23 Mar
2010
23 Mar
'10
11:59 p.m.
Author: tkreuzer
Date: Wed Mar 24 00:59:58 2010
New Revision: 46378
URL: http://svn.reactos.org/svn/reactos?rev=46378&view=rev
Log:
Merge trunk HEAD (r46369)
(part 4/x)
Added:
branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_Uk.rc
- copied unchanged from r46369, trunk/reactos/dll/win32/crypt32/crypt32_Uk.rc
Removed:
branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32.rc
Modified:
branches/ros-amd64-bringup/reactos/dll/win32/crypt32/chain.c
branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_Fr.rc
branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_private.h
branches/ros-amd64-bringup/reactos/dll/win32/crypt32/decode.c
branches/ros-amd64-bringup/reactos/dll/win32/crypt32/encode.c
branches/ros-amd64-bringup/reactos/dll/win32/crypt32/main.c
branches/ros-amd64-bringup/reactos/dll/win32/crypt32/object.c
branches/ros-amd64-bringup/reactos/dll/win32/crypt32/oid.c
branches/ros-amd64-bringup/reactos/dll/win32/crypt32/store.c
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/chain.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/w…
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/chain.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/chain.c [iso-8859-1] Wed Mar 24
00:59:58 2010
@@ -686,8 +686,12 @@
authority_end = strchrW(name, '?');
if (!authority_end)
authority_end = name + strlenW(name);
- /* Remove any port number from the authority */
- for (colon = authority_end; colon >= name && *colon != ':';
colon--)
+ /* Remove any port number from the authority. The userinfo portion
+ * of an authority may contain a colon, so stop if a userinfo portion
+ * is found (indicated by '@').
+ */
+ for (colon = authority_end; colon >= name && *colon != ':'
&&
+ *colon != '@'; colon--)
;
if (*colon == ':')
authority_end = colon;
@@ -1298,6 +1302,78 @@
}
}
LocalFree(nameConstraints);
+ }
+ }
+}
+
+/* Gets cert's policies info, if any. Free with LocalFree. */
+static CERT_POLICIES_INFO *CRYPT_GetPolicies(PCCERT_CONTEXT cert)
+{
+ PCERT_EXTENSION ext;
+ CERT_POLICIES_INFO *policies = NULL;
+
+ ext = CertFindExtension(szOID_KEY_USAGE, cert->pCertInfo->cExtension,
+ cert->pCertInfo->rgExtension);
+ if (ext)
+ {
+ DWORD size;
+
+ CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_POLICIES,
+ ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
+ &policies, &size);
+ }
+ return policies;
+}
+
+static void CRYPT_CheckPolicies(CERT_POLICIES_INFO *policies, CERT_INFO *cert,
+ DWORD *errorStatus)
+{
+ DWORD i;
+
+ for (i = 0; i < policies->cPolicyInfo; i++)
+ {
+ /* For now, the only accepted policy identifier is the anyPolicy
+ * identifier.
+ * FIXME: the policy identifiers should be compared against the
+ * cert's certificate policies extension, subject to the policy
+ * mappings extension, and the policy constraints extension.
+ * See RFC 5280, sections 4.2.1.4, 4.2.1.5, and 4.2.1.11.
+ */
+ if (strcmp(policies->rgPolicyInfo[i].pszPolicyIdentifier,
+ szOID_ANY_CERT_POLICY))
+ {
+ FIXME("unsupported policy %s\n",
+ policies->rgPolicyInfo[i].pszPolicyIdentifier);
+ *errorStatus |= CERT_TRUST_INVALID_POLICY_CONSTRAINTS;
+ }
+ }
+}
+
+static void CRYPT_CheckChainPolicies(PCERT_SIMPLE_CHAIN chain)
+{
+ int i, j;
+
+ for (i = chain->cElement - 1; i > 0; i--)
+ {
+ CERT_POLICIES_INFO *policies;
+
+ if ((policies = CRYPT_GetPolicies(chain->rgpElement[i]->pCertContext)))
+ {
+ for (j = i - 1; j >= 0; j--)
+ {
+ DWORD errorStatus = 0;
+
+ CRYPT_CheckPolicies(policies,
+ chain->rgpElement[j]->pCertContext->pCertInfo,
&errorStatus);
+ if (errorStatus)
+ {
+ chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
+ errorStatus;
+ CRYPT_CombineTrustStatus(&chain->TrustStatus,
+ &chain->rgpElement[i]->TrustStatus);
+ }
+ }
+ LocalFree(policies);
}
}
}
@@ -1735,6 +1811,8 @@
ret = TRUE;
else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME2))
ret = TRUE;
+ else if (!strcmp(oid, szOID_CERT_POLICIES))
+ ret = TRUE;
else if (!strcmp(oid, szOID_ENHANCED_KEY_USAGE))
ret = TRUE;
else
@@ -1879,6 +1957,7 @@
&chain->rgpElement[i]->TrustStatus);
}
CRYPT_CheckChainNameConstraints(chain);
+ CRYPT_CheckChainPolicies(chain);
if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext))
{
rootElement->TrustStatus.dwInfoStatus |=
@@ -3376,7 +3455,7 @@
TRACE("(%s, %p, %p, %p)\n", debugstr_a(szPolicyOID), pChainContext,
pPolicyPara, pPolicyStatus);
- if (!HIWORD(szPolicyOID))
+ if (IS_INTOID(szPolicyOID))
{
switch (LOWORD(szPolicyOID))
