diff options
| author | Martin Willi <martin@revosec.ch> | 2014-03-08 14:57:54 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2014-06-04 15:53:11 +0200 |
| commit | 13298719e3edc01fcbd1b3cb85ee36efaa573822 (patch) | |
| tree | 9d3f10abbe50ec4829566eef85e26cd1cd47c07b /src/pki | |
| parent | f1e7b9b0d7afd0e62984790d8c0eaa7e506142e6 (diff) | |
| download | strongswan-13298719e3edc01fcbd1b3cb85ee36efaa573822.tar.bz2 strongswan-13298719e3edc01fcbd1b3cb85ee36efaa573822.tar.xz | |
pki: Switch to binary mode on Windows when reading/writing DER to FDs
Diffstat (limited to 'src/pki')
| -rw-r--r-- | src/pki/commands/acert.c | 2 | ||||
| -rw-r--r-- | src/pki/commands/gen.c | 2 | ||||
| -rw-r--r-- | src/pki/commands/issue.c | 2 | ||||
| -rw-r--r-- | src/pki/commands/keyid.c | 1 | ||||
| -rw-r--r-- | src/pki/commands/pkcs7.c | 1 | ||||
| -rw-r--r-- | src/pki/commands/print.c | 1 | ||||
| -rw-r--r-- | src/pki/commands/pub.c | 2 | ||||
| -rw-r--r-- | src/pki/commands/req.c | 2 | ||||
| -rw-r--r-- | src/pki/commands/self.c | 2 | ||||
| -rw-r--r-- | src/pki/commands/signcrl.c | 1 | ||||
| -rw-r--r-- | src/pki/commands/verify.c | 1 | ||||
| -rw-r--r-- | src/pki/pki.c | 28 | ||||
| -rw-r--r-- | src/pki/pki.h | 5 |
13 files changed, 49 insertions, 1 deletions
diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c index 4a11c4716..185aa40b4 100644 --- a/src/pki/commands/acert.c +++ b/src/pki/commands/acert.c @@ -196,6 +196,7 @@ static int acert() } else { + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &encoding)) { fprintf(stderr, "%s: ", strerror(errno)); @@ -232,6 +233,7 @@ static int acert() error = "encoding attribute certificate failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing attribute certificate key failed"; diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c index b74be7d98..ce28a0971 100644 --- a/src/pki/commands/gen.c +++ b/src/pki/commands/gen.c @@ -133,6 +133,7 @@ static int gen() return 1; } key->destroy(key); + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { fprintf(stderr, "writing private key failed\n"); @@ -163,4 +164,3 @@ static void __attribute__ ((constructor))reg() } }); } - diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 339a88042..aaa2c2ff7 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -402,6 +402,7 @@ static int issue() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "%s: ", strerror(errno)); @@ -500,6 +501,7 @@ static int issue() error = "encoding certificate failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing certificate key failed"; diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c index 64bb3cc2c..c3ac0c288 100644 --- a/src/pki/commands/keyid.c +++ b/src/pki/commands/keyid.c @@ -91,6 +91,7 @@ static int keyid() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading input failed: %s\n", strerror(errno)); diff --git a/src/pki/commands/pkcs7.c b/src/pki/commands/pkcs7.c index 6c75693ab..28bcd1397 100644 --- a/src/pki/commands/pkcs7.c +++ b/src/pki/commands/pkcs7.c @@ -58,6 +58,7 @@ static bool write_to_stream(FILE *stream, chunk_t data) { size_t len, total = 0; + set_file_mode(stream, CERT_ASN1_DER); while (total < data.len) { len = fwrite(data.ptr + total, 1, data.len - total, stream); diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index 15ace035d..fb07169bf 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -604,6 +604,7 @@ static int print() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading input failed: %s\n", strerror(errno)); diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c index 260044c4e..b8d2f701d 100644 --- a/src/pki/commands/pub.c +++ b/src/pki/commands/pub.c @@ -110,6 +110,7 @@ static int pub() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading input failed: %s\n", strerror(errno)); @@ -163,6 +164,7 @@ static int pub() return 1; } public->destroy(public); + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { fprintf(stderr, "writing public key failed\n"); diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index 1dce8cba2..023683569 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -118,6 +118,7 @@ static int req() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading private key failed: %s\n", strerror(errno)); @@ -150,6 +151,7 @@ static int req() error = "encoding certificate request failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing certificate request failed"; diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 80f5053a1..daefcdc10 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -292,6 +292,7 @@ static int self() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "%s: ", strerror(errno)); @@ -360,6 +361,7 @@ static int self() error = "encoding certificate failed"; goto end; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing certificate key failed"; diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 3be020a4c..e5f49efe2 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -405,6 +405,7 @@ static int sign_crl() error = "encoding CRL failed"; goto error; } + set_file_mode(stdout, form); if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) { error = "writing CRL failed"; diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c index f30dda94d..6cfaaf263 100644 --- a/src/pki/commands/verify.c +++ b/src/pki/commands/verify.c @@ -59,6 +59,7 @@ static int verify() { chunk_t chunk; + set_file_mode(stdin, CERT_ASN1_DER); if (!chunk_from_fd(0, &chunk)) { fprintf(stderr, "reading certificate failed: %s\n", strerror(errno)); diff --git a/src/pki/pki.c b/src/pki/pki.c index 55b300e1a..5d37bfb9f 100644 --- a/src/pki/pki.c +++ b/src/pki/pki.c @@ -19,6 +19,7 @@ #include <time.h> #include <unistd.h> +#include <fcntl.h> #include <utils/debug.h> #include <credentials/sets/callback_cred.h> @@ -154,6 +155,33 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, } /** + * Set output file mode appropriate for credential encoding form on Windows + */ +void set_file_mode(FILE *stream, cred_encoding_type_t enc) +{ +#ifdef WIN32 + int fd; + + switch (enc) + { + case CERT_PEM: + case PRIVKEY_PEM: + case PUBKEY_PEM: + /* keep default text mode */ + return; + default: + /* switch to binary mode */ + break; + } + fd = fileno(stream); + if (fd != -1) + { + _setmode(fd, _O_BINARY); + } +#endif +} + +/** * Callback credential set pki uses */ static callback_cred_t *cb_set; diff --git a/src/pki/pki.h b/src/pki/pki.h index 616fac44a..1f0827733 100644 --- a/src/pki/pki.h +++ b/src/pki/pki.h @@ -50,4 +50,9 @@ bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type); bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, time_t *nb, time_t *na); +/** + * Set output file mode appropriate for credential encoding form on Windows + */ +void set_file_mode(FILE *stream, cred_encoding_type_t enc); + #endif /** PKI_H_ @}*/ |