aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/aes/aes_wrap.c12
-rwxr-xr-xcrypto/aes/asm/aes-x86_64.pl38
-rw-r--r--crypto/asn1/a_int.c3
-rw-r--r--crypto/asn1/n_pkey.c3
-rw-r--r--crypto/asn1/t_crl.c3
-rw-r--r--crypto/asn1/tasn_dec.c3
-rw-r--r--crypto/asn1/x_x509.c4
-rw-r--r--crypto/bio/b_sock.c7
-rw-r--r--crypto/bio/bf_nbio.c2
-rw-r--r--crypto/bio/bio_lib.c4
-rw-r--r--crypto/bio/bss_acpt.c5
-rw-r--r--crypto/bio/bss_sock.c13
-rw-r--r--crypto/bn/bn_exp2.c3
-rw-r--r--crypto/bn/bn_mul.c9
-rw-r--r--crypto/cms/cms_asn1.c4
-rw-r--r--crypto/conf/conf_def.c17
-rw-r--r--crypto/des/rpc_des.h4
-rw-r--r--crypto/dsa/dsa_gen.c3
-rw-r--r--crypto/dsa/dsa_ossl.c3
-rw-r--r--crypto/ec/ec2_mult.c13
-rw-r--r--crypto/ec/ec_mult.c6
-rw-r--r--crypto/ecdh/ech_lib.c6
-rw-r--r--crypto/ecdsa/ecs_lib.c2
-rw-r--r--crypto/engine/eng_list.c1
-rw-r--r--crypto/err/err_prn.c10
-rw-r--r--crypto/evp/bio_b64.c77
-rw-r--r--crypto/evp/enc_min.c1
-rw-r--r--crypto/evp/encode.c3
-rw-r--r--crypto/evp/evp_pbe.c49
-rw-r--r--crypto/hmac/hmac.c3
-rw-r--r--crypto/md32_common.h2
-rw-r--r--crypto/o_init.c5
-rw-r--r--crypto/ocsp/ocsp_ht.c12
-rw-r--r--crypto/ocsp/ocsp_prn.c2
-rw-r--r--crypto/opensslv.h6
-rw-r--r--crypto/pem/pem_lib.c2
-rw-r--r--crypto/pkcs12/p12_key.c38
-rw-r--r--crypto/pkcs12/p12_npas.c17
-rw-r--r--crypto/pkcs7/pk7_doit.c3
-rw-r--r--crypto/pkcs7/pk7_lib.c2
-rw-r--r--crypto/pkcs7/pk7_mime.c3
-rw-r--r--crypto/pqueue/pqueue.c12
-rw-r--r--crypto/rand/rand_nw.c4
-rw-r--r--crypto/rand/randfile.c4
-rw-r--r--crypto/rsa/rsa_eay.c2
-rw-r--r--crypto/x509/x509.h1
-rw-r--r--crypto/x509/x509_vfy.c7
-rw-r--r--crypto/x509/x_all.c1
-rw-r--r--crypto/x509v3/v3_ncons.c1
-rw-r--r--crypto/x509v3/v3_pci.c28
50 files changed, 276 insertions, 187 deletions
diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c
index 9feacd65d8cd..e2d73d37ceda 100644
--- a/crypto/aes/aes_wrap.c
+++ b/crypto/aes/aes_wrap.c
@@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff)
{
- A[6] ^= (unsigned char)((t & 0xff) >> 8);
- A[5] ^= (unsigned char)((t & 0xff) >> 16);
- A[4] ^= (unsigned char)((t & 0xff) >> 24);
+ A[6] ^= (unsigned char)((t >> 8) & 0xff);
+ A[5] ^= (unsigned char)((t >> 16) & 0xff);
+ A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(R, B + 8, 8);
}
@@ -119,9 +119,9 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
A[7] ^= (unsigned char)(t & 0xff);
if (t > 0xff)
{
- A[6] ^= (unsigned char)((t & 0xff) >> 8);
- A[5] ^= (unsigned char)((t & 0xff) >> 16);
- A[4] ^= (unsigned char)((t & 0xff) >> 24);
+ A[6] ^= (unsigned char)((t >> 8) & 0xff);
+ A[5] ^= (unsigned char)((t >> 16) & 0xff);
+ A[4] ^= (unsigned char)((t >> 24) & 0xff);
}
memcpy(B + 8, R, 8);
AES_decrypt(B, B, key);
diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl
index b008ab527d08..b510057d166c 100755
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -751,7 +751,19 @@ $code.=<<___;
AES_set_encrypt_key:
push %rbx
push %rbp
+ sub \$8,%rsp
+ call _x86_64_AES_set_encrypt_key
+
+ mov 8(%rsp),%rbp
+ mov 16(%rsp),%rbx
+ add \$24,%rsp
+ ret
+.size AES_set_encrypt_key,.-AES_set_encrypt_key
+
+.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent
+.align 16
+_x86_64_AES_set_encrypt_key:
mov %esi,%ecx # %ecx=bits
mov %rdi,%rsi # %rsi=userKey
mov %rdx,%rdi # %rdi=key
@@ -938,10 +950,8 @@ $code.=<<___;
.Lbadpointer:
mov \$-1,%rax
.Lexit:
- pop %rbp
- pop %rbx
- ret
-.size AES_set_encrypt_key,.-AES_set_encrypt_key
+ .byte 0xf3,0xc3 # rep ret
+.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
___
sub deckey()
@@ -973,15 +983,14 @@ $code.=<<___;
.type AES_set_decrypt_key,\@function,3
.align 16
AES_set_decrypt_key:
- push %rdx
- call AES_set_encrypt_key
- cmp \$0,%eax
- je .Lproceed
- lea 24(%rsp),%rsp
- ret
-.Lproceed:
+ push %rbx
+ push %rbp
+ push %rdx # save key schedule
+
+ call _x86_64_AES_set_encrypt_key
mov (%rsp),%r8 # restore key schedule
- mov %rbx,(%rsp)
+ cmp \$0,%eax
+ jne .Labort
mov 240(%r8),%ecx # pull number of rounds
xor %rdi,%rdi
@@ -1023,7 +1032,10 @@ $code.=<<___;
jnz .Lpermute
xor %rax,%rax
- pop %rbx
+.Labort:
+ mov 8(%rsp),%rbp
+ mov 16(%rsp),%rbx
+ add \$24,%rsp
ret
.size AES_set_decrypt_key,.-AES_set_decrypt_key
___
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index f8d198efb160..f551bdbaadd3 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
{
ASN1_INTEGER *ret=NULL;
const unsigned char *p;
- unsigned char *to,*s;
+ unsigned char *s;
long len;
int inf,tag,xclass;
int i;
@@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
i=ERR_R_MALLOC_FAILURE;
goto err;
}
- to=s;
ret->type=V_ASN1_INTEGER;
if(len) {
if ((*p == 0) && (len != 1))
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 60bc437938cf..e7d04390625b 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
int sgckey)
{
RSA *ret=NULL;
- const unsigned char *p, *kp;
+ const unsigned char *p;
NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
p = *pp;
@@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
goto err;
}
- kp = enckey->enckey->digest->data;
if (cb == NULL)
cb=EVP_read_pw_string;
if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c
