@@ -38,19 +38,19 @@ namespace _detail { template< typename T > struct _alignof_trick { char _; T _te
3838
3939#define IS_ALIGNED_PTR ( x, type ) ( !( (uintptr_t )( x ) % ALIGNOF( type ) ) )
4040
41- #define CHECK_HANDLE ( h, type ) if ( !h || !IS_ALIGNED_PTR( h, type ) || h->magic != MSSPI_MAGIC_VERSION ){ SetLastError ( ERROR_INVALID_HANDLE ); return 0 ; }
41+ #define CHECK_HANDLE ( h, type, alive ) if ( !h || !IS_ALIGNED_PTR( h, type ) || h->magic != alive ){ SetLastError ( ERROR_INVALID_HANDLE ); return 0 ; }
4242#if defined( QT_NO_EXCEPTIONS ) || defined( NO_EXCEPTIONS ) || ( defined( __clang__ ) && !defined( __EXCEPTIONS ) )
4343#define MSSPIEHTRY_0
44- #define MSSPIEHTRY_h CHECK_HANDLE ( h, MSSPI_HANDLE )
45- #define MSSPIEHTRY_ch CHECK_HANDLE ( ch, MSSPI_CERT_HANDLE )
44+ #define MSSPIEHTRY_h CHECK_HANDLE ( h, MSSPI_HANDLE, MSSPI_MAGIC_VERSION )
45+ #define MSSPIEHTRY_ch CHECK_HANDLE ( ch, MSSPI_CERT_HANDLE, MSSPI_CERT_MAGIC_VERSION )
4646#define MSSPIEHCATCH
4747#define MSSPIEHCATCH_HRET ( ret )
4848#define MSSPIEHCATCH_RET ( ret )
4949#define MSSPIEHCATCH_0 MSSPIEHCATCH
5050#else // no EXCEPTIONS
5151#define MSSPIEHTRY_0 try {
52- #define MSSPIEHTRY_h try { CHECK_HANDLE ( h, MSSPI_HANDLE )
53- #define MSSPIEHTRY_ch try { CHECK_HANDLE ( ch, MSSPI_CERT_HANDLE )
52+ #define MSSPIEHTRY_h try { CHECK_HANDLE ( h, MSSPI_HANDLE, MSSPI_MAGIC_VERSION )
53+ #define MSSPIEHTRY_ch try { CHECK_HANDLE ( ch, MSSPI_CERT_HANDLE, MSSPI_CERT_MAGIC_VERSION )
5454#define MSSPIEHCATCH } catch ( ... ) {
5555#define MSSPIEHCATCH_HRET ( ret ) MSSPIEHCATCH; h->state |= MSSPI_ERROR; SetLastError( ERROR_INTERNAL_ERROR ); return ret; }
5656#define MSSPIEHCATCH_RET ( ret ) MSSPIEHCATCH; return ret; }
@@ -2525,26 +2525,16 @@ static PCCERT_CONTEXT pfx2cert( const uint8_t * pfx, size_t len, const uint8_t *
25252525 for ( size_t i = 0 ; i < wpassword.length (); ++i )
25262526 wpassword[i] = (WCHAR)password[i];
25272527
2528- CRYPT_DATA_BLOB pfxBlob = { (DWORD)len, (BYTE *)pfx };
2528+ DWORD dwData;
2529+ if ( !CryptStringToBinaryA ( (LPCSTR)pfx, (DWORD)len, CRYPT_STRING_ANY, NULL , &dwData, NULL , NULL ) )
2530+ return NULL ;
2531+ std::vector<BYTE> der ( dwData );
2532+ if ( !CryptStringToBinaryA ( (LPCSTR)pfx, (DWORD)len, CRYPT_STRING_ANY, der.data (), &dwData, NULL , NULL ) )
2533+ return NULL ;
2534+ CRYPT_DATA_BLOB pfxBlob = { dwData, der.data () };
25292535 HCERTSTORE hStore = PFXImportCertStore ( &pfxBlob, wpassword.data (), PKCS12_NO_PERSIST_KEY );
25302536 if ( !hStore )
2531- {
2532- std::vector<BYTE> PFXDer;
