Recent changes from 0.9.6-stable.

2002-12-02 03:01:52 +00:00 · 2002-12-02 03:01:52 +00:00 · 22b3a95d5c
commit 22b3a95d5c
parent 63e86149c1
32 changed files with 96 additions and 52 deletions
--- a/crypto/bf/bftest.c
+++ b/crypto/bf/bftest.c
@ -63,6 +63,8 @@
 #include <string.h>
 #include <stdlib.h>

+#include "../e_os.h"
+
 #ifdef NO_BF
 int main(int argc, char *argv[])
 {
@ -275,7 +277,7 @@ int main(int argc, char *argv[])
 	else
 		ret=test();

-	exit(ret);
+	EXIT(ret);
 	return(0);
 	}

--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a)
 	if (a == NULL) return;
 	if (a->d != NULL)
 		{
-		memset(a->d,0,a->dmax*sizeof(a->d[0]));
+		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
 		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
 			OPENSSL_free(a->d);
 		}
 	i=BN_get_flags(a,BN_FLG_MALLOCED);
-	memset(a,0,sizeof(BIGNUM));
+	OPENSSL_cleanse(a,sizeof(BIGNUM));
 	if (i)
 		OPENSSL_free(a);
 	}
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 err:
 	if (buf != NULL)
 		{
-		memset(buf,0,bytes);
+		OPENSSL_cleanse(buf,bytes);
 		OPENSSL_free(buf);
 		}
 	return(ret);
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@ -139,10 +139,10 @@ int main(int argc, char *argv[])


 	ctx=BN_CTX_new();
-	if (ctx == NULL) exit(1);
+	if (ctx == NULL) EXIT(1);

 	out=BIO_new(BIO_s_file());
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@ -152,7 +152,7 @@ int main(int argc, char *argv[])
 		if (!BIO_write_filename(out,outfile))
 			{
 			perror(outfile);
-			exit(1);
+			EXIT(1);
 			}
 		}

@ -228,14 +228,14 @@ int main(int argc, char *argv[])
 	BIO_free(out);

 /**/
-	exit(0);
+	EXIT(0);
 err:
 	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
 	                      * the failure, see test_bn in test/Makefile.ssl*/
 	BIO_flush(out);
 	ERR_load_crypto_strings();
 	ERR_print_errors_fp(stderr);
-	exit(1);
+	EXIT(1);
 	return(1);
 	}

@ -746,7 +746,7 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 			while ((l=ERR_get_error()))
 				fprintf(stderr,"ERROR:%s\n",
 					ERR_error_string(l,NULL));
-			exit(1);
+			EXIT(1);
 			}
 		if (bp != NULL)
 			{
--- a/crypto/bn/exptest.c
+++ b/crypto/bn/exptest.c
@ -59,6 +59,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+
+#include "../e_os.h"
+
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
@ -86,7 +89,7 @@ int main(int argc, char *argv[])
 	ERR_load_BN_strings();

 	ctx=BN_CTX_new();
-	if (ctx == NULL) exit(1);
+	if (ctx == NULL) EXIT(1);
 	r_mont=BN_new();
 	r_recp=BN_new();
 	r_simple=BN_new();
@ -99,7 +102,7 @@ int main(int argc, char *argv[])

 	out=BIO_new(BIO_s_file());

-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);

 	for (i=0; i<200; i++)
@ -124,7 +127,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_mont() problems\n");
 			ERR_print_errors(out);
-			exit(1);
+			EXIT(1);
 			}

 		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
@ -132,7 +135,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_recp() problems\n");
 			ERR_print_errors(out);
-			exit(1);
+			EXIT(1);
 			}

