wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Many security improvements (CHATS) and a warning fix.

Browse source
This commit is contained in:
Ben Laurie 2002-11-12 13:23:40 +00:00
parent 707ceb29e0
commit 9831d941ca
111 changed files with 755 additions and 480 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
CHANGES
View file

@ -4,6 +4,91 @@
Changes between 0.9.6h and 0.9.7 [XX xxx 2002]
*) Introduce safe string copy and catenation functions
(BUF_strlcpy() and BUF_strlcat()).
[Ben Laurie (CHATS) and Richard Levitte]
*) Avoid using fixed-size buffers for one-line DNs.
[Ben Laurie (CHATS)]
*) Add BUF_MEM_grow_clean() to avoid information leakage when
resizing buffers containing secrets, and use where appropriate.
[Ben Laurie (CHATS)]
*) Avoid using fixed size buffers for configuration file location.
[Ben Laurie (CHATS)]
*) Avoid filename truncation for various CA files.
[Ben Laurie (CHATS)]
*) Use sizeof in preference to magic numbers.
[Ben Laurie (CHATS)]
*) Avoid filename truncation in cert requests.
[Ben Laurie (CHATS)]
*) New OPENSSL_assert() macro (similar to assert(), but enabled
unconditionally).
[Ben Laurie (CHATS)]
*) Add assertions to check for (supposedly impossible) buffer
overflows.
[Ben Laurie (CHATS)]
*) Don't cache truncated DNS entries in the local cache (this could
potentially lead to a spoofing attack).
[Ben Laurie (CHATS)]
*) Fix various buffers to be large enough for hex/decimal
representations in a platform independent manner.
[Ben Laurie (CHATS)]
*) Add CRYPTO_realloc_clean() to avoid information leakage when
resizing buffers containing secrets, and use where appropriate.
[Ben Laurie (CHATS)]
*) Add BIO_indent() to avoid much slightly worrying code to do
indents.
[Ben Laurie (CHATS)]
*) Convert sprintf()/BIO_puts() to BIO_printf().
[Ben Laurie (CHATS)]
*) buffer_gets() could terminate with the buffer only half
full. Fixed.
[Ben Laurie (CHATS)]
*) Add assertions to prevent crypto functions from overflowing
internal buffers by having large block sizes, etc.
[Ben Laurie (CHATS)]
*) Eliminate unused copy of key in RC4.
[Ben Laurie (CHATS)]
*) Eliminate unused and incorrectly sized buffers for IV in pem.h.
[Ben Laurie (CHATS)]
*) Fix off-by-one error in EGD path.
[Ben Laurie (CHATS)]
*) If RANDFILE path is too long, ignore instead of truncating.
[Ben Laurie (CHATS)]
*) Eliminate unused and incorrectly sized X.509 structure
CBCParameter.
[Ben Laurie (CHATS)]
*) Eliminate unused and dangerous function knumber().
[Ben Laurie (CHATS)]
*) Eliminate unused and dangerous structure, KSSL_ERR.
[Ben Laurie (CHATS)]
*) Protect against overlong session ID context length in an encoded
session object. Since these are local, this does not appear to be
exploitable.
[Ben Laurie (CHATS)]
*) Change from security patch (see 0.9.6e below) that did not affect
the 0.9.6 release series:

48
apps/Makefile.ssl
View file

@ -762,30 +762,30 @@ rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
rand.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rand.c
req.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
req.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
req.o: ../include/openssl/cast.h ../include/openssl/conf.h
req.o: ../include/openssl/crypto.h ../include/openssl/des.h
req.o: ../include/openssl/des_old.h ../include/openssl/dh.h
req.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
req.o: ../include/openssl/engine.h ../include/openssl/err.h
req.o: ../include/openssl/evp.h ../include/openssl/idea.h
req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
req.o: ../include/openssl/md4.h ../include/openssl/md5.h
req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
req.o: ../include/openssl/sha.h ../include/openssl/stack.h
req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
req.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
req.o: ../include/openssl/x509v3.h apps.h req.c
req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
req.o: ../include/openssl/des.h ../include/openssl/des_old.h
req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
req.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
req.o: ../include/openssl/err.h ../include/openssl/evp.h
req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
req.o: ../include/openssl/md2.h ../include/openssl/md4.h
req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
req.o: ../include/openssl/rand.h ../include/openssl/rc2.h
req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
req.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h

41
apps/apps.c
View file

@ -337,8 +337,7 @@ void program_name(char *in, char *out, int size)
p++;
else
p=in;
strncpy(out,p,size-1);
out[size-1]='\0';
BUF_strlcpy(out,p,size);
}
#endif
#endif
@ -447,16 +446,20 @@ int app_init(long mesgwin)
int dump_cert_text (BIO *out, X509 *x)
{
char buf[256];
X509_NAME_oneline(X509_get_subject_name(x),buf,256);
BIO_puts(out,"subject=");
BIO_puts(out,buf);
char *p;
X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
BIO_puts(out,"\nissuer= ");
BIO_puts(out,buf);
p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
BIO_puts(out,"subject=");
BIO_puts(out,p);
OPENSSL_free(p);
p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
BIO_puts(out,"\nissuer=");
BIO_puts(out,p);
BIO_puts(out,"\n");
return 0;
OPENSSL_free(p);
return 0;
}
static int ui_open(UI *ui)
@ -978,7 +981,7 @@ load_netscape_key(BIO *err, BIO *key, const char *file,
goto error;
for (;;)
{
if (!BUF_MEM_grow(buf,size+1024*10))
if (!BUF_MEM_grow_clean(buf,size+1024*10))
goto error;
i = BIO_read(key, &(buf->data[size]), 1024*10);
size += i;
@ -1253,6 +1256,7 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
char *buf;
char mline = 0;
int indent = 0;
if(title) BIO_puts(out, title);
if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mline = 1;
@ -1374,3 +1378,18 @@ int load_config(BIO *err, CONF *cnf)
}
return 1;
}
char *make_config_name()
{
const char *t=X509_get_default_cert_area();
char *p;
p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2);
strcpy(p,t);
#ifndef OPENSSL_SYS_VMS
strcat(p,"/");
#endif
strcat(p,OPENSSL_CONF);
return p;
}

1
apps/apps.h
View file

@ -251,6 +251,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
int load_config(BIO *err, CONF *cnf);
char *make_config_name(void);
/* Functions defined in ca.c and also used in ocsp.c */
int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,

56
apps/ca.c
View file

@ -334,6 +334,7 @@ int MAIN(int argc, char **argv)
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
char *engine = NULL;
char *tofree=NULL;
#ifdef EFENCE
EF_PROTECT_FREE=1;
@ -561,25 +562,26 @@ bad:
ERR_load_crypto_strings();
e = setup_engine(bio_err, engine, 0);
e = setup_engine(bio_err, engine, 0);
/*****************************************************************/
tofree=NULL;
if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
if (configfile == NULL)
{
/* We will just use 'buf[0]' as a temporary buffer. */
const char *s=X509_get_default_cert_area();
#ifdef OPENSSL_SYS_VMS
strncpy(buf[0],X509_get_default_cert_area(),
sizeof(buf[0])-1-sizeof(CONFIG_FILE));
tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
strcpy(tofree,s);
#else
strncpy(buf[0],X509_get_default_cert_area(),
sizeof(buf[0])-2-sizeof(CONFIG_FILE));
buf[0][sizeof(buf[0])-2-sizeof(CONFIG_FILE)]='\0';
strcat(buf[0],"/");
tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
strcpy(tofree,s);
strcat(tofree,"/");
#endif
strcat(buf[0],CONFIG_FILE);
configfile=buf[0];
strcat(tofree,CONFIG_FILE);
configfile=tofree;
}
BIO_printf(bio_err,"Using configuration from %s\n",configfile);
@ -594,6 +596,8 @@ bad:
,errorline,configfile);
goto err;
}
if(tofree)
OPENSSL_free(tofree);
if (!load_config(bio_err, conf))
goto err;
@ -1286,8 +1290,13 @@ bad:
BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
strncpy(buf[0],serialfile,BSIZE-4);
buf[0][BSIZE-4]='\0';
if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
{
BIO_printf(bio_err,"file name too long\n");
goto err;
}
strcpy(buf[0],serialfile);
#ifdef OPENSSL_SYS_VMS
strcat(buf[0],"-new");
@ -1297,8 +1306,7 @@ bad:
if (!save_serial(buf[0],serial)) goto err;
strncpy(buf[1],dbfile,BSIZE-4);
buf[1][BSIZE-4]='\0';
strcpy(buf[1],dbfile);
#ifdef OPENSSL_SYS_VMS
strcat(buf[1],"-new");
@ -1328,8 +1336,13 @@ bad:
j=x->cert_info->serialNumber->length;
p=(char *)x->cert_info->serialNumber->data;
strncpy(buf[2],outdir,BSIZE-(j*2)-6);
buf[2][BSIZE-(j*2)-6]='\0';
if(strlen(outdir) >= (j ? BSIZE-j*2-6 : BSIZE-8))
{
BIO_printf(bio_err,"certificate file name too long\n");
goto err;
}
strcpy(buf[2],outdir);
#ifndef OPENSSL_SYS_VMS
strcat(buf[2],"/");
@ -1563,8 +1576,13 @@ bad:
if (j <= 0) goto err;
X509_free(revcert);
strncpy(buf[0],dbfile,BSIZE-4);
buf[0][BSIZE-4]='\0';
if(strlen(dbfile) > BSIZE-5)
{
BIO_printf(bio_err,"filename too long\n");
goto err;
}
strcpy(buf[0],dbfile);
#ifndef OPENSSL_SYS_VMS
strcat(buf[0],".new");
#else
@ -1608,6 +1626,8 @@ bad:
/*****************************************************************/
ret=0;
err:
if(tofree)
OPENSSL_free(tofree);
BIO_free_all(Cout);
BIO_free_all(Sout);
BIO_free_all(out);

