Fix some warnings caused by __owur. Temporarily (I hope) remove the more

aspirational __owur annotations.

Fix some warnings caused by __owur. Temporarily (I hope) remove the more
aspirational __owur annotations.
ae551760 · Ben Laurie · fe068648 · ae551760 · ae551760 · ae551760
12 changed file
--- a/Configure
+++ b/Configure
@@ -170,6 +170,7 @@ my %table=(
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-debug",	"gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::",
+"debug-ben-macos",	"cc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
 "debug-ben-no-opt",	"gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",

--- a/apps/enc.c
+++ b/apps/enc.c
@@ -549,9 +549,13 @@ bad:
 				sptr = salt;
 			}

-			EVP_BytesToKey(cipher,dgst,sptr,
-				(unsigned char *)str,
-				strlen(str),1,key,iv);
+			if (!EVP_BytesToKey(cipher,dgst,sptr,
+					    (unsigned char *)str,
+					    strlen(str),1,key,iv))
+				{
+				BIO_printf(bio_err, "EVP_BytesToKey failed\n");
+				goto end;
+				}
 			/* zero the complete buffer or the string
 			 * passed from the command line
 			 * bug picked up by

--- a/apps/ts.c
+++ b/apps/ts.c
@@ -618,7 +618,8 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md,
 			{
 			EVP_DigestUpdate(&md_ctx, buffer, length);
 			}
-		EVP_DigestFinal(&md_ctx, *md_value, NULL);
+		if (!EVP_DigestFinal(&md_ctx, *md_value, NULL))
+			return 0;
 		}
 	else
 		{

--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -239,21 +239,22 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
 		}
 	tmp = OPENSSL_malloc(inlen);
 	/* setup IV by decrypting last two blocks */
-	EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
-				in  + inlen - 2 * blocklen, blocklen * 2);
+	if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
+			       in  + inlen - 2 * blocklen, blocklen * 2)
 	/* Do a decrypt of last decrypted block to set IV to correct value
 	 * output it to start of buffer so we don't corrupt decrypted block
 	 * this works because buffer is at least two block lengths long.
 	 */
-	EVP_DecryptUpdate(ctx, tmp, &outl,
-				tmp  + inlen - blocklen, blocklen);
+	    || !EVP_DecryptUpdate(ctx, tmp, &outl,
+				  tmp  + inlen - blocklen, blocklen)
 	/* Can now decrypt first n - 1 blocks */
-	EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
+	    || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)

 	/* Reset IV to original value */
-	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+	    || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL)
 	/* Decrypt again */
-	EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
+	    || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen))
+		goto err;
 	/* Check check bytes */
 	if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff)
 		{
@@ -308,8 +309,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
 		if (olen > inlen + 4)
 			RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
 		/* Encrypt twice */
-		EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
-		EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
+		if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
+		    || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
+			return 0;
 		}

 	*outlen = olen;

--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -196,9 +196,10 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)

 	EVP_MD_CTX_init(&md_ctx);
 	/* get the message digest */
-	EVP_DigestInit(&md_ctx, EVP_ecdsa());
-	EVP_DigestUpdate(&md_ctx, (const void*)message, 3);
-	EVP_DigestFinal(&md_ctx, digest, &dgst_len);
+	if (!EVP_DigestInit(&md_ctx, EVP_ecdsa())
+	    || !EVP_DigestUpdate(&md_ctx, (const void*)message, 3)
+	    || !EVP_DigestFinal(&md_ctx, digest, &dgst_len))
+		goto x962_int_err;

 	BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
 	/* create the key */

--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -559,7 +559,7 @@ void BIO_set_md(BIO *,const EVP_MD *md);
 #define BIO_get_cipher_status(b)	BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 #define BIO_get_cipher_ctx(b,c_pp)	BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)

-__owur int EVP_Cipher(EVP_CIPHER_CTX *c,
+/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
 		unsigned char *out,
 		const unsigned char *in,
 		unsigned int inl);
@@ -577,19 +577,19 @@ void	EVP_MD_CTX_init(EVP_MD_CTX *ctx);
 int	EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
 EVP_MD_CTX *EVP_MD_CTX_create(void);
 void	EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-__owur int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+/*__owur*/ int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
 void	EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
 void	EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
 int 	EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
-__owur int	EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
-__owur int	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
+/*__owur*/ int	EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+/*__owur*/ int	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
 			 size_t cnt);
-__owur int	EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-__owur int	EVP_Digest(const void *data, size_t count,
+/*__owur*/ int	EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+/*__owur*/ int	EVP_Digest(const void *data, size_t count,
 		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);

-__owur int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-__owur int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+/*__owur*/ int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+/*__owur*/ int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 __owur int	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);

 int	EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
@@ -607,26 +607,26 @@ int 	EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags);

