0a866d0e45
crypt32: Avoid using HIWORD() on a string pointer.
...
The stray IS_INTRESOURCE() is applied to a true resource. The other
strings are OIDs and not resources.
2010-01-29 14:59:02 +01:00
17f674c2e7
crypt32: Add Ukrainian translations.
2010-01-28 12:16:37 +01:00
b4448d9b77
crypt32/tests: Add a win_skip().
2010-01-20 15:29:50 +01:00
4e18ac601f
crypt32: Don't get confused matching URLs with a colon in the userinfo portion (e.g. user:password@domain).
2009-12-21 15:01:22 +01:00
048594854a
crypt32: Check authority key identifer extension to determine if a certificate is self-signed.
2009-12-18 11:39:58 +01:00
e402260db4
crypt32: Remove an unneeded assignment.
2009-12-17 12:42:39 +01:00
483d241559
crypt32: Remove unneeded assignments.
2009-12-16 12:21:12 +01:00
01a7cbf843
crypt32: Accept end certificates with no extended key usage extension if a particular key usage is requested.
2009-12-11 17:47:30 +01:00
7a610a9072
crypt32: Fix CertAddCTLContextToStore for CERT_STORE_ADD_USE_EXISTING add disposition.
2009-12-11 11:50:12 +01:00
c7609f3c55
crypt32: Fix CertAddCRLContextToStore for CERT_STORE_ADD_USE_EXISTING add disposition.
2009-12-11 11:50:09 +01:00
0444cd93c4
crypt32: Don't dereference an output pointer which may be NULL.
2009-12-11 11:50:03 +01:00
1740d9fe44
crypt32: Trace chain final error status.
2009-12-11 11:49:56 +01:00
4f83f9a120
crypt32/tests: Avoid size_t in traces.
2009-12-09 12:19:38 +01:00
4df042b54b
crypt32: Compare CRL's authority key identifier against the certificate's subject key identifier property, which also decodes the certificate's extension if necessary.
2009-12-09 12:02:43 +01:00
d1e592ad20
crypt32/tests: Fix compilation on systems that don't support nameless unions.
2009-12-08 17:42:25 +01:00
bab1c652ae
crypt32/tests: Fix memory leak in test.
2009-12-07 09:49:07 +01:00
cdbf6e8614
crypt32/tests: Don't pass as a parameter a variable that could be local.
2009-12-07 09:49:07 +01:00
6acd82fa79
crypt32: Correct AKI extension used in end certificate and CRL when checking revocation.
2009-12-04 12:01:16 +01:00
91fbdb561a
crypt32: The KeyId member of an authority key identifier is an octet string, not an integer.
2009-12-03 10:16:53 +01:00
865669eeb3
crypt32: Fix test failures on Win2k.
2009-12-03 10:11:54 +01:00
63383baed4
crypt32: Fix test failure on Win7.
2009-12-03 10:11:46 +01:00
596cd16fc4
crypt32: Only check revocation on a chain without other errors.
2009-12-03 10:11:33 +01:00
b402b78780
rsaenh: Fix padding bytes check for 0-byte payload.
2009-12-02 14:59:56 +01:00
9f5a554de0
crypt32: Correct AKI extension used in end certificate and CRL when checking revocation.
2009-12-02 12:18:02 +01:00
9c56314e3d
crypt32: Further fix test failures.
2009-12-02 12:12:50 +01:00
6b8c053218
crypt32: Fix test failures.
2009-12-01 12:24:00 +01:00
90c160c3d8
crypt32: Revert 8ed5a777de.
...
Ordinarily removing tests seems like a bad idea, but in this case it
seems the only rational response to the test failures the tests
produce. The tests check the state of three bits with a variety of
certificate and CRL combinations. One of these bits is apparently not
set by any version of Windows for any of the tests. Testing its
absence doesn't seem correct, and I'll explain why in more detail in a
second. Every permutation of the remaining two bits appears on at
least one Windows version, and no Windows version is obviously more
correct than the rest, so testing them doesn't seem worthwhile.
