Author: cwittich Date: Thu Mar 4 21:39:41 2010 New Revision: 45838 URL: http://svn.reactos.org/svn/reactos?rev=45838&view=rev Log: [WINTRUST] sync wintrust to wine 1.1.39 Modified: trunk/reactos/dll/win32/wintrust/asn.c trunk/reactos/dll/win32/wintrust/crypt.c trunk/reactos/dll/win32/wintrust/softpub.c trunk/reactos/dll/win32/wintrust/wintrust_main.c Modified: trunk/reactos/dll/win32/wintrust/asn.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/asn.c?r… ============================================================================== --- trunk/reactos/dll/win32/wintrust/asn.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/wintrust/asn.c [iso-8859-1] Thu Mar 4 21:39:41 2010 @@ -1469,6 +1469,11 @@ */ #define ALIGN_DWORD_PTR(x) (((x) + sizeof(DWORD_PTR) - 1) & ~(sizeof(DWORD_PTR) - 1)) +#define FINALMEMBERSIZE(s, member) (sizeof(s) - offsetof(s, member)) +#define MEMBERSIZE(s, member, nextmember) \ + (offsetof(s, nextmember) - offsetof(s, member)) + + /* Decodes the items in a sequence, where the items are described in items, * the encoded data are in pbEncoded with length cbEncoded. Decodes into * pvStructInfo. nextData is a pointer to the memory location at which the @@ -1520,8 +1525,13 @@ : NULL, &items[i].size); if (ret) { - /* Account for alignment padding */ - items[i].size = ALIGN_DWORD_PTR(items[i].size); + if (items[i].size < items[i].minSize) + items[i].size = items[i].minSize; + else if (items[i].size > items[i].minSize) + { + /* Account for alignment padding */ + items[i].size = ALIGN_DWORD_PTR(items[i].size); + } TRACE("item %d size: %d\n", i, items[i].size); if (nextData && items[i].hasPointer && items[i].size > items[i].minSize) @@ -2179,62 +2189,24 @@ return ret; } -static BOOL CRYPT_AsnDecodeInteger(const BYTE *pbEncoded, - DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo) -{ - BOOL ret; - DWORD bytesNeeded, dataLen; - - if ((ret = CRYPT_GetLen(pbEncoded, cbEncoded, &dataLen))) - { - BYTE lenBytes = GET_LEN_BYTES(pbEncoded[1]); - - bytesNeeded = dataLen + sizeof(CRYPT_INTEGER_BLOB); - if (!pvStructInfo) - *pcbStructInfo = bytesNeeded; - else if (*pcbStructInfo < bytesNeeded) - { - *pcbStructInfo = bytesNeeded; - SetLastError(ERROR_MORE_DATA); - ret = FALSE; - } - else - { - CRYPT_INTEGER_BLOB *blob = pvStructInfo; - - *pcbStructInfo = bytesNeeded; - blob->cbData = dataLen; - assert(blob->pbData); - if (blob->cbData) - { - DWORD i; - - for (i = 0; i < blob->cbData; i++) - { - blob->pbData[i] = *(pbEncoded + 1 + lenBytes + - dataLen - i - 1); - } - } - } - } - return ret; -} - /* Ignores tag. Only allows integers 4 bytes or smaller in size. */ static BOOL WINAPI CRYPT_AsnDecodeInt(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo) { BOOL ret; - BYTE buf[sizeof(CRYPT_INTEGER_BLOB) + sizeof(int)]; - CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)buf; - DWORD size = sizeof(buf); - - blob->pbData = buf + sizeof(CRYPT_INTEGER_BLOB); - ret = CRYPT_AsnDecodeInteger(pbEncoded, cbEncoded, 0, buf, &size); - if (ret) - { - if (!pvStructInfo) + DWORD dataLen; + + if ((ret = CRYPT_GetLen(pbEncoded, cbEncoded, &dataLen))) + { + BYTE lenBytes = GET_LEN_BYTES(pbEncoded[1]); + + if (dataLen > sizeof(int)) + { + SetLastError(CRYPT_E_ASN1_LARGE); + ret = FALSE; + } + else if (!pvStructInfo) *pcbStructInfo = sizeof(int); else if (*pcbStructInfo < sizeof(int)) { @@ -2248,23 +2220,21 @@ DWORD i; *pcbStructInfo = sizeof(int); - if (blob->pbData[blob->cbData - 1] & 0x80) + if (dataLen && pbEncoded[1 + lenBytes] & 0x80) { /* initialize to a negative value to sign-extend */ val = -1; } else val = 0; - for (i = 0; i < blob->cbData; i++) + for (i = 0; i < dataLen; i++) { val <<= 8; - val |= blob->pbData[blob->cbData - i - 1]; + val |= pbEncoded[1 + lenBytes + i]; } memcpy(pvStructInfo, &val, sizeof(int)); } } - else if (GetLastError() == ERROR_MORE_DATA) - SetLastError(CRYPT_E_ASN1_LARGE); return ret; } @@ -2284,7 +2254,7 @@ CRYPT_AsnDecodeBMPString, sizeof(LPWSTR), FALSE, TRUE, offsetof(CAT_MEMBERINFO, pwszSubjGuid), 0 }, { ASN_INTEGER, offsetof(CAT_MEMBERINFO, dwCertVersion), - CRYPT_AsnDecodeInt, sizeof(DWORD), + CRYPT_AsnDecodeInt, FINALMEMBERSIZE(CAT_MEMBERINFO, dwCertVersion), FALSE, FALSE, 0, 0 }, }; @@ -2317,7 +2287,8 @@ CRYPT_AsnDecodeBMPString, sizeof(LPWSTR), FALSE, TRUE, offsetof(CAT_NAMEVALUE, pwszTag), 0 }, { ASN_INTEGER, offsetof(CAT_NAMEVALUE, fdwFlags), - CRYPT_AsnDecodeInt, sizeof(DWORD), FALSE, FALSE, 0, 0 }, + CRYPT_AsnDecodeInt, MEMBERSIZE(CAT_NAMEVALUE, fdwFlags, Value), + FALSE, FALSE, 0, 0 }, { ASN_OCTETSTRING, offsetof(CAT_NAMEVALUE, Value), CRYPT_AsnDecodeOctets, sizeof(CRYPT_DER_BLOB), FALSE, TRUE, offsetof(CAT_NAMEVALUE, Value.pbData), 0 }, @@ -2391,9 +2362,11 @@ { struct AsnDecodeSequenceItem items[] = { { ASN_BOOL, offsetof(SPC_FINANCIAL_CRITERIA, fFinancialInfoAvailable), - CRYPT_AsnDecodeBool, sizeof(BOOL), FALSE, FALSE, 0, 0 }, + CRYPT_AsnDecodeBool, MEMBERSIZE(SPC_FINANCIAL_CRITERIA, + fFinancialInfoAvailable, fMeetsCriteria), FALSE, FALSE, 0, 0 }, { ASN_BOOL, offsetof(SPC_FINANCIAL_CRITERIA, fMeetsCriteria), - CRYPT_AsnDecodeBool, sizeof(BOOL), FALSE, FALSE, 0, 0 }, + CRYPT_AsnDecodeBool, FINALMEMBERSIZE(SPC_FINANCIAL_CRITERIA, + fMeetsCriteria), FALSE, FALSE, 0, 0 }, }; ret = CRYPT_AsnDecodeSequence(dwCertEncodingType, items, Modified: trunk/reactos/dll/win32/wintrust/crypt.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/crypt.c… ============================================================================== --- trunk/reactos/dll/win32/wintrust/crypt.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/wintrust/crypt.c [iso-8859-1] Thu Mar 4 21:39:41 2010 @@ -1028,7 +1028,18 @@ /* app hasn't passed buffer, just get the length */ ret = ImageGetCertificateHeader(pSubjectInfo->hFile, dwIndex, &cert); if (ret) - *pcbSignedDataMsg = cert.dwLength; + { + switch (cert.wCertificateType) + { + case WIN_CERT_TYPE_X509: + case WIN_CERT_TYPE_PKCS_SIGNED_DATA: + *pcbSignedDataMsg = cert.dwLength; + break; + default: + WARN("unknown certificate type %d\n", cert.wCertificateType); + ret = FALSE; + } + } } else { @@ -1065,9 +1076,10 @@ *pdwEncodingType = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING; break; default: - FIXME("don't know what to do for encoding type %d\n", + WARN("don't know what to do for encoding type %d\n", pCert->wCertificateType); *pdwEncodingType = 0; + ret = FALSE; } } } Modified: trunk/reactos/dll/win32/wintrust/softpub.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/softpub… ============================================================================== --- trunk/reactos/dll/win32/wintrust/softpub.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/wintrust/softpub.c [iso-8859-1] Thu Mar 4 21:39:41 2010 @@ -75,9 +75,9 @@ /* Assumes data->pWintrustData->u.pFile exists. Makes sure a file handle is * open for the file. */ -static BOOL SOFTPUB_OpenFile(CRYPT_PROVIDER_DATA *data) -{ - BOOL ret = TRUE; +static DWORD SOFTPUB_OpenFile(CRYPT_PROVIDER_DATA *data) +{ + DWORD err = ERROR_SUCCESS; /* PSDK implies that all values should be initialized to NULL, so callers * typically have hFile as NULL rather than INVALID_HANDLE_VALUE. Check @@ -92,65 +92,64 @@ if (data->pWintrustData->u.pFile->hFile != INVALID_HANDLE_VALUE) data->fOpenedFile = TRUE; else - ret = FALSE; - } - if (ret) + err = GetLastError(); + } + if (!err) GetFileTime(data->pWintrustData->u.pFile->hFile, &data->sftSystemTime, NULL, NULL); - TRACE("returning %d\n", ret); - return ret; + TRACE("returning %d\n", err); + return err; } /* Assumes data->pWintrustData->u.pFile exists. Sets data->pPDSip->gSubject to * the file's subject GUID. */ -static BOOL SOFTPUB_GetFileSubject(CRYPT_PROVIDER_DATA *data) -{ - BOOL ret; +static DWORD SOFTPUB_GetFileSubject(CRYPT_PROVIDER_DATA *data) +{ + DWORD err = ERROR_SUCCESS; if (!WVT_ISINSTRUCT(WINTRUST_FILE_INFO, data->pWintrustData->u.pFile->cbStruct, pgKnownSubject) || !data->pWintrustData->u.pFile->pgKnownSubject) { - ret = CryptSIPRetrieveSubjectGuid( + if (!CryptSIPRetrieveSubjectGuid( data->pWintrustData->u.pFile->pcwszFilePath, data->pWintrustData->u.pFile->hFile, - &data->u.pPDSip->gSubject); - } - else - { + &data->u.pPDSip->gSubject)) + err = GetLastError(); + } + else data->u.pPDSip->gSubject = *data->pWintrustData->u.pFile->pgKnownSubject; - ret = TRUE; - } - TRACE("returning %d\n", ret); - return ret; + TRACE("returning %d\n", err); + return err; } /* Assumes data->u.pPDSip exists, and its gSubject member set. * Allocates data->u.pPDSip->pSip and loads it, if possible. */ -static BOOL SOFTPUB_GetSIP(CRYPT_PROVIDER_DATA *data) -{ - BOOL ret; +static DWORD SOFTPUB_GetSIP(CRYPT_PROVIDER_DATA *data) +{ + DWORD err = ERROR_SUCCESS; data->u.pPDSip->pSip = data->psPfns->pfnAlloc(sizeof(SIP_DISPATCH_INFO)); if (data->u.pPDSip->pSip) - ret = CryptSIPLoad(&data->u.pPDSip->gSubject, 0, data->u.pPDSip->pSip); - else - { - SetLastError(ERROR_OUTOFMEMORY); - ret = FALSE; - } - TRACE("returning %d\n", ret); - return ret; + { + if (!CryptSIPLoad(&data->u.pPDSip->gSubject, 0, data->u.pPDSip->pSip)) + err = GetLastError(); + } + else + err = ERROR_OUTOFMEMORY; + TRACE("returning %d\n", err); + return err; } /* Assumes data->u.pPDSip has been loaded, and data->u.pPDSip->pSip allocated. * Calls data->u.pPDSip->pSip->pfGet to construct data->hMsg. */ -static BOOL SOFTPUB_GetMessageFromFile(CRYPT_PROVIDER_DATA *data, HANDLE file, +static DWORD SOFTPUB_GetMessageFromFile(CRYPT_PROVIDER_DATA *data, HANDLE file, LPCWSTR filePath) { + DWORD err = ERROR_SUCCESS; BOOL ret; LPBYTE buf = NULL; DWORD size = 0; @@ -158,10 +157,7 @@ data->u.pPDSip->psSipSubjectInfo = data->psPfns->pfnAlloc(sizeof(SIP_SUBJECTINFO)); if (!data->u.pPDSip->psSipSubjectInfo) - { - SetLastError(ERROR_OUTOFMEMORY); - return FALSE; - } + return ERROR_OUTOFMEMORY; data->u.pPDSip->psSipSubjectInfo->cbSize = sizeof(SIP_SUBJECTINFO); data->u.pPDSip->psSipSubjectInfo->pgSubjectType = &data->u.pPDSip->gSubject; @@ -171,17 +167,11 @@ ret = data->u.pPDSip->pSip->pfGet(data->u.pPDSip->psSipSubjectInfo, &data->dwEncoding, 0, &size, 0); if (!ret) - { - SetLastError(TRUST_E_NOSIGNATURE); - return FALSE; - } + return TRUST_E_NOSIGNATURE; buf = data->psPfns->pfnAlloc(size); if (!buf) - { - SetLastError(ERROR_OUTOFMEMORY); - return FALSE; - } + return ERROR_OUTOFMEMORY; ret = data->u.pPDSip->pSip->pfGet(data->u.pPDSip->psSipSubjectInfo, &data->dwEncoding, 0, &size, buf); @@ -190,88 +180,111 @@ data->hMsg = CryptMsgOpenToDecode(data->dwEncoding, 0, 0, data->hProv, NULL, NULL); if (data->hMsg) + { ret = CryptMsgUpdate(data->hMsg, buf, size, TRUE); - } + if (!ret) + err = GetLastError(); + } + } + else + err = GetLastError(); data->psPfns->pfnFree(buf); - TRACE("returning %d\n", ret); - return ret; -} - -static BOOL SOFTPUB_CreateStoreFromMessage(CRYPT_PROVIDER_DATA *data) -{ - BOOL ret = FALSE; + TRACE("returning %d\n", err); + return err; +} + +static DWORD SOFTPUB_CreateStoreFromMessage(CRYPT_PROVIDER_DATA *data) +{ + DWORD err = ERROR_SUCCESS; HCERTSTORE store; store = CertOpenStore(CERT_STORE_PROV_MSG, data->dwEncoding, data->hProv, CERT_STORE_NO_CRYPT_RELEASE_FLAG, data->hMsg); if (store) { - ret = data->psPfns->pfnAddStore2Chain(data, store); + if (!data->psPfns->pfnAddStore2Chain(data, store)) + err = GetLastError(); CertCloseStore(store, 0); } - TRACE("returning %d\n", ret); - return ret; + else + err = GetLastError(); + TRACE("returning %d\n", err); + return err; } static DWORD SOFTPUB_DecodeInnerContent(CRYPT_PROVIDER_DATA *data) { BOOL ret; - DWORD size; + DWORD size, err = ERROR_SUCCESS; LPSTR oid = NULL; LPBYTE buf = NULL; ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, NULL, &size); if (!ret) - goto error; + { + err = GetLastError(); + goto error; + } oid = data->psPfns->pfnAlloc(size); if (!oid) { - SetLastError(ERROR_OUTOFMEMORY); - ret = FALSE; + err = ERROR_OUTOFMEMORY; goto error; } ret = CryptMsgGetParam(data->hMsg, CMSG_INNER_CONTENT_TYPE_PARAM, 0, oid, &size); if (!ret) - goto error; + { + err = GetLastError(); + goto error; + } ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, NULL, &size); if (!ret) - goto error; + { + err = GetLastError(); + goto error; + } buf = data->psPfns->pfnAlloc(size); if (!buf) { - SetLastError(ERROR_OUTOFMEMORY); - ret = FALSE; + err = ERROR_OUTOFMEMORY; goto error; } ret = CryptMsgGetParam(data->hMsg, CMSG_CONTENT_PARAM, 0, buf, &size); if (!ret) - goto error; + { + err = GetLastError(); + goto error; + } ret = CryptDecodeObject(data->dwEncoding, oid, buf, size, 0, NULL, &size); if (!ret) - goto error; + { + err = GetLastError(); + goto error; + } data->u.pPDSip->psIndirectData = data->psPfns->pfnAlloc(size); if (!data->u.pPDSip->psIndirectData) { - SetLastError(ERROR_OUTOFMEMORY); - ret = FALSE; + err = ERROR_OUTOFMEMORY; goto error; } ret = CryptDecodeObject(data->dwEncoding, oid, buf, size, 0, data->u.pPDSip->psIndirectData, &size); + if (!ret) + err = GetLastError(); error: - TRACE("returning %d\n", ret); + TRACE("returning %d\n", err); data->psPfns->pfnFree(oid); data->psPfns->pfnFree(buf); - return ret; -} - -static BOOL SOFTPUB_LoadCertMessage(CRYPT_PROVIDER_DATA *data) -{ - BOOL ret; + return err; +} + +static DWORD SOFTPUB_LoadCertMessage(CRYPT_PROVIDER_DATA *data) +{ + DWORD err = ERROR_SUCCESS; if (data->pWintrustData->u.pCert && WVT_IS_CBSTRUCT_GT_MEMBEROFFSET(WINTRUST_CERT_INFO, @@ -281,6 +294,7 @@ { CRYPT_PROVIDER_SGNR signer = { sizeof(signer), { 0 } }; DWORD i; + BOOL ret; /* Add a signer with nothing but the time to verify, so we can * add a cert to it @@ -308,55 +322,57 @@ ret = data->psPfns->pfnAddStore2Chain(data, data->pWintrustData->u.pCert->pahStores[i]); } - } - else - { - /* Do nothing!? See the tests */ - ret = TRUE; - } - } - else - { - SetLastError(ERROR_INVALID_PARAMETER); - ret = FALSE; - } - return ret; -} - -static BOOL SOFTPUB_LoadFileMessage(CRYPT_PROVIDER_DATA *data) -{ - BOOL ret; + if (!ret) + err = GetLastError(); + } + } + else + err = ERROR_INVALID_PARAMETER; + return err; +} + +static DWORD SOFTPUB_LoadFileMessage(CRYPT_PROVIDER_DATA *data) +{ + DWORD err = ERROR_SUCCESS; if (!data->pWintrustData->u.pFile) { - SetLastError(ERROR_INVALID_PARAMETER); - ret = FALSE; - goto error; - } - ret = SOFTPUB_OpenFile(data); - if (!ret) - goto error; - ret = SOFTPUB_GetFileSubject(data); - if (!ret) - goto error; - ret = SOFTPUB_GetSIP(data); - if (!ret) - goto error; - ret = SOFTPUB_GetMessageFromFile(data, data->pWintrustData->u.pFile->hFile, + err = ERROR_INVALID_PARAMETER; + goto error; + } + err = SOFTPUB_OpenFile(data); + if (err) + goto error; + err = SOFTPUB_GetFileSubject(data); + if (err) + goto error; + err = SOFTPUB_GetSIP(data); + if (err) + goto error; + err = SOFTPUB_GetMessageFromFile(data, data->pWintrustData->u.pFile->hFile, data->pWintrustData->u.pFile->pcwszFilePath); - if (!ret) - goto error; - ret = SOFTPUB_CreateStoreFromMessage(data); - if (!ret) - goto error; - ret = SOFTPUB_DecodeInnerContent(data); + if (err) + goto error; + err = SOFTPUB_CreateStoreFromMessage(data); + if (err) + goto error; + err = SOFTPUB_DecodeInnerContent(data); + error: - return ret; -} - -static BOOL SOFTPUB_LoadCatalogMessage(CRYPT_PROVIDER_DATA *data) -{ - BOOL ret; + if (err && data->fOpenedFile && data->pWintrustData->u.pFile) + { + /* The caller won't expect the file to be open on failure, so close it. + */ + CloseHandle(data->pWintrustData->u.pFile->hFile); + data->pWintrustData->u.pFile->hFile = INVALID_HANDLE_VALUE; + data->fOpenedFile = FALSE; + } + return err; +} + +static DWORD SOFTPUB_LoadCatalogMessage(CRYPT_PROVIDER_DATA *data) +{ + DWORD err; HANDLE catalog = INVALID_HANDLE_VALUE; if (!data->pWintrustData->u.pCatalog) @@ -368,32 +384,34 @@ GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (catalog == INVALID_HANDLE_VALUE) - return FALSE; - ret = CryptSIPRetrieveSubjectGuid( + return GetLastError(); + if (!CryptSIPRetrieveSubjectGuid( data->pWintrustData->u.pCatalog->pcwszCatalogFilePath, catalog, - &data->u.pPDSip->gSubject); - if (!ret) - goto error; - ret = SOFTPUB_GetSIP(data); - if (!ret) - goto error; - ret = SOFTPUB_GetMessageFromFile(data, catalog, + &data->u.pPDSip->gSubject)) + { + err = GetLastError(); + goto error; + } + err = SOFTPUB_GetSIP(data); + if (err) + goto error; + err = SOFTPUB_GetMessageFromFile(data, catalog, data->pWintrustData->u.pCatalog->pcwszCatalogFilePath); - if (!ret) - goto error; - ret = SOFTPUB_CreateStoreFromMessage(data); - if (!ret) - goto error; - ret = SOFTPUB_DecodeInnerContent(data); + if (err) + goto error; + err = SOFTPUB_CreateStoreFromMessage(data); + if (err) + goto error; + err = SOFTPUB_DecodeInnerContent(data); /* FIXME: this loads the catalog file, but doesn't validate the member. */ error: CloseHandle(catalog); - return ret; + return err; } HRESULT WINAPI SoftpubLoadMessage(CRYPT_PROVIDER_DATA *data) { - BOOL ret; + DWORD err = ERROR_SUCCESS; TRACE("(%p)\n", data); @@ -403,26 +421,24 @@ switch (data->pWintrustData->dwUnionChoice) { case WTD_CHOICE_CERT: - ret = SOFTPUB_LoadCertMessage(data); + err = SOFTPUB_LoadCertMessage(data); break; case WTD_CHOICE_FILE: - ret = SOFTPUB_LoadFileMessage(data); + err = SOFTPUB_LoadFileMessage(data); break; case WTD_CHOICE_CATALOG: - ret = SOFTPUB_LoadCatalogMessage(data); + err = SOFTPUB_LoadCatalogMessage(data); break; default: FIXME("unimplemented for %d\n", data->pWintrustData->dwUnionChoice); - SetLastError(ERROR_INVALID_PARAMETER); - ret = FALSE; - } - - if (!ret) - data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = - GetLastError(); - TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE, + err = ERROR_INVALID_PARAMETER; + } + + if (err) + data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] = err; + TRACE("returning %d (%08x)\n", !err ? S_OK : S_FALSE, data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV]); - return ret ? S_OK : S_FALSE; + return !err ? S_OK : S_FALSE; } static CMSG_SIGNER_INFO *WINTRUST_GetSigner(CRYPT_PROVIDER_DATA *data, @@ -453,9 +469,9 @@ return signerInfo; } -static BOOL WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx) -{ - BOOL ret; +static DWORD WINTRUST_SaveSigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx) +{ + DWORD err; CMSG_SIGNER_INFO *signerInfo = WINTRUST_GetSigner(data, signerIdx); if (signerInfo) @@ -464,11 +480,14 @@ sgnr.psSigner = signerInfo; sgnr.sftVerifyAsOf = data->sftSystemTime; - ret = data->psPfns->pfnAddSgnr2Chain(data, FALSE, signerIdx, &sgnr); - } - else - ret = FALSE; - return ret; + if (!data->psPfns->pfnAddSgnr2Chain(data, FALSE, signerIdx, &sgnr)) + err = GetLastError(); + else + err = ERROR_SUCCESS; + } + else + err = GetLastError(); + return err; } static CERT_INFO *WINTRUST_GetSignerCertInfo(CRYPT_PROVIDER_DATA *data, @@ -499,9 +518,9 @@ return certInfo; } -static BOOL WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx) -{ - BOOL ret; +static DWORD WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx) +{ + DWORD err; CERT_INFO *certInfo = WINTRUST_GetSignerCertInfo(data, signerIdx); if (certInfo) @@ -514,30 +533,29 @@ CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA para = { sizeof(para), 0, signerIdx, CMSG_VERIFY_SIGNER_CERT, (LPVOID)subject }; - ret = CryptMsgControl(data->hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE_EX, - &para); - if (!ret) - SetLastError(TRUST_E_CERT_SIGNATURE); + if (!CryptMsgControl(data->hMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE_EX, + &para)) + err = TRUST_E_CERT_SIGNATURE; else + { data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0, subject); + err = ERROR_SUCCESS; + } CertFreeCertificateContext(subject); } else - { - SetLastError(TRUST_E_NO_SIGNER_CERT); - ret = FALSE; - } + err = TRUST_E_NO_SIGNER_CERT; data->psPfns->pfnFree(certInfo); } else - ret = FALSE; - return ret; + err = GetLastError(); + return err; } HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data) { - BOOL ret; + DWORD err; TRACE("(%p)\n", data); @@ -549,27 +567,26 @@ DWORD signerCount, size; size = sizeof(signerCount); - ret = CryptMsgGetParam(data->hMsg, CMSG_SIGNER_COUNT_PARAM, 0, - &signerCount, &size); - if (ret) + if (CryptMsgGetParam(data->hMsg, CMSG_SIGNER_COUNT_PARAM, 0, + &signerCount, &size)) { DWORD i; - for (i = 0; ret && i < signerCount; i++) + err = ERROR_SUCCESS; + for (i = 0; !err && i < signerCount; i++) { - if ((ret = WINTRUST_SaveSigner(data, i))) - ret = WINTRUST_VerifySigner(data, i); + if (!(err = WINTRUST_SaveSigner(data, i))) + err = WINTRUST_VerifySigner(data, i); } } else - SetLastError(TRUST_E_NOSIGNATURE); - } - else - ret = TRUE; - if (!ret) - data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = - GetLastError(); - return ret ? S_OK : S_FALSE; + err = TRUST_E_NOSIGNATURE; + } + else + err = ERROR_SUCCESS; + if (err) + data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_SIGPROV] = err; + return !err ? S_OK : S_FALSE; } static DWORD WINTRUST_TrustStatusToConfidence(DWORD errorStatus) @@ -672,24 +689,22 @@ return error; } -static BOOL WINTRUST_CopyChain(CRYPT_PROVIDER_DATA *data, DWORD signerIdx) -{ - BOOL ret; +static DWORD WINTRUST_CopyChain(CRYPT_PROVIDER_DATA *data, DWORD signerIdx) +{ + DWORD err, i; PCERT_SIMPLE_CHAIN simpleChain = data->pasSigners[signerIdx].pChainContext->rgpChain[0]; - DWORD i; data->pasSigners[signerIdx].pasCertChain[0].dwConfidence = WINTRUST_TrustStatusToConfidence( simpleChain->rgpElement[0]->TrustStatus.dwErrorStatus); data->pasSigners[signerIdx].pasCertChain[0].pChainElement = simpleChain->rgpElement[0]; - ret = TRUE; - for (i = 1; ret && i < simpleChain->cElement; i++) - { - ret = data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0, - simpleChain->rgpElement[i]->pCertContext); - if (ret) + err = ERROR_SUCCESS; + for (i = 1; !err && i < simpleChain->cElement; i++) + { + if (data->psPfns->pfnAddCert2Chain(data, signerIdx, FALSE, 0, + simpleChain->rgpElement[i]->pCertContext)) { data->pasSigners[signerIdx].pasCertChain[i].pChainElement = simpleChain->rgpElement[i]; @@ -697,12 +712,14 @@ WINTRUST_TrustStatusToConfidence( simpleChain->rgpElement[i]->TrustStatus.dwErrorStatus); } + else + err = GetLastError(); } data->pasSigners[signerIdx].pasCertChain[simpleChain->cElement - 1].dwError = WINTRUST_TrustStatusToError( simpleChain->rgpElement[simpleChain->cElement - 1]-> TrustStatus.dwErrorStatus); - return ret; + return err; } static void WINTRUST_CreateChainPolicyCreateInfo( @@ -731,11 +748,11 @@ info->pvReserved = NULL; } -static BOOL WINTRUST_CreateChainForSigner(CRYPT_PROVIDER_DATA *data, +static DWORD WINTRUST_CreateChainForSigner(CRYPT_PROVIDER_DATA *data, DWORD signer, PWTD_GENERIC_CHAIN_POLICY_CREATE_INFO createInfo, PCERT_CHAIN_PARA chainPara) { - BOOL ret = TRUE; + DWORD err = ERROR_SUCCESS; HCERTSTORE store = NULL; if (data->chStores) @@ -749,53 +766,64 @@ for (i = 0; i < data->chStores; i++) CertAddStoreToCollection(store, data->pahStores[i], 0, 0); } - } - /* Expect the end certificate for each signer to be the only cert in the - * chain: - */ - if (data->pasSigners[signer].csCertChain) - { - /* Create a certificate chain for each signer */ - ret = CertGetCertificateChain(createInfo->hChainEngine, - data->pasSigners[signer].pasCertChain[0].pCert, - &data->pasSigners[signer].sftVerifyAsOf, store, - chainPara, createInfo->dwFlags, createInfo->pvReserved, - &data->pasSigners[signer].pChainContext); - if (ret) - { - if (data->pasSigners[signer].pChainContext->cChain != 1) + else + err = GetLastError(); + } + if (!err) + { + /* Expect the end certificate for each signer to be the only cert in + * the chain: + */ + if (data->pasSigners[signer].csCertChain) + { + BOOL ret; + + /* Create a certificate chain for each signer */ + ret = CertGetCertificateChain(createInfo->hChainEngine, + data->pasSigners[signer].pasCertChain[0].pCert, + &data->pasSigners[signer].sftVerifyAsOf, store, + chainPara, createInfo->dwFlags, createInfo->pvReserved, + &data->pasSigners[signer].pChainContext); + if (ret) { - FIXME("unimplemented for more than 1 simple chain\n"); - ret = FALSE; + if (data->pasSigners[signer].pChainContext->cChain != 1) + { + FIXME("unimplemented for more than 1 simple chain\n"); + err = E_NOTIMPL; + } + else + { + if (!(err = WINTRUST_CopyChain(data, signer))) + { + if (data->psPfns->pfnCertCheckPolicy) + { + ret = data->psPfns->pfnCertCheckPolicy(data, signer, + FALSE, 0); + if (!ret) + err = GetLastError(); + } + else + TRACE( + "no cert check policy, skipping policy check\n"); + } + } } else - { - if ((ret = WINTRUST_CopyChain(data, signer))) - { - if (data->psPfns->pfnCertCheckPolicy) - ret = data->psPfns->pfnCertCheckPolicy(data, signer, - FALSE, 0); - else - TRACE("no cert check policy, skipping policy check\n"); - } - } - } - } - CertCloseStore(store, 0); - return ret; + err = GetLastError(); + } + CertCloseStore(store, 0); + } + return err; } HRESULT WINAPI WintrustCertificateTrust(CRYPT_PROVIDER_DATA *data) { - BOOL ret; + DWORD err; TRACE("(%p)\n", data); if (!data->csSigners) - { - ret = FALSE; - SetLastError(TRUST_E_NOSIGNATURE); - } + err = TRUST_E_NOSIGNATURE; else { DWORD i; @@ -803,17 +831,16 @@ CERT_CHAIN_PARA chainPara; WINTRUST_CreateChainPolicyCreateInfo(data, &createInfo, &chainPara); - ret = TRUE; - for (i = 0; i < data->csSigners; i++) - ret = WINTRUST_CreateChainForSigner(data, i, &createInfo, + err = ERROR_SUCCESS; + for (i = 0; !err && i < data->csSigners; i++) + err = WINTRUST_CreateChainForSigner(data, i, &createInfo, &chainPara); } - if (!ret) - data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] = - GetLastError(); - TRACE("returning %d (%08x)\n", ret ? S_OK : S_FALSE, + if (err) + data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV] = err; + TRACE("returning %d (%08x)\n", !err ? S_OK : S_FALSE, data->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_CERTPROV]); - return ret ? S_OK : S_FALSE; + return !err ? S_OK : S_FALSE; } HRESULT WINAPI GenericChainCertificateTrust(CRYPT_PROVIDER_DATA *data) @@ -1078,7 +1105,8 @@ CryptMsgClose(data->hMsg); - if (data->fOpenedFile) + if (data->fOpenedFile && + data->pWintrustData->dwUnionChoice == WTD_CHOICE_FILE) CloseHandle(data->pWintrustData->u.pFile->hFile); return S_OK; Modified: trunk/reactos/dll/win32/wintrust/wintrust_main.