wine-commits October 2009

wine-commits@winehq.org

3 participants
1207 discussions

Vincent Povirk : ole32: Don' t call internal functions from OLECONVERT_WriteOLE20ToBuffer.
by Alexandre Julliard 30 Oct '09

30 Oct '09

Module: wine Branch: master Commit: 39e35cd7b45233b943c91e35f6433342fbc05e7e URL: http://source.winehq.org/git/wine.git/?a=commit;h=39e35cd7b45233b943c91e35f… Author: Vincent Povirk <vincent(a)codeweavers.com> Date: Wed Oct 28 14:39:05 2009 -0500 ole32: Don't call internal functions from OLECONVERT_WriteOLE20ToBuffer. --- dlls/ole32/storage32.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dlls/ole32/storage32.c b/dlls/ole32/storage32.c index 468ef44..23b3049 100644 --- a/dlls/ole32/storage32.c +++ b/dlls/ole32/storage32.c @@ -6697,8 +6697,8 @@ static DWORD OLECONVERT_WriteOLE20ToBuffer(LPSTORAGE pStorage, BYTE **pData) if(hRes == S_OK) { /* Copy Src Storage to the Temp Storage */ - StorageImpl_CopyTo(pStorage, 0, NULL, NULL, pTempStorage); - StorageBaseImpl_Release(pTempStorage); + IStorage_CopyTo(pStorage, 0, NULL, NULL, pTempStorage); + IStorage_Release(pTempStorage); /* Open Temp Storage as a file and copy to memory */ hFile = CreateFileW(wstrTempFile, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);

1 0

Vincent Povirk : ole32: Don' t call internal functions from OLECONVERT_GetOLE20FromOLE10.
by Alexandre Julliard 30 Oct '09

30 Oct '09

Module: wine Branch: master Commit: 6a360257136d7505a8f11c9a009537c001a61efa URL: http://source.winehq.org/git/wine.git/?a=commit;h=6a360257136d7505a8f11c9a0… Author: Vincent Povirk <vincent(a)codeweavers.com> Date: Wed Oct 28 14:37:37 2009 -0500 ole32: Don't call internal functions from OLECONVERT_GetOLE20FromOLE10. --- dlls/ole32/storage32.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dlls/ole32/storage32.c b/dlls/ole32/storage32.c index b0e0ada..468ef44 100644 --- a/dlls/ole32/storage32.c +++ b/dlls/ole32/storage32.c @@ -6652,8 +6652,8 @@ static void OLECONVERT_GetOLE20FromOLE10(LPSTORAGE pDestStorage, const BYTE *pBu hRes = StgOpenStorage(wstrTempFile, NULL, STGM_READ, NULL, 0, &pTempStorage); if(hRes == S_OK) { - hRes = StorageImpl_CopyTo(pTempStorage, 0, NULL, NULL, pDestStorage); - StorageBaseImpl_Release(pTempStorage); + hRes = IStorage_CopyTo(pTempStorage, 0, NULL, NULL, pDestStorage); + IStorage_Release(pTempStorage); } DeleteFileW(wstrTempFile); }

1 0

Vincent Povirk : ole32: Rename StorageImpl_CreateStorage to StorageBaseImpl_CreateStorage.
by Alexandre Julliard 30 Oct '09

