[cwittich] 45838: [WINTRUST] sync wintrust to wine 1.1.39 - Ros-diffs

4 Mar 2010

Author: cwittich
Date: Thu Mar  4 21:39:41 2010
New Revision: 45838
URL: http://svn.reactos.org/svn/reactos?rev=45838&view=rev
Log:
[WINTRUST]
sync wintrust to wine 1.1.39
Modified:
    trunk/reactos/dll/win32/wintrust/asn.c
    trunk/reactos/dll/win32/wintrust/crypt.c
    trunk/reactos/dll/win32/wintrust/softpub.c
    trunk/reactos/dll/win32/wintrust/wintrust_main.c
Modified: trunk/reactos/dll/win32/wintrust/asn.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/asn.c?re...
==============================================================================

--- trunk/reactos/dll/win32/wintrust/asn.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/wintrust/asn.c [iso-8859-1] Thu Mar  4 21:39:41 2010
@@ -1469,6 +1469,11 @@
  */
 #define ALIGN_DWORD_PTR(x) (((x) + sizeof(DWORD_PTR) - 1) & ~(sizeof(DWORD_PTR) - 1))
+#define FINALMEMBERSIZE(s, member) (sizeof(s) - offsetof(s, member))
+#define MEMBERSIZE(s, member, nextmember) \
+    (offsetof(s, nextmember) - offsetof(s, member))
+
+
 /* Decodes the items in a sequence, where the items are described in items,
  * the encoded data are in pbEncoded with length cbEncoded.  Decodes into
  * pvStructInfo.  nextData is a pointer to the memory location at which the
@@ -1520,8 +1525,13 @@
                          : NULL, &items[i].size);
                         if (ret)
                         {
-                            /* Account for alignment padding */
-                            items[i].size = ALIGN_DWORD_PTR(items[i].size);
+                            if (items[i].size < items[i].minSize)
+                                items[i].size = items[i].minSize;
+                            else if (items[i].size > items[i].minSize)
+                            {
+                                /* Account for alignment padding */
+                                items[i].size = ALIGN_DWORD_PTR(items[i].size);
+                            }
                             TRACE("item %d size: %d\n", i, items[i].size);
                             if (nextData && items[i].hasPointer &&
                              items[i].size > items[i].minSize)
@@ -2179,62 +2189,24 @@
     return ret;
 }
-static BOOL CRYPT_AsnDecodeInteger(const BYTE *pbEncoded,
- DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo)
-{
-    BOOL ret;
-    DWORD bytesNeeded, dataLen;
-
-    if ((ret = CRYPT_GetLen(pbEncoded, cbEncoded, &dataLen)))
-    {
-        BYTE lenBytes = GET_LEN_BYTES(pbEncoded[1]);
-
-        bytesNeeded = dataLen + sizeof(CRYPT_INTEGER_BLOB);
-        if (!pvStructInfo)
-            *pcbStructInfo = bytesNeeded;
-        else if (*pcbStructInfo < bytesNeeded)
-        {
-            *pcbStructInfo = bytesNeeded;
-            SetLastError(ERROR_MORE_DATA);
-            ret = FALSE;
-        }
-        else
-        {
-            CRYPT_INTEGER_BLOB *blob = pvStructInfo;
-
-            *pcbStructInfo = bytesNeeded;
-            blob->cbData = dataLen;
-            assert(blob->pbData);
-            if (blob->cbData)
-            {
-                DWORD i;
-
-                for (i = 0; i < blob->cbData; i++)
-                {
-                    blob->pbData[i] = *(pbEncoded + 1 + lenBytes +
-                     dataLen - i - 1);
-                }
-            }
-        }
-    }
-    return ret;
-}
-
 /* Ignores tag.  Only allows integers 4 bytes or smaller in size. */
 static BOOL WINAPI CRYPT_AsnDecodeInt(DWORD dwCertEncodingType,
  LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags,
  void *pvStructInfo, DWORD *pcbStructInfo)
 {
     BOOL ret;
-    BYTE buf[sizeof(CRYPT_INTEGER_BLOB) + sizeof(int)];
-    CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)buf;
-    DWORD size = sizeof(buf);
-
-    blob->pbData = buf + sizeof(CRYPT_INTEGER_BLOB);
-    ret = CRYPT_AsnDecodeInteger(pbEncoded, cbEncoded, 0, buf, &size);
-    if (ret)
-    {
-        if (!pvStructInfo)
+    DWORD dataLen;
+
+    if ((ret = CRYPT_GetLen(pbEncoded, cbEncoded, &dataLen)))
+    {
+        BYTE lenBytes = GET_LEN_BYTES(pbEncoded[1]);
+
+        if (dataLen > sizeof(int))
+        {
+            SetLastError(CRYPT_E_ASN1_LARGE);
+            ret = FALSE;
+        }
+        else if (!pvStructInfo)
             *pcbStructInfo = sizeof(int);
         else if (*pcbStructInfo < sizeof(int))
