Resolve conflicts. In particular, prefer OpenSSL's BIO_strl* and

BIO_strncpy over ours.
This commit is contained in:
groo 2004-03-20 04:32:34 +00:00
parent 5a374ad0ce
commit 4b32eb44a7
69 changed files with 726 additions and 730 deletions

View File

@ -2,6 +2,51 @@
OpenSSL CHANGES
_______________
Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
[Joe Orton, Steve Henson]
*) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
(CAN-2004-0112)
[Joe Orton, Steve Henson]
*) Make it possible to have multiple active certificates with the same
subject in the CA index file. This is done only if the keyword
'unique_subject' is set to 'no' in the main CA section (default
if 'CA_default') of the configuration file. The value is saved
with the database itself in a separate index attribute file,
named like the index file with '.attr' appended to the name.
[Richard Levitte]
*) X509 verify fixes. Disable broken certificate workarounds when
X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
keyUsage extension present. Don't accept CRLs with unhandled critical
extensions: since verify currently doesn't process CRL extensions this
rejects a CRL with *any* critical extensions. Add new verify error codes
for these cases.
[Steve Henson]
*) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
A clarification of RFC2560 will require the use of OCTET STRINGs and
some implementations cannot handle the current raw format. Since OpenSSL
copies and compares OCSP nonces as opaque blobs without any attempt at
parsing them this should not create any compatibility issues.
[Steve Henson]
*) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
this HMAC (and other) operations are several times slower than OpenSSL
< 0.9.7.
[Steve Henson]
*) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
[Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
*) Use the correct content when signing type "other".
[Steve Henson]
Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
*) Fix various bugs revealed by running the NISCC test suite:

View File

@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
OpenSSL 0.9.7c was released on September 30, 2003.
OpenSSL 0.9.7d was released on March 17, 2004.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@ -116,11 +116,14 @@ OpenSSL. Information on the OpenSSL mailing lists is available from
* Where can I get a compiled version of OpenSSL?
You can finder pointers to binary distributions in
http://www.openssl.org/related/binaries.html .
Some applications that use OpenSSL are distributed in binary form.
When using such an application, you don't need to install OpenSSL
yourself; the application will include the required parts (e.g. DLLs).
If you want to install OpenSSL on a Windows system and you don't have
If you want to build OpenSSL on a Windows system and you don't have
a C compiler, read the "Mingw32" section of INSTALL.W32 for information
on how to obtain and install the free GNU C compiler.

View File

@ -248,7 +248,38 @@ char *make_config_name(void);
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME **pinvtm, char *str);
int make_serial_index(TXT_DB *db);
#define DB_type 0
#define DB_exp_date 1
#define DB_rev_date 2
#define DB_serial 3 /* index - unique */
#define DB_file 4
#define DB_name 5 /* index - unique when active and not disabled */
#define DB_NUMBER 6
#define DB_TYPE_REV 'R'
#define DB_TYPE_EXP 'E'
#define DB_TYPE_VAL 'V'
typedef struct db_attr_st
{
int unique_subject;
} DB_ATTR;
typedef struct ca_db_st
{
DB_ATTR attributes;
TXT_DB *db;
} CA_DB;
BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
int index_index(CA_DB *db);
int save_index(char *dbfile, char *suffix, CA_DB *db);
int rotate_index(char *dbfile, char *new_suffix, char *old_suffix);
void free_index(CA_DB *db);
int index_name_cmp(const char **a, const char **b);
X509_NAME *do_subject(char *str, long chtype);