30 Oct '09

Module: wine Branch: master Commit: 4f6e2453e943b31e2afbd0f205ee5ab62fb0dd1a URL: http://source.winehq.org/git/wine.git/?a=commit;h=4f6e2453e943b31e2afbd0f20… Author: Vincent Povirk <vincent(a)codeweavers.com> Date: Wed Oct 28 14:35:24 2009 -0500 ole32: Rename StorageImpl_CreateStorage to StorageBaseImpl_CreateStorage. We don't just use the function for StorageImpl. --- dlls/ole32/storage32.c | 24 ++++++++++++------------ 1 files changed, 12 insertions(+), 12 deletions(-) diff --git a/dlls/ole32/storage32.c b/dlls/ole32/storage32.c index 4343281..b0e0ada 100644 --- a/dlls/ole32/storage32.c +++ b/dlls/ole32/storage32.c @@ -1009,13 +1009,13 @@ static HRESULT WINAPI StorageBaseImpl_SetClass( */ /************************************************************************ - * Storage32Impl_CreateStorage (IStorage) + * Storage32BaseImpl_CreateStorage (IStorage) * * This method will create the storage object within the provided storage. * * See Windows documentation for more details on IStorage methods. */ -static HRESULT WINAPI StorageImpl_CreateStorage( +static HRESULT WINAPI StorageBaseImpl_CreateStorage( IStorage* iface, const OLECHAR *pwcsName, /* [string][in] */ DWORD grfMode, /* [in] */ @@ -1023,7 +1023,7 @@ static HRESULT WINAPI StorageImpl_CreateStorage( DWORD reserved2, /* [in] */ IStorage **ppstg) /* [out] */ { - StorageImpl* const This=(StorageImpl*)iface; + StorageBaseImpl* const This=(StorageBaseImpl*)iface; StgProperty currentProperty; StgProperty newProperty; @@ -1053,14 +1053,14 @@ static HRESULT WINAPI StorageImpl_CreateStorage( /* * Check that we're compatible with the parent's storage mode */ - if ( STGM_ACCESS_MODE( grfMode ) > STGM_ACCESS_MODE( This->base.openFlags ) ) + if ( STGM_ACCESS_MODE( grfMode ) > STGM_ACCESS_MODE( This->openFlags ) ) { WARN("access denied\n"); return STG_E_ACCESSDENIED; } - foundPropertyIndex = findElement(This->base.ancestorStorage, - This->base.rootPropertySetIndex, + foundPropertyIndex = findElement(This->ancestorStorage, + This->rootPropertySetIndex, pwcsName, &currentProperty); @@ -1070,7 +1070,7 @@ static HRESULT WINAPI StorageImpl_CreateStorage( * An element with this name already exists */ if (STGM_CREATE_MODE(grfMode) == STGM_CREATE && - STGM_ACCESS_MODE(This->base.openFlags) != STGM_READ) + STGM_ACCESS_MODE(This->openFlags) != STGM_READ) { hr = IStorage_DestroyElement(iface, pwcsName); if (FAILED(hr)) @@ -1082,7 +1082,7 @@ static HRESULT WINAPI StorageImpl_CreateStorage( return STG_E_FILEALREADYEXISTS; } } - else if (STGM_ACCESS_MODE(This->base.openFlags) == STGM_READ) + else if (STGM_ACCESS_MODE(This->openFlags) == STGM_READ) { WARN("read-only storage\n"); return STG_E_ACCESSDENIED; @@ -1122,13 +1122,13 @@ static HRESULT WINAPI StorageImpl_CreateStorage( /* * Save the new property into a new property spot */ - createDirEntry(This->base.ancestorStorage, &newProperty, &newPropertyIndex); + createDirEntry(This->ancestorStorage, &newProperty, &newPropertyIndex); /* * Find a spot in the property chain for our newly created property. */ updatePropertyChain( - &This->base, + This, newPropertyIndex, newProperty); @@ -2139,7 +2139,7 @@ static const IStorageVtbl Storage32Impl_Vtbl = StorageBaseImpl_Release, StorageBaseImpl_CreateStream, StorageBaseImpl_OpenStream, - StorageImpl_CreateStorage, + StorageBaseImpl_CreateStorage, StorageBaseImpl_OpenStorage, StorageImpl_CopyTo, StorageImpl_MoveElementTo, @@ -3947,7 +3947,7 @@ static const IStorageVtbl Storage32InternalImpl_Vtbl = StorageBaseImpl_Release, StorageBaseImpl_CreateStream, StorageBaseImpl_OpenStream, - StorageImpl_CreateStorage, + StorageBaseImpl_CreateStorage, StorageBaseImpl_OpenStorage, StorageImpl_CopyTo, StorageImpl_MoveElementTo,

1 0

Vincent Povirk : ole32: Take a StorageBaseImpl in updatePropertyChain.
by Alexandre Julliard 30 Oct '09

