Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.

author: miod <> 2014-04-13 15:25:35 +0000
committer: miod <> 2014-04-13 15:25:35 +0000
commit: 1fb5cf10c3e597dbb1ecc4dd423bba727fd7721a (patch)
tree: 74f4ff344980894c7c9ceeab9b81176ac7572566 /src/lib/libcrypto/pem
parent: 92349eb53934e1b3e9b807e603d45417a6320d21 (diff)
download: openbsd-1fb5cf10c3e597dbb1ecc4dd423bba727fd7721a.tar.gz
openbsd-1fb5cf10c3e597dbb1ecc4dd423bba727fd7721a.tar.bz2
openbsd-1fb5cf10c3e597dbb1ecc4dd423bba727fd7721a.zip
4 files changed, 183 insertions, 12 deletions
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index 3e7a6093ad..eac0460e3e 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -193,7 +193,61 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 #endif
+#ifdef OPENSSL_FIPS
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_RSA(k, x);
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
+                                        PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
+}
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_RSA(k, x);
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
+                                        PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+#else
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+#endif
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
@@ -223,7 +277,59 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
        return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
+#ifdef OPENSSL_FIPS
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_DSA(k, x);
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
+                                        PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
+}
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_DSA(k, x);
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
+                                        PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+#else
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+#endif
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 #ifndef OPENSSL_NO_FP_API
@@ -269,8 +375,63 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
 IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
+#ifdef OPENSSL_FIPS
+int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_EC_KEY(k, x);
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
+                                                PEM_STRING_ECPRIVATEKEY,
+                                                bp,x,enc,kstr,klen,cb,u);
+}
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_EC_KEY(k, x);
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
+                                                PEM_STRING_ECPRIVATEKEY,
+                                                fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+#else
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
+#endif
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 #ifndef OPENSSL_NO_FP_API
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 1b2be527ed..cc7f24a9c1 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -167,6 +167,7 @@ start:
 #ifndef OPENSSL_NO_RSA
                        if (strcmp(name,PEM_STRING_RSA) == 0)
                        {
+                        d2i=(D2I_OF(void))d2i_RSAPrivateKey;
                        if (xi->x_pkey != NULL) 
                                {
                                if (!sk_X509_INFO_push(ret,xi)) goto err;
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index cfc89a9921..5a421fc4b6 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -394,7 +394,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                        goto err;
                /* The 'iv' is used as the iv and as a salt.  It is
                 * NOT taken from the BytesToKey function */
-                EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+                if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
+                        goto err;
                if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
@@ -406,12 +407,15 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                /* k=strlen(buf); */
                EVP_CIPHER_CTX_init(&ctx);
-                EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
