Merge pull request #25 from deemru/1.x

1.0.5

Author: deemru

CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## 1.0.5
+
+- Improved certificate and PFX format probing via `CRYPT_STRING_ANY`
+- Fixed `CHECK_HANDLE` macro for `MSSPI_CERT_HANDLE`
+- Added `static-cert` build target (`libmsspi-cert.a`) to Linux Makefile
+
+---
+
 ## 1.0.4
 
 - Added DTLS-SRTP support: [`msspi_set_srtp_profiles()`](MSSPI.md#msspi_set_srtp_profiles), [`msspi_get_srtp_profile()`](MSSPI.md#msspi_get_srtp_profile)

build_linux/Makefile

@@ -1,9 +1,11 @@
-all: static static-capix
+all: static static-capix static-cert
 
 static: libmsspi.a
 
 static-capix: libmsspi-capix.a
 
+static-cert: libmsspi-cert.a
+
 shared: libmsspi.so
 
 msspi.o:
@@ -21,8 +23,11 @@ libmsspi.a: msspi.o
 libmsspi-capix.a: msspi-capix.o
 	ar cr libmsspi-capix.a msspi-capix.o
 
+libmsspi-cert.a: msspi-cert.o
+	ar cr libmsspi-cert.a msspi-cert.o
+
 libmsspi.so: msspi.o
 	g++ -shared -o libmsspi.so msspi.o
 
 clean:
-	rm -f libmsspi.so libmsspi.a libmsspi-capix.a msspi.o msspi-capix.o
+	rm -f libmsspi.so libmsspi.a libmsspi-capix.a libmsspi-cert.a msspi.o msspi-capix.o msspi-cert.o

src/msspi.cpp

@@ -38,19 +38,19 @@ namespace _detail { template< typename T > struct _alignof_trick { char _; T _te
 
 #define IS_ALIGNED_PTR( x, type ) ( !( (uintptr_t)( x ) % ALIGNOF( type ) ) )
 
-#define CHECK_HANDLE( h, type ) if( !h || !IS_ALIGNED_PTR( h, type ) || h->magic != MSSPI_MAGIC_VERSION ){ SetLastError( ERROR_INVALID_HANDLE ); return 0; }
+#define CHECK_HANDLE( h, type, alive ) if( !h || !IS_ALIGNED_PTR( h, type ) || h->magic != alive ){ SetLastError( ERROR_INVALID_HANDLE ); return 0; }
 #if defined( QT_NO_EXCEPTIONS ) || defined( NO_EXCEPTIONS ) || ( defined( __clang__ ) && !defined( __EXCEPTIONS ) )
 #define MSSPIEHTRY_0
-#define MSSPIEHTRY_h CHECK_HANDLE( h, MSSPI_HANDLE )
-#define MSSPIEHTRY_ch CHECK_HANDLE( ch, MSSPI_CERT_HANDLE )
+#define MSSPIEHTRY_h CHECK_HANDLE( h, MSSPI_HANDLE, MSSPI_MAGIC_VERSION )
+#define MSSPIEHTRY_ch CHECK_HANDLE( ch, MSSPI_CERT_HANDLE, MSSPI_CERT_MAGIC_VERSION )
 #define MSSPIEHCATCH
 #define MSSPIEHCATCH_HRET( ret )
 #define MSSPIEHCATCH_RET( ret )
 #define MSSPIEHCATCH_0 MSSPIEHCATCH
 #else // no EXCEPTIONS
 #define MSSPIEHTRY_0 try {
-#define MSSPIEHTRY_h try { CHECK_HANDLE( h, MSSPI_HANDLE )
-#define MSSPIEHTRY_ch try { CHECK_HANDLE( ch, MSSPI_CERT_HANDLE )
+#define MSSPIEHTRY_h try { CHECK_HANDLE( h, MSSPI_HANDLE, MSSPI_MAGIC_VERSION )
+#define MSSPIEHTRY_ch try { CHECK_HANDLE( ch, MSSPI_CERT_HANDLE, MSSPI_CERT_MAGIC_VERSION )
 #define MSSPIEHCATCH } catch( ... ) {
 #define MSSPIEHCATCH_HRET( ret ) MSSPIEHCATCH; h->state |= MSSPI_ERROR; SetLastError( ERROR_INTERNAL_ERROR ); return ret; }
 #define MSSPIEHCATCH_RET( ret ) MSSPIEHCATCH; return ret; }
@@ -2525,26 +2525,16 @@ static PCCERT_CONTEXT pfx2cert( const uint8_t * pfx, size_t len, const uint8_t *
     for( size_t i = 0; i < wpassword.length(); ++i )
         wpassword[i] = (WCHAR)password[i];
 
