[tkreuzer] 46378: Merge trunk HEAD (r46369) (part 4/x) - Ros-diffs

23 Mar 2010

Author: tkreuzer
Date: Wed Mar 24 00:59:58 2010
New Revision: 46378
URL: http://svn.reactos.org/svn/reactos?rev=46378&view=rev
Log:
Merge trunk HEAD (r46369)
(part 4/x)
Added:
    branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_Uk.rc
      - copied unchanged from r46369, trunk/reactos/dll/win32/crypt32/crypt32_Uk.rc
Removed:
    branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32.rc
Modified:
    branches/ros-amd64-bringup/reactos/dll/win32/crypt32/chain.c
    branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_Fr.rc
    branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_private.h
    branches/ros-amd64-bringup/reactos/dll/win32/crypt32/decode.c
    branches/ros-amd64-bringup/reactos/dll/win32/crypt32/encode.c
    branches/ros-amd64-bringup/reactos/dll/win32/crypt32/main.c
    branches/ros-amd64-bringup/reactos/dll/win32/crypt32/object.c
    branches/ros-amd64-bringup/reactos/dll/win32/crypt32/oid.c
    branches/ros-amd64-bringup/reactos/dll/win32/crypt32/store.c
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/chain.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/wi...
==============================================================================

--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/chain.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/chain.c [iso-8859-1] Wed Mar 24 00:59:58 2010
@@ -686,8 +686,12 @@
             authority_end = strchrW(name, '?');
         if (!authority_end)
             authority_end = name + strlenW(name);
-        /* Remove any port number from the authority */
-        for (colon = authority_end; colon >= name && *colon != ':'; colon--)
+        /* Remove any port number from the authority.  The userinfo portion
+         * of an authority may contain a colon, so stop if a userinfo portion
+         * is found (indicated by '@').
+         */
+        for (colon = authority_end; colon >= name && *colon != ':' &&
+         *colon != '@'; colon--)
             ;
         if (*colon == ':')
             authority_end = colon;
@@ -1298,6 +1302,78 @@
                 }
             }
             LocalFree(nameConstraints);
+        }
+    }
+}
+
+/* Gets cert's policies info, if any.  Free with LocalFree. */
+static CERT_POLICIES_INFO *CRYPT_GetPolicies(PCCERT_CONTEXT cert)
+{
+    PCERT_EXTENSION ext;
+    CERT_POLICIES_INFO *policies = NULL;
+
+    ext = CertFindExtension(szOID_KEY_USAGE, cert->pCertInfo->cExtension,
+     cert->pCertInfo->rgExtension);
+    if (ext)
+    {
+        DWORD size;
+
+        CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_POLICIES,
+         ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
+         &policies, &size);
+    }
+    return policies;
+}
+
+static void CRYPT_CheckPolicies(CERT_POLICIES_INFO *policies, CERT_INFO *cert,
+ DWORD *errorStatus)
+{
+    DWORD i;
+
+    for (i = 0; i < policies->cPolicyInfo; i++)
+    {
+        /* For now, the only accepted policy identifier is the anyPolicy
+         * identifier.
+         * FIXME: the policy identifiers should be compared against the
+         * cert's certificate policies extension, subject to the policy
+         * mappings extension, and the policy constraints extension.
+         * See RFC 5280, sections 4.2.1.4, 4.2.1.5, and 4.2.1.11.
+         */
+        if (strcmp(policies->rgPolicyInfo[i].pszPolicyIdentifier,
+         szOID_ANY_CERT_POLICY))
+        {
+            FIXME("unsupported policy %s\n",
+             policies->rgPolicyInfo[i].pszPolicyIdentifier);
+            *errorStatus |= CERT_TRUST_INVALID_POLICY_CONSTRAINTS;
+        }
+    }
+}
+
+static void CRYPT_CheckChainPolicies(PCERT_SIMPLE_CHAIN chain)
+{
+    int i, j;
+
+    for (i = chain->cElement - 1; i > 0; i--)
+    {
+        CERT_POLICIES_INFO *policies;
+
+        if ((policies = CRYPT_GetPolicies(chain->rgpElement[i]->pCertContext)))
+        {
+            for (j = i - 1; j >= 0; j--)
+            {
+                DWORD errorStatus = 0;
+
+                CRYPT_CheckPolicies(policies,
+                 chain->rgpElement[j]->pCertContext->pCertInfo, &errorStatus);
+                if (errorStatus)
+                {
+                    chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
+                     errorStatus;
+                    CRYPT_CombineTrustStatus(&chain->TrustStatus,
+                     &chain->rgpElement[i]->TrustStatus);
+                }
+            }
+            LocalFree(policies);
         }
     }
 }
@@ -1735,6 +1811,8 @@
                 ret = TRUE;
             else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME2))
                 ret = TRUE;
+            else if (!strcmp(oid, szOID_CERT_POLICIES))
+                ret = TRUE;
             else if (!strcmp(oid, szOID_ENHANCED_KEY_USAGE))
                 ret = TRUE;
             else
@@ -1879,6 +1957,7 @@
          &chain->rgpElement[i]->TrustStatus);
     }
     CRYPT_CheckChainNameConstraints(chain);
+    CRYPT_CheckChainPolicies(chain);
     if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext))
     {
         rootElement->TrustStatus.dwInfoStatus |=
@@ -3376,7 +3455,7 @@
     TRACE("(%s, %p, %p, %p)\n", debugstr_a(szPolicyOID), pChainContext,
      pPolicyPara, pPolicyStatus);
-    if (!HIWORD(szPolicyOID))
+    if (IS_INTOID(szPolicyOID))
     {
         switch (LOWORD(szPolicyOID))
         {
Removed: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32.rc
URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/wi...
