diff options
| author | beck <> | 2016-03-06 14:52:15 +0000 |
|---|---|---|
| committer | beck <> | 2016-03-06 14:52:15 +0000 |
| commit | ac27fc1411248573f86d3d40315474792670d2fc (patch) | |
| tree | 03a7bc812f759bdf7b191b911ca241601f2a19dd | |
| parent | eedb90ca011716f7307e2faa18bc5acff262c3d3 (diff) | |
| download | openbsd-ac27fc1411248573f86d3d40315474792670d2fc.tar.gz openbsd-ac27fc1411248573f86d3d40315474792670d2fc.tar.bz2 openbsd-ac27fc1411248573f86d3d40315474792670d2fc.zip | |
Make sure stdio functions don't end up in the library, from miod@
ok doug@ bcook@
| -rw-r--r-- | src/lib/libssl/d1_both.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/d1_enc.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_both.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/d1_enc.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_enc.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/ssl/Makefile | 6 | ||||
| -rw-r--r-- | src/lib/libssl/t1_enc.c | 8 |
7 files changed, 39 insertions, 15 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index 448bd76fd0..bce084f1ee 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_both.c,v 1.38 2015/09/11 18:08:21 jsing Exp $ */ | 1 | /* $OpenBSD: d1_both.c,v 1.39 2016/03/06 14:52:15 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -1014,8 +1014,10 @@ int | |||
| 1014 | dtls1_read_failed(SSL *s, int code) | 1014 | dtls1_read_failed(SSL *s, int code) |
| 1015 | { | 1015 | { |
| 1016 | if (code > 0) { | 1016 | if (code > 0) { |
| 1017 | #ifdef DEBUG | ||
| 1017 | fprintf(stderr, "invalid state reached %s:%d", | 1018 | fprintf(stderr, "invalid state reached %s:%d", |
| 1018 | __FILE__, __LINE__); | 1019 | __FILE__, __LINE__); |
| 1020 | #endif | ||
| 1019 | return 1; | 1021 | return 1; |
| 1020 | } | 1022 | } |
| 1021 | 1023 | ||
| @@ -1071,7 +1073,9 @@ dtls1_retransmit_buffered_messages(SSL *s) | |||
| 1071 | (unsigned short)dtls1_get_queue_priority( | 1073 | (unsigned short)dtls1_get_queue_priority( |
| 1072 | frag->msg_header.seq, frag->msg_header.is_ccs), 0, | 1074 | frag->msg_header.seq, frag->msg_header.is_ccs), 0, |
| 1073 | &found) <= 0 && found) { | 1075 | &found) <= 0 && found) { |
| 1076 | #ifdef DEBUG | ||
| 1074 | fprintf(stderr, "dtls1_retransmit_message() failed\n"); | 1077 | fprintf(stderr, "dtls1_retransmit_message() failed\n"); |
| 1078 | #endif | ||
| 1075 | return -1; | 1079 | return -1; |
| 1076 | } | 1080 | } |
| 1077 | } | 1081 | } |
| @@ -1163,7 +1167,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | |||
| 1163 | 1167 | ||
| 1164 | item = pqueue_find(s->d1->sent_messages, seq64be); | 1168 | item = pqueue_find(s->d1->sent_messages, seq64be); |
| 1165 | if (item == NULL) { | 1169 | if (item == NULL) { |
| 1170 | #ifdef DEBUG | ||
| 1166 | fprintf(stderr, "retransmit: message %d non-existant\n", seq); | 1171 | fprintf(stderr, "retransmit: message %d non-existant\n", seq); |
| 1172 | #endif | ||
| 1167 | *found = 0; | 1173 | *found = 0; |
| 1168 | return 0; | 1174 | return 0; |
| 1169 | } | 1175 | } |
diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c index c58e109ae5..8445ceb10f 100644 --- a/src/lib/libssl/d1_enc.c +++ b/src/lib/libssl/d1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_enc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */ | 1 | /* $OpenBSD: d1_enc.c,v 1.11 2016/03/06 14:52:15 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -150,11 +150,13 @@ dtls1_enc(SSL *s, int send) | |||
| 150 | enc = NULL; | 150 | enc = NULL; |
| 151 | else { | 151 | else { |
| 152 | enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | 152 | enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); |
| 153 | if (rec->data != rec->input) | 153 | if (rec->data != rec->input) { |