2
apps/ciphers.c
View file

@ -187,7 +187,7 @@ int MAIN(int argc, char **argv)
{
BIO_puts(STDout,SSL_CIPHER_description(
sk_SSL_CIPHER_value(sk,i),
buf,512));
buf,sizeof buf));
}
}

2
apps/dgst.c
View file

@ -117,7 +117,7 @@ int MAIN(int argc, char **argv)
goto end;
/* first check the program name */
program_name(argv[0],pname,PROG_NAME_SIZE);
program_name(argv[0],pname,sizeof pname);
md=EVP_get_digestbyname(pname);

16
apps/enc.c
View file

@ -102,7 +102,7 @@ int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
static const char magic[]="Salted__";
char mbuf[8]; /* should be 1 smaller than magic */
char mbuf[sizeof magic-1];
char *strbuf=NULL;
unsigned char *buff=NULL,*bufsize=NULL;
int bsize=BSIZE,verbose=0;
@ -131,7 +131,7 @@ int MAIN(int argc, char **argv)
goto end;
/* first check the program name */
program_name(argv[0],pname,PROG_NAME_SIZE);
program_name(argv[0],pname,sizeof pname);
if (strcmp(pname,"base64") == 0)
base64=1;
@ -216,7 +216,7 @@ int MAIN(int argc, char **argv)
goto bad;
}
buf[0]='\0';
fgets(buf,128,infile);
fgets(buf,sizeof buf,infile);
fclose(infile);
i=strlen(buf);
if ((i > 0) &&
@ -442,12 +442,12 @@ bad:
else {
if(enc) {
if(hsalt) {
if(!set_hex(hsalt,salt,PKCS5_SALT_LEN)) {
if(!set_hex(hsalt,salt,sizeof salt)) {
BIO_printf(bio_err,
"invalid hex salt value\n");
goto end;
}
} else if (RAND_pseudo_bytes(salt, PKCS5_SALT_LEN) < 0)
} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
goto end;
/* If -P option then don't bother writing */
if((printkey != 2)
@ -455,14 +455,14 @@ bad:
sizeof magic-1) != sizeof magic-1
|| BIO_write(wbio,
(char *)salt,
PKCS5_SALT_LEN) != PKCS5_SALT_LEN)) {
sizeof salt) != sizeof salt)) {
BIO_printf(bio_err,"error writing output file\n");
goto end;
}
} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
|| BIO_read(rbio,
(unsigned char *)salt,
PKCS5_SALT_LEN) != PKCS5_SALT_LEN) {
sizeof salt) != sizeof salt) {
BIO_printf(bio_err,"error reading input file\n");
goto end;
} else if(memcmp(mbuf,magic,sizeof magic-1)) {
@ -524,7 +524,7 @@ bad:
if (!nosalt)
{
printf("salt=");
for (i=0; i<PKCS5_SALT_LEN; i++)
for (i=0; i<sizeof salt; i++)
printf("%02X",salt[i]);
printf("\n");
}

2
apps/ocsp.c
View file

@ -1179,7 +1179,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port
for(;;)
{
len = BIO_gets(cbio, inbuf, 1024);
len = BIO_gets(cbio, inbuf, sizeof inbuf);
if (len <= 0)
return 1;
/* Look for "POST" signalling start of query */

18
apps/openssl.c
View file

@ -218,7 +218,8 @@ int main(int Argc, char *Argv[])
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
FUNCTION f,*fp;
MS_STATIC char *prompt,buf[1024],config_name[256];
MS_STATIC char *prompt,buf[1024];
char *to_free=NULL;
int n,i,ret=0;
int argc;
char **argv,*p;
@ -261,14 +262,7 @@ int main(int Argc, char *Argv[])
if (p == NULL)
p=getenv("SSLEAY_CONF");
if (p == NULL)
{
strcpy(config_name,X509_get_default_cert_area());
#ifndef OPENSSL_SYS_VMS
strcat(config_name,"/");
#endif
strcat(config_name,OPENSSL_CONF);
p=config_name;
}
p=to_free=make_config_name();
default_config_file=p;
@ -284,7 +278,7 @@ int main(int Argc, char *Argv[])
prog=prog_init();
/* first check the program name */
program_name(Argv[0],pname,PROG_NAME_SIZE);
program_name(Argv[0],pname,sizeof pname);
f.name=pname;
fp=(FUNCTION *)lh_retrieve(prog,&f);
@ -312,7 +306,7 @@ int main(int Argc, char *Argv[])
{
ret=0;
p=buf;
n=1024;
n=sizeof buf;
i=0;
for (;;)
{
@ -346,6 +340,8 @@ int main(int Argc, char *Argv[])
BIO_printf(bio_err,"bad exit\n");
ret=1;
end:
if (to_free)
OPENSSL_free(to_free);
if (config != NULL)
{
NCONF_free(config);

6
apps/pkcs12.c
View file

@ -399,7 +399,7 @@ int MAIN(int argc, char **argv)
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read MAC password");
#endif
if(EVP_read_pw_string (macpass, 50, "Enter MAC Password:", export_cert))
if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
{
BIO_printf (bio_err, "Can't read Password\n");
goto end;
@ -545,7 +545,7 @@ int MAIN(int argc, char **argv)
#endif
if(!noprompt &&
EVP_read_pw_string(pass, 50, "Enter Export Password:", 1)) {
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1)) {
BIO_printf (bio_err, "Can't read Password\n");
goto export_end;
}
@ -642,7 +642,7 @@ int MAIN(int argc, char **argv)
#ifdef CRYPTO_MDEBUG
CRYPTO_push_info("read import password");
#endif
if(!noprompt && EVP_read_pw_string(pass, 50, "Enter Import Password:", 0)) {
if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
BIO_printf (bio_err, "Can't read Password\n");
goto end;
}

4
apps/pkcs8.c
View file

@ -244,7 +244,7 @@ int MAIN(int argc, char **argv)
if(passout) p8pass = passout;
else {
p8pass = pass;
if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
return (1);
}
app_RAND_load_file(NULL, bio_err, 0);
@ -302,7 +302,7 @@ int MAIN(int argc, char **argv)
if(passin) p8pass = passin;
else {
p8pass = pass;
EVP_read_pw_string(pass, 50, "Enter Password:", 0);
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
}
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
X509_SIG_free(p8);

36
apps/req.c
View file

@ -73,6 +73,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include "../crypto/cryptlib.h"
#define SECTION "req"
@ -176,7 +177,7 @@ int MAIN(int argc, char **argv)
const EVP_MD *md_alg=NULL,*digest=EVP_md5();
unsigned long chtype = MBSTRING_ASC;
#ifndef MONOLITH
MS_STATIC char config_name[256];
char *to_free;
long errline;
#endif
@ -470,14 +471,7 @@ bad:
if (p == NULL)
p=getenv("SSLEAY_CONF");
if (p == NULL)
{
strcpy(config_name,X509_get_default_cert_area());
#ifndef OPENSSL_SYS_VMS
strcat(config_name,"/");
#endif
strcat(config_name,OPENSSL_CONF);
p=config_name;
}
p=to_free=make_config_name();
default_config_file=p;
config=NCONF_new(NULL);
i=NCONF_load(config, p, &errline);
@ -1059,6 +1053,10 @@ loop:
}
ex=0;
end:
#ifndef MONOLITH
if(to_free)
OPENSSL_free(to_free);
#endif
if (ex)
{
ERR_print_errors(bio_err);
@ -1218,13 +1216,19 @@ start: for (;;)
}
/* If OBJ not recognised ignore it */
if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
if(strlen(v->name) > sizeof buf-9)
{
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
return 0;
}
sprintf(buf,"%s_default",v->name);
if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
ERR_clear_error();
def="";
}
sprintf(buf,"%s_value",v->name);
if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
{
@ -1271,6 +1275,12 @@ start2: for (;;)
if ((nid=OBJ_txt2nid(type)) == NID_undef)
goto start2;
if(strlen(v->name) > sizeof buf-9)
{
BIO_printf(bio_err,"Name '%s' too long\n",v->name);
return 0;
}
sprintf(buf,"%s_default",type);
if ((def=NCONF_get_string(req_conf,attr_sect,buf))
== NULL)
@ -1374,6 +1384,7 @@ start:
(void)BIO_flush(bio_err);
if(value != NULL)
{
OPENSSL_assert(strlen(value) < sizeof buf-2);
strcpy(buf,value);
strcat(buf,"\n");
BIO_printf(bio_err,"%s\n",value);
@ -1383,7 +1394,7 @@ start:
buf[0]='\0';
if (!batch)
{
fgets(buf,1024,stdin);
fgets(buf,sizeof buf,stdin);
}
else
{
@ -1432,6 +1443,7 @@ start:
(void)BIO_flush(bio_err);
if (value != NULL)
{
OPENSSL_assert(strlen(value) < sizeof buf-2);
strcpy(buf,value);
strcat(buf,"\n");
BIO_printf(bio_err,"%s\n",value);
@ -1441,7 +1453,7 @@ start:
buf[0]='\0';
if (!batch)
{
fgets(buf,1024,stdin);
fgets(buf,sizeof buf,stdin);
}
else
{

