diff options
Diffstat (limited to 'crypto')
74 files changed, 231 insertions, 123 deletions
diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index 87bf60f6f2bf..faa66c49148f 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -1,4 +1,4 @@ -/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes.h */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c index e39231f17cb8..805d0e260a6f 100644 --- a/crypto/aes/aes_cbc.c +++ b/crypto/aes/aes_cbc.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_cbc.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * diff --git a/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c index 1c79ce2dbaa1..1225000963ea 100644 --- a/crypto/aes/aes_cfb.c +++ b/crypto/aes/aes_cfb.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_cfb.c */ /* ==================================================================== * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. * diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 2ddb0860d78a..7019b5d7aa3a 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_core.c */ /** * rijndael-alg-fst.c * diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c index 3ee382299881..9e760c4b12ad 100644 --- a/crypto/aes/aes_ctr.c +++ b/crypto/aes/aes_ctr.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_ctr.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c index 2e0d20ca224e..52151a5c70f4 100644 --- a/crypto/aes/aes_ecb.c +++ b/crypto/aes/aes_ecb.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_ecb.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index cf31c9bba44a..8f2b7706472a 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_ige.c */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * diff --git a/crypto/aes/aes_locl.h b/crypto/aes/aes_locl.h index fabfd02ac095..7acd74ec1603 100644 --- a/crypto/aes/aes_locl.h +++ b/crypto/aes/aes_locl.h @@ -1,4 +1,4 @@ -/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes.h */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c index ab948ad85eb4..fafad4d6f57a 100644 --- a/crypto/aes/aes_misc.c +++ b/crypto/aes/aes_misc.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_misc.c */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * diff --git a/crypto/aes/aes_ofb.c b/crypto/aes/aes_ofb.c index e6153f99ba70..64a08caaec6d 100644 --- a/crypto/aes/aes_ofb.c +++ b/crypto/aes/aes_ofb.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_ofb.c */ /* ==================================================================== * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. * diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c index 1defbb1abfb2..428bd58d3881 100644 --- a/crypto/aes/aes_x86core.c +++ b/crypto/aes/aes_x86core.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/aes/aes_core.c */ /** * rijndael-alg-fst.c * diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index d583cc108508..c5c95dec6ddd 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -478,11 +478,11 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) # define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) # define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) +# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL) # define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) -/* BIO_s_accept_socket() */ +/* BIO_s_accept() */ # define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) # define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ @@ -495,6 +495,7 @@ struct bio_dgram_sctp_prinfo { # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) # define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +/* BIO_s_accept() and BIO_s_connect() */ # define BIO_do_connect(b) BIO_do_handshake(b) # define BIO_do_accept(b) BIO_do_handshake(b) # define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) @@ -514,12 +515,15 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) # define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) +/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ # define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) # define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) +/* BIO_s_file() */ # define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) # define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) +/* BIO_s_fd() and BIO_s_file() */ # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) # define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index d629a37a5a1d..4d8727f8f890 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -1,4 +1,4 @@ -/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */ +/* crypto/bio/bss_bio.c */ /* ==================================================================== * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 6a5e8de8812a..ed214ca6f19a 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) { BIO *dbio; int *ip; - const char **pptr; + const char **pptr = NULL; long ret = 1; BIO_CONNECT *data; @@ -442,19 +442,28 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_GET_CONNECT: if (ptr != NULL) { pptr = (const char **)ptr; - if (num == 0) { - *pptr = data->param_hostname; + } - } else if (num == 1) { - *pptr = data->param_port; - } else if (num == 2) { - *pptr = (char *)&(data->ip[0]); - } else if (num == 3) { - *((int *)ptr) = data->port; + if (b->init) { + if (pptr != NULL) { + ret = 1; + if (num == 0) { + *pptr = data->param_hostname; + } else if (num == 1) { + *pptr = data->param_port; + } else if (num == 2) { + *pptr = (char *)&(data->ip[0]); + } else { + ret = 0; + } + } + if (num == 3) { + ret = data->port; } - if ((!b->init) || (ptr == NULL)) + } else { + if (pptr != NULL) *pptr = "not initialized"; - ret = 1; + ret = 0; } break; case BIO_C_SET_CONNECT: diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index e3e3dd0503a8..d12b83a8dcf3 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -515,10 +515,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) switch (cmd) { case BIO_CTRL_RESET: num = 0; - case BIO_C_FILE_SEEK: ret = 0; break; - case BIO_C_FILE_TELL: case BIO_CTRL_INFO: ret = 0; break; diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 7e33ba914023..48396254e036 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -271,9 +271,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); - if (bits == 0) { - ret = BN_one(r); + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(r); + } else { + ret = BN_one(r); + } return ret; } @@ -407,7 +412,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); if (bits == 0) { - ret = BN_one(rr); + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(rr); + } else { + ret = BN_one(rr); + } return ret; } @@ -579,7 +590,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, * precomputation memory layout to limit data-dependency to a minimum to * protect secret exponents (cf. the hyper-threading timing attacks pointed * out by Colin Percival, - * http://www.daemong-consideredperthreading-considered-harmful/) + * http://www.daemonology.net/hyperthreading-considered-harmful/) */ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, @@ -608,7 +619,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - ret = BN_one(rr); + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(rr); + } else { + ret = BN_one(rr); + } return ret; } @@ -908,8 +925,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, if (BN_is_one(m)) { ret = 1; BN_zero(rr); - } else + } else { ret = BN_one(rr); + } return ret; } if (a == 0) { @@ -1023,9 +1041,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); - - if (bits == 0) { - ret = BN_one(r); + if (bits == 0) { + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(r); + } else { + ret = BN_one(r); + } return ret; } diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c index 8b3a4bae4328..ac611c2e2614 100644 --- a/crypto/bn/exptest.c +++ b/crypto/bn/exptest.c @@ -73,14 +73,34 @@ static const char rnd_seed[] = "string to make the random number generator think it has entropy"; /* + * Test that r == 0 in test_exp_mod_zero(). Returns one on success, + * returns zero and prints debug output otherwise. + */ +static int a_is_zero_mod_one(const char *method, const BIGNUM *r, + const BIGNUM *a) { + if (!BN_is_zero(r)) { + fprintf(stderr, "%s failed:\n", method); + fprintf(stderr, "a ** 0 mod 1 = r (should be 0)\n"); + fprintf(stderr, "a = "); + BN_print_fp(stderr, a); + fprintf(stderr, "\nr = "); + BN_print_fp(stderr, r); + fprintf(stderr, "\n"); + return 0; + } + return 1; +} + +/* * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */ static int test_exp_mod_zero() { BIGNUM a, p, m; BIGNUM r; + BN_ULONG one_word = 1; BN_CTX *ctx = BN_CTX_new(); - int ret = 1; + int ret = 1, failed = 0; BN_init(&m); BN_one(&m); @@ -92,21 +112,65 @@ static int test_exp_mod_zero() BN_zero(&p); BN_init(&r); - BN_mod_exp(&r, &a, &p, &m, ctx); - BN_CTX_free(ctx); - if (BN_is_zero(&r)) - ret = 0; - else { - printf("1**0 mod 1 = "); - BN_print_fp(stdout, &r); - printf(", should be 0\n"); + if (!BN_rand(&a, 1024, 0, 0)) + goto err; + + if (!BN_mod_exp(&r, &a, &p, &m, ctx)) + goto err; + + if (!a_is_zero_mod_one("BN_mod_exp", &r, &a)) + failed = 1; + + if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx)) + goto err; + + if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a)) + failed = 1; + + if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx)) + goto err; + + if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a)) + failed = 1; + + if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL)) + goto err; + + if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a)) + failed = 1; + + if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) { + goto err; + } + + if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a)) + failed = 1; + + /* + * A different codepath exists for single word multiplication + * in non-constant-time only. + */ + if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL)) + goto err; + + if (!BN_is_zero(&r)) { + fprintf(stderr, "BN_mod_exp_mont_word failed:\n"); + fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n"); + fprintf(stderr, "r = "); + BN_print_fp(stderr, &r); + fprintf(stderr, "\n"); + return 0; } + ret = failed; + + err: BN_free(&r); BN_free(&a); BN_free(&p); BN_free(&m); + BN_CTX_free(ctx); return ret; } diff --git a/crypto/camellia/camellia.c b/crypto/camellia/camellia.c index b4a6766c623c..719fa61cf627 100644 --- a/crypto/camellia/camellia.c +++ b/crypto/camellia/camellia.c @@ -1,4 +1,4 @@ -/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/camellia.c */ /* ==================================================================== * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . * ALL RIGHTS RESERVED. @@ -67,7 +67,7 @@ /* * Algorithm Specification - * http://info.isl.llia/specicrypt/eng/camellia/specifications.html + * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html */ /* diff --git a/crypto/camellia/camellia.h b/crypto/camellia/camellia.h index 9be7c0fd9996..45e8d25b1dd5 100644 --- a/crypto/camellia/camellia.h +++ b/crypto/camellia/camellia.h @@ -1,4 +1,4 @@ -/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/camellia.h */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * diff --git a/crypto/camellia/cmll_cbc.c b/crypto/camellia/cmll_cbc.c index a4907ca05f78..4017e00d9272 100644 --- a/crypto/camellia/cmll_cbc.c +++ b/crypto/camellia/cmll_cbc.c @@ -1,4 +1,4 @@ -/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/camellia_cbc.c */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * diff --git a/crypto/camellia/cmll_cfb.c b/crypto/camellia/cmll_cfb.c index 59b85225c35e..78f2ae4566b1 100644 --- a/crypto/camellia/cmll_cfb.c +++ b/crypto/camellia/cmll_cfb.c @@ -1,4 +1,4 @@ -/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/camellia_cfb.c */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * diff --git a/crypto/camellia/cmll_ctr.c b/crypto/camellia/cmll_ctr.c index b8f523d44648..95e26621b7d8 100644 --- a/crypto/camellia/cmll_ctr.c +++ b/crypto/camellia/cmll_ctr.c @@ -1,4 +1,4 @@ -/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/camellia_ctr.c */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * diff --git a/crypto/camellia/cmll_ecb.c b/crypto/camellia/cmll_ecb.c index 16f1af86ac38..b030791b275c 100644 --- a/crypto/camellia/cmll_ecb.c +++ b/crypto/camellia/cmll_ecb.c @@ -1,4 +1,4 @@ -/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/camellia_ecb.c */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * diff --git a/crypto/camellia/cmll_locl.h b/crypto/camellia/cmll_locl.h index 4e4707b6213e..2bd79b8c4eb3 100644 --- a/crypto/camellia/cmll_locl.h +++ b/crypto/camellia/cmll_locl.h @@ -1,4 +1,4 @@ -/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/camellia_locl.h */ /* ==================================================================== * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . * ALL RIGHTS RESERVED. diff --git a/crypto/camellia/cmll_misc.c b/crypto/camellia/cmll_misc.c index cbd250227bec..694d2fac8f1f 100644 --- a/crypto/camellia/cmll_misc.c +++ b/crypto/camellia/cmll_misc.c @@ -1,4 +1,4 @@ -/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/camellia_misc.c */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * diff --git a/crypto/camellia/cmll_ofb.c b/crypto/camellia/cmll_ofb.c index 46c3ae2af737..85eb8921568f 100644 --- a/crypto/camellia/cmll_ofb.c +++ b/crypto/camellia/cmll_ofb.c @@ -1,4 +1,4 @@ -/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/camellia_ofb.c */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * diff --git a/crypto/camellia/cmll_utl.c b/crypto/camellia/cmll_utl.c index d19ee19317ce..d5eb6b4d68b1 100644 --- a/crypto/camellia/cmll_utl.c +++ b/crypto/camellia/cmll_utl.c @@ -1,4 +1,4 @@ -/* crypto/camellia/cmll_utl.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/camellia/cmll_utl.c */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c index 54b0968e663b..c5c5a00f00c1 100644 --- a/crypto/des/des_old.c +++ b/crypto/des/des_old.c @@ -1,4 +1,4 @@ -/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/des/des_old.c */ /*- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index f1e1e2cb09cf..ee7607a2415f 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -1,4 +1,4 @@ -/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/des/des_old.h */ /*- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING diff --git a/crypto/des/des_old2.c b/crypto/des/des_old2.c index f7d28a671355..247ff8dcf85f 100644 --- a/crypto/des/des_old2.c +++ b/crypto/des/des_old2.c @@ -1,4 +1,4 @@ -/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/des/des_old.c */ /* * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 6edb26d97397..9a3772e00dac 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -187,9 +187,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) goto err; - ret = DSA_SIG_new(); - if (ret == NULL) - goto err; /* * Redo if r or s is zero as required by FIPS 186-3: this is very * unlikely. @@ -201,11 +198,14 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) } goto redo; } + ret = DSA_SIG_new(); + if (ret == NULL) + goto err; ret->r = r; ret->s = s; err: - if (!ret) { + if (ret == NULL) { DSAerr(DSA_F_DSA_DO_SIGN, reason); BN_free(r); BN_free(s); diff --git a/crypto/dso/dso.h b/crypto/dso/dso.h index 7c4a1dc4a620..c9013f5cea8b 100644 --- a/crypto/dso/dso.h +++ b/crypto/dso/dso.h @@ -1,4 +1,4 @@ -/* dso.h -*- mode:C; c-file-style: "eay" -*- */ +/* dso.h */ /* * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project * 2000. diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index 0087ac54afe1..ceedf66e8856 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -1,4 +1,4 @@ -/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */ +/* dso_dl.c */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2000. diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index f629f0380d8c..78df723ffbae 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -1,4 +1,4 @@ -/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */ +/* dso_dlfcn.c */ /* * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project * 2000. diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index 09b8eafccacc..3312450eae67 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -1,4 +1,4 @@ -/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */ +/* dso_lib.c */ /* * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project * 2000. diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index fede530bc139..efab0b07b1d2 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -1591,7 +1591,7 @@ struct nistp_test_params { int degree; /* * Qx, Qy and D are taken from - * http://csrcdocut.