| 154 | #ifdef DEBUG | ||
| 154 | /* we can't write into the input stream */ | 155 | /* we can't write into the input stream */ |
| 155 | fprintf(stderr, "%s:%d: rec->data != rec->input\n", | 156 | fprintf(stderr, "%s:%d: rec->data != rec->input\n", |
| 156 | __FILE__, __LINE__); | 157 | __FILE__, __LINE__); |
| 157 | else if (EVP_CIPHER_block_size(ds->cipher) > 1) { | 158 | #endif |
| 159 | } else if (EVP_CIPHER_block_size(ds->cipher) > 1) { | ||
| 158 | arc4random_buf(rec->input, | 160 | arc4random_buf(rec->input, |
| 159 | EVP_CIPHER_block_size(ds->cipher)); | 161 | EVP_CIPHER_block_size(ds->cipher)); |
| 160 | } | 162 | } |
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c index 448bd76fd0..bce084f1ee 100644 --- a/src/lib/libssl/src/ssl/d1_both.c +++ b/src/lib/libssl/src/ssl/d1_both.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_both.c,v 1.38 2015/09/11 18:08:21 jsing Exp $ */ | 1 | /* $OpenBSD: d1_both.c,v 1.39 2016/03/06 14:52:15 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -1014,8 +1014,10 @@ int | |||
| 1014 | dtls1_read_failed(SSL *s, int code) | 1014 | dtls1_read_failed(SSL *s, int code) |
| 1015 | { | 1015 | { |
| 1016 | if (code > 0) { | 1016 | if (code > 0) { |
| 1017 | #ifdef DEBUG | ||
| 1017 | fprintf(stderr, "invalid state reached %s:%d", | 1018 | fprintf(stderr, "invalid state reached %s:%d", |
| 1018 | __FILE__, __LINE__); | 1019 | __FILE__, __LINE__); |
| 1020 | #endif | ||
| 1019 | return 1; | 1021 | return 1; |
| 1020 | } | 1022 | } |
| 1021 | 1023 | ||
| @@ -1071,7 +1073,9 @@ dtls1_retransmit_buffered_messages(SSL *s) | |||
| 1071 | (unsigned short)dtls1_get_queue_priority( | 1073 | (unsigned short)dtls1_get_queue_priority( |
| 1072 | frag->msg_header.seq, frag->msg_header.is_ccs), 0, | 1074 | frag->msg_header.seq, frag->msg_header.is_ccs), 0, |
| 1073 | &found) <= 0 && found) { | 1075 | &found) <= 0 && found) { |
| 1076 | #ifdef DEBUG | ||
| 1074 | fprintf(stderr, "dtls1_retransmit_message() failed\n"); | 1077 | fprintf(stderr, "dtls1_retransmit_message() failed\n"); |
| 1078 | #endif | ||
| 1075 | return -1; | 1079 | return -1; |
| 1076 | } | 1080 | } |
| 1077 | } | 1081 | } |
| @@ -1163,7 +1167,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, | |||
| 1163 | 1167 | ||
| 1164 | item = pqueue_find(s->d1->sent_messages, seq64be); | 1168 | item = pqueue_find(s->d1->sent_messages, seq64be); |
| 1165 | if (item == NULL) { | 1169 | if (item == NULL) { |
| 1170 | #ifdef DEBUG | ||
| 1166 | fprintf(stderr, "retransmit: message %d non-existant\n", seq); | 1171 | fprintf(stderr, "retransmit: message %d non-existant\n", seq); |
| 1172 | #endif | ||
| 1167 | *found = 0; | 1173 | *found = 0; |
| 1168 | return 0; | 1174 | return 0; |
| 1169 | } | 1175 | } |
diff --git a/src/lib/libssl/src/ssl/d1_enc.c b/src/lib/libssl/src/ssl/d1_enc.c index c58e109ae5..8445ceb10f 100644 --- a/src/lib/libssl/src/ssl/d1_enc.c +++ b/src/lib/libssl/src/ssl/d1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_enc.c,v 1.10 2015/07/17 07:04:40 doug Exp $ */ | 1 | /* $OpenBSD: d1_enc.c,v 1.11 2016/03/06 14:52:15 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -150,11 +150,13 @@ dtls1_enc(SSL *s, int send) | |||
| 150 | enc = NULL; | 150 | enc = NULL; |
| 151 | else { | 151 | else { |
| 152 | enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | 152 | enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx); |
| 153 | if (rec->data != rec->input) | 153 | if (rec->data != rec->input) { |
| 154 | #ifdef DEBUG | ||
| 154 | /* we can't write into the input stream */ | 155 | /* we can't write into the input stream */ |
| 155 | fprintf(stderr, "%s:%d: rec->data != rec->input\n", | 156 | fprintf(stderr, "%s:%d: rec->data != rec->input\n", |
| 156 | __FILE__, __LINE__); | 157 | __FILE__, __LINE__); |
