wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2024-11-21 16:46:54 -08:00
Code Issues Packages Projects Releases Wiki Activity

Rebase against 6d801377055911d914226a3c6af8d8637a63fa13

Browse Source
This commit is contained in:
Alistair Leslie-Hughes 2018-06-26 08:16:00 +10:00
parent da5cec25df
commit ba6b6642fb
3 changed files with 4 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
patches/crypt32-ECDSA_Cert_Chains/0011-crypt32-Correctly-return-how-the-issuer-of-a-self-si.patch
View File

@ -1,146 +0,0 @@
From ad4623778a56ea3278bb9c81a951af14575b9ac0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Sat, 30 Sep 2017 03:02:15 +0200
Subject: crypt32: Correctly return how the issuer of a self signed certificate
was checked.
---
dlls/crypt32/cert.c | 2 +-
dlls/crypt32/chain.c | 20 ++++++++++++++------
dlls/crypt32/crypt32_private.h | 2 +-
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index a4b43ff1555..0cfa46788f3 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -1884,7 +1884,7 @@ PCCERT_CONTEXT WINAPI CertGetIssuerCertificateFromStore(HCERTSTORE hCertStore,
CertFreeCertificateContext(ret);
ret = NULL;
}
- if (CRYPT_IsCertificateSelfSigned(pSubjectContext))
+ if (CRYPT_IsCertificateSelfSigned(pSubjectContext, NULL))
{
CertFreeCertificateContext(ret);
ret = NULL;
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 80b6513ab1e..89a8ddb95f4 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -265,7 +265,7 @@ typedef struct _CertificateChain
LONG ref;
} CertificateChain;
-BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert, DWORD *type)
{
PCERT_EXTENSION ext;
DWORD size;
@@ -300,6 +300,7 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
&directoryName->u.DirectoryName, &cert->pCertInfo->Issuer)
&& CertCompareIntegerBlob(&info->AuthorityCertSerialNumber,
&cert->pCertInfo->SerialNumber);
+ if (type) *type = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
}
else
{
@@ -321,6 +322,7 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
ret = !memcmp(buf, info->KeyId.pbData, size);
CryptMemFree(buf);
+ if (type) *type = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
}
else
ret = FALSE;
@@ -348,6 +350,7 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
&info->CertIssuer, &cert->pCertInfo->Issuer) &&
CertCompareIntegerBlob(&info->CertSerialNumber,
&cert->pCertInfo->SerialNumber);
+ if (type) *type = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
}
else if (info->KeyId.cbData)
{
@@ -363,6 +366,7 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
CERT_KEY_IDENTIFIER_PROP_ID, buf, &size);
ret = !memcmp(buf, info->KeyId.pbData, size);
CryptMemFree(buf);
+ if (type) *type = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
}
else
ret = FALSE;
@@ -376,8 +380,11 @@ BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert)
}
}
else
+ {
ret = CertCompareCertificateName(cert->dwCertEncodingType,
&cert->pCertInfo->Subject, &cert->pCertInfo->Issuer);
+ if (type) *type = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
+ }
return ret;
}
@@ -1320,7 +1327,7 @@ static void CRYPT_CheckChainNameConstraints(PCERT_SIMPLE_CHAIN chain)
* constraints checked unless they're the end cert.
*/
if (j == 0 || !CRYPT_IsCertificateSelfSigned(
- chain->rgpElement[j]->pCertContext))
+ chain->rgpElement[j]->pCertContext, NULL))
{
CRYPT_CheckNameConstraints(nameConstraints,
chain->rgpElement[j]->pCertContext->pCertInfo,
@@ -1893,6 +1900,7 @@ static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine,
int i;
BOOL pathLengthConstraintViolated = FALSE;
CERT_BASIC_CONSTRAINTS2_INFO constraints = { FALSE, FALSE, 0 };
+ DWORD type;
TRACE_(chain)("checking chain with %d elements for time %s\n",
chain->cElement, filetime_to_str(time));
@@ -1904,7 +1912,7 @@ static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine,
dump_element(chain->rgpElement[i]->pCertContext);
if (i == chain->cElement - 1)
isRoot = CRYPT_IsCertificateSelfSigned(
- chain->rgpElement[i]->pCertContext);
+ chain->rgpElement[i]->pCertContext, NULL);
else
isRoot = FALSE;
if (!CRYPT_IsCertVersionValid(chain->rgpElement[i]->pCertContext))
@@ -1980,10 +1988,10 @@ static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine,
}
CRYPT_CheckChainNameConstraints(chain);
CRYPT_CheckChainPolicies(chain);
- if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext))
+ if (CRYPT_IsCertificateSelfSigned(rootElement->pCertContext, &type))
{
rootElement->TrustStatus.dwInfoStatus |=
- CERT_TRUST_IS_SELF_SIGNED | CERT_TRUST_HAS_NAME_MATCH_ISSUER;
+ CERT_TRUST_IS_SELF_SIGNED | type;
CRYPT_CheckRootCert(engine->hRoot, rootElement);
}
CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);
@@ -2195,7 +2203,7 @@ static BOOL CRYPT_BuildSimpleChain(const CertificateChainEngine *engine,
PCCERT_CONTEXT cert = chain->rgpElement[chain->cElement - 1]->pCertContext;
while (ret && !CRYPT_IsSimpleChainCyclic(chain) &&
- !CRYPT_IsCertificateSelfSigned(cert))
+ !CRYPT_IsCertificateSelfSigned(cert, NULL))
{
PCCERT_CONTEXT issuer = CRYPT_GetIssuer(engine, world, cert, NULL, flags,
&chain->rgpElement[chain->cElement - 1]->TrustStatus.dwInfoStatus);
diff --git a/dlls/crypt32/crypt32_private.h b/dlls/crypt32/crypt32_private.h
index 8b1b003a120..5c08369f007 100644
--- a/dlls/crypt32/crypt32_private.h
+++ b/dlls/crypt32/crypt32_private.h
@@ -341,7 +341,7 @@ void CRYPT_ImportSystemRootCertsToReg(void) DECLSPEC_HIDDEN;
BOOL CRYPT_SerializeContextsToReg(HKEY key, DWORD flags, const WINE_CONTEXT_INTERFACE *contextInterface,
HCERTSTORE memStore) DECLSPEC_HIDDEN;
-BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert) DECLSPEC_HIDDEN;
+BOOL CRYPT_IsCertificateSelfSigned(PCCERT_CONTEXT cert, DWORD *type) DECLSPEC_HIDDEN;
/* Allocates and initializes a certificate chain engine, but without creating
* the root store. Instead, it uses root, and assumes the caller has done any
--
2.14.1

9
patches/patchinstall.sh
View File

@ -52,13 +52,13 @@ usage()
# Get the upstream commit sha
upstream_commit()
{
echo "58c49279f5d5ac11c0af25053f47845203dffdec"
echo "6d801377055911d914226a3c6af8d8637a63fa13"
}
# Show version information
version()
{
echo "Wine Staging 3.11"
echo "Wine Staging 3.12 (Unreleased)"
echo "Copyright (C) 2014-2018 the Wine Staging project authors."
echo "Copyright (C) 2018 Alistair Leslie-Hughes"
echo ""
@ -2738,17 +2738,14 @@ fi
# | * [#35902] Implement support for validating ECDSA certificate chains
# |
# | Modified files:
# | * dlls/crypt32/Makefile.in, dlls/crypt32/cert.c, dlls/crypt32/chain.c, dlls/crypt32/crypt32_private.h,
# | dlls/crypt32/tests/chain.c, dlls/crypt32/tests/encode.c
# | * dlls/crypt32/Makefile.in, dlls/crypt32/cert.c, dlls/crypt32/tests/chain.c, dlls/crypt32/tests/encode.c
# |
if test "$enable_crypt32_ECDSA_Cert_Chains" -eq 1; then
patch_apply crypt32-ECDSA_Cert_Chains/0006-crypt32-tests-Basic-tests-for-decoding-ECDSA-signed-.patch
patch_apply crypt32-ECDSA_Cert_Chains/0011-crypt32-Correctly-return-how-the-issuer-of-a-self-si.patch
patch_apply crypt32-ECDSA_Cert_Chains/0012-crypt32-tets-Add-test-for-verifying-an-ecdsa-chain.patch
patch_apply crypt32-ECDSA_Cert_Chains/0013-crypt32-Implement-verification-of-ECDSA-signatures.patch
(
printf '%s\n' '+ { "Michael Müller", "crypt32/tests: Basic tests for decoding ECDSA signed certificate.", 1 },';
printf '%s\n' '+ { "Michael Müller", "crypt32: Correctly return how the issuer of a self signed certificate was checked.", 1 },';
printf '%s\n' '+ { "Michael Müller", "crypt32/tets: Add test for verifying an ecdsa chain.", 1 },';
printf '%s\n' '+ { "Michael Müller", "crypt32: Implement verification of ECDSA signatures.", 1 },';
) >> "$patchlist"

2
staging/VERSION
View File

@ -1 +1 @@
Wine Staging 3.11
Wine Staging 3.12 (Unreleased)