Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are

being built with it defined - it is not a symbol to affect how openssl
itself builds, but to alter the way openssl headers can be used from an API
point of view. The "deprecated" function wrappers will always remain inside
OpenSSL at least as long as they're still being used internally. :-)

The exception is dsaparam which has been updated to the BN_GENCB-based
functions to test the new functionality. If GENCB_TEST is defined, dsaparam
will support a "-timebomb <n>" switch to cancel parameter-generation if it
gets as far as 'n' seconds without completion.

diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 320d76f632d43dea28207672f0dc28b333e9dd3b..63e2cab45f545f055514cc11aab901180816d0c8 100644 (file)
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -56,6 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 

+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+

 #ifndef OPENSSL_NO_DSA
 #include <assert.h>
 #include <stdio.h>
 #ifndef OPENSSL_NO_DSA
 #include <assert.h>
 #include <stdio.h>


@@ -82,9 +88,23 @@
  * -C
  * -noout
  * -genkey
  * -C
  * -noout
  * -genkey

+ *  #ifdef GENCB_TEST
+ * -timebomb n  - interrupt keygen after <n> seconds
+ *  #endif

  */
 
  */
 

-static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
+#ifdef GENCB_TEST
+
+static int stop_keygen_flag = 0;
+
+void timebomb_sigalarm(int foo)
+       {
+       stop_keygen_flag = 1;
+       }
+
+#endif
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);

 
 int MAIN(int, char **);
 
 
 int MAIN(int, char **);
 


@@ -99,6 +119,9 @@ int MAIN(int argc, char **argv)
        int numbits= -1,num,genkey=0;
        int need_rand=0;
        char *engine=NULL;
        int numbits= -1,num,genkey=0;
        int need_rand=0;
        char *engine=NULL;

+#ifdef GENCB_TEST
+       int timebomb=0;
+#endif

 
        apps_startup();
 
 
        apps_startup();
 


@@ -144,6 +167,13 @@ int MAIN(int argc, char **argv)
                        if (--argc < 1) goto bad;
                        engine = *(++argv);
                        }
                        if (--argc < 1) goto bad;
                        engine = *(++argv);
                        }

+#ifdef GENCB_TEST
+               else if(strcmp(*argv, "-timebomb") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       timebomb = atoi(*(++argv));
+                       }
+#endif

                else if (strcmp(*argv,"-text") == 0)
                        text=1;
                else if (strcmp(*argv,"-C") == 0)
                else if (strcmp(*argv,"-text") == 0)
                        text=1;
                else if (strcmp(*argv,"-C") == 0)


@@ -192,6 +222,9 @@ bad:
                BIO_printf(bio_err," -genkey       generate a DSA key\n");
                BIO_printf(bio_err," -rand         files to use for random number input\n");
                BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
                BIO_printf(bio_err," -genkey       generate a DSA key\n");
                BIO_printf(bio_err," -rand         files to use for random number input\n");
                BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");

+#ifdef GENCB_TEST
+               BIO_printf(bio_err," -timebomb n   interrupt keygen after <n> seconds\n");
+#endif

                BIO_printf(bio_err," number        number of bits to use for generating private key\n");
                goto end;
                }
                BIO_printf(bio_err," number        number of bits to use for generating private key\n");
                goto end;
                }


@@ -247,10 +280,50 @@ bad:
 
        if (numbits > 0)
                {
 
        if (numbits > 0)
                {

+               BN_GENCB cb;
+               cb.ver = 2;
+               cb.cb_2 = dsa_cb;
+               cb.arg = bio_err;
+

                assert(need_rand);
                assert(need_rand);

+               dsa = DSA_new();
+               if(!dsa)
+                       {
+                       BIO_printf(bio_err,"Error allocating DSA object\n");
+                       goto end;
+                       }

                BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
                BIO_printf(bio_err,"This could take some time\n");
                BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
                BIO_printf(bio_err,"This could take some time\n");

-               dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
+#ifdef GENCB_TEST
+               if(timebomb > 0)
+       {
+               struct sigaction act;
+               act.sa_handler = timebomb_sigalarm;
+               act.sa_flags = 0;
+               BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
+                               timebomb);
+               if(sigaction(SIGALRM, &act, NULL) != 0)
+                       {
+                       BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
+                       goto end;
+                       }
+               alarm(timebomb);
+       }
+#endif
+               if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
+                       {
+#ifdef GENCB_TEST
+                       if(stop_keygen_flag)
+                               {
+                               BIO_printf(bio_err,"DSA key generation time-stopped\n");
+                               /* This is an asked-for behaviour! */
+                               ret = 0;
+                               goto end;
+                               }
+#endif
+                       BIO_printf(bio_err,"Error, DSA key generation failed\n");
+                       goto end;
+                       }

                }
        else if (informat == FORMAT_ASN1)
                dsa=d2i_DSAparams_bio(in,NULL);
                }
        else if (informat == FORMAT_ASN1)
                dsa=d2i_DSAparams_bio(in,NULL);


@@ -375,7 +448,7 @@ end:
        OPENSSL_EXIT(ret);
        }
 
        OPENSSL_EXIT(ret);
        }
 

-static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)

        {
        char c='*';
 
        {
        char c='*';
 


@@ -383,10 +456,15 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
        if (p == 1) c='+';
        if (p == 2) c='*';
        if (p == 3) c='\n';
        if (p == 1) c='+';
        if (p == 2) c='*';
        if (p == 3) c='\n';

-       BIO_write(arg,&c,1);
-       (void)BIO_flush(arg);
+       BIO_write(cb->arg,&c,1);
+       (void)BIO_flush(cb->arg);

 #ifdef LINT
        p=n;
 #endif
 #ifdef LINT
        p=n;
 #endif

+#ifdef GENCB_TEST
+       if(stop_keygen_flag)
+               return 0;
+#endif
+       return 1;

        }
 #endif
        }
 #endif

diff --git a/apps/gendh.c b/apps/gendh.c
index 98ee413c74b716c82bf2f0f0ad2ea404cd2bb031..574a13a57aa7968a7a976a8b362f8deda3a90df3 100644 (file)
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -57,6 +57,12 @@
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 

+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+

 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <string.h>
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <string.h>

diff --git a/apps/genrsa.c b/apps/genrsa.c
index dbc23e40aa85f46afd009cc5d8a262c8b8b5aaa7..6079688ce9105b12b6038550c11bca18329e3570 100644 (file)
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -56,6 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 

+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+

 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <string.h>
 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <string.h>

diff --git a/apps/req.c b/apps/req.c
index a582e69775036986c7d8b15b404398bfc7e82391..4dca798e4a7bb1225daf18e4c92fe8f5c56df1bf 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -56,6 +56,12 @@
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 

+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+

 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>

diff --git a/apps/s_server.c b/apps/s_server.c
index aa7ff66b704a8b51f69ecf005b01de97a4b728bb..39013c2b0b3f226340397d0ee9e43d4c6af282bf 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -114,6 +114,12 @@
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 

+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+

 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>