projects / reactos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: a0b4b96)
[CRYPT32]
authorChristoph von Wittich <christoph_vw@reactos.org>
Sun, 21 Mar 2010 14:58:20 +0000 (14:58 +0000)
committerChristoph von Wittich <christoph_vw@reactos.org>
Sun, 21 Mar 2010 14:58:20 +0000 (14:58 +0000)
sync crypt32 with wine 1.1.41

svn path=/trunk/; revision=46300

reactos/dll/win32/crypt32/chain.c patch | blob | history
reactos/dll/win32/crypt32/main.c patch | blob | history
reactos/dll/win32/crypt32/oid.c patch | blob | history
reactos/include/psdk/wincrypt.h patch | blob | history

diff --git a/reactos/dll/win32/crypt32/chain.c b/reactos/dll/win32/crypt32/chain.c
index 6cdd103..1724f42 100644 (file)
--- a/reactos/dll/win32/crypt32/chain.c
+++ b/reactos/dll/win32/crypt32/chain.c
@@ -1306,6 +1306,78 @@ static void CRYPT_CheckChainNameConstraints(PCERT_SIMPLE_CHAIN chain)
     }
 }
 
+/* Gets cert's policies info, if any.  Free with LocalFree. */
+static CERT_POLICIES_INFO *CRYPT_GetPolicies(PCCERT_CONTEXT cert)
+{
+    PCERT_EXTENSION ext;
+    CERT_POLICIES_INFO *policies = NULL;
+
+    ext = CertFindExtension(szOID_KEY_USAGE, cert->pCertInfo->cExtension,
+     cert->pCertInfo->rgExtension);
+    if (ext)
+    {
+        DWORD size;
+
+        CryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT_POLICIES,
+         ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
+         &policies, &size);
+    }
+    return policies;
+}
+
+static void CRYPT_CheckPolicies(CERT_POLICIES_INFO *policies, CERT_INFO *cert,
+ DWORD *errorStatus)
+{
+    DWORD i;
+
+    for (i = 0; i < policies->cPolicyInfo; i++)
+    {
+        /* For now, the only accepted policy identifier is the anyPolicy
+         * identifier.
+         * FIXME: the policy identifiers should be compared against the
+         * cert's certificate policies extension, subject to the policy
+         * mappings extension, and the policy constraints extension.
+         * See RFC 5280, sections 4.2.1.4, 4.2.1.5, and 4.2.1.11.
+         */
+        if (strcmp(policies->rgPolicyInfo[i].pszPolicyIdentifier,
+         szOID_ANY_CERT_POLICY))
+        {
+            FIXME("unsupported policy %s\n",
+             policies->rgPolicyInfo[i].pszPolicyIdentifier);
+            *errorStatus |= CERT_TRUST_INVALID_POLICY_CONSTRAINTS;
+        }
+    }
+}
+
+static void CRYPT_CheckChainPolicies(PCERT_SIMPLE_CHAIN chain)
+{
+    int i, j;
+
+    for (i = chain->cElement - 1; i > 0; i--)
+    {
+        CERT_POLICIES_INFO *policies;
+
+        if ((policies = CRYPT_GetPolicies(chain->rgpElement[i]->pCertContext)))
+        {
+            for (j = i - 1; j >= 0; j--)
+            {
+                DWORD errorStatus = 0;
+
+                CRYPT_CheckPolicies(policies,
+                 chain->rgpElement[j]->pCertContext->pCertInfo, &errorStatus);
+                if (errorStatus)
+                {
+                    chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
+                     errorStatus;
+                    CRYPT_CombineTrustStatus(&chain->TrustStatus,
+                     &chain->rgpElement[i]->TrustStatus);
+                }
+            }
+            LocalFree(policies);
+        }
+    }
+}
+
 static LPWSTR name_value_to_str(const CERT_NAME_BLOB *name)
 {
     DWORD len = cert_name_to_str_with_indent(X509_ASN_ENCODING, 0, name,
@@ -1739,6 +1811,8 @@ static BOOL CRYPT_CriticalExtensionsSupported(PCCERT_CONTEXT cert)
                 ret = TRUE;
             else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME2))
                 ret = TRUE;
+            else if (!strcmp(oid, szOID_CERT_POLICIES))
+                ret = TRUE;
             else if (!strcmp(oid, szOID_ENHANCED_KEY_USAGE))
                 ret = TRUE;
             else
@@ -1883,6 +1957,7 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
          &chain->rgpElement[i]->TrustStatus);
     }
     CRYPT_CheckChainNameConstraints(chain);
+    CRYPT_CheckChainPolicies(chain);
     if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext))
     {
         rootElement->TrustStatus.dwInfoStatus |=
diff --git a/reactos/dll/win32/crypt32/main.c b/reactos/dll/win32/crypt32/main.c
index 5844b18..db9dc1a 100644 (file)
--- a/reactos/dll/win32/crypt32/main.c
+++ b/reactos/dll/win32/crypt32/main.c
@@ -64,8 +64,8 @@ HCRYPTPROV CRYPT_GetDefaultProvider(void)
     {
         HCRYPTPROV prov;
 
-        if (!CryptAcquireContextW(&prov, NULL, MS_ENHANCED_PROV_W, PROV_RSA_FULL,
-         CRYPT_VERIFYCONTEXT))
+        if (!CryptAcquireContextW(&prov, NULL, MS_ENH_RSA_AES_PROV_W,
+         PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
             return hDefProv;
         InterlockedCompareExchangePointer((PVOID *)&hDefProv, (PVOID)prov,
          NULL);
diff --git a/reactos/dll/win32/crypt32/oid.c b/reactos/dll/win32/crypt32/oid.c
index ea30d9c..ea7b539 100644 (file)
--- a/reactos/dll/win32/crypt32/oid.c
+++ b/reactos/dll/win32/crypt32/oid.c
@@ -1067,6 +1067,9 @@ static const WCHAR rc2[] = { 'r','c','2',0 };
 static const WCHAR rc4[] = { 'r','c','4',0 };
 static const WCHAR sha[] = { 's','h','a',0 };
 static const WCHAR sha1[] = { 's','h','a','1',0 };
+static const WCHAR sha256[] = { 's','h','a','2','5','6',0 };
+static const WCHAR sha384[] = { 's','h','a','3','8','4',0 };
+static const WCHAR sha512[] = { 's','h','a','5','1','2',0 };
 static const WCHAR RSA[] = { 'R','S','A',0 };
 static const WCHAR RSA_KEYX[] = { 'R','S','A','_','K','E','Y','X',0 };
 static const WCHAR RSA_SIGN[] = { 'R','S','A','_','S','I','G','N',0 };
@@ -1086,6 +1089,9 @@ static const WCHAR shaDSA[] = { 's','h','a','D','S','A',0 };
 static const WCHAR sha1DSA[] = { 's','h','a','1','D','S','A',0 };
 static const WCHAR shaRSA[] = { 's','h','a','R','S','A',0 };
 static const WCHAR sha1RSA[] = { 's','h','a','1','R','S','A',0 };
+static const WCHAR sha256RSA[] = { 's','h','a','2','5','6','R','S','A',0 };
+static const WCHAR sha384RSA[] = { 's','h','a','3','8','4','R','S','A',0 };
+static const WCHAR sha512RSA[] = { 's','h','a','5','1','2','R','S','A',0 };
 static const WCHAR mosaicUpdatedSig[] =
  { 'm','o','s','a','i','c','U','p','d','a','t','e','d','S','i','g',0 };
 static const WCHAR CN[] = { 'C','N',0 };
@@ -1189,6 +1195,9 @@ static const struct OIDInfoConstructor {
  { 3, szOID_PKIX_NO_SIGNATURE,         CALG_NO_SIGN,  NO_SIGN, NULL },
 
  { 4, szOID_RSA_SHA1RSA,               CALG_SHA1,     sha1RSA, &rsaSignBlob },
+ { 4, szOID_RSA_SHA256RSA,             CALG_SHA_256,  sha256RSA, &rsaSignBlob },
+ { 4, szOID_RSA_SHA384RSA,             CALG_SHA_384,  sha384RSA, &rsaSignBlob },
+ { 4, szOID_RSA_SHA512RSA,             CALG_SHA_512,  sha512RSA, &rsaSignBlob },
  { 4, szOID_RSA_MD5RSA,                CALG_MD5,      md5RSA, &rsaSignBlob },
  { 4, szOID_X957_SHA1DSA,              CALG_SHA1,     sha1DSA, &dssSignBlob },
  { 4, szOID_OIWSEC_sha1RSASign,        CALG_SHA1,     sha1RSA, &rsaSignBlob },
diff --git a/reactos/include/psdk/wincrypt.h b/reactos/include/psdk/wincrypt.h
index af79c64..3f7f4ed 100644 (file)
--- a/reactos/include/psdk/wincrypt.h
+++ b/reactos/include/psdk/wincrypt.h
@@ -1339,14 +1339,18 @@ typedef struct _CRYPT_URL_INFO {
     DWORD *rgcGroupEntry;
 } CRYPT_URL_INFO, *PCRYPT_URL_INFO;
 
-#define URL_OID_CERTIFICATE_ISSUER         ((LPCSTR)1)
-#define URL_OID_CERTIFICATE_CRL_DIST_POINT ((LPCSTR)2)
-#define URL_OID_CTL_ISSUER                 ((LPCSTR)3)
-#define URL_OID_CTL_NEXT_UPDATE            ((LPCSTR)4)
-#define URL_OID_CRL_ISSUER                 ((LPCSTR)5)
-#define URL_OID_CERTIFICATE_FRESHEST_CRL   ((LPCSTR)6)
-#define URL_OID_CRL_FRESHEST_CRL           ((LPCSTR)7)
-#define URL_OID_CROSS_CERT_DIST_POINT      ((LPCSTR)8)
+#define URL_OID_CERTIFICATE_ISSUER                  ((LPCSTR)1)
+#define URL_OID_CERTIFICATE_CRL_DIST_POINT          ((LPCSTR)2)
+#define URL_OID_CTL_ISSUER                          ((LPCSTR)3)
+#define URL_OID_CTL_NEXT_UPDATE                     ((LPCSTR)4)
+#define URL_OID_CRL_ISSUER                          ((LPCSTR)5)
+#define URL_OID_CERTIFICATE_FRESHEST_CRL            ((LPCSTR)6)
+#define URL_OID_CRL_FRESHEST_CRL                    ((LPCSTR)7)
+#define URL_OID_CROSS_CERT_DIST_POINT               ((LPCSTR)8)
+#define URL_OID_CERTIFICATE_OCSP                    ((LPCSTR)9)
+#define URL_OID_CERTIFICATE_OCSP_AND_CRL_DIST_POINT ((LPCSTR)10)
+#define URL_OID_CERTIFICATE_CRL_DIST_POINT_AND_OCSP ((LPCSTR)11)
+#define URL_OID_CROSS_CERT_SUBJECT_INFO_ACCESS      ((LPCSTR)12)
 
 #define URL_OID_GET_OBJECT_URL_FUNC "UrlDllGetObjectUrl"
 
@@ -2778,6 +2782,9 @@ typedef struct _CTL_FIND_SUBJECT_PARA
 #define szOID_RSA_MD5RSA                    "1.2.840.113549.1.1.4"
 #define szOID_RSA_SHA1RSA                   "1.2.840.113549.1.1.5"
 #define szOID_RSA_SET0AEP_RSA               "1.2.840.113549.1.1.6"
+#define szOID_RSA_SHA256RSA                 "1.2.840.113549.1.1.11"
+#define szOID_RSA_SHA384RSA                 "1.2.840.113549.1.1.12"
+#define szOID_RSA_SHA512RSA                 "1.2.840.113549.1.1.13"
 #define szOID_RSA_DH                        "1.2.840.113549.1.3.1"
 #define szOID_RSA_data                      "1.2.840.113549.1.7.1"
 #define szOID_RSA_signedData                "1.2.840.113549.1.7.2"
A free Windows-compatible Operating System