELIST), "tls1_get_curvelist"}, {ERR_FUNC(SSL_F_TLS1_HEARTBEAT), "tls1_heartbeat"}, {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, - {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, + {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_PRF"}, {ERR_FUNC(SSL_F_TLS1_PROCESS_HEARTBEAT), "tls1_process_heartbeat"}, {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"}, {ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"}, @@ -346,7 +357,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { "tls_construct_certificate_request"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE), "tls_construct_client_certificate"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO), "tls_construct_client_hello"}, + {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO), + "tls_construct_client_hello"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE), "tls_construct_client_key_exchange"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY), @@ -357,7 +369,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE), "tls_construct_server_certificate"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"}, - {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_HELLO), "tls_construct_server_hello"}, + {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_HELLO), + "tls_construct_server_hello"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE), "tls_construct_server_key_exchange"}, {ERR_FUNC(SSL_F_TLS_GET_MESSAGE_BODY), "tls_get_message_body"}, @@ -388,7 +401,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { "tls_process_server_certificate"}, {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_DONE), "tls_process_server_done"}, {ERR_FUNC(SSL_F_TLS_PROCESS_SERVER_HELLO), "tls_process_server_hello"}, - {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE), "use_certificate_chain_file"}, + {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE), + "use_certificate_chain_file"}, {0, NULL} }; @@ -443,14 +457,16 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_BAD_VALUE), "bad value"}, {ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"}, {ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"}, - {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"}, + {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), + "block cipher pad is wrong"}, {ERR_REASON(SSL_R_BN_LIB), "bn lib"}, {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH), "ca dn length mismatch"}, {ERR_REASON(SSL_R_CA_DN_TOO_LONG), "ca dn too long"}, {ERR_REASON(SSL_R_CA_KEY_TOO_SMALL), "ca key too small"}, {ERR_REASON(SSL_R_CA_MD_TOO_WEAK), "ca md too weak"}, {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY), "ccs received early"}, - {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"}, + {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), + "certificate verify failed"}, {ERR_REASON(SSL_R_CERT_CB_ERROR), "cert cb error"}, {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"}, {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"}, @@ -463,7 +479,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"}, {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"}, - {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"}, + {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), + "compression library error"}, {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"}, {ERR_REASON(SSL_R_COOKIE_GEN_CALLBACK_FAILURE), "cookie gen callback failure"}, @@ -494,7 +511,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL), "ee key too small"}, {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"}, - {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"}, + {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), + "encrypted length too long"}, {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"}, {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), @@ -536,7 +554,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_MISSING_ECDH_CERT), "missing ecdh cert"}, {ERR_REASON(SSL_R_MISSING_ECDSA_SIGNING_CERT), "missing ecdsa signing cert"}, - {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"}, + {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), + "missing export tmp dh key"}, {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"}, {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, @@ -574,7 +593,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "no shared sigature algorithms"}, {ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"}, {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK), "no verify callback"}, - {ERR_REASON(SSL_R_NO_VERIFY_COOKIE_CALLBACK), "no verify cookie callback"}, + {ERR_REASON(SSL_R_NO_VERIFY_COOKIE_CALLBACK), + "no verify cookie callback"}, {ERR_REASON(SSL_R_NULL_SSL_CTX), "null ssl ctx"}, {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"}, {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), @@ -587,7 +607,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "only TLS 1.2 allowed in Suite B mode"}, {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"}, - {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), "opaque PRF input too long"}, + {ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG), + "opaque PRF input too long"}, {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"}, {ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"}, {ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"}, @@ -635,7 +656,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"}, {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"}, - {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"}, + {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), + "ssl3 session id too short"}, {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"}, {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), @@ -671,11 +693,13 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "ssl session id context too long"}, {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), + "tlsv1 alert access denied"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"}, - {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"}, + {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), + "tlsv1 alert decrypt error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), @@ -716,7 +740,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "tls peer did not respond with certificate list"}, {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"}, - {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"}, + {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), + "unable to decode dh certs"}, {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"}, {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), @@ -725,7 +750,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "unable to find ecdh parameters"}, {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"}, - {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"}, + {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), + "unable to find ssl method"}, {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"}, {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), @@ -739,10 +765,12 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE), "unknown cipher type"}, {ERR_REASON(SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"}, {ERR_REASON(SSL_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"}, + {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), + "unknown key exchange type"}, {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"}, {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"}, - {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"}, + {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), + "unknown remote error type"}, {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION), "unknown ssl version"}, {ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"}, {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), diff --git a/util/mkerr.pl b/util/mkerr.pl index 8a51588..95f2883 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -328,9 +328,18 @@ foreach $file (@source) { next if exists $cskip{$file}; print STDERR "File loaded: ".$file."\r" if $debug; open(IN, "<$file") || die "Can't open source file $file\n"; + my $func; + my $linenr = 0; while() { # skip obsoleted source files entirely! last if(/^#error\s+obsolete/); + $linenr++; + if (!/;$/ && /^\**([a-zA-Z_].*[\s*])?([A-Za-z_0-9]+)\(.*([),]|$)/) + { + /^([^()]*(\([^()]*\)[^()]*)*)\(/; + $1 =~ /([A-Za-z_0-9]*)$/; + $func = $1; + } if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) { next unless exists $csrc{$2}; @@ -340,7 +349,11 @@ foreach $file (@source) { $fcodes{$1} = "X"; $fnew{$2}++; } - $notrans{$1} = 1 unless exists $ftrans{$3}; + $ftrans{$3} = $func unless exists $ftrans{$3}; + if (uc $func ne $3) { + print STDERR "ERROR: mismatch $file:$linenr $func:$3\n"; + $errcount++; + } print STDERR "Function: $1\t= $fcodes{$1} (lib: $2, name: $3)\n" if $debug; } if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) { From matt at openssl.org Fri Nov 6 15:37:04 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Nov 2015 15:37:04 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446824224.071993.20425.nullmailer@dev.openssl.org> The branch master has been updated via 8d16c58fa4d4ef1d6394c2a6ad5ca93c095808e6 (commit) via e6575156204dfd50a63f6afbe98f6714d0799764 (commit) from b8fb59897b707d53137a66ec054173c161a9f0ae (commit) - Log ----------------------------------------------------------------- commit 8d16c58fa4d4ef1d6394c2a6ad5ca93c095808e6 Author: Matt Caswell Date: Fri Nov 6 09:54:39 2015 +0000 Remove some redundant assignments We were setting |s->renegotiate| and |s->new_session| to 0 twice in tls_finish_handshake. This is redundant so now we just do it once! Reviewed-by: Viktor Dukhovni commit e6575156204dfd50a63f6afbe98f6714d0799764 Author: Matt Caswell Date: Fri Nov 6 09:47:18 2015 +0000 Don't finish the handshake twice We finish the handshake when we move into the TLS_ST_OK state. At various points we were also unnecessarily finishing it when we were reading/writing the Finished message. It's much simpler just to do it in TLS_ST_OK, so remove the other calls. Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_clnt.c | 8 -------- ssl/statem/statem_lib.c | 5 +---- ssl/statem/statem_srvr.c | 6 ------ 3 files changed, 1 insertion(+), 18 deletions(-) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index c9d760f..4684098 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -622,9 +622,6 @@ WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst) #endif if (statem_flush(s) != 1) return WORK_MORE_B; - - if (s->hit && tls_finish_handshake(s, WORK_MORE_A) != 1) - return WORK_ERROR; break; default: @@ -801,11 +798,6 @@ WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst) return WORK_FINISHED_STOP; #endif - case TLS_ST_CR_FINISHED: - if (!s->hit) - return tls_finish_handshake(s, wst); - else - return WORK_FINISHED_STOP; default: break; } diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 2c100dc..2f13e92 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -331,7 +331,7 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt) s->s3->previous_server_finished_len = i; } - return MSG_PROCESS_CONTINUE_PROCESSING; + return MSG_PROCESS_FINISHED_READING; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); ossl_statem_set_error(s); @@ -405,9 +405,6 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst) s->new_session = 0; if (s->server) { - s->renegotiate = 0; - s->new_session = 0; - ssl_update_cache(s, SSL_SESS_CACHE_SERVER); s->ctx->stats.sess_accept_good++; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 6f51d5d..0689da0 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -876,12 +876,6 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst) #endif return WORK_FINISHED_CONTINUE; - - case TLS_ST_SR_FINISHED: - if (s->hit) - return tls_finish_handshake(s, wst); - else - return WORK_FINISHED_STOP; default: break; } From matt at openssl.org Fri Nov 6 15:42:42 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Nov 2015 15:42:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446824562.349398.27633.nullmailer@dev.openssl.org> The branch master has been updated via d99b0691d3a5d215e8d4dbe1b7224e066153fe2c (commit) from 8d16c58fa4d4ef1d6394c2a6ad5ca93c095808e6 (commit) - Log ----------------------------------------------------------------- commit d99b0691d3a5d215e8d4dbe1b7224e066153fe2c Author: Matt Caswell Date: Fri Nov 6 10:25:08 2015 +0000 Fix compilation problems with SCTP The SCTP code is not compiled by default. This fixes some compilation problems in that code. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem.c | 2 +- ssl/statem/statem_srvr.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 3a44846..bc3fc54 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -884,7 +884,7 @@ void ossl_statem_set_sctp_read_sock(SSL *s, int read_sock) * 1: Yes (we are in the read sock state) * 0: No (we are not in the read sock state) */ -int statem_in_sctp_read_sock(SSL *s) +int ossl_statem_in_sctp_read_sock(SSL *s) { return s->statem.in_sctp_read_sock; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 0689da0..e54672a 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -868,10 +868,10 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst) s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); - statem_set_sctp_read_sock(s, 1); + ossl_statem_set_sctp_read_sock(s, 1); return WORK_MORE_A; } else { - ossl_ossl_statem_set_sctp_read_sock(s, 0); + ossl_statem_set_sctp_read_sock(s, 0); } #endif return WORK_FINISHED_CONTINUE; @@ -2927,7 +2927,7 @@ WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst) s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); - statem_set_sctp_read_sock(s, 1); + ossl_statem_set_sctp_read_sock(s, 1); return WORK_MORE_B; } else { ossl_statem_set_sctp_read_sock(s, 0); From steve at openssl.org Sun Nov 8 14:04:41 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Nov 2015 14:04:41 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1446991481.297750.2776.nullmailer@dev.openssl.org> The branch master has been updated via 36e79832d33a5e5ec11a21071c4889ff25d47075 (commit) via 90d9e49a4b2344a7a313eed70becb6cd3bf152e9 (commit) from d99b0691d3a5d215e8d4dbe1b7224e066153fe2c (commit) - Log ----------------------------------------------------------------- commit 36e79832d33a5e5ec11a21071c4889ff25d47075 Author: Dr. Stephen Henson Date: Sat Nov 7 13:22:54 2015 +0000 Replace L suffix with U Reviewed-by: Andy Polyakov commit 90d9e49a4b2344a7a313eed70becb6cd3bf152e9 Author: Dr. Stephen Henson Date: Thu Nov 5 16:14:17 2015 +0000 Use uint32_t and int32_t for SSL_CIPHER structure. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: include/openssl/ssl.h | 82 ++++++++++++------------- ssl/s3_lib.c | 6 +- ssl/ssl_ciph.c | 87 +++++++++++++-------------- ssl/ssl_lib.c | 24 ++++---- ssl/ssl_locl.h | 162 +++++++++++++++++++++++++------------------------- ssl/t1_lib.c | 2 +- test/ssltest.c | 4 +- 7 files changed, 180 insertions(+), 187 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 6dc88c8..28322eb 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -357,17 +357,17 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, size_t inlen, int *al, void *parse_arg); /* Allow initial connection to servers that don't support RI */ -# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L +# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U /* Removed from OpenSSL 0.9.8q and 1.0.0c */ /* Dead forever, see CVE-2010-4180. */ -# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0L -# define SSL_OP_TLSEXT_PADDING 0x00000010L -# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L -# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L -# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L -# define SSL_OP_TLS_D5_BUG 0x00000100L +# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0U +# define SSL_OP_TLSEXT_PADDING 0x00000010U +# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020U +# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080U +# define SSL_OP_TLS_D5_BUG 0x00000100U /* Removed from OpenSSL 1.1.0 */ -# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0L +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 @@ -385,55 +385,55 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, * SSL_OP_ALL. */ /* added in 0.9.6e */ -# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L +# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U /* * SSL_OP_ALL: various bug workarounds that should be rather harmless. This * used to be 0x000FFFFFL before 0.9.7. */ -# define SSL_OP_ALL 0x80000BFFL +# define SSL_OP_ALL 0x80000BFFU /* DTLS options */ -# define SSL_OP_NO_QUERY_MTU 0x00001000L +# define SSL_OP_NO_QUERY_MTU 0x00001000U /* Turn on Cookie Exchange (on relevant for servers) */ -# define SSL_OP_COOKIE_EXCHANGE 0x00002000L +# define SSL_OP_COOKIE_EXCHANGE 0x00002000U /* Don't use RFC4507 ticket extension */ -# define SSL_OP_NO_TICKET 0x00004000L +# define SSL_OP_NO_TICKET 0x00004000U /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ -# define SSL_OP_CISCO_ANYCONNECT 0x00008000L +# define SSL_OP_CISCO_ANYCONNECT 0x00008000U /* As server, disallow session resumption on renegotiation */ -# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L +# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U /* Don't use compression even if supported */ -# define SSL_OP_NO_COMPRESSION 0x00020000L +# define SSL_OP_NO_COMPRESSION 0x00020000U /* Permit unsafe legacy renegotiation */ -# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L +# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U /* If set, always create a new key when using tmp_ecdh parameters */ -# define SSL_OP_SINGLE_ECDH_USE 0x00080000L +# define SSL_OP_SINGLE_ECDH_USE 0x00080000U /* If set, always create a new key when using tmp_dh parameters */ -# define SSL_OP_SINGLE_DH_USE 0x00100000L +# define SSL_OP_SINGLE_DH_USE 0x00100000U /* Does nothing: retained for compatibiity */ # define SSL_OP_EPHEMERAL_RSA 0x0 /* * Set on servers to choose the cipher according to the server's preferences */ -# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L +# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U /* * If set, a server will allow a client to issue a SSLv3.0 version number as * latest version supported in the premaster secret, even when TLSv1.0 * (version 3.1) was announced in the client hello. Normally this is * forbidden to prevent version rollback attacks. */ -# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L +# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U -# define SSL_OP_NO_SSLv2 0x00000000L -# define SSL_OP_NO_SSLv3 0x02000000L -# define SSL_OP_NO_TLSv1 0x04000000L -# define SSL_OP_NO_TLSv1_2 0x08000000L -# define SSL_OP_NO_TLSv1_1 0x10000000L +# define SSL_OP_NO_SSLv2 0x00000000U +# define SSL_OP_NO_SSLv3 0x02000000U +# define SSL_OP_NO_TLSv1 0x04000000U +# define SSL_OP_NO_TLSv1_2 0x08000000U +# define SSL_OP_NO_TLSv1_1 0x10000000U -# define SSL_OP_NO_DTLSv1 0x04000000L -# define SSL_OP_NO_DTLSv1_2 0x08000000L +# define SSL_OP_NO_DTLSv1 0x04000000U +# define SSL_OP_NO_DTLSv1_2 0x08000000U # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) @@ -442,45 +442,45 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_OP_PKCS1_CHECK_1 0x0 # define SSL_OP_PKCS1_CHECK_2 0x0 # define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 -# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0L +# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0U /* * Make server add server-hello extension from early version of cryptopro * draft, when GOST ciphersuite is negotiated. Required for interoperability * with CryptoPro CSP 3.x */ -# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L +# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U /* * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */ -# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L +# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U /* * Make it possible to retry SSL_write() with changed buffer location (buffer * contents must stay the same!); this is not the default to avoid the * misconception that non-blocking SSL_write() behaves like non-blocking * write(): */ -# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L +# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U /* * Never bother the application with retries if the transport is blocking: */ -# define SSL_MODE_AUTO_RETRY 0x00000004L +# define SSL_MODE_AUTO_RETRY 0x00000004U /* Don't attempt to automatically build certificate chain */ -# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L +# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U /* * Save RAM by releasing read and write buffers when they're empty. (SSL3 and * TLS only.) "Released" buffers are put onto a free-list in the context or * just freed (depending on the context's setting for freelist_max_len). */ -# define SSL_MODE_RELEASE_BUFFERS 0x00000010L +# define SSL_MODE_RELEASE_BUFFERS 0x00000010U /* * Send the current time in the Random fields of the ClientHello and * ServerHello records for compatibility with hypothetical implementations * that require it. */ -# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L -# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L +# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U /* * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications * that reconnect with a downgraded protocol version; see @@ -489,14 +489,14 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, * fallback retries, following the guidance in * draft-ietf-tls-downgrade-scsv-00. */ -# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L +# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U /* Cert related flags */ /* * Many implementations ignore some aspects of the TLS standards such as * enforcing certifcate chain algorithms. When this is set we enforce them. */ -# define SSL_CERT_FLAG_TLS_STRICT 0x00000001L +# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U /* Suite B modes, takes same values as certificate verify flags */ # define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 @@ -1380,10 +1380,10 @@ __owur int SSL_clear(SSL *s); void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); __owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); -__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +__owur int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits); __owur char *SSL_CIPHER_get_version(const SSL_CIPHER *c); __owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); -__owur unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); +__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); __owur int SSL_get_fd(const SSL *s); __owur int SSL_get_rfd(const SSL *s); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 39d08a0..1c7e7a2 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4763,9 +4763,9 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) { SSL_CIPHER c; const SSL_CIPHER *cp; - unsigned long id; + uint32_t id; - id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1]; + id = 0x03000000 | ((uint32_t)p[0] << 8L) | (uint32_t)p[1]; c.id = id; cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); #ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES @@ -4915,7 +4915,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) { int ret = 0; int nostrict = 1; - unsigned long alg_k, alg_a = 0; + uint32_t alg_k, alg_a = 0; /* If we have custom certificate types set, use them */ if (s->cert->ctypes) { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 46763d7..581c8a0 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -173,7 +173,7 @@ /* NB: make sure indices in these tables match values above */ typedef struct { - unsigned long mask; + uint32_t mask; int nid; } ssl_cipher_table; @@ -239,7 +239,7 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = { /* Utility function for table lookup */ static int ssl_cipher_info_find(const ssl_cipher_table * table, - size_t table_cnt, unsigned long mask) + size_t table_cnt, uint32_t mask) { size_t i; for (i = 0; i < table_cnt; i++, table++) { @@ -463,10 +463,10 @@ static int get_optional_pkey_id(const char *pkey_name) #endif /* masks of disabled algorithms */ -static unsigned long disabled_enc_mask; -static unsigned long disabled_mac_mask; -static unsigned long disabled_mkey_mask; -static unsigned long disabled_auth_mask; +static uint32_t disabled_enc_mask; +static uint32_t disabled_mac_mask; +static uint32_t disabled_mkey_mask; +static uint32_t disabled_auth_mask; void ssl_load_ciphers(void) { @@ -745,11 +745,11 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, - unsigned long disabled_mkey, - unsigned long disabled_auth, - unsigned long disabled_enc, - unsigned long disabled_mac, - unsigned long disabled_ssl, + uint32_t disabled_mkey, + uint32_t disabled_auth, + uint32_t disabled_enc, + uint32_t disabled_mac, + uint32_t disabled_ssl, CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) @@ -813,21 +813,21 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases, - unsigned long disabled_mkey, - unsigned long disabled_auth, - unsigned long disabled_enc, - unsigned long disabled_mac, - unsigned long disabled_ssl, + uint32_t disabled_mkey, + uint32_t disabled_auth, + uint32_t disabled_enc, + uint32_t disabled_mac, + uint32_t disabled_ssl, CIPHER_ORDER *head) { CIPHER_ORDER *ciph_curr; const SSL_CIPHER **ca_curr; int i; - unsigned long mask_mkey = ~disabled_mkey; - unsigned long mask_auth = ~disabled_auth; - unsigned long mask_enc = ~disabled_enc; - unsigned long mask_mac = ~disabled_mac; - unsigned long mask_ssl = ~disabled_ssl; + uint32_t mask_mkey = ~disabled_mkey; + uint32_t mask_auth = ~disabled_auth; + uint32_t mask_enc = ~disabled_enc; + uint32_t mask_mac = ~disabled_mac; + uint32_t mask_ssl = ~disabled_ssl; /* * First, add the real ciphers as already collected @@ -847,11 +847,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, * or represent a cipher strength value (will be added in any case because algorithms=0). */ for (i = 0; i < num_of_group_aliases; i++) { - unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey; - unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth; - unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc; - unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac; - unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl; + uint32_t algorithm_mkey = cipher_aliases[i].algorithm_mkey; + uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth; + uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc; + uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac; + uint32_t algorithm_ssl = cipher_aliases[i].algorithm_ssl; if (algorithm_mkey) if ((algorithm_mkey & mask_mkey) == 0) @@ -880,14 +880,11 @@ static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, *ca_curr = NULL; /* end of list */ } -static void ssl_cipher_apply_rule(unsigned long cipher_id, - unsigned long alg_mkey, - unsigned long alg_auth, - unsigned long alg_enc, - unsigned long alg_mac, - unsigned long alg_ssl, - unsigned long algo_strength, int rule, - int strength_bits, CIPHER_ORDER **head_p, +static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, + uint32_t alg_auth, uint32_t alg_enc, + uint32_t alg_mac, uint32_t alg_ssl, + uint32_t algo_strength, int rule, + int32_t strength_bits, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { CIPHER_ORDER *head, *tail, *curr, *next, *last; @@ -1024,7 +1021,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { - int max_strength_bits, i, *number_uses; + int32_t max_strength_bits; + int i, *number_uses; CIPHER_ORDER *curr; /* @@ -1073,11 +1071,10 @@ static int ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list, CERT *c) { - unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, - algo_strength; + uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength; const char *l, *buf; int j, multi, found, rule, retval, ok, buflen; - unsigned long cipher_id = 0; + uint32_t cipher_id = 0; char ch; retval = 1; @@ -1409,7 +1406,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK const char *rule_str, CERT *c) { int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; - unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, + uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl; STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list; const char *rule_p; @@ -1607,7 +1604,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) int is_export, pkl, kl; const char *ver, *exp_str; const char *kx, *au, *enc, *mac; - unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; + uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; @@ -1829,19 +1826,19 @@ const char *SSL_CIPHER_get_name(const SSL_CIPHER *c) } /* number of bits for symmetric cipher */ -int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits) +int32_t SSL_CIPHER_get_bits(const SSL_CIPHER *c, uint32_t *alg_bits) { - int ret = 0; + int32_t ret = 0; if (c != NULL) { if (alg_bits != NULL) *alg_bits = c->alg_bits; ret = c->strength_bits; } - return (ret); + return ret; } -unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c) +uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c) { return c->id; } @@ -1970,7 +1967,7 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp) /* For a cipher return the index corresponding to the certificate type */ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) { - unsigned long alg_k, alg_a; + uint32_t alg_k, alg_a; alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a8e2093..0674cb4 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1224,25 +1224,21 @@ long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) { - long l; - - l = a->id - b->id; - if (l == 0L) - return (0); - else - return ((l > 0) ? 