1 files changed, 66 insertions, 38 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 2cfb615878..b8b9bc2390 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -117,6 +117,7 @@
 #if defined(WIN32)
 #include <windows.h>
+#include <tchar.h>
 #endif
 #ifdef NeXT
@@ -129,6 +130,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include "ssl_locl.h"
+#include <openssl/fips.h>
 int SSL_get_ex_data_X509_STORE_CTX_idx(void)
        {
@@ -542,12 +544,12 @@ void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
        set_client_CA_list(&(ctx->client_CA),name_list);
        }
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
        {
        return(ctx->client_CA);
        }
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s)
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
        {
        if (s->type == SSL_ST_CONNECT)
                { /* we are in the client */
@@ -783,36 +785,54 @@ err:
 #else /* OPENSSL_SYS_WIN32 */
+#if defined(_WIN32_WCE)
+# ifndef UNICODE
+#  error "WinCE comes in UNICODE flavor only..."
+# endif
+# if _WIN32_WCE<101 && !defined(OPENSSL_NO_MULTIBYTE)
+#  define OPENSSL_NO_MULTIBYTE
+# endif
+# ifndef  FindFirstFile
+#  define FindFirstFile FindFirstFileW
+# endif
+# ifndef  FindNextFile
+#  define FindNextFile FindNextFileW
+# endif
+#endif
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                       const char *dir)
        {
        WIN32_FIND_DATA FindFileData;
        HANDLE hFind;
-        int ret = 0;
+        int    ret = 0;
-#ifdef OPENSSL_SYS_WINCE
+        TCHAR *wdir = NULL;
-        WCHAR* wdir = NULL;
+        size_t i,len_0 = strlen(dir)+1; /* len_0 accounts for trailing 0 */
-#endif
+        char   buf[1024],*slash;
+        if (len_0 > (sizeof(buf)-14))   /* 14 is just some value... */
+                {
+                SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+                return ret;
+                }
        CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-        
-#ifdef OPENSSL_SYS_WINCE
+        if (sizeof(TCHAR) != sizeof(char))
-        /* convert strings to UNICODE */
+                {
-        {
+                wdir = (TCHAR *)malloc(len_0*sizeof(TCHAR));
-                BOOL result = FALSE;
-                int i;
-                wdir = malloc((strlen(dir)+1)*2);
                if (wdir == NULL)
                        goto err_noclose;
-                for (i=0; i<(int)strlen(dir)+1; i++)
+#ifndef OPENSSL_NO_MULTIBYTE
-                        wdir[i] = (short)dir[i];
+                if (!MultiByteToWideChar(CP_ACP,0,dir,len_0,
-        }
+                                        (WCHAR *)wdir,len_0))
 #endif
+                        for (i=0;i<len_0;i++) wdir[i]=(TCHAR)dir[i];
+                hFind = FindFirstFile(wdir, &FindFileData);
+                }
+        else    hFind = FindFirstFile((const TCHAR *)dir, &FindFileData);
-#ifdef OPENSSL_SYS_WINCE
-        hFind = FindFirstFile(wdir, &FindFileData);
-#else
-        hFind = FindFirstFile(dir, &FindFileData);
-#endif
        /* Note that a side effect is that the CAs will be sorted by name */
        if(hFind == INVALID_HANDLE_VALUE)
                {
@@ -821,25 +841,34 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
                goto err_noclose;
                }
-        
-        do 
+        strncpy(buf,dir,sizeof(buf));   /* strcpy is safe too... */
-                {
+        buf[len_0-1]='/';               /* no trailing zero!     */
