Remove more unnecessary GOST code

ok jsing

Rework CMS_add_simple_smimecap()

This is an API to add an OID attribute to the set of SMIMECapabilities.
While attributes are complicated in general, this only supports simple
capabilities encoded as an OID with an optional integer parameter (e.g.,
the key size of a cipher).

Make this API transactional, i.e., don't leave a new empty set behind on
failure or leak the key size if setting the parameter on the X509_ALGOR
fails.

Also convert to single exit and add a doc comment with a reference.

ok beck

Implement Ed25519 signatures for CMS (RFC 8419)

This adds support for Edwards curve digital signature algorithms in the
cryptographic message syntax, as specified in RFC 8419. Only Ed25519 is
supported since that is the only EdDSA algorithm that LibreSSL supports
(this is unlikely to change ever, but, as they say - never is a very
long time).

This has the usual curly interactions between EVP and CMS with poorly
documented interfaces and lots of confusing magic return values and
controls. This improves upon existing control handlers by documenting
what is being done and why. Unlike other (draft) implementations we
also happen to use the correct hashing algorithm.

There are no plans to implement RFC 8418.

joint work with job at p2k23

ok jsing

Ignore EVP_MD_CTX_reset() return value

Also drop now unnecessary NULL checks before it.

Use X509_ALGOR_set_evp_md() in CMS_add1_signer()

Contrary to X509_ALGOR_set_md() this allows for error checking. Avoid
local complications by freeing in the exit path and use a const version
of X509_ALGOR for walking a STACK_OF() to avoid a bad free.

Clean up includes

ok jsing

Small cleanups in cms_sd_asn1_ctrl():

Compare explicitly against NULL and use ret instead of i.

Rewrite CMS_SignerInfo_{sign,verify}()

Convert to using one-shot signing and verification. This is simpler than
doing Init/Update/Final and necessary for Ed25519 support (RFC 8419). Use
a single exit idiom, don't reuse the same buffer for decoding and signing
and simplify a few other things.

ok jsing

Hide symbols in cms, comp, conf, and buffer

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Plug memory leak in CMS_add_simple_smimecap() in the unlikely event that
ASN1_INTEGER_set() fails.

ok jsing

Remove unsupported GOST 2012 NIDs.

Expand M_ASN1_new_of and M_ASN1_free_of macros.

Include string.h for memcmp()/memcpy().

Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().

Convert CMSerr() to CMSerror().

Expand ASN.1 macros.

More style(9), whitespace and readability fixes.

Files are identical once whitespace and newlines are removed.

First pass at style(9).

Whitespace only and no change according to diff -w.

Fix includes for non-installed headers.

Add $OpenBSD$ tags.

Restore the original per-file licenses for CMS.

These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.

Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.

Cryptographic Message Syntax (CMS) is a standard for cryptographically
protecting messages, as defined in RFC 5652. It is derived from PKCS #7
version 1.5 and utilises various ASN.1 structures, making it complex and
fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have
been built on top of it, which means it is necessary to support CMS, in
order to support RPKI.

This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still
under the original OpenSSL license. Further work will occur in tree.

Requested by and discussed with many.

ok deraadt@ tb@

Remove cms.

ok beck@, guenther@, tedu@

X509_free(3) is NULL-safe, so remove NULL checks before its calls.

ok doug@

GOST crypto algorithms (well, most of them), ported from the removed GOST
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.

This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.

None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 via
OpenSSL trunk.

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

KNF.

if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefully
eyeballed before applying. Contributed by Cyril Roelandt on tech@

Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free

branches: 1.1.1;
Initial revision

Rework CMS_add_simple_smimecap()

This is an API to add an OID attribute to the set of SMIMECapabilities.
While attributes are complicated in general, this only supports simple
capabilities encoded as an OID with an optional integer parameter (e.g.,
the key size of a cipher).

Make this API transactional, i.e., don't leave a new empty set behind on
failure or leak the key size if setting the parameter on the X509_ALGOR
fails.

