Reusing an SSL object when it has encountered a fatal error can
have bad consequences. This is a bug in application code not libssl
but libssl should be more forgiving and not crash.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

Signed-off-by: mancha security <mancha1@zoho.com>
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

Signed-off-by: mancha security <mancha1@zoho.com>
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

Remove dependency on ssl_locl.h from v3_scts.c, and incidentally fix a build problem with
kerberos (the dependency meant v3_scts.c was trying to include krb5.h, but without having been
passed the relevanant -I flags to the compiler)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

RLE is a no-op only for testing.  Remove it.

Reviewed-by: Richard Levitte <levitte@openssl.org>

If CA.pl is reading from /dev/null, then "chop $FILE" gives a warning.
Sigh.  Have to add "if $FILE".  This just silences a build warning.
Thanks to GitHub user andrejs-igumenovs for help with this.

Reviewed-by: Richard Levitte <levitte@openssl.org>

For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>

RT2943 only complains about the incorrect check of -K argument size,
we might as well do the same thing with the -iv argument.

Before this, we only checked that the given argument wouldn't give a
bitstring larger than EVP_MAX_KEY_LENGTH.  we can be more precise and
check against the size of the actual cipher used.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>

Was memset with wrong sizeof.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Don't do access check on destination directory; it breaks when euid/egid
is different from real uid/gid.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Signed-off-by: Rich Salz <rsalz@akamai.com>

Thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Tim Hudson <tjh@openssl.org>

Incorrect name used for SSL_AD_INTERNAL_ERROR.

Signed-off-by: mancha security <mancha1@zoho.com>
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

This is the last of Alok's PR260
Reviewed-by: Tim Hudson <tjh@openssl.org>

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>

 https://github.com/openssl/openssl/pull/176 (CHANGES)
 https://rt.openssl.org/Ticket/Display.html?id=3545 (objects.txt)
 https://rt.openssl.org/Ticket/Display.html?id=3796

 (verify.pod)

Reviewed-by: Tim Hudson <tjh@openssl.org>

Add OSSL_NELEM macro to e_os.h to determine the number of elements in an
array.

Reviewed-by: Tim Hudson <tjh@openssl.org>

ONEDIRS, EDIRS and WDIRS aren't used anywhere.  Most probably remains
from a build system of the past, it's time they get put to rest.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Reviewed-by: Rich Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>

Cleanup of files that haven't been used, touched, or I suspect, even
noticed for a long time.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

Use sizeof *foo parameter, to avoid these errors.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

After the finale, the "real" final part. :)  Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>

There were a dozen-plus instances of this construct:
   if (0) { label: ..... }

Reviewed-by: Tim Hudson <tjh@openssl.org>

Reviewed-by: Andy Polyakov

Reviewed-by: Andy Polyakov

Reviewed-by: Andy Polyakov

Don't check for NULL before calling free functions. This gets:
        ERR_STATE_free
        ENGINE_free
        DSO_free
        CMAC_CTX_free
        COMP_CTX_free
        CONF_free
        NCONF_free NCONF_free_data _CONF_free_data
        A sk_free use within OBJ_sigid_free
        TS_TST_INFO_free (rest of TS_ API was okay)
        Doc update for UI_free (all uses were fine)
        X509V3_conf_free
        X509V3_section_free
        X509V3_string_free

Reviewed-by: Richard Levitte <levitte@openssl.org>

Don't check for NULL before calling OPENSSL_free

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reviewed-by: Richard Levitte <levitte@openssl.org>

Reformat CA.pl.in to follow coding style.
Also add "use strict" and "use warnings"
Also modify it to exit properly and report only when succeeded.
And some perl tweaks via Richard.

Reviewed-by: Richard Levitte <levitte@openssl.org>

This gets BN_.*free:
    BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
    BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free

Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
dead code in engines/e_ubsec.

Reviewed-by: Richard Levitte <levitte@openssl.org>