4
apps/s_cb.c
View file

@ -134,7 +134,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
err= X509_STORE_CTX_get_error(ctx);
depth= X509_STORE_CTX_get_error_depth(ctx);
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
if (!ok)
{
@ -154,7 +154,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
switch (ctx->error)
{
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
BIO_printf(bio_err,"issuer= %s\n",buf);
break;
case X509_V_ERR_CERT_NOT_YET_VALID:

10
apps/s_client.c
View file

@ -930,10 +930,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
for (i=0; i<sk_X509_num(sk); i++)
{
X509_NAME_oneline(X509_get_subject_name(
sk_X509_value(sk,i)),buf,BUFSIZ);
sk_X509_value(sk,i)),buf,sizeof buf);
BIO_printf(bio,"%2d s:%s\n",i,buf);
X509_NAME_oneline(X509_get_issuer_name(
sk_X509_value(sk,i)),buf,BUFSIZ);
sk_X509_value(sk,i)),buf,sizeof buf);
BIO_printf(bio," i:%s\n",buf);
if (c_showcerts)
PEM_write_bio_X509(bio,sk_X509_value(sk,i));
@ -948,10 +948,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
PEM_write_bio_X509(bio,peer);
X509_NAME_oneline(X509_get_subject_name(peer),
buf,BUFSIZ);
buf,sizeof buf);
BIO_printf(bio,"subject=%s\n",buf);
X509_NAME_oneline(X509_get_issuer_name(peer),
buf,BUFSIZ);
buf,sizeof buf);
BIO_printf(bio,"issuer=%s\n",buf);
}
else
@ -973,7 +973,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
{
BIO_printf(bio,"---\nNo client certificate CA names sent\n");
}
p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
p=SSL_get_shared_ciphers(s,buf,sizeof buf);
if (p != NULL)
{
/* This works only for SSL 2. In later protocol

6
apps/s_server.c
View file

@ -1228,14 +1228,14 @@ static int init_ssl_connection(SSL *con)
{
BIO_printf(bio_s_out,"Client certificate\n");
PEM_write_bio_X509(bio_s_out,peer);
X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ);
X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
BIO_printf(bio_s_out,"subject=%s\n",buf);
X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ);
X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
BIO_printf(bio_s_out,"issuer=%s\n",buf);
X509_free(peer);
}
if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");

9
apps/s_socket.c
View file

@ -529,9 +529,12 @@ static struct hostent *GetHostByName(char *name)
ret=gethostbyname(name);
if (ret == NULL) return(NULL);
/* else add to cache */
strncpy(ghbn_cache[lowi].name,name,128);
memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
if(strlen(name) < sizeof ghbn_cache[0].name)
{
strcpy(ghbn_cache[lowi].name,name);
memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
}
return(ret);
}
else

7
apps/s_time.c
View file

@ -146,6 +146,8 @@
#undef BUFSIZZ
#define BUFSIZZ 1024*10
#define MYBUFSIZ 1024*8
#undef min
#undef max
#define min(a,b) (((a) < (b)) ? (a) : (b))
@ -320,6 +322,11 @@ static int parseArgs(int argc, char **argv)
{
if (--argc < 1) goto bad;
s_www_path= *(++argv);
if(strlen(s_www_path) > MYBUFSIZ-100)
{
BIO_printf(bio_err,"-www option too long\n");
badop=1;
}
}
else if(strcmp(*argv,"-bugs") == 0)
st_bugs=1;

2
apps/speed.c
View file

@ -1781,7 +1781,7 @@ static char *sstrsep(char **string, const char *delim)
if (**string == 0)
return NULL;
memset(isdelim, 0, 256);
memset(isdelim, 0, sizeof isdelim);
isdelim[0] = 1;
while (*delim)

3
apps/verify.c
View file

@ -330,7 +330,8 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
if (!ok)
{
X509_NAME_oneline(
X509_get_subject_name(ctx->current_cert),buf,256);
X509_get_subject_name(ctx->current_cert),buf,
sizeof buf);
printf("%s\n",buf);
printf("error %d at %d depth lookup:%s\n",ctx->error,
ctx->error_depth,

1
apps/winrand.c
View file

@ -118,7 +118,6 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
HDC hdc;
PAINTSTRUCT ps;
RECT rect;
char buffer[200];
static int seeded = 0;
switch (iMsg)

7
apps/x509.c
View file

@ -770,10 +770,11 @@ bad:
int y,z;
X509_NAME_oneline(X509_get_subject_name(x),
buf,256);
buf,sizeof buf);
BIO_printf(STDout,"/* subject:%s */\n",buf);
m=X509_NAME_oneline(
X509_get_issuer_name(x),buf,256);
X509_get_issuer_name(x),buf,
sizeof buf);
BIO_printf(STDout,"/* issuer :%s */\n",buf);
z=i2d_X509(x,NULL);
@ -1074,7 +1075,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
}
else
{
if (!a2i_ASN1_INTEGER(io,bs,buf2,1024))
if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
{
BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
ERR_print_errors(bio_err);

30
crypto/aes/aes_cbc.c
View file

@ -59,20 +59,20 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
int n;
unsigned long len = length;
unsigned char tmp[16];
unsigned char tmp[AES_BLOCK_SIZE];
assert(in && out && key && ivec);
assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
if (AES_ENCRYPT == enc) {
while (len >= AES_BLOCK_SIZE) {
for(n=0; n < 16; ++n)
for(n=0; n < sizeof tmp; ++n)
tmp[n] = in[n] ^ ivec[n];
AES_encrypt(tmp, out, key);
memcpy(ivec, out, 16);
len -= 16;
in += 16;
out += 16;
memcpy(ivec, out, AES_BLOCK_SIZE);
len -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
if (len) {
for(n=0; n < len; ++n)
@ -81,25 +81,25 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
tmp[n] = ivec[n];
AES_encrypt(tmp, tmp, key);
memcpy(out, tmp, len);
memcpy(ivec, tmp, 16);
memcpy(ivec, tmp, sizeof tmp);
}
} else {
while (len >= AES_BLOCK_SIZE) {
memcpy(tmp, in, 16);
memcpy(tmp, in, sizeof tmp);
AES_decrypt(in, out, key);
for(n=0; n < 16; ++n)
for(n=0; n < AES_BLOCK_SIZE; ++n)
out[n] ^= ivec[n];
memcpy(ivec, tmp, 16);
len -= 16;
in += 16;
out += 16;
memcpy(ivec, tmp, AES_BLOCK_SIZE);
len -= AES_BLOCK_SIZE;
in += AES_BLOCK_SIZE;
out += AES_BLOCK_SIZE;
}
if (len) {
memcpy(tmp, in, 16);
memcpy(tmp, in, sizeof tmp);
AES_decrypt(tmp, tmp, key);
for(n=0; n < len; ++n)
out[n] ^= ivec[n];
memcpy(ivec, tmp, 16);
memcpy(ivec, tmp, sizeof tmp);
}
}
}

17
crypto/asn1/Makefile.ssl
View file

@ -286,13 +286,14 @@ a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
a_sign.o: ../cryptlib.h a_sign.c
a_strex.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
a_strex.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
a_strex.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
a_strex.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
a_strex.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
a_strex.o: ../../e_os.h ../../include/openssl/aes.h
a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h
a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
@ -305,7 +306,7 @@ a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
a_strex.o: ../../include/openssl/x509_vfy.h a_strex.c charmap.h
a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

4
crypto/asn1/a_bitstr.c
View file

@ -191,7 +191,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
if (a->data == NULL)
c=(unsigned char *)OPENSSL_malloc(w+1);
else
c=(unsigned char *)OPENSSL_realloc(a->data,w+1);
c=(unsigned char *)OPENSSL_realloc_clean(a->data,
a->length,
w+1);
if (c == NULL) return(0);
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
a->data=c;

2
crypto/asn1/a_bytes.c
View file

@ -285,7 +285,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
goto err;
}
if (!BUF_MEM_grow(&b,num+os->length))
if (!BUF_MEM_grow_clean(&b,num+os->length))
{
c->error=ERR_R_BUF_LIB;
goto err;

4
crypto/asn1/a_d2i_fp.c
View file

@ -166,7 +166,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
want-=(len-off);
if (!BUF_MEM_grow(b,len+want))
if (!BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
goto err;
@ -221,7 +221,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
if (want > (len-off))
{
want-=(len-off);
if (!BUF_MEM_grow(b,len+want))
if (!BUF_MEM_grow_clean(b,len+want))
{
ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
goto err;

4
crypto/asn1/a_object.c
View file

@ -183,8 +183,8 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
if ((a == NULL) || (a->data == NULL))
return(BIO_write(bp,"NULL",4));
i=i2t_ASN1_OBJECT(buf,80,a);
if (i > 80) i=80;
i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
if (i > sizeof buf) i=sizeof buf;
BIO_write(bp,buf,i);
return(i);
}

