diff options
author | RĂ©mi Verschelde <rverschelde@gmail.com> | 2018-04-03 23:14:01 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-03 23:14:01 +0200 |
commit | 1710582473330dc6e7758953e3378187b5e3f226 (patch) | |
tree | 7dc769e2f23c15c639129845882e308ea3b0b430 /thirdparty/mbedtls/library/x509_crt.c | |
parent | 60d89d0ab315d957bb858eecb5c8b837eb160fa1 (diff) | |
parent | 2e078142a0803ee5b411959734f857fbac666951 (diff) |
Merge pull request #17847 from Faless/lws_update
LWS v2.4.2, mbedTLS v2.8.0, Websocket SSL support
Diffstat (limited to 'thirdparty/mbedtls/library/x509_crt.c')
-rw-r--r-- | thirdparty/mbedtls/library/x509_crt.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/thirdparty/mbedtls/library/x509_crt.c b/thirdparty/mbedtls/library/x509_crt.c index 6c592fdb5a..2a5dbb8783 100644 --- a/thirdparty/mbedtls/library/x509_crt.c +++ b/thirdparty/mbedtls/library/x509_crt.c @@ -62,16 +62,17 @@ #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include <windows.h> -#if _MSC_VER <= 1600 -/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and <intsafe.h> are included, as they - * redefine a number of <TYPE>_MAX constants. These constants are guaranteed to be the same, though, so - * we suppress the warning when including intsafe.h. +#if defined(_MSC_VER) && _MSC_VER <= 1600 +/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and + * <intsafe.h> are included, as they redefine a number of <TYPE>_MAX constants. + * These constants are guaranteed to be the same, though, so we suppress the + * warning when including intsafe.h. */ #pragma warning( push ) #pragma warning( disable : 4005 ) #endif #include <intsafe.h> -#if _MSC_VER <= 1600 +#if defined(_MSC_VER) && _MSC_VER <= 1600 #pragma warning( pop ) #endif #else @@ -145,7 +146,8 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ), /* Only ECDSA */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ), + MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ), #if defined(MBEDTLS_ECP_C) /* Only NIST P-256 and P-384 */ MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | @@ -484,9 +486,12 @@ static int x509_get_subject_alt_name( unsigned char **p, if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); - if( ( tag & MBEDTLS_ASN1_CONTEXT_SPECIFIC ) != MBEDTLS_ASN1_CONTEXT_SPECIFIC ) + if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != + MBEDTLS_ASN1_CONTEXT_SPECIFIC ) + { return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + } /* Skip everything but DNS name */ if( tag != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2 ) ) @@ -1140,6 +1145,14 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if ( FAILED ( SizeTToInt( len, &lengthAsInt ) ) ) return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + /* + * Note this function uses the code page CP_ACP, and assumes the incoming + * string is encoded in ANSI, before translating it into Unicode. If the + * incoming string were changed to be UTF-8, then the length check needs to + * change to check the number of characters, not the number of bytes, in the + * incoming string are less than MAX_PATH to avoid a buffer overrun with + * MultiByteToWideChar(). + */ w_ret = MultiByteToWideChar( CP_ACP, 0, filename, lengthAsInt, szDir, MAX_PATH - 3 ); if( w_ret == 0 ) |