Make X509_NAME_get_text_by[NID|OBJ] safer.

This is an un-revert with nits of the previously landed change
to do this which broke libtls. libtls has now been changed to
not use this function.

This change ensures that if something is returned it is "text"
(UTF-8) and a C string not containing a NUL byte. Historically
callers to this function assume the result is text and a C string
however the OpenSSL version simply hands them the bytes from an
ASN1_STRING and expects them to know bad things can happen which
they almost universally do not check for. Partly inspired by
goings on in boringssl.

ok jsing@ tb@

Revert utf-8 fix for X509_NAME_get_index_by_NID to avoid libtls
regress for the moment. this will come back after we rethink
the failure versus not there case.

ok tb@ jsing@

Bring back length check tb ok'ed and I managed to remove while
changing tests.

ok tb@

Change X509_NAME_get_index_by[NID|OBJ] to be safer.

Currently these functions return raw ASN1_STRING bytes as
a C string and ignore the encoding in a "hold my beer I am
a toolkit not a functioning API surely it's just for testing
and you'd never send nasty bytes" kind of way.

Sadly some callers seem to use them to fetch things liks
subject name components for comparisons, and often just
use the result as a C string.

Instead, encode the resulting bytes as UTF-8 so it is
something like "text",

Add a failure case if the length provided is inadequate
or if the resulting text would contain an nul byte.

based on boringssl.

nits by dlg@
ok tb@

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h

fix suggested by & ok jsing

spelling fixes; from paul tagliamonte
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct

ok tb

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Hide public symbols in libcrypto/x509 .c files

ok tb@

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Add a const qualifier to the `name' argument of
X509_NAME_get_index_by_{OBJ,NID}().

tested in a bulk build by sthen
suggested by & ok jsing

Add const to the obj argument of X509_NAME_add_entry_by_OBJ()

tested in a bulk build by sthen
ok jsing

Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).

tested in a bulk by sthen
ok jsing

Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3)
and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)

tested in a bulk build by sthen
ok jsing

Add const to the argument of X509_NAME_entry_count().

tested in a bulk build by sthen
ok jsing

The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and
X509_NAME_add_entry_by_OBJ(3) are now const.

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of
X509_NAME_add_entry(3).

tested in a bulk build by sthen,
ok jsing

Add const to the argument of X509_NAME_ENTRY_get_data(3).

Tested in a bulk build by sthen
ok jsing

Add const qualifiers to the 'obj' and 'bytes' arguments of
X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and
X509_NAME_ENTRY_set_object(3).

tested in a bulk build by sthen
ok jsing

Convert a handful of X509_*() functions to take const as in OpenSSL.

tested in a bulk by sthen
ok jsing

Fix two bugs in X509_NAME_add_entry(3):
(1) Evaluate the "set" argument, which says whether to create a new
RDN or to prepend or append to an existing one, before reusing it
for a different purpose, i.e. for the "set" field of the new
X509_NAME_ENTRY structure.
(2) When incrementing of some "set" fields is needed, increment the
correct ones: All those to the right of the newly inserted entry,
but not the one of that entry itself.

These two bugs caused wrong results whenever using loc != -1,
i.e. whenever inserting rather than appending entries, even when
using set == 0 only, that is, even when using single-values RDNs only.

Both bugs have been continuously present since at least SSLeay-0.8.1
(released July 18, 1997) and the second one since at least SSLeay-0.8.0
(released June 25, 1997), so both are over twenty years old.

I found these bugs by code inspection while trying to document the
function X509_NAME_ENTRY_set(3), which is public, but undocumented
in OpenSSL.

OK beck@, jsing@

Provide X509_NAME_ENTRY_set()

ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to
memcpy().
ok bcook@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h

fix suggested by & ok jsing

spelling fixes; from paul tagliamonte
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct

ok tb

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Hide public symbols in libcrypto/x509 .c files

ok tb@

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Add a const qualifier to the `name' argument of
X509_NAME_get_index_by_{OBJ,NID}().

tested in a bulk build by sthen
suggested by & ok jsing

Add const to the obj argument of X509_NAME_add_entry_by_OBJ()

tested in a bulk build by sthen
ok jsing

Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).

tested in a bulk by sthen
ok jsing

Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3)
and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)

tested in a bulk build by sthen
ok jsing

Add const to the argument of X509_NAME_entry_count().

tested in a bulk build by sthen
ok jsing

The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and
X509_NAME_add_entry_by_OBJ(3) are now const.