The one bit that doesn't appear to be set is the bit saying that a
certificate is revoked. I created CRLs that do in fact revoke some of
the tested certificates, so it appears to me that the bit should be
set. It's possible that Windows doesn't bother checking the
revocation status of a certificate whose anchor isn't trusted, but
it's impossible to test this in an automated regression test suite,
because adding a trusted certificate requires clicking OK (or its
equivalent) in a dialog. The dialog is invoked by the system process,
so I can't use a dialog hook to suppress it. I can test this
hypothesis manually, but it isn't possible to do so in an automated
way.
2009-11-30 12:57:53 +01:00
f2040b7725
crypt32: Don't copy past end of buffer when removing a string from a multi string.
2009-11-30 12:57:39 +01:00
b2ab45b78b
crypt32: Only match RDN attributes whose lengths are identical.
2009-11-21 14:31:46 +01:00
8e51a866b7
crypt32: When searching for a CRL by the AKI extension, the extension has to be decoded to match.
2009-11-21 14:31:46 +01:00
7dee971809
crypt32/tests: Fix a typo.
2009-11-21 14:31:46 +01:00
8646c39bdb
crypt32: Finding a CRL issued by a cert should compare the cert's subject, not its issuer.
2009-11-21 14:31:46 +01:00
6bc8237c63
crypt32/tests: Test one more certificate against the Verisign CRL.
2009-11-21 14:31:46 +01:00
22206b909a
crypt32/tests: Fix a typo.
2009-11-21 14:31:46 +01:00
3921454398
crypt32: Read trusted root certificates from system keychain on Mac OS X.
2009-11-21 14:31:45 +01:00
eee179206e
crypt32/tests: Fix tests on Win9x/ME.
2009-11-21 14:31:44 +01:00
1a392e1a30
crypt32: Support checking the requested usage for a chain.
2009-11-21 14:31:44 +01:00
30de103485
crypt32: Only trace a usage match if it's not empty.
2009-11-21 14:31:44 +01:00
e611a83962
crypt32: Test verifying the enhanced key usage of a chain.
2009-11-21 14:31:44 +01:00
9d9070ae3c
crypt32: CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR shouldn't check whether the CRL is valid for the subject certificate.
2009-11-20 11:15:11 +01:00
f378394acd
crypt32: Correct CertIsValidCRLForCertificate for certificates that do not contain a CRL dist points extension.
2009-11-20 11:15:06 +01:00
bcbfddd82a
crypt32: Fix tests on older Windows versions.
2009-11-20 11:15:01 +01:00
a3c6bc68c8
crypt32: Assume revocation server is offline if revocation status isn't known.
2009-11-20 11:14:52 +01:00
9e1d31e5e5
crypt32: Fix a typo.
2009-11-20 11:14:47 +01:00
8ed5a777de
crypt32: Test revocation checking with CertGetCertificateChain.
2009-11-20 11:14:41 +01:00
27128bb2f8
crypt32: Add more tests for CertVerifyRevocation.
2009-11-20 11:14:00 +01:00
8fcaa52d5d
crypt32: Add support for CRL_FIND_ISSUED_BY_AKI_FLAG to CertFindCRLInStore.
2009-11-19 11:49:59 +01:00
b278155616
crypt32: Add more tests for CertFindCRLInStore.
2009-11-19 11:49:53 +01:00
4727212e01
crypt32: Add support for CRL_FIND_ISSUED_BY_SIGNATURE_FLAG to CertFindCRLInStore.
2009-11-19 11:49:46 +01:00
8beed85a2c
crypt32: Add basic flags tests flags for CertFindCRLInStore with find type CRL_FIND_ISSUED_BY.
2009-11-19 11:49:40 +01:00
c84c53b1a6
crypt32: More fully implement CertIsValidCRLForCertificate.
2009-11-19 11:49:33 +01:00
e5c56b1798
crypt32: Correct tests for CertIsValidCRLForCertificate.
2009-11-19 11:49:21 +01:00
b16a78baa7
crypt32: Remove a redundant test.
2009-11-19 11:49:14 +01:00
4fa4f67c79
crypt32: Implement CertFindCRLInStore for find type CRL_FIND_ISSUED_FOR.
