mirror of
https://github.com/reactos/reactos.git
synced 2025-06-01 07:28:19 +00:00
[CRYPT32]
sync crypt32 with wine 1.1.41 svn path=/trunk/; revision=46300
This commit is contained in:
Christoph von Wittich
parent
a0b4b96d75
commit
78e9a12f0a
4 changed files with 101 additions and 10 deletions
|
|
@ -1306,6 +1306,78 @@ static void CRYPT_CheckChainNameConstraints(PCERT_SIMPLE_CHAIN chain)
|
|||
}
|
||||
}
|
||||
|
||||
/* Gets cert's policies info, if any. Free with LocalFree. */
|
||||
static CERT_POLICIES_INFO *CRYPT_GetPolicies(PCCERT_CONTEXT cert)
|
||||
{
|
||||
PCERT_EXTENSION ext;
|
||||
CERT_POLICIES_INFO *policies = NULL;
|
||||
|
||||
ext = CertFindExtension(szOID_KEY_USAGE, cert->pCertInfo->cExtension,
|
||||
cert->pCertInfo->rgExtension);
|
||||
if (ext)
|
||||
{
|
||||
DWORD size;
|
||||
|
||||
CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_POLICIES,
|
||||
ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
|
||||
&policies, &size);
|
||||
}
|
||||
return policies;
|
||||
}
|
||||
|
||||
static void CRYPT_CheckPolicies(CERT_POLICIES_INFO *policies, CERT_INFO *cert,
|
||||
DWORD *errorStatus)
|
||||
{
|
||||
DWORD i;
|
||||
|
||||
for (i = 0; i < policies->cPolicyInfo; i++)
|
||||
{
|
||||
/* For now, the only accepted policy identifier is the anyPolicy
|
||||
* identifier.
|
||||
* FIXME: the policy identifiers should be compared against the
|
||||
* cert's certificate policies extension, subject to the policy
|
||||
* mappings extension, and the policy constraints extension.
|
||||
* See RFC 5280, sections 4.2.1.4, 4.2.1.5, and 4.2.1.11.
|
||||
*/
|
||||
if (strcmp(policies->rgPolicyInfo[i].pszPolicyIdentifier,
|
||||
szOID_ANY_CERT_POLICY))
|
||||
{
|
||||
FIXME("unsupported policy %s\n",
|
||||
policies->rgPolicyInfo[i].pszPolicyIdentifier);
|
||||
*errorStatus |= CERT_TRUST_INVALID_POLICY_CONSTRAINTS;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void CRYPT_CheckChainPolicies(PCERT_SIMPLE_CHAIN chain)
|
||||
{
|
||||
int i, j;
|
||||
|
||||
for (i = chain->cElement - 1; i > 0; i--)
|
||||
{
|
||||
CERT_POLICIES_INFO *policies;
|
||||
|
||||
if ((policies = CRYPT_GetPolicies(chain->rgpElement[i]->pCertContext)))
|
||||
{
|
||||
for (j = i - 1; j >= 0; j--)
|
||||
{
|
||||
DWORD errorStatus = 0;
|
||||
|
||||
CRYPT_CheckPolicies(policies,
|
||||
chain->rgpElement[j]->pCertContext->pCertInfo, &errorStatus);
|
||||
if (errorStatus)
|
||||
{
|
||||
chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
|
||||
errorStatus;
|
||||
CRYPT_CombineTrustStatus(&chain->TrustStatus,
|
||||
&chain->rgpElement[i]->TrustStatus);
|
||||
}
|
||||
}
|
||||
LocalFree(policies);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static LPWSTR name_value_to_str(const CERT_NAME_BLOB *name)
|
||||
{
|
||||
DWORD len = cert_name_to_str_with_indent(X509_ASN_ENCODING, 0, name,
|
||||
|
|
@ -1739,6 +1811,8 @@ static BOOL CRYPT_CriticalExtensionsSupported(PCCERT_CONTEXT cert)
|
|||
ret = TRUE;
|
||||
else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME2))
|
||||
ret = TRUE;
|
||||
else if (!strcmp(oid, szOID_CERT_POLICIES))
|
||||
ret = TRUE;
|
||||
else if (!strcmp(oid, szOID_ENHANCED_KEY_USAGE))
|
||||
ret = TRUE;
|
||||
else
|
||||
|
|
@ -1883,6 +1957,7 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
|
|||
&chain->rgpElement[i]->TrustStatus);
|
||||
}
|
||||
CRYPT_CheckChainNameConstraints(chain);
|
||||
CRYPT_CheckChainPolicies(chain);
|
||||
if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext))
|
||||
{
|
||||
rootElement->TrustStatus.dwInfoStatus |=
|
||||
|
|
|
|||
|
|
@ -64,8 +64,8 @@ HCRYPTPROV CRYPT_GetDefaultProvider(void)
|
|||
{
|
||||
HCRYPTPROV prov;
|
||||
|
||||
if (!CryptAcquireContextW(&prov, NULL, MS_ENHANCED_PROV_W, PROV_RSA_FULL,
|
||||
CRYPT_VERIFYCONTEXT))
|
||||
if (!CryptAcquireContextW(&prov, NULL, MS_ENH_RSA_AES_PROV_W,
|
||||
PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
|
||||
return hDefProv;
|
||||
InterlockedCompareExchangePointer((PVOID *)&hDefProv, (PVOID)prov,
|
||||
NULL);
|
||||
|
|
|
|||
|
|
@ -1067,6 +1067,9 @@ static const WCHAR rc2[] = { 'r','c','2',0 };
|
|||