1 : -1); + if (a->id > b->id) + return 1; + if (a->id < b->id) + return -1; + return 0; } int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp) { - long l; - - l = (*ap)->id - (*bp)->id; - if (l == 0L) - return (0); - else - return ((l > 0) ? 1 : -1); + if ((*ap)->id > (*bp)->id) + return 1; + if ((*ap)->id < (*bp)->id) + return -1; + return 0; } /** return a STACK of the ciphers available for the SSL and in order of diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 5a94066..e174def 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -293,33 +293,33 @@ /* Bits for algorithm_mkey (key exchange algorithm) */ /* RSA key exchange */ -# define SSL_kRSA 0x00000001L +# define SSL_kRSA 0x00000001U /* DH cert, RSA CA cert */ -# define SSL_kDHr 0x00000002L +# define SSL_kDHr 0x00000002U /* DH cert, DSA CA cert */ -# define SSL_kDHd 0x00000004L +# define SSL_kDHd 0x00000004U /* tmp DH key no DH cert */ -# define SSL_kDHE 0x00000008L +# define SSL_kDHE 0x00000008U /* synonym */ # define SSL_kEDH SSL_kDHE /* ECDH cert, RSA CA cert */ -# define SSL_kECDHr 0x00000020L +# define SSL_kECDHr 0x00000020U /* ECDH cert, ECDSA CA cert */ -# define SSL_kECDHe 0x00000040L +# define SSL_kECDHe 0x00000040U /* ephemeral ECDH */ -# define SSL_kECDHE 0x00000080L +# define SSL_kECDHE 0x00000080U /* synonym */ # define SSL_kEECDH SSL_kECDHE /* PSK */ -# define SSL_kPSK 0x00000100L +# define SSL_kPSK 0x00000100U /* GOST key exchange */ -# define SSL_kGOST 0x00000200L +# define SSL_kGOST 0x00000200U /* SRP */ -# define SSL_kSRP 0x00000400L +# define SSL_kSRP 0x00000400U -# define SSL_kRSAPSK 0x00000800L -# define SSL_kECDHEPSK 0x00001000L -# define SSL_kDHEPSK 0x00002000L +# define SSL_kRSAPSK 0x00000800U +# define SSL_kECDHEPSK 0x00001000U +# define SSL_kDHEPSK 0x00002000U /* all PSK */ @@ -327,62 +327,62 @@ /* Bits for algorithm_auth (server authentication) */ /* RSA auth */ -# define SSL_aRSA 0x00000001L +# define SSL_aRSA 0x00000001U /* DSS auth */ -# define SSL_aDSS 0x00000002L +# define SSL_aDSS 0x00000002U /* no auth (i.e. use ADH or AECDH) */ -# define SSL_aNULL 0x00000004L +# define SSL_aNULL 0x00000004U /* Fixed DH auth (kDHd or kDHr) */ -# define SSL_aDH 0x00000008L +# define SSL_aDH 0x00000008U /* Fixed ECDH auth (kECDHe or kECDHr) */ -# define SSL_aECDH 0x00000010L +# define SSL_aECDH 0x00000010U /* ECDSA auth*/ -# define SSL_aECDSA 0x00000040L +# define SSL_aECDSA 0x00000040U /* PSK auth */ -# define SSL_aPSK 0x00000080L +# define SSL_aPSK 0x00000080U /* GOST R 34.10-2001 signature auth */ -# define SSL_aGOST01 0x00000200L +# define SSL_aGOST01 0x00000200U /* SRP auth */ -# define SSL_aSRP 0x00000400L +# define SSL_aSRP 0x00000400U /* Bits for algorithm_enc (symmetric encryption) */ -# define SSL_DES 0x00000001L -# define SSL_3DES 0x00000002L -# define SSL_RC4 0x00000004L -# define SSL_RC2 0x00000008L -# define SSL_IDEA 0x00000010L -# define SSL_eNULL 0x00000020L -# define SSL_AES128 0x00000040L -# define SSL_AES256 0x00000080L -# define SSL_CAMELLIA128 0x00000100L -# define SSL_CAMELLIA256 0x00000200L -# define SSL_eGOST2814789CNT 0x00000400L -# define SSL_SEED 0x00000800L -# define SSL_AES128GCM 0x00001000L -# define SSL_AES256GCM 0x00002000L -# define SSL_AES128CCM 0x00004000L -# define SSL_AES256CCM 0x00008000L -# define SSL_AES128CCM8 0x00010000L -# define SSL_AES256CCM8 0x00020000L +# define SSL_DES 0x00000001U +# define SSL_3DES 0x00000002U +# define SSL_RC4 0x00000004U +# define SSL_RC2 0x00000008U +# define SSL_IDEA 0x00000010U +# define SSL_eNULL 0x00000020U +# define SSL_AES128 0x00000040U +# define SSL_AES256 0x00000080U +# define SSL_CAMELLIA128 0x00000100U +# define SSL_CAMELLIA256 0x00000200U +# define SSL_eGOST2814789CNT 0x00000400U +# define SSL_SEED 0x00000800U +# define SSL_AES128GCM 0x00001000U +# define SSL_AES256GCM 0x00002000U +# define SSL_AES128CCM 0x00004000U +# define SSL_AES256CCM 0x00008000U +# define SSL_AES128CCM8 0x00010000U +# define SSL_AES256CCM8 0x00020000U # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) /* Bits for algorithm_mac (symmetric authentication) */ -# define SSL_MD5 0x00000001L -# define SSL_SHA1 0x00000002L -# define SSL_GOST94 0x00000004L -# define SSL_GOST89MAC 0x00000008L -# define SSL_SHA256 0x00000010L -# define SSL_SHA384 0x00000020L +# define SSL_MD5 0x00000001U +# define SSL_SHA1 0x00000002U +# define SSL_GOST94 0x00000004U +# define SSL_GOST89MAC 0x00000008U +# define SSL_SHA256 0x00000010U +# define SSL_SHA384 0x00000020U /* Not a real MAC, just an indication it is part of cipher */ -# define SSL_AEAD 0x00000040L +# define SSL_AEAD 0x00000040U /* Bits for algorithm_ssl (protocol version) */ -# define SSL_SSLV3 0x00000002L +# define SSL_SSLV3 0x00000002U # define SSL_TLSV1 SSL_SSLV3/* for now */ -# define SSL_TLSV1_2 0x00000004L +# define SSL_TLSV1_2 0x00000004U /* Bits for algorithm2 (handshake digests and other extra flags) */ @@ -428,24 +428,24 @@ * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would * be possible. */ -# define SSL_EXP_MASK 0x00000003L -# define SSL_STRONG_MASK 0x000001fcL -# define SSL_DEFAULT_MASK 0X00000200L +# define SSL_EXP_MASK 0x00000003U +# define SSL_STRONG_MASK 0x000001fcU +# define SSL_DEFAULT_MASK 0X00000200U -# define SSL_NOT_EXP 0x00000001L -# define SSL_EXPORT 0x00000002L +# define SSL_NOT_EXP 0x00000001U +# define SSL_EXPORT 0x00000002U -# define SSL_STRONG_NONE 0x00000004L -# define SSL_EXP40 0x00000008L +# define SSL_STRONG_NONE 0x00000004U +# define SSL_EXP40 0x00000008U # define SSL_MICRO (SSL_EXP40) -# define SSL_EXP56 0x00000010L +# define SSL_EXP56 0x00000010U # define SSL_MINI (SSL_EXP56) -# define SSL_LOW 0x00000020L -# define SSL_MEDIUM 0x00000040L -# define SSL_HIGH 0x00000080L -# define SSL_FIPS 0x00000100L +# define SSL_LOW 0x00000020U +# define SSL_MEDIUM 0x00000040U +# define SSL_HIGH 0x00000080U +# define SSL_FIPS 0x00000100U -# define SSL_NOT_DEFAULT 0x00000200L +# define SSL_NOT_DEFAULT 0x00000200U /* we have used 000003ff - 22 bits left to go */ @@ -537,22 +537,22 @@ #define TLS_CIPHER_LEN 2 /* used to hold info on the particular ciphers used */ struct ssl_cipher_st { - int valid; - const char *name; /* text name */ - unsigned long id; /* id, 4 bytes, first is version */ + uint32_t valid; + const char *name; /* text name */ + uint32_t id; /* id, 4 bytes, first is version */ /* - * changed in 0.9.9: these four used to be portions of a single value + * changed in 1.0.0: these four used to be portions of a single value * 'algorithms' */ - unsigned long algorithm_mkey; /* key exchange algorithm */ - unsigned long algorithm_auth; /* server authentication */ - unsigned long algorithm_enc; /* symmetric encryption */ - unsigned long algorithm_mac; /* symmetric authentication */ - unsigned long algorithm_ssl; /* (major) protocol version */ - unsigned long algo_strength; /* strength and export flags */ - unsigned long algorithm2; /* Extra flags */ - int strength_bits; /* Number of bits really used */ - int alg_bits; /* Number of bits for algorithm */ + uint32_t algorithm_mkey; /* key exchange algorithm */ + uint32_t algorithm_auth; /* server authentication */ + uint32_t algorithm_enc; /* symmetric encryption */ + uint32_t algorithm_mac; /* symmetric authentication */ + uint32_t algorithm_ssl; /* (major) protocol version */ + uint32_t algo_strength; /* strength and export flags */ + uint32_t algorithm2; /* Extra flags */ + int32_t strength_bits; /* Number of bits really used */ + uint32_t alg_bits; /* Number of bits for algorithm */ }; /* Used to hold SSL/TLS functions */ @@ -1308,12 +1308,12 @@ typedef struct ssl3_state_st { * that are supported by the certs below. For clients they are masks of * *disabled* algorithms based on the current session. */ - unsigned long mask_k; - unsigned long mask_a; - unsigned long export_mask_k; - unsigned long export_mask_a; + uint32_t mask_k; + uint32_t mask_a; + uint32_t export_mask_k; + uint32_t export_mask_a; /* Client only */ - unsigned long mask_ssl; + uint32_t mask_ssl; } tmp; /* Connection binding to prevent renegotiation attacks */ @@ -2062,7 +2062,7 @@ __owur int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md); __owur int tls12_get_sigid(const EVP_PKEY *pk); __owur const EVP_MD *tls12_get_hash(unsigned char hash_alg); -void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op); +void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op); __owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client); __owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 2db0d74..b31eae1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3310,7 +3310,7 @@ static int tls12_sigalg_allowed(SSL *s, int op, const unsigned char *ptmp) * disabled. */ -void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op) +void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) { const unsigned char *sigalgs; size_t i, sigalgslen; diff --git a/test/ssltest.c b/test/ssltest.c index e951788..c46c211 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -3082,7 +3082,7 @@ static int do_test_cipherlist(void) if (tci != NULL) if (ci->id >= tci->id) { fprintf(stderr, "testing SSLv3 cipher list order: "); - fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); + fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id); return 0; } tci = ci; @@ -3094,7 +3094,7 @@ static int do_test_cipherlist(void) if (tci != NULL) if (ci->id >= tci->id) { fprintf(stderr, "testing TLSv1 cipher list order: "); - fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); + fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id); return 0; } tci = ci; From steve at openssl.org Mon Nov 9 00:37:33 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 09 Nov 2015 00:37:33 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1447029453.708497.4642.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via fdbe4a3fa669166efaec0d963e4216233368a7d9 (commit) from 0c0f1361b29080380031b709f470e5bb3644e484 (commit) - Log ----------------------------------------------------------------- commit fdbe4a3fa669166efaec0d963e4216233368a7d9 Author: Dr. Stephen Henson Date: Sun Nov 8 13:47:53 2015 +0000 Reject TLS 1.2 ciphersuites if not allowed. Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index c5e0e36..3911c3d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1050,6 +1050,11 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED); goto f_err; } + /* Set version disabled mask now we know version */ + if (!SSL_USE_TLS1_2_CIPHERS(s)) + ct->mask_ssl = SSL_TLSV1_2; + else + ct->mask_ssl = 0; /* * If it is a disabled cipher we didn't send it in client hello, so * return an error. From levitte at openssl.org Mon Nov 9 11:14:07 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 09 Nov 2015 11:14:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1447067647.166203.6845.nullmailer@dev.openssl.org> The branch master has been updated via 6703c4ea87b30554283deaa5df1f8d68725d3ee4 (commit) from 36e79832d33a5e5ec11a21071c4889ff25d47075 (commit) - Log ----------------------------------------------------------------- commit 6703c4ea87b30554283deaa5df1f8d68725d3ee4 Author: Richard Levitte Date: Mon Nov 9 09:50:56 2015 +0100 Make the match for previous cflags a bit more strict ./Configure [target] --strict-warnings -Wno-pedantic-ms-format would not add '-pedantic' because it matches '-Wno-pedantic-ms-format', which was added first. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 7956247..c53c316 100755 --- a/Configure +++ b/Configure @@ -1740,13 +1740,13 @@ if ($strict_warnings) die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc(-\d(\.\d)*)?$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } if ($ecc eq "clang") { foreach $wopt (split /\s+/, $clang_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } } } From levitte at openssl.org Mon Nov 9 11:15:54 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 09 Nov 2015 11:15:54 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1447067754.730206.9028.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via a89dda8cd024f53cbae75655e9ec000d9b4a320b (commit) from fdbe4a3fa669166efaec0d963e4216233368a7d9 (commit) - Log ----------------------------------------------------------------- commit a89dda8cd024f53cbae75655e9ec000d9b4a320b Author: Richard Levitte Date: Mon Nov 9 09:50:56 2015 +0100 Make the match for previous cflags a bit more strict ./Configure [target] --strict-warnings -Wno-pedantic-ms-format would not add '-pedantic' because it matches '-Wno-pedantic-ms-format', which was added first. Reviewed-by: Matt Caswell (cherry picked from commit 6703c4ea87b30554283deaa5df1f8d68725d3ee4) ----------------------------------------------------------------------- Summary of changes: Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index e374a69..ac86cd6 100755 --- a/Configure +++ b/Configure @@ -1656,13 +1656,13 @@ if ($strict_warnings) die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } if ($ecc eq "clang") { foreach $wopt (split /\s+/, $clang_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } } } From levitte at openssl.org Mon Nov 9 11:15:59 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 09 Nov 2015 11:15:59 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1447067759.857604.9293.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via c8cc43108d97517dfce25a114acd5651f5548cd5 (commit) from 1fe1c65c3ba96dd89e6c805331204428a27d4b6c (commit) - Log ----------------------------------------------------------------- commit c8cc43108d97517dfce25a114acd5651f5548cd5 Author: Richard Levitte Date: Mon Nov 9 09:50:56 2015 +0100 Make the match for previous cflags a bit more strict ./Configure [target] --strict-warnings -Wno-pedantic-ms-format would not add '-pedantic' because it matches '-Wno-pedantic-ms-format', which was added first. Reviewed-by: Matt Caswell (cherry picked from commit 6703c4ea87b30554283deaa5df1f8d68725d3ee4) ----------------------------------------------------------------------- Summary of changes: Configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index c9dedcd..fdf8d9a 100755 --- a/Configure +++ b/Configure @@ -1584,13 +1584,13 @@ if ($strict_warnings) die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } if ($ecc eq "clang") { foreach $wopt (split /\s+/, $clang_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } } } From matt at openssl.org Mon Nov 9 21:53:24 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Nov 2015 21:53:24 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1447106004.886186.13967.nullmailer@dev.openssl.org> The branch master has been updated via 3457e7a087a643cb65d67d9d72ec5983a02f5dfe (commit) from 6703c4ea87b30554283deaa5df1f8d68725d3ee4 (commit) - Log ----------------------------------------------------------------- commit 3457e7a087a643cb65d67d9d72ec5983a02f5dfe Author: Matt Caswell Date: Mon Nov 9 15:31:27 2015 +0000 Remove redundant check from SSL_shutdown The SSL object was being deref'd and then there was a later redundant check to see if it is NULL. We assume all SSL_foo functions pass a non NULL SSL object and do not check it. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0674cb4..ec85256 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -990,7 +990,7 @@ int SSL_shutdown(SSL *s) return -1; } - if ((s != NULL) && !SSL_in_init(s)) + if (!SSL_in_init(s)) return (s->method->ssl_shutdown(s)); else return (1); From matt at openssl.org Mon Nov 9 22:52:54 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Nov 2015 22:52:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1447109574.862491.3865.nullmailer@dev.openssl.org> The branch master has been updated via 55646005a9ce3c85e394c6afae5f6ed6045494c6 (commit) via 96487cddd408e247819c4f122bd86e53ae4bd6c0 (commit) via 90945fa31a42dcf3beb90540c618e4d627c595ea (commit) via a71edf3ba275b946224b5bcded0a8ecfce1855c0 (commit) from 3457e7a087a643cb65d67d9d72ec5983a02f5dfe (commit) - Log ----------------------------------------------------------------- commit 55646005a9ce3c85e394c6afae5f6ed6045494c6 Author: Matt Caswell Date: Fri Oct 30 11:22:31 2015 +0000 Continue malloc standardisation in engines Continuing from previous work standardise use of malloc in the engine code. Reviewed-by: Kurt Roeckx commit 96487cddd408e247819c4f122bd86e53ae4bd6c0 Author: Matt Caswell Date: Fri Oct 30 11:18:04 2015 +0000 Continue standardisation of malloc handling in apps continue on from previous commits but in the apps directory Reviewed-by: Kurt Roeckx commit 90945fa31a42dcf3beb90540c618e4d627c595ea Author: Matt Caswell Date: Fri Oct 30 11:12:26 2015 +0000 Continue standardising malloc style for libcrypto Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: Kurt Roeckx commit a71edf3ba275b946224b5bcded0a8ecfce1855c0 Author: Matt Caswell Date: Fri Oct 30 10:05:53 2015 +0000 Standardise our style for checking malloc failures if we have a malloc |x = OPENSSL_malloc(...)| sometimes we check |x| for NULL and sometimes we treat it as a boolean |if(!x) ...|. Standardise the approach in libssl. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 14 +++++++------- apps/ca.c | 12 +++++++----- apps/cms.c | 2 +- apps/dhparam.c | 6 +++--- apps/dsaparam.c | 4 ++-- apps/genpkey.c | 2 +- apps/genrsa.c | 4 ++-- apps/nseq.c | 4 +++- apps/ocsp.c | 14 +++++++------- apps/pkeyutl.c | 2 +- apps/req.c | 2 +- apps/s_cb.c | 8 ++++++-- apps/s_server.c | 2 +- apps/spkac.c | 2 +- apps/ts.c | 4 ++-- apps/x509.c | 2 +- crypto/asn1/a_mbstr.c | 2 +- crypto/asn1/a_object.c | 8 ++++---- crypto/asn1/a_strex.c | 2 +- crypto/asn1/a_strnid.c | 6 +++--- crypto/asn1/ameth_lib.c | 6 +++--- crypto/asn1/asn1_gen.c | 2 +- crypto/asn1/asn1_lib.c | 2 +- crypto/asn1/asn_mime.c | 10 +++++----- crypto/asn1/bio_asn1.c | 4 ++-- crypto/asn1/bio_ndef.c | 6 +++--- crypto/asn1/p5_pbe.c | 4 ++-- crypto/asn1/p5_pbev2.c | 4 ++-- crypto/asn1/p5_scrypt.c | 2 +- crypto/asn1/p8_pkey.c | 2 +- crypto/asn1/tasn_dec.c | 2 +- crypto/asn1/tasn_enc.c | 6 +++--- crypto/asn1/tasn_new.c | 6 +++--- crypto/asn1/tasn_utl.c | 2 +- crypto/asn1/x_bignum.c | 4 ++-- crypto/asn1/x_pkey.c | 4 ++-- crypto/asn1/x_pubkey.c | 4 ++-- crypto/bio/b_print.c | 2 +- crypto/bio/bss_dgram.c | 4 ++-- crypto/bn/bn_ctx.c | 2 +- crypto/bn/bn_intern.c | 2 +- crypto/bn/bn_lib.c | 2 +- crypto/bn/bn_mont.c | 2 +- crypto/bn/bn_rand.c | 2 +- crypto/cmac/cm_pmeth.c | 4 ++-- crypto/cmac/cmac.c | 2 +- crypto/cms/cms_cd.c | 4 ++-- crypto/cms/cms_dd.c | 4 ++-- crypto/cms/cms_enc.c | 8 ++++---- crypto/cms/cms_env.c | 14 +++++++------- crypto/cms/cms_ess.c | 2 +- crypto/cms/cms_io.c | 6 +++--- crypto/cms/cms_kari.c | 2 +- crypto/cms/cms_lib.c | 8 ++++---- crypto/cms/cms_pwri.c | 17 ++++++++++------- crypto/cms/cms_sd.c | 20 +++++++++++--------- crypto/cms/cms_smime.c | 6 +++--- crypto/comp/c_zlib.c | 6 +++--- crypto/conf/conf_def.c | 2 +- crypto/conf/conf_mod.c | 6 +++--- crypto/dh/dh_ameth.c | 14 +++++++------- crypto/dh/dh_asn1.c | 6 +++--- crypto/dh/dh_depr.c | 2 +- crypto/dh/dh_key.c | 2 ++ crypto/dh/dh_pmeth.c | 14 ++++++++------ crypto/dsa/dsa_ameth.c | 4 ++-- crypto/dsa/dsa_asn1.c | 4 ++-- crypto/dsa/dsa_depr.c | 2 +- crypto/dsa/dsa_gen.c | 4 ++-- crypto/dsa/dsa_key.c | 2 +- crypto/dsa/dsa_ossl.c | 6 +++--- crypto/dsa/dsa_pmeth.c | 8 ++++---- crypto/dsa/dsa_prn.c | 4 ++-- crypto/dso/dso_dl.c | 6 +++--- crypto/dso/dso_dlfcn.c | 6 +++--- crypto/dso/dso_vms.c | 4 ++-- crypto/dso/dso_win32.c | 6 +++--- crypto/ec/ec2_smpl.c | 4 ++-- crypto/ec/ec_ameth.c | 20 ++++++++++---------- crypto/ec/ec_asn1.c | 10 +++++++--- crypto/ec/ec_key.c | 4 ++-- crypto/ec/ec_lib.c | 12 ++++++------ crypto/ec/ec_mult.c | 8 ++++---- crypto/ec/ec_pmeth.c | 6 +++--- crypto/ec/eck_prn.c | 4 ++-- crypto/ec/ecp_nistp256.c | 2 +- crypto/ec/ecp_nistp521.c | 2 +- crypto/ec/ecp_nistz256.c | 10 +++++----- crypto/ec/ecp_smpl.c | 4 ++-- crypto/ecdsa/ecs_ossl.c | 6 +++--- crypto/engine/eng_cryptodev.c | 4 ++++ crypto/engine/eng_dyn.c | 10 ++++++---- crypto/engine/eng_lib.c | 2 +- crypto/engine/eng_list.c | 6 +++--- crypto/engine/eng_openssl.c | 6 +++--- crypto/engine/eng_rdrand.c | 2 +- crypto/engine/eng_table.c | 2 +- crypto/err/err.c | 4 ++-- crypto/evp/digest.c | 4 ++-- crypto/evp/e_aes.c | 4 ++-- crypto/evp/evp_enc.c | 6 +++--- crypto/evp/evp_key.c | 2 ++ crypto/evp/p_sign.c | 2 +- crypto/evp/p_verify.c | 2 +- crypto/evp/pmeth_gn.c | 6 ++++-- crypto/evp/pmeth_lib.c | 8 ++++---- crypto/evp/scrypt.c | 2 +- crypto/ex_data.c | 8 ++++---- crypto/hmac/hm_ameth.c | 2 +- crypto/hmac/hm_pmeth.c | 2 +- crypto/jpake/jpake.c | 6 ++++++ crypto/lhash/lh_test.c | 2 ++ crypto/mem_dbg.c | 2 +- crypto/modes/gcm128.c | 2 +- crypto/modes/ocb128.c | 6 +++--- crypto/objects/o_names.c | 4 ++-- crypto/objects/obj_xref.c | 10 +++++----- crypto/ocsp/ocsp_cl.c | 6 +++--- crypto/ocsp/ocsp_ht.c | 8 ++++---- crypto/ocsp/ocsp_srv.c | 6 ++++-- crypto/ocsp/v3_ocsp.c | 7 +++++-- crypto/pem/pem_info.c | 6 ++++++ crypto/pem/pem_pkey.c | 2 +- crypto/pem/pvkfmt.c | 18 +++++++++--------- crypto/pkcs12/p12_key.c | 3 ++- crypto/pkcs12/p12_p8e.c | 2 +- crypto/pkcs7/pk7_attr.c | 2 +- crypto/pkcs7/pk7_doit.c | 16 +++++++++------- crypto/rand/rand_lib.c | 2 +- crypto/rand/rand_os2.c | 2 +- crypto/rand/rand_win.c | 2 +- crypto/rsa/rsa_ameth.c | 14 +++++++------- crypto/rsa/rsa_asn1.c | 2 +- crypto/rsa/rsa_crpt.c | 2 +- crypto/rsa/rsa_depr.c | 2 +- crypto/rsa/rsa_eay.c | 21 +++++++++++---------- crypto/rsa/rsa_gen.c | 2 +- crypto/rsa/rsa_pmeth.c | 12 ++++++------ crypto/rsa/rsa_prn.c | 2 +- crypto/rsa/rsa_pss.c | 4 ++-- crypto/rsa/rsa_x931g.c | 18 +++++++++--------- crypto/store/str_lib.c | 26 +++++++++++++------------- crypto/store/str_mem.c | 4 ++-- crypto/store/str_meth.c | 2 +- crypto/ts/ts_lib.c | 2 +- crypto/ts/ts_rsp_sign.c | 2 +- crypto/ts/ts_verify_ctx.c | 2 +- crypto/ui/ui_lib.c | 4 ++-- crypto/ui/ui_util.c | 2 +- crypto/x509/by_dir.c | 4 ++-- crypto/x509/x509_lu.c | 21 +++++++++++++-------- crypto/x509/x509_vfy.c | 4 ++-- crypto/x509/x509_vpm.c | 8 ++++---- crypto/x509/x509spki.c | 2 +- crypto/x509/x_crl.c | 6 +++--- crypto/x509/x_name.c | 6 +++--- crypto/x509v3/pcy_cache.c | 6 +++--- crypto/x509v3/pcy_data.c | 4 ++-- crypto/x509v3/pcy_map.c | 6 +++--- crypto/x509v3/pcy_node.c | 10 +++++----- crypto/x509v3/pcy_tree.c | 12 ++++++------ crypto/x509v3/v3_cpols.c | 4 ++++ crypto/x509v3/v3_crld.c | 12 ++++++------ crypto/x509v3/v3_genn.c | 2 +- crypto/x509v3/v3_info.c | 2 +- crypto/x509v3/v3_ncons.c | 8 +++++--- crypto/x509v3/v3_pci.c | 4 ++-- crypto/x509v3/v3_pmaps.c | 2 +- crypto/x509v3/v3_prn.c | 4 ++-- crypto/x509v3/v3_scts.c | 4 ++-- crypto/x509v3/v3_utl.c | 22 +++++++++++++--------- engines/e_capi.c | 23 ++++++++++++----------- engines/e_chil.c | 10 +++++++--- engines/e_gmp.c | 6 +++--- engines/e_ossltest.c | 4 ++-- engines/e_padlock.c | 2 +- engines/e_ubsec.c | 2 +- ssl/d1_lib.c | 2 +- ssl/record/rec_layer_d1.c | 4 ++-- ssl/record/rec_layer_s3.c | 2 +- ssl/s3_lib.c | 4 ++-- ssl/ssl_cert.c | 8 ++++---- ssl/ssl_ciph.c | 2 +- ssl/ssl_conf.c | 4 ++-- ssl/ssl_lib.c | 8 ++++---- ssl/ssl_sess.c | 2 +- ssl/statem/statem_clnt.c | 23 ++++++++++++++++------- ssl/statem/statem_dtls.c | 2 +- ssl/statem/statem_srvr.c | 12 +++++++++++- ssl/t1_lib.c | 20 ++++++++++---------- 190 files changed, 596 insertions(+), 503 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index c519ae6..89f4340 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -646,7 +646,7 @@ int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) if (!bio || !BIO_set_conn_port(bio, port)) goto err; rctx = OCSP_REQ_CTX_new(bio, 1024); - if (!rctx) + if (rctx == NULL) goto err; if (!OCSP_REQ_CTX_http(rctx, "GET", path)) goto err; @@ -856,7 +856,7 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, rsa = d2i_RSAPublicKey_bio(key, NULL); if (rsa) { pkey = EVP_PKEY_new(); - if (pkey) + if (pkey != NULL) EVP_PKEY_set1_RSA(pkey, rsa); RSA_free(rsa); } else @@ -866,9 +866,9 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, rsa = PEM_read_bio_RSAPublicKey(key, NULL, (pem_password_cb *)password_callback, &cb_data); - if (rsa) { + if (rsa != NULL) { pkey = EVP_PKEY_new(); - if (pkey) + if (pkey != NULL) EVP_PKEY_set1_RSA(pkey, rsa); RSA_free(rsa); } else @@ -1252,7 +1252,7 @@ X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath) X509_STORE *store = X509_STORE_new(); X509_LOOKUP *lookup; - if (!store) + if (store == NULL) goto end; if(CAfile != NULL || !noCAfile) { @@ -1541,7 +1541,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) else btmp = BN_new(); - if (!btmp) + if (btmp == NULL) return 0; if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0)) @@ -1901,7 +1901,7 @@ int bio_to_mem(unsigned char **out, int maxlen, BIO *in) int len, ret; unsigned char tbuf[1024]; mem = BIO_new(BIO_s_mem()); - if (!mem) + if (mem == NULL) return -1; for (;;) { if ((maxlen != -1) && maxlen < 1024) diff --git a/apps/ca.c b/apps/ca.c index 691f4e7..eea9d99 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1165,7 +1165,7 @@ end_of_options: goto end; tmptm = ASN1_TIME_new(); - if (!tmptm) + if (tmptm == NULL) goto end; X509_gmtime_adj(tmptm, 0); X509_CRL_set_lastUpdate(crl, tmptm); @@ -2283,10 +2283,12 @@ static int do_updatedb(CA_DB *db) char **rrow, *a_tm_s; a_tm = ASN1_UTCTIME_new(); + if (a_tm == NULL) + return -1; /* get actual time and make a string */ a_tm = X509_gmtime_adj(a_tm, 0); - a_tm_s = (char *)OPENSSL_malloc(a_tm->length + 1); + a_tm_s = (char *)app_malloc(a_tm->length + 1, "time string"); memcpy(a_tm_s, a_tm->data, a_tm->length); a_tm_s[a_tm->length] = '\0'; @@ -2470,7 +2472,7 @@ int make_revoked(X509_REVOKED *rev, const char *str) if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) { rtmp = ASN1_ENUMERATED_new(); - if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code)) + if (rtmp == NULL || !ASN1_ENUMERATED_set(rtmp, reason_code)) goto end; if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0)) goto end; @@ -2576,7 +2578,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, if (prevtm) { *prevtm = ASN1_UTCTIME_new(); - if (!