appwiz.cpl: Use sha256 checksums to validate Mono/Gecko downloads.

Wed Mar 8 14:49:07 CST 2017

Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
---

This patch also replaces the memory mapping logic with ReadFile.
Depends on https://source.winehq.org/patches/data/131146.

 dlls/appwiz.cpl/Makefile.in |    2 -
 dlls/appwiz.cpl/addons.c    |   85 +++++++++++++++++++-------------------------
 2 files changed, 39 insertions(+), 48 deletions(-)

diff --git a/dlls/appwiz.cpl/Makefile.in b/dlls/appwiz.cpl/Makefile.in
index a8341fa689f..97bc150a01d 100644
--- a/dlls/appwiz.cpl/Makefile.in
+++ b/dlls/appwiz.cpl/Makefile.in
@@ -1,5 +1,5 @@
 MODULE    = appwiz.cpl
-IMPORTS   = uuid urlmon advpack comctl32 advapi32 shell32 ole32 user32 comdlg32
+IMPORTS   = uuid urlmon advpack comctl32 advapi32 shell32 ole32 user32 comdlg32 bcrypt
 DELAYIMPORTS = msi
 
 C_SRCS = \
diff --git a/dlls/appwiz.cpl/addons.c b/dlls/appwiz.cpl/addons.c
index c3847b54948..9937ebf6ce3 100644
--- a/dlls/appwiz.cpl/addons.c
+++ b/dlls/appwiz.cpl/addons.c
@@ -42,6 +42,7 @@
 #include "shellapi.h"
 #include "urlmon.h"
 #include "msi.h"
+#include "bcrypt.h"
 
 #include "appwiz.h"
 #include "res.h"
@@ -55,17 +56,17 @@ WINE_DEFAULT_DEBUG_CHANNEL(appwizcpl);
 
 #ifdef __i386__
 #define ARCH_STRING "x86"
-#define GECKO_SHA "f9a937e9a46d47fda701d257e60601f22e7a4510"
+#define GECKO_SHA "3b8a361f5d63952d21caafd74e849a774994822fb96c5922b01d554f1677643a"
 #elif defined(__x86_64__)
 #define ARCH_STRING "x86_64"
-#define GECKO_SHA "8efa810b1ac83d59e0171d4347d21730560926da"
+#define GECKO_SHA "c565ea25e50ea953937d4ab01299e4306da4a556946327d253ea9b28357e4a7d"
 #else
 #define ARCH_STRING ""
 #define GECKO_SHA "???"
 #endif
 
 #define MONO_VERSION "4.7.0"
-#define MONO_SHA "ff05e1d2a93c3a07672cefc7a8f3a087d75828ac"
+#define MONO_SHA "7698474dd9cb9eb80796b5812dff37386ba97b78b21ca23b20079ca5ad6ca5a1"
 
 typedef struct {
     const char *version;
@@ -110,62 +111,52 @@ static WCHAR *msi_file;
 static WCHAR * (CDECL *p_wine_get_dos_file_name)(const char*);
 static const WCHAR kernel32_dllW[] = {'k','e','r','n','e','l','3','2','.','d','l','l',0};
 
-
-/* SHA definitions are copied from advapi32. They aren't available in headers. */
-
-typedef struct {
-   ULONG Unknown[6];
-   ULONG State[5];
-   ULONG Count[2];
-   UCHAR Buffer[64];
-} SHA_CTX, *PSHA_CTX;
-
-void WINAPI A_SHAInit(PSHA_CTX);
-void WINAPI A_SHAUpdate(PSHA_CTX,const unsigned char*,UINT);
-void WINAPI A_SHAFinal(PSHA_CTX,PULONG);
-
 static BOOL sha_check(const WCHAR *file_name)
 {
-    const unsigned char *file_map;
-    HANDLE file, map;
-    ULONG sha[5];
-    char buf[2*sizeof(sha)+1];
-    SHA_CTX ctx;
-    DWORD size, i;
-
-    file = CreateFileW(file_name, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, NULL);
-    if(file == INVALID_HANDLE_VALUE) {
+    BCRYPT_HASH_HANDLE hash = NULL;
+    BCRYPT_ALG_HANDLE alg = NULL;
+    UCHAR sha256[32];
+    char buf[1024];
+    HANDLE file;
+    DWORD read;
+    BOOL ret = FALSE;
+    int i;
+
+    file = CreateFileW(file_name, GENERIC_READ, FILE_SHARE_READ, NULL,
+                       OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, NULL);
+    if (file == INVALID_HANDLE_VALUE)
+    {
         WARN("Could not open file: %u\n", GetLastError());
         return FALSE;
     }
 
-    size = GetFileSize(file, NULL);
-
-    map = CreateFileMappingW(file, NULL, PAGE_READONLY, 0, 0, NULL);
-    CloseHandle(file);
-    if(!map)
-        return FALSE;
-
-    file_map = MapViewOfFile(map, FILE_MAP_READ, 0, 0, 0);
-    CloseHandle(map);
-    if(!file_map)
-        return FALSE;
+    if (BCryptOpenAlgorithmProvider(&alg, BCRYPT_SHA256_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0))
+        goto end;
+    if (BCryptCreateHash(alg, &hash, NULL, 0, NULL, 0, 0))
+        goto end;
 
-    A_SHAInit(&ctx);
-    A_SHAUpdate(&ctx, file_map, size);
-    A_SHAFinal(&ctx, sha);
+    do
+    {
+        if (!ReadFile(file, buf, sizeof(buf), &read, NULL)) goto end;
+        if (read && BCryptHashData(hash, (UCHAR *)buf, read, 0)) goto end;
+    }
+    while (read);
 
-    UnmapViewOfFile(file_map);
+    if (BCryptFinishHash(hash, sha256, sizeof(sha256), 0))
+        goto end;
 
-    for(i=0; i < sizeof(sha); i++)
-        sprintf(buf + i*2, "%02x", *((unsigned char*)sha+i));
+    for (i = 0; i < sizeof(sha256); i++)
+        sprintf(buf + i * 2, "%02x", sha256[i]);
 
-    if(strcmp(buf, addon->sha)) {
+    ret = !strcmp(buf, addon->sha);
+    if (!ret)
         WARN("Got %s, expected %s\n", buf, addon->sha);
-        return FALSE;
-    }
 
-    return TRUE;
+end:
+    if (hash) BCryptDestroyHash(hash);
+    if (alg) BCryptCloseAlgorithmProvider(alg, 0);
+    CloseHandle(file);
+    return ret;
 }
 
 static void set_status(DWORD id)
-- 
2.11.0