-                char buf[1024];
+        slash=buf+len_0;
-                int r;
-                
+        do      {
-#ifdef OPENSSL_SYS_WINCE
+                const TCHAR *fnam=FindFileData.cFileName;
-                if(strlen(dir)+_tcslen(FindFileData.cFileName)+2 > sizeof buf)
+                size_t flen_0=_tcslen(fnam)+1;
-#else
-                if(strlen(dir)+strlen(FindFileData.cFileName)+2 > sizeof buf)
+                if (flen_0 > (sizeof(buf)-len_0))
-#endif
                        {
                        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
                        goto err;
                        }
-                
+                /* else strcpy would be safe too... */
-                r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,FindFileData.cFileName);
-                if (r <= 0 || r >= sizeof buf)
+                if (sizeof(TCHAR) != sizeof(char))
-                        goto err;
+                        {
+#ifndef OPENSSL_NO_MULTIBYTE
+                        if (!WideCharToMultiByte(CP_ACP,0,
+                                                (WCHAR *)fnam,flen_0,
+                                                slash,sizeof(buf)-len_0,
+                                                NULL,0))
+#endif
+                                for (i=0;i<flen_0;i++) slash[i]=(char)fnam[i];
+                        }
+                else    strncpy(slash,(const char *)fnam,sizeof(buf)-len_0);
                if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
                        goto err;
                }
@@ -849,10 +878,9 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
 err:    
        FindClose(hFind);
 err_noclose:
-#ifdef OPENSSL_SYS_WINCE
        if (wdir != NULL)
                free(wdir);
-#endif
        CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
        return ret;
        }

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 2cfb615878..b8b9bc2390 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c
@@ -117,6 +117,7 @@
117		117
118	#if defined(WIN32)	118	#if defined(WIN32)
119	#include <windows.h>	119	#include <windows.h>
		120	#include <tchar.h>
120	#endif	121	#endif
121		122
122	#ifdef NeXT	123	#ifdef NeXT
@@ -129,6 +130,7 @@
129	#include <openssl/pem.h>	130	#include <openssl/pem.h>
130	#include <openssl/x509v3.h>	131	#include <openssl/x509v3.h>
131	#include "ssl_locl.h"	132	#include "ssl_locl.h"
		133	#include <openssl/fips.h>
132		134
133	int SSL_get_ex_data_X509_STORE_CTX_idx(void)	135	int SSL_get_ex_data_X509_STORE_CTX_idx(void)
134	{	136	{
@@ -542,12 +544,12 @@ void SSL_CTX_set_client_CA_list(SSL_CTX ctx,STACK_OF(X509_NAME) name_list)
542	set_client_CA_list(&(ctx->client_CA),name_list);	544	set_client_CA_list(&(ctx->client_CA),name_list);
543	}	545	}
544		546
545	STACK_OF(X509_NAME) SSL_CTX_get_client_CA_list(SSL_CTX ctx)	547	STACK_OF(X509_NAME) SSL_CTX_get_client_CA_list(const SSL_CTX ctx)
546	{	548	{
547	return(ctx->client_CA);	549	return(ctx->client_CA);
548	}	550	}
549		551
550	STACK_OF(X509_NAME) SSL_get_client_CA_list(SSL s)	552	STACK_OF(X509_NAME) SSL_get_client_CA_list(const SSL s)
551	{	553	{
552	if (s->type == SSL_ST_CONNECT)	554	if (s->type == SSL_ST_CONNECT)
553	{ /* we are in the client */	555	{ /* we are in the client */
@@ -783,36 +785,54 @@ err:
783		785
784	#else /* OPENSSL_SYS_WIN32 */	786	#else /* OPENSSL_SYS_WIN32 */
785		787
		788	#if defined(_WIN32_WCE)
		789	# ifndef UNICODE
		790	# error "WinCE comes in UNICODE flavor only..."