2009-11-19 11:49:09 +01:00
a3b462e3ea
crypt32: Add tests for CertFindCRLInStore with find type CRL_FIND_ISSUED_FOR.
2009-11-19 11:49:05 +01:00
7f5b24ed91
crypt32/tests: Fix a test failure on older crypt32.
2009-11-18 15:34:14 +01:00
96073d5129
crypt32: Remove an unnecessary test for the extended key usage extension in CA certificates.
2009-11-18 11:09:20 +01:00
d6958d7660
crypt32: Trace reasons for name constraint failure.
2009-11-18 11:09:08 +01:00
1db8a6abda
crypt32: Only fail directory name comparison if a directory name constraint is present and doesn't match.
2009-11-18 11:09:02 +01:00
a63affe5e0
crypt32: Don't apply directory name constraints to an empty subject name.
2009-11-18 11:08:55 +01:00
c464875a6d
crypt32: Accept a certificate if its name matches any permitted subtree of a name constraint.
2009-11-18 11:08:49 +01:00
d6f7d06cad
crypt32: Check email address in subject name against rfc822 name constraints.
2009-11-18 11:08:44 +01:00
e4c03521ac
crypt32: Apply name constraints to subject name.
2009-11-18 11:08:37 +01:00
6f35ae25b8
crypt32: Use helper function to compare a subject alternate name with name constraints.
2009-11-18 11:08:32 +01:00
a98dad4f93
crypt32: Only apply a name constraint if the name form is present.
2009-11-18 11:08:25 +01:00
f6d3348b7c
crypt32: Partially implement checking name constraints with directory names.
2009-11-18 11:08:20 +01:00
7c44544a6d
crypt32: Use helper functions to match excluded and permitted subtrees of name constraints.
2009-11-18 11:08:14 +01:00
9a40de08de
crypt32: Let caller set error codes when name constraints aren't met.
2009-11-18 11:08:08 +01:00
f8044948ba
crypt32: Remove an unnecessary if.
2009-11-18 11:08:01 +01:00
8585203103
crypt32: Prohibit name constraints that contain neither an excluded nor a permitted subtree.
2009-11-18 11:07:53 +01:00
a299470622
crypt32/tests: Fix another test failure.
2009-11-17 15:14:53 +01:00
440c702ce4
crypt32: Implement CertIsRDNAttrsInCertificateName.
2009-11-17 15:14:53 +01:00
ed74536f0c
crypt32: Add tests for CertIsRDNAttrsInCertificateName.
2009-11-17 15:14:53 +01:00
7d12294f08
crypt32: Add stub for CertIsRDNAttrsInCertificateName.
2009-11-17 15:14:53 +01:00
4a948fa929
crypt32: Add more tests for CertCompareCertificateName.
2009-11-17 15:14:53 +01:00
1974e61b59
crypt32: Correctly match subdomains with dns name constraints.
2009-11-17 12:05:11 +01:00
b74ef17efc
crypt32: If a hostname in a URI or rfc822 name constraint doesn't begin with '.', a match must be exact.
2009-11-17 12:05:04 +01:00
e82005fe2d
crypt32: Only compare the hostname portion of a URL when checking against a name constraint.
2009-11-17 12:04:58 +01:00
3c8a04f12f
crypt32: Include name constraints errors in the chain's error status.
2009-11-17 12:04:52 +01:00
f9ad32f0ad
crypt32: Trace method used to find an issuer.
2009-11-17 12:04:46 +01:00
8adc75b3ec
crypt32: Fix more test failures.
2009-11-16 11:34:31 +01:00
f6c4824675
crypt32: Update a comment.
2009-11-16 11:34:04 +01:00
c4b997bab3
crypt32: Set CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS when a certificate's name constraints are met.
2009-11-16 11:33:58 +01:00
9aee8fd556
crypt32: Fix test failures.
2009-11-13 11:52:25 +01:00
21ecc84620
crypt32: Accept any matching dNSName in a subject alternate name.
2009-11-13 11:52:25 +01:00
95a14deff9
crypt32: Add tests for cs.stanford.edu's chain.
2009-11-13 11:52:25 +01:00
d311cc9bdb
crypt32: Use broken() to mark an expected result from a broken version of crypt32.