Also convert to single exit and add a doc comment with a reference.

ok beck

Implement Ed25519 signatures for CMS (RFC 8419)

This adds support for Edwards curve digital signature algorithms in the
cryptographic message syntax, as specified in RFC 8419. Only Ed25519 is
supported since that is the only EdDSA algorithm that LibreSSL supports
(this is unlikely to change ever, but, as they say - never is a very
long time).

This has the usual curly interactions between EVP and CMS with poorly
documented interfaces and lots of confusing magic return values and
controls. This improves upon existing control handlers by documenting
what is being done and why. Unlike other (draft) implementations we
also happen to use the correct hashing algorithm.

There are no plans to implement RFC 8418.

joint work with job at p2k23

ok jsing

Ignore EVP_MD_CTX_reset() return value

Also drop now unnecessary NULL checks before it.

Use X509_ALGOR_set_evp_md() in CMS_add1_signer()

Contrary to X509_ALGOR_set_md() this allows for error checking. Avoid
local complications by freeing in the exit path and use a const version
of X509_ALGOR for walking a STACK_OF() to avoid a bad free.

Clean up includes

ok jsing

Small cleanups in cms_sd_asn1_ctrl():

Compare explicitly against NULL and use ret instead of i.

Rewrite CMS_SignerInfo_{sign,verify}()

Convert to using one-shot signing and verification. This is simpler than
doing Init/Update/Final and necessary for Ed25519 support (RFC 8419). Use
a single exit idiom, don't reuse the same buffer for decoding and signing
and simplify a few other things.

ok jsing

Hide symbols in cms, comp, conf, and buffer

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Plug memory leak in CMS_add_simple_smimecap() in the unlikely event that
ASN1_INTEGER_set() fails.

ok jsing

Remove unsupported GOST 2012 NIDs.

Expand M_ASN1_new_of and M_ASN1_free_of macros.

Include string.h for memcmp()/memcpy().

Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().

Convert CMSerr() to CMSerror().

Expand ASN.1 macros.

More style(9), whitespace and readability fixes.

Files are identical once whitespace and newlines are removed.

First pass at style(9).

Whitespace only and no change according to diff -w.

Fix includes for non-installed headers.

Add $OpenBSD$ tags.

Restore the original per-file licenses for CMS.

These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.

Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.

Cryptographic Message Syntax (CMS) is a standard for cryptographically
protecting messages, as defined in RFC 5652. It is derived from PKCS #7
version 1.5 and utilises various ASN.1 structures, making it complex and
fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have
been built on top of it, which means it is necessary to support CMS, in
order to support RPKI.

This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still
under the original OpenSSL license. Further work will occur in tree.

Requested by and discussed with many.

ok deraadt@ tb@

Remove cms.

ok beck@, guenther@, tedu@

X509_free(3) is NULL-safe, so remove NULL checks before its calls.

ok doug@

GOST crypto algorithms (well, most of them), ported from the removed GOST
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.

This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.

None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 via
OpenSSL trunk.

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

KNF.

if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefully
eyeballed before applying. Contributed by Cyril Roelandt on tech@

Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free

branches: 1.1.1;
Initial revision

Implement Ed25519 signatures for CMS (RFC 8419)

This adds support for Edwards curve digital signature algorithms in the
cryptographic message syntax, as specified in RFC 8419. Only Ed25519 is
supported since that is the only EdDSA algorithm that LibreSSL supports
(this is unlikely to change ever, but, as they say - never is a very
long time).

This has the usual curly interactions between EVP and CMS with poorly
documented interfaces and lots of confusing magic return values and
controls. This improves upon existing control handlers by documenting
what is being done and why. Unlike other (draft) implementations we
also happen to use the correct hashing algorithm.

There are no plans to implement RFC 8418.

joint work with job at p2k23

ok jsing

Ignore EVP_MD_CTX_reset() return value

Also drop now unnecessary NULL checks before it.

Use X509_ALGOR_set_evp_md() in CMS_add1_signer()

Contrary to X509_ALGOR_set_md() this allows for error checking. Avoid
local complications by freeing in the exit path and use a const version
of X509_ALGOR for walking a STACK_OF() to avoid a bad free.

