The fix for CVE-2012-2110 did not take into account that the

[openssl.git] / apps / openssl.c

diff --git a/apps/openssl.c b/apps/openssl.c
index 45af2ba7f9a8281afcb7ab527a82941deba867b0..480fef9e14aed23f78487e0f4ba35e1caeec8cb2 100644 (file)
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -147,6 +147,7 @@ char *default_config_file=NULL;
 #ifdef MONOLITH
 CONF *config=NULL;
 BIO *bio_err=NULL;
+int in_FIPS_mode=0;
 #endif
 
 
@@ -163,7 +164,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
                goto err;
                }
 
-       if (type < 0 || type > CRYPTO_NUM_LOCKS)
+       if (type < 0 || type >= CRYPTO_NUM_LOCKS)
                {
                errstr = "type out of bounds";
                goto err;
@@ -220,7 +221,8 @@ int main(int Argc, char *Argv[])
 #define PROG_NAME_SIZE 39
        char pname[PROG_NAME_SIZE+1];
        FUNCTION f,*fp;
-       MS_STATIC char *prompt,buf[1024];
+       MS_STATIC const char *prompt;
+       MS_STATIC char buf[1024];
        char *to_free=NULL;
        int n,i,ret=0;
        int argc;
@@ -231,6 +233,22 @@ int main(int Argc, char *Argv[])
        arg.data=NULL;
        arg.count=0;
 
+       in_FIPS_mode = 0;
+
+       if(getenv("OPENSSL_FIPS")) {
+#ifdef OPENSSL_FIPS
+               if (!FIPS_mode_set(1)) {
+                       ERR_load_crypto_strings();
+                       ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+                       EXIT(1);
+               }
+               in_FIPS_mode = 1;
+#else
+               fprintf(stderr, "FIPS mode not supported.\n");
+               EXIT(1);
+#endif
+               }
+
        if (bio_err == NULL)
                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
@@ -318,7 +336,8 @@ int main(int Argc, char *Argv[])
                        else    prompt="OpenSSL> ";
                        fputs(prompt,stdout);
                        fflush(stdout);
-                       fgets(p,n,stdin);
+                       if (!fgets(p,n,stdin))
+                               goto end;
                        if (p[0] == '\0') goto end;
                        i=strlen(p);
                        if (i <= 1) break;
@@ -444,7 +463,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
                for (fp=functions; fp->name != NULL; fp++)
                        {
                        nl=0;
+#ifdef OPENSSL_NO_CAMELLIA
                        if (((i++) % 5) == 0)
+#else
+                       if (((i++) % 4) == 0)
+#endif
                                {
                                BIO_printf(bio_err,"\n");
                                nl=1;
@@ -465,7 +488,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
                                        BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
                                        }
                                }
+#ifdef OPENSSL_NO_CAMELLIA
                        BIO_printf(bio_err,"%-15s",fp->name);
+#else
+                       BIO_printf(bio_err,"%-18s",fp->name);
+#endif
                        }
                BIO_printf(bio_err,"\n\n");
                ret=0;
@@ -488,7 +515,7 @@ static LHASH *prog_init(void)
        {
        LHASH *ret;
        FUNCTION *f;
-       int i;
+       size_t i;
 
        /* Purely so it looks nice when the user hits ? */
        for(i=0,f=functions ; f->name != NULL ; ++f,++i)
@@ -506,12 +533,12 @@ static LHASH *prog_init(void)
 /* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
 static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
        {
-       return(strncmp(((FUNCTION *)a_void)->name,
-                       ((FUNCTION *)b_void)->name,8));
+       return(strncmp(((const FUNCTION *)a_void)->name,
+                       ((const FUNCTION *)b_void)->name,8));
        }
 
 /* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
 static unsigned long MS_CALLBACK hash(const void *a_void)
        {
-       return(lh_strhash(((FUNCTION *)a_void)->name));
+       return(lh_strhash(((const FUNCTION *)a_void)->name));
        }