summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1
diff options
context:
space:
mode:
authormarkus <>2003-05-12 02:18:40 +0000
committermarkus <>2003-05-12 02:18:40 +0000
commitd4fcd82bb7f6d603bd61e19a81ba97337b89dfca (patch)
treed52e3a0f1f08f65ad283027e560e17ed0d720462 /src/lib/libcrypto/asn1
parent582bbd139cd2afd58d10dc051c5b0b989b441074 (diff)
downloadopenbsd-d4fcd82bb7f6d603bd61e19a81ba97337b89dfca.tar.gz
openbsd-d4fcd82bb7f6d603bd61e19a81ba97337b89dfca.tar.bz2
openbsd-d4fcd82bb7f6d603bd61e19a81ba97337b89dfca.zip
merge 0.9.7b with local changes; crank majors for libssl/libcrypto
Diffstat (limited to 'src/lib/libcrypto/asn1')
-rw-r--r--src/lib/libcrypto/asn1/Makefile.ssl19
-rw-r--r--src/lib/libcrypto/asn1/a_bitstr.c4
-rw-r--r--src/lib/libcrypto/asn1/a_bytes.c2
-rw-r--r--src/lib/libcrypto/asn1/a_d2i_fp.c24
-rw-r--r--src/lib/libcrypto/asn1/a_object.c4
-rw-r--r--src/lib/libcrypto/asn1/a_sign.c8
-rw-r--r--src/lib/libcrypto/asn1/a_strex.c14
-rw-r--r--src/lib/libcrypto/asn1/a_strnid.c35
-rw-r--r--src/lib/libcrypto/asn1/a_time.c3
-rw-r--r--src/lib/libcrypto/asn1/a_type.c2
-rw-r--r--src/lib/libcrypto/asn1/a_verify.c4
-rw-r--r--src/lib/libcrypto/asn1/asn1.h5
-rw-r--r--src/lib/libcrypto/asn1/asn1_err.c4
-rw-r--r--src/lib/libcrypto/asn1/asn1_par.c7
-rw-r--r--src/lib/libcrypto/asn1/f_int.c3
-rw-r--r--src/lib/libcrypto/asn1/n_pkey.c6
-rw-r--r--src/lib/libcrypto/asn1/p8_pkey.c4
-rw-r--r--src/lib/libcrypto/asn1/t_crl.c7
-rw-r--r--src/lib/libcrypto/asn1/t_pkey.c32
-rw-r--r--src/lib/libcrypto/asn1/t_req.c19
-rw-r--r--src/lib/libcrypto/asn1/t_x509.c9
-rw-r--r--src/lib/libcrypto/asn1/t_x509a.c4
-rw-r--r--src/lib/libcrypto/asn1/tasn_dec.c4
-rw-r--r--src/lib/libcrypto/asn1/tasn_fre.c5
-rw-r--r--src/lib/libcrypto/asn1/tasn_new.c5
-rw-r--r--src/lib/libcrypto/asn1/tasn_prn.c2
26 files changed, 141 insertions, 94 deletions
diff --git a/src/lib/libcrypto/asn1/Makefile.ssl b/src/lib/libcrypto/asn1/Makefile.ssl
index b5a186c904..cb45194d48 100644
--- a/src/lib/libcrypto/asn1/Makefile.ssl
+++ b/src/lib/libcrypto/asn1/Makefile.ssl
@@ -98,7 +98,7 @@ lint:
98 lint -DLINT $(INCLUDES) $(SRC)>fluff 98 lint -DLINT $(INCLUDES) $(SRC)>fluff
99 99
100depend: 100depend:
101 $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) 101 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
102 102
103dclean: 103dclean:
104 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new 104 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -286,13 +286,14 @@ a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
286a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h 286a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
287a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 287a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
288a_sign.o: ../cryptlib.h a_sign.c 288a_sign.o: ../cryptlib.h a_sign.c
289a_strex.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h 289a_strex.o: ../../e_os.h ../../include/openssl/aes.h
290a_strex.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h 290a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
291a_strex.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h 291a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
292a_strex.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h 292a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
293a_strex.o: ../../include/openssl/des.h ../../include/openssl/des_old.h 293a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
294a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 294a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
295a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h 295a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
296a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h
296a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h 297a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
297a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h 298a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
298a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h 299a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
@@ -305,7 +306,7 @@ a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
305a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h 306a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
306a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h 307a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
307a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h 308a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
