Changes between 0.9.6h and 0.9.7 [XX xxx 2002]
+ *) Introduce safe string copy and catenation functions
+ (BUF_strlcpy() and BUF_strlcat()).
+ [Ben Laurie (CHATS) and Richard Levitte]
+
+ *) Avoid using fixed-size buffers for one-line DNs.
+ [Ben Laurie (CHATS)]
+
+ *) Add BUF_MEM_grow_clean() to avoid information leakage when
+ resizing buffers containing secrets, and use where appropriate.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid using fixed size buffers for configuration file location.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid filename truncation for various CA files.
+ [Ben Laurie (CHATS)]
+
+ *) Use sizeof in preference to magic numbers.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid filename truncation in cert requests.
+ [Ben Laurie (CHATS)]
+
+ *) New OPENSSL_assert() macro (similar to assert(), but enabled
+ unconditionally).
+ [Ben Laurie (CHATS)]
+
+ *) Add assertions to check for (supposedly impossible) buffer
+ overflows.
+ [Ben Laurie (CHATS)]
+
+ *) Don't cache truncated DNS entries in the local cache (this could
+ potentially lead to a spoofing attack).
+ [Ben Laurie (CHATS)]
+
+ *) Fix various buffers to be large enough for hex/decimal
+ representations in a platform independent manner.
+ [Ben Laurie (CHATS)]
+
+ *) Add CRYPTO_realloc_clean() to avoid information leakage when
+ resizing buffers containing secrets, and use where appropriate.
+ [Ben Laurie (CHATS)]
+
+ *) Add BIO_indent() to avoid much slightly worrying code to do
+ indents.
+ [Ben Laurie (CHATS)]
+
+ *) Convert sprintf()/BIO_puts() to BIO_printf().
+ [Ben Laurie (CHATS)]
+
+ *) buffer_gets() could terminate with the buffer only half
+ full. Fixed.
+ [Ben Laurie (CHATS)]
+
+ *) Add assertions to prevent crypto functions from overflowing
+ internal buffers by having large block sizes, etc.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused copy of key in RC4.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
+ [Ben Laurie (CHATS)]
+
+ *) Fix off-by-one error in EGD path.
+ [Ben Laurie (CHATS)]
+
+ *) If RANDFILE path is too long, ignore instead of truncating.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and incorrectly sized X.509 structure
+ CBCParameter.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and dangerous function knumber().
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and dangerous structure, KSSL_ERR.
+ [Ben Laurie (CHATS)]
+
+ *) Protect against overlong session ID context length in an encoded
+ session object. Since these are local, this does not appear to be
+ exploitable.
+ [Ben Laurie (CHATS)]
+
*) Change from security patch (see 0.9.6e below) that did not affect
the 0.9.6 release series:
rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c
-req.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-req.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-req.o: ../include/openssl/cast.h ../include/openssl/conf.h
-req.o: ../include/openssl/crypto.h ../include/openssl/des.h
-req.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-req.o: ../include/openssl/engine.h ../include/openssl/err.h
-req.o: ../include/openssl/evp.h ../include/openssl/idea.h
-req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-req.o: ../include/openssl/md4.h ../include/openssl/md5.h
-req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
-req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-req.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-req.o: ../include/openssl/x509v3.h apps.h req.c
+req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+req.o: ../include/openssl/des.h ../include/openssl/des_old.h
+req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
+req.o: ../include/openssl/err.h ../include/openssl/evp.h
+req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+req.o: ../include/openssl/md2.h ../include/openssl/md4.h
+req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
p++;
else
p=in;
- strncpy(out,p,size-1);
- out[size-1]='\0';
+ BUF_strlcpy(out,p,size);
}
#endif
#endif
int dump_cert_text (BIO *out, X509 *x)
{
- char buf[256];
- X509_NAME_oneline(X509_get_subject_name(x),buf,256);
+ char *p;
+
+ p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
BIO_puts(out,"subject=");
- BIO_puts(out,buf);
+ BIO_puts(out,p);
+ OPENSSL_free(p);
- X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
- BIO_puts(out,"\nissuer= ");
- BIO_puts(out,buf);
+ p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
+ BIO_puts(out,"\nissuer=");
+ BIO_puts(out,p);
BIO_puts(out,"\n");
- return 0;
+ OPENSSL_free(p);
+
+ return 0;
}
static int ui_open(UI *ui)
goto error;
for (;;)
{
- if (!BUF_MEM_grow(buf,size+1024*10))
+ if (!BUF_MEM_grow_clean(buf,size+1024*10))
goto error;
i = BIO_read(key, &(buf->data[size]), 1024*10);
size += i;
char *buf;
char mline = 0;
int indent = 0;
+
if(title) BIO_puts(out, title);
if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mline = 1;
}
return 1;
}
+
+char *make_config_name()
+ {
+ const char *t=X509_get_default_cert_area();
+ char *p;
+
+ p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2);
+ strcpy(p,t);
+#ifndef OPENSSL_SYS_VMS
+ strcat(p,"/");
+#endif
+ strcat(p,OPENSSL_CONF);
+
+ return p;
+ }
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
int load_config(BIO *err, CONF *cnf);
+char *make_config_name(void);
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
char *engine = NULL;
+ char *tofree=NULL;
#ifdef EFENCE
EF_PROTECT_FREE=1;
ERR_load_crypto_strings();
- e = setup_engine(bio_err, engine, 0);
+ e = setup_engine(bio_err, engine, 0);
/*****************************************************************/
+ tofree=NULL;
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
if (configfile == NULL)
{
- /* We will just use 'buf[0]' as a temporary buffer. */
+ const char *s=X509_get_default_cert_area();
+
#ifdef OPENSSL_SYS_VMS
- strncpy(buf[0],X509_get_default_cert_area(),
- sizeof(buf[0])-1-sizeof(CONFIG_FILE));
+ tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
+ strcpy(tofree,s);
#else
- strncpy(buf[0],X509_get_default_cert_area(),
- sizeof(buf[0])-2-sizeof(CONFIG_FILE));
- buf[0][sizeof(buf[0])-2-sizeof(CONFIG_FILE)]='\0';
- strcat(buf[0],"/");
+ tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
+ strcpy(tofree,s);
+ strcat(tofree,"/");
#endif
- strcat(buf[0],CONFIG_FILE);
- configfile=buf[0];
+ strcat(tofree,CONFIG_FILE);
+ configfile=tofree;
}
BIO_printf(bio_err,"Using configuration from %s\n",configfile);
,errorline,configfile);
goto err;
}
+ if(tofree)
+ OPENSSL_free(tofree);
if (!load_config(bio_err, conf))
goto err;
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
- strncpy(buf[0],serialfile,BSIZE-4);
- buf[0][BSIZE-4]='\0';
+ if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
+ {
+ BIO_printf(bio_err,"file name too long\n");
+ goto err;
+ }
+
+ strcpy(buf[0],serialfile);
#ifdef OPENSSL_SYS_VMS
strcat(buf[0],"-new");
if (!save_serial(buf[0],serial)) goto err;
- strncpy(buf[1],dbfile,BSIZE-4);
- buf[1][BSIZE-4]='\0';
+ strcpy(buf[1],dbfile);
#ifdef OPENSSL_SYS_VMS
strcat(buf[1],"-new");
j=x->cert_info->serialNumber->length;
p=(char *)x->cert_info->serialNumber->data;
- strncpy(buf[2],outdir,BSIZE-(j*2)-6);
- buf[2][BSIZE-(j*2)-6]='\0';
+ if(strlen(outdir) >= (j ? BSIZE-j*2-6 : BSIZE-8))
+ {
+ BIO_printf(bio_err,"certificate file name too long\n");
+ goto err;
+ }
+
+ strcpy(buf[2],outdir);
#ifndef OPENSSL_SYS_VMS
strcat(buf[2],"/");
if (j <= 0) goto err;