*prevtm) { + if (*prevtm == NULL) { BIO_printf(bio_err, "memory allocation failure\n"); goto end; } @@ -2622,7 +2624,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, goto end; } comp_time = ASN1_GENERALIZEDTIME_new(); - if (!comp_time) { + if (comp_time == NULL) { BIO_printf(bio_err, "memory allocation failure\n"); goto end; } diff --git a/apps/cms.c b/apps/cms.c index fef3403..14f8f55 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -1269,7 +1269,7 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) if (!gen) goto err; gens = GENERAL_NAMES_new(); - if (!gens) + if (gens == NULL) goto err; if (!sk_GENERAL_NAME_push(gens, gen)) goto err; diff --git a/apps/dhparam.c b/apps/dhparam.c index 17c0b5b..e794dac 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -251,7 +251,7 @@ int dhparam_main(int argc, char **argv) BN_GENCB *cb; cb = BN_GENCB_new(); - if (!cb) { + if (cb == NULL) { ERR_print_errors(bio_err); goto end; } @@ -271,7 +271,7 @@ int dhparam_main(int argc, char **argv) BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); - if (!dsa + if (dsa == NULL || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) { DSA_free(dsa); @@ -295,7 +295,7 @@ int dhparam_main(int argc, char **argv) "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g); BIO_printf(bio_err, "This is going to take a long time\n"); - if (!dh || !DH_generate_parameters_ex(dh, num, g, cb)) { + if (dh == NULL || !DH_generate_parameters_ex(dh, num, g, cb)) { BN_GENCB_free(cb); ERR_print_errors(bio_err); goto end; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index a0a3372..c591b5d 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -208,14 +208,14 @@ int dsaparam_main(int argc, char **argv) if (numbits > 0) { cb = BN_GENCB_new(); - if (!cb) { + if (cb == NULL) { BIO_printf(bio_err, "Error allocating BN_GENCB object\n"); goto end; } BN_GENCB_set(cb, dsa_cb, bio_err); assert(need_rand); dsa = DSA_new(); - if (!dsa) { + if (dsa == NULL) { BIO_printf(bio_err, "Error allocating DSA object\n"); goto end; } diff --git a/apps/genpkey.c b/apps/genpkey.c index 333cea9..0156413 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -269,7 +269,7 @@ static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e) } ctx = EVP_PKEY_CTX_new(pkey, e); - if (!ctx) + if (ctx == NULL) goto err; if (EVP_PKEY_keygen_init(ctx) <= 0) goto err; diff --git a/apps/genrsa.c b/apps/genrsa.c index b0e5e19..8921197 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -114,7 +114,7 @@ int genrsa_main(int argc, char **argv) char *inrand = NULL, *prog, *hexe, *dece; OPTION_CHOICE o; - if (!bn || !cb) + if (bn == NULL || cb == NULL) goto end; BN_GENCB_set(cb, genrsa_cb, bio_err); @@ -185,7 +185,7 @@ int genrsa_main(int argc, char **argv) BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", num); rsa = e ? RSA_new_method(e) : RSA_new(); - if (!rsa) + if (rsa == NULL) goto end; if (non_fips_allow) diff --git a/apps/nseq.c b/apps/nseq.c index e8cf69d..fd63bd8 100644 --- a/apps/nseq.c +++ b/apps/nseq.c @@ -118,8 +118,10 @@ int nseq_main(int argc, char **argv) if (toseq) { seq = NETSCAPE_CERT_SEQUENCE_new(); + if (seq == NULL) + goto end; seq->certs = sk_X509_new_null(); - if (!seq->certs) + if (seq->certs == NULL) goto end; while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) sk_X509_push(seq->certs, x509); diff --git a/apps/ocsp.c b/apps/ocsp.c index c599ffb..ef7d62a 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -783,9 +783,9 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, BIO_printf(bio_err, "No issuer certificate specified\n"); return 0; } - if (!*req) + if (*req == NULL) *req = OCSP_REQUEST_new(); - if (!*req) + if (*req == NULL) goto err; id = OCSP_cert_to_id(cert_id_md, cert, issuer); if (!id || !sk_OCSP_CERTID_push(ids, id)) @@ -811,9 +811,9 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, BIO_printf(bio_err, "No issuer certificate specified\n"); return 0; } - if (!*req) + if (*req == NULL) *req = OCSP_REQUEST_new(); - if (!*req) + if (*req == NULL) goto err; iname = X509_get_subject_name(issuer); ikey = X509_get0_pubkey_bitstr(issuer); @@ -824,7 +824,7 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, } id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno); ASN1_INTEGER_free(sno); - if (!id || !sk_OCSP_CERTID_push(ids, id)) + if (id == NULL || !sk_OCSP_CERTID_push(ids, id)) goto err; if (!OCSP_request_add0_id(*req, id)) goto err; @@ -1029,7 +1029,7 @@ static BIO *init_responder(const char *port) return NULL; # endif bufbio = BIO_new(BIO_f_buffer()); - if (!bufbio) + if (bufbio == NULL) goto err; acbio = BIO_new(BIO_s_accept()); if (acbio == NULL @@ -1220,7 +1220,7 @@ static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host, } ctx = OCSP_sendreq_new(cbio, path, NULL, -1); - if (!ctx) + if (ctx == NULL) return NULL; for (i = 0; i < sk_CONF_VALUE_num(headers); i++) { diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 82ebdee..362415e 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -376,7 +376,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, EVP_PKEY_free(pkey); - if (!ctx) + if (ctx == NULL) goto end; switch (pkey_op) { diff --git a/apps/req.c b/apps/req.c index 1dcf0f7..5d9231c 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1442,7 +1442,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, } else gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine); - if (!gctx) { + if (gctx == NULL) { BIO_puts(bio_err, "Error allocating keygen context\n"); ERR_print_errors(bio_err); return NULL; diff --git a/apps/s_cb.c b/apps/s_cb.c index 884b5e1..734d57f 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1279,8 +1279,10 @@ int ssl_load_stores(SSL_CTX *ctx, { X509_STORE *vfy = NULL, *ch = NULL; int rv = 0; - if (vfyCApath || vfyCAfile) { + if (vfyCApath != NULL || vfyCAfile != NULL) { vfy = X509_STORE_new(); + if (vfy == NULL) + goto err; if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) goto err; add_crls_store(vfy, crls); @@ -1288,8 +1290,10 @@ int ssl_load_stores(SSL_CTX *ctx, if (crl_download) store_setup_crl_download(vfy); } - if (chCApath || chCAfile) { + if (chCApath != NULL || chCAfile != NULL) { ch = X509_STORE_new(); + if (ch == NULL) + goto err; if (!X509_STORE_load_locations(ch, chCAfile, chCApath)) goto err; SSL_CTX_set1_chain_cert_store(ctx, ch); diff --git a/apps/s_server.c b/apps/s_server.c index 4848fbe..33f7dc9 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -667,7 +667,7 @@ static int cert_status_cb(SSL *s, void *arg) goto done; } req = OCSP_REQUEST_new(); - if (!req) + if (req == NULL) goto err; id = OCSP_cert_to_id(NULL, x, obj.data.x509); X509_free(obj.data.x509); diff --git a/apps/spkac.c b/apps/spkac.c index eaeb3c1..9cbe7fe 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -189,7 +189,7 @@ int spkac_main(int argc, char **argv) spkstr = NCONF_get_string(conf, spksect, spkac); - if (!spkstr) { + if (spkstr == NULL) { BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); ERR_print_errors(bio_err); goto end; diff --git a/apps/ts.c b/apps/ts.c index 237dd01..b58703a 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -947,7 +947,7 @@ static X509_STORE *create_cert_store(char *CApath, char *CAfile) cert_ctx = X509_STORE_new(); X509_STORE_set_verify_cb(cert_ctx, verify_cb); - if (CApath) { + if (CApath != NULL) { lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); if (lookup == NULL) { BIO_printf(bio_err, "memory allocation failure\n"); @@ -960,7 +960,7 @@ static X509_STORE *create_cert_store(char *CApath, char *CAfile) } } - if (CAfile) { + if (CAfile != NULL) { lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); if (lookup == NULL) { BIO_printf(bio_err, "memory allocation failure\n"); diff --git a/apps/x509.c b/apps/x509.c index ff1e8cb..7155b33 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -590,7 +590,7 @@ int x509_main(int argc, char **argv) if (sno == NULL) { sno = ASN1_INTEGER_new(); - if (!sno || !rand_serial(NULL, sno)) + if (sno == NULL || !rand_serial(NULL, sno)) goto end; if (!X509_set_serialNumber(x, sno)) goto end; diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 46100c3..0892976 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -200,7 +200,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, } else { free_out = 1; dest = ASN1_STRING_type_new(str_type); - if (!dest) { + if (dest == NULL) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 80b5055..cabda53 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -139,9 +139,9 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) } if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { use_bn = 1; - if (!bl) + if (bl == NULL) bl = BN_new(); - if (!bl || !BN_set_word(bl, l)) + if (bl == NULL || !BN_set_word(bl, l)) goto err; } if (use_bn) { @@ -173,7 +173,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) OPENSSL_free(tmp); tmpsize = blsize + 32; tmp = OPENSSL_malloc(tmpsize); - if (!tmp) + if (tmp == NULL) goto err; } while (blsize--) @@ -225,7 +225,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) i = i2t_ASN1_OBJECT(buf, sizeof buf, a); if (i > (int)(sizeof(buf) - 1)) { p = OPENSSL_malloc(i + 1); - if (!p) + if (p == NULL) return -1; i2t_ASN1_OBJECT(p, i + 1, a); } diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index c9d3cea..7d37c73 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -305,7 +305,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, t.value.ptr = (char *)str; der_len = i2d_ASN1_TYPE(&t, NULL); der_buf = OPENSSL_malloc(der_len); - if (!der_buf) + if (der_buf == NULL) return -1; p = der_buf; i2d_ASN1_TYPE(&t, &p); diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 1c6bbd4..43252c1 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -235,16 +235,16 @@ static ASN1_STRING_TABLE *stable_get(int nid) { ASN1_STRING_TABLE *tmp, *rv; /* Always need a string table so allocate one if NULL */ - if (!stable) { + if (stable == NULL) { stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); - if (!stable) + if (stable == NULL) return NULL; } tmp = ASN1_STRING_TABLE_get(nid); if (tmp && tmp->flags & STABLE_FLAGS_MALLOC) return tmp; rv = OPENSSL_malloc(sizeof(*rv)); - if (!rv) + if (rv == NULL) return NULL; if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { OPENSSL_free(rv); diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 2deb679..05f0a80 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -224,7 +224,7 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) { if (app_methods == NULL) { app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); - if (!app_methods) + if (app_methods == NULL) return 0; } if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth)) @@ -237,7 +237,7 @@ int EVP_PKEY_asn1_add_alias(int to, int from) { EVP_PKEY_ASN1_METHOD *ameth; ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL); - if (!ameth) + if (ameth == NULL) return 0; ameth->pkey_base_id = to; if (!EVP_PKEY_asn1_add0(ameth)) { @@ -277,7 +277,7 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, { EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth)); - if (!ameth) + if (ameth == NULL) return NULL; ameth->pkey_id = id; diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 5f01b8d..200d88d 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -243,7 +243,7 @@ static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, /* Allocate buffer for new encoding */ new_der = OPENSSL_malloc(len); - if (!new_der) + if (new_der == NULL) goto err; /* Generate tagged encoding */ diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index ef9223c..56fd9bf 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -296,7 +296,7 @@ ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) if (!str) return NULL; ret = ASN1_STRING_new(); - if (!ret) + if (ret == NULL) return NULL; if (!ASN1_STRING_copy(ret, str)) { ASN1_STRING_free(ret); diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 2a227be..12f6fd6 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -149,7 +149,7 @@ static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, BIO *b64; int r; b64 = BIO_new(BIO_f_base64()); - if (!b64) { + if (b64 == NULL) { ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE); return 0; } @@ -533,7 +533,7 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) * when streaming as we don't end up with one OCTET STRING per line. */ bf = BIO_new(BIO_f_buffer()); - if (!bf) + if (bf == NULL) return 0; out = BIO_push(bf, out); if (flags & SMIME_BINARY) { @@ -678,7 +678,7 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) int len, state, save_state = 0; headers = sk_MIME_HEADER_new(mime_hdr_cmp); - if (!headers) + if (headers == NULL) return NULL; while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { /* If whitespace at line start then continuation line */ @@ -850,7 +850,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value) } } mhdr = OPENSSL_malloc(sizeof(*mhdr)); - if (!mhdr) + if (mhdr == NULL) goto err; mhdr->name = tmpname; mhdr->value = tmpval; @@ -889,7 +889,7 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) } /* Parameter values are case sensitive so leave as is */ mparam = OPENSSL_malloc(sizeof(*mparam)); - if (!mparam) + if (mparam == NULL) goto err; mparam->param_name = tmpname; mparam->param_value = tmpval; diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c index 910d06f..a5bcc26 100644 --- a/crypto/asn1/bio_asn1.c +++ b/crypto/asn1/bio_asn1.c @@ -147,7 +147,7 @@ static int asn1_bio_new(BIO *b) { BIO_ASN1_BUF_CTX *ctx; ctx = OPENSSL_malloc(sizeof(*ctx)); - if (!ctx) + if (ctx == NULL) return 0; if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) { OPENSSL_free(ctx); @@ -162,7 +162,7 @@ static int asn1_bio_new(BIO *b) static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size) { ctx->buf = OPENSSL_malloc(size); - if (!ctx->buf) + if (ctx->buf == NULL) return 0; ctx->bufsize = size; ctx->bufpos = 0; diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index ff2fdf5..dfbbc68 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -113,7 +113,7 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) out = BIO_push(asn_bio, out); - if (!ndef_aux || !asn_bio || !out) + if (ndef_aux == NULL || asn_bio == NULL || !out) goto err; BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free); @@ -160,7 +160,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); - if (!p) + if (p == NULL) return 0; ndef_aux->derbuf = p; @@ -229,7 +229,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); - if (!p) + if (p == NULL) return 0; ndef_aux->derbuf = p; diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c index cc91fad..4d7a9c6 100644 --- a/crypto/asn1/p5_pbe.c +++ b/crypto/asn1/p5_pbe.c @@ -82,7 +82,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, unsigned char *sstr; pbe = PBEPARAM_new(); - if (!pbe) { + if (pbe == NULL) { ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); goto err; } @@ -128,7 +128,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, { X509_ALGOR *ret; ret = X509_ALGOR_new(); - if (!ret) { + if (ret == NULL) { ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index 23ed232..ba0c92a 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -242,7 +242,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, /* prf can stay NULL if we are using hmacWithSHA1 */ if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { kdf->prf = X509_ALGOR_new(); - if (!kdf->prf) + if (kdf->prf == NULL) goto merr; X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL); } @@ -250,7 +250,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, /* Finally setup the keyfunc structure */ keyfunc = X509_ALGOR_new(); - if (!keyfunc) + if (keyfunc == NULL) goto merr; keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c index 3667546..06bb2ac 100644 --- a/crypto/asn1/p5_scrypt.c +++ b/crypto/asn1/p5_scrypt.c @@ -247,7 +247,7 @@ static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, /* Finally setup the keyfunc structure */ keyfunc = X509_ALGOR_new(); - if (!keyfunc) + if (keyfunc == NULL) goto merr; keyfunc->algorithm = OBJ_nid2obj(NID_id_scrypt); diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index ff55a5b..f4fbc08 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -99,7 +99,7 @@ int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int pmtype; ASN1_OCTET_STRING *oct; oct = ASN1_OCTET_STRING_new(); - if (!oct) + if (oct == NULL) return 0; oct->data = penc; ppenc = &oct->data; diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 94445bd..595c5e4 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -893,7 +893,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, /* All based on ASN1_STRING and handled the same */ if (!*pval) { stmp = ASN1_STRING_type_new(utype); - if (!stmp) { + if (stmp == NULL) { ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index e2feee0..5037522 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -111,7 +111,7 @@ static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, if (len <= 0) return len; buf = OPENSSL_malloc(len); - if (!buf) + if (buf == NULL) return -1; p = buf; ASN1_item_ex_i2d(&val, &p, it, -1, flags); @@ -423,10 +423,10 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, else { derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); - if (!derlst) + if (derlst == NULL) return 0; tmpdat = OPENSSL_malloc(skcontlen); - if (!tmpdat) { + if (tmpdat == NULL) { OPENSSL_free(derlst); return 0; } diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 6a2ad62..668f641 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -147,7 +147,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) memset(*pval, 0, it->size); } else { *pval = OPENSSL_zalloc(it->size); - if (!*pval) + if (*pval == NULL) goto memerr; } asn1_set_choice_selector(pval, -1, it); @@ -173,7 +173,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) memset(*pval, 0, it->size); } else { *pval = OPENSSL_zalloc(it->size); - if (!*pval) + if (*pval == NULL) goto memerr; } asn1_do_lock(pval, 0, it); @@ -341,7 +341,7 @@ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, case V_ASN1_ANY: typ = OPENSSL_malloc(sizeof(*typ)); - if (!typ) + if (typ == NULL) return 0; typ->value.ptr = NULL; typ->type = -1; diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c index 8b62341..10cc1f9 100644 --- a/crypto/asn1/tasn_utl.c +++ b/crypto/asn1/tasn_utl.c @@ -172,7 +172,7 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, OPENSSL_free(enc->enc); enc->enc = OPENSSL_malloc(inlen); - if (!enc->enc) + if (enc->enc == NULL) return 0; memcpy(enc->enc, in, inlen); enc->len = inlen; diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index d2666e1..e27480b 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -111,7 +111,7 @@ ASN1_ITEM_end(CBIGNUM) static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { *pval = (ASN1_VALUE *)BN_new(); - if (*pval) + if (*pval != NULL) return 1; else return 0; @@ -120,7 +120,7 @@ static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { *pval = (ASN1_VALUE *)BN_secure_new(); - if (*pval) + if (*pval != NULL) return 1; else return 0; diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c index 961b913..cb6f21f 100644 --- a/crypto/asn1/x_pkey.c +++ b/crypto/asn1/x_pkey.c @@ -67,13 +67,13 @@ X509_PKEY *X509_PKEY_new(void) X509_PKEY *ret = NULL; ret = OPENSSL_zalloc(sizeof(*ret)); - if (!ret) + if (ret == NULL) goto err; ret->references = 1; ret->enc_algor = X509_ALGOR_new(); ret->enc_pkey = ASN1_OCTET_STRING_new(); - if (!ret->enc_algor || !ret->enc_pkey) + if (ret->enc_algor == NULL || ret->enc_pkey == NULL) goto err; return ret; diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index b2d81df..d200190 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -246,7 +246,7 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) if (!a) return 0; pktmp = EVP_PKEY_new(); - if (!pktmp) { + if (pktmp == NULL) { ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); return 0; } @@ -286,7 +286,7 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) if (!a) return 0; pktmp = EVP_PKEY_new(); - if (!pktmp) { + if (pktmp == NULL) { ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index f49ebee..f82b078 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -711,7 +711,7 @@ doapr_outch(char **sbuffer, *maxlen += 1024; if (*buffer == NULL) { *buffer = OPENSSL_malloc(*maxlen); - if (!*buffer) { + if (*buffer == NULL) { /* Panic! Can't really do anything sensible. Just return */ return; } diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 9c6af4b..0975856 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -997,7 +997,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) */ sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_zalloc(sockopt_len); - if (!authchunks) { + if (authchunks == NULL) { BIO_vfree(bio); return (NULL); } @@ -1334,7 +1334,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) optlen = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(optlen); - if (!authchunks) { + if (authchunks == NULL) { BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 756d404..19ff68e 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -204,7 +204,7 @@ BN_CTX *BN_CTX_secure_new(void) { BN_CTX *ret = BN_CTX_new(); - if (ret) + if (ret != NULL) ret->flags = BN_FLG_SECURE; return ret; } diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c index 0b22251..abc8fc4 100644 --- a/crypto/bn/bn_intern.c +++ b/crypto/bn/bn_intern.c @@ -74,7 +74,7 @@ signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) if (BN_is_zero(scalar)) { r = OPENSSL_malloc(1); - if (!r) { + if (r == NULL) { BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 3b07d7d..2042920 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -287,7 +287,7 @@ BIGNUM *BN_new(void) BIGNUM *BN_secure_new(void) { BIGNUM *ret = BN_new(); - if (ret) + if (ret != NULL) ret->flags |= BN_FLG_SECURE; return (ret); } diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index d4d817a..bda2157 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -517,7 +517,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, * (the losers throw away the work they've done). */ ret = BN_MONT_CTX_new(); - if (!ret) + if (ret == NULL) return NULL; if (!BN_MONT_CTX_set(ret, mod, ctx)) { BN_MONT_CTX_free(ret); diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 2764c8a..66a175c 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -315,7 +315,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, int ret = 0; k_bytes = OPENSSL_malloc(num_k_bytes); - if (!k_bytes) + if (k_bytes == NULL) goto err; /* We copy |priv| into a local buffer to avoid exposing its length. */ diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c index 22c7dbe..080db63 100644 --- a/crypto/cmac/cm_pmeth.c +++ b/crypto/cmac/cm_pmeth.c @@ -64,7 +64,7 @@ static int pkey_cmac_init(EVP_PKEY_CTX *ctx) { ctx->data = CMAC_CTX_new(); - if (!ctx->data) + if (ctx->data == NULL) return 0; ctx->keygen_info_count = 0; return 1; @@ -88,7 +88,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { CMAC_CTX *cmkey = CMAC_CTX_new(); CMAC_CTX *cmctx = ctx->data; - if (!cmkey) + if (cmkey == NULL) return 0; if (!CMAC_CTX_copy(cmkey, cmctx)) { CMAC_CTX_free(cmkey); diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 0711bff..fc9e761 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -92,7 +92,7 @@ CMAC_CTX *CMAC_CTX_new(void) CMAC_CTX *ctx; ctx = OPENSSL_malloc(sizeof(*ctx)); - if (!ctx) + if (ctx == NULL) return NULL; EVP_CIPHER_CTX_init(&ctx->cctx); ctx->nlast_block = -1; diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c index 81cc6c5..1b84309 100644 --- a/crypto/cms/cms_cd.c +++ b/crypto/cms/cms_cd.c @@ -82,12 +82,12 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid) return NULL; } cms = CMS_ContentInfo_new(); - if (!cms) + if (cms == NULL) return NULL; cd = M_ASN1_new_of(CMS_CompressedData); - if (!cd) + if (cd == NULL) goto err; cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData); diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index 7609b6f..426f8cd 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -67,12 +67,12 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) CMS_ContentInfo *cms; CMS_DigestedData *dd; cms = CMS_ContentInfo_new(); - if (!cms) + if (cms == NULL) return NULL; dd = M_ASN1_new_of(CMS_DigestedData); - if (!dd) + if (dd == NULL) goto err; cms->contentType = OBJ_nid2obj(NID_pkcs7_digest); diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index fc66f60..a16120f 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -82,7 +82,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) enc = ec->cipher ? 1 : 0; b = BIO_new(BIO_f_cipher()); - if (!b) { + if (b == NULL) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE); return NULL; } @@ -130,7 +130,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) /* Generate random session key */ if (!enc || !ec->key) { tkey = OPENSSL_malloc(tkeylen); - if (!tkey) { + if (tkey == NULL) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE); goto err; } @@ -179,7 +179,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) if (piv) { calg->parameter = ASN1_TYPE_new(); - if (!calg->parameter) { + if (calg->parameter == NULL) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE); goto err; } @@ -210,7 +210,7 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, ec->cipher = cipher; if (key) { ec->key = OPENSSL_malloc(keylen); - if (!ec->key) + if (ec->key == NULL) return 0; memcpy(ec->key, key, keylen); } diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index e133bcc..b9775e0 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -153,10 +153,10 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) CMS_ContentInfo *cms; CMS_EnvelopedData *env; cms = CMS_ContentInfo_new(); - if (!cms) + if (cms == NULL) goto merr; env = cms_enveloped_data_init(cms); - if (!env) + if (env == NULL) goto merr; if (!cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL, 0)) @@ -208,7 +208,7 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, if (flags & CMS_KEY_PARAM) { ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); - if (!ktri->pctx) + if (ktri->pctx == NULL) return 0; if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) return 0; @@ -362,7 +362,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, goto err; } else { pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); - if (!pctx) + if (pctx == NULL) return 0; if (EVP_PKEY_encrypt_init(pctx) <= 0) @@ -420,7 +420,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, } ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!ktri->pctx) + if (ktri->pctx == NULL) return 0; if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0) @@ -685,7 +685,7 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, wkey = OPENSSL_malloc(ec->keylen + 8); - if (!wkey) { + if (wkey == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -755,7 +755,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8); - if (!ukey) { + if (ukey == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 2149749..3e35d06 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -97,7 +97,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, CMS_ReceiptRequest *rr = NULL; rr = CMS_ReceiptRequest_new(); - if (!rr) + if (rr == NULL) goto merr; if (id) ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen); diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c index 084a2cc..1d1d432 100644 --- a/crypto/cms/cms_io.c +++ b/crypto/cms/cms_io.c @@ -63,11 +63,11 @@ int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) { ASN1_OCTET_STRING **pos; pos = CMS_get0_content(cms); - if (!pos) + if (pos == NULL) return 0; - if (!*pos) + if (*pos == NULL) *pos = ASN1_OCTET_STRING_new(); - if (*pos) { + if (*pos != NULL) { (*pos)->flags |= ASN1_STRING_FLAG_NDEF; (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; *boundary = &(*pos)->data; diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 77181bc..c6d45a0 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -252,7 +252,7 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen, if (!EVP_CipherUpdate(&kari->ctx, NULL, &outlen, in, inlen)) goto err; out = OPENSSL_malloc(outlen); - if (!out) + if (out == NULL) goto err; if (!EVP_CipherUpdate(&kari->ctx, out, &outlen, in, inlen)) goto err; diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 157590d..fdc69f6 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -76,7 +76,7 @@ CMS_ContentInfo *cms_Data_create(void) { CMS_ContentInfo *cms; cms = CMS_ContentInfo_new(); - if (cms) { + if (cms != NULL) { cms->contentType = OBJ_nid2obj(NID_pkcs7_data); /* Never detached */ CMS_set_detached(cms, 0); @@ -316,9 +316,9 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached) *pos = NULL; return 1; } - if (!