308a_strex.o: ../../include/openssl/x509_vfy.h a_strex.c charmap.h 309a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
309a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h 310a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
310a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 311a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
311a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 312a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c
index e0265f69d2..f4ea96cd54 100644
--- a/src/lib/libcrypto/asn1/a_bitstr.c
+++ b/src/lib/libcrypto/asn1/a_bitstr.c
@@ -191,7 +191,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
191 if (a->data == NULL) 191 if (a->data == NULL)
192 c=(unsigned char *)OPENSSL_malloc(w+1); 192 c=(unsigned char *)OPENSSL_malloc(w+1);
193 else 193 else
194 c=(unsigned char *)OPENSSL_realloc(a->data,w+1); 194 c=(unsigned char *)OPENSSL_realloc_clean(a->data,
195 a->length,
196 w+1);
195 if (c == NULL) return(0); 197 if (c == NULL) return(0);
196 if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); 198 if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
197 a->data=c; 199 a->data=c;
diff --git a/src/lib/libcrypto/asn1/a_bytes.c b/src/lib/libcrypto/asn1/a_bytes.c
index bb88660f58..afd27b80e1 100644
--- a/src/lib/libcrypto/asn1/a_bytes.c
+++ b/src/lib/libcrypto/asn1/a_bytes.c
@@ -285,7 +285,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
285 goto err; 285 goto err;
286 } 286 }
287 287
288 if (!BUF_MEM_grow(&b,num+os->length)) 288 if (!BUF_MEM_grow_clean(&b,num+os->length))
289 { 289 {
290 c->error=ERR_R_BUF_LIB; 290 c->error=ERR_R_BUF_LIB;
291 goto err; 291 goto err;
diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c
index a80fbe9ff7..b67b75e7c2 100644
--- a/src/lib/libcrypto/asn1/a_d2i_fp.c
+++ b/src/lib/libcrypto/asn1/a_d2i_fp.c
@@ -149,7 +149,12 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
149 ASN1_CTX c; 149 ASN1_CTX c;
150 int want=HEADER_SIZE; 150 int want=HEADER_SIZE;
151 int eos=0; 151 int eos=0;
152#if defined(__GNUC__) && defined(__ia64)
153 /* pathetic compiler bug in all known versions as of Nov. 2002 */
154 long off=0;
155#else
152 int off=0; 156 int off=0;
157#endif
153 int len=0; 158 int len=0;
154 159
155 b=BUF_MEM_new(); 160 b=BUF_MEM_new();
@@ -166,7 +171,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
166 { 171 {
167 want-=(len-off); 172 want-=(len-off);
168 173
169 if (!BUF_MEM_grow(b,len+want)) 174 if (!BUF_MEM_grow_clean(b,len+want))
170 { 175 {
171 ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); 176 ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
172 goto err; 177 goto err;
@@ -221,18 +226,23 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
221 if (want > (len-off)) 226 if (want > (len-off))
222 { 227 {
223 want-=(len-off); 228 want-=(len-off);
224 if (!BUF_MEM_grow(b,len+want)) 229 if (!BUF_MEM_grow_clean(b,len+want))
225 { 230 {
226 ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); 231 ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
227 goto err; 232 goto err;
228 } 233 }
229 i=BIO_read(in,&(b->data[len]),want); 234 while (want > 0)
230 if (i <= 0)
231 { 235 {
232 ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA); 236 i=BIO_read(in,&(b->data[len]),want);
233 goto err; 237 if (i <= 0)
238 {
239 ASN1err(ASN1_F_ASN1_D2I_BIO,
240 ASN1_R_NOT_ENOUGH_DATA);
241 goto err;
242 }
243 len+=i;
244 want -= i;
234 } 245 }
235 len+=i;
236 } 246 }
237 off+=(int)c.slen; 247 off+=(int)c.slen;
238 if (eos <= 0) 248 if (eos <= 0)
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
index 71ce7c3896..0a8e6c287c 100644
--- a/src/lib/libcrypto/asn1/a_object.c
+++ b/src/lib/libcrypto/asn1/a_object.c
@@ -183,8 +183,8 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
183 183
184 if ((a == NULL) || (a->data == NULL)) 184 if ((a == NULL) || (a->data == NULL))
185 return(BIO_write(bp,"NULL",4)); 185 return(BIO_write(bp,"NULL",4));
186 i=i2t_ASN1_OBJECT(buf,80,a); 186 i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
187 if (i > 80) i=80; 187 if (i > sizeof buf) i=sizeof buf;
188 BIO_write(bp,buf,i); 188 BIO_write(bp,buf,i);
189 return(i); 189 return(i);
190 } 190 }
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
index de53b44144..52ce7e3974 100644
--- a/src/lib/libcrypto/asn1/a_sign.c
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -204,9 +204,9 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
204err: 204err:
205 EVP_MD_CTX_cleanup(&ctx); 205 EVP_MD_CTX_cleanup(&ctx);
206 if (buf_in != NULL) 206 if (buf_in != NULL)