Clean up includes

ok jsing

Small cleanups in cms_sd_asn1_ctrl():

Compare explicitly against NULL and use ret instead of i.

Rewrite CMS_SignerInfo_{sign,verify}()

Convert to using one-shot signing and verification. This is simpler than
doing Init/Update/Final and necessary for Ed25519 support (RFC 8419). Use
a single exit idiom, don't reuse the same buffer for decoding and signing
and simplify a few other things.

ok jsing

Hide symbols in cms, comp, conf, and buffer

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Plug memory leak in CMS_add_simple_smimecap() in the unlikely event that
ASN1_INTEGER_set() fails.

ok jsing

Remove unsupported GOST 2012 NIDs.

Expand M_ASN1_new_of and M_ASN1_free_of macros.

Include string.h for memcmp()/memcpy().

Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().

Convert CMSerr() to CMSerror().

Expand ASN.1 macros.

More style(9), whitespace and readability fixes.

Files are identical once whitespace and newlines are removed.

First pass at style(9).

Whitespace only and no change according to diff -w.

Fix includes for non-installed headers.

Add $OpenBSD$ tags.

Restore the original per-file licenses for CMS.

These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.

Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.

Cryptographic Message Syntax (CMS) is a standard for cryptographically
protecting messages, as defined in RFC 5652. It is derived from PKCS #7
version 1.5 and utilises various ASN.1 structures, making it complex and
fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have
been built on top of it, which means it is necessary to support CMS, in
order to support RPKI.

This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still
under the original OpenSSL license. Further work will occur in tree.

Requested by and discussed with many.

ok deraadt@ tb@

Remove cms.

ok beck@, guenther@, tedu@

X509_free(3) is NULL-safe, so remove NULL checks before its calls.

ok doug@

GOST crypto algorithms (well, most of them), ported from the removed GOST
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.

This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.

None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 via
OpenSSL trunk.

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

KNF.

if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefully
eyeballed before applying. Contributed by Cyril Roelandt on tech@

Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free

branches: 1.1.1;
Initial revision

Ignore EVP_MD_CTX_reset() return value

Also drop now unnecessary NULL checks before it.

Use X509_ALGOR_set_evp_md() in CMS_add1_signer()

Contrary to X509_ALGOR_set_md() this allows for error checking. Avoid
local complications by freeing in the exit path and use a const version
of X509_ALGOR for walking a STACK_OF() to avoid a bad free.

Clean up includes

ok jsing

Small cleanups in cms_sd_asn1_ctrl():

Compare explicitly against NULL and use ret instead of i.

Rewrite CMS_SignerInfo_{sign,verify}()

Convert to using one-shot signing and verification. This is simpler than
doing Init/Update/Final and necessary for Ed25519 support (RFC 8419). Use
a single exit idiom, don't reuse the same buffer for decoding and signing
and simplify a few other things.

ok jsing

Hide symbols in cms, comp, conf, and buffer

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Plug memory leak in CMS_add_simple_smimecap() in the unlikely event that
ASN1_INTEGER_set() fails.

ok jsing

Remove unsupported GOST 2012 NIDs.

Expand M_ASN1_new_of and M_ASN1_free_of macros.

Include string.h for memcmp()/memcpy().

Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().

Convert CMSerr() to CMSerror().

Expand ASN.1 macros.

More style(9), whitespace and readability fixes.

Files are identical once whitespace and newlines are removed.

First pass at style(9).

Whitespace only and no change according to diff -w.

Fix includes for non-installed headers.

Add $OpenBSD$ tags.

Restore the original per-file licenses for CMS.

These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.

Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.

Cryptographic Message Syntax (CMS) is a standard for cryptographically
protecting messages, as defined in RFC 5652. It is derived from PKCS #7
version 1.5 and utilises various ASN.1 structures, making it complex and
fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have
been built on top of it, which means it is necessary to support CMS, in
order to support RPKI.

This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still
under the original OpenSSL license. Further work will occur in tree.

Requested by and discussed with many.

ok deraadt@ tb@

Remove cms.

ok beck@, guenther@, tedu@

X509_free(3) is NULL-safe, so remove NULL checks before its calls.

ok doug@

GOST crypto algorithms (well, most of them), ported from the removed GOST
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.

This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.

None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 via
OpenSSL trunk.

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

KNF.

if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefully
eyeballed before applying. Contributed by Cyril Roelandt on tech@

Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free

branches: 1.1.1;
Initial revision

Use X509_ALGOR_set_evp_md() in CMS_add1_signer()

Contrary to X509_ALGOR_set_md() this allows for error checking. Avoid
local complications by freeing in the exit path and use a const version
of X509_ALGOR for walking a STACK_OF() to avoid a bad free.

Clean up includes

ok jsing

Small cleanups in cms_sd_asn1_ctrl():

Compare explicitly against NULL and use ret instead of i.

Rewrite CMS_SignerInfo_{sign,verify}()

Convert to using one-shot signing and verification. This is simpler than
doing Init/Update/Final and necessary for Ed25519 support (RFC 8419). Use
a single exit idiom, don't reuse the same buffer for decoding and signing
and simplify a few other things.

ok jsing

Hide symbols in cms, comp, conf, and buffer

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Plug memory leak in CMS_add_simple_smimecap() in the unlikely event that
ASN1_INTEGER_set() fails.

ok jsing

Remove unsupported GOST 2012 NIDs.

Expand M_ASN1_new_of and M_ASN1_free_of macros.

Include string.h for memcmp()/memcpy().

Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().

Convert CMSerr() to CMSerror().

Expand ASN.1 macros.

More style(9), whitespace and readability fixes.

Files are identical once whitespace and newlines are removed.

First pass at style(9).

Whitespace only and no change according to diff -w.

Fix includes for non-installed headers.

Add $OpenBSD$ tags.

Restore the original per-file licenses for CMS.

These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.

Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.

Cryptographic Message Syntax (CMS) is a standard for cryptographically
protecting messages, as defined in RFC 5652. It is derived from PKCS #7
version 1.5 and utilises various ASN.1 structures, making it complex and
fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have
been built on top of it, which means it is necessary to support CMS, in
order to support RPKI.

This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still
under the original OpenSSL license. Further work will occur in tree.

Requested by and discussed with many.

ok deraadt@ tb@

Remove cms.

ok beck@, guenther@, tedu@

X509_free(3) is NULL-safe, so remove NULL checks before its calls.

ok doug@

GOST crypto algorithms (well, most of them), ported from the removed GOST
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.

This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.

None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 via
OpenSSL trunk.

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

KNF.

if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefully
eyeballed before applying. Contributed by Cyril Roelandt on tech@

Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free

branches: 1.1.1;
Initial revision

Small cleanups in cms_sd_asn1_ctrl():

Compare explicitly against NULL and use ret instead of i.

Rewrite CMS_SignerInfo_{sign,verify}()

Convert to using one-shot signing and verification. This is simpler than
doing Init/Update/Final and necessary for Ed25519 support (RFC 8419). Use
a single exit idiom, don't reuse the same buffer for decoding and signing
and simplify a few other things.

ok jsing

Hide symbols in cms, comp, conf, and buffer

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Plug memory leak in CMS_add_simple_smimecap() in the unlikely event that
ASN1_INTEGER_set() fails.

ok jsing

Remove unsupported GOST 2012 NIDs.

Expand M_ASN1_new_of and M_ASN1_free_of macros.

Include string.h for memcmp()/memcpy().

Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().

Convert CMSerr() to CMSerror().

Expand ASN.1 macros.

More style(9), whitespace and readability fixes.

Files are identical once whitespace and newlines are removed.

First pass at style(9).

Whitespace only and no change according to diff -w.

Fix includes for non-installed headers.

Add $OpenBSD$ tags.

Restore the original per-file licenses for CMS.

These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.

Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.

