11 files changed, 69 insertions, 36 deletions
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index 43dfe09479..91e1c8987d 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -116,6 +116,8 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
                goto err;
+        EVP_CIPHER_CTX_init(&ctx);
        /* Dummy cipherinit to just setup the IV */
        EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
        if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
index b7e268f092..3ce1290772 100644
--- a/src/lib/libcrypto/bio/b_print.c
+++ b/src/lib/libcrypto/bio/b_print.c
@@ -56,6 +56,13 @@
 * [including the GNU Public Licence.]
 */
+/* disable assert() unless BIO_DEBUG has been defined */
+#ifndef BIO_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
 /* 
 * Stolen from tjh's ssl/ssl_trc.c stuff.
 */
@@ -716,12 +723,13 @@ doapr_outch(
    if (buffer) {
        while (*currlen >= *maxlen) {
            if (*buffer == NULL) {
-                assert(*sbuffer != NULL);
                if (*maxlen == 0)
                    *maxlen = 1024;
                *buffer = OPENSSL_malloc(*maxlen);
-                if (*currlen > 0)
+                if (*currlen > 0) {
+                    assert(*sbuffer != NULL);
                    memcpy(*buffer, *sbuffer, *currlen);
+                }
                *sbuffer = NULL;
            } else {
                *maxlen += 1024;
@@ -761,7 +769,9 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args)
        {
        int ret;
        size_t retlen;
-        MS_STATIC char hugebuf[1024*10];
+        char hugebuf[1024*2];   /* Was previously 10k, which is unreasonable
+                                   in small-stack environments, like threads
+                                   or DOS programs. */
        char *hugebufp = hugebuf;
        size_t hugebufsize = sizeof(hugebuf);
        char *dynbuf = NULL;
diff --git a/src/lib/libcrypto/bio/bss_bio.c b/src/lib/libcrypto/bio/bss_bio.c
index a5da473031..1c485a4479 100644
--- a/src/lib/libcrypto/bio/bss_bio.c
+++ b/src/lib/libcrypto/bio/bss_bio.c
@@ -7,9 +7,18 @@
 * for which no specific BIO method is available.
 * See ssl/ssltest.c for some hints on how this can be used. */
+/* BIO_DEBUG implies BIO_PAIR_DEBUG */
+#ifdef BIO_DEBUG
+# ifndef BIO_PAIR_DEBUG
+#  define BIO_PAIR_DEBUG
+# endif
+#endif
+/* disable assert() unless BIO_PAIR_DEBUG has been defined */
 #ifndef BIO_PAIR_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
+# ifndef NDEBUG
-# define NDEBUG
+#  define NDEBUG
+# endif
 #endif
 #include <assert.h>
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index d25b49c9d8..1eaf879553 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -136,7 +136,7 @@ extern "C" {
 #define BN_MASK2h       (0xffffffff00000000LL)
 #define BN_MASK2h1      (0xffffffff80000000LL)
 #define BN_TBIT         (0x8000000000000000LL)
-#define BN_DEC_CONV     (10000000000000000000LL)
+#define BN_DEC_CONV     (10000000000000000000ULL)
 #define BN_DEC_FMT1     "%llu"
 #define BN_DEC_FMT2     "%019llu"
 #define BN_DEC_NUM      19
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
index 41ea925b8d..7bffc9c16a 100644
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -408,16 +408,22 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
                return;
                }
 #  endif
-        if (n2 == 8)
+        /* Only call bn_mul_comba 8 if n2 == 8 and the
+         * two arrays are complete [steve]
+         */
+        if (n2 == 8 && dna == 0 && dnb == 0)
                {
                bn_mul_comba8(r,a,b);
                return; 
                }
 # endif /* BN_MUL_COMBA */
+        /* Else do normal multiply */
        if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
                {
-                /* This should not happen */
+                bn_mul_normal(r,a,n2+dna,b,n2+dnb);
-                bn_mul_normal(r,a,n2,b,n2);
+                if ((dna + dnb) < 0)
+                        memset(&r[2*n2 + dna + dnb], 0,
+                                sizeof(BN_ULONG) * -(dna + dnb));
                return;
                }
        /* r=(a[0]-a[1])*(b[1]-b[0]) */
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 915fe62341..0d870d60be 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -184,7 +184,7 @@ typedef struct evp_pkey_md_st
                        EVP_rsa_octet_string(),EVP_mdc2())
 #define EVP_dsa_sha() \
                EVP_PKEY_MD_add(NID_dsaWithSHA,\
