From: Martin Willi <martin@revosec.ch>
Date: Sat, 8 Mar 2014 13:57:54 +0000 (+0100)
Subject: pki: Switch to binary mode on Windows when reading/writing DER to FDs
X-Git-Tag: 5.2.0dr6~24^2~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=13298719e3edc01fcbd1b3cb85ee36efaa573822;p=thirdparty%2Fstrongswan.git

pki: Switch to binary mode on Windows when reading/writing DER to FDs
---

diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c
index 4a11c4716a..185aa40b48 100644
--- a/src/pki/commands/acert.c
+++ b/src/pki/commands/acert.c
@@ -196,6 +196,7 @@ static int acert()
 	}
 	else
 	{
+		set_file_mode(stdin, CERT_ASN1_DER);
 		if (!chunk_from_fd(0, &encoding))
 		{
 			fprintf(stderr, "%s: ", strerror(errno));
@@ -232,6 +233,7 @@ static int acert()
 		error = "encoding attribute certificate failed";
 		goto end;
 	}
+	set_file_mode(stdout, form);
 	if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1)
 	{
 		error = "writing attribute certificate key failed";
diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c
index b74be7d981..ce28a09711 100644
--- a/src/pki/commands/gen.c
+++ b/src/pki/commands/gen.c
@@ -133,6 +133,7 @@ static int gen()
 		return 1;
 	}
 	key->destroy(key);
+	set_file_mode(stdout, form);
 	if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1)
 	{
 		fprintf(stderr, "writing private key failed\n");
@@ -163,4 +164,3 @@ static void __attribute__ ((constructor))reg()
 		}
 	});
 }
-
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 339a88042a..aaa2c2ff72 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -402,6 +402,7 @@ static int issue()
 		{
 			chunk_t chunk;
 
+			set_file_mode(stdin, CERT_ASN1_DER);
 			if (!chunk_from_fd(0, &chunk))
 			{
 				fprintf(stderr, "%s: ", strerror(errno));
@@ -500,6 +501,7 @@ static int issue()
 		error = "encoding certificate failed";
 		goto end;
 	}
+	set_file_mode(stdout, form);
 	if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1)
 	{
 		error = "writing certificate key failed";
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index 64bb3cc2c1..c3ac0c288e 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -91,6 +91,7 @@ static int keyid()
 	{
 		chunk_t chunk;
 
+		set_file_mode(stdin, CERT_ASN1_DER);
 		if (!chunk_from_fd(0, &chunk))
 		{
 			fprintf(stderr, "reading input failed: %s\n", strerror(errno));
diff --git a/src/pki/commands/pkcs7.c b/src/pki/commands/pkcs7.c
index 6c75693ab7..28bcd13975 100644
--- a/src/pki/commands/pkcs7.c
+++ b/src/pki/commands/pkcs7.c
@@ -58,6 +58,7 @@ static bool write_to_stream(FILE *stream, chunk_t data)
 {
 	size_t len, total = 0;
 
+	set_file_mode(stream, CERT_ASN1_DER);
 	while (total < data.len)
 	{
 		len = fwrite(data.ptr + total, 1, data.len - total, stream);
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 15ace035de..fb07169bf6 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -604,6 +604,7 @@ static int print()
 	{
 		chunk_t chunk;
 
+		set_file_mode(stdin, CERT_ASN1_DER);
 		if (!chunk_from_fd(0, &chunk))
 		{
 			fprintf(stderr, "reading input failed: %s\n", strerror(errno));
diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index 260044c4e2..b8d2f701d6 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -110,6 +110,7 @@ static int pub()
 	{
 		chunk_t chunk;
 
+		set_file_mode(stdin, CERT_ASN1_DER);
 		if (!chunk_from_fd(0, &chunk))
 		{
 			fprintf(stderr, "reading input failed: %s\n", strerror(errno));
@@ -163,6 +164,7 @@ static int pub()
 		return 1;
 	}
 	public->destroy(public);
+	set_file_mode(stdout, form);
 	if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1)
 	{
 		fprintf(stderr, "writing public key failed\n");
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index 1dce8cba29..0236835691 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -118,6 +118,7 @@ static int req()
 	{
 		chunk_t chunk;
 
+		set_file_mode(stdin, CERT_ASN1_DER);
 		if (!chunk_from_fd(0, &chunk))
 		{
 			fprintf(stderr, "reading private key failed: %s\n", strerror(errno));
@@ -150,6 +151,7 @@ static int req()
 		error = "encoding certificate request failed";
 		goto end;
 	}
+	set_file_mode(stdout, form);
 	if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1)
 	{
 		error = "writing certificate request failed";
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 80f5053a11..daefcdc100 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -292,6 +292,7 @@ static int self()
 	{
 		chunk_t chunk;
 
+		set_file_mode(stdin, CERT_ASN1_DER);
 		if (!chunk_from_fd(0, &chunk))
 		{
 			fprintf(stderr, "%s: ", strerror(errno));
@@ -360,6 +361,7 @@ static int self()
 		error = "encoding certificate failed";
 		goto end;
 	}
+	set_file_mode(stdout, form);
 	if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1)
 	{
 		error = "writing certificate key failed";
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 3be020a4c3..e5f49efe26 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -405,6 +405,7 @@ static int sign_crl()
 		error = "encoding CRL failed";
 		goto error;
 	}
+	set_file_mode(stdout, form);
 	if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1)
 	{
 		error = "writing CRL failed";
diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index f30dda94d9..6cfaaf263e 100644
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -59,6 +59,7 @@ static int verify()
 	{
 		chunk_t chunk;
 
+		set_file_mode(stdin, CERT_ASN1_DER);
 		if (!chunk_from_fd(0, &chunk))
 		{
 			fprintf(stderr, "reading certificate failed: %s\n", strerror(errno));
diff --git a/src/pki/pki.c b/src/pki/pki.c
index 55b300e1aa..5d37bfb9f9 100644
--- a/src/pki/pki.c
+++ b/src/pki/pki.c
@@ -19,6 +19,7 @@
 
 #include <time.h>
 #include <unistd.h>
+#include <fcntl.h>
 
 #include <utils/debug.h>
 #include <credentials/sets/callback_cred.h>
@@ -153,6 +154,33 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span,
 	return TRUE;
 }
 
+/**
+ * Set output file mode appropriate for credential encoding form on Windows
+ */
+void set_file_mode(FILE *stream, cred_encoding_type_t enc)
+{
+#ifdef WIN32
+	int fd;
+
+	switch (enc)
+	{
+		case CERT_PEM:
+		case PRIVKEY_PEM:
+		case PUBKEY_PEM:
+			/* keep default text mode */
+			return;
+		default:
+			/* switch to binary mode */
+			break;
+	}
+	fd = fileno(stream);
+	if (fd != -1)
+	{
+		_setmode(fd, _O_BINARY);
+	}
+#endif
+}
+
 /**
  * Callback credential set pki uses
  */
diff --git a/src/pki/pki.h b/src/pki/pki.h
index 616fac44a4..1f0827733c 100644
--- a/src/pki/pki.h
+++ b/src/pki/pki.h
@@ -50,4 +50,9 @@ bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type);
 bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span,
 						time_t *nb, time_t *na);
 
+/**
+ * Set output file mode appropriate for credential encoding form on Windows
+ */
+void set_file_mode(FILE *stream, cred_encoding_type_t enc);
+
 #endif /** PKI_H_ @}*/