 		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
@ -140,7 +143,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_simple() problems\n");
 			ERR_print_errors(out);
-			exit(1);
+			EXIT(1);
 			}

 		if (BN_cmp(r_simple, r_mont) == 0
@ -163,7 +166,7 @@ int main(int argc, char *argv[])
 			printf("\nrecp     =");	BN_print(out,r_recp);
 			printf("\nmont     ="); BN_print(out,r_mont);
 			printf("\n");
-			exit(1);
+			EXIT(1);
 			}
 		}
 	BN_free(r_mont);
@ -177,11 +180,11 @@ int main(int argc, char *argv[])
 	CRYPTO_mem_leaks(out);
 	BIO_free(out);
 	printf(" done\n");
-	exit(0);
+	EXIT(0);
 err:
 	ERR_load_crypto_strings();
 	ERR_print_errors(out);
-	exit(1);
+	EXIT(1);
 	return(1);
 	}

--- a/crypto/cast/casttest.c
+++ b/crypto/cast/casttest.c
@ -60,6 +60,8 @@
 #include <string.h>
 #include <stdlib.h>

+#include "../e_os.h"
+
 #ifdef NO_CAST
 int main(int argc, char *argv[])
 {
@ -224,7 +226,7 @@ int main(int argc, char *argv[])
      }
 #endif

-    exit(err);
+    EXIT(err);
    return(err);
    }
 #endif
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@ -59,6 +59,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+
+#include "../e_os.h"
+
 #ifdef WINDOWS
 #include "../bio/bss_file.c" 
 #endif
@ -107,7 +110,7 @@ int main(int argc, char *argv[])
 	RAND_seed(rnd_seed, sizeof rnd_seed);

 	out=BIO_new(BIO_s_file());
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);

 	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
@ -188,7 +191,7 @@ err:
 	if(b != NULL) DH_free(b);
 	if(a != NULL) DH_free(a);
 	BIO_free(out);
-	exit(ret);
+	EXIT(ret);
 	return(ret);
 	}

--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@ -61,6 +61,9 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+
+#include "../e_os.h"
+
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/bio.h>
@ -207,10 +210,15 @@ end:
 		BIO_free(bio_err);
 		bio_err = NULL;
 		}
-	exit(!ret);
+	EXIT(!ret);
 	return(0);
 	}

+static int cb_exit(int ec)
+	{
+	EXIT(ec);
+	}
+
 static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
@ -226,7 +234,7 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	if (!ok && (p == 0) && (num > 1))
 		{
 		BIO_printf((BIO *)arg,"error in dsatest\n");
-		exit(1);
+		cb_exit(1);
 		}
 	}
 #endif
--- a/crypto/hmac/hmactest.c
+++ b/crypto/hmac/hmactest.c
@ -60,6 +60,8 @@
 #include <string.h>
 #include <stdlib.h>

+#include "../e_os.h"
+
 #ifdef NO_HMAC
 int main(int argc, char *argv[])
 {
@ -143,7 +145,7 @@ int main(int argc, char *argv[])
 		else
 			printf("test %d ok\n",i);
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}

--- a/crypto/idea/ideatest.c
+++ b/crypto/idea/ideatest.c
@ -60,6 +60,8 @@
 #include <string.h>
 #include <stdlib.h>

+#include "../e_os.h"
+
 #ifdef NO_IDEA
 int main(int argc, char *argv[])
 {
@ -167,7 +169,7 @@ int main(int argc, char *argv[])
 	else
 		printf("ok\n");

-	exit(err);
+	EXIT(err);
 	return(err);
 	}

--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@ -194,7 +194,7 @@ static void md2_block(MD2_CTX *c, const unsigned char *d)
 		t=(t+i)&0xff;
 		}
 	memcpy(sp1,state,16*sizeof(MD2_INT));
-	memset(state,0,48*sizeof(MD2_INT));
+	OPENSSL_cleanse(state,48*sizeof(MD2_INT));
 	}

 void MD2_Final(unsigned char *md, MD2_CTX *c)
--- a/crypto/md2/md2_one.c
+++ b/crypto/md2/md2_one.c
@ -88,6 +88,6 @@ unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
 	}
 #endif
 	MD2_Final(md,&c);
-	memset(&c,0,sizeof(c));	/* Security consideration */
+	OPENSSL_cleanse(&c,sizeof(c));	/* Security consideration */
 	return(md);
 	}
--- a/crypto/md2/md2test.c
+++ b/crypto/md2/md2test.c
@ -60,6 +60,8 @@
 #include <stdlib.h>
 #include <string.h>