-                        EVP_dsa(),EVP_mdc2())
+                        EVP_dsa(),EVP_sha())
 #define EVP_dsa_sha1() \
                EVP_PKEY_MD_add(NID_dsaWithSHA1,\
                        EVP_dsa(),EVP_sha1())
@@ -525,7 +525,7 @@ int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 int     EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
                int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
-void    EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
+int     EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
 void    EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
 void    EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index d28a7d266e..32a1c7a2e9 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -102,11 +102,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                goto skip_to_init;
        if (cipher)
                {
-                /* Ensure an ENGINE left lying around from last time is cleared
+                /* Ensure a context left lying around from last time is cleared
                 * (the previous check attempted to avoid this if the same
                 * ENGINE and EVP_CIPHER could be used). */
-                if(ctx->engine)
+                EVP_CIPHER_CTX_cleanup(ctx);
-                        ENGINE_finish(ctx->engine);
+                /* Restore encrypt field: it is zeroed by cleanup */
+                ctx->encrypt = enc;
                if(impl)
                        {
                        if (!ENGINE_init(impl))
@@ -140,6 +142,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        }
                else
                        ctx->engine = NULL;
                ctx->cipher=cipher;
                ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
                ctx->key_len = cipher->key_len;
@@ -303,7 +306,6 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
        int ret;
        ret = EVP_EncryptFinal_ex(ctx, out, outl);
-        EVP_CIPHER_CTX_cleanup(ctx);
        return ret;
        }
@@ -314,14 +316,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        b=ctx->cipher->block_size;
        if (b == 1)
                {
-                EVP_CIPHER_CTX_cleanup(ctx);
                *outl=0;
                return 1;
                }
        bl=ctx->buf_len;
        if (ctx->flags & EVP_CIPH_NO_PADDING)
                {
-                EVP_CIPHER_CTX_cleanup(ctx);
                if(bl)
                        {
                        EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
@@ -336,7 +336,6 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                ctx->buf[i]=n;
        ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
-        EVP_CIPHER_CTX_cleanup(ctx);
        if(ret)
                *outl=b;
@@ -394,7 +393,6 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
        int ret;
        ret = EVP_DecryptFinal_ex(ctx, out, outl);
-        EVP_CIPHER_CTX_cleanup(ctx);
        return ret;
        }
@@ -407,7 +405,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        b=ctx->cipher->block_size;
        if (ctx->flags & EVP_CIPH_NO_PADDING)
                {
-                EVP_CIPHER_CTX_cleanup(ctx);
                if(ctx->buf_len)
                        {
                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
@@ -420,14 +417,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                {
                if (ctx->buf_len || !ctx->final_used)
                        {
-                        EVP_CIPHER_CTX_cleanup(ctx);
                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
                        return(0);
                        }
                n=ctx->final[b-1];
                if (n > b)
                        {
-                        EVP_CIPHER_CTX_cleanup(ctx);
                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
                        return(0);
                        }
@@ -435,7 +430,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                        {
                        if (ctx->final[--b] != n)
                                {
-                                EVP_CIPHER_CTX_cleanup(ctx);
                                EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
                                return(0);
                                }
@@ -447,17 +441,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                }
