resolve conflicts

author: djm <djm@openbsd.org> 2005-04-29 05:39:09 +0000
committer: djm <djm@openbsd.org> 2005-04-29 05:39:09 +0000
commit: 40d8aef356a70d0b13395f0805e3044b85d91347 (patch)
tree: 22edbfd34c49ce1b7988794a7a74d65829c13819 /lib/libssl/ssl_cert.c
parent: import of openssl-0.9.7g; tested on platforms from alpha to zaurus, ok deraadt@ (diff)
download: wireguard-openbsd-40d8aef356a70d0b13395f0805e3044b85d91347.tar.xz
wireguard-openbsd-40d8aef356a70d0b13395f0805e3044b85d91347.zip
1 files changed, 66 insertions, 38 deletions
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index 2cfb6158787..b8b9bc23900 100644
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -117,6 +117,7 @@
 
 #if defined(WIN32)
 #include <windows.h>
+#include <tchar.h>
 #endif
 
 #ifdef NeXT
@@ -129,6 +130,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include "ssl_locl.h"
+#include <openssl/fips.h>
 
 int SSL_get_ex_data_X509_STORE_CTX_idx(void)
 	{
@@ -542,12 +544,12 @@ void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
 	set_client_CA_list(&(ctx->client_CA),name_list);
 	}
 
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
 	{
 	return(ctx->client_CA);
 	}
 
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s)
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
 	{
 	if (s->type == SSL_ST_CONNECT)
 		{ /* we are in the client */
@@ -783,36 +785,54 @@ err:
 
 #else /* OPENSSL_SYS_WIN32 */
 
+#if defined(_WIN32_WCE)
+# ifndef UNICODE
+#  error "WinCE comes in UNICODE flavor only..."
+# endif
+# if _WIN32_WCE<101 && !defined(OPENSSL_NO_MULTIBYTE)
+#  define OPENSSL_NO_MULTIBYTE
+# endif
+# ifndef  FindFirstFile
+#  define FindFirstFile FindFirstFileW
+# endif
+# ifndef  FindNextFile
+#  define FindNextFile FindNextFileW
+# endif
+#endif
+
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 				       const char *dir)
 	{
 	WIN32_FIND_DATA FindFileData;
 	HANDLE hFind;
-	int ret = 0;
-#ifdef OPENSSL_SYS_WINCE
-	WCHAR* wdir = NULL;
-#endif
+	int    ret = 0;
+	TCHAR *wdir = NULL;
+	size_t i,len_0 = strlen(dir)+1;	/* len_0 accounts for trailing 0 */
+	char   buf[1024],*slash;
+
+	if (len_0 > (sizeof(buf)-14))	/* 14 is just some value... */
+		{
+		SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+		return ret;
+		}
 
 	CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-	
-#ifdef OPENSSL_SYS_WINCE
-	/* convert strings to UNICODE */
-	{
-		BOOL result = FALSE;
-		int i;
-		wdir = malloc((strlen(dir)+1)*2);
+
+	if (sizeof(TCHAR) != sizeof(char))
+		{
+		wdir = (TCHAR *)malloc(len_0*sizeof(TCHAR));
 		if (wdir == NULL)
 			goto err_noclose;
-		for (i=0; i<(int)strlen(dir)+1; i++)
-			wdir[i] = (short)dir[i];
-	}
+#ifndef OPENSSL_NO_MULTIBYTE
+		if (!MultiByteToWideChar(CP_ACP,0,dir,len_0,
+					(WCHAR *)wdir,len_0))
 #endif
+			for (i=0;i<len_0;i++) wdir[i]=(TCHAR)dir[i];
+
+		hFind = FindFirstFile(wdir, &FindFileData);
+		}
+	else	hFind = FindFirstFile((const TCHAR *)dir, &FindFileData);
 
-#ifdef OPENSSL_SYS_WINCE
-	hFind = FindFirstFile(wdir, &FindFileData);
-#else
-	hFind = FindFirstFile(dir, &FindFileData);
-#endif
 	/* Note that a side effect is that the CAs will be sorted by name */
 	if(hFind == INVALID_HANDLE_VALUE)
 		{
@@ -821,25 +841,34 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 		SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
 		goto err_noclose;
 		}
-	
-	do 
-		{
-		char buf[1024];
-		int r;
-		
-#ifdef OPENSSL_SYS_WINCE
-		if(strlen(dir)+_tcslen(FindFileData.cFileName)+2 > sizeof buf)
-#else
-		if(strlen(dir)+strlen(FindFileData.cFileName)+2 > sizeof buf)
-#endif
+
+	strncpy(buf,dir,sizeof(buf));	/* strcpy is safe too... */
+	buf[len_0-1]='/';		/* no trailing zero!     */
+	slash=buf+len_0;
+
+	do	{
+		const TCHAR *fnam=FindFileData.cFileName;
+		size_t flen_0=_tcslen(fnam)+1;
+
+		if (flen_0 > (sizeof(buf)-len_0))
 			{
 			SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
 			goto err;
 			}
-		
-		r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,FindFileData.cFileName);
-		if (r <= 0 || r >= sizeof buf)
-			goto err;
+		/* else strcpy would be safe too... */
+
+		if (sizeof(TCHAR) != sizeof(char))
+			{
+#ifndef OPENSSL_NO_MULTIBYTE
+			if (!WideCharToMultiByte(CP_ACP,0,
+						(WCHAR *)fnam,flen_0,
+						slash,sizeof(buf)-len_0,
+						NULL,0))
+#endif
+				for (i=0;i<flen_0;i++) slash[i]=(char)fnam[i];
+			}
+		else	strncpy(slash,(const char *)fnam,sizeof(buf)-len_0);
+
 		if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
 			goto err;
 		}
@@ -849,10 +878,9 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 err:	
 	FindClose(hFind);
 err_noclose:
-#ifdef OPENSSL_SYS_WINCE
 	if (wdir != NULL)
 		free(wdir);
-#endif
+
 	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
 	return ret;
 	}
author	djm <djm@openbsd.org>	2005-04-29 05:39:09 +0000
committer	djm <djm@openbsd.org>	2005-04-29 05:39:09 +0000
commit	40d8aef356a70d0b13395f0805e3044b85d91347 (patch)
tree	22edbfd34c49ce1b7988794a7a74d65829c13819 /lib/libssl/ssl_cert.c
parent	import of openssl-0.9.7g; tested on platforms from alpha to zaurus, ok deraadt@ (diff)
download	wireguard-openbsd-40d8aef356a70d0b13395f0805e3044b85d91347.tar.xz wireguard-openbsd-40d8aef356a70d0b13395f0805e3044b85d91347.zip