diff options
Diffstat (limited to 'zen')
-rw-r--r-- | zen/open_ssl.cpp | 36 | ||||
-rw-r--r-- | zen/resolve_path.cpp | 11 | ||||
-rw-r--r-- | zen/resolve_path.h | 7 |
3 files changed, 27 insertions, 27 deletions
diff --git a/zen/open_ssl.cpp b/zen/open_ssl.cpp index 7c94263a..e875351c 100644 --- a/zen/open_ssl.cpp +++ b/zen/open_ssl.cpp @@ -179,9 +179,9 @@ std::shared_ptr<EVP_PKEY> streamToKey(const std::string& keyStream, RsaStreamTyp //================================================================================ -using EvpToBioFunc = int (*)(BIO* bio, EVP_PKEY* evp); +using EvpToBioFunc = int (*)(BIO* bio, const EVP_PKEY* evp); -std::string evpKeyToStream(EVP_PKEY* evp, EvpToBioFunc evpToBio, const char* functionName) //throw SysError +std::string evpKeyToStream(const EVP_PKEY* evp, EvpToBioFunc evpToBio, const char* functionName) //throw SysError { BIO* bio = ::BIO_new(BIO_s_mem()); if (!bio) @@ -205,16 +205,16 @@ std::string evpKeyToStream(EVP_PKEY* evp, EvpToBioFunc evpToBio, const char* fun } -using RsaToBioFunc = int (*)(BIO* bp, RSA* x); +using RsaToBioFunc = int (*)(BIO* bp, const RSA* x); -std::string evpKeyToStream(EVP_PKEY* evp, RsaToBioFunc rsaToBio, const char* functionName) //throw SysError +std::string evpKeyToStream(const EVP_PKEY* evp, RsaToBioFunc rsaToBio, const char* functionName) //throw SysError { BIO* bio = ::BIO_new(BIO_s_mem()); if (!bio) throw SysError(formatLastOpenSSLError("BIO_new")); ZEN_ON_SCOPE_EXIT(::BIO_free_all(bio)); - RSA* rsa = ::EVP_PKEY_get0_RSA(evp); //unowned reference! + const RSA* rsa = ::EVP_PKEY_get0_RSA(evp); //unowned reference! if (!rsa) throw SysError(formatLastOpenSSLError("EVP_PKEY_get0_RSA")); @@ -236,33 +236,33 @@ std::string evpKeyToStream(EVP_PKEY* evp, RsaToBioFunc rsaToBio, const char* fun //fix OpenSSL API inconsistencies: -int PEM_write_bio_PrivateKey2(BIO* bio, EVP_PKEY* key) +int PEM_write_bio_PrivateKey2(BIO* bio, const EVP_PKEY* key) { return ::PEM_write_bio_PrivateKey(bio, //BIO* bp - key, //EVP_PKEY* x + key, //const EVP_PKEY* x nullptr, //const EVP_CIPHER* enc - nullptr, //unsigned char* kstr + nullptr, //const unsigned char* kstr 0, //int klen nullptr, //pem_password_cb* cb nullptr); //void* u } -int PEM_write_bio_RSAPrivateKey2(BIO* bio, RSA* rsa) +int PEM_write_bio_RSAPrivateKey2(BIO* bio, const RSA* rsa) { return ::PEM_write_bio_RSAPrivateKey(bio, //BIO* bp - rsa, //RSA* x + rsa, //const RSA* x nullptr, //const EVP_CIPHER* enc - nullptr, //unsigned char* kstr + nullptr, //const unsigned char* kstr 0, //int klen nullptr, //pem_password_cb* cb nullptr); //void* u } -int PEM_write_bio_RSAPublicKey2(BIO* bio, RSA* rsa) { return ::PEM_write_bio_RSAPublicKey(bio, rsa); } +int PEM_write_bio_RSAPublicKey2(BIO* bio, const RSA* rsa) { return ::PEM_write_bio_RSAPublicKey(bio, rsa); } //-------------------------------------------------------------------------------- -std::string keyToStream(EVP_PKEY* evp, RsaStreamType streamType, bool publicKey) //throw SysError +std::string keyToStream(const EVP_PKEY* evp, RsaStreamType streamType, bool publicKey) //throw SysError { switch (streamType) { @@ -571,15 +571,15 @@ public: if (sslError == SSL_ERROR_ZERO_RETURN) return 0; //EOF + close_notify alert -#if