This commit was manufactured by cvs2svn to create tag 'STATE_after_zlib'.

ZLIB a known compression method, with the identity 1.

.cvsignore

@@ -1,3 +1,4 @@
+openssl.pc
 Makefile.ssl
 MINFO
 makefile.one

CHANGES

@@ -4,6 +4,39 @@
 
  Changes between 0.9.7 and 0.9.8  [xx XXX 2002]
 
+  *) Change the "progress" mechanism used in key-generation and
+     primality testing to functions that take a new BN_GENCB pointer in
+     place of callback/argument pairs. The new API functions have "_ex"
+     postfixes and the older functions are reimplemented as wrappers for
+     the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
+     declarations of the old functions to help (graceful) attempts to
+     migrate to the new functions. Also, the new key-generation API
+     functions operate on a caller-supplied key-structure and return
+     success/failure rather than returning a key or NULL - this is to
+     help make "keygen" another member function of RSA_METHOD etc.
+     [Geoff Thorpe]
+
+  *) Change the ZLIB compression method to be stateful, and make it
+     available to TLS with the number defined in 
+     draft-ietf-tls-compression-04.txt.
+     [Richard Levitte]
+
+  *) Add the ASN.1 structures and functions for CertificatePair, which
+     is defined as follows (according to X.509_4thEditionDraftV6.pdf):
+
+     CertificatePair ::= SEQUENCE {
+	forward		[0]	Certificate OPTIONAL,
+	reverse		[1]	Certificate OPTIONAL,
+	-- at least one of the pair shall be present -- }
+
+     Also implement the PEM functions to read and write certificate
+     pairs, and defined the PEM tag as "CERTIFICATE PAIR".
+
+     This needed to be defined, mostly for the sake of the LDAP
+     attribute crossCertificatePair, but may prove useful elsewhere as
+     well.
+     [Richard Levitte]
+
   *) Make it possible to inhibit symlinking of shared libraries in
      Makefile.shared, for Cygwin's sake.
      [Richard Levitte]
@@ -319,6 +352,16 @@ TODO: bug: pad  x  with leading zeros if necessary
  
  Changes between 0.9.6h and 0.9.7  [XX xxx 2002]
 
+  *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
+     octets have been read, EOF or an error occurs. Without this change
+     some truncated ASN1 structures will not produce an error.
+     [Steve Henson]
+
+  *) Disable Heimdal support, since it hasn't been fully implemented.
+     Still give the possibility to force the use of Heimdal, but with
+     warnings and a request that patches get sent to openssl-dev.
+     [Richard Levitte]
+
   *) Add the VC-CE target, introduce the WINCE sysname, and add
      INSTALL.WCE and appropriate conditionals to make it build.
      [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
@@ -2093,7 +2136,22 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
- Changes between 0.9.6g and 0.9.6h  [xx XXX xxxx]
+ Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
+
+  *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+     memory from it's contents.  This is done with a counter that will
+     place alternating values in each byte.  This can be used to solve
+     two issues: 1) the removal of calls to memset() by highly optimizing
+     compilers, and 2) cleansing with other values than 0, since those can
+     be read through on certain media, for example a swap space on disk.
+     [Geoff Thorpe]
+
+  *) Bugfix: client side session caching did not work with external caching,
+     because the session->cipher setting was not restored when reloading
+     from the external cache. This problem was masked, when
+     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+     (Found by Steve Haslam <steve@araqnid.ddts.net>.)
+     [Lutz Jaenicke]
 
   *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
      length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.

Configure

@@ -203,9 +203,8 @@ my %table=(
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
 "linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# !!!Folowing can't be even tested yet!!!
+# GCC 3.1 is a requirement
-#    We have to wait till 64-bit glibc for SPARC is operational!!!
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
 
 # Sunos configs, assuming sparc for the gcc one.
 ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::",
@@ -392,6 +391,7 @@ my %table=(
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-s390x",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-DL_ENDIAN -DNO_ASM ::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -994,6 +994,17 @@ else
 	my ($lresolv, $lpath, $lext);
 	if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
 		{
+		die "Sorry, Heimdal is currently not supported\n";
+		}
+	##### HACK to force use of Heimdal.
+	##### WARNING: Since we don't really have adequate support for Heimdal,
+	#####          using this will break the build.  You'll have to make
+	#####          changes to the source, and if you do, please send
+	#####          patches to openssl-dev@openssl.org
+	if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
+		{
+		warn "Heimdal isn't really supported.  Your build WILL break\n";
+		warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
 		$withargs{"krb5-dir"} = "/usr/heimdal"
 			if $withargs{"krb5-dir"} eq "";
 		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.

FAQ

@@ -66,7 +66,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.6g was released on August 9, 2002.
+OpenSSL 0.9.6h was released on December 5, 2002.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:

INSTALL.DJGPP

@@ -12,12 +12,14 @@
  latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
  requires that PERL and BC also be installed.
 
- All of these can be obtained from the usual DJGPP mirror sites, such as
+ All of these can be obtained from the usual DJGPP mirror sites, such
- "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to have
+ as "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to
- the WATT-32 networking package installed before you try to compile
+ have the WATT-32 networking package installed before you try to compile
- openssl. This can be obtained from "http://www.bgnett.no/~giva/". The
+ openssl. This can be obtained from "http://www.bgnett.no/~giva/".
- Makefile assumes that the WATT-32 code is in directory "watt32" under
+ The Makefile assumes that the WATT-32 code is in the directory
- /dev/env/DJDIR.
+ specified by the environment variable WATT_ROOT. If you have watt-32
+ in directory "watt32" under your main DJGPP directory, specify
+ WATT_ROOT="/dev/env/DJDIR/watt32".
 
  To compile openssl, start your BASH shell. Then configure for DOS by
  running "./Configure" with appropriate arguments. The basic syntax for

INSTALL.WCE

@@ -8,6 +8,12 @@
   * wcecompat compatibility library (www.essemer.com.au)
   * Optionally ceutils for running automated tests (www.essemer.com.au)
 
+ You also need Perl for Win32.  You will need ActiveState Perl, available
+ from http://www.activestate.com/ActivePerl.
+
+ Windows CE support in OpenSSL relies on wcecompat.  All Windows CE specific
+ issues should be directed to www.essemer.com.au.
+
  The C Runtime Library implementation for Windows CE that is included with
  Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places
  incorrect.  wcecompat plugs the holes and tries to bring the Windows CE
@@ -20,9 +26,6 @@
  Building
  --------
 
- You need Perl for Win32.  Unless you will build on Cygwin, you will need
- ActiveState Perl, available from http://www.activestate.com/ActivePerl.
-
  Setup the eMbedded Visual C++ environment.  There are batch files for doing
  this installed with eVC++.  For an ARM processor, for example, execute:
 
@@ -61,3 +64,8 @@
  > cd out32
  > ..\ms\testce
 
+ This will copy each of the test programs to the Windows CE device and execute
+ them, displaying the output of the tests on this computer.  The output should
+ look similar to the output produced by running the tests for a regular Windows
+ build.
+

Makefile.org

@@ -361,7 +361,8 @@ rehash.time: certs
 	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
 		export OPENSSL OPENSSL_DEBUG_MEMORY; \
 		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
-		if [ "$(PLATFORM)" != "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" != "Cygwin" ];  then PATH="`pwd`:$$PATH"; fi; \
 		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 		$(PERL) tools/c_rehash certs)
 	touch rehash.time
@@ -372,7 +373,8 @@ tests: rehash
 	@(cd test && echo "testing..." && \
 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
 	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
-		if [ "$(PLATFORM)" != "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" != "Cygwin" ];  then PATH="`pwd`:$$PATH"; fi; \
 		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 		apps/openssl version -a
 
@@ -534,22 +536,30 @@ install_docs:
 	for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+		echo "installing man$$sec/$$fn.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
 		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+		$(PERL) util/extract-names.pl < $$i | grep -v "^$$fn" | \
+			while read n; do \
+				util/point.sh $$fn.$$sec $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$n.$$sec; \
+			done; \
 	done; \
 	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
 		fn=`basename $$i .pod`; \
 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
-		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+		echo "installing man$$sec/$$fn.$$sec"; \
 		(cd `$(PERL) util/dirname.pl $$i`; \
 		sh -c "$$pod2man \
 			--section=$$sec --center=OpenSSL \
 			--release=$(VERSION) `basename $$i`") \
-			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+		$(PERL) util/extract-names.pl < $$i | grep -v "^$$fn" | \
+			while read n; do \
+				util/point.sh $$fn.$$sec $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$n.$$sec; \
+			done; \
 	done
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.

NEWS

@@ -17,6 +17,12 @@
         a separate distribution.
       o New elliptic curve library section.
       o New AES (Rijndael) library section.
+      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
+        Linux x86_64
+      o Extended support for some platforms: VxWorks
+      o Enhanced support for shared libraries.
+      o Support for pkg-config.
+      o Lots of new manuals.
       o Change DES API to clean up the namespace (some applications link also
         against libdes providing similar functions having the same name).
         Provide macros for backward compatibility (will be removed in the
@@ -30,16 +36,32 @@
       o Reworked parts of the BIGNUM code.
       o Support for new engines: Broadcom ubsec, Accelerated Encryption
         Processing, IBM 4758.
+      o A few new engines added in the demos area.
       o Extended and corrected OID (object identifier) table.
       o PRNG: query at more locations for a random device, automatic query for
         EGD style random sources at several locations.
       o SSL/TLS: allow optional cipher choice according to server's preference.
       o SSL/TLS: allow server to explicitly set new session ids.
       o SSL/TLS: support Kerberos cipher suites (RFC2712).
+	Only supports MIT Kerberos for now.
       o SSL/TLS: allow more precise control of renegotiations and sessions.
       o SSL/TLS: add callback to retrieve SSL/TLS messages.
       o SSL/TLS: support AES cipher suites (RFC3268).
 
+  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+
+      o New configuration targets for Tandem OSS and A/UX.
+      o New OIDs for Microsoft attributes.
+      o Better handling of SSL session caching.
+      o Better comparison of distinguished names.
+      o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+      o Support assembler code with Borland C.
+      o Fixes for length problems.
+      o Fixes for uninitialised variables.
+      o Fixes for memory leaks, some unusual crashes and some race conditions.
+      o Fixes for smaller building problems.
+      o Updates of manuals, FAQ and other instructive documents.
+
   Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
 
       o Important building fixes on Unix.

PROBLEMS

@@ -46,3 +46,19 @@ scripts use the same name for output and input files, which means different
 will interfere with each other and lead to test failure.
 
 The solution is simple for now: don't run parallell make when testing.
+
+
+* Bugs in gcc 3.0 triggered
+
+According to a problem report, there are bugs in gcc 3.0 that are
+triggered by some of the code in OpenSSL, more specifically in
+PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
+
+	header+=11;
+	if (*header != '4') return(0); header++;
+	if (*header != ',') return(0); header++;
+
+What happens is that gcc might optimize a little too agressively, and
+you end up with an extra incrementation when *header != '4'.
+
+We recommend that you upgrade gcc to as high a 3.x version as you can.

STATUS

@@ -1,13 +1,17 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2002/08/14 11:07:29 $
+  ______________                           $Date: 2002/12/07 20:03:42 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7-beta5: Released on December  5th, 2002
+    o  OpenSSL 0.9.7-beta4: Released on November 19th, 2002
+       Debian GNU/Linux (kernel version 2.4.19, gcc 2.95.4)	- PASSED
     o  OpenSSL 0.9.7-beta3: Released on July     30th, 2002
     o  OpenSSL 0.9.7-beta2: Released on June     16th, 2002
     o  OpenSSL 0.9.7-beta1: Released on June      1st, 2002
+    o  OpenSSL 0.9.6h: Released on December   5th, 2002
     o  OpenSSL 0.9.6g: Released on August     9th, 2002
     o  OpenSSL 0.9.6f: Released on August     8th, 2002
     o  OpenSSL 0.9.6e: Released on July      30th, 2002
@@ -31,6 +35,18 @@
     o BN_mod_mul verification fails for mips3-sgi-irix
       unless configured with no-asm
 
+    o [2002-11-21]
+      PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may
+      be optimized away in modern compilers.  This is definitely not good
+      and needs to be fixed immediately.  The formula to use is presented
+      in:
+
+      http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0
+
+      The problem report that mentions this is:
+
+      https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343
+
   AVAILABLE PATCHES
 
     o 
@@ -52,9 +68,12 @@
 	UTIL (a new set of library functions to support some higher level
 	      functionality that is currently missing).
 	Shared library support for VMS.
-	Kerberos 5 authentication
+	Kerberos 5 authentication (Heimdal)
 	Constification
-	OCSP
+	Compression
+	Attribute Certificate support
+	Certificate Pair support
+	Storage Engines (primarly an LDAP storage engine)
 
   NEEDS PATCH
 

TABLE

@@ -875,6 +875,31 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
+*** VC-CE
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WINCE
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
 *** VC-MSDOS
 $cc           = cl
 $cflags       = 
@@ -3350,6 +3375,56 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
+*** linux-x86_64
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DNO_ASM
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux64-sparcv9
+$cc           = gcc
+$cflags       = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv9.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = -m64
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
 *** ncr-scde
 $cc           = cc
 $cflags       = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw

apps/Makefile.ssl

@@ -148,7 +148,8 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	fi
 	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
 		LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
-		if [ "$(PLATFORM)" != "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" != "Cygwin" ];  then PATH="`pwd`:$$PATH"; fi; \
 		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 		$(PERL) tools/c_rehash certs)
 

apps/apps.c

@@ -615,7 +615,7 @@ int password_callback(char *buf, int bufsiz, int verify,
 
 		if (buff)
 			{
-			memset(buff,0,(unsigned int)bufsiz);
+			OPENSSL_cleanse(buff,(unsigned int)bufsiz);
 			OPENSSL_free(buff);
 			}
 
