aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/crypto')
-rw-r--r--openssl/crypto/aes/asm/aes-armv4.pl5
-rw-r--r--openssl/crypto/aes/asm/aes-s390x.pl37
-rw-r--r--openssl/crypto/aes/asm/bsaes-x86_64.pl118
-rw-r--r--openssl/crypto/aes/asm/vpaes-x86.pl4
-rw-r--r--openssl/crypto/aes/asm/vpaes-x86_64.pl6
-rw-r--r--openssl/crypto/asn1/a_d2i_fp.c54
-rw-r--r--openssl/crypto/asn1/tasn_prn.c12
-rw-r--r--openssl/crypto/bio/b_sock.c2
-rw-r--r--openssl/crypto/bio/bio_lib.c28
-rw-r--r--openssl/crypto/bn/bn_gf2m.c7
-rw-r--r--openssl/crypto/buffer/buffer.c17
-rw-r--r--openssl/crypto/cmac/cmac.c2
-rw-r--r--openssl/crypto/cms/cms_enc.c4
-rw-r--r--openssl/crypto/evp/Makefile1
-rw-r--r--openssl/crypto/evp/e_aes_cbc_hmac_sha1.c8
-rw-r--r--openssl/crypto/evp/e_rc4_hmac_md5.c19
-rw-r--r--openssl/crypto/evp/evp_enc.c12
-rw-r--r--openssl/crypto/evp/p5_crpt.c1
-rw-r--r--openssl/crypto/mem.c4
-rw-r--r--openssl/crypto/modes/asm/ghash-s390x.pl2
-rw-r--r--openssl/crypto/modes/modes_lcl.h2
-rw-r--r--openssl/crypto/o_fips.c1
-rw-r--r--openssl/crypto/opensslv.h6
-rw-r--r--openssl/crypto/perlasm/x86masm.pl2
-rw-r--r--openssl/crypto/pkcs7/pk7_doit.c16
-rw-r--r--openssl/crypto/ppccpuid.pl4
-rw-r--r--openssl/crypto/rc4/asm/rc4-s390x.pl8
-rw-r--r--openssl/crypto/rsa/Makefile11
-rw-r--r--openssl/crypto/ui/ui.h2
-rw-r--r--openssl/crypto/x509/x509_lu.c2
30 files changed, 257 insertions, 140 deletions
diff --git a/openssl/crypto/aes/asm/aes-armv4.pl b/openssl/crypto/aes/asm/aes-armv4.pl
index 943ce45ff..86b86c4a0 100644
--- a/openssl/crypto/aes/asm/aes-armv4.pl
+++ b/openssl/crypto/aes/asm/aes-armv4.pl
@@ -408,6 +408,7 @@ _armv4_AES_encrypt:
.type private_AES_set_encrypt_key,%function
.align 5
private_AES_set_encrypt_key:
+_armv4_AES_set_encrypt_key:
sub r3,pc,#8 @ AES_set_encrypt_key
teq r0,#0
moveq r0,#-1
@@ -425,7 +426,7 @@ private_AES_set_encrypt_key:
bne .Labrt
.Lok: stmdb sp!,{r4-r12,lr}
- sub $tbl,r3,#private_AES_set_encrypt_key-AES_Te-1024 @ Te4
+ sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4
mov $rounds,r0 @ inp
mov lr,r1 @ bits
@@ -685,7 +686,7 @@ private_AES_set_encrypt_key:
.align 5
private_AES_set_decrypt_key:
str lr,[sp,#-4]! @ push lr
- bl private_AES_set_encrypt_key
+ bl _armv4_AES_set_encrypt_key
teq r0,#0
ldrne lr,[sp],#4 @ pop lr
bne .Labrt
diff --git a/openssl/crypto/aes/asm/aes-s390x.pl b/openssl/crypto/aes/asm/aes-s390x.pl
index f749a52d7..445a1e676 100644
--- a/openssl/crypto/aes/asm/aes-s390x.pl
+++ b/openssl/crypto/aes/asm/aes-s390x.pl
@@ -783,6 +783,7 @@ $code.=<<___;
.type private_AES_set_encrypt_key,\@function
.align 16
private_AES_set_encrypt_key:
+_s390x_AES_set_encrypt_key:
lghi $t0,0
cl${g}r $inp,$t0
je .Lminus1
@@ -836,7 +837,8 @@ $code.=<<___ if (!$softonly);
je 1f
lg %r1,24($inp)
stg %r1,24($key)
-1: st $bits,236($key) # save bits
+1: st $bits,236($key) # save bits [for debugging purposes]
+ lgr $t0,%r5
st %r5,240($key) # save km code
lghi %r2,0
br %r14
@@ -844,7 +846,7 @@ ___
$code.=<<___;
.align 16
.Lekey_internal:
- stm${g} %r6,%r13,6*$SIZE_T($sp) # all non-volatile regs
+ stm${g} %r4,%r13,4*$SIZE_T($sp) # all non-volatile regs and $key
larl $tbl,AES_Te+2048
@@ -904,8 +906,9 @@ $code.=<<___;
la $key,16($key) # key+=4
la $t3,4($t3) # i++
brct $rounds,.L128_loop
+ lghi $t0,10
lghi %r2,0
- lm${g} %r6,%r13,6*$SIZE_T($sp)
+ lm${g} %r4,%r13,4*$SIZE_T($sp)
br $ra
.align 16
@@ -952,8 +955,9 @@ $code.=<<___;
st $s2,32($key)
st $s3,36($key)
brct $rounds,.L192_continue
+ lghi $t0,12
lghi %r2,0
- lm${g} %r6,%r13,6*$SIZE_T($sp)
+ lm${g} %r4,%r13,4*$SIZE_T($sp)
br $ra
.align 16
@@ -1014,8 +1018,9 @@ $code.=<<___;
st $s2,40($key)
st $s3,44($key)
brct $rounds,.L256_continue
+ lghi $t0,14
lghi %r2,0
- lm${g} %r6,%r13,6*$SIZE_T($sp)
+ lm${g} %r4,%r13,4*$SIZE_T($sp)
br $ra
.align 16
@@ -1066,34 +1071,26 @@ $code.=<<___;
.type private_AES_set_decrypt_key,\@function
.align 16
private_AES_set_decrypt_key:
- st${g} $key,4*$SIZE_T($sp) # I rely on AES_set_encrypt_key to
- st${g} $ra,14*$SIZE_T($sp) # save non-volatile registers!
