Commit Graph

1518 Commits

Author SHA1 Message Date
Juan Lang 7eb33b18da crypt32: Update a comment to reflect a fixed vulnerability. 2009-11-11 10:53:56 +01:00
Juan Lang ee02d43731 crypt32: Correct error when a constrained, permitted name type isn't found in the subject name. 2009-11-10 13:08:31 +01:00
Juan Lang 2503e9ec73 crypt32: Use helper function to find the subject alternate name extension wherever it's needed. 2009-11-10 13:08:26 +01:00
Juan Lang ae6e884142 crypt32: Correct error when the subject alternate name can't be decoded. 2009-11-10 13:08:20 +01:00
Juan Lang 865f3df35b crypt32: Check the issued certificate for name constraint violations, not the issuing certificate. 2009-11-10 13:08:14 +01:00
Juan Lang ef6ce9a590 crypt32: Add more tests of name constraints. 2009-11-10 13:08:06 +01:00
Juan Lang a5361e45de crypt32: Test more chains against different policies. 2009-11-10 13:07:35 +01:00
Juan Lang 25e8f27817 crypt32: Disallow embedded NULLs in alternate names. 2009-11-10 13:07:28 +01:00
Juan Lang ddf78bdb38 crypt32: Test decoding alternate names with embedded NULLs. 2009-11-10 13:07:21 +01:00
Juan Lang 6a3901f04b crypt32: Test encoding and decoding name values with embedded NULLs. 2009-11-10 13:07:15 +01:00
Juan Lang 216df7a714 crypt32: Reject certificates whose fields don't match their versions. 2009-11-10 13:07:07 +01:00
Juan Lang 9fe6be454f crypt32: Forbid minimum or maximum fields in name constraints. 2009-11-10 13:07:00 +01:00
Juan Lang e7404ba24f crypt32: Fix decoding names when CRYPT_DECODE_ALLOC_FLAG is not specified. 2009-11-10 13:05:40 +01:00
Juan Lang 6cefdef501 crypt32: Fix decoding unicode names when CRYPT_DECODE_ALLOC_FLAG is not specified. 2009-11-10 13:05:35 +01:00
Marcus Meissner c25753ece2 crypt32: Pass the correct pointer into CertificateFindStore. 2009-11-09 20:21:23 +01:00
Juan Lang 267e890220 crypt32: Fix test failures on Win9x/NT4. 2009-11-09 19:58:40 +01:00
Juan Lang fbcce9f308 crypt32: Implement decoding cert policy constraints. 2009-11-09 19:58:34 +01:00
Juan Lang 32ad424972 crypt32: Implement encoding cert policy constraints. 2009-11-09 19:58:28 +01:00
Juan Lang ae32f7bffc crypt32: Add tests for encoding/decoding cert policy constraints. 2009-11-09 19:58:20 +01:00
Juan Lang 7e7e73d0da crypt32: Implement decoding cert policy mappings. 2009-11-09 19:58:13 +01:00
Juan Lang bf5e4d9bb7 crypt32: Implement encoding cert policy mappings. 2009-11-09 19:58:07 +01:00
Juan Lang fba863ddf0 crypt32: Add tests for encoding/decoding cert policy mappings. 2009-11-09 19:57:59 +01:00
Juan Lang ed9a4ffa0b crypt32: Fix decoding cert issuer/subject unique ids. 2009-11-09 19:57:51 +01:00
Juan Lang 4ccafdcb6f crypt32: Fix encoding cert issuer/subject unique ids. 2009-11-09 19:57:45 +01:00
Juan Lang acfa433f15 crypt32: Add more tests of cert encoding/decoding. 2009-11-09 19:57:37 +01:00
Paul Chitescu 7223d8b6d2 crypt32: Check the result of CryptAcquireContextW() when initializing default provider. 2009-11-09 19:37:00 +01:00
Juan Lang 5274777b1c crypt32: Permit lack of basic constraints extension on root certificates. 2009-11-09 19:34:36 +01:00
Juan Lang d94e4d315a crypt32: Permit lack of key usage extension on root certificates.
This reverts 60770fb011, although it
updates the comments to give a reason.  Thanks to Matt Van Gundy for
pointing it out to me.