@@ -625,13 +625,13 @@ int password_callback(char *buf, int bufsiz, int verify,
 			{
 			BIO_printf(bio_err, "User interface error\n");
 			ERR_print_errors(bio_err);
-			memset(buf,0,(unsigned int)bufsiz);
+			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
 			res = 0;
 			}
 		if (ok == -2)
 			{
 			BIO_printf(bio_err,"aborted!\n");
-			memset(buf,0,(unsigned int)bufsiz);
+			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
 			res = 0;
 			}
 		UI_free(ui);

apps/asn1pars.c

@@ -361,7 +361,7 @@ end:
 	if (osk != NULL) sk_free(osk);
 	OBJ_cleanup();
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)

apps/ca.c

@@ -706,7 +706,7 @@ bad:
 		}
 	pkey = load_key(bio_err, keyfile, keyform, 0, key, e, 
 		"CA private key");
-	if (key) memset(key,0,strlen(key));
+	if (key) OPENSSL_cleanse(key,strlen(key));
 	if (pkey == NULL)
 		{
 		/* load_key() has already printed an appropriate message */
@@ -1652,7 +1652,7 @@ err:
 	NCONF_free(conf);
 	OBJ_cleanup();
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 static void lookup_fail(char *name, char *tag)

apps/ciphers.c

@@ -203,6 +203,6 @@ end:
 	if (ssl != NULL) SSL_free(ssl);
 	if (STDout != NULL) BIO_free_all(STDout);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 

apps/crl.c

@@ -377,7 +377,7 @@ end:
 		X509_STORE_free(store);
 	}
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 static X509_CRL *load_crl(char *infile, int format)

apps/crl2p7.c

@@ -280,7 +280,7 @@ end:
 	if (crl != NULL) X509_CRL_free(crl);
 
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 /*

apps/dgst.c

@@ -356,7 +356,7 @@ int MAIN(int argc, char **argv)
 end:
 	if (buf != NULL)
 		{
-		memset(buf,0,BUFSIZE);
+		OPENSSL_cleanse(buf,BUFSIZE);
 		OPENSSL_free(buf);
 		}
 	if (in != NULL) BIO_free(in);
@@ -365,7 +365,7 @@ end:
 	if(sigbuf) OPENSSL_free(sigbuf);
 	if (bmd != NULL) BIO_free(bmd);
 	apps_shutdown();
-	EXIT(err);
+	OPENSSL_EXIT(err);
 	}
 
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,

apps/dh.c

@@ -333,6 +333,6 @@ end:
 	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 #endif

apps/dhparam.c

@@ -519,7 +519,7 @@ end:
 	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 /* dh_cb is identical to dsa_cb in apps/dsaparam.c */

apps/dsa.c

@@ -314,6 +314,6 @@ end:
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 #endif

apps/dsaparam.c

@@ -372,7 +372,7 @@ end:
 	if (out != NULL) BIO_free_all(out);
 	if (dsa != NULL) DSA_free(dsa);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 static void MS_CALLBACK dsa_cb(int p, int n, void *arg)

apps/ec.c

@@ -390,6 +390,6 @@ end:
 	if (passout)
 		OPENSSL_free(passout);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 }
 #endif

apps/ecparam.c

@@ -679,7 +679,7 @@ end:
 	if (group != NULL)
 		EC_GROUP_free(group);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 }
 
 int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,

apps/enc.c

@@ -481,9 +481,9 @@ bad:
 			 * bug picked up by
 			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
 			if (str == strbuf)
-				memset(str,0,SIZE);
+				OPENSSL_cleanse(str,SIZE);
 			else
-				memset(str,0,strlen(str));
+				OPENSSL_cleanse(str,strlen(str));
 			}
 		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
 			{
@@ -586,7 +586,7 @@ end:
 	if (b64 != NULL) BIO_free(b64);
 	if(pass) OPENSSL_free(pass);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 int set_hex(char *in, unsigned char *out, int size)

apps/engine.c

@@ -516,5 +516,5 @@ end:
 	sk_pop_free(post_cmds, identity);
 	if (bio_out != NULL) BIO_free_all(bio_out);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}

apps/errstr.c

@@ -122,5 +122,5 @@ int MAIN(int argc, char **argv)
 			}
 		}
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}

apps/gendh.c

@@ -198,7 +198,7 @@ end:
 	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 static void MS_CALLBACK dh_cb(int p, int n, void *arg)

apps/gendsa.c

@@ -246,6 +246,6 @@ end:
 	if (dsa != NULL) DSA_free(dsa);
 	if(passout) OPENSSL_free(passout);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 #endif

apps/genrsa.c

@@ -258,7 +258,7 @@ err:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)

apps/nseq.c

@@ -102,7 +102,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf (bio_err, "-in file  input file\n");
 		BIO_printf (bio_err, "-out file output file\n");
 		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
-		EXIT(1);
+		OPENSSL_EXIT(1);
 	}
 
 	if (infile) {
@@ -162,6 +162,6 @@ end:
 	BIO_free_all(out);
 	NETSCAPE_CERT_SEQUENCE_free(seq);
 
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 }
 

apps/ocsp.c

@@ -899,7 +899,7 @@ end:
 		SSL_CTX_free(ctx);
 		}
 
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 }
 
 static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,

apps/openssl.c

@@ -229,6 +229,10 @@ int main(int Argc, char *Argv[])
 	arg.data=NULL;
 	arg.count=0;
 
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
 	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
 		{
 		if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
@@ -253,10 +257,6 @@ int main(int Argc, char *Argv[])
 
 	apps_startup();
 
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
 	/* Lets load up our environment a little */
 	p=getenv("OPENSSL_CONF");
 	if (p == NULL)
@@ -358,7 +358,7 @@ end:
 		BIO_free(bio_err);
 		bio_err=NULL;
 		}
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 #define LIST_STANDARD_COMMANDS "list-standard-commands"

apps/passwd.c

@@ -292,7 +292,7 @@ err:
 	if (out)
 		BIO_free_all(out);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 
@@ -505,6 +505,6 @@ err:
 int MAIN(int argc, char **argv)
 	{
 	fputs("Program not available.\n", stderr)
-	EXIT(1);
+	OPENSSL_EXIT(1);
 	}
 #endif

apps/pkcs12.c

@@ -651,7 +651,7 @@ int MAIN(int argc, char **argv)
     if(passin) OPENSSL_free(passin);
     if(passout) OPENSSL_free(passout);
     apps_shutdown();
-    EXIT(ret);
+    OPENSSL_EXIT(ret);
 }
 
 int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,

apps/pkcs7.c

@@ -301,5 +301,5 @@ end:
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free_all(out);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}

apps/rand.c

@@ -213,5 +213,5 @@ err:
 	if (out)
 		BIO_free_all(out);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}

apps/req.c

@@ -1150,7 +1150,7 @@ end:
 	if (ec_params != NULL) EC_KEY_free(ec_params);
 #endif
 	apps_shutdown();
-	EXIT(ex);
+	OPENSSL_EXIT(ex);
 	}
 
 static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs,

apps/rsa.c

@@ -369,7 +369,7 @@ end:
 	if(passin) OPENSSL_free(passin);
 	if(passout) OPENSSL_free(passout);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 #else /* !OPENSSL_NO_RSA */
 

apps/s_client.c

@@ -908,16 +908,16 @@ end:
 	if (con != NULL) SSL_free(con);
 	if (con2 != NULL) SSL_free(con2);
 	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
+	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
-	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
+	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
-	if (mbuf != NULL) { memset(mbuf,0,BUFSIZZ); OPENSSL_free(mbuf); }
+	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
 	if (bio_c_out != NULL)
 		{
 		BIO_free(bio_c_out);
 		bio_c_out=NULL;
 		}
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 

apps/s_server.c

@@ -946,7 +946,7 @@ end:
 		bio_s_out=NULL;
 		}
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
@@ -1262,7 +1262,7 @@ err:
 	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
 	if (buf != NULL)
 		{
-		memset(buf,0,bufsize);
+		OPENSSL_cleanse(buf,bufsize);
 		OPENSSL_free(buf);
 		}
 	if (ret >= 0)

apps/s_socket.c

@@ -62,8 +62,6 @@
 #include <errno.h>
 #include <signal.h>
 
-#include <openssl/e_os2.h>
-
 /* With IPv6, it looks like Digital has mixed up the proper order of
    recursive header file inclusion, resulting in the compiler complaining
    that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
@@ -81,6 +79,14 @@ typedef unsigned int u_int;
 #include "s_apps.h"
 #include <openssl/ssl.h>
 
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
+
+#ifndef OPENSSL_NO_SOCK
+
 static struct hostent *GetHostByName(char *name);
 #ifdef OPENSSL_SYS_WINDOWS
 static void ssl_sock_cleanup(void);
@@ -553,3 +559,5 @@ static struct hostent *GetHostByName(char *name)
 		return(ret);
 		}
 	}
+
+#endif

apps/s_time.c

@@ -642,7 +642,7 @@ end:
 		tm_ctx=NULL;
 		}
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 /***********************************************************************

apps/sess_id.c

@@ -273,7 +273,7 @@ end:
 	if (out != NULL) BIO_free_all(out);
 	if (x != NULL) SSL_SESSION_free(x);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 static SSL_SESSION *load_sess_id(char *infile, int format)

apps/speed.c

@@ -208,7 +208,8 @@
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
-# ifdef _SC_CLK_TCK
+# if defined(_SC_CLK_TCK) \
+     && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
 #  define HZ ((double)sysconf(_SC_CLK_TCK))
 # else
 #  ifndef CLK_TCK
@@ -2315,7 +2316,7 @@ end:
 #endif
 
 	apps_shutdown();
-	EXIT(mret);
+	OPENSSL_EXIT(mret);
 	}
 
 static void print_message(const char *s, long num, int length)

apps/spkac.c

@@ -295,5 +295,5 @@ end:
 	EVP_PKEY_free(pkey);
 	if(passin) OPENSSL_free(passin);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}

apps/verify.c

@@ -232,7 +232,7 @@ end:
 	sk_X509_pop_free(untrusted, X509_free);
 	sk_X509_pop_free(trusted, X509_free);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)

apps/version.c

@@ -212,5 +212,5 @@ int MAIN(int argc, char **argv)
 	if (dir)  printf("%s\n",SSLeay_version(SSLEAY_DIR));
 end:
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}

apps/x509.c

@@ -1029,7 +1029,7 @@ end:
 	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
 	if (passin) OPENSSL_free(passin);
 	apps_shutdown();
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
 static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)

config

@@ -547,12 +547,13 @@ EOF
   ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
   i386-apple-darwin*) OUT="darwin-i386-cc" ;;
   sparc64-*-linux2)
-	#Before we can uncomment following lines we have to wait at least
+	echo "WARNING! If *know* that your GNU C supports 64-bit/V9 ABI"
-	#till 64-bit glibc for SPARC is operational:-(
+	echo "         and wish to build 64-bit library, then you have to"
-	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+	echo "         invoke './Configure linux64-sparcv9' *manually*."
-	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+	if [ "$TEST" = "false" ]; then
-	#echo "         Type return if you want to continue, Ctrl-C to abort."
+	  echo "          You have about 5 seconds to press Ctrl-C to abort."
-	#read waste < /dev/tty
+	  (stty -icanon min 0 time 50; read waste) < /dev/tty
+	fi
 	OUT="linux-sparcv9" ;;
   sparc-*-linux2)
 	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
@@ -585,6 +586,7 @@ EOF
   arm*-*-linux2) OUT="linux-elf-arm" ;;
   s390-*-linux2) OUT="linux-s390" ;;
   s390x-*-linux?) OUT="linux-s390x" ;;
+  x86_64-*-linux?) OUT="linux-x86_64" ;;
   *-*-linux2) OUT="linux-elf"
 	if [ "$GCCVER" -gt 28 ]; then
           if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then

crypto/Makefile.ssl

@@ -36,8 +36,8 @@ GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
+LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
 
 SRC= $(LIBSRC)
 
@@ -193,6 +193,10 @@ mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
 mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
+mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_clr.o: ../include/openssl/symhacks.h mem_clr.c
 mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h

crypto/asn1/a_d2i_fp.c

@@ -149,7 +149,12 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 	ASN1_CTX c;
 	int want=HEADER_SIZE;
 	int eos=0;
+#if defined(__GNUC__) && defined(__ia64)
+	/* pathetic compiler bug in all known versions as of Nov. 2002 */
+	long off=0;
+#else
 	int off=0;
+#endif
 	int len=0;
 
 	b=BUF_MEM_new();
@@ -226,13 +231,18 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 					ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
 					goto err;
 					}
+				while (want > 0)
+					{
 					i=BIO_read(in,&(b->data[len]),want);
 					if (i <= 0)
 						{
-					ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
+						ASN1err(ASN1_F_ASN1_D2I_BIO,
+						    ASN1_R_NOT_ENOUGH_DATA);
 						goto err;
 						}
 					len+=i;
+					want -= i;
+					}
 				}
 			off+=(int)c.slen;
 			if (eos <= 0)

crypto/asn1/a_sign.c

@@ -204,9 +204,9 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 err:
 	EVP_MD_CTX_cleanup(&ctx);
 	if (buf_in != NULL)
-		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
 	if (buf_out != NULL)
-		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
 	return(outl);
 	}
 
@@ -287,8 +287,8 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 err:
 	EVP_MD_CTX_cleanup(&ctx);
 	if (buf_in != NULL)
-		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
 	if (buf_out != NULL)
-		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
 	return(outl);
 	}

crypto/asn1/a_type.c

@@ -62,7 +62,7 @@
 
 int ASN1_TYPE_get(ASN1_TYPE *a)
 	{
-	if (a->value.ptr != NULL)
+	if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
 		return(a->type);
 	else
 		return(0);

crypto/asn1/a_verify.c

@@ -103,7 +103,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-	memset(buf_in,0,(unsigned int)inl);
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
 	OPENSSL_free(buf_in);
 
 	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
@@ -153,7 +153,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-	memset(buf_in,0,(unsigned int)inl);
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
 	OPENSSL_free(buf_in);
 
 	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,

crypto/asn1/n_pkey.c

@@ -187,7 +187,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	i2d_NETSCAPE_PKEY(pkey,&zz);
 
 	/* Wipe the private key encoding */
-	memset(pkey->private_key->data, 0, rsalen);
+	OPENSSL_cleanse(pkey->private_key->data, rsalen);
 		
 	if (cb == NULL)
 		cb=EVP_read_pw_string;
@@ -206,7 +206,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	}
 
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	memset(buf,0,256);
+	OPENSSL_cleanse(buf,256);
 
 	/* Encrypt private key in place */
 	zz = enckey->enckey->digest->data;
@@ -294,7 +294,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
 	}
 		
 	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	memset(buf,0,256);
+	OPENSSL_cleanse(buf,256);
 
