[openssl-dev] [RFC][PATCH] Fixing OPENSSL_NO_STDIO
David Woodhouse
dwmw2 at infradead.org
Wed Jul 22 15:55:27 UTC 2015
To what extent is the OPENSSL_NO_STDIO build expected to actually work?
It seems fairly unloved.
The UEFI build (currently on 1.0.2) has a minimal patch¹ which fixes up
OPENSSL_NO_FP for their use case, which obviously it would be nice to
eliminate by merging upstream.
But since OPENSSL_NO_FP_API got subsumed into OPENSSL_NO_STDIO in
commit 4b618848f, the problem has got a lot more interesting. A
preliminary patch is below. There are a number of issues.
- Lots of places still need 'FILE' to be defined.
- Various (mis)uses of BUFSIZ
- GOST engine using printf()
- Don't even look at crypto/cryptlib.c
- Missing DECLARE_PEM_write_fp_const() macro for OPENSSL_NO_STDIO
- SRP_VBASE_init() requires file access
Is this the way it's supposed to be? Surely we can have file access
without a FILE *? Should BIO_new_file() be using a filedescriptor-based
method of opening the file, instead of just being unavailable for the
OPENSSL_NO_STDIO build? There are a number of users of it, which is why
I #defined it to "return" NULL instead of just failing.
Obviously I *can* just submit patches to fix it minimally so that the
UEFI build works. That doesn't seem like the correct thing to do
though.
diff --git a/Configure b/Configure
index 6cc05bd..6cc0e20 100755
--- a/Configure
+++ b/Configure
@@ -1088,7 +1088,7 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
- || defined($disabled{"dh"}))
+ || defined($disabled{"dh"}) || defined($disabled{"stdio"}))
{
$disabled{"gost"} = "forced";
}
diff --git a/apps/passwd.c b/apps/passwd.c
index dbae620..ce5c402 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -112,6 +112,10 @@ OPTIONS passwd_options[] = {
{NULL}
};
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
+
int passwd_main(int argc, char **argv)
{
BIO *in = NULL;
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 6d050ff..dc99d11 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -116,7 +116,7 @@
#include "internal/cryptlib.h"
#include <openssl/safestack.h>
-
+#include <stdio.h>
#if defined(OPENSSL_SYS_WIN32)
static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
#endif
diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
index 01e275f..7633139 100644
--- a/crypto/des/read2pwd.c
+++ b/crypto/des/read2pwd.c
@@ -114,6 +114,10 @@
#include <openssl/ui.h>
#include <openssl/crypto.h>
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
+
int DES_read_password(DES_cblock *key, const char *prompt, int verify)
{
int ok;
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index eaf0618..2e7ed31 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -89,7 +89,9 @@
* this is no longer automatic in ENGINE_load_builtin_engines().
*/
#define TEST_ENG_OPENSSL_RC4
+#ifndef OPENSSL_NO_STDIO
#define TEST_ENG_OPENSSL_PKEY
+#endif
/* #define TEST_ENG_OPENSSL_HMAC */
/* #define TEST_ENG_OPENSSL_HMAC_INIT */
/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
diff --git a/crypto/lock.c b/crypto/lock.c
index d7d672d..2066b31 100644
--- a/crypto/lock.c
+++ b/crypto/lock.c
@@ -309,9 +309,7 @@ void CRYPTO_destroy_dynlockid(int i)
--pointer->references;
#ifdef REF_CHECK
if (pointer->references < 0) {
- fprintf(stderr,
- "CRYPTO_destroy_dynlockid, bad reference count\n");
- abort();
+ OPENSSL_showfatal("CRYPTO_destroy_dynlockid, bad reference count\n");
} else
#endif
if (pointer->references <= 0) {
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 39c89e8..a877f8d 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -349,6 +349,7 @@ static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
return NULL;
}
+#ifndef OPENSSL_NO_STDIO
/*
* this function parses verifier file. Format is:
* string(index):base64(N):base64(g):0
@@ -467,6 +468,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
return error_code;
}
+#endif
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
{
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
index f65f80d..b18e2a2 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -56,6 +56,10 @@
#include <string.h>
#include "ui_locl.h"
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
+
int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
int verify)
{
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index cc91db8..d46666f 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -69,6 +69,8 @@
# include <sys/stat.h>
#endif
+#ifndef OPENSSL_NO_STDIO
+
#include <openssl/lhash.h>
#include <openssl/x509.h>
@@ -435,3 +437,5 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
BUF_MEM_free(b);
return (ok);
}
+
+#endif /* OPENSSL_NO_STDIO */
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index 2da93bd..fbb3d37 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -631,7 +631,9 @@ int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
asn1_ps_func **psuffix_free);
-# ifndef OPENSSL_NO_STDIO
+# ifdef OPENSSL_NO_STDIO
+#define BIO_new_file(filename, mode) (NULL)
+# else
BIO_METHOD *BIO_s_file(void);
BIO *BIO_new_file(const char *filename, const char *mode);
BIO *BIO_new_fp(FILE *stream, int close_flag);
diff --git a/include/openssl/conf.h b/include/openssl/conf.h
index 06c7601..c111464 100644
--- a/include/openssl/conf.h
+++ b/include/openssl/conf.h
@@ -133,7 +133,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
const char *name);
