ReactOS  0.4.14-dev-49-gfb4591c
chain.c File Reference
#include <stdarg.h>
#include "windef.h"
#include "winbase.h"
#include "wincrypt.h"
#include "wininet.h"
#include "wine/debug.h"
#include "wine/unicode.h"
#include "crypt32_private.h"
Include dependency graph for chain.c:

Go to the source code of this file.

Classes

struct  _CertificateChainEngine
 
struct  _CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT
 
struct  _CertificateChain
 
struct  _CERT_CHAIN_PARA_NO_EXTRA_FIELDS
 

Macros

#define NONAMELESSUNION
 
#define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS
 
#define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS
 
#define DEFAULT_CYCLE_MODULUS   7
 
#define trace_usage_bit(bits, bit)   if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit)
 
#define trace_cert_type_bit(bits, bit)   if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit)
 
#define CHAIN_QUALITY_SIGNATURE_VALID   0x16
 
#define CHAIN_QUALITY_TIME_VALID   8
 
#define CHAIN_QUALITY_COMPLETE_CHAIN   4
 
#define CHAIN_QUALITY_BASIC_CONSTRAINTS   2
 
#define CHAIN_QUALITY_TRUSTED_ROOT   1
 
#define CHAIN_QUALITY_HIGHEST
 
#define IS_TRUST_ERROR_SET(TrustStatus, bits)   (TrustStatus)->dwErrorStatus & (bits)
 

Typedefs

typedef struct _CertificateChainEngine CertificateChainEngine
 
typedef struct _CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT
 
typedef struct _CertificateChain CertificateChain
 
typedef struct _CERT_CHAIN_PARA_NO_EXTRA_FIELDS CERT_CHAIN_PARA_NO_EXTRA_FIELDS
 
typedef BOOL(WINAPICertVerifyCertificateChainPolicyFunc) (LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
 

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (crypt)
 
 WINE_DECLARE_DEBUG_CHANNEL (chain)
 
static void CRYPT_AddStoresToCollection (HCERTSTORE collection, DWORD cStores, HCERTSTORE *stores)
 
static void CRYPT_CloseStores (DWORD cStores, HCERTSTORE *stores)
 
static PCCERT_CONTEXT CRYPT_FindCertInStore (HCERTSTORE store, PCCERT_CONTEXT cert)
 
static BOOL CRYPT_CheckRestrictedRoot (HCERTSTORE store)
 
HCERTCHAINENGINE CRYPT_CreateChainEngine (HCERTSTORE root, DWORD system_store, const CERT_CHAIN_ENGINE_CONFIG *config)
 
static CertificateChainEngineget_chain_engine (HCERTCHAINENGINE handle, BOOL allow_default)
 
static void free_chain_engine (CertificateChainEngine *engine)
 
BOOL WINAPI CertCreateCertificateChainEngine (PCERT_CHAIN_ENGINE_CONFIG pConfig, HCERTCHAINENGINE *phChainEngine)
 
void WINAPI CertFreeCertificateChainEngine (HCERTCHAINENGINE hChainEngine)
 
void default_chain_engine_free (void)
 
DWORD CRYPT_IsCertificateSelfSigned (const CERT_CONTEXT *cert)
 
static void CRYPT_FreeChainElement (PCERT_CHAIN_ELEMENT element)
 
static void CRYPT_CheckSimpleChainForCycles (PCERT_SIMPLE_CHAIN chain)
 
static BOOL CRYPT_IsSimpleChainCyclic (const CERT_SIMPLE_CHAIN *chain)
 
static void CRYPT_CombineTrustStatus (CERT_TRUST_STATUS *chainStatus, const CERT_TRUST_STATUS *elementStatus)
 
static BOOL CRYPT_AddCertToSimpleChain (const CertificateChainEngine *engine, PCERT_SIMPLE_CHAIN chain, PCCERT_CONTEXT cert, DWORD subjectInfoStatus)
 
static void CRYPT_FreeSimpleChain (PCERT_SIMPLE_CHAIN chain)
 
static void CRYPT_CheckTrustedStatus (HCERTSTORE hRoot, PCERT_CHAIN_ELEMENT rootElement)
 
static void CRYPT_CheckRootCert (HCERTSTORE hRoot, PCERT_CHAIN_ELEMENT rootElement)
 
static BOOL CRYPT_DecodeBasicConstraints (PCCERT_CONTEXT cert, CERT_BASIC_CONSTRAINTS2_INFO *constraints, BOOL defaultIfNotSpecified)
 
static BOOL CRYPT_CheckBasicConstraintsForCA (CertificateChainEngine *engine, PCCERT_CONTEXT cert, CERT_BASIC_CONSTRAINTS2_INFO *chainConstraints, DWORD remainingCAs, BOOL isRoot, BOOL *pathLengthConstraintViolated)
 
static BOOL domain_name_matches (LPCWSTR constraint, LPCWSTR name)
 
static BOOL url_matches (LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
 
static BOOL rfc822_name_matches (LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
 
static BOOL dns_name_matches (LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
 
static BOOL ip_address_matches (const CRYPT_DATA_BLOB *constraint, const CRYPT_DATA_BLOB *name, DWORD *trustErrorStatus)
 
static BOOL directory_name_matches (const CERT_NAME_BLOB *constraint, const CERT_NAME_BLOB *name)
 
static BOOL alt_name_matches (const CERT_ALT_NAME_ENTRY *name, const CERT_ALT_NAME_ENTRY *constraint, DWORD *trustErrorStatus, BOOL *present)
 
static BOOL alt_name_matches_excluded_name (const CERT_ALT_NAME_ENTRY *name, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
 
static BOOL alt_name_matches_permitted_name (const CERT_ALT_NAME_ENTRY *name, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus, BOOL *present)
 
static PCERT_EXTENSION get_subject_alt_name_ext (const CERT_INFO *cert)
 
static void compare_alt_name_with_constraints (const CERT_EXTENSION *altNameExt, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
 
static BOOL rfc822_attr_matches_excluded_name (const CERT_RDN_ATTR *attr, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
 
static BOOL rfc822_attr_matches_permitted_name (const CERT_RDN_ATTR *attr, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus, BOOL *present)
 
static void compare_subject_with_email_constraints (const CERT_NAME_BLOB *subjectName, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
 
static BOOL CRYPT_IsEmptyName (const CERT_NAME_BLOB *name)
 
static void compare_subject_with_constraints (const CERT_NAME_BLOB *subjectName, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
 
static void CRYPT_CheckNameConstraints (const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, const CERT_INFO *cert, DWORD *trustErrorStatus)
 
static CERT_NAME_CONSTRAINTS_INFOCRYPT_GetNameConstraints (CERT_INFO *cert)
 
static BOOL CRYPT_IsValidNameConstraint (const CERT_NAME_CONSTRAINTS_INFO *info)
 
static void CRYPT_CheckChainNameConstraints (PCERT_SIMPLE_CHAIN chain)
 
static CERT_POLICIES_INFOCRYPT_GetPolicies (PCCERT_CONTEXT cert)
 
static void CRYPT_CheckPolicies (const CERT_POLICIES_INFO *policies, CERT_INFO *cert, DWORD *errorStatus)
 
static void CRYPT_CheckChainPolicies (PCERT_SIMPLE_CHAIN chain)
 
static LPWSTR name_value_to_str (const CERT_NAME_BLOB *name)
 
static void dump_alt_name_entry (const CERT_ALT_NAME_ENTRY *entry)
 
static void dump_alt_name (LPCSTR type, const CERT_EXTENSION *ext)
 
static void dump_basic_constraints (const CERT_EXTENSION *ext)
 
static void dump_basic_constraints2 (const CERT_EXTENSION *ext)
 
static void dump_key_usage (const CERT_EXTENSION *ext)
 
static void dump_general_subtree (const CERT_GENERAL_SUBTREE *subtree)
 
static void dump_name_constraints (const CERT_EXTENSION *ext)
 
static void dump_cert_policies (const CERT_EXTENSION *ext)
 
static void dump_enhanced_key_usage (const CERT_EXTENSION *ext)
 
static void dump_netscape_cert_type (const CERT_EXTENSION *ext)
 
static void dump_extension (const CERT_EXTENSION *ext)
 
static LPCSTR filetime_to_str (const FILETIME *time)
 
static void dump_element (PCCERT_CONTEXT cert)
 
static BOOL CRYPT_KeyUsageValid (CertificateChainEngine *engine, PCCERT_CONTEXT cert, BOOL isRoot, BOOL isCA, DWORD index)
 
static BOOL CRYPT_CriticalExtensionsSupported (PCCERT_CONTEXT cert)
 
static BOOL CRYPT_IsCertVersionValid (PCCERT_CONTEXT cert)
 
static void CRYPT_CheckSimpleChain (CertificateChainEngine *engine, PCERT_SIMPLE_CHAIN chain, LPFILETIME time)
 
static PCCERT_CONTEXT CRYPT_FindIssuer (const CertificateChainEngine *engine, const CERT_CONTEXT *cert, HCERTSTORE store, DWORD type, void *para, DWORD flags, PCCERT_CONTEXT prev_issuer)
 
static PCCERT_CONTEXT CRYPT_GetIssuer (const CertificateChainEngine *engine, HCERTSTORE store, PCCERT_CONTEXT subject, PCCERT_CONTEXT prevIssuer, DWORD flags, DWORD *infoStatus)
 
static BOOL CRYPT_BuildSimpleChain (const CertificateChainEngine *engine, HCERTSTORE world, DWORD flags, PCERT_SIMPLE_CHAIN chain)
 
static LPCSTR debugstr_filetime (LPFILETIME pTime)
 
static BOOL CRYPT_GetSimpleChainForCert (CertificateChainEngine *engine, HCERTSTORE world, PCCERT_CONTEXT cert, LPFILETIME pTime, DWORD flags, PCERT_SIMPLE_CHAIN *ppChain)
 
static BOOL CRYPT_BuildCandidateChainFromCert (CertificateChainEngine *engine, PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore, DWORD flags, CertificateChain **ppChain)
 
static PCERT_SIMPLE_CHAIN CRYPT_CopySimpleChainToElement (const CERT_SIMPLE_CHAIN *chain, DWORD iElement)
 
static void CRYPT_FreeLowerQualityChains (CertificateChain *chain)
 
static void CRYPT_FreeChainContext (CertificateChain *chain)
 
static CertificateChainCRYPT_CopyChainToElement (CertificateChain *chain, DWORD iChain, DWORD iElement)
 
static CertificateChainCRYPT_BuildAlternateContextFromChain (CertificateChainEngine *engine, LPFILETIME pTime, HCERTSTORE hAdditionalStore, DWORD flags, CertificateChain *chain)
 
static DWORD CRYPT_ChainQuality (const CertificateChain *chain)
 
static CertificateChainCRYPT_ChooseHighestQualityChain (CertificateChain *chain)
 
static BOOL CRYPT_AddAlternateChainToChain (CertificateChain *chain, const CertificateChain *alternate)
 
static PCERT_CHAIN_ELEMENT CRYPT_FindIthElementInChain (const CERT_CHAIN_CONTEXT *chain, DWORD i)
 
static void CRYPT_VerifyChainRevocation (PCERT_CHAIN_CONTEXT chain, LPFILETIME pTime, HCERTSTORE hAdditionalStore, const CERT_CHAIN_PARA *pChainPara, DWORD chainFlags)
 
static void CRYPT_CheckUsages (PCERT_CHAIN_CONTEXT chain, const CERT_CHAIN_PARA *pChainPara)
 
static void dump_usage_match (LPCSTR name, const CERT_USAGE_MATCH *usageMatch)
 
static void dump_chain_para (const CERT_CHAIN_PARA *pChainPara)
 
BOOL WINAPI CertGetCertificateChain (HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved, PCCERT_CHAIN_CONTEXT *ppChainContext)
 
PCCERT_CHAIN_CONTEXT WINAPI CertDuplicateCertificateChain (PCCERT_CHAIN_CONTEXT pChainContext)
 
VOID WINAPI CertFreeCertificateChain (PCCERT_CHAIN_CONTEXT pChainContext)
 
PCCERT_CHAIN_CONTEXT WINAPI CertFindChainInStore (HCERTSTORE store, DWORD certEncodingType, DWORD findFlags, DWORD findType, const void *findPara, PCCERT_CHAIN_CONTEXT prevChainContext)
 
static void find_element_with_error (PCCERT_CHAIN_CONTEXT chain, DWORD error, LONG *iChain, LONG *iElement)
 
static BOOL WINAPI verify_base_policy (LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
 
static void dump_authenticode_extra_chain_policy_para (AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA *extraPara)
 
static BOOL WINAPI verify_authenticode_policy (LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
 
static BOOL WINAPI verify_basic_constraints_policy (LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
 
static BOOL match_dns_to_subject_alt_name (const CERT_EXTENSION *ext, LPCWSTR server_name)
 
static BOOL find_matching_domain_component (const CERT_NAME_INFO *name, LPCWSTR component)
 
static BOOL match_domain_component (LPCWSTR allowed_component, DWORD allowed_len, LPCWSTR server_component, DWORD server_len, BOOL allow_wildcards, BOOL *see_wildcard)
 
static BOOL match_common_name (LPCWSTR server_name, const CERT_RDN_ATTR *nameAttr)
 
static BOOL match_dns_to_subject_dn (PCCERT_CONTEXT cert, LPCWSTR server_name)
 
static void dump_ssl_extra_chain_policy_para (HTTPSPolicyCallbackData *sslPara)
 
static BOOL WINAPI verify_ssl_policy (LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
 
static BOOL WINAPI verify_ms_root_policy (LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
 
static void dump_policy_para (PCERT_CHAIN_POLICY_PARA para)
 
BOOL WINAPI CertVerifyCertificateChainPolicy (LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
 

Variables

static const WCHAR rootW [] = { 'R','o','o','t',0 }
 
static CertificateChainEnginedefault_cu_engine
 
static CertificateChainEnginedefault_lm_engine
 
static BYTE msTestPubKey1 []
 
static BYTE msTestPubKey2 []
 
static BYTE msPubKey1 []
 
static BYTE msPubKey2 []
 
static BYTE msPubKey3 []
 

Macro Definition Documentation

◆ CERT_CHAIN_PARA_HAS_EXTRA_FIELDS

#define CERT_CHAIN_PARA_HAS_EXTRA_FIELDS

Definition at line 23 of file chain.c.

