Juan Lang
7eb33b18da
crypt32: Update a comment to reflect a fixed vulnerability.
2009-11-11 10:53:56 +01:00
Juan Lang
ee02d43731
crypt32: Correct error when a constrained, permitted name type isn't found in the subject name.
2009-11-10 13:08:31 +01:00
Juan Lang
2503e9ec73
crypt32: Use helper function to find the subject alternate name extension wherever it's needed.
2009-11-10 13:08:26 +01:00
Juan Lang
ae6e884142
crypt32: Correct error when the subject alternate name can't be decoded.
2009-11-10 13:08:20 +01:00
Juan Lang
865f3df35b
crypt32: Check the issued certificate for name constraint violations, not the issuing certificate.
2009-11-10 13:08:14 +01:00
Juan Lang
ef6ce9a590
crypt32: Add more tests of name constraints.
2009-11-10 13:08:06 +01:00
Juan Lang
a5361e45de
crypt32: Test more chains against different policies.
2009-11-10 13:07:35 +01:00
Juan Lang
25e8f27817
crypt32: Disallow embedded NULLs in alternate names.
2009-11-10 13:07:28 +01:00
Juan Lang
ddf78bdb38
crypt32: Test decoding alternate names with embedded NULLs.
2009-11-10 13:07:21 +01:00
Juan Lang
6a3901f04b
crypt32: Test encoding and decoding name values with embedded NULLs.
2009-11-10 13:07:15 +01:00
Juan Lang
216df7a714
crypt32: Reject certificates whose fields don't match their versions.
2009-11-10 13:07:07 +01:00
Juan Lang
9fe6be454f
crypt32: Forbid minimum or maximum fields in name constraints.
2009-11-10 13:07:00 +01:00
Juan Lang
e7404ba24f
crypt32: Fix decoding names when CRYPT_DECODE_ALLOC_FLAG is not specified.
2009-11-10 13:05:40 +01:00
Juan Lang
6cefdef501
crypt32: Fix decoding unicode names when CRYPT_DECODE_ALLOC_FLAG is not specified.
2009-11-10 13:05:35 +01:00
Marcus Meissner
c25753ece2
crypt32: Pass the correct pointer into CertificateFindStore.
2009-11-09 20:21:23 +01:00
Juan Lang
267e890220
crypt32: Fix test failures on Win9x/NT4.
2009-11-09 19:58:40 +01:00
Juan Lang
fbcce9f308
crypt32: Implement decoding cert policy constraints.
2009-11-09 19:58:34 +01:00
Juan Lang
32ad424972
crypt32: Implement encoding cert policy constraints.
2009-11-09 19:58:28 +01:00
Juan Lang
ae32f7bffc
crypt32: Add tests for encoding/decoding cert policy constraints.
2009-11-09 19:58:20 +01:00
Juan Lang
7e7e73d0da
crypt32: Implement decoding cert policy mappings.
2009-11-09 19:58:13 +01:00
Juan Lang
bf5e4d9bb7
crypt32: Implement encoding cert policy mappings.
2009-11-09 19:58:07 +01:00
Juan Lang
fba863ddf0
crypt32: Add tests for encoding/decoding cert policy mappings.
2009-11-09 19:57:59 +01:00
Juan Lang
ed9a4ffa0b
crypt32: Fix decoding cert issuer/subject unique ids.
2009-11-09 19:57:51 +01:00
Juan Lang
4ccafdcb6f
crypt32: Fix encoding cert issuer/subject unique ids.
2009-11-09 19:57:45 +01:00
Juan Lang
acfa433f15
crypt32: Add more tests of cert encoding/decoding.
2009-11-09 19:57:37 +01:00
Paul Chitescu
7223d8b6d2
crypt32: Check the result of CryptAcquireContextW() when initializing default provider.
2009-11-09 19:37:00 +01:00
Juan Lang
5274777b1c
crypt32: Permit lack of basic constraints extension on root certificates.
2009-11-09 19:34:36 +01:00
Juan Lang
d94e4d315a
crypt32: Permit lack of key usage extension on root certificates.
...
This reverts 60770fb011
, although it
updates the comments to give a reason. Thanks to Matt Van Gundy for
pointing it out to me.
2009-11-09 19:34:32 +01:00
Juan Lang
c52d110de1
crypt32: Don't free a file store's mem store, it's already freed by the provider store.
