Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

WinStd: Update

Browse Source 
Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman
2022-03-02 11:59:26 +01:00
parent 831dcf680c
commit a2cab07a30
26 changed files with 125 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/EAPBase/include/EAP.h
View File

@@ -1264,7 +1264,7 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ winstd::cert_contex
if (dwCertEncodedSize) {
auto ptr_end = cursor.ptr + dwCertEncodedSize;
assert(ptr_end <= cursor.ptr_end);
val.create(dwCertEncodingType, (BYTE*)cursor.ptr, dwCertEncodedSize);
val = CertCreateCertificateContext(dwCertEncodingType, (BYTE*)cursor.ptr, dwCertEncodedSize);
cursor.ptr = ptr_end;
} else
val.free();

12
lib/EAPBase/include/Module.h
View File

@@ -407,7 +407,7 @@ namespace eap
DWORD keyinfo_size = 0;
if (!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, s_rsa_key, sizeof(s_rsa_key), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size))
throw winstd::win_runtime_error(__FUNCTION__ " CryptDecodeObjectEx failed.");
if (!key_rsa.import(hProv, keyinfo_data.get(), keyinfo_size, NULL, 0))
if (!CryptImportKey(hProv, keyinfo_data.get(), keyinfo_size, NULL, 0, key_rsa))
throw winstd::win_runtime_error(__FUNCTION__ " Key import failed.");
// Import the 256-bit AES session key.
@@ -482,7 +482,7 @@ namespace eap
{
// Create hash.
winstd::crypt_hash hash;
if (!hash.create(hProv, CALG_MD5))
if (!CryptCreateHash(hProv, CALG_MD5, NULL, 0, hash))
throw winstd::win_runtime_error(__FUNCTION__ " Creating MD5 hash failed.");
DWORD dwHashSize;
CryptGetHashParam(hash, HP_HASHSIZE, dwHashSize, 0);
@@ -563,7 +563,7 @@ namespace eap
#if EAP_ENCRYPT_BLOBS
// Prepare cryptographics provider.
winstd::crypt_prov cp;
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
if (!CryptAcquireContext(cp, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw winstd::win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
// Decrypt data.
@@ -592,7 +592,7 @@ namespace eap
#if EAP_ENCRYPT_BLOBS
// Prepare cryptographics provider.
winstd::crypt_prov cp;
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
if (!CryptAcquireContext(cp, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw winstd::win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
// Decrypt data.
@@ -627,7 +627,7 @@ namespace eap
#if EAP_ENCRYPT_BLOBS
// Prepare cryptographics provider.
winstd::crypt_prov cp;
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
if (!CryptAcquireContext(cp, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw winstd::win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
// Encrypt BLOB.
@@ -675,7 +675,7 @@ namespace eap
// Prepare cryptographics provider.
winstd::crypt_prov cp;
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
if (!CryptAcquireContext(cp, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw winstd::win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
// Encrypt BLOB.

6
lib/EAPBase/src/Credentials.cpp
View File

@@ -403,7 +403,7 @@ void eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *p
// Prepare cryptographics provider.
crypt_prov cp;
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
if (!CryptAcquireContext(cp, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
// <Password>
@@ -459,7 +459,7 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
// Prepare cryptographics provider.
crypt_prov cp;
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
if (!CryptAcquireContext(cp, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
m_password = m_module.decrypt_str<char_traits<wchar_t>, sanitizing_allocator<wchar_t> >(cp, password_enc.data(), password_enc.size());
@@ -473,7 +473,7 @@ void eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot)
// Prepare cryptographics provider.
crypt_prov cp;
if (!cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
if (!CryptAcquireContext(cp, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw win_runtime_error(__FUNCTION__ " CryptAcquireContext failed.");
#pragma warning(suppress: 4996) // Support for backward compatibility.

