From 78e9a12f0ae03f9e13d1868036931f99f9d6e9e9 Mon Sep 17 00:00:00 2001 From: Christoph von Wittich Date: Sun, 21 Mar 2010 14:58:20 +0000 Subject: [PATCH] [CRYPT32] sync crypt32 with wine 1.1.41 svn path=/trunk/; revision=46300 --- reactos/dll/win32/crypt32/chain.c | 75 +++++++++++++++++++++++++++++++ reactos/dll/win32/crypt32/main.c | 4 +- reactos/dll/win32/crypt32/oid.c | 9 ++++ reactos/include/psdk/wincrypt.h | 23 ++++++---- 4 files changed, 101 insertions(+), 10 deletions(-) diff --git a/reactos/dll/win32/crypt32/chain.c b/reactos/dll/win32/crypt32/chain.c index 6cdd103e666..1724f4254fe 100644 --- a/reactos/dll/win32/crypt32/chain.c +++ b/reactos/dll/win32/crypt32/chain.c @@ -1306,6 +1306,78 @@ static void CRYPT_CheckChainNameConstraints(PCERT_SIMPLE_CHAIN chain) } } +/* Gets cert's policies info, if any. Free with LocalFree. */ +static CERT_POLICIES_INFO *CRYPT_GetPolicies(PCCERT_CONTEXT cert) +{ + PCERT_EXTENSION ext; + CERT_POLICIES_INFO *policies = NULL; + + ext = CertFindExtension(szOID_KEY_USAGE, cert->pCertInfo->cExtension, + cert->pCertInfo->rgExtension); + if (ext) + { + DWORD size; + + CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_POLICIES, + ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, + &policies, &size); + } + return policies; +} + +static void CRYPT_CheckPolicies(CERT_POLICIES_INFO *policies, CERT_INFO *cert, + DWORD *errorStatus) +{ + DWORD i; + + for (i = 0; i < policies->cPolicyInfo; i++) + { + /* For now, the only accepted policy identifier is the anyPolicy + * identifier. + * FIXME: the policy identifiers should be compared against the + * cert's certificate policies extension, subject to the policy + * mappings extension, and the policy constraints extension. + * See RFC 5280, sections 4.2.1.4, 4.2.1.5, and 4.2.1.11. + */ + if (strcmp(policies->rgPolicyInfo[i].pszPolicyIdentifier, + szOID_ANY_CERT_POLICY)) + { + FIXME("unsupported policy %s\n", + policies->rgPolicyInfo[i].pszPolicyIdentifier); + *errorStatus |= CERT_TRUST_INVALID_POLICY_CONSTRAINTS; + } + } +} + +static void CRYPT_CheckChainPolicies(PCERT_SIMPLE_CHAIN chain) +{ + int i, j; + + for (i = chain->cElement - 1; i > 0; i--) + { + CERT_POLICIES_INFO *policies; + + if ((policies = CRYPT_GetPolicies(chain->rgpElement[i]->pCertContext))) + { + for (j = i - 1; j >= 0; j--) + { + DWORD errorStatus = 0; + + CRYPT_CheckPolicies(policies, + chain->rgpElement[j]->pCertContext->pCertInfo, &errorStatus); + if (errorStatus) + { + chain->rgpElement[i]->TrustStatus.dwErrorStatus |= + errorStatus; + CRYPT_CombineTrustStatus(&chain->TrustStatus, + &chain->rgpElement[i]->TrustStatus); + } + } + LocalFree(policies); + } + } +} + static LPWSTR name_value_to_str(const CERT_NAME_BLOB *name) { DWORD len = cert_name_to_str_with_indent(X509_ASN_ENCODING, 0, name, @@ -1739,6 +1811,8 @@ static BOOL CRYPT_CriticalExtensionsSupported(PCCERT_CONTEXT cert) ret = TRUE; else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME2)) ret = TRUE; + else if (!strcmp(oid, szOID_CERT_POLICIES)) + ret = TRUE; else if (!strcmp(oid, szOID_ENHANCED_KEY_USAGE)) ret = TRUE; else @@ -1883,6 +1957,7 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine, &chain->rgpElement[i]->TrustStatus); } CRYPT_CheckChainNameConstraints(chain); + CRYPT_CheckChainPolicies(chain); if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext)) { rootElement->TrustStatus.dwInfoStatus |= diff --git a/reactos/dll/win32/crypt32/main.c b/reactos/dll/win32/crypt32/main.c index 5844b1841e5..db9dc1a946a 100644 --- a/reactos/dll/win32/crypt32/main.c +++ b/reactos/dll/win32/crypt32/main.c @@ -64,8 +64,8 @@ HCRYPTPROV CRYPT_GetDefaultProvider(void) { HCRYPTPROV prov; - if (!CryptAcquireContextW(&prov, NULL, MS_ENHANCED_PROV_W, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT)) + if (!CryptAcquireContextW(&prov, NULL, MS_ENH_RSA_AES_PROV_W, + PROV_RSA_AES, CRYPT_VERIFYCONTEXT)) return hDefProv; InterlockedCompareExchangePointer((PVOID *)&hDefProv, (PVOID)prov, NULL); diff --git