Author: cwittich Date: Sun Jan 3 12:59:38 2010 New Revision: 44909 URL: http://svn.reactos.org/svn/reactos?rev=44909&view=rev Log: [crypt32] sync crypt32 to wine 1.1.35 Modified: trunk/reactos/dll/win32/crypt32/cert.c trunk/reactos/dll/win32/crypt32/chain.c trunk/reactos/dll/win32/crypt32/crl.c trunk/reactos/dll/win32/crypt32/ctl.c trunk/reactos/dll/win32/crypt32/store.c Modified: trunk/reactos/dll/win32/crypt32/cert.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/cert.c?r… ============================================================================== --- trunk/reactos/dll/win32/crypt32/cert.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/cert.c [iso-8859-1] Sun Jan 3 12:59:38 2010 @@ -2854,7 +2854,7 @@ { info.pwszContainerName = CryptMemAlloc(len * sizeof(WCHAR)); - len = MultiByteToWideChar(CP_ACP, 0, szContainer, -1, + MultiByteToWideChar(CP_ACP, 0, szContainer, -1, info.pwszContainerName, len); } } @@ -2878,7 +2878,7 @@ { info.pwszProvName = CryptMemAlloc(len * sizeof(WCHAR)); - len = MultiByteToWideChar(CP_ACP, 0, szProvider, -1, + MultiByteToWideChar(CP_ACP, 0, szProvider, -1, info.pwszProvName, len); } } @@ -2898,7 +2898,7 @@ pInfo = &info; } - ret = CertSetCertificateContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID, + CertSetCertificateContextProperty(context, CERT_KEY_PROV_INFO_PROP_ID, 0, pInfo); if (pInfo == &info) Modified: trunk/reactos/dll/win32/crypt32/chain.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/chain.c?… ============================================================================== --- trunk/reactos/dll/win32/crypt32/chain.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/chain.c [iso-8859-1] Sun Jan 3 12:59:38 2010 @@ -230,10 +230,118 @@ LONG ref; } CertificateChain, *PCertificateChain; -static inline BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) -{ - return CertCompareCertificateName(cert->dwCertEncodingType, - &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer); +static BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) +{ + PCERT_EXTENSION ext; + DWORD size; + BOOL ret; + + if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2, + cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension))) + { + CERT_AUTHORITY_KEY_ID2_INFO *info; + + ret = CryptDecodeObjectEx(cert->dwCertEncodingType, + X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL, + &info, &size); + if (ret) + { + if (info->AuthorityCertIssuer.cAltEntry && + info->AuthorityCertSerialNumber.cbData) + { + PCERT_ALT_NAME_ENTRY directoryName = NULL; + DWORD i; + + for (i = 0; !directoryName && + i < info->AuthorityCertIssuer.cAltEntry; i++) + if (info->AuthorityCertIssuer.rgAltEntry[i].dwAltNameChoice + == CERT_ALT_NAME_DIRECTORY_NAME) + directoryName = + &info->AuthorityCertIssuer.rgAltEntry[i]; + if (directoryName) + { + ret = CertCompareCertificateName(cert->dwCertEncodingType, + &directoryName->u.DirectoryName, &cert->pCertInfo->Issuer) + && CertCompareIntegerBlob(&info->AuthorityCertSerialNumber, + &cert->pCertInfo->SerialNumber); + } + else + { + FIXME("no supported name type in authority key id2\n"); + ret = FALSE; + } + } + else if (info->KeyId.cbData) + { + ret = CertGetCertificateContextProperty(cert, + CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size); + if (ret && size == info->KeyId.cbData) + { + LPBYTE buf = CryptMemAlloc(size); + + if (buf) + { + CertGetCertificateContextProperty(cert, + CERT_KEY_IDENTIFIER_PROP_ID, buf, &size); + ret = !memcmp(buf, info->KeyId.pbData, size); + CryptMemFree(buf); + } + } + else + ret = FALSE; + } + LocalFree(info); + } + } + else if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER, + cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension))) + { + CERT_AUTHORITY_KEY_ID_INFO *info; + + ret = CryptDecodeObjectEx(cert->dwCertEncodingType, + X509_AUTHORITY_KEY_ID, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL, + &info, &size); + if (ret) + { + if (info->CertIssuer.cbData && info->CertSerialNumber.cbData) + { + ret = CertCompareCertificateName(cert->dwCertEncodingType, + &info->CertIssuer, &cert->pCertInfo->Issuer) && + CertCompareIntegerBlob(&info->CertSerialNumber, + &cert->pCertInfo->SerialNumber); + } + else if (info->KeyId.cbData) + { + ret = CertGetCertificateContextProperty(cert, + CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size); + if (ret && size == info->KeyId.cbData) + { + LPBYTE buf = CryptMemAlloc(size); + + if (buf) + { + CertGetCertificateContextProperty(cert, + CERT_KEY_IDENTIFIER_PROP_ID, buf, &size); + ret = !memcmp(buf, info->KeyId.pbData, size); + CryptMemFree(buf); + } + else + ret = FALSE; + } + else + ret = FALSE; + } + else + ret = FALSE; + LocalFree(info); + } + } + else + ret = CertCompareCertificateName(cert->dwCertEncodingType, + &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer); + return ret; } static void CRYPT_FreeChainElement(PCERT_CHAIN_ELEMENT element) @@ -619,7 +727,7 @@ *trustErrorStatus |= CERT_TRUST_INVALID_NAME_CONSTRAINTS; else if (!name) ; /* no match */ - else if ((at = strchrW(constraint, '@'))) + else if (strchrW(constraint, '@')) match = !lstrcmpiW(constraint, name); else { @@ -2541,10 +2649,11 @@ * key usage extension be present and that a particular purpose * be indicated in order for the certificate to be acceptable to * that application." - * For now I'm being more conservative and disallowing it. + * Not all web sites include the extended key usage extension, so + * accept chains without it. */ - WARN_(chain)("requested usage from a certificate with no usages\n"); - validForUsage = FALSE; + TRACE_(chain)("requested usage from certificate with no usages\n"); + validForUsage = TRUE; } if (!validForUsage) { @@ -2641,6 +2750,8 @@ if (!pChain->TrustStatus.dwErrorStatus) CRYPT_VerifyChainRevocation(pChain, pTime, pChainPara, dwFlags); CRYPT_CheckUsages(pChain, pChainPara); + TRACE_(chain)("error status: %08x\n", + pChain->TrustStatus.dwErrorStatus); if (ppChainContext) *ppChainContext = pChain; else Modified: trunk/reactos/dll/win32/crypt32/crl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/crl.c?re… ============================================================================== --- trunk/reactos/dll/win32/crypt32/crl.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/crl.c [iso-8859-1] Sun Jan 3 12:59:38 2010 @@ -167,14 +167,21 @@ } else if (info->KeyId.cbData) { - if ((ext = CertFindExtension( - szOID_SUBJECT_KEY_IDENTIFIER, - issuer->pCertInfo->cExtension, - issuer->pCertInfo->rgExtension))) + DWORD size; + + ret = CertGetCertificateContextProperty(issuer, + CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size); + if (ret && size == info->KeyId.cbData) { - if (info->KeyId.cbData == ext->Value.cbData) - ret = !memcmp(info->KeyId.pbData, - ext->Value.pbData, info->KeyId.cbData); + LPBYTE buf = CryptMemAlloc(size); + + if (buf) + { + CertGetCertificateContextProperty(issuer, + CERT_KEY_IDENTIFIER_PROP_ID, buf, &size); + ret = !memcmp(buf, info->KeyId.pbData, size); + CryptMemFree(buf); + } else ret = FALSE; } Modified: trunk/reactos/dll/win32/crypt32/ctl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/ctl.c?re… ============================================================================== --- trunk/reactos/dll/win32/crypt32/ctl.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/ctl.c [iso-8859-1] Sun Jan 3 12:59:38 2010 @@ -113,7 +113,13 @@ break; case CERT_STORE_ADD_USE_EXISTING: if (existing) + { CtlContext_CopyProperties(existing, pCtlContext); + if (ppStoreContext) + *ppStoreContext = CertDuplicateCTLContext(existing); + } + else + toAdd = CertDuplicateCTLContext(pCtlContext); break; default: FIXME("Unimplemented add disposition %d\n", dwAddDisposition); Modified: trunk/reactos/dll/win32/crypt32/store.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/store.c?… ============================================================================== --- trunk/reactos/dll/win32/crypt32/store.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/store.c [iso-8859-1] Sun Jan 3 12:59:38 2010 @@ -899,7 +899,8 @@ if (existing) { CertContext_CopyProperties(existing, pCertContext); - *ppStoreContext = CertDuplicateCertificateContext(existing); + if (ppStoreContext) + *ppStoreContext = CertDuplicateCertificateContext(existing); } else toAdd = CertDuplicateCertificateContext(pCertContext); @@ -1090,7 +1091,13 @@ break; case CERT_STORE_ADD_USE_EXISTING: if (existing) + { CrlContext_CopyProperties(existing, pCrlContext); + if (ppStoreContext) + *ppStoreContext = CertDuplicateCRLContext(existing); + } + else + toAdd = CertDuplicateCRLContext(pCrlContext); break; default: FIXME("Unimplemented add disposition %d\n", dwAddDisposition);