index bdb244c015bd..ee5a687ce83a 100644
--- a/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
@@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
STACK_OF(X509_REVOKED) *rev;
X509_REVOKED *r;
long l;
- int i, n;
+ int i;
char *p;
BIO_printf(out, "Certificate Revocation List (CRL):\n");
@@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
else BIO_printf(out,"NONE");
BIO_printf(out,"\n");
- n=X509_CRL_get_ext_count(x);
X509V3_extensions_print(out, "CRL extensions",
x->crl->extensions, 0, 8);
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 48bc1c0d4d09..a228c0d6cd16 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -166,7 +166,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
int i;
int otag;
int ret = 0;
- ASN1_VALUE *pchval, **pchptr, *ptmpval;
+ ASN1_VALUE **pchptr, *ptmpval;
if (!pval)
return 0;
if (aux && aux->asn1_cb)
@@ -317,7 +317,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
goto err;
}
/* CHOICE type, try each possibility in turn */
- pchval = NULL;
p = *in;
for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
{
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index e1186966258a..088d5507480e 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -63,7 +63,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-ASN1_SEQUENCE(X509_CINF) = {
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
@@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = {
ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
-} ASN1_SEQUENCE_END(X509_CINF)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
/* X509 top level structure needs a bit of customisation */
diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index ead477d8a29e..f0d9cfca67cc 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -659,7 +659,14 @@ again:
#ifdef SO_REUSEADDR
err_num=get_last_socket_error();
if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
+#ifdef OPENSSL_SYS_WINDOWS
+ /* Some versions of Windows define EADDRINUSE to
+ * a dummy value.
+ */
+ (err_num == WSAEADDRINUSE))
+#else
(err_num == EADDRINUSE))
+#endif
{
memcpy((char *)&client,(char *)&server,sizeof(server));
if (strcmp(h,"*") == 0)
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
index c72a23c2e1b2..028616c06481 100644
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -125,7 +125,6 @@ static int nbiof_free(BIO *a)
static int nbiof_read(BIO *b, char *out, int outl)
{
- NBIO_TEST *nt;
int ret=0;
#if 1
int num;
@@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, int outl)
if (out == NULL) return(0);
if (b->next_bio == NULL) return(0);
- nt=(NBIO_TEST *)b->ptr;
BIO_clear_retry_flags(b);
#if 1
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 3f52ae953c29..371cdf52cb06 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method)
int BIO_free(BIO *a)
{
- int ret=0,i;
+ int i;
if (a == NULL) return(0);
@@ -133,7 +133,7 @@ int BIO_free(BIO *a)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
- ret=a->method->destroy(a);
+ a->method->destroy(a);
OPENSSL_free(a);
return(1);
}
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index d090b7272fb6..e7fb892eaa2b 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char *in, int inl)
static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
{
- BIO *dbio;
int *ip;
long ret=1;
BIO_ACCEPT *data;
@@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=(long)data->bind_mode;
break;
case BIO_CTRL_DUP:
- dbio=(BIO *)ptr;
-/* if (data->param_port) EAY EAY
+/* dbio=(BIO *)ptr;
+ if (data->param_port) EAY EAY
BIO_set_port(dbio,data->param_port);
if (data->param_hostname)
BIO_set_hostname(dbio,data->param_hostname);
diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
index 30c3ceab468c..3df31938c185 100644
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -172,15 +172,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
switch (cmd)
{
- case BIO_CTRL_RESET:
- num=0;
- case BIO_C_FILE_SEEK:
- ret=0;
- break;
- case BIO_C_FILE_TELL:
- case BIO_CTRL_INFO:
- ret=0;
- break;
case BIO_C_SET_FD:
sock_free(b);
b->num= *((int *)ptr);
@@ -203,10 +194,6 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_SET_CLOSE:
b->shutdown=(int)num;
break;
- case BIO_CTRL_PENDING:
- case BIO_CTRL_WPENDING:
- ret=0;
- break;
case BIO_CTRL_DUP:
case BIO_CTRL_FLUSH:
ret=1;
diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c
index b3f43cec8c1c..bd0c34b91bc6 100644
--- a/crypto/bn/bn_exp2.c
+++ b/crypto/bn/bn_exp2.c
@@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
r_is_one = 0;
}
}
- BN_from_montgomery(rr,r,mont,ctx);
+ if (!BN_from_montgomery(rr,r,mont,ctx))
+ goto err;
ret=1;
err:
if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
index a0e9ec3b4694..12e5be80eb2b 100644
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
int tna, int tnb, BN_ULONG *t)
{
int i,j,n2=n*2;
- int c1,c2,neg,zero;
+ int c1,c2,neg;
BN_ULONG ln,lo,*p;
# ifdef BN_COUNT
@@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
/* r=(a[0]-a[1])*(b[1]-b[0]) */
c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