9
lib/EAPBase/src/Module.cpp
View File

@@ -16,12 +16,11 @@ using namespace winstd;
eap::module::module(_In_ eap_type_t eap_method) :
m_eap_method(eap_method),
m_instance(NULL)
m_instance(NULL),
m_heap(HeapCreate(0, 0, 0))
{
m_ep.create(&EAPMETHOD_TRACE_EVENT_PROVIDER);
m_ep.write(&EAPMETHOD_TRACE_EVT_MODULE_LOAD, event_data((unsigned int)m_eap_method), blank_event_data);
m_heap.create(0, 0, 0);
}
@@ -186,7 +185,7 @@ std::vector<unsigned char> eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytec
DWORD keyinfo_size = 0;
if (!CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_RSA_PRIVATE_KEY, s_rsa_key, sizeof(s_rsa_key), CRYPT_DECODE_ALLOC_FLAG, NULL, &keyinfo_data, &keyinfo_size))
throw winstd::win_runtime_error(__FUNCTION__ " CryptDecodeObjectEx failed.");
if (!key_rsa.import(hProv, keyinfo_data.get(), keyinfo_size, NULL, 0))
if (!CryptImportKey(hProv, keyinfo_data.get(), keyinfo_size, NULL, 0, key_rsa))
throw winstd::win_runtime_error(__FUNCTION__ " Key import failed.");
// Export AES session key encrypted with public RSA key.
@@ -215,7 +214,7 @@ std::vector<unsigned char> eap::module::encrypt_md5(_In_ HCRYPTPROV hProv, _In_b
{
// Create hash.
crypt_hash hash;
if (!hash.create(hProv, CALG_MD5))
if (!CryptCreateHash(hProv, CALG_MD5, NULL, 0, hash))
throw win_runtime_error(__FUNCTION__ " Creating MD5 hash failed.");
// Encrypt data.

14
lib/EAPBase_UI/include/EAP_UI.h
View File

@@ -744,8 +744,8 @@ public:
m_sb_credentials->GetStaticBox()->SetLabel(method.empty() ? wxString::Format(_("%s User Credentials"), cfg.get_method_str()) : method);
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
winstd::library lib_shell32(LoadLibraryEx(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_shell32)
m_credentials_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(/*16770*/269)));
}
@@ -1032,8 +1032,8 @@ public:
wxEAPCredentialsPanel<_Tcred, _Tbase>(prov, cfg, cred, parent, is_config)
{
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
winstd::library lib_shell32(LoadLibraryEx(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_shell32)
m_credentials_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(/*16770*/269)));
bool layout = false;
@@ -1110,9 +1110,9 @@ public:
wxIdentityCredentialsPanel<_Tcred, _Tbase>(prov, cfg, cred, parent, is_config)
{
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("imageres.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
m_credentials_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(82)));
winstd::library lib_imageres(LoadLibraryEx(_T("imageres.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_imageres)
m_credentials_icon->SetIcon(wxLoadIconFromResource(lib_imageres, MAKEINTRESOURCE(82)));
if (!m_prov.m_lbl_alt_password.empty()) {
m_password_label->SetLabel(m_prov.m_lbl_alt_password);

24
lib/EAPBase_UI/src/EAP_UI.cpp
View File

@@ -182,8 +182,8 @@ void wxEAPNotePanel::CreateContactFields(const eap::config_provider &prov)
wxEAPProviderLockedPanel::wxEAPProviderLockedPanel(const eap::config_provider &prov, wxWindow* parent) : wxEAPNotePanel(parent)
{
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
winstd::library lib_shell32(LoadLibraryEx(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_shell32)
m_note_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(48)));
m_note_label->SetLabel(wxString::Format(_("%s has pre-set parts of this configuration. Those parts are locked to prevent accidental modification."),
@@ -203,8 +203,8 @@ wxEAPProviderLockedPanel::wxEAPProviderLockedPanel(const eap::config_provider &p
wxEAPCredentialWarningPanel::wxEAPCredentialWarningPanel(const eap::config_provider &prov, eap::config_method::status_t status, wxWindow* parent) : wxEAPNotePanel(parent)
{
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
winstd::library lib_shell32(LoadLibraryEx(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_shell32)
m_note_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(161)));
m_note_label->SetLabel((
@@ -285,8 +285,8 @@ wxEAPProviderContactInfoPanel::wxEAPProviderContactInfoPanel(eap::config_provide
wxEAPProviderContactInfoPanelBase(parent)
{
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
winstd::library lib_shell32(LoadLibraryEx(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_shell32)
m_provider_contact_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(259)));
}
@@ -328,8 +328,8 @@ wxEAPProviderIDPanel::wxEAPProviderIDPanel(eap::config_provider &prov, wxWindow*
wxEAPProviderIDPanelBase(parent)
{
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
winstd::library lib_shell32(LoadLibraryEx(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_shell32)
m_provider_id_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(29)));
}
@@ -367,8 +367,8 @@ wxEAPProviderLockPanel::wxEAPProviderLockPanel(eap::config_provider &prov, wxWin
wxEAPProviderLockPanelBase(parent)
{
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
winstd::library lib_shell32(LoadLibraryEx(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_shell32)
m_provider_lock_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(1003)));
}
@@ -465,8 +465,8 @@ wxEAPIdentityConfigPanel::wxEAPIdentityConfigPanel(const eap::config_provider &p
wxEAPIdentityConfigPanelBase(parent)
{
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
winstd::library lib_shell32(LoadLibraryEx(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_shell32)
m_identity_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(265)));
}

