[Bug 34083] Symantec Antivirus 10.x installer fails in custom action WriteCcSettingsTables.03FE01CF_295E_4354_A292_7DC4A810E0DA (CERT with multiple OU fields, crypt32.CertGetNameStringW must return RDNs in reverse order)
WineHQ Bugzilla
wine-bugs at winehq.org
Fri Dec 11 15:43:27 CST 2020
https://bugs.winehq.org/show_bug.cgi?id=34083
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |focht at gmx.net
Summary|Symantec Antivirus 10.x |Symantec Antivirus 10.x
|installer fails in custom |installer fails in custom
|action |action
|WriteCcSettingsTables.03FE0 |WriteCcSettingsTables.03FE0
|1CF_295E_4354_A292_7DC4A810 |1CF_295E_4354_A292_7DC4A810
|E0DA |E0DA (CERT with multiple OU
| |fields,
| |crypt32.CertGetNameStringW
| |must return RDNs in reverse
| |order)
Component|-unknown |crypt32
--- Comment #5 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming. I found SAV 10.0 as distributed "backup" and could reproduce the
problem with the installer.
A rare case of snake oil software being useful - to reveal an interesting bug
in Wine :-)
To debug custom action in question:
--- snip ---
$ MsiBreak="_WriteCcSettingsTables at 4" wine msiexec -i "Symantec AntiVirus.msi"
--- snip ---
Custom action dll <msicde9._WriteCcSettingsTables at 4>:
--- snip ---
6B744A80 | push ebp |
6B744A81 | mov ebp,esp |
6B744A83 | push FFFFFFFF |
6B744A85 | push msicde9.6B761826 |
6B744A8A | mov eax,dword ptr fs:[0] |
6B744A90 | push eax |
...
6B744C04 | mov dword ptr ss:[ebp-18],edi |
6B744C07 | mov dword ptr ss:[ebp-4C],msicde9.6B763A90 |
6B744C0E | mov dword ptr ss:[ebp-44],edi |
6B744C11 | mov dword ptr ss:[ebp-40],edi |
6B744C14 | mov dword ptr ss:[ebp-3C],edi |
6B744C17 | mov dword ptr ss:[ebp-34],edi |
6B744C1A | mov dword ptr ss:[ebp-30],edi |
6B744C1D | mov dword ptr ss:[ebp-2C],edi |
6B744C20 | mov dword ptr ss:[ebp-38],msicde9.6B7637F8 |
6B744C27 | mov dword ptr ss:[ebp-28],edi |
6B744C2A | mov dword ptr ss:[ebp-48],msicde9.6B763A88 |
6B744C31 | xor eax,eax |
6B744C33 | test bl,bl |
6B744C35 | mov byte ptr ss:[ebp-4],5 |
6B744C39 | je msicde9.6B744C54 |
6B744C3B | lea eax,dword ptr ss:[ebp-18] |
6B744C3E | push eax |
6B744C3F | lea ecx,dword ptr ss:[ebp-4C] |
6B744C42 | call msicde9.6B746D80 |
6B744C47 | test eax,eax | 0x80010303
6B744C49 | js msicde9.6B744C54 |
6B744C4B | cmp dword ptr ss:[ebp-18],edi |
6B744C4E | mov byte ptr ss:[ebp+8],1 |
6B744C52 | jne msicde9.6B744C58 |
6B744C54 | mov byte ptr ss:[ebp+8],0 |
6B744C58 | mov ecx,dword ptr ss:[ebp-18] |
6B744C5B | push ecx |
6B744C5C | push eax |
6B744C5D | mov eax,dword ptr ss:[ebp+8] |
6B744C60 | movzx edx,bl |
6B744C63 | push edx |
6B744C64 | push msicde9.6B763E48 | "Failed to create
settings manager. bSettingsMgrActive=%d, symRes=0x%.8x, pTemp=0x%.8x"
6B744C69 | push msicde9.6B763EA0 |
"WriteCcSettingsTables: "
6B744C6E | push eax |
6B744C6F | call msicde9.6B7472E0 |
--- snip ---
Settings manager -> 'C:\\Program Files\\Common Files\\Symantec
Shared\\ccSet.dll'
Disassembly of the subroutine revealing the problem.
I annotated it with values from the debugging session.
