From: Paul Gofman pgofman@codeweavers.com

--- dlls/crypt32/str.c | 215 +++++++++++++++++---------------------- dlls/crypt32/tests/str.c | 160 +++++++++++++++++++++++++---- 2 files changed, 230 insertions(+), 145 deletions(-)

diff --git a/dlls/crypt32/str.c b/dlls/crypt32/str.c index 2c667542dc8..0906ad883db 100644 --- a/dlls/crypt32/str.c +++ b/dlls/crypt32/str.c @@ -914,31 +914,32 @@ DWORD WINAPI CertGetNameStringA(PCCERT_CONTEXT cert, DWORD type, * The return value is a pointer within *info, so don't free *info before * you're done with the return value. */ -static PCERT_ALT_NAME_ENTRY cert_find_alt_name_entry(PCCERT_CONTEXT cert, - LPCSTR altNameOID, DWORD entryType, PCERT_ALT_NAME_INFO *info) +static PCERT_ALT_NAME_ENTRY cert_find_alt_name_entry(PCCERT_CONTEXT cert, BOOL alt_name_issuer, + DWORD entryType, PCERT_ALT_NAME_INFO *info) { - PCERT_ALT_NAME_ENTRY entry = NULL; - PCERT_EXTENSION ext = CertFindExtension(altNameOID, - cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); - - if (ext) + static const char *oids[][2] = { - DWORD bytes = 0; - - if (CryptDecodeObjectEx(cert->dwCertEncodingType, X509_ALTERNATE_NAME, - ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, - info, &bytes)) - { - DWORD i; - - for (i = 0; !entry && i < (*info)->cAltEntry; i++) - if ((*info)->rgAltEntry[i].dwAltNameChoice == entryType) - entry = &(*info)->rgAltEntry[i]; - } - } - else - *info = NULL; - return entry; + { szOID_SUBJECT_ALT_NAME2, szOID_SUBJECT_ALT_NAME }, + { szOID_ISSUER_ALT_NAME2, szOID_ISSUER_ALT_NAME }, + }; + PCERT_EXTENSION ext; + DWORD bytes = 0; + unsigned int i; + + ext = CertFindExtension(oids[!!alt_name_issuer][0], cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); + if (!ext) + ext = CertFindExtension(oids[!!alt_name_issuer][1], cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); + if (!ext) return NULL; + + if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_ALTERNATE_NAME, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, info, &bytes)) + return NULL; + + for (i = 0; i < (*info)->cAltEntry; ++i) + if ((*info)->rgAltEntry[i].dwAltNameChoice == entryType) + return &(*info)->rgAltEntry[i]; + + return NULL; }

static DWORD cert_get_name_from_rdn_attr(DWORD encodingType, @@ -974,172 +975,138 @@ static DWORD copy_output_str(WCHAR *dst, const WCHAR *src, DWORD dst_size) return len + 1; }

-DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType, - DWORD dwFlags, void *pvTypePara, LPWSTR pszNameString, DWORD cchNameString) +DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT cert, DWORD type, DWORD flags, void *type_para, + LPWSTR name_string, DWORD name_len) { - DWORD ret = 0; + CERT_ALT_NAME_INFO *info = NULL; + PCERT_ALT_NAME_ENTRY entry; + BOOL alt_name_issuer; PCERT_NAME_BLOB name; - LPCSTR altNameOID; + DWORD ret = 0;

- TRACE("(%p, %ld, %08lx, %p, %p, %ld)\n", pCertContext, dwType, - dwFlags, pvTypePara, pszNameString, cchNameString); + TRACE("(%p, %ld, %08lx, %p, %p, %ld)\n", cert, type, flags, type_para, name_string, name_len);

- if (!pCertContext) + if (!cert) goto done;

- if (dwFlags & CERT_NAME_ISSUER_FLAG) - { - name = &pCertContext->pCertInfo->Issuer; - altNameOID = szOID_ISSUER_ALT_NAME; - } - else - { - name = &pCertContext->pCertInfo->Subject; - altNameOID = szOID_SUBJECT_ALT_NAME; - } + alt_name_issuer = flags & CERT_NAME_ISSUER_FLAG; + name = alt_name_issuer ? &cert->pCertInfo->Issuer : &cert->pCertInfo->Subject;

- switch (dwType) + switch (type) { case CERT_NAME_EMAIL_TYPE: { - CERT_ALT_NAME_INFO *info; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_RFC822_NAME, &info); - - if (entry) ret = copy_output_str(pszNameString, entry->u.pwszRfc822Name, cchNameString); - if (info) - LocalFree(info); - if (!ret) + entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_RFC822_NAME, &info); + + if (entry) { - ret = cert_get_name_from_rdn_attr(pCertContext->dwCertEncodingType, - name, szOID_RSA_emailAddr, pszNameString, cchNameString); - } + ret = copy_output_str(name_string, entry->u.pwszRfc822Name, name_len); + break; + } + ret = cert_get_name_from_rdn_attr(cert->dwCertEncodingType, name, szOID_RSA_emailAddr, + name_string, name_len); break; } case CERT_NAME_RDN_TYPE: { - DWORD type = pvTypePara ? *(DWORD *)pvTypePara : 0; + DWORD param = type_para ? *(DWORD *)type_para : 0;