        else
                *outl=0;
-        EVP_CIPHER_CTX_cleanup(ctx);
        return(1);
        }
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
        {
-        if ((c->cipher != NULL) && (c->cipher->cleanup != NULL))
+        if (c->cipher != NULL)
                {
-                if(!c->cipher->cleanup(c)) return 0;
+                if(c->cipher->cleanup && !c->cipher->cleanup(c))
+                        return 0;
+                /* Zero cipher context data */
+                if (c->cipher_data)
+                        memset(c->cipher_data, 0, c->cipher->ctx_size);
                }
-        OPENSSL_free(c->cipher_data);
+        if (c->cipher_data)
+                OPENSSL_free(c->cipher_data);
        if (c->engine)
                /* The EVP_CIPHER we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c
index 3607fe7776..decd0713d6 100644
--- a/src/lib/libcrypto/evp/evp_test.c
+++ b/src/lib/libcrypto/evp/evp_test.c
@@ -209,6 +209,8 @@ static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
        exit(9);
        }
+    EVP_CIPHER_CTX_cleanup(&ctx);
    printf("\n");
    }
@@ -279,6 +281,8 @@ static int test_digest(const char *digest,
    printf("\n");
+    EVP_MD_CTX_cleanup(&ctx);
    return 1;
    }
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c
index 5570ca3745..37e547fe72 100644
--- a/src/lib/libcrypto/evp/p_seal.c
+++ b/src/lib/libcrypto/evp/p_seal.c
@@ -106,8 +106,10 @@ int inl;
        }
 */
-void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
-        EVP_EncryptFinal_ex(ctx,out,outl);
+        int i;
+        i = EVP_EncryptFinal_ex(ctx,out,outl);
        EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
+        return i;
        }
diff --git a/src/lib/libcrypto/ui/ui_openssl.c b/src/lib/libcrypto/ui/ui_openssl.c
index 3aa03f74aa..4e12165410 100644
--- a/src/lib/libcrypto/ui/ui_openssl.c
+++ b/src/lib/libcrypto/ui/ui_openssl.c
@@ -465,7 +465,7 @@ static int open_console(UI *ui)
                tty_out=stderr;
 #endif
-#if defined(TTY_get) && !defined(VMS)
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
        if (TTY_get(fileno(tty_in),&tty_orig) == -1)
                {
 #ifdef ENOTTY
diff --git a/src/lib/libcrypto/util/pl/Mingw32.pl b/src/lib/libcrypto/util/pl/Mingw32.pl
index 37f36126f3..45ab685974 100644
--- a/src/lib/libcrypto/util/pl/Mingw32.pl
+++ b/src/lib/libcrypto/util/pl/Mingw32.pl
@@ -25,6 +25,8 @@ if ($gaswin and !$no_asm)
        {
        $bn_asm_obj='$(OBJ_D)/bn-win32.o';
        $bn_asm_src='crypto/bn/asm/bn-win32.s';
+        $bnco_asm_obj='$(OBJ_D)/co-win32.o';
+        $bnco_asm_src='crypto/bn/asm/co-win32.s';
        $des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o';
        $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';
        $bf_enc_obj='$(OBJ_D)/b-win32.o';
@@ -66,12 +68,12 @@ $lfile='';
 $asm='as';
 $afile='-o ';
-$bn_asm_obj="";
+#$bn_asm_obj="";
-$bn_asm_src="";
+#$bn_asm_src="";
-$des_enc_obj="";
+#$des_enc_obj="";
-$des_enc_src="";
+#$des_enc_src="";
-$bf_enc_obj="";
+#$bf_enc_obj="";
-$bf_enc_src="";
+#$bf_enc_src="";
 sub do_lib_rule
        {

diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c index 43dfe09479..91e1c8987d 100644 --- a/src/lib/libcrypto/asn1/p5_pbev2.c +++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -116,6 +116,8 @@ X509_ALGOR PKCS5_pbe2_set(const EVP_CIPHER cipher, int iter,
116	if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)	116	if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
117	goto err;	117	goto err;
118		118
		119	EVP_CIPHER_CTX_init(&ctx);
		120
119	/* Dummy cipherinit to just setup the IV */	121	/* Dummy cipherinit to just setup the IV */
120	EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);	122	EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
121	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {	123	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {


diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c index b7e268f092..3ce1290772 100644 --- a/src/lib/libcrypto/bio/b_print.c +++ b/src/lib/libcrypto/bio/b_print.c
@@ -56,6 +56,13 @@
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58		58
		59	/* disable assert() unless BIO_DEBUG has been defined */
		60	#ifndef BIO_DEBUG
		61	# ifndef NDEBUG
		62	# define NDEBUG
		63	# endif
		64	#endif
		65
59	/*	66	/*
60	* Stolen from tjh's ssl/ssl_trc.c stuff.	67	* Stolen from tjh's ssl/ssl_trc.c stuff.
