Generate just one error code if iterated SSL_CTX_get() fails.

Avoid enabled 'assert()' in production library.

7 files changed, 72 insertions, 13 deletions

diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl
index 94da20bd5a..3b7b29827c 100644
--- a/crypto/bn/Makefile.ssl
+++ b/crypto/bn/Makefile.ssl
@@ -185,6 +185,12 @@ bn_blind.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
 bn_blind.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
 bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
 bn_blind.o: ../../include/openssl/stack.h ../cryptlib.h bn_lcl.h
+bn_ctx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_ctx.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+bn_ctx.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_ctx.o: ../../include/openssl/stack.h ../cryptlib.h
 bn_div.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_div.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 8b079e237f..f72b075ccf 100644
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -54,6 +54,11 @@
  *
  */
 
+#ifndef BN_CTX_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
 #include <stdio.h>
 #include <assert.h>
 #include "cryptlib.h"
@@ -101,14 +106,21 @@ void BN_CTX_free(BN_CTX *ctx)
 
 void BN_CTX_start(BN_CTX *ctx)
 	{
-	ctx->pos[ctx->depth++] = ctx->tos;
+	if (ctx->depth < BN_CTX_NUM_POS)
+		ctx->pos[ctx->depth] = ctx->tos;
+	ctx->depth++;
 	}
 
 BIGNUM *BN_CTX_get(BN_CTX *ctx)
 	{
-	if (ctx->tos >= BN_CTX_NUM)
+	if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM)
 		{
-		BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+		if (!ctx->too_many)
+			{
+			BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+			/* disable error code until SSL_CTX_end is called: */
+			ctx->too_many = 1;
+			}
 		return NULL;
 		}
 	return (&(ctx->bn[ctx->tos++]));
@@ -118,6 +130,14 @@ void BN_CTX_end(BN_CTX *ctx)
 	{
 	if (ctx == NULL) return;
 	assert(ctx->depth > 0);
+	if (ctx->depth == 0)
+		/* should never happen, but we can tolerate it if not in
+		 * debug mode (could be a 'goto err' in the calling function
+		 * before BN_CTX_start was reached) */
+		BN_CTX_start(ctx);
+
+	ctx->too_many = 0;
 	ctx->depth--;
-	ctx->tos = ctx->pos[ctx->depth];
+	if (ctx->depth < BN_CTX_NUM_POS)
+		ctx->tos = ctx->pos[ctx->depth];
 	}
diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
index de3aaeb034..f3b9497dca 100644
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -71,7 +71,7 @@ static ERR_STRING_DATA BN_str_functs[]=
 {ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0),	"BN_BLINDING_update"},
 {ERR_PACK(0,BN_F_BN_BN2DEC,0),	"BN_bn2dec"},
 {ERR_PACK(0,BN_F_BN_BN2HEX,0),	"BN_bn2hex"},
-{ERR_PACK(0,BN_F_BN_CTX_GET,0),	"BN_CTX_GET"},
+{ERR_PACK(0,BN_F_BN_CTX_GET,0),	"BN_CTX_get"},
 {ERR_PACK(0,BN_F_BN_CTX_NEW,0),	"BN_CTX_new"},
 {ERR_PACK(0,BN_F_BN_DIV,0),	"BN_div"},
 {ERR_PACK(0,BN_F_BN_EXPAND2,0),	"bn_expand2"},
diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl
index 16eeb940dd..e6a4c7cd8a 100644
--- a/crypto/des/Makefile.ssl
+++ b/crypto/des/Makefile.ssl
@@ -189,7 +189,7 @@ pcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
 qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
 qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
 rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
-rand_key.o: ../../include/openssl/opensslconf.h des_locl.h
+rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
 read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
 read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
 read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
diff --git a/crypto/des/des.h b/crypto/des/des.h
index b492002435..98a9c4127c 100644
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -186,7 +186,7 @@ void des_pcbc_encrypt(const unsigned char *input,unsigned char *output,
 DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[],
 			long length,int out_count,des_cblock *seed);
 void des_random_seed(des_cblock *key);
-void des_random_key(des_cblock *ret);
+int des_random_key(des_cblock *ret);
 int des_read_password(des_cblock *key,const char *prompt,int verify);
 int des_read_2passwords(des_cblock *key1,des_cblock *key2,
 			const char *prompt,int verify);
diff --git a/crypto/des/rand_key.c b/crypto/des/rand_key.c
index a63e8411bb..7816a8f25c 100644
--- a/crypto/des/rand_key.c
+++ b/crypto/des/rand_key.c
@@ -61,8 +61,9 @@ void des_random_seed(des_cblock *key)
 	RAND_seed(key, sizeof(des_cblock));
 	}
 
-void des_random_key(des_cblock *ret)
+int des_random_key(des_cblock *ret)
 	{
-	RAND_bytes((unsigned char *)ret, sizeof(des_cblock));
+	int r = RAND_bytes((unsigned char *)ret, sizeof(des_cblock));
 	des_set_odd_parity(ret);
+	return r;
 	}
diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl
index e64902cb07..1150e88929 100644
--- a/crypto/evp/Makefile.ssl
+++ b/crypto/evp/Makefile.ssl
@@ -178,13 +178,45 @@ c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
 c_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
 c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
 c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
-c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
 c_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
 c_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
 c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_all.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
-c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+c_all.o: ../../include/openssl/stack.h ../cryptlib.h
+c_allc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_allc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+c_allc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+c_allc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_allc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_allc.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+c_allc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+c_allc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+c_allc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_allc.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+c_alld.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_alld.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+c_alld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+c_alld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_alld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_alld.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+c_alld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+c_alld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+c_alld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_alld.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
 digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h