207 { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } 207 { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
208 if (buf_out != NULL) 208 if (buf_out != NULL)
209 { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } 209 { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
210 return(outl); 210 return(outl);
211 } 211 }
212 212
@@ -287,8 +287,8 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
287err: 287err:
288 EVP_MD_CTX_cleanup(&ctx); 288 EVP_MD_CTX_cleanup(&ctx);
289 if (buf_in != NULL) 289 if (buf_in != NULL)
290 { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } 290 { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
291 if (buf_out != NULL) 291 if (buf_out != NULL)
292 { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } 292 { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
293 return(outl); 293 return(outl);
294 } 294 }
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
index 7ddb7662f1..1def6c6549 100644
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -63,6 +63,7 @@
63#include <openssl/asn1.h> 63#include <openssl/asn1.h>
64 64
65#include "charmap.h" 65#include "charmap.h"
66#include "cryptlib.h"
66 67
67/* ASN1_STRING_print_ex() and X509_NAME_print_ex(). 68/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
68 * Enhanced string and name printing routines handling 69 * Enhanced string and name printing routines handling
@@ -114,14 +115,17 @@ typedef int char_io(void *arg, const void *buf, int len);
114static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) 115static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
115{ 116{
116 unsigned char chflgs, chtmp; 117 unsigned char chflgs, chtmp;
117 char tmphex[11]; 118 char tmphex[HEX_SIZE(long)+3];
119
120 if(c > 0xffffffffL)
121 return -1;
118 if(c > 0xffff) { 122 if(c > 0xffff) {
119 BIO_snprintf(tmphex, 11, "\\W%08lX", c); 123 BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
120 if(!io_ch(arg, tmphex, 10)) return -1; 124 if(!io_ch(arg, tmphex, 10)) return -1;
121 return 10; 125 return 10;
122 } 126 }
123 if(c > 0xff) { 127 if(c > 0xff) {
124 BIO_snprintf(tmphex, 11, "\\U%04lX", c); 128 BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
125 if(!io_ch(arg, tmphex, 6)) return -1; 129 if(!io_ch(arg, tmphex, 6)) return -1;
126 return 6; 130 return 6;
127 } 131 }
@@ -195,7 +199,7 @@ static int do_buf(unsigned char *buf, int buflen,
195 if(type & BUF_TYPE_CONVUTF8) { 199 if(type & BUF_TYPE_CONVUTF8) {
196 unsigned char utfbuf[6]; 200 unsigned char utfbuf[6];
197 int utflen; 201 int utflen;
198 utflen = UTF8_putc(utfbuf, 6, c); 202 utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
199 for(i = 0; i < utflen; i++) { 203 for(i = 0; i < utflen; i++) {
200 /* We don't need to worry about setting orflags correctly 204 /* We don't need to worry about setting orflags correctly
201 * because if utflen==1 its value will be correct anyway 205 * because if utflen==1 its value will be correct anyway
@@ -461,7 +465,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
461 if(fn_opt != XN_FLAG_FN_NONE) { 465 if(fn_opt != XN_FLAG_FN_NONE) {
462 int objlen, fld_len; 466 int objlen, fld_len;
463 if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { 467 if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
464 OBJ_obj2txt(objtmp, 80, fn, 1); 468 OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
465 fld_len = 0; /* XXX: what should this be? */ 469 fld_len = 0; /* XXX: what should this be? */
466 objbuf = objtmp; 470 objbuf = objtmp;
467 } else { 471 } else {
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
index 04789d1c63..aa49e9d7d0 100644
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ b/src/lib/libcrypto/asn1/a_strnid.c
@@ -173,6 +173,7 @@ static ASN1_STRING_TABLE tbl_standard[] = {
173{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, 173{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
174{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, 174{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
175{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, 175{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
176{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
176{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} 177{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
177}; 178};
178 179
@@ -249,4 +250,38 @@ static void st_free(ASN1_STRING_TABLE *tbl)
249 if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); 250 if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
250} 251}
251 252
253
252IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) 254IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
255
256#ifdef STRING_TABLE_TEST
257
258main()
259{
260 ASN1_STRING_TABLE *tmp;
261 int i, last_nid = -1;
262
263 for (tmp = tbl_standard, i = 0;
264 i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
265 {
266 if (tmp->nid < last_nid)
267 {
268 last_nid = 0;
269 break;
270 }
271 last_nid = tmp->nid;
272 }
273
274 if (last_nid != 0)
275 {
276 printf("Table order OK\n");
277 exit(0);
278 }
279
280 for (tmp = tbl_standard, i = 0;
281 i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
282 printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
283 OBJ_nid2ln(tmp->nid));
284
285}
286
287#endif
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c
index 8216783aa8..b8c031fc8f 100644
--- a/src/lib/libcrypto/asn1/a_time.c
+++ b/src/lib/libcrypto/asn1/a_time.c
@@ -105,7 +105,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
105 105
106 ts=OPENSSL_gmtime(&t,&data); 106 ts=OPENSSL_gmtime(&t,&data);
107 if (ts == NULL) 107 if (ts == NULL)
108 {
109 ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
108 return NULL; 110 return NULL;
111 }
109 if((ts->tm_year >= 50) && (ts->tm_year < 150)) 112 if((ts->tm_year >= 50) && (ts->tm_year < 150))
110 return ASN1_UTCTIME_set(s, t); 113 return ASN1_UTCTIME_set(s, t);
111 return ASN1_GENERALIZEDTIME_set(s,t); 114 return ASN1_GENERALIZEDTIME_set(s,t);
diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c
index 96e111cf23..fe3fcd40b0 100644
--- a/src/lib/libcrypto/asn1/a_type.c
+++ b/src/lib/libcrypto/asn1/a_type.c
@@ -62,7 +62,7 @@
62 62
63int ASN1_TYPE_get(ASN1_TYPE *a) 63int ASN1_TYPE_get(ASN1_TYPE *a)
64 { 64 {
65 if (a->value.ptr != NULL) 65 if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
66 return(a->type); 66 return(a->type);
67 else 67 else
68 return(0); 68 return(0);
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index bf41de5146..da2a0a6d69 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -103,7 +103,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
103 EVP_VerifyInit_ex(&ctx,type, NULL); 103 EVP_VerifyInit_ex(&ctx,type, NULL);
104 EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); 104 EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
105 105
106 memset(buf_in,0,(unsigned int)inl); 106 OPENSSL_cleanse(buf_in,(unsigned int)inl);
107 OPENSSL_free(buf_in); 107 OPENSSL_free(buf_in);
108 108
109 if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, 109 if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
@@ -153,7 +153,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
153 EVP_VerifyInit_ex(&ctx,type, NULL); 153 EVP_VerifyInit_ex(&ctx,type, NULL);
154 EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); 154 EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
155 155
156 memset(buf_in,0,(unsigned int)inl); 156 OPENSSL_cleanse(buf_in,(unsigned int)inl);
157 OPENSSL_free(buf_in); 157 OPENSSL_free(buf_in);
158 158
159 if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, 159 if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index dbb30f4f22..3414509f1b 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -70,7 +70,6 @@
70 70
71#include <openssl/symhacks.h> 71#include <openssl/symhacks.h>
72 72
73#include <openssl/e_os2.h>
74#include <openssl/ossl_typ.h> 73#include <openssl/ossl_typ.h>
75 74
76#ifdef OPENSSL_BUILD_SHLIBCRYPTO 75#ifdef OPENSSL_BUILD_SHLIBCRYPTO
@@ -133,7 +132,7 @@ extern "C" {
133#define B_ASN1_NUMERICSTRING 0x0001 132#define B_ASN1_NUMERICSTRING 0x0001
134#define B_ASN1_PRINTABLESTRING 0x0002 133#define B_ASN1_PRINTABLESTRING 0x0002
135#define B_ASN1_T61STRING 0x0004 134#define B_ASN1_T61STRING 0x0004
136#define B_ASN1_TELETEXSTRING 0x0008 135#define B_ASN1_TELETEXSTRING 0x0004
137#define B_ASN1_VIDEOTEXSTRING 0x0008 136#define B_ASN1_VIDEOTEXSTRING 0x0008
138#define B_ASN1_IA5STRING 0x0010 137#define B_ASN1_IA5STRING 0x0010
139#define B_ASN1_GRAPHICSTRING 0x0020 138#define B_ASN1_GRAPHICSTRING 0x0020
@@ -981,6 +980,7 @@ void ERR_load_ASN1_strings(void);
981#define ASN1_F_ASN1_TEMPLATE_D2I 131 980#define ASN1_F_ASN1_TEMPLATE_D2I 131
982#define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 981#define ASN1_F_ASN1_TEMPLATE_EX_D2I 132
983#define ASN1_F_ASN1_TEMPLATE_NEW 133 982#define ASN1_F_ASN1_TEMPLATE_NEW 133
983#define ASN1_F_ASN1_TIME_SET 175
984#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 984#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