a/reactos/dll/win32/crypt32/oid.c b/reactos/dll/win32/crypt32/oid.c index ea30d9ccd45..ea7b539208b 100644 --- a/reactos/dll/win32/crypt32/oid.c +++ b/reactos/dll/win32/crypt32/oid.c @@ -1067,6 +1067,9 @@ static const WCHAR rc2[] = { 'r','c','2',0 }; static const WCHAR rc4[] = { 'r','c','4',0 }; static const WCHAR sha[] = { 's','h','a',0 }; static const WCHAR sha1[] = { 's','h','a','1',0 }; +static const WCHAR sha256[] = { 's','h','a','2','5','6',0 }; +static const WCHAR sha384[] = { 's','h','a','3','8','4',0 }; +static const WCHAR sha512[] = { 's','h','a','5','1','2',0 }; static const WCHAR RSA[] = { 'R','S','A',0 }; static const WCHAR RSA_KEYX[] = { 'R','S','A','_','K','E','Y','X',0 }; static const WCHAR RSA_SIGN[] = { 'R','S','A','_','S','I','G','N',0 }; @@ -1086,6 +1089,9 @@ static const WCHAR shaDSA[] = { 's','h','a','D','S','A',0 }; static const WCHAR sha1DSA[] = { 's','h','a','1','D','S','A',0 }; static const WCHAR shaRSA[] = { 's','h','a','R','S','A',0 }; static const WCHAR sha1RSA[] = { 's','h','a','1','R','S','A',0 }; +static const WCHAR sha256RSA[] = { 's','h','a','2','5','6','R','S','A',0 }; +static const WCHAR sha384RSA[] = { 's','h','a','3','8','4','R','S','A',0 }; +static const WCHAR sha512RSA[] = { 's','h','a','5','1','2','R','S','A',0 }; static const WCHAR mosaicUpdatedSig[] = { 'm','o','s','a','i','c','U','p','d','a','t','e','d','S','i','g',0 }; static const WCHAR CN[] = { 'C','N',0 }; @@ -1189,6 +1195,9 @@ static const struct OIDInfoConstructor { { 3, szOID_PKIX_NO_SIGNATURE, CALG_NO_SIGN, NO_SIGN, NULL }, { 4, szOID_RSA_SHA1RSA, CALG_SHA1, sha1RSA, &rsaSignBlob }, + { 4, szOID_RSA_SHA256RSA, CALG_SHA_256, sha256RSA, &rsaSignBlob }, + { 4, szOID_RSA_SHA384RSA, CALG_SHA_384, sha384RSA, &rsaSignBlob }, + { 4, szOID_RSA_SHA512RSA, CALG_SHA_512, sha512RSA, &rsaSignBlob }, { 4, szOID_RSA_MD5RSA, CALG_MD5, md5RSA, &rsaSignBlob }, { 4, szOID_X957_SHA1DSA, CALG_SHA1, sha1DSA, &dssSignBlob }, { 4, szOID_OIWSEC_sha1RSASign, CALG_SHA1, sha1RSA, &rsaSignBlob }, diff --git a/reactos/include/psdk/wincrypt.h b/reactos/include/psdk/wincrypt.h index af79c64240d..3f7f4ed6e5b 100644 --- a/reactos/include/psdk/wincrypt.h +++ b/reactos/include/psdk/wincrypt.h @@ -1339,14 +1339,18 @@ typedef struct _CRYPT_URL_INFO { DWORD *rgcGroupEntry; } CRYPT_URL_INFO, *PCRYPT_URL_INFO; -#define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1) -#define URL_OID_CERTIFICATE_CRL_DIST_POINT ((LPCSTR)2) -#define URL_OID_CTL_ISSUER ((LPCSTR)3) -#define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4) -#define URL_OID_CRL_ISSUER ((LPCSTR)5) -#define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6) -#define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7) -#define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8) +#define URL_OID_CERTIFICATE_ISSUER ((LPCSTR)1) +#define URL_OID_CERTIFICATE_CRL_DIST_POINT ((LPCSTR)2) +#define URL_OID_CTL_ISSUER ((LPCSTR)3) +#define URL_OID_CTL_NEXT_UPDATE ((LPCSTR)4) +#define URL_OID_CRL_ISSUER ((LPCSTR)5) +#define URL_OID_CERTIFICATE_FRESHEST_CRL ((LPCSTR)6) +#define URL_OID_CRL_FRESHEST_CRL ((LPCSTR)7) +#define URL_OID_CROSS_CERT_DIST_POINT ((LPCSTR)8) +#define URL_OID_CERTIFICATE_OCSP ((LPCSTR)9) +#define URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT ((LPCSTR)10) +#define URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP ((LPCSTR)11) +#define URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS ((LPCSTR)12) #define URL_OID_GET_OBJECT_URL_FUNC "UrlDllGetObjectUrl" @@ -2778,6 +2782,9 @@ typedef struct _CTL_FIND_SUBJECT_PARA #define szOID_RSA_MD5RSA "1.2.840.113549.1.1.4" #define szOID_RSA_SHA1RSA "1.2.840.113549.1.1.5" #define szOID_RSA_SET0AEP_RSA "1.2.840.113549.1.1.6" +#define szOID_RSA_SHA256RSA "1.2.840.113549.1.1.11" +#define szOID_RSA_SHA384RSA "1.2.840.113549.1.1.12" +#define szOID_RSA_SHA512RSA "1.2.840.113549.1.1.13" #define szOID_RSA_DH "1.2.840.113549.1.3.1" #define szOID_RSA_data "1.2.840.113549.1.7.1" #define szOID_RSA_signedData "1.2.840.113549.1.7.2"