diff options
Diffstat (limited to 'openssl/crypto')
30 files changed, 257 insertions, 140 deletions
| diff --git a/openssl/crypto/aes/asm/aes-armv4.pl b/openssl/crypto/aes/asm/aes-armv4.pl index 943ce45ff..86b86c4a0 100644 --- a/openssl/crypto/aes/asm/aes-armv4.pl +++ b/openssl/crypto/aes/asm/aes-armv4.pl @@ -408,6 +408,7 @@ _armv4_AES_encrypt:  .type   private_AES_set_encrypt_key,%function  .align	5  private_AES_set_encrypt_key: +_armv4_AES_set_encrypt_key:  	sub	r3,pc,#8		@ AES_set_encrypt_key  	teq	r0,#0  	moveq	r0,#-1 @@ -425,7 +426,7 @@ private_AES_set_encrypt_key:  	bne	.Labrt  .Lok:	stmdb   sp!,{r4-r12,lr} -	sub	$tbl,r3,#private_AES_set_encrypt_key-AES_Te-1024	@ Te4 +	sub	$tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024	@ Te4  	mov	$rounds,r0		@ inp  	mov	lr,r1			@ bits @@ -685,7 +686,7 @@ private_AES_set_encrypt_key:  .align	5  private_AES_set_decrypt_key:  	str	lr,[sp,#-4]!            @ push lr -	bl	private_AES_set_encrypt_key +	bl	_armv4_AES_set_encrypt_key  	teq	r0,#0  	ldrne	lr,[sp],#4              @ pop lr  	bne	.Labrt diff --git a/openssl/crypto/aes/asm/aes-s390x.pl b/openssl/crypto/aes/asm/aes-s390x.pl index f749a52d7..445a1e676 100644 --- a/openssl/crypto/aes/asm/aes-s390x.pl +++ b/openssl/crypto/aes/asm/aes-s390x.pl @@ -783,6 +783,7 @@ $code.=<<___;  .type	private_AES_set_encrypt_key,\@function  .align	16  private_AES_set_encrypt_key: +_s390x_AES_set_encrypt_key:  	lghi	$t0,0  	cl${g}r	$inp,$t0  	je	.Lminus1 @@ -836,7 +837,8 @@ $code.=<<___ if (!$softonly);  	je	1f  	lg	%r1,24($inp)  	stg	%r1,24($key) -1:	st	$bits,236($key)	# save bits +1:	st	$bits,236($key)	# save bits [for debugging purposes] +	lgr	$t0,%r5  	st	%r5,240($key)	# save km code  	lghi	%r2,0  	br	%r14 @@ -844,7 +846,7 @@ ___  $code.=<<___;  .align	16  .Lekey_internal: -	stm${g}	%r6,%r13,6*$SIZE_T($sp)	# all non-volatile regs +	stm${g}	%r4,%r13,4*$SIZE_T($sp)	# all non-volatile regs and $key  	larl	$tbl,AES_Te+2048 @@ -904,8 +906,9 @@ $code.=<<___;  	la	$key,16($key)		# key+=4  	la	$t3,4($t3)		# i++  	brct	$rounds,.L128_loop +	lghi	$t0,10  	lghi	%r2,0 -	lm${g}	%r6,%r13,6*$SIZE_T($sp) +	lm${g}	%r4,%r13,4*$SIZE_T($sp)  	br	$ra  .align	16 @@ -952,8 +955,9 @@ $code.=<<___;  	st	$s2,32($key)  	st	$s3,36($key)  	brct	$rounds,.L192_continue +	lghi	$t0,12  	lghi	%r2,0 -	lm${g}	%r6,%r13,6*$SIZE_T($sp) +	lm${g}	%r4,%r13,4*$SIZE_T($sp)  	br	$ra  .align	16 @@ -1014,8 +1018,9 @@ $code.=<<___;  	st	$s2,40($key)  	st	$s3,44($key)  	brct	$rounds,.L256_continue +	lghi	$t0,14  	lghi	%r2,0 -	lm${g}	%r6,%r13,6*$SIZE_T($sp) +	lm${g}	%r4,%r13,4*$SIZE_T($sp)  	br	$ra  .align	16 @@ -1066,34 +1071,26 @@ $code.=<<___;  .type	private_AES_set_decrypt_key,\@function  .align	16  private_AES_set_decrypt_key: -	st${g}	$key,4*$SIZE_T($sp)	# I rely on AES_set_encrypt_key to -	st${g}	$ra,14*$SIZE_T($sp)	# save non-volatile registers! -	bras	$ra,AES_set_encrypt_key -	l${g}	$key,4*$SIZE_T($sp) +	#st${g}	$key,4*$SIZE_T($sp)	# I rely on AES_set_encrypt_key to +	st${g}	$ra,14*$SIZE_T($sp)	# save non-volatile registers and $key! +	bras	$ra,_s390x_AES_set_encrypt_key +	#l${g}	$key,4*$SIZE_T($sp)  	l${g}	$ra,14*$SIZE_T($sp)  	ltgr	%r2,%r2  	bnzr	$ra  ___  $code.=<<___ if (!$softonly); -	l	$t0,240($key) +	#l	$t0,240($key)  	lhi	$t1,16  	cr	$t0,$t1  	jl	.Lgo  	oill	$t0,0x80	# set "decrypt" bit  	st	$t0,240($key)  	br	$ra - -.align	16 -.Ldkey_internal: -	st${g}	$key,4*$SIZE_T($sp) -	st${g}	$ra,14*$SIZE_T($sp) -	bras	$ra,.Lekey_internal -	l${g}	$key,4*$SIZE_T($sp) -	l${g}	$ra,14*$SIZE_T($sp)  ___  $code.=<<___; - -.Lgo:	llgf	$rounds,240($key) +.align	16 +.Lgo:	lgr	$rounds,$t0	#llgf	$rounds,240($key)  	la	$i1,0($key)  	sllg	$i2,$rounds,4  	la	$i2,0($i2,$key) diff --git a/openssl/crypto/aes/asm/bsaes-x86_64.pl b/openssl/crypto/aes/asm/bsaes-x86_64.pl index ff7e3afe8..c9c6312fa 100644 --- a/openssl/crypto/aes/asm/bsaes-x86_64.pl +++ b/openssl/crypto/aes/asm/bsaes-x86_64.pl @@ -65,12 +65,12 @@  # function is:  #  # 		conversion	conversion/8x block -# Core 2	410		0.37 -# Nehalem	310		0.35 -# Atom		570		0.26 +# Core 2	240		0.22 +# Nehalem	180		0.20 +# Atom		430		0.19  #  # The ratio values mean that 128-byte blocks will be processed -# 21-27% slower, 256-byte blocks - 12-16%, 384-byte blocks - 8-11%, +# 16-18% slower, 256-byte blocks - 9-10%, 384-byte blocks - 6-7%,  # etc. Then keep in mind that input sizes not divisible by 128 are  # *effectively* slower, especially shortest ones, e.g. consecutive  # 144-byte blocks are processed 44% slower than one would expect, @@ -85,6 +85,7 @@  #  # Core 2	11.0  # Nehalem	9.16 +# Atom		20.9  #  # November 2011.  # @@ -754,7 +755,7 @@ _bsaes_encrypt8:  	movdqa	($key), @XMM[9]		# round 0 key  	lea	0x10($key), $key -	movdqa	0x60($const), @XMM[8]	# .LM0SR +	movdqa	0x50($const), @XMM[8]	# .LM0SR  	pxor	@XMM[9], @XMM[0]	# xor with round0 key  	pxor	@XMM[9], @XMM[1]  	 pshufb	@XMM[8], @XMM[0] @@ -905,46 +906,82 @@ $code.=<<___;  .type	_bsaes_key_convert,\@abi-omnipotent  .align	16  _bsaes_key_convert: -	lea	.LBS1(%rip), $const +	lea	.Lmasks(%rip), $const  	movdqu	($inp), %xmm7		# load round 0 key -	movdqa	-0x10($const), %xmm8	# .LBS0 -	movdqa	0x00($const), %xmm9	# .LBS1 -	movdqa	0x10($const), %xmm10	# .LBS2 -	movdqa	0x40($const), %xmm13	# .LM0 -	movdqa	0x60($const), %xmm14	# .LNOT - -	movdqu	0x10($inp), %xmm6	# load round 1 key  	lea	0x10($inp), $inp +	movdqa	0x00($const), %xmm0	# 0x01... +	movdqa	0x10($const), %xmm1	# 0x02... +	movdqa	0x20($const), %xmm2	# 0x04... +	movdqa	0x30($const), %xmm3	# 0x08... +	movdqa	0x40($const), %xmm4	# .LM0 +	pcmpeqd	%xmm5, %xmm5		# .LNOT + +	movdqu	($inp), %xmm6		# load round 1 key  	movdqa	%xmm7, ($out)		# save round 0 key  	lea	0x10($out), $out  	dec	$rounds  	jmp	.Lkey_loop  .align	16  .Lkey_loop: -	pshufb	%xmm13, %xmm6		# .LM0 -	movdqa	%xmm6, %xmm7 -___ -	&bitslice_key	(map("%xmm$_",(0..7, 8..12))); -$code.=<<___; -	pxor	%xmm14, %xmm5		# "pnot" -	pxor	%xmm14, %xmm6 -	pxor	%xmm14, %xmm0 -	pxor	%xmm14, %xmm1 -	lea	0x10($inp), $inp -	movdqa	%xmm0, 0x00($out)	# write bit-sliced round key -	movdqa	%xmm1, 0x10($out) -	movdqa	%xmm2, 0x20($out) -	movdqa	%xmm3, 0x30($out) -	movdqa	%xmm4, 0x40($out) -	movdqa	%xmm5, 0x50($out) -	movdqa	%xmm6, 0x60($out) -	movdqa	%xmm7, 0x70($out) +	pshufb	%xmm4, %xmm6		# .LM0 + +	movdqa	%xmm0,	%xmm8 +	movdqa	%xmm1,	%xmm9 + +	pand	%xmm6,	%xmm8 +	pand	%xmm6,	%xmm9 +	movdqa	%xmm2,	%xmm10 +	pcmpeqb	%xmm0,	%xmm8 +	psllq	\$4,	%xmm0		# 0x10... +	movdqa	%xmm3,	%xmm11 +	pcmpeqb	%xmm1,	%xmm9 +	psllq	\$4,	%xmm1		# 0x20... + +	pand	%xmm6,	%xmm10 +	pand	%xmm6,	%xmm11 +	movdqa	%xmm0,	%xmm12 +	pcmpeqb	%xmm2,	%xmm10 +	psllq	\$4,	%xmm2		# 0x40... +	movdqa	%xmm1,	%xmm13 +	pcmpeqb	%xmm3,	%xmm11 +	psllq	\$4,	%xmm3		# 0x80... + +	movdqa	%xmm2,	%xmm14 +	movdqa	%xmm3,	%xmm15 +	 pxor	%xmm5,	%xmm8		# "pnot" +	 pxor	%xmm5,	%xmm9 + +	pand	%xmm6,	%xmm12 +	pand	%xmm6,	%xmm13 +	 movdqa	%xmm8, 0x00($out)	# write bit-sliced round key +	pcmpeqb	%xmm0,	%xmm12 +	psrlq	\$4,	%xmm0		# 0x01... +	 movdqa	%xmm9, 0x10($out) +	pcmpeqb	%xmm1,	%xmm13 +	psrlq	\$4,	%xmm1		# 0x02... +	 lea	0x10($inp), $inp + +	pand	%xmm6,	%xmm14 +	pand	%xmm6,	%xmm15 +	 movdqa	%xmm10, 0x20($out) +	pcmpeqb	%xmm2,	%xmm14 +	psrlq	\$4,	%xmm2		# 0x04... +	 movdqa	%xmm11, 0x30($out) +	pcmpeqb	%xmm3,	%xmm15 +	psrlq	\$4,	%xmm3		# 0x08... +	 movdqu	($inp), %xmm6		# load next round key + +	pxor	%xmm5, %xmm13		# "pnot" +	pxor	%xmm5, %xmm14 +	movdqa	%xmm12, 0x40($out) +	movdqa	%xmm13, 0x50($out) +	movdqa	%xmm14, 0x60($out) +	movdqa	%xmm15, 0x70($out)  	lea	0x80($out),$out -	movdqu	($inp), %xmm6		# load next round key  	dec	$rounds  	jnz	.Lkey_loop -	movdqa	0x70($const), %xmm7	# .L63 +	movdqa	0x50($const), %xmm7	# .L63  	#movdqa	%xmm6, ($out)		# don't save last round key  	ret  .size	_bsaes_key_convert,.-_bsaes_key_convert @@ -2800,14 +2837,8 @@ _bsaes_const:  	.quad	0x0504070600030201, 0x0f0e0d0c0a09080b  .LSRM0:  	.quad	0x0304090e00050a0f, 0x01060b0c0207080d -.LM0: -	.quad	0x02060a0e03070b0f, 0x0004080c0105090d  .LM0SR:  	.quad	0x0a0e02060f03070b, 0x0004080c05090d01 -.LNOT:		# magic constants -	.quad	0xffffffffffffffff, 0xffffffffffffffff -.L63: -	.quad	0x6363636363636363, 0x6363636363636363  .LSWPUP:	# byte-swap upper dword  	.quad	0x0706050403020100, 0x0c0d0e0f0b0a0908  .LSWPUPM0SR: @@ -2830,6 +2861,15 @@ _bsaes_const:  	.quad	0x0000000000000000, 0x0000000800000000  .Lxts_magic:  	.long	0x87,0,1,0 +.Lmasks: +	.quad	0x0101010101010101, 0x0101010101010101 +	.quad	0x0202020202020202, 0x0202020202020202 +	.quad	0x0404040404040404, 0x0404040404040404 +	.quad	0x0808080808080808, 0x0808080808080808 +.LM0: +	.quad	0x02060a0e03070b0f, 0x0004080c0105090d +.L63: +	.quad	0x6363636363636363, 0x6363636363636363  .asciz	"Bit-sliced AES for x86_64/SSSE3, Emilia Käsper, Peter Schwabe, Andy Polyakov"  .align	64  .size	_bsaes_const,.