61	*/	68	*/
@@ -716,12 +723,13 @@ doapr_outch(
716	if (buffer) {	723	if (buffer) {
717	while (currlen >= maxlen) {	724	while (currlen >= maxlen) {
718	if (*buffer == NULL) {	725	if (*buffer == NULL) {
719	assert(*sbuffer != NULL);
720	if (*maxlen == 0)	726	if (*maxlen == 0)
721	*maxlen = 1024;	727	*maxlen = 1024;
722	buffer = OPENSSL_malloc(maxlen);	728	buffer = OPENSSL_malloc(maxlen);
723	if (*currlen > 0)	729	if (*currlen > 0) {
		730	assert(*sbuffer != NULL);
724	memcpy(buffer, sbuffer, *currlen);	731	memcpy(buffer, sbuffer, *currlen);
		732	}
725	*sbuffer = NULL;	733	*sbuffer = NULL;
726	} else {	734	} else {
727	*maxlen += 1024;	735	*maxlen += 1024;
@@ -761,7 +769,9 @@ int BIO_vprintf (BIO bio, const char format, va_list args)
761	{	769	{
762	int ret;	770	int ret;
763	size_t retlen;	771	size_t retlen;
764	MS_STATIC char hugebuf[1024*10];	772	char hugebuf[10242]; / Was previously 10k, which is unreasonable
		773	in small-stack environments, like threads
		774	or DOS programs. */
765	char *hugebufp = hugebuf;	775	char *hugebufp = hugebuf;
766	size_t hugebufsize = sizeof(hugebuf);	776	size_t hugebufsize = sizeof(hugebuf);
767	char *dynbuf = NULL;	777	char *dynbuf = NULL;


diff --git a/src/lib/libcrypto/bio/bss_bio.c b/src/lib/libcrypto/bio/bss_bio.c index a5da473031..1c485a4479 100644 --- a/src/lib/libcrypto/bio/bss_bio.c +++ b/src/lib/libcrypto/bio/bss_bio.c
@@ -7,9 +7,18 @@
7	* for which no specific BIO method is available.	7	* for which no specific BIO method is available.
8	* See ssl/ssltest.c for some hints on how this can be used. */	8	* See ssl/ssltest.c for some hints on how this can be used. */
9		9
		10	/* BIO_DEBUG implies BIO_PAIR_DEBUG */
		11	#ifdef BIO_DEBUG
		12	# ifndef BIO_PAIR_DEBUG
		13	# define BIO_PAIR_DEBUG
		14	# endif
		15	#endif
		16
		17	/* disable assert() unless BIO_PAIR_DEBUG has been defined */
10	#ifndef BIO_PAIR_DEBUG	18	#ifndef BIO_PAIR_DEBUG
11	# undef NDEBUG /* avoid conflicting definitions */	19	# ifndef NDEBUG
12	# define NDEBUG	20	# define NDEBUG
		21	# endif
13	#endif	22	#endif
14		23
15	#include <assert.h>	24	#include <assert.h>


diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h index d25b49c9d8..1eaf879553 100644 --- a/src/lib/libcrypto/bn/bn.h +++ b/src/lib/libcrypto/bn/bn.h
@@ -136,7 +136,7 @@ extern "C" {
136	#define BN_MASK2h (0xffffffff00000000LL)	136	#define BN_MASK2h (0xffffffff00000000LL)
137	#define BN_MASK2h1 (0xffffffff80000000LL)	137	#define BN_MASK2h1 (0xffffffff80000000LL)
138	#define BN_TBIT (0x8000000000000000LL)	138	#define BN_TBIT (0x8000000000000000LL)
139	#define BN_DEC_CONV (10000000000000000000LL)	139	#define BN_DEC_CONV (10000000000000000000ULL)
140	#define BN_DEC_FMT1 "%llu"	140	#define BN_DEC_FMT1 "%llu"
141	#define BN_DEC_FMT2 "%019llu"	141	#define BN_DEC_FMT2 "%019llu"
142	#define BN_DEC_NUM 19	142	#define BN_DEC_NUM 19


diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c index 41ea925b8d..7bffc9c16a 100644 --- a/src/lib/libcrypto/bn/bn_mul.c +++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -408,16 +408,22 @@ void bn_mul_recursive(BN_ULONG r, BN_ULONG a, BN_ULONG *b, int n2,
408	return;	408	return;
409	}	409	}
410	# endif	410	# endif
411	if (n2 == 8)	411	/* Only call bn_mul_comba 8 if n2 == 8 and the
		412	* two arrays are complete [steve]
		413	*/
		414	if (n2 == 8 && dna == 0 && dnb == 0)
412	{	415	{
413	bn_mul_comba8(r,a,b);	416	bn_mul_comba8(r,a,b);
414	return;	417	return;
415	}	418	}