View File

@ -122,6 +122,7 @@
#define ENV_NEW_CERTS_DIR "new_certs_dir"
#define ENV_CERTIFICATE "certificate"
#define ENV_SERIAL "serial"
#define ENV_CRLNUMBER "crlnumber"
#define ENV_CRL "crl"
#define ENV_PRIVATE_KEY "private_key"
#define ENV_RANDFILE "RANDFILE"
@ -143,18 +144,6 @@
#define ENV_DATABASE "database"
#define DB_type 0
#define DB_exp_date 1
#define DB_rev_date 2
#define DB_serial 3 /* index - unique */
#define DB_file 4
#define DB_name 5 /* index - unique for active */
#define DB_NUMBER 6
#define DB_TYPE_REV 'R'
#define DB_TYPE_EXP 'E'
#define DB_TYPE_VAL 'V'
/* Additional revocation information types */
#define REV_NONE 0 /* No addditional information */
@ -211,43 +200,36 @@ extern int EF_ALIGNMENT;
#endif
static void lookup_fail(char *name,char *tag);
static unsigned long index_serial_hash(const char **a);
static int index_serial_cmp(const char **a, const char **b);
static unsigned long index_name_hash(const char **a);
static int index_name_qual(char **a);
static int index_name_cmp(const char **a,const char **b);
static BIGNUM *load_serial(char *serialfile);
static int save_serial(char *serialfile, BIGNUM *serial);
static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate,
char *enddate, long days, int batch, char *ext_sect, CONF *conf,
int verbose, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy);
static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial, char *subj, int email_dn,
CA_DB *db, BIGNUM *serial, char *subj, int email_dn,
char *startdate, char *enddate, long days, int batch,
char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy,
ENGINE *e);
static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
TXT_DB *db, BIGNUM *serial,char *subj, int email_dn,
CA_DB *db, BIGNUM *serial,char *subj, int email_dn,
char *startdate, char *enddate, long days, char *ext_sect,
CONF *conf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy);
static int fix_data(int nid, int *type);
static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,
int email_dn, char *startdate, char *enddate, long days, int batch,
int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
unsigned long certopt, unsigned long nameopt, int default_op,
int ext_copy);
static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
static int get_certificate_status(const char *ser_status, TXT_DB *db);
static int do_updatedb(TXT_DB *db);
static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
static int get_certificate_status(const char *ser_status, CA_DB *db);
static int do_updatedb(CA_DB *db);
static int check_time_format(char *str);
char *make_revocation_str(int rev_type, char *rev_arg);
int make_revoked(X509_REVOKED *rev, char *str);
@ -259,11 +241,6 @@ static char *section=NULL;
static int preserve=0;
static int msie_hack=0;
static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
int MAIN(int, char **);
@ -300,6 +277,7 @@ int MAIN(int argc, char **argv)
char *outfile=NULL;
char *outdir=NULL;
char *serialfile=NULL;
char *crlnumberfile=NULL;
char *extensions=NULL;
char *extfile=NULL;
char *subj=NULL;
@ -308,6 +286,7 @@ int MAIN(int argc, char **argv)
int rev_type = REV_NONE;
char *rev_arg = NULL;
BIGNUM *serial=NULL;
BIGNUM *crlnumber=NULL;
char *startdate=NULL;
char *enddate=NULL;
long days=0;
@ -320,14 +299,13 @@ int MAIN(int argc, char **argv)
X509 *x=NULL;
BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
char *dbfile=NULL;
TXT_DB *db=NULL;
CA_DB *db=NULL;
X509_CRL *crl=NULL;
X509_REVOKED *r=NULL;
ASN1_TIME *tmptm;
ASN1_INTEGER *tmpser;
char **pp,*p,*f;
int i,j;
long l;
const EVP_MD *dgst=NULL;
STACK_OF(CONF_VALUE) *attribs=NULL;
STACK_OF(X509) *cert_sk=NULL;
@ -339,6 +317,7 @@ int MAIN(int argc, char **argv)
char *engine = NULL;
#endif
char *tofree=NULL;
DB_ATTR db_attr;
#ifdef EFENCE
EF_PROTECT_FREE=1;
@ -579,8 +558,19 @@ bad:
if (configfile == NULL)
{
const char *s=X509_get_default_cert_area();
size_t len;
asprintf(&tofree, "%s/%s", s, CONFIG_FILE);
#ifdef OPENSSL_SYS_VMS
len = strlen(s)+sizeof(CONFIG_FILE);
tofree=OPENSSL_malloc(len);
strcpy(tofree,s);
#else
len = strlen(s)+sizeof(CONFIG_FILE)+1;
tofree=OPENSSL_malloc(len);
BUF_strlcpy(tofree,s,len);
BUF_strlcat(tofree,"/",len);
#endif
BUF_strlcat(tofree,CONFIG_FILE,len);
configfile=tofree;
}
@ -651,6 +641,39 @@ bad:
if (randfile == NULL)
ERR_clear_error();
app_RAND_load_file(randfile, bio_err, 0);
db_attr.unique_subject = 1;
p = NCONF_get_string(conf, section, "unique_subject");
if (p)
{
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
#endif
switch(*p)
{
case 'f': /* false */
case 'F': /* FALSE */
case 'n': /* no */
case 'N': /* NO */
db_attr.unique_subject = 0;
break;
case 't': /* true */
case 'T': /* TRUE */
case 'y': /* yes */
case 'Y': /* YES */
default:
db_attr.unique_subject = 1;
break;
}
}
#ifdef RL_DEBUG
else
BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
db_attr.unique_subject);
#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
@ -671,17 +694,10 @@ bad:
lookup_fail(section,ENV_DATABASE);
goto err;
}
if (BIO_read_filename(in,dbfile) <= 0)
{
perror(dbfile);
BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
goto err;
}
db=TXT_DB_read(in,DB_NUMBER);
db = load_index(dbfile,&db_attr);
if (db == NULL) goto err;
if (!make_serial_index(db))
goto err;
if (!index_index(db)) goto err;
if (get_certificate_status(ser_status,db) != 1)
BIO_printf(bio_err,"Error verifying serial %s!\n",
@ -841,19 +857,13 @@ bad:
lookup_fail(section,ENV_DATABASE);
goto err;
}
if (BIO_read_filename(in,dbfile) <= 0)
{
perror(dbfile);
BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
goto err;
}
db=TXT_DB_read(in,DB_NUMBER);
db = load_index(dbfile, &db_attr);
if (db == NULL) goto err;
/* Lets check some fields */
for (i=0; i<sk_num(db->data); i++)
for (i=0; i<sk_num(db->db->data); i++)
{
pp=(char **)sk_value(db->data,i);
pp=(char **)sk_value(db->db->data,i);
if ((pp[DB_type][0] != DB_TYPE_REV) &&
(pp[DB_rev_date][0] != '\0'))
{
@ -904,23 +914,13 @@ bad:
out = BIO_push(tmpbio, out);
}
#endif
TXT_DB_write(out,db);
TXT_DB_write(out,db->db);
BIO_printf(bio_err,"%d entries loaded from the database\n",
db->data->num);
db->db->data->num);
BIO_printf(bio_err,"generating index\n");
}
if (!make_serial_index(db))
goto err;
if (!TXT_DB_create_index(db, DB_name, index_name_qual,
LHASH_HASH_FN(index_name_hash),
LHASH_COMP_FN(index_name_cmp)))
{
BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
db->error,db->arg1,db->arg2);
goto err;
}
if (!index_index(db)) goto err;
/*****************************************************************/
/* Update the db file for expired certificates */
@ -943,62 +943,9 @@ bad:
}
else
{
out = BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto err;
}
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
#else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
#endif
if (j < 0 || j >= sizeof buf[0])
{
BIO_printf(bio_err, "file name too long\n");
goto err;
}
if (BIO_write_filename(out,buf[0]) <= 0)
{
perror(dbfile);
BIO_printf(bio_err,"unable to open '%s'\n",
dbfile);
goto err;
}
j=TXT_DB_write(out,db);
if (j <= 0) goto err;
BIO_free(out);
out = NULL;
#ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
#else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
#endif
if (j < 0 || j >= sizeof buf[1])
{
BIO_printf(bio_err, "file name too long\n");
goto err;
}
if (rename(dbfile,buf[1]) < 0)
{
BIO_printf(bio_err,
"unable to rename %s to %s\n",
dbfile, buf[1]);
perror("reason");
goto err;
}
if (rename(buf[0],dbfile) < 0)
{
BIO_printf(bio_err,
"unable to rename %s to %s\n",
buf[0],dbfile);
perror("reason");
rename(buf[1],dbfile);
goto err;
}
if (!save_index(dbfile,"new",db)) goto err;
if (!rotate_index(dbfile,"new","old")) goto err;
if (verbose) BIO_printf(bio_err,
"Done. %d entries marked as expired\n",i);
@ -1159,7 +1106,7 @@ bad:
goto err;
}
if ((serial=load_serial(serialfile)) == NULL)
if ((serial=load_serial(serialfile, 0, NULL)) == NULL)
{
BIO_printf(bio_err,"error while loading serial number\n");
goto err;
@ -1293,38 +1240,9 @@ bad:
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
{
BIO_printf(bio_err,"file name too long\n");
goto err;
}
if (!save_serial(serialfile,"new",serial,NULL)) goto err;
strlcpy(buf[0],serialfile, sizeof(buf[0]));
#ifdef OPENSSL_SYS_VMS
strlcat(buf[0],"-new", sizeof(buf[0]));
#else
strlcat(buf[0], ".new", sizeof(buf[0]));
#endif
if (!save_serial(buf[0],serial)) goto err;
strlcpy(buf[1], dbfile, sizeof(buf[1]));
#ifdef OPENSSL_SYS_VMS
strlcat(buf[1], "-new", sizeof(buf[1]));
#else
strlcat(buf[1], ".new", sizeof(buf[1]));
#endif
if (BIO_write_filename(out,buf[1]) <= 0)
{
perror(dbfile);
BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
goto err;
}
l=TXT_DB_write(out,db);
if (l <= 0) goto err;
if (!save_index(dbfile, "new", db)) goto err;
}
if (verbose)
@ -1332,7 +1250,7 @@ bad:
for (i=0; i<sk_X509_num(cert_sk); i++)
{
int k;
unsigned char *n;
char *n;
x=sk_X509_value(cert_sk,i);
@ -1348,17 +1266,19 @@ bad:
strlcpy(buf[2], outdir, sizeof(buf[2]));
#ifndef OPENSSL_SYS_VMS
strlcat(buf[2], "/", sizeof(buf[2]));
BUF_strlcat(buf[2],"/",sizeof(buf[2]));
#endif
n=(unsigned char *)&(buf[2][strlen(buf[2])]);
n=(char *)&(buf[2][strlen(buf[2])]);
if (j > 0)
{
for (k=0; k<j; k++)
{
snprintf((char *)n,
sizeof(buf[2]) - ((char *)n - &buf[2][0]),
"%02X",(unsigned char)*(p++));
if (n >= &(buf[2][sizeof(buf[2])]))
break;
BIO_snprintf(n,
&buf[2][0] + sizeof(buf[2]) - n,
"%02X",(unsigned char)*(p++));
n+=2;
}
}
@ -1384,59 +1304,10 @@ bad:
if (sk_X509_num(cert_sk))
{
/* Rename the database and the serial file */
strncpy(buf[2],serialfile,BSIZE-4);
buf[2][BSIZE-4]='\0';
if (!rotate_serial(serialfile,"new","old")) goto err;
#ifdef OPENSSL_SYS_VMS
strcat(buf[2],"-old");
#else
strcat(buf[2],".old");
#endif
if (!rotate_index(dbfile,"new","old")) goto err;
BIO_free(in);
BIO_free_all(out);
in=NULL;
out=NULL;
if (rename(serialfile,buf[2]) < 0)
{
BIO_printf(bio_err,"unable to rename %s to %s\n",
serialfile,buf[2]);
perror("reason");
goto err;
}
if (rename(buf[0],serialfile) < 0)
{
BIO_printf(bio_err,"unable to rename %s to %s\n",
buf[0],serialfile);
perror("reason");
rename(buf[2],serialfile);
goto err;
}
strncpy(buf[2],dbfile,BSIZE-4);
buf[2][BSIZE-4]='\0';
#ifdef OPENSSL_SYS_VMS
strcat(buf[2],"-old");
#else
strcat(buf[2],".old");
#endif
if (rename(dbfile,buf[2]) < 0)
{
BIO_printf(bio_err,"unable to rename %s to %s\n",
dbfile,buf[2]);
perror("reason");
goto err;
}
if (rename(buf[1],dbfile) < 0)
{
BIO_printf(bio_err,"unable to rename %s to %s\n",
buf[1],dbfile);
perror("reason");
rename(buf[2],dbfile);
goto err;
}
BIO_printf(bio_err,"Data Base Updated\n");
}
}
@ -1467,6 +1338,14 @@ bad:
}
}
if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
!= NULL)
if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
{
BIO_printf(bio_err,"error while loading CRL number\n");
goto err;
}
if (!crldays && !crlhours)
{
if (!NCONF_get_number(conf,section,
@ -1495,9 +1374,9 @@ bad:
ASN1_TIME_free(tmptm);
for (i=0; i<sk_num(db->data); i++)
for (i=0; i<sk_num(db->db->data); i++)
{
pp=(char **)sk_value(db->data,i);
pp=(char **)sk_value(db->db->data,i);
if (pp[DB_type][0] == DB_TYPE_REV)
{
if ((r=X509_REVOKED_new()) == NULL) goto err;
@ -1543,14 +1422,24 @@ bad:
/* Add any extensions asked for */
if (crl_ext)
if (crl_ext || crlnumberfile != NULL)
{
X509V3_CTX crlctx;
X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
X509V3_set_nconf(&crlctx, conf);
if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
crl_ext, crl)) goto err;
if (crl_ext)
if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
crl_ext, crl)) goto err;
if (crlnumberfile != NULL)
{
tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
if (!tmpser) goto err;
X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
ASN1_INTEGER_free(tmpser);
crl_v2 = 1;
if (!BN_add_word(crlnumber,1)) goto err;
}
}
if (crl_ext || crl_v2)
{
@ -1558,9 +1447,17 @@ bad:
goto err; /* version 2 CRL */
}
if (crlnumberfile != NULL) /* we have a CRL number that need updating */
if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
PEM_write_bio_X509_CRL(Sout,crl);
if (crlnumberfile != NULL) /* Rename the crlnumber file */
if (!rotate_serial(crlnumberfile,"new","old")) goto err;
}
/*****************************************************************/
if (dorevoke)
@ -1581,50 +1478,10 @@ bad:
if (j <= 0) goto err;
X509_free(revcert);
if(strlen(dbfile) > BSIZE-5)
{
BIO_printf(bio_err,"filename too long\n");
goto err;
}
if (!save_index(dbfile, "new", db)) goto err;
if (!rotate_index(dbfile, "new", "old")) goto err;
strlcpy(buf[0] ,dbfile, sizeof(buf[0]));
#ifndef OPENSSL_SYS_VMS
strlcat(buf[0], ".new", sizeof(buf[0]));
#else
strlcat(buf[0], "-new", sizeof(buf[0]));
#endif
if (BIO_write_filename(out,buf[0]) <= 0)
{
perror(dbfile);
BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
goto err;
}
j=TXT_DB_write(out,db);
if (j <= 0) goto err;
BIO_free_all(out);
out = NULL;
BIO_free_all(in);
in = NULL;
strncpy(buf[1],dbfile,BSIZE-4);
buf[1][BSIZE-4]='\0';
#ifndef OPENSSL_SYS_VMS
strlcat(buf[1], ".old", sizeof(buf[1]));
#else
strlcat(buf[1], "-old", sizeof(buf[1]));
#endif
if (rename(dbfile,buf[1]) < 0)
{
BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
perror("reason");
goto err;
}
if (rename(buf[0],dbfile) < 0)
{
BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
perror("reason");
rename(buf[1],dbfile);
goto err;
}
BIO_printf(bio_err,"Data Base Updated\n");
}
}
@ -1646,7 +1503,7 @@ err:
if (free_key && key)
OPENSSL_free(key);
BN_free(serial);
TXT_DB_free(db);
free_index(db);
EVP_PKEY_free(pkey);
X509_free(x509);
X509_CRL_free(crl);
@ -1661,106 +1518,8 @@ static void lookup_fail(char *name, char *tag)
BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
}
static unsigned long index_serial_hash(const char **a)
{
const char *n;
n=a[DB_serial];
while (*n == '0') n++;
return(lh_strhash(n));
}
static int index_serial_cmp(const char **a, const char **b)
{
const char *aa,*bb;
for (aa=a[DB_serial]; *aa == '0'; aa++);
for (bb=b[DB_serial]; *bb == '0'; bb++);
return(strcmp(aa,bb));
}
static unsigned long index_name_hash(const char **a)
{ return(lh_strhash(a[DB_name])); }
static int index_name_qual(char **a)
{ return(a[0][0] == 'V'); }
static int index_name_cmp(const char **a, const char **b)
{ return(strcmp(a[DB_name],
b[DB_name])); }
static BIGNUM *load_serial(char *serialfile)
{
BIO *in=NULL;
BIGNUM *ret=NULL;
MS_STATIC char buf[1024];
ASN1_INTEGER *ai=NULL;
if ((in=BIO_new(BIO_s_file())) == NULL)
{
ERR_print_errors(bio_err);
goto err;
}
if (BIO_read_filename(in,serialfile) <= 0)
{
perror(serialfile);
goto err;
}
ai=ASN1_INTEGER_new();
if (ai == NULL) goto err;
if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
{
BIO_printf(bio_err,"unable to load number from %s\n",
serialfile);
goto err;
}
ret=ASN1_INTEGER_to_BN(ai,NULL);
if (ret == NULL)
{
BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
goto err;
}
err:
if (in != NULL) BIO_free(in);
if (ai != NULL) ASN1_INTEGER_free(ai);
return(ret);
}
static int save_serial(char *serialfile, BIGNUM *serial)
{
BIO *out;
int ret=0;
ASN1_INTEGER *ai=NULL;
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto err;
}
if (BIO_write_filename(out,serialfile) <= 0)
{
perror(serialfile);
goto err;
}
if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
{
BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
goto err;
}
i2a_ASN1_INTEGER(out,ai);
BIO_puts(out,"\n");
ret=1;
err:
if (out != NULL) BIO_free_all(out);
if (ai != NULL) ASN1_INTEGER_free(ai);
return(ret);
}
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
@ -1822,7 +1581,7 @@ err:
}
static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
long days, int batch, char *ext_sect, CONF *lconf, int verbose,
unsigned long certopt, unsigned long nameopt, int default_op,
@ -1876,7 +1635,7 @@ err:
}
static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
int email_dn, char *startdate, char *enddate, long days, int batch,
int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
unsigned long certopt, unsigned long nameopt, int default_op,
@ -1894,7 +1653,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
int ok= -1,i,j,last,nid;
char *p;
CONF_VALUE *cv;
char *row[DB_NUMBER],**rrow,**irow=NULL;
char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
char buf[25];
tmptm=ASN1_UTCTIME_new();
@ -2131,15 +1890,19 @@ again2:
goto err;
}
rrow=TXT_DB_get_by_index(db,DB_name,row);
if (rrow != NULL)
if (db->attributes.unique_subject)
{
BIO_printf(bio_err,"ERROR:There is already a certificate for %s\n",
row[DB_name]);
rrow=TXT_DB_get_by_index(db->db,DB_name,row);
if (rrow != NULL)
{
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
else
if (rrow == NULL)
{
rrow=TXT_DB_get_by_index(db,DB_serial,row);
rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
if (rrow != NULL)
{
BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
@ -2346,7 +2109,7 @@ again2:
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
strlcpy(row[DB_file], "unknown", sizeof(row[DB_file]));
BUF_strlcpy(row[DB_file],"unknown",8);
row[DB_type][0]='V';
row[DB_type][1]='\0';
@ -2363,10 +2126,10 @@ again2:
}
irow[DB_NUMBER]=NULL;
if (!TXT_DB_insert(db,irow))
if (!TXT_DB_insert(db->db,irow))
{
BIO_printf(bio_err,"failed to update database\n");
BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
goto err;
}
ok=1;
@ -2417,7 +2180,7 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
}
static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
unsigned long nameopt, int default_op, int ext_copy)
@ -2596,7 +2359,7 @@ static int check_time_format(char *str)
return(ASN1_UTCTIME_check(&tm));
}
static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
{
ASN1_UTCTIME *tm=NULL;
char *row[DB_NUMBER],**rrow,**irow;
@ -2621,10 +2384,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
/* We have to lookup by serial number because name lookup
* skips revoked certs
*/
rrow=TXT_DB_get_by_index(db,DB_serial,row);
rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
if (rrow == NULL)
{
BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
/* We now just add it to the database */
row[DB_type]=(char *)OPENSSL_malloc(2);
@ -2647,7 +2410,7 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
BIO_printf(bio_err,"Memory allocation failure\n");
goto err;
}
strlcpy(row[DB_file],"unknown", sizeof(row[DB_file]));
BUF_strlcpy(row[DB_file],"unknown",8);
row[DB_type][0]='V';
row[DB_type][1]='\0';
@ -2664,10 +2427,10 @@ static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
}
irow[DB_NUMBER]=NULL;
if (!TXT_DB_insert(db,irow))
if (!TXT_DB_insert(db->db,irow))
{
BIO_printf(bio_err,"failed to update database\n");
BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
goto err;
}
@ -2712,7 +2475,7 @@ err:
return(ok);
}
static int get_certificate_status(const char *serial, TXT_DB *db)
static int get_certificate_status(const char *serial, CA_DB *db)
{
char *row[DB_NUMBER],**rrow;
int ok=-1,i;
@ -2753,7 +2516,7 @@ static int get_certificate_status(const char *serial, TXT_DB *db)
ok=1;
/* Search for the certificate */
rrow=TXT_DB_get_by_index(db,DB_serial,row);
rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
if (rrow == NULL)
{
BIO_printf(bio_err,"Serial %s not present in db.\n",
@ -2800,7 +2563,7 @@ err:
return(ok);
}
static int do_updatedb (TXT_DB *db)
static int do_updatedb (CA_DB *db)
{
ASN1_UTCTIME *a_tm = NULL;
int i, cnt = 0;
@ -2826,9 +2589,9 @@ static int do_updatedb (TXT_DB *db)
else
a_y2k = 0;
for (i = 0; i < sk_num(db->data); i++)
for (i = 0; i < sk_num(db->db->data); i++)
{
rrow = (char **) sk_value(db->data, i);
rrow = (char **) sk_value(db->db->data, i);
if (rrow[DB_type][0] == 'V')
{
@ -2971,16 +2734,16 @@ char *make_revocation_str(int rev_type, char *rev_arg)
if (!str) return NULL;
strlcpy(str, (char *)revtm->data, i);
BUF_strlcpy(str, (char *)revtm->data, i);
if (reason)
{
strlcat(str, ",", i);
strlcat(str, reason, i);
BUF_strlcat(str, ",", i);
BUF_strlcat(str, reason, i);
}
if (other)
{
strlcat(str, ",", i);
strlcat(str, other, i);
BUF_strlcat(str, ",", i);
BUF_strlcat(str, other, i);
}
ASN1_UTCTIME_free(revtm);
return str;
@ -3315,17 +3078,3 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_G
return ret;
}
int make_serial_index(TXT_DB *db)
{
if (!TXT_DB_create_index(db, DB_serial, NULL,
LHASH_HASH_FN(index_serial_hash),
LHASH_COMP_FN(index_serial_cmp)))
{
BIO_printf(bio_err,
"error creating serial number index:(%ld,%ld,%ld)\n",
db->error,db->arg1,db->arg2);
return 0;
}
return 1;
}