X509_free(revcert);
- strncpy(buf[0],dbfile,BSIZE-4);
- buf[0][BSIZE-4]='\0';
+ if(strlen(dbfile) > BSIZE-5)
+ {
+ BIO_printf(bio_err,"filename too long\n");
+ goto err;
+ }
+
+ strcpy(buf[0],dbfile);
#ifndef OPENSSL_SYS_VMS
strcat(buf[0],".new");
#else
/*****************************************************************/
ret=0;
err:
+ if(tofree)
+ OPENSSL_free(tofree);
BIO_free_all(Cout);
BIO_free_all(Sout);
BIO_free_all(out);
{
BIO_puts(STDout,SSL_CIPHER_description(
sk_SSL_CIPHER_value(sk,i),
- buf,512));
+ buf,sizeof buf));
}
}
goto end;
/* first check the program name */
- program_name(argv[0],pname,PROG_NAME_SIZE);
+ program_name(argv[0],pname,sizeof pname);
md=EVP_get_digestbyname(pname);
{
ENGINE *e = NULL;
static const char magic[]="Salted__";
- char mbuf[8]; /* should be 1 smaller than magic */
+ char mbuf[sizeof magic-1];
char *strbuf=NULL;
unsigned char *buff=NULL,*bufsize=NULL;
int bsize=BSIZE,verbose=0;
goto end;
/* first check the program name */
- program_name(argv[0],pname,PROG_NAME_SIZE);
+ program_name(argv[0],pname,sizeof pname);
if (strcmp(pname,"base64") == 0)
base64=1;
goto bad;
}
buf[0]='\0';
- fgets(buf,128,infile);
+ fgets(buf,sizeof buf,infile);
fclose(infile);
i=strlen(buf);
if ((i > 0) &&
else {
if(enc) {
if(hsalt) {
- if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) {
+ if(!set_hex(hsalt,salt,sizeof salt)) {
BIO_printf(bio_err,
"invalid hex salt value\n");
goto end;
}
- } else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0)
+ } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
goto end;
/* If -P option then don't bother writing */
if((printkey != 2)
sizeof magic-1) != sizeof magic-1
|| BIO_write(wbio,
(char *)salt,
- PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) {
+ sizeof salt) != sizeof salt)) {
BIO_printf(bio_err,"error writing output file\n");
goto end;
}
} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
|| BIO_read(rbio,
(unsigned char *)salt,
- PKCS5_SALT_LEN) != PKCS5_SALT_LEN) {
+ sizeof salt) != sizeof salt) {
BIO_printf(bio_err,"error reading input file\n");
goto end;
} else if(memcmp(mbuf,magic,sizeof magic-1)) {
if (!nosalt)
{
printf("salt=");
- for (i=0; i<PKCS5_SALT_LEN; i++)
+ for (i=0; i<sizeof salt; i++)
printf("%02X",salt[i]);
printf("\n");
}
for(;;)
{
- len = BIO_gets(cbio, inbuf, 1024);
+ len = BIO_gets(cbio, inbuf, sizeof inbuf);
if (len <= 0)
return 1;
/* Look for "POST" signalling start of query */
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
FUNCTION f,*fp;
- MS_STATIC char *prompt,buf[1024],config_name[256];
+ MS_STATIC char *prompt,buf[1024];
+ char *to_free=NULL;
int n,i,ret=0;
int argc;
char **argv,*p;
if (p == NULL)
p=getenv("SSLEAY_CONF");
if (p == NULL)
- {
- strcpy(config_name,X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
- strcat(config_name,"/");
-#endif
- strcat(config_name,OPENSSL_CONF);
- p=config_name;
- }
+ p=to_free=make_config_name();
default_config_file=p;
prog=prog_init();
/* first check the program name */
- program_name(Argv[0],pname,PROG_NAME_SIZE);
+ program_name(Argv[0],pname,sizeof pname);
f.name=pname;
fp=(FUNCTION *)lh_retrieve(prog,&f);
{
ret=0;
p=buf;
- n=1024;
+ n=sizeof buf;
i=0;
for (;;)
{
BIO_printf(bio_err,"bad exit\n");
ret=1;
end:
+ if (to_free)
+ OPENSSL_free(to_free);
if (config != NULL)
{
NCONF_free(config);
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read MAC password");
#endif
- if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert))
+ if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
{
BIO_printf (bio_err, "Can't read Password\n");
goto end;
#endif
if(!noprompt &&
- EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
+ EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) {
BIO_printf (bio_err, "Can't read Password\n");
goto export_end;
}
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read import password");
#endif
- if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
+ if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}
if(passout) p8pass = passout;
else {
p8pass = pass;
- if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
+ if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
return (1);
}
app_RAND_load_file(NULL, bio_err, 0);
if(passin) p8pass = passin;
else {
p8pass = pass;
- EVP_read_pw_string(pass, 50, "Enter Password:", 0);
+ EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
}
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
X509_SIG_free(p8);
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
+#include "../crypto/cryptlib.h"
#define SECTION "req"
const EVP_MD *md_alg=NULL,*digest=EVP_md5();
unsigned long chtype = MBSTRING_ASC;
#ifndef MONOLITH
- MS_STATIC char config_name[256];
+ char *to_free;
long errline;
#endif
if (p == NULL)
p=getenv("SSLEAY_CONF");
if (p == NULL)
- {
- strcpy(config_name,X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
- strcat(config_name,"/");
-#endif
- strcat(config_name,OPENSSL_CONF);
- p=config_name;
- }
+ p=to_free=make_config_name();
default_config_file=p;
config=NCONF_new(NULL);
i=NCONF_load(config, p, &errline);
}
ex=0;
end:
+#ifndef MONOLITH
+ if(to_free)
+ OPENSSL_free(to_free);
+#endif
if (ex)
{
ERR_print_errors(bio_err);
}
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
+
+ if(strlen(v->name) > sizeof buf-9)
+ {
+ BIO_printf(bio_err,"Name '%s' too long\n",v->name);
+ return 0;
+ }
+
sprintf(buf,"%s_default",v->name);
if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
def="";
}
-
sprintf(buf,"%s_value",v->name);
if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
if ((nid=OBJ_txt2nid(type)) == NID_undef)
goto start2;
+ if(strlen(v->name) > sizeof buf-9)
+ {
+ BIO_printf(bio_err,"Name '%s' too long\n",v->name);
+ return 0;
+ }
+
sprintf(buf,"%s_default",type);
if ((def=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
(void)BIO_flush(bio_err);
if(value != NULL)
{
+ OPENSSL_assert(strlen(value) < sizeof buf-2);
strcpy(buf,value);
strcat(buf,"\n");
BIO_printf(bio_err,"%s\n",value);
buf[0]='\0';
if (!batch)
{
- fgets(buf,1024,stdin);
+ fgets(buf,sizeof buf,stdin);
}
else
{
(void)BIO_flush(bio_err);
if (value != NULL)
{
+ OPENSSL_assert(strlen(value) < sizeof buf-2);
strcpy(buf,value);
strcat(buf,"\n");
BIO_printf(bio_err,"%s\n",value);
buf[0]='\0';
if (!batch)
{
- fgets(buf,1024,stdin);
+ fgets(buf,sizeof buf,stdin);
}
else
{
err= X509_STORE_CTX_get_error(ctx);
depth= X509_STORE_CTX_get_error_depth(ctx);
- X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+ X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
if (!ok)
{
switch (ctx->error)
{
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+ X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
BIO_printf(bio_err,"issuer= %s\n",buf);
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
for (i=0; i<sk_X509_num(sk); i++)
{
X509_NAME_oneline(X509_get_subject_name(
- sk_X509_value(sk,i)),buf,BUFSIZ);
+ sk_X509_value(sk,i)),buf,sizeof buf);
BIO_printf(bio,"%2d s:%s\n",i,buf);
X509_NAME_oneline(X509_get_issuer_name(
- sk_X509_value(sk,i)),buf,BUFSIZ);
+ sk_X509_value(sk,i)),buf,sizeof buf);
BIO_printf(bio," i:%s\n",buf);
if (c_showcerts)
PEM_write_bio_X509(bio,sk_X509_value(sk,i));
if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
PEM_write_bio_X509(bio,peer);
X509_NAME_oneline(X509_get_subject_name(peer),
- buf,BUFSIZ);
+ buf,sizeof buf);
BIO_printf(bio,"subject=%s\n",buf);
X509_NAME_oneline(X509_get_issuer_name(peer),
- buf,BUFSIZ);
+ buf,sizeof buf);