--- snip ---
6B492CD0 | push ebp |
6B492CD1 | mov ebp,esp |
6B492CD3 | and esp,FFFFFFF8 |
6B492CD6 | sub esp,63C |
6B492CDC | mov eax,dword ptr ds:[6B49F0E0] |
6B492CE1 | push ebx |
6B492CE2 | push esi |
6B492CE3 | mov esi,dword ptr ss:[ebp+8] |
6B492CE6 | test esi,esi |
6B492CE8 | mov dword ptr ss:[esp+640],eax |
6B492CEF | push edi |
6B492CF0 | mov ebx,ecx |
6B492CF2 | je ccvrtrst.6B492F73 |
6B492CF8 | mov edx,dword ptr ds:[ebx+28] | _CertGetNameStringA at 24
6B492CFB | test edx,edx |
6B492CFD | je ccvrtrst.6B492F73 |
6B492D03 | xor eax,eax |
6B492D05 | push 104 |
6B492D0A | mov ecx,41 |
6B492D0F | lea edi,dword ptr ss:[esp+224] |
6B492D16 | rep stosd |
6B492D18 | lea eax,dword ptr ss:[esp+224] |
6B492D1F | push eax |
6B492D20 | push ccvrtrst.6B49B1D4 | OID "2.5.4.3"
6B492D25 | push 0 |
6B492D27 | push 3 |
6B492D29 | push esi |
6B492D2A | mov dword ptr ss:[esp+24],1 |
6B492D32 | call edx | CertGetNameStringA()
6B492D34 | cmp eax,1 | 0x15
6B492D37 | jbe ccvrtrst.6B492DF4 | "Symantec Corporation"
6B492D3D | xor eax,eax |
6B492D3F | push 104 |
6B492D44 | mov ecx,41 |
6B492D49 | lea edi,dword ptr ss:[esp+14] |
6B492D4D | rep stosd |
6B492D4F | lea ecx,dword ptr ss:[esp+14] |
6B492D53 | push ecx |
6B492D54 | push ccvrtrst.6B49B1C8 | OID "2.5.4.11"
6B492D59 | push eax |
6B492D5A | push 3 |
6B492D5C | push esi |
6B492D5D | call dword ptr ds:[ebx+28] | CertGetNameStringA()
6B492D60 | cmp eax,1 | 0x36
6B492D63 | jbe ccvrtrst.6B492DF4 | "Digital ID Class 3 -
Microsoft Software Validation v2"
6B492D69 | push 104 |
6B492D6E | lea edx,dword ptr ss:[esp+11C] |
6B492D75 | push edx |
6B492D76 | push ccvrtrst.6B49B1BC | OID "2.5.4.10"
6B492D7B | xor eax,eax |
6B492D7D | push eax |
6B492D7E | push 3 |
6B492D80 | mov ecx,41 |
6B492D85 | lea edi,dword ptr ss:[esp+12C] |
6B492D8C | push esi |
6B492D8D | rep stosd |
6B492D8F | call dword ptr ds:[ebx+28] | CertGetNameStringA()
6B492D92 | cmp eax,1 | 0x15
6B492D95 | jbe ccvrtrst.6B492DF4 | "Symantec Corporation"
6B492D97 | xor eax,eax |
6B492D99 | push 104 |
6B492D9E | mov ecx,41 |
6B492DA3 | lea edi,dword ptr ss:[esp+434] |
6B492DAA | rep stosd |
6B492DAC | lea eax,dword ptr ss:[esp+434] |
6B492DB3 | push eax |
6B492DB4 | push ccvrtrst.6B49B1B4 | OID "2.5.4.7"
6B492DB9 | push 0 |
6B492DBB | push 3 |
6B492DBD | push esi |
6B492DBE | call dword ptr ds:[ebx+28] | CertGetNameStringA()
6B492DC1 | cmp eax,1 | 0xD
6B492DC4 | jbe ccvrtrst.6B492DF4 | "Santa Monica"
6B492DC6 | xor eax,eax |
6B492DC8 | push 104 |
6B492DCD | mov ecx,41 |
6B492DD2 | lea edi,dword ptr ss:[esp+32C] |
6B492DD9 | rep stosd |
6B492DDB | lea ecx,dword ptr ss:[esp+32C] |
6B492DE2 | push ecx |
6B492DE3 | push ccvrtrst.6B49B1AC | OID "2.5.4.8"
6B492DE8 | push eax |
6B492DE9 | push 3 |
6B492DEB | push esi |
6B492DEC | call dword ptr ds:[ebx+28] | CertGetNameStringA()
6B492DEF | cmp eax,1 | 0x8
6B492DF2 | ja ccvrtrst.6B492E29 | "California"
6B492DF4 | call dword ptr ds:[<&GetLastError>] |
6B492DFA | push eax |
6B492DFB | push ccvrtrst.6B49B160 |
"CVerifyCertProperties::VerifySymantec() : CertGetNameString() <= 1, 0x%08X\n"
6B492E00 | call ccvrtrst.6B491040 |
6B492E05 | mov dword ptr ss:[esp+14],3 |
6B492E0D | mov eax,dword ptr ss:[esp+14] |
6B492E11 | add esp,8 |
6B492E14 | mov ecx,dword ptr ss:[esp+644] |
6B492E1B | call ccvrtrst.6B4933EE |
6B492E20 | pop edi |
6B492E21 | pop esi |
6B492E22 | pop ebx |
6B492E23 | mov esp,ebp |
6B492E25 | pop ebp |
6B492E26 | ret 4 |
6B492E29 | push 104 |
6B492E2E | lea edx,dword ptr ss:[esp+53C] |
6B492E35 | push edx |
6B492E36 | xor eax,eax |