416	# endif /* BN_MUL_COMBA */	419	# endif /* BN_MUL_COMBA */
		420	/* Else do normal multiply */
417	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)	421	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
418	{	422	{
419	/* This should not happen */	423	bn_mul_normal(r,a,n2+dna,b,n2+dnb);
420	bn_mul_normal(r,a,n2,b,n2);	424	if ((dna + dnb) < 0)
		425	memset(&r[2*n2 + dna + dnb], 0,
		426	sizeof(BN_ULONG) * -(dna + dnb));
421	return;	427	return;
422	}	428	}
423	/* r=(a[0]-a[1])(b[1]-b[0]) /	429	/* r=(a[0]-a[1])(b[1]-b[0]) /


diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index 915fe62341..0d870d60be 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h
@@ -184,7 +184,7 @@ typedef struct evp_pkey_md_st
184	EVP_rsa_octet_string(),EVP_mdc2())	184	EVP_rsa_octet_string(),EVP_mdc2())
185	#define EVP_dsa_sha() \	185	#define EVP_dsa_sha() \
186	EVP_PKEY_MD_add(NID_dsaWithSHA,\	186	EVP_PKEY_MD_add(NID_dsaWithSHA,\
187	EVP_dsa(),EVP_mdc2())	187	EVP_dsa(),EVP_sha())
188	#define EVP_dsa_sha1() \	188	#define EVP_dsa_sha1() \
189	EVP_PKEY_MD_add(NID_dsaWithSHA1,\	189	EVP_PKEY_MD_add(NID_dsaWithSHA1,\
190	EVP_dsa(),EVP_sha1())	190	EVP_dsa(),EVP_sha1())
@@ -525,7 +525,7 @@ int EVP_OpenFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl);
525		525
526	int EVP_SealInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER type, unsigned char **ek,	526	int EVP_SealInit(EVP_CIPHER_CTX ctx, const EVP_CIPHER type, unsigned char **ek,
527	int ekl, unsigned char iv,EVP_PKEY **pubk, int npubk);	527	int ekl, unsigned char iv,EVP_PKEY **pubk, int npubk);
528	void EVP_SealFinal(EVP_CIPHER_CTX ctx,unsigned char out,int *outl);	528	int EVP_SealFinal(EVP_CIPHER_CTX ctx,unsigned char out,int *outl);
529		529
530	void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);	530	void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
531	void EVP_EncodeUpdate(EVP_ENCODE_CTX ctx,unsigned char out,	531	void EVP_EncodeUpdate(EVP_ENCODE_CTX ctx,unsigned char out,


diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index d28a7d266e..32a1c7a2e9 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -102,11 +102,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
102	goto skip_to_init;	102	goto skip_to_init;
103	if (cipher)	103	if (cipher)
104	{	104	{
105	/* Ensure an ENGINE left lying around from last time is cleared	105	/* Ensure a context left lying around from last time is cleared
106	* (the previous check attempted to avoid this if the same	106	* (the previous check attempted to avoid this if the same
107	* ENGINE and EVP_CIPHER could be used). */	107	* ENGINE and EVP_CIPHER could be used). */
108	if(ctx->engine)	108	EVP_CIPHER_CTX_cleanup(ctx);
109	ENGINE_finish(ctx->engine);	109
		110	/* Restore encrypt field: it is zeroed by cleanup */
		111	ctx->encrypt = enc;
110	if(impl)	112	if(impl)
111	{	113	{
112	if (!ENGINE_init(impl))	114	if (!ENGINE_init(impl))
@@ -140,6 +142,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX ctx, const EVP_CIPHER cipher, ENGINE *imp
140	}	142	}
141	else	143	else
142	ctx->engine = NULL;	144	ctx->engine = NULL;
		145
143	ctx->cipher=cipher;	146	ctx->cipher=cipher;
144	ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);	147	ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
145	ctx->key_len = cipher->key_len;	148	ctx->key_len = cipher->key_len;
@@ -303,7 +306,6 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
303	{	306	{
304	int ret;	307	int ret;