 	EVP_CIPHER_CTX_init(&ctx);
 	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);

crypto/asn1/p8_pkey.c

@@ -68,8 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 	if(operation == ASN1_OP_FREE_PRE) {
 		PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
 		if (key->pkey->value.octet_string)
-		memset(key->pkey->value.octet_string->data,
+		OPENSSL_cleanse(key->pkey->value.octet_string->data,
-				 0, key->pkey->value.octet_string->length);
+			key->pkey->value.octet_string->length);
 	}
 	return 1;
 }

crypto/asn1/t_pkey.c

@@ -479,7 +479,7 @@ int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
 	unsigned char *buffer=NULL;
 	size_t	buf_len=0, i;
 	int     ret=0, reason=ERR_R_BIO_LIB;
-	BIGNUM  *pub_key=NULL;
+	BIGNUM  *pub_key=NULL, *order=NULL;
 	BN_CTX  *ctx=NULL;
  
 	if (!x || !x->group)
@@ -513,8 +513,12 @@ int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
 		{
 		if (!BIO_indent(bp, off, 128))
 			goto err;
+		if ((order = BN_new()) == NULL)
+			goto err;
+		if (!EC_GROUP_get_order(x->group, order, NULL))
+			goto err;
 		if (BIO_printf(bp, "Private-Key: (%d bit)\n", 
-			BN_num_bits(x->priv_key)) <= 0) goto err;
+			BN_num_bits(order)) <= 0) goto err;
 		}
   
 	if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, 
@@ -531,6 +535,8 @@ err:
  		ECerr(EC_F_EC_KEY_PRINT, reason);
 	if (pub_key) 
 		BN_free(pub_key);
+	if (order)
+		BN_free(order);
 	if (ctx)
 		BN_CTX_free(ctx);
 	if (buffer != NULL)

crypto/asn1/x_x509a.c

@@ -172,3 +172,9 @@ void X509_reject_clear(X509 *x)
 	}
 }
 
+ASN1_SEQUENCE(X509_CERT_PAIR) = {
+	ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
+	ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
+} ASN1_SEQUENCE_END(X509_CERT_PAIR)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)

crypto/bf/bftest.c

@@ -63,6 +63,8 @@
 #include <string.h>
 #include <stdlib.h>
 
+#include "../e_os.h"
+
 #ifdef OPENSSL_NO_BF
 int main(int argc, char *argv[])
 {
@@ -275,7 +277,7 @@ int main(int argc, char *argv[])
 	else
 		ret=test();
 
-	exit(ret);
+	EXIT(ret);
 	return(0);
 	}
 

crypto/bn/asm/vms.mar

@@ -1,4 +1,4 @@
-	.title	vax_bn_mul_add_word  unsigned multiply & add, 32*32+32+32=>64
+	.title	vax_bn_mul_add_words  unsigned multiply & add, 32*32+32+32=>64
 ;
 ; w.j.m. 15-jan-1999
 ;
@@ -59,7 +59,7 @@ w=16 ;(AP)	w	by value (input)
 	movl	r6,r0			; return c
 	ret
 
-	.title	vax_bn_mul_word  unsigned multiply & add, 32*32+32=>64
+	.title	vax_bn_mul_words  unsigned multiply & add, 32*32+32=>64
 ;
 ; w.j.m. 15-jan-1999
 ;
@@ -172,146 +172,148 @@ n=12 ;(AP)	n	by value (input)
 ; }
 ;
 ; Using EDIV would be very easy, if it didn't do signed calculations.
-; Therefore, som extra things have to happen around it.  The way to
+; Any time, any of the input numbers are signed, there are problems,
-; handle that is to shift all operands right one step (basically dividing
+; usually with integer overflow, at which point it returns useless
-; them by 2) and handle the different cases depending on what the lowest
+; data (the quotient gets the value of l, and the remainder becomes 0).
-; bit of each operand was.
 ;
-; To start with, let's define the following:
+; If it was just for the dividend, it would be very easy, just divide
+; it by 2 (unsigned), do the division, multiply the resulting quotient
+; and remainder by 2, add the bit that was dropped when dividing by 2
+; to the remainder, and do some adjustment so the remainder doesn't
+; end up larger than the divisor.  This method works as long as the
+; divisor is positive, so we'll keep that (with a small adjustment)
+; as the main method.
+; For some cases when the divisor is negative (from EDIV's point of
+; view, i.e. when the highest bit is set), dividing the dividend by
+; 2 isn't enough, it needs to be divided by 4.  Furthermore, the
+; divisor needs to be divided by 2 (unsigned) as well, to avoid more
+; problems with the sign.  In this case, a little extra fiddling with
+; the remainder is required.
 ;
-; a' = l & 1
+; So, the simplest way to handle this is always to divide the dividend
-; a2 = <h,l> >> 1	# UNSIGNED shift!
+; by 4, and to divide the divisor by 2 if it's highest bit is set.
-; b' = d & 1
+; After EDIV has been used, the quotient gets multiplied by 4 if the
-; b2 = d >> 1		# UNSIGNED shift!
+; original divisor was positive, otherwise 2.  The remainder, oddly
+; enough, is *always* multiplied by 4.
 ;
-; Now, use EDIV to calculate a quotient and a remainder:
+; The routine ends with comparing the resulting remainder with the
+; original divisor and if the remainder is larger, subtract the
+; original divisor from it, and increase the quotient by 1.  This is
+; done until the remainder is smaller than the divisor.
 ;
-; q'' = a2/b2
+; The complete algorithm looks like this:
-; r'' = a2 - q''*b2
 ;
-; If b' is 0, the quotient is already correct, we just need to adjust the
+; d'    = d
-; remainder:
+; l'    = l & 3
+; [h,l] = [h,l] >> 2
+; [q,r] = floor([h,l] / d)	# This is the EDIV operation
+; if (q < 0) q = -q		# I doubt this is necessary any more
 ;
-; if (b' == 0)
+; r'    = r >> 30
+; if (d' >= 0) q = q << 1
+; q     = q << 1
+; r     = (r << 2) + l'
+;
+; if (d' < 0)
 ;   {
-;     r = 2*r'' + a'
+;     [r',r] = [r',r] - q
-;     q = q''
+;     while ([r',r] < 0)
-;   }
-;
-; If b' is 1, we need to do other adjustements.  The first thought is the
-; following (note that r' will not always have the right value, but an
-; adjustement follows further down):
-;
-; if (b' == 1)
 ;       {
-;     q' = q''
+;         [r',r] = [r',r] + d
-;     r' = a - q'*b
+;         q = q - 1
-;
-; However, one can note the folowing relationship:
-;
-;                         r'' = a2 - q''*b2
-;                  =>   2*r'' = 2*a2 - 2*q''*b2
-;                             = { a = 2*a2 + a', b = 2*b2 + b' = 2*b2 + 1,
-;                                 q' = q'' }
-;                             = a - a' - q'*(b - 1)
-;                             = a - q'*b - a' + q'
-;                             = r' - a' + q'
-;                  =>     r'  = 2*r'' - q' + a'
-;
-; This enables us to use r'' instead of discarding and calculating another
-; modulo:
-;
-; if (b' == 1)
-;   {
-;     q' = q''
-;     r' = (r'' << 1) - q' + a'
-;
-; Now, all we have to do is adjust r', because it might be < 0:
-;
-;     while (r' < 0)
-;       {
-;         r' = r' + b
-;         q' = q' - 1
 ;       }
 ;   }
 ;
-; return q'
+; while ([r',r] >= d)
+;   {
+;     [r',r] = [r',r] - d
+;     q = q + 1
+;   }
+;
+; return q
 
 h=4 ;(AP)	h	by value (input)
 l=8 ;(AP)	l	by value (input)
 d=12 ;(AP)	d	by value (input)
 
-;aprim=r5
+;lprim=r5
-;a2=r6
+;rprim=r6
-;a20=r6
+;dprim=r7
-;a21=r7
-;bprim=r8
-;b2=r9
-;qprim=r10	; initially used as q''
-;rprim=r11	; initially used as r''
 
 
 	.psect	code,nowrt
 
-.entry	bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
+.entry	bn_div_words,^m<r2,r3,r4,r5,r6,r7>
 	movl	l(ap),r2
 	movl	h(ap),r3
 	movl	d(ap),r4
 
-	movl	#0,r5
+	bicl3	#^XFFFFFFFC,r2,r5 ; l' = l & 3
-	movl	#0,r8
+	bicl3	#^X00000003,r2,r2
-	movl	#0,r0
-;	movl	#0,r1
 
-	rotl	#-1,r2,r6	; a20 = l >> 1 (almost)
+	bicl3	#^XFFFFFFFC,r3,r6
-	rotl	#-1,r3,r7	; a21 = h >> 1 (almost)
+	bicl3	#^X00000003,r3,r3
-	rotl	#-1,r4,r9	; b2 = d >> 1 (almost)
         
-	tstl	r6
+	addl	r6,r2
-	bgeq	1$
+	rotl	#-2,r2,r2	; l = l >> 2
-	xorl2	#^X80000000,r6	; fixup a20 so highest bit is 0
+	rotl	#-2,r3,r3	; h = h >> 2
-	incl	r5		; a' = 1
+                
-1$:
+	movl	#0,r6
-	tstl	r7
+	movl	r4,r7		; d' = d
-	bgeq	2$
+
-	xorl2	#^X80000000,r6	; fixup a20 so highest bit is 1,
+	tstl	r4
-				; since that's what was lowest in a21
-	xorl2	#^X80000000,r7	; fixup a21 so highest bit is 1
-2$:
-	tstl	r9
 	beql	666$		; Uh-oh, the divisor is 0...
-	bgtr	3$
+	bgtr	1$
-	xorl2	#^X80000000,r9	; fixup b2 so highest bit is 0
+	rotl	#-1,r4,r4	; If d is negative, shift it right.
-	incl	r8		; b' = 1
+	bicl2	#^X80000000,r4	; Since d is then a large number, the
-3$:
+				; lowest bit is insignificant
-	tstl	r9
+				; (contradict that, and I'll fix the problem!)
-	bneq	4$		; if b2 is 0, we know that b' is 1
+1$:     
-	tstl	r3
+	ediv	r4,r2,r2,r3	; Do the actual division
-	bneq	666$		; if higher half isn't 0, we overflow
+
-	movl	r2,r10		; otherwise, we have our result
+	tstl	r2
-	brb	42$		; This is a success, really.
+	bgeq	3$
-4$:
+	mnegl	r2,r2		; if q < 0, negate it
-	ediv	r9,r6,r10,r11
+3$:     
+	tstl	r7
+	blss	4$
+	ashl	#1,r2,r2	; q = q << 1
+4$:     
+	ashl	#1,r2,r2	; q = q << 1
+	rotl	#2,r3,r3	; r = r << 2
+	bicl3	#^XFFFFFFFC,r3,r6 ; r' gets the high bits from r
+	bicl3	#^X00000003,r3,r3
+	addl	r5,r3		; r = r + l'
+
+	tstl	r7
+	bgeq	5$
+	bitl	#1,r7
+	beql	5$		; if d < 0 && d & 1
+	subl	r2,r3		;   [r',r] = [r',r] - q
+	sbwc	#0,r6
+45$:
+	bgeq	5$		;   while r < 0
+	decl	r2		;     q = q - 1
+	addl	r7,r3		;     [r',r] = [r',r] + d
+	adwc	#0,r6
+	brb	45$
 
-	tstl	r8
-	bneq	5$		; If b' != 0, go to the other part
-;	addl3	r11,r11,r1
-;	addl2	r5,r1
-	brb	42$
 5$:
-	ashl	#1,r11,r11
+	tstl	r6
-	subl2	r10,r11
+	bneq	6$
-	addl2	r5,r11
+	cmpl	r3,r7
-	bgeq	7$
+	blssu	42$		; while [r',r] >= d'
 6$:
-	decl	r10
+	subl	r7,r3		;   [r',r] = [r',r] - d
-	addl2	r4,r11
+	sbwc	#0,r6
-	blss	6$
+	incl	r2		;   q = q + 1
-7$:
+	brb	5$	
-;	movl	r11,r1
 42$:
-	movl	r10,r0
+;	movl	r3,r1
+	movl	r2,r0
+	ret
 666$:
+	movl	#^XFFFFFFFF,r0
 	ret
 
 	.title	vax_bn_add_words  unsigned add of two arrays

crypto/bn/bn_gf2m.c

@@ -853,7 +853,8 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
  */
 int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx)
 	{
-	int ret = 0, i, count = 0;
+	int ret = 0, count = 0;
+	unsigned int j;
 	BIGNUM *a, *z, *rho, *w, *w2, *tmp;
 	
 	BN_CTX_start(ctx);
@@ -874,7 +875,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p
 		{
 		/* compute half-trace of a */
 		if (!BN_copy(z, a)) goto err;
-		for (i = 1; i <= (p[0] - 1) / 2; i++)
+		for (j = 1; j <= (p[0] - 1) / 2; j++)
 			{
 			if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
 			if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
@@ -894,7 +895,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p
 			if (!BN_GF2m_mod_arr(rho, rho, p)) goto err;
 			if (!BN_zero(z)) goto err;
 			if (!BN_copy(w, rho)) goto err;
-			for (i = 1; i <= p[0] - 1; i++)
+			for (j = 1; j <= p[0] - 1; j++)
 				{
 				if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
 				if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err;

crypto/bn/bn_lib.c

@@ -263,12 +263,12 @@ void BN_clear_free(BIGNUM *a)
 	if (a == NULL) return;
 	if (a->d != NULL)
 		{
-		memset(a->d,0,a->dmax*sizeof(a->d[0]));
+		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
 		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
 			OPENSSL_free(a->d);
 		}
 	i=BN_get_flags(a,BN_FLG_MALLOCED);
-	memset(a,0,sizeof(BIGNUM));
+	OPENSSL_cleanse(a,sizeof(BIGNUM));
 	if (i)
 		OPENSSL_free(a);
 	}

crypto/bn/bn_rand.c

@@ -201,7 +201,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 err:
 	if (buf != NULL)
 		{
-		memset(buf,0,bytes);
+		OPENSSL_cleanse(buf,bytes);
 		OPENSSL_free(buf);
 		}
 	return(ret);

crypto/bn/bntest.c

@@ -163,10 +163,10 @@ int main(int argc, char *argv[])
 
 
 	ctx=BN_CTX_new();
-	if (ctx == NULL) exit(1);
+	if (ctx == NULL) EXIT(1);
 
 	out=BIO_new(BIO_s_file());
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -176,7 +176,7 @@ int main(int argc, char *argv[])
 		if (!BIO_write_filename(out,outfile))
 			{
 			perror(outfile);
-			exit(1);
+			EXIT(1);
 			}
 		}
 
@@ -296,14 +296,14 @@ int main(int argc, char *argv[])
 	BIO_free(out);
 