         {
@@ -2248,23 +2220,21 @@
             DWORD i;
*pcbStructInfo = sizeof(int);
-            if (blob->pbData[blob->cbData - 1] & 0x80)
+            if (dataLen && pbEncoded[1 + lenBytes] & 0x80)
             {
                 /* initialize to a negative value to sign-extend */
                 val = -1;
             }
             else
                 val = 0;
-            for (i = 0; i < blob->cbData; i++)
+            for (i = 0; i < dataLen; i++)
             {
                 val <<= 8;
-                val |= blob->pbData[blob->cbData - i - 1];
+                val |= pbEncoded[1 + lenBytes + i];
             }
             memcpy(pvStructInfo, &val, sizeof(int));
         }
     }
-    else if (GetLastError() == ERROR_MORE_DATA)
-        SetLastError(CRYPT_E_ASN1_LARGE);
     return ret;
 }
@@ -2284,7 +2254,7 @@
            CRYPT_AsnDecodeBMPString, sizeof(LPWSTR), FALSE, TRUE,
            offsetof(CAT_MEMBERINFO, pwszSubjGuid), 0 },
          { ASN_INTEGER, offsetof(CAT_MEMBERINFO, dwCertVersion),
-           CRYPT_AsnDecodeInt, sizeof(DWORD),
+           CRYPT_AsnDecodeInt, FINALMEMBERSIZE(CAT_MEMBERINFO, dwCertVersion),
            FALSE, FALSE, 0, 0 },
         };
@@ -2317,7 +2287,8 @@
            CRYPT_AsnDecodeBMPString, sizeof(LPWSTR), FALSE, TRUE,
            offsetof(CAT_NAMEVALUE, pwszTag), 0 },
          { ASN_INTEGER, offsetof(CAT_NAMEVALUE, fdwFlags),
-           CRYPT_AsnDecodeInt, sizeof(DWORD), FALSE, FALSE, 0, 0 },
+           CRYPT_AsnDecodeInt, MEMBERSIZE(CAT_NAMEVALUE, fdwFlags, Value),
+           FALSE, FALSE, 0, 0 },
          { ASN_OCTETSTRING, offsetof(CAT_NAMEVALUE, Value),
            CRYPT_AsnDecodeOctets, sizeof(CRYPT_DER_BLOB), FALSE, TRUE,
            offsetof(CAT_NAMEVALUE, Value.pbData), 0 },
@@ -2391,9 +2362,11 @@
     {
         struct AsnDecodeSequenceItem items[] = {
          { ASN_BOOL, offsetof(SPC_FINANCIAL_CRITERIA, fFinancialInfoAvailable),
-           CRYPT_AsnDecodeBool, sizeof(BOOL), FALSE, FALSE, 0, 0 },
+           CRYPT_AsnDecodeBool, MEMBERSIZE(SPC_FINANCIAL_CRITERIA,
+           fFinancialInfoAvailable, fMeetsCriteria), FALSE, FALSE, 0, 0 },
          { ASN_BOOL, offsetof(SPC_FINANCIAL_CRITERIA, fMeetsCriteria),
-           CRYPT_AsnDecodeBool, sizeof(BOOL), FALSE, FALSE, 0, 0 },
+           CRYPT_AsnDecodeBool, FINALMEMBERSIZE(SPC_FINANCIAL_CRITERIA,
+           fMeetsCriteria), FALSE, FALSE, 0, 0 },
         };
ret = CRYPT_AsnDecodeSequence(dwCertEncodingType, items,
Modified: trunk/reactos/dll/win32/wintrust/crypt.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/crypt.c?...
==============================================================================
--- trunk/reactos/dll/win32/wintrust/crypt.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/wintrust/crypt.c [iso-8859-1] Thu Mar  4 21:39:41 2010
@@ -1028,7 +1028,18 @@
         /* app hasn't passed buffer, just get the length */
         ret = ImageGetCertificateHeader(pSubjectInfo->hFile, dwIndex, &cert);
         if (ret)
-            *pcbSignedDataMsg = cert.dwLength;
+        {
+            switch (cert.wCertificateType)
+            {
+            case WIN_CERT_TYPE_X509:
+            case WIN_CERT_TYPE_PKCS_SIGNED_DATA:
+                *pcbSignedDataMsg = cert.dwLength;
+                break;
+            default:
+                WARN("unknown certificate type %d\n", cert.wCertificateType);
+                ret = FALSE;
+            }
+        }
     }
     else
     {
@@ -1065,9 +1076,10 @@
                 *pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING;
                 break;
             default:
-                FIXME("don't know what to do for encoding type %d\n",
+                WARN("don't know what to do for encoding type %d\n",
                  pCert->wCertificateType);
                 *pdwEncodingType = 0;
+                ret = FALSE;
             }
         }
     }
Modified: trunk/reactos/dll/win32/wintrust/softpub.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/softpub....
==============================================================================
--- trunk/reactos/dll/win32/wintrust/softpub.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/wintrust/softpub.c [iso-8859-1] Thu Mar  4 21:39:41 2010
@@ -75,9 +75,9 @@
 /* Assumes data->pWintrustData->u.pFile exists.  Makes sure a file handle is
  * open for the file.