+#include "../e_os.h"
+
 #ifdef NO_MD2
 int main(int argc, char *argv[])
 {
@ -119,7 +121,7 @@ int main(int argc, char *argv[])
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}

--- a/crypto/md4/md4_one.c
+++ b/crypto/md4/md4_one.c
@ -89,7 +89,7 @@ unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
 	}
 #endif
 	MD4_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}

--- a/crypto/md4/md4test.c
+++ b/crypto/md4/md4test.c
@ -60,6 +60,8 @@
 #include <string.h>
 #include <stdlib.h>

+#include "../e_os.h"
+
 #ifdef NO_MD4
 int main(int argc, char *argv[])
 {
@ -115,7 +117,7 @@ int main(int argc, char *argv[])
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}

--- a/crypto/md5/md5_one.c
+++ b/crypto/md5/md5_one.c
@ -89,7 +89,7 @@ unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
 	}
 #endif
 	MD5_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}

--- a/crypto/md5/md5test.c
+++ b/crypto/md5/md5test.c
@ -60,6 +60,8 @@
 #include <string.h>
 #include <stdlib.h>

+#include "../e_os.h"
+
 #ifdef NO_MD5
 int main(int argc, char *argv[])
 {
@ -115,7 +117,7 @@ int main(int argc, char *argv[])
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}

--- a/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
@ -69,7 +69,7 @@ unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md)
 	MDC2_Init(&c);
 	MDC2_Update(&c,d,n);
        MDC2_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}

--- a/crypto/mdc2/mdc2test.c
+++ b/crypto/mdc2/mdc2test.c
@ -60,6 +60,8 @@
 #include <stdlib.h>
 #include <string.h>

+#include "../e_os.h"
+
 #if defined(NO_DES) && !defined(NO_MDC2)
 #define NO_MDC2
 #endif
@ -134,7 +136,7 @@ int main(int argc, char *argv[])
 	else
 		printf("pad2 - ok\n");

-	exit(ret);
+	EXIT(ret);
 	return(ret);
 	}
 #endif
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@ -380,7 +380,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
 		 * NOT taken from the BytesToKey function */
 		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);

-		if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);

 		buf[0]='\0';
 		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
--- a/crypto/rand/randtest.c
+++ b/crypto/rand/randtest.c
@ -60,6 +60,8 @@
 #include <stdlib.h>
 #include <openssl/rand.h>

+#include "../e_os.h"
+
 /* some FIPS 140-1 random number test */
 /* some simple tests */

@ -202,6 +204,6 @@ int main()
 		}
 	printf("test 4 done\n");
 	err=((err)?1:0);
-	exit(err);
+	EXIT(err);
 	return(err);
 	}
--- a/crypto/rc2/rc2test.c
+++ b/crypto/rc2/rc2test.c
@ -63,6 +63,8 @@
 #include <string.h>
 #include <stdlib.h>

+#include "../e_os.h"
+
 #ifdef NO_RC2
 int main(int argc, char *argv[])
 {
@ -203,7 +205,7 @@ int main(int argc, char *argv[])
 		printf("ok\n");
 #endif

-	exit(err);
+	EXIT(err);
 	return(err);
 	}

--- a/crypto/rc4/rc4test.c
+++ b/crypto/rc4/rc4test.c
@ -60,6 +60,8 @@
 #include <stdlib.h>
 #include <string.h>

+#include "../e_os.h"
+
 #ifdef NO_RC4
 int main(int argc, char *argv[])
 {
@ -195,7 +197,7 @@ int main(int argc, char *argv[])
 			}
 		}
 	printf("done\n");
-	exit(err);
+	EXIT(err);
 	return(0);
 	}
 #endif
--- a/crypto/rc5/rc5test.c
+++ b/crypto/rc5/rc5test.c
@ -63,6 +63,8 @@
 #include <string.h>
 #include <stdlib.h>