4
lib/EAPBase_UI/src/Module.cpp
View File

@@ -171,8 +171,8 @@ void eap::monitor_ui::release_slaves(_In_bytecount_(size) const void *data, _In_
GetWindowThreadProcessId(*slave, &pid_slave);
// Get slave's process handle.
process proc_slave;
if (!proc_slave.open(PROCESS_VM_OPERATION | PROCESS_VM_WRITE, 0, pid_slave))
process proc_slave(OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE, 0, pid_slave));
if (!proc_slave)
continue;
// Allocate memory in slave's virtual memory space and save data to it.

4
lib/EapHost_UI/src/EapHost_UI.cpp
View File

@@ -31,8 +31,8 @@ wxEapHostMethodConfigPanel::wxEapHostMethodConfigPanel(const eap::config_provide
UNREFERENCED_PARAMETER(prov);
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
winstd::library lib_shell32(LoadLibraryEx(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_shell32)
m_method_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(175)));
winstd::eap_method_info_array methods;

30
lib/Events/src/Register.cpp
View File

@@ -65,9 +65,11 @@ STDAPI DllRegisterServer()
// Register event channels.
reg_key key_channels, key_channels_operational, key_channels_analytic;
if (!key_channels.open(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels"), 0, KEY_CREATE_SUB_KEY)) throw win_runtime_error();
LSTATUS s = RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels"), 0, KEY_CREATE_SUB_KEY, key_channels);
if (s != ERROR_SUCCESS) throw win_runtime_error(s);
sprintf(sz, _T("%s/Operational"), event_provider_name.c_str());
if (!key_channels_operational.create(key_channels, sz.c_str(), NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE)) throw win_runtime_error();
s = RegCreateKeyEx(key_channels, sz.c_str(), NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key_channels_operational, NULL);
if (s != ERROR_SUCCESS) throw win_runtime_error(s);
set_value(key_channels_operational, _T("OwningPublisher") , event_provider_guid);
set_value(key_channels_operational, _T("Enabled") , (DWORD)0);
set_value(key_channels_operational, _T("Isolation") , (DWORD)0);
@@ -78,7 +80,8 @@ STDAPI DllRegisterServer()
set_value(key_channels_operational, _T("AutoBackupLogFiles"), (DWORD)0);
set_value(key_channels_operational, _T("Type") , (DWORD)1);
sprintf(sz, _T("%s/Analytic"), event_provider_name.c_str());
if (!key_channels_analytic.create(key_channels, sz.c_str(), NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE)) throw win_runtime_error();
s = RegCreateKeyEx(key_channels, sz.c_str(), NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key_channels_analytic, NULL);
if (s != ERROR_SUCCESS) throw win_runtime_error(s);
set_value(key_channels_analytic, _T("OwningPublisher"), event_provider_guid);
set_value(key_channels_analytic, _T("Enabled") , (DWORD)0);
set_value(key_channels_analytic, _T("Isolation") , (DWORD)0);
@@ -90,8 +93,10 @@ STDAPI DllRegisterServer()
// Register event publishers.
reg_key key_publishers, key_event_source;
if (!key_publishers.open(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Publishers"), 0, KEY_CREATE_SUB_KEY)) throw win_runtime_error();
if (!key_event_source.create(key_publishers, event_provider_guid.c_str(), NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE)) throw win_runtime_error();
s = RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Publishers"), 0, KEY_CREATE_SUB_KEY, key_publishers);
if (s != ERROR_SUCCESS) throw win_runtime_error(s);