◆ CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS

#define CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS

Definition at line 24 of file chain.c.

◆ CHAIN_QUALITY_BASIC_CONSTRAINTS

#define CHAIN_QUALITY_BASIC_CONSTRAINTS   2

Definition at line 2517 of file chain.c.

◆ CHAIN_QUALITY_COMPLETE_CHAIN

#define CHAIN_QUALITY_COMPLETE_CHAIN   4

Definition at line 2516 of file chain.c.

◆ CHAIN_QUALITY_HIGHEST

#define CHAIN_QUALITY_HIGHEST
Value:
CHAIN_QUALITY_COMPLETE_CHAIN | CHAIN_QUALITY_BASIC_CONSTRAINTS | \
CHAIN_QUALITY_TRUSTED_ROOT
#define CHAIN_QUALITY_BASIC_CONSTRAINTS
Definition: chain.c:2517
#define CHAIN_QUALITY_TIME_VALID
Definition: chain.c:2515
#define CHAIN_QUALITY_SIGNATURE_VALID
Definition: chain.c:2514

Definition at line 2520 of file chain.c.

◆ CHAIN_QUALITY_SIGNATURE_VALID

#define CHAIN_QUALITY_SIGNATURE_VALID   0x16

Definition at line 2514 of file chain.c.

◆ CHAIN_QUALITY_TIME_VALID

#define CHAIN_QUALITY_TIME_VALID   8

Definition at line 2515 of file chain.c.

◆ CHAIN_QUALITY_TRUSTED_ROOT

#define CHAIN_QUALITY_TRUSTED_ROOT   1

Definition at line 2518 of file chain.c.

◆ DEFAULT_CYCLE_MODULUS

#define DEFAULT_CYCLE_MODULUS   7

Definition at line 34 of file chain.c.

◆ IS_TRUST_ERROR_SET

#define IS_TRUST_ERROR_SET (   TrustStatus,
  bits 
)    (TrustStatus)->dwErrorStatus & (bits)

Definition at line 2525 of file chain.c.

◆ NONAMELESSUNION

#define NONAMELESSUNION

Definition at line 20 of file chain.c.

◆ trace_cert_type_bit

#define trace_cert_type_bit (   bits,
  bit 
)    if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit)

◆ trace_usage_bit

#define trace_usage_bit (   bits,
  bit 
)    if ((bits) & (bit)) TRACE_(chain)("%s\n", #bit)

Typedef Documentation

◆ CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT

◆ CERT_CHAIN_PARA_NO_EXTRA_FIELDS

◆ CertificateChain

◆ CertificateChainEngine

◆ CertVerifyCertificateChainPolicyFunc

typedef BOOL(WINAPI * CertVerifyCertificateChainPolicyFunc) (LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)

Definition at line 3702 of file chain.c.

Function Documentation

◆ alt_name_matches()

static BOOL alt_name_matches ( const CERT_ALT_NAME_ENTRY name,
const CERT_ALT_NAME_ENTRY constraint,
DWORD trustErrorStatus,
BOOL present 
)
static

Definition at line 886 of file chain.c.

888 {
889  BOOL match = FALSE;
890 
891  if (name->dwAltNameChoice == constraint->dwAltNameChoice)
892  {
893  if (present)
894  *present = TRUE;
895  switch (constraint->dwAltNameChoice)
896  {
898  match = rfc822_name_matches(constraint->u.pwszURL,
899  name->u.pwszURL, trustErrorStatus);
900  break;
902  match = dns_name_matches(constraint->u.pwszURL,
903  name->u.pwszURL, trustErrorStatus);
904  break;
905  case CERT_ALT_NAME_URL:
906  match = url_matches(constraint->u.pwszURL,
907  name->u.pwszURL, trustErrorStatus);
908  break;
910  match = ip_address_matches(&constraint->u.IPAddress,
911  &name->u.IPAddress, trustErrorStatus);
912  break;
914  match = directory_name_matches(&constraint->u.DirectoryName,
915  &name->u.DirectoryName);
916  break;
917  default:
918  ERR("name choice %d unsupported in this context\n",
919  constraint->dwAltNameChoice);
920  *trustErrorStatus |=
922  }
923  }
924  else if (present)
925  *present = FALSE;
926  return match;
927 }
#define CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT
Definition: wincrypt.h:882
DWORD dwAltNameChoice
Definition: wincrypt.h:333
#define TRUE
Definition: types.h:120
CERT_NAME_BLOB DirectoryName
Definition: wincrypt.h:338
static BOOL directory_name_matches(const CERT_NAME_BLOB *constraint, const CERT_NAME_BLOB *name)
Definition: chain.c:864
#define CERT_ALT_NAME_DNS_NAME
Definition: wincrypt.h:347
Definition: match.c:28
#define CERT_ALT_NAME_DIRECTORY_NAME
Definition: wincrypt.h:349
static BOOL rfc822_name_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
Definition: chain.c:751
#define CERT_ALT_NAME_URL
Definition: wincrypt.h:351
static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint, const CRYPT_DATA_BLOB *name, DWORD *trustErrorStatus)
Definition: chain.c:820
static BOOL dns_name_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
Definition: chain.c:775
unsigned int BOOL
Definition: ntddk_ex.h:94
struct match match
Definition: match.c:33
#define CERT_ALT_NAME_RFC822_NAME
Definition: wincrypt.h:346
CRYPT_DATA_BLOB IPAddress
Definition: wincrypt.h:340
#define CERT_ALT_NAME_IP_ADDRESS
Definition: wincrypt.h:352
#define ERR(fmt,...)
Definition: debug.h:109
static BOOL url_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus)
Definition: chain.c:682
LPWSTR pwszURL
Definition: wincrypt.h:339
Definition: name.c:36

Referenced by alt_name_matches_excluded_name(), and alt_name_matches_permitted_name().

◆ alt_name_matches_excluded_name()

static BOOL alt_name_matches_excluded_name ( const CERT_ALT_NAME_ENTRY name,
const CERT_NAME_CONSTRAINTS_INFO nameConstraints,
DWORD trustErrorStatus 
)
static

Definition at line 929 of file chain.c.

931 {
932  DWORD i;
933  BOOL match = FALSE;
934 
935  for (i = 0; !match && i < nameConstraints->cExcludedSubtree; i++)
937  &nameConstraints->rgExcludedSubtree[i].Base, trustErrorStatus, NULL);
938  return match;
939 }
Definition: match.c:28
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
struct match match
Definition: match.c:33
static BOOL alt_name_matches(const CERT_ALT_NAME_ENTRY *name, const CERT_ALT_NAME_ENTRY *constraint, DWORD *trustErrorStatus, BOOL *present)
Definition: chain.c:886
unsigned long DWORD
Definition: ntddk_ex.h:95
CERT_ALT_NAME_ENTRY Base
Definition: wincrypt.h:571
Definition: name.c:36
PCERT_GENERAL_SUBTREE rgExcludedSubtree
Definition: wincrypt.h:581

Referenced by compare_alt_name_with_constraints().

◆ alt_name_matches_permitted_name()

static BOOL alt_name_matches_permitted_name ( const CERT_ALT_NAME_ENTRY name,
const CERT_NAME_CONSTRAINTS_INFO nameConstraints,
DWORD trustErrorStatus,
BOOL present 
)
static

Definition at line 941 of file chain.c.

944 {
945  DWORD i;
946  BOOL match = FALSE;
947 
948  for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++)
950  &nameConstraints->rgPermittedSubtree[i].Base, trustErrorStatus,
951  present);
952  return match;
953 }
Definition: match.c:28
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int BOOL
Definition: ntddk_ex.h:94
struct match match
Definition: match.c:33
static BOOL alt_name_matches(const CERT_ALT_NAME_ENTRY *name, const CERT_ALT_NAME_ENTRY *constraint, DWORD *trustErrorStatus, BOOL *present)
Definition: chain.c:886
unsigned long DWORD
Definition: ntddk_ex.h:95
CERT_ALT_NAME_ENTRY Base
Definition: wincrypt.h:571
Definition: name.c:36
PCERT_GENERAL_SUBTREE rgPermittedSubtree
Definition: wincrypt.h:579

Referenced by compare_alt_name_with_constraints().

◆ CertCreateCertificateChainEngine()

BOOL WINAPI CertCreateCertificateChainEngine ( PCERT_CHAIN_ENGINE_CONFIG  pConfig,
HCERTCHAINENGINE phChainEngine 
)

Definition at line 225 of file chain.c.

227 {
228  BOOL ret;
229 
230  TRACE("(%p, %p)\n", pConfig, phChainEngine);
231 
232  if (pConfig->cbSize != sizeof(CERT_CHAIN_ENGINE_CONFIG_NO_EXCLUSIVE_ROOT)
233  && pConfig->cbSize != sizeof(CERT_CHAIN_ENGINE_CONFIG))
234  {
236  return FALSE;
237  }
239  if (!ret)
240  {
241  *phChainEngine = NULL;
242  return FALSE;
243  }
244 
246  return *phChainEngine != NULL;
247 }
HCERTCHAINENGINE CRYPT_CreateChainEngine(HCERTSTORE root, DWORD system_store, const CERT_CHAIN_ENGINE_CONFIG *config)
Definition: chain.c:115
unsigned int BOOL
Definition: ntddk_ex.h:94
#define E_INVALIDARG
Definition: ddrawi.h:101
smooth NULL
Definition: ftsmooth.c:416
HCERTSTORE hRestrictedRoot
Definition: wincrypt.h:3626
#define TRACE(s)
Definition: solgame.cpp:4
#define SetLastError(x)
Definition: compat.h:409
int ret
#define CERT_SYSTEM_STORE_CURRENT_USER
Definition: wincrypt.h:2324
_Out_ HCERTCHAINENGINE * phChainEngine
Definition: wincrypt.h:4829
static BOOL CRYPT_CheckRestrictedRoot(HCERTSTORE store)
Definition: chain.c:89

Referenced by CRYPTDLG_MakeEngine(), and save_pfx().

◆ CertDuplicateCertificateChain()

PCCERT_CHAIN_CONTEXT WINAPI CertDuplicateCertificateChain ( PCCERT_CHAIN_CONTEXT  pChainContext)

Definition at line 2948 of file chain.c.

2950 {
2951  CertificateChain *chain = (CertificateChain*)pChainContext;
2952 
2953  TRACE("(%p)\n", pChainContext);
2954 
2955  if (chain)
2956  InterlockedIncrement(&chain->ref);
2957  return pChainContext;
2958 }
struct sock * chain
Definition: tcpcore.h:1164
#define TRACE(s)
Definition: solgame.cpp:4
#define InterlockedIncrement
Definition: armddk.h:53

Referenced by CRYPTDLG_CopyChain(), and InternetGetSecurityInfoByURLW().

◆ CertFindChainInStore()

PCCERT_CHAIN_CONTEXT WINAPI CertFindChainInStore ( HCERTSTORE  store,
DWORD  certEncodingType,
DWORD  findFlags,
DWORD  findType,
const void findPara,
PCCERT_CHAIN_CONTEXT  prevChainContext 
)

Definition at line 2973 of file chain.c.

2976 {
2977  FIXME("(%p, %08x, %08x, %d, %p, %p): stub\n", store, certEncodingType,
2978  findFlags, findType, findPara, prevChainContext);
2979  return NULL;
2980 }
#define FIXME(fmt,...)
Definition: debug.h:110
smooth NULL
Definition: ftsmooth.c:416

◆ CertFreeCertificateChain()

VOID WINAPI CertFreeCertificateChain ( PCCERT_CHAIN_CONTEXT  pChainContext)

Definition at line 2960 of file chain.c.

2961 {
2962  CertificateChain *chain = (CertificateChain*)pChainContext;
2963 
2964  TRACE("(%p)\n", pChainContext);
2965 
2966  if (chain)
2967  {
2968  if (InterlockedDecrement(&chain->ref) == 0)
2970  }
2971 }
static void CRYPT_FreeChainContext(CertificateChain *chain)
Definition: chain.c:2362
struct sock * chain
Definition: tcpcore.h:1164
#define TRACE(s)
Definition: solgame.cpp:4
#define InterlockedDecrement
Definition: armddk.h:52

Referenced by _test_security_info(), CertGetCertificateChain(), CertTrustFinalPolicy(), check_and_store_certs(), CRYPT_FreeLowerQualityChains(), InitFunctionPtrs(), netconn_verify_cert(), save_cert_as_cms(), save_pfx(), server_release(), and SoftpubCleanup().

◆ CertFreeCertificateChainEngine()

void WINAPI CertFreeCertificateChainEngine ( HCERTCHAINENGINE  hChainEngine)

Definition at line 249 of file chain.c.

250 {
251  TRACE("(%p)\n", hChainEngine);
252  free_chain_engine(get_chain_engine(hChainEngine, FALSE));
253 }
static void free_chain_engine(CertificateChainEngine *engine)
Definition: chain.c:201
#define TRACE(s)
Definition: solgame.cpp:4
static CertificateChainEngine * get_chain_engine(HCERTCHAINENGINE handle, BOOL allow_default)
Definition: chain.c:166

Referenced by CertTrustFinalPolicy(), check_and_store_certs(), get_chain_engine(), and save_pfx().

◆ CertGetCertificateChain()

BOOL WINAPI CertGetCertificateChain ( HCERTCHAINENGINE  hChainEngine,
PCCERT_CONTEXT  pCertContext,
LPFILETIME  pTime,
HCERTSTORE  hAdditionalStore,
PCERT_CHAIN_PARA  pChainPara,
DWORD  dwFlags,
LPVOID  pvReserved,
PCCERT_CHAIN_CONTEXT ppChainContext 
)

Definition at line 2879 of file chain.c.