 /**/
-	exit(0);
+	EXIT(0);
 err:
 	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
 	                      * the failure, see test_bn in test/Makefile.ssl*/
 	BIO_flush(out);
 	ERR_load_crypto_strings();
 	ERR_print_errors_fp(stderr);
-	exit(1);
+	EXIT(1);
 	return(1);
 	}
 
@@ -546,7 +546,7 @@ int test_mul(BIO *bp)
 	BN_CTX *ctx;
 
 	ctx = BN_CTX_new();
-	if (ctx == NULL) exit(1);
+	if (ctx == NULL) EXIT(1);
 	
 	BN_init(&a);
 	BN_init(&b);
@@ -784,7 +784,7 @@ int test_mod_mul(BIO *bp, BN_CTX *ctx)
 			while ((l=ERR_get_error()))
 				fprintf(stderr,"ERROR:%s\n",
 					ERR_error_string(l,NULL));
-			exit(1);
+			EXIT(1);
 			}
 		if (bp != NULL)
 			{

crypto/bn/exptest.c

@@ -59,6 +59,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+
+#include "../e_os.h"
+
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <openssl/rand.h>
@@ -86,7 +89,7 @@ int main(int argc, char *argv[])
 	ERR_load_BN_strings();
 
 	ctx=BN_CTX_new();
-	if (ctx == NULL) exit(1);
+	if (ctx == NULL) EXIT(1);
 	r_mont=BN_new();
 	r_recp=BN_new();
 	r_simple=BN_new();
@@ -99,7 +102,7 @@ int main(int argc, char *argv[])
 
 	out=BIO_new(BIO_s_file());
 
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
 	for (i=0; i<200; i++)
@@ -124,7 +127,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_mont() problems\n");
 			ERR_print_errors(out);
-			exit(1);
+			EXIT(1);
 			}
 
 		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
@@ -132,7 +135,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_recp() problems\n");
 			ERR_print_errors(out);
-			exit(1);
+			EXIT(1);
 			}
 
 		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
@@ -140,7 +143,7 @@ int main(int argc, char *argv[])
 			{
 			printf("BN_mod_exp_simple() problems\n");
 			ERR_print_errors(out);
-			exit(1);
+			EXIT(1);
 			}
 
 		if (BN_cmp(r_simple, r_mont) == 0
@@ -163,7 +166,7 @@ int main(int argc, char *argv[])
 			printf("\nrecp     =");	BN_print(out,r_recp);
 			printf("\nmont     ="); BN_print(out,r_mont);
 			printf("\n");
-			exit(1);
+			EXIT(1);
 			}
 		}
 	BN_free(r_mont);
@@ -177,11 +180,11 @@ int main(int argc, char *argv[])
 	CRYPTO_mem_leaks(out);
 	BIO_free(out);
 	printf(" done\n");
-	exit(0);
+	EXIT(0);
 err:
 	ERR_load_crypto_strings();
 	ERR_print_errors(out);
-	exit(1);
+	EXIT(1);
 	return(1);
 	}
 

crypto/cast/casttest.c

@@ -60,6 +60,8 @@
 #include <string.h>
 #include <stdlib.h>
 
+#include "../e_os.h"
+
 #ifdef OPENSSL_NO_CAST
 int main(int argc, char *argv[])
 {
@@ -224,7 +226,7 @@ int main(int argc, char *argv[])
       }
 #endif
 
-    exit(err);
+    EXIT(err);
     return(err);
     }
 #endif

crypto/comp/c_zlib.c

@@ -23,6 +23,13 @@ static COMP_METHOD zlib_method_nozlib={
 
 #include <zlib.h>
 
+static int zlib_stateful_init(COMP_CTX *ctx);
+static void zlib_stateful_finish(COMP_CTX *ctx);
+static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
+	unsigned int olen, unsigned char *in, unsigned int ilen);
+static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
+	unsigned int olen, unsigned char *in, unsigned int ilen);
+
 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
 	unsigned int olen, unsigned char *in, unsigned int ilen);
 static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
@@ -31,7 +38,7 @@ static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
 static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source,
 	uLong sourceLen);
 
-static COMP_METHOD zlib_method={
+static COMP_METHOD zlib_stateless_method={
 	NID_zlib_compression,
 	LN_zlib_compression,
 	NULL,
@@ -42,6 +49,17 @@ static COMP_METHOD zlib_method={
 	NULL,
 	};
 
+static COMP_METHOD zlib_stateful_method={
+	NID_zlib_compression,
+	LN_zlib_compression,
+	zlib_stateful_init,
+	zlib_stateful_finish,
+	zlib_stateful_compress_block,
+	zlib_stateful_expand_block,
+	NULL,
+	NULL,
+	};
+
 /* 
  * When OpenSSL is built on Windows, we do not want to require that
  * the ZLIB.DLL be available in order for the OpenSSL DLLs to
@@ -75,10 +93,17 @@ typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm);
 typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush);
 typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm,
 	const char * version, int stream_size);
+typedef int (Z_CALLCONV *deflateEnd_ft)(z_streamp strm);
+typedef int (Z_CALLCONV *deflate_ft)(z_streamp strm, int flush);
+typedef int (Z_CALLCONV *deflateInit__ft)(z_streamp strm, int level,
+	const char * version, int stream_size);
 static compress_ft	p_compress=NULL;
 static inflateEnd_ft	p_inflateEnd=NULL;
 static inflate_ft	p_inflate=NULL;
 static inflateInit__ft	p_inflateInit_=NULL;
+static deflateEnd_ft	p_deflateEnd=NULL;
+static deflate_ft	p_deflate=NULL;
+static deflateInit__ft	p_deflateInit_=NULL;
 
 static int zlib_loaded = 0;     /* only attempt to init func pts once */
 static DSO *zlib_dso = NULL;
@@ -86,9 +111,128 @@ static DSO *zlib_dso = NULL;
 #define compress                stub_compress
 #define inflateEnd              stub_inflateEnd
 #define inflate                 stub_inflate
+#define inflateInit             stub_inflateInit
 #define inflateInit_            stub_inflateInit_
+#define deflateEnd              stub_deflateEnd
+#define deflate                 stub_deflate
+#define deflateInit             stub_deflateInit
+#define deflateInit_            stub_deflateInit_
 #endif /* ZLIB_SHARED */
 
+struct zlib_state
+	{
+	z_stream istream;
+	z_stream ostream;
+	};
+
+static int zlib_stateful_ex_idx = -1;
+
+static void zlib_stateful_free_ex_data(void *obj, void *item,
+	CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
+	{
+	struct zlib_state *state = (struct zlib_state *)item;
+	inflateEnd(&state->istream);
+	deflateEnd(&state->ostream);
+	OPENSSL_free(state);
+	}
+
+static int zlib_stateful_init(COMP_CTX *ctx)
+	{
+	int err;
+	struct zlib_state *state =
+		(struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state));
+
+	if (state == NULL)
+		goto err;
+
+	state->istream.zalloc = Z_NULL;
+	state->istream.zfree = Z_NULL;
+	state->istream.opaque = Z_NULL;
+	state->istream.next_in = Z_NULL;
+	state->istream.next_out = Z_NULL;
+	state->istream.avail_in = 0;
+	state->istream.avail_out = 0;
+	err = inflateInit(&state->istream);
+	if (err != Z_OK)
+		goto err;
+
+	state->ostream.zalloc = Z_NULL;
+	state->ostream.zfree = Z_NULL;
+	state->ostream.opaque = Z_NULL;
+	state->ostream.next_in = Z_NULL;
+	state->ostream.next_out = Z_NULL;
+	state->ostream.avail_in = 0;
+	state->ostream.avail_out = 0;
+	err = deflateInit(&state->ostream,Z_DEFAULT_COMPRESSION);
+	if (err != Z_OK)
+		goto err;
+
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
+	if (zlib_stateful_ex_idx == -1)
+		{
+		zlib_stateful_ex_idx =
+			CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
+				0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
+		if (zlib_stateful_ex_idx == -1)
+			goto err;
+		}
+	CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state);
+	return 1;
+ err:
+	if (state) OPENSSL_free(state);
+	return 0;
+	}
+
+static void zlib_stateful_finish(COMP_CTX *ctx)
+	{
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
+	}
+
+static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
+	unsigned int olen, unsigned char *in, unsigned int ilen)
+	{
+	int err = Z_OK;
+	struct zlib_state *state =
+		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+			zlib_stateful_ex_idx);
+
+	if (state == NULL)
+		return -1;
+
+	state->ostream.next_in = in;
+	state->ostream.avail_in = ilen;
+	state->ostream.next_out = out;
+	state->ostream.avail_out = olen;
+	if (ilen > 0)
+		err = deflate(&state->ostream, Z_SYNC_FLUSH);
+	if (err != Z_OK)
+		return -1;
+	return olen - state->ostream.avail_out;
+	}
+
+static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
+	unsigned int olen, unsigned char *in, unsigned int ilen)
+	{
+	int err = Z_OK;
+
+	struct zlib_state *state =
+		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+			zlib_stateful_ex_idx);
+
+	if (state == NULL)
+		return 0;
+
+	state->istream.next_in = in;
+	state->istream.avail_in = ilen;
+	state->istream.next_out = out;
+	state->istream.avail_out = olen;
+	if (ilen > 0)
+		err = inflate(&state->istream, Z_SYNC_FLUSH);
+	if (err != Z_OK)
+		return -1;
+	return olen - state->istream.avail_out;
+	}
+
 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
 	unsigned int olen, unsigned char *in, unsigned int ilen)
 	{
@@ -207,13 +351,22 @@ COMP_METHOD *COMP_zlib(void)
 			p_inflateInit_
 				= (inflateInit__ft) DSO_bind_func(zlib_dso,
 					"inflateInit_");
+			p_deflateEnd
+				= (deflateEnd_ft) DSO_bind_func(zlib_dso,
+					"deflateEnd");
+			p_deflate
+				= (deflate_ft) DSO_bind_func(zlib_dso,
+					"deflate");
+			p_deflateInit_
+				= (deflateInit__ft) DSO_bind_func(zlib_dso,
+					"deflateInit_");
 			zlib_loaded++;
 			}
 		}
 
 #endif
 #if defined(ZLIB) || defined(ZLIB_SHARED)
-	meth = &zlib_method;
+	meth = &zlib_stateful_method;
 #endif
 
 	return(meth);
@@ -257,4 +410,32 @@ stub_inflateInit_(z_streamp strm, const char * version, int stream_size)
 		return(Z_MEM_ERROR);
 	}
 
+static int
+stub_deflateEnd(z_streamp strm)
+	{
+	if ( p_deflateEnd )
+		return(p_deflateEnd(strm));
+	else
+		return(Z_MEM_ERROR);
+	}
+
+static int
+stub_deflate(z_streamp strm, int flush)
+	{
+	if ( p_deflate )
+		return(p_deflate(strm,flush));
+	else
+		return(Z_MEM_ERROR);
+	}
+
+static int
+stub_deflateInit_(z_streamp strm, int level,
+	const char * version, int stream_size)
+	{
+	if ( p_deflateInit_ )
+		return(p_deflateInit_(strm,version,stream_size));
+	else
+		return(Z_MEM_ERROR);
+	}
+
 #endif /* ZLIB_SHARED */

crypto/comp/comp_lib.c

@@ -20,17 +20,11 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
 		OPENSSL_free(ret);
 		ret=NULL;
 		}
-#if 0
-	else
-		CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
-#endif
 	return(ret);
 	}
 
 void COMP_CTX_free(COMP_CTX *ctx)
 	{
-	/* CRYPTO_free_ex_data(rsa_meth,(char *)ctx,&ctx->ex_data); */
-
 	if(ctx == NULL)
 	    return;
 

crypto/crypto-lib.com

@@ -158,7 +158,7 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time"
+$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"

crypto/crypto.h

@@ -121,9 +121,6 @@
 
 #ifndef OPENSSL_NO_FP_API
 #include <stdio.h>
-#ifdef OPENSSL_SYS_WINCE
-#include <stdio_extras.h>
-#endif
 #endif
 
 #include <openssl/stack.h>
@@ -301,6 +298,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
 #define CRYPTO_EX_INDEX_UI		11
 #define CRYPTO_EX_INDEX_ECDSA		12
 #define CRYPTO_EX_INDEX_ECDH		13
+#define CRYPTO_EX_INDEX_COMP		14
 
 /* Dynamically assigned indexes start from this value (don't use directly, use
  * via CRYPTO_ex_data_new_class). */
@@ -454,6 +452,8 @@ void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
 			   int line);
 void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
 
+void OPENSSL_cleanse(void *ptr, size_t len);
+
 void CRYPTO_set_mem_debug_options(long bits);
 long CRYPTO_get_mem_debug_options(void);
 

crypto/des/des.c

@@ -427,7 +427,7 @@ void doencryption(void)
 				k2[i-8]=k;
 			}
 		DES_set_key_unchecked(&k2,&ks2);
-		memset(k2,0,sizeof(k2));
+		OPENSSL_cleanse(k2,sizeof(k2));
 		}
 	else if (longk || flag3)
 		{
@@ -435,7 +435,7 @@ void doencryption(void)
 			{
 			DES_string_to_2keys(key,&kk,&k2);
 			DES_set_key_unchecked(&k2,&ks2);
-			memset(k2,0,sizeof(k2));
+			OPENSSL_cleanse(k2,sizeof(k2));
 			}
 		else
 			DES_string_to_key(key,&kk);
@@ -457,8 +457,8 @@ void doencryption(void)
 			}
 