- bras $ra,AES_set_encrypt_key
- l${g} $key,4*$SIZE_T($sp)
+ #st${g} $key,4*$SIZE_T($sp) # I rely on AES_set_encrypt_key to
+ st${g} $ra,14*$SIZE_T($sp) # save non-volatile registers and $key!
+ bras $ra,_s390x_AES_set_encrypt_key
+ #l${g} $key,4*$SIZE_T($sp)
l${g} $ra,14*$SIZE_T($sp)
ltgr %r2,%r2
bnzr $ra
___
$code.=<<___ if (!$softonly);
- l $t0,240($key)
+ #l $t0,240($key)
lhi $t1,16
cr $t0,$t1
jl .Lgo
oill $t0,0x80 # set "decrypt" bit
st $t0,240($key)
br $ra
-
-.align 16
-.Ldkey_internal:
- st${g} $key,4*$SIZE_T($sp)
- st${g} $ra,14*$SIZE_T($sp)
- bras $ra,.Lekey_internal
- l${g} $key,4*$SIZE_T($sp)
- l${g} $ra,14*$SIZE_T($sp)
___
$code.=<<___;
-
-.Lgo: llgf $rounds,240($key)
+.align 16
+.Lgo: lgr $rounds,$t0 #llgf $rounds,240($key)
la $i1,0($key)
sllg $i2,$rounds,4
la $i2,0($i2,$key)
diff --git a/openssl/crypto/aes/asm/bsaes-x86_64.pl b/openssl/crypto/aes/asm/bsaes-x86_64.pl
index ff7e3afe8..c9c6312fa 100644
--- a/openssl/crypto/aes/asm/bsaes-x86_64.pl
+++ b/openssl/crypto/aes/asm/bsaes-x86_64.pl
@@ -65,12 +65,12 @@
# function is:
#
# conversion conversion/8x block
-# Core 2 410 0.37
-# Nehalem 310 0.35
-# Atom 570 0.26
+# Core 2 240 0.22
+# Nehalem 180 0.20
+# Atom 430 0.19
#
# The ratio values mean that 128-byte blocks will be processed
-# 21-27% slower, 256-byte blocks - 12-16%, 384-byte blocks - 8-11%,
+# 16-18% slower, 256-byte blocks - 9-10%, 384-byte blocks - 6-7%,
# etc. Then keep in mind that input sizes not divisible by 128 are
# *effectively* slower, especially shortest ones, e.g. consecutive
# 144-byte blocks are processed 44% slower than one would expect,
@@ -85,6 +85,7 @@
#
# Core 2 11.0
# Nehalem 9.16
+# Atom 20.9
#
# November 2011.
#
@@ -754,7 +755,7 @@ _bsaes_encrypt8:
movdqa ($key), @XMM[9] # round 0 key
lea 0x10($key), $key
- movdqa 0x60($const), @XMM[8] # .LM0SR
+ movdqa 0x50($const), @XMM[8] # .LM0SR
pxor @XMM[9], @XMM[0] # xor with round0 key
pxor @XMM[9], @XMM[1]
pshufb @XMM[8], @XMM[0]
@@ -905,46 +906,82 @@ $code.=<<___;
.type _bsaes_key_convert,\@abi-omnipotent
.align 16
_bsaes_key_convert:
- lea .LBS1(%rip), $const
+ lea .Lmasks(%rip), $const
movdqu ($inp), %xmm7 # load round 0 key
- movdqa -0x10($const), %xmm8 # .LBS0
- movdqa 0x00($const), %xmm9 # .LBS1
- movdqa 0x10($const), %xmm10 # .LBS2
- movdqa 0x40($const), %xmm13 # .LM0
- movdqa 0x60($const), %xmm14 # .LNOT
-
- movdqu 0x10($inp), %xmm6 # load round 1 key
lea 0x10($inp), $inp
+ movdqa 0x00($const), %xmm0 # 0x01...