14
crypto/asn1/a_strex.c
View file

@ -63,6 +63,7 @@
#include <openssl/asn1.h>
#include "charmap.h"
#include "cryptlib.h"
/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
* Enhanced string and name printing routines handling
@ -114,14 +115,17 @@ typedef int char_io(void *arg, const void *buf, int len);
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
{
unsigned char chflgs, chtmp;
char tmphex[11];
char tmphex[HEX_SIZE(long)+3];
if(c > 0xffffffffL)
return -1;
if(c > 0xffff) {
BIO_snprintf(tmphex, 11, "\\W%08lX", c);
BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
if(!io_ch(arg, tmphex, 10)) return -1;
return 10;
}
if(c > 0xff) {
BIO_snprintf(tmphex, 11, "\\U%04lX", c);
BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
if(!io_ch(arg, tmphex, 6)) return -1;
return 6;
}
@ -195,7 +199,7 @@ static int do_buf(unsigned char *buf, int buflen,
if(type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6];
int utflen;
utflen = UTF8_putc(utfbuf, 6, c);
utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
for(i = 0; i < utflen; i++) {
/* We don't need to worry about setting orflags correctly
* because if utflen==1 its value will be correct anyway
@ -461,7 +465,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
if(fn_opt != XN_FLAG_FN_NONE) {
int objlen, fld_len;
if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
OBJ_obj2txt(objtmp, 80, fn, 1);
OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
fld_len = 0; /* XXX: what should this be? */
objbuf = objtmp;
} else {

2
crypto/asn1/a_time.c
View file

@ -152,7 +152,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
if (t->data[0] >= '5') strcpy(str, "19");
else strcpy(str, "20");
strcat(str, (char *)t->data);
BUF_strlcat(str, (char *)t->data, t->length+2);
return ret;
}

7
crypto/asn1/asn1_par.c
View file

@ -79,12 +79,7 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
else
p="prim: ";
if (BIO_write(bp,p,6) < 6) goto err;
if (indent)
{
if (indent > 128) indent=128;
memset(str,' ',indent);
if (BIO_write(bp,str,indent) < indent) goto err;
}
BIO_indent(bp,indent,128);
p=str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)

3
crypto/asn1/f_int.c
View file

@ -169,8 +169,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
sp=(unsigned char *)OPENSSL_malloc(
(unsigned int)num+i*2);
else
sp=(unsigned char *)OPENSSL_realloc(s,
(unsigned int)num+i*2);
sp=OPENSSL_realloc_clean(s,slen,num+i*2);
if (sp == NULL)
{
ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);

7
crypto/asn1/t_crl.c
View file

@ -84,11 +84,11 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
int X509_CRL_print(BIO *out, X509_CRL *x)
{
char buf[256];
STACK_OF(X509_REVOKED) *rev;
X509_REVOKED *r;
long l;
int i, n;
char *p;
BIO_printf(out, "Certificate Revocation List (CRL):\n");
l = X509_CRL_get_version(x);
@ -96,8 +96,9 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
i = OBJ_obj2nid(x->sig_alg->algorithm);
BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
(i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256);
BIO_printf(out,"%8sIssuer: %s\n","",buf);
p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
BIO_printf(out,"%8sIssuer: %s\n","",p);
OPENSSL_free(p);
BIO_printf(out,"%8sLast Update: ","");
ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
BIO_printf(out,"\n%8sNext Update: ","");

32
crypto/asn1/t_pkey.c
View file

@ -130,14 +130,10 @@ int RSA_print(BIO *bp, const RSA *x, int off)
goto err;
}
if (off)
{
if (off > 128) off=128;
memset(str,' ',off);
}
if (x->d != NULL)
{
if (off && (BIO_write(bp,str,off) <= 0)) goto err;
if(!BIO_indent(bp,off,128))
goto err;
if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
<= 0) goto err;
}
@ -183,7 +179,6 @@ int DSA_print_fp(FILE *fp, const DSA *x, int off)
int DSA_print(BIO *bp, const DSA *x, int off)
{
char str[128];
unsigned char *m=NULL;
int ret=0;
size_t buf_len=0,i;
@ -210,14 +205,10 @@ int DSA_print(BIO *bp, const DSA *x, int off)
goto err;
}
if (off)
{
if (off > 128) off=128;
memset(str,' ',off);
}
if (x->priv_key != NULL)
{
if (off && (BIO_write(bp,str,off) <= 0)) goto err;
if(!BIO_indent(bp,off,128))
goto err;
if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
<= 0) goto err;
}
@ -240,17 +231,12 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
int off)
{
int n,i;
char str[128];
const char *neg;
if (num == NULL) return(1);
neg=(num->neg)?"-":"";
if (off)
{
if (off > 128) off=128;
memset(str,' ',off);
if (BIO_write(bp,str,off) <= 0) return(0);
}
if(!BIO_indent(bp,off,128))
return 0;
if (BN_num_bytes(num) <= BN_BYTES)
{
@ -274,9 +260,9 @@ static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
{
if ((i%15) == 0)
{
str[0]='\n';
memset(&(str[1]),' ',off+4);
if (BIO_write(bp,str,off+1+4) <= 0) return(0);
if(BIO_puts(bp,"\n") <= 0
|| !BIO_indent(bp,off+4,128))
return 0;
}
if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
<= 0) return(0);

18
crypto/asn1/t_req.c
View file

@ -91,7 +91,6 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
EVP_PKEY *pkey;
STACK_OF(X509_ATTRIBUTE) *sk;
STACK_OF(X509_EXTENSION) *exts;
char str[128];
char mlch = ' ';
int nmindent = 0;
@ -116,8 +115,9 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
l=0;
for (i=0; i<ri->version->length; i++)
{ l<<=8; l+=ri->version->data[i]; }
sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
if (BIO_puts(bp,str) <= 0) goto err;
if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
l) <= 0)
goto err;
}
if(!(cflag & X509_FLAG_NO_SUBJECT))
{
@ -168,14 +168,14 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
{
/* may not be */
sprintf(str,"%8sAttributes:\n","");
if (BIO_puts(bp,str) <= 0) goto err;
if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
goto err;
sk=x->req_info->attributes;
if (sk_X509_ATTRIBUTE_num(sk) == 0)
{
sprintf(str,"%12sa0:00\n","");
if (BIO_puts(bp,str) <= 0) goto err;
if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
goto err;
}
else
{
@ -190,8 +190,8 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
a=sk_X509_ATTRIBUTE_value(sk,i);
if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
continue;
sprintf(str,"%12s","");
if (BIO_puts(bp,str) <= 0) goto err;
if(BIO_printf(bp,"%12s","") <= 0)
goto err;
if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
{
if (a->single)

9
crypto/asn1/t_x509.c
View file

@ -433,15 +433,17 @@ err:
int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
{
char *s,*c;
char *s,*c,*b;
int ret=0,l,ll,i,first=1;
char buf[256];
ll=80-2-obase;
s=X509_NAME_oneline(name,buf,256);
b=s=X509_NAME_oneline(name,NULL,0);
if (!*s)
{
free(b);
return 1;
}
s++; /* skip the first slash */
l=ll;
@ -497,6 +499,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
err:
X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
}
free(b);
return(ret);
}

4
crypto/asn1/t_x509a.c
View file

@ -77,7 +77,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
if(!first) BIO_puts(out, ", ");
else first = 0;
OBJ_obj2txt(oidstr, 80,
OBJ_obj2txt(oidstr, sizeof oidstr,
sk_ASN1_OBJECT_value(aux->trust, i), 0);
BIO_puts(out, oidstr);
}
@ -90,7 +90,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
if(!first) BIO_puts(out, ", ");
else first = 0;
OBJ_obj2txt(oidstr, 80,
OBJ_obj2txt(oidstr, sizeof oidstr,
sk_ASN1_OBJECT_value(aux->reject, i), 0);
BIO_puts(out, oidstr);
}

4
crypto/asn1/tasn_dec.c
View file

@ -664,7 +664,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl
if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err;
len = buf.length;
/* Append a final null to string */
if(!BUF_MEM_grow(&buf, len + 1)) {
if(!BUF_MEM_grow_clean(&buf, len + 1)) {
ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
return 0;
}
@ -857,7 +857,7 @@ static int collect_data(BUF_MEM *buf, unsigned char **p, long plen)
int len;
if(buf) {
len = buf->length;
if(!BUF_MEM_grow(buf, len + plen)) {
if(!BUF_MEM_grow_clean(buf, len + plen)) {
ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
return 0;
}

2
crypto/asn1/tasn_prn.c
View file

@ -186,7 +186,7 @@ if(*bool == -1) printf("BOOL MISSING\n");
char objbuf[80], *ln;
ln = OBJ_nid2ln(OBJ_obj2nid(fld));
if(!ln) ln = "";
OBJ_obj2txt(objbuf, 80, fld, 1);
OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
} else {
BIO_printf(out, "%*s%s:", indent, "", name);

6
crypto/bf/bftest.c
View file

@ -454,9 +454,9 @@ static int test(void)
len=strlen(cbc_data)+1;
BF_set_key(&key,16,cbc_key);
memset(cbc_in,0,40);
memset(cbc_out,0,40);
memcpy(iv,cbc_iv,8);
memset(cbc_in,0,sizeof cbc_in);
memset(cbc_out,0,sizeof cbc_out);
memcpy(iv,cbc_iv,sizeof iv);
BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
&key,iv,BF_ENCRYPT);
if (memcmp(cbc_out,cbc_ok,32) != 0)