 	DES_set_key_unchecked(&kk,&ks);
-	memset(key,0,sizeof(key));
+	OPENSSL_cleanse(key,sizeof(key));
-	memset(kk,0,sizeof(kk));
+	OPENSSL_cleanse(kk,sizeof(kk));
 	/* woops - A bug that does not showup under unix :-( */
 	memset(iv,0,sizeof(iv));
 	memset(iv2,0,sizeof(iv2));
@@ -666,18 +666,18 @@ void doencryption(void)
 		if (l) fclose(CKSUM_OUT);
 		}
 problems:
-	memset(buf,0,sizeof(buf));
+	OPENSSL_cleanse(buf,sizeof(buf));
-	memset(obuf,0,sizeof(obuf));
+	OPENSSL_cleanse(obuf,sizeof(obuf));
-	memset(&ks,0,sizeof(ks));
+	OPENSSL_cleanse(&ks,sizeof(ks));
-	memset(&ks2,0,sizeof(ks2));
+	OPENSSL_cleanse(&ks2,sizeof(ks2));
-	memset(iv,0,sizeof(iv));
+	OPENSSL_cleanse(iv,sizeof(iv));
-	memset(iv2,0,sizeof(iv2));
+	OPENSSL_cleanse(iv2,sizeof(iv2));
-	memset(kk,0,sizeof(kk));
+	OPENSSL_cleanse(kk,sizeof(kk));
-	memset(k2,0,sizeof(k2));
+	OPENSSL_cleanse(k2,sizeof(k2));
-	memset(uubuf,0,sizeof(uubuf));
+	OPENSSL_cleanse(uubuf,sizeof(uubuf));
-	memset(b,0,sizeof(b));
+	OPENSSL_cleanse(b,sizeof(b));
-	memset(bb,0,sizeof(bb));
+	OPENSSL_cleanse(bb,sizeof(bb));
-	memset(cksum,0,sizeof(cksum));
+	OPENSSL_cleanse(cksum,sizeof(cksum));
 	if (Exit) EXIT(Exit);
 	}
 

crypto/des/read2pwd.c

@@ -112,9 +112,6 @@
 #include <string.h>
 #include <openssl/des.h>
 #include <openssl/ui.h>
-#ifdef OPENSSL_SYS_WINCE
-#include <stdio_extras.h>	/* BUFSIZ */
-#endif
 
 int DES_read_password(DES_cblock *key, const char *prompt, int verify)
 	{
@@ -123,8 +120,8 @@ int DES_read_password(DES_cblock *key, const char *prompt, int verify)
 
 	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
 		DES_string_to_key(buf,key);
-	memset(buf,0,BUFSIZ);
+	OPENSSL_cleanse(buf,BUFSIZ);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ok);
 	}
 
@@ -136,7 +133,7 @@ int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
 
 	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
 		DES_string_to_2keys(buf,key1,key2);
-	memset(buf,0,BUFSIZ);
+	OPENSSL_cleanse(buf,BUFSIZ);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ok);
 	}

crypto/des/read_pwd.c

@@ -220,7 +220,7 @@ int des_read_pw_string(char *buf, int length, const char *prompt,
 	int ret;
 
 	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ret);
 	}
 

crypto/des/str2key.c

@@ -94,7 +94,7 @@ void DES_string_to_key(const char *str, DES_cblock *key)
 	DES_set_key_unchecked(key,&ks);
 #endif
 	DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
-	memset(&ks,0,sizeof(ks));
+	OPENSSL_cleanse(&ks,sizeof(ks));
 	DES_set_odd_parity(key);
 	}
 
@@ -167,7 +167,7 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
 	DES_set_key_unchecked(key2,&ks);
 #endif
 	DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
-	memset(&ks,0,sizeof(ks));
+	OPENSSL_cleanse(&ks,sizeof(ks));
 	DES_set_odd_parity(key1);
 	DES_set_odd_parity(key2);
 	}

crypto/dh/dhtest.c

@@ -59,6 +59,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+
+#include "../e_os.h"
+
 #ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c" 
 #endif
@@ -111,7 +114,7 @@ int main(int argc, char *argv[])
 	RAND_seed(rnd_seed, sizeof rnd_seed);
 
 	out=BIO_new(BIO_s_file());
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
 	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
@@ -195,7 +198,7 @@ err:
 	CRYPTO_cleanup_all_ex_data();
 	ERR_remove_state(0);
 	CRYPTO_mem_leaks_fp(stderr);
-	exit(ret);
+	EXIT(ret);
 	return(ret);
 	}
 

crypto/dsa/dsa_lib.c

@@ -224,11 +224,13 @@ int DSA_size(const DSA *r)
 	{
 	int ret,i;
 	ASN1_INTEGER bs;
-	unsigned char buf[4];
+	unsigned char buf[4];	/* 4 bytes looks really small.
+				   However, i2d_ASN1_INTEGER() will not look
+				   beyond the first byte, as long as the second
+				   parameter is NULL. */
 
 	i=BN_num_bits(r->q);
 	bs.length=(i+7)/8;
-	OPENSSL_assert(bs.length <= sizeof buf);
 	bs.data=buf;
 	bs.type=V_ASN1_INTEGER;
 	/* If the top bit is set the asn1 encoding is 1 larger. */

crypto/dsa/dsatest.c

@@ -61,6 +61,9 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+
+#include "../e_os.h"
+
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/bio.h>
@@ -212,10 +215,16 @@ end:
 		BIO_free(bio_err);
 		bio_err = NULL;
 		}
-	exit(!ret);
+	EXIT(!ret);
 	return(0);
 	}
 
+static int cb_exit(int ec)
+	{
+	EXIT(ec);
+	return(0);		/* To keep some compilers quiet */
+	}
+
 static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
@@ -231,7 +240,7 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	if (!ok && (p == 0) && (num > 1))
 		{
 		BIO_printf((BIO *)arg,"error in dsatest\n");
-		exit(1);
+		cb_exit(1);
 		}
 	}
 #endif

crypto/ec/ec2_mult.c

@@ -79,7 +79,7 @@
  *     GF(2^m) without precomputation".
  * modified to not require precomputation of c=b^{2^{m-1}}.
  */
-static int Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
+static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
 	{
 	BIGNUM *t1;
 	int ret = 0;
@@ -110,7 +110,7 @@ static int Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
  *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
  *     GF(2^m) without precomputation".
  */
-static int Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, 
+static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, 
 	const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx)
 	{
 	BIGNUM *t1, *t2;
@@ -138,9 +138,8 @@ static int Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1,
 	return ret;
 	}
 
-/* Compute the affine coordinates x2, y2=z2 for the point (x1/z1) and (x2/x2) in
+/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) 
- * Montgomery projective coordinates.
+ * using Montgomery point multiplication algorithm Mxy() in appendix of 
- * Uses algorithm Mxy in appendix of 
  *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
  *     GF(2^m) without precomputation".
  * Returns:
@@ -148,7 +147,7 @@ static int Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1,
  *     1 if return value should be the point at infinity
  *     2 otherwise
  */
-static int Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, 
+static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, 
 	BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx)
 	{
 	BIGNUM *t3, *t4, *t5;
@@ -213,7 +212,7 @@ static int Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *
  *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
  *     GF(2^m) without precomputation".
  */
-static int point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 	const EC_POINT *point, BN_CTX *ctx)
 	{
 	BIGNUM *x1, *x2, *z1, *z2;
@@ -269,13 +268,13 @@ static int point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scal
 			{
 			if (scalar->d[i] & mask)
 				{
-				if (!Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
+				if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
-				if (!Mdouble(group, x2, z2, ctx)) goto err;
+				if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
 				}
 			else
 				{
-				if (!Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+				if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
-				if (!Mdouble(group, x1, z1, ctx)) goto err;
+				if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
 				}
 			mask >>= 1;
 			}
@@ -284,7 +283,7 @@ static int point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scal
 		}
 
 	/* convert out of "projective" coordinates */
-	i = Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx);
+	i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx);
 	if (i == 0) goto err;
 	else if (i == 1) 
 		{
@@ -312,7 +311,7 @@ static int point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scal
  *     scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
  * gracefully ignoring NULL scalar values.
  */
-int ec_GF2m_mont_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
 	{
 	BN_CTX *new_ctx = NULL;
@@ -341,7 +340,7 @@ int ec_GF2m_mont_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 
 	if (scalar)
 		{
-		if (!point_multiply(group, p, scalar, group->generator, ctx)) goto err;
+		if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
 		if (BN_get_sign(scalar)) 
 			if (!group->meth->invert(group, p, ctx)) goto err;
 		if (!group->meth->add(group, r, r, p, ctx)) goto err;
@@ -349,7 +348,7 @@ int ec_GF2m_mont_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 
 	for (i = 0; i < num; i++)
 		{
-		if (!point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
+		if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
 		if (BN_get_sign(scalars[i]))
 			if (!group->meth->invert(group, p, ctx)) goto err;
 		if (!group->meth->add(group, r, r, p, ctx)) goto err;
@@ -366,7 +365,7 @@ int ec_GF2m_mont_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 
 
 /* Precomputation for point multiplication. */	
-int ec_GF2m_mont_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
 	{
 	/* There is no precomputation to do for Montgomery scalar multiplication but
 	 * since this implementation falls back to the wNAF multiplication for more than

crypto/ec/ec2_smpl.c

@@ -99,8 +99,8 @@ const EC_METHOD *EC_GF2m_simple_method(void)
 		ec_GF2m_simple_add,
 		ec_GF2m_simple_dbl,
 		ec_GF2m_simple_invert,
-		ec_GF2m_mont_mul,
+		ec_GF2m_simple_mul,
-		ec_GF2m_mont_precompute_mult,
+		ec_GF2m_precompute_mult,
 		ec_GF2m_simple_is_at_infinity,
 		ec_GF2m_simple_is_on_curve,
 		ec_GF2m_simple_cmp,

crypto/ec/ec_key.c

@@ -118,7 +118,7 @@ void EC_KEY_free(EC_KEY *r)
 	if (r->meth_data && r->meth_data->finish)
 		r->meth_data->finish(r);
 
-	memset((void *)r, 0x0, sizeof(EC_KEY));
+	OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
 
 	OPENSSL_free(r);
 	}

crypto/ec/ec_lcl.h

@@ -317,11 +317,7 @@ int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *
 
 
 /* method functions in ecp_nist.c */
-int ec_GFp_nist_group_init(EC_GROUP *);
 int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-void ec_GFp_nist_group_finish(EC_GROUP *);
-void ec_GFp_nist_group_clear_finish(EC_GROUP *);
-int ec_GFp_nist_group_copy(EC_GROUP *, const EC_GROUP *);
 int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
 int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
 
@@ -364,6 +360,6 @@ int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const
 
 
 /* method functions in ec2_mult.c */
-int ec_GF2m_mont_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-int ec_GF2m_mont_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);

crypto/ec/ec_lib.c

@@ -162,11 +162,11 @@ void EC_GROUP_clear_free(EC_GROUP *group)
 
 	if (group->seed)
 		{
-		memset(group->seed, 0, group->seed_len);
+		OPENSSL_cleanse(group->seed, group->seed_len);
 		OPENSSL_free(group->seed);
 		}
 
-	memset(group, 0, sizeof *group);
+	OPENSSL_cleanse(group, sizeof *group);
 	OPENSSL_free(group);
 	}
 
@@ -591,7 +591,7 @@ void EC_POINT_clear_free(EC_POINT *point)
 		point->meth->point_clear_finish(point);
 	else if (point->meth != NULL && point->meth->point_finish != 0)
 		point->meth->point_finish(point);
-	memset(point, 0, sizeof *point);
+	OPENSSL_cleanse(point, sizeof *point);
 	OPENSSL_free(point);
 	}
 

crypto/ec/ecp_mont.c

@@ -122,66 +122,6 @@ int ec_GFp_mont_group_init(EC_GROUP *group)
 	}
 
 
-int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BN_MONT_CTX *mont = NULL;
-	BIGNUM *one = NULL;
-	int ret = 0;
-
-	if (group->field_data1 != NULL)
-		{
-		BN_MONT_CTX_free(group->field_data1);
-		group->field_data1 = NULL;
-		}
-	if (group->field_data2 != NULL)
-		{
-		BN_free(group->field_data2);
-		group->field_data2 = NULL;
-		}
-	
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	mont = BN_MONT_CTX_new();
-	if (mont == NULL) goto err;
-	if (!BN_MONT_CTX_set(mont, p, ctx))
-		{
-		ECerr(EC_F_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
-		goto err;
-		}
-	one = BN_new();
-	if (one == NULL) goto err;
-	if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
-
-	group->field_data1 = mont;
-	mont = NULL;
-	group->field_data2 = one;
-	one = NULL;
-
-	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
-
-	if (!ret)
-		{
-		BN_MONT_CTX_free(group->field_data1);
-		group->field_data1 = NULL;
-		BN_free(group->field_data2);
-		group->field_data2 = NULL;
-		}
-
- err:
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (mont != NULL)
-		BN_MONT_CTX_free(mont);
-	return ret;
-	}
-
-
 void ec_GFp_mont_group_finish(EC_GROUP *group)
 	{
 	if (group->field_data1 != NULL)
@@ -253,6 +193,66 @@ int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
 	}
 
 
+int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BN_MONT_CTX *mont = NULL;
+	BIGNUM *one = NULL;
+	int ret = 0;
+
+	if (group->field_data1 != NULL)
+		{
+		BN_MONT_CTX_free(group->field_data1);
+		group->field_data1 = NULL;
+		}
+	if (group->field_data2 != NULL)
+		{
+		BN_free(group->field_data2);
+		group->field_data2 = NULL;
+		}
+	
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	mont = BN_MONT_CTX_new();
+	if (mont == NULL) goto err;
+	if (!BN_MONT_CTX_set(mont, p, ctx))
+		{
+		ECerr(EC_F_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
+		goto err;
+		}
+	one = BN_new();
+	if (one == NULL) goto err;
+	if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
+
+	group->field_data1 = mont;
+	mont = NULL;
+	group->field_data2 = one;
+	one = NULL;
+
+	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+
+	if (!ret)
+		{
+		BN_MONT_CTX_free(group->field_data1);
+		group->field_data1 = NULL;
+		BN_free(group->field_data2);
+		group->field_data2 = NULL;
+		}
+
+ err:
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	if (mont != NULL)
+		BN_MONT_CTX_free(mont);
+	return ret;
+	}
+
+
 int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 	{
 	if (group->field_data1 == NULL)

crypto/ec/ecp_nist.c

@@ -69,10 +69,10 @@ const EC_METHOD *EC_GFp_nist_method(void)
 	{
 	static const EC_METHOD ret = {
 		NID_X9_62_prime_field,
-		ec_GFp_nist_group_init,
+		ec_GFp_simple_group_init,
-		ec_GFp_nist_group_finish,
+		ec_GFp_simple_group_finish,
-		ec_GFp_nist_group_clear_finish,
+		ec_GFp_simple_group_clear_finish,
-		ec_GFp_nist_group_copy,
+		ec_GFp_simple_group_copy,
 		ec_GFp_nist_group_set_curve,
 		ec_GFp_simple_group_get_curve,
 		ec_GFp_simple_group_get_degree,
@@ -113,29 +113,6 @@ const EC_METHOD *EC_GFp_nist_method(void)
 #define	NO_32_BIT_TYPE
 #endif
 