View File

@ -347,8 +347,9 @@ int MAIN(int argc, char **argv)
}
if(!out_bin)
{
tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
sprintf(tmp,"%s(%s)= ",name,argv[i]);
size_t len = strlen(name)+strlen(argv[i])+5;
tmp=tofree=OPENSSL_malloc(len);
BIO_snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
}
else
tmp="";

View File

@ -373,9 +373,9 @@ bad:
{
char buf[200];
snprintf(buf, sizeof(buf), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc)?"encryption":"decryption");
BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc)?"encryption":"decryption");
strbuf[0]='\0';
i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
if (i == 0)

View File

@ -824,7 +824,7 @@ loop:
if ((x509ss=X509_new()) == NULL) goto end;
/* Set version to V3 */
if(!X509_set_version(x509ss, 2)) goto end;
if(extensions && !X509_set_version(x509ss, 2)) goto end;
if (serial)
{
if (!X509_set_serialNumber(x509ss, serial)) goto end;
@ -1223,34 +1223,34 @@ start: for (;;)
}
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
if(strlen(v->name) > sizeof buf-9)
if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
>= sizeof buf)
{
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
return 0;
}
snprintf(buf, sizeof(buf), "%s_default", v->name);
if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
def="";
}
snprintf(buf, sizeof(buf), "%s_value", v->name);
BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
value=NULL;
}
snprintf(buf, sizeof(buf), "%s_min", v->name);
BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
{
ERR_clear_error();
n_min = -1;
}
snprintf(buf, sizeof(buf), "%s_max", v->name);
BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
{
ERR_clear_error();
@ -1288,13 +1288,13 @@ start2: for (;;)
if ((nid=OBJ_txt2nid(type)) == NID_undef)
goto start2;
if(strlen(v->name) > sizeof buf-9)
if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
>= sizeof buf)
{
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
return 0;
}
snprintf(buf, sizeof(buf), "%s_default", type);
if ((def=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
@ -1303,7 +1303,7 @@ start2: for (;;)
}
snprintf(buf, sizeof(buf), "%s_value", type);
BIO_snprintf(buf,sizeof buf,"%s_value",type);
if ((value=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
{
@ -1311,11 +1311,11 @@ start2: for (;;)
value=NULL;
}
snprintf(buf, sizeof(buf), "%s_min", type);
BIO_snprintf(buf,sizeof buf,"%s_min",type);
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
n_min = -1;
snprintf(buf, sizeof(buf), "%s_max", type);
BIO_snprintf(buf,sizeof buf,"%s_max",type);
if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
n_max = -1;
@ -1397,9 +1397,8 @@ start:
(void)BIO_flush(bio_err);
if(value != NULL)
{
OPENSSL_assert(strlen(value) < sizeof buf-2);
strlcpy(buf, value, sizeof(buf));
strlcat(buf, "\n", sizeof(buf));
BUF_strlcpy(buf,value,sizeof buf);
BUF_strlcat(buf,"\n",sizeof buf);
BIO_printf(bio_err,"%s\n",value);
}
else
@ -1421,8 +1420,8 @@ start:
{
if ((def == NULL) || (def[0] == '\0'))
return(1);
strlcpy(buf, def, sizeof(buf));
strlcat(buf, "\n", sizeof(buf));
BUF_strlcpy(buf,def,sizeof buf);
BUF_strlcat(buf,"\n",sizeof buf);
}
else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
@ -1456,9 +1455,8 @@ start:
(void)BIO_flush(bio_err);
if (value != NULL)
{
OPENSSL_assert(strlen(value) < sizeof buf-2);
strlcpy(buf, value, sizeof(buf));
strlcat(buf, "\n", sizeof(buf));
BUF_strlcpy(buf,value,sizeof buf);
BUF_strlcat(buf,"\n",sizeof buf);
BIO_printf(bio_err,"%s\n",value);
}
else
@ -1480,8 +1478,8 @@ start:
{
if ((def == NULL) || (def[0] == '\0'))
return(1);
strlcpy(buf, def, sizeof(buf));
strlcat(buf, "\n", sizeof(buf));
BUF_strlcpy(buf,def,sizeof buf);
BUF_strlcat(buf,"\n",sizeof buf);
}
else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);