BIO_printf(bio,"issuer=%s\n",buf);
}
else
{
BIO_printf(bio,"---\nNo client certificate CA names sent\n");
}
- p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
+ p=SSL_get_shared_ciphers(s,buf,sizeof buf);
if (p != NULL)
{
/* This works only for SSL 2. In later protocol
{
BIO_printf(bio_s_out,"Client certificate\n");
PEM_write_bio_X509(bio_s_out,peer);
- X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ);
+ X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
BIO_printf(bio_s_out,"subject=%s\n",buf);
- X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ);
+ X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
BIO_printf(bio_s_out,"issuer=%s\n",buf);
X509_free(peer);
}
- if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
+ if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
ret=gethostbyname(name);
if (ret == NULL) return(NULL);
/* else add to cache */
- strncpy(ghbn_cache[lowi].name,name,128);
- memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
- ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+ if(strlen(name) < sizeof ghbn_cache[0].name)
+ {
+ strcpy(ghbn_cache[lowi].name,name);
+ memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
+ ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+ }
return(ret);
}
else
#undef BUFSIZZ
#define BUFSIZZ 1024*10
+#define MYBUFSIZ 1024*8
+
#undef min
#undef max
#define min(a,b) (((a) < (b)) ? (a) : (b))
{
if (--argc < 1) goto bad;
s_www_path= *(++argv);
+ if(strlen(s_www_path) > MYBUFSIZ-100)
+ {
+ BIO_printf(bio_err,"-www option too long\n");
+ badop=1;
+ }
}
else if(strcmp(*argv,"-bugs") == 0)
st_bugs=1;
if (**string == 0)
return NULL;
- memset(isdelim, 0, 256);
+ memset(isdelim, 0, sizeof isdelim);
isdelim[0] = 1;
while (*delim)
if (!ok)
{
X509_NAME_oneline(
- X509_get_subject_name(ctx->current_cert),buf,256);
+ X509_get_subject_name(ctx->current_cert),buf,
+ sizeof buf);
printf("%s\n",buf);
printf("error %d at %d depth lookup:%s\n",ctx->error,
ctx->error_depth,
HDC hdc;
PAINTSTRUCT ps;
RECT rect;
- char buffer[200];
static int seeded = 0;
switch (iMsg)
int y,z;
X509_NAME_oneline(X509_get_subject_name(x),
- buf,256);
+ buf,sizeof buf);
BIO_printf(STDout,"/* subject:%s */\n",buf);
m=X509_NAME_oneline(
- X509_get_issuer_name(x),buf,256);
+ X509_get_issuer_name(x),buf,
+ sizeof buf);
BIO_printf(STDout,"/* issuer :%s */\n",buf);
z=i2d_X509(x,NULL);
}
else
{
- if (!a2i_ASN1_INTEGER(io,bs,buf2,1024))
+ if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
{
BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
ERR_print_errors(bio_err);
int n;
unsigned long len = length;
- unsigned char tmp[16];
+ unsigned char tmp[AES_BLOCK_SIZE];
assert(in && out && key && ivec);
assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
if (AES_ENCRYPT == enc) {
while (len >= AES_BLOCK_SIZE) {
- for(n=0; n < 16; ++n)
+ for(n=0; n < sizeof tmp; ++n)
tmp[n] = in[n] ^ ivec[n];
AES_encrypt(tmp, out, key);
- memcpy(ivec, out, 16);
- len -= 16;
- in += 16;
- out += 16;
+ memcpy(ivec, out, AES_BLOCK_SIZE);
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
}
if (len) {
for(n=0; n < len; ++n)
tmp[n] = ivec[n];
AES_encrypt(tmp, tmp, key);
memcpy(out, tmp, len);
- memcpy(ivec, tmp, 16);
+ memcpy(ivec, tmp, sizeof tmp);
}
} else {
while (len >= AES_BLOCK_SIZE) {
- memcpy(tmp, in, 16);
+ memcpy(tmp, in, sizeof tmp);
AES_decrypt(in, out, key);
- for(n=0; n < 16; ++n)
+ for(n=0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= ivec[n];
- memcpy(ivec, tmp, 16);
- len -= 16;
- in += 16;
- out += 16;
+ memcpy(ivec, tmp, AES_BLOCK_SIZE);
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
}
if (len) {
- memcpy(tmp, in, 16);
+ memcpy(tmp, in, sizeof tmp);
AES_decrypt(tmp, tmp, key);
for(n=0; n < len; ++n)
out[n] ^= ivec[n];
- memcpy(ivec, tmp, 16);
+ memcpy(ivec, tmp, sizeof tmp);
}
}
}
a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
a_sign.o: ../cryptlib.h a_sign.c
-a_strex.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-a_strex.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-a_strex.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-a_strex.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
-a_strex.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+a_strex.o: ../../e_os.h ../../include/openssl/aes.h
+a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h
a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-a_strex.o: ../../include/openssl/x509_vfy.h a_strex.c charmap.h
+a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
if (a->data == NULL)
c=(unsigned char *)OPENSSL_malloc(w+1);
else
- c=(unsigned char *)OPENSSL_realloc(a->data,w+1);
+ c=(unsigned char *)OPENSSL_realloc_clean(a->data,
+ a->length,
+ w+1);
if (c == NULL) return(0);
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
a->data=c;
goto err;
}
- if (!BUF_MEM_grow(&b,num+os->length))
+ if (!BUF_MEM_grow_clean(&b,num+os->length))
{
c->error=ERR_R_BUF_LIB;
goto err;
{
want-=(len-off);
- if (!BUF_MEM_grow(b,len+want))
+ if (!BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
goto err;
if (want > (len-off))
{
want-=(len-off);
- if (!BUF_MEM_grow(b,len+want))
+ if (!BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
goto err;
if ((a == NULL) || (a->data == NULL))
return(BIO_write(bp,"NULL",4));
- i=i2t_ASN1_OBJECT(buf,80,a);
- if (i > 80) i=80;
+ i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
+ if (i > sizeof buf) i=sizeof buf;
BIO_write(bp,buf,i);
return(i);
}
#include <openssl/asn1.h>
#include "charmap.h"
+#include "cryptlib.h"
/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
* Enhanced string and name printing routines handling
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
{
unsigned char chflgs, chtmp;
- char tmphex[11];
+ char tmphex[HEX_SIZE(long)+3];
+
+ if(c > 0xffffffffL)
+ return -1;
if(c > 0xffff) {
- BIO_snprintf(tmphex, 11, "\\W%08lX", c);
+ BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
if(!io_ch(arg, tmphex, 10)) return -1;
return 10;
}
if(c > 0xff) {
- BIO_snprintf(tmphex, 11, "\\U%04lX", c);
+ BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
if(!io_ch(arg, tmphex, 6)) return -1;
return 6;
}
if(type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6];
int utflen;
- utflen = UTF8_putc(utfbuf, 6, c);
+ utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
for(i = 0; i < utflen; i++) {
/* We don't need to worry about setting orflags correctly
* because if utflen==1 its value will be correct anyway
if(fn_opt != XN_FLAG_FN_NONE) {
int objlen, fld_len;
if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
- OBJ_obj2txt(objtmp, 80, fn, 1);
+ OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
fld_len = 0; /* XXX: what should this be? */
objbuf = objtmp;
} else {
if (t->data[0] >= '5') strcpy(str, "19");
else strcpy(str, "20");
- strcat(str, (char *)t->data);
+ BUF_strlcat(str, (char *)t->data, t->length+2);
return ret;
}
else
p="prim: ";
if (BIO_write(bp,p,6) < 6) goto err;
- if (indent)
- {
- if (indent > 128) indent=128;
- memset(str,' ',indent);
- if (BIO_write(bp,str,indent) < indent) goto err;
- }
+ BIO_indent(bp,indent,128);
p=str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
sp=(unsigned char *)OPENSSL_malloc(
(unsigned int)num+i*2);
else
- sp=(unsigned char *)OPENSSL_realloc(s,
- (unsigned int)num+i*2);
+ sp=OPENSSL_realloc_clean(s,slen,num+i*2);
if (sp == NULL)
{
ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
int X509_CRL_print(BIO *out, X509_CRL *x)
{
- char buf[256];
