openssl/sme8/openssl-fips-0.9.8e-chil-fixes.patch

diff -up openssl-fips-0.9.8e/engines/e_chil.c.chil openssl-fips-0.9.8e/engines/e_chil.c
--- openssl-fips-0.9.8e/engines/e_chil.c.chil   2005-07-16 13:13:08.000000000 +0200
+++ openssl-fips-0.9.8e/engines/e_chil.c        2011-04-04 16:35:45.000000000 +0200
@@ -116,6 +116,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r,
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int hwcrhk_rsa_finish(RSA *rsa);
 #endif
 
 #ifndef OPENSSL_NO_DH
@@ -135,10 +136,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG
        UI_METHOD *ui_method, void *callback_data);
 static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
        UI_METHOD *ui_method, void *callback_data);
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
-       int ind,long argl, void *argp);
-#endif
 
 /* Interaction stuff */
 static int hwcrhk_insert_card(const char *prompt_info,
@@ -193,7 +190,7 @@ static RSA_METHOD hwcrhk_rsa =
        hwcrhk_rsa_mod_exp,
        hwcrhk_mod_exp_mont,
        NULL,
-       NULL,
+       hwcrhk_rsa_finish,
        0,
        NULL,
        NULL,
@@ -589,12 +586,6 @@ static int hwcrhk_init(ENGINE *e)
                        hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
                        hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
                        }
-               else if (CRYPTO_get_locking_callback() != NULL)
-                       {
-                       HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING);
-                       ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
-                       goto err;
-                       }
                }
 
        /* Try and get a context - if not, we may have a DSO but no
@@ -609,7 +600,7 @@ static int hwcrhk_init(ENGINE *e)
        if (hndidx_rsa == -1)
                hndidx_rsa = RSA_get_ex_new_index(0,
                        "nFast HWCryptoHook RSA key handle",
-                       NULL, NULL, hwcrhk_ex_free);
+                       NULL, NULL, NULL);
 #endif
        return 1;
 err:
@@ -853,8 +844,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG
 
        return res;
  err:
-       if (res)
-               EVP_PKEY_free(res);
 #ifndef OPENSSL_NO_RSA
        if (rtmp)
                RSA_free(rtmp);
@@ -1087,6 +1076,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r
        {
        return hwcrhk_mod_exp(r, a, p, m, ctx);
        }
+
+static int hwcrhk_rsa_finish(RSA *rsa)
+       {
+       HWCryptoHook_RSAKeyHandle *hptr;
+
+       hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+       if (hptr)
+                {
+                p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+                OPENSSL_free(hptr);
+               RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+                }
+       return 1;
+       }
+
 #endif
 
 #ifndef OPENSSL_NO_DH
@@ -1145,34 +1149,6 @@ static int hwcrhk_rand_status(void)
        return 1;
        }
 
-/* This cleans up an RSA KM key, called when ex_data is freed */
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
-       int ind,long argl, void *argp)
-{
-       char tempbuf[1024];
-       HWCryptoHook_ErrMsgBuf rmsg;
-#ifndef OPENSSL_NO_RSA
-       HWCryptoHook_RSAKeyHandle *hptr;
-#endif
-#if !defined(OPENSSL_NO_RSA)
-       int ret;
-#endif
-
-       rmsg.buf = tempbuf;
-       rmsg.size = sizeof(tempbuf);
-
-#ifndef OPENSSL_NO_RSA
-       hptr = (HWCryptoHook_RSAKeyHandle *) item;
-       if(hptr)
-                {
-                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
-                OPENSSL_free(hptr);
-                }
-#endif
-}
-#endif
-
 /* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
  * these just wrap the POSIX functions and add some logging.
  */
@@ -1210,6 +1186,11 @@ static int hwcrhk_get_pass(const char *p
        pem_password_cb *callback = NULL;
        void *callback_data = NULL;
         UI_METHOD *ui_method = NULL;
+       /* Despite what the documentation says prompt_info can be
+        * an empty string.
+        */
+       if (prompt_info && !*prompt_info)
+               prompt_info = NULL;
 