-_bsaes_const diff --git a/openssl/crypto/aes/asm/vpaes-x86.pl b/openssl/crypto/aes/asm/vpaes-x86.pl index 84a6f6d33..1533e2c30 100644 --- a/openssl/crypto/aes/asm/vpaes-x86.pl +++ b/openssl/crypto/aes/asm/vpaes-x86.pl @@ -843,6 +843,8 @@ $k_dsbo=0x2c0;		# decryption sbox final output  	&mov	($out,&wparam(1));		# out  	&mov	($round,&wparam(2));		# len  	&mov	($key,&wparam(3));		# key +	&sub	($round,16); +	&jc	(&label("cbc_abort"));  	&lea	($base,&DWP(-56,"esp"));  	&mov	($const,&wparam(4));		# ivp  	&and	($base,-16); @@ -853,7 +855,6 @@ $k_dsbo=0x2c0;		# decryption sbox final output  	&mov	(&DWP(48,"esp"),$base);  	&mov	(&DWP(0,"esp"),$out);		# save out -	&sub	($round,16);  	&mov	(&DWP(4,"esp"),$key)		# save key  	&mov	(&DWP(8,"esp"),$const);		# save ivp  	&mov	($out,$round);			# $out works as $len @@ -896,6 +897,7 @@ $k_dsbo=0x2c0;		# decryption sbox final output  	&mov	($base,&DWP(8,"esp"));		# restore ivp  	&mov	("esp",&DWP(48,"esp"));  	&movdqu	(&QWP(0,$base),"xmm1");		# write IV +&set_label("cbc_abort");  &function_end("${PREFIX}_cbc_encrypt");  &asm_finish(); diff --git a/openssl/crypto/aes/asm/vpaes-x86_64.pl b/openssl/crypto/aes/asm/vpaes-x86_64.pl index 025470223..37998db5e 100644 --- a/openssl/crypto/aes/asm/vpaes-x86_64.pl +++ b/openssl/crypto/aes/asm/vpaes-x86_64.pl @@ -263,7 +263,7 @@ _vpaes_decrypt_core:  	pshufb  %xmm2,  %xmm4	# 4 = sbou  	pxor	%xmm0,  %xmm4	# 4 = sb1u + k  	movdqa	0x70(%r10), %xmm0	# 0 : sbot -	movdqa	.Lk_sr-.Lk_dsbd(%r11), %xmm2 +	movdqa	-0x160(%r11), %xmm2	# .Lk_sr-.Lk_dsbd=-0x160  	pshufb  %xmm3,	%xmm0	# 0 = sb1t  	pxor	%xmm4,	%xmm0	# 0 = A  	pshufb	%xmm2,	%xmm0 @@ -869,6 +869,8 @@ ${PREFIX}_cbc_encrypt:  ___  ($len,$key)=($key,$len);  $code.=<<___; +	sub	\$16,$len +	jc	.Lcbc_abort  ___  $code.=<<___ if ($win64);  	lea	-0xb8(%rsp),%rsp @@ -887,7 +889,6 @@ ___  $code.=<<___;  	movdqu	($ivp),%xmm6		# load IV  	sub	$inp,$out -	sub	\$16,$len  	call	_vpaes_preheat  	cmp	\$0,${enc}d  	je	.Lcbc_dec_loop @@ -932,6 +933,7 @@ $code.=<<___ if ($win64);  .Lcbc_epilogue:  ___  $code.=<<___; +.Lcbc_abort:  	ret  .size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt  ___ diff --git a/openssl/crypto/asn1/a_d2i_fp.c b/openssl/crypto/asn1/a_d2i_fp.c index ece40bc4c..52b2ebdb6 100644 --- a/openssl/crypto/asn1/a_d2i_fp.c +++ b/openssl/crypto/asn1/a_d2i_fp.c @@ -57,6 +57,7 @@   */  #include <stdio.h> +#include <limits.h>  #include "cryptlib.h"  #include <openssl/buffer.h>  #include <openssl/asn1_mac.h> @@ -143,17 +144,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)  	BUF_MEM *b;  	unsigned char *p;  	int i; -	int ret=-1;  	ASN1_const_CTX c; -	int want=HEADER_SIZE; +	size_t want=HEADER_SIZE;  	int eos=0; -#if defined(__GNUC__) && defined(__ia64) -	/* pathetic compiler bug in all known versions as of Nov. 2002 */ -	long off=0; -#else -	int off=0; -#endif -	int len=0; +	size_t off=0; +	size_t len=0;  	b=BUF_MEM_new();  	if (b == NULL) @@ -169,7 +164,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)  			{  			want-=(len-off); -			if (!BUF_MEM_grow_clean(b,len+want)) +			if (len + want < len || !BUF_MEM_grow_clean(b,len+want))  				{  				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);  				goto err; @@ -181,7 +176,14 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)  				goto err;  				}  			if (i > 0) +				{ +				if (len+i < len) +					{ +					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); +					goto err; +					}  				len+=i; +				}  			}  		/* else data already loaded */ @@ -206,6 +208,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)  			{  			/* no data body so go round again */  			eos++; +			if (eos < 0) +				{ +				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG); +				goto