if (name->cbData) - ret = CertNameToStrW(pCertContext->dwCertEncodingType, name, - type, pszNameString, cchNameString); + { + ret = CertNameToStrW(cert->dwCertEncodingType, name, param, name_string, name_len); + } else { - CERT_ALT_NAME_INFO *info; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_DIRECTORY_NAME, &info); + entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_DIRECTORY_NAME, &info);

if (entry) - ret = CertNameToStrW(pCertContext->dwCertEncodingType, - &entry->u.DirectoryName, type, pszNameString, cchNameString); - if (info) - LocalFree(info); + ret = CertNameToStrW(cert->dwCertEncodingType, &entry->u.DirectoryName, + param, name_string, name_len); } break; } case CERT_NAME_ATTR_TYPE: - ret = cert_get_name_from_rdn_attr(pCertContext->dwCertEncodingType, - name, pvTypePara, pszNameString, cchNameString); - if (!ret) - { - CERT_ALT_NAME_INFO *altInfo; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_DIRECTORY_NAME, &altInfo); + ret = cert_get_name_from_rdn_attr(cert->dwCertEncodingType, name, type_para, + name_string, name_len); + if (ret) break;

- if (entry) - ret = cert_name_to_str_with_indent(X509_ASN_ENCODING, 0, - &entry->u.DirectoryName, 0, pszNameString, cchNameString); - if (altInfo) - LocalFree(altInfo); - } + entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_DIRECTORY_NAME, &info); + + if (entry) + ret = cert_name_to_str_with_indent(X509_ASN_ENCODING, 0, &entry->u.DirectoryName, + 0, name_string, name_len); break; case CERT_NAME_SIMPLE_DISPLAY_TYPE: { - static const LPCSTR simpleAttributeOIDs[] = { szOID_COMMON_NAME, - szOID_ORGANIZATIONAL_UNIT_NAME, szOID_ORGANIZATION_NAME, - szOID_RSA_emailAddr }; + static const LPCSTR simpleAttributeOIDs[] = + { + szOID_COMMON_NAME, szOID_ORGANIZATIONAL_UNIT_NAME, szOID_ORGANIZATION_NAME, szOID_RSA_emailAddr + }; CERT_NAME_INFO *nameInfo = NULL; DWORD bytes = 0, i;

- if (CryptDecodeObjectEx(pCertContext->dwCertEncodingType, X509_NAME, - name->pbData, name->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &nameInfo, - &bytes)) + if (CryptDecodeObjectEx(cert->dwCertEncodingType, X509_NAME, name->pbData, name->cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, &nameInfo, &bytes)) { PCERT_RDN_ATTR nameAttr = NULL;

for (i = 0; !nameAttr && i < ARRAY_SIZE(simpleAttributeOIDs); i++) nameAttr = CertFindRDNAttr(simpleAttributeOIDs[i], nameInfo); if (nameAttr) - ret = rdn_value_to_strW(nameAttr->dwValueType, - &nameAttr->Value, pszNameString, cchNameString, TRUE); + ret = rdn_value_to_strW(nameAttr->dwValueType, &nameAttr->Value, name_string, name_len, TRUE); LocalFree(nameInfo); } - if (!ret) - { - CERT_ALT_NAME_INFO *altInfo; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_RFC822_NAME, &altInfo); - - if (altInfo) - { - if (!entry && altInfo->cAltEntry) - entry = &altInfo->rgAltEntry[0]; - if (entry) ret = copy_output_str(pszNameString, entry->u.pwszRfc822Name, cchNameString); - LocalFree(altInfo); - } - } + if (ret) break; + entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_RFC822_NAME, &info); + if (!info) break; + if (!entry && info->cAltEntry) + entry = &info->rgAltEntry[0]; + if (entry) ret = copy_output_str(name_string, entry->u.pwszRfc822Name, name_len); break; } case CERT_NAME_FRIENDLY_DISPLAY_TYPE: { - DWORD cch = cchNameString; + DWORD len = name_len;

- if (CertGetCertificateContextProperty(pCertContext, - CERT_FRIENDLY_NAME_PROP_ID, pszNameString, &cch)) - ret = cch; + if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, name_string, &len)) + ret = len; else - ret = CertGetNameStringW(pCertContext, - CERT_NAME_SIMPLE_DISPLAY_TYPE, dwFlags, pvTypePara, pszNameString, - cchNameString); + ret = CertGetNameStringW(cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, flags, + type_para, name_string, name_len); break; } case CERT_NAME_DNS_TYPE: { - CERT_ALT_NAME_INFO *info; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_DNS_NAME, &info); - - if (entry) ret = copy_output_str(pszNameString, entry->u.pwszDNSName, cchNameString); + entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_DNS_NAME, &info);

