Juan Lang : crypt32: Defer checking signatures until chain is
complete.
Alexandre Julliard
julliard at wine.codeweavers.com
Mon Sep 10 10:18:01 CDT 2007
Module: wine
Branch: master
Commit: a040dd22e75f8ca86961a0a0afbc0caa97c9f109
URL: http://source.winehq.org/git/wine.git/?a=commit;h=a040dd22e75f8ca86961a0a0afbc0caa97c9f109
Author: Juan Lang <juan.lang at gmail.com>
Date: Thu Sep 6 10:02:11 2007 -0700
crypt32: Defer checking signatures until chain is complete.
---
dlls/crypt32/chain.c | 23 +++++++++++------------
1 files changed, 11 insertions(+), 12 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 4cf74a6..98b69b9 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -252,16 +252,6 @@ static inline BOOL CRYPT_IsSimpleChainCyclic(PCERT_SIMPLE_CHAIN chain)
return FALSE;
}
-/* Gets cert's issuer from store, and returns the validity flags associated
- * with it. Returns NULL if no issuer signature could be found.
- */
-static PCCERT_CONTEXT CRYPT_GetIssuerFromStore(HCERTSTORE store,
- PCCERT_CONTEXT cert, PDWORD pdwFlags)
-{
- *pdwFlags = CERT_STORE_SIGNATURE_FLAG;
- return CertGetIssuerCertificateFromStore(store, cert, NULL, pdwFlags);
-}
-
static inline void CRYPT_CombineTrustStatus(CERT_TRUST_STATUS *chainStatus,
CERT_TRUST_STATUS *elementStatus)
{
@@ -482,6 +472,14 @@ static void CRYPT_CheckSimpleChain(PCertificateChainEngine engine,
CERT_TRUST_IS_NOT_TIME_VALID;
if (i != 0)
{
+ /* Check the signature of the cert this issued */
+ if (!CryptVerifyCertificateSignatureEx(0, X509_ASN_ENCODING,
+ CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,
+ (void *)chain->rgpElement[i - 1]->pCertContext,
+ CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT,
+ (void *)chain->rgpElement[i]->pCertContext, 0, NULL))
+ chain->rgpElement[i - 1]->TrustStatus.dwErrorStatus |=
+ CERT_TRUST_IS_NOT_SIGNATURE_VALID;
/* Once a path length constraint has been violated, every remaining
* CA cert's basic constraints is considered invalid.
*/
@@ -525,8 +523,9 @@ static BOOL CRYPT_BuildSimpleChain(PCertificateChainEngine engine,
while (ret && !CRYPT_IsSimpleChainCyclic(chain) &&
!CRYPT_IsCertificateSelfSigned(cert))
{
- DWORD flags;
- PCCERT_CONTEXT issuer = CRYPT_GetIssuerFromStore(world, cert, &flags);
+ DWORD flags = 0;
+ PCCERT_CONTEXT issuer =
+ CertGetIssuerCertificateFromStore(world, cert, NULL, &flags);
if (issuer)
{
More information about the wine-cvs
mailing list