30 Oct '09

Module: wine Branch: master Commit: f82924ffb989ac521361cf78fc7aca12124ab74e URL: http://source.winehq.org/git/wine.git/?a=commit;h=f82924ffb989ac521361cf78f… Author: Vincent Povirk <vincent(a)codeweavers.com> Date: Wed Oct 28 14:33:12 2009 -0500 ole32: Take a StorageBaseImpl in updatePropertyChain. The function is not always called with a top-level storage object, and the signature should reflect that. --- dlls/ole32/storage32.c | 28 ++++++++++++++-------------- 1 files changed, 14 insertions(+), 14 deletions(-) diff --git a/dlls/ole32/storage32.c b/dlls/ole32/storage32.c index b793b85..4343281 100644 --- a/dlls/ole32/storage32.c +++ b/dlls/ole32/storage32.c @@ -184,7 +184,7 @@ static HRESULT createDirEntry( ULONG *index); static void updatePropertyChain( - StorageImpl *storage, + StorageBaseImpl *storage, ULONG newPropertyIndex, StgProperty newProperty); @@ -765,7 +765,7 @@ static HRESULT WINAPI StorageBaseImpl_RenameElement( * Find a spot in the property chain for our newly created property. */ updatePropertyChain( - (StorageImpl*)This, + This, renamedPropertyIndex, renamedProperty); @@ -945,7 +945,7 @@ static HRESULT WINAPI StorageBaseImpl_CreateStream( * Find a spot in the property chain for our newly created property. */ updatePropertyChain( - (StorageImpl*)This, + This, newPropertyIndex, newStreamProperty); @@ -1128,7 +1128,7 @@ static HRESULT WINAPI StorageImpl_CreateStorage( * Find a spot in the property chain for our newly created property. */ updatePropertyChain( - This, + &This->base, newPropertyIndex, newProperty); @@ -1292,7 +1292,7 @@ static LONG propertyNameCmp( * Properly link this new element in the property chain. */ static void updatePropertyChain( - StorageImpl *storage, + StorageBaseImpl *storage, ULONG newPropertyIndex, StgProperty newProperty) { @@ -1301,8 +1301,8 @@ static void updatePropertyChain( /* * Read the root property */ - StorageImpl_ReadProperty(storage->base.ancestorStorage, - storage->base.rootPropertySetIndex, + StorageImpl_ReadProperty(storage->ancestorStorage, + storage->rootPropertySetIndex, &currentProperty); if (currentProperty.dirProperty != PROPERTY_NULL) @@ -1322,7 +1322,7 @@ static void updatePropertyChain( /* * Read */ - StorageImpl_ReadProperty(storage->base.ancestorStorage, + StorageImpl_ReadProperty(storage->ancestorStorage, currentProperty.dirProperty, &currentProperty); @@ -1338,7 +1338,7 @@ static void updatePropertyChain( { if (previous != PROPERTY_NULL) { - StorageImpl_ReadProperty(storage->base.ancestorStorage, + StorageImpl_ReadProperty(storage->ancestorStorage, previous, &currentProperty); current = previous; @@ -1346,7 +1346,7 @@ static void updatePropertyChain( else { currentProperty.leftChild = newPropertyIndex; - StorageImpl_WriteProperty(storage->base.ancestorStorage, + StorageImpl_WriteProperty(storage->ancestorStorage, current, &currentProperty); found = 1; @@ -1356,7 +1356,7 @@ static void updatePropertyChain( { if (next != PROPERTY_NULL) { - StorageImpl_ReadProperty(storage->base.ancestorStorage, + StorageImpl_ReadProperty(storage->ancestorStorage, next, &currentProperty); current = next; @@ -1364,7 +1364,7 @@ static void updatePropertyChain( else { currentProperty.rightChild = newPropertyIndex; - StorageImpl_WriteProperty(storage->base.ancestorStorage, + StorageImpl_WriteProperty(storage->ancestorStorage, current, &currentProperty); found = 1; @@ -1389,8 +1389,8 @@ static void updatePropertyChain( * The root storage is empty, link the new property to its dir property */ currentProperty.dirProperty = newPropertyIndex; - StorageImpl_WriteProperty(storage->base.ancestorStorage, - storage->base.rootPropertySetIndex, + StorageImpl_WriteProperty(storage->ancestorStorage, + storage->rootPropertySetIndex, &currentProperty); } }

1 0

Vincent Povirk : ole32: Convert adjustPropertyChain into real binary tree removal.
by Alexandre Julliard 30 Oct '09