- if (info) - LocalFree(info); - if (!ret) - ret = cert_get_name_from_rdn_attr(pCertContext->dwCertEncodingType, - name, szOID_COMMON_NAME, pszNameString, cchNameString); + if (entry) + { + ret = copy_output_str(name_string, entry->u.pwszDNSName, name_len); + break; + } + ret = cert_get_name_from_rdn_attr(cert->dwCertEncodingType, name, szOID_COMMON_NAME, + name_string, name_len); break; } case CERT_NAME_URL_TYPE: { - CERT_ALT_NAME_INFO *info; - PCERT_ALT_NAME_ENTRY entry = cert_find_alt_name_entry(pCertContext, - altNameOID, CERT_ALT_NAME_URL, &info); - - if (entry) ret = copy_output_str(pszNameString, entry->u.pwszURL, cchNameString); - - if (info) - LocalFree(info); + if ((entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_URL, &info))) + ret = copy_output_str(name_string, entry->u.pwszURL, name_len); break; } default: - FIXME("unimplemented for type %ld\n", dwType); + FIXME("unimplemented for type %lu.\n", type); ret = 0; break; } done: + if (info) + LocalFree(info); + if (!ret) { ret = 1; - if (pszNameString && cchNameString) pszNameString[0] = 0; + if (name_string && name_len) name_string[0] = 0; } return ret; } diff --git a/dlls/crypt32/tests/str.c b/dlls/crypt32/tests/str.c index d2106b728a9..9fa9efff6b9 100644 --- a/dlls/crypt32/tests/str.c +++ b/dlls/crypt32/tests/str.c @@ -113,6 +113,103 @@ static const BYTE cert[] = 0x65,0xd3,0xce,0xae,0x26,0x19,0x3,0x2e,0x4f,0x78,0xa5,0xa,0x97,0x7e,0x4f,0xc4, 0x91,0x8a,0xf8,0x5,0xef,0x5b,0x3b,0x49,0xbf,0x5f,0x2b};