         if (cactx)
                 {
@@ -1311,10 +1292,14 @@ static int hwcrhk_insert_card(const char
                {
                char answer;
                char buf[BUFSIZ];
-
-               if (wrong_info)
+               /* Despite what the documentation says wrong_info can be
+                * an empty string.
+                */
+               if (wrong_info && *wrong_info)
                        BIO_snprintf(buf, sizeof(buf)-1,
                                "Current card: \"%s\"\n", wrong_info);
+               else
+                       buf[0] = 0;
                ok = UI_dup_info_string(ui, buf);
                if (ok >= 0 && prompt_info)
                        {
1	diff -up openssl-fips-0.9.8e/engines/e_chil.c.chil openssl-fips-0.9.8e/engines/e_chil.c
2	--- openssl-fips-0.9.8e/engines/e_chil.c.chil 2005-07-16 13:13:08.000000000 +0200
3	+++ openssl-fips-0.9.8e/engines/e_chil.c 2011-04-04 16:35:45.000000000 +0200
4	@@ -116,6 +116,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r,
5	/* This function is aliased to mod_exp (with the mont stuff dropped). */
6	static int hwcrhk_mod_exp_mont(BIGNUM r, const BIGNUM a, const BIGNUM *p,
7	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *m_ctx);
8	+static int hwcrhk_rsa_finish(RSA *rsa);
9	#endif
10
11	#ifndef OPENSSL_NO_DH
12	@@ -135,10 +136,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG
13	UI_METHOD ui_method, void callback_data);
14	static EVP_PKEY hwcrhk_load_pubkey(ENGINE eng, const char *key_id,
15	UI_METHOD ui_method, void callback_data);
16	-#ifndef OPENSSL_NO_RSA
17	-static void hwcrhk_ex_free(void obj, void item, CRYPTO_EX_DATA *ad,
18	- int ind,long argl, void *argp);
19	-#endif
20
21	/* Interaction stuff */
22	static int hwcrhk_insert_card(const char *prompt_info,
23	@@ -193,7 +190,7 @@ static RSA_METHOD hwcrhk_rsa =
24	hwcrhk_rsa_mod_exp,
25	hwcrhk_mod_exp_mont,
26	NULL,
27	- NULL,
28	+ hwcrhk_rsa_finish,
29	0,
30	NULL,
31	NULL,
32	@@ -589,12 +586,6 @@ static int hwcrhk_init(ENGINE *e)
33	hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
34	hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
35	}
36	- else if (CRYPTO_get_locking_callback() != NULL)
37	- {
38	- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING);
39	- ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
40	- goto err;
41	- }
42	}
43
44	/* Try and get a context - if not, we may have a DSO but no
45	@@ -609,7 +600,7 @@ static int hwcrhk_init(ENGINE *e)
46	if (hndidx_rsa == -1)
47	hndidx_rsa = RSA_get_ex_new_index(0,
48	"nFast HWCryptoHook RSA key handle",
49	- NULL, NULL, hwcrhk_ex_free);
50	+ NULL, NULL, NULL);
51	#endif
52	return 1;
53	err:
54	@@ -853,8 +844,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG
55
56	return res;
57	err:
58	- if (res)
59	- EVP_PKEY_free(res);
60	#ifndef OPENSSL_NO_RSA
61	if (rtmp)
62	RSA_free(rtmp);
63	@@ -1087,6 +1076,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r
64	{
65	return hwcrhk_mod_exp(r, a, p, m, ctx);
66	}
67	+
68	+static int hwcrhk_rsa_finish(RSA *rsa)
69	+ {
70	+ HWCryptoHook_RSAKeyHandle *hptr;
71	+
72	+ hptr = RSA_get_ex_data(rsa, hndidx_rsa);
73	+ if (hptr)
74	+ {
75	+ p_hwcrhk_RSAUnloadKey(*hptr, NULL);
76	+ OPENSSL_free(hptr);
77	+ RSA_set_ex_data(rsa, hndidx_rsa, NULL);
78	+ }
79	+ return 1;
80	+ }
81	+
82	#endif
83
84	#ifndef OPENSSL_NO_DH
85	@@ -1145,34 +1149,6 @@ static int hwcrhk_rand_status(void)
86	return 1;
87	}
88
89	-/* This cleans up an RSA KM key, called when ex_data is freed */
90	-#ifndef OPENSSL_NO_RSA
91	-static void hwcrhk_ex_free(void obj, void item, CRYPTO_EX_DATA *ad,
92	- int ind,long argl, void *argp)
93	-{
94	- char tempbuf[1024];
95	- HWCryptoHook_ErrMsgBuf rmsg;
96	-#ifndef OPENSSL_NO_RSA
97	- HWCryptoHook_RSAKeyHandle *hptr;
98	-#endif
99	-#if !defined(OPENSSL_NO_RSA)
100	- int ret;
101	-#endif
102	-
103	- rmsg.buf = tempbuf;
104	- rmsg.size = sizeof(tempbuf);
105	-
106	-#ifndef OPENSSL_NO_RSA
107	- hptr = (HWCryptoHook_RSAKeyHandle *) item;
108	- if(hptr)
109	- {
110	- ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
111	- OPENSSL_free(hptr);
112	- }
113	-#endif
114	-}
115	-#endif
116	-
117	/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
118	* these just wrap the POSIX functions and add some logging.
119	*/
120	@@ -1210,6 +1186,11 @@ static int hwcrhk_get_pass(const char *p
121	pem_password_cb *callback = NULL;
122	void *callback_data = NULL;
123	UI_METHOD *ui_method = NULL;
124	+ /* Despite what the documentation says prompt_info can be
125	+ * an empty string.
126	+ */
127	+ if (prompt_info && !*prompt_info)
128	+ prompt_info = NULL;
129
130	if (cactx)
131	{
132	@@ -1311,10 +1292,14 @@ static int hwcrhk_insert_card(const char
133	{
134	char answer;
135	char buf[BUFSIZ];
136	-
137	- if (wrong_info)
138	+ /* Despite what the documentation says wrong_info can be
139	+ * an empty string.
140	+ */
141	+ if (wrong_info && *wrong_info)
142	BIO_snprintf(buf, sizeof(buf)-1,
143	"Current card: \"%s\"\n", wrong_info);
144	+ else
145	+ buf[0] = 0;
146	ok = UI_dup_info_string(ui, buf);
147	if (ok >= 0 && prompt_info)
148	{