+ movdqa 0x10($const), %xmm1 # 0x02...
+ movdqa 0x20($const), %xmm2 # 0x04...
+ movdqa 0x30($const), %xmm3 # 0x08...
+ movdqa 0x40($const), %xmm4 # .LM0
+ pcmpeqd %xmm5, %xmm5 # .LNOT
+
+ movdqu ($inp), %xmm6 # load round 1 key
movdqa %xmm7, ($out) # save round 0 key
lea 0x10($out), $out
dec $rounds
jmp .Lkey_loop
.align 16
.Lkey_loop:
- pshufb %xmm13, %xmm6 # .LM0
- movdqa %xmm6, %xmm7
-___
- &bitslice_key (map("%xmm$_",(0..7, 8..12)));
-$code.=<<___;
- pxor %xmm14, %xmm5 # "pnot"
- pxor %xmm14, %xmm6
- pxor %xmm14, %xmm0
- pxor %xmm14, %xmm1
- lea 0x10($inp), $inp
- movdqa %xmm0, 0x00($out) # write bit-sliced round key
- movdqa %xmm1, 0x10($out)
- movdqa %xmm2, 0x20($out)
- movdqa %xmm3, 0x30($out)
- movdqa %xmm4, 0x40($out)
- movdqa %xmm5, 0x50($out)
- movdqa %xmm6, 0x60($out)
- movdqa %xmm7, 0x70($out)
+ pshufb %xmm4, %xmm6 # .LM0
+
+ movdqa %xmm0, %xmm8
+ movdqa %xmm1, %xmm9
+
+ pand %xmm6, %xmm8
+ pand %xmm6, %xmm9
+ movdqa %xmm2, %xmm10
+ pcmpeqb %xmm0, %xmm8
+ psllq \$4, %xmm0 # 0x10...
+ movdqa %xmm3, %xmm11
+ pcmpeqb %xmm1, %xmm9
+ psllq \$4, %xmm1 # 0x20...
+
+ pand %xmm6, %xmm10
+ pand %xmm6, %xmm11
+ movdqa %xmm0, %xmm12
+ pcmpeqb %xmm2, %xmm10
+ psllq \$4, %xmm2 # 0x40...
+ movdqa %xmm1, %xmm13
+ pcmpeqb %xmm3, %xmm11
+ psllq \$4, %xmm3 # 0x80...
+
+ movdqa %xmm2, %xmm14
+ movdqa %xmm3, %xmm15
+ pxor %xmm5, %xmm8 # "pnot"
+ pxor %xmm5, %xmm9
+
+ pand %xmm6, %xmm12
+ pand %xmm6, %xmm13
+ movdqa %xmm8, 0x00($out) # write bit-sliced round key
+ pcmpeqb %xmm0, %xmm12
+ psrlq \$4, %xmm0 # 0x01...
+ movdqa %xmm9, 0x10($out)
+ pcmpeqb %xmm1, %xmm13
+ psrlq \$4, %xmm1 # 0x02...
+ lea 0x10($inp), $inp
+
+ pand %xmm6, %xmm14
+ pand %xmm6, %xmm15
+ movdqa %xmm10, 0x20($out)
+ pcmpeqb %xmm2, %xmm14
+ psrlq \$4, %xmm2 # 0x04...
+ movdqa %xmm11, 0x30($out)
+ pcmpeqb %xmm3, %xmm15
+ psrlq \$4, %xmm3 # 0x08...
+ movdqu ($inp), %xmm6 # load next round key
+
+ pxor %xmm5, %xmm13 # "pnot"
+ pxor %xmm5, %xmm14
+ movdqa %xmm12, 0x40($out)
+ movdqa %xmm13, 0x50($out)
+ movdqa %xmm14, 0x60($out)
+ movdqa %xmm15, 0x70($out)
lea 0x80($out),$out
- movdqu ($inp), %xmm6 # load next round key
dec $rounds
jnz .Lkey_loop
- movdqa 0x70($const), %xmm7 # .L63
+ movdqa 0x50($const), %xmm7 # .L63
#movdqa %xmm6, ($out) # don't save last round key
ret
.size _bsaes_key_convert,.-_bsaes_key_convert
@@ -2800,14 +2837,8 @@ _bsaes_const:
.quad 0x0504070600030201, 0x0f0e0d0c0a09080b
.LSRM0:
.quad 0x0304090e00050a0f, 0x01060b0c0207080d
-.LM0:
- .quad 0x02060a0e03070b0f, 0x0004080c0105090d
.LM0SR:
.quad 0x0a0e02060f03070b, 0x0004080c05090d01
-.LNOT: # magic constants
- .quad 0xffffffffffffffff, 0xffffffffffffffff
-.L63:
- .quad 0x6363636363636363, 0x6363636363636363
.LSWPUP: # byte-swap upper dword
.quad 0x0706050403020100, 0x0c0d0e0f0b0a0908
.LSWPUPM0SR:
@@ -2830,6 +2861,15 @@ _bsaes_const:
.quad 0x0000000000000000, 0x0000000800000000
.Lxts_magic:
.long 0x87,0,1,0
+.Lmasks:
+ .quad 0x0101010101010101, 0x0101010101010101
+ .quad 0x0202020202020202, 0x0202020202020202
+ .quad 0x0404040404040404, 0x0404040404040404
+ .quad 0x0808080808080808, 0x0808080808080808
+.LM0:
+ .quad 0x02060a0e03070b0f, 0x0004080c0105090d
+.L63:
+ .quad 0x6363636363636363, 0x6363636363636363
.asciz "Bit-sliced AES for x86_64/SSSE3, Emilia Käsper, Peter Schwabe, Andy Polyakov"
.align 64
.size _bsaes_const,.-_bsaes_const
diff --git a/openssl/crypto/aes/asm/vpaes-x86.pl b/openssl/crypto/aes/asm/vpaes-x86.pl
index 84a6f6d33..1533e2c30 100644
--- a/openssl/crypto/aes/asm/vpaes-x86.pl
+++ b/openssl/crypto/aes/asm/vpaes-x86.pl
@@ -843,6 +843,8 @@ $k_dsbo=0x2c0; # decryption sbox final output
&mov ($out,&wparam(1)); # out
&mov ($round,&wparam(2)); # len
&mov ($key,&wparam(3)); # key
+ &sub ($round,16);
+ &jc (&label("cbc_abort"));
&lea ($base,&DWP(-56,"esp"));
&mov ($const,&wparam(4)); # ivp
&and ($base,-16);
@@ -853,7 +855,6 @@ $k_dsbo=0x2c0; # decryption sbox final output
&mov (&DWP(48,"esp"),$base);
&mov (&DWP(0,"esp"),$out); # save out
- &sub ($round,16);
&mov (&DWP(4,"esp"),$key) # save key
&mov (&DWP(8,"esp"),$const); # save ivp
&mov ($out,$round); # $out works as $len