*pos) + if (*pos == NULL) *pos = ASN1_OCTET_STRING_new(); - if (*pos) { + if (*pos != NULL) { /* * NB: special flag to show content is created and not read in. */ @@ -344,7 +344,7 @@ BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) goto err; } mdbio = BIO_new(BIO_f_md()); - if (!mdbio || !BIO_set_md(mdbio, digest)) { + if (mdbio == NULL || !BIO_set_md(mdbio, digest)) { CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR); goto err; } diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index f722d9a..d662938 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -121,6 +121,9 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, /* Setup algorithm identifier for cipher */ encalg = X509_ALGOR_new(); + if (encalg == NULL) { + goto merr; + } EVP_CIPHER_CTX_init(&ctx); if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) { @@ -155,11 +158,11 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, /* Initialize recipient info */ ri = M_ASN1_new_of(CMS_RecipientInfo); - if (!ri) + if (ri == NULL) goto merr; ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo); - if (!ri->d.pwri) + if (ri->d.pwri == NULL) goto merr; ri->type = CMS_RECIPINFO_PASS; @@ -167,11 +170,11 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, /* Since this is overwritten, free up empty structure already there */ X509_ALGOR_free(pwri->keyEncryptionAlgorithm); pwri->keyEncryptionAlgorithm = X509_ALGOR_new(); - if (!pwri->keyEncryptionAlgorithm) + if (pwri->keyEncryptionAlgorithm == NULL) goto merr; pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid); pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new(); - if (!pwri->keyEncryptionAlgorithm->parameter) + if (pwri->keyEncryptionAlgorithm->parameter == NULL) goto merr; if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR), @@ -230,7 +233,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, return 0; } tmp = OPENSSL_malloc(inlen); - if (!tmp) + if (tmp == NULL) return 0; /* setup IV by decrypting last two blocks */ if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, @@ -388,7 +391,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, key = OPENSSL_malloc(keylen); - if (!key) + if (key == NULL) goto err; if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx)) @@ -398,7 +401,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, } else { key = OPENSSL_malloc(pwri->encryptedKey->length); - if (!key) { + if (key == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 50064e2..1720bcd 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -332,7 +332,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) { alg = X509_ALGOR_new(); - if (!alg) + if (alg == NULL) goto merr; X509_ALGOR_set_md(alg, md); if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { @@ -381,7 +381,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (flags & CMS_KEY_PARAM) { if (flags & CMS_NOATTR) { si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL); - if (!si->pctx) + if (si->pctx == NULL) goto err; if (EVP_PKEY_sign_init(si->pctx) <= 0) goto err; @@ -617,7 +617,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, goto err; siglen = EVP_PKEY_size(si->pkey); sig = OPENSSL_malloc(siglen); - if (!sig) { + if (sig == NULL) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); goto err; } @@ -630,7 +630,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, unsigned char *sig; unsigned int siglen; sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); - if (!sig) { + if (sig == NULL) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); goto err; } @@ -708,7 +708,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) goto err; OPENSSL_free(abuf); abuf = OPENSSL_malloc(siglen); - if (!abuf) + if (abuf == NULL) goto err; if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) goto err; @@ -851,6 +851,8 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } else { const EVP_MD *md = EVP_MD_CTX_md(&mctx); pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); + if (pkctx == NULL) + goto err; if (EVP_PKEY_verify_init(pkctx) <= 0) goto err; if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) @@ -894,20 +896,20 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, ASN1_INTEGER *key = NULL; if (keysize > 0) { key = ASN1_INTEGER_new(); - if (!key || !ASN1_INTEGER_set(key, keysize)) + if (key == NULL || !ASN1_INTEGER_set(key, keysize)) return 0; } alg = X509_ALGOR_new(); - if (!alg) { + if (alg == NULL) { ASN1_INTEGER_free(key); return 0; } X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); - if (!*algs) + if (*algs == NULL) *algs = sk_X509_ALGOR_new_null(); - if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) { + if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) { X509_ALGOR_free(alg); return 0; } diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 6bed211..5b55f05 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -82,7 +82,7 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) tmpout = cms_get_text_bio(out, flags); - if (!tmpout) { + if (tmpout == NULL) { CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE); goto err; } @@ -253,7 +253,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, return NULL; } cms = CMS_ContentInfo_new(); - if (!cms) + if (cms == NULL) return NULL; if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) return NULL; @@ -482,7 +482,7 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, int i; cms = CMS_ContentInfo_new(); - if (!cms || !CMS_SignedData_init(cms)) + if (cms == NULL || !CMS_SignedData_init(cms)) goto merr; if (flags & CMS_ASCIICRLF && !CMS_set1_eContentType(cms, diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index ea01ba4..6307daf 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -364,7 +364,7 @@ static int bio_zlib_new(BIO *bi) } # endif ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (!ctx) { + if (ctx == NULL) { COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE); return 0; } @@ -416,7 +416,7 @@ static int bio_zlib_read(BIO *b, char *out, int outl) BIO_clear_retry_flags(b); if (!ctx->ibuf) { ctx->ibuf = OPENSSL_malloc(ctx->ibufsize); - if (!ctx->ibuf) { + if (ctx->ibuf == NULL) { COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE); return 0; } @@ -475,7 +475,7 @@ static int bio_zlib_write(BIO *b, const char *in, int inl) if (!ctx->obuf) { ctx->obuf = OPENSSL_malloc(ctx->obufsize); /* Need error here */ - if (!ctx->obuf) { + if (ctx->obuf == NULL) { COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 1da68f9..1ff49aa 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -129,7 +129,7 @@ static CONF *def_create(CONF_METHOD *meth) CONF *ret; ret = OPENSSL_malloc(sizeof(*ret)); - if (ret) + if (ret != NULL) if (meth->init(ret) == 0) { OPENSSL_free(ret); ret = NULL; diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index c23a0f6..c1fbb60 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -166,7 +166,7 @@ int CONF_modules_load_file(const char *filename, const char *appname, CONF *conf = NULL; int ret = 0; conf = NCONF_new(NULL); - if (!conf) + if (conf == NULL) goto err; if (filename == NULL) { @@ -336,7 +336,7 @@ static int module_init(CONF_MODULE *pmod, char *name, char *value, /* Otherwise add initialized module to list */ imod = OPENSSL_malloc(sizeof(*imod)); - if (!imod) + if (imod == NULL) goto err; imod->pmod = pmod; @@ -535,7 +535,7 @@ char *CONF_get1_default_config_file(void) file = OPENSSL_malloc(len + 1); - if (!file) + if (file == NULL) return NULL; BUF_strlcpy(file, X509_get_default_cert_area(), len + 1); #ifndef OPENSSL_SYS_VMS diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index f0fcd83..43cba87 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -156,7 +156,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) dh = pkey->pkey.dh; str = ASN1_STRING_new(); - if (!str) { + if (str == NULL) { DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } @@ -258,7 +258,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) params = ASN1_STRING_new(); - if (!params) { + if (params == NULL) { DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } @@ -496,7 +496,7 @@ DH *DHparams_dup(DH *dh) { DH *ret; ret = DH_new(); - if (!ret) + if (ret == NULL) return NULL; if (!int_dh_param_copy(ret, dh, -1)) { DH_free(ret); @@ -691,7 +691,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, } pkpeer = EVP_PKEY_new(); - if (!pkpeer) + if (pkpeer == NULL) goto err; EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer); dhpeer = NULL; @@ -891,11 +891,11 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) /* Package wrap algorithm in an AlgorithmIdentifier */ wrap_alg = X509_ALGOR_new(); - if (!wrap_alg) + if (wrap_alg == NULL) goto err; wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); wrap_alg->parameter = ASN1_TYPE_new(); - if (!wrap_alg->parameter) + if (wrap_alg->parameter == NULL) goto err; if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) goto err; @@ -927,7 +927,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) if (!penc || !penclen) goto err; wrap_str = ASN1_STRING_new(); - if (!wrap_str) + if (wrap_str == NULL) goto err; ASN1_STRING_set0(wrap_str, penc, penclen); penc = NULL; diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index cc307dc..860feaa 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -70,7 +70,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, { if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)DH_new(); - if (*pval) + if (*pval != NULL) return 2; return 0; } else if (operation == ASN1_OP_FREE_PRE) { @@ -133,10 +133,10 @@ DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length) int_dhx942_dh *dhx = NULL; DH *dh = NULL; dh = DH_new(); - if (!dh) + if (dh == NULL) return NULL; dhx = d2i_int_dhx(NULL, pp, length); - if (!dhx) { + if (dhx == NULL) { DH_free(dh); return NULL; } diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index 7be6041..de93472 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -72,7 +72,7 @@ DH *DH_generate_parameters(int prime_len, int generator, if ((ret = DH_new()) == NULL) return NULL; cb = BN_GENCB_new(); - if (!cb) { + if (cb == NULL) { DH_free(ret); return NULL; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index b6c3038..a5cac06 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -167,6 +167,8 @@ static int generate_key(DH *dh) if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { local_prk = prk = BN_new(); + if (local_prk == NULL) + goto err; BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); } else prk = priv_key; diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index ff27221..1e12c3e 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -100,7 +100,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx) DH_PKEY_CTX *dctx; dctx = OPENSSL_zalloc(sizeof(*dctx)); - if (!dctx) + if (dctx == NULL) return 0; dctx->prime_len = 1024; dctx->subprime_len = -1; @@ -312,7 +312,7 @@ static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb) if (dctx->use_dsa > 2) return NULL; ret = DSA_new(); - if (!ret) + if (ret == NULL) return NULL; if (subprime_len == -1) { if (prime_len >= 2048) @@ -370,6 +370,8 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) if (ctx->pkey_gencb) { pcb = BN_GENCB_new(); + if (pcb == NULL) + return 0; evp_pkey_set_cb_translate(pcb, ctx); } else pcb = NULL; @@ -378,7 +380,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) DSA *dsa_dh; dsa_dh = dsa_dh_generate(dctx, pcb); BN_GENCB_free(pcb); - if (!dsa_dh) + if (dsa_dh == NULL) return 0; dh = DSA_dup_DH(dsa_dh); DSA_free(dsa_dh); @@ -389,7 +391,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) } #endif dh = DH_new(); - if (!dh) { + if (dh == NULL) { BN_GENCB_free(pcb); return 0; } @@ -411,7 +413,7 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 0; } dh = DH_new(); - if (!dh) + if (dh == NULL) return 0; EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh); /* Note: if error return, pkey is freed by parent routine */ @@ -460,7 +462,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, ret = 0; Zlen = DH_size(dh); Z = OPENSSL_malloc(Zlen); - if (!Z) { + if (Z == NULL) { goto err; } if (DH_compute_key_padded(Z, dhpub, dh) <= 0) diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 0002e08..d1d32c6 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -136,7 +136,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) dsa = pkey->pkey.dsa; if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { str = ASN1_STRING_new(); - if (!str) { + if (str == NULL) { DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } @@ -298,7 +298,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) params = ASN1_STRING_new(); - if (!params) { + if (params == NULL) { DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 99bca3b..5225a38 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -71,7 +71,7 @@ static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, if (operation == ASN1_OP_NEW_PRE) { DSA_SIG *sig; sig = OPENSSL_malloc(sizeof(*sig)); - if (!sig) { + if (sig == NULL) { DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); return 0; } @@ -96,7 +96,7 @@ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, { if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)DSA_new(); - if (*pval) + if (*pval != NULL) return 2; return 0; } else if (operation == ASN1_OP_FREE_PRE) { diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index f14e587..0b18776 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -89,7 +89,7 @@ DSA *DSA_generate_parameters(int bits, if ((ret = DSA_new()) == NULL) return NULL; cb = BN_GENCB_new(); - if (!cb) + if (cb == NULL) goto err; BN_GENCB_set_old(cb, callback, cb_arg); diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 480c29d..106ec3c 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -387,7 +387,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, else seed_tmp = OPENSSL_malloc(seed_len); - if (!seed || !seed_tmp) + if (seed == NULL || seed_tmp == NULL) goto err; if (seed_in) @@ -650,7 +650,7 @@ int dsa_paramgen_check_g(DSA *dsa) BN_MONT_CTX *mont = NULL; int rv = -1; ctx = BN_CTX_new(); - if (!ctx) + if (ctx == NULL) return -1; BN_CTX_start(ctx); if (BN_cmp(dsa->g, BN_value_one()) <= 0) diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 19d21ea..d27d47a 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -104,7 +104,7 @@ static int dsa_builtin_keygen(DSA *dsa) if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { local_prk = prk = BN_new(); - if (!local_prk) + if (local_prk == NULL) goto err; BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); } else diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 19a7583..34b4a4e 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -144,7 +144,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) m = BN_new(); xr = BN_new(); - if (!m || !xr) + if (m == NULL || xr == NULL) goto err; if (!dsa->p || !dsa->q || !dsa->g) { @@ -242,7 +242,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, k = BN_new(); kq = BN_new(); - if (!k || !kq) + if (k == NULL || kq == NULL) goto err; if (ctx_in == NULL) { @@ -356,7 +356,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, u2 = BN_new(); t1 = BN_new(); ctx = BN_CTX_new(); - if (!u1 || !u2 || !t1 || !ctx) + if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL) goto err; if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 1adab4f..1110e01 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -82,7 +82,7 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx) { DSA_PKEY_CTX *dctx; dctx = OPENSSL_malloc(sizeof(*dctx)); - if (!dctx) + if (dctx == NULL) return 0; dctx->nbits = 1024; dctx->qbits = 160; @@ -255,13 +255,13 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) int ret; if (ctx->pkey_gencb) { pcb = BN_GENCB_new(); - if (!pcb) + if (pcb == NULL) return 0; evp_pkey_set_cb_translate(pcb, ctx); } else pcb = NULL; dsa = DSA_new(); - if (!dsa) { + if (dsa == NULL) { BN_GENCB_free(pcb); return 0; } @@ -283,7 +283,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 0; } dsa = DSA_new(); - if (!dsa) + if (dsa == NULL) return 0; EVP_PKEY_assign_DSA(pkey, dsa); /* Note: if error return, pkey is freed by parent routine */ diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c index 64c51fc..d1aef75 100644 --- a/crypto/dsa/dsa_prn.c +++ b/crypto/dsa/dsa_prn.c @@ -99,7 +99,7 @@ int DSA_print(BIO *bp, const DSA *x, int off) EVP_PKEY *pk; int ret; pk = EVP_PKEY_new(); - if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) + if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) return 0; ret = EVP_PKEY_print_private(bp, pk, off, NULL); EVP_PKEY_free(pk); @@ -111,7 +111,7 @@ int DSAparams_print(BIO *bp, const DSA *x) EVP_PKEY *pk; int ret; pk = EVP_PKEY_new(); - if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) + if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) return 0; ret = EVP_PKEY_print_params(bp, pk, 4, NULL); EVP_PKEY_free(pk); diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index 2b95f92..5315e99 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -238,7 +238,7 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) */ if (!filespec2 || filespec1[0] == '/') { merged = OPENSSL_malloc(strlen(filespec1) + 1); - if (!merged) { + if (merged == NULL) { DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); return (NULL); } @@ -249,7 +249,7 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) */ else if (!filespec1) { merged = OPENSSL_malloc(strlen(filespec2) + 1); - if (!merged) { + if (merged == NULL) { DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); return (NULL); } @@ -273,7 +273,7 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) len--; } merged = OPENSSL_malloc(len + 2); - if (!merged) { + if (merged == NULL) { DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); return (NULL); } diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 1738f3c..c06063b 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -282,7 +282,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, */ if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) { merged = OPENSSL_malloc(strlen(filespec1) + 1); - if (!merged) { + if (merged == NULL) { DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); return (NULL); } @@ -293,7 +293,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, */ else if (!filespec1) { merged = OPENSSL_malloc(strlen(filespec2) + 1); - if (!merged) { + if (merged == NULL) { DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); return (NULL); } @@ -316,7 +316,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, len--; } merged = OPENSSL_malloc(len + 2); - if (!merged) { + if (merged == NULL) { DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); return (NULL); } diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index ffdc57f..0e1f02e 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -512,7 +512,7 @@ static char *vms_merger(DSO *dso, const char *filespec1, } merged = OPENSSL_malloc(nam.NAMX_ESL + 1); - if (!merged) + if (merged == NULL) goto malloc_err; strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL); merged[nam.NAMX_ESL] = '\0'; @@ -525,7 +525,7 @@ static char *vms_name_converter(DSO *dso, const char *filename) { int len = strlen(filename); char *not_translated = OPENSSL_malloc(len + 1); - if (not_translated) + if (not_translated != NULL) strcpy(not_translated, filename); return (not_translated); } diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 8d2123e..8bcabff 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -433,7 +433,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) } result = OPENSSL_malloc(len + 1); - if (!result) { + if (result == NULL) { DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE); return (NULL); } @@ -499,14 +499,14 @@ static char *win32_merger(DSO *dso, const char *filespec1, } if (!filespec2) { merged = OPENSSL_malloc(strlen(filespec1) + 1); - if (!merged) { + if (merged == NULL) { DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); return (NULL); } strcpy(merged, filespec1); } else if (!filespec1) { merged = OPENSSL_malloc(strlen(filespec2) + 1); - if (!merged) { + if (merged == NULL) { DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); return (NULL); } diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index d6a41a4..66bff0d 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -134,7 +134,7 @@ int ec_GF2m_simple_group_init(EC_GROUP *group) group->a = BN_new(); group->b = BN_new(); - if (!group->field || !group->a || !group->b) { + if (group->field == NULL || group->a == NULL || group->b == NULL) { BN_free(group->field); BN_free(group->a); BN_free(group->b); @@ -326,7 +326,7 @@ int ec_GF2m_simple_point_init(EC_POINT *point) point->Y = BN_new(); point->Z = BN_new(); - if (!point->X || !point->Y || !point->Z) { + if (point->X == NULL || point->Y == NULL || point->Z == NULL) { BN_free(point->X); BN_free(point->Y); BN_free(point->Z); diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index e2f3287..19932d5 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -90,7 +90,7 @@ static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) ASN1_STRING *pstr = NULL; pstr = ASN1_STRING_new(); - if (!pstr) + if (pstr == NULL) return 0; pstr->length = i2d_ECParameters(ec_key, &pstr->data); if (pstr->length <= 0) { @@ -120,7 +120,7 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) if (penclen <= 0) goto err; penc = OPENSSL_malloc(penclen); - if (!penc) + if (penc == NULL) goto err; p = penc; penclen = i2o_ECPublicKey(ec_key, &p); @@ -326,7 +326,7 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) return 0; } ep = OPENSSL_malloc(eplen); - if (!ep) { + if (ep == NULL) { EC_KEY_set_enc_flags(ec_key, old_flags); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); return 0; @@ -359,7 +359,7 @@ static int ec_bits(const EVP_PKEY *pkey) const EC_GROUP *group; int ret; - if (!order) { + if (order == NULL) { ERR_clear_error(); return 0; } @@ -679,7 +679,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, goto err; grp = EC_KEY_get0_group(pk->pkey.ec); ecpeer = EC_KEY_new(); - if (!ecpeer) + if (ecpeer == NULL) goto err; if (!EC_KEY_set_group(ecpeer, grp)) goto err; @@ -696,7 +696,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, if (!o2i_ECPublicKey(&ecpeer, &p, plen)) goto err; pkpeer = EVP_PKEY_new(); - if (!pkpeer) + if (pkpeer == NULL) goto err; EVP_PKEY_set1_EC_KEY(pkpeer, ecpeer); if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) @@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) if (penclen <= 0) goto err; penc = OPENSSL_malloc(penclen); - if (!penc) + if (penc == NULL) goto err; p = penc; penclen = i2o_ECPublicKey(eckey, &p); @@ -922,11 +922,11 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) /* Package wrap algorithm in an AlgorithmIdentifier */ wrap_alg = X509_ALGOR_new(); - if (!wrap_alg) + if (wrap_alg == NULL) goto err; wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); wrap_alg->parameter = ASN1_TYPE_new(); - if (!wrap_alg->parameter) + if (wrap_alg->parameter == NULL) goto err; if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) goto err; @@ -955,7 +955,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) if (!penc || !penclen) goto err; wrap_str = ASN1_STRING_new(); - if (!wrap_str) + if (wrap_str == NULL) goto err; ASN1_STRING_set0(wrap_str, penc, penclen); penc = NULL; diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index bd6592b..dacbdbf 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -383,7 +383,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) goto err; char_two->p.tpBasis = ASN1_INTEGER_new(); - if (!char_two->p.tpBasis) { + if (char_two->p.tpBasis == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); goto err; } @@ -398,7 +398,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) goto err; char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); - if (!char_two->p.ppBasis) { + if (char_two->p.ppBasis == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); goto err; } @@ -411,7 +411,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) /* for ONB the parameters are (asn1) NULL */ char_two->p.onBasis = ASN1_NULL_new(); - if (!char_two->p.onBasis) { + if (char_two->p.onBasis == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); goto err; } @@ -1028,6 +1028,10 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (priv_key->privateKey) { if (ret->priv_key == NULL) ret->priv_key = BN_secure_new(); + if (ret->priv_key == NULL) { + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); + goto err; + } ret->priv_key = BN_bin2bn(ASN1_STRING_data(priv_key->privateKey), ASN1_STRING_length(priv_key->privateKey), ret->priv_key); diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index ddb3257..d570601 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -352,12 +352,12 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, return 0; } ctx = BN_CTX_new(); - if (!ctx) + if (ctx == NULL) goto err; point = EC_POINT_new(key->group); - if (!point) + if (point == NULL) goto err; tx = BN_CTX_get(ctx); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 793645d..7cb4759 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -91,10 +91,10 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) ret->meth = meth; ret->order = BN_new(); - if (!ret->order) + if (ret->order == NULL) goto err; ret->cofactor = BN_new(); - if (!ret->cofactor) + if (ret->cofactor == NULL) goto err; ret->asn1_flag = OPENSSL_EC_NAMED_CURVE; ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; @@ -464,9 +464,9 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) return 1; - if (!ctx) + if (ctx == NULL) ctx_new = ctx = BN_CTX_new(); - if (!ctx) + if (ctx == NULL) return -1; BN_CTX_start(ctx); @@ -476,7 +476,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) b1 = BN_CTX_get(ctx); b2 = BN_CTX_get(ctx); b3 = BN_CTX_get(ctx); - if (!b3) { + if (b3 == NULL) { BN_CTX_end(ctx); BN_CTX_free(ctx_new); return -1; @@ -1075,7 +1075,7 @@ int ec_precompute_mont_data(EC_GROUP *group) goto err; group->mont_data = BN_MONT_CTX_new(); - if (!group->mont_data) + if (group->mont_data == NULL) goto err; if (!BN_MONT_CTX_set(group->mont_data, group->order, ctx)) { diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index a3d9885..7e29397 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -101,7 +101,7 @@ static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) return NULL; ret = OPENSSL_zalloc(sizeof(*ret)); - if (!ret) { + if (ret == NULL) { ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; } @@ -296,10 +296,10 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); /* Ensure wNAF is initialised in case we end up going to err */ - if (wNAF) + if (wNAF != NULL) wNAF[0] = NULL; /* preliminary pivot */ - if (!wsize || !wNAF_len || !wNAF || !val_sub) { + if (wsize == NULL || wNAF_len == NULL || wNAF == NULL || val_sub == NULL) { ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); goto err; } @@ -657,7 +657,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) * and store */ points = OPENSSL_malloc(sizeof(*points) * (num + 1)); - if (!points) { + if (points == NULL) { ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index aa1fa9f..ecae0bf 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -93,7 +93,7 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx) EC_PKEY_CTX *dctx; dctx = OPENSSL_zalloc(sizeof(*dctx)); - if (!dctx) + if (dctx == NULL) return 0; dctx->cofactor_mode = -1; @@ -248,7 +248,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, if (!pkey_ec_derive(ctx, NULL, &ktmplen)) return 0; ktmp = OPENSSL_malloc(ktmplen); - if (!ktmp) + if (ktmp == NULL) return 0; if (!pkey_ec_derive(ctx, ktmp, &ktmplen)) goto err; @@ -442,7 +442,7 @@ static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 0; } ec = EC_KEY_new(); - if (!ec) + if (ec == NULL) return 0; ret = EC_KEY_set_group(ec, dctx->gen_group); if (ret) diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index f1248b8..b9653ac 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -119,7 +119,7 @@ int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) EVP_PKEY *pk; int ret; pk = EVP_PKEY_new(); - if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x)) + if (pk == NULL || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x)) return 0; ret = EVP_PKEY_print_private(bp, pk, off, NULL); EVP_PKEY_free(pk); @@ -131,7 +131,7 @@ int ECParameters_print(BIO *bp, const EC_KEY *x) EVP_PKEY *pk; int ret; pk = EVP_PKEY_new(); - if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x)) + if (pk == NULL || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x)) return 0; ret = EVP_PKEY_print_params(bp, pk, 4, NULL); EVP_PKEY_free(pk); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 110984b..48ed2c4 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1817,7 +1817,7 @@ static NISTP256_PRE_COMP *nistp256_pre_comp_new() { NISTP256_PRE_COMP *ret = NULL; ret = OPENSSL_malloc(sizeof(*ret)); - if (!ret) { + if (ret == NULL) { ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; } diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index febf5e9..dd5b19b 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1646,7 +1646,7 @@ static NISTP521_PRE_COMP *nistp521_pre_comp_new() { NISTP521_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); - if (!ret) { + if (ret == NULL) { ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; } diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 5036060..3d83303 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1102,10 +1102,10 @@ __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *gr int ret = 0; x = BN_new(); - if (!x) + if (x == NULL) return 0; y = BN_new(); - if (!y) { + if (y == NULL) { BN_free(x); return 0; } @@ -1305,13 +1305,13 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, * handled like a normal point. */ new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *)); - if (!new_scalars) { + if (new_scalars == NULL) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE); goto err; } new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *)); - if (!new_points) { + if (new_points == NULL) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE); goto err; } @@ -1410,7 +1410,7 @@ static EC_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group) ret = OPENSSL_malloc(sizeof(*ret)); - if (!ret) { + if (ret == NULL) { ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; } diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index df7314a..a4830cb 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -132,7 +132,7 @@ int ec_GFp_simple_group_init(EC_GROUP *group) group->field = BN_new(); group->a = BN_new(); group->b = BN_new(); - if (!group->field || !group->a || !group->b) { + if (group->field == NULL || group->a == NULL || group->b == NULL) { BN_free(group->field); BN_free(group->a); BN_free(group->b); @@ -359,7 +359,7 @@ int ec_GFp_simple_point_init(EC_POINT *point) point->Z = BN_new(); point->Z_is_one = 0; - if (!point->X || !point->Y || !point->Z) { + if (point->X == NULL || point->Y == NULL || point->Z == NULL) { BN_free(point->X); BN_free(point->Y); BN_free(point->Z); diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 27266e9..bff80f9 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -120,7 +120,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, r = BN_new(); /* this value is later returned in *rp */ order = BN_new(); X = BN_new(); - if (!k || !r || !order || !X) { + if (k == NULL || r == NULL || order == NULL || X == NULL) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); goto err; } @@ -265,7 +265,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, } ret = ECDSA_SIG_new(); - if (!ret) { + if (ret == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); return NULL; } @@ -371,7 +371,7 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, } ctx = BN_CTX_new(); - if (!ctx) { + if (ctx == NULL) { ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index d058dba..d1c0029 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -1233,6 +1233,8 @@ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, int ret = 0; t2 = BN_new(); + if (t2 == NULL) + goto err; /* v = ( g^u1 * y^u2 mod p ) mod q */ /* let t1 = g ^ u1 mod p */ @@ -1289,6 +1291,8 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, BN_num_bytes(dsa->q), s) == 0) { dsaret = DSA_SIG_new(); + if (dsaret == NULL) + goto err; dsaret->r = r; dsaret->s = s; } else { diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 100b050..aed50f6 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -204,12 +204,12 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) { dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c)); - if (!c) { + if (c == NULL) { ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); return 0; } c->dirs = sk_OPENSSL_STRING_new_null(); - if (!c->dirs) { + if (c->dirs == NULL) { ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); OPENSSL_free(c); return 0; @@ -278,7 +278,7 @@ static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e) static ENGINE *engine_dynamic(void) { ENGINE *ret = ENGINE_new(); - if (!ret) + if (ret == NULL) return NULL; if (!ENGINE_set_id(ret, engine_dynamic_id) || !ENGINE_set_name(ret, engine_dynamic_name) || @@ -438,8 +438,10 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) ENGINE cpy; dynamic_fns fns; - if (!ctx->dynamic_dso) + if (ctx->dynamic_dso == NULL) ctx->dynamic_dso = DSO_new(); + if (ctx->dynamic_dso == NULL) + return 0; if (!ctx->DYNAMIC_LIBNAME) { if (!ctx->engine_id) return 0; diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index a113ebc..9ebb694 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -163,7 +163,7 @@ static int int_cleanup_check(int create) static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) { ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(*item)); - if (!item) + if (item == NULL) return NULL; item->cb = cb; return item; diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 54141f3..cfd4f7e 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -332,7 +332,7 @@ ENGINE *ENGINE_by_id(const char *id) iterator = engine_list_head; while (iterator && (strcmp(id, iterator->id) != 0)) iterator = iterator->next; - if (iterator) { + if (iterator != NULL) { /* * We need to return a structural reference. If this is an ENGINE * type that returns copies, make a duplicate - otherwise increment @@ -340,7 +340,7 @@ ENGINE *ENGINE_by_id(const char *id) */ if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) { ENGINE *cp = ENGINE_new(); - if (!cp) + if (cp == NULL) iterator = NULL; else { engine_cpy(cp, iterator); @@ -352,7 +352,7 @@ ENGINE *ENGINE_by_id(const char *id) } } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - if (iterator) + if (iterator != NULL) return iterator; /* * Prevent infinite recusrion if we're looking for the dynamic engine. diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 244a609..41754f7 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -186,7 +186,7 @@ static int bind_helper(ENGINE *e) static ENGINE *engine_openssl(void) { ENGINE *ret = ENGINE_new(); - if (!ret) + if (ret == NULL) return NULL; if (!bind_helper(ret)) { ENGINE_free(ret); @@ -429,7 +429,7 @@ static int ossl_hmac_init(EVP_PKEY_CTX *ctx) OSSL_HMAC_PKEY_CTX *hctx; hctx = OPENSSL_zalloc(sizeof(*hctx)); - if (!hctx) + if (hctx == NULL) return 0; hctx->ktmp.type = V_ASN1_OCTET_STRING; HMAC_CTX_init(&hctx->ctx); @@ -579,7 +579,7 @@ static int ossl_register_hmac_meth(void) { EVP_PKEY_METHOD *meth; meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0); - if (!meth) + if (meth == NULL) return 0; EVP_PKEY_meth_set_init(meth, ossl_hmac_init); EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy); diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c index 9316d6f..48726e2 100644 --- a/crypto/engine/eng_rdrand.c +++ b/crypto/engine/eng_rdrand.c @@ -120,7 +120,7 @@ static int bind_helper(ENGINE *e) static ENGINE *ENGINE_rdrand(void) { ENGINE *ret = ENGINE_new(); - if (!ret) + if (ret == NULL) return NULL; if (!bind_helper(ret)) { ENGINE_free(ret); diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c index 26b9230..5fd00dd 100644 --- a/crypto/engine/eng_table.c +++ b/crypto/engine/eng_table.c @@ -148,7 +148,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); if (!fnd) { fnd = OPENSSL_malloc(sizeof(*fnd)); - if (!fnd) + if (fnd == NULL) goto end; fnd->uptodate = 1; fnd->nid = *nids; diff --git a/crypto/err/err.c b/crypto/err/err.c index 1b94ce5..077929c 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -279,7 +279,7 @@ static LHASH_OF(ERR_STRING_DATA) *get_hash(int create, int lockit) int_error_hash = lh_ERR_STRING_DATA_new(); CRYPTO_pop_info(); } - if (int_error_hash) + if (int_error_hash != NULL) ret = int_error_hash; if (lockit) CRYPTO_w_unlock(CRYPTO_LOCK_ERR); @@ -326,7 +326,7 @@ static LHASH_OF(ERR_STATE) *int_thread_get(int create, int lockit) int_thread_hash = lh_ERR_STATE_new(); CRYPTO_pop_info(); } - if (int_thread_hash) { + if (int_thread_hash != NULL) { int_thread_hash_references++; ret = int_thread_hash; } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 1d25d97..607f0a1 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -126,7 +126,7 @@ EVP_MD_CTX *EVP_MD_CTX_create(void) { EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); - if (ctx) + if (ctx != NULL) EVP_MD_CTX_init(ctx); return ctx; @@ -288,7 +288,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) out->md_data = tmp_buf; else { out->md_data = OPENSSL_malloc(out->digest->ctx_size); - if (!out->md_data) { + if (out->md_data == NULL) { EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index b02cf6e..efa724a 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1265,7 +1265,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) if (gctx->iv != c->iv) OPENSSL_free(gctx->iv); gctx->iv = OPENSSL_malloc(arg); - if (!gctx->iv) + if (gctx->iv == NULL) return 0; } gctx->ivlen = arg; @@ -1359,7 +1359,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) gctx_out->iv = out->iv; else { gctx_out->iv = OPENSSL_malloc(gctx->ivlen); - if (!gctx_out->iv) + if (gctx_out->iv == NULL) return 0; memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 7f55c41..7ef0dd8 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -74,7 +74,7 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); - if (ctx) + if (ctx != NULL) EVP_CIPHER_CTX_init(ctx); return ctx; } @@ -159,7 +159,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->cipher = cipher; if (ctx->cipher->ctx_size) { ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size); - if (!ctx->cipher_data) { + if (ctx->cipher_data == NULL) { EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } @@ -620,7 +620,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) if (in->cipher_data && in->cipher->ctx_size) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); - if (!out->cipher_data) { + if (out->cipher_data == NULL) { EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 5c03a91..3e2c989 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -104,6 +104,8 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt = prompt_string; ui = UI_new(); + if (ui == NULL) + return -1; UI_add_input_string(ui, prompt, 0, buf, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len); if (verify) diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 90a5fc6..df507a5 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -90,7 +90,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t sltmp = (size_t)EVP_PKEY_size(pkey); i = 0; pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) + if (pkctx == NULL) goto err; if (EVP_PKEY_sign_init(pkctx) <= 0) goto err; diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 098bf91..892c646 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -88,7 +88,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { i = -1; pkctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!pkctx) + if (pkctx == NULL) goto err; if (EVP_PKEY_verify_init(pkctx) <= 0) goto err; diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 9416e1a..368c687 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -146,11 +146,13 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) return -1; } - if (!ppkey) + if (ppkey == NULL) return -1; - if (!*ppkey) + if (*ppkey == NULL) *ppkey = EVP_PKEY_new(); + if (*ppkey == NULL) + return -1; ret = ctx->pmeth->keygen(ctx, *ppkey); if (ret <= 0) { diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 67ba16d..bbc4565 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -160,7 +160,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) } ret = OPENSSL_zalloc(sizeof(*ret)); - if (!ret) { + if (ret == NULL) { #ifndef OPENSSL_NO_ENGINE if (e) ENGINE_finish(e); @@ -190,7 +190,7 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) EVP_PKEY_METHOD *pmeth; pmeth = OPENSSL_zalloc(sizeof(*pmeth)); - if (!pmeth) + if (pmeth == NULL) return NULL; pmeth->pkey_id = id; @@ -277,7 +277,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) } #endif rctx = OPENSSL_malloc(sizeof(*rctx)); - if (!rctx) + if (rctx == NULL) return NULL; rctx->pmeth = pctx->pmeth; @@ -311,7 +311,7 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) { if (app_pkey_methods == NULL) { app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); - if (!app_pkey_methods) + if (app_pkey_methods == NULL) return 0; } if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c index 380e1fa..26b4e59 100644 --- a/crypto/evp/scrypt.c +++ b/crypto/evp/scrypt.c @@ -268,7 +268,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, return 1; B = OPENSSL_malloc(Blen + Vlen); - if (B == 0) + if (B == NULL) return 0; X = (uint32_t *)(B + Blen); T = X + 32 * r; diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 62d03bb..29d8071 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -198,7 +198,7 @@ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, if (!ip) return -1; a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(*a)); - if (!a) { + if (a == NULL) { CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE); goto err; } @@ -247,7 +247,7 @@ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) storage = stack; else storage = OPENSSL_malloc(sizeof(*storage) * mx); - if (storage) + if (storage != NULL) for (i = 0; i < mx; i++) storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i); } @@ -297,7 +297,7 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, storage = stack; else storage = OPENSSL_malloc(sizeof(*storage) * mx); - if (storage) + if (storage != NULL) for (i = 0; i < mx; i++) storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i); } @@ -342,7 +342,7 @@ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) storage = stack; else storage = OPENSSL_malloc(sizeof(*storage) * mx); - if (storage) + if (storage != NULL) for (i = 0; i < mx; i++) storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(ip->meth, i); } diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c index 20abe4f..df6bf0b 100644 --- a/crypto/hmac/hm_ameth.c +++ b/crypto/hmac/hm_ameth.c @@ -107,7 +107,7 @@ static int old_hmac_decode(EVP_PKEY *pkey, { ASN1_OCTET_STRING *os; os = ASN1_OCTET_STRING_new(); - if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen)) + if (os == NULL || !ASN1_OCTET_STRING_set(os, *pder, derlen)) goto err; if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os)) goto err; diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index ff9dbe3..e06a1db 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -77,7 +77,7 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx) HMAC_PKEY_CTX *hctx; hctx = OPENSSL_zalloc(sizeof(*hctx)); - if (!hctx) + if (hctx == NULL) return 0; hctx->ktmp.type = V_ASN1_OCTET_STRING; HMAC_CTX_init(&hctx->ctx); diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index a8aa87d..abbcb89 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -201,6 +201,9 @@ static int generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x, BIGNUM *h = BN_new(); BIGNUM *t = BN_new(); + if (r == NULL || h == NULL || t == NULL) + goto end; + /*- * r in [0,q) * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform @@ -235,6 +238,9 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, BIGNUM *t3 = BN_new(); int ret = 0; + if (h == NULL || t1 == NULL || t2 == NULL || t3 == NULL) + goto end; + if (!zkp_hash(h, zkpg, p, ctx->p.peer_name)) goto end; diff --git a/crypto/lhash/lh_test.c b/crypto/lhash/lh_test.c index d9db83f..52010d9 100644 --- a/crypto/lhash/lh_test.c +++ b/crypto/lhash/lh_test.c @@ -77,6 +77,8 @@ main() break; i = strlen(buf); p = OPENSSL_malloc(i + 1); + if (p == NULL) + abort(); memcpy(p, buf, i + 1); lh_insert(conf, p); } diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 2cd1169..c19847e 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -792,7 +792,7 @@ void CRYPTO_mem_leaks_fp(FILE *fp) MemCheck_off(); b = BIO_new(BIO_s_file()); MemCheck_on(); - if (!b) + if (b == NULL) return; BIO_set_fp(b, fp, BIO_NOCLOSE); CRYPTO_mem_leaks(b); diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index f28e07c..0615224 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1701,7 +1701,7 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) { GCM128_CONTEXT *ret; - if ((ret = OPENSSL_malloc(sizeof(*ret)))) + if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL) CRYPTO_gcm128_init(ret, key, block); return ret; diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index ed48460..2685652 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -210,7 +210,7 @@ OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, OCB128_CONTEXT *octx; int ret; - if ((octx = OPENSSL_malloc(sizeof(*octx)))) { + if ((octx = OPENSSL_malloc(sizeof(*octx))) != NULL) { ret = CRYPTO_ocb128_init(octx, keyenc, keydec, encrypt, decrypt); if (ret) return octx; @@ -230,7 +230,7 @@ int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, ctx->l_index = 0; ctx->max_l_index = 1; ctx->l = OPENSSL_malloc(ctx->max_l_index * 16); - if (!ctx->l) + if (ctx->l == NULL) return 0; /* @@ -268,7 +268,7 @@ int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, dest->keydec = keydec; if (src->l) { dest->l = OPENSSL_malloc(src->max_l_index * 16); - if (!dest->l) + if (dest->l == NULL) return 0; memcpy(dest->l, src->l, (src->l_index + 1) * 16); } diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index 7a24ad0..d7441ca 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -85,7 +85,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), MemCheck_off(); name_funcs = OPENSSL_zalloc(sizeof(*name_funcs)); MemCheck_on(); - if (!name_funcs) { + if (name_funcs == NULL) { OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); return (0); } @@ -308,7 +308,7 @@ void OBJ_NAME_do_all_sorted(int type, d.names = OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh)); /* Really should return an error if !d.names...but its a void function! */ - if (d.names) { + if (d.names != NULL) { d.n = 0; OBJ_NAME_do_all(type, do_all_sorted_fn, &d); diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c index da3469f..6e35f57 100644 --- a/crypto/objects/obj_xref.c +++ b/crypto/objects/obj_xref.c @@ -147,16 +147,16 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) int OBJ_add_sigid(int signid, int dig_id, int pkey_id) { nid_triple *ntr; - if (!sig_app) + if (sig_app == NULL) sig_app = sk_nid_triple_new(sig_sk_cmp); - if (!sig_app) + if (sig_app == NULL) return 0; - if (!sigx_app) + if (sigx_app == NULL) sigx_app = sk_nid_triple_new(sigx_cmp); - if (!sigx_app) + if (sigx_app == NULL) return 0; ntr = OPENSSL_malloc(sizeof(*ntr)); - if (!ntr) + if (ntr == NULL) return 0; ntr->sign_id = signid; ntr->hash_id = dig_id; diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 2b77146..e6e7fc1 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -125,12 +125,12 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) { OCSP_SIGNATURE *sig; - if (!req->optionalSignature) + if (req->optionalSignature == NULL) req->optionalSignature = OCSP_SIGNATURE_new(); sig = req->optionalSignature; - if (!sig) + if (sig == NULL) return 0; - if (!cert) + if (cert == NULL) return 1; if (sig->certs == NULL && (sig->certs = sk_X509_new_null()) == NULL) diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index 2c92ee7..8f1cb08 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -115,7 +115,7 @@ OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline) { OCSP_REQ_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx)); - if (!rctx) + if (rctx == NULL) return NULL; rctx->state = OHS_ERROR; rctx->max_resp_len = OCSP_MAX_RESP_LENGTH; @@ -126,7 +126,7 @@ OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline) else rctx->iobuflen = OCSP_MAX_LINE_LEN; rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); - if (!rctx->iobuf || !rctx->mem) { + if (rctx->iobuf == NULL || rctx->mem == NULL) { OCSP_REQ_CTX_free(rctx); return NULL; } @@ -232,7 +232,7 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, OCSP_REQ_CTX *rctx = NULL; rctx = OCSP_REQ_CTX_new(io, maxline); - if (!rctx) + if (rctx == NULL) return NULL; if (!OCSP_REQ_CTX_http(rctx, "POST", path)) @@ -533,7 +533,7 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req) ctx = OCSP_sendreq_new(b, path, req, -1); - if (!ctx) + if (ctx == NULL) return NULL; do { diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 8f196c8..a39fa48 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -184,11 +184,13 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, break; case V_OCSP_CERTSTATUS_GOOD: - cs->value.good = ASN1_NULL_new(); + if ((cs->value.good = ASN1_NULL_new()) == NULL) + goto err; break; case V_OCSP_CERTSTATUS_UNKNOWN: - cs->value.unknown = ASN1_NULL_new(); + if ((cs->value.unknown = ASN1_NULL_new()) == NULL) + goto err; break; default: diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c index ab8c437..9a49422 100644 --- a/crypto/ocsp/v3_ocsp.c +++ b/crypto/ocsp/v3_ocsp.c @@ -234,10 +234,13 @@ static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) { ASN1_OCTET_STRING *os, **pos; pos = a; - if (!pos || !*pos) + if (pos == NULL || *pos == NULL) { os = ASN1_OCTET_STRING_new(); - else + if (os == NULL) + goto err; + } else { os = *pos; + } if (!ASN1_OCTET_STRING_set(os, *pp, length)) goto err; diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 045f568..0cbd081 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -172,6 +172,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_RSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -193,6 +195,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_DSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -214,6 +218,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_EC; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 893675f..1a249f5 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -173,7 +173,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) { ret = EVP_PKEY_new(); - if (!ret) + if (ret == NULL) goto err; if (!EVP_PKEY_set_type_str(ret, nm, slen) || !ret->ameth->param_decode diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 47fb9ac..50f19f3 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -98,7 +98,7 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) unsigned int i; p = *in + nbyte - 1; tmpbuf = OPENSSL_malloc(nbyte); - if (!tmpbuf) + if (tmpbuf == NULL) return 0; q = tmpbuf; for (i = 0; i < nbyte; i++) @@ -269,7 +269,7 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) length = blob_length(bitlen, isdss, ispub); buf = OPENSSL_malloc(length); - if (!buf) { + if (buf == NULL) { PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); goto err; } @@ -301,7 +301,7 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, dsa = DSA_new(); ret = EVP_PKEY_new(); - if (!dsa || !ret) + if (dsa == NULL || ret == NULL) goto memerr; if (!read_lebn(&p, nbyte, &dsa->p)) goto memerr; @@ -350,10 +350,10 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, hnbyte = (bitlen + 15) >> 4; rsa = RSA_new(); ret = EVP_PKEY_new(); - if (!rsa || !ret) + if (rsa == NULL || ret == NULL) goto memerr; rsa->e = BN_new(); - if (!rsa->e) + if (rsa->e == NULL) goto memerr; if (!BN_set_word(rsa->e, read_ledword(&p))) goto memerr; @@ -468,7 +468,7 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) p = *out; else { p = OPENSSL_malloc(outlen); - if (!p) + if (p == NULL) return -1; *out = p; noinc = 1; @@ -687,7 +687,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, goto err; } enctmp = OPENSSL_malloc(keylen + 8); - if (!enctmp) { + if (enctmp == NULL) { PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); goto err; } @@ -755,7 +755,7 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) return 0; buflen = (int)keylen + saltlen; buf = OPENSSL_malloc(buflen); - if (!buf) { + if (buf == NULL) { PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE); return 0; } @@ -790,7 +790,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, p = *out; else { p = OPENSSL_malloc(outlen); - if (!p) { + if (p == NULL) { PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index 879f157..fe378d7 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -140,7 +140,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, I = OPENSSL_malloc(Ilen); Ij = BN_new(); Bpl1 = BN_new(); - if (!D || !Ai || !B || !I || !Ij || !Bpl1) + if (D == NULL || Ai == NULL || B == NULL || I == NULL || Ij == NULL + || Bpl1 == NULL) goto err; for (i = 0; i < v; i++) D[i] = id; diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index 552f2f0..c60d124 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -104,7 +104,7 @@ X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, return NULL; } - if (!(p8 = X509_SIG_new())) { + if ((p8 = X509_SIG_new()) == NULL) { PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE); ASN1_OCTET_STRING_free(enckey); return NULL; diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c index ef2386b..3158525 100644 --- a/crypto/pkcs7/pk7_attr.c +++ b/crypto/pkcs7/pk7_attr.c @@ -154,7 +154,7 @@ int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, { ASN1_OCTET_STRING *os; os = ASN1_OCTET_STRING_new(); - if (!os) + if (os == NULL) return 0; if (!ASN1_STRING_set(os, md, mdlen) || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index b3b4ae3..df83294 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -567,7 +567,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) /* Generate random key as MMA defence */ tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); tkey = OPENSSL_malloc(tkeylen); - if (!tkey) + if (tkey == NULL) goto err; if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) goto err; @@ -614,6 +614,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) bio = BIO_new_mem_buf(data_body->data, data_body->length); else { bio = BIO_new(BIO_s_mem()); + if (bio == NULL) + goto err; BIO_set_mem_eof_return(bio, 0); } if (bio == NULL) @@ -717,9 +719,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* XXXXXXXXXXXXXXXX */ si_sk = p7->d.signed_and_enveloped->signer_info; os = p7->d.signed_and_enveloped->enc_data->enc_data; - if (!os) { + if (os == NULL) { os = ASN1_OCTET_STRING_new(); - if (!os) { + if (os == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); goto err; } @@ -729,9 +731,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) case NID_pkcs7_enveloped: /* XXXXXXXXXXXXXXXX */ os = p7->d.enveloped->enc_data->enc_data; - if (!os) { + if (os == NULL) { os = ASN1_OCTET_STRING_new(); - if (!os) { + if (os == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); goto err; } @@ -799,7 +801,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) unsigned int abuflen; abuflen = EVP_PKEY_size(si->pkey); abuf = OPENSSL_malloc(abuflen); - if (!abuf) + if (abuf == NULL) goto err; if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) { @@ -885,7 +887,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) goto err; abuf = OPENSSL_malloc(siglen); - if (!abuf) + if (abuf == NULL) goto err; if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) goto err; diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 55c90cc..760de52 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -195,7 +195,7 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, /* Round up request to multiple of block size */ min_len = ((min_len + 19) / 20) * 20; *pout = OPENSSL_malloc(min_len); - if (!