+/* +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5d:79:35:fd:d3:8f:6b:e2:28:3e:94:f4:14:bf:d4:b5:c2:3a:ac:38 + Signature Algorithm: md5WithRSAEncryption + Issuer: C = US, ST = Minnesota, L = Minneapolis, O = CodeWeavers, CN = server_cn.org, emailAddress = test@codeweavers.com + Validity + Not Before: Apr 14 18:56:22 2022 GMT + Not After : Apr 11 18:56:22 2032 GMT + Subject: C = US, ST = Minnesota, L = Minneapolis, O = CodeWeavers, CN = server_cn.org, emailAddress = test@codeweavers.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (1024 bit) + Modulus: +... + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:ex1.org, DNS:*.ex2.org + X509v3 Issuer Alternative Name: + DNS:ex3.org, DNS:*.ex4.org + Signature Algorithm: md5WithRSAEncryption +... +*/ +static BYTE cert_v3[] = { + 0x30, 0x82, 0x02, 0xdf, 0x30, 0x82, 0x02, 0x48, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x5d, 0x79, 0x35, 0xfd, 0xd3, 0x8f, 0x6b, 0xe2, 0x28, + 0x3e, 0x94, 0xf4, 0x14, 0xbf, 0xd4, 0xb5, 0xc2, 0x3a, 0xac, 0x38, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x04, + 0x05, 0x00, 0x30, 0x81, 0x8a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x09, 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x73, 0x6f, + 0x74, 0x61, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x0b, 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x61, 0x70, 0x6f, 0x6c, 0x69, 0x73, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0b, 0x43, + 0x6f, 0x64, 0x65, 0x57, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x31, 0x16, + 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0d, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x5f, 0x63, 0x6e, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x23, + 0x30, 0x21, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, + 0x01, 0x16, 0x14, 0x74, 0x65, 0x73, 0x74, 0x40, 0x63, 0x6f, 0x64, 0x65, + 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x30, + 0x1e, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x34, 0x31, 0x34, 0x31, 0x38, 0x35, + 0x36, 0x32, 0x32, 0x5a, 0x17, 0x0d, 0x33, 0x32, 0x30, 0x34, 0x31, 0x31, + 0x31, 0x38, 0x35, 0x36, 0x32, 0x32, 0x5a, 0x30, 0x81, 0x8a, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x09, 0x4d, 0x69, + 0x6e, 0x6e, 0x65, 0x73, 0x6f, 0x74, 0x61, 0x31, 0x14, 0x30, 0x12, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0b, 0x4d, 0x69, 0x6e, 0x6e, 0x65, 0x61, + 0x70, 0x6f, 0x6c, 0x69, 0x73, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x43, 0x6f, 0x64, 0x65, 0x57, 0x65, 0x61, 0x76, + 0x65, 0x72, 0x73, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x63, 0x6e, 0x2e, + 0x6f, 0x72, 0x67, 0x31, 0x23, 0x30, 0x21, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x14, 0x74, 0x65, 0x73, 0x74, + 0x40, 0x63, 0x6f, 0x64, 0x65, 0x77, 0x65, 0x61, 0x76, 0x65, 0x72, 0x73, + 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, + 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcd, 0x7c, 0x05, + 0xba, 0xad, 0xd0, 0xb0, 0x43, 0xcc, 0x47, 0x7d, 0x87, 0xaa, 0xb5, 0x89, + 0x9f, 0x43, 0x94, 0xa0, 0x84, 0xc0, 0xc0, 0x5e, 0x05, 0x6d, 0x2f, 0x05, + 0x21, 0x6b, 0x20, 0x39, 0x88, 0x06, 0x4e, 0xce, 0x76, 0xa7, 0x24, 0x77, + 0x13, 0x71, 0x9b, 0x2a, 0x53, 0x04, 0x4f, 0x0f, 0xfc, 0x3f, 0x4f, 0xb1, + 0x4e, 0xdc, 0xed, 0x96, 0xd4, 0x55, 0xbd, 0xcf, 0x25, 0xa6, 0x7c, 0xe3, + 0x35, 0xbf, 0xeb, 0x30, 0xec, 0xef, 0x7f, 0x8e, 0xa1, 0xc6, 0xd3, 0xb2, + 0x03, 0x62, 0x0a, 0x92, 0x87, 0x17, 0x52, 0x2d, 0x45, 0x2a, 0xdc, 0xdb, + 0x87, 0xa5, 0x32, 0x4a, 0x78, 0x28, 0x4a, 0x51, 0xff, 0xdb, 0xd5, 0x20, + 0x47, 0x7e, 0xc5, 0xbe, 0x1d, 0x01, 0x55, 0x13, 0x9f, 0xfb, 0x8e, 0x39, + 0xd9, 0x1b, 0xe0, 0x34, 0x93, 0x43, 0x9c, 0x02, 0xa3, 0x0f, 0xb5, 0xdc, + 0x9d, 0x86, 0x45, 0xc5, 0x4d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x40, + 0x30, 0x3e, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x11, /* Subject Alternative Name OID */ + 0x04, 0x16, 0x30, 0x14, 0x82, 0x07, 0x65, 0x78, 0x31, 0x2e, 0x6f, 0x72, + 0x67, 0x82, 0x09, 0x2a, 0x2e, 0x65, 0x78, 0x32, 0x2e, 0x6f, 0x72, 0x67, + 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x12, /* Issuer Alternative Name OID */ + 0x04, 0x16, 0x30, 0x14, 0x82, 0x07, 0x65, 0x78, 0x33, 0x2e, 0x6f, 0x72, + 0x67, 0x82, 0x09, 0x2a, 0x2e, 0x65, 0x78, 0x34, 0x2e, 0x6f, 0x72, 0x67, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x04, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0xcc, 0xa3, 0x75, 0x67, 0x61, + 0x63, 0x1d, 0x99, 0x16, 0xc6, 0x93, 0x35, 0xa4, 0x31, 0xb6, 0x05, 0x05, + 0x77, 0x12, 0x15, 0x16, 0x78, 0xb3, 0xba, 0x6e, 0xde, 0xfc, 0x73, 0x7c, + 0x5c, 0xdd, 0xdf, 0x92, 0xde, 0xa0, 0x86, 0xff, 0x77, 0x60, 0x99, 0x8f, + 0x4a, 0x40, 0xa8, 0x6a, 0xdb, 0x6f, 0x30, 0xe5, 0xce, 0x82, 0x2f, 0xf7, + 0x09, 0x17, 0xb2, 0xd3, 0x3a, 0x29, 0x9a, 0xd0, 0x73, 0x9c, 0x44, 0xa2, + 0x19, 0xf3, 0x1d, 0x16, 0x1a, 0x45, 0x2c, 0x4b, 0x94, 0xf1, 0xb8, 0xb6, + 0xc9, 0x82, 0x6c, 0x1f, 0xae, 0xbc, 0xd1, 0xbe, 0x78, 0xc9, 0x23, 0xf5, + 0x51, 0x6c, 0x90, 0xbf, 0xa3, 0x5c, 0xa1, 0x3a, 0xd8, 0xe3, 0xcf, 0x82, + 0x31, 0x78, 0x2b, 0xda, 0x99, 0xff, 0x23, 0x5b, 0xea, 0x59, 0xe0, 0x6d, + 0xd1, 0x30, 0xfd, 0x96, 0x6a, 0x4d, 0x36, 0x72, 0x96, 0xd7, 0x4f, 0x01, + 0xa9, 0x4d, 0x8f +}; + +#define CERT_V3_SAN_OID_OFFSET 534 +#define CERT_V3_IAN_OID_OFFSET 565 + static char issuerStr[] = "US, Minnesota, Minneapolis, CodeWeavers, Wine Development, localhost, aric@codeweavers.com"; static char issuerStrSemicolon[] = @@ -746,9 +843,9 @@ static void test_CertStrToNameW(void) } }

-#define test_CertGetNameString_value(a, b, c, d) test_CertGetNameString_value_(__LINE__, a, b, c, d) -static void test_CertGetNameString_value_(unsigned int line, PCCERT_CONTEXT context, DWORD type, void *type_para, - const char *expected) +#define test_CertGetNameString_value(a, b, c, d, e) test_CertGetNameString_value_(__LINE__, a, b, c, d, e) +static void test_CertGetNameString_value_(unsigned int line, PCCERT_CONTEXT context, DWORD type, DWORD flags, + void *type_para, const char *expected) { WCHAR expectedW[512]; DWORD len, retlen; @@ -760,31 +857,32 @@ static void test_CertGetNameString_value_(unsigned int line, PCCERT_CONTEXT cont expectedW[i] = expected[i]; expectedW[i] = 0;