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of
X509_NAME_add_entry(3).

tested in a bulk build by sthen,
ok jsing

Add const to the argument of X509_NAME_ENTRY_get_data(3).

Tested in a bulk build by sthen
ok jsing

Add const qualifiers to the 'obj' and 'bytes' arguments of
X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and
X509_NAME_ENTRY_set_object(3).

tested in a bulk build by sthen
ok jsing

Convert a handful of X509_*() functions to take const as in OpenSSL.

tested in a bulk by sthen
ok jsing

Fix two bugs in X509_NAME_add_entry(3):
(1) Evaluate the "set" argument, which says whether to create a new
RDN or to prepend or append to an existing one, before reusing it
for a different purpose, i.e. for the "set" field of the new
X509_NAME_ENTRY structure.
(2) When incrementing of some "set" fields is needed, increment the
correct ones: All those to the right of the newly inserted entry,
but not the one of that entry itself.

These two bugs caused wrong results whenever using loc != -1,
i.e. whenever inserting rather than appending entries, even when
using set == 0 only, that is, even when using single-values RDNs only.

Both bugs have been continuously present since at least SSLeay-0.8.1
(released July 18, 1997) and the second one since at least SSLeay-0.8.0
(released June 25, 1997), so both are over twenty years old.

I found these bugs by code inspection while trying to document the
function X509_NAME_ENTRY_set(3), which is public, but undocumented
in OpenSSL.

OK beck@, jsing@

Provide X509_NAME_ENTRY_set()

ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to
memcpy().
ok bcook@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

spelling fixes; from paul tagliamonte
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct

ok tb

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Hide public symbols in libcrypto/x509 .c files

ok tb@

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Add a const qualifier to the `name' argument of
X509_NAME_get_index_by_{OBJ,NID}().

tested in a bulk build by sthen
suggested by & ok jsing

Add const to the obj argument of X509_NAME_add_entry_by_OBJ()

tested in a bulk build by sthen
ok jsing

Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).

tested in a bulk by sthen
ok jsing

Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3)
and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)

tested in a bulk build by sthen
ok jsing

Add const to the argument of X509_NAME_entry_count().

tested in a bulk build by sthen
ok jsing

The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and
X509_NAME_add_entry_by_OBJ(3) are now const.

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of
X509_NAME_add_entry(3).

tested in a bulk build by sthen,
ok jsing

Add const to the argument of X509_NAME_ENTRY_get_data(3).

Tested in a bulk build by sthen
ok jsing

Add const qualifiers to the 'obj' and 'bytes' arguments of
X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and
X509_NAME_ENTRY_set_object(3).

tested in a bulk build by sthen
ok jsing

Convert a handful of X509_*() functions to take const as in OpenSSL.

tested in a bulk by sthen
ok jsing

Fix two bugs in X509_NAME_add_entry(3):
(1) Evaluate the "set" argument, which says whether to create a new
RDN or to prepend or append to an existing one, before reusing it
for a different purpose, i.e. for the "set" field of the new
X509_NAME_ENTRY structure.
(2) When incrementing of some "set" fields is needed, increment the
correct ones: All those to the right of the newly inserted entry,
but not the one of that entry itself.

These two bugs caused wrong results whenever using loc != -1,
i.e. whenever inserting rather than appending entries, even when
using set == 0 only, that is, even when using single-values RDNs only.

Both bugs have been continuously present since at least SSLeay-0.8.1
(released July 18, 1997) and the second one since at least SSLeay-0.8.0
(released June 25, 1997), so both are over twenty years old.

I found these bugs by code inspection while trying to document the
function X509_NAME_ENTRY_set(3), which is public, but undocumented
in OpenSSL.