- zero=neg=0;
+ neg=0;
switch (c1*3+c2)
{
case -4:
@@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
break;
case -3:
- zero=1;
/* break; */
case -2:
bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
@@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
case -1:
case 0:
case 1:
- zero=1;
/* break; */
case 2:
bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
@@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
neg=1;
break;
case 3:
- zero=1;
/* break; */
case 4:
bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
@@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
if (i >= -1 && i <= 1)
{
- int sav_j =0;
/* Find out the power of two lower or equal
to the longest of the two numbers */
if (i >= 0)
@@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
{
j = BN_num_bits_word((BN_ULONG)bl);
}
- sav_j = j;
j = 1<<(j-1);
assert(j <= al || j <= bl);
k = j+j;
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index 766492186183..b253d54b5701 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -130,8 +130,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
ASN1_SEQUENCE(CMS_OriginatorInfo) = {
- ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
- ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1)
+ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index d8bce8732a2d..3c58936d9928 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -213,13 +213,14 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
int bufnum=0,i,ii;
BUF_MEM *buff=NULL;
char *s,*p,*end;
- int again,n;
+ int again;
long eline=0;
char btmp[DECIMAL_SIZE(eline)+1];
CONF_VALUE *v=NULL,*tv;
CONF_VALUE *sv=NULL;
char *section=NULL,*buf;
- STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
+/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/
+/* STACK_OF(CONF_VALUE) *ts=NULL;*/
char *start,*psection,*pname;
void *h = (void *)(conf->data);
@@ -250,7 +251,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
- section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
bufnum=0;
again=0;
@@ -309,7 +310,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
buf=buff->data;
clear_comments(conf, buf);
- n=strlen(buf);
s=eat_ws(conf, buf);
if (IS_EOF(conf,*s)) continue; /* blank line */
if (*s == '[')
@@ -343,7 +343,7 @@ again:
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
- section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
continue;
}
else
@@ -406,12 +406,12 @@ again:
CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
goto err;
}
- ts=(STACK_OF(CONF_VALUE) *)tv->value;
+/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/
}
else
{
tv=sv;
- ts=section_sk;
+/* ts=section_sk;*/
}
#if 1
if (_CONF_add_string(conf, tv, v) == 0)
@@ -465,9 +465,6 @@ err:
static void clear_comments(CONF *conf, char *p)
{
- char *to;
-
- to=p;
for (;;)
{
if (IS_FCOMMENT(conf,*p))
diff --git a/crypto/des/rpc_des.h b/crypto/des/rpc_des.h
index 4cbb4d2dcdea..41328d79658d 100644
--- a/crypto/des/rpc_des.h
+++ b/crypto/des/rpc_des.h
@@ -122,10 +122,10 @@ struct desparams {
/*
* Encrypt an arbitrary sized buffer
*/
-#define DESIOCBLOCK _IOWR(d, 6, struct desparams)
+#define DESIOCBLOCK _IOWR('d', 6, struct desparams)
/*
* Encrypt of small amount of data, quickly
*/
-#define DESIOCQUICK _IOWR(d, 7, struct desparams)
+#define DESIOCQUICK _IOWR('d', 7, struct desparams)
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 6f1728e3cf00..7a9d1881cc48 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -110,7 +110,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
BIGNUM *r0,*W,*X,*c,*test;
BIGNUM *g=NULL,*q=NULL,*p=NULL;
BN_MONT_CTX *mont=NULL;
- int k,n=0,i,b,m=0;
+ int k,n=0,i,m=0;
int counter=0;
int r=0;
BN_CTX *ctx=NULL;
@@ -211,7 +211,6 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
/* "offset = 2" */
n=(bits-1)/160;
- b=(bits-1)-n*160;
for (;;)
{
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 412cf1d88b69..172776080669 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -178,7 +178,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
if (BN_cmp(s,dsa->q) > 0)
- BN_sub(s,s,dsa->q);
+ if (!BN_sub(s,s,dsa->q))
+ goto err;
if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
ret=DSA_SIG_new();
diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
index ff368fd7d7b3..7dca5e4bcd43 100644
--- a/crypto/ec/ec2_mult.c
+++ b/crypto/ec/ec2_mult.c
@@ -318,6 +318,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
int ret = 0;
size_t i;
EC_POINT *p=NULL;
+ EC_POINT *acc = NULL;
if (ctx == NULL)
{
@@ -337,15 +338,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
}
if ((p = EC_POINT_new(group)) == NULL) goto err;
+ if ((acc = EC_POINT_new(group)) == NULL) goto err;
- if (!EC_POINT_set_to_infinity(group, r)) goto err;
+ if (!EC_POINT_set_to_infinity(group, acc)) goto err;
if (scalar)
{
if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
- if (BN_is_negative(scalar))
+ if (BN_is_negative(scalar))
if (!group->meth->invert(group, p, ctx)) goto err;
- if (!group->meth->add(group, r, r, p, ctx)) goto err;
+ if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