err; +				}  			want=HEADER_SIZE;  			}  		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) @@ -220,10 +227,16 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)  		else   			{  			/* suck in c.slen bytes of data */ -			want=(int)c.slen; +			want=c.slen;  			if (want > (len-off))  				{  				want-=(len-off); +				if (want > INT_MAX /* BIO_read takes an int length */ || +					len+want < len) +						{ +						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); +						goto err; +						}  				if (!BUF_MEM_grow_clean(b,len+want))  					{  					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); @@ -238,11 +251,18 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)  						    ASN1_R_NOT_ENOUGH_DATA);  						goto err;  						} +					/* This can't overflow because +					 * |len+want| didn't overflow. */  					len+=i; -					want -= i; +					want-=i;  					}  				} -			off+=(int)c.slen; +			if (off + c.slen < off) +				{ +				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); +				goto err; +				} +			off+=c.slen;  			if (eos <= 0)  				{  				break; @@ -252,9 +272,15 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)  			}  		} +	if (off > INT_MAX) +		{ +		ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); +		goto err; +		} +  	*pb = b;  	return off;  err:  	if (b != NULL) BUF_MEM_free(b); -	return(ret); +	return -1;  	} diff --git a/openssl/crypto/asn1/tasn_prn.c b/openssl/crypto/asn1/tasn_prn.c index 453698012..542a091a6 100644 --- a/openssl/crypto/asn1/tasn_prn.c +++ b/openssl/crypto/asn1/tasn_prn.c @@ -446,11 +446,11 @@ static int asn1_print_fsname(BIO *out, int indent,  	return 1;  	} -static int asn1_print_boolean_ctx(BIO *out, const int bool, +static int asn1_print_boolean_ctx(BIO *out, int boolval,  							const ASN1_PCTX *pctx)  	{  	const char *str; -	switch (bool) +	switch (boolval)  		{  		case -1:  		str = "BOOL ABSENT"; @@ -574,10 +574,10 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,  		{  		case V_ASN1_BOOLEAN:  			{ -			int bool = *(int *)fld; -			if (bool == -1) -				bool = it->size; -			ret = asn1_print_boolean_ctx(out, bool, pctx); +			int boolval = *(int *)fld; +			if (boolval == -1) +				boolval = it->size; +			ret = asn1_print_boolean_ctx(out, boolval, pctx);  			}  		break; diff --git a/openssl/crypto/bio/b_sock.c b/openssl/crypto/bio/b_sock.c index d47310d65..41f958be7 100644 --- a/openssl/crypto/bio/b_sock.c +++ b/openssl/crypto/bio/b_sock.c @@ -960,7 +960,6 @@ int BIO_set_tcp_ndelay(int s, int on)  #endif  	return(ret == 0);  	} -#endif  int BIO_socket_nbio(int s, int mode)  	{ @@ -973,3 +972,4 @@ int BIO_socket_nbio(int s, int mode)  #endif  	return(ret == 0);  	} +#endif diff --git a/openssl/crypto/bio/bio_lib.c b/openssl/crypto/bio/bio_lib.c index e12bc3a2c..9c9646afa 100644 --- a/openssl/crypto/bio/bio_lib.c +++ b/openssl/crypto/bio/bio_lib.c @@ -521,40 +521,40 @@ void BIO_free_all(BIO *bio)  BIO *BIO_dup_chain(BIO *in)  	{ -	BIO *ret=NULL,*eoc=NULL,*bio,*new; +	BIO *ret=NULL,*eoc=NULL,*bio,*new_bio;  	for (bio=in; bio != NULL; bio=bio->next_bio)  		{ -		if ((new=BIO_new(bio->method)) == NULL) goto err; -		new->callback=bio->callback; -		new->cb_arg=bio->cb_arg; -		new->init=bio->init; -		new->shutdown=bio->shutdown; -		new->flags=bio->flags; +		if ((new_bio=BIO_new(bio->method)) == NULL) goto err; +		new_bio->callback=bio->callback; +		new_bio->cb_arg=bio->cb_arg; +		new_bio->init=bio->init; +		new_bio->shutdown=bio->shutdown; +		new_bio->flags=bio->flags;  		/* This will let SSL_s_sock() work with stdin/stdout */ -		new->num=bio->num; +		new_bio->num=bio->num; -		if (!BIO_dup_state(bio,(char *)new)) +		if (!BIO_dup_state(bio,(char *)new_bio))  			{ -			BIO_free(new); +			BIO_free(new_bio);  			goto err;  			}  		/* copy app data */ -		if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data, +		if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,  					&bio->ex_data))  			goto err;  		if (ret == NULL)  			{ -			eoc=new; +			eoc=new_bio;  			ret=eoc;  			}  		else  			{ -			BIO_push(eoc,new); -			eoc=new; +			BIO_push(eoc,new_bio); +			eoc=new_bio;  			}  		}  	return(ret); diff --git a/openssl/crypto/bn/bn_gf2m.c