30 Oct '09

Module: wine Branch: master Commit: 13b9666443cae8a5f6ece8498d1560c67dc66925 URL: http://source.winehq.org/git/wine.git/?a=commit;h=13b9666443cae8a5f6ece8498… Author: Vincent Povirk <vincent(a)codeweavers.com> Date: Wed Oct 28 14:24:18 2009 -0500 ole32: Convert adjustPropertyChain into real binary tree removal. Finding the parent of a node in a binary tree is a detail that should be handled inside the function. --- dlls/ole32/storage32.c | 57 ++++++++++++++++++++++------------------------- 1 files changed, 27 insertions(+), 30 deletions(-) diff --git a/dlls/ole32/storage32.c b/dlls/ole32/storage32.c index 18ced72..b793b85 100644 --- a/dlls/ole32/storage32.c +++ b/dlls/ole32/storage32.c @@ -169,12 +169,10 @@ static HRESULT deleteStreamProperty( ULONG foundPropertyIndexToDelete, StgProperty propertyToDelete); -static HRESULT adjustPropertyChain( +static HRESULT removeFromTree( StorageImpl *This, - StgProperty propertyToDelete, - StgProperty parentProperty, - ULONG parentPropertyId, - INT typeOfRelation); + ULONG parentStorageIndex, + ULONG deletedIndex); /*********************************************************************** * Declaration of the functions used to manipulate StgProperty @@ -1755,10 +1753,7 @@ static HRESULT WINAPI StorageImpl_DestroyElement( HRESULT hr = S_OK; StgProperty propertyToDelete; - StgProperty parentProperty; ULONG foundPropertyIndexToDelete; - ULONG typeOfRelation; - ULONG parentPropertyId = 0; TRACE("(%p, %s)\n", iface, debugstr_w(pwcsName)); @@ -1780,15 +1775,6 @@ static HRESULT WINAPI StorageImpl_DestroyElement( return STG_E_FILENOTFOUND; } - /* - * Find the property that links to the one we want to delete. - */ - hr = findTreeParent(This->base.ancestorStorage, This->base.rootPropertySetIndex, - pwcsName, &parentProperty, &parentPropertyId, &typeOfRelation); - - if (hr != S_OK) - return hr; - if ( propertyToDelete.propertyType == PROPTYPE_STORAGE ) { hr = deleteStorageProperty( @@ -1810,12 +1796,10 @@ static HRESULT WINAPI StorageImpl_DestroyElement( /* * Adjust the property chain */ - hr = adjustPropertyChain( - This, - propertyToDelete, - parentProperty, - parentPropertyId, - typeOfRelation); + hr = removeFromTree( + This->base.ancestorStorage, + This->base.rootPropertySetIndex, + foundPropertyIndexToDelete); /* * Invalidate the property by zeroing its name member. @@ -2018,18 +2002,31 @@ static void setPropertyLink(StgProperty *property, ULONG relation, ULONG new_tar * * Internal Method * - * This method takes the previous and the next property link of a property - * to be deleted and find them a place in the Storage. + * This method removes a directory entry from its parent storage tree without + * freeing any resources attached to it. */ -static HRESULT adjustPropertyChain( +static HRESULT removeFromTree( StorageImpl *This, - StgProperty propertyToDelete, - StgProperty parentProperty, - ULONG parentPropertyId, - INT typeOfRelation) + ULONG parentStorageIndex, + ULONG deletedIndex) { HRESULT hr = S_OK; BOOL res = TRUE; + StgProperty propertyToDelete; + StgProperty parentProperty; + ULONG parentPropertyId; + ULONG typeOfRelation; + + res = StorageImpl_ReadProperty(This, deletedIndex, &propertyToDelete); + + /* + * Find the property that links to the one we want to delete. + */ + hr = findTreeParent(This, parentStorageIndex, propertyToDelete.name, + &parentProperty, &parentPropertyId, &typeOfRelation); + + if (hr != S_OK) + return hr; if (propertyToDelete.leftChild != PROPERTY_NULL) {

1 0

Vincent Povirk : ole32: Remove directory entries from the tree before we free them.
by Alexandre Julliard 30 Oct '09

30 Oct '09

Module: wine Branch: master Commit: fd993b7d9dae06740d595443a9a262da8c787020 URL: http://source.winehq.org/git/wine.git/?a=commit;h=fd993b7d9dae06740d595443a… Author: Vincent Povirk <vincent(a)codeweavers.com> Date: Wed Oct 28 14:06:23 2009 -0500 ole32: Remove directory entries from the tree before we free them. The directory entry should still be valid as long as it's in the tree. --- dlls/ole32/storage32.c | 32 +++++++++----------------------- 1 files changed, 9 insertions(+), 23 deletions(-) diff --git a/dlls/ole32/storage32.c b/dlls/ole32/storage32.c index 89ae657..18ced72 100644 --- a/dlls/ole32/storage32.c +++ b/dlls/ole32/storage32.c @@ -1817,6 +1817,15 @@ static HRESULT WINAPI StorageImpl_DestroyElement( parentPropertyId, typeOfRelation); + /* + * Invalidate the property by zeroing its name member. + */ + propertyToDelete.sizeOfNameString = 0; + + StorageImpl_WriteProperty(This->base.ancestorStorage, + foundPropertyIndexToDelete, + &propertyToDelete); + return hr; } @@ -1936,15 +1945,6 @@ static HRESULT deleteStorageProperty( } while ((hr == S_OK) && (destroyHr == S_OK)); - /* - * Invalidate the property by zeroing its name member. - */ - propertyToDelete.sizeOfNameString = 0; - - StorageImpl_WriteProperty(parentStorage->base.ancestorStorage, - indexOfPropertyToDelete, - &propertyToDelete); - IStorage_Release(childStorage); IEnumSTATSTG_Release(elements); @@ -1993,20 +1993,6 @@ static HRESULT deleteStreamProperty( */ IStream_Release(pis); - /* - * Invalidate the property by zeroing its name member. - */ - propertyToDelete.sizeOfNameString = 0; - - /* - * Here we should re-read the property so we get the updated pointer - * but since we are here to zap it, I don't do it... - */ - StorageImpl_WriteProperty( - parentStorage->base.ancestorStorage, - indexOfPropertyToDelete, - &propertyToDelete); - return S_OK; }

1 0

Juan Lang : crypt32: Check CA certificates for the enhanced key usage extension.
by Alexandre Julliard 30 Oct '09