STACK_OF(X509_REVOKED) *rev;
X509_REVOKED *r;
long l;
int i, n;
+ char *p;
BIO_printf(out, "Certificate Revocation List (CRL):\n");
l = X509_CRL_get_version(x);
i = OBJ_obj2nid(x->sig_alg->algorithm);
BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
(i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
- X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);
- BIO_printf(out,"%8sIssuer: %s\n","",buf);
+ p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
+ BIO_printf(out,"%8sIssuer: %s\n","",p);
+ OPENSSL_free(p);
BIO_printf(out,"%8sLast Update: ","");
ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
BIO_printf(out,"\n%8sNext Update: ","");
goto err;
}
- if (off)
- {
- if (off > 128) off=128;
- memset(str,' ',off);
- }
if (x->d != NULL)
{
- if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+ if(!BIO_indent(bp,off,128))
+ goto err;
if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
<= 0) goto err;
}
int DSA_print(BIO *bp, const DSA *x, int off)
{
- char str[128];
unsigned char *m=NULL;
int ret=0;
size_t buf_len=0,i;
goto err;
}
- if (off)
- {
- if (off > 128) off=128;
- memset(str,' ',off);
- }
if (x->priv_key != NULL)
{
- if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+ if(!BIO_indent(bp,off,128))
+ goto err;
if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
<= 0) goto err;
}
int off)
{
int n,i;
- char str[128];
const char *neg;
if (num == NULL) return(1);
neg=(num->neg)?"-":"";
- if (off)
- {
- if (off > 128) off=128;
- memset(str,' ',off);
- if (BIO_write(bp,str,off) <= 0) return(0);
- }
+ if(!BIO_indent(bp,off,128))
+ return 0;
if (BN_num_bytes(num) <= BN_BYTES)
{
{
if ((i%15) == 0)
{
- str[0]='\n';
- memset(&(str[1]),' ',off+4);
- if (BIO_write(bp,str,off+1+4) <= 0) return(0);
+ if(BIO_puts(bp,"\n") <= 0
+ || !BIO_indent(bp,off+4,128))
+ return 0;
}
if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
<= 0) return(0);
EVP_PKEY *pkey;
STACK_OF(X509_ATTRIBUTE) *sk;
STACK_OF(X509_EXTENSION) *exts;
- char str[128];
char mlch = ' ';
int nmindent = 0;
l=0;
for (i=0; i<ri->version->length; i++)
{ l<<=8; l+=ri->version->data[i]; }
- sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
- if (BIO_puts(bp,str) <= 0) goto err;
+ if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
+ l) <= 0)
+ goto err;
}
if(!(cflag & X509_FLAG_NO_SUBJECT))
{
if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
{
/* may not be */
- sprintf(str,"%8sAttributes:\n","");
- if (BIO_puts(bp,str) <= 0) goto err;
+ if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
+ goto err;
sk=x->req_info->attributes;
if (sk_X509_ATTRIBUTE_num(sk) == 0)
{
- sprintf(str,"%12sa0:00\n","");
- if (BIO_puts(bp,str) <= 0) goto err;
+ if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
+ goto err;
}
else
{
a=sk_X509_ATTRIBUTE_value(sk,i);
if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
continue;
- sprintf(str,"%12s","");
- if (BIO_puts(bp,str) <= 0) goto err;
+ if(BIO_printf(bp,"%12s","") <= 0)
+ goto err;
if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
{
if (a->single)
int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
{
- char *s,*c;
+ char *s,*c,*b;
int ret=0,l,ll,i,first=1;
- char buf[256];
ll=80-2-obase;
- s=X509_NAME_oneline(name,buf,256);
+ b=s=X509_NAME_oneline(name,NULL,0);
if (!*s)
+ {
+ free(b);
return 1;
+ }
s++; /* skip the first slash */
l=ll;
err:
X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
}
+ free(b);
return(ret);
}
for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
if(!first) BIO_puts(out, ", ");
else first = 0;
- OBJ_obj2txt(oidstr, 80,
+ OBJ_obj2txt(oidstr, sizeof oidstr,
sk_ASN1_OBJECT_value(aux->trust, i), 0);
BIO_puts(out, oidstr);
}
for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
if(!first) BIO_puts(out, ", ");
else first = 0;
- OBJ_obj2txt(oidstr, 80,
+ OBJ_obj2txt(oidstr, sizeof oidstr,
sk_ASN1_OBJECT_value(aux->reject, i), 0);
BIO_puts(out, oidstr);
}
if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err;
len = buf.length;
/* Append a final null to string */
- if(!BUF_MEM_grow(&buf, len + 1)) {
+ if(!BUF_MEM_grow_clean(&buf, len + 1)) {
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
return 0;
}
int len;
if(buf) {
len = buf->length;
- if(!BUF_MEM_grow(buf, len + plen)) {
+ if(!BUF_MEM_grow_clean(buf, len + plen)) {
ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
return 0;
}
char objbuf[80], *ln;
ln = OBJ_nid2ln(OBJ_obj2nid(fld));
if(!ln) ln = "";
- OBJ_obj2txt(objbuf, 80, fld, 1);
+ OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
} else {
BIO_printf(out, "%*s%s:", indent, "", name);
len=strlen(cbc_data)+1;
BF_set_key(&key,16,cbc_key);
- memset(cbc_in,0,40);
- memset(cbc_out,0,40);
- memcpy(iv,cbc_iv,8);
+ memset(cbc_in,0,sizeof cbc_in);
+ memset(cbc_out,0,sizeof cbc_out);
+ memcpy(iv,cbc_iv,sizeof iv);
BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
&key,iv,BF_ENCRYPT);
if (memcmp(cbc_out,cbc_ok,32) != 0)
{
int signvalue = 0;
unsigned LLONG uvalue;
- char convert[20];
+ char convert[DECIMAL_SIZE(value)+1];
int place = 0;
int spadlen = 0;
int zpadlen = 0;
(caps ? "0123456789ABCDEF" : "0123456789abcdef")
[uvalue % (unsigned) base];
uvalue = (uvalue / (unsigned) base);
- } while (uvalue && (place < 20));
- if (place == 20)
+ } while (uvalue && (place < sizeof convert));
+ if (place == sizeof convert)
place--;
convert[place] = 0;
(caps ? "0123456789ABCDEF"
: "0123456789abcdef")[intpart % 10];
intpart = (intpart / 10);
- } while (intpart && (iplace < 20));
- if (iplace == 20)
+ } while (intpart && (iplace < sizeof iplace));
+ if (iplace == sizeof iplace)
iplace--;
iconvert[iplace] = 0;
: "0123456789abcdef")[fracpart % 10];
fracpart = (fracpart / 10);
} while (fplace < max);
- if (fplace == 20)
+ if (fplace == sizeof fplace)
fplace--;
fconvert[fplace] = 0;
static int wsa_init_done=0;
#endif
+#if 0
static unsigned long BIO_ghbn_hits=0L;
static unsigned long BIO_ghbn_miss=0L;
struct hostent *ent;
unsigned long order;
} ghbn_cache[GHBN_NUM];
+#endif
static int get_ip(const char *str,unsigned char *ip);
#if 0
return(j);
}
+#if 0
long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
{
int i;
}
return(1);
}
+#endif
#if 0
static struct hostent *ghbn_dup(struct hostent *a)
size-=i;
ctx->ibuf_len-=i;
ctx->ibuf_off+=i;
- if ((flag) || (i == size))
+ if (flag || size == 0)
{
*buf='\0';
return(num);
int BIO_gets(BIO *bp,char *buf, int size);
int BIO_write(BIO *b, const void *data, int len);
int BIO_puts(BIO *bp,const char *buf);
+int BIO_indent(BIO *b,int indent,int max);
long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
void BIO_copy_next_retry(BIO *b);
-long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
+/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
int BIO_printf(BIO *bio, const char *format, ...);
int BIO_vprintf(BIO *bio, const char *format, va_list args);
return(i);
}
+int BIO_indent(BIO *b,int indent,int max)
+ {
+ if(indent < 0)
+ indent=0;
+ if(indent > max)
+ indent=max;
+ while(indent--)
+ if(BIO_puts(b," ") != 1)
+ return 0;
+ return 1;
+ }
+
long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
{
int i;
else if (num == 2)
{
char buf[16];
- char *p = ptr;
+ unsigned char *p = ptr;
sprintf(buf,"%d.%d.%d.%d",
p[0],p[1],p[2],p[3]);
}
else if (num == 3)
{
- char buf[16];
+ char buf[DECIMAL_SIZE(int)+1];
sprintf(buf,"%d",*(int *)ptr);
if (data->param_port != NULL)
LPCSTR lpszStrings[2];
WORD evtype= EVENTLOG_ERROR_TYPE;
int pid = _getpid();