2009-11-05 11:57:58 +01:00
Juan Lang
a16ca1d039
crypt32: Add a warning if a store's ref count is invalid.
2009-11-05 11:57:47 +01:00
Juan Lang
88e599c4cf
crypt32: Don't copy past end of buffer when removing the last string in a multistring.
2009-11-05 11:57:41 +01:00
Juan Lang
e1b2eb3485
crypt32: Fix a test failure on NT 4.
2009-11-05 11:57:13 +01:00
Juan Lang
416cd484b2
crypt32: Implement CertStoreControl for collection stores.
2009-11-04 17:15:07 +01:00
Juan Lang
33c70d35dd
crypt32: Add an implementation of CertControlStore for memory stores.
2009-11-04 17:15:02 +01:00
Juan Lang
e6047ae52d
crypt32: Add tests of committing a collection store.
2009-11-04 17:14:53 +01:00
Juan Lang
f8376b91da
crypt32: Eliminate a double free in the tests.
2009-11-04 16:45:18 +01:00
Juan Lang
108f30bb7d
crypt32: Rename a function to reflect its behavior better, and return whether it succeeds.
2009-11-04 16:45:18 +01:00
Juan Lang
7e1cff1c18
crypt32: Release contexts when removing them from the mem store.
2009-11-04 16:45:18 +01:00
Juan Lang
df39bbba4f
crypt32: Don't delete a context when removing it from a list.
2009-11-04 16:45:18 +01:00
Juan Lang
787d0ab564
crypt32: Add an error if the ref count is invalid when releasing a context.
2009-11-04 16:45:18 +01:00
Juan Lang
1f363cd399
crypt32: Trace whenever a reference count changes, and change default debug channel to quiet the main crypt channel.
2009-11-04 16:45:18 +01:00
Juan Lang
17894eb093
crypt32: Release a link context's linked context on every release, not just when it reaches 0.
2009-11-04 16:45:17 +01:00
Juan Lang
52820b9cf8
crypt32: When creating a link context, call Context_AddRef to add-ref it so its children get add-ref'd too.
2009-11-04 16:45:17 +01:00
Juan Lang
5f81ad6821
crypt32: When add-ref'ing a context, add-ref its linked contexts too.
2009-11-04 16:45:17 +01:00
Juan Lang
fb5e0d8a4d
crypt32: When removing contexts from a list, make sure the context no longer references the list.
2009-11-04 16:45:17 +01:00
Juan Lang
976c6ff3f8
crypt32: Correct reference counting when deleting contexts from collections.
2009-11-04 16:45:17 +01:00
Juan Lang
92324ab38e
crypt32: Propagate errors from CertFree*Context to CertDelete*FromStore.
2009-11-04 16:45:17 +01:00
Juan Lang
40855cae97
crypt32: Add return value to Context_Release to allow detecting reference counting errors.
2009-11-04 16:45:16 +01:00
Juan Lang
d8094382a8
crypt32: Implement CertAddEncodedCertificateToSystemStoreA/W.
2009-11-04 16:45:16 +01:00
Juan Lang
9364d7a928
crypt32: Add stub for CertAddCertificateLinkToStore.
2009-11-04 13:07:56 +01:00
Juan Lang
f554669286
crypt32: Implement CryptGetIntendedKeyUsage.
2009-11-04 13:07:56 +01:00
Juan Lang
6ac162231b
crypt32: Add tests for CertGetIntendedKeyUsage.
2009-11-04 13:07:55 +01:00
Juan Lang
1c7c406b86
crypt32: Correct spec entries for certificate stores.
2009-11-03 21:31:33 +01:00
Juan Lang
ed701e0787
crypt32: Add stub for CryptGetIntendedKeyUsage.
2009-11-03 21:31:28 +01:00
Juan Lang
af3afcf81d
crypt32: Fix a memory leak in a test.
2009-11-03 21:29:29 +01:00
Juan Lang
7a73fd97ad
crypt32: Fix a memory leak reading trusted root certs.
2009-11-03 21:29:24 +01:00
Juan Lang
7dd75d1181
crypt32: Fix a memory leak querying a message object.
2009-11-03 21:29:19 +01:00
Juan Lang
9928e2e1c5
crypt32: Support reading a serialized store object from memory in CryptQueryObject.
2009-11-03 21:29:13 +01:00
Juan Lang
51a1f5a642
crypt32: Abstract function used to read from reading a serialized store.