s = RegCreateKeyEx(key_publishers, event_provider_guid.c_str(), NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key_event_source, NULL);
if (s != ERROR_SUCCESS) throw win_runtime_error(s);
set_value(key_event_source, NULL , event_provider_name);
if (!GetModuleFileName(g_hInstance, sz)) throw win_runtime_error("GetModuleFileName failed.");
set_value(key_event_source, _T("MessageFileName") , sz);
@@ -100,13 +105,16 @@ STDAPI DllRegisterServer()
// Bind channels and publishers.
reg_key key_channel_refs, key_channel_refs_operational, key_channel_refs_analytic;
if (!key_channel_refs.create(key_event_source, _T("ChannelReferences"), NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE)) throw win_runtime_error();
if (!key_channel_refs_operational.create(key_channel_refs, _T("0"), NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE)) throw win_runtime_error();
s = RegCreateKeyEx(key_event_source, _T("ChannelReferences"), NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key_channel_refs, NULL);
if (s != ERROR_SUCCESS) throw win_runtime_error(s);
s = RegCreateKeyEx(key_channel_refs, _T("0"), NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key_channel_refs_operational, NULL);
if (s != ERROR_SUCCESS) throw win_runtime_error(s);
sprintf(sz, _T("%s/Operational"), event_provider_name.c_str());
set_value(key_channel_refs_operational, NULL , sz);
set_value(key_channel_refs_operational, _T("Id") , (DWORD)16);
set_value(key_channel_refs_operational, _T("Flags"), (DWORD)0);
if (!key_channel_refs_analytic.create(key_channel_refs, _T("1"), NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE)) throw win_runtime_error();
s = RegCreateKeyEx(key_channel_refs, _T("1"), NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key_channel_refs_analytic, NULL);
if (s != ERROR_SUCCESS) throw win_runtime_error(s);
sprintf(sz, _T("%s/Analytic"), event_provider_name.c_str());
set_value(key_channel_refs_analytic, NULL , sz);
set_value(key_channel_refs_analytic, _T("Id") , (DWORD)17);
@@ -134,14 +142,16 @@ STDAPI DllUnregisterServer()
// Unregister event publishers.
try {
reg_key key_publishers;
if (!key_publishers.open(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Publishers"), 0, KEY_READ)) throw win_runtime_error();
LSTATUS s = RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Publishers"), 0, KEY_READ, key_publishers);
if (s != ERROR_SUCCESS) throw win_runtime_error(s);
key_publishers.delete_subkey(tstring_guid(EAPMETHOD_TRACE_EVENT_PROVIDER).c_str());
} catch(...) {}
// Unregister event channels.
try {
reg_key key_channels;
if (!key_channels.open(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels"), 0, KEY_READ)) throw win_runtime_error();
LSTATUS s = RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Channels"), 0, KEY_READ, key_channels);
if (s != ERROR_SUCCESS) throw win_runtime_error(s);
key_channels.delete_subkey(_T(VENDOR_NAME_STR) _T("-") _T(PRODUCT_NAME_STR) _T("-EAPMethod/Operational"));
key_channels.delete_subkey(_T(VENDOR_NAME_STR) _T("-") _T(PRODUCT_NAME_STR) _T("-EAPMethod/Analytic"));
} catch(...) {}

4
lib/GTC_UI/src/GTC_UI.cpp
View File

@@ -115,8 +115,8 @@ wxGTCResponsePanel::wxGTCResponsePanel(winstd::sanitizing_wstring &response, con
m_response_value(response)
{
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
winstd::library lib_shell32(LoadLibraryEx(_T("shell32.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_shell32)
m_response_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(24)));
// Set challenge label.