305	ret = EVP_EncryptFinal_ex(ctx, out, outl);	308	ret = EVP_EncryptFinal_ex(ctx, out, outl);
306	EVP_CIPHER_CTX_cleanup(ctx);
307	return ret;	309	return ret;
308	}	310	}
309		311
@@ -314,14 +316,12 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
314	b=ctx->cipher->block_size;	316	b=ctx->cipher->block_size;
315	if (b == 1)	317	if (b == 1)
316	{	318	{
317	EVP_CIPHER_CTX_cleanup(ctx);
318	*outl=0;	319	*outl=0;
319	return 1;	320	return 1;
320	}	321	}
321	bl=ctx->buf_len;	322	bl=ctx->buf_len;
322	if (ctx->flags & EVP_CIPH_NO_PADDING)	323	if (ctx->flags & EVP_CIPH_NO_PADDING)
323	{	324	{
324	EVP_CIPHER_CTX_cleanup(ctx);
325	if(bl)	325	if(bl)
326	{	326	{
327	EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);	327	EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
@@ -336,7 +336,6 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
336	ctx->buf[i]=n;	336	ctx->buf[i]=n;
337	ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);	337	ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
338		338
339	EVP_CIPHER_CTX_cleanup(ctx);
340		339
341	if(ret)	340	if(ret)
342	*outl=b;	341	*outl=b;
@@ -394,7 +393,6 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
394	{	393	{
395	int ret;	394	int ret;
396	ret = EVP_DecryptFinal_ex(ctx, out, outl);	395	ret = EVP_DecryptFinal_ex(ctx, out, outl);
397	EVP_CIPHER_CTX_cleanup(ctx);
398	return ret;	396	return ret;
399	}	397	}
400		398
@@ -407,7 +405,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
407	b=ctx->cipher->block_size;	405	b=ctx->cipher->block_size;
408	if (ctx->flags & EVP_CIPH_NO_PADDING)	406	if (ctx->flags & EVP_CIPH_NO_PADDING)
409	{	407	{
410	EVP_CIPHER_CTX_cleanup(ctx);
411	if(ctx->buf_len)	408	if(ctx->buf_len)
412	{	409	{
413	EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);	410	EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
@@ -420,14 +417,12 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
420	{	417	{
421	if (ctx->buf_len \|\| !ctx->final_used)	418	if (ctx->buf_len \|\| !ctx->final_used)
422	{	419	{
423	EVP_CIPHER_CTX_cleanup(ctx);
424	EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);	420	EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
425	return(0);	421	return(0);
426	}	422	}
427	n=ctx->final[b-1];	423	n=ctx->final[b-1];
428	if (n > b)	424	if (n > b)
429	{	425	{
430	EVP_CIPHER_CTX_cleanup(ctx);
431	EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);	426	EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
432	return(0);	427	return(0);
433	}	428	}
@@ -435,7 +430,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
435	{	430	{
436	if (ctx->final[--b] != n)	431	if (ctx->final[--b] != n)
437	{	432	{
438	EVP_CIPHER_CTX_cleanup(ctx);
439	EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);	433	EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
440	return(0);	434	return(0);
441	}	435	}
@@ -447,17 +441,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
447	}	441	}
448	else	442	else
449	*outl=0;	443	*outl=0;
450	EVP_CIPHER_CTX_cleanup(ctx);
451	return(1);	444	return(1);
452	}	445	}
453		446
454	int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)	447	int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
455	{	448	{
456	if ((c->cipher != NULL) && (c->cipher->cleanup != NULL))	449	if (c->cipher != NULL)
457	{	450	{
458	if(!c->cipher->cleanup(c)) return 0;	451	if(c->cipher->cleanup && !c->cipher->cleanup(c))
		452	return 0;
		453	/* Zero cipher context data */
		454	if (c->cipher_data)
		455	memset(c->cipher_data, 0, c->cipher->ctx_size);
