openssl/sme8/openssl-fips-0.9.8e-chil-fixes.patch

diff -up openssl-fips-0.9.8e/engines/e_chil.c.chil openssl-fips-0.9.8e/engines/e_chil.c
--- openssl-fips-0.9.8e/engines/e_chil.c.chil   2005-07-16 13:13:08.000000000 +0200
+++ openssl-fips-0.9.8e/engines/e_chil.c        2011-04-04 16:35:45.000000000 +0200
@@ -116,6 +116,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r,
 /* This function is aliased to mod_exp (with the mont stuff dropped). */
 static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int hwcrhk_rsa_finish(RSA *rsa);
 #endif
 
 #ifndef OPENSSL_NO_DH
@@ -135,10 +136,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG
        UI_METHOD *ui_method, void *callback_data);
 static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
        UI_METHOD *ui_method, void *callback_data);
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
-       int ind,long argl, void *argp);
-#endif
 
 /* Interaction stuff */
 static int hwcrhk_insert_card(const char *prompt_info,
@@ -193,7 +190,7 @@ static RSA_METHOD hwcrhk_rsa =
        hwcrhk_rsa_mod_exp,
        hwcrhk_mod_exp_mont,
        NULL,
-       NULL,
+       hwcrhk_rsa_finish,
        0,
        NULL,
        NULL,
@@ -589,12 +586,6 @@ static int hwcrhk_init(ENGINE *e)
                        hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
                        hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
                        }
-               else if (CRYPTO_get_locking_callback() != NULL)
-                       {
-                       HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING);
-                       ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
-                       goto err;
-                       }
                }
 
        /* Try and get a context - if not, we may have a DSO but no
@@ -609,7 +600,7 @@ static int hwcrhk_init(ENGINE *e)
        if (hndidx_rsa == -1)
                hndidx_rsa = RSA_get_ex_new_index(0,
                        "nFast HWCryptoHook RSA key handle",
-                       NULL, NULL, hwcrhk_ex_free);
+                       NULL, NULL, NULL);
 #endif
        return 1;
 err:
@@ -853,8 +844,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG
 
        return res;
  err:
-       if (res)
-               EVP_PKEY_free(res);
 #ifndef OPENSSL_NO_RSA
        if (rtmp)
                RSA_free(rtmp);
@@ -1087,6 +1076,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r
        {
        return hwcrhk_mod_exp(r, a, p, m, ctx);
        }
+
+static int hwcrhk_rsa_finish(RSA *rsa)
+       {
+       HWCryptoHook_RSAKeyHandle *hptr;
+
+       hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+       if (hptr)
+                {
+                p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+                OPENSSL_free(hptr);
+               RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+                }
+       return 1;
+       }
+
 #endif
 
 #ifndef OPENSSL_NO_DH
@@ -1145,34 +1149,6 @@ static int hwcrhk_rand_status(void)
        return 1;
        }
 
-/* This cleans up an RSA KM key, called when ex_data is freed */
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
-       int ind,long argl, void *argp)
-{
-       char tempbuf[1024];
-       HWCryptoHook_ErrMsgBuf rmsg;
-#ifndef OPENSSL_NO_RSA
-       HWCryptoHook_RSAKeyHandle *hptr;
-#endif
-#if !defined(OPENSSL_NO_RSA)
-       int ret;
-#endif
-
-       rmsg.buf = tempbuf;
-       rmsg.size = sizeof(tempbuf);
-
-#ifndef OPENSSL_NO_RSA
-       hptr = (HWCryptoHook_RSAKeyHandle *) item;
-       if(hptr)
-                {
-                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
-                OPENSSL_free(hptr);
-                }
-#endif
-}
-#endif
-
 /* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
  * these just wrap the POSIX functions and add some logging.
  */
@@ -1210,6 +1186,11 @@ static int hwcrhk_get_pass(const char *p
        pem_password_cb *callback = NULL;
        void *callback_data = NULL;
         UI_METHOD *ui_method = NULL;
+       /* Despite what the documentation says prompt_info can be
+        * an empty string.
+        */
+       if (prompt_info && !*prompt_info)
+               prompt_info = NULL;
 