- len = CertGetNameStringA(context, type, 0, type_para, NULL, 0); + len = CertGetNameStringA(context, type, flags, type_para, NULL, 0); ok(len == strlen(expected) + 1, "line %u: unexpected length %ld.\n", line, len); - retlen = CertGetNameStringA(context, type, 0, type_para, str, len); + retlen = CertGetNameStringA(context, type, flags, type_para, str, len); ok(retlen == len, "line %u: unexpected len %lu, expected %lu.\n", line, retlen, len); ok(!strcmp(str, expected), "line %u: unexpected value %s.\n", line, str); str[0] = str[1] = 0xcc; - retlen = CertGetNameStringA(context, type, 0, type_para, str, len - 1); + retlen = CertGetNameStringA(context, type, flags, type_para, str, len - 1); ok(retlen == 1, "line %u: Unexpected len %lu, expected 1.\n", line, retlen); + if (len == 1) return; ok(!str[0], "line %u: unexpected str[0] %#x.\n", line, str[0]); ok(str[1] == expected[1], "line %u: unexpected str[1] %#x.\n", line, str[1]);

- retlen = CertGetNameStringA(context, type, 0, type_para, str, 0); + retlen = CertGetNameStringA(context, type, flags, type_para, str, 0); ok(retlen == len, "line %u: Unexpected len %lu, expected 1.\n", line, retlen);

- retlen = CertGetNameStringW(context, type, 0, type_para, strW, len); + retlen = CertGetNameStringW(context, type, flags, type_para, strW, len); ok(retlen == len, "line %u: unexpected len %lu, expected 1.\n", line, retlen); ok(!wcscmp(strW, expectedW), "line %u: unexpected value %s.\n", line, debugstr_w(strW)); strW[0] = strW[1] = 0xcccc; - retlen = CertGetNameStringW(context, type, 0, type_para, strW, len - 1); + retlen = CertGetNameStringW(context, type, flags, type_para, strW, len - 1); ok(retlen == len - 1, "line %u: unexpected len %lu, expected %lu.\n", line, retlen, len - 1); ok(!wcsncmp(strW, expectedW, retlen - 1), "line %u: string data mismatch.\n", line); ok(!strW[retlen - 1], "line %u: string is not zero terminated.\n", line); - retlen = CertGetNameStringA(context, type, 0, type_para, NULL, len - 1); + retlen = CertGetNameStringA(context, type, flags, type_para, NULL, len - 1); ok(retlen == len, "line %u: unexpected len %lu, expected %lu\n", line, retlen, len); - retlen = CertGetNameStringW(context, type, 0, type_para, NULL, len - 1); + retlen = CertGetNameStringW(context, type, flags, type_para, NULL, len - 1); ok(retlen == len, "line %u: unexpected len %lu, expected %lu\n", line, retlen, len); }

@@ -814,19 +912,39 @@ static void test_CertGetNameString(void) len = CertGetNameStringW(context, CERT_NAME_URL_TYPE, 0, NULL, NULL, 0); ok(len == 1, "expected 1, got %lu\n", len);

- test_CertGetNameString_value(context, CERT_NAME_EMAIL_TYPE, NULL, aric); - test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, NULL, issuerStr); + test_CertGetNameString_value(context, CERT_NAME_EMAIL_TYPE, 0, NULL, aric); + test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, 0, NULL, issuerStr); type = 0; - test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, &type, issuerStr); + test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, 0, &type, issuerStr); type = CERT_OID_NAME_STR; - test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, &type, subjectStr); - test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, NULL, aric); - test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, (void *)szOID_RSA_emailAddr, aric); - test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, (void *)szOID_COMMON_NAME, localhost); - test_CertGetNameString_value(context, CERT_NAME_SIMPLE_DISPLAY_TYPE, NULL, localhost); - test_CertGetNameString_value(context, CERT_NAME_FRIENDLY_DISPLAY_TYPE, NULL, localhost); - test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, NULL, localhost); + test_CertGetNameString_value(context, CERT_NAME_RDN_TYPE, 0, &type, subjectStr); + test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, 0, NULL, aric); + test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, 0, (void *)szOID_RSA_emailAddr, aric); + test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, 0, (void *)szOID_COMMON_NAME, localhost); + test_CertGetNameString_value(context, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, localhost); + test_CertGetNameString_value(context, CERT_NAME_FRIENDLY_DISPLAY_TYPE, 0, NULL, localhost); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, 0, NULL, localhost); + + CertFreeCertificateContext(context);