static const WCHAR rc4[] = { 'r','c','4',0 };
|
||||
static const WCHAR sha[] = { 's','h','a',0 };
|
||||
static const WCHAR sha1[] = { 's','h','a','1',0 };
|
||||
static const WCHAR sha256[] = { 's','h','a','2','5','6',0 };
|
||||
static const WCHAR sha384[] = { 's','h','a','3','8','4',0 };
|
||||
static const WCHAR sha512[] = { 's','h','a','5','1','2',0 };
|
||||
static const WCHAR RSA[] = { 'R','S','A',0 };
|
||||
static const WCHAR RSA_KEYX[] = { 'R','S','A','_','K','E','Y','X',0 };
|
||||
static const WCHAR RSA_SIGN[] = { 'R','S','A','_','S','I','G','N',0 };
|
||||
|
|
@ -1086,6 +1089,9 @@ static const WCHAR shaDSA[] = { 's','h','a','D','S','A',0 };
|
|||
static const WCHAR sha1DSA[] = { 's','h','a','1','D','S','A',0 };
|
||||
static const WCHAR shaRSA[] = { 's','h','a','R','S','A',0 };
|
||||
static const WCHAR sha1RSA[] = { 's','h','a','1','R','S','A',0 };
|
||||
static const WCHAR sha256RSA[] = { 's','h','a','2','5','6','R','S','A',0 };
|
||||
static const WCHAR sha384RSA[] = { 's','h','a','3','8','4','R','S','A',0 };
|
||||
static const WCHAR sha512RSA[] = { 's','h','a','5','1','2','R','S','A',0 };
|
||||
static const WCHAR mosaicUpdatedSig[] =
|
||||
{ 'm','o','s','a','i','c','U','p','d','a','t','e','d','S','i','g',0 };
|
||||
static const WCHAR CN[] = { 'C','N',0 };
|
||||
|
|
@ -1189,6 +1195,9 @@ static const struct OIDInfoConstructor {
|
|||
{ 3, szOID_PKIX_NO_SIGNATURE, CALG_NO_SIGN, NO_SIGN, NULL },
|
||||
|
||||
{ 4, szOID_RSA_SHA1RSA, CALG_SHA1, sha1RSA, &rsaSignBlob },
|
||||
{ 4, szOID_RSA_SHA256RSA, CALG_SHA_256, sha256RSA, &rsaSignBlob },
|
||||
{ 4, szOID_RSA_SHA384RSA, CALG_SHA_384, sha384RSA, &rsaSignBlob },
|
||||
{ 4, szOID_RSA_SHA512RSA, CALG_SHA_512, sha512RSA, &rsaSignBlob },
|
||||
{ 4, szOID_RSA_MD5RSA, CALG_MD5, md5RSA, &rsaSignBlob },
|
||||
{ 4, szOID_X957_SHA1DSA, CALG_SHA1, sha1DSA, &dssSignBlob },
|
||||
{ 4, szOID_OIWSEC_sha1RSASign, CALG_SHA1, sha1RSA, &rsaSignBlob },
|
||||
|
|
|
|||
|
|
@ -1339,14 +1339,18 @@ typedef struct _CRYPT_URL_INFO {
|
|||
DWORD *rgcGroupEntry;
|
||||
} CRYPT_URL_INFO, *PCRYPT_URL_INFO;
|
||||
|
||||
#define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1)
|
||||
#define URL_OID_CERTIFICATE_CRL_DIST_POINT ((LPCSTR)2)
|
||||
#define URL_OID_CTL_ISSUER ((LPCSTR)3)
|
||||
#define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4)
|
||||
#define URL_OID_CRL_ISSUER ((LPCSTR)5)
|
||||
#define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6)
|
||||
#define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7)
|
||||
#define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8)
|
||||
#define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1)
|
||||
#define URL_OID_CERTIFICATE_CRL_DIST_POINT ((LPCSTR)2)
|
||||
#define URL_OID_CTL_ISSUER ((LPCSTR)3)
|
||||
#define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4)
|
||||
#define URL_OID_CRL_ISSUER ((LPCSTR)5)
|
||||
#define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6)
|
||||
#define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7)
|
||||
#define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8)
|
||||
#define URL_OID_CERTIFICATE_OCSP ((LPCSTR)9)
|
||||
#define URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT ((LPCSTR)10)
|
||||
#define URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP ((LPCSTR)11)
|
||||
#define URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS ((LPCSTR)12)
|
||||
|
||||
#define URL_OID_GET_OBJECT_URL_FUNC "UrlDllGetObjectUrl"
|
||||
|
||||
|
|
@ -2778,6 +2782,9 @@ typedef struct _CTL_FIND_SUBJECT_PARA
|
|||
#define szOID_RSA_MD5RSA "1.2.840.113549.1.1.4"
|
||||
#define szOID_RSA_SHA1RSA "1.2.840.113549.1.1.5"
|
||||
#define szOID_RSA_SET0AEP_RSA "1.2.840.113549.1.1.6"
|
||||
#define szOID_RSA_SHA256RSA "1.2.840.113549.1.1.11"
|
||||
#define szOID_RSA_SHA384RSA "1.2.840.113549.1.1.12"
|
||||
#define szOID_RSA_SHA512RSA "1.2.840.113549.1.1.13"
|
||||
#define szOID_RSA_DH "1.2.840.113549.1.3.1"
|
||||
#define szOID_RSA_data "1.2.840.113549.1.7.1"
|
||||
#define szOID_RSA_signedData "1.2.840.113549.1.7.2"
|
||||
|
|
|
|||
Loading…
Reference in a new issue