From ae551760917614647ad6fbacec6e4c1b495a94cf Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Mon, 14 Nov 2011 00:36:10 +0000 Subject: [PATCH] Fix some warnings caused by __owur. Temporarily (I hope) remove the more aspirational __owur annotations. --- Configure | 1 + apps/enc.c | 10 +++++++--- apps/ts.c | 3 ++- crypto/cms/cms_pwri.c | 20 +++++++++++--------- crypto/ecdsa/ecdsatest.c | 7 ++++--- crypto/evp/evp.h | 34 +++++++++++++++++----------------- crypto/hmac/hmac.h | 6 +++--- crypto/rc4/rc4test.c | 2 +- crypto/x509/x509_cmp.c | 12 ++++++------ doc/crypto/EVP_BytesToKey.pod | 2 +- engines/e_padlock.c | 4 ++-- ssl/s2_srvr.c | 16 +++++++++++----- 12 files changed, 66 insertions(+), 51 deletions(-) diff --git a/Configure b/Configure index 16feb6756b..21c6bc318a 100755 --- a/Configure +++ b/Configure @@ -170,6 +170,7 @@ my %table=( "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::", +"debug-ben-macos", "cc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", "debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", diff --git a/apps/enc.c b/apps/enc.c index 076225c4cb..8c5527783b 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -549,9 +549,13 @@ bad: sptr = salt; } - EVP_BytesToKey(cipher,dgst,sptr, - (unsigned char *)str, - strlen(str),1,key,iv); + if (!EVP_BytesToKey(cipher,dgst,sptr, + (unsigned char *)str, + strlen(str),1,key,iv)) + { + BIO_printf(bio_err, "EVP_BytesToKey failed\n"); + goto end; + } /* zero the complete buffer or the string * passed from the command line * bug picked up by diff --git a/apps/ts.c b/apps/ts.c index 5fa9f7fda0..ae7604cc69 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -618,7 +618,8 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md, { EVP_DigestUpdate(&md_ctx, buffer, length); } - EVP_DigestFinal(&md_ctx, *md_value, NULL); + if (!EVP_DigestFinal(&md_ctx, *md_value, NULL)) + return 0; } else { diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index b79612a12d..8a574616d2 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -239,21 +239,22 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, } tmp = OPENSSL_malloc(inlen); /* setup IV by decrypting last two blocks */ - EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, - in + inlen - 2 * blocklen, blocklen * 2); + if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, + in + inlen - 2 * blocklen, blocklen * 2) /* Do a decrypt of last decrypted block to set IV to correct value * output it to start of buffer so we don't corrupt decrypted block * this works because buffer is at least two block lengths long. */ - EVP_DecryptUpdate(ctx, tmp, &outl, - tmp + inlen - blocklen, blocklen); + || !EVP_DecryptUpdate(ctx, tmp, &outl, + tmp + inlen - blocklen, blocklen) /* Can now decrypt first n - 1 blocks */ - EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen); + || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen) /* Reset IV to original value */ - EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); + || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL) /* Decrypt again */ - EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen); + || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen)) + goto err; /* Check check bytes */ if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) { @@ -308,8 +309,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, if (olen > inlen + 4) RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen); /* Encrypt twice */ - EVP_EncryptUpdate(ctx, out, &dummy, out, olen); - EVP_EncryptUpdate(ctx, out, &dummy, out, olen); + if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) + || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen)) + return 0; } *outlen = olen; diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index c5b6ed2b87..42852ce6e8 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -196,9 +196,10 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) EVP_MD_CTX_init(&md_ctx); /* get the message digest */ - EVP_DigestInit(&md_ctx, EVP_ecdsa()); - EVP_DigestUpdate(&md_ctx, (const void*)message, 3); - EVP_DigestFinal(&md_ctx, digest, &dgst_len); + if (!EVP_DigestInit(&md_ctx, EVP_ecdsa()) + || !EVP_DigestUpdate(&md_ctx, (const void*)message, 3) + || !EVP_DigestFinal(&md_ctx, digest, &dgst_len)) + goto x962_int_err; BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); /* create the key */ diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 3b38ecd6e6..de910ae7a0 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -559,7 +559,7 @@ void BIO_set_md(BIO *,const EVP_MD *md); #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) -__owur int EVP_Cipher(EVP_CIPHER_CTX *c, +/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in, unsigned int inl); @@ -577,19 +577,19 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx); int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); EVP_MD_CTX *EVP_MD_CTX_create(void); void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); -__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +/*__owur*/ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags); -__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, +/*__owur*/ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +/*__owur*/ int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, size_t cnt); -__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); -__owur int EVP_Digest(const void *data, size_t count, +/*__owur*/ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +/*__owur*/ int EVP_Digest(const void *data, size_t count, unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); -__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); -__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +/*__owur*/ int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); +/*__owur*/ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); __owur int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); @@ -607,26 +607,26 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags); __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); -__owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, +/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv); -__owur int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); -__owur int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -__owur int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); __owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); -__owur int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, +/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv); -__owur int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); __owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -__owur int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); __owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, const unsigned char *key,const unsigned char *iv, int enc); -__owur int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, +/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key,const unsigned char *iv, int enc); __owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -640,7 +640,7 @@ __owur int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, __owur int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); -__owur int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen); diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h index eedf0a574d..68c9e0f545 100644 --- a/crypto/hmac/hmac.h +++ b/crypto/hmac/hmac.h @@ -92,10 +92,10 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx); __owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); /* deprecated */ -__owur int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, +/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl); -__owur int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); -__owur int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); +/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len); diff --git a/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c index d689f70334..e800aa9256 100644 --- a/crypto/rc4/rc4test.c +++ b/crypto/rc4/rc4test.c @@ -121,7 +121,7 @@ int main(int argc, char *argv[]) RC4_KEY key; unsigned char obuf[512]; -#if !defined(OPENSSL_PIC) +#if !defined(OPENSSL_PIC) && !defined(__MACH__) OPENSSL_cpuid_setup(); #endif diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 80ebcd3421..352aa37434 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -248,14 +248,14 @@ unsigned long X509_NAME_hash_old(X509_NAME *x) i2d_X509_NAME(x,NULL); EVP_MD_CTX_init(&md_ctx); EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); - EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); - EVP_DigestFinal_ex(&md_ctx,md,NULL); + if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) + && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) + && EVP_DigestFinal_ex(&md_ctx,md,NULL)) + ret=(((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| + ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) + )&0xffffffffL; EVP_MD_CTX_cleanup(&md_ctx); - ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| - ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) - )&0xffffffffL; return(ret); } #endif diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod index d375c46e03..abbbdb2d4b 100644 --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod @@ -55,7 +55,7 @@ the IV. =head1 RETURN VALUES -EVP_BytesToKey() returns the size of the derived key in bytes. +EVP_BytesToKey() returns the size of the derived key in bytes, or 0 on error. =head1 SEE ALSO diff --git a/engines/e_padlock.c b/engines/e_padlock.c index a19f173536..eaee67ecbf 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -100,10 +100,10 @@ #undef COMPILE_HW_PADLOCK #if !defined(I386_ONLY) && !defined(OPENSSL_NO_ASM) -# if defined(__i386__) || defined(__i386) || \ +# if (defined(__i386__) || defined(__i386) || \ defined(__x86_64__) || defined(__x86_64) || \ defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__INTEL__) + defined(__INTEL__)) && !defined(__MACH__) # define COMPILE_HW_PADLOCK # ifdef OPENSSL_NO_DYNAMIC_ENGINE static ENGINE *ENGINE_padlock (void); diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index bc885e8e7f..2cba426bb7 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -1059,10 +1059,12 @@ static int request_certificate(SSL *s) EVP_PKEY *pkey=NULL; EVP_MD_CTX_init(&ctx); - EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL); - EVP_VerifyUpdate(&ctx,s->s2->key_material, - s->s2->key_material_length); - EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH); + if (!EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL) + || !EVP_VerifyUpdate(&ctx,s->s2->key_material, + s->s2->key_material_length) + || !EVP_VerifyUpdate(&ctx,ccd, + SSL2_MIN_CERT_CHALLENGE_LENGTH)) + goto msg_end; i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL); buf2=OPENSSL_malloc((unsigned int)i); @@ -1073,7 +1075,11 @@ static int request_certificate(SSL *s) } p2=buf2; i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2); - EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i); + if (!EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i)) + { + OPENSSL_free(buf2); + goto msg_end; + } OPENSSL_free(buf2); pkey=X509_get_pubkey(x509); -- 2.25.1