aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/ssl/ssl_cert.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/ssl/ssl_cert.c')
-rw-r--r--crypto/openssl/ssl/ssl_cert.c108
1 files changed, 72 insertions, 36 deletions
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c
index 2cfb6158787a..0bef96080f2b 100644
--- a/crypto/openssl/ssl/ssl_cert.c
+++ b/crypto/openssl/ssl/ssl_cert.c
@@ -117,6 +117,7 @@
#if defined(WIN32)
#include <windows.h>
+#include <tchar.h>
#endif
#ifdef NeXT
@@ -129,6 +130,7 @@
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include "ssl_locl.h"
+#include <openssl/fips.h>
int SSL_get_ex_data_X509_STORE_CTX_idx(void)
{
@@ -491,7 +493,15 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
else
{
#ifndef OPENSSL_NO_X509_VERIFY
+# ifdef OPENSSL_FIPS
+ if(s->version == TLS1_VERSION)
+ FIPS_allow_md5(1);
+# endif
i=X509_verify_cert(&ctx);
+# ifdef OPENSSL_FIPS
+ if(s->version == TLS1_VERSION)
+ FIPS_allow_md5(0);
+# endif
#else
i=0;
ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
@@ -783,36 +793,54 @@ err:
#else /* OPENSSL_SYS_WIN32 */
+#if defined(_WIN32_WCE)
+# ifndef UNICODE
+# error "WinCE comes in UNICODE flavor only..."
+# endif
+# if _WIN32_WCE<101 && !defined(OPENSSL_NO_MULTIBYTE)
+# define OPENSSL_NO_MULTIBYTE
+# endif
+# ifndef FindFirstFile
+# define FindFirstFile FindFirstFileW
+# endif
+# ifndef FindNextFile
+# define FindNextFile FindNextFileW
+# endif
+#endif
+
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
const char *dir)
{
WIN32_FIND_DATA FindFileData;
HANDLE hFind;
- int ret = 0;
-#ifdef OPENSSL_SYS_WINCE
- WCHAR* wdir = NULL;
-#endif
+ int ret = 0;
+ TCHAR *wdir = NULL;
+ size_t i,len_0 = strlen(dir)+1; /* len_0 accounts for trailing 0 */
+ char buf[1024],*slash;
+
+ if (len_0 > (sizeof(buf)-14)) /* 14 is just some value... */
+ {
+ SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+ return ret;
+ }
CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-
-#ifdef OPENSSL_SYS_WINCE
- /* convert strings to UNICODE */
- {
- BOOL result = FALSE;
- int i;
- wdir = malloc((strlen(dir)+1)*2);
+
+ if (sizeof(TCHAR) != sizeof(char))
+ {
+ wdir = (TCHAR *)malloc(len_0*sizeof(TCHAR));
if (wdir == NULL)
goto err_noclose;
- for (i=0; i<(int)strlen(dir)+1; i++)
- wdir[i] = (short)dir[i];
- }
+#ifndef OPENSSL_NO_MULTIBYTE
+ if (!MultiByteToWideChar(CP_ACP,0,dir,len_0,
+ (WCHAR *)wdir,len_0))
#endif
+ for (i=0;i<len_0;i++) wdir[i]=(TCHAR)dir[i];
+
+ hFind = FindFirstFile(wdir, &FindFileData);
+ }
+ else hFind = FindFirstFile((const TCHAR *)dir, &FindFileData);
-#ifdef OPENSSL_SYS_WINCE
- hFind = FindFirstFile(wdir, &FindFileData);
-#else
- hFind = FindFirstFile(dir, &FindFileData);
-#endif
/* Note that a side effect is that the CAs will be sorted by name */
if(hFind == INVALID_HANDLE_VALUE)
{
@@ -821,25 +849,34 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
goto err_noclose;
}
-
- do
- {
- char buf[1024];
- int r;
-
-#ifdef OPENSSL_SYS_WINCE
- if(strlen(dir)+_tcslen(FindFileData.cFileName)+2 > sizeof buf)
-#else
- if(strlen(dir)+strlen(FindFileData.cFileName)+2 > sizeof buf)
-#endif
+
+ strncpy(buf,dir,sizeof(buf)); /* strcpy is safe too... */
+ buf[len_0-1]='/'; /* no trailing zero! */
+ slash=buf+len_0;
+
+ do {
+ const TCHAR *fnam=FindFileData.cFileName;
+ size_t flen_0=_tcslen(fnam)+1;
+
+ if (flen_0 > (sizeof(buf)-len_0))
{
SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
goto err;
}
-
- r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,FindFileData.cFileName);
- if (r <= 0 || r >= sizeof buf)
- goto err;
+ /* else strcpy would be safe too... */
+
+ if (sizeof(TCHAR) != sizeof(char))
+ {
+#ifndef OPENSSL_NO_MULTIBYTE
+ if (!WideCharToMultiByte(CP_ACP,0,
+ (WCHAR *)fnam,flen_0,
+ slash,sizeof(buf)-len_0,
+ NULL,0))
+#endif
+ for (i=0;i<flen_0;i++) slash[i]=(char)fnam[i];
+ }
+ else strncpy(slash,(const char *)fnam,sizeof(buf)-len_0);
+
if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
goto err;
}
@@ -849,10 +886,9 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
err:
FindClose(hFind);
err_noclose:
-#ifdef OPENSSL_SYS_WINCE
if (wdir != NULL)
free(wdir);
-#endif
+
CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
return ret;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 13:58:40 +0000