View File

@ -502,8 +502,7 @@ int MAIN(int argc, char **argv)
if (s_www_path != NULL)
{
snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
bytes_read+=i;
@ -558,8 +557,7 @@ next:
if (s_www_path != NULL)
{
snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while (SSL_read(scon,buf,sizeof(buf)) > 0)
;
@ -597,8 +595,7 @@ next:
if (s_www_path)
{
snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
SSL_write(scon,buf,strlen(buf));
while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
bytes_read+=i;

View File

@ -773,6 +773,7 @@ int MAIN(int argc, char **argv)
{
dsa_doit[R_DSA_512]=1;
dsa_doit[R_DSA_1024]=1;
dsa_doit[R_DSA_2048]=1;
}
else
#endif
@ -1006,6 +1007,9 @@ int MAIN(int argc, char **argv)
c[D_CBC_RC5][0]=count;
c[D_CBC_BF][0]=count;
c[D_CBC_CAST][0]=count;
c[D_CBC_128_AES][0]=count;
c[D_CBC_192_AES][0]=count;
c[D_CBC_256_AES][0]=count;
for (i=1; i<SIZE_NUM; i++)
{
@ -1031,6 +1035,9 @@ int MAIN(int argc, char **argv)
c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
}
#ifndef OPENSSL_NO_RSA
rsa_c[R_RSA_512][0]=count/2000;

View File

@ -208,6 +208,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
char *p;
struct tm *ts;
struct tm data;
size_t len = 20;
if (s == NULL)
s=M_ASN1_GENERALIZEDTIME_new();
@ -219,17 +220,17 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
return(NULL);
p=(char *)s->data;
if ((p == NULL) || (s->length < 16))
if ((p == NULL) || ((size_t)s->length < len))
{
p=OPENSSL_malloc(20);
p=OPENSSL_malloc(len);
if (p == NULL) return(NULL);
if (s->data != NULL)
OPENSSL_free(s->data);
s->data=(unsigned char *)p;
}
snprintf(p, 20, "%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec);
BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
s->length=strlen(p);
s->type=V_ASN1_GENERALIZEDTIME;
#ifdef CHARSET_EBCDIC_not

View File

@ -145,14 +145,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
if((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf);
return -1;
}
if((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf);
return -1;
}

View File

@ -188,6 +188,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
char *p;
struct tm *ts;
struct tm data;
size_t len = 20;
if (s == NULL)
s=M_ASN1_UTCTIME_new();
@ -199,17 +200,17 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
return(NULL);
p=(char *)s->data;
if ((p == NULL) || (s->length < 14))
if ((p == NULL) || ((size_t)s->length < len))
{
p=OPENSSL_malloc(20);
p=OPENSSL_malloc(len);
if (p == NULL) return(NULL);
if (s->data != NULL)
OPENSSL_free(s->data);
s->data=(unsigned char *)p;
}
snprintf(p, 20, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year%100,
ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec);
BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
s->length=strlen(p);
s->type=V_ASN1_UTCTIME;
#ifdef CHARSET_EBCDIC_not

View File

@ -414,8 +414,8 @@ void asn1_add_error(unsigned char *address, int offset)
{
char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
snprintf(buf1, sizeof(buf1), "%lu", (unsigned long)address);
snprintf(buf2, sizeof(buf2), "%d", offset);
BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
BIO_snprintf(buf2,sizeof buf2,"%d",offset);
ERR_add_error_data(4,"address=",buf1," offset=",buf2);
}

View File

@ -83,11 +83,11 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
p=str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
snprintf(str, sizeof(str), "priv [ %d ] ", tag);
BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
snprintf(str, sizeof(str), "cont [ %d ]", tag);
BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
snprintf(str, sizeof(str), "appl [ %d ]", tag);
BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
else p = ASN1_tag2str(tag);
if (p2 != NULL)

View File

@ -139,10 +139,9 @@ int RSA_print(BIO *bp, const RSA *x, int off)
}
if (x->d == NULL)
snprintf(str, sizeof(str), "Modulus (%d bit):",
BN_num_bits(x->n));
BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
else
strlcpy(str,"modulus:", sizeof(str));
BUF_strlcpy(str,"modulus:",sizeof str);
if (!print(bp,str,x->n,m,off)) goto err;
s=(x->d == NULL)?"Exponent:":"publicExponent:";
if (!print(bp,s,x->e,m,off)) goto err;

View File

@ -104,40 +104,41 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
for(i=0;i<rows;i++)
{
buf[0]='\0'; /* start with empty string */
strlcpy(buf, str, sizeof(buf));
snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width);
strlcat(buf, tmp, sizeof(tmp));
BUF_strlcpy(buf,str,sizeof buf);
BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
BUF_strlcat(buf,tmp,sizeof buf);
for(j=0;j<dump_width;j++)
{
if (((i*dump_width)+j)>=len)
{
strlcat(buf, " ", sizeof(buf));
BUF_strlcat(buf," ",sizeof buf);
}
else
{
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
snprintf(tmp, sizeof(tmp), "%02x%c", ch,
j == 7 ? '-' : ' ');
strlcat(buf, tmp, sizeof(buf));
BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
j==7?'-':' ');
BUF_strlcat(buf,tmp,sizeof buf);
}
}
strlcat(buf, " ", sizeof(buf));
BUF_strlcat(buf," ",sizeof buf);
for(j=0;j<dump_width;j++)
{
if (((i*dump_width)+j)>=len)
break;
ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
#ifndef CHARSET_EBCDIC
snprintf(tmp, sizeof(tmp), "%c",
((ch >= ' ') && (ch <= '~')) ? ch : '.');
BIO_snprintf(tmp,sizeof tmp,"%c",
((ch>=' ')&&(ch<='~'))?ch:'.');
#else
snprintf(tmp, sizeof(tmp), "%c",
((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
? os_toebcdic[ch] : '.');
BIO_snprintf(tmp,sizeof tmp,"%c",
((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
? os_toebcdic[ch]
: '.');
#endif
strlcat(buf, tmp, sizeof(buf));
BUF_strlcat(buf,tmp,sizeof buf);
}
strlcat(buf, "\n", sizeof(buf));
BUF_strlcat(buf,"\n",sizeof buf);
/* if this is the last call then update the ddt_dump thing so that
* we will move the selection point in the debug window
*/
@ -146,8 +147,8 @@ int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
#ifdef TRUNCATE
if (trunc > 0)
{
snprintf(buf, sizeof(buf), "%s%04x - <SPACES/NULS>\n", str,
len + trunc);
BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
len+trunc);
ret+=BIO_write(bio,(char *)buf,strlen(buf));
}
#endif

View File

@ -709,12 +709,12 @@ int BIO_accept(int sock, char **addr)
}
*addr=p;
}
snprintf(*addr,24,"%d.%d.%d.%d:%d",
(unsigned char)(l>>24L)&0xff,
(unsigned char)(l>>16L)&0xff,
(unsigned char)(l>> 8L)&0xff,
(unsigned char)(l )&0xff,
port);
BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
(unsigned char)(l>>24L)&0xff,
(unsigned char)(l>>16L)&0xff,
(unsigned char)(l>> 8L)&0xff,
(unsigned char)(l )&0xff,
port);
end:
return(ret);
}

View File

@ -70,68 +70,61 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
MS_STATIC char buf[256];
char *p;
long r=1;
size_t p_maxlen;
if (BIO_CB_RETURN & cmd)
r=ret;
snprintf(buf, sizeof(buf), "BIO[%08lX]:", (unsigned long)bio);
BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
p= &(buf[14]);
p_maxlen = sizeof buf - 14;
switch (cmd)
{
case BIO_CB_FREE:
snprintf(p, sizeof(buf) - (p - buf), "Free - %s\n",
bio->method->name);
BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
break;
case BIO_CB_READ:
if (bio->method->type & BIO_TYPE_DESCRIPTOR)
snprintf(p, sizeof(buf) - (p - buf),
"read(%d,%d) - %s fd=%d\n", bio->num, argi,
bio->method->name,bio->num);
BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
bio->num,argi,bio->method->name,bio->num);
else
snprintf(p, sizeof(buf) - (p - buf),
"read(%d,%d) - %s\n", bio->num, argi,
bio->method->name);
BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
bio->num,argi,bio->method->name);
break;
case BIO_CB_WRITE:
if (bio->method->type & BIO_TYPE_DESCRIPTOR)
snprintf(p, sizeof(buf) - (p - buf),
"write(%d,%d) - %s fd=%d\n", bio->num, argi,
bio->method->name,bio->num);
BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
bio->num,argi,bio->method->name,bio->num);
else
snprintf(p, sizeof(buf) - (p - buf),
"write(%d,%d) - %s\n", bio->num, argi,
bio->method->name);
BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
bio->num,argi,bio->method->name);
break;
case BIO_CB_PUTS:
snprintf(p, sizeof(buf) - (p - buf), "puts() - %s\n",
bio->method->name);
BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
break;
case BIO_CB_GETS:
snprintf(p, sizeof(buf) - (p - buf), "gets(%d) - %s\n",
argi, bio->method->name);
BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
break;
case BIO_CB_CTRL:
snprintf(p, sizeof(buf) - (p - buf), "ctrl(%d) - %s\n",
argi, bio->method->name);
BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
break;
case BIO_CB_RETURN|BIO_CB_READ:
snprintf(p, sizeof(buf) - (p - buf), "read return %ld\n", ret);
BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_WRITE:
snprintf(p, sizeof(buf) - (p - buf), "write return %ld\n", ret);
BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_GETS:
snprintf(p, sizeof(buf) - (p - buf), "gets return %ld\n", ret);
BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_PUTS:
snprintf(p, sizeof(buf) - (p - buf), "puts return %ld\n", ret);
BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
break;
case BIO_CB_RETURN|BIO_CB_CTRL:
snprintf(p, sizeof(buf) - (p - buf), "ctrl return %ld\n", ret);
BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
break;
default:
snprintf(p, sizeof(buf) - (p - buf),
"bio callback - unknown type (%d)\n", cmd);
BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
break;
}

