From 22b3a95d5c2cda53ff5fe378008f6084d30545ec Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 2 Dec 2002 03:01:52 +0000 Subject: Recent changes from 0.9.6-stable. --- crypto/bf/bftest.c | 4 +++- crypto/bn/bn_lib.c | 4 ++-- crypto/bn/bn_rand.c | 2 +- crypto/bn/bntest.c | 12 ++++++------ crypto/bn/exptest.c | 19 +++++++++++-------- crypto/cast/casttest.c | 4 +++- crypto/dh/dhtest.c | 7 +++++-- crypto/dsa/dsatest.c | 12 ++++++++++-- crypto/hmac/hmactest.c | 4 +++- crypto/idea/ideatest.c | 4 +++- crypto/md2/md2_dgst.c | 2 +- crypto/md2/md2_one.c | 2 +- crypto/md2/md2test.c | 4 +++- crypto/md4/md4_one.c | 2 +- crypto/md4/md4test.c | 4 +++- crypto/md5/md5_one.c | 2 +- crypto/md5/md5test.c | 4 +++- crypto/mdc2/mdc2_one.c | 2 +- crypto/mdc2/mdc2test.c | 4 +++- crypto/pem/pem_lib.c | 2 +- crypto/rand/randtest.c | 4 +++- crypto/rc2/rc2test.c | 4 +++- crypto/rc4/rc4test.c | 4 +++- crypto/rc5/rc5test.c | 4 +++- crypto/ripemd/rmdtest.c | 4 +++- crypto/sha/sha1test.c | 4 +++- crypto/sha/shatest.c | 4 +++- doc/crypto/RSA_print.pod | 6 +++--- e_os.h | 6 +++--- ssl/s3_srvr.c | 2 +- ssl/ssltest.c | 2 +- test/methtest.c | 4 ++-- 32 files changed, 96 insertions(+), 52 deletions(-) diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c index cf67cadefd..212edfaf62 100644 --- a/crypto/bf/bftest.c +++ b/crypto/bf/bftest.c @@ -63,6 +63,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_BF int main(int argc, char *argv[]) { @@ -275,7 +277,7 @@ int main(int argc, char *argv[]) else ret=test(); - exit(ret); + EXIT(ret); return(0); } diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 7767d65170..5f121dea1e 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a) if (a == NULL) return; if (a->d != NULL) { - memset(a->d,0,a->dmax*sizeof(a->d[0])); + OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) OPENSSL_free(a->d); } i=BN_get_flags(a,BN_FLG_MALLOCED); - memset(a,0,sizeof(BIGNUM)); + OPENSSL_cleanse(a,sizeof(BIGNUM)); if (i) OPENSSL_free(a); } diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 4944ffbf23..eb65c28cbb 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) err: if (buf != NULL) { - memset(buf,0,bytes); + OPENSSL_cleanse(buf,bytes); OPENSSL_free(buf); } return(ret); diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index af0c2629e8..6ae2b4aff0 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -139,10 +139,10 @@ int main(int argc, char *argv[]) ctx=BN_CTX_new(); - if (ctx == NULL) exit(1); + if (ctx == NULL) EXIT(1); out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); + if (out == NULL) EXIT(1); if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); @@ -152,7 +152,7 @@ int main(int argc, char *argv[]) if (!BIO_write_filename(out,outfile)) { perror(outfile); - exit(1); + EXIT(1); } } @@ -228,14 +228,14 @@ int main(int argc, char *argv[]) BIO_free(out); /**/ - exit(0); + EXIT(0); err: BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices * the failure, see test_bn in test/Makefile.ssl*/ BIO_flush(out); ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); - exit(1); + EXIT(1); return(1); } @@ -746,7 +746,7 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx) while ((l=ERR_get_error())) fprintf(stderr,"ERROR:%s\n", ERR_error_string(l,NULL)); - exit(1); + EXIT(1); } if (bp != NULL) { diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c index 3e86f2ea0e..b3b807af38 100644 --- a/crypto/bn/exptest.c +++ b/crypto/bn/exptest.c @@ -59,6 +59,9 @@ #include #include #include + +#include "../e_os.h" + #include #include #include @@ -86,7 +89,7 @@ int main(int argc, char *argv[]) ERR_load_BN_strings(); ctx=BN_CTX_new(); - if (ctx == NULL) exit(1); + if (ctx == NULL) EXIT(1); r_mont=BN_new(); r_recp=BN_new(); r_simple=BN_new(); @@ -99,7 +102,7 @@ int main(int argc, char *argv[]) out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); + if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); for (i=0; i<200; i++) @@ -124,7 +127,7 @@ int main(int argc, char *argv[]) { printf("BN_mod_exp_mont() problems\n"); ERR_print_errors(out); - exit(1); + EXIT(1); } ret=BN_mod_exp_recp(r_recp,a,b,m,ctx); @@ -132,7 +135,7 @@ int main(int argc, char *argv[]) { printf("BN_mod_exp_recp() problems\n"); ERR_print_errors(out); - exit(1); + EXIT(1); } ret=BN_mod_exp_simple(r_simple,a,b,m,ctx); @@ -140,7 +143,7 @@ int main(int argc, char *argv[]) { printf("BN_mod_exp_simple() problems\n"); ERR_print_errors(out); - exit(1); + EXIT(1); } if (BN_cmp(r_simple, r_mont) == 0 @@ -163,7 +166,7 @@ int main(int argc, char *argv[]) printf("\nrecp ="); BN_print(out,r_recp); printf("\nmont ="); BN_print(out,r_mont); printf("\n"); - exit(1); + EXIT(1); } } BN_free(r_mont); @@ -177,11 +180,11 @@ int main(int argc, char *argv[]) CRYPTO_mem_leaks(out); BIO_free(out); printf(" done\n"); - exit(0); + EXIT(0); err: ERR_load_crypto_strings(); ERR_print_errors(out); - exit(1); + EXIT(1); return(1); } diff --git a/crypto/cast/casttest.c b/crypto/cast/casttest.c index ab2aeac606..0e1034da45 100644 --- a/crypto/cast/casttest.c +++ b/crypto/cast/casttest.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_CAST int main(int argc, char *argv[]) { @@ -224,7 +226,7 @@ int main(int argc, char *argv[]) } #endif - exit(err); + EXIT(err); return(err); } #endif diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index a38465da13..c57cac099d 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -59,6 +59,9 @@ #include #include #include + +#include "../e_os.h" + #ifdef WINDOWS #include "../bio/bss_file.c" #endif @@ -107,7 +110,7 @@ int main(int argc, char *argv[]) RAND_seed(rnd_seed, sizeof rnd_seed); out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); + if (out == NULL) EXIT(1); BIO_set_fp(out,stdout,BIO_NOCLOSE); a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); @@ -188,7 +191,7 @@ err: if(b != NULL) DH_free(b); if(a != NULL) DH_free(a); BIO_free(out); - exit(ret); + EXIT(ret); return(ret); } diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 309a7cda89..2361ad61cb 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -61,6 +61,9 @@ #include #include #include + +#include "../e_os.h" + #include #include #include @@ -207,10 +210,15 @@ end: BIO_free(bio_err); bio_err = NULL; } - exit(!ret); + EXIT(!ret); return(0); } +static int cb_exit(int ec) + { + EXIT(ec); + } + static void MS_CALLBACK dsa_cb(int p, int n, void *arg) { char c='*'; @@ -226,7 +234,7 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) if (!ok && (p == 0) && (num > 1)) { BIO_printf((BIO *)arg,"error in dsatest\n"); - exit(1); + cb_exit(1); } } #endif diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c index 4b56b8ee13..3bc476b9c7 100644 --- a/crypto/hmac/hmactest.c +++ b/crypto/hmac/hmactest.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_HMAC int main(int argc, char *argv[]) { @@ -143,7 +145,7 @@ int main(int argc, char *argv[]) else printf("test %d ok\n",i); } - exit(err); + EXIT(err); return(0); } diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c index 64b9353e41..01d43adb19 100644 --- a/crypto/idea/ideatest.c +++ b/crypto/idea/ideatest.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_IDEA int main(int argc, char *argv[]) { @@ -167,7 +169,7 @@ int main(int argc, char *argv[]) else printf("ok\n"); - exit(err); + EXIT(err); return(err); } diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c index 608baefa8f..458a3fad7f 100644 --- a/crypto/md2/md2_dgst.c +++ b/crypto/md2/md2_dgst.c @@ -194,7 +194,7 @@ static void md2_block(MD2_CTX *c, const unsigned char *d) t=(t+i)&0xff; } memcpy(sp1,state,16*sizeof(MD2_INT)); - memset(state,0,48*sizeof(MD2_INT)); + OPENSSL_cleanse(state,48*sizeof(MD2_INT)); } void MD2_Final(unsigned char *md, MD2_CTX *c) diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c index b12c37ce4d..835160ef56 100644 --- a/crypto/md2/md2_one.c +++ b/crypto/md2/md2_one.c @@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD2_Final(md,&c); - memset(&c,0,sizeof(c)); /* Security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */ return(md); } diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c index e3f4fb4c34..4d7231753b 100644 --- a/crypto/md2/md2test.c +++ b/crypto/md2/md2test.