| 157 | else if (EVP_CIPHER_block_size(ds->cipher) > 1) { | 158 | #endif |
| 159 | } else if (EVP_CIPHER_block_size(ds->cipher) > 1) { | ||
| 158 | arc4random_buf(rec->input, | 160 | arc4random_buf(rec->input, |
| 159 | EVP_CIPHER_block_size(ds->cipher)); | 161 | EVP_CIPHER_block_size(ds->cipher)); |
| 160 | } | 162 | } |
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c index 1c96abb378..5d95419e7e 100644 --- a/src/lib/libssl/src/ssl/t1_enc.c +++ b/src/lib/libssl/src/ssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.83 2015/09/11 18:08:21 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.84 2016/03/06 14:52:15 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -936,14 +936,16 @@ tls1_enc(SSL *s, int send) | |||
| 936 | EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) | 936 | EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) |
| 937 | ivlen = EVP_CIPHER_iv_length(enc); | 937 | ivlen = EVP_CIPHER_iv_length(enc); |
| 938 | if (ivlen > 1) { | 938 | if (ivlen > 1) { |
| 939 | if (rec->data != rec->input) | 939 | if (rec->data != rec->input) { |
| 940 | #ifdef DEBUG | ||
| 940 | /* we can't write into the input stream: | 941 | /* we can't write into the input stream: |
| 941 | * Can this ever happen?? (steve) | 942 | * Can this ever happen?? (steve) |
| 942 | */ | 943 | */ |
| 943 | fprintf(stderr, | 944 | fprintf(stderr, |
| 944 | "%s:%d: rec->data != rec->input\n", | 945 | "%s:%d: rec->data != rec->input\n", |
| 945 | __FILE__, __LINE__); | 946 | __FILE__, __LINE__); |
| 946 | else | 947 | #endif |
| 948 | } else | ||
| 947 | arc4random_buf(rec->input, ivlen); | 949 | arc4random_buf(rec->input, ivlen); |
| 948 | } | 950 | } |
| 949 | } | 951 | } |
diff --git a/src/lib/libssl/ssl/Makefile b/src/lib/libssl/ssl/Makefile index e7303be03b..1e70f47a3e 100644 --- a/src/lib/libssl/ssl/Makefile +++ b/src/lib/libssl/ssl/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.56 2015/09/11 17:54:23 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.57 2016/03/06 14:52:15 beck Exp $ |
| 2 | 2 | ||
| 3 | LIB= ssl | 3 | LIB= ssl |
| 4 | 4 | ||
| @@ -45,3 +45,7 @@ includes: | |||
| 45 | done; | 45 | done; |
| 46 | 46 | ||
| 47 | .include <bsd.lib.mk> | 47 | .include <bsd.lib.mk> |
| 48 | |||
| 49 | beforeinstall: | ||
| 50 | nm -o lib${LIB}.a | egrep -w 'printf|fprintf' && \ | ||
| 51 | (echo please fix stdio usage in this library; false) || true | ||
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index 1c96abb378..5d95419e7e 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_enc.c,v 1.83 2015/09/11 18:08:21 jsing Exp $ */ | 1 | /* $OpenBSD: t1_enc.c,v 1.84 2016/03/06 14:52:15 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -936,14 +936,16 @@ tls1_enc(SSL *s, int send) | |||
| 936 | EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) | 936 | EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE) |
| 937 | ivlen = EVP_CIPHER_iv_length(enc); | 937 | ivlen = EVP_CIPHER_iv_length(enc); |
| 938 | if (ivlen > 1) { | 938 | if (ivlen > 1) { |
| 939 | if (rec->data != rec->input) | 939 | if (rec->data != rec->input) { |
| 940 | #ifdef DEBUG | ||
| 940 | /* we can't write into the input stream: | 941 | /* we can't write into the input stream: |
| 941 | * Can this ever happen?? (steve) | 942 | * Can this ever happen?? (steve) |
| 942 | */ | 943 | */ |
| 943 | fprintf(stderr, | 944 | fprintf(stderr, |
| 944 | "%s:%d: rec->data != rec->input\n", | 945 | "%s:%d: rec->data != rec->input\n", |
| 945 | __FILE__, __LINE__); | 946 | __FILE__, __LINE__); |
| 946 | else | 947 | #endif |
| 948 | } else | ||
| 947 | arc4random_buf(rec->input, ivlen); | 949 | arc4random_buf(rec->input, ivlen); |
| 948 | } | 950 | } |
| 949 | } | 951 | } |