12
crypto/bio/b_print.c
View file

@ -483,7 +483,7 @@ fmtint(
{
int signvalue = 0;
unsigned LLONG uvalue;
char convert[20];
char convert[DECIMAL_SIZE(value)+1];
int place = 0;
int spadlen = 0;
int zpadlen = 0;
@ -508,8 +508,8 @@ fmtint(
(caps ? "0123456789ABCDEF" : "0123456789abcdef")
[uvalue % (unsigned) base];
uvalue = (uvalue / (unsigned) base);
} while (uvalue && (place < 20));
if (place == 20)
} while (uvalue && (place < sizeof convert));
if (place == sizeof convert)
place--;
convert[place] = 0;
@ -641,8 +641,8 @@ fmtfp(
(caps ? "0123456789ABCDEF"
: "0123456789abcdef")[intpart % 10];
intpart = (intpart / 10);
} while (intpart && (iplace < 20));
if (iplace == 20)
} while (intpart && (iplace < sizeof iplace));
if (iplace == sizeof iplace)
iplace--;
iconvert[iplace] = 0;
@ -653,7 +653,7 @@ fmtfp(
: "0123456789abcdef")[fracpart % 10];
fracpart = (fracpart / 10);
} while (fplace < max);
if (fplace == 20)
if (fplace == sizeof fplace)
fplace--;
fconvert[fplace] = 0;

4
crypto/bio/b_sock.c
View file

@ -83,6 +83,7 @@
static int wsa_init_done=0;
#endif
#if 0
static unsigned long BIO_ghbn_hits=0L;
static unsigned long BIO_ghbn_miss=0L;
@ -93,6 +94,7 @@ static struct ghbn_cache_st
struct hostent *ent;
unsigned long order;
} ghbn_cache[GHBN_NUM];
#endif
static int get_ip(const char *str,unsigned char *ip);
#if 0
@ -230,6 +232,7 @@ int BIO_sock_error(int sock)
return(j);
}
#if 0
long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
{
int i;
@ -267,6 +270,7 @@ long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
}
return(1);
}
#endif
#if 0
static struct hostent *ghbn_dup(struct hostent *a)

2
crypto/bio/bf_buff.c
View file

@ -482,7 +482,7 @@ static int buffer_gets(BIO *b, char *buf, int size)
size-=i;
ctx->ibuf_len-=i;
ctx->ibuf_off+=i;
if ((flag) || (i == size))
if (flag || size == 0)
{
*buf='\0';
return(num);

3
crypto/bio/bio.h
View file

@ -522,6 +522,7 @@ int BIO_read(BIO *b, void *data, int len);
int BIO_gets(BIO *bp,char *buf, int size);
int BIO_write(BIO *b, const void *data, int len);
int BIO_puts(BIO *bp,const char *buf);
int BIO_indent(BIO *b,int indent,int max);
long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
@ -608,7 +609,7 @@ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
void BIO_copy_next_retry(BIO *b);
long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
int BIO_printf(BIO *bio, const char *format, ...);
int BIO_vprintf(BIO *bio, const char *format, va_list args);

12
crypto/bio/bio_lib.c
View file

@ -272,6 +272,18 @@ int BIO_gets(BIO *b, char *in, int inl)
return(i);
}
int BIO_indent(BIO *b,int indent,int max)
{
if(indent < 0)
indent=0;
if(indent > max)
indent=max;
while(indent--)
if(BIO_puts(b," ") != 1)
return 0;
return 1;
}
long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
{
int i;

4
crypto/bio/bss_conn.c
View file

@ -519,7 +519,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
else if (num == 2)
{
char buf[16];
char *p = ptr;
unsigned char *p = ptr;
sprintf(buf,"%d.%d.%d.%d",
p[0],p[1],p[2],p[3]);
@ -530,7 +530,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
}
else if (num == 3)
{
char buf[16];
char buf[DECIMAL_SIZE(int)+1];
sprintf(buf,"%d",*(int *)ptr);
if (data->param_port != NULL)

2
crypto/bio/bss_log.c
View file

@ -274,7 +274,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
LPCSTR lpszStrings[2];
WORD evtype= EVENTLOG_ERROR_TYPE;
int pid = _getpid();
char pidbuf[20];
char pidbuf[DECIMAL_SIZE(pid)+4];
switch (priority)
{

8
crypto/bio/bss_mem.c
View file

@ -190,7 +190,7 @@ static int mem_write(BIO *b, const char *in, int inl)
BIO_clear_retry_flags(b);
blen=bm->length;
if (BUF_MEM_grow(bm,blen+inl) != (blen+inl))
if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl))
goto end;
memcpy(&(bm->data[blen]),in,inl);
ret=inl;
@ -284,7 +284,11 @@ static int mem_gets(BIO *bp, char *buf, int size)
BIO_clear_retry_flags(bp);
j=bm->length;
if (j <= 0) return(0);
if (j <= 0)
{
*buf='\0';
return 0;
}
p=bm->data;
for (i=0; i<j; i++)
{

57
crypto/buffer/buffer.c
View file

@ -125,6 +125,43 @@ int BUF_MEM_grow(BUF_MEM *str, int len)
return(len);
}
int BUF_MEM_grow_clean(BUF_MEM *str, int len)
{
char *ret;
unsigned int n;
if (str->length >= len)
{
memset(&str->data[len],0,str->length-len);
str->length=len;
return(len);
}
if (str->max >= len)
{
memset(&str->data[str->length],0,len-str->length);
str->length=len;
return(len);
}
n=(len+3)/3*4;
if (str->data == NULL)
ret=OPENSSL_malloc(n);
else
ret=OPENSSL_realloc_clean(str->data,str->max,n);
if (ret == NULL)
{
BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
len=0;
}
else
{
str->data=ret;
str->max=n;
memset(&str->data[str->length],0,len-str->length);
str->length=len;
}
return(len);
}
char *BUF_strdup(const char *str)
{
char *ret;
@ -143,3 +180,23 @@ char *BUF_strdup(const char *str)
return(ret);
}
size_t BUF_strlcpy(char *dst, const char *src, size_t size)
{
size_t l = 0;
for(; size > 1 && *src; size--)
{
*dst++ = *src++;
l++;
}
if (size)
*dst = '\0';
return l + strlen(src);
}
size_t BUF_strlcat(char *dst, const char *src, size_t size)
{
size_t l = 0;
for(; size > 0 && *dst; size--, dst++)
l++;
return l + BUF_strlcpy(dst, src, size);
}

8
crypto/buffer/buffer.h
View file

@ -63,6 +63,8 @@
extern "C" {
#endif
#include <sys/types.h>
typedef struct buf_mem_st
{
int length; /* current number of bytes */
@ -73,8 +75,14 @@ typedef struct buf_mem_st
BUF_MEM *BUF_MEM_new(void);
void BUF_MEM_free(BUF_MEM *a);
int BUF_MEM_grow(BUF_MEM *str, int len);
int BUF_MEM_grow_clean(BUF_MEM *str, int len);
char * BUF_strdup(const char *str);
/* safe string functions */
size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
size_t BUF_strlcat(char *dst,const char *src,size_t siz);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.

2
crypto/conf/conf_def.c
View file

@ -628,7 +628,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
goto err;
}
BUF_MEM_grow(buf,(strlen(p)+len-(e-from)));
BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from)));
while (*p)
buf->data[to++]= *(p++);
from=e;

8
crypto/cryptlib.c
View file

@ -493,3 +493,11 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
#endif
#endif
void OpenSSLDie(const char *file,int line,const char *assertion)
{
fprintf(stderr,
"%s(%d): OpenSSL internal error, assertion failed: %s\n",
file,line,assertion);
abort();
}

10
crypto/cryptlib.h
View file

@ -89,9 +89,13 @@ extern "C" {
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
/* size of string represenations */
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
#define HEX_SIZE(type) ((sizeof(type)*2)
/* size of string representations */
#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
#define HEX_SIZE(type) (sizeof(type)*2)
/* die if we have to */
void OpenSSLDie(const char *file,int line,const char *assertion);
#define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
#ifdef __cplusplus
}

5
crypto/crypto.h
View file

@ -279,6 +279,8 @@ int CRYPTO_is_mem_check_on(void);
#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
#define OPENSSL_realloc(addr,num) \
CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
#define OPENSSL_realloc_clean(addr,old_num,num) \
CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
#define OPENSSL_remalloc(addr,num) \
CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
#define OPENSSL_freeFunc CRYPTO_free
@ -381,6 +383,8 @@ void CRYPTO_free_locked(void *);
void *CRYPTO_malloc(int num, const char *file, int line);
void CRYPTO_free(void *);
void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
int line);
void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
void CRYPTO_set_mem_debug_options(long bits);
@ -423,7 +427,6 @@ void CRYPTO_mem_leaks(struct bio_st *bio);
typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.