12
lib/MSCHAPv2/src/MSCHAPv2.cpp
View File

@@ -56,7 +56,7 @@ crypt_key eap::create_des_key(_In_ HCRYPTPROV cp, _In_count_(size) const unsigne
// Import key.
crypt_key k;
if (!k.import(cp, key_blob.data(), (DWORD)key_blob.size(), NULL, 0))
if (!CryptImportKey(cp, key_blob.data(), (DWORD)key_blob.size(), NULL, 0, k))
throw winstd::win_runtime_error(__FUNCTION__ " Error importing key 1/3.");
return k;
}
@@ -90,7 +90,7 @@ eap::challenge_hash::challenge_hash(
_In_z_ const char *username)
{
crypt_hash hash;
if (!hash.create(cp, CALG_SHA))
if (!CryptCreateHash(cp, CALG_SHA, NULL, 0, hash))
throw win_runtime_error(__FUNCTION__ " Creating SHA hash failed.");
if (!CryptHashData(hash, (const BYTE*)&challenge_client , (DWORD)sizeof(challenge_client), 0) ||
!CryptHashData(hash, challenge_server.data(), (DWORD)challenge_server.size() , 0) ||
@@ -135,7 +135,7 @@ eap::nt_password_hash::nt_password_hash(
_In_z_ const wchar_t *password)
{
crypt_hash hash;
if (!hash.create(cp, CALG_MD4))
if (!CryptCreateHash(cp, CALG_MD4, NULL, 0, hash))
throw win_runtime_error(__FUNCTION__ " Creating MD4 hash failed.");
if (!CryptHashData(hash, (const BYTE*)password, (DWORD)(wcslen(password) * sizeof(wchar_t)), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing data.");
@@ -150,7 +150,7 @@ eap::nt_password_hash::nt_password_hash(
_In_ const nt_password_hash &pwd_hash)
{
crypt_hash hash;
if (!hash.create(cp, CALG_MD4))
if (!CryptCreateHash(cp, CALG_MD4, NULL, 0, hash))
throw win_runtime_error(__FUNCTION__ " Creating MD4 hash failed.");
if (!CryptHashData(hash, (const BYTE*)&pwd_hash, (DWORD)sizeof(pwd_hash), 0))
throw win_runtime_error(__FUNCTION__ " Error hashing data.");
@@ -271,7 +271,7 @@ eap::authenticator_response::authenticator_response(
nt_password_hash hash_hash_pwd(cp, nt_password_hash(cp, password));
crypt_hash hash;
if (!hash.create(cp, CALG_SHA))
if (!CryptCreateHash(cp, CALG_SHA, NULL, 0, hash))
throw win_runtime_error(__FUNCTION__ " Creating SHA hash failed.");
if (!CryptHashData(hash, (const BYTE*)&hash_hash_pwd, (DWORD)sizeof(hash_hash_pwd), 0) ||
!CryptHashData(hash, (const BYTE*)&nt_resp , (DWORD)sizeof(nt_resp ), 0) ||
@@ -291,7 +291,7 @@ eap::authenticator_response::authenticator_response(
};
challenge_hash challenge(cp, challenge_server, challenge_client, username);
if (!hash.create(cp, CALG_SHA))
if (!CryptCreateHash(cp, CALG_SHA, NULL, 0, hash))
throw win_runtime_error(__FUNCTION__ " Creating SHA hash failed.");
if (!CryptHashData(hash, hash_val , size_hash_val , 0) ||
!CryptHashData(hash, (const BYTE*)&challenge, (DWORD)sizeof(challenge), 0) ||

2
lib/MSCHAPv2/src/Method.cpp
View File

@@ -38,7 +38,7 @@ void eap::method_mschapv2_base::begin_session(
m_cfg.m_last_msg.clear();
// Create cryptographics provider for support needs (client challenge ...).
if (!m_cp.create(NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
if (!CryptAcquireContext(m_cp, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
throw win_runtime_error(__FUNCTION__ " Error creating cryptographics provider.");
}