  */
-static BOOL SOFTPUB_OpenFile(CRYPT_PROVIDER_DATA *data)
-{
-    BOOL ret = TRUE;
+static DWORD SOFTPUB_OpenFile(CRYPT_PROVIDER_DATA *data)
+{
+    DWORD err = ERROR_SUCCESS;
/* PSDK implies that all values should be initialized to NULL, so callers
      * typically have hFile as NULL rather than INVALID_HANDLE_VALUE.  Check
@@ -92,65 +92,64 @@
         if (data->pWintrustData->u.pFile->hFile != INVALID_HANDLE_VALUE)
             data->fOpenedFile = TRUE;
         else
-            ret = FALSE;
-    }
-    if (ret)
+            err = GetLastError();
+    }
+    if (!err)
         GetFileTime(data->pWintrustData->u.pFile->hFile, &data->sftSystemTime,
          NULL, NULL);
-    TRACE("returning %d\n", ret);
-    return ret;
+    TRACE("returning %d\n", err);
+    return err;
 }
/* Assumes data->pWintrustData->u.pFile exists.  Sets data->pPDSip->gSubject to
  * the file's subject GUID.
  */
-static BOOL SOFTPUB_GetFileSubject(CRYPT_PROVIDER_DATA *data)
-{
-    BOOL ret;
+static DWORD SOFTPUB_GetFileSubject(CRYPT_PROVIDER_DATA *data)
+{
+    DWORD err = ERROR_SUCCESS;
if (!WVT_ISINSTRUCT(WINTRUST_FILE_INFO,
      data->pWintrustData->u.pFile->cbStruct, pgKnownSubject) ||
      !data->pWintrustData->u.pFile->pgKnownSubject)
     {
-        ret = CryptSIPRetrieveSubjectGuid(
+        if (!CryptSIPRetrieveSubjectGuid(
          data->pWintrustData->u.pFile->pcwszFilePath,
          data->pWintrustData->u.pFile->hFile,
-         &data->u.pPDSip->gSubject);
-    }
-    else
-    {
+         &data->u.pPDSip->gSubject))
+            err = GetLastError();
+    }
+    else
         data->u.pPDSip->gSubject = *data->pWintrustData->u.pFile->pgKnownSubject;
-        ret = TRUE;
-    }
-    TRACE("returning %d\n", ret);
-    return ret;
+    TRACE("returning %d\n", err);
+    return err;
 }
/* Assumes data->u.pPDSip exists, and its gSubject member set.
  * Allocates data->u.pPDSip->pSip and loads it, if possible.
  */
-static BOOL SOFTPUB_GetSIP(CRYPT_PROVIDER_DATA *data)
-{
-    BOOL ret;
+static DWORD SOFTPUB_GetSIP(CRYPT_PROVIDER_DATA *data)
+{
+    DWORD err = ERROR_SUCCESS;
data->u.pPDSip->pSip = data->psPfns->pfnAlloc(sizeof(SIP_DISPATCH_INFO));
     if (data->u.pPDSip->pSip)
-        ret = CryptSIPLoad(&data->u.pPDSip->gSubject, 0, data->u.pPDSip->pSip);
-    else
-    {
-        SetLastError(ERROR_OUTOFMEMORY);
-        ret = FALSE;
-    }
-    TRACE("returning %d\n", ret);
-    return ret;
+    {
+        if (!CryptSIPLoad(&data->u.pPDSip->gSubject, 0, data->u.pPDSip->pSip))
+            err = GetLastError();
+    }
+    else
+        err = ERROR_OUTOFMEMORY;
+    TRACE("returning %d\n", err);
+    return err;
 }
/* Assumes data->u.pPDSip has been loaded, and data->u.pPDSip->pSip allocated.
  * Calls data->u.pPDSip->pSip->pfGet to construct data->hMsg.
  */
-static BOOL SOFTPUB_GetMessageFromFile(CRYPT_PROVIDER_DATA *data, HANDLE file,
+static DWORD SOFTPUB_GetMessageFromFile(CRYPT_PROVIDER_DATA *data, HANDLE file,
  LPCWSTR filePath)
 {
+    DWORD err = ERROR_SUCCESS;
     BOOL ret;
     LPBYTE buf = NULL;
     DWORD size = 0;
@@ -158,10 +157,7 @@
     data->u.pPDSip->psSipSubjectInfo =
      data->psPfns->pfnAlloc(sizeof(SIP_SUBJECTINFO));
     if (!data->u.pPDSip->psSipSubjectInfo)
-    {
-        SetLastError(ERROR_OUTOFMEMORY);
-        return FALSE;
-    }
+        return ERROR_OUTOFMEMORY;
data->u.pPDSip->psSipSubjectInfo->cbSize = sizeof(SIP_SUBJECTINFO);
     data->u.pPDSip->psSipSubjectInfo->pgSubjectType = &data->u.pPDSip->gSubject;
@@ -171,17 +167,11 @@
     ret = data->u.pPDSip->pSip->pfGet(data->u.pPDSip->psSipSubjectInfo,
      &data->dwEncoding, 0, &size, 0);
     if (!ret)
-    {
-        SetLastError(TRUST_E_NOSIGNATURE);
-        return FALSE;
-    }
+        return TRUST_E_NOSIGNATURE;
buf = data->psPfns->pfnAlloc(size);
     if (!buf)
-    {
-        SetLastError(ERROR_OUTOFMEMORY);
-        return FALSE;
-    }
+        return ERROR_OUTOFMEMORY;
ret = data->u.pPDSip->pSip->pfGet(data->u.pPDSip->psSipSubjectInfo,
      &data->dwEncoding, 0, &size, buf);
@@ -190,88 +180,111 @@
         data->hMsg = CryptMsgOpenToDecode(data->dwEncoding, 0, 0, data->hProv,
          NULL, NULL);
         if (data->hMsg)
+        {
             ret = CryptMsgUpdate(data->hMsg, buf, size, TRUE);
-    }
+            if (!ret)
+                err = GetLastError();
+        }
+    }
+    else
+        err = GetLastError();
data->psPfns->pfnFree(buf);
-    TRACE("returning %d\n", ret);
-    return ret;
-}
-
-static BOOL SOFTPUB_CreateStoreFromMessage(CRYPT_PROVIDER_DATA *data)
-{
-    BOOL ret = FALSE;
+    TRACE("returning %d\n", err);
+    return err;
+}
+
+static DWORD SOFTPUB_CreateStoreFromMessage(CRYPT_PROVIDER_DATA *data)
+{