6B492E38 | push ccvrtrst.6B49B158 | OID "2.5.4.6"
6B492E3D | mov ecx,41 |
6B492E42 | lea edi,dword ptr ss:[esp+544] |
6B492E49 | rep stosd |
6B492E4B | push eax |
6B492E4C | mov edi,3 |
6B492E51 | push edi |
6B492E52 | push esi |
6B492E53 | call dword ptr ds:[ebx+28] | CertGetNameStringA()
6B492E56 | cmp eax,1 | 0x3
6B492E59 | ja ccvrtrst.6B492E8A | "US"
6B492E5B | call dword ptr ds:[<&GetLastError>] |
6B492E61 | push eax |
6B492E62 | push ccvrtrst.6B49B160 |
"CVerifyCertProperties::VerifySymantec() : CertGetNameString() <= 1, 0x%08X\n"
6B492E67 | call ccvrtrst.6B491040 |
6B492E6C | add esp,8 |
6B492E6F | mov dword ptr ss:[esp+C],edi |
6B492E73 | mov eax,edi |
6B492E75 | mov ecx,dword ptr ss:[esp+644] |
6B492E7C | call ccvrtrst.6B4933EE |
6B492E81 | pop edi |
6B492E82 | pop esi |
6B492E83 | pop ebx |
6B492E84 | mov esp,ebp |
6B492E86 | pop ebp |
6B492E87 | ret 4 |
6B492E8A | mov ecx,ccvrtrst.6B49F260 |
6B492E8F | call <JMP.&Ordinal#1036> | CEncryptedString::Decrypt()
6B492E94 | mov esi,dword ptr ds:[<&lstrcmpA>] |
6B492E9A | push eax | "Symantec Corporation"
6B492E9B | lea eax,dword ptr ss:[esp+224] |
6B492EA2 | push eax | "Symantec Corporation"
6B492EA3 | call esi | kernel32.lstrcmpA()
6B492EA5 | test eax,eax |
6B492EA7 | jne ccvrtrst.6B492F56 |
6B492EAD | mov ecx,ccvrtrst.6B49F2A0 |
6B492EB2 | call <JMP.&Ordinal#1036> | CEncryptedString::Decrypt()
6B492EB7 | push eax | "Symantec Research Labs"
6B492EB8 | lea ecx,dword ptr ss:[esp+14] |
6B492EBC | push ecx | "Digital ID Class 3 -
Microsoft Software Validation v2"
6B492EBD | call esi | kernel32.lstrcmpA()
6B492EBF | test eax,eax | -1
6B492EC1 | je ccvrtrst.6B492ED9 |
6B492EC3 | mov ecx,ccvrtrst.6B49F2E0 |
6B492EC8 | call <JMP.&Ordinal#1036> | CEncryptedString::Decrypt()
6B492ECD | push eax | "Configuration Management"
6B492ECE | lea edx,dword ptr ss:[esp+14] |
6B492ED2 | push edx | "Digital ID Class 3 -
Microsoft Software Validation v2"
6B492ED3 | call esi | kernel32.lstrcmpA()
6B492ED5 | test eax,eax | 0x1
6B492ED7 | jne ccvrtrst.6B492F56 | *problem*
...
--- snip ---
Matching part of +crypt trace log for the subroutine:
--- snip ---
...
0654:trace:crypt:CertGetNameStringW (0017A154, 3, 00000000, 6B49B1D4, 00169498,
21)
0654:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 001DA4D4, 219,
0x00008000, 00000000, 014DF230, 014DF234)
0654:trace:crypt:CryptDecodeObjectEx returning 1
0654:trace:crypt:CertFindRDNAttr "2.5.4.3" 001D7A40
0654:trace:crypt:CertRDNValueToStrW (5, 001D7BA4, 00169498, 21)
0654:trace:crypt:CertRDNValueToStrW returning 21 (L"Symantec Corporation")
0654:trace:crypt:CertGetNameStringA (0017A154, 3, 00000000, 6B49B1C8, 014DF2B0,
260)
0654:trace:crypt:CertGetNameStringW (0017A154, 3, 00000000, 6B49B1C8, 00000000,
0)
0654:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 001DA4D4, 219,
0x00008000, 00000000, 014DF230, 014DF234)
0654:trace:crypt:CryptDecodeObjectEx returning 1
0654:trace:crypt:CertFindRDNAttr "2.5.4.11" 001D7A40
0654:trace:crypt:CertRDNValueToStrW (4, 001D7B1C, 00000000, 0)
0654:trace:crypt:CertRDNValueToStrW returning 54 ((null))
0654:trace:crypt:CertGetNameStringW (0017A154, 3, 00000000, 6B49B1C8, 00178880,
54)
0654:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 001DA4D4, 219,
0x00008000, 00000000, 014DF230, 014DF234)
0654:trace:crypt:CryptDecodeObjectEx returning 1
0654:trace:crypt:CertFindRDNAttr "2.5.4.11" 001D7A40
0654:trace:crypt:CertRDNValueToStrW (4, 001D7B1C, 00178880, 54)
0654:trace:crypt:CertRDNValueToStrW returning 54 (L"Digital ID Class 3 -
Microsoft Software Validation v2")