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_MD2 int main(int argc, char *argv[]) { @@ -119,7 +121,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); + EXIT(err); return(0); } diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c index 87a995d38d..53efd430ec 100644 --- a/crypto/md4/md4_one.c +++ b/crypto/md4/md4_one.c @@ -89,7 +89,7 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD4_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/md4/md4test.c b/crypto/md4/md4test.c index 97e6e21efd..faa9e84a9a 100644 --- a/crypto/md4/md4test.c +++ b/crypto/md4/md4test.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_MD4 int main(int argc, char *argv[]) { @@ -115,7 +117,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); + EXIT(err); return(0); } diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c index b89dec850d..c67eb795ca 100644 --- a/crypto/md5/md5_one.c +++ b/crypto/md5/md5_one.c @@ -89,7 +89,7 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md) } #endif MD5_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c index 6bd8656302..e3258cc0bf 100644 --- a/crypto/md5/md5test.c +++ b/crypto/md5/md5test.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_MD5 int main(int argc, char *argv[]) { @@ -115,7 +117,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); + EXIT(err); return(0); } diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c index 6cd141b4d6..37f06c8d77 100644 --- a/crypto/mdc2/mdc2_one.c +++ b/crypto/mdc2/mdc2_one.c @@ -69,7 +69,7 @@ unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md) MDC2_Init(&c); MDC2_Update(&c,d,n); MDC2_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ return(md); } diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c index 46c25aeff4..bad02979ee 100644 --- a/crypto/mdc2/mdc2test.c +++ b/crypto/mdc2/mdc2test.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #if defined(NO_DES) && !defined(NO_MDC2) #define NO_MDC2 #endif @@ -134,7 +136,7 @@ int main(int argc, char *argv[]) else printf("pad2 - ok\n"); - exit(ret); + EXIT(ret); return(ret); } #endif diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index a86a98f419..e024bd7873 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -380,7 +380,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, * NOT taken from the BytesToKey function */ EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); - if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); + if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); buf[0]='\0'; PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c index da96e3f695..abee3f7b2b 100644 --- a/crypto/rand/randtest.c +++ b/crypto/rand/randtest.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + /* some FIPS 140-1 random number test */ /* some simple tests */ @@ -202,6 +204,6 @@ int main() } printf("test 4 done\n"); err=((err)?1:0); - exit(err); + EXIT(err); return(err); } diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c index 521269ded1..bf8bc5d02f 100644 --- a/crypto/rc2/rc2test.c +++ b/crypto/rc2/rc2test.c @@ -63,6 +63,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_RC2 int main(int argc, char *argv[]) { @@ -203,7 +205,7 @@ int main(int argc, char *argv[]) printf("ok\n"); #endif - exit(err); + EXIT(err); return(err); } diff --git a/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c index 3914eb6c38..3aa40ed235 100644 --- a/crypto/rc4/rc4test.c +++ b/crypto/rc4/rc4test.