+                ret = 1;
-                EVP_EncryptUpdate(&ctx,data,&j,data,i);
+                if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
-                EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+                        || !EVP_EncryptUpdate(&ctx,data,&j,data,i)
+                        || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
+                        ret = 0;
                EVP_CIPHER_CTX_cleanup(&ctx);
+                if (ret == 0)
+                        goto err;
                i+=j;
-                ret=1;
                }
        else
                {
@@ -459,14 +463,17 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
        ebcdic2ascii(buf, buf, klen);
 #endif
-        EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+        if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
-                (unsigned char *)buf,klen,1,key,NULL);
+                (unsigned char *)buf,klen,1,key,NULL))
+                return 0;
        j=(int)len;
        EVP_CIPHER_CTX_init(&ctx);
-        EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
+        o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
-        EVP_DecryptUpdate(&ctx,data,&i,data,j);
+        if (o)
-        o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
+                o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
+        if (o)
+                o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
        EVP_CIPHER_CTX_cleanup(&ctx);
        OPENSSL_cleanse((char *)buf,sizeof(buf));
        OPENSSL_cleanse((char *)key,sizeof(key));
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index 59690b56ae..b6b4e13498 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -96,7 +96,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
        EVP_EncodeInit(&ctx->encode);
        EVP_MD_CTX_init(&ctx->md);
-        EVP_SignInit(&ctx->md,md_type);
+        if (!EVP_SignInit(&ctx->md,md_type))
+                goto err;
        EVP_CIPHER_CTX_init(&ctx->cipher);
        ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
@@ -163,7 +164,8 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
                goto err;
                }
-        EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
+        if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
+                goto err;
        EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
        *outl=j;
        out+=j;
author	miod <>	2014-04-13 15:25:35 +0000
committer	miod <>	2014-04-13 15:25:35 +0000
commit	1fb5cf10c3e597dbb1ecc4dd423bba727fd7721a (patch)
tree	74f4ff344980894c7c9ceeab9b81176ac7572566 /src/lib/libcrypto/pem
parent	92349eb53934e1b3e9b807e603d45417a6320d21 (diff)
download	openbsd-1fb5cf10c3e597dbb1ecc4dd423bba727fd7721a.tar.gz openbsd-1fb5cf10c3e597dbb1ecc4dd423bba727fd7721a.tar.bz2 openbsd-1fb5cf10c3e597dbb1ecc4dd423bba727fd7721a.zip

diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c index 3e7a6093ad..eac0460e3e 100644 --- a/src/lib/libcrypto/pem/pem_all.c +++ b/src/lib/libcrypto/pem/pem_all.c
@@ -193,7 +193,61 @@ RSA PEM_read_RSAPrivateKey(FILE fp, RSA *rsa, pem_password_cb cb,
193		193
194	#endif	194	#endif
195		195
		196	#ifdef OPENSSL_FIPS
		197
		198	int PEM_write_bio_RSAPrivateKey(BIO bp, RSA x, const EVP_CIPHER *enc,
		199	unsigned char *kstr, int klen,
		200	pem_password_cb cb, void u)
		201	{
		202	if (FIPS_mode())
		203	{
		204	EVP_PKEY *k;
		205	int ret;
		206	k = EVP_PKEY_new();
		207	if (!k)
		208	return 0;
		209	EVP_PKEY_set1_RSA(k, x);
		210
		211	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
		212	EVP_PKEY_free(k);
		213	return ret;
		214	}
		215	else
		216	return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
		217	PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
		218	}
		219
		220	#ifndef OPENSSL_NO_FP_API
		221	int PEM_write_RSAPrivateKey(FILE fp, RSA x, const EVP_CIPHER *enc,
		222	unsigned char *kstr, int klen,
		223	pem_password_cb cb, void u)
		224	{
		225	if (FIPS_mode())
		226	{
		227	EVP_PKEY *k;
		228	int ret;
		229	k = EVP_PKEY_new();
		230	if (!k)
		231	return 0;
		232
		233	EVP_PKEY_set1_RSA(k, x);
		234
		235	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
		236	EVP_PKEY_free(k);
		237	return ret;
		238	}
		239	else