0654:trace:crypt:CertGetNameStringA (0017A154, 3, 00000000, 6B49B1BC, 014DF3B8,
260)
0654:trace:crypt:CertGetNameStringW (0017A154, 3, 00000000, 6B49B1BC, 00000000,
0)
0654:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 001DA4D4, 219,
0x00008000, 00000000, 014DF230, 014DF234)
0654:trace:crypt:CryptDecodeObjectEx returning 1
0654:trace:crypt:CertFindRDNAttr "2.5.4.10" 001D7A40
0654:trace:crypt:CertRDNValueToStrW (5, 001D7AEC, 00000000, 0)
0654:trace:crypt:CertRDNValueToStrW returning 21 ((null))
0654:trace:crypt:CertGetNameStringW (0017A154, 3, 00000000, 6B49B1BC, 00169498,
21)
0654:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 001DA4D4, 219,
0x00008000, 00000000, 014DF230, 014DF234)
0654:trace:crypt:CryptDecodeObjectEx returning 1
0654:trace:crypt:CertFindRDNAttr "2.5.4.10" 001D7A40
0654:trace:crypt:CertRDNValueToStrW (5, 001D7AEC, 00169498, 21)
0654:trace:crypt:CertRDNValueToStrW returning 21 (L"Symantec Corporation")
0654:trace:crypt:CertGetNameStringA (0017A154, 3, 00000000, 6B49B1B4, 014DF6D0,
260)
0654:trace:crypt:CertGetNameStringW (0017A154, 3, 00000000, 6B49B1B4, 00000000,
0)
0654:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 001DA4D4, 219,
0x00008000, 00000000, 014DF230, 014DF234)
0654:trace:crypt:CryptDecodeObjectEx returning 1
0654:trace:crypt:CertFindRDNAttr "2.5.4.7" 001D7A40
0654:trace:crypt:CertRDNValueToStrW (4, 001D7AC8, 00000000, 0)
0654:trace:crypt:CertRDNValueToStrW returning 13 ((null))
0654:trace:crypt:CertGetNameStringW (0017A154, 3, 00000000, 6B49B1B4, 0017AAC8,
13)
0654:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 001DA4D4, 219,
0x00008000, 00000000, 014DF230, 014DF234)
0654:trace:crypt:CryptDecodeObjectEx returning 1
0654:trace:crypt:CertFindRDNAttr "2.5.4.7" 001D7A40
0654:trace:crypt:CertRDNValueToStrW (4, 001D7AC8, 0017AAC8, 13)
0654:trace:crypt:CertRDNValueToStrW returning 13 (L"Santa Monica")
0654:trace:crypt:CertGetNameStringA (0017A154, 3, 00000000, 6B49B1AC, 014DF5C8,
260)
0654:trace:crypt:CertGetNameStringW (0017A154, 3, 00000000, 6B49B1AC, 00000000,
0)
0654:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 001DA4D4, 219,
0x00008000, 00000000, 014DF230, 014DF234)
0654:trace:crypt:CryptDecodeObjectEx returning 1
0654:trace:crypt:CertFindRDNAttr "2.5.4.8" 001D7A40
0654:trace:crypt:CertRDNValueToStrW (4, 001D7AA4, 00000000, 0)
0654:trace:crypt:CertRDNValueToStrW returning 11 ((null))
0654:trace:crypt:CertGetNameStringW (0017A154, 3, 00000000, 6B49B1AC, 0017E558,
11)
0654:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 001DA4D4, 219,
0x00008000, 00000000, 014DF230, 014DF234)
0654:trace:crypt:CryptDecodeObjectEx returning 1
0654:trace:crypt:CertFindRDNAttr "2.5.4.8" 001D7A40
0654:trace:crypt:CertRDNValueToStrW (4, 001D7AA4, 0017E558, 11)
0654:trace:crypt:CertRDNValueToStrW returning 11 (L"California")
0654:trace:crypt:CertGetNameStringA (0017A154, 3, 00000000, 6B49B158, 014DF7D8,
260)
0654:trace:crypt:CertGetNameStringW (0017A154, 3, 00000000, 6B49B158, 00000000,
0)
0654:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 001DA4D4, 219,
0x00008000, 00000000, 014DF230, 014DF234)
0654:trace:crypt:CryptDecodeObjectEx returning 1
0654:trace:crypt:CertFindRDNAttr "2.5.4.6" 001D7A40
0654:trace:crypt:CertRDNValueToStrW (4, 001D7A88, 00000000, 0)
0654:trace:crypt:CertRDNValueToStrW returning 3 ((null))
0654:trace:crypt:CertGetNameStringW (0017A154, 3, 00000000, 6B49B158, 0017E558,
3)
0654:trace:crypt:CryptDecodeObjectEx (0x00000001, #0007, 001DA4D4, 219,
0x00008000, 00000000, 014DF230, 014DF234)
0654:trace:crypt:CryptDecodeObjectEx returning 1