void CONF_free(LHASH_OF(CONF_VALUE) *conf);
+#ifndef OPENSSL_NO_STDIO
int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
+#endif
int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
void OPENSSL_config(const char *config_name);
@@ -166,7 +168,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
long *result);
+#ifndef OPENSSL_NO_STDIO
int NCONF_dump_fp(const CONF *conf, FILE *out);
+#endif
int NCONF_dump_bio(const CONF *conf, BIO *out);
#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index a1e5166..f9e23d2 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -284,6 +284,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
# define DECLARE_PEM_read_fp(name, type) /**/
# define DECLARE_PEM_write_fp(name, type) /**/
+# define DECLARE_PEM_write_fp_const(name, type) /**/
# define DECLARE_PEM_write_cb_fp(name, type) /**/
# else
@@ -361,6 +362,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cd, void *u);
+#ifndef OPENSSL_NO_STDIO
int PEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
int PEM_write(FILE *fp, const char *name, const char *hdr,
@@ -372,6 +374,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
int klen, pem_password_cb *callback, void *u);
STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
pem_password_cb *cb, void *u);
+#endif
int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
EVP_MD *md_type, unsigned char **ek, int *ekl,
@@ -437,6 +440,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u);
+#ifndef OPENSSL_NO_STDIO
int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen,
pem_password_cb *cb, void *u);
@@ -453,7 +457,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
char *kstr, int klen, pem_password_cb *cd,
void *u);
-
+#endif
EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
diff --git a/include/openssl/srp.h b/include/openssl/srp.h
index 3411fe5..c998bf3 100644
--- a/include/openssl/srp.h
+++ b/include/openssl/srp.h
@@ -118,7 +118,9 @@ DECLARE_STACK_OF(SRP_gN)
SRP_VBASE *SRP_VBASE_new(char *seed_key);
void SRP_VBASE_free(SRP_VBASE *vb);
+#ifndef OPENSSL_NO_STDIO
int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
+#endif
SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
char *SRP_create_verifier(const char *user, const char *pass, char **salt,
char **verifier, const char *N, const char *g);
diff --git a/include/openssl/ts.h b/include/openssl/ts.h
index b983abc..a5af9c2 100644
--- a/include/openssl/ts.h
+++ b/include/openssl/ts.h
@@ -273,8 +273,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
TS_REQ *TS_REQ_dup(TS_REQ *a);
+#ifndef OPENSSL_NO_STDIO
TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
+#endif
TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
@@ -286,10 +288,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
+#ifndef OPENSSL_NO_STDIO
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
+#endif
TS_RESP *TS_RESP_new(void);
void TS_RESP_free(TS_RESP *a);
@@ -298,10 +302,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
TS_RESP *TS_RESP_dup(TS_RESP *a);
+#ifndef OPENSSL_NO_STDIO
TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
+#endif
TS_STATUS_INFO *TS_STATUS_INFO_new(void);
void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
@@ -317,10 +323,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
long length);
TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
+#ifndef OPENSSL_NO_STDIO
TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
+#endif
TS_ACCURACY *TS_ACCURACY_new(void);
void TS_ACCURACY_free(TS_ACCURACY *a);
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 8e0a225..8858632 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -459,10 +459,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
-
+#ifndef OPENSSL_NO_STDIO
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
-
+#endif
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index a46ec5d..63c4b37 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -684,8 +684,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
int ml);
int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
int indent);
+#ifndef OPENSSL_NO_STDIO
int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
+#endif
int X509V3_extensions_print(BIO *out, char *title,
STACK_OF(X509_EXTENSION) *exts,
unsigned long flag, int indent);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 5e9b8ff..e6f6d5a 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -661,12 +661,13 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
return (add_client_CA(&(ctx->client_CA), x));
}
+#ifndef OPENSSL_NO_STDIO
+
static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
{
return (X509_NAME_cmp(*a, *b));
}
-#ifndef OPENSSL_NO_STDIO
/**
* Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
* it doesn't really have anything to do with clients (except that a common use
@@ -730,7 +731,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
ERR_clear_error();
return (ret);
}
-#endif
/**
* Add a file of certs to a stack.
@@ -846,6 +846,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
return ret;
}
+#endif /* !OPENSSL_NO_STDIO */
/* Add a certificate to a BUF_MEM structure */
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
¹ http://git.infradead.org/users/dwmw2/openssl.git/commitdiff/eb73a6112
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150722/5599cbdb/attachment-0001.bin>
More information about the openssl-dev
mailing list