2009-11-03 21:29:03 +01:00
Juan Lang
16036dd27a
crypt32: Allow errors in locally installed root certs.
2009-11-03 21:18:30 +01:00
Juan Lang
d6795bd908
crypt32: Trace contents of CERT_CHAIN_PARA.
2009-11-03 21:17:34 +01:00
Juan Lang
fc0aff0d2e
crypt32: Add support for the CRYPT_STRING_NOCRLF flag to CryptBinaryToStringA/W.
2009-11-03 21:16:12 +01:00
Juan Lang
2d5ac92d9a
crypt32: Partially implement CryptBinaryToStringW.
2009-11-03 21:15:55 +01:00
Juan Lang
9750d0f7f5
crypt32: Trace policy error status in CertVerifyCertificateChainPolicy.
2009-10-30 11:32:09 +01:00
Juan Lang
c4ce06293c
crypt32: Create a V1 certificate if it doesn't have extensions.
2009-10-30 11:32:04 +01:00
Juan Lang
07b735682b
crypt32: Check CA certificates for the enhanced key usage extension.
2009-10-30 11:26:39 +01:00
Juan Lang
60770fb011
crypt32: Only permit v1 or v2 CA certificates without a key usage extension if they're installed locally.
2009-10-30 11:26:30 +01:00
Juan Lang
7b0297769d
crypt32: Use a helper function to find an existing cert by hash.
2009-10-30 11:26:21 +01:00
Juan Lang
77472187c9
crypt32: Add key usage extension to chain4_0.
2009-10-30 11:26:15 +01:00
Juan Lang
33a6235053
crypt32: Only permit v1 or v2 CA certificates without a basic constraints extension if they're installed locally.
2009-10-30 11:26:06 +01:00
Juan Lang
552fec4002
crypt32: Add basic constraints to chain quality selection algorithm.
2009-10-30 11:24:23 +01:00
Juan Lang
c310637f4f
crypt32: Remove redundant if clause.
2009-10-30 11:24:10 +01:00
Juan Lang
9a13e1c70b
crypt32: Add basic constraints to chain15_0.
2009-10-30 11:23:58 +01:00
Juan Lang
118374c081
crypt32: Add basic constraints to chain14_0.
2009-10-30 11:23:53 +01:00
Juan Lang
0bd67b4c6f
crypt32: Add basic constraints and key usage to chain12_0.
2009-10-30 11:23:47 +01:00
Juan Lang
002439e2f0
crypt32: Add basic constraints and key usage to chain8_0.
2009-10-30 11:23:41 +01:00
Juan Lang
4557a8705b
crypt32: Add basic constraints and key usage to chain5_0.
2009-10-30 11:23:35 +01:00
Juan Lang
86d6177215
crypt32: Add basic constraints and key usage to chain2_0.
2009-10-30 11:23:27 +01:00
Juan Lang
6bf0e52011
crypt32: Add basic constraints and key usage to chain0_0.
2009-10-30 11:23:22 +01:00
Juan Lang
9059892ec1
crypt32: Implement CertVerifyCertificateChainPolicy for CERT_CHAIN_POLICY_SSL.
2009-10-29 13:07:53 +01:00
Juan Lang
2fbb736e01
crypt32: Add some tests of the SSL policy.
2009-10-29 13:07:47 +01:00
Juan Lang
facd2e975a
crypt32: Allow the caller of checkChainPolicyStatus to specify the date to test with and additional policy parameters.
2009-10-29 13:07:39 +01:00
Juan Lang
3669be9550
crypt32: Add the Google website's cert to tests.
2009-10-29 13:07:33 +01:00
Juan Lang
24399bd359
crypt32: Support IPv6 addresses in name constraint comparison.
2009-10-29 13:07:20 +01:00
Juan Lang
bcb4bc6be3
crypt32: Trace netscape cert type extension.
2009-10-29 13:07:14 +01:00
Juan Lang
d664edb322
crypt32: Trace directory name of alt name entries.
2009-10-29 13:07:08 +01:00
Juan Lang
1a194449cc
crypt32: Correct a prototype.
2009-10-29 13:07:03 +01:00
Juan Lang
6a575d697e
crypt32: Accept either the subject alt name 2 or subject alt name extensions, and prefer the former when both are present.
2009-10-29 13:06:56 +01:00
Juan Lang
1e953ef12e
crypt32: Trace the alt name extensions.