2009-11-13 11:52:25 +01:00
b91d0c8bde
crypt32: Implement matching a certificate with a wildcard in its name.
2009-11-13 11:52:24 +01:00
e740672647
crypt32: Test matching a certificate with a wildcard in its name.
2009-11-13 11:52:24 +01:00
a29789e0bf
crypt32: Add openssl.org's cert to the tested chains.
2009-11-13 11:52:24 +01:00
574de15f51
crypt32: Fix more test failures on older crypt32 versions.
2009-11-12 13:11:38 +01:00
ba3433fa02
crypt32: Fix more test failures on older crypt32 versions.
2009-11-12 13:11:32 +01:00
4d2c9c3e87
crypt32/tests: Fix test failures.
2009-11-12 13:11:25 +01:00
d7c9bd13a2
crypt32: Fix test failures on multiple Windows versions.
2009-11-11 10:55:51 +01:00
300d5fe5c4
crypt32: Correct error when a matching name constraint is found.
2009-11-11 10:55:44 +01:00
0cf2e6fae6
crypt32: Stop reading a serialized store if a non-context prop ID appears before a context prop ID.
2009-11-11 10:55:36 +01:00
bdbee82c42
crypt32: Trace cert version.
2009-11-11 10:54:38 +01:00
0695b0dc73
crypt32: Fix test failures across Windows versions.
2009-11-11 10:54:24 +01:00
49c1a34721
crypt32: Fix some test failures on older crypt32 versions.
2009-11-11 10:54:12 +01:00
7eb33b18da
crypt32: Update a comment to reflect a fixed vulnerability.
2009-11-11 10:53:56 +01:00
ee02d43731
crypt32: Correct error when a constrained, permitted name type isn't found in the subject name.
2009-11-10 13:08:31 +01:00
2503e9ec73
crypt32: Use helper function to find the subject alternate name extension wherever it's needed.
2009-11-10 13:08:26 +01:00
ae6e884142
crypt32: Correct error when the subject alternate name can't be decoded.
2009-11-10 13:08:20 +01:00
865f3df35b
crypt32: Check the issued certificate for name constraint violations, not the issuing certificate.
2009-11-10 13:08:14 +01:00
ef6ce9a590
crypt32: Add more tests of name constraints.
2009-11-10 13:08:06 +01:00
a5361e45de
crypt32: Test more chains against different policies.
2009-11-10 13:07:35 +01:00
25e8f27817
crypt32: Disallow embedded NULLs in alternate names.
2009-11-10 13:07:28 +01:00
ddf78bdb38
crypt32: Test decoding alternate names with embedded NULLs.
2009-11-10 13:07:21 +01:00
6a3901f04b
crypt32: Test encoding and decoding name values with embedded NULLs.
2009-11-10 13:07:15 +01:00
216df7a714
crypt32: Reject certificates whose fields don't match their versions.
2009-11-10 13:07:07 +01:00
9fe6be454f
crypt32: Forbid minimum or maximum fields in name constraints.
2009-11-10 13:07:00 +01:00
e7404ba24f
crypt32: Fix decoding names when CRYPT_DECODE_ALLOC_FLAG is not specified.
2009-11-10 13:05:40 +01:00
6cefdef501
crypt32: Fix decoding unicode names when CRYPT_DECODE_ALLOC_FLAG is not specified.
2009-11-10 13:05:35 +01:00
c25753ece2
crypt32: Pass the correct pointer into CertificateFindStore.
2009-11-09 20:21:23 +01:00
267e890220
crypt32: Fix test failures on Win9x/NT4.
2009-11-09 19:58:40 +01:00
fbcce9f308
crypt32: Implement decoding cert policy constraints.
2009-11-09 19:58:34 +01:00
32ad424972
crypt32: Implement encoding cert policy constraints.
2009-11-09 19:58:28 +01:00
ae32f7bffc
crypt32: Add tests for encoding/decoding cert policy constraints.
2009-11-09 19:58:20 +01:00
7e7e73d0da
crypt32: Implement decoding cert policy mappings.
2009-11-09 19:58:13 +01:00
bf5e4d9bb7
crypt32: Implement encoding cert policy mappings.
