Always DPURIFY (d8ca44ba) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,10 @@

		Changes between 1.0.2f and 1.1.0 [xx XXX xxxx]

		*) Always DPURIFY. Remove the use of uninitialized memory in the
		RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op.
		[Emilia Käsper]

		*) Removed many obsolete configuration items, including
		DES_PTR, DES_RISC1, DES_RISC2, DES_INT
		MD2_CHAR, MD2_INT, MD2_LONG

Configurations/90-team.conf

+1 −1

Original line number	Diff line number	Diff line
		@@ -8,7 +8,7 @@
		%targets = (
		"purify" => {
		cc => "purify gcc",
		cflags => "-g -DPURIFY -Wall",
		cflags => "-g -Wall",
		thread_cflag => "(unknown)",
		lflags => "-lsocket -lnsl",
		},

Configurations/99-personal-geoff.conf

+2 −2

Original line number	Diff line number	Diff line
		@@ -8,7 +8,7 @@
		%targets = (
		"debug-geoff32" => {
		cc => "gcc",
		cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
		cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
		thread_cflag => "-D_REENTRANT",
		lflags => "-ldl",
		bn_ops => "BN_LLONG",
		@@ -19,7 +19,7 @@
		},
		"debug-geoff64" => {
		cc => "gcc",
		cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
		cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long",
		thread_cflag => "-D_REENTRANT",
		lflags => "-ldl",
		bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",

crypto/bn/bn_lib.c

+2 −11

Original line number	Diff line number	Diff line
		@@ -313,22 +313,13 @@ static BN_ULONG bn_expand_internal(const BIGNUM b, int words)
		return (NULL);
		}
		if (BN_get_flags(b,BN_FLG_SECURE))
		a = A = OPENSSL_secure_malloc(words * sizeof(*a));
		a = A = OPENSSL_secure_zalloc(words * sizeof(*a));
		else
		a = A = OPENSSL_malloc(words * sizeof(*a));
		a = A = OPENSSL_zalloc(words * sizeof(*a));
		if (A == NULL) {
		BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
		return (NULL);
		}
		#ifdef PURIFY
		/*
		* Valgrind complains in BN_consttime_swap because we process the whole
		* array even if it's not initialised yet. This doesn't matter in that
		* function - what's important is constant time operation (we're not
		* actually going to use the data)
		*/
		memset(a, 0, sizeof(a) words);
		#endif

		#if 1
		B = b->d;

crypto/objects/obj_dat.h

+0 −1

Original line number	Diff line number	Diff line
		@@ -5647,4 +5647,3 @@ static const unsigned int obj_objs[NUM_OBJ]={
		956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
		957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */
		};