4
lib/TLS/include/Module.h
View File

@@ -96,8 +96,8 @@ namespace eap
public:
module &m_module; ///< Module
winstd::win_handle<NULL> m_thread; ///< Thread
winstd::win_handle<NULL> m_abort; ///< Thread abort event
winstd::thread m_thread; ///< Thread
winstd::event m_abort; ///< Thread abort event
winstd::cert_context m_cert; ///< Server certificate
};

4
lib/TLS/src/Config.cpp
View File

@@ -242,8 +242,8 @@ eap::credentials* eap::config_method_tls::make_credentials() const
bool eap::config_method_tls::add_trusted_ca(_In_ DWORD dwCertEncodingType, _In_ LPCBYTE pbCertEncoded, _In_ DWORD cbCertEncoded)
{
cert_context cert;
if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) {
cert_context cert(CertCreateCertificateContext(dwCertEncodingType, pbCertEncoded, cbCertEncoded));
if (!cert) {
// Invalid or unsupported certificate.
return false;
}

6
lib/TLS/src/Credentials.cpp
View File

@@ -205,9 +205,9 @@ std::wstring eap::credentials_tls::get_identity() const
return m_identity;
} else if (!m_cert_hash.empty()) {
// Find certificate in the store.
winstd::cert_store store;
vector<unsigned char> hash;
if (store.create(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My"))) {
winstd::cert_store store(CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My")));
if (!!store) {
vector<unsigned char> hash;
for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(store, cert)) != NULL;) {
if (CertGetCertificateContextProperty(cert, CERT_HASH_PROP_ID, hash) &&
hash == m_cert_hash)

11
lib/TLS/src/Method.cpp
View File

@@ -195,7 +195,8 @@ void eap::method_tls::begin_session(
#endif
}
if (!m_store.create(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My")))
m_store = CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My"));
if (!m_store)
throw win_runtime_error(__FUNCTION__ " CertOpenStore failed.");
// Prepare client credentials for Schannel.
@@ -372,7 +373,7 @@ EapPeerMethodResponseAction eap::method_tls::process_request_packet(
// Verify cached CRL (entire chain).
reg_key key;
if (key.open(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\") _T(VENDOR_NAME_STR) _T("\\") _T(PRODUCT_NAME_STR) _T("\\TLSCRL"), 0, KEY_READ)) {
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\") _T(VENDOR_NAME_STR) _T("\\") _T(PRODUCT_NAME_STR) _T("\\TLSCRL"), 0, KEY_READ, key) == ERROR_SUCCESS) {
wstring hash_unicode;
vector<unsigned char> hash, subj;
for (cert_context c(m_sc_cert); c;) {
@@ -731,8 +732,8 @@ void eap::method_tls::verify_server_trust() const
throw sec_runtime_error(SEC_E_CERT_UNKNOWN, __FUNCTION__ " Server is using a self-signed certificate. Cannot trust it.");
// Create temporary certificate store of our trusted root CAs.
cert_store store;
if (!store.create(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, 0, NULL))
cert_store store(CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, 0, NULL));
if (!store)
throw win_runtime_error(__FUNCTION__ " Error creating temporary certificate store.");
for (auto c = m_cfg.m_trusted_root_ca.cbegin(), c_end = m_cfg.m_trusted_root_ca.cend(); c != c_end; ++c)
CertAddCertificateContextToStore(store, *c, CERT_STORE_ADD_REPLACE_EXISTING, NULL);
@@ -770,7 +771,7 @@ void eap::method_tls::verify_server_trust() const
#endif
};
cert_chain_context context;
if (!context.create(NULL, m_sc_cert, NULL, store, &chain_params, 0))
if (!CertGetCertificateChain(NULL, m_sc_cert, NULL, store, &chain_params, 0, NULL, context))
throw win_runtime_error(__FUNCTION__ " Error creating certificate chain context.");
// Check chain validation error flags. Ignore CERT_TRUST_IS_UNTRUSTED_ROOT flag since we check root CA explicitly.