OK beck@, jsing@

Provide X509_NAME_ENTRY_set()

ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to
memcpy().
ok bcook@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

Hide public symbols in libcrypto/x509 .c files

ok tb@

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Add a const qualifier to the `name' argument of
X509_NAME_get_index_by_{OBJ,NID}().

tested in a bulk build by sthen
suggested by & ok jsing

Add const to the obj argument of X509_NAME_add_entry_by_OBJ()

tested in a bulk build by sthen
ok jsing

Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).

tested in a bulk by sthen
ok jsing

Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3)
and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)

tested in a bulk build by sthen
ok jsing

Add const to the argument of X509_NAME_entry_count().

tested in a bulk build by sthen
ok jsing

The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and
X509_NAME_add_entry_by_OBJ(3) are now const.

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of
X509_NAME_add_entry(3).

tested in a bulk build by sthen,
ok jsing

Add const to the argument of X509_NAME_ENTRY_get_data(3).

Tested in a bulk build by sthen
ok jsing

Add const qualifiers to the 'obj' and 'bytes' arguments of
X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and
X509_NAME_ENTRY_set_object(3).

tested in a bulk build by sthen
ok jsing

Convert a handful of X509_*() functions to take const as in OpenSSL.

tested in a bulk by sthen
ok jsing

Fix two bugs in X509_NAME_add_entry(3):
(1) Evaluate the "set" argument, which says whether to create a new
RDN or to prepend or append to an existing one, before reusing it
for a different purpose, i.e. for the "set" field of the new
X509_NAME_ENTRY structure.
(2) When incrementing of some "set" fields is needed, increment the
correct ones: All those to the right of the newly inserted entry,
but not the one of that entry itself.

These two bugs caused wrong results whenever using loc != -1,
i.e. whenever inserting rather than appending entries, even when
using set == 0 only, that is, even when using single-values RDNs only.

Both bugs have been continuously present since at least SSLeay-0.8.1
(released July 18, 1997) and the second one since at least SSLeay-0.8.0
(released June 25, 1997), so both are over twenty years old.

I found these bugs by code inspection while trying to document the
function X509_NAME_ENTRY_set(3), which is public, but undocumented
in OpenSSL.

OK beck@, jsing@

Provide X509_NAME_ENTRY_set()

ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to
memcpy().
ok bcook@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Hide public symbols in libcrypto/x509 .c files

ok tb@

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Add a const qualifier to the `name' argument of
X509_NAME_get_index_by_{OBJ,NID}().

tested in a bulk build by sthen
suggested by & ok jsing

Add const to the obj argument of X509_NAME_add_entry_by_OBJ()

tested in a bulk build by sthen
ok jsing

Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).

tested in a bulk by sthen
ok jsing

Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3)
and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)

tested in a bulk build by sthen
ok jsing

Add const to the argument of X509_NAME_entry_count().

tested in a bulk build by sthen
ok jsing

The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and
X509_NAME_add_entry_by_OBJ(3) are now const.

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of
X509_NAME_add_entry(3).

tested in a bulk build by sthen,
ok jsing

Add const to the argument of X509_NAME_ENTRY_get_data(3).

Tested in a bulk build by sthen
ok jsing

Add const qualifiers to the 'obj' and 'bytes' arguments of
X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and
X509_NAME_ENTRY_set_object(3).

tested in a bulk build by sthen
ok jsing

Convert a handful of X509_*() functions to take const as in OpenSSL.

tested in a bulk by sthen
ok jsing

Fix two bugs in X509_NAME_add_entry(3):
(1) Evaluate the "set" argument, which says whether to create a new
RDN or to prepend or append to an existing one, before reusing it
for a different purpose, i.e. for the "set" field of the new
X509_NAME_ENTRY structure.
(2) When incrementing of some "set" fields is needed, increment the
correct ones: All those to the right of the newly inserted entry,
but not the one of that entry itself.

These two bugs caused wrong results whenever using loc != -1,
i.e. whenever inserting rather than appending entries, even when
using set == 0 only, that is, even when using single-values RDNs only.

Both bugs have been continuously present since at least SSLeay-0.8.1
(released July 18, 1997) and the second one since at least SSLeay-0.8.0
(released June 25, 1997), so both are over twenty years old.