2883 {
2884  CertificateChainEngine *engine;
2885  BOOL ret;
2887 
2888  TRACE("(%p, %p, %s, %p, %p, %08x, %p, %p)\n", hChainEngine, pCertContext,
2891 
2892  engine = get_chain_engine(hChainEngine, TRUE);
2893  if (!engine)
2894  return FALSE;
2895 
2896  if (ppChainContext)
2897  *ppChainContext = NULL;
2898  if (!pChainPara)
2899  {
2901  return FALSE;
2902  }
2904  {
2906  return FALSE;
2907  }
2908 
2909  if (TRACE_ON(chain))
2911  /* FIXME: what about HCCE_LOCAL_MACHINE? */
2914  if (ret)
2915  {
2916  CertificateChain *alternate = NULL;
2917  PCERT_CHAIN_CONTEXT pChain;
2918 
2919  do {
2920  alternate = CRYPT_BuildAlternateContextFromChain(engine,
2922 
2923  /* Alternate contexts are added as "lower quality" contexts of
2924  * chain, to avoid loops in alternate chain creation.
2925  * The highest-quality chain is chosen at the end.
2926  */
2927  if (alternate)
2929  } while (ret && alternate);
2933  pChain = (PCERT_CHAIN_CONTEXT)chain;
2935  pChainPara, dwFlags);
2936  CRYPT_CheckUsages(pChain, pChainPara);
2937  TRACE_(chain)("error status: %08x\n",
2938  pChain->TrustStatus.dwErrorStatus);
2939  if (ppChainContext)
2940  *ppChainContext = pChain;
2941  else
2942  CertFreeCertificateChain(pChain);
2943  }
2944  TRACE("returning %d\n", ret);
2945  return ret;
2946 }
static BOOL CRYPT_BuildCandidateChainFromCert(CertificateChainEngine *engine, PCCERT_CONTEXT cert, LPFILETIME pTime, HCERTSTORE hAdditionalStore, DWORD flags, CertificateChain **ppChain)
Definition: chain.c:2251
#define TRUE
Definition: types.h:120
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME _In_opt_ HCERTSTORE _In_ PCERT_CHAIN_PARA _In_ DWORD _Reserved_ LPVOID _Out_ PCCERT_CHAIN_CONTEXT * ppChainContext
Definition: wincrypt.h:4840
struct _CERT_CHAIN_CONTEXT * PCERT_CHAIN_CONTEXT
Definition: wincrypt.h:934
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME _In_opt_ HCERTSTORE hAdditionalStore
Definition: wincrypt.h:4840
VOID WINAPI CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
Definition: chain.c:2960
static BOOL CRYPT_AddAlternateChainToChain(CertificateChain *chain, const CertificateChain *alternate)
Definition: chain.c:2586
static void CRYPT_FreeLowerQualityChains(CertificateChain *chain)
Definition: chain.c:2351
unsigned int BOOL
Definition: ntddk_ex.h:94
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME pTime
Definition: wincrypt.h:4840
#define E_INVALIDARG
Definition: ddrawi.h:101
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
static CertificateChain * CRYPT_ChooseHighestQualityChain(CertificateChain *chain)
Definition: chain.c:2554
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME _In_opt_ HCERTSTORE _In_ PCERT_CHAIN_PARA pChainPara
Definition: wincrypt.h:4840
CERT_TRUST_STATUS TrustStatus
Definition: wincrypt.h:939
#define TRACE_(x)
Definition: compat.h:66
#define TRACE(s)
Definition: solgame.cpp:4
PCERT_INFO pCertInfo
Definition: wincrypt.h:482
static LPCSTR DWORD void * pvReserved
Definition: str.c:196
CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm
Definition: wincrypt.h:243
static CertificateChainEngine * get_chain_engine(HCERTCHAINENGINE handle, BOOL allow_default)
Definition: chain.c:166
#define SetLastError(x)
Definition: compat.h:409
#define CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS
Definition: wincrypt.h:1064
static void CRYPT_CheckUsages(PCERT_CHAIN_CONTEXT chain, const CERT_CHAIN_PARA *pChainPara)
Definition: chain.c:2745
int ret
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
#define ERROR_INVALID_DATA
Definition: winerror.h:116
static void CRYPT_VerifyChainRevocation(PCERT_CHAIN_CONTEXT chain, LPFILETIME pTime, HCERTSTORE hAdditionalStore, const CERT_CHAIN_PARA *pChainPara, DWORD chainFlags)
Definition: chain.c:2632
static LPCSTR debugstr_filetime(LPFILETIME pTime)
Definition: chain.c:2213
static void dump_chain_para(const CERT_CHAIN_PARA *pChainPara)
Definition: chain.c:2864
#define TRACE_ON(x)
Definition: compat.h:65
static CertificateChain * CRYPT_BuildAlternateContextFromChain(CertificateChainEngine *engine, LPFILETIME pTime, HCERTSTORE hAdditionalStore, DWORD flags, CertificateChain *chain)
Definition: chain.c:2442
_In_ PCCERT_CONTEXT pCertContext
Definition: wincrypt.h:4840

Referenced by CertTrustFinalPolicy(), check_and_store_certs(), netconn_verify_cert(), save_cert_as_cms(), save_pfx(), testGetCertChain(), and WINTRUST_CreateChainForSigner().

◆ CertVerifyCertificateChainPolicy()

BOOL WINAPI CertVerifyCertificateChainPolicy ( LPCSTR  szPolicyOID,
PCCERT_CHAIN_CONTEXT  pChainContext,
PCERT_CHAIN_POLICY_PARA  pPolicyPara,
PCERT_CHAIN_POLICY_STATUS  pPolicyStatus 
)

Definition at line 3716 of file chain.c.

3719 {
3720  static HCRYPTOIDFUNCSET set = NULL;
3721  BOOL ret = FALSE;
3723  HCRYPTOIDFUNCADDR hFunc = NULL;
3724 
3725  TRACE("(%s, %p, %p, %p)\n", debugstr_a(szPolicyOID), pChainContext,
3726  pPolicyPara, pPolicyStatus);
3727  if (TRACE_ON(chain))
3728  dump_policy_para(pPolicyPara);
3729 
3730  if (IS_INTOID(szPolicyOID))
3731  {
3732  switch (LOWORD(szPolicyOID))
3733  {
3735  verifyPolicy = verify_base_policy;
3736  break;
3738  verifyPolicy = verify_authenticode_policy;
3739  break;
3741  verifyPolicy = verify_ssl_policy;
3742  break;
3744  verifyPolicy = verify_basic_constraints_policy;
3745  break;
3747  verifyPolicy = verify_ms_root_policy;
3748  break;
3749  default:
3750  FIXME("unimplemented for %d\n", LOWORD(szPolicyOID));
3751  }
3752  }
3753  if (!verifyPolicy)
3754  {
3755  if (!set)
3759  (void **)&verifyPolicy, &hFunc);
3760  }
3761  if (verifyPolicy)
3762  ret = verifyPolicy(szPolicyOID, pChainContext, pPolicyPara,
3763  pPolicyStatus);
3764  if (hFunc)
3765  CryptFreeOIDFunctionAddress(hFunc, 0);
3766  TRACE("returning %d (%08x)\n", ret, pPolicyStatus->dwError);
3767  return ret;
3768 }
HCRYPTOIDFUNCSET WINAPI CryptInitOIDFunctionSet(LPCSTR pszFuncName, DWORD dwFlags)
Definition: oid.c:114
#define CRYPT_OID_VERIFY_CERTIFICATE_CHAIN_POLICY_FUNC
Definition: wincrypt.h:2506
static BOOL WINAPI verify_base_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
Definition: chain.c:2998
static BOOL WINAPI verify_basic_constraints_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
Definition: chain.c:3130
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
#define CERT_CHAIN_POLICY_SSL
Definition: wincrypt.h:965
unsigned int BOOL
Definition: ntddk_ex.h:94
#define CERT_CHAIN_POLICY_BASE
Definition: wincrypt.h:962
#define FIXME(fmt,...)
Definition: debug.h:110
smooth NULL
Definition: ftsmooth.c:416
#define IS_INTOID(x)
Definition: chain.c:63
struct sock * chain
Definition: tcpcore.h:1164
static void dump_policy_para(PCERT_CHAIN_POLICY_PARA para)
Definition: chain.c:3706
static BOOL WINAPI verify_ssl_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
Definition: chain.c:3458
#define TRACE(s)
Definition: solgame.cpp:4
#define CERT_CHAIN_POLICY_BASIC_CONSTRAINTS
Definition: wincrypt.h:966
#define debugstr_a
Definition: kernel32.h:31
#define CERT_CHAIN_POLICY_AUTHENTICODE
Definition: wincrypt.h:963
BOOL(WINAPI * CertVerifyCertificateChainPolicyFunc)(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
Definition: chain.c:3702
int ret
BOOL WINAPI CryptFreeOIDFunctionAddress(HCRYPTOIDFUNCADDR hFuncAddr, DWORD dwFlags)
Definition: oid.c:468
static BOOL WINAPI verify_authenticode_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
Definition: chain.c:3089
#define CERT_CHAIN_POLICY_MICROSOFT_ROOT
Definition: wincrypt.h:968
BOOL WINAPI CryptGetOIDFunctionAddress(HCRYPTOIDFUNCSET hFuncSet, DWORD dwEncodingType, LPCSTR pszOID, DWORD dwFlags, void **ppvFuncAddr, HCRYPTOIDFUNCADDR *phFuncAddr)
Definition: oid.c:387
static BOOL WINAPI verify_ms_root_policy(LPCSTR szPolicyOID, PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara, PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
Definition: chain.c:3665
Definition: _set.h:46
#define TRACE_ON(x)
Definition: compat.h:65
#define LOWORD(l)
Definition: pedump.c:82

Referenced by netconn_verify_cert(), SoftpubAuthenticode(), and WINTRUST_DefaultPolicy().

◆ compare_alt_name_with_constraints()

static void compare_alt_name_with_constraints ( const CERT_EXTENSION altNameExt,
const CERT_NAME_CONSTRAINTS_INFO nameConstraints,
DWORD trustErrorStatus 
)
static

Definition at line 967 of file chain.c.

969 {
970  CERT_ALT_NAME_INFO *subjectAltName;
971  DWORD size;
972 
974  altNameExt->Value.pbData, altNameExt->Value.cbData,
976  &subjectAltName, &size))
977  {
978  DWORD i;
979 
980  for (i = 0; i < subjectAltName->cAltEntry; i++)
981  {
982  BOOL nameFormPresent;
983 
984  /* A name constraint only applies if the name form is present.
985  * From RFC 5280, section 4.2.1.10:
986  * "Restrictions apply only when the specified name form is
987  * present. If no name of the type is in the certificate,
988  * the certificate is acceptable."
989  */
991  &subjectAltName->rgAltEntry[i], nameConstraints,
992  trustErrorStatus))
993  {
994  TRACE_(chain)("subject alternate name form %d excluded\n",
995  subjectAltName->rgAltEntry[i].dwAltNameChoice);
996  *trustErrorStatus |=
998  }
999  nameFormPresent = FALSE;
1001  &subjectAltName->rgAltEntry[i], nameConstraints,
1002  trustErrorStatus, &nameFormPresent) && nameFormPresent)
1003  {
1004  TRACE_(chain)("subject alternate name form %d not permitted\n",
1005  subjectAltName->rgAltEntry[i].dwAltNameChoice);
1006  *trustErrorStatus |=
1008  }
1009  }
1010  LocalFree(subjectAltName);
1011  }
1012  else
1013  *trustErrorStatus |=
1015 }
DWORD dwAltNameChoice
Definition: wincrypt.h:333
static BOOL alt_name_matches_excluded_name(const CERT_ALT_NAME_ENTRY *name, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
Definition: chain.c:929
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
Definition: decode.c:6286
#define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT
Definition: wincrypt.h:885
#define CERT_TRUST_INVALID_NAME_CONSTRAINTS
Definition: wincrypt.h:881
#define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT
Definition: wincrypt.h:884
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
#define CERT_TRUST_INVALID_EXTENSION
Definition: wincrypt.h:878
CRYPT_OBJID_BLOB Value
Definition: wincrypt.h:232
#define TRACE_(x)
Definition: compat.h:66
GLsizeiptr size
Definition: glext.h:5919
unsigned long DWORD
Definition: ntddk_ex.h:95
static BOOL alt_name_matches_permitted_name(const CERT_ALT_NAME_ENTRY *name, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus, BOOL *present)
Definition: chain.c:941
BYTE * pbData
Definition: wincrypt.h:103
PCERT_ALT_NAME_ENTRY rgAltEntry
Definition: wincrypt.h:357
#define CRYPT_DECODE_NOCOPY_FLAG
Definition: wincrypt.h:3450
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define CRYPT_DECODE_ALLOC_FLAG
Definition: wincrypt.h:3454
#define X509_ALTERNATE_NAME
Definition: wincrypt.h:3377

Referenced by CRYPT_CheckNameConstraints().

◆ compare_subject_with_constraints()

static void compare_subject_with_constraints ( const CERT_NAME_BLOB subjectName,
const CERT_NAME_CONSTRAINTS_INFO nameConstraints,
DWORD trustErrorStatus 
)
static

Definition at line 1126 of file chain.c.