-int ec_GFp_nist_group_init(EC_GROUP *group)
-	{
-	int ok;
-
-	ok = ec_GFp_simple_group_init(group);
-	return ok;
-	}
-
-void ec_GFp_nist_group_finish(EC_GROUP *group)
-	{
-	BN_free(&group->field);
-	BN_free(&group->a);
-	BN_free(&group->b);
-	}
-
-
-void ec_GFp_nist_group_clear_finish(EC_GROUP *group)
-	{
-	BN_clear_free(&group->field);
-	BN_clear_free(&group->a);
-	BN_clear_free(&group->b);
-	}
-
 
 int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
 	const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
@@ -211,24 +188,6 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
 	return ret;
 	}
 
-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-	{
-	if (dest == NULL || src == NULL)
-		return 0;
-
-	if (!BN_copy(&dest->field, &src->field))
-		return 0;
-	if (!BN_copy(&dest->a, &src->a))
-		return 0;
-	if (!BN_copy(&dest->b, &src->b))
-		return 0;
-
-	dest->curve_name  = src->curve_name;
-
-	dest->a_is_minus3 = src->a_is_minus3;
-
-	return 1;
-	}
 
 int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
 	const BIGNUM *b, BN_CTX *ctx)
@@ -255,6 +214,7 @@ err:
 	return ret;
 	}
 
+
 int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
 	BN_CTX *ctx)
 	{

crypto/ec/ecp_smpl.c

@@ -112,6 +112,20 @@ const EC_METHOD *EC_GFp_simple_method(void)
 	}
 
 
+/* Most method functions in this file are designed to work with
+ * non-trivial representations of field elements if necessary
+ * (see ecp_mont.c): while standard modular addition and subtraction
+ * are used, the field_mul and field_sqr methods will be used for
+ * multiplication, and field_encode and field_decode (if defined)
+ * will be used for converting between representations.
+
+ * Functions ec_GFp_simple_points_make_affine() and
+ * ec_GFp_simple_point_get_affine_coordinates() specifically assume
+ * that if a non-trivial representation is used, it is a Montgomery
+ * representation (i.e. 'encoding' means multiplying by some factor R).
+ */
+
+
 int ec_GFp_simple_group_init(EC_GROUP *group)
 	{
 	BN_init(&group->field);
@@ -505,8 +519,8 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_P
 	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
 	{
 	BN_CTX *new_ctx = NULL;
-	BIGNUM *X, *Y, *Z, *Z_1, *Z_2, *Z_3;
+	BIGNUM *Z, *Z_1, *Z_2, *Z_3;
-	const BIGNUM *X_, *Y_, *Z_;
+	const BIGNUM *Z_;
 	int ret = 0;
 
 	if (EC_POINT_is_at_infinity(group, point))
@@ -523,8 +537,6 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_P
 		}
 
 	BN_CTX_start(ctx);
-	X = BN_CTX_get(ctx);
-	Y = BN_CTX_get(ctx);
 	Z = BN_CTX_get(ctx);
 	Z_1 = BN_CTX_get(ctx);
 	Z_2 = BN_CTX_get(ctx);
@@ -535,27 +547,37 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_P
 	
 	if (group->meth->field_decode)
 		{
-		if (!group->meth->field_decode(group, X, &point->X, ctx)) goto err;
-		if (!group->meth->field_decode(group, Y, &point->Y, ctx)) goto err;
 		if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;
-		X_ = X; Y_ = Y;	Z_ = Z;
+		Z_ = Z;
 		}
 	else
 		{
-		X_ = &point->X;
-		Y_ = &point->Y;
 		Z_ = &point->Z;
 		}
 	
 	if (BN_is_one(Z_))
+		{
+		if (group->meth->field_decode)
 			{
 			if (x != NULL)
 				{
-			if (!BN_copy(x, X_)) goto err;
+				if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
 				}
 			if (y != NULL)
 				{
-			if (!BN_copy(y, Y_)) goto err;
+				if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
+				}
+			}
+		else
+			{
+			if (x != NULL)
+				{
+				if (!BN_copy(x, &point->X)) goto err;
+				}
+			if (y != NULL)
+				{
+				if (!BN_copy(y, &point->Y)) goto err;
+				}
 			}
 		}
 	else
@@ -578,15 +600,8 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_P
 	
 		if (x != NULL)
 			{
-			if (group->meth->field_encode == 0)
+			/* in the Montgomery case, field_mul will cancel out Montgomery factor in X: */
-				{
+			if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err;
-				/* field_mul works on standard representation */
-				if (!group->meth->field_mul(group, x, X_, Z_2, ctx)) goto err;
-				}
-			else
-				{
-				if (!BN_mod_mul(x, X_, Z_2, &group->field, ctx)) goto err;
-				}
 			}
 
 		if (y != NULL)
@@ -595,14 +610,14 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_P
 				{
 				/* field_mul works on standard representation */
 				if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;
-				if (!group->meth->field_mul(group, y, Y_, Z_3, ctx)) goto err;
-				
 				}
 			else
 				{
 				if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;
-				if (!BN_mod_mul(y, Y_, Z_3, &group->field, ctx)) goto err;
 				}
+
+			/* in the Montgomery case, field_mul will cancel out Montgomery factor in Y: */
+			if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err;
 			}
 		}
 

crypto/ec/ectest.c

@@ -74,7 +74,7 @@
 #ifdef FLAT_INC
 #include "e_os.h"
 #else
-#include "../../e_os.h"
+#include "../e_os.h"
 #endif
 #include <string.h>
 #include <time.h>
@@ -95,7 +95,7 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur
 	fflush(stdout); \
 	fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
 	ERR_print_errors_fp(stderr); \
-	exit(1); \
+	EXIT(1); \
 } while (0)
 
 void prime_field_tests(void);

crypto/ecdh/ecdhtest.c

@@ -70,6 +70,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+
+#include "../e_os.h"
+
 #ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c" 
 #endif
@@ -298,7 +301,7 @@ int main(int argc, char *argv[])
 	RAND_seed(rnd_seed, sizeof rnd_seed);
 
 	out=BIO_new(BIO_s_file());
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -330,7 +333,7 @@ err:
 	CRYPTO_cleanup_all_ex_data();
 	ERR_remove_state(0);
 	CRYPTO_mem_leaks_fp(stderr);
-	exit(ret);
+	EXIT(ret);
 	return(ret);
 	}
 

crypto/ecdh/ech_lib.c

@@ -176,7 +176,7 @@ void ECDH_DATA_free(ECDH_DATA *r)
 
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
 
-	memset((void *)r, 0x0, sizeof(ECDH_DATA));
+	OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
 
 	OPENSSL_free(r);
 	}

crypto/ecdsa/ecdsatest.c

@@ -1,4 +1,7 @@
 /* crypto/ecdsa/ecdsatest.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
 /* ====================================================================
  * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -69,298 +72,377 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <time.h>
-
-#ifdef CLOCKS_PER_SEC
-	/* "To determine the time in seconds, the value returned
-	 * by the clock function should be divided by the value
-	 * of the macro CLOCKS_PER_SEC."
-	 *                                       -- ISO/IEC 9899 */
-#	define UNIT "s"
-#else
-	/* "`CLOCKS_PER_SEC' undeclared (first use this function)"
-	 *                            -- cc on NeXTstep/OpenStep */
-#	define UNIT "units"
-#	define CLOCKS_PER_SEC 1
-#endif
 
 #ifdef OPENSSL_NO_ECDSA
-int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }
+int main(int argc, char * argv[])
+	{
+	puts("Elliptic curves are disabled.");
+	return 0;
+	}
 #else
 
 #include <openssl/crypto.h>
 #include <openssl/bio.h>
 #include <openssl/evp.h>
-#include <openssl/x509.h>
 #include <openssl/ecdsa.h>
 #include <openssl/engine.h>
 #include <openssl/err.h>
 
-static BIO *bio_err=NULL;
+static const char rnd_seed[] = "string to make the random number generator "
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+	"think it has entropy";
 
-#define	ECDSA_NIST_TESTS	10
+/* declaration of the test functions */
-ECDSA_SIG*	signatures[ECDSA_NIST_TESTS];
+int x9_62_tests(BIO *);
-unsigned char	digest[ECDSA_NIST_TESTS][20];
+int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
+int test_builtin(BIO *);
 
-/* some declarations */
+/* functions to change the RAND_METHOD */
-void clear_ecdsa(EC_KEY *);
+int change_rand(void);
-int set_p192_param(EC_KEY *);
+int restore_rand(void);
-int set_p239_param(EC_KEY *);
+int fbytes(unsigned char *buf, int num);
-int test_sig_vrf(EC_KEY *, const unsigned char *);
-int test_x962_sig_vrf(EC_KEY *, const unsigned char *,
-                           const char *, const char *, const char *);
-int ecdsa_cmp(const EC_KEY *, const EC_KEY *);
 
-void clear_ecdsa(EC_KEY *ecdsa)
+RAND_METHOD	fake_rand;
-{
+const RAND_METHOD *old_rand;
-	if (!ecdsa)
-		return;
-	if (ecdsa->group)
-	{
-		EC_GROUP_free(ecdsa->group);
-		ecdsa->group = NULL;
-	}
-	if (ecdsa->pub_key)
-	{
-		EC_POINT_free(ecdsa->pub_key);
-		ecdsa->pub_key = NULL;
-	}
-	if (ecdsa->priv_key)
-	{
-		BN_free(ecdsa->priv_key);
-		ecdsa->priv_key = NULL;
-	}
-}
 
-int set_p192_param(EC_KEY *ecdsa)
+int change_rand(void)
 	{
-	BN_CTX	 *ctx=NULL;
+	/* save old rand method */
-	int 	 ret=0;
+	if ((old_rand = RAND_get_rand_method()) == NULL)
-
-	if (!ecdsa)
 		return 0;
-	if ((ctx = BN_CTX_new()) == NULL) goto err;
-	clear_ecdsa(ecdsa);
 
-	if ((ecdsa->group = EC_GROUP_new_by_nid(NID_X9_62_prime192v1)) == NULL)
+	fake_rand.seed    = old_rand->seed;
-	{
+	fake_rand.cleanup = old_rand->cleanup;
-		BIO_printf(bio_err,"ECDSA_SET_GROUP_P_192_V1() failed \n");
+	fake_rand.add     = old_rand->add;
-		goto err;
+	fake_rand.status  = old_rand->status;
-	}
+	/* use own random function */
-	if ((ecdsa->pub_key = EC_POINT_new(ecdsa->group)) == NULL)
+	fake_rand.bytes      = fbytes;
-	{
+	fake_rand.pseudorand = fbytes;
-		BIO_printf(bio_err,"EC_POINT_new failed \n");
+	/* set new RAND_METHOD */
-		goto err;
+	if (!RAND_set_rand_method(&fake_rand))
-	}
-
-	if (!BN_dec2bn(&(ecdsa->priv_key), "651056770906015076056810763456358567190100156695615665659"))	goto err;
-	if (!EC_POINT_mul(ecdsa->group,ecdsa->pub_key,ecdsa->priv_key,NULL,NULL,ctx))
-	{
-		BIO_printf(bio_err,"EC_POINT_mul() failed \n");
-		goto err;
-	}
-	ret = 1;
-
-err :	if (ctx)	BN_CTX_free(ctx);
-	return ret;
-}
-
-int set_p239_param(EC_KEY *ecdsa)
-{
-	BN_CTX	 *ctx=NULL;
-	int 	 ret=0;
-
-	if (!ecdsa)
 		return 0;
-	if ((ctx = BN_CTX_new()) == NULL) goto err;
+	return 1;
-	clear_ecdsa(ecdsa);
-	
-	if ((ecdsa->group = EC_GROUP_new_by_nid(NID_X9_62_prime239v1)) == NULL)
-	{
-		BIO_printf(bio_err,"ECDSA_SET_GROUP_P_239_V1() failed \n");
-		goto err;
-	}
-	if ((ecdsa->pub_key = EC_POINT_new(ecdsa->group)) == NULL)
-	{
-		BIO_printf(bio_err,"EC_POINT_new failed \n");
-		goto err;
 	}
 
-	if (!BN_dec2bn(&(ecdsa->priv_key), "876300101507107567501066130761671078357010671067781776716671676178726717"))	goto err;
+int restore_rand(void)
-	if (!EC_POINT_mul(ecdsa->group,ecdsa->pub_key,ecdsa->priv_key,NULL,NULL,ctx))
 	{
-		BIO_printf(bio_err,"EC_POINT_mul() failed \n");
+	if (!RAND_set_rand_method(old_rand))
-		goto err;
-	}
-	ret = 1;
-
-err :	if (ctx)	BN_CTX_free(ctx);
-	return ret;
-}
-
-int test_sig_vrf(EC_KEY *ecdsa, const unsigned char* dgst)
-{
-        int       ret=0,type=0;
-        unsigned char *buffer=NULL;
-        unsigned int  buf_len;
-        clock_t  tim;
- 
-        if (!ecdsa || !ecdsa->group || !ecdsa->pub_key || !ecdsa->priv_key)
 		return 0;
-        if ((buf_len = ECDSA_size(ecdsa)) == 0)
+	else
-        {
+		return 1;
-                BIO_printf(bio_err, "ECDSA_size() == 0 \n");
-                goto err;
-        }
-        if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-                goto err;
- 
-        tim = clock();
-        if (!ECDSA_sign(type, dgst , 20, buffer, &buf_len, ecdsa))
-        {
-                BIO_printf(bio_err, "ECDSA_sign() FAILED \n");
-                goto err;
-        }
-        tim = clock() - tim;
-        BIO_printf(bio_err, " [ ECDSA_sign() %.2f"UNIT, (double)tim/(CLOCKS_PER_SEC));
- 
-        tim = clock();
-        ret = ECDSA_verify(type, dgst, 20, buffer, buf_len, ecdsa);
-        if (ret != 1)
-        {
-                BIO_printf(bio_err, "ECDSA_verify() FAILED \n");
-                goto err;
-        }
-        tim = clock() - tim;
-        BIO_printf(bio_err, " and ECDSA_verify() %.2f"UNIT" ] ", (double)tim/(CLOCKS_PER_SEC));
- 
-err:    OPENSSL_free(buffer);
-        return(ret == 1);
 	}
 
