[ros-diffs] [cwittich] 45838: [WINTRUST] sync wintrust to wine 1.1.39
cwittich at svn.reactos.org
cwittich at svn.reactos.org
Thu Mar 4 21:39:41 CET 2010
Author: cwittich
Date: Thu Mar 4 21:39:41 2010
New Revision: 45838
URL: http://svn.reactos.org/svn/reactos?rev=45838&view=rev
Log:
[WINTRUST]
sync wintrust to wine 1.1.39
Modified:
trunk/reactos/dll/win32/wintrust/asn.c
trunk/reactos/dll/win32/wintrust/crypt.c
trunk/reactos/dll/win32/wintrust/softpub.c
trunk/reactos/dll/win32/wintrust/wintrust_main.c
Modified: trunk/reactos/dll/win32/wintrust/asn.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/asn.c?rev=45838&r1=45837&r2=45838&view=diff
==============================================================================
--- trunk/reactos/dll/win32/wintrust/asn.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/wintrust/asn.c [iso-8859-1] Thu Mar 4 21:39:41 2010
@@ -1469,6 +1469,11 @@
*/
#define ALIGN_DWORD_PTR(x) (((x) + sizeof(DWORD_PTR) - 1) & ~(sizeof(DWORD_PTR) - 1))
+#define FINALMEMBERSIZE(s, member) (sizeof(s) - offsetof(s, member))
+#define MEMBERSIZE(s, member, nextmember) \
+ (offsetof(s, nextmember) - offsetof(s, member))
+
+
/* Decodes the items in a sequence, where the items are described in items,
* the encoded data are in pbEncoded with length cbEncoded. Decodes into
* pvStructInfo. nextData is a pointer to the memory location at which the
@@ -1520,8 +1525,13 @@
: NULL, &items[i].size);
if (ret)
{
- /* Account for alignment padding */
- items[i].size = ALIGN_DWORD_PTR(items[i].size);
+ if (items[i].size < items[i].minSize)
+ items[i].size = items[i].minSize;
+ else if (items[i].size > items[i].minSize)
+ {
+ /* Account for alignment padding */
+ items[i].size = ALIGN_DWORD_PTR(items[i].size);
+ }
TRACE("item %d size: %d\n", i, items[i].size);
if (nextData && items[i].hasPointer &&
items[i].size > items[i].minSize)
@@ -2179,62 +2189,24 @@
return ret;
}
-static BOOL CRYPT_AsnDecodeInteger(const BYTE *pbEncoded,
- DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo)
-{
- BOOL ret;
- DWORD bytesNeeded, dataLen;
-
- if ((ret = CRYPT_GetLen(pbEncoded, cbEncoded, &dataLen)))
- {
- BYTE lenBytes = GET_LEN_BYTES(pbEncoded[1]);
-
- bytesNeeded = dataLen + sizeof(CRYPT_INTEGER_BLOB);
- if (!pvStructInfo)
- *pcbStructInfo = bytesNeeded;
- else if (*pcbStructInfo < bytesNeeded)
- {
- *pcbStructInfo = bytesNeeded;
- SetLastError(ERROR_MORE_DATA);
- ret = FALSE;
- }
- else
- {
- CRYPT_INTEGER_BLOB *blob = pvStructInfo;
-
- *pcbStructInfo = bytesNeeded;
- blob->cbData = dataLen;
- assert(blob->pbData);
- if (blob->cbData)
- {
- DWORD i;
-
- for (i = 0; i < blob->cbData; i++)
- {
- blob->pbData[i] = *(pbEncoded + 1 + lenBytes +
- dataLen - i - 1);
- }
- }
- }
- }
- return ret;
-}
-
/* Ignores tag. Only allows integers 4 bytes or smaller in size. */
static BOOL WINAPI CRYPT_AsnDecodeInt(DWORD dwCertEncodingType,
LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags,
void *pvStructInfo, DWORD *pcbStructInfo)
{
BOOL ret;
- BYTE buf[sizeof(CRYPT_INTEGER_BLOB) + sizeof(int)];
- CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)buf;
- DWORD size = sizeof(buf);
-
- blob->pbData = buf + sizeof(CRYPT_INTEGER_BLOB);
- ret = CRYPT_AsnDecodeInteger(pbEncoded, cbEncoded, 0, buf, &size);
- if (ret)
- {
- if (!pvStructInfo)
+ DWORD dataLen;
+
+ if ((ret = CRYPT_GetLen(pbEncoded, cbEncoded, &dataLen)))
+ {
+ BYTE lenBytes = GET_LEN_BYTES(pbEncoded[1]);
+
+ if (dataLen > sizeof(int))
+ {
+ SetLastError(CRYPT_E_ASN1_LARGE);
+ ret = FALSE;
+ }
+ else if (!pvStructInfo)
*pcbStructInfo = sizeof(int);