0654:trace:crypt:CertFindRDNAttr "2.5.4.6" 001D7A40
0654:trace:crypt:CertRDNValueToStrW (4, 001D7A88, 0017E558, 3)
0654:trace:crypt:CertRDNValueToStrW returning 3 (L"US")
0654:trace:crypt:CertFreeCertificateContext (0017A154)
--- snip ---
I've extracted the embedded CERT which is present in all .dll and .exe files:
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIQS9pDjmknyUakmt0+asna0jANBgkqhkiG9w0BAQUFADCB
tDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNDEuMCwGA1UEAxMl
VmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAwNCBDQTAeFw0wNDExMDkw
MDAwMDBaFw0wNTExMjEyMzU5NTlaMIHYMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
Q2FsaWZvcm5pYTEVMBMGA1UEBxMMU2FudGEgTW9uaWNhMR0wGwYDVQQKFBRTeW1h
bnRlYyBDb3Jwb3JhdGlvbjE+MDwGA1UECxM1RGlnaXRhbCBJRCBDbGFzcyAzIC0g
TWljcm9zb2Z0IFNvZnR3YXJlIFZhbGlkYXRpb24gdjIxHzAdBgNVBAsUFlN5bWFu
dGVjIFJlc2VhcmNoIExhYnMxHTAbBgNVBAMUFFN5bWFudGVjIENvcnBvcmF0aW9u
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWbIVYBlQXQQH3mQdDYZeZ5Lef
iVfRvfCveblkX++7njStdqpR/hM4jfT5HrVeT7pNMaOVGEXRnw2AHHzZm3R6Cj30
J8ZFwxxPPtxAYZyoy+/K6rblyzhZ0Eoyouyo+izDXr1TLUlms9ys8Z92i2D5KYjq
0vPAmXj8qF42x8NzpQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAOBgNVHQ8BAf8E
BAMCB4AwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL0NTQzMtMjAwNC1jcmwudmVy
aXNpZ24uY29tL0NTQzMtMjAwNC5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcX
AzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMBMG
A1UdJQQMMAoGCCsGAQUFBwMDMHYGCCsGAQUFBwEBBGowaDAlBggrBgEFBQcwAYYZ
aHR0cHM6Ly9vY3NwLnZlcmlzaWduLmNvbTA/BggrBgEFBQcwAoYzaHR0cDovL0NT
QzMtMjAwNC1haWEudmVyaXNpZ24uY29tL0NTQzMtMjAwNC1haWEuY2VyMB8GA1Ud
IwQYMBaAFAj1Uej7/j09ZDZ8aM9beKjfucU3MBEGCWCGSAGG+EIBAQQEAwIEEDAW
BgorBgEEAYI3AgEbBAgwBgEBAAEB/zANBgkqhkiG9w0BAQUFAAOCAQEAWkodMOE+
xlhK6/rlmAh/uvlAVGZuAjCMH6LrXNAHuiBbVfuwDhMexkgZDPQOoJjL6h7W5Lwo
bD9/yLThjRXYks4v6F19P4kn0BoEsFWLFKwmXXINnjJfrRHUwFBAiV1LlKrkUvTy
52t211TmtqKO8/pHALo9/LM3yCoGFvsKO2dR/z1rPKST7rhSYbQWFCUsvMYhKFXW
bY4k4CTIDsXBlBmKwAKTdmbxzSrNIXWvfkAYoFh0J0MFdCstgYVd91/9FgWuEmW1
AMnnutGbNgGN2G8sKiWNA+JqtXnyNzZiOuehMrao7uDuzxYY9LltJnvpy3SOk5qh
yP6GTHkewsBXUg==
-----END CERTIFICATE-----
Decoded:
--- snip ---
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of
use at https://www.verisign.com/rpa (c)04, CN=VeriSign Class 3 Code Signing
2004 CA
Validity
Not Before: Nov 9 00:00:00 2004 GMT
Not After : Nov 21 23:59:59 2005 GMT
Subject: C=US, ST=California, L=Santa Monica, O=Symantec Corporation,
OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Symantec Research
Labs, CN=Symantec Corporation
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Modulus:
00:d6:6c:85:58:06:54:17:41:01:f7:99:07:43:61:
97:99:e4:b7:9f:89:57:d1:bd:f0:af:79:b9:64:5f:
ef:bb:9e:34:ad:76:aa:51:fe:13:38:8d:f4:f9:1e:
b5:5e:4f:ba:4d:31:a3:95:18:45:d1:9f:0d:80:1c:
7c:d9:9b:74:7a:0a:3d:f4:27:c6:45:c3:1c:4f:3e:
dc:40:61:9c:a8:cb:ef:ca:ea:b6:e5:cb:38:59:d0:
4a:32:a2:ec:a8:fa:2c:c3:5e:bd:53:2d:49:66:b3:
dc:ac:f1:9f:76:8b:60:f9:29:88:ea:d2:f3:c0:99:
78:fc:a8:5e:36:c7:c3:73:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:http://CSC3-2004-crl.verisign.com/CSC3-2004.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.23.3
CPS: https://www.verisign.com/rpa
X509v3 Extended Key Usage:
Code Signing
Authority Information Access:
OCSP - URI:https://ocsp.verisign.com
CA Issuers -
URI:http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer
X509v3 Authority Key Identifier:
keyid:08:F5:51:E8:FB:FE:3D:3D:64:36:7C:68:CF:5B:78:A8:DF:B9:C5:37
Netscape Cert Type:
Object Signing
1.3.6.1.4.1.311.2.1.27:
0.......