+    DWORD err = ERROR_SUCCESS;
     HCERTSTORE store;
store = CertOpenStore(CERT_STORE_PROV_MSG, data->dwEncoding,
      data->hProv, CERT_STORE_NO_CRYPT_RELEASE_FLAG, data->hMsg);
     if (store)
     {
-        ret = data->psPfns->pfnAddStore2Chain(data, store);
+        if (!data->psPfns->pfnAddStore2Chain(data, store))
+            err = GetLastError();
         CertCloseStore(store, 0);
     }
-    TRACE("returning %d\n", ret);
-    return ret;
+    else
+        err = GetLastError();
+    TRACE("returning %d\n", err);
+    return err;
 }
static DWORD SOFTPUB_DecodeInnerContent(CRYPT_PROVIDER_DATA *data)
 {
     BOOL ret;
-    DWORD size;
+    DWORD size, err = ERROR_SUCCESS;
     LPSTR oid = NULL;
     LPBYTE buf = NULL;
ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, NULL,
      &size);
     if (!ret)
-        goto error;
+    {
+        err = GetLastError();
+        goto error;
+    }
     oid = data->psPfns->pfnAlloc(size);
     if (!oid)
     {
-        SetLastError(ERROR_OUTOFMEMORY);
-        ret = FALSE;
+        err = ERROR_OUTOFMEMORY;
         goto error;
     }
     ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, oid,
      &size);
     if (!ret)
-        goto error;
+    {
+        err = GetLastError();
+        goto error;
+    }
     ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, NULL, &size);
     if (!ret)
-        goto error;
+    {
+        err = GetLastError();
+        goto error;
+    }
     buf = data->psPfns->pfnAlloc(size);
     if (!buf)
     {
-        SetLastError(ERROR_OUTOFMEMORY);
-        ret = FALSE;
+        err = ERROR_OUTOFMEMORY;
         goto error;
     }
     ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, buf, &size);
     if (!ret)
-        goto error;
+    {
+        err = GetLastError();
+        goto error;
+    }
     ret = CryptDecodeObject(data->dwEncoding, oid, buf, size, 0, NULL, &size);
     if (!ret)
-        goto error;
+    {
+        err = GetLastError();
+        goto error;
+    }
     data->u.pPDSip->psIndirectData = data->psPfns->pfnAlloc(size);
     if (!data->u.pPDSip->psIndirectData)
     {
-        SetLastError(ERROR_OUTOFMEMORY);
-        ret = FALSE;
+        err = ERROR_OUTOFMEMORY;
         goto error;
     }
     ret = CryptDecodeObject(data->dwEncoding, oid, buf, size, 0,
      data->u.pPDSip->psIndirectData, &size);
+    if (!ret)
+        err = GetLastError();
error:
-    TRACE("returning %d\n", ret);
+    TRACE("returning %d\n", err);
     data->psPfns->pfnFree(oid);
     data->psPfns->pfnFree(buf);
-    return ret;
-}
-
-static BOOL SOFTPUB_LoadCertMessage(CRYPT_PROVIDER_DATA *data)
-{
-    BOOL ret;
+    return err;
+}
+
+static DWORD SOFTPUB_LoadCertMessage(CRYPT_PROVIDER_DATA *data)
+{
+    DWORD err = ERROR_SUCCESS;
if (data->pWintrustData->u.pCert &&
      WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(WINTRUST_CERT_INFO,
@@ -281,6 +294,7 @@
         {
             CRYPT_PROVIDER_SGNR signer = { sizeof(signer), { 0 } };
             DWORD i;
+            BOOL ret;
/* Add a signer with nothing but the time to verify, so we can
              * add a cert to it
@@ -308,55 +322,57 @@
                             ret = data->psPfns->pfnAddStore2Chain(data,
                              data->pWintrustData->u.pCert->pahStores[i]);
             }
-        }
-        else
-        {
-            /* Do nothing!?  See the tests */
-            ret = TRUE;
-        }
-    }
-    else
-    {
-        SetLastError(ERROR_INVALID_PARAMETER);
-        ret = FALSE;
-    }
-    return ret;
-}
-
-static BOOL SOFTPUB_LoadFileMessage(CRYPT_PROVIDER_DATA *data)
-{
-    BOOL ret;
+            if (!ret)
+                err = GetLastError();
+        }
+    }
+    else
+        err = ERROR_INVALID_PARAMETER;
+    return err;
+}
+
+static DWORD SOFTPUB_LoadFileMessage(CRYPT_PROVIDER_DATA *data)
+{
+    DWORD err = ERROR_SUCCESS;
if (!data->pWintrustData->u.pFile)
     {
-        SetLastError(ERROR_INVALID_PARAMETER);
-        ret = FALSE;
-        goto error;
-    }
-    ret = SOFTPUB_OpenFile(data);
-    if (!ret)
-        goto error;
-    ret = SOFTPUB_GetFileSubject(data);
-    if (!ret)
-        goto error;
-    ret = SOFTPUB_GetSIP(data);
-    if (!ret)
-        goto error;
-    ret = SOFTPUB_GetMessageFromFile(data, data->pWintrustData->u.pFile->hFile,
+        err = ERROR_INVALID_PARAMETER;
+        goto error;
+    }
+    err = SOFTPUB_OpenFile(data);
+    if (err)
+        goto error;
+    err = SOFTPUB_GetFileSubject(data);
+    if (err)
+        goto error;
+    err = SOFTPUB_GetSIP(data);
+    if (err)
+        goto error;
+    err = SOFTPUB_GetMessageFromFile(data, data->pWintrustData->u.pFile->hFile,
      data->pWintrustData->u.pFile->pcwszFilePath);