@@ -896,6 +897,7 @@ $k_dsbo=0x2c0; # decryption sbox final output
&mov ($base,&DWP(8,"esp")); # restore ivp
&mov ("esp",&DWP(48,"esp"));
&movdqu (&QWP(0,$base),"xmm1"); # write IV
+&set_label("cbc_abort");
&function_end("${PREFIX}_cbc_encrypt");
&asm_finish();
diff --git a/openssl/crypto/aes/asm/vpaes-x86_64.pl b/openssl/crypto/aes/asm/vpaes-x86_64.pl
index 025470223..37998db5e 100644
--- a/openssl/crypto/aes/asm/vpaes-x86_64.pl
+++ b/openssl/crypto/aes/asm/vpaes-x86_64.pl
@@ -263,7 +263,7 @@ _vpaes_decrypt_core:
pshufb %xmm2, %xmm4 # 4 = sbou
pxor %xmm0, %xmm4 # 4 = sb1u + k
movdqa 0x70(%r10), %xmm0 # 0 : sbot
- movdqa .Lk_sr-.Lk_dsbd(%r11), %xmm2
+ movdqa -0x160(%r11), %xmm2 # .Lk_sr-.Lk_dsbd=-0x160
pshufb %xmm3, %xmm0 # 0 = sb1t
pxor %xmm4, %xmm0 # 0 = A
pshufb %xmm2, %xmm0
@@ -869,6 +869,8 @@ ${PREFIX}_cbc_encrypt:
___
($len,$key)=($key,$len);
$code.=<<___;
+ sub \$16,$len
+ jc .Lcbc_abort
___
$code.=<<___ if ($win64);
lea -0xb8(%rsp),%rsp
@@ -887,7 +889,6 @@ ___
$code.=<<___;
movdqu ($ivp),%xmm6 # load IV
sub $inp,$out
- sub \$16,$len
call _vpaes_preheat
cmp \$0,${enc}d
je .Lcbc_dec_loop
@@ -932,6 +933,7 @@ $code.=<<___ if ($win64);
.Lcbc_epilogue:
___
$code.=<<___;
+.Lcbc_abort:
ret
.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
___
diff --git a/openssl/crypto/asn1/a_d2i_fp.c b/openssl/crypto/asn1/a_d2i_fp.c
index ece40bc4c..52b2ebdb6 100644
--- a/openssl/crypto/asn1/a_d2i_fp.c
+++ b/openssl/crypto/asn1/a_d2i_fp.c
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include "cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/asn1_mac.h>
@@ -143,17 +144,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
BUF_MEM *b;
unsigned char *p;
int i;
- int ret=-1;
ASN1_const_CTX c;
- int want=HEADER_SIZE;
+ size_t want=HEADER_SIZE;
int eos=0;
-#if defined(__GNUC__) && defined(__ia64)
- /* pathetic compiler bug in all known versions as of Nov. 2002 */
- long off=0;
-#else
- int off=0;
-#endif
- int len=0;
+ size_t off=0;
+ size_t len=0;
b=BUF_MEM_new();
if (b == NULL)
@@ -169,7 +164,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
want-=(len-off);
- if (!BUF_MEM_grow_clean(b,len+want))
+ if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;
@@ -181,7 +176,14 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
goto err;
}
if (i > 0)
+ {
+ if (len+i < len)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+ goto err;
+ }
len+=i;
+ }
}
/* else data already loaded */
@@ -206,6 +208,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
/* no data body so go round again */
eos++;
+ if (eos < 0)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
+ goto err;
+ }
want=HEADER_SIZE;
}
else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
@@ -220,10 +227,16 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
else
{
/* suck in c.slen bytes of data */
- want=(int)c.slen;
+ want=c.slen;
if (want > (len-off))
{
want-=(len-off);
+ if (want > INT_MAX /* BIO_read takes an int length */ ||
+ len+want < len)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+ goto err;
+ }
if (!BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
@@ -238,11 +251,18 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
ASN1_R_NOT_ENOUGH_DATA);
goto err;
}
+ /* This can't overflow because
+ * |len+want| didn't overflow. */
len+=i;
- want -= i;
+ want-=i;
}
}
- off+=(int)c.slen;
+ if (off + c.slen < off)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+ goto err;
+ }
+ off+=c.slen;
if (eos <= 0)
{
break;
@@ -252,9 +272,15 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
}
}
+ if (off > INT_MAX)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
+ goto err;
+ }
+
*pb = b;
return off;
err:
if (b != NULL) BUF_MEM_free(b);
- return(ret);
+ return -1;
}
diff --git a/openssl/crypto/asn1/tasn_prn.c b/openssl/crypto/asn1/tasn_prn.c
index 453698012..542a091a6 100644
--- a/openssl/crypto/asn1/tasn_prn.c
+++ b/openssl/crypto/asn1/tasn_prn.c
@@ -446,11 +446,11 @@ static int asn1_print_fsname(BIO *out, int indent,
return 1;
}
-static int asn1_print_boolean_ctx(BIO *out, const int bool,
+static int asn1_print_boolean_ctx(BIO *out, int boolval,