2
lib/TLS/src/Module.cpp
View File

@@ -202,7 +202,7 @@ DWORD WINAPI eap::peer_tls_base::crl_checker::verify(_In_ crl_checker *obj)
// One of the certificates in the chain was revoked as compromised. Black-list it.
obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED, event_data((unsigned int)obj->m_module.m_eap_method), event_data(subj), event_data(status_rev.dwReason), blank_event_data);
reg_key key;
if (key.create(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\") _T(VENDOR_NAME_STR) _T("\\") _T(PRODUCT_NAME_STR) _T("\\TLSCRL"), NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE)) {
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\") _T(VENDOR_NAME_STR) _T("\\") _T(PRODUCT_NAME_STR) _T("\\TLSCRL"), NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key, NULL) == ERROR_SUCCESS) {
vector<unsigned char> hash;
if (CertGetCertificateContextProperty(cert, CERT_HASH_PROP_ID, hash)) {
wstring hash_unicode;

22
lib/TLS_UI/src/TLS_UI.cpp
View File

@@ -118,13 +118,13 @@ wxTLSCredentialsPanel::wxTLSCredentialsPanel(const eap::config_provider &prov, c
wxEAPCredentialsPanel<eap::credentials_tls, wxTLSCredentialsPanelBase>(prov, cfg, cred, parent, is_config)
{
// Load and set icon.
winstd::library lib_shell32;
if (lib_shell32.load(_T("certmgr.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
m_credentials_icon->SetIcon(wxLoadIconFromResource(lib_shell32, MAKEINTRESOURCE(6170)));
winstd::library lib_certmgr(LoadLibraryEx(_T("certmgr.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_certmgr)
m_credentials_icon->SetIcon(wxLoadIconFromResource(lib_certmgr, MAKEINTRESOURCE(6170)));
// Populate certificate list.
winstd::cert_store store;
if (store.create(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My"))) {
winstd::cert_store store(CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My")));
if (!!store) {
for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(store, cert)) != NULL;) {
DWORD dwKeySpec = 0, dwSize = sizeof(dwKeySpec);
if (!CertGetCertificateContextProperty(cert, CERT_KEY_SPEC_PROP_ID, &dwKeySpec, &dwSize) || !dwKeySpec) {
@@ -202,8 +202,8 @@ wxTLSServerTrustPanel::wxTLSServerTrustPanel(const eap::config_provider &prov, e
wxTLSServerTrustPanelBase(parent)
{
// Load and set icon.
winstd::library lib_certmgr;
if (lib_certmgr.load(_T("certmgr.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE))
winstd::library lib_certmgr(LoadLibraryEx(_T("certmgr.dll"), NULL, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE));
if (!!lib_certmgr)
m_server_trust_icon->SetIcon(wxLoadIconFromResource(lib_certmgr, MAKEINTRESOURCE(379)));
// Do not use cfg.m_server_names directly, so we can decide not to store the value in case of provider-locked configuration.
@@ -294,8 +294,8 @@ void wxTLSServerTrustPanel::OnRootCAAddStore(wxCommandEvent& event)
{
wxTLSServerTrustPanelBase::OnRootCAAddStore(event);
winstd::cert_store store;
if (store.create(NULL, _T("ROOT"))) {
winstd::cert_store store(CertOpenSystemStore(NULL, _T("ROOT")));
if (!!store) {
winstd::cert_context cert;
#pragma warning(suppress: 6387) // The pvReserved parameter is annotated as _In_
cert.attach(CryptUIDlgSelectCertificateFromStore(store, this->GetHWND(), NULL, NULL, 0, 0, NULL));
@@ -323,8 +323,8 @@ void wxTLSServerTrustPanel::OnRootCAAddFile(wxCommandEvent& event)
open_dialog.GetPaths(paths);
for (size_t i = 0, i_end = paths.GetCount(); i < i_end; i++) {
// Load certificate(s) from file.
winstd::cert_store cs;
if (cs.create(CERT_STORE_PROV_FILENAME, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, static_cast<LPCTSTR>(paths[i]))) {
winstd::cert_store cs(CertOpenStore(CERT_STORE_PROV_FILENAME, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, static_cast<LPCTSTR>(paths[i])));
if (!!cs) {
for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(cs, cert)) != NULL;)
AddRootCA(cert);
} else

2
lib/WinStd

Submodule lib/WinStd updated: 328646b2d9...ad76305ce9