1
crypto/dsa/dsa_lib.c
View file

@ -228,6 +228,7 @@ int DSA_size(const DSA *r)
i=BN_num_bits(r->q);
bs.length=(i+7)/8;
OPENSSL_assert(bs.length <= sizeof buf);
bs.data=buf;
bs.type=V_ASN1_INTEGER;
/* If the top bit is set the asn1 encoding is 1 larger. */

1
crypto/evp/bio_b64.c
View file

@ -165,6 +165,7 @@ static int b64_read(BIO *b, char *out, int outl)
{
i=ctx->buf_len-ctx->buf_off;
if (i > outl) i=outl;
OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf);
memcpy(out,&(ctx->buf[ctx->buf_off]),i);
ret=i;
out+=i;

2
crypto/evp/digest.c
View file

@ -219,6 +219,8 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
int ret;
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret=ctx->digest->final(ctx,md);
if (size != NULL)
*size=ctx->digest->md_size;

1
crypto/evp/e_rc2.c
View file

@ -174,6 +174,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (type != NULL)
{
l=EVP_CIPHER_CTX_iv_length(c);
OPENSSL_assert(l <= sizeof iv);
i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
if (i != l)
return(-1);

5
crypto/evp/e_rc4.c
View file

@ -69,8 +69,6 @@
typedef struct
{
/* FIXME: what is the key for? */
unsigned char key[EVP_RC4_KEY_SIZE];
RC4_KEY ks; /* working key */
} EVP_RC4_KEY;
@ -121,9 +119,8 @@ const EVP_CIPHER *EVP_rc4_40(void)
static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
memcpy(&data(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
data(ctx)->key);
key);
return 1;
}

2
crypto/evp/encode.c
View file

@ -136,6 +136,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
*outl=0;
if (inl == 0) return;
OPENSSL_assert(ctx->length <= sizeof ctx->enc_data);
if ((ctx->num+inl) < ctx->length)
{
memcpy(&(ctx->enc_data[ctx->num]),in,inl);
@ -258,6 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
/* only save the good data :-) */
if (!B64_NOT_BASE64(v))
{
OPENSSL_assert(n < sizeof ctx->enc_data);
d[n++]=tmp;
ln++;
}

14
crypto/evp/evp_enc.c
View file

@ -63,8 +63,6 @@
#include <openssl/engine.h>
#include "evp_locl.h"
#include <assert.h>
const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
@ -163,9 +161,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
}
skip_to_init:
/* we assume block size is a power of 2 in *cryptUpdate */
assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
|| ctx->cipher->block_size == 16);
OPENSSL_assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
|| ctx->cipher->block_size == 16);
if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
switch(EVP_CIPHER_CTX_mode(ctx)) {
@ -181,6 +179,7 @@ skip_to_init:
case EVP_CIPH_CBC_MODE:
OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv);
if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
break;
@ -251,6 +250,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
{
int i,j,bl;
OPENSSL_assert(inl > 0);
if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
{
if(ctx->cipher->do_cipher(ctx,out,in,inl))
@ -266,6 +266,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
}
i=ctx->buf_len;
bl=ctx->cipher->block_size;
OPENSSL_assert(bl <= sizeof ctx->buf);
if (i != 0)
{
if (i+inl < bl)
@ -314,6 +315,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
int i,n,b,bl,ret;
b=ctx->cipher->block_size;
OPENSSL_assert(b <= sizeof ctx->buf);
if (b == 1)
{
*outl=0;
@ -358,6 +360,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
return EVP_EncryptUpdate(ctx, out, outl, in, inl);
b=ctx->cipher->block_size;
OPENSSL_assert(b <= sizeof ctx->final);
if(ctx->final_used)
{
@ -420,6 +423,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
return(0);
}
OPENSSL_assert(b <= sizeof ctx->final);
n=ctx->final[b-1];
if (n > b)
{

2
crypto/evp/evp_key.c
View file

@ -118,6 +118,8 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
nkey=type->key_len;
niv=type->iv_len;
OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
if (data == NULL) return(nkey);

2
crypto/evp/evp_lib.c
View file

@ -90,6 +90,7 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (type != NULL)
{
l=EVP_CIPHER_CTX_iv_length(c);
OPENSSL_assert(l <= sizeof c->iv);
i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
if (i != l)
return(-1);
@ -106,6 +107,7 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (type != NULL)
{
j=EVP_CIPHER_CTX_iv_length(c);
OPENSSL_assert(j <= sizeof c->iv);
i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
}
return(i);

2
crypto/evp/evp_pbe.c
View file

@ -88,7 +88,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
char obj_tmp[80];
EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
if (!pbe_obj) strcpy (obj_tmp, "NULL");
else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj);
else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
ERR_add_error_data(2, "TYPE=", obj_tmp);
return 0;
}

2
crypto/evp/p5_crpt.c
View file

@ -140,7 +140,9 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
}
EVP_MD_CTX_cleanup(&ctx);
OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp);
memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
EVP_CIPHER_iv_length(cipher));
EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);

1
crypto/evp/p5_crpt2.c
View file

@ -190,6 +190,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
goto err;
}
keylen = EVP_CIPHER_CTX_key_length(ctx);
OPENSSL_assert(keylen <= sizeof key);
/* Now decode key derivation function */

34
crypto/hmac/Makefile.ssl
View file

@ -79,21 +79,23 @@ clean:
# DO NOT DELETE THIS LINE -- make depend depends on it.
hmac.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
hmac.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
hmac.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
hmac.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
hmac.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
hmac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
hmac.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
hmac.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
hmac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
hmac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
hmac.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
hmac.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
hmac.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
hmac.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
hmac.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
hmac.o: ../../include/openssl/ui_compat.h hmac.c
hmac.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
hmac.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
hmac.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
hmac.o: ../cryptlib.h hmac.c

3
crypto/hmac/hmac.c
View file

@ -59,6 +59,7 @@
#include <stdlib.h>
#include <string.h>
#include <openssl/hmac.h>
#include "cryptlib.h"
void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl)
@ -78,6 +79,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
{
reset=1;
j=EVP_MD_block_size(md);
OPENSSL_assert(j <= sizeof ctx->key);
if (j < len)
{
EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
@ -87,6 +89,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
}
else
{
OPENSSL_assert(len <= sizeof ctx->key);
memcpy(ctx->key,key,len);
ctx->key_length=len;
}

86
crypto/lhash/lh_stats.c
View file

@ -179,49 +179,29 @@ end:;
void lh_stats_bio(const LHASH *lh, BIO *out)
{
char buf[128];
sprintf(buf,"num_items = %lu\n",lh->num_items);
BIO_puts(out,buf);
sprintf(buf,"num_nodes = %u\n",lh->num_nodes);
BIO_puts(out,buf);
sprintf(buf,"num_alloc_nodes = %u\n",lh->num_alloc_nodes);
BIO_puts(out,buf);
sprintf(buf,"num_expands = %lu\n",lh->num_expands);
BIO_puts(out,buf);
sprintf(buf,"num_expand_reallocs = %lu\n",lh->num_expand_reallocs);
BIO_puts(out,buf);
sprintf(buf,"num_contracts = %lu\n",lh->num_contracts);
BIO_puts(out,buf);
sprintf(buf,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
BIO_puts(out,buf);
sprintf(buf,"num_hash_calls = %lu\n",lh->num_hash_calls);
BIO_puts(out,buf);
sprintf(buf,"num_comp_calls = %lu\n",lh->num_comp_calls);
BIO_puts(out,buf);
sprintf(buf,"num_insert = %lu\n",lh->num_insert);
BIO_puts(out,buf);
sprintf(buf,"num_replace = %lu\n",lh->num_replace);
BIO_puts(out,buf);
sprintf(buf,"num_delete = %lu\n",lh->num_delete);
BIO_puts(out,buf);
sprintf(buf,"num_no_delete = %lu\n",lh->num_no_delete);
BIO_puts(out,buf);
sprintf(buf,"num_retrieve = %lu\n",lh->num_retrieve);
BIO_puts(out,buf);
sprintf(buf,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss);
BIO_puts(out,buf);
sprintf(buf,"num_hash_comps = %lu\n",lh->num_hash_comps);
BIO_puts(out,buf);
BIO_printf(out,"num_items = %lu\n",lh->num_items);
BIO_printf(out,"num_nodes = %u\n",lh->num_nodes);
BIO_printf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes);
BIO_printf(out,"num_expands = %lu\n",lh->num_expands);
BIO_printf(out,"num_expand_reallocs = %lu\n",
lh->num_expand_reallocs);
BIO_printf(out,"num_contracts = %lu\n",lh->num_contracts);
BIO_printf(out,"num_contract_reallocs = %lu\n",
lh->num_contract_reallocs);
BIO_printf(out,"num_hash_calls = %lu\n",lh->num_hash_calls);
BIO_printf(out,"num_comp_calls = %lu\n",lh->num_comp_calls);
BIO_printf(out,"num_insert = %lu\n",lh->num_insert);
BIO_printf(out,"num_replace = %lu\n",lh->num_replace);
BIO_printf(out,"num_delete = %lu\n",lh->num_delete);
BIO_printf(out,"num_no_delete = %lu\n",lh->num_no_delete);
BIO_printf(out,"num_retrieve = %lu\n",lh->num_retrieve);
BIO_printf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss);
BIO_printf(out,"num_hash_comps = %lu\n",lh->num_hash_comps);
#if 0
sprintf(buf,"p = %u\n",lh->p);
BIO_puts(out,buf);
sprintf(buf,"pmax = %u\n",lh->pmax);
BIO_puts(out,buf);
sprintf(buf,"up_load = %lu\n",lh->up_load);
BIO_puts(out,buf);
sprintf(buf,"down_load = %lu\n",lh->down_load);
BIO_puts(out,buf);
BIO_printf(out,"p = %u\n",lh->p);
BIO_printf(out,"pmax = %u\n",lh->pmax);
BIO_printf(out,"up_load = %lu\n",lh->up_load);
BIO_printf(out,"down_load = %lu\n",lh->down_load);
#endif
}
@ -229,14 +209,12 @@ void lh_node_stats_bio(const LHASH *lh, BIO *out)
{
LHASH_NODE *n;
unsigned int i,num;
char buf[128];
for (i=0; i<lh->num_nodes; i++)
{
for (n=lh->b[i],num=0; n != NULL; n=n->next)
num++;
sprintf(buf,"node %6u -> %3u\n",i,num);
BIO_puts(out,buf);
BIO_printf(out,"node %6u -> %3u\n",i,num);
}
}
@ -246,7 +224,6 @@ void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)
unsigned long num;
unsigned int i;
unsigned long total=0,n_used=0;
char buf[128];
for (i=0; i<lh->num_nodes; i++)
{
@ -258,17 +235,14 @@ void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)
total+=num;
}
}
sprintf(buf,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
BIO_puts(out,buf);
sprintf(buf,"%lu items\n",total);
BIO_puts(out,buf);
BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
BIO_printf(out,"%lu items\n",total);
if (n_used == 0) return;
sprintf(buf,"load %d.%02d actual load %d.%02d\n",
(int)(total/lh->num_nodes),
(int)((total%lh->num_nodes)*100/lh->num_nodes),
(int)(total/n_used),
(int)((total%n_used)*100/n_used));
BIO_puts(out,buf);
BIO_printf(out,"load %d.%02d actual load %d.%02d\n",
(int)(total/lh->num_nodes),
(int)((total%lh->num_nodes)*100/lh->num_nodes),
(int)(total/n_used),
(int)((total%n_used)*100/n_used));
}
#endif

