Changes between 1.0.2f and 1.1.0 [xx XXX xxxx]
+ *) Always DPURIFY. Remove the use of uninitialized memory in the
+ RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op.
+ [Emilia Käsper]
+
*) Removed many obsolete configuration items, including
DES_PTR, DES_RISC1, DES_RISC2, DES_INT
MD2_CHAR, MD2_INT, MD2_LONG
%targets = (
"purify" => {
cc => "purify gcc",
- cflags => "-g -DPURIFY -Wall",
+ cflags => "-g -Wall",
thread_cflag => "(unknown)",
lflags => "-lsocket -lnsl",
},
%targets = (
"debug-geoff32" => {
cc => "gcc",
- cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
+ cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
thread_cflag => "-D_REENTRANT",
lflags => "-ldl",
bn_ops => "BN_LLONG",
},
"debug-geoff64" => {
cc => "gcc",
- cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
+ cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
thread_cflag => "-D_REENTRANT",
lflags => "-ldl",
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
return (NULL);
}
if (BN_get_flags(b,BN_FLG_SECURE))
- a = A = OPENSSL_secure_malloc(words * sizeof(*a));
+ a = A = OPENSSL_secure_zalloc(words * sizeof(*a));
else
- a = A = OPENSSL_malloc(words * sizeof(*a));
+ a = A = OPENSSL_zalloc(words * sizeof(*a));
if (A == NULL) {
BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
return (NULL);
}
-#ifdef PURIFY
- /*
- * Valgrind complains in BN_consttime_swap because we process the whole
- * array even if it's not initialised yet. This doesn't matter in that
- * function - what's important is constant time operation (we're not
- * actually going to use the data)
- */
- memset(a, 0, sizeof(*a) * words);
-#endif
#if 1
B = b->d;
956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */
};
-
if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)))
goto err;
-#ifndef PURIFY /* purify complains */
- /*
- * The following line uses the supplied buffer as a small source of
- * entropy: since this buffer is often uninitialised it may cause
- * programs such as purify or valgrind to complain. So for those
- * builds it is not used: the removal of such a small source of
- * entropy has negligible impact on security.
- */
- if (!MD_Update(m, buf, j))
- goto err;
-#endif
-
k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
if (k > 0) {
if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k))
return (0);
#ifndef OPENSSL_NO_POSIX_IO
-# ifdef PURIFY
/*
* struct stat can have padding and unused fields that may not be
* initialized in the call to stat(). We need to clear the entire
* applications such as Valgrind.
*/
memset(&sb, 0, sizeof(sb));
-# endif
if (stat(file, &sb) < 0)
return (0);
RAND_add(&sb, sizeof(sb), 0.0);
i = fread(buf, 1, n, in);
if (i <= 0)
break;
-#ifdef PURIFY
+
RAND_add(buf, i, (double)i);
-#else
- /* even if n != i, use the full array */
- RAND_add(buf, n, (double)i);
-#endif
ret += i;
if (bytes > 0) {
bytes -= n;