kris
/
boringssl
1
0
Креирај огранак 0
Код Дискусије 0 Захтеви за спајање 0 Издања 0 Вики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5157 Комити
12 Гране
38 MiB
Дрво: 6ae7ddb755
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from '6ae7ddb755'
${ noResults }
boringssl/decrepit/ssl/ssl_decrepit.c

ssl_decrepit.c 6.9 KiB
Датотека Normal View Историја

Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. There was only one function that required BoringSSL to know how to read directories. Unfortunately, it does have some callers and it's not immediately obvious whether the code is unreachable. Rather than worry about that, just toss it all into decrepit. In doing so, do away with the Windows and PNaCl codepaths. Only implement OPENSSL_DIR_CTX on Linux. Change-Id: Ie64d20254f2f632fadc3f248bbf5a8293ab2b451 Reviewed-on: https://boringssl-review.googlesource.com/7661 Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Fix Windows build. Change-Id: Ie35b8d0e2da0f7d2588c4a436fc4b2b2596aaf18 Reviewed-on: https://boringssl-review.googlesource.com/7791 Reviewed-by: David Benjamin <davidben@google.com>
пре 8 година
Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. There was only one function that required BoringSSL to know how to read directories. Unfortunately, it does have some callers and it's not immediately obvious whether the code is unreachable. Rather than worry about that, just toss it all into decrepit. In doing so, do away with the Windows and PNaCl codepaths. Only implement OPENSSL_DIR_CTX on Linux. Change-Id: Ie64d20254f2f632fadc3f248bbf5a8293ab2b451 Reviewed-on: https://boringssl-review.googlesource.com/7661 Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Switch from readdir_r back to readdir. readdir and readdir_r have a sad history: https://www.gnu.org/software/libc/manual/html_node/Reading_002fClosing-Directory.html https://womble.decadent.org.uk/readdir_r-advisory.html http://austingroupbugs.net/view.php?id=696 Martin Thomson reports that newer glibcs warn that readdir_r is deprecated. Especially since this has been banished to libdecrepit anyway, go ahead and honor that warning. OpenSSL also uses readdir, so we're no worse than they are. While I'm here, rewrite this to remove a useless layer of abstraction, now that we've punted on supporting most platforms here. Also remove the redundant documentation comment (there's one in the header already). Change-Id: I5350c55417a7f5c4c4725f97dd63f960aeb96801 Reviewed-on: https://boringssl-review.googlesource.com/11220 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 8 година
Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. There was only one function that required BoringSSL to know how to read directories. Unfortunately, it does have some callers and it's not immediately obvious whether the code is unreachable. Rather than worry about that, just toss it all into decrepit. In doing so, do away with the Windows and PNaCl codepaths. Only implement OPENSSL_DIR_CTX on Linux. Change-Id: Ie64d20254f2f632fadc3f248bbf5a8293ab2b451 Reviewed-on: https://boringssl-review.googlesource.com/7661 Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Switch from readdir_r back to readdir. readdir and readdir_r have a sad history: https://www.gnu.org/software/libc/manual/html_node/Reading_002fClosing-Directory.html https://womble.decadent.org.uk/readdir_r-advisory.html http://austingroupbugs.net/view.php?id=696 Martin Thomson reports that newer glibcs warn that readdir_r is deprecated. Especially since this has been banished to libdecrepit anyway, go ahead and honor that warning. OpenSSL also uses readdir, so we're no worse than they are. While I'm here, rewrite this to remove a useless layer of abstraction, now that we've punted on supporting most platforms here. Also remove the redundant documentation comment (there's one in the header already). Change-Id: I5350c55417a7f5c4c4725f97dd63f960aeb96801 Reviewed-on: https://boringssl-review.googlesource.com/11220 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 8 година
Run the comment conversion script on decrepit/ No one has CLs open there. Change-Id: I387c1f04cc9ee7bf794bdc390d498e3f80b21091 Reviewed-on: https://boringssl-review.googlesource.com/19484 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 7 година