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf + * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf * Otherwise, values are standard curve parameters from FIPS 180-3 */ const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d; diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 7edf12e7e174..66c4374d5e56 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -1,4 +1,4 @@ -/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */ +/* crypto/engine/eng_all.c */ /* * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project * 2000. diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index 27bc4892fff8..f7b135dae804 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -1,4 +1,4 @@ -/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/evp/e_camellia.c */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c index c93f5a548163..a23d143b7fae 100644 --- a/crypto/evp/e_old.c +++ b/crypto/evp/e_old.c @@ -1,4 +1,4 @@ -/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/evp/e_old.c */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2004. diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c index c948a8f3914f..7249d1b1eecb 100644 --- a/crypto/evp/e_seed.c +++ b/crypto/evp/e_seed.c @@ -1,4 +1,4 @@ -/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/evp/e_seed.c */ /* ==================================================================== * Copyright (c) 2007 The OpenSSL Project. All rights reserved. * diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c index 1a06636d0ce8..ab85344eef38 100644 --- a/crypto/mem_clr.c +++ b/crypto/mem_clr.c @@ -1,4 +1,4 @@ -/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/mem_clr.c */ /* * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project * 2002. diff --git a/crypto/o_dir.c b/crypto/o_dir.c index 26242444c885..f9dbed871127 100644 --- a/crypto/o_dir.c +++ b/crypto/o_dir.c @@ -1,4 +1,4 @@ -/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/o_dir.c */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2004. diff --git a/crypto/o_dir.h b/crypto/o_dir.h index d55431194ef2..bf45a14d02ec 100644 --- a/crypto/o_dir.h +++ b/crypto/o_dir.h @@ -1,4 +1,4 @@ -/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/o_dir.h */ /* * Copied from Richard Levitte's (richard@levitte.org) LP library. All * symbol names have been changed, with permission from the author. diff --git a/crypto/o_dir_test.c b/crypto/o_dir_test.c index 7cdbbbc403e7..60436b72ce37 100644 --- a/crypto/o_dir_test.c +++ b/crypto/o_dir_test.c @@ -1,4 +1,4 @@ -/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/o_dir.h */ /* * Copied from Richard Levitte's (richard@levitte.org) LP library. All * symbol names have been changed, with permission from the author. diff --git a/crypto/o_str.c b/crypto/o_str.c index b23ef323b124..fd4087ffe30b 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -1,4 +1,4 @@ -/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/o_str.c */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2003. diff --git a/crypto/o_str.h b/crypto/o_str.h index 5313528ed926..fa512eb39784 100644 --- a/crypto/o_str.h +++ b/crypto/o_str.h @@ -1,4 +1,4 @@ -/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/o_str.h */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2003. diff --git a/crypto/o_time.c b/crypto/o_time.c index e18b71d484ff..297bfafaf92c 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -1,4 +1,4 @@ -/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/o_time.c */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2001. diff --git a/crypto/o_time.h b/crypto/o_time.h index 901b2005677e..8e49e66b91e9 100644 --- a/crypto/o_time.h +++ b/crypto/o_time.h @@ -1,4 +1,4 @@ -/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/o_time.h */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2001. diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 9b1afc5af722..3af71c493f09 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1000111fL +# define OPENSSL_VERSION_NUMBER 0x1000112fL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q-fips 3 Dec 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1r-fips 28 Jan 2016" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1q 3 Dec 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1r 28 Jan 2016" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/rc4/rc4_utl.c b/crypto/rc4/rc4_utl.c index 7c6a15f1c71f..cbd4a24e4b4d 100644 --- a/crypto/rc4/rc4_utl.c +++ b/crypto/rc4/rc4_utl.c @@ -1,4 +1,4 @@ -/* crypto/rc4/rc4_utl.