		240	return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
		241	PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
		242	}
		243	#endif
		244
		245	#else
		246
196	IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)	247	IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
		248
		249	#endif
		250
197	IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)	251	IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
198	IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)	252	IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
199		253
@@ -223,7 +277,59 @@ DSA PEM_read_bio_DSAPrivateKey(BIO bp, DSA *dsa, pem_password_cb cb,
223	return pkey_get_dsa(pktmp, dsa); /* will free pktmp */	277	return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
224	}	278	}
225		279
		280	#ifdef OPENSSL_FIPS
		281
		282	int PEM_write_bio_DSAPrivateKey(BIO bp, DSA x, const EVP_CIPHER *enc,
		283	unsigned char *kstr, int klen,
		284	pem_password_cb cb, void u)
		285	{
		286	if (FIPS_mode())
		287	{
		288	EVP_PKEY *k;
		289	int ret;
		290	k = EVP_PKEY_new();
		291	if (!k)
		292	return 0;
		293	EVP_PKEY_set1_DSA(k, x);
		294
		295	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
		296	EVP_PKEY_free(k);
		297	return ret;
		298	}
		299	else
		300	return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
		301	PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
		302	}
		303
		304	#ifndef OPENSSL_NO_FP_API
		305	int PEM_write_DSAPrivateKey(FILE fp, DSA x, const EVP_CIPHER *enc,
		306	unsigned char *kstr, int klen,
		307	pem_password_cb cb, void u)
		308	{
		309	if (FIPS_mode())
		310	{
		311	EVP_PKEY *k;
		312	int ret;
		313	k = EVP_PKEY_new();
		314	if (!k)
		315	return 0;
		316	EVP_PKEY_set1_DSA(k, x);
		317	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
		318	EVP_PKEY_free(k);
		319	return ret;
		320	}
		321	else
		322	return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
		323	PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
		324	}
		325	#endif
		326
		327	#else
		328
226	IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)	329	IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
		330
		331	#endif
		332
227	IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)	333	IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
228		334
229	#ifndef OPENSSL_NO_FP_API	335	#ifndef OPENSSL_NO_FP_API
@@ -269,8 +375,63 @@ EC_KEY PEM_read_bio_ECPrivateKey(BIO bp, EC_KEY *key, pem_password_cb cb,
269		375
270	IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)	376	IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
271		377
		378
		379
		380	#ifdef OPENSSL_FIPS
		381
		382	int PEM_write_bio_ECPrivateKey(BIO bp, EC_KEY x, const EVP_CIPHER *enc,
		383	unsigned char *kstr, int klen,
		384	pem_password_cb cb, void u)
		385	{
		386	if (FIPS_mode())
		387	{
		388	EVP_PKEY *k;
		389	int ret;
		390	k = EVP_PKEY_new();
		391	if (!k)
		392	return 0;
		393	EVP_PKEY_set1_EC_KEY(k, x);
		394
		395	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
		396	EVP_PKEY_free(k);
		397	return ret;
		398	}
		399	else
		400	return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
		401	PEM_STRING_ECPRIVATEKEY,
		402	bp,x,enc,kstr,klen,cb,u);
		403	}
		404
		405	#ifndef OPENSSL_NO_FP_API
		406	int PEM_write_ECPrivateKey(FILE fp, EC_KEY x, const EVP_CIPHER *enc,
		407	unsigned char *kstr, int klen,
		408	pem_password_cb cb, void u)
		409	{
		410	if (FIPS_mode())
		411	{
		412	EVP_PKEY *k;
		413	int ret;
		414	k = EVP_PKEY_new();
		415	if (!k)
		416	return 0;
		417	EVP_PKEY_set1_EC_KEY(k, x);
		418	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
		419	EVP_PKEY_free(k);
		420	return ret;
		421	}
		422	else
		423	return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
		424	PEM_STRING_ECPRIVATEKEY,
		425	fp,x,enc,kstr,klen,cb,u);
		426	}
		427	#endif
		428
		429	#else
		430
272	IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)	431	IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
273		432
		433	#endif
		434
274	IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)	435	IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
275		436
276	#ifndef OPENSSL_NO_FP_API	437	#ifndef OPENSSL_NO_FP_API


diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c index 1b2be527ed..cc7f24a9c1 100644 --- a/src/lib/libcrypto/pem/pem_info.c +++ b/src/lib/libcrypto/pem/pem_info.c
