crypt32: Correct self-signed cert creation.
- use correct function names for rpcrt functions - use CryptGenRandom to create unique serial numbers
This commit is contained in:
parent
2660b8f9c1
commit
78f59dd7e9
|
@ -1826,6 +1826,7 @@ static PCCERT_CONTEXT CRYPT_CreateSignedCert(PCRYPT_DER_BLOB blob,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Copies data from the parameters into info, where:
|
/* Copies data from the parameters into info, where:
|
||||||
|
* pSerialNumber: The serial number. Must not be NULL.
|
||||||
* pSubjectIssuerBlob: Specifies both the subject and issuer for info.
|
* pSubjectIssuerBlob: Specifies both the subject and issuer for info.
|
||||||
* Must not be NULL
|
* Must not be NULL
|
||||||
* pSignatureAlgorithm: Optional.
|
* pSignatureAlgorithm: Optional.
|
||||||
|
@ -1836,23 +1837,22 @@ static PCCERT_CONTEXT CRYPT_CreateSignedCert(PCRYPT_DER_BLOB blob,
|
||||||
* pubKey: The public key of the certificate. Must not be NULL.
|
* pubKey: The public key of the certificate. Must not be NULL.
|
||||||
* pExtensions: Extensions to be included with the certificate. Optional.
|
* pExtensions: Extensions to be included with the certificate. Optional.
|
||||||
*/
|
*/
|
||||||
static void CRYPT_MakeCertInfo(PCERT_INFO info,
|
static void CRYPT_MakeCertInfo(PCERT_INFO info, PCRYPT_DATA_BLOB pSerialNumber,
|
||||||
PCERT_NAME_BLOB pSubjectIssuerBlob,
|
PCERT_NAME_BLOB pSubjectIssuerBlob,
|
||||||
PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime,
|
PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime,
|
||||||
PSYSTEMTIME pEndTime, PCERT_PUBLIC_KEY_INFO pubKey,
|
PSYSTEMTIME pEndTime, PCERT_PUBLIC_KEY_INFO pubKey,
|
||||||
PCERT_EXTENSIONS pExtensions)
|
PCERT_EXTENSIONS pExtensions)
|
||||||
{
|
{
|
||||||
/* FIXME: what serial number to use? */
|
|
||||||
static const BYTE serialNum[] = { 1 };
|
|
||||||
static CHAR oid[] = szOID_RSA_SHA1RSA;
|
static CHAR oid[] = szOID_RSA_SHA1RSA;
|
||||||
|
|
||||||
assert(info);
|
assert(info);
|
||||||
|
assert(pSerialNumber);
|
||||||
assert(pSubjectIssuerBlob);
|
assert(pSubjectIssuerBlob);
|
||||||
assert(pubKey);
|
assert(pubKey);
|
||||||
|
|
||||||
info->dwVersion = CERT_V3;
|
info->dwVersion = CERT_V3;
|
||||||
info->SerialNumber.cbData = sizeof(serialNum);
|
info->SerialNumber.cbData = pSerialNumber->cbData;
|
||||||
info->SerialNumber.pbData = (LPBYTE)serialNum;
|
info->SerialNumber.pbData = pSerialNumber->pbData;
|
||||||
if (pSignatureAlgorithm)
|
if (pSignatureAlgorithm)
|
||||||
memcpy(&info->SignatureAlgorithm, pSignatureAlgorithm,
|
memcpy(&info->SignatureAlgorithm, pSignatureAlgorithm,
|
||||||
sizeof(info->SignatureAlgorithm));
|
sizeof(info->SignatureAlgorithm));
|
||||||
|
@ -1910,9 +1910,9 @@ static HCRYPTPROV CRYPT_CreateKeyProv(void)
|
||||||
UuidCreateFunc uuidCreate = (UuidCreateFunc)GetProcAddress(rpcrt,
|
UuidCreateFunc uuidCreate = (UuidCreateFunc)GetProcAddress(rpcrt,
|
||||||
"UuidCreate");
|
"UuidCreate");
|
||||||
UuidToStringFunc uuidToString = (UuidToStringFunc)GetProcAddress(rpcrt,
|
UuidToStringFunc uuidToString = (UuidToStringFunc)GetProcAddress(rpcrt,
|
||||||
"UuidToString");
|
"UuidToStringA");
|
||||||
RpcStringFreeFunc rpcStringFree = (RpcStringFreeFunc)GetProcAddress(
|
RpcStringFreeFunc rpcStringFree = (RpcStringFreeFunc)GetProcAddress(
|
||||||
rpcrt, "RpcStringFree");
|
rpcrt, "RpcStringFreeA");
|
||||||
|
|
||||||
if (uuidCreate && uuidToString && rpcStringFree)
|
if (uuidCreate && uuidToString && rpcStringFree)
|
||||||
{
|
{
|
||||||
|
@ -1978,10 +1978,12 @@ PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(HCRYPTPROV hProv,
|
||||||
{
|
{
|
||||||
CERT_INFO info = { 0 };
|
CERT_INFO info = { 0 };
|
||||||
CRYPT_DER_BLOB blob = { 0, NULL };
|
CRYPT_DER_BLOB blob = { 0, NULL };
|
||||||
BOOL ret;
|
BYTE serial[16];
|
||||||
|
CRYPT_DATA_BLOB serialBlob = { sizeof(serial), serial };
|
||||||
|
|
||||||
CRYPT_MakeCertInfo(&info, pSubjectIssuerBlob, pSignatureAlgorithm,
|
CryptGenRandom(hProv, sizeof(serial), serial);
|
||||||
pStartTime, pEndTime, pubKey, pExtensions);
|
CRYPT_MakeCertInfo(&info, &serialBlob, pSubjectIssuerBlob,
|
||||||
|
pSignatureAlgorithm, pStartTime, pEndTime, pubKey, pExtensions);
|
||||||
ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
|
ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
|
||||||
&info, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&blob.pbData,
|
&info, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&blob.pbData,
|
||||||
&blob.cbData);
|
&blob.cbData);
|
||||||
|
|
Loading…
Reference in New Issue