else if (*pcbStructInfo < sizeof(int))
{
@@ -2248,23 +2220,21 @@
DWORD i;
*pcbStructInfo = sizeof(int);
- if (blob->pbData[blob->cbData - 1] & 0x80)
+ if (dataLen && pbEncoded[1 + lenBytes] & 0x80)
{
/* initialize to a negative value to sign-extend */
val = -1;
}
else
val = 0;
- for (i = 0; i < blob->cbData; i++)
+ for (i = 0; i < dataLen; i++)
{
val <<= 8;
- val |= blob->pbData[blob->cbData - i - 1];
+ val |= pbEncoded[1 + lenBytes + i];
}
memcpy(pvStructInfo, &val, sizeof(int));
}
}
- else if (GetLastError() == ERROR_MORE_DATA)
- SetLastError(CRYPT_E_ASN1_LARGE);
return ret;
}
@@ -2284,7 +2254,7 @@
CRYPT_AsnDecodeBMPString, sizeof(LPWSTR), FALSE, TRUE,
offsetof(CAT_MEMBERINFO, pwszSubjGuid), 0 },
{ ASN_INTEGER, offsetof(CAT_MEMBERINFO, dwCertVersion),
- CRYPT_AsnDecodeInt, sizeof(DWORD),
+ CRYPT_AsnDecodeInt, FINALMEMBERSIZE(CAT_MEMBERINFO, dwCertVersion),
FALSE, FALSE, 0, 0 },
};
@@ -2317,7 +2287,8 @@
CRYPT_AsnDecodeBMPString, sizeof(LPWSTR), FALSE, TRUE,
offsetof(CAT_NAMEVALUE, pwszTag), 0 },
{ ASN_INTEGER, offsetof(CAT_NAMEVALUE, fdwFlags),
- CRYPT_AsnDecodeInt, sizeof(DWORD), FALSE, FALSE, 0, 0 },
+ CRYPT_AsnDecodeInt, MEMBERSIZE(CAT_NAMEVALUE, fdwFlags, Value),
+ FALSE, FALSE, 0, 0 },
{ ASN_OCTETSTRING, offsetof(CAT_NAMEVALUE, Value),
CRYPT_AsnDecodeOctets, sizeof(CRYPT_DER_BLOB), FALSE, TRUE,
offsetof(CAT_NAMEVALUE, Value.pbData), 0 },
@@ -2391,9 +2362,11 @@
{
struct AsnDecodeSequenceItem items[] = {
{ ASN_BOOL, offsetof(SPC_FINANCIAL_CRITERIA, fFinancialInfoAvailable),
- CRYPT_AsnDecodeBool, sizeof(BOOL), FALSE, FALSE, 0, 0 },
+ CRYPT_AsnDecodeBool, MEMBERSIZE(SPC_FINANCIAL_CRITERIA,
+ fFinancialInfoAvailable, fMeetsCriteria), FALSE, FALSE, 0, 0 },
{ ASN_BOOL, offsetof(SPC_FINANCIAL_CRITERIA, fMeetsCriteria),
- CRYPT_AsnDecodeBool, sizeof(BOOL), FALSE, FALSE, 0, 0 },
+ CRYPT_AsnDecodeBool, FINALMEMBERSIZE(SPC_FINANCIAL_CRITERIA,
+ fMeetsCriteria), FALSE, FALSE, 0, 0 },
};
ret = CRYPT_AsnDecodeSequence(dwCertEncodingType, items,
Modified: trunk/reactos/dll/win32/wintrust/crypt.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/crypt.c?rev=45838&r1=45837&r2=45838&view=diff
==============================================================================
--- trunk/reactos/dll/win32/wintrust/crypt.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/wintrust/crypt.c [iso-8859-1] Thu Mar 4 21:39:41 2010
@@ -1028,7 +1028,18 @@
/* app hasn't passed buffer, just get the length */
ret = ImageGetCertificateHeader(pSubjectInfo->hFile, dwIndex, &cert);
if (ret)
- *pcbSignedDataMsg = cert.dwLength;
+ {
+ switch (cert.wCertificateType)
+ {
+ case WIN_CERT_TYPE_X509:
+ case WIN_CERT_TYPE_PKCS_SIGNED_DATA:
+ *pcbSignedDataMsg = cert.dwLength;
+ break;
+ default:
+ WARN("unknown certificate type %d\n", cert.wCertificateType);
+ ret = FALSE;
+ }
+ }
}
else
{
@@ -1065,9 +1076,10 @@
*pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
break;
default:
- FIXME("don't know what to do for encoding type %d\n",
+ WARN("don't know what to do for encoding type %d\n",
pCert->wCertificateType);
*pdwEncodingType = 0;
+ ret = FALSE;
}
}
}
Modified: trunk/reactos/dll/win32/wintrust/softpub.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/softpub.c?rev=45838&r1=45837&r2=45838&view=diff
==============================================================================
--- trunk/reactos/dll/win32/wintrust/softpub.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/wintrust/softpub.c [iso-8859-1] Thu Mar 4 21:39:41 2010
@@ -75,9 +75,9 @@
/* Assumes data->pWintrustData->u.pFile exists. Makes sure a file handle is
* open for the file.