View File

@ -521,8 +521,8 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
char buf[16];
unsigned char *p = ptr;
snprintf(buf, sizeof(buf), "%d.%d.%d.%d",
p[0], p[1], p[2], p[3]);
BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
p[0],p[1],p[2],p[3]);
if (data->param_hostname != NULL)
OPENSSL_free(data->param_hostname);
data->param_hostname=BUF_strdup(buf);
@ -532,7 +532,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
{
char buf[DECIMAL_SIZE(int)+1];
snprintf(buf, sizeof(buf), "%d", *(int *)ptr);
BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
if (data->param_port != NULL)
OPENSSL_free(data->param_port);
data->param_port=BUF_strdup(buf);

View File

@ -249,15 +249,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
if (num & BIO_FP_APPEND)
{
if (num & BIO_FP_READ)
strlcpy(p, "a+", sizeof(p));
else strlcpy(p, "a", sizeof(p));
BUF_strlcpy(p,"a+",sizeof p);
else BUF_strlcpy(p,"a",sizeof p);
}
else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
strlcpy(p, "r+", sizeof(p));
BUF_strlcpy(p,"r+",sizeof p);
else if (num & BIO_FP_WRITE)
strlcpy(p, "w", sizeof(p));
BUF_strlcpy(p,"w",sizeof p);
else if (num & BIO_FP_READ)
strlcpy(p, "r", sizeof(p));
BUF_strlcpy(p,"r",sizeof p);
else
{
BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);

View File

@ -145,11 +145,11 @@ char *BN_options(void)
{
init++;
#ifdef BN_LLONG
snprintf(data, sizeof(data), "bn(%d,%d)",
(int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
BIO_snprintf(data,sizeof data,"bn(%d,%d)",
(int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
#else
snprintf(data, sizeof(data), "bn(%d,%d)",
(int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
BIO_snprintf(data,sizeof data,"bn(%d,%d)",
(int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
#endif
}
return(data);

View File

@ -119,6 +119,7 @@ char *BN_bn2dec(const BIGNUM *a)
}
if ((t=BN_dup(a)) == NULL) goto err;
#define BUF_REMAIN (num+3 - (size_t)(p - buf))
p=buf;
lp=bn_data;
if (t->neg) *(p++)='-';
@ -139,12 +140,12 @@ char *BN_bn2dec(const BIGNUM *a)
/* We now have a series of blocks, BN_DEC_NUM chars
* in length, where the last one needs truncation.
* The blocks need to be reversed in order. */
snprintf(p, num + 3 - (p - buf), BN_DEC_FMT1, *lp);
BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
while (*p) p++;
while (lp != bn_data)
{
lp--;
snprintf(p, num + 3 - (p - buf), BN_DEC_FMT2, *lp);
BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
while (*p) p++;
}
}

View File

@ -235,7 +235,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
strlcpy(section, "default", 10);
BUF_strlcpy(section,"default",10);
if (_CONF_new_data(conf) == 0)
{
@ -392,6 +392,7 @@ again:
ERR_R_MALLOC_FAILURE);
goto err;
}
BUF_strlcpy(v->name,pname,strlen(pname)+1);
if (!str_copy(conf,psection,&(v->value),start)) goto err;
if (strcmp(psection,section) != 0)
@ -446,7 +447,7 @@ err:
if (buff != NULL) BUF_MEM_free(buff);
if (section != NULL) OPENSSL_free(section);
if (line != NULL) *line=eline;
snprintf(btmp, sizeof(btmp), "%ld", eline);
BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
ERR_add_error_data(2,"line ",btmp);
if ((h != conf->data) && (conf->data != NULL))
{

View File

@ -232,7 +232,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
{
char rcode[DECIMAL_SIZE(ret)+1];
CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
snprintf(rcode, sizeof(rcode), "%-8d", ret);
BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
}
}
@ -561,11 +561,11 @@ char *CONF_get1_default_config_file(void)
if (!file)
return NULL;
strlcpy(file, X509_get_default_cert_area(), len + 1);
BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
#ifndef OPENSSL_SYS_VMS
strlcat(file, "/", len + 1);
BUF_strlcat(file,"/",len + 1);
#endif
strlcat(file, OPENSSL_CONF, len + 1);
BUF_strlcat(file,OPENSSL_CONF,len + 1);
return file;
}
@ -576,12 +576,12 @@ char *CONF_get1_default_config_file(void)
* be used to parse comma separated lists for example.
*/
int CONF_parse_list(const char *list, int sep, int nospc,
int CONF_parse_list(const char *list_, int sep, int nospc,
int (*list_cb)(const char *elem, int len, void *usr), void *arg)
{
int ret;
const char *lstart, *tmpend, *p;
lstart = list;
lstart = list_;
for(;;)
{

View File

@ -61,7 +61,9 @@
#include "cryptlib.h"
#include <openssl/crypto.h>
#ifndef NO_WINDOWS_BRAINDEATH
#include "buildinf.h"
#endif
const char *SSLeay_version(int t)
{
@ -72,7 +74,7 @@ const char *SSLeay_version(int t)
#ifdef DATE
static char buf[sizeof(DATE)+11];
snprintf(buf, sizeof(buf), "built on: %s", DATE);
BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
return(buf);
#else
return("built on: date not available");
@ -83,7 +85,7 @@ const char *SSLeay_version(int t)
#ifdef CFLAGS
static char buf[sizeof(CFLAGS)+11];
snprintf(buf, sizeof(buf), "compiler: %s", CFLAGS);
BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
return(buf);
#else
return("compiler: information not available");
@ -94,7 +96,7 @@ const char *SSLeay_version(int t)
#ifdef PLATFORM
static char buf[sizeof(PLATFORM)+11];
snprintf(buf, sizeof(buf), "platform: %s", PLATFORM);
BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
return(buf);
#else
return("platform: information not available");

View File

@ -60,6 +60,7 @@
#include "des_ver.h"
#include "spr.h"
#include <openssl/opensslv.h>
#include <openssl/bio.h>
OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
@ -97,8 +98,8 @@ const char *DES_options(void)
size="int";
else
size="long";
snprintf(buf, sizeof(buf), "des(%s,%s,%s,%s)", ptr, risc,
unroll, size);
BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
size);
init=0;
}
return(buf);

View File

@ -495,7 +495,7 @@ ENGINE *ENGINE_get_digest_engine(int nid);
* structure will have had its reference count up'd so the caller
* should still free their own reference 'e'. */
int ENGINE_set_default_RSA(ENGINE *e);
int ENGINE_set_default_string(ENGINE *e, const char *list);
int ENGINE_set_default_string(ENGINE *e, const char *def_list);
/* Same for the other "methods" */
int ENGINE_set_default_DSA(ENGINE *e);
int ENGINE_set_default_DH(ENGINE *e);
@ -598,17 +598,20 @@ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
const dynamic_fns *fns);
#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
return 0; \
CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
return 0; \
if(!ERR_set_implementation(fns->err_fns)) return 0; \
if (ERR_get_implementation() != fns->err_fns) \
{ \
if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
return 0; \
CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
return 0; \
if(!ERR_set_implementation(fns->err_fns)) return 0; \
} \
if(!fn(e,id)) return 0; \
return 1; }

View File

@ -12,9 +12,6 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the author nor the names of contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
@ -874,7 +871,6 @@ cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
goto err;
}
printf("bar\n");
memset(&kop, 0, sizeof kop);
kop.crk_op = CRK_DSA_SIGN;
@ -1054,14 +1050,17 @@ ENGINE_load_cryptodev(void)
if (engine == NULL)
return;
if ((fd = get_dev_crypto()) < 0)
if ((fd = get_dev_crypto()) < 0) {
ENGINE_free(engine);
return;
}
/*
* find out what asymmetric crypto algorithms we support
*/
if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
close(fd);
ENGINE_free(engine);
return;
}
close(fd);

View File

@ -1065,7 +1065,7 @@ void ERR_add_error_data(int num, ...)
else
str=p;
}
strlcat(str, a, s + 1);
BUF_strlcat(str,a,s+1);
}
}
ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);

View File

@ -278,6 +278,8 @@ struct env_md_ctx_st
* once only */
#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been
* cleaned */
#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
* in EVP_MD_CTX_cleanup */
struct evp_cipher_st
{

View File

@ -87,10 +87,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
if (i == -1) {
char obj_tmp[80];
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
if (!pbe_obj)
strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
else
i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
ERR_add_error_data(2, "TYPE=", obj_tmp);
return 0;
}

View File

@ -210,10 +210,8 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
#endif
default:
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
if (!a->algorithm)
strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
else
i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
ERR_add_error_data(2, "TYPE=", obj_tmp);
EVP_PKEY_free (pkey);
return NULL;