2533- DWORD dwData;
2534- if ( CryptStringToBinaryA ( (LPCSTR)pfx, (DWORD)len, CRYPT_STRING_BASE64_ANY, NULL , &dwData, NULL , NULL ) )
2535- {
2536- PFXDer.resize ( dwData );
2537- if ( CryptStringToBinaryA ( (LPCSTR)pfx, (DWORD)len, CRYPT_STRING_BASE64_ANY, PFXDer.data (), &dwData, NULL , NULL ) )
2538- {
2539- pfxBlob.cbData = dwData;
2540- pfxBlob.pbData = PFXDer.data ();
2541- hStore = PFXImportCertStore ( &pfxBlob, wpassword.data (), PKCS12_NO_PERSIST_KEY );
2542- }
2543- }
2544-
2545- if ( !hStore )
2546- return NULL ;
2547- }
2537+ return NULL ;
25482538
25492539 PCCERT_CONTEXT pfxcert, prevcert = NULL ;
25502540 for ( ;; )
@@ -2644,22 +2634,24 @@ static bool msspi_set_mycert_finalize( MSSPI_HANDLE h, PCCERT_CONTEXT certfound,
26442634 return isOK;
26452635}
26462636
2647- static PCCERT_CONTEXT findcert ( const uint8_t * certData, size_t len, const char * certstore )
2637+ #define CERTIFICATE_THRESHOLD 200
2638+
2639+ static PCCERT_CONTEXT msspi_cert_create_context ( const uint8_t * certbuf, size_t len )
26482640{
2649- PCCERT_CONTEXT certprobe = NULL ;
2641+ if ( !certbuf || !len || len < CERTIFICATE_THRESHOLD )
2642+ return NULL ;
2643+ DWORD dwData;
2644+ if ( !CryptStringToBinaryA ( (const char *)certbuf, (DWORD)len, CRYPT_STRING_ANY, NULL , &dwData, NULL , NULL ) )
2645+ return NULL ;
2646+ std::vector<BYTE> der ( dwData );
2647+ if ( !CryptStringToBinaryA ( (const char *)certbuf, (DWORD)len, CRYPT_STRING_ANY, der.data (), &dwData, NULL , NULL ) )
2648+ return NULL ;
2649+ return CertCreateCertificateContext ( X509_ASN_ENCODING, der.data (), dwData );
2650+ }
26502651
2651- certprobe = CertCreateCertificateContext ( X509_ASN_ENCODING, certData, (DWORD)len ); // DER format
2652- if ( !certprobe )
2653- {
2654- std::vector<BYTE> clientCertDer;
2655- DWORD dwData;
2656- if ( CryptStringToBinaryA ( (const char *)certData, (DWORD)len, CRYPT_STRING_BASE64_ANY, NULL , &dwData, NULL , NULL ) )
2657- {
2658- clientCertDer.resize ( dwData );
2659- if ( CryptStringToBinaryA ( (const char *)certData, (DWORD)len, CRYPT_STRING_BASE64_ANY, clientCertDer.data (), &dwData, NULL , NULL ) )
2660- certprobe = CertCreateCertificateContext ( X509_ASN_ENCODING, clientCertDer.data (), dwData ); // PEM format
2661- }
2662- }
2652+ static PCCERT_CONTEXT findcert ( const uint8_t * certData, size_t len, const char * certstore )
2653+ {
2654+ PCCERT_CONTEXT certprobe = msspi_cert_create_context ( certData, len );
26632655
26642656 PCCERT_CONTEXT certfound = NULL ;
26652657 HCERTSTORE hStore = 0 ;
0 commit comments