*/
-static BOOL SOFTPUB_OpenFile(CRYPT_PROVIDER_DATA *data)
-{
- BOOL ret = TRUE;
+static DWORD SOFTPUB_OpenFile(CRYPT_PROVIDER_DATA *data)
+{
+ DWORD err = ERROR_SUCCESS;
/* PSDK implies that all values should be initialized to NULL, so callers
* typically have hFile as NULL rather than INVALID_HANDLE_VALUE. Check
@@ -92,65 +92,64 @@
if (data->pWintrustData->u.pFile->hFile != INVALID_HANDLE_VALUE)
data->fOpenedFile = TRUE;
else
- ret = FALSE;
- }
- if (ret)
+ err = GetLastError();
+ }
+ if (!err)
GetFileTime(data->pWintrustData->u.pFile->hFile, &data->sftSystemTime,
NULL, NULL);
- TRACE("returning %d\n", ret);
- return ret;
+ TRACE("returning %d\n", err);
+ return err;
}
/* Assumes data->pWintrustData->u.pFile exists. Sets data->pPDSip->gSubject to
* the file's subject GUID.
*/
-static BOOL SOFTPUB_GetFileSubject(CRYPT_PROVIDER_DATA *data)
-{
- BOOL ret;
+static DWORD SOFTPUB_GetFileSubject(CRYPT_PROVIDER_DATA *data)
+{
+ DWORD err = ERROR_SUCCESS;
if (!WVT_ISINSTRUCT(WINTRUST_FILE_INFO,
data->pWintrustData->u.pFile->cbStruct, pgKnownSubject) ||
!data->pWintrustData->u.pFile->pgKnownSubject)
{
- ret = CryptSIPRetrieveSubjectGuid(
+ if (!CryptSIPRetrieveSubjectGuid(
data->pWintrustData->u.pFile->pcwszFilePath,
data->pWintrustData->u.pFile->hFile,
- &data->u.pPDSip->gSubject);
- }
- else
- {
+ &data->u.pPDSip->gSubject))
+ err = GetLastError();
+ }
+ else
data->u.pPDSip->gSubject = *data->pWintrustData->u.pFile->pgKnownSubject;
- ret = TRUE;
- }
- TRACE("returning %d\n", ret);
- return ret;
+ TRACE("returning %d\n", err);
+ return err;
}
/* Assumes data->u.pPDSip exists, and its gSubject member set.
* Allocates data->u.pPDSip->pSip and loads it, if possible.
*/
-static BOOL SOFTPUB_GetSIP(CRYPT_PROVIDER_DATA *data)
-{
- BOOL ret;
+static DWORD SOFTPUB_GetSIP(CRYPT_PROVIDER_DATA *data)
+{
+ DWORD err = ERROR_SUCCESS;
data->u.pPDSip->pSip = data->psPfns->pfnAlloc(sizeof(SIP_DISPATCH_INFO));
if (data->u.pPDSip->pSip)
- ret = CryptSIPLoad(&data->u.pPDSip->gSubject, 0, data->u.pPDSip->pSip);
- else
- {
- SetLastError(ERROR_OUTOFMEMORY);
- ret = FALSE;
- }
- TRACE("returning %d\n", ret);
- return ret;
+ {
+ if (!CryptSIPLoad(&data->u.pPDSip->gSubject, 0, data->u.pPDSip->pSip))
+ err = GetLastError();
+ }
+ else
+ err = ERROR_OUTOFMEMORY;
+ TRACE("returning %d\n", err);
+ return err;
}
/* Assumes data->u.pPDSip has been loaded, and data->u.pPDSip->pSip allocated.
* Calls data->u.pPDSip->pSip->pfGet to construct data->hMsg.
*/
-static BOOL SOFTPUB_GetMessageFromFile(CRYPT_PROVIDER_DATA *data, HANDLE file,
+static DWORD SOFTPUB_GetMessageFromFile(CRYPT_PROVIDER_DATA *data, HANDLE file,
LPCWSTR filePath)
{
+ DWORD err = ERROR_SUCCESS;
BOOL ret;
LPBYTE buf = NULL;
DWORD size = 0;
@@ -158,10 +157,7 @@
data->u.pPDSip->psSipSubjectInfo =
data->psPfns->pfnAlloc(sizeof(SIP_SUBJECTINFO));
if (!data->u.pPDSip->psSipSubjectInfo)
- {
- SetLastError(ERROR_OUTOFMEMORY);
- return FALSE;
- }
+ return ERROR_OUTOFMEMORY;
data->u.pPDSip->psSipSubjectInfo->cbSize = sizeof(SIP_SUBJECTINFO);
data->u.pPDSip->psSipSubjectInfo->pgSubjectType = &data->u.pPDSip->gSubject;
@@ -171,17 +167,11 @@
ret = data->u.pPDSip->pSip->pfGet(data->u.pPDSip->psSipSubjectInfo,
&data->dwEncoding, 0, &size, 0);
if (!ret)
- {
- SetLastError(TRUST_E_NOSIGNATURE);
- return FALSE;
- }
+ return TRUST_E_NOSIGNATURE;
buf = data->psPfns->pfnAlloc(size);
if (!buf)
- {
- SetLastError(ERROR_OUTOFMEMORY);
- return FALSE;
- }
+ return ERROR_OUTOFMEMORY;
ret = data->u.pPDSip->pSip->pfGet(data->u.pPDSip->psSipSubjectInfo,
&data->dwEncoding, 0, &size, buf);
@@ -190,88 +180,111 @@
data->hMsg = CryptMsgOpenToDecode(data->dwEncoding, 0, 0, data->hProv,
NULL, NULL);
if (data->hMsg)
+ {
ret = CryptMsgUpdate(data->hMsg, buf, size, TRUE);
- }
+ if (!ret)
+ err = GetLastError();
+ }
+ }
+ else
+ err = GetLastError();