+ ok(cert_v3[CERT_V3_SAN_OID_OFFSET] == 0x55, "Incorrect CERT_V3_SAN_OID_OFFSET.\n"); + ok(cert_v3[CERT_V3_IAN_OID_OFFSET] == 0x55, "Incorrect CERT_V3_IAN_OID_OFFSET.\n"); + cert_v3[CERT_V3_SAN_OID_OFFSET + 2] = 7; /* legacy OID_SUBJECT_ALT_NAME */ + cert_v3[CERT_V3_IAN_OID_OFFSET + 2] = 8; /* legacy OID_ISSUER_ALT_NAME */ + context = CertCreateCertificateContext(X509_ASN_ENCODING, cert_v3, sizeof(cert_v3)); + ok(!!context, "CertCreateCertificateContext failed, err %lu\n", GetLastError()); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, 0, NULL, "ex1.org"); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, CERT_NAME_ISSUER_FLAG, NULL, "ex3.org"); + CertFreeCertificateContext(context); + + cert_v3[CERT_V3_SAN_OID_OFFSET + 2] = 17; /* OID_SUBJECT_ALT_NAME2 */ + cert_v3[CERT_V3_IAN_OID_OFFSET + 2] = 18; /* OID_ISSUER_ALT_NAME2 */ + context = CertCreateCertificateContext(X509_ASN_ENCODING, cert_v3, sizeof(cert_v3)); + ok(!!context, "CertCreateCertificateContext failed, err %lu\n", GetLastError()); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, 0, NULL, "ex1.org"); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, CERT_NAME_ISSUER_FLAG, NULL, "ex3.org"); + test_CertGetNameString_value(context, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, "server_cn.org"); + test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, 0, (void *)szOID_SUR_NAME, ""); CertFreeCertificateContext(context); }

From: Paul Gofman pgofman@codeweavers.com

--- dlls/crypt32/str.c | 105 +++++++++++++++++++++++++++++---------- dlls/crypt32/tests/str.c | 55 +++++++++++++++----- include/wincrypt.h | 6 ++- 3 files changed, 126 insertions(+), 40 deletions(-)

diff --git a/dlls/crypt32/str.c b/dlls/crypt32/str.c index 0906ad883db..d74df308e4a 100644 --- a/dlls/crypt32/str.c +++ b/dlls/crypt32/str.c @@ -905,17 +905,7 @@ DWORD WINAPI CertGetNameStringA(PCCERT_CONTEXT cert, DWORD type, return ret; }

-/* Searches cert's extensions for the alternate name extension with OID - * altNameOID, and if found, searches it for the alternate name type entryType. - * If found, returns a pointer to the entry, otherwise returns NULL. - * Regardless of whether an entry of the desired type is found, if the - * alternate name extension is present, sets *info to the decoded alternate - * name extension, which you must free using LocalFree. - * The return value is a pointer within *info, so don't free *info before - * you're done with the return value. - */ -static PCERT_ALT_NAME_ENTRY cert_find_alt_name_entry(PCCERT_CONTEXT cert, BOOL alt_name_issuer, - DWORD entryType, PCERT_ALT_NAME_INFO *info) +static BOOL cert_get_alt_name_info(PCCERT_CONTEXT cert, BOOL alt_name_issuer, PCERT_ALT_NAME_INFO *info) { static const char *oids[][2] = { @@ -924,24 +914,48 @@ static PCERT_ALT_NAME_ENTRY cert_find_alt_name_entry(PCCERT_CONTEXT cert, BOOL a }; PCERT_EXTENSION ext; DWORD bytes = 0; - unsigned int i;

ext = CertFindExtension(oids[!!alt_name_issuer][0], cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); if (!ext) ext = CertFindExtension(oids[!!alt_name_issuer][1], cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); - if (!ext) return NULL; + if (!ext) return FALSE;

- if (!CryptDecodeObjectEx(cert->dwCertEncodingType, X509_ALTERNATE_NAME, ext->Value.pbData, ext->Value.cbData, - CRYPT_DECODE_ALLOC_FLAG, NULL, info, &bytes)) - return NULL; + return CryptDecodeObjectEx(cert->dwCertEncodingType, X509_ALTERNATE_NAME, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, info, &bytes); +}

- for (i = 0; i < (*info)->cAltEntry; ++i) - if ((*info)->rgAltEntry[i].dwAltNameChoice == entryType) - return &(*info)->rgAltEntry[i]; +static PCERT_ALT_NAME_ENTRY cert_find_next_alt_name_entry(PCERT_ALT_NAME_INFO info, DWORD entry_type, + unsigned int *index) +{ + unsigned int i;

+ for (i = *index; i < info->cAltEntry; ++i) + if (info->rgAltEntry[i].dwAltNameChoice == entry_type) + { + *index = i + 1; + return &info->rgAltEntry[i]; + } return NULL; }

+/* Searches cert's extensions for the alternate name extension with OID + * altNameOID, and if found, searches it for the alternate name type entryType. + * If found, returns a pointer to the entry, otherwise returns NULL. + * Regardless of whether an entry of the desired type is found, if the + * alternate name extension is present, sets *info to the decoded alternate + * name extension, which you must free using LocalFree. + * The return value is a pointer within *info, so don't free *info before + * you're done with the return value. + */ +static PCERT_ALT_NAME_ENTRY cert_find_alt_name_entry(PCCERT_CONTEXT cert, BOOL alt_name_issuer, + DWORD entry_type, PCERT_ALT_NAME_INFO *info) +{ + unsigned int index = 0; + + if (!cert_get_alt_name_info(cert, alt_name_issuer, info)) return NULL; + return cert_find_next_alt_name_entry(*info, entry_type, &index); +} + static DWORD cert_get_name_from_rdn_attr(DWORD encodingType, const CERT_NAME_BLOB *name, LPCSTR oid, LPWSTR pszNameString, DWORD cchNameString) { @@ -978,9 +992,10 @@ static DWORD copy_output_str(WCHAR *dst, const WCHAR *src, DWORD dst_size) DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT cert, DWORD type, DWORD flags, void *type_para, LPWSTR name_string, DWORD name_len) { + static const DWORD supported_flags = CERT_NAME_ISSUER_FLAG | CERT_NAME_SEARCH_ALL_NAMES_FLAG; + BOOL alt_name_issuer, search_all_names; CERT_ALT_NAME_INFO *info = NULL; PCERT_ALT_NAME_ENTRY entry; - BOOL alt_name_issuer; PCERT_NAME_BLOB name; DWORD ret = 0;