-    CRYPT_DATA_BLOB pfxBlob = { (DWORD)len, (BYTE *)pfx };
+    DWORD dwData;
+    if( !CryptStringToBinaryA( (LPCSTR)pfx, (DWORD)len, CRYPT_STRING_ANY, NULL, &dwData, NULL, NULL ) )
+        return NULL;
+    std::vector<BYTE> der( dwData );
+    if( !CryptStringToBinaryA( (LPCSTR)pfx, (DWORD)len, CRYPT_STRING_ANY, der.data(), &dwData, NULL, NULL ) )
+        return NULL;
+    CRYPT_DATA_BLOB pfxBlob = { dwData, der.data() };
     HCERTSTORE hStore = PFXImportCertStore( &pfxBlob, wpassword.data(), PKCS12_NO_PERSIST_KEY );
     if( !hStore )
-    {
-        std::vector<BYTE> PFXDer;
-        DWORD dwData;
-        if( CryptStringToBinaryA( (LPCSTR)pfx, (DWORD)len, CRYPT_STRING_BASE64_ANY, NULL, &dwData, NULL, NULL ) )
-        {
-            PFXDer.resize( dwData );
-            if( CryptStringToBinaryA( (LPCSTR)pfx, (DWORD)len, CRYPT_STRING_BASE64_ANY, PFXDer.data(), &dwData, NULL, NULL ) )
-            {
-                pfxBlob.cbData = dwData;
-                pfxBlob.pbData = PFXDer.data();
-                hStore = PFXImportCertStore( &pfxBlob, wpassword.data(), PKCS12_NO_PERSIST_KEY );
-            }
-        }
-
-        if( !hStore )
-            return NULL;
-    }
+        return NULL;
 
     PCCERT_CONTEXT pfxcert, prevcert = NULL;
     for( ;; )
@@ -2644,22 +2634,24 @@ static bool msspi_set_mycert_finalize( MSSPI_HANDLE h, PCCERT_CONTEXT certfound,
     return isOK;
 }
 
-static PCCERT_CONTEXT findcert( const uint8_t * certData, size_t len, const char * certstore )
+#define CERTIFICATE_THRESHOLD 200
+
+static PCCERT_CONTEXT msspi_cert_create_context( const uint8_t * certbuf, size_t len )
 {
-    PCCERT_CONTEXT certprobe = NULL;
+    if( !certbuf || !len || len < CERTIFICATE_THRESHOLD )
+        return NULL;
+    DWORD dwData;
+    if( !CryptStringToBinaryA( (const char *)certbuf, (DWORD)len, CRYPT_STRING_ANY, NULL, &dwData, NULL, NULL ) )
+        return NULL;
+    std::vector<BYTE> der( dwData );
+    if( !CryptStringToBinaryA( (const char *)certbuf, (DWORD)len, CRYPT_STRING_ANY, der.data(), &dwData, NULL, NULL ) )
+        return NULL;
+    return CertCreateCertificateContext( X509_ASN_ENCODING, der.data(), dwData );
+}
 
-    certprobe = CertCreateCertificateContext( X509_ASN_ENCODING, certData, (DWORD)len ); // DER format
-    if( !certprobe )
-    {
-        std::vector<BYTE> clientCertDer;
-        DWORD dwData;
-        if( CryptStringToBinaryA( (const char *)certData, (DWORD)len, CRYPT_STRING_BASE64_ANY, NULL, &dwData, NULL, NULL ) )
-        {
-            clientCertDer.resize( dwData );
-            if( CryptStringToBinaryA( (const char *)certData, (DWORD)len, CRYPT_STRING_BASE64_ANY, clientCertDer.data(), &dwData, NULL, NULL ) )
-                certprobe = CertCreateCertificateContext( X509_ASN_ENCODING, clientCertDer.data(), dwData ); // PEM format
-        }
-    }
+static PCCERT_CONTEXT findcert( const uint8_t * certData, size_t len, const char * certstore )
+{
+    PCCERT_CONTEXT certprobe = msspi_cert_create_context( certData, len );
 
     PCCERT_CONTEXT certfound = NULL;
     HCERTSTORE hStore = 0;

src/msspi.h

@@ -6,7 +6,7 @@
 
 #define MSSPI_VERSION_MAJOR 1
 #define MSSPI_VERSION_MINOR 0
-#define MSSPI_VERSION_PATCH 4
+#define MSSPI_VERSION_PATCH 5
 
 #define MSSPI_VERSION \
     ( ( MSSPI_VERSION_MAJOR << 16 ) | ( MSSPI_VERSION_MINOR << 8 ) | MSSPI_VERSION_PATCH )

src/msspi_cert.hpp

@@ -120,29 +120,15 @@ MSSPI_CERT_HANDLE msspi_cert_open( const uint8_t * certbuf, size_t len )
 {
     MSSPIEHTRY_0;
 
-    PCCERT_CONTEXT cert = NULL;
-
     if( !certbuf || !len )
     {
         SetLastError( ERROR_BAD_ARGUMENTS );
         return NULL;
     }
 
-    cert = CertCreateCertificateContext( X509_ASN_ENCODING, (const BYTE *)certbuf, (DWORD)len );
+    PCCERT_CONTEXT cert = msspi_cert_create_context( certbuf, len );
     if( !cert )
-    {
-        std::vector<BYTE> certbufder;
-        DWORD dwData;
-        if( CryptStringToBinaryA( (const char *)certbuf, (DWORD)len, CRYPT_STRING_BASE64_ANY, NULL, &dwData, NULL, NULL ) )
-        {
-            certbufder.resize( dwData );
-            if( CryptStringToBinaryA( (const char *)certbuf, (DWORD)len, CRYPT_STRING_BASE64_ANY, certbufder.data(), &dwData, NULL, NULL ) )
-                cert = CertCreateCertificateContext( X509_ASN_ENCODING, certbufder.data(), dwData );
-        }
-
-        if( !cert )
-            return NULL; // last error included
-    }
+        return NULL; // last error included
 
     return msspi_cert_handle( new MSSPI_CERT( cert ) );