b/openssl/crypto/bn/bn_gf2m.c index 08ab9fd22..8a4dc20ad 100644 --- a/openssl/crypto/bn/bn_gf2m.c +++ b/openssl/crypto/bn/bn_gf2m.c @@ -628,8 +628,11 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)  			}  		if (ubits==vbits)  			{ -			bn_correct_top(u); -			ubits = BN_num_bits(u); +			BN_ULONG ul; +			int utop = (ubits-1)/BN_BITS2; + +			while ((ul=udp[utop])==0 && utop) utop--; +			ubits = utop*BN_BITS2 + BN_num_bits_word(ul);  			}  		}  	bn_correct_top(b); diff --git a/openssl/crypto/buffer/buffer.c b/openssl/crypto/buffer/buffer.c index f4b358bbb..d7aa79ad7 100644 --- a/openssl/crypto/buffer/buffer.c +++ b/openssl/crypto/buffer/buffer.c @@ -60,6 +60,11 @@  #include "cryptlib.h"  #include <openssl/buffer.h> +/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That + * function is applied in several functions in this file and this limit ensures + * that the result fits in an int. */ +#define LIMIT_BEFORE_EXPANSION 0x5ffffffc +  BUF_MEM *BUF_MEM_new(void)  	{  	BUF_MEM *ret; @@ -105,6 +110,12 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len)  		str->length=len;  		return(len);  		} +	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ +	if (len > LIMIT_BEFORE_EXPANSION) +		{ +		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); +		return 0; +		}  	n=(len+3)/3*4;  	if (str->data == NULL)  		ret=OPENSSL_malloc(n); @@ -142,6 +153,12 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)  		str->length=len;  		return(len);  		} +	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ +	if (len > LIMIT_BEFORE_EXPANSION) +		{ +		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); +		return 0; +		}  	n=(len+3)/3*4;  	if (str->data == NULL)  		ret=OPENSSL_malloc(n); diff --git a/openssl/crypto/cmac/cmac.c b/openssl/crypto/cmac/cmac.c index b58602680..8b72b0968 100644 --- a/openssl/crypto/cmac/cmac.c +++ b/openssl/crypto/cmac/cmac.c @@ -179,6 +179,8 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,  			return 0;  		if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))  			return 0; +		memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx)); +		ctx->nlast_block = 0;  		return 1;  		}  	/* Initialiase context */ diff --git a/openssl/crypto/cms/cms_enc.c b/openssl/crypto/cms/cms_enc.c index 580083b45..f873ce379 100644 --- a/openssl/crypto/cms/cms_enc.c +++ b/openssl/crypto/cms/cms_enc.c @@ -139,10 +139,10 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)  				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);  		goto err;  		} +	tkeylen = EVP_CIPHER_CTX_key_length(ctx);  	/* Generate random session key */  	if (!enc || !ec->key)  		{ -		tkeylen = EVP_CIPHER_CTX_key_length(ctx);  		tkey = OPENSSL_malloc(tkeylen);  		if (!tkey)  			{ @@ -174,7 +174,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)  			/* Only reveal failure if debugging so we don't  			 * leak information which may be useful in MMA.  			 */ -			if (ec->debug) +			if (enc || ec->debug)  				{  				CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,  						CMS_R_INVALID_KEY_LENGTH); diff --git a/openssl/crypto/evp/Makefile b/openssl/crypto/evp/Makefile index 9c79f66f5..0fe1b96bf 100644 --- a/openssl/crypto/evp/Makefile +++ b/openssl/crypto/evp/Makefile @@ -211,6 +211,7 @@ e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h  e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h  e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h  e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h e_aes_cbc_hmac_sha1.c +e_aes_cbc_hmac_sha1.o: evp_locl.h  e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h  e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h  e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c index 278c6caa2..710fb79ba 100644 --- a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -83,6 +83,8 @@ typedef struct      } aux;      } EVP_AES_HMAC_SHA1; +#define NO_PAYLOAD_LENGTH	((size_t)-1) +  #if	defined(AES_ASM) &&	( \  	defined(__x86_64)	|| defined(__x86_64__)	|| \  	defined(_M_AMD64)	|| defined(_M_X64)	|| \ @@ -124,7 +126,7 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,  	key->tail = key->head;  	key->md   = key->head; -	