-int test_x962_sig_vrf(EC_KEY *eckey, const unsigned char *dgst,
+static int fbytes_counter = 0;
-                           const char *k_in, const char *r_in, const char *s_in)
+static const char *numbers[8] = {
-{
+	"651056770906015076056810763456358567190100156695615665659",
-        int       ret=0;
+	"6140507067065001063065065565667405560006161556565665656654",
-        ECDSA_SIG *sig=NULL;
+	"8763001015071075675010661307616710783570106710677817767166"
-        EC_POINT  *point=NULL;
+	"71676178726717",
-        BIGNUM    *r=NULL,*s=NULL,*k=NULL,*x=NULL,*y=NULL,*m=NULL,*ord=NULL;
+	"7000000175690566466555057817571571075705015757757057795755"
-        BN_CTX    *ctx=NULL;
+	"55657156756655",
-        char      *tmp_char=NULL;
+	"1275552191113212300012030439187146164646146646466749494799",
-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);;
+	"1542725565216523985789236956265265265235675811949404040041",
+	"1456427555219115346513212300075341203043918714616464614664"
+	"64667494947990",
+	"1712787255652165239672857892369562652652652356758119494040"
+	"40041670216363"};
 
-        if (!eckey || !eckey->group || !eckey->pub_key || !eckey->priv_key
+int fbytes(unsigned char *buf, int num)
-		|| !ecdsa)
+	{
+	int	ret;
+	BIGNUM	*tmp = NULL;
+
+	if (fbytes_counter >= 8)
 		return 0;
-        if ((point = EC_POINT_new(eckey->group)) == NULL) goto err;
+	tmp = BN_new();
-        if ((r = BN_new()) == NULL || (s = BN_new()) == NULL 
+	if (!tmp)
-		|| (k = BN_new()) == NULL || (x = BN_new()) == NULL || 
+		return 0;
-		(y = BN_new()) == NULL || (m = BN_new()) == NULL ||
+	if (!BN_dec2bn(&tmp, numbers[fbytes_counter]))
-		(ord = BN_new()) == NULL) goto err;
-        if ((ctx = BN_CTX_new()) == NULL) goto err;
-        if (!BN_bin2bn(dgst, 20, m)) goto err;
-        if (!BN_dec2bn(&k, k_in)) goto err;
-        if (!EC_POINT_mul(eckey->group, point, k, NULL, NULL, ctx)) goto err;
-        if (!EC_POINT_get_affine_coordinates_GFp(eckey->group, point, x, y,
-		ctx)) goto err;
-        if (!EC_GROUP_get_order(eckey->group, ord, ctx)) goto err;
-        if ((ecdsa->r = BN_dup(x)) == NULL) goto err;
-        if ((ecdsa->kinv = BN_mod_inverse(NULL, k, ord, ctx)) == NULL)
-		goto err;
- 
-        if ((sig = ECDSA_do_sign(dgst, 20, eckey)) == NULL)
 		{
-                BIO_printf(bio_err,"ECDSA_do_sign() failed \n");
+		BN_free(tmp);
-                goto err;
+		return 0;
 		}
- 
+	fbytes_counter ++;
-        if (!BN_dec2bn(&r, r_in)) goto err;
+	ret = BN_bn2bin(tmp, buf);	
-        if (!BN_dec2bn(&s, s_in)) goto err;
+	if (ret == 0 || ret != num)
-        if (BN_cmp(sig->r,r) != 0 || BN_cmp(sig->s,s) != 0)
-        {
-                tmp_char = OPENSSL_malloc(128);
-                if (tmp_char == NULL) goto err;
-                tmp_char = BN_bn2dec(sig->r);
-                BIO_printf(bio_err,"unexpected signature \n");
-                BIO_printf(bio_err,"sig->r = %s\n",tmp_char);
-                tmp_char = BN_bn2dec(sig->s);
-                BIO_printf(bio_err,"sig->s = %s\n",tmp_char);
-                goto err;
-        }
-	        ret = ECDSA_do_verify(dgst, 20, sig, eckey);
-        if (ret != 1)
-        {
-                BIO_printf(bio_err,"ECDSA_do_verify : signature verification failed \n");
-                goto err;
-        }
- 
-        ret = 1;
-err :   if (r)    BN_free(r);
-        if (s)    BN_free(s);
-        if (k)    BN_free(k);
-        if (x)    BN_free(x);
-        if (y)    BN_free(y);
-	if (m)	  BN_free(m);
-        if (ord)  BN_free(ord);
-        if (sig)  ECDSA_SIG_free(sig);
-        if (ctx)  BN_CTX_free(ctx);
-        if (point) EC_POINT_free(point);
-        if (tmp_char) OPENSSL_free(tmp_char);
-        return(ret == 1);
-}
-
-int ecdsa_cmp(const EC_KEY *a, const EC_KEY *b)
-{
-	int 	ret=1;
-	BN_CTX	*ctx=NULL;
-	BIGNUM	*tmp_a1=NULL, *tmp_a2=NULL, *tmp_a3=NULL;
-	BIGNUM	*tmp_b1=NULL, *tmp_b2=NULL, *tmp_b3=NULL;
-
-	if ((ctx = BN_CTX_new()) == NULL) return 1;
-	if ((tmp_a1 = BN_new()) == NULL || (tmp_a2 = BN_new()) == NULL || (tmp_a3 = BN_new()) == NULL) goto err;
-	if ((tmp_b1 = BN_new()) == NULL || (tmp_b2 = BN_new()) == NULL || (tmp_b3 = BN_new()) == NULL) goto err;
-
-	if (a->pub_key && b->pub_key)
-		if (EC_POINT_cmp(a->group, a->pub_key, b->pub_key, ctx) != 0) goto err;
-	if (a->priv_key && b->priv_key)
-		if (BN_cmp(a->priv_key, b->priv_key) != 0) goto err;
-	if (!EC_GROUP_get_curve_GFp(a->group, tmp_a1, tmp_a2, tmp_a3, ctx)) goto err;
-	if (!EC_GROUP_get_curve_GFp(a->group, tmp_b1, tmp_b2, tmp_b3, ctx)) goto err;
-	if (BN_cmp(tmp_a1, tmp_b1) != 0) goto err;
-	if (BN_cmp(tmp_a2, tmp_b2) != 0) goto err;
-	if (BN_cmp(tmp_a3, tmp_b3) != 0) goto err;
-
 		ret = 0;
-err:	if (tmp_a1) BN_free(tmp_a1);
+	else
-	if (tmp_a2) BN_free(tmp_a2);
+		ret = 1;
-	if (tmp_a3) BN_free(tmp_a3);
+	if (tmp)
-	if (tmp_b1) BN_free(tmp_b1);
+		BN_free(tmp);
-	if (tmp_b2) BN_free(tmp_b2);
+	return ret;
-	if (tmp_b3) BN_free(tmp_b3);
+	}
-	if (ctx) BN_CTX_free(ctx);
+
-	return(ret);
+/* some tests from the X9.62 draft */
+int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
+	{
+	int	ret = 0;
+	const char message[] = "abc";
+	unsigned char digest[20];
+	unsigned int  dgst_len = 0;
+	EVP_MD_CTX md_ctx;
+	EC_KEY    *key = NULL;
+	ECDSA_SIG *signature = NULL;
+	BIGNUM    *r = NULL, *s = NULL;
+
+	EVP_MD_CTX_init(&md_ctx);
+	/* get the message digest */
+	EVP_DigestInit(&md_ctx, EVP_ecdsa());
+	EVP_DigestUpdate(&md_ctx, (const void*)message, 3);
+	EVP_DigestFinal(&md_ctx, digest, &dgst_len);
+
+	BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
+	/* create the key */
+	if ((key = EC_KEY_new()) == NULL)
+		goto x962_int_err;
+	if ((key->group = EC_GROUP_new_by_nid(nid)) == NULL)
+		goto x962_int_err;
+	if (!EC_KEY_generate_key(key))
+		goto x962_int_err;
+	BIO_printf(out, ".");
+	BIO_flush(out);
+	/* create the signature */
+	signature = ECDSA_do_sign(digest, 20, key);
+	if (signature == NULL)
+		goto x962_int_err;
+	BIO_printf(out, ".");
+	BIO_flush(out);
+	/* compare the created signature with the expected signature */
+	if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
+		goto x962_int_err;
+	if (!BN_dec2bn(&r, r_in) ||
+	    !BN_dec2bn(&s, s_in))
+		goto x962_int_err;
+	if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
+		goto x962_int_err;
+	BIO_printf(out, ".");
+	BIO_flush(out);
+	/* verify the signature */
+	if (ECDSA_do_verify(digest, 20, signature, key) != 1)
+		goto x962_int_err;
+	BIO_printf(out, ".");
+	BIO_flush(out);
+
+	BIO_printf(out, " ok\n");
+	ret = 1;
+x962_int_err:
+	if (!ret)
+		BIO_printf(out, " failed\n");
+	if (key)
+		EC_KEY_free(key);
+	if (signature)
+		ECDSA_SIG_free(signature);
+	if (r)
+		BN_free(r);
+	if (s)
+		BN_free(s);
+	EVP_MD_CTX_cleanup(&md_ctx);
+	return ret;
+	}
+
+int x9_62_tests(BIO *out)
+	{
+	int ret = 0;
+
+	BIO_printf(out, "some tests from X9.62:\n");
+
+	/* set own rand method */
+	if (!change_rand())
+		goto x962_err;
+
+	if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
+		"3342403536405981729393488334694600415596881826869351677613",
+		"5735822328888155254683894997897571951568553642892029982342"))
+		goto x962_err;
+	if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
+		"3086361431751678114926225473006680188549593787585317781474"
+		"62058306432176",
+		"3238135532097973577080787768312505059318910517550078427819"
+		"78505179448783"))
+		goto x962_err;
+	if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
+		"87194383164871543355722284926904419997237591535066528048",
+		"308992691965804947361541664549085895292153777025772063598"))
+		goto x962_err;
+	if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
+		"2159633321041961198501834003903461262881815148684178964245"
+		"5876922391552",
+		"1970303740007316867383349976549972270528498040721988191026"
+		"49413465737174"))
+		goto x962_err;
+
+	ret = 1;
+x962_err:
+	if (!restore_rand())
+		ret = 0;
+	return ret;
+	}
+
+int test_builtin(BIO *out)
+	{
+	EC_builtin_curve *curves = NULL;
+	size_t		crv_len = 0, n = 0;
+	EC_KEY		*eckey = NULL, *wrong_eckey = NULL;
+	unsigned char	digest[20], wrong_digest[20];
+	unsigned char	*signature; 
+	unsigned int	sig_len;
+	int		nid, ret =  0;
+	
+	/* fill digest values with some random data */
+	if (!RAND_pseudo_bytes(digest, 20) ||
+	    !RAND_pseudo_bytes(wrong_digest, 20))
+		{
+		BIO_printf(out, "ERROR: unable to get random data\n");
+		goto builtin_err;
+		}
+
+	/* create and verify a ecdsa signature with every availble curve
+	 * (with ) */
+	BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
+		"with some internal curves:\n");
+
+	/* get a list of all internal curves */
+	crv_len = EC_get_builtin_curves(NULL, 0);
+
+	curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+	if (curves == NULL)
+		{
+		BIO_printf(out, "malloc error\n");
+		goto builtin_err;
+		}
+	
+	if (!EC_get_builtin_curves(curves, crv_len))
+		{
+		BIO_printf(out, "unable to get internal curves\n");
+		goto builtin_err;
+		}
+
+	/* now create and verify a signature for every curve */
+	for (n = 0; n < crv_len; n++)
+		{
+		nid = curves[n].nid;
+		/* create new ecdsa key (== EC_KEY) */
+		if ((eckey = EC_KEY_new()) == NULL)
+			goto builtin_err;
+		if ((eckey->group = EC_GROUP_new_by_nid(nid)) == NULL)
+			goto builtin_err;
+		if (EC_GROUP_get_degree(eckey->group) < 160)
+			/* drop the curve */ 
+			{
+			EC_KEY_free(eckey);
+			eckey = NULL;
+			continue;
+			}
+		BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
+		/* create key */
+		if (!EC_KEY_generate_key(eckey))
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		/* create second key */
+		if ((wrong_eckey = EC_KEY_new()) == NULL)
+			goto builtin_err;
+		if ((wrong_eckey->group = EC_GROUP_new_by_nid(nid)) == NULL)
+			goto builtin_err;
+		if (!EC_KEY_generate_key(wrong_eckey))
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* check key */
+		if (!EC_KEY_check_key(eckey))
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* create signature */
+		sig_len = ECDSA_size(eckey);
+		if ((signature = OPENSSL_malloc(sig_len)) == NULL)
+			goto builtin_err;
+                if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* verify signature */
+		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* verify signature with the wrong key */
+		if (ECDSA_verify(0, digest, 20, signature, sig_len, 
+			wrong_eckey) == 1)
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* wrong digest */
+		if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
+			eckey) == 1)
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* modify signature */
+		signature[((int)signature[0])%sig_len] ^= 
+			signature[((int)signature[1])%sig_len];
+		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		
+		BIO_printf(out, " ok\n");
+		/* cleanup */
+		OPENSSL_free(signature);
+		signature = NULL;
+		EC_KEY_free(eckey);
+		eckey = NULL;
+		EC_KEY_free(wrong_eckey);
+		wrong_eckey = NULL;
+		}
+
+	ret = 1;	
+builtin_err:
+	if (eckey)
+		EC_KEY_free(eckey);
+	if (wrong_eckey)
+		EC_KEY_free(wrong_eckey);
+	if (signature);
+		OPENSSL_free(signature);
+	if (curves)
+		OPENSSL_free(curves);
+
+	return ret;
 	}
 
 int main(void)
 	{
-	EC_KEY	 	*ecdsa=NULL, *ret_ecdsa=NULL;
+	int 	ret = 0;
-	BIGNUM	 	*d=NULL;
+	BIO	*out;
-	X509_PUBKEY 	*x509_pubkey=NULL;
+
-	PKCS8_PRIV_KEY_INFO *pkcs8=NULL;
+	out = BIO_new_fp(stdout, BIO_NOCLOSE);
-	EVP_PKEY 	*pkey=NULL, *ret_pkey=NULL;
-	int 	 	dgst_len=0;
-	unsigned char 	*dgst=NULL;
-	int 	 	ret = 0, i=0;
-	clock_t		tim;
-	unsigned char 	*buffer=NULL;
-	unsigned char   *pp;
-	long		buf_len=0;
-	double		tim_d;
-	EVP_MD_CTX	*md_ctx=NULL;
 	
 	/* enable memory leak checking unless explicitly disabled */
-	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && 
+		(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
 		{
 		CRYPTO_malloc_debug_init();
 		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
@@ -374,210 +456,27 @@ int main(void)
 
 	ERR_load_crypto_strings();
 
-	if (bio_err == NULL)
+	/* initialize the prng */
-		bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
-
 	RAND_seed(rnd_seed, sizeof(rnd_seed));
 