30 Oct '09

Module: wine Branch: master Commit: 07b735682bfcd5999b3306865e5158a56f7b21b5 URL: http://source.winehq.org/git/wine.git/?a=commit;h=07b735682bfcd5999b3306865… Author: Juan Lang <juan.lang(a)gmail.com> Date: Wed Oct 28 17:33:24 2009 -0700 crypt32: Check CA certificates for the enhanced key usage extension. --- dlls/crypt32/chain.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 59 insertions(+), 0 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 0637646..90093ae 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -1173,6 +1173,58 @@ static BOOL CRYPT_KeyUsageValid(PCertificateChainEngine engine, return ret; } +static BOOL CRYPT_ExtendedKeyUsageValidForCA(PCCERT_CONTEXT cert) +{ + PCERT_EXTENSION ext; + BOOL ret; + + /* RFC 5280, section 4.2.1.12: "In general, this extension will only + * appear in end entity certificates." And, "If a certificate contains + * both a key usage extension and an extended key usage extension, then + * both extensions MUST be processed independently and the certificate MUST + * only be used for a purpose consistent with both extensions." This seems + * to imply that it should be checked if present, and ignored if not. + * Unfortunately some CAs, e.g. the Thawte SGC CA, don't include the code + * signing extended key usage, whereas they do include the keyCertSign + * key usage. Thus, when checking for a CA, we only require the + * code signing extended key usage if the extended key usage is critical. + */ + ext = CertFindExtension(szOID_ENHANCED_KEY_USAGE, + cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); + if (ext && ext->fCritical) + { + CERT_ENHKEY_USAGE *usage; + DWORD size; + + ret = CryptDecodeObjectEx(cert->dwCertEncodingType, + X509_ENHANCED_KEY_USAGE, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, &usage, &size); + if (ret) + { + DWORD i; + + /* Explicitly require the code signing extended key usage for a CA + * with an extended key usage extension. That is, don't assume + * a cert is allowed to be a CA if it specifies the + * anyExtendedKeyUsage usage oid. See again RFC 5280, section + * 4.2.1.12: "Applications that require the presence of a + * particular purpose MAY reject certificates that include the + * anyExtendedKeyUsage OID but not the particular OID expected for + * the application." + */ + ret = FALSE; + for (i = 0; !ret && i < usage->cUsageIdentifier; i++) + if (!strcmp(usage->rgpszUsageIdentifier[i], + szOID_PKIX_KP_CODE_SIGNING)) + ret = TRUE; + LocalFree(usage); + } + } + else + ret = TRUE; + return ret; +} + static BOOL CRYPT_CriticalExtensionsSupported(PCCERT_CONTEXT cert) { BOOL ret = TRUE; @@ -1196,6 +1248,8 @@ static BOOL CRYPT_CriticalExtensionsSupported(PCCERT_CONTEXT cert) ret = TRUE; else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME2)) ret = TRUE; + else if (!strcmp(oid, szOID_ENHANCED_KEY_USAGE)) + ret = TRUE; else { FIXME("unsupported critical extension %s\n", @@ -1265,6 +1319,11 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine, constraints.fCA, i)) chain->rgpElement[i]->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_NOT_VALID_FOR_USAGE; + if (i != 0) + if (!CRYPT_ExtendedKeyUsageValidForCA( + chain->rgpElement[i]->pCertContext)) + chain->rgpElement[i]->TrustStatus.dwErrorStatus |= + CERT_TRUST_IS_NOT_VALID_FOR_USAGE; if (CRYPT_IsSimpleChainCyclic(chain)) { /* If the chain is cyclic, then the path length constraints

1 0

Juan Lang : crypt32: Only permit v1 or v2 CA certificates without a key usage extension if they 're installed locally.
by Alexandre Julliard 30 Oct '09

