diff options
| -rw-r--r-- | lib/libcrypto/asn1/p5_pbev2.c | 2 | ||||
| -rw-r--r-- | lib/libcrypto/bio/b_print.c | 16 | ||||
| -rw-r--r-- | lib/libcrypto/bio/bss_bio.c | 13 | ||||
| -rw-r--r-- | lib/libcrypto/bn/bn.h | 2 | ||||
| -rw-r--r-- | lib/libcrypto/bn/bn_mul.c | 12 | ||||
| -rw-r--r-- | lib/libcrypto/evp/evp.h | 4 | ||||
| -rw-r--r-- | lib/libcrypto/evp/evp_enc.c | 30 | ||||
| -rw-r--r-- | lib/libcrypto/evp/evp_test.c | 4 | ||||
| -rw-r--r-- | lib/libcrypto/evp/p_seal.c | 6 | ||||
| -rw-r--r-- | lib/libcrypto/ui/ui_openssl.c | 2 | ||||
| -rw-r--r-- | lib/libcrypto/util/pl/Mingw32.pl | 14 | ||||
| -rw-r--r-- | lib/libssl/ssl_cert.c | 1 |
12 files changed, 69 insertions, 37 deletions
diff --git a/lib/libcrypto/asn1/p5_pbev2.c b/lib/libcrypto/asn1/p5_pbev2.c index 43dfe09479f..91e1c8987d3 100644 --- a/lib/libcrypto/asn1/p5_pbev2.c +++ b/lib/libcrypto/asn1/p5_pbev2.c @@ -116,6 +116,8 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) goto err; + EVP_CIPHER_CTX_init(&ctx); + /* Dummy cipherinit to just setup the IV */ EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { diff --git a/lib/libcrypto/bio/b_print.c b/lib/libcrypto/bio/b_print.c index b7e268f0920..3ce12907728 100644 --- a/lib/libcrypto/bio/b_print.c +++ b/lib/libcrypto/bio/b_print.c @@ -56,6 +56,13 @@ * [including the GNU Public Licence.] */ +/* disable assert() unless BIO_DEBUG has been defined */ +#ifndef BIO_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + /* * Stolen from tjh's ssl/ssl_trc.c stuff. */ @@ -716,12 +723,13 @@ doapr_outch( if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { - assert(*sbuffer != NULL); if (*maxlen == 0) *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); - if (*currlen > 0) + if (*currlen > 0) { + assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); + } *sbuffer = NULL; } else { *maxlen += 1024; @@ -761,7 +769,9 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args) { int ret; size_t retlen; - MS_STATIC char hugebuf[1024*10]; + char hugebuf[1024*2]; /* Was previously 10k, which is unreasonable + in small-stack environments, like threads + or DOS programs. */ char *hugebufp = hugebuf; size_t hugebufsize = sizeof(hugebuf); char *dynbuf = NULL; diff --git a/lib/libcrypto/bio/bss_bio.c b/lib/libcrypto/bio/bss_bio.c index a5da4730317..1c485a4479a 100644 --- a/lib/libcrypto/bio/bss_bio.c +++ b/lib/libcrypto/bio/bss_bio.c @@ -7,9 +7,18 @@ * for which no specific BIO method is available. * See ssl/ssltest.c for some hints on how this can be used. */ +/* BIO_DEBUG implies BIO_PAIR_DEBUG */ +#ifdef BIO_DEBUG +# ifndef BIO_PAIR_DEBUG +# define BIO_PAIR_DEBUG +# endif +#endif + +/* disable assert() unless BIO_PAIR_DEBUG has been defined */ #ifndef BIO_PAIR_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG +# ifndef NDEBUG +# define NDEBUG +# endif #endif #include <assert.h> diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h index d25b49c9d8d..1eaf8795531 100644 --- a/lib/libcrypto/bn/bn.h +++ b/lib/libcrypto/bn/bn.h @@ -136,7 +136,7 @@ extern "C" { #define BN_MASK2h (0xffffffff00000000LL) #define BN_MASK2h1 (0xffffffff80000000LL) #define BN_TBIT (0x8000000000000000LL) -#define BN_DEC_CONV (10000000000000000000LL) +#define BN_DEC_CONV (10000000000000000000ULL) #define BN_DEC_FMT1 "%llu" #define BN_DEC_FMT2 "%019llu" #define BN_DEC_NUM 19 diff --git a/lib/libcrypto/bn/bn_mul.c b/lib/libcrypto/bn/bn_mul.c index 41ea925b8d9..7bffc9c16a5 100644 --- a/lib/libcrypto/bn/bn_mul.c +++ b/lib/libcrypto/bn/bn_mul.c @@ -408,16 +408,22 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, return; } # endif - if (n2 == 8) + /* Only call bn_mul_comba 8 if n2 == 8 and the + * two arrays are complete [steve] + */ + if (n2 == 8 && dna == 0 && dnb == 0) { bn_mul_comba8(r,a,b); return; } # endif /* BN_MUL_COMBA */ + /* Else do normal multiply */ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { - /* This should not happen */ - bn_mul_normal(r,a,n2,b,n2); + bn_mul_normal(r,a,n2+dna,b,n2+dnb); + if ((dna + dnb) < 0) + memset(&r[2*n2 + dna + dnb], 0, + sizeof(BN_ULONG) * -(dna + dnb)); return; } /* r=(a[0]-a[1])*(b[1]-b[0]) */ diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index 915fe623412..0d870d60beb 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -184,7 +184,7 @@ typedef struct evp_pkey_md_st EVP_rsa_octet_string(),EVP_mdc2()) #define EVP_dsa_sha() \ EVP_PKEY_MD_add(NID_dsaWithSHA,\ - EVP_dsa(),EVP_mdc2()) + EVP_dsa(),EVP_sha()) #define EVP_dsa_sha1() \ EVP_PKEY_MD_add(NID_dsaWithSHA1,\ EVP_dsa(),EVP_sha1()) @@ -525,7 +525,7 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); -void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); +int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, diff --git a/lib/libcrypto/evp/evp_enc.c b/lib/libcrypto/evp/evp_enc.c index d28a7d266e5..32a1c7a2e94 100644 --- a/lib/libcrypto/evp/evp_enc.c +++ b/lib/libcrypto/evp/evp_enc.c @@ -102,11 +102,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp goto skip_to_init; if (cipher) { - /* Ensure an ENGINE left lying around from last time is cleared + /* Ensure a context left lying around from last time is cleared * (the previous check attempted to avoid this if the same * ENGINE and EVP_CIPHER could be used). */ - if(ctx->engine) - ENGINE_finish(ctx->engine); + EVP_CIPHER_CTX_cleanup(ctx); + + /* Restore encrypt field: it is zeroed by cleanup */ + ctx->encrypt = enc; if(impl) { if (!ENGINE_init(impl)) @@ -140,6 +142,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp } else ctx->engine = NULL; + ctx->cipher=cipher; ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); ctx->key_len = cipher->key_len; @@ -303,7 +306,6 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int ret; ret = EVP_EncryptFinal_ex(ctx, out, outl); - EVP_CIPHER_CTX_cleanup(ctx); return ret; } @@ -314,14 +316,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) b=ctx->cipher->block_size; if (b == 1) { - EVP_CIPHER_CTX_cleanup(ctx); *outl=0; return 1; } bl=ctx->buf_len; if (ctx->flags & EVP_CIPH_NO_PADDING) { - EVP_CIPHER_CTX_cleanup(ctx); if(bl) { EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); @@ -336,7 +336,6 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) ctx->buf[i]=n; ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); - EVP_CIPHER_CTX_cleanup(ctx); if(ret) *outl=b; @@ -394,7 +393,6 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { int ret; ret = EVP_DecryptFinal_ex(ctx, out, outl); - EVP_CIPHER_CTX_cleanup(ctx); return ret; } @@ -407,7 +405,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) b=ctx->cipher->block_size; if (ctx->flags & EVP_CIPH_NO_PADDING) { - EVP_CIPHER_CTX_cleanup(ctx); if(ctx->buf_len) { EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); @@ -420,14 +417,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if (ctx->buf_len || !ctx->final_used) { - EVP_CIPHER_CTX_cleanup(ctx); EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); return(0); } n=ctx->final[b-1]; if (n > b) { - EVP_CIPHER_CTX_cleanup(ctx); EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); return(0); } @@ -435,7 +430,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { if (ctx->final[--b] != n) { - EVP_CIPHER_CTX_cleanup(ctx); EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); return(0); } @@ -447,17 +441,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } else *outl=0; - EVP_CIPHER_CTX_cleanup(ctx); return(1); } int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { - if ((c->cipher != NULL) && (c->cipher->cleanup != NULL)) + if (c->cipher != NULL) { - if(!c->cipher->cleanup(c)) return 0; + if(c->cipher->cleanup && !c->cipher->cleanup(c)) + return 0; + /* Zero cipher context data */ + if (c->cipher_data) + memset(c->cipher_data, 0, c->cipher->ctx_size); } - OPENSSL_free(c->cipher_data); + if (c->cipher_data) + OPENSSL_free(c->cipher_data); if (c->engine) /* The EVP_CIPHER we used belongs to an ENGINE, release the * functional reference we held for this reason. */ diff --git a/lib/libcrypto/evp/evp_test.c b/lib/libcrypto/evp/evp_test.c index 3607fe77767..decd0713d62 100644 --- a/lib/libcrypto/evp/evp_test.c +++ b/lib/libcrypto/evp/evp_test.c @@ -209,6 +209,8 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, exit(9); } + EVP_CIPHER_CTX_cleanup(&ctx); + printf("\n"); } @@ -279,6 +281,8 @@ static int test_digest(const char *digest, printf("\n"); + EVP_MD_CTX_cleanup(&ctx); + return 1; } diff --git a/lib/libcrypto/evp/p_seal.c b/lib/libcrypto/evp/p_seal.c index 5570ca37456..37e547fe727 100644 --- a/lib/libcrypto/evp/p_seal.c +++ b/lib/libcrypto/evp/p_seal.c @@ -106,8 +106,10 @@ int inl; } */ -void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - EVP_EncryptFinal_ex(ctx,out,outl); + int i; + i = EVP_EncryptFinal_ex(ctx,out,outl); EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL); + return i; } diff --git a/lib/libcrypto/ui/ui_openssl.c b/lib/libcrypto/ui/ui_openssl.c index 3aa03f74aae..4e121654101 100644 --- a/lib/libcrypto/ui/ui_openssl.c +++ b/lib/libcrypto/ui/ui_openssl.c @@ -465,7 +465,7 @@ static int open_console(UI *ui) tty_out=stderr; #endif -#if defined(TTY_get) && !defined(VMS) +#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) if (TTY_get(fileno(tty_in),&tty_orig) == -1) { #ifdef ENOTTY diff --git a/lib/libcrypto/util/pl/Mingw32.pl b/lib/libcrypto/util/pl/Mingw32.pl index 37f36126f37..45ab685974e 100644 --- a/lib/libcrypto/util/pl/Mingw32.pl +++ b/lib/libcrypto/util/pl/Mingw32.pl @@ -25,6 +25,8 @@ if ($gaswin and !$no_asm) { $bn_asm_obj='$(OBJ_D)/bn-win32.o'; $bn_asm_src='crypto/bn/asm/bn-win32.s'; + $bnco_asm_obj='$(OBJ_D)/co-win32.o'; + $bnco_asm_src='crypto/bn/asm/co-win32.s'; $des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o'; $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s'; $bf_enc_obj='$(OBJ_D)/b-win32.o'; @@ -66,12 +68,12 @@ $lfile=''; $asm='as'; $afile='-o '; -$bn_asm_obj=""; -$bn_asm_src=""; -$des_enc_obj=""; -$des_enc_src=""; -$bf_enc_obj=""; -$bf_enc_src=""; +#$bn_asm_obj=""; +#$bn_asm_src=""; +#$des_enc_obj=""; +#$des_enc_src=""; +#$bf_enc_obj=""; +#$bf_enc_src=""; sub do_lib_rule { diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c index 79e89fe14ad..3d31bbf05f0 100644 --- a/lib/libssl/ssl_cert.c +++ b/lib/libssl/ssl_cert.c @@ -825,7 +825,6 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, err: FindClose(hFind); err_noclose: - if (d) closedir(d); CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); return ret; } |