-    if (!ret)
-        goto error;
-    ret = SOFTPUB_CreateStoreFromMessage(data);
-    if (!ret)
-        goto error;
-    ret = SOFTPUB_DecodeInnerContent(data);
+    if (err)
+        goto error;
+    err = SOFTPUB_CreateStoreFromMessage(data);
+    if (err)
+        goto error;
+    err = SOFTPUB_DecodeInnerContent(data);
+
 error:
-    return ret;
-}
-
-static BOOL SOFTPUB_LoadCatalogMessage(CRYPT_PROVIDER_DATA *data)
-{
-    BOOL ret;
+    if (err && data->fOpenedFile && data->pWintrustData->u.pFile)
+    {
+        /* The caller won't expect the file to be open on failure, so close it.
+         */
+        CloseHandle(data->pWintrustData->u.pFile->hFile);
+        data->pWintrustData->u.pFile->hFile = INVALID_HANDLE_VALUE;
+        data->fOpenedFile = FALSE;
+    }
+    return err;
+}
+
+static DWORD SOFTPUB_LoadCatalogMessage(CRYPT_PROVIDER_DATA *data)
+{
+    DWORD err;
     HANDLE catalog = INVALID_HANDLE_VALUE;
if (!data->pWintrustData->u.pCatalog)
@@ -368,32 +384,34 @@
      GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,
      NULL);
     if (catalog == INVALID_HANDLE_VALUE)
-        return FALSE;
-    ret = CryptSIPRetrieveSubjectGuid(
+        return GetLastError();
+    if (!CryptSIPRetrieveSubjectGuid(
      data->pWintrustData->u.pCatalog->pcwszCatalogFilePath, catalog,
-     &data->u.pPDSip->gSubject);
-    if (!ret)
-        goto error;
-    ret = SOFTPUB_GetSIP(data);
-    if (!ret)
-        goto error;
-    ret = SOFTPUB_GetMessageFromFile(data, catalog,
+     &data->u.pPDSip->gSubject))
+    {
+        err = GetLastError();
+        goto error;
+    }
+    err = SOFTPUB_GetSIP(data);
+    if (err)
+        goto error;
+    err = SOFTPUB_GetMessageFromFile(data, catalog,
      data->pWintrustData->u.pCatalog->pcwszCatalogFilePath);
-    if (!ret)
-        goto error;
-    ret = SOFTPUB_CreateStoreFromMessage(data);
-    if (!ret)
-        goto error;
-    ret = SOFTPUB_DecodeInnerContent(data);
+    if (err)
+        goto error;
+    err = SOFTPUB_CreateStoreFromMessage(data);
+    if (err)
+        goto error;
+    err = SOFTPUB_DecodeInnerContent(data);
     /* FIXME: this loads the catalog file, but doesn't validate the member. */
 error:
     CloseHandle(catalog);
-    return ret;
+    return err;
 }
HRESULT WINAPI SoftpubLoadMessage(CRYPT_PROVIDER_DATA *data)
 {
-    BOOL ret;
+    DWORD err = ERROR_SUCCESS;
TRACE("(%p)\n", data);
@@ -403,26 +421,24 @@
     switch (data->pWintrustData->dwUnionChoice)
     {
     case WTD_CHOICE_CERT:
-        ret = SOFTPUB_LoadCertMessage(data);
+        err = SOFTPUB_LoadCertMessage(data);
         break;
     case WTD_CHOICE_FILE:
-        ret = SOFTPUB_LoadFileMessage(data);
+        err = SOFTPUB_LoadFileMessage(data);
         break;
     case WTD_CHOICE_CATALOG:
-        ret = SOFTPUB_LoadCatalogMessage(data);
+        err = SOFTPUB_LoadCatalogMessage(data);
         break;
     default:
         FIXME("unimplemented for %d\n", data->pWintrustData->dwUnionChoice);
-        SetLastError(ERROR_INVALID_PARAMETER);
-        ret = FALSE;
-    }
-
-    if (!ret)
-        data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] =
-         GetLastError();
-    TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE,
+        err = ERROR_INVALID_PARAMETER;
+    }
+
+    if (err)
+        data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = err;
+    TRACE("returning %d (%08x)\n", !err ? S_OK : S_FALSE,
      data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV]);
-    return ret ? S_OK : S_FALSE;
+    return !err ? S_OK : S_FALSE;
 }
static CMSG_SIGNER_INFO *WINTRUST_GetSigner(CRYPT_PROVIDER_DATA *data,
@@ -453,9 +469,9 @@
     return signerInfo;
 }
-static BOOL WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
-{
-    BOOL ret;
+static DWORD WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
+{
+    DWORD err;
     CMSG_SIGNER_INFO *signerInfo = WINTRUST_GetSigner(data, signerIdx);
if (signerInfo)
@@ -464,11 +480,14 @@
sgnr.psSigner = signerInfo;
         sgnr.sftVerifyAsOf = data->sftSystemTime;
-        ret = data->psPfns->pfnAddSgnr2Chain(data, FALSE, signerIdx, &sgnr);
-    }
-    else
-        ret = FALSE;
-    return ret;
+        if (!data->psPfns->pfnAddSgnr2Chain(data, FALSE, signerIdx, &sgnr))
+            err = GetLastError();
+        else
+            err = ERROR_SUCCESS;
+    }
+    else
+        err = GetLastError();
+    return err;
 }
static CERT_INFO *WINTRUST_GetSignerCertInfo(CRYPT_PROVIDER_DATA *data,
@@ -499,9 +518,9 @@
     return certInfo;
 }
-static BOOL WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
-{
-    BOOL ret;
+static DWORD WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
+{
+    DWORD err;