@@ -167,6 +167,7 @@ start:
167	#ifndef OPENSSL_NO_RSA	167	#ifndef OPENSSL_NO_RSA
168	if (strcmp(name,PEM_STRING_RSA) == 0)	168	if (strcmp(name,PEM_STRING_RSA) == 0)
169	{	169	{
		170	d2i=(D2I_OF(void))d2i_RSAPrivateKey;
170	if (xi->x_pkey != NULL)	171	if (xi->x_pkey != NULL)
171	{	172	{
172	if (!sk_X509_INFO_push(ret,xi)) goto err;	173	if (!sk_X509_INFO_push(ret,xi)) goto err;


diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index cfc89a9921..5a421fc4b6 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -394,7 +394,8 @@ int PEM_ASN1_write_bio(i2d_of_void i2d, const char name, BIO *bp,
394	goto err;	394	goto err;
395	/* The 'iv' is used as the iv and as a salt. It is	395	/* The 'iv' is used as the iv and as a salt. It is
396	* NOT taken from the BytesToKey function */	396	* NOT taken from the BytesToKey function */
397	EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);	397	if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
		398	goto err;
398		399
399	if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);	400	if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
400		401
@@ -406,12 +407,15 @@ int PEM_ASN1_write_bio(i2d_of_void i2d, const char name, BIO *bp,
406	/* k=strlen(buf); */	407	/* k=strlen(buf); */
407		408
408	EVP_CIPHER_CTX_init(&ctx);	409	EVP_CIPHER_CTX_init(&ctx);
409	EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);	410	ret = 1;
410	EVP_EncryptUpdate(&ctx,data,&j,data,i);	411	if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
411	EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);	412	\|\| !EVP_EncryptUpdate(&ctx,data,&j,data,i)
		413	\|\| !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
		414	ret = 0;
412	EVP_CIPHER_CTX_cleanup(&ctx);	415	EVP_CIPHER_CTX_cleanup(&ctx);
		416	if (ret == 0)
		417	goto err;
413	i+=j;	418	i+=j;
414	ret=1;
415	}	419	}
416	else	420	else
417	{	421	{
@@ -459,14 +463,17 @@ int PEM_do_header(EVP_CIPHER_INFO cipher, unsigned char data, long *plen,
459	ebcdic2ascii(buf, buf, klen);	463	ebcdic2ascii(buf, buf, klen);
460	#endif	464	#endif
461		465
462	EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),	466	if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
463	(unsigned char *)buf,klen,1,key,NULL);	467	(unsigned char *)buf,klen,1,key,NULL))
		468	return 0;
464		469
465	j=(int)len;	470	j=(int)len;
466	EVP_CIPHER_CTX_init(&ctx);	471	EVP_CIPHER_CTX_init(&ctx);
467	EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));	472	o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
468	EVP_DecryptUpdate(&ctx,data,&i,data,j);	473	if (o)
469	o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);	474	o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
		475	if (o)
		476	o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
470	EVP_CIPHER_CTX_cleanup(&ctx);	477	EVP_CIPHER_CTX_cleanup(&ctx);
471	OPENSSL_cleanse((char *)buf,sizeof(buf));	478	OPENSSL_cleanse((char *)buf,sizeof(buf));
472	OPENSSL_cleanse((char *)key,sizeof(key));	479	OPENSSL_cleanse((char *)key,sizeof(key));


diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c index 59690b56ae..b6b4e13498 100644 --- a/src/lib/libcrypto/pem/pem_seal.c +++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -96,7 +96,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX ctx, EVP_CIPHER type, EVP_MD *md_type,
96	EVP_EncodeInit(&ctx->encode);	96	EVP_EncodeInit(&ctx->encode);
97		97
98	EVP_MD_CTX_init(&ctx->md);	98	EVP_MD_CTX_init(&ctx->md);
99	EVP_SignInit(&ctx->md,md_type);	99	if (!EVP_SignInit(&ctx->md,md_type))
		100	goto err;
100		101
101	EVP_CIPHER_CTX_init(&ctx->cipher);	102	EVP_CIPHER_CTX_init(&ctx->cipher);
102	ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);	103	ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
@@ -163,7 +164,8 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX ctx, unsigned char sig, int *sigl,
163	goto err;	164	goto err;
164	}	165	}
165		166
166	EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);	167	if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
		168	goto err;
167	EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);	169	EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
168	*outl=j;	170	*outl=j;
169	out+=j;	171	out+=j;