View File

@ -597,6 +597,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
struct tm *lcl = NULL;
unsigned long ti;
#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
if(m->addr == (char *)l->bio)
return;
@ -604,23 +606,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
{
lcl = localtime(&m->time);
snprintf(bufp, sizeof(buf) - (bufp - buf), "[%02d:%02d:%02d] ",
BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
bufp += strlen(bufp);
}
snprintf(bufp, sizeof(buf) - (bufp - buf), "%5lu file=%s, line=%d, ",
BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
m->order,m->file,m->line);
bufp += strlen(bufp);
if (options & V_CRYPTO_MDEBUG_THREAD)
{
snprintf(bufp, sizeof(buf) - (bufp - buf), "thread=%lu, ",
m->thread);
BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
bufp += strlen(bufp);
}
snprintf(bufp, sizeof(buf) - (bufp - buf), "number=%d, address=%08lX\n",
BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
m->num,(unsigned long)m->addr);
bufp += strlen(bufp);
@ -642,7 +643,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
ami_cnt++;
memset(buf,'>',ami_cnt);
snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
" thread=%lu, file=%s, line=%d, info=\"",
amip->thread, amip->file, amip->line);
buf_len=strlen(buf);
@ -654,11 +655,11 @@ static void print_leak(const MEM *m, MEM_LEAK *l)
}
else
{
strlcpy(buf + buf_len, amip->info,
sizeof(buf) - buf_len);
BUF_strlcpy(buf + buf_len, amip->info,
sizeof buf - buf_len);
buf_len = strlen(buf);
}
snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
BIO_puts(l->bio,buf);

View File

@ -462,7 +462,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
if (i > 2) i=2;
l-=(long)(i*40);
snprintf(tbuf, sizeof(tbuf), "%d.%lu", i, l);
BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
i=strlen(tbuf);
BUF_strlcpy(buf,tbuf,buf_len);
buf_len-=i;
@ -473,7 +473,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
for (; idx<len; idx++) {
l|=p[idx]&0x7f;
if (!(p[idx] & 0x80)) {
snprintf(tbuf, sizeof(tbuf), ".%lu", l);
BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
i=strlen(tbuf);
if (buf_len > 0)
BUF_strlcpy(buf,tbuf,buf_len);

View File

@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type)
else
str="BAD-TYPE";
strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
strlcat(buf, str, PEM_BUFSIZE);
strlcat(buf, "\n", PEM_BUFSIZE);
BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
BUF_strlcat(buf,str,PEM_BUFSIZE);
BUF_strlcat(buf,"\n",PEM_BUFSIZE);
}
void PEM_dek_info(char *buf, const char *type, int len, char *str)
@ -142,10 +142,12 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
long i;
int j;
strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
strlcat(buf, type, PEM_BUFSIZE);
strlcat(buf, ",", PEM_BUFSIZE);
BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
BUF_strlcat(buf,type,PEM_BUFSIZE);
BUF_strlcat(buf,",",PEM_BUFSIZE);
j=strlen(buf);
if (j + (len * 2) + 1 > PEM_BUFSIZE)
return;
for (i=0; i<len; i++)
{
buf[j+i*2] =map[(str[i]>>4)&0x0f];
@ -533,7 +535,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
long len)
{
int nlen,n,i,j,outl;
unsigned char *buf;
unsigned char *buf = NULL;
EVP_ENCODE_CTX ctx;
int reason=ERR_R_BUF_LIB;
@ -553,7 +555,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
goto err;
}
buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8);
buf = OPENSSL_malloc(PEM_BUFSIZE*8);
if (buf == NULL)
{
reason=ERR_R_MALLOC_FAILURE;
@ -574,12 +576,15 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
EVP_EncodeFinal(&ctx,buf,&outl);
if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
OPENSSL_free(buf);
buf = NULL;
if ( (BIO_write(bp,"-----END ",9) != 9) ||
(BIO_write(bp,name,nlen) != nlen) ||
(BIO_write(bp,"-----\n",6) != 6))
goto err;
return(i+outl);
err:
if (buf)
OPENSSL_free(buf);
PEMerr(PEM_F_PEM_WRITE_BIO,reason);
return(0);
}

View File

@ -56,6 +56,7 @@
#include <openssl/e_os2.h>
#include <openssl/rand.h>
#include <openssl/buffer.h>
/*
* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
@ -145,7 +146,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
addr.sun_family = AF_UNIX;
if (strlen(path) >= sizeof(addr.sun_path))
return (-1);
strlcpy(addr.sun_path, path, sizeof(addr.sun_path));
BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd == -1) return (-1);

View File

@ -56,6 +56,9 @@
* [including the GNU Public Licence.]
*/
/* We need to define this to get macros like S_IFBLK and S_IFCHR */
#define _XOPEN_SOURCE 1
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
@ -64,6 +67,7 @@
#include "e_os.h"
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/buffer.h>
#ifdef OPENSSL_SYS_VMS
#include <unixio.h>
@ -106,15 +110,16 @@ int RAND_load_file(const char *file, long bytes)
in=fopen(file,"rb");
if (in == NULL) goto err;
#if defined(S_IFBLK) && defined(S_IFCHR)
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
/*
* this file is a device. we don't want read an infinite number
* of bytes from a random device, nor do we want to use buffered
* I/O because we will waste system entropy.
*/
bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
/* this file is a device. we don't want read an infinite number
* of bytes from a random device, nor do we want to use buffered
* I/O because we will waste system entropy.
*/
bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
}
#endif
for (;;)
{
if (bytes > 0)
@ -145,20 +150,21 @@ int RAND_write_file(const char *file)
FILE *out = NULL;
int n;
struct stat sb;
i=stat(file,&sb);
if (i != -1) {
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
/*
* this file is a device. we don't write back to it.
* we "succeed" on the assumption this is some sort
* of random device. Otherwise attempting to write to
* and chmod the device causes problems.
*/
return(1);
}
}
i=stat(file,&sb);
if (i != -1) {
#if defined(S_IFBLK) && defined(S_IFCHR)
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
/* this file is a device. we don't write back to it.
* we "succeed" on the assumption this is some sort
* of random device. Otherwise attempting to write to
* and chmod the device causes problems.
*/
return(1);
}
#endif
}
#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
/* For some reason Win32 can't write to files created this way */
@ -220,17 +226,17 @@ err:
const char *RAND_file_name(char *buf, size_t size)
{
char *s=NULL;
char *ret=NULL;
int ok = 0;
#ifdef __OpenBSD__
struct stat sb;
#endif
if (OPENSSL_issetugid() == 0)
s=getenv("RANDFILE");
if (s != NULL && *s && strlen(s) + 1 < size)
{
if(strlen(s) >= size)
if (BUF_strlcpy(buf,s,size) >= size)
return NULL;
strlcpy(buf, s, size);
ret=buf;
}
else
{
@ -242,36 +248,36 @@ const char *RAND_file_name(char *buf, size_t size)
s = DEFAULT_HOME;
}
#endif
if (s != NULL && *s && (strlen(s)+strlen(RFILE)+2 < size))
if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
{
strlcpy(buf, s, size);
BUF_strlcpy(buf,s,size);
#ifndef OPENSSL_SYS_VMS
strlcat(buf, "/", size);
BUF_strlcat(buf,"/",size);
#endif
strlcat(buf,RFILE,size);
ret=buf;
BUF_strlcat(buf,RFILE,size);
ok = 1;
}
else
buf[0] = '\0'; /* no file name */
}
#ifdef DEVRANDOM
#ifdef __OpenBSD__
/* given that all random loads just fail if the file can't be
* seen on a stat, we stat the file we're returning, if it
* fails, use DEVRANDOM instead. the allows the user to
* fails, use /dev/arandom instead. this allows the user to
* use their own source for good random data, but defaults
* to something hopefully decent if that isn't available.
*/
if (ret == NULL)
ret = DEVRANDOM;
if (!ok)
if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
return(NULL);
}
if (stat(buf,&sb) == -1)
if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
return(NULL);
}
if (stat(ret,&sb) == -1)
ret = DEVRANDOM;
#else
/* old behavior */
if (ret == NULL)
ret = RFILE;
#endif
return(ret);
return(buf);
}

View File

@ -243,7 +243,8 @@ bad:
goto end;
}
if (cipher == NULL) cipher=getenv("SSL_CIPHER");
if (cipher == NULL && OPENSSL_issetugid() == 0)
cipher=getenv("SSL_CIPHER");
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();

View File

@ -430,14 +430,14 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,
len += sizeof(prompt3) - 1;
prompt = (char *)OPENSSL_malloc(len + 1);
strlcpy(prompt, prompt1, len + 1);
strlcat(prompt, object_desc, len + 1);
BUF_strlcpy(prompt, prompt1, len + 1);
BUF_strlcat(prompt, object_desc, len + 1);
if (object_name)
{
strlcat(prompt, prompt2, len + 1);
strlcat(prompt, object_name, len + 1);
BUF_strlcat(prompt, prompt2, len + 1);
BUF_strlcat(prompt, object_name, len + 1);
}
strlcat(prompt, prompt3, len + 1);
BUF_strlcat(prompt, prompt3, len + 1);
}
return prompt;
}
@ -865,7 +865,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
return -1;
}
strcpy(uis->result_buf, result);
BUF_strlcpy(uis->result_buf, result,
uis->_.string_data.result_maxsize + 1);
break;
case UIT_BOOLEAN:
{

View File

@ -302,8 +302,38 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
k=0;
for (;;)
{
snprintf(b->data, b->max, "%s/%08lx.%s%d",
ctx->dirs[i], h, postfix, k);
char c = '/';
#ifdef OPENSSL_SYS_VMS
c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
if (c != ':' && c != '>' && c != ']')
{
/* If no separator is present, we assume the
directory specifier is a logical name, and
add a colon. We really should use better
VMS routines for merging things like this,
but this will do for now...
-- Richard Levitte */
c = ':';
}
else
{
c = '\0';
}
#endif
if (c == '\0')
{
/* This is special. When c == '\0', no
directory separator should be added. */
BIO_snprintf(b->data,b->max,
"%s%08lx.%s%d",ctx->dirs[i],h,
postfix,k);
}
else
{
BIO_snprintf(b->data,b->max,
"%s%c%08lx.%s%d",ctx->dirs[i],c,h,
postfix,k);
}
k++;
if (stat(b->data,&st) < 0)
break;

View File

@ -769,8 +769,6 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
RSA *RSAPublicKey_dup(RSA *rsa);
RSA *RSAPrivateKey_dup(RSA *rsa);
#endif /* !SSLEAY_MACROS */