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32.rc [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32.rc (removed)
@@ -1,34 +1,0 @@
-/*
- * crypt32 dll resources
- *
- * Copyright (C) 2006 Juan Lang
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- */
-#include "windef.h"
-#include "winbase.h"
-#include "winuser.h"
-#include "cryptres.h"
-
-#include "version.rc"
-
-#include "crypt32_De.rc"
-#include "crypt32_En.rc"
-#include "crypt32_Fr.rc"
-#include "crypt32_Ko.rc"
-#include "crypt32_Nl.rc"
-#include "crypt32_No.rc"
-#include "crypt32_Pt.rc"
-#include "crypt32_Sv.rc"
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_Fr.rc
URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/wi...
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_Fr.rc [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_Fr.rc [iso-8859-1] Wed Mar 24 00:59:58 2010
@@ -242,4 +242,3 @@
     IDS_NETSCAPE_SMIME_CA "AC S/MIME"
     IDS_NETSCAPE_SIGN_CA "Signature CA"
 }
-#pragma code_page(default)
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_private.h
URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/wi...
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_private.h [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/crypt32_private.h [iso-8859-1] Wed Mar 24 00:59:58 2010
@@ -405,4 +405,8 @@
 #define ALIGN_DWORD_PTR(x) (((x) + sizeof(DWORD_PTR) - 1) & ~(sizeof(DWORD_PTR) - 1))
 #define POINTER_ALIGN_DWORD_PTR(p) ((LPVOID)ALIGN_DWORD_PTR((DWORD_PTR)(p)))
+/* Check if the OID is a small int
+ */
+#define IS_INTOID(x)    (((ULONG_PTR)(x) >> 16) == 0)
+
 #endif
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/decode.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/wi...
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/decode.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/decode.c [iso-8859-1] Wed Mar 24 00:59:58 2010
@@ -5578,7 +5578,7 @@
         SetLastError(ERROR_FILE_NOT_FOUND);
         return NULL;
     }
-    if (!HIWORD(lpszStructType))
+    if (IS_INTOID(lpszStructType))
     {
         switch (LOWORD(lpszStructType))
         {
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/encode.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/wi...
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/encode.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/encode.c [iso-8859-1] Wed Mar 24 00:59:58 2010
@@ -4305,7 +4305,7 @@
         return NULL;
     }
-    if (!HIWORD(lpszStructType))
+    if (IS_INTOID(lpszStructType))
     {
         switch (LOWORD(lpszStructType))
         {
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/main.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/wi...
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/main.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/main.c [iso-8859-1] Wed Mar 24 00:59:58 2010
@@ -64,8 +64,8 @@
     {
         HCRYPTPROV prov;
-        if (!CryptAcquireContextW(&prov, NULL, MS_ENHANCED_PROV_W, PROV_RSA_FULL,
-         CRYPT_VERIFYCONTEXT))
+        if (!CryptAcquireContextW(&prov, NULL, MS_ENH_RSA_AES_PROV_W,
+         PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
             return hDefProv;
         InterlockedCompareExchangePointer((PVOID *)&hDefProv, (PVOID)prov,
          NULL);
@@ -161,8 +161,13 @@
BOOL WINAPI I_CryptFreeTls(DWORD dwTlsIndex, DWORD unknown)
 {
+    BOOL ret;
+
     TRACE("(%d, %d)\n", dwTlsIndex, unknown);
-    return TlsFree(dwTlsIndex);
+
+    ret = TlsFree(dwTlsIndex);
+    if (!ret) SetLastError( E_INVALIDARG );
+    return ret;
 }
BOOL WINAPI I_CryptGetOssGlobal(DWORD x)
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/object.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/wi...
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/object.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/object.c [iso-8859-1] Wed Mar 24 00:59:58 2010
@@ -2525,7 +2525,7 @@
         SetLastError(ERROR_FILE_NOT_FOUND);
         return NULL;
     }
-    if (!HIWORD(lpszStructType))
+    if (IS_INTOID(lpszStructType))
     {
         switch (LOWORD(lpszStructType))
         {
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/oid.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/wi...
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/oid.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/oid.c [iso-8859-1] Wed Mar 24 00:59:58 2010
@@ -170,7 +170,7 @@
      * "EncodingType 2" would be expected if it were a mask.  Instead native
      * stores values in "EncodingType 3".