I found these bugs by code inspection while trying to document the
function X509_NAME_ENTRY_set(3), which is public, but undocumented
in OpenSSL.

OK beck@, jsing@

Provide X509_NAME_ENTRY_set()

ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to
memcpy().
ok bcook@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Move the now internal X.509-related structs into x509_lcl.h.
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.

ok jsing

Add a const qualifier to the `name' argument of
X509_NAME_get_index_by_{OBJ,NID}().

tested in a bulk build by sthen
suggested by & ok jsing

Add const to the obj argument of X509_NAME_add_entry_by_OBJ()

tested in a bulk build by sthen
ok jsing

Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).

tested in a bulk by sthen
ok jsing

Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3)
and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)

tested in a bulk build by sthen
ok jsing

Add const to the argument of X509_NAME_entry_count().

tested in a bulk build by sthen
ok jsing

The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and
X509_NAME_add_entry_by_OBJ(3) are now const.

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of
X509_NAME_add_entry(3).

tested in a bulk build by sthen,
ok jsing

Add const to the argument of X509_NAME_ENTRY_get_data(3).

Tested in a bulk build by sthen
ok jsing

Add const qualifiers to the 'obj' and 'bytes' arguments of
X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and
X509_NAME_ENTRY_set_object(3).

tested in a bulk build by sthen
ok jsing

Convert a handful of X509_*() functions to take const as in OpenSSL.

tested in a bulk by sthen
ok jsing

Fix two bugs in X509_NAME_add_entry(3):
(1) Evaluate the "set" argument, which says whether to create a new
RDN or to prepend or append to an existing one, before reusing it
for a different purpose, i.e. for the "set" field of the new
X509_NAME_ENTRY structure.
(2) When incrementing of some "set" fields is needed, increment the
correct ones: All those to the right of the newly inserted entry,
but not the one of that entry itself.

These two bugs caused wrong results whenever using loc != -1,
i.e. whenever inserting rather than appending entries, even when
using set == 0 only, that is, even when using single-values RDNs only.

Both bugs have been continuously present since at least SSLeay-0.8.1
(released July 18, 1997) and the second one since at least SSLeay-0.8.0
(released June 25, 1997), so both are over twenty years old.

I found these bugs by code inspection while trying to document the
function X509_NAME_ENTRY_set(3), which is public, but undocumented
in OpenSSL.

OK beck@, jsing@

Provide X509_NAME_ENTRY_set()

ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to
memcpy().
ok bcook@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Add a const qualifier to the `name' argument of
X509_NAME_get_index_by_{OBJ,NID}().

tested in a bulk build by sthen
suggested by & ok jsing

Add const to the obj argument of X509_NAME_add_entry_by_OBJ()

tested in a bulk build by sthen
ok jsing

Add const to the 'obj' argument of X509_NAME_get_text_by_OBJ(3).

tested in a bulk by sthen
ok jsing

Add a const qualififer to the 'name' argument of X509_NAME_get_entry(3)
and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)

tested in a bulk build by sthen
ok jsing

Add const to the argument of X509_NAME_entry_count().

tested in a bulk build by sthen
ok jsing

The 'bytes' arguments of X509_NAME_add_entry_by_NID(3) and
X509_NAME_add_entry_by_OBJ(3) are now const.

tested in a bulk build by sthen
ok jsing

Add a const qualifier to the 'X509_NAME_ENTRY *ne' argument of
X509_NAME_add_entry(3).

tested in a bulk build by sthen,
ok jsing

Add const to the argument of X509_NAME_ENTRY_get_data(3).

Tested in a bulk build by sthen
ok jsing

Add const qualifiers to the 'obj' and 'bytes' arguments of
X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and
X509_NAME_ENTRY_set_object(3).

tested in a bulk build by sthen
ok jsing

Convert a handful of X509_*() functions to take const as in OpenSSL.

tested in a bulk by sthen
ok jsing

Fix two bugs in X509_NAME_add_entry(3):
(1) Evaluate the "set" argument, which says whether to create a new
RDN or to prepend or append to an existing one, before reusing it
for a different purpose, i.e. for the "set" field of the new
X509_NAME_ENTRY structure.
(2) When incrementing of some "set" fields is needed, increment the
correct ones: All those to the right of the newly inserted entry,
but not the one of that entry itself.