2009-11-09 19:34:32 +01:00
Juan Lang c52d110de1 crypt32: Don't free a file store's mem store, it's already freed by the provider store. 2009-11-05 11:57:58 +01:00
Juan Lang a16ca1d039 crypt32: Add a warning if a store's ref count is invalid. 2009-11-05 11:57:47 +01:00
Juan Lang 88e599c4cf crypt32: Don't copy past end of buffer when removing the last string in a multistring. 2009-11-05 11:57:41 +01:00
Juan Lang e1b2eb3485 crypt32: Fix a test failure on NT 4. 2009-11-05 11:57:13 +01:00
Juan Lang 416cd484b2 crypt32: Implement CertStoreControl for collection stores. 2009-11-04 17:15:07 +01:00
Juan Lang 33c70d35dd crypt32: Add an implementation of CertControlStore for memory stores. 2009-11-04 17:15:02 +01:00
Juan Lang e6047ae52d crypt32: Add tests of committing a collection store. 2009-11-04 17:14:53 +01:00
Juan Lang f8376b91da crypt32: Eliminate a double free in the tests. 2009-11-04 16:45:18 +01:00
Juan Lang 108f30bb7d crypt32: Rename a function to reflect its behavior better, and return whether it succeeds. 2009-11-04 16:45:18 +01:00
Juan Lang 7e1cff1c18 crypt32: Release contexts when removing them from the mem store. 2009-11-04 16:45:18 +01:00
Juan Lang df39bbba4f crypt32: Don't delete a context when removing it from a list. 2009-11-04 16:45:18 +01:00
Juan Lang 787d0ab564 crypt32: Add an error if the ref count is invalid when releasing a context. 2009-11-04 16:45:18 +01:00
Juan Lang 1f363cd399 crypt32: Trace whenever a reference count changes, and change default debug channel to quiet the main crypt channel. 2009-11-04 16:45:18 +01:00
Juan Lang 17894eb093 crypt32: Release a link context's linked context on every release, not just when it reaches 0. 2009-11-04 16:45:17 +01:00
Juan Lang 52820b9cf8 crypt32: When creating a link context, call Context_AddRef to add-ref it so its children get add-ref'd too. 2009-11-04 16:45:17 +01:00
Juan Lang 5f81ad6821 crypt32: When add-ref'ing a context, add-ref its linked contexts too. 2009-11-04 16:45:17 +01:00
Juan Lang fb5e0d8a4d crypt32: When removing contexts from a list, make sure the context no longer references the list. 2009-11-04 16:45:17 +01:00
Juan Lang 976c6ff3f8 crypt32: Correct reference counting when deleting contexts from collections. 2009-11-04 16:45:17 +01:00
Juan Lang 92324ab38e crypt32: Propagate errors from CertFree*Context to CertDelete*FromStore. 2009-11-04 16:45:17 +01:00
Juan Lang 40855cae97 crypt32: Add return value to Context_Release to allow detecting reference counting errors. 2009-11-04 16:45:16 +01:00
Juan Lang d8094382a8 crypt32: Implement CertAddEncodedCertificateToSystemStoreA/W. 2009-11-04 16:45:16 +01:00
Juan Lang 9364d7a928 crypt32: Add stub for CertAddCertificateLinkToStore. 2009-11-04 13:07:56 +01:00
Juan Lang f554669286 crypt32: Implement CryptGetIntendedKeyUsage. 2009-11-04 13:07:56 +01:00
Juan Lang 6ac162231b crypt32: Add tests for CertGetIntendedKeyUsage. 2009-11-04 13:07:55 +01:00
Juan Lang 1c7c406b86 crypt32: Correct spec entries for certificate stores. 2009-11-03 21:31:33 +01:00
Juan Lang ed701e0787 crypt32: Add stub for CryptGetIntendedKeyUsage. 2009-11-03 21:31:28 +01:00
Juan Lang af3afcf81d crypt32: Fix a memory leak in a test. 2009-11-03 21:29:29 +01:00
Juan Lang 7a73fd97ad crypt32: Fix a memory leak reading trusted root certs. 2009-11-03 21:29:24 +01:00
Juan Lang 7dd75d1181 crypt32: Fix a memory leak querying a message object. 2009-11-03 21:29:19 +01:00
Juan Lang 9928e2e1c5 crypt32: Support reading a serialized store object from memory in CryptQueryObject. 2009-11-03 21:29:13 +01:00
Juan Lang 51a1f5a642 crypt32: Abstract function used to read from reading a serialized store. 2009-11-03 21:29:03 +01:00