      */
-    if (!HIWORD(pszOID))
+    if (IS_INTOID(pszOID))
     {
         snprintf(numericOID, sizeof(numericOID), "#%d", LOWORD(pszOID));
         oid = numericOID;
@@ -255,7 +255,7 @@
         {
             struct OIDFunction *func;
-            if (HIWORD(rgFuncEntry[i].pszOID))
+            if (!IS_INTOID(rgFuncEntry[i].pszOID))
                 func = CryptMemAlloc(sizeof(struct OIDFunction)
                  + strlen(rgFuncEntry[i].pszOID) + 1);
             else
@@ -263,7 +263,7 @@
             if (func)
             {
                 func->encoding = GET_CERT_ENCODING_TYPE(dwEncodingType);
-                if (HIWORD(rgFuncEntry[i].pszOID))
+                if (!IS_INTOID(rgFuncEntry[i].pszOID))
                 {
                     LPSTR oid;
@@ -402,9 +402,9 @@
         {
             if (function->encoding == GET_CERT_ENCODING_TYPE(dwEncodingType))
             {
-                if (HIWORD(pszOID))
+                if (!IS_INTOID(pszOID))
                 {
-                    if (HIWORD(function->entry.pszOID) &&
+                    if (!IS_INTOID(function->entry.pszOID) &&
                      !strcasecmp(function->entry.pszOID, pszOID))
                     {
                         *ppvFuncAddr = function->entry.pvFuncAddr;
@@ -1067,6 +1067,9 @@
 static const WCHAR rc4[] = { 'r','c','4',0 };
 static const WCHAR sha[] = { 's','h','a',0 };
 static const WCHAR sha1[] = { 's','h','a','1',0 };
+static const WCHAR sha256[] = { 's','h','a','2','5','6',0 };
+static const WCHAR sha384[] = { 's','h','a','3','8','4',0 };
+static const WCHAR sha512[] = { 's','h','a','5','1','2',0 };
 static const WCHAR RSA[] = { 'R','S','A',0 };
 static const WCHAR RSA_KEYX[] = { 'R','S','A','_','K','E','Y','X',0 };
 static const WCHAR RSA_SIGN[] = { 'R','S','A','_','S','I','G','N',0 };
@@ -1086,6 +1089,9 @@
 static const WCHAR sha1DSA[] = { 's','h','a','1','D','S','A',0 };
 static const WCHAR shaRSA[] = { 's','h','a','R','S','A',0 };
 static const WCHAR sha1RSA[] = { 's','h','a','1','R','S','A',0 };
+static const WCHAR sha256RSA[] = { 's','h','a','2','5','6','R','S','A',0 };
+static const WCHAR sha384RSA[] = { 's','h','a','3','8','4','R','S','A',0 };
+static const WCHAR sha512RSA[] = { 's','h','a','5','1','2','R','S','A',0 };
 static const WCHAR mosaicUpdatedSig[] =
  { 'm','o','s','a','i','c','U','p','d','a','t','e','d','S','i','g',0 };
 static const WCHAR CN[] = { 'C','N',0 };
@@ -1189,6 +1195,9 @@
  { 3, szOID_PKIX_NO_SIGNATURE,         CALG_NO_SIGN,  NO_SIGN, NULL },
{ 4, szOID_RSA_SHA1RSA,               CALG_SHA1,     sha1RSA, &rsaSignBlob },
+ { 4, szOID_RSA_SHA256RSA,             CALG_SHA_256,  sha256RSA, &rsaSignBlob },
+ { 4, szOID_RSA_SHA384RSA,             CALG_SHA_384,  sha384RSA, &rsaSignBlob },
+ { 4, szOID_RSA_SHA512RSA,             CALG_SHA_512,  sha512RSA, &rsaSignBlob },
  { 4, szOID_RSA_MD5RSA,                CALG_MD5,      md5RSA, &rsaSignBlob },
  { 4, szOID_X957_SHA1DSA,              CALG_SHA1,     sha1DSA, &dssSignBlob },
  { 4, szOID_OIWSEC_sha1RSASign,        CALG_SHA1,     sha1RSA, &rsaSignBlob },
@@ -1398,7 +1407,7 @@
     for (i = 0; i < sizeof(oidInfoConstructors) /
      sizeof(oidInfoConstructors[0]); i++)
     {
-        if (HIWORD(oidInfoConstructors[i].pwszName))
+        if (!IS_INTRESOURCE(oidInfoConstructors[i].pwszName))
         {
             struct OIDInfo *info;
Modified: branches/ros-amd64-bringup/reactos/dll/win32/crypt32/store.c
URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/dll/wi...
==============================================================================
--- branches/ros-amd64-bringup/reactos/dll/win32/crypt32/store.c [iso-8859-1] (original)
+++ branches/ros-amd64-bringup/reactos/dll/win32/crypt32/store.c [iso-8859-1] Wed Mar 24 00:59:58 2010
@@ -745,7 +745,7 @@
     TRACE("(%s, %08x, %08lx, %08x, %p)\n", debugstr_a(lpszStoreProvider),
           dwMsgAndCertEncodingType, hCryptProv, dwFlags, pvPara);
-    if (!HIWORD(lpszStoreProvider))
+    if (IS_INTOID(lpszStoreProvider))
     {
         switch (LOWORD(lpszStoreProvider))
         {

    