View File

@ -147,8 +147,14 @@ const char *X509_verify_cert_error_string(long n)
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
return("unhandled critical extension");
case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
return("key usage does not include CRL signing");
case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
return("unhandled critical CRL extension");
default:
snprintf(buf, sizeof(buf), "error number %ld", n);
BIO_snprintf(buf,sizeof buf,"error number %ld",n);
return(buf);
}
}

View File

@ -383,6 +383,7 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
/* Check all untrusted certificates */
for (i = 0; i < ctx->last_untrusted; i++)
{
int ret;
x = sk_X509_value(ctx->chain, i);
if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
&& (x->ex_flags & EXFLAG_CRITICAL))
@ -393,7 +394,10 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
ok=cb(0,ctx);
if (!ok) goto end;
}
if (!X509_check_purpose(x, ctx->purpose, i))
ret = X509_check_purpose(x, ctx->purpose, i);
if ((ret == 0)
|| ((ctx->flags & X509_V_FLAG_X509_STRICT)
&& (ret != 1)))
{
if (i)
ctx->error = X509_V_ERR_INVALID_CA;
@ -537,6 +541,14 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
if(issuer)
{
/* Check for cRLSign bit if keyUsage present */
if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
!(issuer->ex_kusage & KU_CRL_SIGN))
{
ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
ok = ctx->verify_cb(0, ctx);
if(!ok) goto err;
}
/* Attempt to get issuer certificate public key */
ikey = X509_get_pubkey(issuer);
@ -611,17 +623,46 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
{
int idx, ok;
X509_REVOKED rtmp;
STACK_OF(X509_EXTENSION) *exts;
X509_EXTENSION *ext;
/* Look for serial number of certificate in CRL */
rtmp.serialNumber = X509_get_serialNumber(x);
idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
/* Not found: OK */
if(idx == -1) return 1;
/* Otherwise revoked: want something cleverer than
/* If found assume revoked: want something cleverer than
* this to handle entry extensions in V2 CRLs.
*/
ctx->error = X509_V_ERR_CERT_REVOKED;
ok = ctx->verify_cb(0, ctx);
return ok;
if(idx >= 0)
{
ctx->error = X509_V_ERR_CERT_REVOKED;
ok = ctx->verify_cb(0, ctx);
if (!ok) return 0;
}
if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
return 1;
/* See if we have any critical CRL extensions: since we
* currently don't handle any CRL extensions the CRL must be
* rejected.
* This code accesses the X509_CRL structure directly: applications
* shouldn't do this.
*/
exts = crl->crl->extensions;
for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
{
ext = sk_X509_EXTENSION_value(exts, idx);
if (ext->critical > 0)
{
ctx->error =
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
ok = ctx->verify_cb(0, ctx);
if(!ok) return 0;
break;
}
}
return 1;
}
static int internal_verify(X509_STORE_CTX *ctx)

View File

@ -302,17 +302,26 @@ struct x509_store_ctx_st /* X509_STORE_CTX */
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
/* The application is not happy */
#define X509_V_ERR_APPLICATION_VERIFICATION 50
/* Certificate verify flags */
#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */
#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */
#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */
#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */
#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */
/* Send issuer+subject checks to verify_cb */
#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
/* Use check time instead of current time */
#define X509_V_FLAG_USE_CHECK_TIME 0x2
/* Lookup CRLs */
#define X509_V_FLAG_CRL_CHECK 0x4
/* Lookup CRLs for whole chain */
#define X509_V_FLAG_CRL_CHECK_ALL 0x8
/* Ignore unhandled critical extensions */
#define X509_V_FLAG_IGNORE_CRITICAL 0x10
/* Disable workarounds for broken certificates */
#define X509_V_FLAG_X509_STRICT 0x20
int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
X509_NAME *name);

View File

@ -137,8 +137,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
X509V3_add_value("IP Address","<invalid>", &ret);
break;
}
snprintf(oline, sizeof(oline), "%d.%d.%d.%d",
p[0], p[1], p[2], p[3]);
BIO_snprintf(oline, sizeof oline,
"%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
X509V3_add_value("IP Address",oline, &ret);
break;

View File

@ -105,7 +105,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
STACK_OF(CONF_VALUE) *ret)
{
ACCESS_DESCRIPTION *desc;
int i;
int i,nlen;
char objtmp[80], *ntmp;
CONF_VALUE *vtmp;
size_t l;
@ -115,16 +115,16 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
if(!ret) break;
vtmp = sk_CONF_VALUE_value(ret, i);
i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
l = strlen(objtmp) + strlen(vtmp->name) + 5;
ntmp = OPENSSL_malloc(l);
nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
ntmp = OPENSSL_malloc(nlen);
if(!ntmp) {
X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
ERR_R_MALLOC_FAILURE);
return NULL;
}
strlcpy(ntmp, objtmp, l);
strlcat(ntmp, " - ", l);
strlcat(ntmp, vtmp->name, l);
BUF_strlcpy(ntmp, objtmp, nlen);
BUF_strlcat(ntmp, " - ", nlen);
BUF_strlcat(ntmp, vtmp->name, nlen);
OPENSSL_free(vtmp->name);
vtmp->name = ntmp;

View File

@ -3,7 +3,7 @@
* project 2001.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -415,6 +415,7 @@ static void x509v3_cache_extensions(X509 *x)
* 1 is a CA
* 2 basicConstraints absent so "maybe" a CA
* 3 basicConstraints absent but self signed V1.
* 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
*/
#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
@ -436,7 +437,7 @@ static int ca_check(const X509 *x)
} else {
if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
/* If key usage present it must have certSign so tolerate it */
else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
else return 2;
}
}

View File

@ -329,7 +329,8 @@ L<passwd(1)|passwd(1)>,
L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>

View File

@ -8,7 +8,7 @@ s_client - SSL/TLS client program
=head1 SYNOPSIS
B<openssl> B<s_client>
[B<-connect> host:port>]
[B<-connect host:port>]
[B<-verify depth>]
[B<-cert filename>]
[B<-key filename>]
@ -208,7 +208,7 @@ then an HTTP command can be given such as "GET /" to retrieve a web page.
If the handshake fails then there are several possible causes, if it is
nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried
B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried
in case it is a buggy server. In particular you should play with these
options B<before> submitting a bug report to an OpenSSL mailing list.
@ -219,7 +219,7 @@ the clients certificate authority in its "acceptable CA list" when it
requests a certificate. By using B<s_client> the CA list can be viewed
and checked. However some servers only request client authentication
after a specific URL is requested. To obtain the list in this case it
is necessary to use the B<-prexit> command and send an HTTP request
is necessary to use the B<-prexit> option and send an HTTP request
for an appropriate page.
If a certificate is specified on the command line using the B<-cert>

View File

@ -17,6 +17,9 @@ B<openssl> B<smime>
[B<-rc2-40>]
[B<-rc2-64>]
[B<-rc2-128>]
[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-in file>]
[B<-certfile file>]
[B<-signer file>]
@ -126,11 +129,11 @@ B<-verify>. This directory must be a standard certificate directory: that
is a hash of each subject name (using B<x509 -hash>) should be linked
to each certificate.
=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128>
=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256>
the encryption algorithm to use. DES (56 bits), triple DES (168 bits)
or 40, 64 or 128 bit RC2 respectively if not specified 40 bit RC2 is
used. Only used with B<-encrypt>.
the encryption algorithm to use. DES (56 bits), triple DES (168 bits),
40, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively. If not
specified 40 bit RC2 is used. Only used with B<-encrypt>.
=item B<-nointern>

View File

@ -4,7 +4,7 @@
EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -

View File

@ -36,7 +36,7 @@ None of the functions return a value.
=head1 NOTES
A typical application will will call OpenSSL_add_all_algorithms() initially and
A typical application will call OpenSSL_add_all_algorithms() initially and
EVP_cleanup() before exiting.
An application does not need to add algorithms to use them explicitly, for example

View File

@ -44,6 +44,6 @@ L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
DH_print_fp() are available in all versions of SSLeay and OpenSSL.
DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8.
DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8.
=cut

View File

@ -283,7 +283,7 @@ DES_cbc_encrypt is used.
=head1 NOTES
Single-key DES is insecure due to its short key size. ECB mode is
not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>.
not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
The L<evp(3)|evp(3)> library provides higher-level encryption functions.

View File

@ -6245,7 +6245,7 @@ SSL_get_app_data
void SSL_CTX_set_default_verify
/* This callback, if set, totaly overrides the normal SSLeay verification
* functions and should return 1 on sucesss and 0 on failure */
* functions and should return 1 on success and 0 on failure */
void SSL_CTX_set_cert_verify_callback
/* The following are the same as the equivilent SSL_xxx functions.

View File

@ -116,7 +116,6 @@
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "cryptlib.h"
static SSL_METHOD *ssl2_get_client_method(int ver);
static int get_server_finished(SSL *s);

View File

@ -63,7 +63,6 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include "cryptlib.h"
static long ssl2_default_timeout(void );
const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
@ -139,7 +138,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
SSL_ALL_STRENGTHS,
},
/* IDEA_128_CBC_WITH_MD5 */
#if 0
#if 0 /* XXX - we can use OPENSSL_NO_IDEA now. */
{
1,
SSL2_TXT_IDEA_128_CBC_WITH_MD5,

View File

@ -116,7 +116,6 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "cryptlib.h"
static SSL_METHOD *ssl2_get_server_method(int ver);
static int get_client_master_key(SSL *s);

View File

@ -117,7 +117,6 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/md5.h>
#include "cryptlib.h"
static SSL_METHOD *ssl3_get_client_method(int ver);
static int ssl3_client_hello(SSL *s);
@ -1947,7 +1946,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
if (algs & SSL_kRSA)
{
if (rsa == NULL
|| RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
|| RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
goto f_err;
@ -1959,7 +1958,7 @@ static int ssl3_check_cert_and_algorithm(SSL *s)
if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
{
if (dh == NULL
|| DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
goto f_err;

View File

@ -271,7 +271,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_ALL_STRENGTHS,
},
/* Cipher 07 */
#if 0
#if 0 /* XXX - we can use OPENSSL_NO_IDEA now. */
{
1,
SSL3_TXT_RSA_IDEA_128_SHA,

