WinStd: Update

Signed-off-by: Simon Rozman <simon@rozman.si>
2022-03-02 11:59:26 +01:00
parent 831dcf680c
commit a2cab07a30
26 changed files with 125 additions and 110 deletions
--- a/lib/TLS/include/Module.h
+++ b/lib/TLS/include/Module.h
@@ -96,8 +96,8 @@ namespace eap

        public:
            module &m_module;                  ///< Module
-            winstd::win_handle<NULL> m_thread; ///< Thread
-            winstd::win_handle<NULL> m_abort;  ///< Thread abort event
+            winstd::thread m_thread;           ///< Thread
+            winstd::event m_abort;             ///< Thread abort event
            winstd::cert_context m_cert;       ///< Server certificate
        };

--- a/lib/TLS/src/Config.cpp
+++ b/lib/TLS/src/Config.cpp
@@ -242,8 +242,8 @@ eap::credentials* eap::config_method_tls::make_credentials() const

 bool eap::config_method_tls::add_trusted_ca(_In_  DWORD dwCertEncodingType, _In_  LPCBYTE pbCertEncoded, _In_  DWORD cbCertEncoded)
 {
-    cert_context cert;
-    if (!cert.create(dwCertEncodingType, pbCertEncoded, cbCertEncoded)) {
+    cert_context cert(CertCreateCertificateContext(dwCertEncodingType, pbCertEncoded, cbCertEncoded));
+    if (!cert) {
        // Invalid or unsupported certificate.
        return false;
    }
--- a/lib/TLS/src/Credentials.cpp
+++ b/lib/TLS/src/Credentials.cpp
@@ -205,9 +205,9 @@ std::wstring eap::credentials_tls::get_identity() const
        return m_identity;
    } else if (!m_cert_hash.empty()) {
        // Find certificate in the store.
-        winstd::cert_store store;
-        vector<unsigned char> hash;
-        if (store.create(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My"))) {
+        winstd::cert_store store(CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My")));
+        if (!!store) {
+            vector<unsigned char> hash;
            for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(store, cert)) != NULL;) {
                if (CertGetCertificateContextProperty(cert, CERT_HASH_PROP_ID, hash) &&
                    hash == m_cert_hash)
--- a/lib/TLS/src/Method.cpp
+++ b/lib/TLS/src/Method.cpp
@@ -195,7 +195,8 @@ void eap::method_tls::begin_session(
 #endif
    }

-    if (!m_store.create(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My")))
+    m_store = CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, (HCRYPTPROV)NULL, CERT_SYSTEM_STORE_CURRENT_USER, _T("My"));
+    if (!m_store)
        throw win_runtime_error(__FUNCTION__ " CertOpenStore failed.");

    // Prepare client credentials for Schannel.
@@ -372,7 +373,7 @@ EapPeerMethodResponseAction eap::method_tls::process_request_packet(

            // Verify cached CRL (entire chain).
            reg_key key;
-            if (key.open(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\") _T(VENDOR_NAME_STR) _T("\\") _T(PRODUCT_NAME_STR) _T("\\TLSCRL"), 0, KEY_READ)) {
+            if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\") _T(VENDOR_NAME_STR) _T("\\") _T(PRODUCT_NAME_STR) _T("\\TLSCRL"), 0, KEY_READ, key) == ERROR_SUCCESS) {
                wstring hash_unicode;
                vector<unsigned char> hash, subj;
                for (cert_context c(m_sc_cert); c;) {
@@ -731,8 +732,8 @@ void eap::method_tls::verify_server_trust() const
        throw sec_runtime_error(SEC_E_CERT_UNKNOWN, __FUNCTION__ " Server is using a self-signed certificate. Cannot trust it.");

    // Create temporary certificate store of our trusted root CAs.
-    cert_store store;
-    if (!store.create(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, 0, NULL))
+    cert_store store(CertOpenStore(CERT_STORE_PROV_MEMORY, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, 0, NULL));
+    if (!store)
        throw win_runtime_error(__FUNCTION__ " Error creating temporary certificate store.");
    for (auto c = m_cfg.m_trusted_root_ca.cbegin(), c_end = m_cfg.m_trusted_root_ca.cend(); c != c_end; ++c)
        CertAddCertificateContextToStore(store, *c, CERT_STORE_ADD_REPLACE_EXISTING, NULL);
@@ -770,7 +771,7 @@ void eap::method_tls::verify_server_trust() const
 #endif
    };
    cert_chain_context context;
-    if (!context.create(NULL, m_sc_cert, NULL, store, &chain_params, 0))
+    if (!CertGetCertificateChain(NULL, m_sc_cert, NULL, store, &chain_params, 0, NULL, context))
        throw win_runtime_error(__FUNCTION__ " Error creating certificate chain context.");

    // Check chain validation error flags. Ignore CERT_TRUST_IS_UNTRUSTED_ROOT flag since we check root CA explicitly.
--- a/lib/TLS/src/Module.cpp
+++ b/lib/TLS/src/Module.cpp
@@ -202,7 +202,7 @@ DWORD WINAPI eap::peer_tls_base::crl_checker::verify(_In_ crl_checker *obj)
                    // One of the certificates in the chain was revoked as compromised. Black-list it.
                    obj->m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_REVOKED, event_data((unsigned int)obj->m_module.m_eap_method), event_data(subj), event_data(status_rev.dwReason), blank_event_data);
                    reg_key key;
-                    if (key.create(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\") _T(VENDOR_NAME_STR) _T("\\") _T(PRODUCT_NAME_STR) _T("\\TLSCRL"), NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE)) {
+                    if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\") _T(VENDOR_NAME_STR) _T("\\") _T(PRODUCT_NAME_STR) _T("\\TLSCRL"), NULL, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, key, NULL) == ERROR_SUCCESS) {
                        vector<unsigned char> hash;
                        if (CertGetCertificateContextProperty(cert, CERT_HASH_PROP_ID, hash)) {
                            wstring hash_unicode;