These two bugs caused wrong results whenever using loc != -1,
i.e. whenever inserting rather than appending entries, even when
using set == 0 only, that is, even when using single-values RDNs only.

Both bugs have been continuously present since at least SSLeay-0.8.1
(released July 18, 1997) and the second one since at least SSLeay-0.8.0
(released June 25, 1997), so both are over twenty years old.

I found these bugs by code inspection while trying to document the
function X509_NAME_ENTRY_set(3), which is public, but undocumented
in OpenSSL.

OK beck@, jsing@

Provide X509_NAME_ENTRY_set()

ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to
memcpy().
ok bcook@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Convert a handful of X509_*() functions to take const as in OpenSSL.

tested in a bulk by sthen
ok jsing

Fix two bugs in X509_NAME_add_entry(3):
(1) Evaluate the "set" argument, which says whether to create a new
RDN or to prepend or append to an existing one, before reusing it
for a different purpose, i.e. for the "set" field of the new
X509_NAME_ENTRY structure.
(2) When incrementing of some "set" fields is needed, increment the
correct ones: All those to the right of the newly inserted entry,
but not the one of that entry itself.

These two bugs caused wrong results whenever using loc != -1,
i.e. whenever inserting rather than appending entries, even when
using set == 0 only, that is, even when using single-values RDNs only.

Both bugs have been continuously present since at least SSLeay-0.8.1
(released July 18, 1997) and the second one since at least SSLeay-0.8.0
(released June 25, 1997), so both are over twenty years old.

I found these bugs by code inspection while trying to document the
function X509_NAME_ENTRY_set(3), which is public, but undocumented
in OpenSSL.

OK beck@, jsing@

Provide X509_NAME_ENTRY_set()

ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to
memcpy().
ok bcook@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Fix two bugs in X509_NAME_add_entry(3):
(1) Evaluate the "set" argument, which says whether to create a new
RDN or to prepend or append to an existing one, before reusing it
for a different purpose, i.e. for the "set" field of the new
X509_NAME_ENTRY structure.
(2) When incrementing of some "set" fields is needed, increment the
correct ones: All those to the right of the newly inserted entry,
but not the one of that entry itself.

These two bugs caused wrong results whenever using loc != -1,
i.e. whenever inserting rather than appending entries, even when
using set == 0 only, that is, even when using single-values RDNs only.

Both bugs have been continuously present since at least SSLeay-0.8.1
(released July 18, 1997) and the second one since at least SSLeay-0.8.0
(released June 25, 1997), so both are over twenty years old.

I found these bugs by code inspection while trying to document the
function X509_NAME_ENTRY_set(3), which is public, but undocumented
in OpenSSL.

OK beck@, jsing@

Provide X509_NAME_ENTRY_set()

ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to
memcpy().
ok bcook@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Provide X509_NAME_ENTRY_set()

ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to
memcpy().
ok bcook@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

X509_NAME_get_text_by_OBJ(): make sure we do not pass a negative size to
memcpy().
ok bcook@

Only import cryptlib.h in the four source files that actually need it.
Remove the openssl public includes from cryptlib.h and add a small number
of includes into the source files that actually need them. While here,
also sort/group/tidy the includes.

ok beck@ miod@

Stop including standard headers via cryptlib.h - pull in the headers that
are needed in the source files that actually require them.

ok beck@ miod@

tags as requested by miod and tedu

Replace all use of ERR_add_error_data with ERR_asprintf_error_data.
This avoids a lot of ugly gymnastics to do snprintfs before sending the
bag of strings to ERR, and eliminates at least one place in dso_dlfctn.c
where it was being called with the incorrect number of arguments and
using random things off the stack as addresses of strings.
ok krw@, jsing@

KNF.

blunt force knf

resolve conflicts, fix local changes

resolve conflicts

OpenSSL 0.9.5a merge

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

OpenSSL 0.9.4 merge

branches: 1.1.1;
Initial revision