}
for (i = 0; i < num; i++)
@@ -353,13 +355,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
if (BN_is_negative(scalars[i]))
if (!group->meth->invert(group, p, ctx)) goto err;
- if (!group->meth->add(group, r, r, p, ctx)) goto err;
+ if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
}
+ if (!EC_POINT_copy(r, acc)) goto err;
+
ret = 1;
err:
if (p) EC_POINT_free(p);
+ if (acc) EC_POINT_free(acc);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
return ret;
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 2ba173ef3642..ee422697267e 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -169,11 +169,13 @@ static void ec_pre_comp_clear_free(void *pre_)
EC_POINT **p;
for (p = pre->points; *p != NULL; p++)
+ {
EC_POINT_clear_free(*p);
- OPENSSL_cleanse(pre->points, sizeof pre->points);
+ OPENSSL_cleanse(p, sizeof *p);
+ }
OPENSSL_free(pre->points);
}
- OPENSSL_cleanse(pre, sizeof pre);
+ OPENSSL_cleanse(pre, sizeof *pre);
OPENSSL_free(pre);
}
diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
index e89b1d477287..bf2223477852 100644
--- a/crypto/ecdh/ech_lib.c
+++ b/crypto/ecdh/ech_lib.c
@@ -96,7 +96,6 @@ const ECDH_METHOD *ECDH_get_default_method(void)
int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
{
- const ECDH_METHOD *mtmp;
ECDH_DATA *ecdh;
ecdh = ecdh_check(eckey);
@@ -104,11 +103,6 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
if (ecdh == NULL)
return 0;
- mtmp = ecdh->meth;
-#if 0
- if (mtmp->finish)
- mtmp->finish(eckey);
-#endif
#ifndef OPENSSL_NO_ENGINE
if (ecdh->engine)
{
diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c
index 85e8a3a7ed9b..2ebae3aa27d7 100644
--- a/crypto/ecdsa/ecs_lib.c
+++ b/crypto/ecdsa/ecs_lib.c
@@ -83,7 +83,6 @@ const ECDSA_METHOD *ECDSA_get_default_method(void)
int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
{
- const ECDSA_METHOD *mtmp;
ECDSA_DATA *ecdsa;
ecdsa = ecdsa_check(eckey);
@@ -91,7 +90,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
if (ecdsa == NULL)
return 0;
- mtmp = ecdsa->meth;
#ifndef OPENSSL_NO_ENGINE
if (ecdsa->engine)
{
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index bd511944bafd..fa2ab9732ae6 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -412,6 +412,7 @@ ENGINE *ENGINE_by_id(const char *id)
return iterator;
}
notfound:
+ ENGINE_free(iterator);
ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
ERR_add_error_data(2, "id=", id);
return NULL;
diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c
index 4cdf342fa634..1e46f93ecf81 100644
--- a/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
@@ -79,14 +79,20 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
ERR_error_string_n(l, buf, sizeof buf);
BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
file, line, (flags & ERR_TXT_STRING) ? data : "");
- cb(buf2, strlen(buf2), u);
+ if (cb(buf2, strlen(buf2), u) <= 0)
+ break; /* abort outputting the error report */
}
}
#ifndef OPENSSL_NO_FP_API
static int print_fp(const char *str, size_t len, void *fp)
{
- return fwrite(str, 1, len, fp);
+ BIO bio;
+
+ BIO_set(&bio,BIO_s_file());
+ BIO_set_fp(&bio,fp,BIO_NOCLOSE);
+
+ return BIO_printf(&bio, "%s", str);
}
void ERR_print_errors_fp(FILE *fp)
{
diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
index fa5cbc7eb1ff..72a2a67277a3 100644
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
@@ -64,7 +64,7 @@
static int b64_write(BIO *h, const char *buf, int num);
static int b64_read(BIO *h, char *buf, int size);
-/*static int b64_puts(BIO *h, const char *str); */
+static int b64_puts(BIO *h, const char *str);
/*static int b64_gets(BIO *h, char *str, int size); */
static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int b64_new(BIO *h);
@@ -96,7 +96,7 @@ static BIO_METHOD methods_b64=
BIO_TYPE_BASE64,"base64 encoding",
b64_write,
b64_read,
- NULL, /* b64_puts, */
+ b64_puts,
NULL, /* b64_gets, */
b64_ctrl,
b64_new,
@@ -127,6 +127,7 @@ static int b64_new(BIO *bi)
bi->init=1;
bi->ptr=(char *)ctx;
bi->flags=0;
+ bi->num = 0;
return(1);
}
@@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl)
if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+ BIO_clear_retry_flags(b);
+
if (ctx->encode != B64_DECODE)
{
ctx->encode=B64_DECODE;
@@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl)
/* First check if there are bytes decoded/encoded */
if (ctx->buf_len > 0)
{
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
i=ctx->buf_len-ctx->buf_off;
if (i > outl) i=outl;
OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
@@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl)
ret_code=0;
while (outl > 0)
{
-
if (ctx->cont <= 0)
break;
@@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl)
{
ret_code=i;
- /* Should be continue next time we are called? */
+ /* Should we continue next time we are called? */
if (!BIO_should_retry(b->next_bio))
{
ctx->cont=i;
@@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl)
continue;
}
else
+ {
ctx->tmp_len=0;
}
- /* If buffer isn't full and we can retry then
- * restart to read in more data.