2009-10-29 13:06:49 +01:00
Juan Lang
bf42ce9c90
crypt32: Trace name constraints extension.
2009-10-29 13:06:42 +01:00
Juan Lang
777ea81c48
crypt32: Trace cert policies extension.
2009-10-29 13:06:35 +01:00
Juan Lang
994d7ed40d
crypt32: Trace enhanced key usage extension.
2009-10-29 13:06:25 +01:00
Dan Kegel
5e25a23409
crypt32/tests: CryptUnprotectData: test zero-length payload.
2009-10-28 11:13:59 +01:00
Juan Lang
89c009a063
crypt32: Fix a test failure on systems with no c: drive.
2009-10-26 11:17:00 +01:00
Juan Lang
cf9491a5a3
crypt32: Move tracing of key usage extension to common extension tracing location.
2009-10-26 11:16:54 +01:00
Juan Lang
c593173d15
crypt32: Make sure item size is at least the min size, and only align sizes that are greater.
2009-10-23 12:00:23 +02:00
Juan Lang
eea0d75ed5
crypt32: Fix test failures on older versions of crypt32.
2009-10-22 17:24:52 +02:00
Juan Lang
7fa618aa8e
crypt32: Check key usage during chain validation.
2009-10-21 16:21:53 +02:00
Juan Lang
f2057592bf
crypt32: Add tests for key usage in the base policy.
2009-10-21 16:21:49 +02:00
Juan Lang
a700e0556f
crypt32: Add key usage extension to non-root CA certs.
2009-10-21 16:21:44 +02:00
Juan Lang
cbabc9d689
crypt32: Get CA flag from basic constraints extension of every cert in the chain.
2009-10-21 16:21:40 +02:00
Juan Lang
f348e3feb7
crypt32: Check basic constraints extension for end certs too.
2009-10-21 16:21:36 +02:00
Juan Lang
e1903dc6e0
crypt32: Encode public keys with NULL parameters if they're empty (and make tests more restrictive).
2009-10-21 16:05:56 +02:00
Juan Lang
d8ca5bc348
crypt32: Use helper function to encode public keys for hashing.
...
This is necessary because the publicly callable form embeds the asn.1
NULL value when the parameters are empty, whereas the hash value
expects that it's missing.
2009-10-21 16:05:56 +02:00
Juan Lang
c97e442a28
crypt32: Add a helper function to encode a cert's public key.
2009-10-21 16:05:55 +02:00
Juan Lang
43182842cd
crypt32: Set an output parameter on the success path.
2009-10-21 16:05:55 +02:00
Juan Lang
dd26bee14c
crypt32: Fix duplicating a NULL CTL context.
2009-10-21 16:05:55 +02:00
Juan Lang
acc9d81f26
crypt32: Fix duplicating a NULL CRL context.
2009-10-21 16:05:54 +02:00
Juan Lang
1e424138fe
crypt32: Implement CryptFindCertificateInStore for unicode strings.
2009-10-20 14:00:35 +02:00
Juan Lang
af4b5303ba
crypt32: Test CertFindCertificateStore for finding Unicode strings.
2009-10-20 14:00:35 +02:00
Juan Lang
c0872b218c
crypt32/tests: Get rid of a couple of certs unneeded by a test.
2009-10-20 14:00:35 +02:00
Juan Lang
87405ade02
crypt32: Add a safe default for unsupported critical extensions.
2009-10-20 13:46:55 +02:00
Francois Gouget
d2cc5380db
crypt32: Fix compilation on systems that don't support nameless unions.
2009-10-19 14:45:10 +02:00
Juan Lang
60140610e3
crypt32: Compare certificates in a consistent order.
2009-10-19 11:35:55 +02:00
Juan Lang
3740e4150b
crypt32: Avoid repeatedly decoding authority key id extensions when searching for a cert's issuer.
2009-10-19 11:35:46 +02:00
Juan Lang
b2d27097b5
crypt32: Introduce a helper function to search for certificates that doesn't require recreating the search key for every certificate.
2009-10-19 11:35:38 +02:00
Juan Lang
e0a4404831
crypt32: Use helper function to search for certs.
2009-10-19 11:35:32 +02:00
Juan Lang
1437d7ccc2
crypt32: Explicitly pass pointers to blob arrays rather than relying on an invalid alignment assumption.
