openssl(1) 3.0 crash
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Sep 29 21:14:45 UTC 2021
On Wed, Sep 29, 2021 at 04:59:51PM -0400, Viktor Dukhovni wrote:
> 400 if (fp == NULL) {
> 401 if (EVP_get_digestbyname(argv[0])) {
> 402 f.type = FT_md;
> 403 f.func = dgst_main;
> 404 fp = &f;
> 405 } else if (EVP_get_cipherbyname(argv[0])) {
> 406 f.type = FT_cipher;
> 407 f.func = enc_main;
> 408 fp = &f;
> 409 }
> 410 }
>
> The code is missing "f.deprecated_alternative = NULL" between lines
> 409 and 410, or else after each of 403 and 407.
A better fix, that emits the intended deprecation warning would be:
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -392,6 +392,7 @@ int help_main(int argc, char **argv)
static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
{
FUNCTION f, *fp;
+ static char alt_buf[256];
if (argc <= 0 || argv[0] == NULL)
return 0;
@@ -401,12 +402,16 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
if (EVP_get_digestbyname(argv[0])) {
f.type = FT_md;
f.func = dgst_main;
+ (void) BIO_snprintf(alt_buf, sizeof(alt_buf), "dgst -%s", argv[0]);
fp = &f;
} else if (EVP_get_cipherbyname(argv[0])) {
f.type = FT_cipher;
f.func = enc_main;
+ (void) BIO_snprintf(alt_buf, sizeof(alt_buf), "enc -%s", argv[0]);
fp = &f;
}
+ f.deprecated_alternative = alt_buf;
+ f.deprecated_version = "3.0.0";
}
if (fp != NULL) {
if (fp->deprecated_alternative != NULL)
--
Viktor.
More information about the openssl-users
mailing list