Juan Lang 16036dd27a crypt32: Allow errors in locally installed root certs. 2009-11-03 21:18:30 +01:00
Juan Lang d6795bd908 crypt32: Trace contents of CERT_CHAIN_PARA. 2009-11-03 21:17:34 +01:00
Juan Lang fc0aff0d2e crypt32: Add support for the CRYPT_STRING_NOCRLF flag to CryptBinaryToStringA/W. 2009-11-03 21:16:12 +01:00
Juan Lang 2d5ac92d9a crypt32: Partially implement CryptBinaryToStringW. 2009-11-03 21:15:55 +01:00
Juan Lang 9750d0f7f5 crypt32: Trace policy error status in CertVerifyCertificateChainPolicy. 2009-10-30 11:32:09 +01:00
Juan Lang c4ce06293c crypt32: Create a V1 certificate if it doesn't have extensions. 2009-10-30 11:32:04 +01:00
Juan Lang 07b735682b crypt32: Check CA certificates for the enhanced key usage extension. 2009-10-30 11:26:39 +01:00
Juan Lang 60770fb011 crypt32: Only permit v1 or v2 CA certificates without a key usage extension if they're installed locally. 2009-10-30 11:26:30 +01:00
Juan Lang 7b0297769d crypt32: Use a helper function to find an existing cert by hash. 2009-10-30 11:26:21 +01:00
Juan Lang 77472187c9 crypt32: Add key usage extension to chain4_0. 2009-10-30 11:26:15 +01:00
Juan Lang 33a6235053 crypt32: Only permit v1 or v2 CA certificates without a basic constraints extension if they're installed locally. 2009-10-30 11:26:06 +01:00
Juan Lang 552fec4002 crypt32: Add basic constraints to chain quality selection algorithm. 2009-10-30 11:24:23 +01:00
Juan Lang c310637f4f crypt32: Remove redundant if clause. 2009-10-30 11:24:10 +01:00
Juan Lang 9a13e1c70b crypt32: Add basic constraints to chain15_0. 2009-10-30 11:23:58 +01:00
Juan Lang 118374c081 crypt32: Add basic constraints to chain14_0. 2009-10-30 11:23:53 +01:00
Juan Lang 0bd67b4c6f crypt32: Add basic constraints and key usage to chain12_0. 2009-10-30 11:23:47 +01:00
Juan Lang 002439e2f0 crypt32: Add basic constraints and key usage to chain8_0. 2009-10-30 11:23:41 +01:00
Juan Lang 4557a8705b crypt32: Add basic constraints and key usage to chain5_0. 2009-10-30 11:23:35 +01:00
Juan Lang 86d6177215 crypt32: Add basic constraints and key usage to chain2_0. 2009-10-30 11:23:27 +01:00
Juan Lang 6bf0e52011 crypt32: Add basic constraints and key usage to chain0_0. 2009-10-30 11:23:22 +01:00
Juan Lang 9059892ec1 crypt32: Implement CertVerifyCertificateChainPolicy for CERT_CHAIN_POLICY_SSL. 2009-10-29 13:07:53 +01:00
Juan Lang 2fbb736e01 crypt32: Add some tests of the SSL policy. 2009-10-29 13:07:47 +01:00
Juan Lang facd2e975a crypt32: Allow the caller of checkChainPolicyStatus to specify the date to test with and additional policy parameters. 2009-10-29 13:07:39 +01:00
Juan Lang 3669be9550 crypt32: Add the Google website's cert to tests. 2009-10-29 13:07:33 +01:00
Juan Lang 24399bd359 crypt32: Support IPv6 addresses in name constraint comparison. 2009-10-29 13:07:20 +01:00
Juan Lang bcb4bc6be3 crypt32: Trace netscape cert type extension. 2009-10-29 13:07:14 +01:00
Juan Lang d664edb322 crypt32: Trace directory name of alt name entries. 2009-10-29 13:07:08 +01:00
Juan Lang 1a194449cc crypt32: Correct a prototype. 2009-10-29 13:07:03 +01:00
Juan Lang 6a575d697e crypt32: Accept either the subject alt name 2 or subject alt name extensions, and prefer the former when both are present. 2009-10-29 13:06:56 +01:00
Juan Lang 1e953ef12e crypt32: Trace the alt name extensions. 2009-10-29 13:06:49 +01:00
Juan Lang bf42ce9c90 crypt32: Trace name constraints extension. 2009-10-29 13:06:42 +01:00
Juan Lang 777ea81c48 crypt32: Trace cert policies extension. 2009-10-29 13:06:35 +01:00
Juan Lang 994d7ed40d crypt32: Trace enhanced key usage extension. 2009-10-29 13:06:25 +01:00