OPENSSL_VERSION_NUMBER == 0x1010105fL //OpenSSL 1.1.1e +#if OPENSSL_VERSION_NUMBER >= 0x30000000L /*OpenSSL 3.0.0*/ || \ + OPENSSL_VERSION_NUMBER == 0x1010105fL /*OpenSSL 1.1.1e*/ const auto ec = ::ERR_peek_last_error(); if (sslError == SSL_ERROR_SSL && ERR_GET_REASON(ec) == SSL_R_UNEXPECTED_EOF_WHILE_READING) //EOF: only expected for HTTP/1.0 - return 0; -#else //obsolete handling, at least in OpenSSL 1.1.1e (but valid again with OpenSSL 1.1.1f!) - //https://github.com/openssl/openssl/issues/10880#issuecomment-575746226 +#else //obsolete handling: https://github.com/openssl/openssl/issues/10880#issuecomment-575746226 if ((sslError == SSL_ERROR_SYSCALL && ::ERR_peek_last_error() == 0)) //EOF: only expected for HTTP/1.0 - return 0; #endif + return 0; + throw SysError(formatLastOpenSSLError("SSL_read_ex") + L' ' + getSslErrorLiteral(sslError)); } assert(bytesReceived > 0); //SSL_read_ex() considers EOF an error! diff --git a/zen/resolve_path.cpp b/zen/resolve_path.cpp index 0e714528..4eab76ee 100644 --- a/zen/resolve_path.cpp +++ b/zen/resolve_path.cpp @@ -41,10 +41,14 @@ std::optional<Zstring> getEnvironmentVar(const Zstring& name) Zstring resolveRelativePath(const Zstring& relativePath) { - assert(runningOnMainThread()); //GetFullPathName() is documented to NOT be thread-safe! + assert(runningOnMainThread()); /* MSDN: "Multithreaded applications and shared library code should not use the GetFullPathName function - and should avoid using relative path names. - The current directory state written by the SetCurrentDirectory function is stored as a global variable in each process, */ + and should avoid using relative path names. The current directory state written by the + SetCurrentDirectory function is stored as a global variable in each process, + therefore multithreaded applications cannot reliably use this value without possible data corruption from other threads, [...]" + + => Just plain wrong, there is no data corruption. What MSDN really means: GetFullPathName() is *perfectly* thread-safe, but depends + on the current directory, which is a process-scope global: https://devblogs.microsoft.com/oldnewthing/20210816-00/?p=105562 */ if (relativePath.empty()) return relativePath; @@ -268,7 +272,6 @@ Zstring zen::getResolvedFilePath(const Zstring& pathPhrase) //noexcept - \\?\-prefix requires absolute names - Volume Shadow Copy: volume name needs to be part of each file path - file icon buffer (at least for extensions that are actually read from disk, like "exe") - - Use of relative path names is not thread safe! (e.g. SHFileOperation) WINDOWS/LINUX: - detection of dependent directories, e.g. "\" and "C:\test" */ path = resolveRelativePath(path); diff --git a/zen/resolve_path.h b/zen/resolve_path.h index f2c427f1..4a5fc8fe 100644 --- a/zen/resolve_path.h +++ b/zen/resolve_path.h @@ -13,15 +13,12 @@ namespace zen { -/* - - expand macros +/* - expand macros - trim whitespace - expand volume path by name - convert relative paths into absolute - => may block for slow USB sticks and idle HDDs - => not thread-safe, see ::GetFullPathName()! -*/ + => may block for slow USB sticks and idle HDDs */ Zstring getResolvedFilePath(const Zstring& pathPhrase); //noexcept //macro substitution only |