@@ -989,6 +1004,16 @@ DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT cert, DWORD type, DWORD flags, vo if (!cert) goto done;

+ if (flags & ~supported_flags) + FIXME("Unsupported flags %#lx.\n", flags); + + search_all_names = flags & CERT_NAME_SEARCH_ALL_NAMES_FLAG; + if (search_all_names && type != CERT_NAME_DNS_TYPE) + { + WARN("CERT_NAME_SEARCH_ALL_NAMES_FLAG used with type %lu.\n", type); + goto done; + } + alt_name_issuer = flags & CERT_NAME_ISSUER_FLAG; name = alt_name_issuer ? &cert->pCertInfo->Issuer : &cert->pCertInfo->Subject;

@@ -1077,15 +1102,43 @@ DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT cert, DWORD type, DWORD flags, vo } case CERT_NAME_DNS_TYPE: { - entry = cert_find_alt_name_entry(cert, alt_name_issuer, CERT_ALT_NAME_DNS_NAME, &info); + unsigned int index = 0, len;

- if (entry) + if (cert_get_alt_name_info(cert, alt_name_issuer, &info) + && (entry = cert_find_next_alt_name_entry(info, CERT_ALT_NAME_DNS_NAME, &index))) { - ret = copy_output_str(name_string, entry->u.pwszDNSName, name_len); - break; + if (search_all_names) + { + do + { + if (name_string && name_len == 1) break; + ret += len = copy_output_str(name_string, entry->u.pwszDNSName, name_len ? name_len - 1 : 0); + if (name_string && name_len) + { + name_string += len; + name_len -= len; + } + } + while ((entry = cert_find_next_alt_name_entry(info, CERT_ALT_NAME_DNS_NAME, &index))); + } + else ret = copy_output_str(name_string, entry->u.pwszDNSName, name_len); + } + else + { + if (!search_all_names || name_len != 1) + { + len = search_all_names && name_len ? name_len - 1 : name_len; + ret = cert_get_name_from_rdn_attr(cert->dwCertEncodingType, name, szOID_COMMON_NAME, + name_string, len); + if (name_string) name_string += ret; + } + } + + if (search_all_names) + { + if (name_string && name_len) *name_string = 0; + ++ret; } - ret = cert_get_name_from_rdn_attr(cert->dwCertEncodingType, name, szOID_COMMON_NAME, - name_string, name_len); break; } case CERT_NAME_URL_TYPE: diff --git a/dlls/crypt32/tests/str.c b/dlls/crypt32/tests/str.c index 9fa9efff6b9..5fb05bdb836 100644 --- a/dlls/crypt32/tests/str.c +++ b/dlls/crypt32/tests/str.c @@ -847,39 +847,63 @@ static void test_CertStrToNameW(void) static void test_CertGetNameString_value_(unsigned int line, PCCERT_CONTEXT context, DWORD type, DWORD flags, void *type_para, const char *expected) { + DWORD len, retlen, expected_len; WCHAR expectedW[512]; - DWORD len, retlen; WCHAR strW[512]; - unsigned int i; char str[512];

- for (i = 0; expected[i]; ++i) - expectedW[i] = expected[i]; - expectedW[i] = 0; + expected_len = 0; + while(expected[expected_len]) + { + while((expectedW[expected_len] = expected[expected_len])) + ++expected_len; + if (!(flags & CERT_NAME_SEARCH_ALL_NAMES_FLAG)) + break; + expectedW[expected_len++] = 0; + } + expectedW[expected_len++] = 0;

len = CertGetNameStringA(context, type, flags, type_para, NULL, 0); - ok(len == strlen(expected) + 1, "line %u: unexpected length %ld.\n", line, len); + ok(len == expected_len, "line %u: unexpected length %ld, expected %ld.\n", line, len, expected_len); + memset(str, 0xcc, len); retlen = CertGetNameStringA(context, type, flags, type_para, str, len); ok(retlen == len, "line %u: unexpected len %lu, expected %lu.\n", line, retlen, len); - ok(!strcmp(str, expected), "line %u: unexpected value %s.\n", line, str); + ok(!memcmp(str, expected, expected_len), "line %u: unexpected value %s.\n", line, debugstr_an(str, expected_len)); str[0] = str[1] = 0xcc; retlen = CertGetNameStringA(context, type, flags, type_para, str, len - 1); ok(retlen == 1, "line %u: Unexpected len %lu, expected 1.\n", line, retlen); if (len == 1) return; ok(!str[0], "line %u: unexpected str[0] %#x.\n", line, str[0]); ok(str[1] == expected[1], "line %u: unexpected str[1] %#x.\n", line, str[1]); - + ok(!memcmp(str + 1, expected + 1, len - 2), + "line %u: str %s, string data mismatch.\n", line, debugstr_a(str + 1)); retlen = CertGetNameStringA(context, type, flags, type_para, str, 0); ok(retlen == len, "line %u: Unexpected len %lu, expected 1.\n", line, retlen);