Dan Kegel 5e25a23409 crypt32/tests: CryptUnprotectData: test zero-length payload. 2009-10-28 11:13:59 +01:00
Juan Lang 89c009a063 crypt32: Fix a test failure on systems with no c: drive. 2009-10-26 11:17:00 +01:00
Juan Lang cf9491a5a3 crypt32: Move tracing of key usage extension to common extension tracing location. 2009-10-26 11:16:54 +01:00
Juan Lang c593173d15 crypt32: Make sure item size is at least the min size, and only align sizes that are greater. 2009-10-23 12:00:23 +02:00
Juan Lang eea0d75ed5 crypt32: Fix test failures on older versions of crypt32. 2009-10-22 17:24:52 +02:00
Juan Lang 7fa618aa8e crypt32: Check key usage during chain validation. 2009-10-21 16:21:53 +02:00
Juan Lang f2057592bf crypt32: Add tests for key usage in the base policy. 2009-10-21 16:21:49 +02:00
Juan Lang a700e0556f crypt32: Add key usage extension to non-root CA certs. 2009-10-21 16:21:44 +02:00
Juan Lang cbabc9d689 crypt32: Get CA flag from basic constraints extension of every cert in the chain. 2009-10-21 16:21:40 +02:00
Juan Lang f348e3feb7 crypt32: Check basic constraints extension for end certs too. 2009-10-21 16:21:36 +02:00
Juan Lang e1903dc6e0 crypt32: Encode public keys with NULL parameters if they're empty (and make tests more restrictive). 2009-10-21 16:05:56 +02:00
Juan Lang d8ca5bc348 crypt32: Use helper function to encode public keys for hashing.
This is necessary because the publicly callable form embeds the asn.1
NULL value when the parameters are empty, whereas the hash value
expects that it's missing.
2009-10-21 16:05:56 +02:00
Juan Lang c97e442a28 crypt32: Add a helper function to encode a cert's public key. 2009-10-21 16:05:55 +02:00
Juan Lang 43182842cd crypt32: Set an output parameter on the success path. 2009-10-21 16:05:55 +02:00
Juan Lang dd26bee14c crypt32: Fix duplicating a NULL CTL context. 2009-10-21 16:05:55 +02:00
Juan Lang acc9d81f26 crypt32: Fix duplicating a NULL CRL context. 2009-10-21 16:05:54 +02:00
Juan Lang 1e424138fe crypt32: Implement CryptFindCertificateInStore for unicode strings. 2009-10-20 14:00:35 +02:00
Juan Lang af4b5303ba crypt32: Test CertFindCertificateStore for finding Unicode strings. 2009-10-20 14:00:35 +02:00
Juan Lang c0872b218c crypt32/tests: Get rid of a couple of certs unneeded by a test. 2009-10-20 14:00:35 +02:00
Juan Lang 87405ade02 crypt32: Add a safe default for unsupported critical extensions. 2009-10-20 13:46:55 +02:00
Francois Gouget d2cc5380db crypt32: Fix compilation on systems that don't support nameless unions. 2009-10-19 14:45:10 +02:00
Juan Lang 60140610e3 crypt32: Compare certificates in a consistent order. 2009-10-19 11:35:55 +02:00
Juan Lang 3740e4150b crypt32: Avoid repeatedly decoding authority key id extensions when searching for a cert's issuer. 2009-10-19 11:35:46 +02:00
Juan Lang b2d27097b5 crypt32: Introduce a helper function to search for certificates that doesn't require recreating the search key for every certificate. 2009-10-19 11:35:38 +02:00
Juan Lang e0a4404831 crypt32: Use helper function to search for certs. 2009-10-19 11:35:32 +02:00
Juan Lang 1437d7ccc2 crypt32: Explicitly pass pointers to blob arrays rather than relying on an invalid alignment assumption. 2009-10-19 11:35:23 +02:00
Juan Lang 3000bc200a crypt32: Explicitly pass pointers to blob arrays rather than relying on an invalid alignment assumption. 2009-10-19 11:35:14 +02:00
Juan Lang 5f317d702a crypt32: Fix an invalid alignment assumption decoding a subtree's maximum. 2009-10-19 11:35:04 +02:00
Juan Lang 4e300b6def crypt32: Simplify CRYPT_AsnDecodeIntInternal. 2009-10-19 11:34:51 +02:00