- char pidbuf[20];
+ char pidbuf[DECIMAL_SIZE(pid)+4];
switch (priority)
{
BIO_clear_retry_flags(b);
blen=bm->length;
- if (BUF_MEM_grow(bm,blen+inl) != (blen+inl))
+ if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl))
goto end;
memcpy(&(bm->data[blen]),in,inl);
ret=inl;
BIO_clear_retry_flags(bp);
j=bm->length;
- if (j <= 0) return(0);
+ if (j <= 0)
+ {
+ *buf='\0';
+ return 0;
+ }
p=bm->data;
for (i=0; i<j; i++)
{
return(len);
}
+int BUF_MEM_grow_clean(BUF_MEM *str, int len)
+ {
+ char *ret;
+ unsigned int n;
+
+ if (str->length >= len)
+ {
+ memset(&str->data[len],0,str->length-len);
+ str->length=len;
+ return(len);
+ }
+ if (str->max >= len)
+ {
+ memset(&str->data[str->length],0,len-str->length);
+ str->length=len;
+ return(len);
+ }
+ n=(len+3)/3*4;
+ if (str->data == NULL)
+ ret=OPENSSL_malloc(n);
+ else
+ ret=OPENSSL_realloc_clean(str->data,str->max,n);
+ if (ret == NULL)
+ {
+ BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+ len=0;
+ }
+ else
+ {
+ str->data=ret;
+ str->max=n;
+ memset(&str->data[str->length],0,len-str->length);
+ str->length=len;
+ }
+ return(len);
+ }
+
char *BUF_strdup(const char *str)
{
char *ret;
return(ret);
}
+size_t BUF_strlcpy(char *dst, const char *src, size_t size)
+ {
+ size_t l = 0;
+ for(; size > 1 && *src; size--)
+ {
+ *dst++ = *src++;
+ l++;
+ }
+ if (size)
+ *dst = '\0';
+ return l + strlen(src);
+ }
+
+size_t BUF_strlcat(char *dst, const char *src, size_t size)
+ {
+ size_t l = 0;
+ for(; size > 0 && *dst; size--, dst++)
+ l++;
+ return l + BUF_strlcpy(dst, src, size);
+ }
extern "C" {
#endif
+#include <sys/types.h>
+
typedef struct buf_mem_st
{
int length; /* current number of bytes */
BUF_MEM *BUF_MEM_new(void);
void BUF_MEM_free(BUF_MEM *a);
int BUF_MEM_grow(BUF_MEM *str, int len);
+int BUF_MEM_grow_clean(BUF_MEM *str, int len);
char * BUF_strdup(const char *str);
+/* safe string functions */
+size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
+size_t BUF_strlcat(char *dst,const char *src,size_t siz);
+
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
goto err;
}
- BUF_MEM_grow(buf,(strlen(p)+len-(e-from)));
+ BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from)));
while (*p)
buf->data[to++]= *(p++);
from=e;
#endif
#endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+ {
+ fprintf(stderr,
+ "%s(%d): OpenSSL internal error, assertion failed: %s\n",
+ file,line,assertion);
+ abort();
+ }
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
-/* size of string represenations */
-#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
-#define HEX_SIZE(type) ((sizeof(type)*2)
+/* size of string representations */
+#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type) (sizeof(type)*2)
+
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
#ifdef __cplusplus
}
#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
#define OPENSSL_realloc(addr,num) \
CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+#define OPENSSL_realloc_clean(addr,old_num,num) \
+ CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
#define OPENSSL_remalloc(addr,num) \
CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
#define OPENSSL_freeFunc CRYPTO_free
void *CRYPTO_malloc(int num, const char *file, int line);
void CRYPTO_free(void *);
void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
+void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
+ int line);
void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
void CRYPTO_set_mem_debug_options(long bits);
typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
-
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
i=BN_num_bits(r->q);
bs.length=(i+7)/8;
+ OPENSSL_assert(bs.length <= sizeof buf);
bs.data=buf;
bs.type=V_ASN1_INTEGER;
/* If the top bit is set the asn1 encoding is 1 larger. */
{
i=ctx->buf_len-ctx->buf_off;
if (i > outl) i=outl;
+ OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf);
memcpy(out,&(ctx->buf[ctx->buf_off]),i);
ret=i;
out+=i;
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
int ret;
+
+ OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret=ctx->digest->final(ctx,md);
if (size != NULL)
*size=ctx->digest->md_size;
if (type != NULL)
{
l=EVP_CIPHER_CTX_iv_length(c);
+ OPENSSL_assert(l <= sizeof iv);
i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
if (i != l)
return(-1);
typedef struct
{
- /* FIXME: what is the key for? */
- unsigned char key[EVP_RC4_KEY_SIZE];
RC4_KEY ks; /* working key */
} EVP_RC4_KEY;
static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- memcpy(&data(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
- data(ctx)->key);
+ key);
return 1;
}
*outl=0;
if (inl == 0) return;
+ OPENSSL_assert(ctx->length <= sizeof ctx->enc_data);
if ((ctx->num+inl) < ctx->length)
{
memcpy(&(ctx->enc_data[ctx->num]),in,inl);
/* only save the good data :-) */
if (!B64_NOT_BASE64(v))
{
+ OPENSSL_assert(n < sizeof ctx->enc_data);
d[n++]=tmp;
ln++;
}
#include <openssl/engine.h>
#include "evp_locl.h"
-#include <assert.h>
-
const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
}
skip_to_init:
/* we assume block size is a power of 2 in *cryptUpdate */
- assert(ctx->cipher->block_size == 1
- || ctx->cipher->block_size == 8
- || ctx->cipher->block_size == 16);
+ OPENSSL_assert(ctx->cipher->block_size == 1
+ || ctx->cipher->block_size == 8
+ || ctx->cipher->block_size == 16);
if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
switch(EVP_CIPHER_CTX_mode(ctx)) {
case EVP_CIPH_CBC_MODE:
+ OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv);
if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
break;
{
int i,j,bl;
+ OPENSSL_assert(inl > 0);
if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
{
if(ctx->cipher->do_cipher(ctx,out,in,inl))
}
i=ctx->buf_len;
bl=ctx->cipher->block_size;
+ OPENSSL_assert(bl <= sizeof ctx->buf);
if (i != 0)
{
if (i+inl < bl)
int i,n,b,bl,ret;
b=ctx->cipher->block_size;
+ OPENSSL_assert(b <= sizeof ctx->buf);
if (b == 1)
{
*outl=0;
return EVP_EncryptUpdate(ctx, out, outl, in, inl);
b=ctx->cipher->block_size;
+ OPENSSL_assert(b <= sizeof ctx->final);
if(ctx->final_used)
{
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
return(0);
}
+ OPENSSL_assert(b <= sizeof ctx->final);
n=ctx->final[b-1];
if (n > b)
{
nkey=type->key_len;
niv=type->iv_len;
+ OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+ OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
if (data == NULL) return(nkey);
if (type != NULL)
{
l=EVP_CIPHER_CTX_iv_length(c);
+ OPENSSL_assert(l <= sizeof c->iv);
i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
if (i != l)
return(-1);
if (type != NULL)
{
j=EVP_CIPHER_CTX_iv_length(c);
+ OPENSSL_assert(j <= sizeof c->iv);
i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
}
return(i);
char obj_tmp[80];
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
if (!pbe_obj) strcpy (obj_tmp, "NULL");
- else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj);
+ else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
ERR_add_error_data(2, "TYPE=", obj_tmp);
return 0;
}
EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
}
EVP_MD_CTX_cleanup(&ctx);
+ OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp);
memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
+ OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher));
EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
goto err;
}
keylen = EVP_CIPHER_CTX_key_length(ctx);
+ OPENSSL_assert(keylen <= sizeof key);