key->payload_length = 0; +	key->payload_length = NO_PAYLOAD_LENGTH;  	return ret<0?0:1;  	} @@ -185,7 +187,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,  	if (len%AES_BLOCK_SIZE) return 0;  	if (ctx->encrypt) { -		if (plen==0) +		if (plen==NO_PAYLOAD_LENGTH)  			plen = len;  		else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE))  			return 0; @@ -271,7 +273,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,  		}  	} -	key->payload_length = 0; +	key->payload_length = NO_PAYLOAD_LENGTH;  	return 1;  	} diff --git a/openssl/crypto/evp/e_rc4_hmac_md5.c b/openssl/crypto/evp/e_rc4_hmac_md5.c index eaa7a5312..56563191b 100644 --- a/openssl/crypto/evp/e_rc4_hmac_md5.c +++ b/openssl/crypto/evp/e_rc4_hmac_md5.c @@ -75,6 +75,8 @@ typedef struct      size_t		payload_length;      } EVP_RC4_HMAC_MD5; +#define NO_PAYLOAD_LENGTH	((size_t)-1) +  void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out,  		MD5_CTX *ctx,const void *inp,size_t blocks); @@ -93,7 +95,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,  	key->tail = key->head;  	key->md   = key->head; -	key->payload_length = 0; +	key->payload_length = NO_PAYLOAD_LENGTH;  	return 1;  	} @@ -120,18 +122,20 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,  		md5_off = MD5_CBLOCK-key->md.num,  		blocks;  	unsigned int l; +	extern unsigned int OPENSSL_ia32cap_P[];  #endif  	size_t	plen = key->payload_length; -	if (plen && len!=(plen+MD5_DIGEST_LENGTH)) return 0; +	if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0;  	if (ctx->encrypt) { -		if (plen==0) plen = len; +		if (plen==NO_PAYLOAD_LENGTH) plen = len;  #if defined(STITCHED_CALL)  		/* cipher has to "fall behind" */  		if (rc4_off>md5_off) md5_off+=MD5_CBLOCK; -		if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK)) { +		if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) && +		    (OPENSSL_ia32cap_P[0]&(1<<20))==0) {  			MD5_Update(&key->md,in,md5_off);  			RC4(&key->ks,rc4_off,in,out); @@ -171,7 +175,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,  		if (md5_off>rc4_off)	rc4_off += 2*MD5_CBLOCK;  		else			rc4_off += MD5_CBLOCK; -		if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK)) { +		if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) && +		    (OPENSSL_ia32cap_P[0]&(1<<20))==0) {  			RC4(&key->ks,rc4_off,in,out);  			MD5_Update(&key->md,out,md5_off); @@ -191,7 +196,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,  #endif  		/* decrypt HMAC at once */  		RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off); -		if (plen) {	/* "TLS" mode of operation */ +		if (plen!=NO_PAYLOAD_LENGTH) {	/* "TLS" mode of operation */  			MD5_Update(&key->md,out+md5_off,plen-md5_off);  			/* calculate HMAC and verify it */ @@ -207,7 +212,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,  		}  	} -	key->payload_length = 0; +	key->payload_length = NO_PAYLOAD_LENGTH;  	return 1;  	} diff --git a/openssl/crypto/evp/evp_enc.c b/openssl/crypto/evp/evp_enc.c index 691072655..0c54f05e6 100644 --- a/openssl/crypto/evp/evp_enc.c +++ b/openssl/crypto/evp/evp_enc.c @@ -170,8 +170,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp  #endif  #ifdef OPENSSL_FIPS -		return FIPS_cipherinit(ctx, cipher, key, iv, enc); -#else +		if (FIPS_mode()) +			return FIPS_cipherinit(ctx, cipher, key, iv, enc); +#endif  		ctx->cipher=cipher;  		if (ctx->cipher->ctx_size)  			{ @@ -196,7 +197,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp  				return 0;  				}  			} -#endif  		}  	else if(!ctx->cipher)  		{ @@ -207,8 +207,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp  skip_to_init:  #endif  #ifdef OPENSSL_FIPS -	return FIPS_cipherinit(ctx, cipher, key, iv, enc); -#else +	if (FIPS_mode()) +		return FIPS_cipherinit(ctx, cipher, key, iv, enc); +#endif  	/* we assume block size is a power of 2 in *cryptUpdate */  	OPENSSL_assert(ctx->cipher->block_size == 1  	    || ctx->cipher->block_size == 8 @@ -255,7 +256,6 @@ skip_to_init:  	ctx->final_used=0;  	ctx->block_mask=ctx->cipher->block_size-1;  	return 1; -#endif  	}  int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, diff --git a/openssl/crypto/evp/p5_crpt.c