         if (cactx)
                 {
@@ -1311,10 +1292,14 @@ static int hwcrhk_insert_card(const char
                {
                char answer;
                char buf[BUFSIZ];
-
-               if (wrong_info)
+               /* Despite what the documentation says wrong_info can be
+                * an empty string.
+                */
+               if (wrong_info && *wrong_info)
                        BIO_snprintf(buf, sizeof(buf)-1,
                                "Current card: \"%s\"\n", wrong_info);
+               else
+                       buf[0] = 0;
                ok = UI_dup_info_string(ui, buf);
                if (ok >= 0 && prompt_info)
                        {
1	wellsi	1.1	diff -up openssl-fips-0.9.8e/engines/e_chil.c.chil openssl-fips-0.9.8e/engines/e_chil.c
2			--- openssl-fips-0.9.8e/engines/e_chil.c.chil 2005-07-16 13:13:08.000000000 +0200
3			+++ openssl-fips-0.9.8e/engines/e_chil.c 2011-04-04 16:35:45.000000000 +0200
4			@@ -116,6 +116,7 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r,
5			/* This function is aliased to mod_exp (with the mont stuff dropped). */
6			static int hwcrhk_mod_exp_mont(BIGNUM r, const BIGNUM a, const BIGNUM *p,
7			const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *m_ctx);
8			+static int hwcrhk_rsa_finish(RSA *rsa);
9			#endif
10
11			#ifndef OPENSSL_NO_DH
12			@@ -135,10 +136,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG
13			UI_METHOD ui_method, void callback_data);
14			static EVP_PKEY hwcrhk_load_pubkey(ENGINE eng, const char *key_id,
15			UI_METHOD ui_method, void callback_data);
16			-#ifndef OPENSSL_NO_RSA
17			-static void hwcrhk_ex_free(void obj, void item, CRYPTO_EX_DATA *ad,
18			- int ind,long argl, void *argp);
19			-#endif
20
21			/* Interaction stuff */
22			static int hwcrhk_insert_card(const char *prompt_info,
23			@@ -193,7 +190,7 @@ static RSA_METHOD hwcrhk_rsa =
24			hwcrhk_rsa_mod_exp,
25			hwcrhk_mod_exp_mont,
26			NULL,
27			- NULL,
28			+ hwcrhk_rsa_finish,
29			0,
30			NULL,
31			NULL,
32			@@ -589,12 +586,6 @@ static int hwcrhk_init(ENGINE *e)
33			hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
34			hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
35			}
36			- else if (CRYPTO_get_locking_callback() != NULL)
37			- {
38			- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING);
39			- ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
40			- goto err;
41			- }
42			}
43
44			/* Try and get a context - if not, we may have a DSO but no
45			@@ -609,7 +600,7 @@ static int hwcrhk_init(ENGINE *e)
46			if (hndidx_rsa == -1)
47			hndidx_rsa = RSA_get_ex_new_index(0,
48			"nFast HWCryptoHook RSA key handle",
49			- NULL, NULL, hwcrhk_ex_free);
50			+ NULL, NULL, NULL);
51			#endif
52			return 1;
53			err:
54			@@ -853,8 +844,6 @@ static EVP_PKEY *hwcrhk_load_privkey(ENG
55
56			return res;
57			err:
58			- if (res)
59			- EVP_PKEY_free(res);
60			#ifndef OPENSSL_NO_RSA
61			if (rtmp)
62			RSA_free(rtmp);
63			@@ -1087,6 +1076,21 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r
64			{
65			return hwcrhk_mod_exp(r, a, p, m, ctx);
66			}
67			+
68			+static int hwcrhk_rsa_finish(RSA *rsa)
69			+ {
70			+ HWCryptoHook_RSAKeyHandle *hptr;
71			+
72			+ hptr = RSA_get_ex_data(rsa, hndidx_rsa);
73			+ if (hptr)
74			+ {
75			+ p_hwcrhk_RSAUnloadKey(*hptr, NULL);
76			+ OPENSSL_free(hptr);
77			+ RSA_set_ex_data(rsa, hndidx_rsa, NULL);
78			+ }
79			+ return 1;
80			+ }
81			+
82			#endif
83
84			#ifndef OPENSSL_NO_DH
85			@@ -1145,34 +1149,6 @@ static int hwcrhk_rand_status(void)
86			return 1;
87			}
88
89			-/* This cleans up an RSA KM key, called when ex_data is freed */
90			-#ifndef OPENSSL_NO_RSA
91			-static void hwcrhk_ex_free(void obj, void item, CRYPTO_EX_DATA *ad,
92			- int ind,long argl, void *argp)
93			-{
94			- char tempbuf[1024];
95			- HWCryptoHook_ErrMsgBuf rmsg;
96			-#ifndef OPENSSL_NO_RSA
97			- HWCryptoHook_RSAKeyHandle *hptr;
98			-#endif
99			-#if !defined(OPENSSL_NO_RSA)
100			- int ret;
101			-#endif
102			-
103			- rmsg.buf = tempbuf;
104			- rmsg.size = sizeof(tempbuf);
105			-
106			-#ifndef OPENSSL_NO_RSA
107			- hptr = (HWCryptoHook_RSAKeyHandle *) item;
108			- if(hptr)
109			- {
110			- ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
111			- OPENSSL_free(hptr);
112			- }
113			-#endif
114			-}
115			-#endif
116			-
117			/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
118			* these just wrap the POSIX functions and add some logging.
119			*/
120			@@ -1210,6 +1186,11 @@ static int hwcrhk_get_pass(const char *p
121			pem_password_cb *callback = NULL;
122			void *callback_data = NULL;
123			UI_METHOD *ui_method = NULL;
124			+ /* Despite what the documentation says prompt_info can be
125			+ * an empty string.
126			+ */
127			+ if (prompt_info && !*prompt_info)
128			+ prompt_info = NULL;
129
130			if (cactx)
131			{
132			@@ -1311,10 +1292,14 @@ static int hwcrhk_insert_card(const char
133			{
134			char answer;
135			char buf[BUFSIZ];
136			-
137			- if (wrong_info)
138			+ /* Despite what the documentation says wrong_info can be
139			+ * an empty string.
140			+ */
141			+ if (wrong_info && *wrong_info)
142			BIO_snprintf(buf, sizeof(buf)-1,
143			"Current card: \"%s\"\n", wrong_info);
144			+ else
145			+ buf[0] = 0;
146			ok = UI_dup_info_string(ui, buf);
147			if (ok >= 0 && prompt_info)
148			{