1128 {
1129  BOOL hasEmailConstraint = FALSE;
1130  DWORD i;
1131 
1132  /* In general, a subject distinguished name only matches a directory name
1133  * constraint. However, an exception exists for email addresses.
1134  * From RFC 5280, section 4.2.1.6:
1135  * "Legacy implementations exist where an electronic mail address is
1136  * embedded in the subject distinguished name as an emailAddress
1137  * attribute [RFC2985]."
1138  * If an email address constraint exists, check that constraint separately.
1139  */
1140  for (i = 0; !hasEmailConstraint && i < nameConstraints->cExcludedSubtree;
1141  i++)
1142  if (nameConstraints->rgExcludedSubtree[i].Base.dwAltNameChoice ==
1144  hasEmailConstraint = TRUE;
1145  for (i = 0; !hasEmailConstraint && i < nameConstraints->cPermittedSubtree;
1146  i++)
1147  if (nameConstraints->rgPermittedSubtree[i].Base.dwAltNameChoice ==
1149  hasEmailConstraint = TRUE;
1150  if (hasEmailConstraint)
1152  trustErrorStatus);
1153  for (i = 0; i < nameConstraints->cExcludedSubtree; i++)
1154  {
1155  CERT_ALT_NAME_ENTRY *constraint =
1156  &nameConstraints->rgExcludedSubtree[i].Base;
1157 
1158  if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME &&
1160  {
1161  TRACE_(chain)("subject name is excluded\n");
1162  *trustErrorStatus |=
1164  }
1165  }
1166  /* RFC 5280, section 4.2.1.10:
1167  * "Restrictions apply only when the specified name form is present.
1168  * If no name of the type is in the certificate, the certificate is
1169  * acceptable."
1170  * An empty name can't have the name form present, so don't check it.
1171  */
1172  if (nameConstraints->cPermittedSubtree && !CRYPT_IsEmptyName(subjectName))
1173  {
1174  BOOL match = FALSE, hasDirectoryConstraint = FALSE;
1175 
1176  for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++)
1177  {
1178  CERT_ALT_NAME_ENTRY *constraint =
1179  &nameConstraints->rgPermittedSubtree[i].Base;
1180 
1181  if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME)
1182  {
1183  hasDirectoryConstraint = TRUE;
1184  match = directory_name_matches(&constraint->u.DirectoryName,
1185  subjectName);
1186  }
1187  }
1188  if (hasDirectoryConstraint && !match)
1189  {
1190  TRACE_(chain)("subject name is not permitted\n");
1191  *trustErrorStatus |= CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT;
1192  }
1193  }
1194 }
DWORD dwAltNameChoice
Definition: wincrypt.h:333
#define TRUE
Definition: types.h:120
CERT_NAME_BLOB DirectoryName
Definition: wincrypt.h:338
static BOOL directory_name_matches(const CERT_NAME_BLOB *constraint, const CERT_NAME_BLOB *name)
Definition: chain.c:864
Definition: match.c:28
#define CERT_ALT_NAME_DIRECTORY_NAME
Definition: wincrypt.h:349
static BYTE subjectName[]
Definition: cert.c:63
#define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT
Definition: wincrypt.h:885
Definition: wincrypt.h:332
#define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT
Definition: wincrypt.h:884
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int BOOL
Definition: ntddk_ex.h:94
struct sock * chain
Definition: tcpcore.h:1164
#define TRACE_(x)
Definition: compat.h:66
#define CERT_ALT_NAME_RFC822_NAME
Definition: wincrypt.h:346
unsigned long DWORD
Definition: ntddk_ex.h:95
static BOOL CRYPT_IsEmptyName(const CERT_NAME_BLOB *name)
Definition: chain.c:1110
static void compare_subject_with_email_constraints(const CERT_NAME_BLOB *subjectName, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
Definition: chain.c:1057
CERT_ALT_NAME_ENTRY Base
Definition: wincrypt.h:571
PCERT_GENERAL_SUBTREE rgExcludedSubtree
Definition: wincrypt.h:581
PCERT_GENERAL_SUBTREE rgPermittedSubtree
Definition: wincrypt.h:579

Referenced by CRYPT_CheckNameConstraints().

◆ compare_subject_with_email_constraints()

static void compare_subject_with_email_constraints ( const CERT_NAME_BLOB subjectName,
const CERT_NAME_CONSTRAINTS_INFO nameConstraints,
DWORD trustErrorStatus 
)
static

Definition at line 1057 of file chain.c.

1060 {
1062  DWORD size;
1063 
1065  subjectName->pbData, subjectName->cbData,
1067  {
1068  DWORD i, j;
1069 
1070  for (i = 0; i < name->cRDN; i++)
1071  for (j = 0; j < name->rgRDN[i].cRDNAttr; j++)
1072  if (!strcmp(name->rgRDN[i].rgRDNAttr[j].pszObjId,
1074  {
1075  BOOL nameFormPresent;
1076 
1077  /* A name constraint only applies if the name form is
1078  * present. From RFC 5280, section 4.2.1.10:
1079  * "Restrictions apply only when the specified name form is
1080  * present. If no name of the type is in the certificate,
1081  * the certificate is acceptable."
1082  */
1084  &name->rgRDN[i].rgRDNAttr[j], nameConstraints,
1085  trustErrorStatus))
1086  {
1087  TRACE_(chain)(
1088  "email address in subject name is excluded\n");
1089  *trustErrorStatus |=
1091  }
1092  nameFormPresent = FALSE;
1094  &name->rgRDN[i].rgRDNAttr[j], nameConstraints,
1095  trustErrorStatus, &nameFormPresent) && nameFormPresent)
1096  {
1097  TRACE_(chain)(
1098  "email address in subject name is not permitted\n");
1099  *trustErrorStatus |=
1101  }
1102  }
1103  LocalFree(name);
1104  }
1105  else
1106  *trustErrorStatus |=
1108 }
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
Definition: decode.c:6286
static BYTE subjectName[]
Definition: cert.c:63
#define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT
Definition: wincrypt.h:885
#define CERT_TRUST_INVALID_NAME_CONSTRAINTS
Definition: wincrypt.h:881
#define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT
Definition: wincrypt.h:884
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
#define CERT_TRUST_INVALID_EXTENSION
Definition: wincrypt.h:878
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
#define TRACE_(x)
Definition: compat.h:66
GLsizeiptr size
Definition: glext.h:5919
unsigned long DWORD
Definition: ntddk_ex.h:95
static BOOL rfc822_attr_matches_permitted_name(const CERT_RDN_ATTR *attr, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus, BOOL *present)
Definition: chain.c:1035
#define CRYPT_DECODE_NOCOPY_FLAG
Definition: wincrypt.h:3450
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
static BOOL rfc822_attr_matches_excluded_name(const CERT_RDN_ATTR *attr, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
Definition: chain.c:1017
#define szOID_RSA_emailAddr
Definition: wincrypt.h:3035
#define X509_UNICODE_NAME
Definition: wincrypt.h:3385
Definition: name.c:36
#define CRYPT_DECODE_ALLOC_FLAG
Definition: wincrypt.h:3454
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469
GLuint const GLchar * name
Definition: glext.h:6031

Referenced by compare_subject_with_constraints().

◆ CRYPT_AddAlternateChainToChain()

static BOOL CRYPT_AddAlternateChainToChain ( CertificateChain chain,
const CertificateChain alternate 
)
static

Definition at line 2586 of file chain.c.

2588 {
2589  BOOL ret;
2590 
2591  if (chain->context.cLowerQualityChainContext)
2592  chain->context.rgpLowerQualityChainContext =
2593  CryptMemRealloc(chain->context.rgpLowerQualityChainContext,
2594  (chain->context.cLowerQualityChainContext + 1) *
2595  sizeof(PCCERT_CHAIN_CONTEXT));
2596  else
2597  chain->context.rgpLowerQualityChainContext =
2599  if (chain->context.rgpLowerQualityChainContext)
2600  {
2601  chain->context.rgpLowerQualityChainContext[
2602  chain->context.cLowerQualityChainContext++] =
2603  (PCCERT_CHAIN_CONTEXT)alternate;
2604  ret = TRUE;
2605  }
2606  else
2607  ret = FALSE;
2608  return ret;
2609 }
#define TRUE
Definition: types.h:120
static PCCERT_CHAIN_CONTEXT
Definition: chain.c:61
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
Definition: main.c:131
unsigned int BOOL
Definition: ntddk_ex.h:94
struct sock * chain
Definition: tcpcore.h:1164
LPVOID WINAPI CryptMemRealloc(LPVOID pv, ULONG cbSize)
Definition: main.c:136
int ret

Referenced by CertGetCertificateChain().

◆ CRYPT_AddCertToSimpleChain()

static BOOL CRYPT_AddCertToSimpleChain ( const CertificateChainEngine engine,
PCERT_SIMPLE_CHAIN  chain,
PCCERT_CONTEXT  cert,
DWORD  subjectInfoStatus 
)
static

Definition at line 427 of file chain.c.

429 {
430  BOOL ret = FALSE;
432 
433  if (element)
434  {
435  if (!chain->cElement)
436  chain->rgpElement = CryptMemAlloc(sizeof(PCERT_CHAIN_ELEMENT));
437  else
438  chain->rgpElement = CryptMemRealloc(chain->rgpElement,
439  (chain->cElement + 1) * sizeof(PCERT_CHAIN_ELEMENT));
440  if (chain->rgpElement)
441  {
442  chain->rgpElement[chain->cElement++] = element;
443  memset(element, 0, sizeof(CERT_CHAIN_ELEMENT));
444  element->cbSize = sizeof(CERT_CHAIN_ELEMENT);
446  if (chain->cElement > 1)
447  chain->rgpElement[chain->cElement - 2]->TrustStatus.dwInfoStatus
448  = subjectInfoStatus;
449  /* FIXME: initialize the rest of element */
450  if (!(chain->cElement % engine->CycleDetectionModulus))
451  {
453  /* Reinitialize the element pointer in case the chain is
454  * cyclic, in which case the chain is truncated.
455  */
456  element = chain->rgpElement[chain->cElement - 1];
457  }
458  CRYPT_CombineTrustStatus(&chain->TrustStatus,
459  &element->TrustStatus);
460  ret = TRUE;
461  }
462  else
464  }
465  return ret;
466 }
#define TRUE
Definition: types.h:120
struct _CERT_CHAIN_ELEMENT CERT_CHAIN_ELEMENT
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
Definition: main.c:131
unsigned int BOOL
Definition: ntddk_ex.h:94
DWORD CycleDetectionModulus
Definition: chain.c:49
struct sock * chain
Definition: tcpcore.h:1164
static BYTE cert[]
Definition: msg.c:1437
static void CRYPT_CombineTrustStatus(CERT_TRUST_STATUS *chainStatus, const CERT_TRUST_STATUS *elementStatus)
Definition: chain.c:416
LPVOID WINAPI CryptMemRealloc(LPVOID pv, ULONG cbSize)
Definition: main.c:136
int ret
PCCERT_CONTEXT WINAPI CertDuplicateCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:360
VOID WINAPI CryptMemFree(LPVOID pv)
Definition: main.c:141
static void CRYPT_CheckSimpleChainForCycles(PCERT_SIMPLE_CHAIN chain)
Definition: chain.c:383
#define memset(x, y, z)
Definition: compat.h:39

Referenced by CRYPT_BuildAlternateContextFromChain(), CRYPT_BuildSimpleChain(), and CRYPT_GetSimpleChainForCert().

◆ CRYPT_AddStoresToCollection()

static void CRYPT_AddStoresToCollection ( HCERTSTORE  collection,
DWORD  cStores,
HCERTSTORE stores 
)
inlinestatic

Definition at line 52 of file chain.c.

54 {
55  DWORD i;
56 
57  for (i = 0; i < cStores; i++)
58  CertAddStoreToCollection(collection, stores[i], 0, 0);
59 }
BOOL WINAPI CertAddStoreToCollection(HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore, DWORD dwUpdateFlags, DWORD dwPriority)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned long DWORD
Definition: ntddk_ex.h:95
static ICollection collection
Definition: typelib.c:184

Referenced by CRYPT_CreateChainEngine().

◆ CRYPT_BuildAlternateContextFromChain()

static CertificateChain* CRYPT_BuildAlternateContextFromChain ( CertificateChainEngine engine,
LPFILETIME  pTime,
HCERTSTORE  hAdditionalStore,
DWORD  flags,
CertificateChain chain 
)
static

Definition at line 2442 of file chain.c.

2445 {
2446  CertificateChain *alternate;
2447 
2448  TRACE("(%p, %s, %p, %p)\n", engine, debugstr_filetime(pTime),
2450 
2451  /* Always start with the last "lower quality" chain to ensure a consistent
2452  * order of alternate creation:
2453  */
2454  if (chain->context.cLowerQualityChainContext)
2455  chain = (CertificateChain*)chain->context.rgpLowerQualityChainContext[
2456  chain->context.cLowerQualityChainContext - 1];
2457  /* A chain with only one element can't have any alternates */
2458  if (chain->context.cChain <= 1 && chain->context.rgpChain[0]->cElement <= 1)
2459  alternate = NULL;
2460  else
2461  {
2462  DWORD i, j, infoStatus;
2463  PCCERT_CONTEXT alternateIssuer = NULL;
2464 
2465  alternate = NULL;
2466  for (i = 0; !alternateIssuer && i < chain->context.cChain; i++)
2467  for (j = 0; !alternateIssuer &&
2468  j < chain->context.rgpChain[i]->cElement - 1; j++)
2469  {
2470  PCCERT_CONTEXT subject =
2471  chain->context.rgpChain[i]->rgpElement[j]->pCertContext;
2473  chain->context.rgpChain[i]->rgpElement[j + 1]->pCertContext);
2474 
2475  alternateIssuer = CRYPT_GetIssuer(engine, prevIssuer->hCertStore,
2476  subject, prevIssuer, flags, &infoStatus);
2477  }
2478  if (alternateIssuer)
2479  {
2480  i--;
2481  j--;
2482  alternate = CRYPT_CopyChainToElement(chain, i, j);
2483  if (alternate)
2484  {
2486  alternate->context.rgpChain[i], alternateIssuer, infoStatus);
2487 
2488  /* CRYPT_AddCertToSimpleChain add-ref's the issuer, so free it
2489  * to close the enumeration that found it
2490  */
2491  CertFreeCertificateContext(alternateIssuer);
2492  if (ret)
2493  {
2494  ret = CRYPT_BuildSimpleChain(engine, alternate->world,
2495  flags, alternate->context.rgpChain[i]);
2496  if (ret)
2497  CRYPT_CheckSimpleChain(engine,
2498  alternate->context.rgpChain[i], pTime);
2500  &alternate->context.rgpChain[i]->TrustStatus);
2501  }
2502  if (!ret)
2503  {
2504  CRYPT_FreeChainContext(alternate);
2505  alternate = NULL;
2506  }
2507  }
2508  }
2509  }
2510  TRACE("%p\n", alternate);
2511  return alternate;
2512 }
static void CRYPT_FreeChainContext(CertificateChain *chain)
Definition: chain.c:2362
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME _In_opt_ HCERTSTORE hAdditionalStore
Definition: wincrypt.h:4840
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:371
HCERTSTORE hCertStore
Definition: wincrypt.h:483
static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine, HCERTSTORE store, PCCERT_CONTEXT subject, PCCERT_CONTEXT prevIssuer, DWORD flags, DWORD *infoStatus)
Definition: chain.c:2056
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int BOOL
Definition: ntddk_ex.h:94
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME pTime
Definition: wincrypt.h:4840
smooth NULL
Definition: ftsmooth.c:416
PCERT_SIMPLE_CHAIN * rgpChain
Definition: wincrypt.h:941
struct sock * chain
Definition: tcpcore.h:1164
static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine, PCERT_SIMPLE_CHAIN chain, LPFILETIME time)
Definition: chain.c:1879
CERT_TRUST_STATUS TrustStatus
Definition: wincrypt.h:939
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
static void CRYPT_CombineTrustStatus(CERT_TRUST_STATUS *chainStatus, const CERT_TRUST_STATUS *elementStatus)
Definition: chain.c:416
HCERTSTORE world
Definition: chain.c:264
#define TRACE(s)
Definition: solgame.cpp:4
if(!(yy_init))
Definition: macro.lex.yy.c:714
unsigned long DWORD
Definition: ntddk_ex.h:95
static BOOL CRYPT_BuildSimpleChain(const CertificateChainEngine *engine, HCERTSTORE world, DWORD flags, PCERT_SIMPLE_CHAIN chain)
Definition: chain.c:2181
static BOOL CRYPT_AddCertToSimpleChain(const CertificateChainEngine *engine, PCERT_SIMPLE_CHAIN chain, PCCERT_CONTEXT cert, DWORD subjectInfoStatus)
Definition: chain.c:427
GLbitfield flags
Definition: glext.h:7161
int ret
CERT_CHAIN_CONTEXT context
Definition: chain.c:263
static LPCSTR debugstr_filetime(LPFILETIME pTime)
Definition: chain.c:2213
PCCERT_CONTEXT WINAPI CertDuplicateCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:360
CERT_TRUST_STATUS TrustStatus
Definition: wincrypt.h:926
static CertificateChain * CRYPT_CopyChainToElement(CertificateChain *chain, DWORD iChain, DWORD iElement)
Definition: chain.c:2377

Referenced by CertGetCertificateChain().