6
crypto/md2/md2_dgst.c
View file

@ -118,9 +118,9 @@ const char *MD2_options(void)
int MD2_Init(MD2_CTX *c)
{
c->num=0;
memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT));
memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT));
memset(c->data,0,MD2_BLOCK);
memset(c->state,0,sizeof c->state);
memset(c->cksm,0,sizeof c->cksm);
memset(c->data,0,sizeof c->data);
return 1;
}

2
crypto/md4/md4.c
View file

@ -108,7 +108,7 @@ void do_fp(FILE *f)
MD4_Init(&c);
for (;;)
{
i=read(fd,buf,BUFSIZE);
i=read(fd,buf,sizeof buf);
if (i <= 0) break;
MD4_Update(&c,buf,(unsigned long)i);
}

25
crypto/mem.c
View file

@ -305,7 +305,6 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
if (str == NULL)
return CRYPTO_malloc(num, file, line);
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret = realloc_ex_func(str,num,file,line);
@ -318,6 +317,29 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
return ret;
}
void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
int line)
{
void *ret = NULL;
if (str == NULL)
return CRYPTO_malloc(num, file, line);
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret=malloc_ex_func(num,file,line);
if(ret)
memcpy(ret,str,old_len);
memset(str,'\0',old_len);
free_func(str);
#ifdef LEVITTE_DEBUG_MEM
fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num);
#endif
if (realloc_debug_func != NULL)
realloc_debug_func(str, ret, num, file, line, 1);
return ret;
}
void CRYPTO_free(void *str)
{
if (free_debug_func != NULL)
@ -337,7 +359,6 @@ void *CRYPTO_remalloc(void *a, int num, const char *file, int line)
return(a);
}
void CRYPTO_set_mem_debug_options(long bits)
{
if (set_debug_options_func != NULL)

6
crypto/mem_dbg.c
View file

@ -666,7 +666,6 @@ static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *)
void CRYPTO_mem_leaks(BIO *b)
{
MEM_LEAK ml;
char buf[80];
if (mh == NULL && amih == NULL)
return;
@ -681,9 +680,8 @@ void CRYPTO_mem_leaks(BIO *b)
(char *)&ml);
if (ml.chunks != 0)
{
sprintf(buf,"%ld bytes leaked in %d chunks\n",
ml.bytes,ml.chunks);
BIO_puts(b,buf);
BIO_printf(b,"%ld bytes leaked in %d chunks\n",
ml.bytes,ml.chunks);
}
else
{

7
crypto/objects/obj_dat.c
View file

@ -464,7 +464,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
sprintf(tbuf,"%d.%lu",i,l);
i=strlen(tbuf);
strncpy(buf,tbuf,buf_len);
BUF_strlcpy(buf,tbuf,buf_len);
buf_len-=i;
buf+=i;
n+=i;
@ -476,7 +476,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
sprintf(tbuf,".%lu",l);
i=strlen(tbuf);
if (buf_len > 0)
strncpy(buf,tbuf,buf_len);
BUF_strlcpy(buf,tbuf,buf_len);
buf_len-=i;
buf+=i;
n+=i;
@ -488,10 +488,9 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
s=OBJ_nid2ln(nid);
if (s == NULL)
s=OBJ_nid2sn(nid);
strncpy(buf,s,buf_len);
BUF_strlcpy(buf,s,buf_len);
n=strlen(s);
}
buf[buf_len-1]='\0';
return(n);
}

2
crypto/ocsp/ocsp_ht.c
View file

@ -94,7 +94,7 @@ Content-Length: %d\r\n\r\n";
}
if(!(mem = BIO_new(BIO_s_mem()))) goto err;
/* Copy response to a memory BIO: socket bios can't do gets! */
while ((len = BIO_read(b, tmpbuf, 1024))) {
while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) {
if(len < 0) {
OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR);
goto err;

8
crypto/pem/pem.h
View file

@ -149,7 +149,7 @@ typedef struct pem_recip_st
int cipher;
int key_enc;
char iv[8];
/* char iv[8]; unused and wrong size */
} PEM_USER;
typedef struct pem_ctx_st
@ -165,7 +165,8 @@ typedef struct pem_ctx_st
struct {
int cipher;
unsigned char iv[8];
/* unused, and wrong size
unsigned char iv[8]; */
} DEK_info;
PEM_USER *originator;
@ -187,7 +188,8 @@ typedef struct pem_ctx_st
EVP_CIPHER *dec; /* date encryption cipher */
int key_len; /* key length */
unsigned char *key; /* key */
unsigned char iv[8]; /* the iv */
/* unused, and wrong size
unsigned char iv[8]; */
int data_enc; /* is the data encrypted */

1
crypto/pem/pem_info.c
View file

@ -324,6 +324,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
}
/* create the right magic header stuff */
OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
buf[0]='\0';
PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);

8
crypto/pem/pem_lib.c
View file

@ -138,7 +138,7 @@ void PEM_proc_type(char *buf, int type)
void PEM_dek_info(char *buf, const char *type, int len, char *str)
{
static unsigned char map[17]="0123456789ABCDEF";
static const unsigned char map[17]="0123456789ABCDEF";
long i;
int j;
@ -304,6 +304,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
goto err;
}
/* dzise + 8 bytes are needed */
// actually it needs the cipher block size extra...
data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
if (data == NULL)
{
@ -333,6 +334,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
kstr=(unsigned char *)buf;
}
RAND_add(data,i,0);/* put in the RSA key. */
OPENSSL_assert(enc->iv_len <= sizeof iv);
if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
goto err;
/* The 'iv' is used as the iv and as a salt. It is
@ -341,6 +343,8 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
buf[0]='\0';
PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
@ -691,7 +695,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
if (strncmp(buf,"-----END ",9) == 0)
break;
if (i > 65) break;
if (!BUF_MEM_grow(dataB,i+bl+9))
if (!BUF_MEM_grow_clean(dataB,i+bl+9))
{
PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;

2
crypto/pkcs7/pk7_doit.c
View file

@ -578,7 +578,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
/* We now have the EVP_MD_CTX, lets do the
* signing. */
EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
{
PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
goto err;

2
crypto/rand/rand_egd.c
View file

@ -143,7 +143,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
if (strlen(path) > sizeof(addr.sun_path))
if (strlen(path) >= sizeof(addr.sun_path))
return (-1);
strcpy(addr.sun_path,path);
len = offsetof(struct sockaddr_un, sun_path) + strlen(path);

5
crypto/rand/randfile.c
View file

@ -203,8 +203,9 @@ const char *RAND_file_name(char *buf, size_t size)
s=getenv("RANDFILE");
if (s != NULL)
{
strncpy(buf,s,size-1);
buf[size-1]='\0';
if(strlen(s) >= size)
return NULL;
strcpy(buf,s);
ret=buf;
}
else

4
crypto/txt_db/txt_db.c
View file

@ -108,7 +108,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
if (offset != 0)
{
size+=BUFSIZE;
if (!BUF_MEM_grow(buf,size)) goto err;
if (!BUF_MEM_grow_clean(buf,size)) goto err;
}
buf->data[offset]='\0';
BIO_gets(in,&(buf->data[offset]),size-offset);
@ -268,7 +268,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db)
if (pp[j] != NULL)
l+=strlen(pp[j]);
}
if (!BUF_MEM_grow(buf,(int)(l*2+nn))) goto err;
if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err;
p=buf->data;
for (j=0; j<nn; j++)

14
crypto/ui/Makefile.ssl
View file

@ -95,13 +95,13 @@ ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
ui_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ui_err.o: ../../include/openssl/ui.h ui_err.c
ui_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
ui_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
ui_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
ui_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
ui_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
ui_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ui_lib.c
ui_lib.o: ui_locl.h
ui_lib.o: ../../e_os.h ../../include/openssl/bio.h
ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
ui_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ui_lib.o: ../../include/openssl/ui.h ../cryptlib.h ui_lib.c ui_locl.h
ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h
ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