Signature Algorithm: sha1WithRSAEncryption
5a:4a:1d:30:e1:3e:c6:58:4a:eb:fa:e5:98:08:7f:ba:f9:40:
54:66:6e:02:30:8c:1f:a2:eb:5c:d0:07:ba:20:5b:55:fb:b0:
0e:13:1e:c6:48:19:0c:f4:0e:a0:98:cb:ea:1e:d6:e4:bc:28:
6c:3f:7f:c8:b4:e1:8d:15:d8:92:ce:2f:e8:5d:7d:3f:89:27:
d0:1a:04:b0:55:8b:14:ac:26:5d:72:0d:9e:32:5f:ad:11:d4:
c0:50:40:89:5d:4b:94:aa:e4:52:f4:f2:e7:6b:76:d7:54:e6:
b6:a2:8e:f3:fa:47:00:ba:3d:fc:b3:37:c8:2a:06:16:fb:0a:
3b:67:51:ff:3d:6b:3c:a4:93:ee:b8:52:61:b4:16:14:25:2c:
bc:c6:21:28:55:d6:6d:8e:24:e0:24:c8:0e:c5:c1:94:19:8a:
c0:02:93:76:66:f1:cd:2a:cd:21:75:af:7e:40:18:a0:58:74:
27:43:05:74:2b:2d:81:85:5d:f7:5f:fd:16:05:ae:12:65:b5:
00:c9:e7:ba:d1:9b:36:01:8d:d8:6f:2c:2a:25:8d:03:e2:6a:
b5:79:f2:37:36:62:3a:e7:a1:32:b6:a8:ee:e0:ee:cf:16:18:
f4:b9:6d:26:7b:e9:cb:74:8e:93:9a:a1:c8:fe:86:4c:79:1e:
c2:c0:57:52
(Decoded using the following version of OpenSSL: OpenSSL 1.1.1b 26 Feb 2019)
--- snip ---
Certificate ASN.1 Information
--- snip ---
0 1302: SEQUENCE {
4 1022: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 16: INTEGER 4B DA 43 8E 69 27 C9 46 A4 9A DD 3E 6A C9 DA D2
31 13: SEQUENCE {
33 9: OBJECT IDENTIFIER sha1WithRSAEncryption (1 2 840 113549 1 1 5)
44 0: NULL
: }
46 180: SEQUENCE {
49 11: SET {
51 9: SEQUENCE {
53 3: OBJECT IDENTIFIER countryName (2 5 4 6)
58 2: PrintableString 'US'
: }
: }
62 23: SET {
64 21: SEQUENCE {
66 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
71 14: PrintableString 'VeriSign, Inc.'
: }
: }
87 31: SET {
89 29: SEQUENCE {
91 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 11)
96 22: PrintableString 'VeriSign Trust Network'
: }
: }
120 59: SET {
122 57: SEQUENCE {
124 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 11)
129 50: PrintableString
: 'Terms of use at https://www.verisign.com/rpa (c)'
: '04'
: }
: }
181 46: SET {
183 44: SEQUENCE {
185 3: OBJECT IDENTIFIER commonName (2 5 4 3)
190 37: PrintableString 'VeriSign Class 3 Code Signing 2004 CA'
: }
: }
: }
229 30: SEQUENCE {
231 13: UTCTime 09/11/2004 00:00:00 GMT
246 13: UTCTime 21/11/2005 23:59:59 GMT
: }
261 216: SEQUENCE {
264 11: SET {
266 9: SEQUENCE {
268 3: OBJECT IDENTIFIER countryName (2 5 4 6)
273 2: PrintableString 'US'
: }
: }
277 19: SET {
279 17: SEQUENCE {
281 3: OBJECT IDENTIFIER stateOrProvinceName (2 5 4 8)
286 10: PrintableString 'California'
: }
: }
298 21: SET {
300 19: SEQUENCE {
302 3: OBJECT IDENTIFIER localityName (2 5 4 7)
307 12: PrintableString 'Santa Monica'
: }
: }
321 29: SET {
323 27: SEQUENCE {
325 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
330 20: TeletexString 'Symantec Corporation'
: }
: }
352 62: SET {
354 60: SEQUENCE {
356 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 11)
361 53: PrintableString
: 'Digital ID Class 3 - Microsoft Software Validati'
: 'on v2'
: }
: }
416 31: SET {
418 29: SEQUENCE {
420 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 11)
425 22: TeletexString 'Symantec Research Labs'
: }
: }
449 29: SET {
451 27: SEQUENCE {
453 3: OBJECT IDENTIFIER commonName (2 5 4 3)
458 20: TeletexString 'Symantec Corporation'
: }
: }
: }
480 159: SEQUENCE {
483 13: SEQUENCE {
485 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
496 0: NULL
: }