const ASN1_PCTX *pctx)
{
const char *str;
- switch (bool)
+ switch (boolval)
{
case -1:
str = "BOOL ABSENT";
@@ -574,10 +574,10 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
{
case V_ASN1_BOOLEAN:
{
- int bool = *(int *)fld;
- if (bool == -1)
- bool = it->size;
- ret = asn1_print_boolean_ctx(out, bool, pctx);
+ int boolval = *(int *)fld;
+ if (boolval == -1)
+ boolval = it->size;
+ ret = asn1_print_boolean_ctx(out, boolval, pctx);
}
break;
diff --git a/openssl/crypto/bio/b_sock.c b/openssl/crypto/bio/b_sock.c
index d47310d65..41f958be7 100644
--- a/openssl/crypto/bio/b_sock.c
+++ b/openssl/crypto/bio/b_sock.c
@@ -960,7 +960,6 @@ int BIO_set_tcp_ndelay(int s, int on)
#endif
return(ret == 0);
}
-#endif
int BIO_socket_nbio(int s, int mode)
{
@@ -973,3 +972,4 @@ int BIO_socket_nbio(int s, int mode)
#endif
return(ret == 0);
}
+#endif
diff --git a/openssl/crypto/bio/bio_lib.c b/openssl/crypto/bio/bio_lib.c
index e12bc3a2c..9c9646afa 100644
--- a/openssl/crypto/bio/bio_lib.c
+++ b/openssl/crypto/bio/bio_lib.c
@@ -521,40 +521,40 @@ void BIO_free_all(BIO *bio)
BIO *BIO_dup_chain(BIO *in)
{
- BIO *ret=NULL,*eoc=NULL,*bio,*new;
+ BIO *ret=NULL,*eoc=NULL,*bio,*new_bio;
for (bio=in; bio != NULL; bio=bio->next_bio)
{
- if ((new=BIO_new(bio->method)) == NULL) goto err;
- new->callback=bio->callback;
- new->cb_arg=bio->cb_arg;
- new->init=bio->init;
- new->shutdown=bio->shutdown;
- new->flags=bio->flags;
+ if ((new_bio=BIO_new(bio->method)) == NULL) goto err;
+ new_bio->callback=bio->callback;
+ new_bio->cb_arg=bio->cb_arg;
+ new_bio->init=bio->init;
+ new_bio->shutdown=bio->shutdown;
+ new_bio->flags=bio->flags;
/* This will let SSL_s_sock() work with stdin/stdout */
- new->num=bio->num;
+ new_bio->num=bio->num;
- if (!BIO_dup_state(bio,(char *)new))
+ if (!BIO_dup_state(bio,(char *)new_bio))
{
- BIO_free(new);
+ BIO_free(new_bio);
goto err;
}
/* copy app data */
- if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
&bio->ex_data))
goto err;
if (ret == NULL)
{
- eoc=new;
+ eoc=new_bio;
ret=eoc;
}
else
{
- BIO_push(eoc,new);
- eoc=new;
+ BIO_push(eoc,new_bio);
+ eoc=new_bio;
}
}
return(ret);
diff --git a/openssl/crypto/bn/bn_gf2m.c b/openssl/crypto/bn/bn_gf2m.c
index 08ab9fd22..8a4dc20ad 100644
--- a/openssl/crypto/bn/bn_gf2m.c
+++ b/openssl/crypto/bn/bn_gf2m.c
@@ -628,8 +628,11 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
}
if (ubits==vbits)
{
- bn_correct_top(u);
- ubits = BN_num_bits(u);
+ BN_ULONG ul;
+ int utop = (ubits-1)/BN_BITS2;
+
+ while ((ul=udp[utop])==0 && utop) utop--;
+ ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
}
}
bn_correct_top(b);
diff --git a/openssl/crypto/buffer/buffer.c b/openssl/crypto/buffer/buffer.c
index f4b358bbb..d7aa79ad7 100644
--- a/openssl/crypto/buffer/buffer.c
+++ b/openssl/crypto/buffer/buffer.c
@@ -60,6 +60,11 @@
#include "cryptlib.h"
#include <openssl/buffer.h>
+/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit ensures
+ * that the result fits in an int. */
+#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+
BUF_MEM *BUF_MEM_new(void)
{
BUF_MEM *ret;
@@ -105,6 +110,12 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len)
str->length=len;
return(len);
}
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
n=(len+3)/3*4;
if (str->data == NULL)
ret=OPENSSL_malloc(n);
@@ -142,6 +153,12 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
str->length=len;
return(len);
}
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
n=(len+3)/3*4;
if (str->data == NULL)
ret=OPENSSL_malloc(n);
diff --git a/openssl/crypto/cmac/cmac.c b/openssl/crypto/cmac/cmac.c
index b58602680..8b72b0968 100644
--- a/openssl/crypto/cmac/cmac.c
+++ b/openssl/crypto/cmac/cmac.c
@@ -179,6 +179,8 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
return 0;
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
return 0;
+ memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx));
+ ctx->nlast_block = 0;
return 1;
}
/* Initialiase context */
diff --git a/openssl/crypto/cms/cms_enc.c b/openssl/crypto/cms/cms_enc.c
index 580083b45..f873ce379 100644
--- a/openssl/crypto/cms/cms_enc.c