459	}	456	}
460	OPENSSL_free(c->cipher_data);	457	if (c->cipher_data)
		458	OPENSSL_free(c->cipher_data);
461	if (c->engine)	459	if (c->engine)
462	/* The EVP_CIPHER we used belongs to an ENGINE, release the	460	/* The EVP_CIPHER we used belongs to an ENGINE, release the
463	* functional reference we held for this reason. */	461	* functional reference we held for this reason. */


diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c index 3607fe7776..decd0713d6 100644 --- a/src/lib/libcrypto/evp/evp_test.c +++ b/src/lib/libcrypto/evp/evp_test.c
@@ -209,6 +209,8 @@ static void test1(const EVP_CIPHER c,const unsigned char key,int kn,
209	exit(9);	209	exit(9);
210	}	210	}
211		211
		212	EVP_CIPHER_CTX_cleanup(&ctx);
		213
212	printf("\n");	214	printf("\n");
213	}	215	}
214		216
@@ -279,6 +281,8 @@ static int test_digest(const char *digest,
279		281
280	printf("\n");	282	printf("\n");
281		283
		284	EVP_MD_CTX_cleanup(&ctx);
		285
282	return 1;	286	return 1;
283	}	287	}
284		288


diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c index 5570ca3745..37e547fe72 100644 --- a/src/lib/libcrypto/evp/p_seal.c +++ b/src/lib/libcrypto/evp/p_seal.c
@@ -106,8 +106,10 @@ int inl;
106	}	106	}
107	*/	107	*/
108		108
109	void EVP_SealFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)	109	int EVP_SealFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
110	{	110	{
111	EVP_EncryptFinal_ex(ctx,out,outl);	111	int i;
		112	i = EVP_EncryptFinal_ex(ctx,out,outl);
112	EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);	113	EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
		114	return i;
113	}	115	}


diff --git a/src/lib/libcrypto/ui/ui_openssl.c b/src/lib/libcrypto/ui/ui_openssl.c index 3aa03f74aa..4e12165410 100644 --- a/src/lib/libcrypto/ui/ui_openssl.c +++ b/src/lib/libcrypto/ui/ui_openssl.c
@@ -465,7 +465,7 @@ static int open_console(UI *ui)
465	tty_out=stderr;	465	tty_out=stderr;
466	#endif	466	#endif
467		467
468	#if defined(TTY_get) && !defined(VMS)	468	#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
469	if (TTY_get(fileno(tty_in),&tty_orig) == -1)	469	if (TTY_get(fileno(tty_in),&tty_orig) == -1)
470	{	470	{
471	#ifdef ENOTTY	471	#ifdef ENOTTY


diff --git a/src/lib/libcrypto/util/pl/Mingw32.pl b/src/lib/libcrypto/util/pl/Mingw32.pl index 37f36126f3..45ab685974 100644 --- a/src/lib/libcrypto/util/pl/Mingw32.pl +++ b/src/lib/libcrypto/util/pl/Mingw32.pl
@@ -25,6 +25,8 @@ if ($gaswin and !$no_asm)
25	{	25	{
26	$bn_asm_obj='$(OBJ_D)/bn-win32.o';	26	$bn_asm_obj='$(OBJ_D)/bn-win32.o';
27	$bn_asm_src='crypto/bn/asm/bn-win32.s';	27	$bn_asm_src='crypto/bn/asm/bn-win32.s';
		28	$bnco_asm_obj='$(OBJ_D)/co-win32.o';
		29	$bnco_asm_src='crypto/bn/asm/co-win32.s';
28	$des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o';	30	$des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o';
29	$des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';	31	$des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';
30	$bf_enc_obj='$(OBJ_D)/b-win32.o';	32	$bf_enc_obj='$(OBJ_D)/b-win32.o';
@@ -66,12 +68,12 @@ $lfile='';
66		68
67	$asm='as';	69	$asm='as';
68	$afile='-o ';	70	$afile='-o ';
69	$bn_asm_obj="";	71	#$bn_asm_obj="";
70	$bn_asm_src="";	72	#$bn_asm_src="";
71	$des_enc_obj="";	73	#$des_enc_obj="";
72	$des_enc_src="";	74	#$des_enc_src="";
73	$bf_enc_obj="";	75	#$bf_enc_obj="";
74	$bf_enc_src="";	76	#$bf_enc_src="";
75		77
76	sub do_lib_rule	78	sub do_lib_rule
77	{	79	{