498 141: BIT STRING
: 30 81 89 02 81 81 00 D6 6C 85 58 06 54 17 41 01
: F7 99 07 43 61 97 99 E4 B7 9F 89 57 D1 BD F0 AF
: 79 B9 64 5F EF BB 9E 34 AD 76 AA 51 FE 13 38 8D
: F4 F9 1E B5 5E 4F BA 4D 31 A3 95 18 45 D1 9F 0D
: 80 1C 7C D9 9B 74 7A 0A 3D F4 27 C6 45 C3 1C 4F
: 3E DC 40 61 9C A8 CB EF CA EA B6 E5 CB 38 59 D0
: 4A 32 A2 EC A8 FA 2C C3 5E BD 53 2D 49 66 B3 DC
: AC F1 9F 76 8B 60 F9 29 88 EA D2 F3 C0 99 78 FC
: A8 5E 36 C7 C3 73 A5 02 03 01 00 01
: }
642 384: [3] {
646 380: SEQUENCE {
650 9: SEQUENCE {
652 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
657 2: OCTET STRING 30 00
: }
661 14: SEQUENCE {
663 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
668 1: BOOLEAN TRUE
671 4: OCTET STRING 03 02 07 80
: }
677 64: SEQUENCE {
679 3: OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
684 57: OCTET STRING
: 30 37 30 35 A0 33 A0 31 86 2F 68 74 74 70 3A 2F
: 2F 43 53 43 33 2D 32 30 30 34 2D 63 72 6C 2E 76
: 65 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 53 43 33
: 2D 32 30 30 34 2E 63 72 6C
: }
743 68: SEQUENCE {
745 3: OBJECT IDENTIFIER certificatePolicies (2 5 29 32)
750 61: OCTET STRING
: 30 3B 30 39 06 0B 60 86 48 01 86 F8 45 01 07 17
: 03 30 2A 30 28 06 08 2B 06 01 05 05 07 02 01 16
: 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 72
: 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61
: }
813 19: SEQUENCE {
815 3: OBJECT IDENTIFIER extKeyUsage (2 5 29 37)
820 12: OCTET STRING 30 0A 06 08 2B 06 01 05 05 07 03 03
: }
834 118: SEQUENCE {
836 8: OBJECT IDENTIFIER authorityInfoAccess (1 3 6 1 5 5 7 1 1)
846 106: OCTET STRING
: 30 68 30 25 06 08 2B 06 01 05 05 07 30 01 86 19
: 68 74 74 70 73 3A 2F 2F 6F 63 73 70 2E 76 65 72
: 69 73 69 67 6E 2E 63 6F 6D 30 3F 06 08 2B 06 01
: 05 05 07 30 02 86 33 68 74 74 70 3A 2F 2F 43 53
: 43 33 2D 32 30 30 34 2D 61 69 61 2E 76 65 72 69
: 73 69 67 6E 2E 63 6F 6D 2F 43 53 43 33 2D 32 30
: 30 34 2D 61 69 61 2E 63 65 72
: }
954 31: SEQUENCE {
956 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
961 24: OCTET STRING
: 30 16 80 14 08 F5 51 E8 FB FE 3D 3D 64 36 7C 68
: CF 5B 78 A8 DF B9 C5 37
: }
987 17: SEQUENCE {
989 9: OBJECT IDENTIFIER
: netscape-cert-type (2 16 840 1 113730 1 1)
1000 4: OCTET STRING 03 02 04 10
: }
1006 22: SEQUENCE {
1008 10: OBJECT IDENTIFIER
: spcFinancialCriteriaInfo (1 3 6 1 4 1 311 2 1 27)
1020 8: OCTET STRING 30 06 01 01 00 01 01 FF
: }
: }
: }
: }
1030 13: SEQUENCE {
1032 9: OBJECT IDENTIFIER sha1WithRSAEncryption (1 2 840 113549 1 1 5)
1043 0: NULL
: }
1045 257: BIT STRING
: 5A 4A 1D 30 E1 3E C6 58 4A EB FA E5 98 08 7F BA
: F9 40 54 66 6E 02 30 8C 1F A2 EB 5C D0 07 BA 20
: 5B 55 FB B0 0E 13 1E C6 48 19 0C F4 0E A0 98 CB
: EA 1E D6 E4 BC 28 6C 3F 7F C8 B4 E1 8D 15 D8 92
: CE 2F E8 5D 7D 3F 89 27 D0 1A 04 B0 55 8B 14 AC
: 26 5D 72 0D 9E 32 5F AD 11 D4 C0 50 40 89 5D 4B
: 94 AA E4 52 F4 F2 E7 6B 76 D7 54 E6 B6 A2 8E F3
: FA 47 00 BA 3D FC B3 37 C8 2A 06 16 FB 0A 3B 67
: [ Another 128 bytes skipped ]
: }
--- snip ---
The installer custom action dll retrieves various subjects from the embedded
certificate using 'CertGetNameString' and compares them against hard-coded
values. The hard-coded values get decrypted to cleartext at runtime.