{
Removed: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32.rc
URL:
http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/w…
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32.rc [iso-8859-1]
(original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32.rc (removed)
@@ -1,34 +1,0 @@
-/*
- * crypt32 dll resources
- *
- * Copyright (C) 2006 Juan Lang
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- */
-#include "windef.h"
-#include "winbase.h"
-#include "winuser.h"
-#include "cryptres.h"
-
-#include "version.rc"
-
-#include "crypt32_De.rc"
-#include "crypt32_En.rc"
-#include "crypt32_Fr.rc"
-#include "crypt32_Ko.rc"
-#include "crypt32_Nl.rc"
-#include "crypt32_No.rc"
-#include "crypt32_Pt.rc"
-#include "crypt32_Sv.rc"
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_Fr.rc
URL:
http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/w…
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_Fr.rc [iso-8859-1]
(original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_Fr.rc [iso-8859-1] Wed
Mar 24 00:59:58 2010
@@ -242,4 +242,3 @@
IDS_NETSCAPE_SMIME_CA "AC S/MIME"
IDS_NETSCAPE_SIGN_CA "Signature CA"
}
-#pragma code_page(default)
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_private.h
URL:
http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/w…
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_private.h [iso-8859-1]
(original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_private.h [iso-8859-1]
Wed Mar 24 00:59:58 2010
@@ -405,4 +405,8 @@
#define ALIGN_DWORD_PTR(x) (((x) + sizeof(DWORD_PTR) - 1) & ~(sizeof(DWORD_PTR) -
1))
#define POINTER_ALIGN_DWORD_PTR(p) ((LPVOID)ALIGN_DWORD_PTR((DWORD_PTR)(p)))
+/* Check if the OID is a small int
+ */
+#define IS_INTOID(x) (((ULONG_PTR)(x) >> 16) == 0)
+
#endif
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/decode.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/w…
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/decode.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/decode.c [iso-8859-1] Wed Mar 24
00:59:58 2010
@@ -5578,7 +5578,7 @@
SetLastError(ERROR_FILE_NOT_FOUND);
return NULL;
}
- if (!HIWORD(lpszStructType))
+ if (IS_INTOID(lpszStructType))
{
switch (LOWORD(lpszStructType))
{
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/encode.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/w…
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/encode.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/encode.c [iso-8859-1] Wed Mar 24
00:59:58 2010
@@ -4305,7 +4305,7 @@
return NULL;
}
- if (!HIWORD(lpszStructType))
+ if (IS_INTOID(lpszStructType))
{
switch (LOWORD(lpszStructType))
{
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/main.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/w…
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/main.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/main.c [iso-8859-1] Wed Mar 24
00:59:58 2010
@@ -64,8 +64,8 @@
{
HCRYPTPROV prov;
- if (!CryptAcquireContextW(&prov, NULL, MS_ENHANCED_PROV_W, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT))
+ if (!CryptAcquireContextW(&prov, NULL, MS_ENH_RSA_AES_PROV_W,
+ PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
return hDefProv;
InterlockedCompareExchangePointer((PVOID *)&hDefProv, (PVOID)prov,
NULL);
@@ -161,8 +161,13 @@
BOOL WINAPI I_CryptFreeTls(DWORD dwTlsIndex, DWORD unknown)
{
+ BOOL ret;
+
TRACE("(%d, %d)\n", dwTlsIndex, unknown);
- return TlsFree(dwTlsIndex);
+
+ ret = TlsFree(dwTlsIndex);
+ if (!ret) SetLastError( E_INVALIDARG );
+ return ret;
}
BOOL WINAPI I_CryptGetOssGlobal(DWORD x)
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/object.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/w…
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/object.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/object.c [iso-8859-1] Wed Mar 24
00:59:58 2010
@@ -2525,7 +2525,7 @@
SetLastError(ERROR_FILE_NOT_FOUND);
return NULL;
}
- if (!HIWORD(lpszStructType))
+ if (IS_INTOID(lpszStructType))
{
switch (LOWORD(lpszStructType))
{
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/oid.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/w…
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/oid.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/oid.c [iso-8859-1] Wed Mar 24
00:59:58 2010
@@ -170,7 +170,7 @@
* "EncodingType 2" would be expected if it were a mask. Instead native
* stores values in "EncodingType 3".