2009-11-09 19:58:07 +01:00
fba863ddf0
crypt32: Add tests for encoding/decoding cert policy mappings.
2009-11-09 19:57:59 +01:00
ed9a4ffa0b
crypt32: Fix decoding cert issuer/subject unique ids.
2009-11-09 19:57:51 +01:00
4ccafdcb6f
crypt32: Fix encoding cert issuer/subject unique ids.
2009-11-09 19:57:45 +01:00
acfa433f15
crypt32: Add more tests of cert encoding/decoding.
2009-11-09 19:57:37 +01:00
7223d8b6d2
crypt32: Check the result of CryptAcquireContextW() when initializing default provider.
2009-11-09 19:37:00 +01:00
5274777b1c
crypt32: Permit lack of basic constraints extension on root certificates.
2009-11-09 19:34:36 +01:00
d94e4d315a
crypt32: Permit lack of key usage extension on root certificates.
...
This reverts 60770fb011
2009-11-09 19:34:32 +01:00
c52d110de1
crypt32: Don't free a file store's mem store, it's already freed by the provider store.
2009-11-05 11:57:58 +01:00
a16ca1d039
crypt32: Add a warning if a store's ref count is invalid.
2009-11-05 11:57:47 +01:00
88e599c4cf
crypt32: Don't copy past end of buffer when removing the last string in a multistring.
2009-11-05 11:57:41 +01:00
e1b2eb3485
crypt32: Fix a test failure on NT 4.
2009-11-05 11:57:13 +01:00
416cd484b2
crypt32: Implement CertStoreControl for collection stores.
2009-11-04 17:15:07 +01:00
33c70d35dd
crypt32: Add an implementation of CertControlStore for memory stores.
2009-11-04 17:15:02 +01:00
e6047ae52d
crypt32: Add tests of committing a collection store.
2009-11-04 17:14:53 +01:00
f8376b91da
crypt32: Eliminate a double free in the tests.
2009-11-04 16:45:18 +01:00
108f30bb7d
crypt32: Rename a function to reflect its behavior better, and return whether it succeeds.
2009-11-04 16:45:18 +01:00
7e1cff1c18
crypt32: Release contexts when removing them from the mem store.
2009-11-04 16:45:18 +01:00
df39bbba4f
crypt32: Don't delete a context when removing it from a list.
2009-11-04 16:45:18 +01:00
787d0ab564
crypt32: Add an error if the ref count is invalid when releasing a context.
2009-11-04 16:45:18 +01:00
1f363cd399
crypt32: Trace whenever a reference count changes, and change default debug channel to quiet the main crypt channel.
2009-11-04 16:45:18 +01:00
17894eb093
crypt32: Release a link context's linked context on every release, not just when it reaches 0.
2009-11-04 16:45:17 +01:00
52820b9cf8
crypt32: When creating a link context, call Context_AddRef to add-ref it so its children get add-ref'd too.
2009-11-04 16:45:17 +01:00
5f81ad6821
crypt32: When add-ref'ing a context, add-ref its linked contexts too.
2009-11-04 16:45:17 +01:00
fb5e0d8a4d
crypt32: When removing contexts from a list, make sure the context no longer references the list.
2009-11-04 16:45:17 +01:00
976c6ff3f8
crypt32: Correct reference counting when deleting contexts from collections.
2009-11-04 16:45:17 +01:00
92324ab38e
crypt32: Propagate errors from CertFree*Context to CertDelete*FromStore.
2009-11-04 16:45:17 +01:00
40855cae97
crypt32: Add return value to Context_Release to allow detecting reference counting errors.
2009-11-04 16:45:16 +01:00
d8094382a8
crypt32: Implement CertAddEncodedCertificateToSystemStoreA/W.
2009-11-04 16:45:16 +01:00
9364d7a928
crypt32: Add stub for CertAddCertificateLinkToStore.
2009-11-04 13:07:56 +01:00
f554669286
crypt32: Implement CryptGetIntendedKeyUsage.
2009-11-04 13:07:56 +01:00
6ac162231b
crypt32: Add tests for CertGetIntendedKeyUsage.