     CERT_INFO *certInfo = WINTRUST_GetSignerCertInfo(data, signerIdx);
if (certInfo)
@@ -514,30 +533,29 @@
             CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA para = { sizeof(para), 0,
              signerIdx, CMSG_VERIFY_SIGNER_CERT, (LPVOID)subject };
-            ret = CryptMsgControl(data->hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE_EX,
-             &para);
-            if (!ret)
-                SetLastError(TRUST_E_CERT_SIGNATURE);
+            if (!CryptMsgControl(data->hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE_EX,
+             &para))
+                err = TRUST_E_CERT_SIGNATURE;
             else
+            {
                 data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0,
                  subject);
+                err = ERROR_SUCCESS;
+            }
             CertFreeCertificateContext(subject);
         }
         else
-        {
-            SetLastError(TRUST_E_NO_SIGNER_CERT);
-            ret = FALSE;
-        }
+            err = TRUST_E_NO_SIGNER_CERT;
         data->psPfns->pfnFree(certInfo);
     }
     else
-        ret = FALSE;
-    return ret;
+        err = GetLastError();
+    return err;
 }
HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data)
 {
-    BOOL ret;
+    DWORD err;
TRACE("(%p)\n", data);
@@ -549,27 +567,26 @@
         DWORD signerCount, size;
size = sizeof(signerCount);
-        ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_COUNT_PARAM, 0,
-         &signerCount, &size);
-        if (ret)
+        if (CryptMsgGetParam(data->hMsg, CMSG_SIGNER_COUNT_PARAM, 0,
+         &signerCount, &size))
         {
             DWORD i;
-            for (i = 0; ret && i < signerCount; i++)
+            err = ERROR_SUCCESS;
+            for (i = 0; !err && i < signerCount; i++)
             {
-                if ((ret = WINTRUST_SaveSigner(data, i)))
-                    ret = WINTRUST_VerifySigner(data, i);
+                if (!(err = WINTRUST_SaveSigner(data, i)))
+                    err = WINTRUST_VerifySigner(data, i);
             }
         }
         else
-            SetLastError(TRUST_E_NOSIGNATURE);
-    }
-    else
-        ret = TRUE;
-    if (!ret)
-        data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] =
-         GetLastError();
-    return ret ? S_OK : S_FALSE;
+            err = TRUST_E_NOSIGNATURE;
+    }
+    else
+        err = ERROR_SUCCESS;
+    if (err)
+        data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = err;
+    return !err ? S_OK : S_FALSE;
 }
static DWORD WINTRUST_TrustStatusToConfidence(DWORD errorStatus)
@@ -672,24 +689,22 @@
     return error;
 }
-static BOOL WINTRUST_CopyChain(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
-{
-    BOOL ret;
+static DWORD WINTRUST_CopyChain(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
+{
+    DWORD err, i;
     PCERT_SIMPLE_CHAIN simpleChain =
      data->pasSigners[signerIdx].pChainContext->rgpChain[0];
-    DWORD i;
data->pasSigners[signerIdx].pasCertChain[0].dwConfidence =
      WINTRUST_TrustStatusToConfidence(
      simpleChain->rgpElement[0]->TrustStatus.dwErrorStatus);
     data->pasSigners[signerIdx].pasCertChain[0].pChainElement =
      simpleChain->rgpElement[0];
-    ret = TRUE;
-    for (i = 1; ret && i < simpleChain->cElement; i++)
-    {
-        ret = data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0,
-         simpleChain->rgpElement[i]->pCertContext);
-        if (ret)
+    err = ERROR_SUCCESS;
+    for (i = 1; !err && i < simpleChain->cElement; i++)
+    {
+        if (data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0,
+         simpleChain->rgpElement[i]->pCertContext))
         {
             data->pasSigners[signerIdx].pasCertChain[i].pChainElement =
              simpleChain->rgpElement[i];
@@ -697,12 +712,14 @@
              WINTRUST_TrustStatusToConfidence(
              simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus);
         }
+        else
+            err = GetLastError();
     }
     data->pasSigners[signerIdx].pasCertChain[simpleChain->cElement - 1].dwError
      = WINTRUST_TrustStatusToError(
      simpleChain->rgpElement[simpleChain->cElement - 1]->
      TrustStatus.dwErrorStatus);
-    return ret;
+    return err;
 }
static void WINTRUST_CreateChainPolicyCreateInfo(
@@ -731,11 +748,11 @@
     info->pvReserved = NULL;
 }
-static BOOL WINTRUST_CreateChainForSigner(CRYPT_PROVIDER_DATA *data,
+static DWORD WINTRUST_CreateChainForSigner(CRYPT_PROVIDER_DATA *data,
  DWORD signer, PWTD_GENERIC_CHAIN_POLICY_CREATE_INFO createInfo,
  PCERT_CHAIN_PARA chainPara)
 {
-    BOOL ret = TRUE;
+    DWORD err = ERROR_SUCCESS;
     HCERTSTORE store = NULL;
if (data->chStores)