b/openssl/crypto/evp/p5_crpt.c index 7d9c1f012..294cc90d8 100644 --- a/openssl/crypto/evp/p5_crpt.c +++ b/openssl/crypto/evp/p5_crpt.c @@ -138,5 +138,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,  	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);  	rv = 1;  	err: +	EVP_MD_CTX_cleanup(&ctx);  	return rv;  } diff --git a/openssl/crypto/mem.c b/openssl/crypto/mem.c index 8f736c3b1..21c001138 100644 --- a/openssl/crypto/mem.c +++ b/openssl/crypto/mem.c @@ -363,6 +363,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,  	if (num <= 0) return NULL; +	/* We don't support shrinking the buffer. Note the memcpy that copies +	 * |old_len| bytes to the new buffer, below. */ +	if (num < old_len) return NULL; +  	if (realloc_debug_func != NULL)  		realloc_debug_func(str, NULL, num, file, line, 0);  	ret=malloc_ex_func(num,file,line); diff --git a/openssl/crypto/modes/asm/ghash-s390x.pl b/openssl/crypto/modes/asm/ghash-s390x.pl index 48cb08d33..6a40d5d89 100644 --- a/openssl/crypto/modes/asm/ghash-s390x.pl +++ b/openssl/crypto/modes/asm/ghash-s390x.pl @@ -138,7 +138,7 @@ $code.=<<___ if(!$softonly);  .align	32  .Lsoft_ghash:  ___ -$cdoe.=<<___ if ($flavour =~ /3[12]/); +$code.=<<___ if ($flavour =~ /3[12]/);  	llgfr	$len,$len  ___  $code.=<<___; diff --git a/openssl/crypto/modes/modes_lcl.h b/openssl/crypto/modes/modes_lcl.h index 7a82a981c..b6dc3c336 100644 --- a/openssl/crypto/modes/modes_lcl.h +++ b/openssl/crypto/modes/modes_lcl.h @@ -45,7 +45,7 @@ typedef unsigned char u8;  #  define BSWAP4(x) ({	u32 ret=(x);			\  			asm ("bswapl %0"		\  			: "+r"(ret));	ret;		}) -# elif (defined(__i386) || defined(__i386__)) +# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)  #  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\  			asm ("bswapl %0; bswapl %1"	\  			: "+r"(hi),"+r"(lo));		\ diff --git a/openssl/crypto/o_fips.c b/openssl/crypto/o_fips.c index 6a8239575..f6d1b2185 100644 --- a/openssl/crypto/o_fips.c +++ b/openssl/crypto/o_fips.c @@ -64,6 +64,7 @@  int FIPS_mode(void)  	{ +	OPENSSL_init();  #ifdef OPENSSL_FIPS  	return FIPS_module_mode();  #else diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h index bf4255607..71be3590a 100644 --- a/openssl/crypto/opensslv.h +++ b/openssl/crypto/opensslv.h @@ -25,11 +25,11 @@   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for   *  major minor fix final patch/beta)   */ -#define OPENSSL_VERSION_NUMBER	0x1000100fL +#define OPENSSL_VERSION_NUMBER	0x1000103fL  #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1-fips 14 Mar 2012" +#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1c-fips 10 May 2012"  #else -#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1 14 Mar 2012" +#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1c 10 May 2012"  #endif  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT diff --git a/openssl/crypto/perlasm/x86masm.pl b/openssl/crypto/perlasm/x86masm.pl index 3af045396..96b1b73e1 100644 --- a/openssl/crypto/perlasm/x86masm.pl +++ b/openssl/crypto/perlasm/x86masm.pl @@ -16,7 +16,7 @@ sub ::generic      # fix hexadecimal constants      for (@arg) { s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/oi; } -    if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+([^\[]+)$/$1/)	# no [] +    if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/)	# no []      {	$opcode="mov";	}      elsif ($opcode !~ /movq/)      {	# fix xmm references diff --git a/openssl/crypto/pkcs7/pk7_doit.c b/openssl/crypto/pkcs7/pk7_doit.c index fae8eda46..77fda3b82 100644 --- a/openssl/crypto/pkcs7/pk7_doit.c +++ b/openssl/crypto/pkcs7/pk7_doit.c @@ -430,6 +430,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)  	STACK_OF(X509_ALGOR) *md_sk=NULL;  	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;  	PKCS7_RECIP_INFO *ri=NULL; +       unsigned char *ek = NULL, *tkey = NULL; +       int eklen = 0, tkeylen = 0;  	i=OBJ_obj2nid(p7->type);  	p7->state=PKCS7_S_HEADER; @@ -507,8 +509,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)  		int max;  		X509_OBJECT ret;  #endif -		unsigned char *ek = NULL, *tkey = NULL; -		int eklen, tkeylen;  		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)  			