2009-11-04 13:07:55 +01:00
1c7c406b86
crypt32: Correct spec entries for certificate stores.
2009-11-03 21:31:33 +01:00
ed701e0787
crypt32: Add stub for CryptGetIntendedKeyUsage.
2009-11-03 21:31:28 +01:00
af3afcf81d
crypt32: Fix a memory leak in a test.
2009-11-03 21:29:29 +01:00
7a73fd97ad
crypt32: Fix a memory leak reading trusted root certs.
2009-11-03 21:29:24 +01:00
7dd75d1181
crypt32: Fix a memory leak querying a message object.
2009-11-03 21:29:19 +01:00
9928e2e1c5
crypt32: Support reading a serialized store object from memory in CryptQueryObject.
2009-11-03 21:29:13 +01:00
51a1f5a642
crypt32: Abstract function used to read from reading a serialized store.
2009-11-03 21:29:03 +01:00
16036dd27a
crypt32: Allow errors in locally installed root certs.
2009-11-03 21:18:30 +01:00
d6795bd908
crypt32: Trace contents of CERT_CHAIN_PARA.
2009-11-03 21:17:34 +01:00
fc0aff0d2e
crypt32: Add support for the CRYPT_STRING_NOCRLF flag to CryptBinaryToStringA/W.
2009-11-03 21:16:12 +01:00
2d5ac92d9a
crypt32: Partially implement CryptBinaryToStringW.
2009-11-03 21:15:55 +01:00
9750d0f7f5
crypt32: Trace policy error status in CertVerifyCertificateChainPolicy.
2009-10-30 11:32:09 +01:00
c4ce06293c
crypt32: Create a V1 certificate if it doesn't have extensions.
2009-10-30 11:32:04 +01:00
07b735682b
crypt32: Check CA certificates for the enhanced key usage extension.
2009-10-30 11:26:39 +01:00
60770fb011
crypt32: Only permit v1 or v2 CA certificates without a key usage extension if they're installed locally.
2009-10-30 11:26:30 +01:00
7b0297769d
crypt32: Use a helper function to find an existing cert by hash.
2009-10-30 11:26:21 +01:00
77472187c9
crypt32: Add key usage extension to chain4_0.
2009-10-30 11:26:15 +01:00
33a6235053
crypt32: Only permit v1 or v2 CA certificates without a basic constraints extension if they're installed locally.
2009-10-30 11:26:06 +01:00
552fec4002
crypt32: Add basic constraints to chain quality selection algorithm.
2009-10-30 11:24:23 +01:00
c310637f4f
crypt32: Remove redundant if clause.
2009-10-30 11:24:10 +01:00
9a13e1c70b
crypt32: Add basic constraints to chain15_0.
2009-10-30 11:23:58 +01:00
118374c081
crypt32: Add basic constraints to chain14_0.
2009-10-30 11:23:53 +01:00
0bd67b4c6f
crypt32: Add basic constraints and key usage to chain12_0.
2009-10-30 11:23:47 +01:00
002439e2f0
crypt32: Add basic constraints and key usage to chain8_0.
2009-10-30 11:23:41 +01:00
4557a8705b
crypt32: Add basic constraints and key usage to chain5_0.
2009-10-30 11:23:35 +01:00
86d6177215
crypt32: Add basic constraints and key usage to chain2_0.
2009-10-30 11:23:27 +01:00
6bf0e52011
crypt32: Add basic constraints and key usage to chain0_0.
2009-10-30 11:23:22 +01:00
9059892ec1
crypt32: Implement CertVerifyCertificateChainPolicy for CERT_CHAIN_POLICY_SSL.
2009-10-29 13:07:53 +01:00
2fbb736e01
crypt32: Add some tests of the SSL policy.
2009-10-29 13:07:47 +01:00
facd2e975a
crypt32: Allow the caller of checkChainPolicyStatus to specify the date to test with and additional policy parameters.
2009-10-29 13:07:39 +01:00
3669be9550
crypt32: Add the Google website's cert to tests.
2009-10-29 13:07:33 +01:00
24399bd359
crypt32: Support IPv6 addresses in name constraint comparison.
