Prevent over long nonces in ChaCha20-Poly1305

[openssl.git] / crypto / store / loader_file.c

diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index ea1b321672bb07a266979606480a5181cb46024b..632e4511f7e7905aaab28e23d2f6d6697df0a4f7 100644 (file)
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -35,6 +35,10 @@
 # define stat    _stat
 #endif
 
+#ifndef S_ISDIR
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
+
 /*-
  *  Password prompting
  *  ------------------
@@ -236,35 +240,35 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
             }
 
             if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) {
-                OSSL_STORE_INFO *si_pkey = NULL;
-                OSSL_STORE_INFO *si_cert = NULL;
-                OSSL_STORE_INFO *si_ca = NULL;
+                OSSL_STORE_INFO *osi_pkey = NULL;
+                OSSL_STORE_INFO *osi_cert = NULL;
+                OSSL_STORE_INFO *osi_ca = NULL;
 
                 if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL
-                    && (si_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL
-                    && sk_OSSL_STORE_INFO_push(ctx, si_pkey) != 0
-                    && (si_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL
-                    && sk_OSSL_STORE_INFO_push(ctx, si_cert) != 0) {
+                    && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0
+                    && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) {
                     ok = 1;
-                    si_pkey = NULL;
-                    si_cert = NULL;
+                    osi_pkey = NULL;
+                    osi_cert = NULL;
 
                     while(sk_X509_num(chain) > 0) {
                         X509 *ca = sk_X509_value(chain, 0);
 
-                        if ((si_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL
-                            || sk_OSSL_STORE_INFO_push(ctx, si_ca) == 0) {
+                        if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL
+                            || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) {
                             ok = 0;
                             break;
                         }
-                        si_ca = NULL;
+                        osi_ca = NULL;
                         (void)sk_X509_shift(chain);
                     }
                 }
                 if (!ok) {
-                    OSSL_STORE_INFO_free(si_ca);
-                    OSSL_STORE_INFO_free(si_cert);
-                    OSSL_STORE_INFO_free(si_pkey);
+                    OSSL_STORE_INFO_free(osi_ca);
+                    OSSL_STORE_INFO_free(osi_cert);
+                    OSSL_STORE_INFO_free(osi_pkey);
                     sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
                     EVP_PKEY_free(pkey);
                     X509_free(cert);
@@ -839,7 +843,7 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader,
         return NULL;
     }
 
-    if ((st.st_mode & S_IFDIR) == S_IFDIR) {
+    if (S_ISDIR(st.st_mode)) {
         /*
          * Try to copy everything, even if we know that some of them must be
          * NULL for the moment.  This prevents errors in the future, when more
@@ -1216,9 +1220,9 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
      * Last, check that the rest of the extension is a decimal number, at
      * least one digit long.
      */
-    if (!isdigit(*p))
+    if (!ossl_isdigit(*p))
         return 0;
-    while (isdigit(*p))
+    while (ossl_isdigit(*p))
         p++;
 
 # ifdef __VMS
@@ -1227,7 +1231,7 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
      */
     if (*p == ';')
         for (p++; *p != '\0'; p++)
-            if (!isdigit(*p))
+            if (!ossl_isdigit(*p))
                 break;
 # endif