*pout) + if (*pout == NULL) return 0; if (RAND_OpenSSL()->bytes(*pout, min_len) <= 0) { OPENSSL_free(*pout); diff --git a/crypto/rand/rand_os2.c b/crypto/rand/rand_os2.c index 0397d77..d95cd24 100644 --- a/crypto/rand/rand_os2.c +++ b/crypto/rand/rand_os2.c @@ -149,7 +149,7 @@ int RAND_poll(void) if (DosQuerySysState) { char *buffer = OPENSSL_malloc(256 * 1024); - if (!buffer) + if (buffer == NULL) return 0; if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) { diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index a91014b..7bf4161 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -712,7 +712,7 @@ static void readscreen(void) bi.biClrImportant = 0; bmbits = OPENSSL_malloc(size); - if (bmbits) { + if (bmbits != NULL) { /* Now go through the whole screen, repeatedly grabbing n lines */ for (y = 0; y < h - n; y += n) { unsigned char md[MD_DIGEST_LENGTH]; diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 63f88e5..bae43f2 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -449,7 +449,7 @@ static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) if (EVP_MD_type(md) == NID_sha1) return 1; *palg = X509_ALGOR_new(); - if (!*palg) + if (*palg == NULL) return 0; X509_ALGOR_set_md(*palg, md); return 1; @@ -469,7 +469,7 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) goto err; *palg = X509_ALGOR_new(); - if (!*palg) + if (*palg == NULL) goto err; X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); stmp = NULL; @@ -542,11 +542,11 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) saltlen--; } pss = RSA_PSS_PARAMS_new(); - if (!pss) + if (pss == NULL) goto err; if (saltlen != 20) { pss->saltLength = ASN1_INTEGER_new(); - if (!pss->saltLength) + if (pss->saltLength == NULL) goto err; if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) goto err; @@ -876,7 +876,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) if (labellen < 0) goto err; oaep = RSA_OAEP_PARAMS_new(); - if (!oaep) + if (oaep == NULL) goto err; if (!rsa_md_to_algor(&oaep->hashFunc, md)) goto err; @@ -885,9 +885,9 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) if (labellen > 0) { ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new(); oaep->pSourceFunc = X509_ALGOR_new(); - if (!oaep->pSourceFunc) + if (oaep->pSourceFunc == NULL) goto err; - if (!los) + if (los == NULL) goto err; if (!ASN1_OCTET_STRING_set(los, label, labellen)) { ASN1_OCTET_STRING_free(los); diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c index 8061aed..16c40e3 100644 --- a/crypto/rsa/rsa_asn1.c +++ b/crypto/rsa/rsa_asn1.c @@ -70,7 +70,7 @@ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, { if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)RSA_new(); - if (*pval) + if (*pval != NULL) return 2; return 0; } else if (operation == ASN1_OP_FREE_PRE) { diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c index 3c4fd67..4df1662 100644 --- a/crypto/rsa/rsa_crpt.c +++ b/crypto/rsa/rsa_crpt.c @@ -199,7 +199,7 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { /* Set BN_FLG_CONSTTIME flag */ local_n = n = BN_new(); - if (!local_n) { + if (local_n == NULL) { RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index b76781b..5bd0275 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -78,7 +78,7 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, RSA *rsa = RSA_new(); BIGNUM *e = BN_new(); - if (!cb || !rsa || !e) + if (cb == NULL || rsa == NULL || e == NULL) goto err; /* diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index a41964d..a09fbf0 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -184,7 +184,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (!f || !ret || !buf) { + if (f == NULL || ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -361,7 +361,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (!f || !ret || !buf) { + if (f == NULL || ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -422,7 +422,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { local_d = d = BN_new(); - if (!d) { + if (d == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -500,7 +500,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (!f || !ret || !buf) { + if (f == NULL || ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -554,7 +554,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { local_d = d = BN_new(); - if (!d) { + if (d == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -646,7 +646,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (!f || !ret || !buf) { + if (f == NULL || ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -723,7 +723,8 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) local_dmq1 = BN_new(); local_c = BN_new(); local_r1 = BN_new(); - if (!local_dmp1 || !local_dmq1 || !local_c || !local_r1) + if (local_dmp1 == NULL + || local_dmq1 == NULL || local_c == NULL || local_r1 == NULL) goto err; r1 = BN_CTX_get(ctx); @@ -740,12 +741,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { local_p = p = BN_new(); - if (!p) + if (p == NULL) goto err; BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); local_q = q = BN_new(); - if (!q) { + if (q == NULL) { BN_free(local_p); goto err; } @@ -880,7 +881,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { local_d = d = BN_new(); - if (!d) + if (d == NULL) goto err; BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index e40186a..dc3e5d3 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -97,7 +97,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, local_r0 = BN_new(); local_d = BN_new(); local_p = BN_new(); - if (!local_r0 || !local_d || !local_p) + if (local_r0 == NULL || local_d == NULL || local_p == NULL) goto err; ctx = BN_CTX_new(); diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index dd7b7dd..a2022bb 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -98,7 +98,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx) { RSA_PKEY_CTX *rctx; rctx = OPENSSL_zalloc(sizeof(*rctx)); - if (!rctx) + if (rctx == NULL) return 0; rctx->nbits = 1024; rctx->pad_mode = RSA_PKCS1_PADDING; @@ -141,7 +141,7 @@ static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) if (ctx->tbuf) return 1; ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); - if (!ctx->tbuf) + if (ctx->tbuf == NULL) return 0; return 1; } @@ -634,17 +634,17 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) RSA_PKEY_CTX *rctx = ctx->data; BN_GENCB *pcb; int ret; - if (!rctx->pub_exp) { + if (rctx->pub_exp == NULL) { rctx->pub_exp = BN_new(); - if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) + if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4)) return 0; } rsa = RSA_new(); - if (!rsa) + if (rsa == NULL) return 0; if (ctx->pkey_gencb) { pcb = BN_GENCB_new(); - if (!pcb) { + if (pcb == NULL) { RSA_free(rsa); return 0; } diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c index 3d8c800..fd29280 100644 --- a/crypto/rsa/rsa_prn.c +++ b/crypto/rsa/rsa_prn.c @@ -84,7 +84,7 @@ int RSA_print(BIO *bp, const RSA *x, int off) EVP_PKEY *pk; int ret; pk = EVP_PKEY_new(); - if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) + if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) return 0; ret = EVP_PKEY_print_private(bp, pk, off, NULL); EVP_PKEY_free(pk); diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 03d900c..95bf6b0 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -134,7 +134,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, maskedDBLen = emLen - hLen - 1; H = EM + maskedDBLen; DB = OPENSSL_malloc(maskedDBLen); - if (!DB) { + if (DB == NULL) { RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE); goto err; } @@ -231,7 +231,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, } if (sLen > 0) { salt = OPENSSL_malloc(sLen); - if (!salt) { + if (salt == NULL) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index e158c6d..24d3cb9 100644 --- a/crypto/rsa/rsa_x931g.c +++ b/crypto/rsa/rsa_x931g.c @@ -78,7 +78,7 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, goto err; ctx = BN_CTX_new(); - if (!ctx) + if (ctx == NULL) goto err; BN_CTX_start(ctx); @@ -101,9 +101,9 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, * test programs to output selective parameters. */ - if (Xp && !rsa->p) { + if (Xp && rsa->p == NULL) { rsa->p = BN_new(); - if (!rsa->p) + if (rsa->p == NULL) goto err; if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, @@ -111,16 +111,16 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, goto err; } - if (Xq && !rsa->q) { + if (Xq && rsa->q == NULL) { rsa->q = BN_new(); - if (!rsa->q) + if (rsa->q == NULL) goto err; if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, Xq, Xq1, Xq2, e, ctx, cb)) goto err; } - if (!rsa->p || !rsa->q) { + if (rsa->p == NULL || rsa->q == NULL) { BN_CTX_end(ctx); BN_CTX_free(ctx); return 2; @@ -153,7 +153,7 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, goto err; /* LCM((p-1)(q-1)) */ ctx2 = BN_CTX_new(); - if (!ctx2) + if (ctx2 == NULL) goto err; rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */ @@ -196,7 +196,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_CTX *ctx = NULL; ctx = BN_CTX_new(); - if (!ctx) + if (ctx == NULL) goto error; BN_CTX_start(ctx); @@ -207,7 +207,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, rsa->p = BN_new(); rsa->q = BN_new(); - if (!rsa->p || !rsa->q) + if (rsa->p == NULL || rsa->q == NULL) goto error; /* Generate two primes from Xp, Xq */ diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 1b554c3..c2e6b8e 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -270,7 +270,7 @@ int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); object = STORE_OBJECT_new(); - if (!object) { + if (object == NULL) { STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ERR_R_MALLOC_FAILURE); return 0; } @@ -471,12 +471,12 @@ int STORE_store_private_key(STORE *s, EVP_PKEY *data, store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); object = STORE_OBJECT_new(); - if (!object) { + if (object == NULL) { STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE); return 0; } object->data.key = EVP_PKEY_new(); - if (!object->data.key) { + if (object->data.key == NULL) { STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE); return 0; } @@ -655,12 +655,12 @@ int STORE_store_public_key(STORE *s, EVP_PKEY *data, store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); object = STORE_OBJECT_new(); - if (!object) { + if (object == NULL) { STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE); return 0; } object->data.key = EVP_PKEY_new(); - if (!object->data.key) { + if (object->data.key == NULL) { STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE); return 0; } @@ -862,7 +862,7 @@ int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); object = STORE_OBJECT_new(); - if (!object) { + if (object == NULL) { STOREerr(STORE_F_STORE_STORE_CRL, ERR_R_MALLOC_FAILURE); return 0; } @@ -991,7 +991,7 @@ int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], store_object, STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION); object = STORE_OBJECT_new(); - if (!object) { + if (object == NULL) { STOREerr(STORE_F_STORE_STORE_NUMBER, ERR_R_MALLOC_FAILURE); return 0; } @@ -1075,7 +1075,7 @@ int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], store_object, STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION); object = STORE_OBJECT_new(); - if (!object) { + if (object == NULL) { STOREerr(STORE_F_STORE_STORE_ARBITRARY, ERR_R_MALLOC_FAILURE); return 0; } @@ -1449,7 +1449,7 @@ void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes) { if (attributes) { struct attr_list_ctx_st *context = OPENSSL_malloc(sizeof(*context)); - if (context) + if (context != NULL) context->attributes = attributes; else STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_MALLOC_FAILURE); @@ -1473,7 +1473,7 @@ STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle) case STORE_ATTR_FRIENDLYNAME: case STORE_ATTR_EMAIL: case STORE_ATTR_FILENAME: - if (!attrs) + if (attrs == NULL) attrs = STORE_ATTR_INFO_new(); if (attrs == NULL) { STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, @@ -1490,7 +1490,7 @@ STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle) case STORE_ATTR_SUBJECTKEYID: case STORE_ATTR_ISSUERSERIALHASH: case STORE_ATTR_CERTHASH: - if (!attrs) + if (attrs == NULL) attrs = STORE_ATTR_INFO_new(); if (attrs == NULL) { STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, @@ -1504,7 +1504,7 @@ STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle) break; case STORE_ATTR_ISSUER: case STORE_ATTR_SUBJECT: - if (!attrs) + if (attrs == NULL) attrs = STORE_ATTR_INFO_new(); if (attrs == NULL) { STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, @@ -1516,7 +1516,7 @@ STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle) context->attributes->value); break; case STORE_ATTR_SERIAL: - if (!attrs) + if (attrs == NULL) attrs = STORE_ATTR_INFO_new(); if (attrs == NULL) { STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 1736f79..add76e7 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -248,7 +248,7 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, void *attribute_context = NULL; STORE_ATTR_INFO *attrs = NULL; - if (!context) { + if (context == NULL) { STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); return 0; } @@ -263,7 +263,7 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, if (context->search_attributes == NULL) { context->search_attributes = sk_STORE_ATTR_INFO_new(STORE_ATTR_INFO_compare); - if (!context->search_attributes) { + if (context->search_attributes == NULL) { STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/store/str_meth.c b/crypto/store/str_meth.c index c030198..f9ce8bb 100644 --- a/crypto/store/str_meth.c +++ b/crypto/store/str_meth.c @@ -65,7 +65,7 @@ STORE_METHOD *STORE_create_method(char *name) { STORE_METHOD *store_method = OPENSSL_zalloc(sizeof(*store_method)); - if (store_method) + if (store_method != NULL) store_method->name = BUF_strdup(name); return store_method; } diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index 0b4ee03..fb871d2 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -73,7 +73,7 @@ int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) char *hex; num_bn = BN_new(); - if (!num_bn) + if (num_bn == NULL) return -1; ASN1_INTEGER_to_BN(num, num_bn); if ((hex = BN_bn2hex(num_bn))) { diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index dd6591d..c7738b8 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -96,7 +96,7 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) { ASN1_INTEGER *serial = ASN1_INTEGER_new(); - if (!serial) + if (serial == NULL) goto err; if (!ASN1_INTEGER_set(serial, 1)) goto err; diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 48deb2e..35335fa 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -66,7 +66,7 @@ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) { TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (!ctx) + if (ctx == NULL) TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); return ctx; } diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 6837bd6..9440a85 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -138,7 +138,7 @@ static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt, } else if ((type == UIT_PROMPT || type == UIT_VERIFY || type == UIT_BOOLEAN) && result_buf == NULL) { UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER); - } else if ((ret = OPENSSL_malloc(sizeof(*ret)))) { + } else if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL) { ret->out_string = prompt; ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0; ret->input_flags = input_flags; @@ -581,7 +581,7 @@ UI_METHOD *UI_create_method(char *name) { UI_METHOD *ui_method = OPENSSL_zalloc(sizeof(*ui_method)); - if (ui_method) + if (ui_method != NULL) ui_method->name = BUF_strdup(name); return ui_method; } diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index b18e2a2..b1d76f4 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -83,7 +83,7 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, return -1; ui = UI_new(); - if (ui) { + if (ui != NULL) { ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1); if (ok >= 0 && verify) ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf); diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 3dd04d0..8310bc4 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -229,12 +229,12 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) } } ent = OPENSSL_malloc(sizeof(*ent)); - if (!ent) + if (ent == NULL) return 0; ent->dir_type = type; ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); ent->dir = OPENSSL_malloc((unsigned int)len + 1); - if (!ent->dir || !ent->hashes) { + if (ent->dir == NULL || ent->hashes == NULL) { by_dir_entry_free(ent); return 0; } diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 2bcac35..b61d757 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -183,21 +183,26 @@ X509_STORE *X509_STORE_new(void) if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) return NULL; - ret->objs = sk_X509_OBJECT_new(x509_object_cmp); + if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) + goto err; ret->cache = 1; - ret->get_cert_methods = sk_X509_LOOKUP_new_null(); + if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) + goto err; if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) - return NULL; + goto err; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { - sk_X509_OBJECT_free(ret->objs); - OPENSSL_free(ret); - return NULL; - } + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) + goto err; ret->references = 1; return ret; +err: + X509_VERIFY_PARAM_free(ret->param); + sk_X509_OBJECT_free(ret->objs); + sk_X509_LOOKUP_free(ret->get_cert_methods); + OPENSSL_free(ret); + return NULL; } static void cleanup(X509_OBJECT *a) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 1ae3675..051751f 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2049,7 +2049,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, } /* Create new CRL */ crl = X509_CRL_new(); - if (!crl || !X509_CRL_set_version(crl, 1)) + if (crl == NULL || !X509_CRL_set_version(crl, 1)) goto memerr; /* Set issuer name */ if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) @@ -2267,7 +2267,7 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) { X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (!ctx) { + if (ctx == NULL) { X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index cf8784d..ceb79e2 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -163,10 +163,10 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) X509_VERIFY_PARAM_ID *paramid; param = OPENSSL_zalloc(sizeof(*param)); - if (!param) + if (param == NULL) return NULL; param->id = paramid = OPENSSL_zalloc(sizeof(*paramid)); - if (!paramid) { + if (paramid == NULL) { OPENSSL_free(param); return NULL; } @@ -580,9 +580,9 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) { int idx; X509_VERIFY_PARAM *ptmp; - if (!param_table) { + if (param_table == NULL) { param_table = sk_X509_VERIFY_PARAM_new(param_cmp); - if (!param_table) + if (param_table == NULL) return 0; } else { idx = sk_X509_VERIFY_PARAM_find(param_table, param); diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c index 116f788..df27bf3 100644 --- a/crypto/x509/x509spki.c +++ b/crypto/x509/x509spki.c @@ -111,7 +111,7 @@ char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) der_len = i2d_NETSCAPE_SPKI(spki, NULL); der_spki = OPENSSL_malloc(der_len); b64_str = OPENSSL_malloc(der_len * 2); - if (!der_spki || !b64_str) { + if (der_spki == NULL || b64_str == NULL) { X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); OPENSSL_free(der_spki); OPENSSL_free(b64_str); diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c index 79fa5ca..435de80 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.c @@ -357,9 +357,9 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) { X509_CRL_INFO *inf; inf = &crl->crl; - if (!inf->revoked) + if (inf->revoked == NULL) inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); - if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { + if (inf->revoked == NULL || !sk_X509_REVOKED_push(inf->revoked, rev)) { ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); return 0; } @@ -478,7 +478,7 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), { X509_CRL_METHOD *m; m = OPENSSL_malloc(sizeof(*m)); - if (!m) + if (m == NULL) return NULL; m->crl_init = crl_init; m->crl_free = crl_free; diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index f52b91f..2895734 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -135,7 +135,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) { X509_NAME *ret = OPENSSL_zalloc(sizeof(*ret)); - if (!ret) + if (ret == NULL) goto memerr; if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL) goto memerr; @@ -361,7 +361,7 @@ static int x509_name_canon(X509_NAME *a) set = entry->set; } tmpentry = X509_NAME_ENTRY_new(); - if (!tmpentry) + if (tmpentry == NULL) goto err; tmpentry->object = OBJ_dup(entry->object); if (!asn1_string_canon(tmpentry->value, entry->value)) @@ -377,7 +377,7 @@ static int x509_name_canon(X509_NAME *a) p = OPENSSL_malloc(a->canon_enclen); - if (!p) + if (p == NULL) goto err; a->canon_enc = p; diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index 41a748d..97ebb36 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -84,12 +84,12 @@ static int policy_cache_create(X509 *x, if (sk_POLICYINFO_num(policies) == 0) goto bad_policy; cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); - if (!cache->data) + if (cache->data == NULL) goto bad_policy; for (i = 0; i < sk_POLICYINFO_num(policies); i++) { policy = sk_POLICYINFO_value(policies, i); data = policy_data_new(policy, NULL, crit); - if (!data) + if (data == NULL) goto bad_policy; /* * Duplicate policy OIDs are illegal: reject if matches found. @@ -129,7 +129,7 @@ static int policy_cache_new(X509 *x) POLICY_MAPPINGS *ext_pmaps = NULL; int i; cache = OPENSSL_malloc(sizeof(*cache)); - if (!cache) + if (cache == NULL) return 0; cache->anyPolicy = NULL; cache->data = NULL; diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index bb2760a..1772e31 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -99,10 +99,10 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, } else id = NULL; ret = OPENSSL_zalloc(sizeof(*ret)); - if (!ret) + if (ret == NULL) return NULL; ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); - if (!ret->expected_policy_set) { + if (ret->expected_policy_set == NULL) { OPENSSL_free(ret); ASN1_OBJECT_free(id); return NULL; diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c index 4989a81..1c58ad4 100644 --- a/crypto/x509v3/pcy_map.c +++ b/crypto/x509v3/pcy_map.c @@ -92,15 +92,15 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) /* Attempt to find matching policy data */ data = policy_cache_find_data(cache, map->issuerDomainPolicy); /* If we don't have anyPolicy can't map */ - if (!data && !cache->anyPolicy) + if (data == NULL && !cache->anyPolicy) continue; /* Create a NODE from anyPolicy */ - if (!data) { + if (data == NULL) { data = policy_data_new(NULL, map->issuerDomainPolicy, cache->anyPolicy->flags & POLICY_DATA_FLAG_CRITICAL); - if (!data) + if (data == NULL) goto bad_mapping; data->qualifier_set = cache->anyPolicy->qualifier_set; /* diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c index 64f979a..81b4c78 100644 --- a/crypto/x509v3/pcy_node.c +++ b/crypto/x509v3/pcy_node.c @@ -116,7 +116,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, X509_POLICY_NODE *node; node = OPENSSL_zalloc(sizeof(*node)); - if (!node) + if (node == NULL) return NULL; node->data = data; node->parent = parent; @@ -127,9 +127,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, level->anyPolicy = node; } else { - if (!level->nodes) + if (level->nodes == NULL) level->nodes = policy_node_cmp_new(); - if (!level->nodes) + if (level->nodes == NULL) goto node_error; if (!sk_X509_POLICY_NODE_push(level->nodes, node)) goto node_error; @@ -137,9 +137,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, } if (tree) { - if (!tree->extra_data) + if (tree->extra_data == NULL) tree->extra_data = sk_X509_POLICY_DATA_new_null(); - if (!tree->extra_data) + if (tree->extra_data == NULL) goto node_error; if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) goto node_error; diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index bbc9ada..04d7bfc 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -220,10 +220,10 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, /* If we get this far initialize the tree */ tree = OPENSSL_zalloc(sizeof(*tree)); - if (!tree) + if (tree == NULL) return 0; tree->levels = OPENSSL_zalloc(sizeof(*tree->levels) * n); - if (!tree->levels) { + if (tree->levels == NULL) { OPENSSL_free(tree); return 0; } @@ -233,7 +233,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, /* Root data: initialize to anyPolicy */ data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); - if (!data || !level_add_node(level, data, NULL, tree)) + if (data == NULL || !level_add_node(level, data, NULL, tree)) goto bad_tree; for (i = n - 2; i >= 0; i--) { @@ -478,9 +478,9 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, X509_POLICY_NODE *pcy) { - if (!*pnodes) { + if (*pnodes == NULL) { *pnodes = policy_node_cmp_new(); - if (!*pnodes) + if (*pnodes == NULL) return 0; } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) return 1; @@ -584,7 +584,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, * from anyPolicy. */ extra = policy_data_new(NULL, oid, node_critical(anyPolicy)); - if (!extra) + if (extra == NULL) return 0; extra->qualifier_set = anyPolicy->data->qualifier_set; extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 9331a49..3268669 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -187,6 +187,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, goto err; } pol = POLICYINFO_new(); + if (pol == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + goto err; + } pol->policyid = pobj; } if (!sk_POLICYINFO_push(pols, pol)) { diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 49d282e..3d61fdd 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -128,7 +128,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *dnsect; X509_NAME *nm; nm = X509_NAME_new(); - if (!nm) + if (nm == NULL) return -1; dnsect = X509V3_get_section(ctx, cnf->value); if (!dnsect) { @@ -162,7 +162,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, } *pdp = DIST_POINT_NAME_new(); - if (!*pdp) + if (*pdp == NULL) goto err; if (fnm) { (*pdp)->type = 0; @@ -206,9 +206,9 @@ static int set_reasons(ASN1_BIT_STRING **preas, char *value) return 0; for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { bnam = sk_CONF_VALUE_value(rsk, i)->name; - if (!*preas) { + if (*preas == NULL) { *preas = ASN1_BIT_STRING_new(); - if (!*preas) + if (*preas == NULL) goto err; } for (pbn = reason_flags; pbn->lname; pbn++) { @@ -257,7 +257,7 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, CONF_VALUE *cnf; DIST_POINT *point = NULL; point = DIST_POINT_new(); - if (!point) + if (point == NULL) goto err; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { int ret; @@ -418,7 +418,7 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *name, *val; int i, ret; idp = ISSUING_DIST_POINT_new(); - if (!idp) + if (idp == NULL) goto merr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c index b4b8de7..4c3ad05 100644 --- a/crypto/x509v3/v3_genn.c +++ b/crypto/x509v3/v3_genn.c @@ -229,7 +229,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, { OTHERNAME *oth; oth = OTHERNAME_new(); - if (!oth) + if (oth == NULL) return 0; oth->type_id = oid; oth->value = value; diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index d1a2455..4e38ad3 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -126,7 +126,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ntmp = OPENSSL_malloc(nlen); - if (!ntmp) { + if (ntmp == NULL) { X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 3fe20cc..d3f79ba 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -121,7 +121,7 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, GENERAL_SUBTREE *sub = NULL; ncons = NAME_CONSTRAINTS_new(); - if (!ncons) + if (ncons == NULL) goto memerr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); @@ -137,11 +137,13 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, } tval.value = val->value; sub = GENERAL_SUBTREE_new(); + if (sub == NULL) + goto memerr; if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) goto err; - if (!