Switch from readdir_r back to readdir. readdir and readdir_r have a sad history: https://www.gnu.org/software/libc/manual/html_node/Reading_002fClosing-Directory.html https://womble.decadent.org.uk/readdir_r-advisory.html http://austingroupbugs.net/view.php?id=696 Martin Thomson reports that newer glibcs warn that readdir_r is deprecated. Especially since this has been banished to libdecrepit anyway, go ahead and honor that warning. OpenSSL also uses readdir, so we're no worse than they are. While I'm here, rewrite this to remove a useless layer of abstraction, now that we've punted on supporting most platforms here. Also remove the redundant documentation comment (there's one in the header already). Change-Id: I5350c55417a7f5c4c4725f97dd63f960aeb96801 Reviewed-on: https://boringssl-review.googlesource.com/11220 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 8 година
Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. There was only one function that required BoringSSL to know how to read directories. Unfortunately, it does have some callers and it's not immediately obvious whether the code is unreachable. Rather than worry about that, just toss it all into decrepit. In doing so, do away with the Windows and PNaCl codepaths. Only implement OPENSSL_DIR_CTX on Linux. Change-Id: Ie64d20254f2f632fadc3f248bbf5a8293ab2b451 Reviewed-on: https://boringssl-review.googlesource.com/7661 Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Switch from readdir_r back to readdir. readdir and readdir_r have a sad history: https://www.gnu.org/software/libc/manual/html_node/Reading_002fClosing-Directory.html https://womble.decadent.org.uk/readdir_r-advisory.html http://austingroupbugs.net/view.php?id=696 Martin Thomson reports that newer glibcs warn that readdir_r is deprecated. Especially since this has been banished to libdecrepit anyway, go ahead and honor that warning. OpenSSL also uses readdir, so we're no worse than they are. While I'm here, rewrite this to remove a useless layer of abstraction, now that we've punted on supporting most platforms here. Also remove the redundant documentation comment (there's one in the header already). Change-Id: I5350c55417a7f5c4c4725f97dd63f960aeb96801 Reviewed-on: https://boringssl-review.googlesource.com/11220 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 8 година
Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. There was only one function that required BoringSSL to know how to read directories. Unfortunately, it does have some callers and it's not immediately obvious whether the code is unreachable. Rather than worry about that, just toss it all into decrepit. In doing so, do away with the Windows and PNaCl codepaths. Only implement OPENSSL_DIR_CTX on Linux. Change-Id: Ie64d20254f2f632fadc3f248bbf5a8293ab2b451 Reviewed-on: https://boringssl-review.googlesource.com/7661 Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Switch from readdir_r back to readdir. readdir and readdir_r have a sad history: https://www.gnu.org/software/libc/manual/html_node/Reading_002fClosing-Directory.html https://womble.decadent.org.uk/readdir_r-advisory.html http://austingroupbugs.net/view.php?id=696 Martin Thomson reports that newer glibcs warn that readdir_r is deprecated. Especially since this has been banished to libdecrepit anyway, go ahead and honor that warning. OpenSSL also uses readdir, so we're no worse than they are. While I'm here, rewrite this to remove a useless layer of abstraction, now that we've punted on supporting most platforms here. Also remove the redundant documentation comment (there's one in the header already). Change-Id: I5350c55417a7f5c4c4725f97dd63f960aeb96801 Reviewed-on: https://boringssl-review.googlesource.com/11220 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 8 година
Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. There was only one function that required BoringSSL to know how to read directories. Unfortunately, it does have some callers and it's not immediately obvious whether the code is unreachable. Rather than worry about that, just toss it all into decrepit. In doing so, do away with the Windows and PNaCl codepaths. Only implement OPENSSL_DIR_CTX on Linux. Change-Id: Ie64d20254f2f632fadc3f248bbf5a8293ab2b451 Reviewed-on: https://boringssl-review.googlesource.com/7661 Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Switch from readdir_r back to readdir. readdir and readdir_r have a sad history: https://www.gnu.org/software/libc/manual/html_node/Reading_002fClosing-Directory.html https://womble.decadent.org.uk/readdir_r-advisory.html http://austingroupbugs.net/view.php?id=696 Martin Thomson reports that newer glibcs warn that readdir_r is deprecated. Especially since this has been banished to libdecrepit anyway, go ahead and honor that warning. OpenSSL also uses readdir, so we're no worse than they are. While I'm here, rewrite this to remove a useless layer of abstraction, now that we've punted on supporting most platforms here. Also remove the redundant documentation comment (there's one in the header already). Change-Id: I5350c55417a7f5c4c4725f97dd63f960aeb96801 Reviewed-on: https://boringssl-review.googlesource.com/11220 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 8 година
Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. There was only one function that required BoringSSL to know how to read directories. Unfortunately, it does have some callers and it's not immediately obvious whether the code is unreachable. Rather than worry about that, just toss it all into decrepit. In doing so, do away with the Windows and PNaCl codepaths. Only implement OPENSSL_DIR_CTX on Linux. Change-Id: Ie64d20254f2f632fadc3f248bbf5a8293ab2b451 Reviewed-on: https://boringssl-review.googlesource.com/7661 Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Switch from readdir_r back to readdir. readdir and readdir_r have a sad history: https://www.gnu.org/software/libc/manual/html_node/Reading_002fClosing-Directory.html https://womble.decadent.org.uk/readdir_r-advisory.html http://austingroupbugs.net/view.php?id=696 Martin Thomson reports that newer glibcs warn that readdir_r is deprecated. Especially since this has been banished to libdecrepit anyway, go ahead and honor that warning. OpenSSL also uses readdir, so we're no worse than they are. While I'm here, rewrite this to remove a useless layer of abstraction, now that we've punted on supporting most platforms here. Also remove the redundant documentation comment (there's one in the header already). Change-Id: I5350c55417a7f5c4c4725f97dd63f960aeb96801 Reviewed-on: https://boringssl-review.googlesource.com/11220 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 8 година
Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. There was only one function that required BoringSSL to know how to read directories. Unfortunately, it does have some callers and it's not immediately obvious whether the code is unreachable. Rather than worry about that, just toss it all into decrepit. In doing so, do away with the Windows and PNaCl codepaths. Only implement OPENSSL_DIR_CTX on Linux. Change-Id: Ie64d20254f2f632fadc3f248bbf5a8293ab2b451 Reviewed-on: https://boringssl-review.googlesource.com/7661 Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Switch from readdir_r back to readdir. readdir and readdir_r have a sad history: https://www.gnu.org/software/libc/manual/html_node/Reading_002fClosing-Directory.html https://womble.decadent.org.uk/readdir_r-advisory.html http://austingroupbugs.net/view.php?id=696 Martin Thomson reports that newer glibcs warn that readdir_r is deprecated. Especially since this has been banished to libdecrepit anyway, go ahead and honor that warning. OpenSSL also uses readdir, so we're no worse than they are. While I'm here, rewrite this to remove a useless layer of abstraction, now that we've punted on supporting most platforms here. Also remove the redundant documentation comment (there's one in the header already). Change-Id: I5350c55417a7f5c4c4725f97dd63f960aeb96801 Reviewed-on: https://boringssl-review.googlesource.com/11220 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 8 година
Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. There was only one function that required BoringSSL to know how to read directories. Unfortunately, it does have some callers and it's not immediately obvious whether the code is unreachable. Rather than worry about that, just toss it all into decrepit. In doing so, do away with the Windows and PNaCl codepaths. Only implement OPENSSL_DIR_CTX on Linux. Change-Id: Ie64d20254f2f632fadc3f248bbf5a8293ab2b451 Reviewed-on: https://boringssl-review.googlesource.com/7661 Reviewed-by: Adam Langley <agl@google.com>
пре 8 година
Run the comment conversion script on decrepit/ No one has CLs open there. Change-Id: I387c1f04cc9ee7bf794bdc390d498e3f80b21091 Reviewed-on: https://boringssl-review.googlesource.com/19484 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
пре 7 година
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165 
  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.]