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/rc4/rc4_utl.c */ /* ==================================================================== * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index f4383860b58b..607faa00171e 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -1,4 +1,4 @@ -/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */ +/* crypto/rsa/rsa_chk.c */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 41c827f45313..cf4c026c4f63 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, return 0; } #endif - if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { + if (rsa->meth->rsa_sign) { return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); } /* Special case: SSL signature, just check the length */ @@ -304,7 +304,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { - if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) { + if (rsa->meth->rsa_verify) { return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); } diff --git a/crypto/seed/seed_cbc.c b/crypto/seed/seed_cbc.c index 33e6887740e9..ee1115b4c113 100644 --- a/crypto/seed/seed_cbc.c +++ b/crypto/seed/seed_cbc.c @@ -1,4 +1,4 @@ -/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/seed/seed_cbc.c */ /* ==================================================================== * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. * diff --git a/crypto/seed/seed_cfb.c b/crypto/seed/seed_cfb.c index 3437d7b4e111..b6a5648b35fd 100644 --- a/crypto/seed/seed_cfb.c +++ b/crypto/seed/seed_cfb.c @@ -1,4 +1,4 @@ -/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/seed/seed_cfb.c */ /* ==================================================================== * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. * diff --git a/crypto/seed/seed_ecb.c b/crypto/seed/seed_ecb.c index 937a31b42a87..9363d5508044 100644 --- a/crypto/seed/seed_ecb.c +++ b/crypto/seed/seed_ecb.c @@ -1,4 +1,4 @@ -/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/seed/seed_ecb.c */ /* ==================================================================== * Copyright (c) 2007 The OpenSSL Project. All rights reserved. * diff --git a/crypto/seed/seed_ofb.c b/crypto/seed/seed_ofb.c index 6974302ce80f..48b71224c52c 100644 --- a/crypto/seed/seed_ofb.c +++ b/crypto/seed/seed_ofb.c @@ -1,4 +1,4 @@ -/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/seed/seed_ofb.c */ /* ==================================================================== * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. * diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index 0052a95c7dd4..551a348df37f 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -157,8 +157,8 @@ int main(int argc, char *argv[]) if (err) printf("ERROR: %d\n", err); # endif - EXIT(err); EVP_MD_CTX_cleanup(&c); + EXIT(err); return (0); } diff --git a/crypto/store/store.h b/crypto/store/store.h index 834334104907..ce3709d9f00b 100644 --- a/crypto/store/store.h +++ b/crypto/store/store.h @@ -1,4 +1,4 @@ -/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/store/store.h */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2003. diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 227b797b5949..e3d5da938868 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -1,4 +1,4 @@ -/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/store/str_lib.c */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2003. diff --git a/crypto/store/str_locl.h b/crypto/store/str_locl.h index ac55784df0aa..c0b40f0db674 100644 --- a/crypto/store/str_locl.h +++ b/crypto/store/str_locl.h @@ -1,4 +1,4 @@ -/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/store/str_locl.h */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2003. diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 8edd0eb41b12..6eee5bba2922 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -1,4 +1,4 @@ -/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/store/str_mem.c */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2003. diff --git a/crypto/store/str_meth.c b/crypto/store/str_meth.c index d83a6de0fc47..c83fbc565aac 100644 --- a/crypto/store/str_meth.c +++ b/crypto/store/str_meth.c @@ -1,4 +1,4 @@ -/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/store/str_meth.c */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2003. diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 1a3a7c5248c8..e24b2d538808 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -255,7 +255,8 @@ static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, /* chain is an out argument. */ *chain = NULL; - X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted); + if (!X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted)) + return 0; X509_STORE_CTX_set_purpose(&cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN); i = X509_verify_cert(&cert_ctx); if (i <= 0) { diff --git a/crypto/ui/ui.h b/crypto/ui/ui.h index b917edab3a7a..0dc16330b870 100644 --- a/crypto/ui/ui.h +++ b/crypto/ui/ui.h @@ -1,4 +1,4 @@ -/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/ui/ui.h */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2001. diff --git a/crypto/ui/ui_compat.c b/crypto/ui/ui_compat.c index 0ca5284f91c0..e79d54eea682 100644 --- a/crypto/ui/ui_compat.c +++ b/crypto/ui/ui_compat.c @@ -1,4 +1,4 @@ -/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/ui/ui_compat.c */ /* ==================================================================== * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. * diff --git a/crypto/ui/ui_compat.h b/crypto/ui/ui_compat.h index 42fb9ff6500f..bf541542c041 100644 --- a/crypto/ui/ui_compat.h +++ b/crypto/ui/ui_compat.h @@ -1,4 +1,4 @@ -/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/ui/ui.h */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2001. diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 5ddd7317e52b..2f580352ce8f 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -1,4 +1,4 @@ -/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/ui/ui_lib.c */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2001. diff --git a/crypto/ui/ui_locl.h b/crypto/ui/ui_locl.h index 0d919cd7b1cc..bebc13abfc52 100644 --- a/crypto/ui/ui_locl.h +++ b/crypto/ui/ui_locl.h @@ -1,4 +1,4 @@ -/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/ui/ui.h */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2001. diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 829ea8691eb5..a8b3d0cad6fd 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -1,4 +1,4 @@ -/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/ui/ui_openssl.c */ /* * Written by Richard Levitte (richard@levitte.org) and others for the * OpenSSL project 2001. diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index f65f80d71de6..0f290115d0f8 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -1,4 +1,4 @@ -/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/ui/ui_util.c */ /* ==================================================================== * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. * diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 7009ae63076e..3bad523f7114 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2026,9 +2026,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->current_reasons = 0; ctx->tree = NULL; ctx->parent = NULL; + /* Zero ex_data to make sure we're cleanup-safe */ + memset(&ctx->ex_data, 0, sizeof(ctx->ex_data)); ctx->param = X509_VERIFY_PARAM_new(); - if (!ctx->param) { X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); return 0; @@ -2037,7 +2038,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, /* * Inherit callbacks and flags from X509_STORE if not set use defaults. */ - if (store) ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); else @@ -2045,6 +2045,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, if (store) { ctx->verify_cb = store->verify_cb; + /* Seems to always be 0 in OpenSSL, else must be idempotent */ ctx->cleanup = store->cleanup; } else ctx->cleanup = 0; @@ -2055,7 +2056,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, if (ret == 0) { X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } if (store && store->check_issued) @@ -2110,19 +2111,18 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->check_policy = check_policy; + if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, + &ctx->ex_data)) + return 1; + X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); + + err: /* - * This memset() can't make any sense anyway, so it's removed. As - * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a - * corresponding "new" here and remove this bogus initialisation. + * On error clean up allocated storage, if the store context was not + * allocated with X509_STORE_CTX_new() this is our last chance to do so. */ - /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, - &(ctx->ex_data))) { - OPENSSL_free(ctx); - X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; + X509_STORE_CTX_cleanup(ctx); + return 0; } /* @@ -2138,8 +2138,17 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) { - if (ctx->cleanup) + /* + * We need to be idempotent because, unfortunately, free() also calls + * cleanup(), so the natural call sequence new(), init(), cleanup(), free() + * calls cleanup() for the same object twice! Thus we must zero the + * pointers below after they're freed! + */ + /* Seems to always be 0 in OpenSSL, do this at most once. */ + if (ctx->cleanup != NULL) { ctx->cleanup(ctx); + ctx->cleanup = NULL; + } if (ctx->param != NULL) { if (ctx->parent == NULL) X509_VERIFY_PARAM_free(ctx->param); diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index aacdf55aa279..b7d8b2472e44 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -310,7 +310,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) # define X509_V_OK 0 -/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */ +# define X509_V_ERR_UNSPECIFIED 1 # define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 # define X509_V_ERR_UNABLE_TO_GET_CRL 3 diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index 48ac0959cb10..34cad53cb5f0 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -1,4 +1,4 @@ -/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */ +/* v3_pci.c */ /* * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard@levitte.org) diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c index 43fd362aeda0..e53c82e8dc79 100644 --- a/crypto/x509v3/v3_pcia.c +++ b/crypto/x509v3/v3_pcia.c @@ -1,4 +1,4 @@ -/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */ +/* v3_pcia.c */ /* * Contributed to the OpenSSL Project 2004 by Richard Levitte * (richard@levitte.org) |