@@ -749,53 +766,64 @@
             for (i = 0; i < data->chStores; i++)
                 CertAddStoreToCollection(store, data->pahStores[i], 0, 0);
         }
-    }
-    /* Expect the end certificate for each signer to be the only cert in the
-     * chain:
-     */
-    if (data->pasSigners[signer].csCertChain)
-    {
-        /* Create a certificate chain for each signer */
-        ret = CertGetCertificateChain(createInfo->hChainEngine,
-         data->pasSigners[signer].pasCertChain[0].pCert,
-         &data->pasSigners[signer].sftVerifyAsOf, store,
-         chainPara, createInfo->dwFlags, createInfo->pvReserved,
-         &data->pasSigners[signer].pChainContext);
-        if (ret)
-        {
-            if (data->pasSigners[signer].pChainContext->cChain != 1)
+        else
+            err = GetLastError();
+    }
+    if (!err)
+    {
+        /* Expect the end certificate for each signer to be the only cert in
+         * the chain:
+         */
+        if (data->pasSigners[signer].csCertChain)
+        {
+            BOOL ret;
+
+            /* Create a certificate chain for each signer */
+            ret = CertGetCertificateChain(createInfo->hChainEngine,
+             data->pasSigners[signer].pasCertChain[0].pCert,
+             &data->pasSigners[signer].sftVerifyAsOf, store,
+             chainPara, createInfo->dwFlags, createInfo->pvReserved,
+             &data->pasSigners[signer].pChainContext);
+            if (ret)
             {
-                FIXME("unimplemented for more than 1 simple chain\n");
-                ret = FALSE;
+                if (data->pasSigners[signer].pChainContext->cChain != 1)
+                {
+                    FIXME("unimplemented for more than 1 simple chain\n");
+                    err = E_NOTIMPL;
+                }
+                else
+                {
+                    if (!(err = WINTRUST_CopyChain(data, signer)))
+                    {
+                        if (data->psPfns->pfnCertCheckPolicy)
+                        {
+                            ret = data->psPfns->pfnCertCheckPolicy(data, signer,
+                             FALSE, 0);
+                            if (!ret)
+                                err = GetLastError();
+                        }
+                        else
+                            TRACE(
+                             "no cert check policy, skipping policy check\n");
+                    }
+                }
             }
             else
-            {
-                if ((ret = WINTRUST_CopyChain(data, signer)))
-                {
-                    if (data->psPfns->pfnCertCheckPolicy)
-                        ret = data->psPfns->pfnCertCheckPolicy(data, signer,
-                         FALSE, 0);
-                    else
-                        TRACE("no cert check policy, skipping policy check\n");
-                }
-            }
-        }
-    }
-    CertCloseStore(store, 0);
-    return ret;
+                err = GetLastError();
+        }
+        CertCloseStore(store, 0);
+    }
+    return err;
 }
HRESULT WINAPI WintrustCertificateTrust(CRYPT_PROVIDER_DATA *data)
 {
-    BOOL ret;
+    DWORD err;
TRACE("(%p)\n", data);
if (!data->csSigners)
-    {
-        ret = FALSE;
-        SetLastError(TRUST_E_NOSIGNATURE);
-    }
+        err = TRUST_E_NOSIGNATURE;
     else
     {
         DWORD i;
@@ -803,17 +831,16 @@
         CERT_CHAIN_PARA chainPara;
WINTRUST_CreateChainPolicyCreateInfo(data, &createInfo, &chainPara);
-        ret = TRUE;
-        for (i = 0; i < data->csSigners; i++)
-            ret = WINTRUST_CreateChainForSigner(data, i, &createInfo,
+        err = ERROR_SUCCESS;
+        for (i = 0; !err && i < data->csSigners; i++)
+            err = WINTRUST_CreateChainForSigner(data, i, &createInfo,
              &chainPara);
     }
-    if (!ret)
-        data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] =
-         GetLastError();
-    TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE,
+    if (err)
+        data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] = err;
+    TRACE("returning %d (%08x)\n", !err ? S_OK : S_FALSE,
      data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV]);
-    return ret ? S_OK : S_FALSE;
+    return !err ? S_OK : S_FALSE;
 }
HRESULT WINAPI GenericChainCertificateTrust(CRYPT_PROVIDER_DATA *data)
@@ -1078,7 +1105,8 @@
CryptMsgClose(data->hMsg);
-    if (data->fOpenedFile)
+    if (data->fOpenedFile &&
+     data->pWintrustData->dwUnionChoice == WTD_CHOICE_FILE)
         CloseHandle(data->pWintrustData->u.pFile->hFile);
return S_OK;
Modified: trunk/reactos/dll/win32/wintrust/wintrust_main.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/wintrust...