2009-10-19 11:35:23 +02:00
Juan Lang
3000bc200a
crypt32: Explicitly pass pointers to blob arrays rather than relying on an invalid alignment assumption.
2009-10-19 11:35:14 +02:00
Juan Lang
5f317d702a
crypt32: Fix an invalid alignment assumption decoding a subtree's maximum.
2009-10-19 11:35:04 +02:00
Juan Lang
4e300b6def
crypt32: Simplify CRYPT_AsnDecodeIntInternal.
2009-10-19 11:34:51 +02:00
Juan Lang
7a33b61f34
crypt32: Don't pass CRYPT_DECODE_ALLOC_FLAG to array item decoders.
2009-10-16 13:40:08 +02:00
Juan Lang
faa451628a
crypt32: Let CRYPT_AsnDecodeArray allocate memory for its callers.
2009-10-15 12:06:21 +02:00
Juan Lang
c5699e736f
crypt32: Allocate memory if requested in CRYPT_AsnDecodeArray.
2009-10-15 12:06:21 +02:00
Juan Lang
3c25d7540f
crypt32: Rename CRYPT_AsnDecodeArrayNoAlloc to CRYPT_AsnDecodeArray, and pass a CRYPT_DECODE_PARA * to it so that it can allocate memory if requested.
2009-10-15 12:06:21 +02:00
Juan Lang
b1a1b32b59
crypt32: Decode enhanced key usages using CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
Juan Lang
36fc7b06b1
crypt32: Decode CRL dist points using CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
Juan Lang
155aa41d7c
crypt32: Decode cert policies info using CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
Juan Lang
bba695cc3f
crypt32: Decode authority info access with CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
Juan Lang
1b1626ac81
crypt32: Decode unicode names using CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
Juan Lang
67ee87664e
crypt32: Decode names using CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
Juan Lang
fd2a4c4330
crypt32: Correct a sequence item size.
2009-10-15 12:06:21 +02:00
Juan Lang
4f815c7d03
crypt32: Convert internal callers of CRYPT_AsnDecodeArray to call CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
Juan Lang
a8f5934f44
crypt32: Pass decode flags to CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:21 +02:00
Juan Lang
136eedb9af
crypt32: Further simplify calling CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:20 +02:00
Juan Lang
271b477171
crypt32: Let CRYPT_AsnDecodeArrayNoAlloc calculate array size rather than requiring every caller to do so.
2009-10-15 12:06:20 +02:00
Juan Lang
c64f31087f
crypt32: Simplify calling CRYPT_AsnDecodeArrayNoAlloc.
2009-10-15 12:06:20 +02:00
Juan Lang
3c14587e18
crypt32: Add array descriptor members describing offsets of outer structure.
2009-10-15 12:06:20 +02:00
Juan Lang
77cfb32360
crypt32: Simplify CRYPT_AsnDecodePKCSAttributes.
2009-10-15 12:06:20 +02:00
Juan Lang
c7e3ea1484
crypt32: Explicitly pass array pointer when decoding CTL entry attributes rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
Juan Lang
f5946e4acb
crypt32: Explicitly pass array pointer when decoding cert policy qualifiers rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
Juan Lang
117ea9ee91
crypt32: Explicitly pass array pointer when decoding basic constraints' subtrees rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
Juan Lang
6d74aac002
crypt32: Explicitly pass array pointer when decoding policy qualifier notice numbers rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
Juan Lang
362abb6fa9
crypt32: Remove a redundant trace.
2009-10-15 12:06:20 +02:00
Juan Lang
3270451ec0
crypt32: Explicitly pass array pointer when decoding CTL extensions rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
Juan Lang
8aefb32523
crypt32: Explicitly pass array pointer when decoding CTL entries rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
Juan Lang
030cd8f594
crypt32: Explicitly pass array pointer when decoding CMS message signers rather than assuming a particular alignment.
2009-10-15 12:06:20 +02:00
Juan Lang
e87dc9c530
crypt32: Simplify CRYPT_AsnDecodeDistPointName.
2009-10-15 12:06:19 +02:00
Juan Lang
26bfd0281c
crypt32: Explicitly pass array pointer when decoding name constraints' excluded subtrees rather than assuming a particular alignment.
2009-10-15 12:06:19 +02:00
Juan Lang
ab1376ad6c
crypt32: Explicitly pass array pointer when decoding name constraints' permitted subtrees rather than assuming a particular alignment.
2009-10-15 12:06:19 +02:00