Cryptographic Message Syntax (CMS) is a standard for cryptographically
protecting messages, as defined in RFC 5652. It is derived from PKCS #7
version 1.5 and utilises various ASN.1 structures, making it complex and
fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have
been built on top of it, which means it is necessary to support CMS, in
order to support RPKI.

This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still
under the original OpenSSL license. Further work will occur in tree.

Requested by and discussed with many.

ok deraadt@ tb@

Remove cms.

ok beck@, guenther@, tedu@

X509_free(3) is NULL-safe, so remove NULL checks before its calls.

ok doug@

GOST crypto algorithms (well, most of them), ported from the removed GOST
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.

This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.

None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 via
OpenSSL trunk.

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

KNF.

if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefully
eyeballed before applying. Contributed by Cyril Roelandt on tech@

Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free

branches: 1.1.1;
Initial revision

Hide symbols in cms, comp, conf, and buffer

ok jsing@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Plug memory leak in CMS_add_simple_smimecap() in the unlikely event that
ASN1_INTEGER_set() fails.

ok jsing

Remove unsupported GOST 2012 NIDs.

Expand M_ASN1_new_of and M_ASN1_free_of macros.

Include string.h for memcmp()/memcpy().

Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().

Convert CMSerr() to CMSerror().

Expand ASN.1 macros.

More style(9), whitespace and readability fixes.

Files are identical once whitespace and newlines are removed.

First pass at style(9).

Whitespace only and no change according to diff -w.

Fix includes for non-installed headers.

Add $OpenBSD$ tags.

Restore the original per-file licenses for CMS.

These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.

Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.

Cryptographic Message Syntax (CMS) is a standard for cryptographically
protecting messages, as defined in RFC 5652. It is derived from PKCS #7
version 1.5 and utilises various ASN.1 structures, making it complex and
fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have
been built on top of it, which means it is necessary to support CMS, in
order to support RPKI.

This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still
under the original OpenSSL license. Further work will occur in tree.

Requested by and discussed with many.

ok deraadt@ tb@

Remove cms.

ok beck@, guenther@, tedu@

X509_free(3) is NULL-safe, so remove NULL checks before its calls.

ok doug@

GOST crypto algorithms (well, most of them), ported from the removed GOST
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.

This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.

None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 via
OpenSSL trunk.

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

KNF.

if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefully
eyeballed before applying. Contributed by Cyril Roelandt on tech@

Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free

branches: 1.1.1;
Initial revision

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Plug memory leak in CMS_add_simple_smimecap() in the unlikely event that
ASN1_INTEGER_set() fails.

ok jsing

Remove unsupported GOST 2012 NIDs.

Expand M_ASN1_new_of and M_ASN1_free_of macros.

Include string.h for memcmp()/memcpy().

Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().

Convert CMSerr() to CMSerror().

Expand ASN.1 macros.

More style(9), whitespace and readability fixes.

Files are identical once whitespace and newlines are removed.

First pass at style(9).

Whitespace only and no change according to diff -w.

Fix includes for non-installed headers.

Add $OpenBSD$ tags.

Restore the original per-file licenses for CMS.

These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.

Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.

Cryptographic Message Syntax (CMS) is a standard for cryptographically
protecting messages, as defined in RFC 5652. It is derived from PKCS #7
version 1.5 and utilises various ASN.1 structures, making it complex and
fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have
been built on top of it, which means it is necessary to support CMS, in
order to support RPKI.

This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still
under the original OpenSSL license. Further work will occur in tree.

Requested by and discussed with many.

ok deraadt@ tb@

Remove cms.

ok beck@, guenther@, tedu@

X509_free(3) is NULL-safe, so remove NULL checks before its calls.

ok doug@

GOST crypto algorithms (well, most of them), ported from the removed GOST
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.

This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.

None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 via
OpenSSL trunk.

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

KNF.

if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefully
eyeballed before applying. Contributed by Cyril Roelandt on tech@

Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free

branches: 1.1.1;
Initial revision

Plug memory leak in CMS_add_simple_smimecap() in the unlikely event that
ASN1_INTEGER_set() fails.

ok jsing

Remove unsupported GOST 2012 NIDs.

