[PATCH 0/1] MR3123: crypt32: Do not create persistent container in CRYPT_CreateKeyProv().
The way CryptAcquireContext is currently used for temporary internal context in CertCreateSelfSignCertificate(), there is always a unique container created and persisted in registry (thus resulting in ever growing registry while an app repeatedly creates ephemeral certs with CertCreateSelfSignCertificate). The unique container name doesn't go anywhere outside of CRYPT_CreateKeyProv, and the crypt context is only used internally in CertCreateSelfSignCertificate() to generate the key and extract the key data (and put that to certificate store), so using a non-persistent context should be better.
From: Paul Gofman pgofman@codeweavers.com
--- dlls/crypt32/cert.c | 53 +++++++++------------------------------------ 1 file changed, 10 insertions(+), 43 deletions(-)
diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c index b9645770ce1..ec3cf5b15ec 100644 --- a/dlls/crypt32/cert.c +++ b/dlls/crypt32/cert.c @@ -3682,54 +3682,21 @@ static void CRYPT_MakeCertInfo(PCERT_INFO info, const CRYPT_DATA_BLOB *pSerialNu } }
-typedef RPC_STATUS (RPC_ENTRY *UuidCreateFunc)(UUID *); -typedef RPC_STATUS (RPC_ENTRY *UuidToStringFunc)(UUID *, unsigned char **); -typedef RPC_STATUS (RPC_ENTRY *RpcStringFreeFunc)(unsigned char **); - static HCRYPTPROV CRYPT_CreateKeyProv(void) { - HCRYPTPROV hProv = 0; - HMODULE rpcrt = LoadLibraryW(L"rpcrt4"); - - if (rpcrt) - { - UuidCreateFunc uuidCreate = (UuidCreateFunc)GetProcAddress(rpcrt, - "UuidCreate"); - UuidToStringFunc uuidToString = (UuidToStringFunc)GetProcAddress(rpcrt, - "UuidToStringA"); - RpcStringFreeFunc rpcStringFree = (RpcStringFreeFunc)GetProcAddress( - rpcrt, "RpcStringFreeA"); - - if (uuidCreate && uuidToString && rpcStringFree) - { - UUID uuid; - RPC_STATUS status = uuidCreate(&uuid); - - if (status == RPC_S_OK || status == RPC_S_UUID_LOCAL_ONLY) - { - unsigned char *uuidStr; - - status = uuidToString(&uuid, &uuidStr); - if (status == RPC_S_OK) - { - BOOL ret = CryptAcquireContextA(&hProv, (LPCSTR)uuidStr, - MS_DEF_PROV_A, PROV_RSA_FULL, CRYPT_NEWKEYSET); + HCRYPTPROV prov; + HCRYPTKEY key;
- if (ret) - { - HCRYPTKEY key; + if (!CryptAcquireContextA(&prov, NULL, MS_DEF_PROV_A, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_NEWKEYSET)) + return 0;
- ret = CryptGenKey(hProv, AT_SIGNATURE, 0, &key); - if (ret) - CryptDestroyKey(key); - } - rpcStringFree(&uuidStr); - } - } - } - FreeLibrary(rpcrt); + if (!CryptGenKey(prov, AT_SIGNATURE, 0, &key)) + { + CryptReleaseContext(prov, 0); + return 0; } - return hProv; + CryptDestroyKey(key); + return prov; }
PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hProv,
This merge request was approved by Hans Leidekker.
-
Hans Leidekker (@hans) -
Paul Gofman
-
Paul Gofman (@gofman)