+ memset(strW, 0xcc, len * sizeof(*strW)); retlen = CertGetNameStringW(context, type, flags, type_para, strW, len); - ok(retlen == len, "line %u: unexpected len %lu, expected 1.\n", line, retlen); - ok(!wcscmp(strW, expectedW), "line %u: unexpected value %s.\n", line, debugstr_w(strW)); + ok(retlen == expected_len, "line %u: unexpected len %lu, expected %lu.\n", line, retlen, expected_len); + ok(!memcmp(strW, expectedW, len * sizeof(*strW)), "line %u: unexpected value %s.\n", line, debugstr_wn(strW, len)); strW[0] = strW[1] = 0xcccc; retlen = CertGetNameStringW(context, type, flags, type_para, strW, len - 1); ok(retlen == len - 1, "line %u: unexpected len %lu, expected %lu.\n", line, retlen, len - 1); - ok(!wcsncmp(strW, expectedW, retlen - 1), "line %u: string data mismatch.\n", line); - ok(!strW[retlen - 1], "line %u: string is not zero terminated.\n", line); + if (flags & CERT_NAME_SEARCH_ALL_NAMES_FLAG) + { + ok(!memcmp(strW, expectedW, (retlen - 2) * sizeof(*strW)), + "line %u: str %s, string data mismatch.\n", line, debugstr_wn(strW, retlen - 2)); + ok(!strW[retlen - 2], "line %u: string is not zero terminated.\n", line); + ok(!strW[retlen - 1], "line %u: string sequence is not zero terminated.\n", line); + + retlen = CertGetNameStringW(context, type, flags, type_para, strW, 1); + ok(retlen == 1, "line %u: unexpected len %lu, expected %lu.\n", line, retlen, len - 1); + ok(!strW[retlen - 1], "line %u: string sequence is not zero terminated.\n", line); + } + else + { + ok(!memcmp(strW, expectedW, (retlen - 1) * sizeof(*strW)), + "line %u: str %s, string data mismatch.\n", line, debugstr_wn(strW, retlen - 1)); + ok(!strW[retlen - 1], "line %u: string is not zero terminated.\n", line); + } retlen = CertGetNameStringA(context, type, flags, type_para, NULL, len - 1); ok(retlen == len, "line %u: unexpected len %lu, expected %lu\n", line, retlen, len); retlen = CertGetNameStringW(context, type, flags, type_para, NULL, len - 1); @@ -924,6 +948,9 @@ static void test_CertGetNameString(void) test_CertGetNameString_value(context, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, localhost); test_CertGetNameString_value(context, CERT_NAME_FRIENDLY_DISPLAY_TYPE, 0, NULL, localhost); test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, 0, NULL, localhost); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, CERT_NAME_SEARCH_ALL_NAMES_FLAG, NULL, "localhost\0"); + test_CertGetNameString_value(context, CERT_NAME_EMAIL_TYPE, CERT_NAME_SEARCH_ALL_NAMES_FLAG, NULL, ""); + test_CertGetNameString_value(context, CERT_NAME_SIMPLE_DISPLAY_TYPE, CERT_NAME_SEARCH_ALL_NAMES_FLAG, NULL, "");

CertFreeCertificateContext(context);

@@ -945,6 +972,10 @@ static void test_CertGetNameString(void) test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, CERT_NAME_ISSUER_FLAG, NULL, "ex3.org"); test_CertGetNameString_value(context, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, "server_cn.org"); test_CertGetNameString_value(context, CERT_NAME_ATTR_TYPE, 0, (void *)szOID_SUR_NAME, ""); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, CERT_NAME_SEARCH_ALL_NAMES_FLAG, + NULL, "ex1.org\0*.ex2.org\0"); + test_CertGetNameString_value(context, CERT_NAME_DNS_TYPE, CERT_NAME_SEARCH_ALL_NAMES_FLAG | CERT_NAME_ISSUER_FLAG, + NULL, "ex3.org\0*.ex4.org\0"); CertFreeCertificateContext(context); }

diff --git a/include/wincrypt.h b/include/wincrypt.h index 2c1e3f0d4c3..77b2fb5d7cf 100644 --- a/include/wincrypt.h +++ b/include/wincrypt.h @@ -3351,8 +3351,10 @@ typedef struct _CTL_FIND_SUBJECT_PARA #define CERT_NAME_URL_TYPE 7 #define CERT_NAME_UPN_TYPE 8

-#define CERT_NAME_ISSUER_FLAG 0x00000001 -#define CERT_NAME_DISABLE_IE4_UTF8_FLAG 0x00010000 +#define CERT_NAME_ISSUER_FLAG 0x00000001 +#define CERT_NAME_SEARCH_ALL_NAMES_FLAG 0x00000002 +#define CERT_NAME_DISABLE_IE4_UTF8_FLAG 0x00010000 +#define CERT_NAME_STR_ENABLE_PUNYCODE_FLAG 0x00200000

/* CryptFormatObject flags */ #define CRYPT_FORMAT_STR_MULTI_LINE 0x0001