The certificate contains multiple values for OID 2.5.4.11 -> organizational
unit name (OU):
* 'Digital ID Class 3 - Microsoft Software Validation v2'
* 'Symantec Research Labs'
The installer compares the string 'Digital ID Class 3 - Microsoft Software
Validation v2' returned by Wine crypt32 against two hard-coded values:
* 'Symantec Research Labs'
* 'Configuration Management' (backup?)
None of these match because Wine always returns the first RDN attribute.
This lets the custom action and subsequently the installer fail.
Wine source:
https://source.winehq.org/git/wine.git/blob/be4592824208f82e9cd9c096a879b1d3c58fb122:/dlls/crypt32/str.c#l1195
--- snip ---
1195 static DWORD cert_get_name_from_rdn_attr(DWORD encodingType,
1196 const CERT_NAME_BLOB *name, LPCSTR oid, LPWSTR pszNameString, DWORD
cchNameString)
1197 {
1198 CERT_NAME_INFO *nameInfo;
1199 DWORD bytes = 0, ret = 0;
1200
1201 if (CryptDecodeObjectEx(encodingType, X509_NAME, name->pbData,
1202 name->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &nameInfo, &bytes))
1203 {
1204 PCERT_RDN_ATTR nameAttr;
1205
1206 if (!oid)
1207 oid = szOID_RSA_emailAddr;
1208 nameAttr = CertFindRDNAttr(oid, nameInfo);
1209 if (nameAttr)
1210 ret = CertRDNValueToStrW(nameAttr->dwValueType,
&nameAttr->Value,
1211 pszNameString, cchNameString);
1212 LocalFree(nameInfo);
1213 }
1214 return ret;
1215 }
1216
1217 DWORD WINAPI CertGetNameStringW(PCCERT_CONTEXT pCertContext, DWORD dwType,
1218 DWORD dwFlags, void *pvTypePara, LPWSTR pszNameString, DWORD
cchNameString)
1219 {
1220 DWORD ret = 0;
1221 PCERT_NAME_BLOB name;
1222 LPCSTR altNameOID;
1223
1224 TRACE("(%p, %d, %08x, %p, %p, %d)\n", pCertContext, dwType,
1225 dwFlags, pvTypePara, pszNameString, cchNameString);
1226
1227 if (!pCertContext)
1228 goto done;
1229
1230 if (dwFlags & CERT_NAME_ISSUER_FLAG)
1231 {
1232 name = &pCertContext->pCertInfo->Issuer;
1233 altNameOID = szOID_ISSUER_ALT_NAME;
1234 }
1235 else
1236 {
1237 name = &pCertContext->pCertInfo->Subject;
1238 altNameOID = szOID_SUBJECT_ALT_NAME;
1239 }
1240
1241 switch (dwType)
1242 {
...
1289 case CERT_NAME_ATTR_TYPE:
1290 ret =
cert_get_name_from_rdn_attr(pCertContext->dwCertEncodingType,
1291 name, pvTypePara, pszNameString, cchNameString);
1292 if (!ret)
1293 {
1294 CERT_ALT_NAME_INFO *altInfo;
1295 PCERT_ALT_NAME_ENTRY entry =
cert_find_alt_name_entry(pCertContext,
1296 altNameOID, CERT_ALT_NAME_DIRECTORY_NAME, &altInfo);
1297
1298 if (entry)
1299 ret = cert_name_to_str_with_indent(X509_ASN_ENCODING, 0,
1300 &entry->u.DirectoryName, 0, pszNameString,
cchNameString);
1301 if (altInfo)
1302 LocalFree(altInfo);
1303 }
1304 break;
...
--- snip ---
I've implemented a reverse CertFindRDNAttr() and made the helper use it. It
helped the installer to successfully validate the CERT and finish to whole
installation process.
The case of multiple OU values in certs doesn't seem to be that rare.
https://stackoverflow.com/questions/9496239/extracting-all-values-of-a-subject-attribute-in-a-certificate
--- quote ---
However some certificates I've found have multiple values for the
organizational unit name (OU) and CertGetNameString can only read the first.
For instance this is the subject of an Adobe certificate:
CN = Adobe Systems, Incorporated
OU = Acrobat Engineering
OU = Digital ID Class 3 - Microsoft Software Validation v2
O = Adobe Systems, Incorporated
L = San Jose
S = California
C = US
How can I read all values for the OU (and other) attribute(s) using CryptoAPI?
--- quote ---
He doesn't talk about the order here, i.e. which "first" is returned. The
first-first or the first-last ;-)
I'm sure there are a couple of other apps suffering from the same issue.
$ wine --version
wine-6.0-rc1-39-g76c9dbd4fb9
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list