data->psPfns->pfnFree(buf);
- TRACE("returning %d\n", ret);
- return ret;
-}
-
-static BOOL SOFTPUB_CreateStoreFromMessage(CRYPT_PROVIDER_DATA *data)
-{
- BOOL ret = FALSE;
+ TRACE("returning %d\n", err);
+ return err;
+}
+
+static DWORD SOFTPUB_CreateStoreFromMessage(CRYPT_PROVIDER_DATA *data)
+{
+ DWORD err = ERROR_SUCCESS;
HCERTSTORE store;
store = CertOpenStore(CERT_STORE_PROV_MSG, data->dwEncoding,
data->hProv, CERT_STORE_NO_CRYPT_RELEASE_FLAG, data->hMsg);
if (store)
{
- ret = data->psPfns->pfnAddStore2Chain(data, store);
+ if (!data->psPfns->pfnAddStore2Chain(data, store))
+ err = GetLastError();
CertCloseStore(store, 0);
}
- TRACE("returning %d\n", ret);
- return ret;
+ else
+ err = GetLastError();
+ TRACE("returning %d\n", err);
+ return err;
}
static DWORD SOFTPUB_DecodeInnerContent(CRYPT_PROVIDER_DATA *data)
{
BOOL ret;
- DWORD size;
+ DWORD size, err = ERROR_SUCCESS;
LPSTR oid = NULL;
LPBYTE buf = NULL;
ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, NULL,
&size);
if (!ret)
- goto error;
+ {
+ err = GetLastError();
+ goto error;
+ }
oid = data->psPfns->pfnAlloc(size);
if (!oid)
{
- SetLastError(ERROR_OUTOFMEMORY);
- ret = FALSE;
+ err = ERROR_OUTOFMEMORY;
goto error;
}
ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, oid,
&size);
if (!ret)
- goto error;
+ {
+ err = GetLastError();
+ goto error;
+ }
ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, NULL, &size);
if (!ret)
- goto error;
+ {
+ err = GetLastError();
+ goto error;
+ }
buf = data->psPfns->pfnAlloc(size);
if (!buf)
{
- SetLastError(ERROR_OUTOFMEMORY);
- ret = FALSE;
+ err = ERROR_OUTOFMEMORY;
goto error;
}
ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, buf, &size);
if (!ret)
- goto error;
+ {
+ err = GetLastError();
+ goto error;
+ }
ret = CryptDecodeObject(data->dwEncoding, oid, buf, size, 0, NULL, &size);
if (!ret)
- goto error;
+ {
+ err = GetLastError();
+ goto error;
+ }
data->u.pPDSip->psIndirectData = data->psPfns->pfnAlloc(size);
if (!data->u.pPDSip->psIndirectData)
{
- SetLastError(ERROR_OUTOFMEMORY);
- ret = FALSE;
+ err = ERROR_OUTOFMEMORY;
goto error;
}
ret = CryptDecodeObject(data->dwEncoding, oid, buf, size, 0,
data->u.pPDSip->psIndirectData, &size);
+ if (!ret)
+ err = GetLastError();
error:
- TRACE("returning %d\n", ret);
+ TRACE("returning %d\n", err);
data->psPfns->pfnFree(oid);
data->psPfns->pfnFree(buf);
- return ret;
-}
-
-static BOOL SOFTPUB_LoadCertMessage(CRYPT_PROVIDER_DATA *data)
-{
- BOOL ret;
+ return err;
+}
+
+static DWORD SOFTPUB_LoadCertMessage(CRYPT_PROVIDER_DATA *data)
+{
+ DWORD err = ERROR_SUCCESS;
if (data->pWintrustData->u.pCert &&
WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(WINTRUST_CERT_INFO,
@@ -281,6 +294,7 @@
{
CRYPT_PROVIDER_SGNR signer = { sizeof(signer), { 0 } };
DWORD i;
+ BOOL ret;
/* Add a signer with nothing but the time to verify, so we can
* add a cert to it
@@ -308,55 +322,57 @@
ret = data->psPfns->pfnAddStore2Chain(data,
data->pWintrustData->u.pCert->pahStores[i]);
}
- }
- else
- {
- /* Do nothing!? See the tests */
- ret = TRUE;
- }
- }
- else
- {
- SetLastError(ERROR_INVALID_PARAMETER);
- ret = FALSE;
- }
- return ret;
-}
-
-static BOOL SOFTPUB_LoadFileMessage(CRYPT_PROVIDER_DATA *data)
-{
- BOOL ret;
+ if (!ret)
+ err = GetLastError();
+ }
+ }
+ else
+ err = ERROR_INVALID_PARAMETER;
+ return err;
+}
+
+static DWORD SOFTPUB_LoadFileMessage(CRYPT_PROVIDER_DATA *data)
+{
+ DWORD err = ERROR_SUCCESS;
if (!data->pWintrustData->u.pFile)
{
- SetLastError(ERROR_INVALID_PARAMETER);
- ret = FALSE;
- goto error;
- }
- ret = SOFTPUB_OpenFile(data);
- if (!ret)
- goto error;
- ret = SOFTPUB_GetFileSubject(data);
- if (!ret)
- goto error;
- ret = SOFTPUB_GetSIP(data);
- if (!ret)
- goto error;
- ret = SOFTPUB_GetMessageFromFile(data, data->pWintrustData->u.pFile->hFile,
+ err = ERROR_INVALID_PARAMETER;
