[PATCH 0/1] MR3169: Revert "crypt32: Do not create persistent container in CRYPT_CreateKeyProv()."
This reverts commit a19c8712917042361208b8a4a0a503e06815d20a.
It turns out commit a19c8712917042361208b8a4a0a503e06815d20a is wrong and causing regressions. Crypt provider info is actually stored in certificate and that is the only place where, e. g., secur32 can get private key from.
It turns out that Street Fightet 6 which is creating a great amount of temporary certificates and growing cert storage does the same on Windows, with the only difference that on Windows those certificates are stored on disk and not in registry.
From: Paul Gofman pgofman@codeweavers.com
This reverts commit a19c8712917042361208b8a4a0a503e06815d20a. --- dlls/crypt32/cert.c | 53 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 43 insertions(+), 10 deletions(-)
diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c index ec3cf5b15ec..b9645770ce1 100644 --- a/dlls/crypt32/cert.c +++ b/dlls/crypt32/cert.c @@ -3682,21 +3682,54 @@ static void CRYPT_MakeCertInfo(PCERT_INFO info, const CRYPT_DATA_BLOB *pSerialNu } }
+typedef RPC_STATUS (RPC_ENTRY *UuidCreateFunc)(UUID *); +typedef RPC_STATUS (RPC_ENTRY *UuidToStringFunc)(UUID *, unsigned char **); +typedef RPC_STATUS (RPC_ENTRY *RpcStringFreeFunc)(unsigned char **); + static HCRYPTPROV CRYPT_CreateKeyProv(void) { - HCRYPTPROV prov; - HCRYPTKEY key; + HCRYPTPROV hProv = 0; + HMODULE rpcrt = LoadLibraryW(L"rpcrt4");
- if (!CryptAcquireContextA(&prov, NULL, MS_DEF_PROV_A, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_NEWKEYSET)) - return 0; - - if (!CryptGenKey(prov, AT_SIGNATURE, 0, &key)) + if (rpcrt) { - CryptReleaseContext(prov, 0); - return 0; + UuidCreateFunc uuidCreate = (UuidCreateFunc)GetProcAddress(rpcrt, + "UuidCreate"); + UuidToStringFunc uuidToString = (UuidToStringFunc)GetProcAddress(rpcrt, + "UuidToStringA"); + RpcStringFreeFunc rpcStringFree = (RpcStringFreeFunc)GetProcAddress( + rpcrt, "RpcStringFreeA"); + + if (uuidCreate && uuidToString && rpcStringFree) + { + UUID uuid; + RPC_STATUS status = uuidCreate(&uuid); + + if (status == RPC_S_OK || status == RPC_S_UUID_LOCAL_ONLY) + { + unsigned char *uuidStr; + + status = uuidToString(&uuid, &uuidStr); + if (status == RPC_S_OK) + { + BOOL ret = CryptAcquireContextA(&hProv, (LPCSTR)uuidStr, + MS_DEF_PROV_A, PROV_RSA_FULL, CRYPT_NEWKEYSET); + + if (ret) + { + HCRYPTKEY key; + + ret = CryptGenKey(hProv, AT_SIGNATURE, 0, &key); + if (ret) + CryptDestroyKey(key); + } + rpcStringFree(&uuidStr); + } + } + } + FreeLibrary(rpcrt); } - CryptDestroyKey(key); - return prov; + return hProv; }
PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hProv,
I'm not familiar with crypt32, but is this something we can add a test for, so this doesn't happen again?
yeah, I will make a test and update.
-
Paul Gofman -
Paul Gofman (@gofman)
-
Zebediah Figura (@zfigura)