+#include "../e_os.h"
+
 #ifdef NO_RC5
 int main(int argc, char *argv[])
 {
@ -318,7 +320,7 @@ int main(int argc, char *argv[])
 		}
 	if (err == 0) printf("cbc RC5 ok\n");

-	exit(err);
+	EXIT(err);
 	return(err);
 	}

--- a/crypto/ripemd/rmdtest.c
+++ b/crypto/ripemd/rmdtest.c
@ -60,6 +60,8 @@
 #include <string.h>
 #include <stdlib.h>

+#include "../e_os.h"
+
 #ifdef NO_RIPEMD
 int main(int argc, char *argv[])
 {
@ -124,7 +126,7 @@ int main(int argc, char *argv[])
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}

--- a/crypto/sha/sha1test.c
+++ b/crypto/sha/sha1test.c
@ -60,6 +60,8 @@
 #include <string.h>
 #include <stdlib.h>

+#include "../e_os.h"
+
 #ifdef NO_SHA
 int main(int argc, char *argv[])
 {
@ -152,7 +154,7 @@ int main(int argc, char *argv[])
 		}
 	else
 		printf("test 3 ok\n");
-	exit(err);
+	EXIT(err);
 	return(0);
 	}

--- a/crypto/sha/shatest.c
+++ b/crypto/sha/shatest.c
@ -60,6 +60,8 @@
 #include <string.h>
 #include <stdlib.h>

+#include "../e_os.h"
+
 #ifdef NO_SHA
 int main(int argc, char *argv[])
 {
@ -152,7 +154,7 @@ int main(int argc, char *argv[])
 		}
 	else
 		printf("test 3 ok\n");
-	exit(err);
+	EXIT(err);
 	return(0);
 	}

--- a/doc/crypto/RSA_print.pod
+++ b/doc/crypto/RSA_print.pod
@ -2,9 +2,9 @@

 =head1 NAME

-RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print,
-DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic
-parameters
+RSA_print, RSA_print_fp,
+DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+DHparams_print, DHparams_print_fp - print cryptographic parameters

 =head1 SYNOPSIS

--- a/e_os.h
+++ b/e_os.h
@ -220,9 +220,9 @@ extern "C" {
 #  endif

 #  if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
-#    define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
+#    define EXIT(n) do { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); } while(0)
 #  else
-#    define EXIT(n)		return(n);
+#    define EXIT(n)		return(n)
 #  endif
 #  define LIST_SEPARATOR_CHAR ';'
 #  ifndef X_OK
@ -318,7 +318,7 @@ extern "C" {
 #    define LIST_SEPARATOR_CHAR ':'
 #    define NUL_DEV		"/dev/null"
 #    ifndef MONOLITH
-#      define EXIT(n)		exit(n); return(n)
+#      define EXIT(n)		do { exit(n); return(n); } while(0)
 #    else
 #      define EXIT(n)		return(n)
 #    endif
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@ -1471,7 +1471,7 @@ static int ssl3_get_client_key_exchange(SSL *s)
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,
 				p,i);
-		memset(p,0,i);
+		OPENSSL_cleanse(p,i);
 		}
 	else
 #endif
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@ -366,7 +366,7 @@ bad:
 			"the test anyway (and\n-d to see what happens), "
 			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
 			"to avoid protocol mismatch.\n");
-		exit(1);
+		EXIT(1);
 		}

 	if (print_time)
--- a/test/methtest.c
+++ b/test/methtest.c
@ -96,10 +96,10 @@ char *argv[];
 	METH_init(top);
 	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
 	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
-	exit(0);
+	EXIT(0);
 err:
 	ERR_load_crypto_strings();
 	ERR_print_errors_fp(stderr);
-	exit(1);
+	EXIT(1);
 	return(0);
 	}