Expand M_ASN1_new_of and M_ASN1_free_of macros.

Include string.h for memcmp()/memcpy().

Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().

Convert CMSerr() to CMSerror().

Expand ASN.1 macros.

More style(9), whitespace and readability fixes.

Files are identical once whitespace and newlines are removed.

First pass at style(9).

Whitespace only and no change according to diff -w.

Fix includes for non-installed headers.

Add $OpenBSD$ tags.

Restore the original per-file licenses for CMS.

These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.

Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.

Cryptographic Message Syntax (CMS) is a standard for cryptographically
protecting messages, as defined in RFC 5652. It is derived from PKCS #7
version 1.5 and utilises various ASN.1 structures, making it complex and
fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have
been built on top of it, which means it is necessary to support CMS, in
order to support RPKI.

This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still
under the original OpenSSL license. Further work will occur in tree.

Requested by and discussed with many.

ok deraadt@ tb@

Remove cms.

ok beck@, guenther@, tedu@

X509_free(3) is NULL-safe, so remove NULL checks before its calls.

ok doug@

GOST crypto algorithms (well, most of them), ported from the removed GOST
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.

This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.

None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 via
OpenSSL trunk.

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

KNF.

if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefully
eyeballed before applying. Contributed by Cyril Roelandt on tech@

Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free

branches: 1.1.1;
Initial revision

Remove unsupported GOST 2012 NIDs.

Expand M_ASN1_new_of and M_ASN1_free_of macros.

Include string.h for memcmp()/memcpy().

Use malloc(3) and free(3), rather than OPENSSL_{malloc,free}().

Convert CMSerr() to CMSerror().

Expand ASN.1 macros.

More style(9), whitespace and readability fixes.

Files are identical once whitespace and newlines are removed.

First pass at style(9).

Whitespace only and no change according to diff -w.

Fix includes for non-installed headers.

Add $OpenBSD$ tags.

Restore the original per-file licenses for CMS.

These were removed in OpenSSL b1322259d93cf6b6286f9febcd468b6a9f577d91.

Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto.

Cryptographic Message Syntax (CMS) is a standard for cryptographically
protecting messages, as defined in RFC 5652. It is derived from PKCS #7
version 1.5 and utilises various ASN.1 structures, making it complex and
fairly heavyweight. Various protocols - including RPKI (RFC 6480) - have
been built on top of it, which means it is necessary to support CMS, in
order to support RPKI.

This imports around 6,000 lines of code from OpenSSL 1.1.1, which is still
under the original OpenSSL license. Further work will occur in tree.

Requested by and discussed with many.

ok deraadt@ tb@

Remove cms.

ok beck@, guenther@, tedu@

X509_free(3) is NULL-safe, so remove NULL checks before its calls.

ok doug@

GOST crypto algorithms (well, most of them), ported from the removed GOST
engine to regular EVP citizens, contributed by Dmitry Eremin-Solenikov;
libcrypto bits only for now.

This is a verbatim import of Dmitry's work, and does not compile in this
state; the forthcoming commits will address these issues.

None of the GOST code is enabled in libcrypto yet, for it still gets
compiled with OPENSSL_NO_GOST defined. However, the public header gost.h
will be installed.

if (x) FOO_free(x) -> FOO_free(x).
Improves readability, keeps the code smaller so that it is warmer in your
cache.

review & ok deraadt@

Fix version number processing in cms_sd_set_version(); OpenSSL PR #3249 via
OpenSSL trunk.

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

tags as requested by miod and tedu

KNF.

if (x) free(x) -> free(x); semantic patch generated with coccinelle, carefully
eyeballed before applying. Contributed by Cyril Roelandt on tech@

Change library to use intrinsic memory allocation functions instead of
OPENSSL_foo wrappers. This changes:
OPENSSL_malloc->malloc
OPENSSL_free->free
OPENSSL_relloc->realloc
OPENSSL_freeFunc->free

branches: 1.1.1;
Initial revision