985#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 985#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
986#define ASN1_F_ASN1_UNPACK_STRING 136 986#define ASN1_F_ASN1_UNPACK_STRING 136
@@ -1038,6 +1038,7 @@ void ERR_load_ASN1_strings(void);
1038#define ASN1_R_DECODE_ERROR 110 1038#define ASN1_R_DECODE_ERROR 110
1039#define ASN1_R_DECODING_ERROR 111 1039#define ASN1_R_DECODING_ERROR 111
1040#define ASN1_R_ENCODE_ERROR 112 1040#define ASN1_R_ENCODE_ERROR 112
1041#define ASN1_R_ERROR_GETTING_TIME 173
1041#define ASN1_R_ERROR_LOADING_SECTION 172 1042#define ASN1_R_ERROR_LOADING_SECTION 172
1042#define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 1043#define ASN1_R_ERROR_PARSING_SET_ELEMENT 113
1043#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 1044#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index c4c3d2a91d..094ec06fda 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
1/* crypto/asn1/asn1_err.c */ 1/* crypto/asn1/asn1_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -100,6 +100,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
100{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, 100{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"},
101{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"}, 101{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"},
102{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"}, 102{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"},
103{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"},
103{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, 104{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"},
104{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, 105{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"},
105{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, 106{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"},
@@ -160,6 +161,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
160{ASN1_R_DECODE_ERROR ,"decode error"}, 161{ASN1_R_DECODE_ERROR ,"decode error"},
161{ASN1_R_DECODING_ERROR ,"decoding error"}, 162{ASN1_R_DECODING_ERROR ,"decoding error"},
162{ASN1_R_ENCODE_ERROR ,"encode error"}, 163{ASN1_R_ENCODE_ERROR ,"encode error"},
164{ASN1_R_ERROR_GETTING_TIME ,"error getting time"},
163{ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, 165{ASN1_R_ERROR_LOADING_SECTION ,"error loading section"},
164{ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, 166{ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"},
165{ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, 167{ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"},
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
index 4223c9ae45..1799657141 100644
--- a/src/lib/libcrypto/asn1/asn1_par.c
+++ b/src/lib/libcrypto/asn1/asn1_par.c
@@ -79,12 +79,7 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
79 else 79 else
80 p="prim: "; 80 p="prim: ";
81 if (BIO_write(bp,p,6) < 6) goto err; 81 if (BIO_write(bp,p,6) < 6) goto err;
82 if (indent) 82 BIO_indent(bp,indent,128);
83 {
84 if (indent > 128) indent=128;
85 memset(str,' ',indent);
86 if (BIO_write(bp,str,indent) < indent) goto err;
87 }
88 83
89 p=str; 84 p=str;
90 if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) 85 if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
diff --git a/src/lib/libcrypto/asn1/f_int.c b/src/lib/libcrypto/asn1/f_int.c
index 48cc3bfb90..9494e597ab 100644
--- a/src/lib/libcrypto/asn1/f_int.c
+++ b/src/lib/libcrypto/asn1/f_int.c
@@ -169,8 +169,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
169 sp=(unsigned char *)OPENSSL_malloc( 169 sp=(unsigned char *)OPENSSL_malloc(
170 (unsigned int)num+i*2); 170 (unsigned int)num+i*2);
171 else 171 else
172 sp=(unsigned char *)OPENSSL_realloc(s, 172 sp=OPENSSL_realloc_clean(s,slen,num+i*2);
173 (unsigned int)num+i*2);
174 if (sp == NULL) 173 if (sp == NULL)
175 { 174 {
176 ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); 175 ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
index 9146ee02c9..766b51c538 100644
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -187,7 +187,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
187 i2d_NETSCAPE_PKEY(pkey,&zz); 187 i2d_NETSCAPE_PKEY(pkey,&zz);
188 188
189 /* Wipe the private key encoding */ 189 /* Wipe the private key encoding */
190 memset(pkey->private_key->data, 0, rsalen); 190 OPENSSL_cleanse(pkey->private_key->data, rsalen);
191 191
192 if (cb == NULL) 192 if (cb == NULL)
193 cb=EVP_read_pw_string; 193 cb=EVP_read_pw_string;
@@ -206,7 +206,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