*ptree) + if (*ptree == NULL) *ptree = sk_GENERAL_SUBTREE_new_null(); - if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) + if (*ptree == NULL || !sk_GENERAL_SUBTREE_push(*ptree, sub)) goto memerr; sub = NULL; } diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index ad49724..6b68b96 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -111,7 +111,7 @@ static int process_pci_value(CONF_VALUE *val, long val_len; if (!*policy) { *policy = ASN1_OCTET_STRING_new(); - if (!*policy) { + if (*policy == NULL) { X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); X509V3_conf_err(val); return 0; @@ -293,7 +293,7 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, } pci = PROXY_CERT_INFO_EXTENSION_new(); - if (!pci) { + if (pci == NULL) { X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c index bd80a12..001f264 100644 --- a/crypto/x509v3/v3_pmaps.c +++ b/crypto/x509v3/v3_pmaps.c @@ -144,7 +144,7 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, return NULL; } pmap = POLICY_MAPPING_new(); - if (!pmap) { + if (pmap == NULL) { sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index ef21948..26619c5 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -101,7 +101,7 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, char *tmp; len = strlen(nval->value) + 1; tmp = OPENSSL_malloc(len); - if (tmp) { + if (tmp != NULL) { ascii2ebcdic(tmp, nval->value, len); BIO_printf(out, "%s:%s", nval->name, tmp); OPENSSL_free(tmp); @@ -154,7 +154,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, char *tmp; len = strlen(value) + 1; tmp = OPENSSL_malloc(len); - if (tmp) { + if (tmp != NULL) { ascii2ebcdic(tmp, value, len); BIO_printf(out, "%*s%s", indent, "", tmp); OPENSSL_free(tmp); diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index 777378c..b5122d2 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -180,7 +180,7 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, listlen -= sctlen; sct = OPENSSL_malloc(sizeof(*sct)); - if (!sct) + if (sct == NULL) goto err; if (!sk_SCT_push(sk, sct)) { OPENSSL_free(sct); @@ -188,7 +188,7 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, } sct->sct = OPENSSL_malloc(sctlen); - if (!sct->sct) + if (sct->sct == NULL) goto err; memcpy(sct->sct, p, sctlen); sct->sct_len = sctlen; diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 6494d83..8481749 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -176,11 +176,15 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) ASN1_INTEGER *aint; int isneg, ishex; int ret; - if (!value) { + if (value == NULL) { X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE); - return 0; + return NULL; } bn = BN_new(); + if (bn == NULL) { + X509V3err(X509V3_F_S2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); + return NULL; + } if (value[0] == '-') { value++; isneg = 1; @@ -201,7 +205,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) if (!ret || value[ret]) { BN_free(bn); X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR); - return 0; + return NULL; } if (isneg && BN_is_zero(bn)) @@ -212,7 +216,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) if (!aint) { X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_TO_ASN1_INTEGER_ERROR); - return 0; + return NULL; } if (isneg) aint->type |= V_ASN1_NEG; @@ -606,15 +610,15 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) return 1; if (!email->data || !email->length) return 1; - if (!*sk) + if (*sk == NULL) *sk = sk_OPENSSL_STRING_new(sk_strcmp); - if (!*sk) + if (*sk == NULL) return 0; /* Don't add duplicates */ if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1; emtmp = BUF_strdup((char *)email->data); - if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { + if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { X509_email_free(*sk); *sk = NULL; return 0; @@ -1077,7 +1081,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) return NULL; ret = ASN1_OCTET_STRING_new(); - if (!ret) + if (ret == NULL) return NULL; if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) { ASN1_OCTET_STRING_free(ret); @@ -1115,7 +1119,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) goto err; ret = ASN1_OCTET_STRING_new(); - if (!ret) + if (ret == NULL) goto err; if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) goto err; diff --git a/engines/e_capi.c b/engines/e_capi.c index a38592b..b2ae577 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -487,7 +487,7 @@ static int capi_init(ENGINE *e) } ctx = capi_ctx_new(); - if (!ctx) + if (ctx == NULL) goto memerr; ENGINE_set_ex_data(e, capi_idx, ctx); @@ -584,7 +584,7 @@ IMPLEMENT_DYNAMIC_CHECK_FN() static ENGINE *engine_capi(void) { ENGINE *ret = ENGINE_new(); - if (!ret) + if (ret == NULL) return NULL; if (!bind_capi(ret)) { ENGINE_free(ret); @@ -643,7 +643,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key) pubkey = OPENSSL_malloc(len); - if (!pubkey) + if (pubkey == NULL) goto memerr; if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) { @@ -678,7 +678,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key) rkey->e = BN_new(); rkey->n = BN_new(); - if (!rkey->e || !rkey->n) + if (rkey->e == NULL || rkey->n == NULL) goto memerr; if (!BN_set_word(rkey->e, rp->pubexp)) @@ -718,7 +718,8 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key) dkey->q = BN_new(); dkey->g = BN_new(); dkey->pub_key = BN_new(); - if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key) + if (dkey->p == NULL || dkey->q == NULL || dkey->g == NULL + || dkey->pub_key == NULL) goto memerr; if (!lend_tobn(dkey->p, btmp, dsa_plen)) goto memerr; @@ -1006,11 +1007,11 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen, goto err; } else { ret = DSA_SIG_new(); - if (!ret) + if (ret == NULL) goto err; ret->r = BN_new(); ret->s = BN_new(); - if (!ret->r || !ret->s) + if (ret->r == NULL || ret->s == NULL) goto err; if (!lend_tobn(ret->r, csigbuf, 20) || !lend_tobn(ret->s, csigbuf + 20, 20)) { @@ -1087,7 +1088,7 @@ static char *wide_to_asc(LPCWSTR wstr) return NULL; } str = OPENSSL_malloc(sz); - if (!str) { + if (str == NULL) { CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE); return NULL; } @@ -1201,7 +1202,7 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out) if (buflen == 0) buflen = 1024; cname = OPENSSL_malloc(buflen); - if (!cname) { + if (cname == NULL) { CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE); goto err; } @@ -1251,7 +1252,7 @@ static CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX * ctx, PCCERT_CONTEXT ce (cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len)) return NULL; pinfo = OPENSSL_malloc(len); - if (!pinfo) { + if (pinfo == NULL) { CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE); return NULL; } @@ -1581,7 +1582,7 @@ static CAPI_CTX *capi_ctx_new(void) { CAPI_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (!ctx) { + if (ctx == NULL) { CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/engines/e_chil.c b/engines/e_chil.c index 54c6b91..8696c9a 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -406,7 +406,7 @@ static int bind_helper(ENGINE *e) static ENGINE *engine_chil(void) { ENGINE *ret = ENGINE_new(); - if (!ret) + if (ret == NULL) return NULL; if (!bind_helper(ret)) { ENGINE_free(ret); @@ -780,7 +780,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, } # ifndef OPENSSL_NO_RSA hptr = OPENSSL_malloc(sizeof(*hptr)); - if (!hptr) { + if (hptr == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); goto err; } @@ -827,10 +827,14 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, bn_fix_top(rtmp->n); res = EVP_PKEY_new(); + if (res == NULL) { + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); + goto err; + } EVP_PKEY_assign_RSA(res, rtmp); # endif - if (!res) + if (res == NULL) HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED); diff --git a/engines/e_gmp.c b/engines/e_gmp.c index 7888c2b..68a8cf8 100644 --- a/engines/e_gmp.c +++ b/engines/e_gmp.c @@ -186,7 +186,7 @@ static int bind_helper(ENGINE *e) static ENGINE *engine_gmp(void) { ENGINE *ret = ENGINE_new(); - if (!ret) + if (ret == NULL) return NULL; if (!bind_helper(ret)) { ENGINE_free(ret); @@ -296,7 +296,7 @@ static int gmp2bn(mpz_t g, BIGNUM *bn) } else { int toret; char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10); - if (!tmpchar) + if (tmpchar == NULL) return 0; mpz_get_str(tmpchar, 16, g); toret = BN_hex2bn(&bn, tmpchar); @@ -326,7 +326,7 @@ static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa) if (hptr) return hptr; hptr = OPENSSL_malloc(sizeof(*hptr)); - if (!hptr) + if (hptr == NULL) return NULL; /* * These inits could probably be replaced by more intelligent mpz_init2() diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c index e9a071c..b3b9bc0 100644 --- a/engines/e_ossltest.c +++ b/engines/e_ossltest.c @@ -257,7 +257,7 @@ IMPLEMENT_DYNAMIC_CHECK_FN() static ENGINE *engine_ossltest(void) { ENGINE *ret = ENGINE_new(); - if (!ret) + if (ret == NULL) return NULL; if (!bind_ossltest(ret)) { ENGINE_free(ret); @@ -505,7 +505,7 @@ int ossltest_aes128_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, * run time */ ctx->cipher_data = OPENSSL_zalloc(EVP_aes_128_cbc()->ctx_size); - if (!ctx->cipher_data) { + if (ctx->cipher_data == NULL) { OSSLTESTerr(OSSLTEST_F_OSSLTEST_AES128_INIT_KEY, ERR_R_MALLOC_FAILURE); return 0; diff --git a/engines/e_padlock.c b/engines/e_padlock.c index df636b5..fa323b1 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -192,7 +192,7 @@ static ENGINE *ENGINE_padlock(void) { ENGINE *eng = ENGINE_new(); - if (!eng) { + if (eng == NULL) { return NULL; } diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index ef070b0..eefd37f 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -265,7 +265,7 @@ static int bind_helper(ENGINE *e) static ENGINE *engine_ubsec(void) { ENGINE *ret = ENGINE_new(); - if (!ret) + if (ret == NULL) return NULL; if (!bind_helper(ret)) { ENGINE_free(ret); diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index b865ad4..6e70c56 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -155,7 +155,7 @@ int dtls1_new(SSL *s) d1->link_mtu = 0; d1->mtu = 0; - if (!d1->buffered_messages || !d1->sent_messages) { + if (d1->buffered_messages == NULL || d1->sent_messages == NULL) { pqueue_free(d1->buffered_messages); pqueue_free(d1->sent_messages); OPENSSL_free(d1); diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 0133ae3..ebe486e 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -137,8 +137,8 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) d->processed_rcds.q = pqueue_new(); d->buffered_app_data.q = pqueue_new(); - if (!d->unprocessed_rcds.q || !d->processed_rcds.q - || !d->buffered_app_data.q) { + if (d->unprocessed_rcds.q == NULL || d->processed_rcds.q == NULL + || d->buffered_app_data.q == NULL) { pqueue_free(d->unprocessed_rcds.q); pqueue_free(d->processed_rcds.q); pqueue_free(d->buffered_app_data.q); diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index c9f1b71..ae31f5d 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -530,7 +530,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) packlen *= 4; wb->buf = OPENSSL_malloc(packlen); - if (!wb->buf) { + if (wb->buf == NULL) { SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 1c7e7a2..8b12761 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4311,7 +4311,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return 0; #endif ptmp = EVP_PKEY_new(); - if (!ptmp) + if (ptmp == NULL) return 0; #ifndef OPENSSL_NO_RSA else if (s->s3->peer_rsa_tmp) @@ -4999,7 +4999,7 @@ static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) if (len > 0xff) return 0; c->ctypes = OPENSSL_malloc(len); - if (!c->ctypes) + if (c->ctypes == NULL) return 0; memcpy(c->ctypes, p, len); c->ctype_num = len; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 3304a1d..9a373b1 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -282,7 +282,7 @@ CERT *ssl_cert_dup(CERT *cert) /* Configured sigalgs copied across */ if (cert->conf_sigalgs) { ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen); - if (!ret->conf_sigalgs) + if (ret->conf_sigalgs == NULL) goto err; memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen); ret->conf_sigalgslen = cert->conf_sigalgslen; @@ -291,7 +291,7 @@ CERT *ssl_cert_dup(CERT *cert) if (cert->client_sigalgs) { ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen); - if (!ret->client_sigalgs) + if (ret->client_sigalgs == NULL) goto err; memcpy(ret->client_sigalgs, cert->client_sigalgs, cert->client_sigalgslen); @@ -303,7 +303,7 @@ CERT *ssl_cert_dup(CERT *cert) /* Copy any custom client certificate types */ if (cert->ctypes) { ret->ctypes = OPENSSL_malloc(cert->ctype_num); - if (!ret->ctypes) + if (ret->ctypes == NULL) goto err; memcpy(ret->ctypes, cert->ctypes, cert->ctype_num); ret->ctype_num = cert->ctype_num; @@ -968,7 +968,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags) /* Rearranging and check the chain: add everything to a store */ if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) { chain_store = X509_STORE_new(); - if (!chain_store) + if (chain_store == NULL) goto err; for (i = 0; i < sk_X509_num(cpk->chain); i++) { x = sk_X509_value(cpk->chain, i); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 581c8a0..0cecd92 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1039,7 +1039,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, } number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1)); - if (!number_uses) { + if (number_uses == NULL) { SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); return (0); } diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 9c252fa..ad20f44 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -487,12 +487,12 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) BIO *in = NULL; if (cctx->ctx || cctx->ssl) { in = BIO_new(BIO_s_file()); - if (!in) + if (in == NULL) goto end; if (BIO_read_filename(in, value) <= 0) goto end; dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); - if (!dh) + if (dh == NULL) goto end; } else return 1; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ec85256..b6e5127 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -311,7 +311,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->generate_session_id = ctx->generate_session_id; s->param = X509_VERIFY_PARAM_new(); - if (!s->param) + if (s->param == NULL) goto err; X509_VERIFY_PARAM_inherit(s->param, ctx->param); s->quiet_shutdown = ctx->quiet_shutdown; @@ -1547,7 +1547,7 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, { OPENSSL_free(ctx->alpn_client_proto_list); ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len); - if (!ctx->alpn_client_proto_list) + if (ctx->alpn_client_proto_list == NULL) return 1; memcpy(ctx->alpn_client_proto_list, protos, protos_len); ctx->alpn_client_proto_list_len = protos_len; @@ -1565,7 +1565,7 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, { OPENSSL_free(ssl->alpn_client_proto_list); ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len); - if (!ssl->alpn_client_proto_list) + if (ssl->alpn_client_proto_list == NULL) return 1; memcpy(ssl->alpn_client_proto_list, protos, protos_len); ssl->alpn_client_proto_list_len = protos_len; @@ -1708,7 +1708,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) } ret->param = X509_VERIFY_PARAM_new(); - if (!ret->param) + if (ret->param == NULL) goto err; if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) { diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 6f46b9f..9642746 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -1009,7 +1009,7 @@ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) s->tlsext_session_ticket = NULL; s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); - if (!s->tlsext_session_ticket) { + if (s->tlsext_session_ticket == NULL) { SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 4684098..330cee1 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2213,7 +2213,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) s->session->tlsext_ticklen = 0; s->session->tlsext_tick = OPENSSL_malloc(ticklen); - if (!s->session->tlsext_tick) { + if (s->session->tlsext_tick == NULL) { SSLerr(SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); goto err; } @@ -2267,7 +2267,7 @@ MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt) } OPENSSL_free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = OPENSSL_malloc(resplen); - if (!s->tlsext_ocsp_resp) { + if (s->tlsext_ocsp_resp == NULL) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, ERR_R_MALLOC_FAILURE); goto f_err; @@ -2451,7 +2451,7 @@ psk_err: RSA *rsa; pmslen = SSL_MAX_MASTER_KEY_LENGTH; pms = OPENSSL_malloc(pmslen); - if (!pms) + if (pms == NULL) goto memerr; if (s->session->peer == NULL) { @@ -2553,7 +2553,7 @@ psk_err: pmslen = DH_size(dh_clnt); pms = OPENSSL_malloc(pmslen); - if (!pms) + if (pms == NULL) goto memerr; /* @@ -2693,7 +2693,7 @@ psk_err: } pmslen = (field_size + 7) / 8; pms = OPENSSL_malloc(pmslen); - if (!pms) + if (pms == NULL) goto memerr; n = ECDH_compute_key(pms, pmslen, srvr_ecpoint, clnt_ecdh, NULL); if (n <= 0 || pmslen != (size_t)n) { @@ -2758,7 +2758,7 @@ psk_err: pmslen = 32; pms = OPENSSL_malloc(pmslen); - if (!pms) + if (pms == NULL) goto memerr; /* @@ -2773,6 +2773,11 @@ psk_err: pkey_ctx = EVP_PKEY_CTX_new(pub_key = X509_get_pubkey(peer_cert), NULL); + if (pkey_ctx == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto err; + } /* * If we have send a certificate, and certificate key * @@ -2989,8 +2994,12 @@ int tls_construct_client_verify(SSL *s) p = ssl_handshake_start(s); pkey = s->cert->key->privatekey; -/* Create context from key and test if sha1 is allowed as digest */ + /* Create context from key and test if sha1 is allowed as digest */ pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pctx == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } EVP_PKEY_sign_init(pctx); if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1()) > 0) { if (!SSL_USE_SIGALGS(s)) diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 58a0959..aafd28f 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -1075,7 +1075,7 @@ int dtls1_buffer_message(SSL *s, int is_ccs) OPENSSL_assert(s->init_off == 0); frag = dtls1_hm_fragment_new(s->init_num, 0); - if (!frag) + if (frag == NULL) return 0; memcpy(frag->fragment, s->init_buf->data, s->init_num); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index e54672a..c418787 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2807,6 +2807,11 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); + if (pkey_ctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + goto f_err; + } EVP_PKEY_decrypt_init(pkey_ctx); /* * If client certificate is present and is of the same type, maybe @@ -3140,6 +3145,11 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt) unsigned char signature[64]; int idx; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE); + goto f_err; + } EVP_PKEY_verify_init(pctx); if (len != 64) { fprintf(stderr, "GOST signature length is %d", len); @@ -3337,7 +3347,7 @@ int tls_construct_new_session_ticket(SSL *s) return 0; } senc = OPENSSL_malloc(slen_full); - if (!senc) { + if (senc == NULL) { ossl_statem_set_error(s); return 0; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index b31eae1..9607c2e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -599,7 +599,7 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, */ unsigned long dup_list = 0; clist = OPENSSL_malloc(ncurves * 2); - if (!clist) + if (clist == NULL) return 0; for (i = 0, p = clist; i < ncurves; i++) { unsigned long idmask; @@ -1327,7 +1327,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, s->tlsext_session_ticket->data) { ticklen = s->tlsext_session_ticket->length; s->session->tlsext_tick = OPENSSL_malloc(ticklen); - if (!s->session->tlsext_tick) + if (s->session->tlsext_tick == NULL) return NULL; memcpy(s->session->tlsext_tick, s->tlsext_session_ticket->data, ticklen); @@ -1787,7 +1787,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, PACKET *pkt, int *al) if (r == SSL_TLSEXT_ERR_OK) { OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_malloc(selected_len); - if (!s->s3->alpn_selected) { + if (s->s3->alpn_selected == NULL) { *al = SSL_AD_INTERNAL_ERROR; return -1; } @@ -2496,7 +2496,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) return 0; } s->next_proto_negotiated = OPENSSL_malloc(selected_len); - if (!s->next_proto_negotiated) { + if (s->next_proto_negotiated == NULL) { *al = TLS1_AD_INTERNAL_ERROR; return 0; } @@ -2528,7 +2528,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) } OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_malloc(len); - if (!s->s3->alpn_selected) { + if (s->s3->alpn_selected == NULL) { *al = TLS1_AD_INTERNAL_ERROR; return 0; } @@ -3104,7 +3104,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); sdec = OPENSSL_malloc(eticklen); - if (!sdec) { + if (sdec == NULL) { EVP_CIPHER_CTX_cleanup(&ctx); return -1; } @@ -3430,7 +3430,7 @@ static int tls1_set_shared_sigalgs(SSL *s) nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen); if (nmatch) { salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS)); - if (!salgs) + if (salgs == NULL) return 0; nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen); } else { @@ -4179,16 +4179,16 @@ DH *ssl_get_auto_dh(SSL *s) if (dh_secbits >= 128) { DH *dhp = DH_new(); - if (!dhp) + if (dhp == NULL) return NULL; dhp->g = BN_new(); - if (dhp->g) + if (dhp->g != NULL) BN_set_word(dhp->g, 2); if (dh_secbits >= 192) dhp->p = get_rfc3526_prime_8192(NULL); else dhp->p = get_rfc3526_prime_3072(NULL); - if (!dhp->p || !dhp->g) { + if (dhp->p == NULL || dhp->g == NULL) { DH_free(dhp); return NULL; } From matt at openssl.org Mon Nov 9 23:02:29 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Nov 2015 23:02:29 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1447110149.772006.13757.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 903738ac63e60c10552741e2d6de9753c67e0ff3 (commit) from a89dda8cd024f53cbae75655e9ec000d9b4a320b (commit) - Log ----------------------------------------------------------------- commit 903738ac63e60c10552741e2d6de9753c67e0ff3 Author: Matt Caswell Date: Wed Nov 4 15:51:02 2015 +0000 Fix missing malloc return value checks During work on a larger change in master a number of locations were identified where return value checks were missing. This backports the relevant fixes. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 2 ++ crypto/cms/cms_pwri.c | 3 +++ crypto/cms/cms_sd.c | 2 ++ crypto/engine/eng_cryptodev.c | 7 +++++-- crypto/evp/evp_key.c | 2 ++ crypto/jpake/jpake.c | 4 ++++ crypto/pem/pem_info.c | 6 ++++++ crypto/pkcs7/pk7_doit.c | 2 ++ crypto/x509v3/v3_cpols.c | 4 ++++ crypto/x509v3/v3_ncons.c | 2 ++ engines/e_chil.c | 4 ++++ ssl/s3_clnt.c | 5 +++++ ssl/s3_srvr.c | 10 ++++++++++ 13 files changed, 51 insertions(+), 2 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 7fb9285..0b66095 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2532,6 +2532,8 @@ static int do_updatedb(CA_DB *db) char **rrow, *a_tm_s; a_tm = ASN1_UTCTIME_new(); + if (a_tm == NULL) + return -1; /* get actual time and make a string */ a_tm = X509_gmtime_adj(a_tm, 0); diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index a8322dc..b91c016 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -121,6 +121,9 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, /* Setup algorithm identifier for cipher */ encalg = X509_ALGOR_new(); + if (encalg == NULL) { + goto merr; + } EVP_CIPHER_CTX_init(&ctx); if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) { diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 721ffd5..a41aca8 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -857,6 +857,8 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } else { const EVP_MD *md = EVP_MD_CTX_md(&mctx); pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); + if (pkctx == NULL) + goto err; if (EVP_PKEY_verify_init(pkctx) <= 0) goto err; if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index 926d95c..8fb9c33 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -1292,15 +1292,18 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, BN_num_bytes(dsa->q), s) == 0) { dsaret = DSA_SIG_new(); + if (dsaret == NULL) + goto err; dsaret->r = r; dsaret->s = s; + r = s = NULL; } else { const DSA_METHOD *meth = DSA_OpenSSL(); - BN_free(r); - BN_free(s); dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); } err: + BN_free(r); + BN_free(s); kop.crk_param[0].crp_p = NULL; zapparams(&kop); return (dsaret); diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 122bc28..5be9e33 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -104,6 +104,8 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt = prompt_string; ui = UI_new(); + if (ui == NULL) + return -1; UI_add_input_string(ui, prompt, 0, buf, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len); if (verify) diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index 8c38727..ebc0975 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -219,6 +219,9 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, BIGNUM *t3 = BN_new(); int ret = 0; + if (h == NULL || t1 == NULL || t2 == NULL || t3 == NULL) + goto end; + zkp_hash(h, zkpg, p, ctx->p.peer_name); /* t1 = g^b */ @@ -234,6 +237,7 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, else JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED); +end: /* cleanup */ BN_free(t3); BN_free(t2); diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 68747d1..4d736a1 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -172,6 +172,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_RSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -193,6 +195,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_DSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -214,6 +218,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_EC; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 83f3b77..946aaa6 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -656,6 +656,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) bio = BIO_new_mem_buf(data_body->data, data_body->length); else { bio = BIO_new(BIO_s_mem()); + if (bio == NULL) + goto err; BIO_set_mem_eof_return(bio, 0); } if (bio == NULL) diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 0febc1b..d97f622 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -186,6 +186,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, goto err; } pol = POLICYINFO_new(); + if (pol == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + goto err; + } pol->policyid = pobj; } if (!sk_POLICYINFO_push(pols, pol)) { diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index b97ed27..2855269 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -132,6 +132,8 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, } tval.value = val->value; sub = GENERAL_SUBTREE_new(); + if (sub == NULL) + goto memerr; if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) goto err; if (!*ptree) diff --git a/engines/e_chil.c b/engines/e_chil.c index 69d49d7..72d14fe 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -839,6 +839,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, bn_fix_top(rtmp->n); res = EVP_PKEY_new(); + if (res == NULL) { + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); + goto err; + } EVP_PKEY_assign_RSA(res, rtmp); # endif diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 3911c3d..a5511ac 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2956,6 +2956,11 @@ int ssl3_send_client_key_exchange(SSL *s) pkey_ctx = EVP_PKEY_CTX_new(pub_key = X509_get_pubkey(peer_cert), NULL); + if (pkey_ctx == NULL) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto err; + } /* * If we have send a certificate, and certificate key * diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 704289a..48c5c4a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2866,6 +2866,11 @@ int ssl3_get_client_key_exchange(SSL *s) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); + if (pkey_ctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + goto f_err; + } EVP_PKEY_decrypt_init(pkey_ctx); /* * If client certificate is present and is of the same type, maybe @@ -3098,6 +3103,11 @@ int ssl3_get_cert_verify(SSL *s) unsigned char signature[64]; int idx; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_MALLOC_FAILURE); + goto f_err; + } EVP_PKEY_verify_init(pctx); if (i != 64) { fprintf(stderr, "GOST signature length is %d", i); From matt at openssl.org Mon Nov 9 23:02:39 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Nov 2015 23:02:39 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1447110159.745869.14128.