◆ CRYPT_BuildCandidateChainFromCert()

static BOOL CRYPT_BuildCandidateChainFromCert ( CertificateChainEngine engine,
PCCERT_CONTEXT  cert,
LPFILETIME  pTime,
HCERTSTORE  hAdditionalStore,
DWORD  flags,
CertificateChain **  ppChain 
)
static

Definition at line 2251 of file chain.c.

2254 {
2255  PCERT_SIMPLE_CHAIN simpleChain = NULL;
2256  HCERTSTORE world;
2257  BOOL ret;
2258 
2261  CertAddStoreToCollection(world, engine->hWorld, 0, 0);
2262  if (hAdditionalStore)
2264  /* FIXME: only simple chains are supported for now, as CTLs aren't
2265  * supported yet.
2266  */
2267  if ((ret = CRYPT_GetSimpleChainForCert(engine, world, cert, pTime, flags, &simpleChain)))
2268  {
2270 
2271  if (chain)
2272  {
2273  chain->ref = 1;
2274  chain->world = world;
2275  chain->context.cbSize = sizeof(CERT_CHAIN_CONTEXT);
2276  chain->context.TrustStatus = simpleChain->TrustStatus;
2277  chain->context.cChain = 1;
2278  chain->context.rgpChain = CryptMemAlloc(sizeof(PCERT_SIMPLE_CHAIN));
2279  chain->context.rgpChain[0] = simpleChain;
2280  chain->context.cLowerQualityChainContext = 0;
2281  chain->context.rgpLowerQualityChainContext = NULL;
2282  chain->context.fHasRevocationFreshnessTime = FALSE;
2283  chain->context.dwRevocationFreshnessTime = 0;
2284  }
2285  else
2286  {
2287  CRYPT_FreeSimpleChain(simpleChain);
2288  ret = FALSE;
2289  }
2290  *ppChain = chain;
2291  }
2292  return ret;
2293 }
static BOOL CRYPT_GetSimpleChainForCert(CertificateChainEngine *engine, HCERTSTORE world, PCCERT_CONTEXT cert, LPFILETIME pTime, DWORD flags, PCERT_SIMPLE_CHAIN *ppChain)
Definition: chain.c:2220
struct _CERT_CHAIN_CONTEXT CERT_CHAIN_CONTEXT
Definition: wincrypt.h:934
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME _In_opt_ HCERTSTORE hAdditionalStore
Definition: wincrypt.h:4840
BOOL WINAPI CertAddStoreToCollection(HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore, DWORD dwUpdateFlags, DWORD dwPriority)
#define CERT_STORE_PROV_COLLECTION
Definition: wincrypt.h:2261
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
Definition: main.c:131
#define CERT_STORE_CREATE_NEW_FLAG
Definition: wincrypt.h:2464
unsigned int BOOL
Definition: ntddk_ex.h:94
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME pTime
Definition: wincrypt.h:4840
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
static BYTE cert[]
Definition: msg.c:1437
GLbitfield flags
Definition: glext.h:7161
int ret
static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain)
Definition: chain.c:468
HCERTSTORE hWorld
Definition: chain.c:45
HCERTSTORE WINAPI CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
Definition: store.c:815
CERT_TRUST_STATUS TrustStatus
Definition: wincrypt.h:926

Referenced by CertGetCertificateChain().

◆ CRYPT_BuildSimpleChain()

static BOOL CRYPT_BuildSimpleChain ( const CertificateChainEngine engine,
HCERTSTORE  world,
DWORD  flags,
PCERT_SIMPLE_CHAIN  chain 
)
static

Definition at line 2181 of file chain.c.

2183 {
2184  BOOL ret = TRUE;
2185  PCCERT_CONTEXT cert = chain->rgpElement[chain->cElement - 1]->pCertContext;
2186 
2187  while (ret && !CRYPT_IsSimpleChainCyclic(chain) &&
2189  {
2190  PCCERT_CONTEXT issuer = CRYPT_GetIssuer(engine, world, cert, NULL, flags,
2191  &chain->rgpElement[chain->cElement - 1]->TrustStatus.dwInfoStatus);
2192 
2193  if (issuer)
2194  {
2196  chain->rgpElement[chain->cElement - 1]->TrustStatus.dwInfoStatus);
2197  /* CRYPT_AddCertToSimpleChain add-ref's the issuer, so free it to
2198  * close the enumeration that found it
2199  */
2201  cert = issuer;
2202  }
2203  else
2204  {
2205  TRACE_(chain)("Couldn't find issuer, halting chain creation\n");
2206  chain->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_PARTIAL_CHAIN;
2207  break;
2208  }
2209  }
2210  return ret;
2211 }
#define TRUE
Definition: types.h:120
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:371
static PCCERT_CONTEXT CRYPT_GetIssuer(const CertificateChainEngine *engine, HCERTSTORE store, PCCERT_CONTEXT subject, PCCERT_CONTEXT prevIssuer, DWORD flags, DWORD *infoStatus)
Definition: chain.c:2056
DWORD CRYPT_IsCertificateSelfSigned(const CERT_CONTEXT *cert)
Definition: chain.c:268
static BOOL CRYPT_IsSimpleChainCyclic(const CERT_SIMPLE_CHAIN *chain)
Definition: chain.c:407
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
static BYTE cert[]
Definition: msg.c:1437
#define TRACE_(x)
Definition: compat.h:66
static BOOL CRYPT_AddCertToSimpleChain(const CertificateChainEngine *engine, PCERT_SIMPLE_CHAIN chain, PCCERT_CONTEXT cert, DWORD subjectInfoStatus)
Definition: chain.c:427
GLbitfield flags
Definition: glext.h:7161
int ret
static WCHAR issuer[MAX_STRING_RESOURCE_LEN]
Definition: object.c:1905
#define CERT_TRUST_IS_PARTIAL_CHAIN
Definition: wincrypt.h:891

Referenced by CRYPT_BuildAlternateContextFromChain(), and CRYPT_GetSimpleChainForCert().

◆ CRYPT_ChainQuality()

static DWORD CRYPT_ChainQuality ( const CertificateChain chain)
static

Definition at line 2528 of file chain.c.

2529 {
2531 
2532  if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
2535  if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
2538  if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
2541  if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
2544  if (IS_TRUST_ERROR_SET(&chain->context.TrustStatus,
2547  return quality;
2548 }
#define CHAIN_QUALITY_BASIC_CONSTRAINTS
Definition: chain.c:2517
#define CERT_TRUST_IS_NOT_TIME_VALID
Definition: wincrypt.h:870
#define CHAIN_QUALITY_TRUSTED_ROOT
Definition: chain.c:2518
struct sock * chain
Definition: tcpcore.h:1164
unsigned long DWORD
Definition: ntddk_ex.h:95
int quality
Definition: jpeglib.h:991
#define CERT_TRUST_IS_NOT_SIGNATURE_VALID
Definition: wincrypt.h:873
#define CERT_TRUST_IS_NOT_TIME_NESTED
Definition: wincrypt.h:871
#define CHAIN_QUALITY_HIGHEST
Definition: chain.c:2520
#define CHAIN_QUALITY_TIME_VALID
Definition: chain.c:2515
#define CERT_TRUST_IS_UNTRUSTED_ROOT
Definition: wincrypt.h:875
#define CHAIN_QUALITY_SIGNATURE_VALID
Definition: chain.c:2514
#define IS_TRUST_ERROR_SET(TrustStatus, bits)
Definition: chain.c:2525
#define CHAIN_QUALITY_COMPLETE_CHAIN
Definition: chain.c:2516
#define CERT_TRUST_IS_PARTIAL_CHAIN
Definition: wincrypt.h:891
#define CERT_TRUST_INVALID_BASIC_CONSTRAINTS
Definition: wincrypt.h:880

Referenced by CRYPT_ChooseHighestQualityChain().

◆ CRYPT_CheckBasicConstraintsForCA()

static BOOL CRYPT_CheckBasicConstraintsForCA ( CertificateChainEngine engine,
PCCERT_CONTEXT  cert,
CERT_BASIC_CONSTRAINTS2_INFO chainConstraints,
DWORD  remainingCAs,
BOOL  isRoot,
BOOL pathLengthConstraintViolated 
)
static

Definition at line 580 of file chain.c.

583 {
584  BOOL validBasicConstraints, implicitCA = FALSE;
585  CERT_BASIC_CONSTRAINTS2_INFO constraints;
586 
587  if (isRoot)
588  implicitCA = TRUE;
589  else if (cert->pCertInfo->dwVersion == CERT_V1 ||
590  cert->pCertInfo->dwVersion == CERT_V2)
591  {
592  BYTE hash[20];
593  DWORD size = sizeof(hash);
594 
596  hash, &size))
597  {
598  CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
600  engine->hWorld, cert->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH,
601  &blob, NULL);
602 
603  if (localCert)
604  {
605  CertFreeCertificateContext(localCert);
606  implicitCA = TRUE;
607  }
608  }
609  }
610  if ((validBasicConstraints = CRYPT_DecodeBasicConstraints(cert,
611  &constraints, implicitCA)))
612  {
613  chainConstraints->fCA = constraints.fCA;
614  if (!constraints.fCA)
615  {
616  TRACE_(chain)("chain element %d can't be a CA\n", remainingCAs + 1);
617  validBasicConstraints = FALSE;
618  }
619  else if (constraints.fPathLenConstraint)
620  {
621  /* If the element has path length constraints, they apply to the
622  * entire remaining chain.
623  */
624  if (!chainConstraints->fPathLenConstraint ||
625  constraints.dwPathLenConstraint <
626  chainConstraints->dwPathLenConstraint)
627  {
628  TRACE_(chain)("setting path length constraint to %d\n",
629  chainConstraints->dwPathLenConstraint);
630  chainConstraints->fPathLenConstraint = TRUE;
631  chainConstraints->dwPathLenConstraint =
632  constraints.dwPathLenConstraint;
633  }
634  }
635  }
636  if (chainConstraints->fPathLenConstraint &&
637  remainingCAs > chainConstraints->dwPathLenConstraint)
638  {
639  TRACE_(chain)("remaining CAs %d exceed max path length %d\n",
640  remainingCAs, chainConstraints->dwPathLenConstraint);
641  validBasicConstraints = FALSE;
642  *pathLengthConstraintViolated = TRUE;
643  }
644  return validBasicConstraints;
645 }
PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFlags, DWORD dwType, const void *pvPara, PCCERT_CONTEXT pPrevCertContext)
Definition: cert.c:1765
#define TRUE
Definition: types.h:120
#define CERT_V2
Definition: wincrypt.h:2657
#define CERT_FIND_SHA1_HASH
Definition: wincrypt.h:2865
#define CERT_V1
Definition: wincrypt.h:2656
Definition: image.c:133
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:371
BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT pCertContext, DWORD dwPropId, void *pvData, DWORD *pcbData)
Definition: cert.c:551
int hash
Definition: main.c:58
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
static BYTE cert[]
Definition: msg.c:1437
#define TRACE_(x)
Definition: compat.h:66
GLsizeiptr size
Definition: glext.h:5919
unsigned long DWORD
Definition: ntddk_ex.h:95
#define CERT_HASH_PROP_ID
Definition: wincrypt.h:2688
unsigned char BYTE
Definition: mem.h:68
HCERTSTORE hWorld
Definition: chain.c:45
Definition: _hash_fun.h:40
static BOOL CRYPT_DecodeBasicConstraints(PCCERT_CONTEXT cert, CERT_BASIC_CONSTRAINTS2_INFO *constraints, BOOL defaultIfNotSpecified)
Definition: chain.c:513

Referenced by CRYPT_CheckSimpleChain().

◆ CRYPT_CheckChainNameConstraints()

static void CRYPT_CheckChainNameConstraints ( PCERT_SIMPLE_CHAIN  chain)
static

Definition at line 1279 of file chain.c.

