[Bug 50024] New: signtool.exe from Windows 7 SDK fails to find certificates
WineHQ Bugzilla
wine-bugs at winehq.org
Sat Oct 17 19:57:11 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=50024
Bug ID: 50024
Summary: signtool.exe from Windows 7 SDK fails to find
certificates
Product: Wine
Version: 5.19
Hardware: x86-64
OS: Linux
Status: NEW
Keywords: regression
Severity: normal
Priority: P2
Component: crypt32
Assignee: wine-bugs at winehq.org
Reporter: z.figura12 at gmail.com
CC: dmitry at baikal.ru
Regression SHA1: fd1be205ba7dc9691427aab4c35278e88eff081c
Distribution: ---
Note that signtool.exe needs mfc42.
zeb at terabithia$ wine makecert.exe -r -pe -ss winetest_store -n CN=kumquat2
kumquat2.cer
0024:fixme:heap:RtlSetHeapInformation 00110000 1 00000000 0 stub
0024:fixme:mssign:PvkGetCryptProv 00000000 L"Subject Key" (null) 1 (null)
L"89b748c7-e828-4eab-9d74-99785e1867e3" 01009658 0031FE10 0031FCDC stub
0024:fixme:mssign:PvkFreeCryptProv 00179e68 (null) 1 (null) stub
Succeeded
zeb at terabithia$ wine signtool.exe sign /v /s winetest_store /n kumquat2
winetest.sys
0024:fixme:heap:RtlSetHeapInformation 00000000 1 00000000 0 stub
0024:fixme:crypt:CRYPT_RegControl CERT_STORE_CTRL_AUTO_RESYNC: stub
0024:fixme:crypt:CRYPT_RegControl CERT_STORE_CTRL_AUTO_RESYNC: stub
SignTool Error: No certificates were found that met all the given criteria.
>From some blithe debugging, I notice that what actually happens is a crash in
CRYPT_FixKeyProvInfoPointers(), masked by the try block in
CRYPT_ReadSerializedElement(). [Is it just me, or is that try block a bad
idea?] It seems that the format stored in the registry not only doesn't match
store_CRYPT_KEY_PROV_INFO—all of the pointer size fields are 32-bit—but also
uses pointers instead of offsets. From looking at the code, it doesn't seem
that we convert *back* to store_CRYPT_KEY_PROV_INFO when storing into the
registry.
I.e. the program that reports the error is signtool, but makecert appears to be
at fault.
Reverting fd1be205ba7dc9691427aab4c35278e88eff081c allows it to work, at least
the 32-bit version [though it subsequently breaks on missing mssign32
functions].
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list