Merge OpenSSL 0.9.8p into head.

Security: CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt
author: simon <simon@FreeBSD.org> 2010-11-22 18:23:44 +0000
committer: simon <simon@FreeBSD.org> 2010-11-22 18:23:44 +0000
commit: 7a23485c98b888d229c5e0762dbcfcec293fcef6 (patch)
tree: 5691801dabb6a06320a55f5ce8ed927af41514f3 /crypto/openssl/engines
parent: 9c043d590896a77d5d66b978a963573a41d66ad3 (diff)
download: FreeBSD-src-7a23485c98b888d229c5e0762dbcfcec293fcef6.zip
FreeBSD-src-7a23485c98b888d229c5e0762dbcfcec293fcef6.tar.gz
3 files changed, 20 insertions, 40 deletions
diff --git a/crypto/openssl/engines/e_chil.c b/crypto/openssl/engines/e_chil.c
index 3a07076..fca7a9c 100644
--- a/crypto/openssl/engines/e_chil.c
+++ b/crypto/openssl/engines/e_chil.c
@@ -111,11 +111,10 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 #ifndef OPENSSL_NO_RSA
 /* RSA stuff */
 static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
-#ifndef OPENSSL_NO_RSA
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int hwcrhk_rsa_finish(RSA *rsa);
 #endif
 
 #ifndef OPENSSL_NO_DH
@@ -135,10 +134,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
 	UI_METHOD *ui_method, void *callback_data);
 static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
 	UI_METHOD *ui_method, void *callback_data);
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
-	int ind,long argl, void *argp);
-#endif
 
 /* Interaction stuff */
 static int hwcrhk_insert_card(const char *prompt_info,
@@ -193,7 +188,7 @@ static RSA_METHOD hwcrhk_rsa =
 	hwcrhk_rsa_mod_exp,
 	hwcrhk_mod_exp_mont,
 	NULL,
-	NULL,
+	hwcrhk_rsa_finish,
 	0,
 	NULL,
 	NULL,
@@ -603,7 +598,7 @@ static int hwcrhk_init(ENGINE *e)
 	if (hndidx_rsa == -1)
 		hndidx_rsa = RSA_get_ex_new_index(0,
 			"nFast HWCryptoHook RSA key handle",
-			NULL, NULL, hwcrhk_ex_free);
+			NULL, NULL, NULL);
 #endif
 	return 1;
 err:
@@ -1081,6 +1076,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 	{
 	return hwcrhk_mod_exp(r, a, p, m, ctx);
 	}
+
+static int hwcrhk_rsa_finish(RSA *rsa)
+	{
+	HWCryptoHook_RSAKeyHandle *hptr;
+
+	hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+	if (hptr)
+                {
+                p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+                OPENSSL_free(hptr);
+		RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+                }
+	return 1;
+	}
+
 #endif
 
 #ifndef OPENSSL_NO_DH
@@ -1139,34 +1149,6 @@ static int hwcrhk_rand_status(void)
 	return 1;
 	}
 
-/* This cleans up an RSA KM key, called when ex_data is freed */
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
-	int ind,long argl, void *argp)
-{
-	char tempbuf[1024];
-	HWCryptoHook_ErrMsgBuf rmsg;
-#ifndef OPENSSL_NO_RSA
-	HWCryptoHook_RSAKeyHandle *hptr;
-#endif
-#if !defined(OPENSSL_NO_RSA)
-	int ret;
-#endif
-
-	rmsg.buf = tempbuf;
-	rmsg.size = sizeof(tempbuf);
-
-#ifndef OPENSSL_NO_RSA
-	hptr = (HWCryptoHook_RSAKeyHandle *) item;
-	if(hptr)
-                {
-                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
-                OPENSSL_free(hptr);
-                }
-#endif
-}
-#endif
-
 /* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
  * these just wrap the POSIX functions and add some logging.
  */
@@ -1316,6 +1298,8 @@ static int hwcrhk_insert_card(const char *prompt_info,
 		if (wrong_info && *wrong_info)
 			BIO_snprintf(buf, sizeof(buf)-1,
 				"Current card: \"%s\"\n", wrong_info);
+		else
+			buf[0] = 0;
 		ok = UI_dup_info_string(ui, buf);
 		if (ok >= 0 && prompt_info)
 			{
diff --git a/crypto/openssl/engines/e_cswift.c b/crypto/openssl/engines/e_cswift.c
index bc65179..2e64ff3 100644
--- a/crypto/openssl/engines/e_cswift.c
+++ b/crypto/openssl/engines/e_cswift.c
@@ -811,7 +811,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	SW_PARAM sw_param;
 	SW_STATUS sw_status;
 	SW_LARGENUMBER arg, res;
-	unsigned char *ptr;
 	BN_CTX *ctx;
 	BIGNUM *dsa_p = NULL;
 	BIGNUM *dsa_q = NULL;
@@ -899,7 +898,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 		goto err;
 		}
 	/* Convert the response */
-	ptr = (unsigned char *)result->d;
 	if((to_return = DSA_SIG_new()) == NULL)
 		goto err;
 	to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
diff --git a/crypto/openssl/engines/e_ubsec.c b/crypto/openssl/engines/e_ubsec.c
index a0f320c..f1c8101 100644
--- a/crypto/openssl/engines/e_ubsec.c
+++ b/crypto/openssl/engines/e_ubsec.c
@@ -631,10 +631,8 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
 	{
 	int	y_len,
-		m_len,
 		fd;
 
-	m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
 	y_len = BN_num_bits(p) + BN_num_bits(q);
 
 	/* Check if hardware can't handle this argument. */
author	simon <simon@FreeBSD.org>	2010-11-22 18:23:44 +0000
committer	simon <simon@FreeBSD.org>	2010-11-22 18:23:44 +0000
commit	7a23485c98b888d229c5e0762dbcfcec293fcef6 (patch)
tree	5691801dabb6a06320a55f5ce8ed927af41514f3 /crypto/openssl/engines
parent	9c043d590896a77d5d66b978a963573a41d66ad3 (diff)
download	FreeBSD-src-7a23485c98b888d229c5e0762dbcfcec293fcef6.zip FreeBSD-src-7a23485c98b888d229c5e0762dbcfcec293fcef6.tar.gz