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_RC4 int main(int argc, char *argv[]) { @@ -195,7 +197,7 @@ int main(int argc, char *argv[]) } } printf("done\n"); - exit(err); + EXIT(err); return(0); } #endif diff --git a/crypto/rc5/rc5test.c b/crypto/rc5/rc5test.c index 634ceac7c7..84e7c71d21 100644 --- a/crypto/rc5/rc5test.c +++ b/crypto/rc5/rc5test.c @@ -63,6 +63,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_RC5 int main(int argc, char *argv[]) { @@ -318,7 +320,7 @@ int main(int argc, char *argv[]) } if (err == 0) printf("cbc RC5 ok\n"); - exit(err); + EXIT(err); return(err); } diff --git a/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c index 5d79c99725..dd3a49d705 100644 --- a/crypto/ripemd/rmdtest.c +++ b/crypto/ripemd/rmdtest.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_RIPEMD int main(int argc, char *argv[]) { @@ -124,7 +126,7 @@ int main(int argc, char *argv[]) R++; P++; } - exit(err); + EXIT(err); return(0); } diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index 688d06c637..8c2bd33f56 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_SHA int main(int argc, char *argv[]) { @@ -152,7 +154,7 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); - exit(err); + EXIT(err); return(0); } diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c index a5786bbf76..d9329f0307 100644 --- a/crypto/sha/shatest.c +++ b/crypto/sha/shatest.c @@ -60,6 +60,8 @@ #include #include +#include "../e_os.h" + #ifdef NO_SHA int main(int argc, char *argv[]) { @@ -152,7 +154,7 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); - exit(err); + EXIT(err); return(0); } diff --git a/doc/crypto/RSA_print.pod b/doc/crypto/RSA_print.pod index 67876facc5..e28d107d1c 100644 --- a/doc/crypto/RSA_print.pod +++ b/doc/crypto/RSA_print.pod @@ -2,9 +2,9 @@ =head1 NAME -RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print, -DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic -parameters +RSA_print, RSA_print_fp, +DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, +DHparams_print, DHparams_print_fp - print cryptographic parameters =head1 SYNOPSIS diff --git a/e_os.h b/e_os.h index d49c6ef7e7..30008fa781 100644 --- a/e_os.h +++ b/e_os.h @@ -220,9 +220,9 @@ extern "C" { # endif # if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST) -# define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); } +# define EXIT(n) do { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); } while(0) # else -# define EXIT(n) return(n); +# define EXIT(n) return(n) # endif # define LIST_SEPARATOR_CHAR ';' # ifndef X_OK @@ -318,7 +318,7 @@ extern "C" { # define LIST_SEPARATOR_CHAR ':' # define NUL_DEV "/dev/null" # ifndef MONOLITH -# define EXIT(n) exit(n); return(n) +# define EXIT(n) do { exit(n); return(n); } while(0) # else # define EXIT(n) return(n) # endif diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 7a89993b48..6b414cfa5c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1471,7 +1471,7 @@ static int ssl3_get_client_key_exchange(SSL *s) s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, p,i); - memset(p,0,i); + OPENSSL_cleanse(p,i); } else #endif diff --git a/ssl/ssltest.c b/ssl/ssltest.c index d6704852b4..3de9663e51 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -366,7 +366,7 @@ bad: "the test anyway (and\n-d to see what happens), " "or add one of -ssl2, -ssl3, -tls1, -reuse\n" "to avoid protocol mismatch.\n"); - exit(1); + EXIT(1); } if (print_time) diff --git a/test/methtest.c b/test/methtest.c index 06ccb3b310..005c2f4822 100644 --- a/test/methtest.c +++ b/test/methtest.c @@ -96,10 +96,10 @@ char *argv[]; METH_init(top); METH_control(tmp1,METH_CONTROL_DUMP,stdout); METH_control(tmp2,METH_CONTROL_DUMP,stdout); - exit(0); + EXIT(0); err: ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); - exit(1); + EXIT(1); return(0); } -- cgit v1.2.3