1280 {
1281  int i, j;
1282 
1283  /* Microsoft's implementation appears to violate RFC 3280: according to
1284  * MSDN, the various CERT_TRUST_*_NAME_CONSTRAINT errors are set if a CA's
1285  * name constraint is violated in the end cert. According to RFC 3280,
1286  * the constraints should be checked against every subsequent certificate
1287  * in the chain, not just the end cert.
1288  * Microsoft's implementation also sets the name constraint errors on the
1289  * certs whose constraints were violated, not on the certs that violated
1290  * them.
1291  * In order to be error-compatible with Microsoft's implementation, while
1292  * still adhering to RFC 3280, I use a O(n ^ 2) algorithm to check name
1293  * constraints.
1294  */
1295  for (i = chain->cElement - 1; i > 0; i--)
1296  {
1297  CERT_NAME_CONSTRAINTS_INFO *nameConstraints;
1298 
1299  if ((nameConstraints = CRYPT_GetNameConstraints(
1300  chain->rgpElement[i]->pCertContext->pCertInfo)))
1301  {
1302  if (!CRYPT_IsValidNameConstraint(nameConstraints))
1303  chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1305  else
1306  {
1307  for (j = i - 1; j >= 0; j--)
1308  {
1309  DWORD errorStatus = 0;
1310 
1311  /* According to RFC 3280, self-signed certs don't have name
1312  * constraints checked unless they're the end cert.
1313  */
1314  if (j == 0 || !CRYPT_IsCertificateSelfSigned(
1315  chain->rgpElement[j]->pCertContext))
1316  {
1317  CRYPT_CheckNameConstraints(nameConstraints,
1318  chain->rgpElement[j]->pCertContext->pCertInfo,
1319  &errorStatus);
1320  if (errorStatus)
1321  {
1322  chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1323  errorStatus;
1324  CRYPT_CombineTrustStatus(&chain->TrustStatus,
1325  &chain->rgpElement[i]->TrustStatus);
1326  }
1327  else
1328  chain->rgpElement[i]->TrustStatus.dwInfoStatus |=
1330  }
1331  }
1332  }
1333  LocalFree(nameConstraints);
1334  }
1335  }
1336 }
#define CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT
Definition: wincrypt.h:882
static void CRYPT_CheckNameConstraints(const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, const CERT_INFO *cert, DWORD *trustErrorStatus)
Definition: chain.c:1196
DWORD CRYPT_IsCertificateSelfSigned(const CERT_CONTEXT *cert)
Definition: chain.c:268
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
static BOOL CRYPT_IsValidNameConstraint(const CERT_NAME_CONSTRAINTS_INFO *info)
Definition: chain.c:1234
struct sock * chain
Definition: tcpcore.h:1164
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
static void CRYPT_CombineTrustStatus(CERT_TRUST_STATUS *chainStatus, const CERT_TRUST_STATUS *elementStatus)
Definition: chain.c:416
unsigned long DWORD
Definition: ntddk_ex.h:95
static CERT_NAME_CONSTRAINTS_INFO * CRYPT_GetNameConstraints(CERT_INFO *cert)
Definition: chain.c:1215
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS
Definition: wincrypt.h:903

Referenced by CRYPT_CheckSimpleChain().

◆ CRYPT_CheckChainPolicies()

static void CRYPT_CheckChainPolicies ( PCERT_SIMPLE_CHAIN  chain)
static

Definition at line 1381 of file chain.c.

1382 {
1383  int i, j;
1384 
1385  for (i = chain->cElement - 1; i > 0; i--)
1386  {
1387  CERT_POLICIES_INFO *policies;
1388 
1389  if ((policies = CRYPT_GetPolicies(chain->rgpElement[i]->pCertContext)))
1390  {
1391  for (j = i - 1; j >= 0; j--)
1392  {
1393  DWORD errorStatus = 0;
1394 
1395  CRYPT_CheckPolicies(policies,
1396  chain->rgpElement[j]->pCertContext->pCertInfo, &errorStatus);
1397  if (errorStatus)
1398  {
1399  chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1400  errorStatus;
1401  CRYPT_CombineTrustStatus(&chain->TrustStatus,
1402  &chain->rgpElement[i]->TrustStatus);
1403  }
1404  }
1405  LocalFree(policies);
1406  }
1407  }
1408 }
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
struct sock * chain
Definition: tcpcore.h:1164
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
static void CRYPT_CombineTrustStatus(CERT_TRUST_STATUS *chainStatus, const CERT_TRUST_STATUS *elementStatus)
Definition: chain.c:416
static void CRYPT_CheckPolicies(const CERT_POLICIES_INFO *policies, CERT_INFO *cert, DWORD *errorStatus)
Definition: chain.c:1357
static CERT_POLICIES_INFO * CRYPT_GetPolicies(PCCERT_CONTEXT cert)
Definition: chain.c:1339
unsigned long DWORD
Definition: ntddk_ex.h:95
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577

Referenced by CRYPT_CheckSimpleChain().

◆ CRYPT_CheckNameConstraints()

static void CRYPT_CheckNameConstraints ( const CERT_NAME_CONSTRAINTS_INFO nameConstraints,
const CERT_INFO cert,
DWORD trustErrorStatus 
)
static

Definition at line 1196 of file chain.c.

1199 {
1201 
1202  if (ext)
1203  compare_alt_name_with_constraints(ext, nameConstraints,
1204  trustErrorStatus);
1205  /* Name constraints apply to the subject alternative name as well as the
1206  * subject name. From RFC 5280, section 4.2.1.10:
1207  * "Restrictions apply to the subject distinguished name and apply to
1208  * subject alternative names."
1209  */
1210  compare_subject_with_constraints(&cert->Subject, nameConstraints,
1211  trustErrorStatus);
1212 }
static void compare_alt_name_with_constraints(const CERT_EXTENSION *altNameExt, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
Definition: chain.c:967
static PCERT_EXTENSION get_subject_alt_name_ext(const CERT_INFO *cert)
Definition: chain.c:955
static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName, const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus)
Definition: chain.c:1126
char ext[3]
Definition: mkdosfs.c:358
static BYTE cert[]
Definition: msg.c:1437

Referenced by CRYPT_CheckChainNameConstraints().

◆ CRYPT_CheckPolicies()

static void CRYPT_CheckPolicies ( const CERT_POLICIES_INFO policies,
CERT_INFO cert,
DWORD errorStatus 
)
static

Definition at line 1357 of file chain.c.

1359 {
1360  DWORD i;
1361 
1362  for (i = 0; i < policies->cPolicyInfo; i++)
1363  {
1364  /* For now, the only accepted policy identifier is the anyPolicy
1365  * identifier.
1366  * FIXME: the policy identifiers should be compared against the
1367  * cert's certificate policies extension, subject to the policy
1368  * mappings extension, and the policy constraints extension.
1369  * See RFC 5280, sections 4.2.1.4, 4.2.1.5, and 4.2.1.11.
1370  */
1371  if (strcmp(policies->rgPolicyInfo[i].pszPolicyIdentifier,
1373  {
1374  FIXME("unsupported policy %s\n",
1375  policies->rgPolicyInfo[i].pszPolicyIdentifier);
1376  *errorStatus |= CERT_TRUST_INVALID_POLICY_CONSTRAINTS;
1377  }
1378  }
1379 }
LPSTR pszPolicyIdentifier
Definition: wincrypt.h:393
CERT_POLICY_INFO * rgPolicyInfo
Definition: wincrypt.h:400
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define FIXME(fmt,...)
Definition: debug.h:110
unsigned long DWORD
Definition: ntddk_ex.h:95
#define szOID_ANY_CERT_POLICY
Definition: wincrypt.h:3198
#define CERT_TRUST_INVALID_POLICY_CONSTRAINTS
Definition: wincrypt.h:879
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469

Referenced by CRYPT_CheckChainPolicies().

◆ CRYPT_CheckRestrictedRoot()

static BOOL CRYPT_CheckRestrictedRoot ( HCERTSTORE  store)
static

Definition at line 89 of file chain.c.

90 {
91  BOOL ret = TRUE;
92 
93  if (store)
94  {
95  HCERTSTORE rootStore = CertOpenSystemStoreW(0, rootW);
97 
98  do {
100  if (cert)
101  {
102  if (!(check = CRYPT_FindCertInStore(rootStore, cert)))
103  ret = FALSE;
104  else
106  }
107  } while (ret && cert);
108  if (cert)
110  CertCloseStore(rootStore, 0);
111  }
112  return ret;
113 }
#define TRUE
Definition: types.h:120
static const WCHAR rootW[]
Definition: chain.c:69
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:371
HCERTSTORE WINAPI CertOpenSystemStoreW(HCRYPTPROV_LEGACY hProv, LPCWSTR szSubSystemProtocol)
Definition: store.c:916
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
Definition: store.c:1127
static BYTE cert[]
Definition: msg.c:1437
void check(CONTEXT *pContext)
Definition: NtContinue.c:61
int ret
PCCERT_CONTEXT WINAPI CertEnumCertificatesInStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pPrev)
Definition: store.c:928
static PCCERT_CONTEXT CRYPT_FindCertInStore(HCERTSTORE store, PCCERT_CONTEXT cert)
Definition: chain.c:72

Referenced by CertCreateCertificateChainEngine().

◆ CRYPT_CheckRootCert()

static void CRYPT_CheckRootCert ( HCERTSTORE  hRoot,
PCERT_CHAIN_ELEMENT  rootElement 
)
static

Definition at line 491 of file chain.c.

493 {
494  PCCERT_CONTEXT root = rootElement->pCertContext;
495 
496  if (!CryptVerifyCertificateSignatureEx(0, root->dwCertEncodingType,
499  {
500  TRACE_(chain)("Last certificate's signature is invalid\n");
501  rootElement->TrustStatus.dwErrorStatus |=
503  }
504  CRYPT_CheckTrustedStatus(hRoot, rootElement);
505 }
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT
Definition: wincrypt.h:3469
static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot, PCERT_CHAIN_ELEMENT rootElement)
Definition: chain.c:478
static HTREEITEM hRoot
Definition: treeview.c:381
PCCERT_CONTEXT pCertContext
Definition: wincrypt.h:916
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
#define TRACE_(x)
Definition: compat.h:66
CERT_TRUST_STATUS TrustStatus
Definition: wincrypt.h:917
#define CERT_TRUST_IS_NOT_SIGNATURE_VALID
Definition: wincrypt.h:873
BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject, DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
Definition: cert.c:2717
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
Definition: wincrypt.h:3474

Referenced by CRYPT_CheckSimpleChain().

◆ CRYPT_CheckSimpleChain()

static void CRYPT_CheckSimpleChain ( CertificateChainEngine engine,
PCERT_SIMPLE_CHAIN  chain,
LPFILETIME  time 
)
static

Definition at line 1879 of file chain.c.

1881 {
1882  PCERT_CHAIN_ELEMENT rootElement = chain->rgpElement[chain->cElement - 1];
1883  int i;
1884  BOOL pathLengthConstraintViolated = FALSE;
1885  CERT_BASIC_CONSTRAINTS2_INFO constraints = { FALSE, FALSE, 0 };
1886  DWORD status;
1887 
1888  TRACE_(chain)("checking chain with %d elements for time %s\n",
1889  chain->cElement, filetime_to_str(time));
1890  for (i = chain->cElement - 1; i >= 0; i--)
1891  {
1892  BOOL isRoot;
1893 
1894  if (TRACE_ON(chain))
1895  dump_element(chain->rgpElement[i]->pCertContext);
1896  if (i == chain->cElement - 1)
1898  chain->rgpElement[i]->pCertContext);
1899  else
1900  isRoot = FALSE;
1901  if (!CRYPT_IsCertVersionValid(chain->rgpElement[i]->pCertContext))
1902  {
1903  /* MS appears to accept certs whose versions don't match their
1904  * contents, so there isn't an appropriate error code.
1905  */
1906  chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1908  }
1910  chain->rgpElement[i]->pCertContext->pCertInfo) != 0)
1911  chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1913  if (i != 0)
1914  {
1915  /* Check the signature of the cert this issued */
1918  (void *)chain->rgpElement[i - 1]->pCertContext,
1920  (void *)chain->rgpElement[i]->pCertContext, 0, NULL))
1921  chain->rgpElement[i - 1]->TrustStatus.dwErrorStatus |=
1923  /* Once a path length constraint has been violated, every remaining
1924  * CA cert's basic constraints is considered invalid.
1925  */
1926  if (pathLengthConstraintViolated)
1927  chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1929  else if (!CRYPT_CheckBasicConstraintsForCA(engine,
1930  chain->rgpElement[i]->pCertContext, &constraints, i - 1, isRoot,
1931  &pathLengthConstraintViolated))
1932  chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1934  else if (constraints.fPathLenConstraint &&
1935  constraints.dwPathLenConstraint)
1936  {
1937  /* This one's valid - decrement max length */
1938  constraints.dwPathLenConstraint--;
1939  }
1940  }
1941  else
1942  {
1943  /* Check whether end cert has a basic constraints extension */
1945  chain->rgpElement[i]->pCertContext, &constraints, FALSE))
1946  chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1948  }
1949  if (!CRYPT_KeyUsageValid(engine, chain->rgpElement[i]->pCertContext,
1950  isRoot, constraints.fCA, i))
1951  chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1954  {
1955  /* If the chain is cyclic, then the path length constraints
1956  * are violated, because the chain is infinitely long.
1957  */
1958  pathLengthConstraintViolated = TRUE;
1959  chain->TrustStatus.dwErrorStatus |=
1962  }
1963  /* Check whether every critical extension is supported */
1965  chain->rgpElement[i]->pCertContext))
1966  chain->rgpElement[i]->TrustStatus.dwErrorStatus |=
1969  CRYPT_CombineTrustStatus(&chain->TrustStatus,
1970  &chain->rgpElement[i]->TrustStatus);
1971  }
1974  if ((status = CRYPT_IsCertificateSelfSigned(rootElement->pCertContext)))
1975  {
1976  rootElement->TrustStatus.dwInfoStatus |= status;
1977  CRYPT_CheckRootCert(engine->hRoot, rootElement);
1978  }
1979  CRYPT_CombineTrustStatus(&chain->TrustStatus, &rootElement->TrustStatus);
1980 }
#define TRUE
Definition: types.h:120
#define CERT_TRUST_IS_NOT_TIME_VALID
Definition: wincrypt.h:870
static void CRYPT_CheckChainNameConstraints(PCERT_SIMPLE_CHAIN chain)
Definition: chain.c:1279
#define CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT
Definition: wincrypt.h:3469
__u16 time
Definition: mkdosfs.c:366
DWORD CRYPT_IsCertificateSelfSigned(const CERT_CONTEXT *cert)
Definition: chain.c:268
static BOOL CRYPT_CheckBasicConstraintsForCA(CertificateChainEngine *engine, PCCERT_CONTEXT cert, CERT_BASIC_CONSTRAINTS2_INFO *chainConstraints, DWORD remainingCAs, BOOL isRoot, BOOL *pathLengthConstraintViolated)
Definition: chain.c:580
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
static BOOL CRYPT_IsSimpleChainCyclic(const CERT_SIMPLE_CHAIN *chain)
Definition: chain.c:407
LONG WINAPI CertVerifyTimeValidity(LPFILETIME pTimeToVerify, PCERT_INFO pCertInfo)
Definition: cert.c:2158
static LPCSTR filetime_to_str(const FILETIME *time)
Definition: chain.c:1675
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
static BOOL CRYPT_KeyUsageValid(CertificateChainEngine *engine, PCCERT_CONTEXT cert, BOOL isRoot, BOOL isCA, DWORD index)
Definition: chain.c:1723
unsigned int BOOL
Definition: ntddk_ex.h:94
PCCERT_CONTEXT pCertContext
Definition: wincrypt.h:916
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
#define CERT_TRUST_INVALID_EXTENSION
Definition: wincrypt.h:878
static void CRYPT_CombineTrustStatus(CERT_TRUST_STATUS *chainStatus, const CERT_TRUST_STATUS *elementStatus)
Definition: chain.c:416
#define TRACE_(x)
Definition: compat.h:66
CERT_TRUST_STATUS TrustStatus
Definition: wincrypt.h:917
unsigned long DWORD
Definition: ntddk_ex.h:95
#define CERT_TRUST_IS_NOT_SIGNATURE_VALID
Definition: wincrypt.h:873
BOOL WINAPI CryptVerifyCertificateSignatureEx(HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject, DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvReserved)
Definition: cert.c:2717
static void dump_element(PCCERT_CONTEXT cert)
Definition: chain.c:1689
static void CRYPT_CheckRootCert(HCERTSTORE hRoot, PCERT_CHAIN_ELEMENT rootElement)
Definition: chain.c:491
static BOOL CRYPT_CriticalExtensionsSupported(PCCERT_CONTEXT cert)
Definition: chain.c:1802
HCERTSTORE hRoot
Definition: chain.c:44
#define CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT
Definition: wincrypt.h:889
#define CERT_TRUST_IS_NOT_VALID_FOR_USAGE
Definition: wincrypt.h:874
static BOOL CRYPT_IsCertVersionValid(PCCERT_CONTEXT cert)
Definition: chain.c:1840
#define CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT
Definition: wincrypt.h:3474
static SERVICE_STATUS status
Definition: service.c:31
#define TRACE_ON(x)
Definition: compat.h:65
static void CRYPT_CheckChainPolicies(PCERT_SIMPLE_CHAIN chain)
Definition: chain.c:1381
static BOOL CRYPT_DecodeBasicConstraints(PCCERT_CONTEXT cert, CERT_BASIC_CONSTRAINTS2_INFO *constraints, BOOL defaultIfNotSpecified)
Definition: chain.c:513
#define CERT_TRUST_IS_PARTIAL_CHAIN
Definition: wincrypt.h:891
#define CERT_TRUST_INVALID_BASIC_CONSTRAINTS
Definition: wincrypt.h:880
Definition: ps.c:97

