From 78f59dd7e970ac1bc83192ceca3020e7c50807a3 Mon Sep 17 00:00:00 2001
From: Juan Lang <juan_lang@yahoo.com>
Date: Thu, 13 Jul 2006 23:06:49 -0700
Subject: [PATCH] crypt32: Correct self-signed cert creation.

- use correct function names for rpcrt functions
- use CryptGenRandom to create unique serial numbers
---
 dlls/crypt32/cert.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 851c8c5d2d3..b5d510d8c90 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -1826,6 +1826,7 @@ static PCCERT_CONTEXT CRYPT_CreateSignedCert(PCRYPT_DER_BLOB blob,
 }
 
 /* Copies data from the parameters into info, where:
+ * pSerialNumber: The serial number.  Must not be NULL.
  * pSubjectIssuerBlob: Specifies both the subject and issuer for info.
  *                     Must not be NULL
  * pSignatureAlgorithm: Optional.
@@ -1836,23 +1837,22 @@ static PCCERT_CONTEXT CRYPT_CreateSignedCert(PCRYPT_DER_BLOB blob,
  * pubKey: The public key of the certificate.  Must not be NULL.
  * pExtensions: Extensions to be included with the certificate.  Optional.
  */
-static void CRYPT_MakeCertInfo(PCERT_INFO info,
+static void CRYPT_MakeCertInfo(PCERT_INFO info, PCRYPT_DATA_BLOB pSerialNumber,
  PCERT_NAME_BLOB pSubjectIssuerBlob,
  PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime,
  PSYSTEMTIME pEndTime, PCERT_PUBLIC_KEY_INFO pubKey,
  PCERT_EXTENSIONS pExtensions)
 {
-    /* FIXME: what serial number to use? */
-    static const BYTE serialNum[] = { 1 };
     static CHAR oid[] = szOID_RSA_SHA1RSA;
 
     assert(info);
+    assert(pSerialNumber);
     assert(pSubjectIssuerBlob);
     assert(pubKey);
 
     info->dwVersion = CERT_V3;
-    info->SerialNumber.cbData = sizeof(serialNum);
-    info->SerialNumber.pbData = (LPBYTE)serialNum;
+    info->SerialNumber.cbData = pSerialNumber->cbData;
+    info->SerialNumber.pbData = pSerialNumber->pbData;
     if (pSignatureAlgorithm)
         memcpy(&info->SignatureAlgorithm, pSignatureAlgorithm,
          sizeof(info->SignatureAlgorithm));
@@ -1910,9 +1910,9 @@ static HCRYPTPROV CRYPT_CreateKeyProv(void)
         UuidCreateFunc uuidCreate = (UuidCreateFunc)GetProcAddress(rpcrt,
          "UuidCreate");
         UuidToStringFunc uuidToString = (UuidToStringFunc)GetProcAddress(rpcrt,
-         "UuidToString");
+         "UuidToStringA");
         RpcStringFreeFunc rpcStringFree = (RpcStringFreeFunc)GetProcAddress(
-         rpcrt, "RpcStringFree");
+         rpcrt, "RpcStringFreeA");
 
         if (uuidCreate && uuidToString && rpcStringFree)
         {
@@ -1978,10 +1978,12 @@ PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(HCRYPTPROV hProv,
         {
             CERT_INFO info = { 0 };
             CRYPT_DER_BLOB blob = { 0, NULL };
-            BOOL ret;
+            BYTE serial[16];
+            CRYPT_DATA_BLOB serialBlob = { sizeof(serial), serial };
 
-            CRYPT_MakeCertInfo(&info, pSubjectIssuerBlob, pSignatureAlgorithm,
-             pStartTime, pEndTime, pubKey, pExtensions);
+            CryptGenRandom(hProv, sizeof(serial), serial);
+            CRYPT_MakeCertInfo(&info, &serialBlob, pSubjectIssuerBlob,
+             pSignatureAlgorithm, pStartTime, pEndTime, pubKey, pExtensions);
             ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
              &info, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&blob.pbData,
              &blob.cbData);