+ goto error;
+ }
+ err = SOFTPUB_OpenFile(data);
+ if (err)
+ goto error;
+ err = SOFTPUB_GetFileSubject(data);
+ if (err)
+ goto error;
+ err = SOFTPUB_GetSIP(data);
+ if (err)
+ goto error;
+ err = SOFTPUB_GetMessageFromFile(data, data->pWintrustData->u.pFile->hFile,
data->pWintrustData->u.pFile->pcwszFilePath);
- if (!ret)
- goto error;
- ret = SOFTPUB_CreateStoreFromMessage(data);
- if (!ret)
- goto error;
- ret = SOFTPUB_DecodeInnerContent(data);
+ if (err)
+ goto error;
+ err = SOFTPUB_CreateStoreFromMessage(data);
+ if (err)
+ goto error;
+ err = SOFTPUB_DecodeInnerContent(data);
+
error:
- return ret;
-}
-
-static BOOL SOFTPUB_LoadCatalogMessage(CRYPT_PROVIDER_DATA *data)
-{
- BOOL ret;
+ if (err && data->fOpenedFile && data->pWintrustData->u.pFile)
+ {
+ /* The caller won't expect the file to be open on failure, so close it.
+ */
+ CloseHandle(data->pWintrustData->u.pFile->hFile);
+ data->pWintrustData->u.pFile->hFile = INVALID_HANDLE_VALUE;
+ data->fOpenedFile = FALSE;
+ }
+ return err;
+}
+
+static DWORD SOFTPUB_LoadCatalogMessage(CRYPT_PROVIDER_DATA *data)
+{
+ DWORD err;
HANDLE catalog = INVALID_HANDLE_VALUE;
if (!data->pWintrustData->u.pCatalog)
@@ -368,32 +384,34 @@
GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,
NULL);
if (catalog == INVALID_HANDLE_VALUE)
- return FALSE;
- ret = CryptSIPRetrieveSubjectGuid(
+ return GetLastError();
+ if (!CryptSIPRetrieveSubjectGuid(
data->pWintrustData->u.pCatalog->pcwszCatalogFilePath, catalog,
- &data->u.pPDSip->gSubject);
- if (!ret)
- goto error;
- ret = SOFTPUB_GetSIP(data);
- if (!ret)
- goto error;
- ret = SOFTPUB_GetMessageFromFile(data, catalog,
+ &data->u.pPDSip->gSubject))
+ {
+ err = GetLastError();
+ goto error;
+ }
+ err = SOFTPUB_GetSIP(data);
+ if (err)
+ goto error;
+ err = SOFTPUB_GetMessageFromFile(data, catalog,
data->pWintrustData->u.pCatalog->pcwszCatalogFilePath);
- if (!ret)
- goto error;
- ret = SOFTPUB_CreateStoreFromMessage(data);
- if (!ret)
- goto error;
- ret = SOFTPUB_DecodeInnerContent(data);
+ if (err)
+ goto error;
+ err = SOFTPUB_CreateStoreFromMessage(data);
+ if (err)
+ goto error;
+ err = SOFTPUB_DecodeInnerContent(data);
/* FIXME: this loads the catalog file, but doesn't validate the member. */
error:
CloseHandle(catalog);
- return ret;
+ return err;
}
HRESULT WINAPI SoftpubLoadMessage(CRYPT_PROVIDER_DATA *data)
{
- BOOL ret;
+ DWORD err = ERROR_SUCCESS;
TRACE("(%p)\n", data);
@@ -403,26 +421,24 @@
switch (data->pWintrustData->dwUnionChoice)
{
case WTD_CHOICE_CERT:
- ret = SOFTPUB_LoadCertMessage(data);
+ err = SOFTPUB_LoadCertMessage(data);
break;
case WTD_CHOICE_FILE:
- ret = SOFTPUB_LoadFileMessage(data);
+ err = SOFTPUB_LoadFileMessage(data);
break;
case WTD_CHOICE_CATALOG:
- ret = SOFTPUB_LoadCatalogMessage(data);
+ err = SOFTPUB_LoadCatalogMessage(data);
break;
default:
FIXME("unimplemented for %d\n", data->pWintrustData->dwUnionChoice);
- SetLastError(ERROR_INVALID_PARAMETER);
- ret = FALSE;
- }
-
- if (!ret)
- data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] =
- GetLastError();
- TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE,
+ err = ERROR_INVALID_PARAMETER;
+ }
+
+ if (err)
+ data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = err;
+ TRACE("returning %d (%08x)\n", !err ? S_OK : S_FALSE,
data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV]);
- return ret ? S_OK : S_FALSE;
+ return !err ? S_OK : S_FALSE;
}
static CMSG_SIGNER_INFO *WINTRUST_GetSigner(CRYPT_PROVIDER_DATA *data,
@@ -453,9 +469,9 @@
return signerInfo;
}
-static BOOL WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
-{
- BOOL ret;
+static DWORD WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
+{
+ DWORD err;
CMSG_SIGNER_INFO *signerInfo = WINTRUST_GetSigner(data, signerIdx);
if (signerInfo)
@@ -464,11 +480,14 @@
sgnr.psSigner = signerInfo;