- */
+ }
else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
+ {
+ /* If buffer isn't full and we can retry then
+ * restart to read in more data.
+ */
continue;
+ }
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
{
int z,jj;
+#if 0
jj=(i>>2)<<2;
+#else
+ jj = i & ~3; /* process per 4 */
+#endif
z=EVP_DecodeBlock((unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp,jj);
if (jj > 2)
@@ -313,18 +324,15 @@ static int b64_read(BIO *b, char *out, int outl)
* number consumed */
if (jj != i)
{
- memcpy((unsigned char *)ctx->tmp,
- (unsigned char *)&(ctx->tmp[jj]),i-jj);
+ memmove(ctx->tmp, &ctx->tmp[jj], i-jj);
ctx->tmp_len=i-jj;
}
ctx->buf_len=0;
if (z > 0)
{
ctx->buf_len=z;
- i=1;
}
- else
- i=z;
+ i=z;
}
else
{
@@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl)
outl-=i;
out+=i;
}
- BIO_clear_retry_flags(b);
+ /* BIO_clear_retry_flags(b); */
BIO_copy_next_retry(b);
return((ret == 0)?ret_code:ret);
}
static int b64_write(BIO *b, const char *in, int inl)
{
- int ret=inl,n,i;
+ int ret=0;
+ int n;
+ int i;
BIO_B64_CTX *ctx;
ctx=(BIO_B64_CTX *)b->ptr;
@@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl)
EVP_EncodeInit(&(ctx->base64));
}
+ OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
n=ctx->buf_len-ctx->buf_off;
while (n > 0)
{
@@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl)
BIO_copy_next_retry(b);
return(i);
}
+ OPENSSL_assert(i <= n);
ctx->buf_off+=i;
+ OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
n-=i;
}
/* at this point all pending data has been written */
@@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl)
{
if (ctx->tmp_len > 0)
{
+ OPENSSL_assert(ctx->tmp_len <= 3);
n=3-ctx->tmp_len;
- /* There's a teoretical possibility for this */
+ /* There's a theoretical possibility for this */
if (n > inl)
n=inl;
memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
ctx->tmp_len+=n;
+ ret += n;
if (ctx->tmp_len < 3)
break;
- ctx->buf_len=EVP_EncodeBlock(
- (unsigned char *)ctx->buf,
- (unsigned char *)ctx->tmp,
- ctx->tmp_len);
+ ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len);
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
/* Since we're now done using the temporary
buffer, the length should be 0'd */
ctx->tmp_len=0;
@@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl)
{
if (n < 3)
{
- memcpy(&(ctx->tmp[0]),in,n);
+ memcpy(ctx->tmp,in,n);
ctx->tmp_len=n;
+ ret += n;
break;
}
n-=n%3;
- ctx->buf_len=EVP_EncodeBlock(
- (unsigned char *)ctx->buf,
- (unsigned char *)in,n);
+ ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n);
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ ret += n;
}
}
else
@@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl)
EVP_EncodeUpdate(&(ctx->base64),
(unsigned char *)ctx->buf,&ctx->buf_len,
(unsigned char *)in,n);
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ ret += n;
}
inl-=n;
in+=n;
@@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl)
BIO_copy_next_retry(b);
return((ret == 0)?i:ret);
}
+ OPENSSL_assert(i <= n);
n-=i;
ctx->buf_off+=i;
+ OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
}
ctx->buf_len=0;
ctx->buf_off=0;
@@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_WPENDING: /* More to write in buffer */
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret=ctx->buf_len-ctx->buf_off;
if ((ret == 0) && (ctx->encode != B64_NONE)
&& (ctx->base64.num != 0))
@@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
break;
case BIO_CTRL_PENDING: /* More to read in buffer */
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
ret=ctx->buf_len-ctx->buf_off;
if (ret <= 0)
ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
return(ret);
}
+static int b64_puts(BIO *b, const char *str)
+ {
+ return b64_write(b,str,strlen(str));
+ }
diff --git a/crypto/evp/enc_min.c b/crypto/evp/enc_min.c
index 7fba38ee2462..a8c176fb3e98 100644
--- a/crypto/evp/enc_min.c
+++ b/crypto/evp/enc_min.c
@@ -279,6 +279,7 @@ skip_to_init:
case EVP_CIPH_OFB_MODE:
ctx->num = 0;
+ /* fall-through */
case EVP_CIPH_CBC_MODE:
diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 5921f0d710d8..e8a521814a5c 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
+ int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl;
unsigned char *d;
n=ctx->num;
@@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
* lines. We process the line and then need to
* accept the '\n' */
if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
- tmp2=v;
if (n > 0)
{
v=EVP_DecodeBlock(out,d,n);
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 5e830be65fff..766ea42b5aac 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -116,17 +116,50 @@ static int pbe_cmp(const char * const *a, const char * const *b)
int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
EVP_PBE_KEYGEN *keygen)
{
- EVP_PBE_CTL *pbe_tmp;
- if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
- if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
- EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- pbe_tmp->pbe_nid = nid;
+ EVP_PBE_CTL *pbe_tmp = NULL, pbelu;
+ int i;
+ if (!pbe_algs)
+ {
+ pbe_algs = sk_new(pbe_cmp);
+ if (!pbe_algs)
+ {
+ EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ else
+ {
+ /* Check if already present */
+ pbelu.pbe_nid = nid;
+ i = sk_find(pbe_algs, (char *)&pbelu);
+ if (i >= 0)
+ {
+ pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i);
+ /* If everything identical leave alone */
+ if (pbe_tmp->cipher == cipher
+ && pbe_tmp->md == md
+ && pbe_tmp->keygen == keygen)
+ return 1;
+ }
+ }
+
+ if (!pbe_tmp)
+ {
+ pbe_tmp = OPENSSL_malloc (sizeof(EVP_PBE_CTL));
+ if (!pbe_tmp)
+ {
+ EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /* If adding a new PBE, set nid, append and sort */
+ pbe_tmp->pbe_nid = nid;
+ sk_push (pbe_algs, (char *)pbe_tmp);
+ sk_sort(pbe_algs);
+ }
+
pbe_tmp->cipher = cipher;
pbe_tmp->md = md;
pbe_tmp->keygen = keygen;
- sk_push (pbe_algs, (char *)pbe_tmp);
return 1;
}
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index cbc1c76a57b3..6899be63d4fb 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -130,12 +130,9 @@ void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
{
- int j;
unsigned int i;
unsigned char buf[EVP_MAX_MD_SIZE];
- j=EVP_MD_block_size(ctx->md);
-
EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
EVP_DigestUpdate(&ctx->md_ctx,buf,i);
diff --git a/crypto/md32_common.h b/crypto/md32_common.h
index 606aea6b9da2..e0deb78015a5 100644
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@@ -242,7 +242,7 @@
# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
# if defined(__s390x__)
# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \
- :"=d"(l) :"m"(*(const unsigned int *)(c));\
+ :"=d"(l) :"m"(*(const unsigned int *)(c)));\
(c)+=4; (l); })
# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \
:"=m"(*(unsigned int *)(c)) :"d"(l));\
diff --git a/crypto/o_init.c b/crypto/o_init.c
index 2a5f5aac76c0..d767a90a5f43 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -58,11 +58,16 @@
#include <e_os.h>
#include <openssl/err.h>
+
/* Internal only functions: only ever used here */
+#ifdef OPENSSL_FIPS
extern void int_ERR_lib_init(void);
+# ifndef OPENSSL_NO_ENGINE
extern void int_EVP_MD_init_engine_callbacks(void );
extern void int_EVP_CIPHER_init_engine_callbacks(void );
extern void int_RAND_init_engine_callbacks(void );
+# endif
+#endif
/* Perform any essential OpenSSL initialization operations.
* Currently only sets FIPS callbacks
diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
index 6abb30b2c076..92aba08c8fbd 100644
--- a/crypto/ocsp/ocsp_ht.c
+++ b/crypto/ocsp/ocsp_ht.c
@@ -371,11 +371,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
case OHS_ASN1_HEADER:
- /* Now reading ASN1 header: can read at least 6 bytes which
- * is more than enough for any valid ASN1 SEQUENCE header
+ /* Now reading ASN1 header: can read at least 2 bytes which
+ * is enough for ASN1 SEQUENCE header and either length field
+ * or at least the length of the length field.
*/
n = BIO_get_mem_data(rctx->mem, &p);
- if (n < 6)
+ if (n < 2)
goto next_io;
/* Check it is an ASN1 SEQUENCE */
@@ -388,6 +389,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
/* Check out length field */
if (*p & 0x80)
{
+ /* If MSB set on initial length octet we can now
+ * always read 6 octets: make sure we have them.
+ */
+ if (n < 6)
+ goto next_io;
n = *p & 0x7F;
/* Not NDEF or excessive length */
if (!n || (n > 4))
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index 90dd1aa38ed4..b8b7871d0a8c 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
{
int i, ret = 0;
long l;
- unsigned char *p;
OCSP_CERTID *cid = NULL;
OCSP_BASICRESP *br = NULL;
OCSP_RESPID *rid = NULL;
@@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
return 1;
}
- p = ASN1_STRING_data(rb->response);
i = ASN1_STRING_length(rb->response);
if (!(br = OCSP_response_get1_basic(o))) goto err;
rd = br->tbsResponseData;
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 9f3981c3d3a5..a560e201438b 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x009080efL
+#define OPENSSL_VERSION_NUMBER 0x0090810f
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8n-fips 24 Mar 2010"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8p-fips 16 Nov 2010"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8n 24 Mar 2010"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8p 16 Nov 2010"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index cbafefe416e1..22bb791bcee4 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -434,7 +434,6 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
{
- int o;
const EVP_CIPHER *enc=NULL;
char *p,c;
char **header_pp = &header;
@@ -474,7 +473,6 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
header++;
}
*header='\0';
- o=OBJ_sn2nid(p);
cipher->cipher=enc=EVP_get_cipherbyname(p);
*header=c;
header++;
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index 5cfe7278df75..03cbcd8ab3ec 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -110,6 +110,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
unsigned char *B, *D, *I, *p, *Ai;
int Slen, Plen, Ilen, Ijlen;
int i, j, u, v;
+ int ret = 0;
BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
EVP_MD_CTX ctx;
#ifdef DEBUG_KEYGEN
@@ -145,10 +146,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
I = OPENSSL_malloc (Ilen);
Ij = BN_new();
Bpl1 = BN_new();
- if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
- return 0;
- }
+ if (!D || !Ai || !B || !I || !Ij || !Bpl1)
+ goto err;
for (i = 0; i < v; i++) D[i] = id;
