6 files changed, 26 insertions, 19 deletions

diff --git a/src/lib/libcrypto/pem/Makefile.ssl b/src/lib/libcrypto/pem/Makefile.ssl
index 5075d9107b..d3043eb401 100644
--- a/src/lib/libcrypto/pem/Makefile.ssl
+++ b/src/lib/libcrypto/pem/Makefile.ssl
@@ -71,7 +71,7 @@ lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-        $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
 
 dclean:
         $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
index 3785fca77d..d330cbf9a3 100644
--- a/src/lib/libcrypto/pem/pem.h
+++ b/src/lib/libcrypto/pem/pem.h
@@ -149,7 +149,7 @@ typedef struct pem_recip_st
 
         int cipher;
         int key_enc;
-        char iv[8];
+        /*      char iv[8]; unused and wrong size */
         } PEM_USER;
 
 typedef struct pem_ctx_st
@@ -165,7 +165,8 @@ typedef struct pem_ctx_st
 
         struct  {
                 int cipher;
-                unsigned char iv[8];
+        /* unused, and wrong size
+           unsigned char iv[8]; */
                 } DEK_info;
                 
         PEM_USER *originator;
@@ -187,7 +188,8 @@ typedef struct pem_ctx_st
         EVP_CIPHER *dec;        /* date encryption cipher */
         int key_len;            /* key length */
         unsigned char *key;     /* key */
-        unsigned char iv[8];    /* the iv */
+        /* unused, and wrong size
+           unsigned char iv[8]; */
 
         
         int  data_enc;          /* is the data encrypted */
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 9a6dffb45c..9e4af29c95 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -324,6 +324,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                                 }
 
                         /* create the right magic header stuff */
+                        OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
                         buf[0]='\0';
                         PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
                         PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
@@ -358,7 +359,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
         ret=1;
 
 err:
-        memset((char *)&ctx,0,sizeof(ctx));
-        memset(buf,0,PEM_BUFSIZE);
+        OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+        OPENSSL_cleanse(buf,PEM_BUFSIZE);
         return(ret);
         }
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 50f5733654..3bec2d7e9f 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -138,7 +138,7 @@ void PEM_proc_type(char *buf, int type)
 
 void PEM_dek_info(char *buf, const char *type, int len, char *str)
         {
-        static unsigned char map[17]="0123456789ABCDEF";
+        static const unsigned char map[17]="0123456789ABCDEF";
         long i;
         int j;
 
@@ -251,7 +251,7 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char
         ret = 1;
 
 err:
-        if (!pnm) OPENSSL_free(nm);
+        if (!ret || !pnm) OPENSSL_free(nm);
         OPENSSL_free(header);
         if (!ret) OPENSSL_free(data);
         return ret;
@@ -306,6 +306,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
                 goto err;
                 }
         /* dzise + 8 bytes are needed */
+        /* actually it needs the cipher block size extra... */
         data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
         if (data == NULL)
                 {
@@ -335,13 +336,16 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
                         kstr=(unsigned char *)buf;
                         }
                 RAND_add(data,i,0);/* put in the RSA key. */
+                OPENSSL_assert(enc->iv_len <= sizeof iv);
                 if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
                         goto err;
                 /* The 'iv' is used as the iv and as a salt.  It is
                  * NOT taken from the BytesToKey function */
                 EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
 
-                if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+                if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
+
+                OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
 
                 buf[0]='\0';
                 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
@@ -364,13 +368,13 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
         i=PEM_write_bio(bp,name,buf,data,i);
         if (i <= 0) ret=0;
 err:
-        memset(key,0,sizeof(key));
-        memset(iv,0,sizeof(iv));
-        memset((char *)&ctx,0,sizeof(ctx));
-        memset(buf,0,PEM_BUFSIZE);
+        OPENSSL_cleanse(key,sizeof(key));
+        OPENSSL_cleanse(iv,sizeof(iv));
+        OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+        OPENSSL_cleanse(buf,PEM_BUFSIZE);
         if (data != NULL)
                 {
-                memset(data,0,(unsigned int)dsize);
+                OPENSSL_cleanse(data,(unsigned int)dsize);
                 OPENSSL_free(data);
                 }
         return(ret);
@@ -411,8 +415,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
         EVP_DecryptUpdate(&ctx,data,&i,data,j);
         o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
         EVP_CIPHER_CTX_cleanup(&ctx);
-        memset((char *)buf,0,sizeof(buf));
-        memset((char *)key,0,sizeof(key));
+        OPENSSL_cleanse((char *)buf,sizeof(buf));
+        OPENSSL_cleanse((char *)key,sizeof(key));
         j+=i;
         if (!o)
                 {
@@ -693,7 +697,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
                         if (strncmp(buf,"-----END ",9) == 0)
                                 break;
                         if (i > 65) break;
-                        if (!BUF_MEM_grow(dataB,i+bl+9))
+                        if (!BUF_MEM_grow_clean(dataB,i+bl+9))
                                 {
                                 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
                                 goto err;
diff --git a/src/lib/libcrypto/pem/pem_pk8.c b/src/lib/libcrypto/pem/pem_pk8.c
index f44182ffb5..db38a2a79d 100644
--- a/src/lib/libcrypto/pem/pem_pk8.c
+++ b/src/lib/libcrypto/pem/pem_pk8.c
@@ -136,7 +136,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER
                         kstr = buf;
                 }
                 p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
-                if(kstr == buf) memset(buf, 0, klen);
+                if(kstr == buf) OPENSSL_cleanse(buf, klen);
                 PKCS8_PRIV_KEY_INFO_free(p8inf);
                 if(isder) ret = i2d_PKCS8_bio(bp, p8);
                 else ret = PEM_write_bio_PKCS8(bp, p8);
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index ae463a301d..56e08abd70 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -112,7 +112,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
         ret=npubk;
 err:
         if (s != NULL) OPENSSL_free(s);
-        memset(key,0,EVP_MAX_KEY_LENGTH);
+        OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
         return(ret);
         }