206 } 206 }
207 207
208 EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); 208 EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
209 memset(buf,0,256); 209 OPENSSL_cleanse(buf,256);
210 210
211 /* Encrypt private key in place */ 211 /* Encrypt private key in place */
212 zz = enckey->enckey->digest->data; 212 zz = enckey->enckey->digest->data;
@@ -294,7 +294,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
294 } 294 }
295 295
296 EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); 296 EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
297 memset(buf,0,256); 297 OPENSSL_cleanse(buf,256);
298 298
299 EVP_CIPHER_CTX_init(&ctx); 299 EVP_CIPHER_CTX_init(&ctx);
300 EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL); 300 EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c
index b634d5bc85..24b409132f 100644
--- a/src/lib/libcrypto/asn1/p8_pkey.c
+++ b/src/lib/libcrypto/asn1/p8_pkey.c
@@ -68,8 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
68 if(operation == ASN1_OP_FREE_PRE) { 68 if(operation == ASN1_OP_FREE_PRE) {
69 PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; 69 PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
70 if (key->pkey->value.octet_string) 70 if (key->pkey->value.octet_string)
71 memset(key->pkey->value.octet_string->data, 71 OPENSSL_cleanse(key->pkey->value.octet_string->data,
72 0, key->pkey->value.octet_string->length); 72 key->pkey->value.octet_string->length);
73 } 73 }
74 return 1; 74 return 1;
75} 75}
diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c
index 60db305756..757c148df8 100644
--- a/src/lib/libcrypto/asn1/t_crl.c
+++ b/src/lib/libcrypto/asn1/t_crl.c
@@ -84,11 +84,11 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
84 84
85int X509_CRL_print(BIO *out, X509_CRL *x) 85int X509_CRL_print(BIO *out, X509_CRL *x)
86{ 86{
87 char buf[256];
88 STACK_OF(X509_REVOKED) *rev; 87 STACK_OF(X509_REVOKED) *rev;
89 X509_REVOKED *r; 88 X509_REVOKED *r;
90 long l; 89 long l;
91 int i, n; 90 int i, n;
91 char *p;
92 92
93 BIO_printf(out, "Certificate Revocation List (CRL):\n"); 93 BIO_printf(out, "Certificate Revocation List (CRL):\n");
94 l = X509_CRL_get_version(x); 94 l = X509_CRL_get_version(x);
@@ -96,8 +96,9 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
96 i = OBJ_obj2nid(x->sig_alg->algorithm); 96 i = OBJ_obj2nid(x->sig_alg->algorithm);
97 BIO_printf(out, "%8sSignature Algorithm: %s\n", "", 97 BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
98 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); 98 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
99 X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256); 99 p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
100 BIO_printf(out,"%8sIssuer: %s\n","",buf); 100 BIO_printf(out,"%8sIssuer: %s\n","",p);
101 OPENSSL_free(p);
101 BIO_printf(out,"%8sLast Update: ",""); 102 BIO_printf(out,"%8sLast Update: ","");
102 ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x)); 103 ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
103 BIO_printf(out,"\n%8sNext Update: ",""); 104 BIO_printf(out,"\n%8sNext Update: ","");
diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c
index b3f8364012..e1c5e5ae13 100644
--- a/src/lib/libcrypto/asn1/t_pkey.c
+++ b/src/lib/libcrypto/asn1/t_pkey.c
@@ -130,14 +130,10 @@ int RSA_print(BIO *bp, const RSA *x, int off)
130 goto err; 130 goto err;
131 } 131 }
132 132
133 if (off)
134 {
135 if (off > 128) off=128;
136 memset(str,' ',off);
137 }
138 if (x->d != NULL) 133 if (x->d != NULL)
139 { 134 {
140 if (off && (BIO_write(bp,str,off) <= 0)) goto err; 135 if(!BIO_indent(bp,off,128))
136 goto err;
141 if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n)) 137 if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
142 <= 0) goto err; 138 <= 0) goto err;
143 } 139 }
@@ -183,7 +179,6 @@ int DSA_print_fp(FILE *fp, const DSA *x, int off)
183 179
184int DSA_print(BIO *bp, const DSA *x, int off) 180int DSA_print(BIO *bp, const DSA *x, int off)
185 { 181 {
186 char str[128];
187 unsigned char *m=NULL; 182 unsigned char *m=NULL;
188 int ret=0; 183 int ret=0;
189 size_t buf_len=0,i; 184 size_t buf_len=0,i;
@@ -210,14 +205,10 @@ int DSA_print(BIO *bp, const DSA *x, int off)
210 goto err; 205 goto err;
211 } 206 }
212 207
213 if (off)
214 {
215 if (off > 128) off=128;
216 memset(str,' ',off);
217 }
218 if (x->priv_key != NULL) 208 if (x->priv_key != NULL)
219 { 209 {
220 if (off && (BIO_write(bp,str,off) <= 0)) goto err; 210 if(!BIO_indent(bp,off,128))
211 goto err;