5
crypto/ui/ui_lib.c
View file

@ -62,6 +62,7 @@
#include <openssl/ui.h>
#include <openssl/err.h>
#include "ui_locl.h"
#include "cryptlib.h"
IMPLEMENT_STACK_OF(UI_STRING_ST)
@ -831,8 +832,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
case UIT_PROMPT:
case UIT_VERIFY:
{
char number1[20];
char number2[20];
char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1];
char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1];
BIO_snprintf(number1, sizeof(number1), "%d",
uis->_.string_data.result_minsize);

2
crypto/x509/x509.h
View file

@ -486,10 +486,12 @@ typedef struct Netscape_certificate_sequence
STACK_OF(X509) *certs;
} NETSCAPE_CERT_SEQUENCE;
/* Unused (and iv length is wrong)
typedef struct CBCParameter_st
{
unsigned char iv[8];
} CBC_PARAM;
*/
/* Password based encryption structure */

10
crypto/x509/x509_cmp.c
View file

@ -57,6 +57,7 @@
*/
#include <stdio.h>
#include <ctype.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/objects.h>
@ -81,13 +82,14 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
unsigned long ret=0;
EVP_MD_CTX ctx;
unsigned char md[16];
char str[256];
char *f;
EVP_MD_CTX_init(&ctx);
X509_NAME_oneline(a->cert_info->issuer,str,256);
ret=strlen(str);
f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
ret=strlen(f);
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
EVP_DigestUpdate(&ctx,(unsigned char *)str,ret);
EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
OPENSSL_free(f);
EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
(unsigned long)a->cert_info->serialNumber->length);
EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);

2
crypto/x509v3/v3_info.c
View file

@ -113,7 +113,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
ret = i2v_GENERAL_NAME(method, desc->location, ret);
if(!ret) break;
vtmp = sk_CONF_VALUE_value(ret, i);
i2t_ASN1_OBJECT(objtmp, 80, desc->method);
i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
if(!ntmp) {
X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,

2
demos/b64.c
View file

@ -83,7 +83,6 @@ char **argv;
unsigned char *buff=NULL,*bufsize=NULL;
int bsize=BSIZE,verbose=0;
int ret=1,inl;
unsigned char key[24],iv[MD5_DIGEST_LENGTH];
char *str=NULL;
char *hkey=NULL,*hiv=NULL;
int enc=1,printkey=0,i,base64=0;
@ -92,7 +91,6 @@ char **argv;
char *inf=NULL,*outf=NULL;
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
apps_startup();

3
demos/spkigen.c
View file

@ -65,7 +65,8 @@ char *argv[];
fprintf(stderr,"please enter challenge string:");
fflush(stderr);
fgets(buf,120,stdin);
buf[0]='\0';
fgets(buf,sizeof buf,stdin);
i=strlen(buf);
if (i > 0) buf[--i]='\0';
if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,

155
ssl/Makefile.ssl
View file

@ -307,31 +307,32 @@ s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s2_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
s2_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s2_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s2_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h
s2_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
s2_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
s2_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h
s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
s2_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
s2_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h
s2_enc.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
s2_enc.o: ../include/openssl/des.h ../include/openssl/des_old.h
s2_enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
s2_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s2_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c
s2_enc.o: ssl_locl.h
s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
@ -383,31 +384,32 @@ s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s2_meth.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s2_meth.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h
s2_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
s2_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s2_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h
s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h
s2_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
s2_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
s2_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
s2_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h
s2_pkt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
s2_pkt.o: ../include/openssl/des.h ../include/openssl/des_old.h
s2_pkt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
s2_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h
s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s2_pkt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
s2_pkt.o: ssl_locl.h
s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
@ -765,32 +767,33 @@ ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/ui.h
ssl_err2.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c
ssl_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ssl_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
ssl_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ssl_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h
ssl_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
ssl_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
ssl_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
ssl_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h
ssl_lib.o: ssl_lib.c ssl_locl.h
ssl_rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
ssl_rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h

20
ssl/kssl.c
View file

@ -783,24 +783,6 @@ char
return ((string == NULL)? null: string);
}
#define MAXKNUM 255
char
*knumber(int len, krb5_octet *contents)
{
static char buf[MAXKNUM+1];
int i;
BIO_snprintf(buf, MAXKNUM, "[%d] ", len);
for (i=0; i < len && MAXKNUM > strlen(buf)+3; i++)
{
BIO_snprintf(&buf[strlen(buf)], 3, "%02x", contents[i]);
}
return (buf);
}
/* Given KRB5 enctype (basically DES or 3DES),
** return closest match openssl EVP_ encryption algorithm.
** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes.
@ -2037,7 +2019,7 @@ krb5_error_code kssl_check_authent(
}
#endif
enc = kssl_map_enc(enctype);
memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */
memset(iv, 0, sizeof iv); /* per RFC 1510 */
if (enc == NULL)
{

3
ssl/kssl.h
View file

@ -110,12 +110,13 @@ typedef unsigned char krb5_octet;
#define KSSL_CLOCKSKEW 300;
#endif
/* Unused
#define KSSL_ERR_MAX 255
typedef struct kssl_err_st {
int reason;
char text[KSSL_ERR_MAX+1];
} KSSL_ERR;
*/
/* Context for passing
** (1) Kerberos session key to SSL, and

2
ssl/s23_clnt.c
View file

@ -370,7 +370,7 @@ static int ssl23_get_server_hello(SSL *s)
if (s->s3 != NULL) ssl3_free(s);
if (!BUF_MEM_grow(s->init_buf,
if (!BUF_MEM_grow_clean(s->init_buf,
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
{
SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);

2
ssl/s23_srvr.c
View file

@ -512,7 +512,7 @@ int ssl23_get_client_hello(SSL *s)
if (s->s3 != NULL) ssl3_free(s);
if (!BUF_MEM_grow(s->init_buf,
if (!BUF_MEM_grow_clean(s->init_buf,
SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
{
goto err;

4
ssl/s2_clnt.c
View file

@ -871,7 +871,7 @@ static int client_certificate(SSL *s)
EVP_MD_CTX_init(&ctx);
EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL);
EVP_SignUpdate(&ctx,s->s2->key_material,
(unsigned int)s->s2->key_material_length);
s->s2->key_material_length);
EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
EVP_SignUpdate(&ctx,buf,(unsigned int)n);
@ -945,7 +945,7 @@ static int get_server_verify(SSL *s)
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
p += 1;
if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);

3
ssl/s2_enc.c
View file

@ -59,6 +59,7 @@
#include "ssl_locl.h"
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include "cryptlib.h"
int ssl2_enc_init(SSL *s, int client)
{
@ -95,10 +96,12 @@ int ssl2_enc_init(SSL *s, int client)
num=c->key_len;
s->s2->key_material_length=num*2;
OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
if (ssl2_generate_key_material(s) <= 0)
return 0;
OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg);
EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
s->session->key_arg);
EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),

7
ssl/s2_lib.c
View file

@ -454,6 +454,9 @@ int ssl2_generate_key_material(SSL *s)
EVP_DigestInit_ex(&ctx, md5, NULL);
OPENSSL_assert(s->session->master_key_length >= 0
&& s->session->master_key_length
< sizeof s->session->master_key);
EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
EVP_DigestUpdate(&ctx,&c,1);
c++;
@ -492,9 +495,7 @@ void ssl2_write_error(SSL *s)
error=s->error; /* number of bytes left to write */
s->error=0;
if (error < 0 || error > sizeof buf) /* can't happen */
return;
OPENSSL_assert(error >= 0 && error <= sizeof buf);
i=ssl2_write(s,&(buf[3-error]),error);
/* if (i == error) s->rwstate=state; */

2
ssl/s2_pkt.c
View file

@ -113,6 +113,7 @@
#ifndef OPENSSL_NO_SSL2
#include <stdio.h>
#include <errno.h>
#include "cryptlib.h"
#define USE_SOCKETS
static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
@ -247,6 +248,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
else
{
mac_size=EVP_MD_size(s->read_hash);
OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
s->s2->mac_data=p;
s->s2->ract_data= &p[mac_size];
if (s->s2->padding + mac_size > s->s2->rlength)

4
ssl/s2_srvr.c
View file

@ -876,7 +876,7 @@ static int get_client_finished(SSL *s)
if (s->msg_callback)
s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
p += 1;
if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0)
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
@ -1076,7 +1076,7 @@ static int request_certificate(SSL *s)
EVP_MD_CTX_init(&ctx);
EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
EVP_VerifyUpdate(&ctx,s->s2->key_material,
(unsigned int)s->s2->key_material_length);
s->s2->key_material_length);
EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);

8
ssl/s3_both.c
View file

@ -270,7 +270,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
/* TLSv1 sends a chain with nothing in it, instead of an alert */
buf=s->init_buf;
if (!BUF_MEM_grow(buf,(int)(10)))
if (!BUF_MEM_grow_clean(buf,10))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
@ -286,7 +286,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
for (;;)
{
n=i2d_X509(x,NULL);
if (!BUF_MEM_grow(buf,(int)(n+l+3)))
if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
@ -316,7 +316,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
{
x=sk_X509_value(s->ctx->extra_certs,i);
n=i2d_X509(x,NULL);
if (!BUF_MEM_grow(buf,(int)(n+l+3)))
if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
@ -439,7 +439,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
goto f_err;
}
if (l && !BUF_MEM_grow(s->init_buf,(int)l+4))
if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
{
SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
goto err;

Some files were not shown because too many files have changed in this diff Show more