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/wintrust/wintrus… ============================================================================== --- trunk/reactos/dll/win32/wintrust/wintrust_main.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/wintrust/wintrust_main.c [iso-8859-1] Thu Mar 4 21:39:41 2010 @@ -77,11 +77,118 @@ */ BOOL WINAPI TrustIsCertificateSelfSigned( PCCERT_CONTEXT cert ) { + PCERT_EXTENSION ext; + DWORD size; BOOL ret; TRACE("%p\n", cert); - ret = CertCompareCertificateName(cert->dwCertEncodingType, - &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer); + if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2, + cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension))) + { + CERT_AUTHORITY_KEY_ID2_INFO *info; + + ret = CryptDecodeObjectEx(cert->dwCertEncodingType, + X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL, + &info, &size); + if (ret) + { + if (info->AuthorityCertIssuer.cAltEntry && + info->AuthorityCertSerialNumber.cbData) + { + PCERT_ALT_NAME_ENTRY directoryName = NULL; + DWORD i; + + for (i = 0; !directoryName && + i < info->AuthorityCertIssuer.cAltEntry; i++) + if (info->AuthorityCertIssuer.rgAltEntry[i].dwAltNameChoice + == CERT_ALT_NAME_DIRECTORY_NAME) + directoryName = + &info->AuthorityCertIssuer.rgAltEntry[i]; + if (directoryName) + { + ret = CertCompareCertificateName(cert->dwCertEncodingType, + &directoryName->u.DirectoryName, &cert->pCertInfo->Issuer) + && CertCompareIntegerBlob(&info->AuthorityCertSerialNumber, + &cert->pCertInfo->SerialNumber); + } + else + { + FIXME("no supported name type in authority key id2\n"); + ret = FALSE; + } + } + else if (info->KeyId.cbData) + { + ret = CertGetCertificateContextProperty(cert, + CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size); + if (ret && size == info->KeyId.cbData) + { + LPBYTE buf = CryptMemAlloc(size); + + if (buf) + { + CertGetCertificateContextProperty(cert, + CERT_KEY_IDENTIFIER_PROP_ID, buf, &size); + ret = !memcmp(buf, info->KeyId.pbData, size); + CryptMemFree(buf); + } + else + ret = FALSE; + } + else + ret = FALSE; + } + LocalFree(info); + } + } + else if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER, + cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension))) + { + CERT_AUTHORITY_KEY_ID_INFO *info; + + ret = CryptDecodeObjectEx(cert->dwCertEncodingType, + X509_AUTHORITY_KEY_ID, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL, + &info, &size); + if (ret) + { + if (info->CertIssuer.cbData && info->CertSerialNumber.cbData) + { + ret = CertCompareCertificateName(cert->dwCertEncodingType, + &info->CertIssuer, &cert->pCertInfo->Issuer) && + CertCompareIntegerBlob(&info->CertSerialNumber, + &cert->pCertInfo->SerialNumber); + } + else if (info->KeyId.cbData) + { + ret = CertGetCertificateContextProperty(cert, + CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size); + if (ret && size == info->KeyId.cbData) + { + LPBYTE buf = CryptMemAlloc(size); + + if (buf) + { + CertGetCertificateContextProperty(cert, + CERT_KEY_IDENTIFIER_PROP_ID, buf, &size); + ret = !memcmp(buf, info->KeyId.pbData, size); + CryptMemFree(buf); + } + else + ret = FALSE; + } + else + ret = FALSE; + } + else + ret = FALSE; + LocalFree(info); + } + } + else + ret = CertCompareCertificateName(cert->dwCertEncodingType, + &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer); return ret; }