Referenced by CRYPT_BuildAlternateContextFromChain(), and CRYPT_GetSimpleChainForCert().

◆ CRYPT_CheckSimpleChainForCycles()

static void CRYPT_CheckSimpleChainForCycles ( PCERT_SIMPLE_CHAIN  chain)
static

Definition at line 383 of file chain.c.

384 {
385  DWORD i, j, cyclicCertIndex = 0;
386 
387  /* O(n^2) - I don't think there's a faster way */
388  for (i = 0; !cyclicCertIndex && i < chain->cElement; i++)
389  for (j = i + 1; !cyclicCertIndex && j < chain->cElement; j++)
391  chain->rgpElement[i]->pCertContext->pCertInfo,
392  chain->rgpElement[j]->pCertContext->pCertInfo))
393  cyclicCertIndex = j;
394  if (cyclicCertIndex)
395  {
396  chain->rgpElement[cyclicCertIndex]->TrustStatus.dwErrorStatus
398  /* Release remaining certs */
399  for (i = cyclicCertIndex + 1; i < chain->cElement; i++)
400  CRYPT_FreeChainElement(chain->rgpElement[i]);
401  /* Truncate chain */
402  chain->cElement = cyclicCertIndex + 1;
403  }
404 }
static void CRYPT_FreeChainElement(PCERT_CHAIN_ELEMENT element)
Definition: chain.c:377
#define CERT_TRUST_IS_CYCLIC
Definition: wincrypt.h:877
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
struct sock * chain
Definition: tcpcore.h:1164
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
unsigned long DWORD
Definition: ntddk_ex.h:95
BOOL WINAPI CertCompareCertificate(DWORD dwCertEncodingType, PCERT_INFO pCertId1, PCERT_INFO pCertId2)
Definition: cert.c:1166
#define CERT_TRUST_INVALID_BASIC_CONSTRAINTS
Definition: wincrypt.h:880

Referenced by CRYPT_AddCertToSimpleChain().

◆ CRYPT_CheckTrustedStatus()

static void CRYPT_CheckTrustedStatus ( HCERTSTORE  hRoot,
PCERT_CHAIN_ELEMENT  rootElement 
)
static

Definition at line 478 of file chain.c.

480 {
482  rootElement->pCertContext);
483 
484  if (!trustedRoot)
485  rootElement->TrustStatus.dwErrorStatus |=
487  else
488  CertFreeCertificateContext(trustedRoot);
489 }
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:371
static HTREEITEM hRoot
Definition: treeview.c:381
PCCERT_CONTEXT pCertContext
Definition: wincrypt.h:916
CERT_TRUST_STATUS TrustStatus
Definition: wincrypt.h:917
#define CERT_TRUST_IS_UNTRUSTED_ROOT
Definition: wincrypt.h:875
static PCCERT_CONTEXT CRYPT_FindCertInStore(HCERTSTORE store, PCCERT_CONTEXT cert)
Definition: chain.c:72

Referenced by CRYPT_CheckRootCert().

◆ CRYPT_CheckUsages()

static void CRYPT_CheckUsages ( PCERT_CHAIN_CONTEXT  chain,
const CERT_CHAIN_PARA pChainPara 
)
static

Definition at line 2745 of file chain.c.

2747 {
2748  if (pChainPara->cbSize >= sizeof(CERT_CHAIN_PARA_NO_EXTRA_FIELDS) &&
2749  pChainPara->RequestedUsage.Usage.cUsageIdentifier)
2750  {
2751  PCCERT_CONTEXT endCert;
2753  BOOL validForUsage;
2754 
2755  /* A chain, if created, always includes the end certificate */
2756  endCert = chain->rgpChain[0]->rgpElement[0]->pCertContext;
2757  /* The extended key usage extension specifies how a certificate's
2758  * public key may be used. From RFC 5280, section 4.2.1.12:
2759  * "This extension indicates one or more purposes for which the
2760  * certified public key may be used, in addition to or in place of the
2761  * basic purposes indicated in the key usage extension."
2762  * If the extension is present, it only satisfies the requested usage
2763  * if that usage is included in the extension:
2764  * "If the extension is present, then the certificate MUST only be used
2765  * for one of the purposes indicated."
2766  * There is also the special anyExtendedKeyUsage OID, but it doesn't
2767  * have to be respected:
2768  * "Applications that require the presence of a particular purpose
2769  * MAY reject certificates that include the anyExtendedKeyUsage OID
2770  * but not the particular OID expected for the application."
2771  * For now, I'm being more conservative and ignoring the presence of
2772  * the anyExtendedKeyUsage OID.
2773  */
2775  endCert->pCertInfo->cExtension, endCert->pCertInfo->rgExtension)))
2776  {
2777  const CERT_ENHKEY_USAGE *requestedUsage =
2778  &pChainPara->RequestedUsage.Usage;
2780  DWORD size;
2781 
2783  X509_ENHANCED_KEY_USAGE, ext->Value.pbData, ext->Value.cbData,
2785  {
2786  if (pChainPara->RequestedUsage.dwType == USAGE_MATCH_TYPE_AND)
2787  {
2788  DWORD i, j;
2789 
2790  /* For AND matches, all usages must be present */
2791  validForUsage = TRUE;
2792  for (i = 0; validForUsage &&
2793  i < requestedUsage->cUsageIdentifier; i++)
2794  {
2795  BOOL match = FALSE;
2796 
2797  for (j = 0; !match && j < usage->cUsageIdentifier; j++)
2798  match = !strcmp(usage->rgpszUsageIdentifier[j],
2799  requestedUsage->rgpszUsageIdentifier[i]);
2800  if (!match)
2801  validForUsage = FALSE;
2802  }
2803  }
2804  else
2805  {
2806  DWORD i, j;
2807 
2808  /* For OR matches, any matching usage suffices */
2809  validForUsage = FALSE;
2810  for (i = 0; !validForUsage &&
2811  i < requestedUsage->cUsageIdentifier; i++)
2812  {
2813  for (j = 0; !validForUsage &&
2814  j < usage->cUsageIdentifier; j++)
2815  validForUsage =
2816  !strcmp(usage->rgpszUsageIdentifier[j],
2817  requestedUsage->rgpszUsageIdentifier[i]);
2818  }
2819  }
2820  LocalFree(usage);
2821  }
2822  else
2823  validForUsage = FALSE;
2824  }
2825  else
2826  {
2827  /* If the extension isn't present, any interpretation is valid:
2828  * "Certificate using applications MAY require that the extended
2829  * key usage extension be present and that a particular purpose
2830  * be indicated in order for the certificate to be acceptable to
2831  * that application."
2832  * Not all web sites include the extended key usage extension, so
2833  * accept chains without it.
2834  */
2835  TRACE_(chain)("requested usage from certificate with no usages\n");
2836  validForUsage = TRUE;
2837  }
2838  if (!validForUsage)
2839  {
2840  chain->TrustStatus.dwErrorStatus |=
2842  chain->rgpChain[0]->rgpElement[0]->TrustStatus.dwErrorStatus |=
2844  }
2845  }
2846  if (pChainPara->cbSize >= sizeof(CERT_CHAIN_PARA) &&
2847  pChainPara->RequestedIssuancePolicy.Usage.cUsageIdentifier)
2848  FIXME("unimplemented for RequestedIssuancePolicy\n");
2849 }
#define TRUE
Definition: types.h:120
#define X509_ENHANCED_KEY_USAGE
Definition: wincrypt.h:3403
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
Definition: decode.c:6286
Definition: match.c:28
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int BOOL
Definition: ntddk_ex.h:94
#define FIXME(fmt,...)
Definition: debug.h:110
PCERT_EXTENSION rgExtension
Definition: wincrypt.h:252
smooth NULL
Definition: ftsmooth.c:416
char ext[3]
Definition: mkdosfs.c:358
struct sock * chain
Definition: tcpcore.h:1164
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME _In_opt_ HCERTSTORE _In_ PCERT_CHAIN_PARA pChainPara
Definition: wincrypt.h:4840
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
#define TRACE_(x)
Definition: compat.h:66
PCERT_INFO pCertInfo
Definition: wincrypt.h:482
GLsizeiptr size
Definition: glext.h:5919
unsigned long DWORD
Definition: ntddk_ex.h:95
PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions, CERT_EXTENSION rgExtensions[])
Definition: cert.c:2028
#define USAGE_MATCH_TYPE_AND
Definition: wincrypt.h:1043
GLsizeiptr const GLvoid GLenum usage
Definition: glext.h:5919
#define CERT_TRUST_IS_NOT_VALID_FOR_USAGE
Definition: wincrypt.h:874
DWORD cUsageIdentifier
Definition: wincrypt.h:719
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define szOID_ENHANCED_KEY_USAGE
Definition: wincrypt.h:3202
DWORD cExtension
Definition: wincrypt.h:251
LPSTR * rgpszUsageIdentifier
Definition: wincrypt.h:720
#define CRYPT_DECODE_ALLOC_FLAG
Definition: wincrypt.h:3454
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469

Referenced by CertGetCertificateChain().

◆ CRYPT_ChooseHighestQualityChain()

static CertificateChain* CRYPT_ChooseHighestQualityChain ( CertificateChain chain)
static

Definition at line 2554 of file chain.c.

2556 {
2557  DWORD i;
2558 
2559  /* There are always only two chains being considered: chain, and an
2560  * alternate at chain->rgpLowerQualityChainContext[i]. If the alternate
2561  * has a higher quality than chain, the alternate gets assigned the lower
2562  * quality contexts, with chain taking the alternate's place among the
2563  * lower quality contexts.
2564  */
2565  for (i = 0; i < chain->context.cLowerQualityChainContext; i++)
2566  {
2567  CertificateChain *alternate =
2568  (CertificateChain*)chain->context.rgpLowerQualityChainContext[i];
2569 
2571  {
2572  alternate->context.cLowerQualityChainContext =
2573  chain->context.cLowerQualityChainContext;
2575  chain->context.rgpLowerQualityChainContext;
2576  alternate->context.rgpLowerQualityChainContext[i] =
2578  chain->context.cLowerQualityChainContext = 0;
2579  chain->context.rgpLowerQualityChainContext = NULL;
2580  chain = alternate;
2581  }
2582  }
2583  return chain;
2584 }
static PCCERT_CHAIN_CONTEXT
Definition: chain.c:61
PCCERT_CHAIN_CONTEXT * rgpLowerQualityChainContext
Definition: wincrypt.h:943
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
DWORD cLowerQualityChainContext
Definition: wincrypt.h:942
static DWORD CRYPT_ChainQuality(const CertificateChain *chain)
Definition: chain.c:2528
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
if(!(yy_init))
Definition: macro.lex.yy.c:714
unsigned long DWORD
Definition: ntddk_ex.h:95
CERT_CHAIN_CONTEXT context
Definition: chain.c:263

Referenced by CertGetCertificateChain().

