libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h

fix suggested by & ok jsing

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Hide public symbols in libcrypto/x509 .c files

ok tb@

Simplify X509_ATTRIBUTE ASN.1 encoding.

For some unknown historical reason, X509_ATTRIBUTE allows for a single
ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF.
Simplify encoding and remove support for single values - this is similar
to OpenSSL e20b57270dec.

This removes the last use of COMBINE in the ASN.1 decoder.

ok tb@

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Add const to the argument of X509_ATTRIBUTE_count(3).

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the ASN1_OBJECT * argument of the following:
EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3),
X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3)

tested in a bulk by sthen
ok beck (as part of a larger diff)

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Return zero from two functions on allocation failure instead of always
returning one (indicating success). Each function has only a single
usage, and both usages check the return value.

Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c:

https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0

ok beck@

Previous fix (1.12) would cause a NULL pointer dereference in the error path
if a NULL stack was passed as argument. Fix this by returning NULL early in
that case.

X509at_add1_attr(): do not free stuff we did not allocate in the error path.
ok tedu@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Memory-leak-in-error-path of the day in X509_ATTRIBUTE_set1_data().
ok logan@ beck@

Fix a memory leak and another one that occurs in the error paths.

(Thanks to Brent Cook)


OK from tedu@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Hide public symbols in libcrypto/x509 .c files

ok tb@

Simplify X509_ATTRIBUTE ASN.1 encoding.

For some unknown historical reason, X509_ATTRIBUTE allows for a single
ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF.
Simplify encoding and remove support for single values - this is similar
to OpenSSL e20b57270dec.

This removes the last use of COMBINE in the ASN.1 decoder.

ok tb@

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Add const to the argument of X509_ATTRIBUTE_count(3).

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the ASN1_OBJECT * argument of the following:
EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3),
X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3)

tested in a bulk by sthen
ok beck (as part of a larger diff)

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Return zero from two functions on allocation failure instead of always
returning one (indicating success). Each function has only a single
usage, and both usages check the return value.

Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c:

https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0

ok beck@

Previous fix (1.12) would cause a NULL pointer dereference in the error path
if a NULL stack was passed as argument. Fix this by returning NULL early in
that case.

X509at_add1_attr(): do not free stuff we did not allocate in the error path.
ok tedu@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Memory-leak-in-error-path of the day in X509_ATTRIBUTE_set1_data().
ok logan@ beck@

Fix a memory leak and another one that occurs in the error paths.

(Thanks to Brent Cook)


OK from tedu@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

Hide public symbols in libcrypto/x509 .c files

ok tb@

Simplify X509_ATTRIBUTE ASN.1 encoding.

For some unknown historical reason, X509_ATTRIBUTE allows for a single
ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF.
Simplify encoding and remove support for single values - this is similar
to OpenSSL e20b57270dec.

This removes the last use of COMBINE in the ASN.1 decoder.

ok tb@

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Add const to the argument of X509_ATTRIBUTE_count(3).

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the ASN1_OBJECT * argument of the following:
EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3),
X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3)

tested in a bulk by sthen
ok beck (as part of a larger diff)

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Return zero from two functions on allocation failure instead of always
returning one (indicating success). Each function has only a single
usage, and both usages check the return value.

Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c:

https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0

ok beck@

Previous fix (1.12) would cause a NULL pointer dereference in the error path
if a NULL stack was passed as argument. Fix this by returning NULL early in
that case.

X509at_add1_attr(): do not free stuff we did not allocate in the error path.
ok tedu@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Memory-leak-in-error-path of the day in X509_ATTRIBUTE_set1_data().
ok logan@ beck@

Fix a memory leak and another one that occurs in the error paths.

(Thanks to Brent Cook)


OK from tedu@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

Simplify X509_ATTRIBUTE ASN.1 encoding.

For some unknown historical reason, X509_ATTRIBUTE allows for a single
ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF.
Simplify encoding and remove support for single values - this is similar
to OpenSSL e20b57270dec.

This removes the last use of COMBINE in the ASN.1 decoder.

ok tb@

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Add const to the argument of X509_ATTRIBUTE_count(3).

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the ASN1_OBJECT * argument of the following:
EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3),
X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3)

tested in a bulk by sthen
ok beck (as part of a larger diff)

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Return zero from two functions on allocation failure instead of always
returning one (indicating success). Each function has only a single
usage, and both usages check the return value.

Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c:

https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0

ok beck@

Previous fix (1.12) would cause a NULL pointer dereference in the error path
if a NULL stack was passed as argument. Fix this by returning NULL early in
that case.

X509at_add1_attr(): do not free stuff we did not allocate in the error path.
ok tedu@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Memory-leak-in-error-path of the day in X509_ATTRIBUTE_set1_data().
ok logan@ beck@

Fix a memory leak and another one that occurs in the error paths.

(Thanks to Brent Cook)


OK from tedu@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Add const to the argument of X509_ATTRIBUTE_count(3).

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the ASN1_OBJECT * argument of the following:
EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3),
X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3)

tested in a bulk by sthen
ok beck (as part of a larger diff)

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Return zero from two functions on allocation failure instead of always
returning one (indicating success). Each function has only a single
usage, and both usages check the return value.

Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c:

https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0

ok beck@

Previous fix (1.12) would cause a NULL pointer dereference in the error path
if a NULL stack was passed as argument. Fix this by returning NULL early in
that case.

X509at_add1_attr(): do not free stuff we did not allocate in the error path.
ok tedu@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Memory-leak-in-error-path of the day in X509_ATTRIBUTE_set1_data().
ok logan@ beck@

Fix a memory leak and another one that occurs in the error paths.

(Thanks to Brent Cook)


OK from tedu@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

Add const to the argument of X509_ATTRIBUTE_count(3).

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the ASN1_OBJECT * argument of the following:
EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3),
X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3)

tested in a bulk by sthen
ok beck (as part of a larger diff)

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Return zero from two functions on allocation failure instead of always
returning one (indicating success). Each function has only a single
usage, and both usages check the return value.

Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c:

https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0

ok beck@

Previous fix (1.12) would cause a NULL pointer dereference in the error path
if a NULL stack was passed as argument. Fix this by returning NULL early in
that case.

X509at_add1_attr(): do not free stuff we did not allocate in the error path.
ok tedu@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Memory-leak-in-error-path of the day in X509_ATTRIBUTE_set1_data().
ok logan@ beck@

Fix a memory leak and another one that occurs in the error paths.

(Thanks to Brent Cook)


OK from tedu@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

Return zero from two functions on allocation failure instead of always
returning one (indicating success). Each function has only a single
usage, and both usages check the return value.

Merged from BoringSSL 0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c:

https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!/#F0

ok beck@

Previous fix (1.12) would cause a NULL pointer dereference in the error path
if a NULL stack was passed as argument. Fix this by returning NULL early in
that case.

X509at_add1_attr(): do not free stuff we did not allocate in the error path.
ok tedu@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Memory-leak-in-error-path of the day in X509_ATTRIBUTE_set1_data().
ok logan@ beck@

Fix a memory leak and another one that occurs in the error paths.

(Thanks to Brent Cook)


OK from tedu@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

update to openssl-0.9.8i; tested by several, especially krw@

resolve conflicts

OpenSSL 0.9.7 stable 2002 05 08 merge

branches: 1.1.1;
OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs