appwiz.cpl: Use sha256 checksums to validate Mono/Gecko downloads.
Sebastian Lackner
sebastian at fds-team.de
Wed Mar 8 14:49:07 CST 2017
Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
---
This patch also replaces the memory mapping logic with ReadFile.
Depends on https://source.winehq.org/patches/data/131146.
dlls/appwiz.cpl/Makefile.in | 2 -
dlls/appwiz.cpl/addons.c | 85 +++++++++++++++++++-------------------------
2 files changed, 39 insertions(+), 48 deletions(-)
diff --git a/dlls/appwiz.cpl/Makefile.in b/dlls/appwiz.cpl/Makefile.in
index a8341fa689f..97bc150a01d 100644
--- a/dlls/appwiz.cpl/Makefile.in
+++ b/dlls/appwiz.cpl/Makefile.in
@@ -1,5 +1,5 @@
MODULE = appwiz.cpl
-IMPORTS = uuid urlmon advpack comctl32 advapi32 shell32 ole32 user32 comdlg32
+IMPORTS = uuid urlmon advpack comctl32 advapi32 shell32 ole32 user32 comdlg32 bcrypt
DELAYIMPORTS = msi
C_SRCS = \
diff --git a/dlls/appwiz.cpl/addons.c b/dlls/appwiz.cpl/addons.c
index c3847b54948..9937ebf6ce3 100644
--- a/dlls/appwiz.cpl/addons.c
+++ b/dlls/appwiz.cpl/addons.c
@@ -42,6 +42,7 @@
#include "shellapi.h"
#include "urlmon.h"
#include "msi.h"
+#include "bcrypt.h"
#include "appwiz.h"
#include "res.h"
@@ -55,17 +56,17 @@ WINE_DEFAULT_DEBUG_CHANNEL(appwizcpl);
#ifdef __i386__
#define ARCH_STRING "x86"
-#define GECKO_SHA "f9a937e9a46d47fda701d257e60601f22e7a4510"
+#define GECKO_SHA "3b8a361f5d63952d21caafd74e849a774994822fb96c5922b01d554f1677643a"
#elif defined(__x86_64__)
#define ARCH_STRING "x86_64"
-#define GECKO_SHA "8efa810b1ac83d59e0171d4347d21730560926da"
+#define GECKO_SHA "c565ea25e50ea953937d4ab01299e4306da4a556946327d253ea9b28357e4a7d"
#else
#define ARCH_STRING ""
#define GECKO_SHA "???"
#endif
#define MONO_VERSION "4.7.0"
-#define MONO_SHA "ff05e1d2a93c3a07672cefc7a8f3a087d75828ac"
+#define MONO_SHA "7698474dd9cb9eb80796b5812dff37386ba97b78b21ca23b20079ca5ad6ca5a1"
typedef struct {
const char *version;
@@ -110,62 +111,52 @@ static WCHAR *msi_file;
static WCHAR * (CDECL *p_wine_get_dos_file_name)(const char*);
static const WCHAR kernel32_dllW[] = {'k','e','r','n','e','l','3','2','.','d','l','l',0};
-
-/* SHA definitions are copied from advapi32. They aren't available in headers. */
-
-typedef struct {
- ULONG Unknown[6];
- ULONG State[5];
- ULONG Count[2];
- UCHAR Buffer[64];
-} SHA_CTX, *PSHA_CTX;
-
-void WINAPI A_SHAInit(PSHA_CTX);
-void WINAPI A_SHAUpdate(PSHA_CTX,const unsigned char*,UINT);
-void WINAPI A_SHAFinal(PSHA_CTX,PULONG);
-
static BOOL sha_check(const WCHAR *file_name)
{
- const unsigned char *file_map;
- HANDLE file, map;
- ULONG sha[5];
- char buf[2*sizeof(sha)+1];
- SHA_CTX ctx;
- DWORD size, i;
-
- file = CreateFileW(file_name, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, NULL);
- if(file == INVALID_HANDLE_VALUE) {
+ BCRYPT_HASH_HANDLE hash = NULL;
+ BCRYPT_ALG_HANDLE alg = NULL;
+ UCHAR sha256[32];
+ char buf[1024];
+ HANDLE file;
+ DWORD read;
+ BOOL ret = FALSE;
+ int i;
+
+ file = CreateFileW(file_name, GENERIC_READ, FILE_SHARE_READ, NULL,
+ OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, NULL);
+ if (file == INVALID_HANDLE_VALUE)
+ {
WARN("Could not open file: %u\n", GetLastError());
return FALSE;
}
- size = GetFileSize(file, NULL);
-
- map = CreateFileMappingW(file, NULL, PAGE_READONLY, 0, 0, NULL);
- CloseHandle(file);
- if(!map)
- return FALSE;
-
- file_map = MapViewOfFile(map, FILE_MAP_READ, 0, 0, 0);
- CloseHandle(map);
- if(!file_map)
- return FALSE;
+ if (BCryptOpenAlgorithmProvider(&alg, BCRYPT_SHA256_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0))
+ goto end;
+ if (BCryptCreateHash(alg, &hash, NULL, 0, NULL, 0, 0))
+ goto end;
- A_SHAInit(&ctx);
- A_SHAUpdate(&ctx, file_map, size);
- A_SHAFinal(&ctx, sha);
+ do
+ {
+ if (!ReadFile(file, buf, sizeof(buf), &read, NULL)) goto end;
+ if (read && BCryptHashData(hash, (UCHAR *)buf, read, 0)) goto end;
+ }
+ while (read);
- UnmapViewOfFile(file_map);
+ if (BCryptFinishHash(hash, sha256, sizeof(sha256), 0))
+ goto end;
- for(i=0; i < sizeof(sha); i++)
- sprintf(buf + i*2, "%02x", *((unsigned char*)sha+i));
+ for (i = 0; i < sizeof(sha256); i++)
+ sprintf(buf + i * 2, "%02x", sha256[i]);
- if(strcmp(buf, addon->sha)) {
+ ret = !strcmp(buf, addon->sha);
+ if (!ret)
WARN("Got %s, expected %s\n", buf, addon->sha);
- return FALSE;
- }
- return TRUE;
+end:
+ if (hash) BCryptDestroyHash(hash);
+ if (alg) BCryptCloseAlgorithmProvider(alg, 0);
+ CloseHandle(file);
+ return ret;
}
static void set_status(DWORD id)
--
2.11.0
More information about the wine-patches
mailing list