libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most

libressl *_namespace.h: adjust *_ALIAS() to require a semicolon

LCRYPTO_ALIAS() and LSSL_ALIAS() contained a trailing semicolon.
This does not conform to style(9), breaks editors and ctags and
(most importantly) my workflow. Fix this by neutering them with
asm("") so that -Wpedantic doesn't complain. There's precedent
in libc's namespace.h

fix suggested by & ok jsing

show more ...

Consistently check for NULL early.

Also be more consistent with variable naming.

ok tb@

Fix an unchecked strdup() in UI_create_method().

ok tb@

Make UI_destroy_method() NULL safe.

ok tb@

Remove unhelpful comment.

Remove a comment that tells you not to call a function that internally
calls free, with a stack allocated pointer...

ok tb@

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_l

Make internal header file names consistent

Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.

Adjust all .c files in libcrypto, libssl and regress.

The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.

discussed with jsing,
no objection bcook

show more ...

Hide symbols in libcrypto/ui

ok jsing@

KNF for a few comments and indent a label

Remove some dangling elses for consistency with the rest of the file

Simplify UI_new_method()

Use calloc() instead of malloc() and setting all members manually to 0.
Avoid unnecessary else branch.

Move variable declaration to the top of UI_set_result and ditch
a pointless local scope.

suggested by jsing

The default branch of a switch somehow got moved inside of a pointless
local scope of a case branch. Move it into the proper location.

No binary change on amd64.

"sure" jsing

Simplify call to ERR_print_errors_cb()

There is no reason for print_error()'s third argument to be a UI *.
It may just as well be a void * to match what ERR_print_errors_cb()
expects. This avoids ca

Simplify call to ERR_print_errors_cb()

There is no reason for print_error()'s third argument to be a UI *.
It may just as well be a void * to match what ERR_print_errors_cb()
expects. This avoids casting the function pointer. Also, there's no
need for a (void *) cast.

ok jsing

show more ...

Error out if ok_chars and cancel_chars overlap

It is a bit silly to push an error on the stack without erroring out,
so error out if the ok_chars and cancel_chars overlap.

ok jsing

Fix a number of leaks in the UI_dup_* functions

If any of general_allocate_{prompt,string,boolean}() fail, the
UI_dup_* functions may leak the strings they strduped beforehand.
Instead, use strdup i

Fix a number of leaks in the UI_dup_* functions

If any of general_allocate_{prompt,string,boolean}() fail, the
UI_dup_* functions may leak the strings they strduped beforehand.
Instead, use strdup inside these functions, so we can free as
necessary. This makes the UI_add_* and UI_dup_* simple wrappers
around general_allocate_{string,boolean}() that differ only in
passing a Boolean that indicates whether or not to use strdup.

Make a general cleanup pass over these functions, simplify the
logic and make it overall a bit easier to follow. While there,
use strcspn() instead of a handrolled variant.

The only changes in behavior are that ERR_R_MALLOC_FAILURE is now
pushed onto the stack a bit more often and that UI_dup_input_string()
now returns -1 on failure to dup prompt like all the other UI_dup_*
functions. This is not a problem since the manual already documents
that errors are signaled with <= 0. The only consumer of this function
according to Debian's codesearch is libp11, I sent them a PR to fix
their (already broken) error handling.

Addresses about 10 errors thrown by the LLVM static analyzer in ui/.

ok jsing

show more ...

Push ERR_R_MALLOC_FAILURE onto the error stack

If sk_UI_STRING_new_null() fails, this must be due to a memory error,
so signal this to the user.

ok jsing

Make free_strings() NULL safe

ok jsing

Add a const qualifier to the argument of UI_method_get_closer(),
UI_method_get_flusher(), UI_method_get_opener(),
UI_method_get_prompt_constructor(), UI_method_get_reader(), and
UI_method_get_writer(

Add a const qualifier to the argument of UI_method_get_closer(),
UI_method_get_flusher(), UI_method_get_opener(),
UI_method_get_prompt_constructor(), UI_method_get_reader(), and
UI_method_get_writer().

tested in a bulk build by sthen
ok jsing

show more ...

UI_METHOD *UI_create_method(const char *name).
^^^^^
tested in a bulk build by sthen
ok jsing

Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing
libssl had more reacharounds into this.
ok jsing@ inoguchi@

don't go into an unbreakable infinite loop during operations such
as reading passwords. allow ^C to break.
the pain was mine, the fix is miod's.

Remove more IMPLEMENT_STACK_OF noops that have been hiding for the last
15 years.

Use string literals in printf style calls so gcc's -Wformat works.

ok tedu@, miod@

Kill a bunch more BUF_strdup's - these are converted to have a check for
NULL before an intrinsic strdup.
ok miod@

The bell tolls for BUF_strdup - Start the migration to using
intrinsics. This is the easy ones, a few left to check one at
a time.
ok miod@ deraadt@