  56.  */

  57. /* ====================================================================

  58.  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

  59.  *

  60.  * Redistribution and use in source and binary forms, with or without

  61.  * modification, are permitted provided that the following conditions

  62.  * are met:

  63.  *

  64.  * 1. Redistributions of source code must retain the above copyright

  65.  *    notice, this list of conditions and the following disclaimer.

  66.  *

  67.  * 2. Redistributions in binary form must reproduce the above copyright

  68.  *    notice, this list of conditions and the following disclaimer in

  69.  *    the documentation and/or other materials provided with the

  70.  *    distribution.

  71.  *

  72.  * 3. All advertising materials mentioning features or use of this

  73.  *    software must display the following acknowledgment:

  74.  *    "This product includes software developed by the OpenSSL Project

  75.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  76.  *

  77.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  78.  *    endorse or promote products derived from this software without

  79.  *    prior written permission. For written permission, please contact

  80.  *    openssl-core@openssl.org.

  81.  *

  82.  * 5. Products derived from this software may not be called "OpenSSL"

  83.  *    nor may "OpenSSL" appear in their names without prior written

  84.  *    permission of the OpenSSL Project.

  85.  *

  86.  * 6. Redistributions of any form whatsoever must retain the following

  87.  *    acknowledgment:

  88.  *    "This product includes software developed by the OpenSSL Project

  89.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  90.  *

  91.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  92.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  93.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  94.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  95.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  96.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  97.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  98.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  99.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  100.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  101.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  102.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  103.  * ====================================================================

  104.  *

  105.  * This product includes cryptographic software written by Eric Young

  106.  * (eay@cryptsoft.com).  This product includes software written by Tim

  107.  * Hudson (tjh@cryptsoft.com).

  108.  *

  109.  */

  110. 

  111. #include <openssl/ssl.h>

  112. 

  113. #if !defined(OPENSSL_WINDOWS) && !defined(OPENSSL_PNACL)

  114. 

  115. #include <dirent.h>

  116. #include <errno.h>

  117. #include <string.h>

  118. 

  119. #include <openssl/err.h>

  120. #include <openssl/mem.h>

  121. 

  122. 

  123. int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,

  124.                                        const char *path) {

  125.   DIR *dir = opendir(path);

  126.   if (dir == NULL) {

  127.     OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB);

  128.     ERR_add_error_data(3, "opendir('", dir, "')");

  129.     return 0;

  130.   }

  131. 

  132.   int ret = 0;

  133.   for (;;) {

  134.     // |readdir| may fail with or without setting |errno|.

  135.     errno = 0;

  136.     struct dirent *dirent = readdir(dir);

  137.     if (dirent == NULL) {

  138.       if (errno) {

  139.         OPENSSL_PUT_ERROR(SSL, ERR_R_SYS_LIB);

  140.         ERR_add_error_data(3, "readdir('", path, "')");

  141.       } else {

  142.         ret = 1;

  143.       }

  144.       break;

  145.     }

  146. 

  147.     char buf[1024];

  148.     if (strlen(path) + strlen(dirent->d_name) + 2 > sizeof(buf)) {

  149.       OPENSSL_PUT_ERROR(SSL, SSL_R_PATH_TOO_LONG);

  150.       break;

  151.     }

  152. 

  153.     int r = BIO_snprintf(buf, sizeof(buf), "%s/%s", path, dirent->d_name);

  154.     if (r <= 0 ||

  155.         r >= (int)sizeof(buf) ||

  156.         !SSL_add_file_cert_subjects_to_stack(stack, buf)) {

  157.       break;

  158.     }

  159.   }

  160. 

  161.   closedir(dir);

  162.   return ret;

  163. }

  164. 

  165. #endif  // !WINDOWS && !PNACL