/* Now decode key derivation function */
# DO NOT DELETE THIS LINE -- make depend depends on it.
-hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hmac.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
-hmac.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
-hmac.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-hmac.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
-hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+hmac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+hmac.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+hmac.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
-hmac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-hmac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-hmac.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-hmac.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-hmac.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-hmac.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-hmac.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-hmac.o: ../../include/openssl/ui_compat.h hmac.c
+hmac.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hmac.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hmac.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hmac.o: ../cryptlib.h hmac.c
#include <stdlib.h>
#include <string.h>
#include <openssl/hmac.h>
+#include "cryptlib.h"
void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl)
{
reset=1;
j=EVP_MD_block_size(md);
+ OPENSSL_assert(j <= sizeof ctx->key);
if (j < len)
{
EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
}
else
{
+ OPENSSL_assert(len <= sizeof ctx->key);
memcpy(ctx->key,key,len);
ctx->key_length=len;
}
void lh_stats_bio(const LHASH *lh, BIO *out)
{
- char buf[128];
-
- sprintf(buf,"num_items = %lu\n",lh->num_items);
- BIO_puts(out,buf);
- sprintf(buf,"num_nodes = %u\n",lh->num_nodes);
- BIO_puts(out,buf);
- sprintf(buf,"num_alloc_nodes = %u\n",lh->num_alloc_nodes);
- BIO_puts(out,buf);
- sprintf(buf,"num_expands = %lu\n",lh->num_expands);
- BIO_puts(out,buf);
- sprintf(buf,"num_expand_reallocs = %lu\n",lh->num_expand_reallocs);
- BIO_puts(out,buf);
- sprintf(buf,"num_contracts = %lu\n",lh->num_contracts);
- BIO_puts(out,buf);
- sprintf(buf,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
- BIO_puts(out,buf);
- sprintf(buf,"num_hash_calls = %lu\n",lh->num_hash_calls);
- BIO_puts(out,buf);
- sprintf(buf,"num_comp_calls = %lu\n",lh->num_comp_calls);
- BIO_puts(out,buf);
- sprintf(buf,"num_insert = %lu\n",lh->num_insert);
- BIO_puts(out,buf);
- sprintf(buf,"num_replace = %lu\n",lh->num_replace);
- BIO_puts(out,buf);
- sprintf(buf,"num_delete = %lu\n",lh->num_delete);
- BIO_puts(out,buf);
- sprintf(buf,"num_no_delete = %lu\n",lh->num_no_delete);
- BIO_puts(out,buf);
- sprintf(buf,"num_retrieve = %lu\n",lh->num_retrieve);
- BIO_puts(out,buf);
- sprintf(buf,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss);
- BIO_puts(out,buf);
- sprintf(buf,"num_hash_comps = %lu\n",lh->num_hash_comps);
- BIO_puts(out,buf);
+ BIO_printf(out,"num_items = %lu\n",lh->num_items);
+ BIO_printf(out,"num_nodes = %u\n",lh->num_nodes);
+ BIO_printf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes);
+ BIO_printf(out,"num_expands = %lu\n",lh->num_expands);
+ BIO_printf(out,"num_expand_reallocs = %lu\n",
+ lh->num_expand_reallocs);
+ BIO_printf(out,"num_contracts = %lu\n",lh->num_contracts);
+ BIO_printf(out,"num_contract_reallocs = %lu\n",
+ lh->num_contract_reallocs);
+ BIO_printf(out,"num_hash_calls = %lu\n",lh->num_hash_calls);
+ BIO_printf(out,"num_comp_calls = %lu\n",lh->num_comp_calls);
+ BIO_printf(out,"num_insert = %lu\n",lh->num_insert);
+ BIO_printf(out,"num_replace = %lu\n",lh->num_replace);
+ BIO_printf(out,"num_delete = %lu\n",lh->num_delete);
+ BIO_printf(out,"num_no_delete = %lu\n",lh->num_no_delete);
+ BIO_printf(out,"num_retrieve = %lu\n",lh->num_retrieve);
+ BIO_printf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss);
+ BIO_printf(out,"num_hash_comps = %lu\n",lh->num_hash_comps);
#if 0
- sprintf(buf,"p = %u\n",lh->p);
- BIO_puts(out,buf);
- sprintf(buf,"pmax = %u\n",lh->pmax);
- BIO_puts(out,buf);
- sprintf(buf,"up_load = %lu\n",lh->up_load);
- BIO_puts(out,buf);
- sprintf(buf,"down_load = %lu\n",lh->down_load);
- BIO_puts(out,buf);
+ BIO_printf(out,"p = %u\n",lh->p);
+ BIO_printf(out,"pmax = %u\n",lh->pmax);
+ BIO_printf(out,"up_load = %lu\n",lh->up_load);
+ BIO_printf(out,"down_load = %lu\n",lh->down_load);
#endif
}
{
LHASH_NODE *n;
unsigned int i,num;
- char buf[128];
for (i=0; i<lh->num_nodes; i++)
{
for (n=lh->b[i],num=0; n != NULL; n=n->next)
num++;
- sprintf(buf,"node %6u -> %3u\n",i,num);
- BIO_puts(out,buf);
+ BIO_printf(out,"node %6u -> %3u\n",i,num);
}
}
unsigned long num;
unsigned int i;
unsigned long total=0,n_used=0;
- char buf[128];
for (i=0; i<lh->num_nodes; i++)
{
total+=num;
}
}
- sprintf(buf,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
- BIO_puts(out,buf);
- sprintf(buf,"%lu items\n",total);
- BIO_puts(out,buf);
+ BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
+ BIO_printf(out,"%lu items\n",total);
if (n_used == 0) return;
- sprintf(buf,"load %d.%02d actual load %d.%02d\n",
- (int)(total/lh->num_nodes),
- (int)((total%lh->num_nodes)*100/lh->num_nodes),
- (int)(total/n_used),
- (int)((total%n_used)*100/n_used));
- BIO_puts(out,buf);
+ BIO_printf(out,"load %d.%02d actual load %d.%02d\n",
+ (int)(total/lh->num_nodes),
+ (int)((total%lh->num_nodes)*100/lh->num_nodes),
+ (int)(total/n_used),
+ (int)((total%n_used)*100/n_used));
}
#endif
int MD2_Init(MD2_CTX *c)
{
c->num=0;
- memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT));
- memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT));
- memset(c->data,0,MD2_BLOCK);
+ memset(c->state,0,sizeof c->state);
+ memset(c->cksm,0,sizeof c->cksm);
+ memset(c->data,0,sizeof c->data);
return 1;
}
MD4_Init(&c);
for (;;)
{
- i=read(fd,buf,BUFSIZE);
+ i=read(fd,buf,sizeof buf);
if (i <= 0) break;
MD4_Update(&c,buf,(unsigned long)i);
}
if (str == NULL)
return CRYPTO_malloc(num, file, line);
-
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret = realloc_ex_func(str,num,file,line);
return ret;
}
+void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
+ int line)
+ {
+ void *ret = NULL;
+
+ if (str == NULL)
+ return CRYPTO_malloc(num, file, line);
+ if (realloc_debug_func != NULL)
+ realloc_debug_func(str, NULL, num, file, line, 0);
+ ret=malloc_ex_func(num,file,line);
+ if(ret)
+ memcpy(ret,str,old_len);
+ memset(str,'\0',old_len);
+ free_func(str);
+#ifdef LEVITTE_DEBUG_MEM
+ fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num);
+#endif
+ if (realloc_debug_func != NULL)
+ realloc_debug_func(str, ret, num, file, line, 1);
+
+ return ret;
+ }
+
void CRYPTO_free(void *str)
{
if (free_debug_func != NULL)
return(a);
}
-
void CRYPTO_set_mem_debug_options(long bits)
{
if (set_debug_options_func != NULL)
void CRYPTO_mem_leaks(BIO *b)
{
MEM_LEAK ml;
- char buf[80];
if (mh == NULL && amih == NULL)
return;
(char *)&ml);
if (ml.chunks != 0)
{
- sprintf(buf,"%ld bytes leaked in %d chunks\n",
- ml.bytes,ml.chunks);
- BIO_puts(b,buf);
+ BIO_printf(b,"%ld bytes leaked in %d chunks\n",
+ ml.bytes,ml.chunks);
}
else
{
sprintf(tbuf,"%d.%lu",i,l);
i=strlen(tbuf);
- strncpy(buf,tbuf,buf_len);
+ BUF_strlcpy(buf,tbuf,buf_len);
buf_len-=i;
buf+=i;
n+=i;
sprintf(tbuf,".%lu",l);
i=strlen(tbuf);
if (buf_len > 0)
- strncpy(buf,tbuf,buf_len);
+ BUF_strlcpy(buf,tbuf,buf_len);
buf_len-=i;
buf+=i;
n+=i;
s=OBJ_nid2ln(nid);
if (s == NULL)
s=OBJ_nid2sn(nid);
- strncpy(buf,s,buf_len);
+ BUF_strlcpy(buf,s,buf_len);
n=strlen(s);
}
- buf[buf_len-1]='\0';
return(n);
}
}
if(!(mem = BIO_new(BIO_s_mem()))) goto err;
/* Copy response to a memory BIO: socket bios can't do gets! */
- while ((len = BIO_read(b, tmpbuf, 1024))) {
+ while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) {
if(len < 0) {
OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR);
goto err;
int cipher;
int key_enc;
- char iv[8];
+ /* char iv[8]; unused and wrong size */
} PEM_USER;
typedef struct pem_ctx_st
struct {
int cipher;
- unsigned char iv[8];
+ /* unused, and wrong size
+ unsigned char iv[8]; */
} DEK_info;
PEM_USER *originator;
EVP_CIPHER *dec; /* date encryption cipher */
int key_len; /* key length */
unsigned char *key; /* key */
- unsigned char iv[8]; /* the iv */
+ /* unused, and wrong size
+ unsigned char iv[8]; */
int data_enc; /* is the data encrypted */
}
/* create the right magic header stuff */
+ OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
buf[0]='\0';
PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
void PEM_dek_info(char *buf, const char *type, int len, char *str)
{
- static unsigned char map[17]="0123456789ABCDEF";
+ static const unsigned char map[17]="0123456789ABCDEF";
long i;
int j;
goto err;
}
/* dzise + 8 bytes are needed */
+ // actually it needs the cipher block size extra...
