d8e1cd7a10
_WIN32_WINNT redefinition fix is no longer needed as it was merged upstream. PR 1453 is still not merged, diff updated to current state.
121 lines
4.4 KiB
Diff
121 lines
4.4 KiB
Diff
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
|
|
index 67900c46c8..cefe882d2a 100644
|
|
--- a/library/entropy_poll.c
|
|
+++ b/library/entropy_poll.c
|
|
@@ -54,28 +54,43 @@
|
|
#define _WIN32_WINNT 0x0400
|
|
#endif
|
|
#include <windows.h>
|
|
-#include <wincrypt.h>
|
|
+#include <bcrypt.h>
|
|
+#if defined(_MSC_VER) && _MSC_VER <= 1600
|
|
+/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and
|
|
+ * <intsafe.h> are included, as they redefine a number of <TYPE>_MAX constants.
|
|
+ * These constants are guaranteed to be the same, though, so we suppress the
|
|
+ * warning when including intsafe.h.
|
|
+ */
|
|
+#pragma warning( push )
|
|
+#pragma warning( disable : 4005 )
|
|
+#endif
|
|
+#include <intsafe.h>
|
|
+#if defined(_MSC_VER) && _MSC_VER <= 1600
|
|
+#pragma warning( pop )
|
|
+#endif
|
|
|
|
int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
|
|
size_t *olen )
|
|
{
|
|
- HCRYPTPROV provider;
|
|
+ ULONG len_as_ulong = 0;
|
|
((void) data);
|
|
*olen = 0;
|
|
|
|
- if( CryptAcquireContext( &provider, NULL, NULL,
|
|
- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
|
|
+ /*
|
|
+ * BCryptGenRandom takes ULONG for size, which is smaller than size_t on
|
|
+ * 64-bit Windows platforms. Ensure len's value can be safely converted into
|
|
+ * a ULONG.
|
|
+ */
|
|
+ if ( FAILED( SizeTToULong( len, &len_as_ulong ) ) )
|
|
{
|
|
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
|
}
|
|
|
|
- if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
|
|
+ if ( !BCRYPT_SUCCESS( BCryptGenRandom( NULL, output, len_as_ulong, BCRYPT_USE_SYSTEM_PREFERRED_RNG ) ) )
|
|
{
|
|
- CryptReleaseContext( provider, 0 );
|
|
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
|
|
}
|
|
|
|
- CryptReleaseContext( provider, 0 );
|
|
*olen = len;
|
|
|
|
return( 0 );
|
|
diff --git a/library/x509_crt.c b/library/x509_crt.c
|
|
index 290c1eb3d1..3cf1743821 100644
|
|
--- a/library/x509_crt.c
|
|
+++ b/library/x509_crt.c
|
|
@@ -65,6 +65,19 @@
|
|
|
|
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
|
|
#include <windows.h>
|
|
+#if defined(_MSC_VER) && _MSC_VER <= 1600
|
|
+/* Visual Studio 2010 and earlier issue a warning when both <stdint.h> and
|
|
+ * <intsafe.h> are included, as they redefine a number of <TYPE>_MAX constants.
|
|
+ * These constants are guaranteed to be the same, though, so we suppress the
|
|
+ * warning when including intsafe.h.
|
|
+ */
|
|
+#pragma warning( push )
|
|
+#pragma warning( disable : 4005 )
|
|
+#endif
|
|
+#include <intsafe.h>
|
|
+#if defined(_MSC_VER) && _MSC_VER <= 1600
|
|
+#pragma warning( pop )
|
|
+#endif
|
|
#else
|
|
#include <time.h>
|
|
#endif
|
|
@@ -1126,6 +1139,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|
char filename[MAX_PATH];
|
|
char *p;
|
|
size_t len = strlen( path );
|
|
+ int length_as_int = 0;
|
|
|
|
WIN32_FIND_DATAW file_data;
|
|
HANDLE hFind;
|
|
@@ -1140,7 +1154,18 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|
p = filename + len;
|
|
filename[len++] = '*';
|
|
|
|
- w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
|
|
+ if ( FAILED ( SizeTToInt( len, &length_as_int ) ) )
|
|
+ return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
|
|
+
|
|
+ /*
|
|
+ * Note this function uses the code page CP_ACP, and assumes the incoming
|
|
+ * string is encoded in ANSI, before translating it into Unicode. If the
|
|
+ * incoming string were changed to be UTF-8, then the length check needs to
|
|
+ * change to check the number of characters, not the number of bytes, in the
|
|
+ * incoming string are less than MAX_PATH to avoid a buffer overrun with
|
|
+ * MultiByteToWideChar().
|
|
+ */
|
|
+ w_ret = MultiByteToWideChar( CP_ACP, 0, filename, length_as_int, szDir,
|
|
MAX_PATH - 3 );
|
|
if( w_ret == 0 )
|
|
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
|
@@ -1157,8 +1182,11 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path )
|
|
if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY )
|
|
continue;
|
|
|
|
+ if ( FAILED( SizeTToInt( wcslen( file_data.cFileName ), &length_as_int ) ) )
|
|
+ return( MBEDTLS_ERR_X509_FILE_IO_ERROR );
|
|
+
|
|
w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName,
|
|
- lstrlenW( file_data.cFileName ),
|
|
+ length_as_int,
|
|
p, (int) len - 1,
|
|
NULL, NULL );
|
|
if( w_ret == 0 )
|