Juan Lang 7a33b61f34 crypt32: Don't pass CRYPT_DECODE_ALLOC_FLAG to array item decoders. 2009-10-16 13:40:08 +02:00
Juan Lang faa451628a crypt32: Let CRYPT_AsnDecodeArray allocate memory for its callers. 2009-10-15 12:06:21 +02:00
Juan Lang c5699e736f crypt32: Allocate memory if requested in CRYPT_AsnDecodeArray. 2009-10-15 12:06:21 +02:00
Juan Lang 3c25d7540f crypt32: Rename CRYPT_AsnDecodeArrayNoAlloc to CRYPT_AsnDecodeArray, and pass a CRYPT_DECODE_PARA * to it so that it can allocate memory if requested. 2009-10-15 12:06:21 +02:00
Juan Lang b1a1b32b59 crypt32: Decode enhanced key usages using CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang 36fc7b06b1 crypt32: Decode CRL dist points using CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang 155aa41d7c crypt32: Decode cert policies info using CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang bba695cc3f crypt32: Decode authority info access with CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang 1b1626ac81 crypt32: Decode unicode names using CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang 67ee87664e crypt32: Decode names using CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang fd2a4c4330 crypt32: Correct a sequence item size. 2009-10-15 12:06:21 +02:00
Juan Lang 4f815c7d03 crypt32: Convert internal callers of CRYPT_AsnDecodeArray to call CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang a8f5934f44 crypt32: Pass decode flags to CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:21 +02:00
Juan Lang 136eedb9af crypt32: Further simplify calling CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:20 +02:00
Juan Lang 271b477171 crypt32: Let CRYPT_AsnDecodeArrayNoAlloc calculate array size rather than requiring every caller to do so. 2009-10-15 12:06:20 +02:00
Juan Lang c64f31087f crypt32: Simplify calling CRYPT_AsnDecodeArrayNoAlloc. 2009-10-15 12:06:20 +02:00
Juan Lang 3c14587e18 crypt32: Add array descriptor members describing offsets of outer structure. 2009-10-15 12:06:20 +02:00
Juan Lang 77cfb32360 crypt32: Simplify CRYPT_AsnDecodePKCSAttributes. 2009-10-15 12:06:20 +02:00
Juan Lang c7e3ea1484 crypt32: Explicitly pass array pointer when decoding CTL entry attributes rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang f5946e4acb crypt32: Explicitly pass array pointer when decoding cert policy qualifiers rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang 117ea9ee91 crypt32: Explicitly pass array pointer when decoding basic constraints' subtrees rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang 6d74aac002 crypt32: Explicitly pass array pointer when decoding policy qualifier notice numbers rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang 362abb6fa9 crypt32: Remove a redundant trace. 2009-10-15 12:06:20 +02:00
Juan Lang 3270451ec0 crypt32: Explicitly pass array pointer when decoding CTL extensions rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang 8aefb32523 crypt32: Explicitly pass array pointer when decoding CTL entries rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang 030cd8f594 crypt32: Explicitly pass array pointer when decoding CMS message signers rather than assuming a particular alignment. 2009-10-15 12:06:20 +02:00
Juan Lang e87dc9c530 crypt32: Simplify CRYPT_AsnDecodeDistPointName. 2009-10-15 12:06:19 +02:00
Juan Lang 26bfd0281c crypt32: Explicitly pass array pointer when decoding name constraints' excluded subtrees rather than assuming a particular alignment. 2009-10-15 12:06:19 +02:00
Juan Lang ab1376ad6c crypt32: Explicitly pass array pointer when decoding name constraints' permitted subtrees rather than assuming a particular alignment. 2009-10-15 12:06:19 +02:00