sgnr.sftVerifyAsOf = data->sftSystemTime;
- ret = data->psPfns->pfnAddSgnr2Chain(data, FALSE, signerIdx, &sgnr);
- }
- else
- ret = FALSE;
- return ret;
+ if (!data->psPfns->pfnAddSgnr2Chain(data, FALSE, signerIdx, &sgnr))
+ err = GetLastError();
+ else
+ err = ERROR_SUCCESS;
+ }
+ else
+ err = GetLastError();
+ return err;
}
static CERT_INFO *WINTRUST_GetSignerCertInfo(CRYPT_PROVIDER_DATA *data,
@@ -499,9 +518,9 @@
return certInfo;
}
-static BOOL WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
-{
- BOOL ret;
+static DWORD WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
+{
+ DWORD err;
CERT_INFO *certInfo = WINTRUST_GetSignerCertInfo(data, signerIdx);
if (certInfo)
@@ -514,30 +533,29 @@
CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA para = { sizeof(para), 0,
signerIdx, CMSG_VERIFY_SIGNER_CERT, (LPVOID)subject };
- ret = CryptMsgControl(data->hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE_EX,
- ¶);
- if (!ret)
- SetLastError(TRUST_E_CERT_SIGNATURE);
+ if (!CryptMsgControl(data->hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE_EX,
+ ¶))
+ err = TRUST_E_CERT_SIGNATURE;
else
+ {
data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0,
subject);
+ err = ERROR_SUCCESS;
+ }
CertFreeCertificateContext(subject);
}
else
- {
- SetLastError(TRUST_E_NO_SIGNER_CERT);
- ret = FALSE;
- }
+ err = TRUST_E_NO_SIGNER_CERT;
data->psPfns->pfnFree(certInfo);
}
else
- ret = FALSE;
- return ret;
+ err = GetLastError();
+ return err;
}
HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data)
{
- BOOL ret;
+ DWORD err;
TRACE("(%p)\n", data);
@@ -549,27 +567,26 @@
DWORD signerCount, size;
size = sizeof(signerCount);
- ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_COUNT_PARAM, 0,
- &signerCount, &size);
- if (ret)
+ if (CryptMsgGetParam(data->hMsg, CMSG_SIGNER_COUNT_PARAM, 0,
+ &signerCount, &size))
{
DWORD i;
- for (i = 0; ret && i < signerCount; i++)
+ err = ERROR_SUCCESS;
+ for (i = 0; !err && i < signerCount; i++)
{
- if ((ret = WINTRUST_SaveSigner(data, i)))
- ret = WINTRUST_VerifySigner(data, i);
+ if (!(err = WINTRUST_SaveSigner(data, i)))
+ err = WINTRUST_VerifySigner(data, i);
}
}
else
- SetLastError(TRUST_E_NOSIGNATURE);
- }
- else
- ret = TRUE;
- if (!ret)
- data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] =
- GetLastError();
- return ret ? S_OK : S_FALSE;
+ err = TRUST_E_NOSIGNATURE;
+ }
+ else
+ err = ERROR_SUCCESS;
+ if (err)
+ data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = err;
+ return !err ? S_OK : S_FALSE;
}
static DWORD WINTRUST_TrustStatusToConfidence(DWORD errorStatus)
@@ -672,24 +689,22 @@
return error;
}
-static BOOL WINTRUST_CopyChain(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
-{
- BOOL ret;
+static DWORD WINTRUST_CopyChain(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
+{
+ DWORD err, i;
PCERT_SIMPLE_CHAIN simpleChain =
data->pasSigners[signerIdx].pChainContext->rgpChain[0];
- DWORD i;
data->pasSigners[signerIdx].pasCertChain[0].dwConfidence =
WINTRUST_TrustStatusToConfidence(
simpleChain->rgpElement[0]->TrustStatus.dwErrorStatus);
data->pasSigners[signerIdx].pasCertChain[0].pChainElement =
simpleChain->rgpElement[0];
- ret = TRUE;
- for (i = 1; ret && i < simpleChain->cElement; i++)
- {
- ret = data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0,
- simpleChain->rgpElement[i]->pCertContext);
- if (ret)
+ err = ERROR_SUCCESS;
+ for (i = 1; !err && i < simpleChain->cElement; i++)
+ {
+ if (data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0,
+ simpleChain->rgpElement[i]->pCertContext))
{
data->pasSigners[signerIdx].pasCertChain[i].pChainElement =
simpleChain->rgpElement[i];
@@ -697,12 +712,14 @@
WINTRUST_TrustStatusToConfidence(
simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus);
}
+ else
+ err = GetLastError();
}