data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
if (data == NULL)
{
kstr=(unsigned char *)buf;
}
RAND_add(data,i,0);/* put in the RSA key. */
+ OPENSSL_assert(enc->iv_len <= sizeof iv);
if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
goto err;
/* The 'iv' is used as the iv and as a salt. It is
if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+ OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
+
buf[0]='\0';
PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
if (strncmp(buf,"-----END ",9) == 0)
break;
if (i > 65) break;
- if (!BUF_MEM_grow(dataB,i+bl+9))
+ if (!BUF_MEM_grow_clean(dataB,i+bl+9))
{
PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;
/* We now have the EVP_MD_CTX, lets do the
* signing. */
EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
- if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
+ if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
{
PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
goto err;
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
- if (strlen(path) > sizeof(addr.sun_path))
+ if (strlen(path) >= sizeof(addr.sun_path))
return (-1);
strcpy(addr.sun_path,path);
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
s=getenv("RANDFILE");
if (s != NULL)
{
- strncpy(buf,s,size-1);
- buf[size-1]='\0';
+ if(strlen(s) >= size)
+ return NULL;
+ strcpy(buf,s);
ret=buf;
}
else
if (offset != 0)
{
size+=BUFSIZE;
- if (!BUF_MEM_grow(buf,size)) goto err;
+ if (!BUF_MEM_grow_clean(buf,size)) goto err;
}
buf->data[offset]='\0';
BIO_gets(in,&(buf->data[offset]),size-offset);
if (pp[j] != NULL)
l+=strlen(pp[j]);
}
- if (!BUF_MEM_grow(buf,(int)(l*2+nn))) goto err;
+ if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err;
p=buf->data;
for (j=0; j<nn; j++)
ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
ui_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ui_err.o: ../../include/openssl/ui.h ui_err.c
-ui_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-ui_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ui_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-ui_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ui_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ui_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ui_lib.c
-ui_lib.o: ui_locl.h
+ui_lib.o: ../../e_os.h ../../include/openssl/bio.h
+ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_lib.o: ../../include/openssl/ui.h ../cryptlib.h ui_lib.c ui_locl.h
ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h
ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
#include <openssl/ui.h>
#include <openssl/err.h>
#include "ui_locl.h"
+#include "cryptlib.h"
IMPLEMENT_STACK_OF(UI_STRING_ST)
case UIT_PROMPT:
case UIT_VERIFY:
{
- char number1[20];
- char number2[20];
+ char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1];
+ char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1];
BIO_snprintf(number1, sizeof(number1), "%d",
uis->_.string_data.result_minsize);
STACK_OF(X509) *certs;
} NETSCAPE_CERT_SEQUENCE;
+/* Unused (and iv length is wrong)
typedef struct CBCParameter_st
{
unsigned char iv[8];
} CBC_PARAM;
+*/
/* Password based encryption structure */
*/
#include <stdio.h>
+#include <ctype.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/objects.h>
unsigned long ret=0;
EVP_MD_CTX ctx;
unsigned char md[16];
- char str[256];
+ char *f;
EVP_MD_CTX_init(&ctx);
- X509_NAME_oneline(a->cert_info->issuer,str,256);
- ret=strlen(str);
+ f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
+ ret=strlen(f);
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
- EVP_DigestUpdate(&ctx,(unsigned char *)str,ret);
+ EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
+ OPENSSL_free(f);
EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
(unsigned long)a->cert_info->serialNumber->length);
EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
ret = i2v_GENERAL_NAME(method, desc->location, ret);
if(!ret) break;
vtmp = sk_CONF_VALUE_value(ret, i);
- i2t_ASN1_OBJECT(objtmp, 80, desc->method);
+ i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
if(!ntmp) {
X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
unsigned char *buff=NULL,*bufsize=NULL;
int bsize=BSIZE,verbose=0;
int ret=1,inl;
- unsigned char key[24],iv[MD5_DIGEST_LENGTH];
char *str=NULL;
char *hkey=NULL,*hiv=NULL;
int enc=1,printkey=0,i,base64=0;
char *inf=NULL,*outf=NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 39
- char pname[PROG_NAME_SIZE+1];
apps_startup();
fprintf(stderr,"please enter challenge string:");
fflush(stderr);
- fgets(buf,120,stdin);
+ buf[0]='\0';
+ fgets(buf,sizeof buf,stdin);
i=strlen(buf);
if (i > 0) buf[--i]='\0';
if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,
s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
-s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s2_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s2_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h
+s2_enc.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_enc.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c
+s2_enc.o: ssl_locl.h
s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s2_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s2_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h
-s2_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-s2_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h
-s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h
-s2_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
-s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
-s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
-s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
-s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
-s2_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
-s2_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
-s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h
+s2_pkt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_pkt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_pkt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_pkt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
+s2_pkt.o: ssl_locl.h
s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/ui.h
ssl_err2.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c
-ssl_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-ssl_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
-ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ssl_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
-ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
-ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
-ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
-ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
-ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h
+ssl_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h
+ssl_lib.o: ssl_lib.c ssl_locl.h
ssl_rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
return ((string == NULL)? null: string);
}
-#define MAXKNUM 255
-char
-*knumber(int len, krb5_octet *contents)
- {
- static char buf[MAXKNUM+1];
- int i;
-
- BIO_snprintf(buf, MAXKNUM, "[%d] ", len);
-
- for (i=0; i < len && MAXKNUM > strlen(buf)+3; i++)
- {
- BIO_snprintf(&buf[strlen(buf)], 3, "%02x", contents[i]);
- }
-
- return (buf);