{ @@ -609,11 +609,13 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)  			{  			OPENSSL_cleanse(ek,eklen);  			OPENSSL_free(ek); +                       ek = NULL;  			}  		if (tkey)  			{  			OPENSSL_cleanse(tkey,tkeylen);  			OPENSSL_free(tkey); +                       tkey = NULL;  			}  		if (out == NULL) @@ -656,6 +658,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)  	if (0)  		{  err: +               if (ek) +                       { +                       OPENSSL_cleanse(ek,eklen); +                       OPENSSL_free(ek); +                       } +               if (tkey) +                       { +                       OPENSSL_cleanse(tkey,tkeylen); +                       OPENSSL_free(tkey); +                       }  		if (out != NULL) BIO_free_all(out);  		if (btmp != NULL) BIO_free_all(btmp);  		if (etmp != NULL) BIO_free_all(etmp); diff --git a/openssl/crypto/ppccpuid.pl b/openssl/crypto/ppccpuid.pl index 067746947..4ba736a1d 100644 --- a/openssl/crypto/ppccpuid.pl +++ b/openssl/crypto/ppccpuid.pl @@ -105,7 +105,7 @@ Ladd:	lwarx	r5,0,r3  Little:	mtctr	r4  	stb	r0,0(r3)  	addi	r3,r3,1 -	bdnz-	\$-8 +	bdnz	\$-8  	blr  Lot:	andi.	r5,r3,3  	beq	Laligned @@ -118,7 +118,7 @@ Laligned:  	mtctr	r5  	stw	r0,0(r3)  	addi	r3,r3,4 -	bdnz-	\$-8 +	bdnz	\$-8  	andi.	r4,r4,3  	bne	Little  	blr diff --git a/openssl/crypto/rc4/asm/rc4-s390x.pl b/openssl/crypto/rc4/asm/rc4-s390x.pl index 1aa754820..7528ece13 100644 --- a/openssl/crypto/rc4/asm/rc4-s390x.pl +++ b/openssl/crypto/rc4/asm/rc4-s390x.pl @@ -171,10 +171,10 @@ $ikey="%r7";  $iinp="%r8";  $code.=<<___; -.globl	RC4_set_key -.type	RC4_set_key,\@function +.globl	private_RC4_set_key +.type	private_RC4_set_key,\@function  .align	64 -RC4_set_key: +private_RC4_set_key:  	stm${g}	%r6,%r8,6*$SIZE_T($sp)  	lhi	$cnt,256  	la	$idx,0(%r0) @@ -210,7 +210,7 @@ RC4_set_key:  .Ldone:  	lm${g}	%r6,%r8,6*$SIZE_T($sp)  	br	$rp -.size	RC4_set_key,.-RC4_set_key +.size	private_RC4_set_key,.-private_RC4_set_key  ___  } diff --git a/openssl/crypto/rsa/Makefile b/openssl/crypto/rsa/Makefile index ec9c74d78..f798d2f74 100644 --- a/openssl/crypto/rsa/Makefile +++ b/openssl/crypto/rsa/Makefile @@ -225,11 +225,12 @@ rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c  rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h  rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h  rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -rsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -rsa_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -rsa_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -rsa_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_pmeth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h +rsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +rsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +rsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_pmeth.o: ../../include/openssl/objects.h  rsa_pmeth.o: ../../include/openssl/opensslconf.h  rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h  rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h diff --git a/openssl/crypto/ui/ui.h b/openssl/crypto/ui/ui.h index 2b1cfa228..bd78aa413 100644 --- a/openssl/crypto/ui/ui.h +++ b/openssl/crypto/ui/ui.h @@ -316,7 +316,7 @@ int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);  int (*UI_method_get_flusher(UI_METHOD *method))(UI*);  int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);  int (*UI_method_get_closer(UI_METHOD *method))(UI*); -char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*); +char * (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);  /* The following functions are helpers for method writers to access relevant     data from a UI_STRING. */ diff --git a/openssl/crypto/x509/x509_lu.c b/openssl/crypto/x509/x509_lu.c index 3a6e04a1d..38525a8cd 100644 --- a/openssl/crypto/x509/x509_lu.c +++ b/openssl/crypto/x509/x509_lu.c @@ -87,7 +87,7 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)  	if (ctx == NULL) return;  	if (	(ctx->method != NULL) &&  		(ctx->method->free != NULL)) -		ctx->method->free(ctx); +		(*ctx->method->free)(ctx);  	OPENSSL_free(ctx);  	} | 