+++ b/openssl/crypto/cms/cms_enc.c
@@ -139,10 +139,10 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
+ tkeylen = EVP_CIPHER_CTX_key_length(ctx);
/* Generate random session key */
if (!enc || !ec->key)
{
- tkeylen = EVP_CIPHER_CTX_key_length(ctx);
tkey = OPENSSL_malloc(tkeylen);
if (!tkey)
{
@@ -174,7 +174,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Only reveal failure if debugging so we don't
* leak information which may be useful in MMA.
*/
- if (ec->debug)
+ if (enc || ec->debug)
{
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
CMS_R_INVALID_KEY_LENGTH);
diff --git a/openssl/crypto/evp/Makefile b/openssl/crypto/evp/Makefile
index 9c79f66f5..0fe1b96bf 100644
--- a/openssl/crypto/evp/Makefile
+++ b/openssl/crypto/evp/Makefile
@@ -211,6 +211,7 @@ e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h e_aes_cbc_hmac_sha1.c
+e_aes_cbc_hmac_sha1.o: evp_locl.h
e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
diff --git a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
index 278c6caa2..710fb79ba 100644
--- a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -83,6 +83,8 @@ typedef struct
} aux;
} EVP_AES_HMAC_SHA1;
+#define NO_PAYLOAD_LENGTH ((size_t)-1)
+
#if defined(AES_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64) || \
@@ -124,7 +126,7 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
key->tail = key->head;
key->md = key->head;
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return ret<0?0:1;
}
@@ -185,7 +187,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (len%AES_BLOCK_SIZE) return 0;
if (ctx->encrypt) {
- if (plen==0)
+ if (plen==NO_PAYLOAD_LENGTH)
plen = len;
else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE))
return 0;
@@ -271,7 +273,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return 1;
}
diff --git a/openssl/crypto/evp/e_rc4_hmac_md5.c b/openssl/crypto/evp/e_rc4_hmac_md5.c
index eaa7a5312..56563191b 100644
--- a/openssl/crypto/evp/e_rc4_hmac_md5.c
+++ b/openssl/crypto/evp/e_rc4_hmac_md5.c
@@ -75,6 +75,8 @@ typedef struct
size_t payload_length;
} EVP_RC4_HMAC_MD5;
+#define NO_PAYLOAD_LENGTH ((size_t)-1)
+
void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out,
MD5_CTX *ctx,const void *inp,size_t blocks);
@@ -93,7 +95,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
key->tail = key->head;
key->md = key->head;
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return 1;
}
@@ -120,18 +122,20 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
md5_off = MD5_CBLOCK-key->md.num,
blocks;
unsigned int l;
+ extern unsigned int OPENSSL_ia32cap_P[];
#endif
size_t plen = key->payload_length;
- if (plen && len!=(plen+MD5_DIGEST_LENGTH)) return 0;
+ if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0;
if (ctx->encrypt) {
- if (plen==0) plen = len;
+ if (plen==NO_PAYLOAD_LENGTH) plen = len;
#if defined(STITCHED_CALL)
/* cipher has to "fall behind" */
if (rc4_off>md5_off) md5_off+=MD5_CBLOCK;
- if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK)) {
+ if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) &&
+ (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
MD5_Update(&key->md,in,md5_off);
RC4(&key->ks,rc4_off,in,out);
@@ -171,7 +175,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (md5_off>rc4_off) rc4_off += 2*MD5_CBLOCK;
else rc4_off += MD5_CBLOCK;
- if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK)) {
+ if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) &&
+ (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
RC4(&key->ks,rc4_off,in,out);
MD5_Update(&key->md,out,md5_off);
@@ -191,7 +196,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
#endif
/* decrypt HMAC at once */
RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off);
- if (plen) { /* "TLS" mode of operation */
+ if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
MD5_Update(&key->md,out+md5_off,plen-md5_off);
/* calculate HMAC and verify it */
@@ -207,7 +212,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
- key->payload_length = 0;
+ key->payload_length = NO_PAYLOAD_LENGTH;
return 1;
}