data->pasSigners[signerIdx].pasCertChain[simpleChain->cElement - 1].dwError
= WINTRUST_TrustStatusToError(
simpleChain->rgpElement[simpleChain->cElement - 1]->
TrustStatus.dwErrorStatus);
- return ret;
+ return err;
}
static void WINTRUST_CreateChainPolicyCreateInfo(
@@ -731,11 +748,11 @@
info->pvReserved = NULL;
}
-static BOOL WINTRUST_CreateChainForSigner(CRYPT_PROVIDER_DATA *data,
+static DWORD WINTRUST_CreateChainForSigner(CRYPT_PROVIDER_DATA *data,
DWORD signer, PWTD_GENERIC_CHAIN_POLICY_CREATE_INFO createInfo,
PCERT_CHAIN_PARA chainPara)
{
- BOOL ret = TRUE;
+ DWORD err = ERROR_SUCCESS;
HCERTSTORE store = NULL;
if (data->chStores)
@@ -749,53 +766,64 @@
for (i = 0; i < data->chStores; i++)
CertAddStoreToCollection(store, data->pahStores[i], 0, 0);
}
- }
- /* Expect the end certificate for each signer to be the only cert in the
- * chain:
- */
- if (data->pasSigners[signer].csCertChain)
- {
- /* Create a certificate chain for each signer */
- ret = CertGetCertificateChain(createInfo->hChainEngine,
- data->pasSigners[signer].pasCertChain[0].pCert,
- &data->pasSigners[signer].sftVerifyAsOf, store,
- chainPara, createInfo->dwFlags, createInfo->pvReserved,
- &data->pasSigners[signer].pChainContext);
- if (ret)
- {
- if (data->pasSigners[signer].pChainContext->cChain != 1)
+ else
+ err = GetLastError();
+ }
+ if (!err)
+ {
+ /* Expect the end certificate for each signer to be the only cert in
+ * the chain:
+ */
+ if (data->pasSigners[signer].csCertChain)
+ {
+ BOOL ret;
+
+ /* Create a certificate chain for each signer */
+ ret = CertGetCertificateChain(createInfo->hChainEngine,
+ data->pasSigners[signer].pasCertChain[0].pCert,
+ &data->pasSigners[signer].sftVerifyAsOf, store,
+ chainPara, createInfo->dwFlags, createInfo->pvReserved,
+ &data->pasSigners[signer].pChainContext);
+ if (ret)
{
- FIXME("unimplemented for more than 1 simple chain\n");
- ret = FALSE;
+ if (data->pasSigners[signer].pChainContext->cChain != 1)
+ {
+ FIXME("unimplemented for more than 1 simple chain\n");
+ err = E_NOTIMPL;
+ }
+ else
+ {
+ if (!(err = WINTRUST_CopyChain(data, signer)))
+ {
+ if (data->psPfns->pfnCertCheckPolicy)
+ {
+ ret = data->psPfns->pfnCertCheckPolicy(data, signer,
+ FALSE, 0);
+ if (!ret)
+ err = GetLastError();
+ }
+ else
+ TRACE(
+ "no cert check policy, skipping policy check\n");
+ }
+ }
}
else
- {
- if ((ret = WINTRUST_CopyChain(data, signer)))
- {
- if (data->psPfns->pfnCertCheckPolicy)
- ret = data->psPfns->pfnCertCheckPolicy(data, signer,
- FALSE, 0);
- else
- TRACE("no cert check policy, skipping policy check\n");
- }
- }
- }
- }
- CertCloseStore(store, 0);
- return ret;
+ err = GetLastError();
+ }
+ CertCloseStore(store, 0);
+ }
+ return err;
}
HRESULT WINAPI WintrustCertificateTrust(CRYPT_PROVIDER_DATA *data)
{
- BOOL ret;
+ DWORD err;
TRACE("(%p)\n", data);
if (!data->csSigners)
- {
- ret = FALSE;
- SetLastError(TRUST_E_NOSIGNATURE);
- }
+ err = TRUST_E_NOSIGNATURE;
else
{
DWORD i;
@@ -803,17 +831,16 @@
CERT_CHAIN_PARA chainPara;
WINTRUST_CreateChainPolicyCreateInfo(data, &createInfo, &chainPara);
- ret = TRUE;
- for (i = 0; i < data->csSigners; i++)
- ret = WINTRUST_CreateChainForSigner(data, i, &createInfo,
+ err = ERROR_SUCCESS;
+ for (i = 0; !err && i < data->csSigners; i++)
+ err = WINTRUST_CreateChainForSigner(data, i, &createInfo,
&chainPara);
}
- if (!ret)
- data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] =
- GetLastError();
- TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE,
+ if (err)
+ data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] = err;
+ TRACE("returning %d (%08x)\n", !err ? S_OK : S_FALSE,
data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV]);
- return ret ? S_OK : S_FALSE;
+ return !err ? S_OK : S_FALSE;
}
HRESULT WINAPI GenericChainCertificateTrust(CRYPT_PROVIDER_DATA *data)
@@ -1078,7 +1105,8 @@