*/
- if (!HIWORD(pszOID))
+ if (IS_INTOID(pszOID))
{
snprintf(numericOID, sizeof(numericOID), "#%d", LOWORD(pszOID));
oid = numericOID;
@@ -255,7 +255,7 @@
{
struct OIDFunction *func;
- if (HIWORD(rgFuncEntry[i].pszOID))
+ if (!IS_INTOID(rgFuncEntry[i].pszOID))
func = CryptMemAlloc(sizeof(struct OIDFunction)
+ strlen(rgFuncEntry[i].pszOID) + 1);
else
@@ -263,7 +263,7 @@
if (func)
{
func->encoding = GET_CERT_ENCODING_TYPE(dwEncodingType);
- if (HIWORD(rgFuncEntry[i].pszOID))
+ if (!IS_INTOID(rgFuncEntry[i].pszOID))
{
LPSTR oid;
@@ -402,9 +402,9 @@
{
if (function->encoding == GET_CERT_ENCODING_TYPE(dwEncodingType))
{
- if (HIWORD(pszOID))
+ if (!IS_INTOID(pszOID))
{
- if (HIWORD(function->entry.pszOID) &&
+ if (!IS_INTOID(function->entry.pszOID) &&
!strcasecmp(function->entry.pszOID, pszOID))
{
*ppvFuncAddr = function->entry.pvFuncAddr;
@@ -1067,6 +1067,9 @@
static const WCHAR rc4[] = { 'r','c','4',0 };
static const WCHAR sha[] = { 's','h','a',0 };
static const WCHAR sha1[] = { 's','h','a','1',0 };
+static const WCHAR sha256[] = {
's','h','a','2','5','6',0 };
+static const WCHAR sha384[] = {
's','h','a','3','8','4',0 };
+static const WCHAR sha512[] = {
's','h','a','5','1','2',0 };
static const WCHAR RSA[] = { 'R','S','A',0 };
static const WCHAR RSA_KEYX[] = {
'R','S','A','_','K','E','Y','X',0
};
static const WCHAR RSA_SIGN[] = {
'R','S','A','_','S','I','G','N',0
};
@@ -1086,6 +1089,9 @@
static const WCHAR sha1DSA[] = {
's','h','a','1','D','S','A',0 };
static const WCHAR shaRSA[] = {
's','h','a','R','S','A',0 };
static const WCHAR sha1RSA[] = {
's','h','a','1','R','S','A',0 };
+static const WCHAR sha256RSA[] = {
's','h','a','2','5','6','R','S','A',0
};
+static const WCHAR sha384RSA[] = {
's','h','a','3','8','4','R','S','A',0
};
+static const WCHAR sha512RSA[] = {
's','h','a','5','1','2','R','S','A',0
};
static const WCHAR mosaicUpdatedSig[] =
{
'm','o','s','a','i','c','U','p','d','a','t','e','d','S','i','g',0
};
static const WCHAR CN[] = { 'C','N',0 };
@@ -1189,6 +1195,9 @@
{ 3, szOID_PKIX_NO_SIGNATURE, CALG_NO_SIGN, NO_SIGN, NULL },
{ 4, szOID_RSA_SHA1RSA, CALG_SHA1, sha1RSA, &rsaSignBlob },
+ { 4, szOID_RSA_SHA256RSA, CALG_SHA_256, sha256RSA, &rsaSignBlob },
+ { 4, szOID_RSA_SHA384RSA, CALG_SHA_384, sha384RSA, &rsaSignBlob },
+ { 4, szOID_RSA_SHA512RSA, CALG_SHA_512, sha512RSA, &rsaSignBlob },
{ 4, szOID_RSA_MD5RSA, CALG_MD5, md5RSA, &rsaSignBlob },
{ 4, szOID_X957_SHA1DSA, CALG_SHA1, sha1DSA, &dssSignBlob },
{ 4, szOID_OIWSEC_sha1RSASign, CALG_SHA1, sha1RSA, &rsaSignBlob },
@@ -1398,7 +1407,7 @@
for (i = 0; i < sizeof(oidInfoConstructors) /
sizeof(oidInfoConstructors[0]); i++)
{
- if (HIWORD(oidInfoConstructors[i].pwszName))
+ if (!IS_INTRESOURCE(oidInfoConstructors[i].pwszName))
{
struct OIDInfo *info;
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/store.c
URL:
http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/w…
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/store.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/store.c [iso-8859-1] Wed Mar 24
00:59:58 2010
@@ -745,7 +745,7 @@
TRACE("(%s, %08x, %08lx, %08x, %p)\n", debugstr_a(lpszStoreProvider),
dwMsgAndCertEncodingType, hCryptProv, dwFlags, pvPara);
- if (!HIWORD(lpszStoreProvider))
+ if (IS_INTOID(lpszStoreProvider))
{
switch (LOWORD(lpszStoreProvider))
{
5398
days inactive
5398
days old
0 comments
1 participants
participants (1)
-
tkreuzer@svn.reactos.org