 __owur int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
 		const unsigned char *key, const unsigned char *iv);
-__owur int	EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+/*__owur*/ int	EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
 		const unsigned char *key, const unsigned char *iv);
-__owur int	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+/*__owur*/ int	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		int *outl, const unsigned char *in, int inl);
-__owur int	EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-__owur int	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+/*__owur*/ int	EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+/*__owur*/ int	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);

 __owur int	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
 		const unsigned char *key, const unsigned char *iv);
-__owur int	EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+/*__owur*/ int	EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
 		const unsigned char *key, const unsigned char *iv);
-__owur int	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+/*__owur*/ int	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
 		int *outl, const unsigned char *in, int inl);
 __owur int	EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-__owur int	EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+/*__owur*/ int	EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

 __owur int	EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
 		       const unsigned char *key,const unsigned char *iv,
 		       int enc);
-__owur int	EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+/*__owur*/ int	EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
 		       const unsigned char *key,const unsigned char *iv,
 		       int enc);
 __owur int	EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -640,7 +640,7 @@ __owur int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
 __owur int	EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
 		unsigned int siglen,EVP_PKEY *pkey);

-__owur int	EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+/*__owur*/ int	EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
 			const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
 __owur int	EVP_DigestSignFinal(EVP_MD_CTX *ctx,
 			unsigned char *sigret, size_t *siglen);

--- a/crypto/hmac/hmac.h
+++ b/crypto/hmac/hmac.h
@@ -92,10 +92,10 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx);

 __owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
 	       const EVP_MD *md); /* deprecated */
-__owur int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
 		  const EVP_MD *md, ENGINE *impl);
-__owur int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
-__owur int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
+/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
 		    const unsigned char *d, size_t n, unsigned char *md,
 		    unsigned int *md_len);

--- a/crypto/rc4/rc4test.c
+++ b/crypto/rc4/rc4test.c
@@ -121,7 +121,7 @@ int main(int argc, char *argv[])
 	RC4_KEY key;
 	unsigned char obuf[512];

-#if !defined(OPENSSL_PIC)
+#if !defined(OPENSSL_PIC) && !defined(__MACH__)
 	OPENSSL_cpuid_setup();
 #endif


--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -248,14 +248,14 @@ unsigned long X509_NAME_hash_old(X509_NAME *x)
 	i2d_X509_NAME(x,NULL);
 	EVP_MD_CTX_init(&md_ctx);
 	EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
-	EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
-	EVP_DigestFinal_ex(&md_ctx,md,NULL);
+	if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
+	    && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
+	    && EVP_DigestFinal_ex(&md_ctx,md,NULL))
+		ret=(((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+		     ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+		     )&0xffffffffL;
 	EVP_MD_CTX_cleanup(&md_ctx);

-	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-		)&0xffffffffL;
 	return(ret);
 	}
 #endif

--- a/doc/crypto/EVP_BytesToKey.pod
+++ b/doc/crypto/EVP_BytesToKey.pod
@@ -55,7 +55,7 @@ the IV.

 =head1 RETURN VALUES

-EVP_BytesToKey() returns the size of the derived key in bytes.
+EVP_BytesToKey() returns the size of the derived key in bytes, or 0 on error.

 =head1 SEE ALSO


--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -100,10 +100,10 @@
 
 #undef COMPILE_HW_PADLOCK
 #if !defined(I386_ONLY) && !defined(OPENSSL_NO_ASM)
-# if	defined(__i386__) || defined(__i386) || \
+# if	(defined(__i386__) || defined(__i386) ||    \
 	defined(__x86_64__) || defined(__x86_64) || \
 	defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
-	defined(__INTEL__)
+	 defined(__INTEL__)) && !defined(__MACH__)
 #  define COMPILE_HW_PADLOCK
 #  ifdef OPENSSL_NO_DYNAMIC_ENGINE
 static ENGINE *ENGINE_padlock (void);

--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -1059,10 +1059,12 @@ static int request_certificate(SSL *s)
 		EVP_PKEY *pkey=NULL;

 		EVP_MD_CTX_init(&ctx);
-		EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
-		EVP_VerifyUpdate(&ctx,s->s2->key_material,
-				 s->s2->key_material_length);
-		EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+		if (!EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL)
+		    || !EVP_VerifyUpdate(&ctx,s->s2->key_material,
+					 s->s2->key_material_length)
+		    || !EVP_VerifyUpdate(&ctx,ccd,
+					 SSL2_MIN_CERT_CHALLENGE_LENGTH))
+			goto msg_end;

 		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
 		buf2=OPENSSL_malloc((unsigned int)i);
@@ -1073,7 +1075,11 @@ static int request_certificate(SSL *s)
 			}
 		p2=buf2;
 		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
-		EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
+		if (!EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i))
+			{
+			OPENSSL_free(buf2);
+			goto msg_end;
+			}
 		OPENSSL_free(buf2);

 		pkey=X509_get_pubkey(x509);