30 Oct '09

Module: wine Branch: master Commit: 60770fb011b0a60d7862e7fe9c7a6d24d68ac0ad URL: http://source.winehq.org/git/wine.git/?a=commit;h=60770fb011b0a60d7862e7fe9… Author: Juan Lang <juan.lang(a)gmail.com> Date: Wed Oct 28 17:32:39 2009 -0700 crypt32: Only permit v1 or v2 CA certificates without a key usage extension if they're installed locally. --- dlls/crypt32/chain.c | 44 +++++++++++++++++++++++++------------------- 1 files changed, 25 insertions(+), 19 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 5802773..0637646 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -1082,8 +1082,8 @@ static void dump_element(PCCERT_CONTEXT cert) dump_extension(&cert->pCertInfo->rgExtension[i]); } -static BOOL CRYPT_KeyUsageValid(PCCERT_CONTEXT cert, BOOL isRoot, BOOL isCA, - DWORD index) +static BOOL CRYPT_KeyUsageValid(PCertificateChainEngine engine, + PCCERT_CONTEXT cert, BOOL isCA, DWORD index) { PCERT_EXTENSION ext; BOOL ret; @@ -1121,20 +1121,33 @@ static BOOL CRYPT_KeyUsageValid(PCCERT_CONTEXT cert, BOOL isRoot, BOOL isCA, { if (!ext) { - /* MS appears to violate RFC 3280, section 4.2.1.3 (Key Usage) + /* MS appears to violate RFC 5280, section 4.2.1.3 (Key Usage) * here. Quoting the RFC: * "This [key usage] extension MUST appear in certificates that * contain public keys that are used to validate digital signatures * on other public key certificates or CRLs." - * Most of the test chains' certs do not contain key usage - * extensions, yet are allowed to be CA certs. This appears to - * be common usage too: the root CA in a chain often does not have - * the key usage extension. We are a little more restrictive: - * root certs, which commonly do not have any extensions, are - * allowed to sign certificates without the key usage extension. + * MS appears to accept certs that do not contain key usage + * extensions as CA certs. V1 and V2 certificates did not have + * extensions, and many root certificates are V1 certificates, so + * perhaps this is prudent. On the other hand, MS also accepts V3 + * certs without key usage extensions. We are more restrictive: + * we accept locally installed V1 or V2 certs as CA certs. */ - WARN_(chain)("no key usage extension on a CA cert\n"); - ret = isRoot; + ret = FALSE; + if (cert->pCertInfo->dwVersion == CERT_V1 || + cert->pCertInfo->dwVersion == CERT_V2) + { + PCCERT_CONTEXT localCert = CRYPT_FindCertInStore( + engine->hWorld, cert); + + if (localCert) + { + CertFreeCertificateContext(localCert); + ret = TRUE; + } + } + if (!ret) + WARN_(chain)("no key usage extension on a CA cert\n"); } else { @@ -1206,19 +1219,12 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine, chain->cElement, debugstr_w(filetime_to_str(time))); for (i = chain->cElement - 1; i >= 0; i--) { - BOOL isRoot; - if (TRACE_ON(chain)) dump_element(chain->rgpElement[i]->pCertContext); if (CertVerifyTimeValidity(time, chain->rgpElement[i]->pCertContext->pCertInfo) != 0) chain->rgpElement[i]->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_NOT_TIME_VALID; - if (i == chain->cElement - 1) - isRoot = CRYPT_IsCertificateSelfSigned( - chain->rgpElement[i]->pCertContext); - else - isRoot = FALSE; if (i != 0) { /* Check the signature of the cert this issued */ @@ -1255,7 +1261,7 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine, chain->rgpElement[i]->TrustStatus.dwErrorStatus |= CERT_TRUST_INVALID_BASIC_CONSTRAINTS; } - if (!CRYPT_KeyUsageValid(chain->rgpElement[i]->pCertContext, isRoot, + if (!CRYPT_KeyUsageValid(engine, chain->rgpElement[i]->pCertContext, constraints.fCA, i)) chain->rgpElement[i]->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_NOT_VALID_FOR_USAGE;

1 0

Juan Lang : crypt32: Use a helper function to find an existing cert by hash .
by Alexandre Julliard 30 Oct '09

