crypt32: Correctly return how the issuer of a self signed certificate was matched.

Original patch by Michael Müller.

Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Nikolay Sivov 2018-06-25 14:12:12 +03:00 committed by Alexandre Julliard
parent 5d7fa27a2f
commit e353656804
2 changed files with 24 additions and 31 deletions

View File

@ -265,10 +265,10 @@ typedef struct _CertificateChain
LONG ref; LONG ref;
} CertificateChain; } CertificateChain;
BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) DWORD CRYPT_IsCertificateSelfSigned(const CERT_CONTEXT *cert)
{ {
DWORD size, status = 0;
PCERT_EXTENSION ext; PCERT_EXTENSION ext;
DWORD size;
BOOL ret; BOOL ret;
if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2, if ((ext = CertFindExtension(szOID_AUTHORITY_KEY_IDENTIFIER2,
@ -296,10 +296,9 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
&info->AuthorityCertIssuer.rgAltEntry[i]; &info->AuthorityCertIssuer.rgAltEntry[i];
if (directoryName) if (directoryName)
{ {
ret = CertCompareCertificateName(cert->dwCertEncodingType, if (CertCompareCertificateName(cert->dwCertEncodingType, &directoryName->u.DirectoryName, &cert->pCertInfo->Issuer)
&directoryName->u.DirectoryName, &cert->pCertInfo->Issuer) && CertCompareIntegerBlob(&info->AuthorityCertSerialNumber, &cert->pCertInfo->SerialNumber))
&& CertCompareIntegerBlob(&info->AuthorityCertSerialNumber, status = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
&cert->pCertInfo->SerialNumber);
} }
else else
{ {
@ -317,16 +316,12 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
if (buf) if (buf)
{ {
CertGetCertificateContextProperty(cert, CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
CERT_KEY_IDENTIFIER_PROP_ID, buf, &size); if (!memcmp(buf, info->KeyId.pbData, size))
ret = !memcmp(buf, info->KeyId.pbData, size); status = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
CryptMemFree(buf); CryptMemFree(buf);
} }
else
ret = FALSE;
} }
else
ret = FALSE;
} }
LocalFree(info); LocalFree(info);
} }
@ -344,10 +339,9 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
{ {
if (info->CertIssuer.cbData && info->CertSerialNumber.cbData) if (info->CertIssuer.cbData && info->CertSerialNumber.cbData)
{ {
ret = CertCompareCertificateName(cert->dwCertEncodingType, if (CertCompareCertificateName(cert->dwCertEncodingType, &info->CertIssuer, &cert->pCertInfo->Issuer)
&info->CertIssuer, &cert->pCertInfo->Issuer) && && CertCompareIntegerBlob(&info->CertSerialNumber, &cert->pCertInfo->SerialNumber))
CertCompareIntegerBlob(&info->CertSerialNumber, status = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
&cert->pCertInfo->SerialNumber);
} }
else if (info->KeyId.cbData) else if (info->KeyId.cbData)
{ {
@ -361,24 +355,23 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
{ {
CertGetCertificateContextProperty(cert, CertGetCertificateContextProperty(cert,
CERT_KEY_IDENTIFIER_PROP_ID, buf, &size); CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
ret = !memcmp(buf, info->KeyId.pbData, size); if (!memcmp(buf, info->KeyId.pbData, size))
status = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
CryptMemFree(buf); CryptMemFree(buf);
} }
else
ret = FALSE;
} }
else
ret = FALSE;
} }
else
ret = FALSE;
LocalFree(info); LocalFree(info);
} }
} }
else else
ret = CertCompareCertificateName(cert->dwCertEncodingType, if (CertCompareCertificateName(cert->dwCertEncodingType, &cert->pCertInfo->Subject, &cert->pCertInfo->Issuer))
&cert->pCertInfo->Subject, &cert->pCertInfo->Issuer); status = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
return ret;
if (status)
status |= CERT_TRUST_IS_SELF_SIGNED;
return status;
} }
static void CRYPT_FreeChainElement(PCERT_CHAIN_ELEMENT element) static void CRYPT_FreeChainElement(PCERT_CHAIN_ELEMENT element)
@ -1890,6 +1883,7 @@ static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine,
int i; int i;
BOOL pathLengthConstraintViolated = FALSE; BOOL pathLengthConstraintViolated = FALSE;
CERT_BASIC_CONSTRAINTS2_INFO constraints = { FALSE, FALSE, 0 }; CERT_BASIC_CONSTRAINTS2_INFO constraints = { FALSE, FALSE, 0 };
DWORD status;
TRACE_(chain)("checking chain with %d elements for time %s\n", TRACE_(chain)("checking chain with %d elements for time %s\n",
chain->cElement, filetime_to_str(time)); chain->cElement, filetime_to_str(time));
@ -1977,10 +1971,9 @@ static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine,
} }
CRYPT_CheckChainNameConstraints(chain); CRYPT_CheckChainNameConstraints(chain);
CRYPT_CheckChainPolicies(chain); CRYPT_CheckChainPolicies(chain);
if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext)) if ((status = CRYPT_IsCertificateSelfSigned(rootElement->pCertContext)))
{ {
rootElement->TrustStatus.dwInfoStatus |= rootElement->TrustStatus.dwInfoStatus |= status;
CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER;
CRYPT_CheckRootCert(engine->hRoot, rootElement); CRYPT_CheckRootCert(engine->hRoot, rootElement);
} }
CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus); CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);

View File

@ -343,7 +343,7 @@ void CRYPT_ImportSystemRootCertsToReg(void) DECLSPEC_HIDDEN;
BOOL CRYPT_SerializeContextsToReg(HKEY key, DWORD flags, const WINE_CONTEXT_INTERFACE *contextInterface, BOOL CRYPT_SerializeContextsToReg(HKEY key, DWORD flags, const WINE_CONTEXT_INTERFACE *contextInterface,
HCERTSTORE memStore) DECLSPEC_HIDDEN; HCERTSTORE memStore) DECLSPEC_HIDDEN;
BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) DECLSPEC_HIDDEN; DWORD CRYPT_IsCertificateSelfSigned(const CERT_CONTEXT *cert) DECLSPEC_HIDDEN;
/* Allocates and initializes a certificate chain engine, but without creating /* Allocates and initializes a certificate chain engine, but without creating
* the root store. Instead, it uses root, and assumes the caller has done any * the root store. Instead, it uses root, and assumes the caller has done any