update to openssl-0.9.8i; tested by several, especially krw@

4 files changed, 34 insertions, 22 deletions

diff --git a/src/lib/libcrypto/rsa/Makefile b/src/lib/libcrypto/rsa/Makefile
index 13900812ac..8f1c611800 100644
--- a/src/lib/libcrypto/rsa/Makefile
+++ b/src/lib/libcrypto/rsa/Makefile
@@ -133,12 +133,17 @@ rsa_gen.o: ../cryptlib.h rsa_gen.c
 rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 rsa_lib.o: ../cryptlib.h rsa_lib.c
 rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 6b5e4f8a9a..3699afaaaf 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -281,6 +281,7 @@ int	RSA_print_fp(FILE *fp, const RSA *r,int offset);
 int     RSA_print(BIO *bp, const RSA *r,int offset);
 #endif
 
+#ifndef OPENSSL_NO_RC4
 int i2d_RSA_NET(const RSA *a, unsigned char **pp,
                 int (*cb)(char *buf, int len, const char *prompt, int verify),
                 int sgckey);
@@ -294,6 +295,7 @@ int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
 RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
                       int (*cb)(char *buf, int len, const char *prompt,
                                 int verify));
+#endif
 
 /* The following 2 functions sign and verify a X509_SIG ASN1 object
  * inside PKCS#1 padded RSA encryption */
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 272c5eed18..5a6eda7961 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -150,16 +150,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
         return(&rsa_pkcs1_eay_meth);
         }
 
-/* Usage example;
- *    MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
- */
-#define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \
-        if ((pre_cond) && ((method_mod) == NULL) && \
-                        !BN_MONT_CTX_set_locked(&(method_mod), \
-                                CRYPTO_LOCK_RSA, \
-                                (m), (ctx))) \
-                err_instr
-
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
         {
@@ -233,7 +223,9 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
                 goto err;
                 }
 
-        MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+                        goto err;
 
         if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
                 rsa->_method_mod_n)) goto err;
@@ -460,7 +452,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                 else
                         d= rsa->d;
 
-                MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+                if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+                        if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+                                goto err;
 
                 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
                                 rsa->_method_mod_n)) goto err;
@@ -581,7 +575,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                 else
                         d = rsa->d;
 
-                MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+                if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+                        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+                                goto err;
                 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
                                 rsa->_method_mod_n))
                   goto err;
@@ -691,7 +687,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
                 goto err;
                 }
 
-        MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+                        goto err;
 
         if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
                 rsa->_method_mod_n)) goto err;
@@ -769,11 +767,18 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
                         q = rsa->q;
                         }
 
-                MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
-                MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
+                if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
+                        {
+                        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
+                                goto err;
+                        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
+                                goto err;
+                        }
         }
 
-        MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+                        goto err;
 
         /* compute I mod q */
         if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c
index ea72629494..cfeff15bc9 100644
--- a/src/lib/libcrypto/rsa/rsa_ssl.c
+++ b/src/lib/libcrypto/rsa/rsa_ssl.c
@@ -130,7 +130,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
                 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
                 return(-1);
                 }
-        for (k= -8; k<0; k++)
+        for (k = -9; k<-1; k++)
                 {
                 if (p[k] !=  0x03) break;
                 }