[Bug 50024] New: signtool.exe from Windows 7 SDK fails to find certificates

WineHQ Bugzilla wine-bugs at winehq.org
Sat Oct 17 19:57:11 CDT 2020 

https://bugs.winehq.org/show_bug.cgi?id=50024

            Bug ID: 50024
           Summary: signtool.exe from Windows 7 SDK fails to find
                    certificates
           Product: Wine
           Version: 5.19
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Keywords: regression
          Severity: normal
          Priority: P2
         Component: crypt32
          Assignee: wine-bugs at winehq.org
          Reporter: z.figura12 at gmail.com
                CC: dmitry at baikal.ru
   Regression SHA1: fd1be205ba7dc9691427aab4c35278e88eff081c
      Distribution: ---

Note that signtool.exe needs mfc42.

zeb at terabithia$ wine makecert.exe -r -pe -ss winetest_store -n CN=kumquat2
kumquat2.cer
0024:fixme:heap:RtlSetHeapInformation 00110000 1 00000000 0 stub
0024:fixme:mssign:PvkGetCryptProv 00000000 L"Subject Key" (null) 1 (null)
L"89b748c7-e828-4eab-9d74-99785e1867e3" 01009658 0031FE10 0031FCDC stub
0024:fixme:mssign:PvkFreeCryptProv 00179e68 (null) 1 (null) stub
Succeeded
zeb at terabithia$ wine signtool.exe sign /v /s winetest_store /n kumquat2
winetest.sys 
0024:fixme:heap:RtlSetHeapInformation 00000000 1 00000000 0 stub
0024:fixme:crypt:CRYPT_RegControl CERT_STORE_CTRL_AUTO_RESYNC: stub
0024:fixme:crypt:CRYPT_RegControl CERT_STORE_CTRL_AUTO_RESYNC: stub
SignTool Error: No certificates were found that met all the given criteria.


>From some blithe debugging, I notice that what actually happens is a crash in
CRYPT_FixKeyProvInfoPointers(), masked by the try block in
CRYPT_ReadSerializedElement(). [Is it just me, or is that try block a bad
idea?] It seems that the format stored in the registry not only doesn't match
store_CRYPT_KEY_PROV_INFO—all of the pointer size fields are 32-bit—but also
uses pointers instead of offsets. From looking at the code, it doesn't seem
that we convert *back* to store_CRYPT_KEY_PROV_INFO when storing into the
registry.

I.e. the program that reports the error is signtool, but makecert appears to be
at fault.

Reverting fd1be205ba7dc9691427aab4c35278e88eff081c allows it to work, at least
the 32-bit version [though it subsequently breaks on missing mssign32
functions].

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list