p = I;
for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
@@ -165,28 +164,22 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
}
memcpy (out, Ai, min (n, u));
if (u >= n) {
- OPENSSL_free (Ai);
- OPENSSL_free (B);
- OPENSSL_free (D);
- OPENSSL_free (I);
- BN_free (Ij);
- BN_free (Bpl1);
- EVP_MD_CTX_cleanup(&ctx);
#ifdef DEBUG_KEYGEN
fprintf(stderr, "Output KEY (length %d)\n", tmpn);
h__dump(tmpout, tmpn);
#endif
- return 1;
+ ret = 1;
+ goto end;
}
n -= u;
out += u;
for (j = 0; j < v; j++) B[j] = Ai[j % u];
/* Work out B + 1 first then can use B as tmp space */
- BN_bin2bn (B, v, Bpl1);
- BN_add_word (Bpl1, 1);
+ if (!BN_bin2bn (B, v, Bpl1)) goto err;
+ if (!BN_add_word (Bpl1, 1)) goto err;
for (j = 0; j < Ilen ; j+=v) {
- BN_bin2bn (I + j, v, Ij);
- BN_add (Ij, Ij, Bpl1);
+ if (!BN_bin2bn (I + j, v, Ij)) goto err;
+ if (!BN_add (Ij, Ij, Bpl1)) goto err;
BN_bn2bin (Ij, B);
Ijlen = BN_num_bytes (Ij);
/* If more than 2^(v*8) - 1 cut off MSB */
@@ -202,6 +195,19 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
} else BN_bn2bin (Ij, I + j);
}
}
+
+err:
+ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
+
+end:
+ OPENSSL_free (Ai);
+ OPENSSL_free (B);
+ OPENSSL_free (D);
+ OPENSSL_free (I);
+ BN_free (Ij);
+ BN_free (Bpl1);
+ EVP_MD_CTX_cleanup(&ctx);
+ return ret;
}
#ifdef DEBUG_KEYGEN
void h__dump (unsigned char *p, int len)
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index 47e5e9c3775d..2f71355150e1 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -120,8 +120,13 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
bags = PKCS12_unpack_p7data(p7);
} else if (bagnid == NID_pkcs7_encrypted) {
bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
- alg_get(p7->d.encrypted->enc_data->algorithm,
- &pbe_nid, &pbe_iter, &pbe_saltlen);
+ if (!alg_get(p7->d.encrypted->enc_data->algorithm,
+ &pbe_nid, &pbe_iter, &pbe_saltlen))
+ {
+ sk_PKCS12_SAFEBAG_pop_free(bags,
+ PKCS12_SAFEBAG_free);
+ bags = NULL;
+ }
} else continue;
if (!bags) {
sk_PKCS7_pop_free(asafes, PKCS7_free);
@@ -193,7 +198,9 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
- alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
+ if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
+ &p8_saltlen))
+ return 0;
if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
p8_iter, p8))) return 0;
X509_SIG_free(bag->value.shkeybag);
@@ -208,9 +215,11 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
p = alg->parameter->value.sequence->data;
pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+ if (!pbe)
+ return 0;
*pnid = OBJ_obj2nid(alg->algorithm);
*piter = ASN1_INTEGER_get(pbe->iter);
*psaltlen = pbe->salt->length;
PBEPARAM_free(pbe);
- return 0;
+ return 1;
}
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index a03d7ebedf19..c8f1eb1b4589 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -342,7 +342,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
X509_ALGOR *enc_alg=NULL;
STACK_OF(X509_ALGOR) *md_sk=NULL;
STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
- X509_ALGOR *xalg=NULL;
PKCS7_RECIP_INFO *ri=NULL;
i=OBJ_obj2nid(p7->type);
@@ -365,7 +364,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
goto err;
}
- xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
break;
case NID_pkcs7_enveloped:
rsk=p7->d.enveloped->recipientinfo;
@@ -377,7 +375,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
goto err;
}
- xalg=p7->d.enveloped->enc_data->algorithm;
break;
default:
PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index f2490941a34d..898cddad0797 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -558,7 +558,6 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
{
int i;
- ASN1_OBJECT *objtmp;
PKCS7_ENC_CONTENT *ec;
i=OBJ_obj2nid(p7->type);
@@ -581,7 +580,6 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
return(0);
}
- objtmp = OBJ_nid2obj(i);
ec->cipher = cipher;
return 1;
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
index 7762d647ca70..831b47d230b7 100644
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -73,7 +73,6 @@ static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
{
PKCS7 *p7 = (PKCS7 *)val;
BIO *tmpbio, *p7bio;
- int r = 0;
if (!(flags & SMIME_DETACHED))
{
@@ -95,8 +94,6 @@ static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
if (PKCS7_dataFinal(p7, p7bio) <= 0)
goto err;
- r = 1;
-
err:
/* Now remove any digests prepended to the BIO */
diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c
index 6c89f06fb105..8ebba8a8564d 100644
--- a/crypto/pqueue/pqueue.c
+++ b/crypto/pqueue/pqueue.c
@@ -166,14 +166,13 @@ pqueue_pop(pqueue_s *pq)
pitem *
pqueue_find(pqueue_s *pq, PQ_64BIT priority)
{
- pitem *next, *prev = NULL;
+ pitem *next;
pitem *found = NULL;
if ( pq->items == NULL)
return NULL;
- for ( next = pq->items; next->next != NULL;
- prev = next, next = next->next)
+ for ( next = pq->items; next->next != NULL; next = next->next)
{
if ( pq_64bit_eq(&(next->priority), &priority))
{
@@ -189,13 +188,6 @@ pqueue_find(pqueue_s *pq, PQ_64BIT priority)
if ( ! found)
return NULL;
-#if 0 /* find works in peek mode */
- if ( prev == NULL)
- pq->items = next->next;
- else
- prev->next = next->next;
-#endif
-
return found;
}
diff --git a/crypto/rand/rand_nw.c b/crypto/rand/rand_nw.c