2009-10-29 13:07:20 +01:00
bcb4bc6be3
crypt32: Trace netscape cert type extension.
2009-10-29 13:07:14 +01:00
d664edb322
crypt32: Trace directory name of alt name entries.
2009-10-29 13:07:08 +01:00
1a194449cc
crypt32: Correct a prototype.
2009-10-29 13:07:03 +01:00
6a575d697e
crypt32: Accept either the subject alt name 2 or subject alt name extensions, and prefer the former when both are present.
2009-10-29 13:06:56 +01:00
1e953ef12e
crypt32: Trace the alt name extensions.
2009-10-29 13:06:49 +01:00
bf42ce9c90
crypt32: Trace name constraints extension.
2009-10-29 13:06:42 +01:00
777ea81c48
crypt32: Trace cert policies extension.
2009-10-29 13:06:35 +01:00
994d7ed40d
crypt32: Trace enhanced key usage extension.
2009-10-29 13:06:25 +01:00
5e25a23409
crypt32/tests: CryptUnprotectData: test zero-length payload.
2009-10-28 11:13:59 +01:00
89c009a063
crypt32: Fix a test failure on systems with no c: drive.
2009-10-26 11:17:00 +01:00
cf9491a5a3
crypt32: Move tracing of key usage extension to common extension tracing location.
2009-10-26 11:16:54 +01:00
c593173d15
crypt32: Make sure item size is at least the min size, and only align sizes that are greater.
2009-10-23 12:00:23 +02:00
eea0d75ed5
crypt32: Fix test failures on older versions of crypt32.
2009-10-22 17:24:52 +02:00
7fa618aa8e
crypt32: Check key usage during chain validation.
2009-10-21 16:21:53 +02:00
f2057592bf
crypt32: Add tests for key usage in the base policy.
2009-10-21 16:21:49 +02:00
a700e0556f
crypt32: Add key usage extension to non-root CA certs.
2009-10-21 16:21:44 +02:00
cbabc9d689
crypt32: Get CA flag from basic constraints extension of every cert in the chain.
2009-10-21 16:21:40 +02:00
f348e3feb7
crypt32: Check basic constraints extension for end certs too.
2009-10-21 16:21:36 +02:00
e1903dc6e0
crypt32: Encode public keys with NULL parameters if they're empty (and make tests more restrictive).
2009-10-21 16:05:56 +02:00
d8ca5bc348
crypt32: Use helper function to encode public keys for hashing.
...
This is necessary because the publicly callable form embeds the asn.1
NULL value when the parameters are empty, whereas the hash value
expects that it's missing.
2009-10-21 16:05:56 +02:00
c97e442a28
crypt32: Add a helper function to encode a cert's public key.
2009-10-21 16:05:55 +02:00
43182842cd
crypt32: Set an output parameter on the success path.
2009-10-21 16:05:55 +02:00
dd26bee14c
crypt32: Fix duplicating a NULL CTL context.
2009-10-21 16:05:55 +02:00
acc9d81f26
crypt32: Fix duplicating a NULL CRL context.
2009-10-21 16:05:54 +02:00
1e424138fe
crypt32: Implement CryptFindCertificateInStore for unicode strings.
2009-10-20 14:00:35 +02:00
af4b5303ba
crypt32: Test CertFindCertificateStore for finding Unicode strings.
2009-10-20 14:00:35 +02:00
c0872b218c
crypt32/tests: Get rid of a couple of certs unneeded by a test.
2009-10-20 14:00:35 +02:00
87405ade02
crypt32: Add a safe default for unsupported critical extensions.
2009-10-20 13:46:55 +02:00
d2cc5380db
crypt32: Fix compilation on systems that don't support nameless unions.
2009-10-19 14:45:10 +02:00
60140610e3
crypt32: Compare certificates in a consistent order.
2009-10-19 11:35:55 +02:00
3740e4150b
crypt32: Avoid repeatedly decoding authority key id extensions when searching for a cert's issuer.
2009-10-19 11:35:46 +02:00
b2d27097b5
crypt32: Introduce a helper function to search for certificates that doesn't require recreating the search key for every certificate.
