src - OpenBSD base system

diff options


context:
space:
mode:

author	Markus Friedl <markus@cvs.openbsd.org>	2003-05-12 02:18:41 +0000
committer	Markus Friedl <markus@cvs.openbsd.org>	2003-05-12 02:18:41 +0000
commit	b47e6f30e82ff649c06cdfcf587a4ad9d127a4f5 (patch)
tree	f98b2f00f52dd4fd004708bd26d63f3c24a78355 /lib/libcrypto/pem
parent	f97744c656f2a5c7d4e42bcaba08dbe146a49425 (diff)

merge 0.9.7b with local changes; crank majors for libssl/libcrypto

Diffstat (limited to 'lib/libcrypto/pem')

-rw-r--r--

lib/libcrypto/pem/Makefile.ssl

-rw-r--r--

lib/libcrypto/pem/pem.h

-rw-r--r--

lib/libcrypto/pem/pem_info.c

-rw-r--r--

lib/libcrypto/pem/pem_lib.c

-rw-r--r--

lib/libcrypto/pem/pem_pk8.c

-rw-r--r--

lib/libcrypto/pem/pem_seal.c

6 files changed, 26 insertions, 19 deletions

diff --git a/lib/libcrypto/pem/Makefile.ssl b/lib/libcrypto/pem/Makefile.ssl
index 5075d9107b0..d3043eb4013 100644
--- a/lib/libcrypto/pem/Makefile.ssl
+++ b/lib/libcrypto/pem/Makefile.ssl

@@ -71,7 +71,7 @@ lint:

lint -DLINT $(INCLUDES) $(SRC)>fluff

depend:

- $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(LIBSRC)

+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)

dclean:

$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new

diff --git a/lib/libcrypto/pem/pem.h b/lib/libcrypto/pem/pem.h
index 3785fca77dd..d330cbf9a32 100644
--- a/lib/libcrypto/pem/pem.h
+++ b/lib/libcrypto/pem/pem.h

@@ -149,7 +149,7 @@ typedef struct pem_recip_st

int cipher;

int key_enc;

- char iv[8];

+ /* char iv[8]; unused and wrong size */

} PEM_USER;

typedef struct pem_ctx_st

@@ -165,7 +165,8 @@ typedef struct pem_ctx_st

struct {

int cipher;

- unsigned char iv[8];

+ /* unused, and wrong size

+ unsigned char iv[8]; */

} DEK_info;

PEM_USER *originator;

@@ -187,7 +188,8 @@ typedef struct pem_ctx_st

EVP_CIPHER *dec; /* date encryption cipher */

int key_len; /* key length */

unsigned char *key; /* key */

- unsigned char iv[8]; /* the iv */

+ /* unused, and wrong size

+ unsigned char iv[8]; */

int data_enc; /* is the data encrypted */

diff --git a/lib/libcrypto/pem/pem_info.c b/lib/libcrypto/pem/pem_info.c
index 9a6dffb45cf..9e4af29c954 100644
--- a/lib/libcrypto/pem/pem_info.c
+++ b/lib/libcrypto/pem/pem_info.c

@@ -324,6 +324,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,

}

/* create the right magic header stuff */

+ OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);

buf[0]='\0';

PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);

PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);

@@ -358,7 +359,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,

ret=1;

err:

- memset((char *)&ctx,0,sizeof(ctx));

- memset(buf,0,PEM_BUFSIZE);

+ OPENSSL_cleanse((char *)&ctx,sizeof(ctx));

+ OPENSSL_cleanse(buf,PEM_BUFSIZE);

return(ret);

}

diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c
index 50f5733654a..3bec2d7e9f4 100644
--- a/lib/libcrypto/pem/pem_lib.c
+++ b/lib/libcrypto/pem/pem_lib.c

@@ -138,7 +138,7 @@ void PEM_proc_type(char *buf, int type)

void PEM_dek_info(char *buf, const char *type, int len, char *str)

{

- static unsigned char map[17]="0123456789ABCDEF";

+ static const unsigned char map[17]="0123456789ABCDEF";

long i;

int j;

@@ -251,7 +251,7 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char

ret = 1;

err:

- if (!pnm) OPENSSL_free(nm);

+ if (!ret || !pnm) OPENSSL_free(nm);

OPENSSL_free(header);

if (!ret) OPENSSL_free(data);

return ret;

@@ -306,6 +306,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,

goto err;

}

/* dzise + 8 bytes are needed */

+ /* actually it needs the cipher block size extra... */

data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);

if (data == NULL)

{

@@ -335,13 +336,16 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,

kstr=(unsigned char *)buf;

}

RAND_add(data,i,0);/* put in the RSA key. */

+ OPENSSL_assert(enc->iv_len <= sizeof iv);

if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */

goto err;

/* The 'iv' is used as the iv and as a salt. It is

* NOT taken from the BytesToKey function */

EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);

- if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);

+ if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);

+ OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);

buf[0]='\0';

PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);

@@ -364,13 +368,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,

i=PEM_write_bio(bp,name,buf,data,i);

if (i <= 0) ret=0;

err:

- memset(key,0,sizeof(key));

- memset(iv,0,sizeof(iv));

- memset((char *)&ctx,0,sizeof(ctx));

- memset(buf,0,PEM_BUFSIZE);

+ OPENSSL_cleanse(key,sizeof(key));

+ OPENSSL_cleanse(iv,sizeof(iv));

+ OPENSSL_cleanse((char *)&ctx,sizeof(ctx));

+ OPENSSL_cleanse(buf,PEM_BUFSIZE);

if (data != NULL)

{

- memset(data,0,(unsigned int)dsize);

+ OPENSSL_cleanse(data,(unsigned int)dsize);

OPENSSL_free(data);

}

return(ret);

@@ -411,8 +415,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,

EVP_DecryptUpdate(&ctx,data,&i,data,j);

o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);

EVP_CIPHER_CTX_cleanup(&ctx);

- memset((char *)buf,0,sizeof(buf));

- memset((char *)key,0,sizeof(key));

+ OPENSSL_cleanse((char *)buf,sizeof(buf));

+ OPENSSL_cleanse((char *)key,sizeof(key));

j+=i;

if (!o)

{

@@ -693,7 +697,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,

if (strncmp(buf,"-----END ",9) == 0)

break;

if (i > 65) break;

- if (!BUF_MEM_grow(dataB,i+bl+9))

+ if (!BUF_MEM_grow_clean(dataB,i+bl+9))

{

PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);

goto err;

diff --git a/lib/libcrypto/pem/pem_pk8.c b/lib/libcrypto/pem/pem_pk8.c
index f44182ffb5a..db38a2a79de 100644
--- a/lib/libcrypto/pem/pem_pk8.c
+++ b/lib/libcrypto/pem/pem_pk8.c

@@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER

kstr = buf;

}

p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);

- if(kstr == buf) memset(buf, 0, klen);

+ if(kstr == buf) OPENSSL_cleanse(buf, klen);

PKCS8_PRIV_KEY_INFO_free(p8inf);

if(isder) ret = i2d_PKCS8_bio(bp, p8);

else ret = PEM_write_bio_PKCS8(bp, p8);

diff --git a/lib/libcrypto/pem/pem_seal.c b/lib/libcrypto/pem/pem_seal.c
index ae463a301de..56e08abd705 100644
--- a/lib/libcrypto/pem/pem_seal.c
+++ b/lib/libcrypto/pem/pem_seal.c

@@ -112,7 +112,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,

ret=npubk;

err:

if (s != NULL) OPENSSL_free(s);

- memset(key,0,EVP_MAX_KEY_LENGTH);

+ OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);

return(ret);

}