Commit d5f37122 authored by Alex Brainman's avatar Alex Brainman Committed by Adam Langley

crypto/tls: cleanup certificate load on windows

- correct syscall.CertEnumCertificatesInStore so it returns error
- remove "reflect" dependency

R=hectorchu, agl, rsc
CC=golang-dev, krautz
https://golang.org/cl/5441052
parent bac7bc55
...@@ -6,7 +6,6 @@ package tls ...@@ -6,7 +6,6 @@ package tls
import ( import (
"crypto/x509" "crypto/x509"
"reflect"
"syscall" "syscall"
"unsafe" "unsafe"
) )
...@@ -16,29 +15,23 @@ func loadStore(roots *x509.CertPool, name string) { ...@@ -16,29 +15,23 @@ func loadStore(roots *x509.CertPool, name string) {
if err != nil { if err != nil {
return return
} }
defer syscall.CertCloseStore(store, 0)
var cert *syscall.CertContext var cert *syscall.CertContext
for { for {
cert = syscall.CertEnumCertificatesInStore(store, cert) cert, err = syscall.CertEnumCertificatesInStore(store, cert)
if cert == nil { if err != nil {
break return
} }
var asn1Slice []byte buf := (*[1 << 20]byte)(unsafe.Pointer(cert.EncodedCert))[:]
hdrp := (*reflect.SliceHeader)(unsafe.Pointer(&asn1Slice)) // ParseCertificate requires its own copy of certificate data to keep.
hdrp.Data = cert.EncodedCert buf2 := make([]byte, cert.Length)
hdrp.Len = int(cert.Length) copy(buf2, buf)
hdrp.Cap = int(cert.Length) if c, err := x509.ParseCertificate(buf2); err == nil {
roots.AddCert(c)
buf := make([]byte, len(asn1Slice))
copy(buf, asn1Slice)
if cert, err := x509.ParseCertificate(buf); err == nil {
roots.AddCert(cert)
} }
} }
syscall.CertCloseStore(store, 0)
} }
func initDefaultRoots() { func initDefaultRoots() {
......
...@@ -152,7 +152,7 @@ func NewCallback(fn interface{}) uintptr ...@@ -152,7 +152,7 @@ func NewCallback(fn interface{}) uintptr
//sys TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (err error) = mswsock.TransmitFile //sys TransmitFile(s Handle, handle Handle, bytesToWrite uint32, bytsPerSend uint32, overlapped *Overlapped, transmitFileBuf *TransmitFileBuffers, flags uint32) (err error) = mswsock.TransmitFile
//sys ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree bool, mask uint32, retlen *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) = kernel32.ReadDirectoryChangesW //sys ReadDirectoryChanges(handle Handle, buf *byte, buflen uint32, watchSubTree bool, mask uint32, retlen *uint32, overlapped *Overlapped, completionRoutine uintptr) (err error) = kernel32.ReadDirectoryChangesW
//sys CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) = crypt32.CertOpenSystemStoreW //sys CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) = crypt32.CertOpenSystemStoreW
//sys CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) = crypt32.CertEnumCertificatesInStore //sys CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) [failretval==nil] = crypt32.CertEnumCertificatesInStore
//sys CertCloseStore(store Handle, flags uint32) (err error) = crypt32.CertCloseStore //sys CertCloseStore(store Handle, flags uint32) (err error) = crypt32.CertCloseStore
//sys RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno uintptr) = advapi32.RegOpenKeyExW //sys RegOpenKeyEx(key Handle, subkey *uint16, options uint32, desiredAccess uint32, result *Handle) (regerrno uintptr) = advapi32.RegOpenKeyExW
//sys RegCloseKey(key Handle) (regerrno uintptr) = advapi32.RegCloseKey //sys RegCloseKey(key Handle) (regerrno uintptr) = advapi32.RegCloseKey
......
...@@ -969,9 +969,16 @@ func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) { ...@@ -969,9 +969,16 @@ func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) {
return return
} }
func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) { func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) {
r0, _, _ := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0) r0, _, e1 := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
context = (*CertContext)(unsafe.Pointer(r0)) context = (*CertContext)(unsafe.Pointer(r0))
if context == nil {
if e1 != 0 {
err = error(e1)
} else {
err = EINVAL
}
}
return return
} }
......
...@@ -969,9 +969,16 @@ func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) { ...@@ -969,9 +969,16 @@ func CertOpenSystemStore(hprov Handle, name *uint16) (store Handle, err error) {
return return
} }
func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext) { func CertEnumCertificatesInStore(store Handle, prevContext *CertContext) (context *CertContext, err error) {
r0, _, _ := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0) r0, _, e1 := Syscall(procCertEnumCertificatesInStore.Addr(), 2, uintptr(store), uintptr(unsafe.Pointer(prevContext)), 0)
context = (*CertContext)(unsafe.Pointer(r0)) context = (*CertContext)(unsafe.Pointer(r0))
if context == nil {
if e1 != 0 {
err = error(e1)
} else {
err = EINVAL
}
}
return return
} }
......
...@@ -659,7 +659,7 @@ type MibIfRow struct { ...@@ -659,7 +659,7 @@ type MibIfRow struct {
type CertContext struct { type CertContext struct {
EncodingType uint32 EncodingType uint32
EncodedCert uintptr EncodedCert *byte
Length uint32 Length uint32
CertInfo uintptr CertInfo uintptr
Store Handle Store Handle
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment