From 78878ee3b921d2ab440442822cb74ad07b5de180 Mon Sep 17 00:00:00 2001 From: Zebediah Figura Date: Wed, 20 Jun 2018 17:58:17 -0500 Subject: [PATCH] Rebase against cba24001e482fa8a8a1fbf5d5390539e2792b1aa --- ...sic-tests-for-decoding-ECDSA-signed-.patch | 67 +---------- ...t-decoding-of-X509_OBJECT_IDENTIFIER.patch | 109 ------------------ ...ement-decoding-of-X509_ECC_SIGNATURE.patch | 76 ------------ patches/patchinstall.sh | 11 +- 4 files changed, 9 insertions(+), 254 deletions(-) delete mode 100644 patches/crypt32-ECDSA_Cert_Chains/0007-crypt32-Implement-decoding-of-X509_OBJECT_IDENTIFIER.patch delete mode 100644 patches/crypt32-ECDSA_Cert_Chains/0008-crypt32-Implement-decoding-of-X509_ECC_SIGNATURE.patch diff --git a/patches/crypt32-ECDSA_Cert_Chains/0006-crypt32-tests-Basic-tests-for-decoding-ECDSA-signed-.patch b/patches/crypt32-ECDSA_Cert_Chains/0006-crypt32-tests-Basic-tests-for-decoding-ECDSA-signed-.patch index ff981221..84ee03aa 100644 --- a/patches/crypt32-ECDSA_Cert_Chains/0006-crypt32-tests-Basic-tests-for-decoding-ECDSA-signed-.patch +++ b/patches/crypt32-ECDSA_Cert_Chains/0006-crypt32-tests-Basic-tests-for-decoding-ECDSA-signed-.patch @@ -1,18 +1,17 @@ -From 929e67829c47d2fcb99f0aac8ac983f0c3a56836 Mon Sep 17 00:00:00 2001 +From 484fbc0054dadaf4a410ae3497ccf3338ef7d81c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Wed, 27 Sep 2017 18:31:07 +0200 Subject: crypt32/tests: Basic tests for decoding ECDSA signed certificate. --- dlls/crypt32/tests/encode.c | 168 ++++++++++++++++++++++++++++++++++++++++++++ - include/wincrypt.h | 15 ++++ - 2 files changed, 183 insertions(+) + 1 file changed, 168 insertions(+) diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c -index 8cb384c3395..fa389c41ff1 100644 +index a4daec0..729f3e4 100644 --- a/dlls/crypt32/tests/encode.c +++ b/dlls/crypt32/tests/encode.c -@@ -8352,6 +8352,173 @@ static void testPortPublicKeyInfo(void) +@@ -8509,6 +8509,173 @@ static void testPortPublicKeyInfo(void) ok(ret,"CryptAcquireContextA failed\n"); } @@ -186,66 +185,12 @@ index 8cb384c3395..fa389c41ff1 100644 START_TEST(encode) { static const DWORD encodings[] = { X509_ASN_ENCODING, PKCS_7_ASN_ENCODING, -@@ -8445,4 +8612,5 @@ START_TEST(encode) +@@ -8602,4 +8769,5 @@ START_TEST(encode) test_decodeRsaPrivateKey(encodings[i]); } testPortPublicKeyInfo(); + testECDSACert(); } -diff --git a/include/wincrypt.h b/include/wincrypt.h -index 8b120206cd8..22ff350923a 100644 ---- a/include/wincrypt.h -+++ b/include/wincrypt.h -@@ -288,6 +288,11 @@ typedef struct _CERT_KEY_ATTRIBUTES_INFO { - PCERT_PRIVATE_KEY_VALIDITY pPrivateKeyUsagePeriod; - } CERT_KEY_ATTRIBUTES_INFO, *PCERT_KEY_ATTRIBUTES_INFO; - -+typedef struct _CERT_ECC_SIGNATURE { -+ CRYPT_UINT_BLOB r; -+ CRYPT_UINT_BLOB s; -+} CERT_ECC_SIGNATURE, *PCERT_ECC_SIGNATURE; -+ - /* byte 0 */ - #define CERT_DIGITAL_SIGNATURE_KEY_USAGE 0x80 - #define CERT_NON_REPUDIATION_KEY_USAGE 0x40 -@@ -2878,6 +2883,12 @@ typedef struct _CTL_FIND_SUBJECT_PARA - #define szOID_X957 "1.2.840.10040" - #define szOID_X957_DSA "1.2.840.10040.4.1" - #define szOID_X957_SHA1DSA "1.2.840.10040.4.3" -+#define szOID_ECC_PUBLIC_KEY "1.2.840.10045.2.1" -+#define szOID_ECC_CURVE_P256 "1.2.840.10045.3.1.7" -+#define szOID_ECDSA_SPECIFIED "1.2.840.10045.4.3" -+#define szOID_ECDSA_SHA256 "1.2.840.10045.4.3.2" -+#define szOID_ECDSA_SHA384 "1.2.840.10045.4.3.3" -+#define szOID_ECDSA_SHA512 "1.2.840.10045.4.3.4" - #define szOID_DS "2.5" - #define szOID_DSALG "2.5.8" - #define szOID_DSALG_CRPT "2.5.8.1" -@@ -2919,6 +2930,8 @@ typedef struct _CTL_FIND_SUBJECT_PARA - #define szOID_OIWDIR_SIGN "1.3.14.7.2.3" - #define szOID_OIWDIR_md2 "1.3.14.7.2.2.1" - #define szOID_OIWDIR_md2RSA "1.3.14.7.2.3.1" -+#define szOID_ECC_CURVE_P384 "1.3.132.0.34" -+#define szOID_ECC_CURVE_P521 "1.3.132.0.35" - #define szOID_INFOSEC "2.16.840.1.101.2.1" - #define szOID_INFOSEC_sdnsSignature "2.16.840.1.101.2.1.1.1" - #define szOID_INFOSEC_mosaicSignature "2.16.840.1.101.2.1.1.2" -@@ -3224,6 +3237,7 @@ typedef struct _CTL_FIND_SUBJECT_PARA - #define X509_PKIX_POLICY_QUALIFIER_USERNOTICE ((LPCSTR)46) - #define X509_DH_PUBLICKEY X509_MULTI_BYTE_UINT - #define X509_DH_PARAMETERS ((LPCSTR)47) -+#define X509_ECC_SIGNATURE ((LPCSTR)47) - #define PKCS_ATTRIBUTES ((LPCSTR)48) - #define PKCS_SORTED_CTL ((LPCSTR)49) - #define X942_DH_PARAMETERS ((LPCSTR)50) -@@ -3241,6 +3255,7 @@ typedef struct _CTL_FIND_SUBJECT_PARA - #define CMC_ADD_EXTENSIONS ((LPCSTR)62) - #define CMC_ADD_ATTRIBUTES ((LPCSTR)63) - #define X509_CERTIFICATE_TEMPLATE ((LPCSTR)64) -+#define X509_OBJECT_IDENTIFIER ((LPCSTR)73) - #define PKCS7_SIGNER_INFO ((LPCSTR)500) - #define CMS_SIGNER_INFO ((LPCSTR)501) - -- -2.14.1 +2.7.4 diff --git a/patches/crypt32-ECDSA_Cert_Chains/0007-crypt32-Implement-decoding-of-X509_OBJECT_IDENTIFIER.patch b/patches/crypt32-ECDSA_Cert_Chains/0007-crypt32-Implement-decoding-of-X509_OBJECT_IDENTIFIER.patch deleted file mode 100644 index 500d7a94..00000000 --- a/patches/crypt32-ECDSA_Cert_Chains/0007-crypt32-Implement-decoding-of-X509_OBJECT_IDENTIFIER.patch +++ /dev/null @@ -1,109 +0,0 @@ -From e271981b27492ce0612b5c2b7b0c18fd747ce2a7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20M=C3=BCller?= -Date: Wed, 27 Sep 2017 19:08:43 +0200 -Subject: crypt32: Implement decoding of X509_OBJECT_IDENTIFIER. - ---- - dlls/crypt32/decode.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ - dlls/crypt32/tests/encode.c | 8 ++++---- - 2 files changed, 49 insertions(+), 4 deletions(-) - -diff --git a/dlls/crypt32/decode.c b/dlls/crypt32/decode.c -index ddeb0552906..6b124f9db7d 100644 ---- a/dlls/crypt32/decode.c -+++ b/dlls/crypt32/decode.c -@@ -5890,6 +5890,46 @@ BOOL CRYPT_AsnDecodePKCSEnvelopedData(const BYTE *pbEncoded, DWORD cbEncoded, - return ret; - } - -+static BOOL WINAPI CRYPT_AsnDecodeObjectIdentifier(DWORD dwCertEncodingType, -+ LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, -+ PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo) -+{ -+ DWORD bytesNeeded = 0; -+ BOOL ret; -+ -+ __TRY -+ { -+ ret = CRYPT_AsnDecodeOidInternal(pbEncoded, cbEncoded, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG, -+ NULL, &bytesNeeded, NULL); -+ if (ret) -+ { -+ if (!pvStructInfo) -+ *pcbStructInfo = bytesNeeded; -+ else if ((ret = CRYPT_DecodeEnsureSpace(dwFlags, pDecodePara, pvStructInfo, pcbStructInfo, bytesNeeded))) -+ { -+ LPSTR *info; -+ -+ if (dwFlags & CRYPT_DECODE_ALLOC_FLAG) -+ pvStructInfo = *(BYTE **)pvStructInfo; -+ -+ info = pvStructInfo; -+ *info = (void *)((BYTE *)info + sizeof(*info)); -+ ret = CRYPT_AsnDecodeOidInternal(pbEncoded, cbEncoded, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG, -+ pvStructInfo, &bytesNeeded, NULL); -+ if (!ret && (dwFlags & CRYPT_DECODE_ALLOC_FLAG)) -+ CRYPT_FreeSpace(pDecodePara, info); -+ } -+ } -+ } -+ __EXCEPT_PAGE_FAULT -+ { -+ SetLastError(STATUS_ACCESS_VIOLATION); -+ ret = FALSE; -+ } -+ __ENDTRY -+ return ret; -+} -+ - static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType, - LPCSTR lpszStructType) - { -@@ -6029,6 +6069,9 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType, - case LOWORD(CMS_SIGNER_INFO): - decodeFunc = CRYPT_AsnDecodeCMSSignerInfo; - break; -+ case LOWORD(X509_OBJECT_IDENTIFIER): -+ decodeFunc = CRYPT_AsnDecodeObjectIdentifier; -+ break; - } - } - else if (!strcmp(lpszStructType, szOID_CERT_EXTENSIONS)) -@@ -6083,6 +6126,8 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType, - decodeFunc = CRYPT_AsnDecodePolicyQualifierUserNotice; - else if (!strcmp(lpszStructType, szOID_CTL)) - decodeFunc = CRYPT_AsnDecodeCTL; -+ else if (!strcmp(lpszStructType, szOID_ECC_PUBLIC_KEY)) -+ decodeFunc = CRYPT_AsnDecodeObjectIdentifier; - return decodeFunc; - } - -diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c -index fa389c41ff1..574b1e95351 100644 ---- a/dlls/crypt32/tests/encode.c -+++ b/dlls/crypt32/tests/encode.c -@@ -8489,8 +8489,8 @@ static void testECDSACert(void) - ecc_curve = NULL; - ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_OBJECT_IDENTIFIER, pubkey->Algorithm.Parameters.pbData, - pubkey->Algorithm.Parameters.cbData, decode_flags, NULL, &ecc_curve, &size); -- todo_wine ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */), -- "CryptDecodeObjectEx failed with %d\n", GetLastError()); -+ ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */), -+ "CryptDecodeObjectEx failed with %d\n", GetLastError()); - if (ret) - { - ok(!strcmp(*ecc_curve, szOID_ECC_CURVE_P256), "Expected 1.2.840.10045.3.1.7, got %s\n", *ecc_curve); -@@ -8500,8 +8500,8 @@ static void testECDSACert(void) - ecc_curve = NULL; - ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, szOID_ECC_PUBLIC_KEY, pubkey->Algorithm.Parameters.pbData, - pubkey->Algorithm.Parameters.cbData, decode_flags, NULL, &ecc_curve, &size); -- todo_wine ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */), -- "CryptDecodeObjectEx failed with %d\n", GetLastError()); -+ ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */), -+ "CryptDecodeObjectEx failed with %d\n", GetLastError()); - if (ret) - { - ok(!strcmp(*ecc_curve, szOID_ECC_CURVE_P256), "Expected 1.2.840.10045.3.1.7, got %s\n", *ecc_curve); --- -2.14.1 - diff --git a/patches/crypt32-ECDSA_Cert_Chains/0008-crypt32-Implement-decoding-of-X509_ECC_SIGNATURE.patch b/patches/crypt32-ECDSA_Cert_Chains/0008-crypt32-Implement-decoding-of-X509_ECC_SIGNATURE.patch deleted file mode 100644 index 3acf5611..00000000 --- a/patches/crypt32-ECDSA_Cert_Chains/0008-crypt32-Implement-decoding-of-X509_ECC_SIGNATURE.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 4f3a56480857ec2b17c6bb6dd53f40420aebdc3b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20M=C3=BCller?= -Date: Thu, 28 Sep 2017 05:35:49 +0200 -Subject: crypt32: Implement decoding of X509_ECC_SIGNATURE. - ---- - dlls/crypt32/decode.c | 32 ++++++++++++++++++++++++++++++++ - dlls/crypt32/tests/encode.c | 2 +- - 2 files changed, 33 insertions(+), 1 deletion(-) - -diff --git a/dlls/crypt32/decode.c b/dlls/crypt32/decode.c -index 6b124f9db7d..02392ec6bf0 100644 ---- a/dlls/crypt32/decode.c -+++ b/dlls/crypt32/decode.c -@@ -5930,6 +5930,35 @@ static BOOL WINAPI CRYPT_AsnDecodeObjectIdentifier(DWORD dwCertEncodingType, - return ret; - } - -+static BOOL WINAPI CRYPT_AsnDecodeEccSignature(DWORD dwCertEncodingType, -+ LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, -+ PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo) -+{ -+ BOOL ret; -+ struct AsnDecodeSequenceItem items[] = { -+ { ASN_INTEGER, offsetof(CERT_ECC_SIGNATURE, r), -+ CRYPT_AsnDecodeUnsignedIntegerInternal, sizeof(CRYPT_UINT_BLOB), FALSE, -+ TRUE, offsetof(CERT_ECC_SIGNATURE, r.pbData), 0 }, -+ { ASN_INTEGER, offsetof(CERT_ECC_SIGNATURE, s), -+ CRYPT_AsnDecodeUnsignedIntegerInternal, sizeof(CRYPT_UINT_BLOB), FALSE, -+ TRUE, offsetof(CERT_ECC_SIGNATURE, s.pbData), 0 }, -+ }; -+ -+ __TRY -+ { -+ ret = CRYPT_AsnDecodeSequence(items, sizeof(items) / sizeof(items[0]), -+ pbEncoded, cbEncoded, dwFlags, pDecodePara, pvStructInfo, -+ pcbStructInfo, NULL, NULL); -+ } -+ __EXCEPT_PAGE_FAULT -+ { -+ SetLastError(STATUS_ACCESS_VIOLATION); -+ ret = FALSE; -+ } -+ __ENDTRY -+ return ret; -+} -+ - static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType, - LPCSTR lpszStructType) - { -@@ -6072,6 +6101,9 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType, - case LOWORD(X509_OBJECT_IDENTIFIER): - decodeFunc = CRYPT_AsnDecodeObjectIdentifier; - break; -+ case LOWORD(X509_ECC_SIGNATURE): -+ decodeFunc = CRYPT_AsnDecodeEccSignature; -+ break; - } - } - else if (!strcmp(lpszStructType, szOID_CERT_EXTENSIONS)) -diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c -index 574b1e95351..5ab828151fa 100644 ---- a/dlls/crypt32/tests/encode.c -+++ b/dlls/crypt32/tests/encode.c -@@ -8434,7 +8434,7 @@ static void testECDSACert(void) - ecc_sig = NULL; - ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_ECC_SIGNATURE, info->Signature.pbData, - info->Signature.cbData, decode_flags, NULL, &ecc_sig, &size); -- todo_wine ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError()); -+ ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError()); - if (ret) - { - ok(ecc_sig->r.cbData == 32, "Expected 32 bytes, got %d\n", ecc_sig->r.cbData); --- -2.14.1 - diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index 2d6fd7d9..aa2da4a2 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -52,7 +52,7 @@ usage() # Get the upstream commit sha upstream_commit() { - echo "e6fc86e4a0a8396a345ae21fbe7be9210441d307" + echo "cba24001e482fa8a8a1fbf5d5390539e2792b1aa" } # Show version information @@ -2727,14 +2727,11 @@ fi # | * [#35902] Implement support for validating ECDSA certificate chains # | # | Modified files: -# | * dlls/crypt32/Makefile.in, dlls/crypt32/cert.c, dlls/crypt32/chain.c, dlls/crypt32/crypt32_private.h, -# | dlls/crypt32/decode.c, dlls/crypt32/oid.c, dlls/crypt32/tests/chain.c, dlls/crypt32/tests/encode.c, -# | dlls/crypt32/tests/oid.c, include/wincrypt.h +# | * dlls/crypt32/Makefile.in, dlls/crypt32/cert.c, dlls/crypt32/chain.c, dlls/crypt32/crypt32_private.h, dlls/crypt32/oid.c, +# | dlls/crypt32/tests/chain.c, dlls/crypt32/tests/encode.c, dlls/crypt32/tests/oid.c, include/wincrypt.h # | if test "$enable_crypt32_ECDSA_Cert_Chains" -eq 1; then patch_apply crypt32-ECDSA_Cert_Chains/0006-crypt32-tests-Basic-tests-for-decoding-ECDSA-signed-.patch - patch_apply crypt32-ECDSA_Cert_Chains/0007-crypt32-Implement-decoding-of-X509_OBJECT_IDENTIFIER.patch - patch_apply crypt32-ECDSA_Cert_Chains/0008-crypt32-Implement-decoding-of-X509_ECC_SIGNATURE.patch patch_apply crypt32-ECDSA_Cert_Chains/0009-crypt32-tests-Add-basic-test-for-ecdsa-oid.patch patch_apply crypt32-ECDSA_Cert_Chains/0010-crypt32-Add-oids-for-sha256ECDSA-and-sha384ECDSA.patch patch_apply crypt32-ECDSA_Cert_Chains/0011-crypt32-Correctly-return-how-the-issuer-of-a-self-si.patch @@ -2742,8 +2739,6 @@ if test "$enable_crypt32_ECDSA_Cert_Chains" -eq 1; then patch_apply crypt32-ECDSA_Cert_Chains/0013-crypt32-Implement-verification-of-ECDSA-signatures.patch ( printf '%s\n' '+ { "Michael Müller", "crypt32/tests: Basic tests for decoding ECDSA signed certificate.", 1 },'; - printf '%s\n' '+ { "Michael Müller", "crypt32: Implement decoding of X509_OBJECT_IDENTIFIER.", 1 },'; - printf '%s\n' '+ { "Michael Müller", "crypt32: Implement decoding of X509_ECC_SIGNATURE.", 1 },'; printf '%s\n' '+ { "Michael Müller", "crypt32/tests: Add basic test for ecdsa oid.", 1 },'; printf '%s\n' '+ { "Michael Müller", "crypt32: Add oids for sha256ECDSA and sha384ECDSA.", 1 },'; printf '%s\n' '+ { "Michael Müller", "crypt32: Correctly return how the issuer of a self signed certificate was checked.", 1 },';