30 Oct '09

Module: wine Branch: master Commit: 7b0297769d7c56398721a38da1225ee39169b05b URL: http://source.winehq.org/git/wine.git/?a=commit;h=7b0297769d7c56398721a38da… Author: Juan Lang <juan.lang(a)gmail.com> Date: Wed Oct 28 17:30:50 2009 -0700 crypt32: Use a helper function to find an existing cert by hash. --- dlls/crypt32/chain.c | 53 +++++++++++++++++++++++-------------------------- 1 files changed, 25 insertions(+), 28 deletions(-) diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c index 2c1d598..5802773 100644 --- a/dlls/crypt32/chain.c +++ b/dlls/crypt32/chain.c @@ -69,6 +69,24 @@ static inline void CRYPT_CloseStores(DWORD cStores, HCERTSTORE *stores) static const WCHAR rootW[] = { 'R','o','o','t',0 }; +/* Finds cert in store by comparing the cert's hashes. */ +static PCCERT_CONTEXT CRYPT_FindCertInStore(HCERTSTORE store, + PCCERT_CONTEXT cert) +{ + PCCERT_CONTEXT matching = NULL; + BYTE hash[20]; + DWORD size = sizeof(hash); + + if (CertGetCertificateContextProperty(cert, CERT_HASH_PROP_ID, hash, &size)) + { + CRYPT_HASH_BLOB blob = { sizeof(hash), hash }; + + matching = CertFindCertificateInStore(store, cert->dwCertEncodingType, + 0, CERT_FIND_SHA1_HASH, &blob, NULL); + } + return matching; +} + static BOOL CRYPT_CheckRestrictedRoot(HCERTSTORE store) { BOOL ret = TRUE; @@ -77,29 +95,15 @@ static BOOL CRYPT_CheckRestrictedRoot(HCERTSTORE store) { HCERTSTORE rootStore = CertOpenSystemStoreW(0, rootW); PCCERT_CONTEXT cert = NULL, check; - BYTE hash[20]; - DWORD size; do { cert = CertEnumCertificatesInStore(store, cert); if (cert) { - size = sizeof(hash); - - ret = CertGetCertificateContextProperty(cert, CERT_HASH_PROP_ID, - hash, &size); - if (ret) - { - CRYPT_HASH_BLOB blob = { sizeof(hash), hash }; - - check = CertFindCertificateInStore(rootStore, - cert->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, &blob, - NULL); - if (!check) - ret = FALSE; - else - CertFreeCertificateContext(check); - } + if (!(check = CRYPT_FindCertInStore(rootStore, cert))) + ret = FALSE; + else + CertFreeCertificateContext(check); } } while (ret && cert); if (cert) @@ -336,16 +340,9 @@ static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain) static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot, PCERT_CHAIN_ELEMENT rootElement) { - BYTE hash[20]; - DWORD size = sizeof(hash); - CRYPT_HASH_BLOB blob = { sizeof(hash), hash }; - PCCERT_CONTEXT trustedRoot; - - CertGetCertificateContextProperty(rootElement->pCertContext, - CERT_HASH_PROP_ID, hash, &size); - trustedRoot = CertFindCertificateInStore(hRoot, - rootElement->pCertContext->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, - &blob, NULL); + PCCERT_CONTEXT trustedRoot = CRYPT_FindCertInStore(hRoot, + rootElement->pCertContext); + if (!trustedRoot) rootElement->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_UNTRUSTED_ROOT;

1 0

Juan Lang : crypt32: Add key usage extension to chain4_0.
by Alexandre Julliard 30 Oct '09