2009-10-19 11:35:38 +02:00
e0a4404831
crypt32: Use helper function to search for certs.
2009-10-19 11:35:32 +02:00
1437d7ccc2
crypt32: Explicitly pass pointers to blob arrays rather than relying on an invalid alignment assumption.
2009-10-19 11:35:23 +02:00
3000bc200a
crypt32: Explicitly pass pointers to blob arrays rather than relying on an invalid alignment assumption.
2009-10-19 11:35:14 +02:00
5f317d702a
crypt32: Fix an invalid alignment assumption decoding a subtree's maximum.
2009-10-19 11:35:04 +02:00
4e300b6def
crypt32: Simplify CRYPT_AsnDecodeIntInternal.
2009-10-19 11:34:51 +02:00
7a33b61f34
crypt32: Don't pass CRYPT_DECODE_ALLOC_FLAG to array item decoders.
2009-10-16 13:40:08 +02:00
faa451628a
crypt32: Let CRYPT_AsnDecodeArray allocate memory for its callers.
2009-10-15 12:06:21 +02:00
c5699e736f
crypt32: Allocate memory if requested in CRYPT_AsnDecodeArray.
2009-10-15 12:06:21 +02:00
3c25d7540f
crypt32: Rename CRYPT_AsnDecodeArrayNoAlloc to CRYPT_AsnDecodeArray, and pass a CRYPT_DECODE_PARA * to it so that it can allocate memory if requested.
2009-10-15 12:06:21 +02:00
b1a1b32b59
crypt32: Decode enhanced key usages using CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
36fc7b06b1
crypt32: Decode CRL dist points using CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
155aa41d7c
crypt32: Decode cert policies info using CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
bba695cc3f
crypt32: Decode authority info access with CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
1b1626ac81
crypt32: Decode unicode names using CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
67ee87664e
crypt32: Decode names using CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
fd2a4c4330
crypt32: Correct a sequence item size.
2009-10-15 12:06:21 +02:00
4f815c7d03
crypt32: Convert internal callers of CRYPT_AsnDecodeArray to call CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
a8f5934f44
crypt32: Pass decode flags to CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
136eedb9af
crypt32: Further simplify calling CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:20 +02:00
271b477171
crypt32: Let CRYPT_AsnDecodeArrayNoAlloc calculate array size rather than requiring every caller to do so.
2009-10-15 12:06:20 +02:00
c64f31087f
crypt32: Simplify calling CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:20 +02:00
3c14587e18
crypt32: Add array descriptor members describing offsets of outer structure.
2009-10-15 12:06:20 +02:00
77cfb32360
crypt32: Simplify CRYPT_AsnDecodePKCSAttributes.
2009-10-15 12:06:20 +02:00
c7e3ea1484
crypt32: Explicitly pass array pointer when decoding CTL entry attributes rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
f5946e4acb
crypt32: Explicitly pass array pointer when decoding cert policy qualifiers rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
117ea9ee91
crypt32: Explicitly pass array pointer when decoding basic constraints' subtrees rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
6d74aac002
crypt32: Explicitly pass array pointer when decoding policy qualifier notice numbers rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
362abb6fa9
crypt32: Remove a redundant trace.
2009-10-15 12:06:20 +02:00
3270451ec0
crypt32: Explicitly pass array pointer when decoding CTL extensions rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
8aefb32523
crypt32: Explicitly pass array pointer when decoding CTL entries rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
030cd8f594
crypt32: Explicitly pass array pointer when decoding CMS message signers rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
e87dc9c530
crypt32: Simplify CRYPT_AsnDecodeDistPointName.
2009-10-15 12:06:19 +02:00
26bfd0281c
crypt32: Explicitly pass array pointer when decoding name constraints' excluded subtrees rather than assuming a particular alignment.
2009-10-15 12:06:19 +02:00
ab1376ad6c
crypt32: Explicitly pass array pointer when decoding name constraints' permitted subtrees rather than assuming a particular alignment.
2009-10-15 12:06:19 +02:00
07a1750af7
crypt32: Explicitly pass array pointer when decoding CMS message CRLs rather than assuming a particular alignment.
2009-10-15 12:06:19 +02:00
Michael Stefaniuc