diff --git a/openssl/crypto/evp/evp_enc.c b/openssl/crypto/evp/evp_enc.c
index 691072655..0c54f05e6 100644
--- a/openssl/crypto/evp/evp_enc.c
+++ b/openssl/crypto/evp/evp_enc.c
@@ -170,8 +170,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
#endif
#ifdef OPENSSL_FIPS
- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#else
+ if (FIPS_mode())
+ return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+#endif
ctx->cipher=cipher;
if (ctx->cipher->ctx_size)
{
@@ -196,7 +197,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
return 0;
}
}
-#endif
}
else if(!ctx->cipher)
{
@@ -207,8 +207,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
skip_to_init:
#endif
#ifdef OPENSSL_FIPS
- return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#else
+ if (FIPS_mode())
+ return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+#endif
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
@@ -255,7 +256,6 @@ skip_to_init:
ctx->final_used=0;
ctx->block_mask=ctx->cipher->block_size-1;
return 1;
-#endif
}
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
diff --git a/openssl/crypto/evp/p5_crpt.c b/openssl/crypto/evp/p5_crpt.c
index 7d9c1f012..294cc90d8 100644
--- a/openssl/crypto/evp/p5_crpt.c
+++ b/openssl/crypto/evp/p5_crpt.c
@@ -138,5 +138,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
rv = 1;
err:
+ EVP_MD_CTX_cleanup(&ctx);
return rv;
}
diff --git a/openssl/crypto/mem.c b/openssl/crypto/mem.c
index 8f736c3b1..21c001138 100644
--- a/openssl/crypto/mem.c
+++ b/openssl/crypto/mem.c
@@ -363,6 +363,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
if (num <= 0) return NULL;
+ /* We don't support shrinking the buffer. Note the memcpy that copies
+ * |old_len| bytes to the new buffer, below. */
+ if (num < old_len) return NULL;
+
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret=malloc_ex_func(num,file,line);
diff --git a/openssl/crypto/modes/asm/ghash-s390x.pl b/openssl/crypto/modes/asm/ghash-s390x.pl
index 48cb08d33..6a40d5d89 100644
--- a/openssl/crypto/modes/asm/ghash-s390x.pl
+++ b/openssl/crypto/modes/asm/ghash-s390x.pl
@@ -138,7 +138,7 @@ $code.=<<___ if(!$softonly);
.align 32
.Lsoft_ghash:
___
-$cdoe.=<<___ if ($flavour =~ /3[12]/);
+$code.=<<___ if ($flavour =~ /3[12]/);
llgfr $len,$len
___
$code.=<<___;
diff --git a/openssl/crypto/modes/modes_lcl.h b/openssl/crypto/modes/modes_lcl.h
index 7a82a981c..b6dc3c336 100644
--- a/openssl/crypto/modes/modes_lcl.h
+++ b/openssl/crypto/modes/modes_lcl.h
@@ -45,7 +45,7 @@ typedef unsigned char u8;
# define BSWAP4(x) ({ u32 ret=(x); \
asm ("bswapl %0" \
: "+r"(ret)); ret; })
-# elif (defined(__i386) || defined(__i386__))
+# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
asm ("bswapl %0; bswapl %1" \
: "+r"(hi),"+r"(lo)); \
diff --git a/openssl/crypto/o_fips.c b/openssl/crypto/o_fips.c
index 6a8239575..f6d1b2185 100644
--- a/openssl/crypto/o_fips.c
+++ b/openssl/crypto/o_fips.c
@@ -64,6 +64,7 @@
int FIPS_mode(void)
{
+ OPENSSL_init();
#ifdef OPENSSL_FIPS
return FIPS_module_mode();
#else
diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h
index bf4255607..71be3590a 100644
--- a/openssl/crypto/opensslv.h
+++ b/openssl/crypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000100fL
+#define OPENSSL_VERSION_NUMBER 0x1000103fL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1-fips 14 Mar 2012"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c-fips 10 May 2012"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1 14 Mar 2012"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c 10 May 2012"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/openssl/crypto/perlasm/x86masm.pl b/openssl/crypto/perlasm/x86masm.pl
index 3af045396..96b1b73e1 100644
--- a/openssl/crypto/perlasm/x86masm.pl
+++ b/openssl/crypto/perlasm/x86masm.pl
@@ -16,7 +16,7 @@ sub ::generic
# fix hexadecimal constants
for (@arg) { s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/oi; }
- if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+([^\[]+)$/$1/) # no []
+ if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/) # no []
{ $opcode="mov"; }
elsif ($opcode !~ /movq/)
{ # fix xmm references