CryptMsgClose(data->hMsg);
- if (data->fOpenedFile)
+ if (data->fOpenedFile &&
+ data->pWintrustData->dwUnionChoice == WTD_CHOICE_FILE)
CloseHandle(data->pWintrustData->u.pFile->hFile);
return S_OK;
Modified: trunk/reactos/dll/win32/wintrust/wintrust_main.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/wintrust_main.c?rev=45838&r1=45837&r2=45838&view=diff
==============================================================================
--- trunk/reactos/dll/win32/wintrust/wintrust_main.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/wintrust/wintrust_main.c [iso-8859-1] Thu Mar 4 21:39:41 2010
@@ -77,11 +77,118 @@
*/
BOOL WINAPI TrustIsCertificateSelfSigned( PCCERT_CONTEXT cert )
{
+ PCERT_EXTENSION ext;
+ DWORD size;
BOOL ret;
TRACE("%p\n", cert);
- ret = CertCompareCertificateName(cert->dwCertEncodingType,
- &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer);
+ if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2,
+ cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
+ {
+ CERT_AUTHORITY_KEY_ID2_INFO *info;
+
+ ret = CryptDecodeObjectEx(cert->dwCertEncodingType,
+ X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
+ CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
+ &info, &size);
+ if (ret)
+ {
+ if (info->AuthorityCertIssuer.cAltEntry &&
+ info->AuthorityCertSerialNumber.cbData)
+ {
+ PCERT_ALT_NAME_ENTRY directoryName = NULL;
+ DWORD i;
+
+ for (i = 0; !directoryName &&
+ i < info->AuthorityCertIssuer.cAltEntry; i++)
+ if (info->AuthorityCertIssuer.rgAltEntry[i].dwAltNameChoice
+ == CERT_ALT_NAME_DIRECTORY_NAME)
+ directoryName =
+ &info->AuthorityCertIssuer.rgAltEntry[i];
+ if (directoryName)
+ {
+ ret = CertCompareCertificateName(cert->dwCertEncodingType,
+ &directoryName->u.DirectoryName, &cert->pCertInfo->Issuer)
+ && CertCompareIntegerBlob(&info->AuthorityCertSerialNumber,
+ &cert->pCertInfo->SerialNumber);
+ }
+ else
+ {
+ FIXME("no supported name type in authority key id2\n");
+ ret = FALSE;
+ }
+ }
+ else if (info->KeyId.cbData)
+ {
+ ret = CertGetCertificateContextProperty(cert,
+ CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
+ if (ret && size == info->KeyId.cbData)
+ {
+ LPBYTE buf = CryptMemAlloc(size);
+
+ if (buf)
+ {
+ CertGetCertificateContextProperty(cert,
+ CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
+ ret = !memcmp(buf, info->KeyId.pbData, size);
+ CryptMemFree(buf);
+ }
+ else
+ ret = FALSE;
+ }
+ else
+ ret = FALSE;
+ }
+ LocalFree(info);
+ }
+ }
+ else if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER,
+ cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
+ {
+ CERT_AUTHORITY_KEY_ID_INFO *info;
+
+ ret = CryptDecodeObjectEx(cert->dwCertEncodingType,
+ X509_AUTHORITY_KEY_ID, ext->Value.pbData, ext->Value.cbData,
+ CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
+ &info, &size);
+ if (ret)
+ {
+ if (info->CertIssuer.cbData && info->CertSerialNumber.cbData)
+ {
+ ret = CertCompareCertificateName(cert->dwCertEncodingType,
+ &info->CertIssuer, &cert->pCertInfo->Issuer) &&
+ CertCompareIntegerBlob(&info->CertSerialNumber,
+ &cert->pCertInfo->SerialNumber);
+ }
+ else if (info->KeyId.cbData)
+ {
+ ret = CertGetCertificateContextProperty(cert,
+ CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
+ if (ret && size == info->KeyId.cbData)
+ {
+ LPBYTE buf = CryptMemAlloc(size);
+
+ if (buf)
+ {
+ CertGetCertificateContextProperty(cert,
+ CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
+ ret = !memcmp(buf, info->KeyId.pbData, size);
+ CryptMemFree(buf);
+ }
+ else
+ ret = FALSE;
+ }
+ else
+ ret = FALSE;
+ }
+ else
+ ret = FALSE;
+ LocalFree(info);
+ }
+ }
+ else
+ ret = CertCompareCertificateName(cert->dwCertEncodingType,
+ &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer);
return ret;
}
More information about the Ros-diffs
mailing list