		791	# endif
		792	# if _WIN32_WCE<101 && !defined(OPENSSL_NO_MULTIBYTE)
		793	# define OPENSSL_NO_MULTIBYTE
		794	# endif
		795	# ifndef FindFirstFile
		796	# define FindFirstFile FindFirstFileW
		797	# endif
		798	# ifndef FindNextFile
		799	# define FindNextFile FindNextFileW
		800	# endif
		801	#endif
		802
786	int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,	803	int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
787	const char *dir)	804	const char *dir)
788	{	805	{
789	WIN32_FIND_DATA FindFileData;	806	WIN32_FIND_DATA FindFileData;
790	HANDLE hFind;	807	HANDLE hFind;
791	int ret = 0;	808	int ret = 0;
792	#ifdef OPENSSL_SYS_WINCE	809	TCHAR *wdir = NULL;
793	WCHAR* wdir = NULL;	810	size_t i,len_0 = strlen(dir)+1; /* len_0 accounts for trailing 0 */
794	#endif	811	char buf[1024],*slash;
		812
		813	if (len_0 > (sizeof(buf)-14)) /* 14 is just some value... */
		814	{
		815	SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
		816	return ret;
		817	}
795		818
796	CRYPTO_w_lock(CRYPTO_LOCK_READDIR);	819	CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
797		820
798	#ifdef OPENSSL_SYS_WINCE	821	if (sizeof(TCHAR) != sizeof(char))
799	/* convert strings to UNICODE */	822	{
800	{	823	wdir = (TCHAR )malloc(len_0sizeof(TCHAR));
801	BOOL result = FALSE;
802	int i;
803	wdir = malloc((strlen(dir)+1)*2);
804	if (wdir == NULL)	824	if (wdir == NULL)
805	goto err_noclose;	825	goto err_noclose;
806	for (i=0; i<(int)strlen(dir)+1; i++)	826	#ifndef OPENSSL_NO_MULTIBYTE
807	wdir[i] = (short)dir[i];	827	if (!MultiByteToWideChar(CP_ACP,0,dir,len_0,
808	}	828	(WCHAR *)wdir,len_0))
809	#endif	829	#endif
		830	for (i=0;i<len_0;i++) wdir[i]=(TCHAR)dir[i];
		831
		832	hFind = FindFirstFile(wdir, &FindFileData);
		833	}
		834	else hFind = FindFirstFile((const TCHAR *)dir, &FindFileData);
810		835
811	#ifdef OPENSSL_SYS_WINCE
812	hFind = FindFirstFile(wdir, &FindFileData);
813	#else
814	hFind = FindFirstFile(dir, &FindFileData);
815	#endif
816	/* Note that a side effect is that the CAs will be sorted by name */	836	/* Note that a side effect is that the CAs will be sorted by name */
817	if(hFind == INVALID_HANDLE_VALUE)	837	if(hFind == INVALID_HANDLE_VALUE)
818	{	838	{
@@ -821,25 +841,34 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
821	SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);	841	SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
822	goto err_noclose;	842	goto err_noclose;
823	}	843	}
824		844
825	do	845	strncpy(buf,dir,sizeof(buf)); /* strcpy is safe too... */
826	{	846	buf[len_0-1]='/'; /* no trailing zero! */
827	char buf[1024];	847	slash=buf+len_0;
828	int r;	848
829		849	do {
830	#ifdef OPENSSL_SYS_WINCE	850	const TCHAR *fnam=FindFileData.cFileName;
831	if(strlen(dir)+_tcslen(FindFileData.cFileName)+2 > sizeof buf)	851	size_t flen_0=_tcslen(fnam)+1;
832	#else	852
833	if(strlen(dir)+strlen(FindFileData.cFileName)+2 > sizeof buf)	853	if (flen_0 > (sizeof(buf)-len_0))
834	#endif
835	{	854	{
836	SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);	855	SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
837	goto err;	856	goto err;
838	}	857	}
839		858	/* else strcpy would be safe too... */
840	r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,FindFileData.cFileName);	859
841	if (r <= 0 \|\| r >= sizeof buf)	860	if (sizeof(TCHAR) != sizeof(char))
842	goto err;	861	{
		862	#ifndef OPENSSL_NO_MULTIBYTE
		863	if (!WideCharToMultiByte(CP_ACP,0,
		864	(WCHAR *)fnam,flen_0,
		865	slash,sizeof(buf)-len_0,
		866	NULL,0))
		867	#endif
		868	for (i=0;i<flen_0;i++) slash[i]=(char)fnam[i];
		869	}
		870	else strncpy(slash,(const char *)fnam,sizeof(buf)-len_0);
		871
843	if(!SSL_add_file_cert_subjects_to_stack(stack,buf))	872	if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
844	goto err;	873	goto err;
845	}	874	}
@@ -849,10 +878,9 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
849	err:	878	err:
850	FindClose(hFind);	879	FindClose(hFind);
851	err_noclose:	880	err_noclose:
852	#ifdef OPENSSL_SYS_WINCE
853	if (wdir != NULL)	881	if (wdir != NULL)
854	free(wdir);	882	free(wdir);
855	#endif	883
856	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);	884	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
857	return ret;	885	return ret;
858	}	886	}