-	if ((ecdsa = EC_KEY_new()) == NULL)   goto err;
+	/* the tests */
-
+	if (!x9_62_tests(out))  goto err;
-	set_p192_param(ecdsa);
+	if (!test_builtin(out)) goto err;
-	EC_KEY_print(bio_err, ecdsa, 0);
-
-	/* en- decode tests */
-
-	/* i2d_ - d2i_ECParameters() */
-	BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAParameters \n");
-	buf_len = i2d_ECParameters(ecdsa, NULL);
-	if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err;
-	pp = buffer;
-	if (!i2d_ECParameters(ecdsa, &pp)) goto err;
-	pp = buffer;
-	if ((ret_ecdsa = d2i_ECParameters(&ret_ecdsa, (const unsigned char **)&pp, 
-			buf_len)) == NULL) goto err;
-	ECParameters_print(bio_err, ret_ecdsa);
-	if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err;
-	OPENSSL_free(buffer);
-	buffer = NULL;
-	EC_KEY_free(ret_ecdsa);
-	ret_ecdsa = NULL;
-
-	/* i2d_ - d2i_ECPrivateKey() */
-	BIO_printf(bio_err, "\nTesting i2d_ - d2i_ECDSAPrivateKey \n");
-	buf_len = i2d_ECPrivateKey(ecdsa, NULL);
-	if (!buf_len || (buffer = OPENSSL_malloc(buf_len)) == NULL) goto err;
-	pp = buffer;
-	if (!i2d_ECPrivateKey(ecdsa, &pp)) goto err;
-	pp = buffer;
-	if ((ret_ecdsa = d2i_ECPrivateKey(&ret_ecdsa, (const unsigned char**)&pp, 
-			buf_len)) == NULL) goto err;
-	EC_KEY_print(bio_err, ret_ecdsa, 0);
-	if (ecdsa_cmp(ecdsa, ret_ecdsa)) goto err;
-	EC_KEY_free(ret_ecdsa);
-	ret_ecdsa = NULL;
-	OPENSSL_free(buffer);
-	buffer = NULL;
-
-	/* X509_PUBKEY_set() &  X509_PUBKEY_get() */	
-
-	BIO_printf(bio_err, "\nTesting X509_PUBKEY_{get,set}            : ");
-	if ((pkey = EVP_PKEY_new()) == NULL) goto err;
-	EVP_PKEY_assign_EC_KEY(pkey, ecdsa);
-	if ((x509_pubkey = X509_PUBKEY_new()) == NULL) goto err;
-	if (!X509_PUBKEY_set(&x509_pubkey, pkey)) goto err;
-
-	if ((ret_pkey = X509_PUBKEY_get(x509_pubkey)) == NULL) goto err;
-	ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey);
-	EVP_PKEY_free(ret_pkey);
-	ret_pkey = NULL;
-
-	if (ecdsa_cmp(ecdsa, ret_ecdsa)) 
-	{
-		BIO_printf(bio_err, "TEST FAILED \n");
-		goto err;
-	}
-	else BIO_printf(bio_err, "TEST OK \n");
-	X509_PUBKEY_free(x509_pubkey);
-	x509_pubkey = NULL;
-	EC_KEY_free(ret_ecdsa);
-	ret_ecdsa = NULL;
-
-	/* Testing PKCS8_PRIV_KEY_INFO <-> EVP_PKEY */
-	BIO_printf(bio_err, "Testing PKCS8_PRIV_KEY_INFO <-> EVP_PKEY : \n");
-	BIO_printf(bio_err, "PKCS8_OK              : ");
-	if ((pkcs8 = EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK)) == NULL) goto err;
-	if ((ret_pkey = EVP_PKCS82PKEY(pkcs8)) == NULL) goto err;
-	ret_ecdsa = EVP_PKEY_get1_EC_KEY(ret_pkey);
-	if (ecdsa_cmp(ecdsa, ret_ecdsa))
-	{
-		BIO_printf(bio_err, "TEST FAILED \n");
-		goto err;
-	}
-	else BIO_printf(bio_err, "TEST OK \n");
-	EVP_PKEY_free(ret_pkey);
-	ret_pkey = NULL;
-	EC_KEY_free(ret_ecdsa);
-	ret_ecdsa = NULL;
-	PKCS8_PRIV_KEY_INFO_free(pkcs8);
-	EVP_PKEY_free(pkey);
-	pkey  = NULL;
-	ecdsa = NULL;
-	pkcs8 = NULL;
-
-	/* sign and verify tests */
-	if ((d = BN_new()) == NULL) goto err;
- 
-        if (!BN_dec2bn(&d, "968236873715988614170569073515315707566766479517")) goto err;
-        dgst_len = BN_num_bytes(d);
-	if ((dgst = OPENSSL_malloc(dgst_len)) == NULL) goto err;
-        if (!BN_bn2bin(d, dgst)) goto err;
-
-        BIO_printf(bio_err, "Performing tests based on examples H.3.1 and H.3.2 of X9.62 \n");
- 
-        BIO_printf(bio_err, "PRIME_192_V1 : ");
-	if ((ecdsa = EC_KEY_new()) == NULL) goto err;
-        if (!set_p192_param(ecdsa)) goto err;
-        if (!test_x962_sig_vrf(ecdsa, dgst, "6140507067065001063065065565667405560006161556565665656654",
-                               "3342403536405981729393488334694600415596881826869351677613",
-                               "5735822328888155254683894997897571951568553642892029982342"))
-                goto err;
-        else
-                BIO_printf(bio_err, "OK\n");
-        BIO_printf(bio_err, "PRIME_239_V1 : ");
-        if (!set_p239_param(ecdsa))
-                goto err;
-        if (!test_x962_sig_vrf(ecdsa, dgst, "700000017569056646655505781757157107570501575775705779575555657156756655",
-                               "308636143175167811492622547300668018854959378758531778147462058306432176",
-                               "323813553209797357708078776831250505931891051755007842781978505179448783"))
-                goto err;
-        else
-                BIO_printf(bio_err, "OK\n");
-
-	EC_KEY_free(ecdsa);
-	ecdsa = NULL;
-	OPENSSL_free(dgst);
-	dgst = NULL;
-
-	for (i=0; i<ECDSA_NIST_TESTS; i++)
-		if (!RAND_bytes(digest[i], 20)) goto err;
-
- 	BIO_printf(bio_err, "\n");
-
-/* Macro for each test */
-#define ECDSA_GROUP_TEST(text, curve) \
- 	BIO_printf(bio_err, "Testing sign & verify with %s : \n", text); \
-	EC_KEY_free(ecdsa); \
-	if ((ecdsa = EC_KEY_new()) == NULL) goto err; \
-	if ((ecdsa->group = EC_GROUP_new_by_nid(curve)) == NULL) goto err; \
-	if (!EC_KEY_generate_key(ecdsa)) goto err; \
-        tim = clock(); \
-        for (i=0; i<ECDSA_NIST_TESTS; i++) \
-                if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; \
-        tim = clock() - tim; \
-	tim_d = (double)tim / CLOCKS_PER_SEC; \
-        BIO_printf(bio_err, "%d x ECDSA_do_sign()   in %.2f"UNIT" => average time for ECDSA_do_sign()   %.4f"UNIT"\n" \
-		, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); \
-	tim = clock(); \
-	for (i=0; i<ECDSA_NIST_TESTS; i++) \
-		if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err; \
-	tim = clock() - tim; \
-	tim_d = (double)tim / CLOCKS_PER_SEC; \
-	BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" \
-                , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); \
-	for (i=0; i<ECDSA_NIST_TESTS; i++) \
-	{ \
-		ECDSA_SIG_free(signatures[i]); \
-		signatures[i] = NULL; \
-	}
-	
-	/* NIST PRIME CURVES TESTS */
-	ECDSA_GROUP_TEST("NIST Prime-Curve P-192", NID_X9_62_prime192v1);
-	ECDSA_GROUP_TEST("NIST Prime-Curve P-224", NID_secp224r1);
-	ECDSA_GROUP_TEST("NIST Prime-Curve P-256", NID_X9_62_prime256v1);
-	ECDSA_GROUP_TEST("NIST Prime-Curve P-384", NID_secp384r1);
-	ECDSA_GROUP_TEST("NIST Prime-Curve P-521", NID_secp521r1);
-	/* NIST BINARY CURVES TESTS */
-	ECDSA_GROUP_TEST("NIST Binary-Curve K-163", NID_sect163k1);
-	ECDSA_GROUP_TEST("NIST Binary-Curve B-163", NID_sect163r2);
-	ECDSA_GROUP_TEST("NIST Binary-Curve K-233", NID_sect233k1);
-	ECDSA_GROUP_TEST("NIST Binary-Curve B-233", NID_sect233r1);
-	ECDSA_GROUP_TEST("NIST Binary-Curve K-283", NID_sect283k1);
-	ECDSA_GROUP_TEST("NIST Binary-Curve B-283", NID_sect283r1);
-	ECDSA_GROUP_TEST("NIST Binary-Curve K-409", NID_sect409k1);
-	ECDSA_GROUP_TEST("NIST Binary-Curve B-409", NID_sect409r1);
-	ECDSA_GROUP_TEST("NIST Binary-Curve K-571", NID_sect571k1);
-	ECDSA_GROUP_TEST("NIST Binary-Curve B-571", NID_sect571r1);
-#undef ECDSA_GROUP_TEST
-
-	EC_KEY_free(ecdsa);
-	ecdsa = NULL;
-	OPENSSL_free(buffer);
-	buffer = NULL;
-	EVP_PKEY_free(pkey);
-	pkey = NULL;
 	
 	ret = 1;
-err:	if (!ret) 	
+err:	
-		BIO_printf(bio_err, "TEST FAILED \n");
-	else 
-		BIO_printf(bio_err, "TEST PASSED \n");
 	if (!ret) 	
-		ERR_print_errors(bio_err);
+		BIO_printf(out, "\nECDSA test failed\n");
-	if (ecdsa)	EC_KEY_free(ecdsa);
+	else 
-	if (d)		BN_free(d);
+		BIO_printf(out, "\nECDSA test passed\n");
-	if (dgst)	OPENSSL_free(dgst);
+	if (!ret)
-	if (md_ctx)	EVP_MD_CTX_destroy(md_ctx);
+		ERR_print_errors(out);
-	if (pkey)	EVP_PKEY_free(pkey);
 	CRYPTO_cleanup_all_ex_data();
 	ERR_remove_state(0);
 	ERR_free_strings();
-	CRYPTO_mem_leaks(bio_err);
+	CRYPTO_mem_leaks(out);
-	if (bio_err != NULL)
+	if (out != NULL)
-	{
+		BIO_free(out);
-		BIO_free(bio_err);
-		bio_err = NULL;
-	}
 	return(0);
 	}	
-
 #endif

crypto/ecdsa/ecs_lib.c

@@ -170,7 +170,7 @@ void ECDSA_DATA_free(ECDSA_DATA *r)
 
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
 
-	memset((void *)r, 0x0, sizeof(ECDSA_DATA));
+	OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
 
 	OPENSSL_free(r);
 }

crypto/engine/eng_cryptodev.c

@@ -46,6 +46,18 @@ ENGINE_load_cryptodev(void)
 
 #include <sys/types.h>
 #include <sys/param.h>
+
+#if OpenBSD < 200112
+
+void
+ENGINE_load_cryptodev(void)
+{
+	/* This is a NOP unless we have release 3.0 (released december 2001) */
+	return;
+}
+
+#else /* OpenBSD 3.0 or above */
+
 #include <crypto/cryptodev.h>
 #include <sys/ioctl.h>
 #include <errno.h>
@@ -1114,4 +1126,5 @@ ENGINE_load_cryptodev(void)
 	ERR_clear_error();
 }
 
+#endif /* OpenBSD 3.0 or above */
 #endif /* __OpenBSD__ */

crypto/engine/eng_openssl.c

@@ -84,6 +84,21 @@
 /* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
 /* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
 
+/* Now check what of those algorithms are actually enabled */
+#ifdef OPENSSL_NO_RC4
+#undef TEST_ENG_OPENSSL_RC4
+#undef TEST_ENG_OPENSSL_RC4_OTHERS
+#undef TEST_ENG_OPENSSL_RC4_P_INIT
+#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
+#endif
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
+#undef TEST_ENG_OPENSSL_SHA
+#undef TEST_ENG_OPENSSL_SHA_OTHERS
+#undef TEST_ENG_OPENSSL_SHA_P_INIT
+#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
+#undef TEST_ENG_OPENSSL_SHA_P_FINAL 
+#endif
+
 #ifdef TEST_ENG_OPENSSL_RC4
 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
 				const int **nids, int nid);

crypto/engine/enginetest.c

@@ -58,9 +58,6 @@
 
 #include <openssl/e_os2.h>
 #include <stdio.h>
-#ifdef OPENSSL_SYS_WINCE
-#include <stdlib_extras.h>
-#endif
 #include <string.h>
 #include <openssl/buffer.h>
 #include <openssl/crypto.h>

crypto/evp/bio_enc.c

@@ -132,7 +132,7 @@ static int enc_free(BIO *a)
 	if (a == NULL) return(0);
 	b=(BIO_ENC_CTX *)a->ptr;
 	EVP_CIPHER_CTX_cleanup(&(b->cipher));
-	memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+	OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
 	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;

crypto/evp/bio_ok.c

@@ -211,7 +211,7 @@ static int ok_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
-	memset(a->ptr,0,sizeof(BIO_OK_CTX));
+	OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
 	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;

crypto/evp/digest.c

@@ -301,7 +301,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 		ctx->digest->cleanup(ctx);
 	if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
 		{
-		memset(ctx->md_data,0,ctx->digest->ctx_size);
+		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
 		OPENSSL_free(ctx->md_data);
 		}
 	if(ctx->engine)

crypto/evp/e_idea.c

@@ -109,7 +109,7 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 
 		idea_set_encrypt_key(key,&tmp);
 		idea_set_decrypt_key(&tmp,ctx->cipher_data);
-		memset((unsigned char *)&tmp,0,
+		OPENSSL_cleanse((unsigned char *)&tmp,
 				sizeof(IDEA_KEY_SCHEDULE));
 		}
 	return 1;

crypto/evp/evp_enc.c

@@ -454,9 +454,9 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
 		{
 		if(c->cipher->cleanup && !c->cipher->cleanup(c))
 			return 0;
-		/* Zero cipher context data */
+		/* Cleanse cipher context data */
 		if (c->cipher_data)
-			memset(c->cipher_data, 0, c->cipher->ctx_size);
+			OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
 		}
 	if (c->cipher_data)
 		OPENSSL_free(c->cipher_data);