There are a few UMRs and one FIU in the current OpenSSL-0.9.8g code base.
The attached patch fixes this with minimal code changes.
A better solution would be to use a BN_init call on each of the local BN
variables being used which would be a trivial adaptation of this patch.
Without this patch there are 17014 purify errors across a total of 208 unique
code paths in a "make test" for a purify build under linux.
There remains one purify error I'm still tracking down.
TOTAL-ERRORS: 44
UNIQUE-ERRORS: 1
44 - UMR
AES_cbc_encrypt [aes_cbc.c:77]
aes_256_cbc_cipher [e_aes.c:87]
EVP_Cipher [evp_lib.c:183]
ssl3_enc [s3_enc.c:497]
do_ssl3_write [s3_pkt.c:684]
[heap=1 loc=318 size=18698
malloc [rtlib.o]
default_malloc_ex [mem.c:79]
CRYPTO_malloc [mem.c:304]
ssl3_setup_buffers [s3_both.c:612]
ssl3_connect [s3_clnt.c:228]
heap=1 loc=318 size=18698]
Tim.
Index: crypto/asn1/f_int.c
===================================================================
RCS file: /usr/local/mirrors/openssl/openssl/crypto/asn1/f_int.c,v
retrieving revision 1.10
diff -b -c -r1.10 f_int.c
*** crypto/asn1/f_int.c 13 Nov 2002 15:42:13 -0000 1.10
--- crypto/asn1/f_int.c 13 Feb 2008 23:19:35 -0000
***************
*** 181,186 ****
--- 181,187 ----
}
for (j=0; j<i; j++,k+=2)
{
+ s[num+j]='\0';
for (n=0; n<2; n++)
{
m=bufp[k+n];
Index: crypto/bn/bn_gcd.c
===================================================================
RCS file: /usr/local/mirrors/openssl/openssl/crypto/bn/bn_gcd.c,v
retrieving revision 1.18.2.5
diff -b -c -r1.18.2.5 bn_gcd.c
*** crypto/bn/bn_gcd.c 11 Jun 2007 16:33:50 -0000 1.18.2.5
--- crypto/bn/bn_gcd.c 13 Feb 2008 23:20:49 -0000
***************
*** 542,547 ****
--- 542,548 ----
/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is
invoked,
* BN_div_no_branch will be called eventually.
*/
+ local_B.flags=0;
pB = &local_B;
BN_with_flags(pB, B, BN_FLG_CONSTTIME);
if (!BN_nnmod(B, pB, A, ctx)) goto err;
***************
*** 567,572 ****
--- 568,574 ----
/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is
invoked,
* BN_div_no_branch will be called eventually.
*/
+ local_A.flags=0;
pA = &local_A;
BN_with_flags(pA, A, BN_FLG_CONSTTIME);
Index: crypto/bn/bn_mont.c
===================================================================
RCS file: /usr/local/mirrors/openssl/openssl/crypto/bn/bn_mont.c,v
retrieving revision 1.36.2.8
diff -b -c -r1.36.2.8 bn_mont.c
*** crypto/bn/bn_mont.c 11 Nov 2007 20:43:23 -0000 1.36.2.8
--- crypto/bn/bn_mont.c 13 Feb 2008 23:20:49 -0000
***************
*** 417,422 ****
--- 417,423 ----
tmod.top = buf[0] != 0 ? 1 : 0;
tmod.dmax=2;
tmod.neg=0;
+ tmod.flags=0;
/* Ri = R^-1 mod N*/
if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
goto err;
Index: crypto/evp/evp_test.c
===================================================================
RCS file: /usr/local/mirrors/openssl/openssl/crypto/evp/evp_test.c,v
retrieving revision 1.24.2.3
diff -b -c -r1.24.2.3 evp_test.c
*** crypto/evp/evp_test.c 23 Apr 2007 23:50:05 -0000 1.24.2.3
--- crypto/evp/evp_test.c 13 Feb 2008 23:20:49 -0000
***************
*** 320,326 ****
int main(int argc,char **argv)
{
const char *szTestFile;
! FILE *f;
if(argc != 2)
{
--- 320,326 ----
int main(int argc,char **argv)
{
const char *szTestFile;
! FILE *f = NULL;
if(argc != 2)
{
***************
*** 436,441 ****
--- 436,444 ----
}
}
+ if (f)
+ fclose(f);
+
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
Index: crypto/rsa/rsa_eay.c
===================================================================
RCS file: /usr/local/mirrors/openssl/openssl/crypto/rsa/rsa_eay.c,v
retrieving revision 1.46.2.8
diff -b -c -r1.46.2.8 rsa_eay.c
*** crypto/rsa/rsa_eay.c 28 Mar 2007 00:14:21 -0000 1.46.2.8
--- crypto/rsa/rsa_eay.c 13 Feb 2008 23:20:49 -0000
***************
*** 755,760 ****
--- 755,761 ----
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
c = &local_c;
+ local_c.flags = 0;
BN_with_flags(c, I, BN_FLG_CONSTTIME);
if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
}
***************
*** 767,772 ****
--- 768,774 ----
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
dmq1 = &local_dmq1;
+ local_dmq1.flags=0;
BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
}
else
***************
*** 778,783 ****
--- 780,786 ----
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
c = &local_c;
+ local_c.flags=0;
BN_with_flags(c, I, BN_FLG_CONSTTIME);
if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
}
***************
*** 790,795 ****
--- 793,799 ----
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
dmp1 = &local_dmp1;
+ local_dmp1.flags=0;
BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
}
else
***************
*** 809,814 ****
--- 813,819 ----
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
pr1 = &local_r1;
+ local_r1.flags=0;
BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
}
else
Index: crypto/rsa/rsa_gen.c
===================================================================
RCS file: /usr/local/mirrors/openssl/openssl/crypto/rsa/rsa_gen.c,v
retrieving revision 1.17.2.2
diff -b -c -r1.17.2.2 rsa_gen.c
*** crypto/rsa/rsa_gen.c 28 Mar 2007 00:14:22 -0000 1.17.2.2
--- crypto/rsa/rsa_gen.c 13 Feb 2008 23:20:49 -0000
***************
*** 170,175 ****
--- 170,176 ----
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
pr0 = &local_r0;
+ local_r0.flags=0;
BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
}
else
***************
*** 180,185 ****
--- 181,187 ----
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
d = &local_d;
+ local_d.flags=0;
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
}
else
***************
*** 195,200 ****
--- 197,203 ----
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
p = &local_p;
+ local_p.flags=0;
BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
}
else
Index: crypto/rsa/rsa_lib.c
===================================================================
RCS file: /usr/local/mirrors/openssl/openssl/crypto/rsa/rsa_lib.c,v
retrieving revision 1.39.2.4
diff -b -c -r1.39.2.4 rsa_lib.c
*** crypto/rsa/rsa_lib.c 28 Mar 2007 00:14:24 -0000 1.39.2.4
--- crypto/rsa/rsa_lib.c 13 Feb 2008 23:20:49 -0000
***************
*** 405,410 ****
--- 405,411 ----
{
/* Set BN_FLG_CONSTTIME flag */
n = &local_n;
+ local_n.flags=0;
BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
}
else