index f177ffbe82b0..8d5b8d2e3217 100644
--- a/crypto/rand/rand_nw.c
+++ b/crypto/rand/rand_nw.c
@@ -160,8 +160,8 @@ int RAND_poll(void)
rdtsc
mov tsc, eax
}
-#else
- asm volatile("rdtsc":"=A" (tsc));
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+ asm volatile("rdtsc":"=a"(tsc)::"edx");
#endif
RAND_add(&tsc, sizeof(tsc), 1);
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 84276d7d4602..181056847e14 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -265,8 +265,8 @@ err:
const char *RAND_file_name(char *buf, size_t size)
{
char *s=NULL;
- int ok = 0;
#ifdef __OpenBSD__
+ int ok = 0;
struct stat sb;
#endif
@@ -294,7 +294,9 @@ const char *RAND_file_name(char *buf, size_t size)
BUF_strlcat(buf,"/",size);
#endif
BUF_strlcat(buf,RFILE,size);
+#ifdef __OpenBSD__
ok = 1;
+#endif
}
else
buf[0] = '\0'; /* no file name */
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 0ac641844937..412d0eacf73a 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -673,7 +673,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
rsa->_method_mod_n)) goto err;
if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
- BN_sub(ret, rsa->n, ret);
+ if (!BN_sub(ret, rsa->n, ret)) goto err;
p=buf;
i=BN_bn2bin(ret,p);
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 8958e34e9c9e..c34689a1b389 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -256,6 +256,7 @@ typedef struct x509_cinf_st
ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
+ ASN1_ENCODING enc;
} X509_CINF;
/* This stuff is certificate "auxiliary info"
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index b85456e65bc6..aeb6337688d4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -97,7 +97,6 @@ static int x509_subject_cmp(X509 **a, X509 **b)
int X509_verify_cert(X509_STORE_CTX *ctx)
{
X509 *x,*xtmp,*chain_ss=NULL;
- X509_NAME *xn;
int bad_chain = 0;
X509_VERIFY_PARAM *param = ctx->param;
int depth,i,ok=0;
@@ -149,7 +148,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
*/
/* If we are self signed, we break */
- xn=X509_get_issuer_name(x);
if (ctx->check_issued(ctx, x,x)) break;
/* If we were passed a cert chain, use it first */
@@ -186,7 +184,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
i=sk_X509_num(ctx->chain);
x=sk_X509_value(ctx->chain,i-1);
- xn = X509_get_subject_name(x);
if (ctx->check_issued(ctx, x, x))
{
/* we have a self signed certificate */
@@ -235,7 +232,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (depth < num) break;
/* If we are self signed, we break */
- xn=X509_get_issuer_name(x);
if (ctx->check_issued(ctx,x,x)) break;
ok = ctx->get_issuer(&xtmp, ctx, x);
@@ -254,7 +250,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
}
/* we now have our chain, lets check it... */
- xn=X509_get_issuer_name(x);
/* Is last certificate looked up self signed? */
if (!ctx->check_issued(ctx,x,x))
@@ -1380,7 +1375,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
if (store)
ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
else
- ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
+ ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
if (store)
{
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 9039caad60de..c7b07f7c9d58 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -97,6 +97,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
{
+ x->cert_info->enc.modified = 1;
return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
x->sig_alg, x->signature, x->cert_info,pkey,md));
}
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 4e706be3e1c6..624fe7e23bf4 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -182,7 +182,6 @@ static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
print_nc_ipadd(bp, tree->base->d.ip);
else
GENERAL_NAME_print(bp, tree->base);
- tree = sk_GENERAL_SUBTREE_value(trees, i);
BIO_puts(bp, "\n");
}
return 1;
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 601211f41691..823e9afcd296 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -128,7 +128,12 @@ static int process_pci_value(CONF_VALUE *val,
unsigned char *tmp_data2 =
string_to_hex(val->value + 4, &val_len);
- if (!tmp_data2) goto err;
+ if (!tmp_data2)
+ {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
+ X509V3_conf_err(val);
+ goto err;
+ }
tmp_data = OPENSSL_realloc((*policy)->data,
(*policy)->length + val_len + 1);
@@ -140,6 +145,17 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += val_len;
(*policy)->data[(*policy)->length] = '\0';
}
+ else
+ {
+ OPENSSL_free(tmp_data2);
+ /* realloc failure implies the original data space is b0rked too! */
+ (*policy)->data = NULL;
+ (*policy)->length = 0;
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ OPENSSL_free(tmp_data2);
}
else if (strncmp(val->value, "file:", 5) == 0)
{
@@ -169,6 +185,7 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += n;
(*policy)->data[(*policy)->length] = '\0';
}
+ BIO_free_all(b);
if (n < 0)
{
@@ -190,6 +207,15 @@ static int process_pci_value(CONF_VALUE *val,
(*policy)->length += val_len;
(*policy)->data[(*policy)->length] = '\0';
}
+ else
+ {
+ /* realloc failure implies the original data space is b0rked too! */
+ (*policy)->data = NULL;
+ (*policy)->length = 0;
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
+ X509V3_conf_err(val);
+ goto err;
+ }
}
else
{