- }
-
-
/* Given KRB5 enctype (basically DES or 3DES),
** return closest match openssl EVP_ encryption algorithm.
** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes.
}
#endif
enc = kssl_map_enc(enctype);
- memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
+ memset(iv, 0, sizeof iv); /* per RFC 1510 */
if (enc == NULL)
{
#define KSSL_CLOCKSKEW 300;
#endif
+/* Unused
#define KSSL_ERR_MAX 255
typedef struct kssl_err_st {
int reason;
char text[KSSL_ERR_MAX+1];
} KSSL_ERR;
-
+*/
/* Context for passing
** (1) Kerberos session key to SSL, and
if (s->s3 != NULL) ssl3_free(s);
- if (!BUF_MEM_grow(s->init_buf,
+ if (!BUF_MEM_grow_clean(s->init_buf,
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
{
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
if (s->s3 != NULL) ssl3_free(s);
- if (!BUF_MEM_grow(s->init_buf,
+ if (!BUF_MEM_grow_clean(s->init_buf,
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
{
goto err;
EVP_MD_CTX_init(&ctx);
EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL);
EVP_SignUpdate(&ctx,s->s2->key_material,
- (unsigned int)s->s2->key_material_length);
+ s->s2->key_material_length);
EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
EVP_SignUpdate(&ctx,buf,(unsigned int)n);
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
p += 1;
- if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
+ if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
#include "ssl_locl.h"
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
+#include "cryptlib.h"
int ssl2_enc_init(SSL *s, int client)
{
num=c->key_len;
s->s2->key_material_length=num*2;
+ OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
if (ssl2_generate_key_material(s) <= 0)
return 0;
+ OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg);
EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
s->session->key_arg);
EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
EVP_DigestInit_ex(&ctx, md5, NULL);
+ OPENSSL_assert(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ < sizeof s->session->master_key);
EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
EVP_DigestUpdate(&ctx,&c,1);
c++;
error=s->error; /* number of bytes left to write */
s->error=0;
- if (error < 0 || error > sizeof buf) /* can't happen */
- return;
-
+ OPENSSL_assert(error >= 0 && error <= sizeof buf);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include <errno.h>
+#include "cryptlib.h"
#define USE_SOCKETS
static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
else
{
mac_size=EVP_MD_size(s->read_hash);
+ OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
s->s2->mac_data=p;
s->s2->ract_data= &p[mac_size];
if (s->s2->padding + mac_size > s->s2->rlength)
if (s->msg_callback)
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
p += 1;
- if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
+ if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
EVP_MD_CTX_init(&ctx);
EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
EVP_VerifyUpdate(&ctx,s->s2->key_material,
- (unsigned int)s->s2->key_material_length);
+ s->s2->key_material_length);
EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
/* TLSv1 sends a chain with nothing in it, instead of an alert */
buf=s->init_buf;
- if (!BUF_MEM_grow(buf,(int)(10)))
+ if (!BUF_MEM_grow_clean(buf,10))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
for (;;)
{
n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+ if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
{
x=sk_X509_value(s->ctx->extra_certs,i);
n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+ if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
- if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))
+ if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
{
SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
goto err;
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
goto f_err;
}
+
if (j != 0 && j == s->session->session_id_length
&& memcmp(p,s->session->session_id,j) == 0)
{
tmp_buf[0]=s->client_version>>8;
tmp_buf[1]=s->client_version&0xff;
- if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0)
+ if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
goto err;
- s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
+ s->session->master_key_length=sizeof tmp_buf;
q=p;
/* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION)
p+=2;
- n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH,
+ n=RSA_public_encrypt(sizeof tmp_buf,
tmp_buf,p,rsa,RSA_PKCS1_PADDING);
#ifdef PKCS1_CHECK
if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
- tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
- memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
+ tmp_buf,sizeof tmp_buf);
+ memset(tmp_buf,0,sizeof tmp_buf);
}
#endif
#ifndef OPENSSL_NO_KRB5
n+=2;
}
- if (RAND_bytes(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH) <= 0)
+ if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
goto err;
/* 20010420 VRS. Tried it this way; failed.
** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
*/
- memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
+ memset(iv, 0, sizeof iv); /* per RFC 1510 */
EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
kssl_ctx->key,iv);
EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
- SSL_MAX_MASTER_KEY_LENGTH);
+ sizeof tmp_buf);
EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
outl += padl;
if (outl > sizeof epms)
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
- tmp_buf, SSL_MAX_MASTER_KEY_LENGTH);
+ tmp_buf, sizeof tmp_buf);
- memset(tmp_buf, 0, SSL_MAX_MASTER_KEY_LENGTH);
+ memset(tmp_buf, 0, sizeof tmp_buf);
memset(epms, 0, outl);
}
#endif
{
unsigned char *p,*key_block,*mac_secret;
unsigned char exp_key[EVP_MAX_KEY_LENGTH];
- unsigned char exp_iv[EVP_MAX_KEY_LENGTH];
+ unsigned char exp_iv[EVP_MAX_IV_LENGTH];
unsigned char *ms,*key,*iv,*er1,*er2;
EVP_CIPHER_CTX *dd;
const EVP_CIPHER *c;
kn=0;
}
- if (!BUF_MEM_grow(buf,n+4+kn))
+ if (!BUF_MEM_grow_clean(buf,n+4+kn))
{
SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
goto err;
{
name=sk_X509_NAME_value(sk,i);
j=i2d_X509_NAME(name,NULL);
- if (!BUF_MEM_grow(buf,4+n+j+2))
+ if (!BUF_MEM_grow_clean(buf,4+n+j+2))
{
SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
goto err;
if (enc == NULL)
goto err;
- memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
+ memset(iv, 0, sizeof iv); /* per RFC 1510 */
if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
{
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
+#define SSL_R_MASTER_KEY_TOO_LONG 1112
#define SSL_R_MESSAGE_TOO_LONG 1111
#define SSL_R_MISSING_DH_DSA_CERT 162
#define SSL_R_MISSING_DH_KEY 163
os.length = sizeof ret->session_id;
ret->session_id_length=os.length;
+ OPENSSL_assert(os.length <= sizeof ret->session_id);
memcpy(ret->session_id,os.data,os.length);
M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
if(os.data != NULL)
{
if (os.length > SSL_MAX_SID_CTX_LENGTH)
+ {
+ ret->sid_ctx_length=os.length;
SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
- ret->sid_ctx_length=os.length;
- memcpy(ret->sid_ctx,os.data,os.length);
+ }
+ else
+ {
+ ret->sid_ctx_length=os.length;
+ memcpy(ret->sid_ctx,os.data,os.length);
+ }
OPENSSL_free(os.data); os.data=NULL; os.length=0;
}
else
{SSL_R_LENGTH_TOO_SHORT ,"length too short"},
{SSL_R_LIBRARY_BUG ,"library bug"},
{SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"},
+{SSL_R_MASTER_KEY_TOO_LONG ,"master key too long"},
{SSL_R_MESSAGE_TOO_LONG ,"message too long"},
{SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"},
{SSL_R_MISSING_DH_KEY ,"missing dh key"},
#include <openssl/objects.h>
#include <openssl/lhash.h>
#include <openssl/x509v3.h>
+#include "cryptlib.h"
const char *SSL_version_str=OPENSSL_VERSION_TEXT;
s->verify_mode=ctx->verify_mode;
s->verify_depth=ctx->verify_depth;
s->sid_ctx_length=ctx->sid_ctx_length;
+ OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
s->verify_callback=ctx->default_verify_callback;
s->generate_session_id=ctx->generate_session_id;
int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
unsigned int sid_ctx_len)
{
- if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+ if(sid_ctx_len > sizeof ctx->sid_ctx)
{
SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
return 0;
* any new session built out of this id/id_len and the ssl_version in
* use by this SSL. */
SSL_SESSION r, *p;
+
+ if(id_len > sizeof r.session_id)
+ return 0;
+
r.ssl_version = ssl->version;
r.session_id_length = id_len;
memcpy(r.session_id, id, id_len);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
- memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
- memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
- memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+ memset(ss->key_arg,0,sizeof ss->key_arg);
+ memset(ss->master_key,0,sizeof ss->master_key);
+ memset(ss->session_id,0,sizeof ss->session_id);
if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
if (ss->peer != NULL) X509_free(ss->peer);
if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
{
int status, length, link_state;
struct rpc_msg msg;
- static char cbuf[200],sbuf[200];
+
SSL *s_ssl=NULL;
BIO *c_to_s=NULL;
BIO *s_to_c=NULL;
#ifndef OPENSSL_NO_KRB5
if (c_ssl && c_ssl->kssl_ctx)
{
- char localhost[257];
+ char localhost[MAXHOSTNAMELEN+2];
- if (gethostname(localhost, 256) == 0)
+ if (gethostname(localhost, sizeof localhost-1) == 0)
{
+ localhost[sizeof localhost-1]='\0';
+ if(strlen(localhost) == sizeof localhost-1)
+ {
+ BIO_printf(bio_err,"localhost name too long\n");
+ got end;
+ }
kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
localhost);
}
{
char *s,buf[256];
- s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256);
+ s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
+ sizeof buf);
if (s != NULL)
{
if (ok)
unsigned int j;
HMAC_CTX ctx;
HMAC_CTX ctx_tmp;
- unsigned char A1[HMAC_MAX_MD_CBLOCK];
+ unsigned char A1[EVP_MAX_MD_SIZE];
unsigned int A1_len;
chunk=EVP_MD_size(md);
tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
s->session->master_key,s->session->master_key_length,
- out,buf2,12);
+ out,buf2,sizeof buf2);
EVP_MD_CTX_cleanup(&ctx);
- return((int)12);
+ return sizeof buf2;
}
int tls1_mac(SSL *ssl, unsigned char *md, int send)
s->s3->server_random,SSL3_RANDOM_SIZE);
tls1_PRF(s->ctx->md5,s->ctx->sha1,
buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
- s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
+ s->session->master_key,buff,sizeof buff);
#ifdef KSSL_DEBUG
printf ("tls1_generate_master_secret() complete\n");
#endif /* KSSL_DEBUG */
projects / oweals / openssl.git / commitdiff