221 if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p)) 212 if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
222 <= 0) goto err; 213 <= 0) goto err;
223 } 214 }
@@ -240,17 +231,12 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
240 int off) 231 int off)
241 { 232 {
242 int n,i; 233 int n,i;
243 char str[128];
244 const char *neg; 234 const char *neg;
245 235
246 if (num == NULL) return(1); 236 if (num == NULL) return(1);
247 neg=(num->neg)?"-":""; 237 neg=(num->neg)?"-":"";
248 if (off) 238 if(!BIO_indent(bp,off,128))
249 { 239 return 0;
250 if (off > 128) off=128;
251 memset(str,' ',off);
252 if (BIO_write(bp,str,off) <= 0) return(0);
253 }
254 240
255 if (BN_num_bytes(num) <= BN_BYTES) 241 if (BN_num_bytes(num) <= BN_BYTES)
256 { 242 {
@@ -274,9 +260,9 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
274 { 260 {
275 if ((i%15) == 0) 261 if ((i%15) == 0)
276 { 262 {
277 str[0]='\n'; 263 if(BIO_puts(bp,"\n") <= 0
278 memset(&(str[1]),' ',off+4); 264 || !BIO_indent(bp,off+4,128))
279 if (BIO_write(bp,str,off+1+4) <= 0) return(0); 265 return 0;
280 } 266 }
281 if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":") 267 if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
282 <= 0) return(0); 268 <= 0) return(0);
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
index eca97e00cb..740cee80c0 100644
--- a/src/lib/libcrypto/asn1/t_req.c
+++ b/src/lib/libcrypto/asn1/t_req.c
@@ -91,7 +91,6 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
91 EVP_PKEY *pkey; 91 EVP_PKEY *pkey;
92 STACK_OF(X509_ATTRIBUTE) *sk; 92 STACK_OF(X509_ATTRIBUTE) *sk;
93 STACK_OF(X509_EXTENSION) *exts; 93 STACK_OF(X509_EXTENSION) *exts;
94 char str[128];
95 char mlch = ' '; 94 char mlch = ' ';
96 int nmindent = 0; 95 int nmindent = 0;
97 96
@@ -116,9 +115,9 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
116 l=0; 115 l=0;
117 for (i=0; i<ri->version->length; i++) 116 for (i=0; i<ri->version->length; i++)
118 { l<<=8; l+=ri->version->data[i]; } 117 { l<<=8; l+=ri->version->data[i]; }
119 snprintf(str,sizeof str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg, 118 if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
120 l,neg,l); 119 l) <= 0)
121 if (BIO_puts(bp,str) <= 0) goto err; 120 goto err;
122 } 121 }
123 if(!(cflag & X509_FLAG_NO_SUBJECT)) 122 if(!(cflag & X509_FLAG_NO_SUBJECT))
124 { 123 {
@@ -169,14 +168,14 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
169 if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) 168 if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
170 { 169 {
171 /* may not be */ 170 /* may not be */
172 snprintf(str,sizeof str,"%8sAttributes:\n",""); 171 if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
173 if (BIO_puts(bp,str) <= 0) goto err; 172 goto err;
174 173
175 sk=x->req_info->attributes; 174 sk=x->req_info->attributes;
176 if (sk_X509_ATTRIBUTE_num(sk) == 0) 175 if (sk_X509_ATTRIBUTE_num(sk) == 0)
177 { 176 {
178 snprintf(str,sizeof str,"%12sa0:00\n",""); 177 if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
179 if (BIO_puts(bp,str) <= 0) goto err; 178 goto err;
180 } 179 }
181 else 180 else
182 { 181 {
@@ -191,8 +190,8 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
191 a=sk_X509_ATTRIBUTE_value(sk,i); 190 a=sk_X509_ATTRIBUTE_value(sk,i);
192 if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) 191 if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
193 continue; 192 continue;
194 snprintf(str,sizeof str,"%12s",""); 193 if(BIO_printf(bp,"%12s","") <= 0)
195 if (BIO_puts(bp,str) <= 0) goto err; 194 goto err;
196 if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) 195 if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
197 { 196 {
198 if (a->single) 197 if (a->single)
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
index 5de4833ed0..d1034c47f8 100644
--- a/src/lib/libcrypto/asn1/t_x509.c
+++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -433,15 +433,17 @@ err:
433 433
434int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) 434int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
435 { 435 {
436 char *s,*c; 436 char *s,*c,*b;
437 int ret=0,l,ll,i,first=1; 437 int ret=0,l,ll,i,first=1;
438 char buf[256];
439 438
440 ll=80-2-obase; 439 ll=80-2-obase;
441 440
442 s=X509_NAME_oneline(name,buf,256); 441 b=s=X509_NAME_oneline(name,NULL,0);
443 if (!*s) 442 if (!*s)
443 {
444 OPENSSL_free(b);
444 return 1; 445 return 1;
446 }
445 s++; /* skip the first slash */ 447 s++; /* skip the first slash */
446 448
447 l=ll; 449 l=ll;