diff --git a/openssl/crypto/pkcs7/pk7_doit.c b/openssl/crypto/pkcs7/pk7_doit.c
index fae8eda46..77fda3b82 100644
--- a/openssl/crypto/pkcs7/pk7_doit.c
+++ b/openssl/crypto/pkcs7/pk7_doit.c
@@ -430,6 +430,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
STACK_OF(X509_ALGOR) *md_sk=NULL;
STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
PKCS7_RECIP_INFO *ri=NULL;
+ unsigned char *ek = NULL, *tkey = NULL;
+ int eklen = 0, tkeylen = 0;
i=OBJ_obj2nid(p7->type);
p7->state=PKCS7_S_HEADER;
@@ -507,8 +509,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
int max;
X509_OBJECT ret;
#endif
- unsigned char *ek = NULL, *tkey = NULL;
- int eklen, tkeylen;
if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
{
@@ -609,11 +609,13 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
{
OPENSSL_cleanse(ek,eklen);
OPENSSL_free(ek);
+ ek = NULL;
}
if (tkey)
{
OPENSSL_cleanse(tkey,tkeylen);
OPENSSL_free(tkey);
+ tkey = NULL;
}
if (out == NULL)
@@ -656,6 +658,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
if (0)
{
err:
+ if (ek)
+ {
+ OPENSSL_cleanse(ek,eklen);
+ OPENSSL_free(ek);
+ }
+ if (tkey)
+ {
+ OPENSSL_cleanse(tkey,tkeylen);
+ OPENSSL_free(tkey);
+ }
if (out != NULL) BIO_free_all(out);
if (btmp != NULL) BIO_free_all(btmp);
if (etmp != NULL) BIO_free_all(etmp);
diff --git a/openssl/crypto/ppccpuid.pl b/openssl/crypto/ppccpuid.pl
index 067746947..4ba736a1d 100644
--- a/openssl/crypto/ppccpuid.pl
+++ b/openssl/crypto/ppccpuid.pl
@@ -105,7 +105,7 @@ Ladd: lwarx r5,0,r3
Little: mtctr r4
stb r0,0(r3)
addi r3,r3,1
- bdnz- \$-8
+ bdnz \$-8
blr
Lot: andi. r5,r3,3
beq Laligned
@@ -118,7 +118,7 @@ Laligned:
mtctr r5
stw r0,0(r3)
addi r3,r3,4
- bdnz- \$-8
+ bdnz \$-8
andi. r4,r4,3
bne Little
blr
diff --git a/openssl/crypto/rc4/asm/rc4-s390x.pl b/openssl/crypto/rc4/asm/rc4-s390x.pl
index 1aa754820..7528ece13 100644
--- a/openssl/crypto/rc4/asm/rc4-s390x.pl
+++ b/openssl/crypto/rc4/asm/rc4-s390x.pl
@@ -171,10 +171,10 @@ $ikey="%r7";
$iinp="%r8";
$code.=<<___;
-.globl RC4_set_key
-.type RC4_set_key,\@function
+.globl private_RC4_set_key
+.type private_RC4_set_key,\@function
.align 64
-RC4_set_key:
+private_RC4_set_key:
stm${g} %r6,%r8,6*$SIZE_T($sp)
lhi $cnt,256
la $idx,0(%r0)
@@ -210,7 +210,7 @@ RC4_set_key:
.Ldone:
lm${g} %r6,%r8,6*$SIZE_T($sp)
br $rp
-.size RC4_set_key,.-RC4_set_key
+.size private_RC4_set_key,.-private_RC4_set_key
___
}
diff --git a/openssl/crypto/rsa/Makefile b/openssl/crypto/rsa/Makefile
index ec9c74d78..f798d2f74 100644
--- a/openssl/crypto/rsa/Makefile
+++ b/openssl/crypto/rsa/Makefile
@@ -225,11 +225,12 @@ rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-rsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rsa_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-rsa_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-rsa_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-rsa_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pmeth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h
+rsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_pmeth.o: ../../include/openssl/objects.h
rsa_pmeth.o: ../../include/openssl/opensslconf.h
rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
diff --git a/openssl/crypto/ui/ui.h b/openssl/crypto/ui/ui.h
index 2b1cfa228..bd78aa413 100644
--- a/openssl/crypto/ui/ui.h
+++ b/openssl/crypto/ui/ui.h
@@ -316,7 +316,7 @@ int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
int (*UI_method_get_closer(UI_METHOD *method))(UI*);
-char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);
+char * (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);
/* The following functions are helpers for method writers to access relevant
data from a UI_STRING. */
diff --git a/openssl/crypto/x509/x509_lu.c b/openssl/crypto/x509/x509_lu.c
index 3a6e04a1d..38525a8cd 100644
--- a/openssl/crypto/x509/x509_lu.c
+++ b/openssl/crypto/x509/x509_lu.c
@@ -87,7 +87,7 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
if (ctx == NULL) return;
if ( (ctx->method != NULL) &&
(ctx->method->free != NULL))
- ctx->method->free(ctx);
+ (*ctx->method->free)(ctx);
OPENSSL_free(ctx);
}