30 Oct '09

Module: wine Branch: master Commit: 77472187c9f6677a5e5d8b21ed9d9b07ab49495d URL: http://source.winehq.org/git/wine.git/?a=commit;h=77472187c9f6677a5e5d8b21e… Author: Juan Lang <juan.lang(a)gmail.com> Date: Wed Oct 28 16:59:19 2009 -0700 crypt32: Add key usage extension to chain4_0. --- dlls/crypt32/tests/chain.c | 43 ++++++++++++++++++++++--------------------- 1 files changed, 22 insertions(+), 21 deletions(-) diff --git a/dlls/crypt32/tests/chain.c b/dlls/crypt32/tests/chain.c index 4dd31aa..7f3aa81 100644 --- a/dlls/crypt32/tests/chain.c +++ b/dlls/crypt32/tests/chain.c @@ -612,15 +612,15 @@ static const BYTE chain3_0[] = { * A chain whose path length constraint is violated. */ static const BYTE chain4_0[] = { -0x30,0x82,0x01,0xb3,0x30,0x82,0x01,0x20,0xa0,0x03,0x02,0x01,0x02,0x02,0x10, -0xcb,0xdc,0x8d,0xca,0xc1,0x0e,0x9c,0x9d,0x4f,0x0a,0xc1,0x09,0x31,0x32,0x94, -0xf9,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x30,0x10,0x31, -0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72,0x74,0x31, -0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30, -0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35, -0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05, -0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9f,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48, -0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00,0x30,0x81,0x89, +0x30,0x82,0x01,0xc5,0x30,0x82,0x01,0x30,0xa0,0x03,0x02,0x01,0x02,0x02,0x10, +0x01,0xcd,0x67,0x9e,0xec,0xae,0x1e,0x69,0x16,0x3f,0x92,0x8a,0xed,0x6d,0x57, +0xac,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x30, +0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03,0x13,0x05,0x43,0x65,0x72, +0x74,0x31,0x30,0x1e,0x17,0x0d,0x30,0x37,0x30,0x31,0x30,0x31,0x30,0x30,0x30, +0x30,0x30,0x30,0x5a,0x17,0x0d,0x30,0x37,0x31,0x32,0x33,0x31,0x32,0x33,0x35, +0x39,0x35,0x39,0x5a,0x30,0x10,0x31,0x0e,0x30,0x0c,0x06,0x03,0x55,0x04,0x03, +0x13,0x05,0x43,0x65,0x72,0x74,0x31,0x30,0x81,0x9d,0x30,0x0b,0x06,0x09,0x2a, +0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x03,0x81,0x8d,0x00,0x30,0x81,0x89, 0x02,0x81,0x81,0x00,0xad,0x7e,0xca,0xf3,0xe5,0x99,0xc2,0x2a,0xca,0x50,0x82, 0x7c,0x2d,0xa4,0x81,0xcd,0x0d,0x0d,0x86,0xd7,0xd8,0xb2,0xde,0xc5,0xc3,0x34, 0x9e,0x07,0x78,0x08,0x11,0x12,0x2d,0x21,0x0a,0x09,0x07,0x14,0x03,0x7a,0xe7, @@ -630,18 +630,19 @@ static const BYTE chain4_0[] = { 0x0f,0x07,0xd6,0xea,0x27,0xa6,0xfe,0x3d,0x88,0xe5,0x97,0x45,0x72,0xb6,0x1c, 0xc0,0x1c,0xb1,0xa2,0x89,0xe8,0x37,0x9e,0xf6,0x2a,0xcf,0xd5,0x1f,0x2f,0x35, 0x5e,0x8f,0x3a,0x9c,0x61,0xb1,0xf1,0x6c,0xff,0x8c,0xb2,0x2f,0x02,0x03,0x01, -0x00,0x01,0xa3,0x16,0x30,0x14,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01,0x01, -0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x00,0x30,0x09,0x06,0x05, -0x2b,0x0e,0x03,0x02,0x1d,0x05,0x00,0x03,0x81,0x81,0x00,0x93,0xe8,0x98,0xbe, -0x7b,0x5c,0x4c,0x58,0xbd,0xee,0x31,0x55,0xa8,0xb5,0x86,0xfc,0x23,0x55,0x48, -0xda,0x95,0x60,0x0f,0x53,0x64,0x66,0x50,0x78,0xdc,0x1c,0xf3,0xec,0x38,0x7d, -0x07,0x58,0x19,0xcf,0x83,0xfc,0x92,0xc4,0x3e,0x48,0x5b,0x45,0x54,0xf7,0x15, -0x6f,0xb0,0x5e,0x8c,0xbf,0x03,0x62,0x17,0x27,0x28,0x59,0x49,0xde,0x52,0x2d, -0x4b,0xb3,0x1e,0x4d,0x4f,0x2c,0xa8,0x1e,0x70,0xd1,0xdb,0xe7,0x98,0x6c,0x6f, -0xaa,0x94,0xea,0x5d,0x7f,0xc5,0x1d,0x2a,0x4d,0xb7,0x4c,0xac,0xa6,0xbf,0x79, -0x9a,0xf6,0x1e,0x98,0x64,0x14,0x2e,0xbd,0x8a,0xaf,0xac,0x52,0xd2,0x2c,0xdd, -0xcd,0x1b,0x3d,0x28,0x43,0xea,0x25,0x91,0x15,0xb8,0x54,0x72,0x33,0xca,0xd8, -0x5f,0x06,0x4c,0x97 }; +0x00,0x01,0xa3,0x26,0x30,0x24,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01, +0xff,0x04,0x04,0x03,0x02,0x00,0x04,0x30,0x12,0x06,0x03,0x55,0x1d,0x13,0x01, +0x01,0xff,0x04,0x08,0x30,0x06,0x01,0x01,0xff,0x02,0x01,0x00,0x30,0x0b,0x06, +0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x03,0x81,0x81,0x00,0x70, +0x60,0x8d,0x5f,0x29,0x8e,0x6b,0x48,0x79,0xaa,0xd1,0x7a,0xbb,0x6c,0x7c,0x54, +0x11,0x55,0x08,0xb9,0x2e,0x5e,0x53,0xd6,0x9b,0xb9,0xe4,0xc8,0x0e,0x48,0xe7, +0x20,0x9e,0xbd,0x7c,0x55,0xb8,0xf1,0x69,0x0c,0x08,0xd6,0x32,0x32,0xd9,0x05, +0x81,0x8a,0x33,0x4c,0x57,0x20,0xae,0xe8,0xde,0x61,0x63,0x85,0xc8,0xe1,0x1d, +0xef,0x4b,0xa4,0x42,0x4e,0x0a,0x25,0x48,0x2b,0xc2,0x06,0x79,0x90,0x45,0x90, +0x94,0x3d,0xb0,0x36,0xe6,0x60,0xe6,0xd2,0x1a,0x11,0x01,0x4b,0xaf,0x23,0x4d, +0x62,0x6b,0xdc,0x3a,0xae,0x61,0x93,0xce,0x7b,0xae,0x21,0xfe,0x42,0xd8,0x86, +0x36,0x19,0x00,0x18,0x13,0x4d,0xf9,0xd1,0x94,0xa2,0xb7,0xbd,0xb0,0x5c,0x9b, +0x5c,0x03,0xf5,0x86,0x85,0x07,0x1c }; static const BYTE chain4_1[] = { 0x30,0x82,0x01,0xb3,0x30,0x82,0x01,0x1e,0xa0,0x03,0x02,0x01,0x02,0x02,0x01, 0x01,0x30,0x0b,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x30,

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

wine-commits October 2009