@@ -497,6 +499,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
497err: 499err:
498 X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB); 500 X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
499 } 501 }
502 OPENSSL_free(b);
500 return(ret); 503 return(ret);
501 } 504 }
502 505
diff --git a/src/lib/libcrypto/asn1/t_x509a.c b/src/lib/libcrypto/asn1/t_x509a.c
index 7d4a6e6084..ffbbfb51f4 100644
--- a/src/lib/libcrypto/asn1/t_x509a.c
+++ b/src/lib/libcrypto/asn1/t_x509a.c
@@ -77,7 +77,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
77 for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { 77 for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
78 if(!first) BIO_puts(out, ", "); 78 if(!first) BIO_puts(out, ", ");
79 else first = 0; 79 else first = 0;
80 OBJ_obj2txt(oidstr, 80, 80 OBJ_obj2txt(oidstr, sizeof oidstr,
81 sk_ASN1_OBJECT_value(aux->trust, i), 0); 81 sk_ASN1_OBJECT_value(aux->trust, i), 0);
82 BIO_puts(out, oidstr); 82 BIO_puts(out, oidstr);
83 } 83 }
@@ -90,7 +90,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
90 for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { 90 for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
91 if(!first) BIO_puts(out, ", "); 91 if(!first) BIO_puts(out, ", ");
92 else first = 0; 92 else first = 0;
93 OBJ_obj2txt(oidstr, 80, 93 OBJ_obj2txt(oidstr, sizeof oidstr,
94 sk_ASN1_OBJECT_value(aux->reject, i), 0); 94 sk_ASN1_OBJECT_value(aux->reject, i), 0);
95 BIO_puts(out, oidstr); 95 BIO_puts(out, oidstr);
96 } 96 }
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index f87c08793a..76fc023230 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -664,7 +664,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
664 if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err; 664 if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err;
665 len = buf.length; 665 len = buf.length;
666 /* Append a final null to string */ 666 /* Append a final null to string */
667 if(!BUF_MEM_grow(&buf, len + 1)) { 667 if(!BUF_MEM_grow_clean(&buf, len + 1)) {
668 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); 668 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
669 return 0; 669 return 0;
670 } 670 }
@@ -857,7 +857,7 @@ static int collect_data(BUF_MEM *buf, unsigned char **p, long plen)
857 int len; 857 int len;
858 if(buf) { 858 if(buf) {
859 len = buf->length; 859 len = buf->length;
860 if(!BUF_MEM_grow(buf, len + plen)) { 860 if(!BUF_MEM_grow_clean(buf, len + plen)) {
861 ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); 861 ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
862 return 0; 862 return 0;
863 } 863 }
diff --git a/src/lib/libcrypto/asn1/tasn_fre.c b/src/lib/libcrypto/asn1/tasn_fre.c
index c7610776f2..2dd844159e 100644
--- a/src/lib/libcrypto/asn1/tasn_fre.c
+++ b/src/lib/libcrypto/asn1/tasn_fre.c
@@ -206,7 +206,10 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
206 break; 206 break;
207 207
208 case V_ASN1_BOOLEAN: 208 case V_ASN1_BOOLEAN:
209 *(ASN1_BOOLEAN *)pval = it->size; 209 if (it)
210 *(ASN1_BOOLEAN *)pval = it->size;
211 else
212 *(ASN1_BOOLEAN *)pval = -1;
210 return; 213 return;
211 214
212 case V_ASN1_NULL: 215 case V_ASN1_NULL:
diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c
index e33861f864..a0e3db574f 100644
--- a/src/lib/libcrypto/asn1/tasn_new.c
+++ b/src/lib/libcrypto/asn1/tasn_new.c
@@ -305,7 +305,10 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
305 return 1; 305 return 1;
306 306
307 case V_ASN1_BOOLEAN: 307 case V_ASN1_BOOLEAN:
308 *(ASN1_BOOLEAN *)pval = it->size; 308 if (it)
309 *(ASN1_BOOLEAN *)pval = it->size;
310 else
311 *(ASN1_BOOLEAN *)pval = -1;
309 return 1; 312 return 1;
310 313
311 case V_ASN1_NULL: 314 case V_ASN1_NULL:
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c
index fab67ae5ac..719639b511 100644
--- a/src/lib/libcrypto/asn1/tasn_prn.c
+++ b/src/lib/libcrypto/asn1/tasn_prn.c
@@ -186,7 +186,7 @@ if(*bool == -1) printf("BOOL MISSING\n");
186 char objbuf[80], *ln; 186 char objbuf[80], *ln;
187 ln = OBJ_nid2ln(OBJ_obj2nid(fld)); 187 ln = OBJ_nid2ln(OBJ_obj2nid(fld));
188 if(!ln) ln = ""; 188 if(!ln) ln = "";
189 OBJ_obj2txt(objbuf, 80, fld, 1); 189 OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
190 BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf); 190 BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
191 } else { 191 } else {
192 BIO_printf(out, "%*s%s:", indent, "", name); 192 BIO_printf(out, "%*s%s:", indent, "", name);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-07 18:02:03 +0000