View File

@ -1086,6 +1086,14 @@ start:
goto err;
}
/* Check we have a cipher to change to */
if (s->s3->tmp.new_cipher == NULL)
{
i=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
goto err;
}
rr->length=0;
if (s->msg_callback)

View File

@ -121,9 +121,10 @@
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#ifndef OPENSSL_NO_KRB5
#include <openssl/krb5_asn.h>
#endif
#include <openssl/md5.h>
#include "cryptlib.h"
static SSL_METHOD *ssl3_get_server_method(int ver);
static int ssl3_get_client_hello(SSL *s);
@ -1587,11 +1588,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
n2s(p,i);
enc_ticket.length = i;
if (n < enc_ticket.length + 6)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
enc_ticket.data = (char *)p;
p+=enc_ticket.length;
n2s(p,i);
authenticator.length = i;
if (n < enc_ticket.length + authenticator.length + 6)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
goto err;
}
authenticator.data = (char *)p;
p+=authenticator.length;

View File

@ -1295,8 +1295,8 @@ const char *SSL_alert_type_string(int value);
const char *SSL_alert_desc_string_long(int value);
const char *SSL_alert_desc_string(int value);
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
int SSL_add_client_CA(SSL *ssl,X509 *x);

View File

@ -62,7 +62,6 @@
#include <openssl/asn1_mac.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include "cryptlib.h"
typedef struct ssl_session_asn1_st
{

View File

@ -505,12 +505,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
return(i);
}
static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
{
if (*ca_list != NULL)
sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
*ca_list=list;
*ca_list=name_list;
}
STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
@ -532,14 +532,14 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
return(ret);
}
void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
{
set_client_CA_list(&(s->client_CA),list);
set_client_CA_list(&(s->client_CA),name_list);
}
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
{
set_client_CA_list(&(ctx->client_CA),list);
set_client_CA_list(&(ctx->client_CA),name_list);
}
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)

View File

@ -125,7 +125,9 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
#ifndef OPENSSL_NO_IDEA
{0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
#endif
{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
{0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
@ -166,8 +168,12 @@ static void load_ciphers(void)
EVP_get_cipherbyname(SN_rc4);
ssl_cipher_methods[SSL_ENC_RC2_IDX]=
EVP_get_cipherbyname(SN_rc2_cbc);
#ifndef OPENSSL_NO_IDEA
ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
EVP_get_cipherbyname(SN_idea_cbc);
#else
ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
#endif
ssl_cipher_methods[SSL_ENC_AES128_IDX]=
EVP_get_cipherbyname(SN_aes_128_cbc);
ssl_cipher_methods[SSL_ENC_AES256_IDX]=
@ -334,10 +340,10 @@ static unsigned long ssl_cipher_get_disabled(void)
}
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
int i, list_num;
int i, co_list_num;
SSL_CIPHER *c;
/*
@ -348,18 +354,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
*/
/* Get the initial list of ciphers */
list_num = 0; /* actual count of ciphers */
co_list_num = 0; /* actual count of ciphers */
for (i = 0; i < num_of_ciphers; i++)
{
c = ssl_method->get_cipher(i);
/* drop those that use any of that is not available */
if ((c != NULL) && c->valid && !(c->algorithms & mask))
{
list[list_num].cipher = c;
list[list_num].next = NULL;
list[list_num].prev = NULL;
list[list_num].active = 0;
list_num++;
co_list[co_list_num].cipher = c;
co_list[co_list_num].next = NULL;
co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0;
co_list_num++;
#ifdef KSSL_DEBUG
printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
#endif /* KSSL_DEBUG */
@ -372,18 +378,18 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
/*
* Prepare linked list from list entries
*/
for (i = 1; i < list_num - 1; i++)
for (i = 1; i < co_list_num - 1; i++)
{
list[i].prev = &(list[i-1]);
list[i].next = &(list[i+1]);
co_list[i].prev = &(co_list[i-1]);
co_list[i].next = &(co_list[i+1]);
}
if (list_num > 0)
if (co_list_num > 0)
{
(*head_p) = &(list[0]);
(*head_p) = &(co_list[0]);
(*head_p)->prev = NULL;
(*head_p)->next = &(list[1]);
(*tail_p) = &(list[list_num - 1]);
(*tail_p)->prev = &(list[list_num - 2]);
(*head_p)->next = &(co_list[1]);
(*tail_p) = &(co_list[co_list_num - 1]);
(*tail_p)->prev = &(co_list[co_list_num - 2]);
(*tail_p)->next = NULL;
}
}
@ -429,7 +435,7 @@ static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
unsigned long algo_strength, unsigned long mask_strength,
int rule, int strength_bits, CIPHER_ORDER *list,
int rule, int strength_bits, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
@ -524,8 +530,9 @@ static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
*tail_p = tail;
}
static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p)
static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p)
{
int max_strength_bits, i, *number_uses;
CIPHER_ORDER *curr;
@ -570,14 +577,14 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0)
ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
list, head_p, tail_p);
co_list, head_p, tail_p);
OPENSSL_free(number_uses);
return(1);
}
static int ssl_cipher_process_rulestr(const char *rule_str,
CIPHER_ORDER *list, CIPHER_ORDER **head_p,
CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
{
unsigned long algorithms, mask, algo_strength, mask_strength;
@ -702,7 +709,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
ok = 0;
if ((buflen == 8) &&
!strncmp(buf, "STRENGTH", 8))
ok = ssl_cipher_strength_sort(list,
ok = ssl_cipher_strength_sort(co_list,
head_p, tail_p);
else
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
@ -722,7 +729,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
{
ssl_cipher_apply_rule(algorithms, mask,
algo_strength, mask_strength, rule, -1,
list, head_p, tail_p);
co_list, head_p, tail_p);
}
else
{
@ -744,7 +751,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
unsigned long disabled_mask;
STACK_OF(SSL_CIPHER) *cipherstack;
const char *rule_p;
CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
SSL_CIPHER **ca_list = NULL;
/*
@ -774,15 +781,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
#ifdef KSSL_DEBUG
printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
#endif /* KSSL_DEBUG */
list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
if (list == NULL)
co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
if (co_list == NULL)
{
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
return(NULL); /* Failure */
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
list, &head, &tail);
co_list, &head, &tail);
/*
* We also need cipher aliases for selecting based on the rule_str.
@ -798,7 +805,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
if (ca_list == NULL)
{
OPENSSL_free(list);
OPENSSL_free(co_list);
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
return(NULL); /* Failure */
}
@ -814,21 +821,21 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
if (strncmp(rule_str,"DEFAULT",7) == 0)
{
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
list, &head, &tail, ca_list);
co_list, &head, &tail, ca_list);
rule_p += 7;
if (*rule_p == ':')
rule_p++;
}
if (ok && (strlen(rule_p) > 0))
ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
ca_list);
OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok)
{ /* Rule processing failure */
OPENSSL_free(list);
OPENSSL_free(co_list);
return(NULL);
}
/*
@ -837,7 +844,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
{
OPENSSL_free(list);
OPENSSL_free(co_list);
return(NULL);
}
@ -855,7 +862,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
#endif
}
}
OPENSSL_free(list); /* Not needed any longer */
OPENSSL_free(co_list); /* Not needed any longer */
/*
* The following passage is a little bit odd. If pointer variables
@ -905,7 +912,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
{
int is_export,pkl,kl;
char *ver,*exp;
char *ver,*exp_str;
char *kx,*au,*enc,*mac;
unsigned long alg,alg2,alg_s;
#ifdef KSSL_DEBUG
@ -921,7 +928,7 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
is_export=SSL_C_IS_EXPORT(cipher);
pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
kl=SSL_C_EXPORT_KEYLENGTH(cipher);
exp=is_export?" export":"";
exp_str=is_export?" export":"";
if (alg & SSL_SSLV2)
ver="SSLv2";
@ -1040,9 +1047,9 @@ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
return("Buffer too small");
#ifdef KSSL_DEBUG
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg);
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
#else
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
#endif /* KSSL_DEBUG */
return(buf);
}
@ -1129,11 +1136,11 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
MemCheck_on();
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
return(0);
return(1);
}
else
{
MemCheck_on();
return(1);
return(0);
}
}

View File

@ -60,7 +60,6 @@
#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);

View File

@ -564,7 +564,14 @@ bad:
if (cm != NULL)
{
if (cm->type != NID_undef)
SSL_COMP_add_compression_method(comp, cm);
{
if (SSL_COMP_add_compression_method(comp, cm) != 0)
{
fprintf(stderr,
"Failed to add compression method\n");
ERR_print_errors_fp(stderr);
}
}
else
{
fprintf(stderr,

View File

@ -1116,27 +1116,55 @@ sub print_test_file
}
}
sub get_version {
local *MF;
my $v = '?';
open MF, 'Makefile.ssl' or return $v;
while (<MF>) {
$v = $1, last if /^VERSION=(.*?)\s*$/;
}
close MF;
return $v;
}
sub print_def_file
{
(*OUT,my $name,*nums,my @symbols)=@_;
my $n = 1; my @e; my @r; my @v; my $prev="";
my $liboptions="";
my $libname = $name;
my $http_vendor = 'www.openssl.org/';
my $version = get_version();
my $what = "OpenSSL: implementation of Secure Socket Layer";
my $description = "$what $version, $name - http://$http_vendor";
if ($W32)
{ $name.="32"; }
{ $libname.="32"; }
elsif ($W16)
{ $name.="16"; }
{ $libname.="16"; }
elsif ($OS2)
{ $liboptions = "INITINSTANCE\nDATA NONSHARED"; }
{ # DLL names should not clash on the whole system.
# However, they should not have any particular relationship
# to the name of the static library. Chose descriptive names
# (must be at most 8 chars).
my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
$libname = $translate{$name} || $name;
$liboptions = <<EOO;
INITINSTANCE
DATA MULTIPLE NONSHARED
EOO
# Vendor field can't contain colon, drat; so we omit http://
$description = "\@#$http_vendor:$version#\@$what; DLL for library $name. Build for EMX -Zmtd";
}
print OUT <<"EOF";
;
; Definition file for the DLL version of the $name library from OpenSSL
;
LIBRARY $name $liboptions
LIBRARY $libname $liboptions
DESCRIPTION 'OpenSSL $name - http://www.openssl.org/'
DESCRIPTION '$description'
EOF