==============================================================================
--- trunk/reactos/dll/win32/wintrust/wintrust_main.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/wintrust/wintrust_main.c [iso-8859-1] Thu Mar  4 21:39:41 2010
@@ -77,11 +77,118 @@
  */
 BOOL WINAPI TrustIsCertificateSelfSigned( PCCERT_CONTEXT cert )
 {
+    PCERT_EXTENSION ext;
+    DWORD size;
     BOOL ret;
TRACE("%p\n", cert);
-    ret = CertCompareCertificateName(cert->dwCertEncodingType,
-     &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer);
+    if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2,
+     cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
+    {
+        CERT_AUTHORITY_KEY_ID2_INFO *info;
+
+        ret = CryptDecodeObjectEx(cert->dwCertEncodingType,
+         X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
+         CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
+         &info, &size);
+        if (ret)
+        {
+            if (info->AuthorityCertIssuer.cAltEntry &&
+             info->AuthorityCertSerialNumber.cbData)
+            {
+                PCERT_ALT_NAME_ENTRY directoryName = NULL;
+                DWORD i;
+
+                for (i = 0; !directoryName &&
+                 i < info->AuthorityCertIssuer.cAltEntry; i++)
+                    if (info->AuthorityCertIssuer.rgAltEntry[i].dwAltNameChoice
+                     == CERT_ALT_NAME_DIRECTORY_NAME)
+                        directoryName =
+                         &info->AuthorityCertIssuer.rgAltEntry[i];
+                if (directoryName)
+                {
+                    ret = CertCompareCertificateName(cert->dwCertEncodingType,
+                     &directoryName->u.DirectoryName, &cert->pCertInfo->Issuer)
+                     && CertCompareIntegerBlob(&info->AuthorityCertSerialNumber,
+                     &cert->pCertInfo->SerialNumber);
+                }
+                else
+                {
+                    FIXME("no supported name type in authority key id2\n");
+                    ret = FALSE;
+                }
+            }
+            else if (info->KeyId.cbData)
+            {
+                ret = CertGetCertificateContextProperty(cert,
+                 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
+                if (ret && size == info->KeyId.cbData)
+                {
+                    LPBYTE buf = CryptMemAlloc(size);
+
+                    if (buf)
+                    {
+                        CertGetCertificateContextProperty(cert,
+                         CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
+                        ret = !memcmp(buf, info->KeyId.pbData, size);
+                        CryptMemFree(buf);
+                    }
+                    else
+                        ret = FALSE;
+                }
+                else
+                    ret = FALSE;
+            }
+            LocalFree(info);
+        }
+    }
+    else if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER,
+     cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
+    {
+        CERT_AUTHORITY_KEY_ID_INFO *info;
+
+        ret = CryptDecodeObjectEx(cert->dwCertEncodingType,
+         X509_AUTHORITY_KEY_ID, ext->Value.pbData, ext->Value.cbData,
+         CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL,
+         &info, &size);
+        if (ret)
+        {
+            if (info->CertIssuer.cbData && info->CertSerialNumber.cbData)
+            {
+                ret = CertCompareCertificateName(cert->dwCertEncodingType,
+                 &info->CertIssuer, &cert->pCertInfo->Issuer) &&
+                 CertCompareIntegerBlob(&info->CertSerialNumber,
+                 &cert->pCertInfo->SerialNumber);
+            }
+            else if (info->KeyId.cbData)
+            {
+                ret = CertGetCertificateContextProperty(cert,
+                 CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
+                if (ret && size == info->KeyId.cbData)
+                {
+                    LPBYTE buf = CryptMemAlloc(size);
+
+                    if (buf)
+                    {
+                        CertGetCertificateContextProperty(cert,
+                         CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
+                        ret = !memcmp(buf, info->KeyId.pbData, size);
+                        CryptMemFree(buf);
+                    }
+                    else
+                        ret = FALSE;
+                }
+                else
+                    ret = FALSE;
+            }
+            else
+                ret = FALSE;
+            LocalFree(info);
+        }
+    }
+    else
+        ret = CertCompareCertificateName(cert->dwCertEncodingType,
+         &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer);
     return ret;
 }

    