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 84d0c40f3fbcb9e3067cbbc2f01bd965e587c178 (commit) from c8cc43108d97517dfce25a114acd5651f5548cd5 (commit) - Log ----------------------------------------------------------------- commit 84d0c40f3fbcb9e3067cbbc2f01bd965e587c178 Author: Matt Caswell Date: Wed Nov 4 15:51:02 2015 +0000 Fix missing malloc return value checks During work on a larger change in master a number of locations were identified where return value checks were missing. This backports the relevant fixes. Reviewed-by: Richard Levitte (cherry picked from commit 903738ac63e60c10552741e2d6de9753c67e0ff3) Conflicts: crypto/cms/cms_sd.c ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 2 ++ crypto/cms/cms_pwri.c | 3 +++ crypto/engine/eng_cryptodev.c | 7 +++++-- crypto/evp/evp_key.c | 2 ++ crypto/jpake/jpake.c | 4 ++++ crypto/pem/pem_info.c | 6 ++++++ crypto/pkcs7/pk7_doit.c | 2 ++ crypto/x509v3/v3_cpols.c | 4 ++++ crypto/x509v3/v3_ncons.c | 2 ++ engines/e_chil.c | 4 ++++ ssl/s3_clnt.c | 5 +++++ ssl/s3_srvr.c | 10 ++++++++++ 12 files changed, 49 insertions(+), 2 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 73846de..4d64eb2 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2514,6 +2514,8 @@ static int do_updatedb(CA_DB *db) char **rrow, *a_tm_s; a_tm = ASN1_UTCTIME_new(); + if (a_tm == NULL) + return -1; /* get actual time and make a string */ a_tm = X509_gmtime_adj(a_tm, 0); diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index a8322dc..b91c016 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -121,6 +121,9 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, /* Setup algorithm identifier for cipher */ encalg = X509_ALGOR_new(); + if (encalg == NULL) { + goto merr; + } EVP_CIPHER_CTX_init(&ctx); if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) { diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index bcb936d..a8a24d0 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -1230,15 +1230,18 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, BN_num_bytes(dsa->q), s) == 0) { dsaret = DSA_SIG_new(); + if (dsaret == NULL) + goto err; dsaret->r = r; dsaret->s = s; + r = s = NULL; } else { const DSA_METHOD *meth = DSA_OpenSSL(); - BN_free(r); - BN_free(s); dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); } err: + BN_free(r); + BN_free(s); kop.crk_param[0].crp_p = NULL; zapparams(&kop); return (dsaret); diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 122bc28..5be9e33 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -104,6 +104,8 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt = prompt_string; ui = UI_new(); + if (ui == NULL) + return -1; UI_add_input_string(ui, prompt, 0, buf, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len); if (verify) diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index ed2e888..ac853d4 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -218,6 +218,9 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, BIGNUM *t3 = BN_new(); int ret = 0; + if (h == NULL || t1 == NULL || t2 == NULL || t3 == NULL) + goto end; + zkp_hash(h, zkpg, p, ctx->p.peer_name); /* t1 = g^b */ @@ -233,6 +236,7 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg, else JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED); +end: /* cleanup */ BN_free(t3); BN_free(t2); diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 68747d1..4d736a1 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -172,6 +172,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_RSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -193,6 +195,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_DSA; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ @@ -214,6 +218,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, xi->enc_len = 0; xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; ptype = EVP_PKEY_EC; pp = &xi->x_pkey->dec_pkey; if ((int)strlen(header) > 10) /* assume encrypted */ diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 83f3b77..946aaa6 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -656,6 +656,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) bio = BIO_new_mem_buf(data_body->data, data_body->length); else { bio = BIO_new(BIO_s_mem()); + if (bio == NULL) + goto err; BIO_set_mem_eof_return(bio, 0); } if (bio == NULL) diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 0febc1b..d97f622 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -186,6 +186,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, goto err; } pol = POLICYINFO_new(); + if (pol == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); + goto err; + } pol->policyid = pobj; } if (!sk_POLICYINFO_push(pols, pol)) { diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index b97ed27..2855269 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -132,6 +132,8 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, } tval.value = val->value; sub = GENERAL_SUBTREE_new(); + if (sub == NULL) + goto memerr; if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) goto err; if (!*ptree) diff --git a/engines/e_chil.c b/engines/e_chil.c index 69d49d7..72d14fe 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -839,6 +839,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, bn_fix_top(rtmp->n); res = EVP_PKEY_new(); + if (res == NULL) { + HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); + goto err; + } EVP_PKEY_assign_RSA(res, rtmp); # endif diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 104349e..28df7ca 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2825,6 +2825,11 @@ int ssl3_send_client_key_exchange(SSL *s) pkey_ctx = EVP_PKEY_CTX_new(pub_key = X509_get_pubkey(peer_cert), NULL); + if (pkey_ctx == NULL) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_MALLOC_FAILURE); + goto err; + } /* * If we have send a certificate, and certificate key * diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index aa57937..e45fc4e 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2878,6 +2878,11 @@ int ssl3_get_client_key_exchange(SSL *s) pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey; pkey_ctx = EVP_PKEY_CTX_new(pk, NULL); + if (pkey_ctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); + goto f_err; + } EVP_PKEY_decrypt_init(pkey_ctx); /* * If client certificate is present and is of the same type, maybe @@ -3122,6 +3127,11 @@ int ssl3_get_cert_verify(SSL *s) unsigned char signature[64]; int idx; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pctx == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_MALLOC_FAILURE); + goto f_err; + } EVP_PKEY_verify_init(pctx); if (i != 64) { fprintf(stderr, "GOST signature length is %d", i); From matt at openssl.org Mon Nov 9 23:14:02 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Nov 2015 23:14:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1447110842.226335.23350.nullmailer@dev.openssl.org> The branch master has been updated via 6329b6092b28b656be8a1e4a8363d2e3bcc32053 (commit) from 55646005a9ce3c85e394c6afae5f6ed6045494c6 (commit) - Log ----------------------------------------------------------------- commit 6329b6092b28b656be8a1e4a8363d2e3bcc32053 Author: Matt Caswell Date: Mon Nov 9 16:37:33 2015 +0000 Remove redundant check from tls1_get_curvelist The function tls1_get_curvelist() has an explicit check to see if s->cert is NULL or not. However the check appears *after* calling the tls1_suiteb macro which derefs s->cert. In reality s->cert can never be NULL because it is created in SSL_new(). If the malloc fails then the SSL_new call fails and no SSL object is created. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9607c2e..943d473 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -441,7 +441,7 @@ static int tls1_get_curvelist(SSL *s, int sess, pcurveslen = s->tlsext_ellipticcurvelist_length; } if (!*pcurves) { - if (!s->server || (s->cert && s->cert->ecdh_tmp_auto)) { + if (!s->server || s->cert->ecdh_tmp_auto) { *pcurves = eccurves_auto; pcurveslen = sizeof(eccurves_auto); } else { From matt at openssl.org Mon Nov 9 23:14:13 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Nov 2015 23:14:13 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1447110853.093680.24218.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 822d265cedd98a0dbf48b123a3a24f8528bb5842 (commit) from 903738ac63e60c10552741e2d6de9753c67e0ff3 (commit) - Log ----------------------------------------------------------------- commit 822d265cedd98a0dbf48b123a3a24f8528bb5842 Author: Matt Caswell Date: Mon Nov 9 16:37:33 2015 +0000 Remove redundant check from tls1_get_curvelist The function tls1_get_curvelist() has an explicit check to see if s->cert is NULL or not. However the check appears *after* calling the tls1_suiteb macro which derefs s->cert. In reality s->cert can never be NULL because it is created in SSL_new(). If the malloc fails then the SSL_new call fails and no SSL object is created. Reviewed-by: Tim Hudson (cherry picked from commit 6329b6092b28b656be8a1e4a8363d2e3bcc32053) Conflicts: ssl/t1_lib.c ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index ba09848..681e454 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -497,7 +497,7 @@ static int tls1_get_curvelist(SSL *s, int sess, } else # endif { - if (!s->server || (s->cert && s->cert->ecdh_tmp_auto)) { + if (!s->server || s->cert->ecdh_tmp_auto) { *pcurves = eccurves_auto; pcurveslen = sizeof(eccurves_auto); } else { From matt at openssl.org Tue Nov 10 18:49:52 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Nov 2015 18:49:52 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1447181392.222177.918.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 15a7164eb7d4d031608fcec2801d7f7b11b16923 (commit) from 822d265cedd98a0dbf48b123a3a24f8528bb5842 (commit) - Log ----------------------------------------------------------------- commit 15a7164eb7d4d031608fcec2801d7f7b11b16923 Author: Matt Caswell Date: Tue Nov 3 15:49:08 2015 +0000 Only call ssl3_init_finished_mac once for DTLS In DTLS if an IO retry occurs during writing of a fragmented ClientHello then we can end up reseting the finish mac variables on the retry, which causes a handshake failure. We should only reset on the first attempt not on retries. Thanks to BoringSSL for reporting this issue. RT#4119 Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/d1_clnt.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 3a2038c..3ddfa7b 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -317,13 +317,12 @@ int dtls1_connect(SSL *s) #endif case SSL3_ST_CW_CLNT_HELLO_A: - case SSL3_ST_CW_CLNT_HELLO_B: - s->shutdown = 0; /* every DTLS ClientHello resets Finished MAC */ ssl3_init_finished_mac(s); + case SSL3_ST_CW_CLNT_HELLO_B: dtls1_start_timer(s); ret = ssl3_client_hello(s); if (ret <= 0) From matt at openssl.org Tue Nov 10 18:50:03 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Nov 2015 18:50:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1447181403.309519.1312.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via e83009840af76d06a13192be69c2b273ac7e96a0 (commit) from 84d0c40f3fbcb9e3067cbbc2f01bd965e587c178 (commit) - Log ----------------------------------------------------------------- commit e83009840af76d06a13192be69c2b273ac7e96a0 Author: Matt Caswell Date: Tue Nov 3 15:49:08 2015 +0000 Only call ssl3_init_finished_mac once for DTLS In DTLS if an IO retry occurs during writing of a fragmented ClientHello then we can end up reseting the finish mac variables on the retry, which causes a handshake failure. We should only reset on the first attempt not on retries. Thanks to BoringSSL for reporting this issue. RT#4119 Reviewed-by: Tim Hudson (cherry picked from commit 15a7164eb7d4d031608fcec2801d7f7b11b16923) ----------------------------------------------------------------------- Summary of changes: ssl/d1_clnt.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 20ed02c..eb371a2 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -299,13 +299,12 @@ int dtls1_connect(SSL *s) #endif case SSL3_ST_CW_CLNT_HELLO_A: - case SSL3_ST_CW_CLNT_HELLO_B: - s->shutdown = 0; /* every DTLS ClientHello resets Finished MAC */ ssl3_init_finished_mac(s); + case SSL3_ST_CW_CLNT_HELLO_B: dtls1_start_timer(s); ret = dtls1_client_hello(s); if (ret <= 0) From matt at openssl.org Tue Nov 10 19:28:51 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Nov 2015 19:28:51 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1447183731.630161.5674.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 (commit) from 15a7164eb7d4d031608fcec2801d7f7b11b16923 (commit) - Log ----------------------------------------------------------------- commit d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 Author: Matt Caswell Date: Tue Nov 10 15:17:42 2015 +0000 Stop DTLS servers asking for unsafe legacy renegotiation If a DTLS client that does not support secure renegotiation connects to an OpenSSL DTLS server then, by default, renegotiation is disabled. If a server application attempts to initiate a renegotiation then OpenSSL is supposed to prevent this. However due to a discrepancy between the TLS and DTLS code, the server sends a HelloRequest anyway in DTLS. This is not a security concern because the handshake will still fail later in the process when the client responds with a ClientHello. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/d1_srvr.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 25c30a6..e677d88 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -285,6 +285,19 @@ int dtls1_accept(SSL *s) ssl3_init_finished_mac(s); s->state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; + } else if (!s->s3->send_connection_binding && + !(s->options & + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { + /* + * Server attempting to renegotiate with client that doesn't + * support secure renegotiation. + */ + SSLerr(SSL_F_DTLS1_ACCEPT, + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ret = -1; + s->state = SSL_ST_ERR; + goto end; } else { /* * s->state == SSL_ST_RENEGOTIATE, we will just send a From matt at openssl.org Tue Nov 10 19:29:02 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Nov 2015 19:29:02 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1447183742.751546.6017.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 78b9d13474e843205307da96ef348868fe6d71bb (commit) from e83009840af76d06a13192be69c2b273ac7e96a0 (commit) - Log ----------------------------------------------------------------- commit 78b9d13474e843205307da96ef348868fe6d71bb Author: Matt Caswell Date: Tue Nov 10 15:17:42 2015 +0000 Stop DTLS servers asking for unsafe legacy renegotiation If a DTLS client that does not support secure renegotiation connects to an OpenSSL DTLS server then, by default, renegotiation is disabled. If a server application attempts to initiate a renegotiation then OpenSSL is supposed to prevent this. However due to a discrepancy between the TLS and DTLS code, the server sends a HelloRequest anyway in DTLS. This is not a security concern because the handshake will still fail later in the process when the client responds with a ClientHello. Reviewed-by: Tim Hudson (cherry picked from commit d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221) ----------------------------------------------------------------------- Summary of changes: ssl/d1_srvr.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index d716f0a..f01b8a6 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -267,6 +267,19 @@ int dtls1_accept(SSL *s) ssl3_init_finished_mac(s); s->state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; + } else if (!s->s3->send_connection_binding && + !(s->options & + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { + /* + * Server attempting to renegotiate with client that doesn't + * support secure renegotiation. + */ + SSLerr(SSL_F_DTLS1_ACCEPT, + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ret = -1; + s->state = SSL_ST_ERR; + goto end; } else { /* * s->state == SSL_ST_RENEGOTIATE, we will just send a From matt at openssl.org Tue Nov 10 23:04:48 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Nov 2015 23:04:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1447196688.389132.15841.nullmailer@dev.openssl.org> The branch master has been updated via a974e64aaaa8a6f99f55a68d28c07c04ecea2f50 (commit) from 6329b6092b28b656be8a1e4a8363d2e3bcc32053 (commit) - Log ----------------------------------------------------------------- commit a974e64aaaa8a6f99f55a68d28c07c04ecea2f50 Author: Matt Caswell Date: Mon Nov 9 14:38:59 2015 +0000 Fix SSL_use_certificate_chain_file The new function SSL_use_certificate_chain_file was always crashing in the internal function use_certificate_chain_file because it would pass a NULL value for SSL_CTX *, but use_certificate_chain_file would unconditionally try to dereference it. Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_CTX_set_default_passwd_cb.pod | 12 +++++++++--- include/openssl/ssl.h | 2 ++ ssl/ssl_lib.c | 16 ++++++++++++++++ ssl/ssl_locl.h | 6 ++++++ ssl/ssl_rsa.c | 21 +++++++++++++++------ util/ssleay.num | 2 ++ 6 files changed, 50 insertions(+), 9 deletions(-) diff --git a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod index 9455139..452737f 100644 --- a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod +++ b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod @@ -2,7 +2,9 @@ =head1 NAME -SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, +SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata - set passwd +callback for encrypted PEM file handling =head1 SYNOPSIS @@ -10,6 +12,8 @@ SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set pass void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); + void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); + void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata); @@ -21,6 +25,9 @@ when loading/storing a PEM certificate with encryption. SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B which will be provided to the password callback on invocation. +SSL_set_default_passwd_cb() and SSL_set_default_passwd_cb_userdata() perform the +same function as their SSL_CTX counterparts, but using an SSL object. + The pem_passwd_cb(), which must be provided by the application, hands back the password to be used during decryption. On invocation a pointer to B is provided. The pem_passwd_cb must write the password into the provided buffer @@ -51,8 +58,7 @@ however not usual, as certificate information is considered public. =head1 RETURN VALUES -SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata() -do not provide diagnostic information. +These functions do not provide diagnostic information. =head1 EXAMPLES diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 28322eb..cf9f83a 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1514,6 +1514,8 @@ __owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); __owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); __owur int SSL_check_private_key(const SSL *ctx); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b6e5127..d8d2244 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -366,6 +366,9 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_result = X509_V_OK; + s->default_passwd_callback = ctx->default_passwd_callback; + s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata; + s->method = ctx->method; if (!s->method->ssl_new(s)) @@ -1846,6 +1849,16 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u) ctx->default_passwd_callback_userdata = u; } +void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb) +{ + s->default_passwd_callback = cb; +} + +void SSL_set_default_passwd_cb_userdata(SSL *s, void *u) +{ + s->default_passwd_callback_userdata = u; +} + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb) (X509_STORE_CTX *, void *), void *arg) @@ -2535,6 +2548,9 @@ SSL *SSL_dup(SSL *s) * ret->init_off */ ret->hit = s->hit; + ret->default_passwd_callback = s->default_passwd_callback; + ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata; + X509_VERIFY_PARAM_inherit(ret->param, s->param); /* dup the cipher_list and cipher_list_by_id stacks */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index e174def..03bc35c 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1193,6 +1193,12 @@ struct ssl_st { int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); RECORD_LAYER rlayer; + + /* Default password callback. */ + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + void *default_passwd_callback_userdata; }; diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 9e172b5..be552c1 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -644,10 +644,20 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) BIO *in; int ret = 0; X509 *x = NULL; + pem_password_cb *passwd_callback; + void *passwd_callback_userdata; ERR_clear_error(); /* clear error stack for * SSL_CTX_use_certificate() */ + if (ctx != NULL) { + passwd_callback = ctx->default_passwd_callback; + passwd_callback_userdata = ctx->default_passwd_callback_userdata; + } else { + passwd_callback = ssl->default_passwd_callback; + passwd_callback_userdata = ssl->default_passwd_callback_userdata; + } + in = BIO_new(BIO_s_file()); if (in == NULL) { SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); @@ -659,8 +669,8 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata); + x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback, + passwd_callback_userdata); if (x == NULL) { SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); goto end; @@ -693,10 +703,9 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) goto end; } - while ((ca = PEM_read_bio_X509(in, NULL, - ctx->default_passwd_callback, - ctx->default_passwd_callback_userdata)) - != NULL) { + while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback, + passwd_callback_userdata)) + != NULL) { if (ctx) r = SSL_CTX_add0_chain_cert(ctx, ca); else diff --git a/util/ssleay.num b/util/ssleay.num index b3f6324..be4c940 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -409,3 +409,5 @@ SSL_in_init 443 EXIST::FUNCTION: SSL_in_before 444 EXIST::FUNCTION: SSL_is_init_finished 445 EXIST::FUNCTION: SSL_get_state 446 EXIST::FUNCTION: +SSL_set_default_passwd_cb 447 EXIST::FUNCTION: +SSL_set_default_passwd_cb_userdata 448 EXIST::FUNCTION: From builds at travis-ci.org Wed Nov 11 12:13:20 2015 From: builds at travis-ci.org (Travis CI) Date: Wed, 11 Nov 2015 12:13:20 +0000 Subject: [openssl-commits] Failed: agrandi/openssl#1 (main-async-speed - 94deecc) In-Reply-To: Message-ID: <564330e096640_35f42642227b3@148bd08d-d69b-46a2-befc-0f5fcdf84cdb.mail> Build Update for agrandi/openssl ------------------------------------- Build: #1 Status: Failed Duration: 13 minutes and 13 seconds Commit: 94deecc (main-async-speed) Author: Andrea Grandi Message: Add support for async jobs in OpenSSL speed It is enabled with the option async_jobs and specifying the number of concurrent jobs. Example: openssl speed -engine dasync -elapsed -async_jobs 32 rsa2048 View the changeset: https://github.com/agrandi/openssl/compare/7e27ed9653b2^...94deecc2b8a4 View the full build log and details: https://travis-ci.org/agrandi/openssl/builds/90506598 -- You can configure recipients for build notifications in your .travis.yml file. See http://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From appro at openssl.org Wed Nov 11 21:10:10 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 11 Nov 2015 21:10:10 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1447276210.803239.13111.nullmailer@dev.openssl.org> The branch master has been updated via fbab8baddef8d3346ae40ff068871e2ddaf10270 (commit) from a974e64aaaa8a6f99f55a68d28c07c04ecea2f50 (commit) - Log ----------------------------------------------------------------- commit fbab8baddef8d3346ae40ff068871e2ddaf10270 Author: Andy Polyakov Date: Tue Nov 10 21:40:51 2015 +0100 modes/asm/ghash-armv4.pl: extend Apple fix to all clang cases. Triggered by RT#3989. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/modes/asm/ghash-armv4.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index 1506e5b..245ac92 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -143,7 +143,7 @@ $code=<<___; .code 32 #endif -#ifdef __APPLE__ +#ifdef __clang__ #define ldrplb ldrbpl #define ldrneb ldrbne #endif From appro at openssl.org Wed Nov 11 21:13:34 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 11 Nov 2015 21:13:34 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1447276414.278312.17108.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 48008008af2396d6b15e10d81156d26933d30233 (commit) from d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 (commit) - Log ----------------------------------------------------------------- commit 48008008af2396d6b15e10d81156d26933d30233 Author: Andy Polyakov Date: Tue Nov 10 21:57:22 2015 +0100 modes/asm/ghash-armv4.pl: make it compile by clang. RT#3989 Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/modes/asm/ghash-armv4.pl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index 21f877a..8ccc963 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -126,6 +126,11 @@ $code=<<___; .text .code 32 +#ifdef __clang__ +#define ldrplb ldrbpl +#define ldrneb ldrbne +#endif + .type rem_4bit,%object .align 5 rem_4bit: From stevem at openssl.org Thu Nov 12 13:33:50 2015 From: stevem at openssl.org (Steve Marquess) Date: Thu, 12 Nov 2015 13:33:50 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1447335230.418830.18337.nullmailer@dev.openssl.org> The branch master has been updated via 18d799bcc1f6496634a6332baab2025590dac294 (commit) from 8254a7290ce212f3f96ca18bf800e7ac10695985 (commit) - Log ----------------------------------------------------------------- commit 18d799bcc1f6496634a6332baab2025590dac294 Author: Steve Marquess Date: Thu Nov 12 08:33:32 2015 -0500 Replace original content with link to wiki ----------------------------------------------------------------------- Summary of changes: community/binaries.html | 38 ++++---------------------------------- 1 file changed, 4 insertions(+), 34 deletions(-) diff --git a/community/binaries.html b/community/binaries.html index a20102c..dcd7661 100644 --- a/community/binaries.html +++ b/community/binaries.html @@ -12,40 +12,10 @@

Binaries

-

Some people have offered to provide OpenSSL binary - distributions for selected operating systems. The condition to - get a link here is that the link is stable and can provide - continued support for OpenSSL for a while.

- -

Note: many Linux distributions come with pre-compiled OpenSSL - packages. Those are already well-known among the users of said - distributions, and will therefore not be mentioned here. - If you are such a user, we ask you to get in touch with your - distributor first. This service is primarily for operating systems - where there are no pre-compiled OpenSSL packages.

- -

OpenSSL for Windows: Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form - of self-install executables. - https://slproweb.com/products/Win32OpenSSL.html -
OpenSSL for Windows: Pre-compiled Win32/64 libraries without external - dependencies to the Microsoft Visual Studio Runtime DLLs, except - for the system provided msvcrt.dll. - https://indy.fulgan.com/SSL/ -
OpenSSL for Solaris: Versions for Solaris 2.5 - 11 SPARC and X86 - http://www.unixpackages.com/ -

+

The OpenSSL project does not distribute any code in binary form, and does not + officially recommend any specific binary distributions. An informal list of third + party products can be found on the wiki.

+