◆ CRYPT_CloseStores()

static void CRYPT_CloseStores ( DWORD  cStores,
HCERTSTORE stores 
)
inlinestatic

Definition at line 61 of file chain.c.

62 {
63  DWORD i;
64 
65  for (i = 0; i < cStores; i++)
66  CertCloseStore(stores[i], 0);
67 }
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
Definition: store.c:1127
unsigned long DWORD
Definition: ntddk_ex.h:95

Referenced by CRYPT_CreateChainEngine().

◆ CRYPT_CombineTrustStatus()

static void CRYPT_CombineTrustStatus ( CERT_TRUST_STATUS chainStatus,
const CERT_TRUST_STATUS elementStatus 
)
inlinestatic

Definition at line 416 of file chain.c.

418 {
419  /* Any error that applies to an element also applies to a chain.. */
420  chainStatus->dwErrorStatus |= elementStatus->dwErrorStatus;
421  /* but the bottom nibble of an element's info status doesn't apply to the
422  * chain.
423  */
424  chainStatus->dwInfoStatus |= (elementStatus->dwInfoStatus & 0xfffffff0);
425 }

Referenced by CRYPT_AddCertToSimpleChain(), CRYPT_BuildAlternateContextFromChain(), CRYPT_CheckChainNameConstraints(), CRYPT_CheckChainPolicies(), and CRYPT_CheckSimpleChain().

◆ CRYPT_CopyChainToElement()

static CertificateChain* CRYPT_CopyChainToElement ( CertificateChain chain,
DWORD  iChain,
DWORD  iElement 
)
static

Definition at line 2377 of file chain.c.

2379 {
2381 
2382  if (copy)
2383  {
2384  copy->ref = 1;
2385  copy->world = CertDuplicateStore(chain->world);
2386  copy->context.cbSize = sizeof(CERT_CHAIN_CONTEXT);
2387  /* Leave the trust status of the copied chain unset, it'll get
2388  * rechecked after the new chain is done.
2389  */
2390  memset(&copy->context.TrustStatus, 0, sizeof(CERT_TRUST_STATUS));
2391  copy->context.cLowerQualityChainContext = 0;
2392  copy->context.rgpLowerQualityChainContext = NULL;
2393  copy->context.fHasRevocationFreshnessTime = FALSE;
2394  copy->context.dwRevocationFreshnessTime = 0;
2395  copy->context.rgpChain = CryptMemAlloc(
2396  (iChain + 1) * sizeof(PCERT_SIMPLE_CHAIN));
2397  if (copy->context.rgpChain)
2398  {
2399  BOOL ret = TRUE;
2400  DWORD i;
2401 
2402  memset(copy->context.rgpChain, 0,
2403  (iChain + 1) * sizeof(PCERT_SIMPLE_CHAIN));
2404  if (iChain)
2405  {
2406  for (i = 0; ret && iChain && i < iChain - 1; i++)
2407  {
2408  copy->context.rgpChain[i] =
2409  CRYPT_CopySimpleChainToElement(chain->context.rgpChain[i],
2410  chain->context.rgpChain[i]->cElement - 1);
2411  if (!copy->context.rgpChain[i])
2412  ret = FALSE;
2413  }
2414  }
2415  else
2416  i = 0;
2417  if (ret)
2418  {
2419  copy->context.rgpChain[i] =
2420  CRYPT_CopySimpleChainToElement(chain->context.rgpChain[i],
2421  iElement);
2422  if (!copy->context.rgpChain[i])
2423  ret = FALSE;
2424  }
2425  if (!ret)
2426  {
2428  copy = NULL;
2429  }
2430  else
2431  copy->context.cChain = iChain + 1;
2432  }
2433  else
2434  {
2435  CryptMemFree(copy);
2436  copy = NULL;
2437  }
2438  }
2439  return copy;
2440 }
static void CRYPT_FreeChainContext(CertificateChain *chain)
Definition: chain.c:2362
struct _CERT_CHAIN_CONTEXT CERT_CHAIN_CONTEXT
Definition: wincrypt.h:934
#define TRUE
Definition: types.h:120
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
Definition: main.c:131
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
HCERTSTORE WINAPI CertDuplicateStore(HCERTSTORE hCertStore)
Definition: store.c:1116
unsigned long DWORD
Definition: ntddk_ex.h:95
int ret
INT copy(TCHAR source[MAX_PATH], TCHAR dest[MAX_PATH], INT append, DWORD lpdwFlags, BOOL bTouch)
Definition: copy.c:51
VOID WINAPI CryptMemFree(LPVOID pv)
Definition: main.c:141
static PCERT_SIMPLE_CHAIN CRYPT_CopySimpleChainToElement(const CERT_SIMPLE_CHAIN *chain, DWORD iElement)
Definition: chain.c:2296
#define memset(x, y, z)
Definition: compat.h:39

Referenced by CRYPT_BuildAlternateContextFromChain().

◆ CRYPT_CopySimpleChainToElement()

static PCERT_SIMPLE_CHAIN CRYPT_CopySimpleChainToElement ( const CERT_SIMPLE_CHAIN chain,
DWORD  iElement 
)
static

Definition at line 2296 of file chain.c.

2298 {
2300 
2301  if (copy)
2302  {
2303  memset(copy, 0, sizeof(CERT_SIMPLE_CHAIN));
2304  copy->cbSize = sizeof(CERT_SIMPLE_CHAIN);
2305  copy->rgpElement =
2306  CryptMemAlloc((iElement + 1) * sizeof(PCERT_CHAIN_ELEMENT));
2307  if (copy->rgpElement)
2308  {
2309  DWORD i;
2310  BOOL ret = TRUE;
2311 
2312  memset(copy->rgpElement, 0,
2313  (iElement + 1) * sizeof(PCERT_CHAIN_ELEMENT));
2314  for (i = 0; ret && i <= iElement; i++)
2315  {
2318 
2319  if (element)
2320  {
2321  *element = *chain->rgpElement[i];
2322  element->pCertContext = CertDuplicateCertificateContext(
2323  chain->rgpElement[i]->pCertContext);
2324  /* Reset the trust status of the copied element, it'll get
2325  * rechecked after the new chain is done.
2326  */
2327  memset(&element->TrustStatus, 0, sizeof(CERT_TRUST_STATUS));
2328  copy->rgpElement[copy->cElement++] = element;
2329  }
2330  else
2331  ret = FALSE;
2332  }
2333  if (!ret)
2334  {
2335  for (i = 0; i <= iElement; i++)
2336  CryptMemFree(copy->rgpElement[i]);
2337  CryptMemFree(copy->rgpElement);
2338  CryptMemFree(copy);
2339  copy = NULL;
2340  }
2341  }
2342  else
2343  {
2344  CryptMemFree(copy);
2345  copy = NULL;
2346  }
2347  }
2348  return copy;
2349 }
#define TRUE
Definition: types.h:120
struct _CERT_SIMPLE_CHAIN CERT_SIMPLE_CHAIN
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
Definition: main.c:131
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
unsigned long DWORD
Definition: ntddk_ex.h:95
int ret
INT copy(TCHAR source[MAX_PATH], TCHAR dest[MAX_PATH], INT append, DWORD lpdwFlags, BOOL bTouch)
Definition: copy.c:51
PCCERT_CONTEXT WINAPI CertDuplicateCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:360
VOID WINAPI CryptMemFree(LPVOID pv)
Definition: main.c:141
#define memset(x, y, z)
Definition: compat.h:39

Referenced by CRYPT_CopyChainToElement().

◆ CRYPT_CreateChainEngine()

HCERTCHAINENGINE CRYPT_CreateChainEngine ( HCERTSTORE  root,
DWORD  system_store,
const CERT_CHAIN_ENGINE_CONFIG config 
)

Definition at line 115 of file chain.c.

116 {
117  CertificateChainEngine *engine;
118  HCERTSTORE worldStores[4];
119 
120  static const WCHAR caW[] = { 'C','A',0 };
121  static const WCHAR myW[] = { 'M','y',0 };
122  static const WCHAR trustW[] = { 'T','r','u','s','t',0 };
123 
124  if(!root) {
125  if(config->cbSize >= sizeof(CERT_CHAIN_ENGINE_CONFIG) && config->hExclusiveRoot)
126  root = CertDuplicateStore(config->hExclusiveRoot);
127  else if (config->hRestrictedRoot)
128  root = CertDuplicateStore(config->hRestrictedRoot);
129  else
130  root = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, system_store, rootW);
131  if(!root)
132  return NULL;
133  }
134 
135  engine = CryptMemAlloc(sizeof(CertificateChainEngine));
136  if(!engine) {
137  CertCloseStore(root, 0);
138  return NULL;
139  }
140 
141  engine->ref = 1;
142  engine->hRoot = root;
144  worldStores[0] = CertDuplicateStore(engine->hRoot);
145  worldStores[1] = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, system_store, caW);
146  worldStores[2] = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, system_store, myW);
147  worldStores[3] = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, system_store, trustW);
148 
149  CRYPT_AddStoresToCollection(engine->hWorld, ARRAY_SIZE(worldStores), worldStores);
150  CRYPT_AddStoresToCollection(engine->hWorld, config->cAdditionalStore, config->rghAdditionalStore);
151  CRYPT_CloseStores(ARRAY_SIZE(worldStores), worldStores);
152 
153  engine->dwFlags = config->dwFlags;
154  engine->dwUrlRetrievalTimeout = config->dwUrlRetrievalTimeout;
155  engine->MaximumCachedCertificates = config->MaximumCachedCertificates;
156  if(config->CycleDetectionModulus)
157  engine->CycleDetectionModulus = config->CycleDetectionModulus;
158  else
160 
161  return engine;
162 }
DWORD dwUrlRetrievalTimeout
Definition: chain.c:47
static const WCHAR rootW[]
Definition: chain.c:69
struct _root root
DWORD MaximumCachedCertificates
Definition: chain.c:48
#define CERT_STORE_PROV_COLLECTION
Definition: wincrypt.h:2261
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
Definition: main.c:131
#define CERT_STORE_CREATE_NEW_FLAG
Definition: wincrypt.h:2464
DWORD CycleDetectionModulus
Definition: chain.c:49
smooth NULL
Definition: ftsmooth.c:416
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
Definition: store.c:1127
HCERTSTORE WINAPI CertDuplicateStore(HCERTSTORE hCertStore)
Definition: store.c:1116
static void CRYPT_CloseStores(DWORD cStores, HCERTSTORE *stores)
Definition: chain.c:61
__wchar_t WCHAR
Definition: xmlstorage.h:180
HCERTSTORE hRoot
Definition: chain.c:44
#define DEFAULT_CYCLE_MODULUS
Definition: chain.c:34
#define CERT_STORE_PROV_SYSTEM_W
Definition: wincrypt.h:2259
#define ARRAY_SIZE(a)
Definition: main.h:24
HCERTSTORE hWorld
Definition: chain.c:45
HCERTSTORE WINAPI CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
Definition: store.c:815
static void CRYPT_AddStoresToCollection(HCERTSTORE collection, DWORD cStores, HCERTSTORE *stores)
Definition: chain.c:52

Referenced by CertCreateCertificateChainEngine(), check_and_store_certs(), and get_chain_engine().

◆ CRYPT_CriticalExtensionsSupported()

static BOOL CRYPT_CriticalExtensionsSupported ( PCCERT_CONTEXT  cert)
static

Definition at line 1802 of file chain.c.

1803 {
1804  BOOL ret = TRUE;
1805  DWORD i;
1806 
1807  for (i = 0; ret && i < cert->pCertInfo->cExtension; i++)
1808  {
1809  if (cert->pCertInfo->rgExtension[i].fCritical)
1810  {
1811  LPCSTR oid = cert->pCertInfo->rgExtension[i].pszObjId;
1812 
1813  if (!strcmp(oid, szOID_BASIC_CONSTRAINTS))
1814  ret = TRUE;
1815  else if (!strcmp(oid, szOID_BASIC_CONSTRAINTS2))
1816  ret = TRUE;
1817  else if (!strcmp(oid, szOID_NAME_CONSTRAINTS))
1818  ret = TRUE;
1819  else if (!strcmp(oid, szOID_KEY_USAGE))
1820  ret = TRUE;
1821  else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME))
1822  ret = TRUE;
1823  else if (!strcmp(oid, szOID_SUBJECT_ALT_NAME2))
1824  ret = TRUE;
1825  else if (!strcmp(oid, szOID_CERT_POLICIES))
1826  ret = TRUE;
1827  else if (!strcmp(oid, szOID_ENHANCED_KEY_USAGE))
1828  ret = TRUE;
1829  else
1830  {
1831  FIXME("unsupported critical extension %s\n",
1832  debugstr_a(oid));
1833  ret = FALSE;
1834  }
1835  }
1836  }
1837  return ret;
1838 }
#define szOID_KEY_USAGE
Definition: wincrypt.h:3185
#define szOID_CERT_POLICIES
Definition: wincrypt.h:3197
#define TRUE
Definition: types.h:120
#define szOID_BASIC_CONSTRAINTS2
Definition: wincrypt.h:3189
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int BOOL
Definition: ntddk_ex.h:94
#define FIXME(fmt,...)
Definition: debug.h:110
static BYTE cert[]
Definition: msg.c:1437
#define szOID_SUBJECT_ALT_NAME2
Definition: wincrypt.h:3187
const char * LPCSTR
Definition: xmlstorage.h:183
#define debugstr_a
Definition: kernel32.h:31
#define szOID_BASIC_CONSTRAINTS
Definition: wincrypt.h:3183
unsigned long DWORD
Definition: ntddk_ex.h:95
#define szOID_NAME_CONSTRAINTS
Definition: wincrypt.h:3195
int ret
#define szOID_SUBJECT_ALT_NAME
Definition: wincrypt.h:3180
#define szOID_ENHANCED_KEY_USAGE
Definition: wincrypt.h:3202
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469

Referenced by CRYPT_CheckSimpleChain().

◆ CRYPT_DecodeBasicConstraints()

static BOOL CRYPT_DecodeBasicConstraints ( PCCERT_CONTEXT  cert,
CERT_BASIC_CONSTRAINTS2_INFO constraints,
BOOL  defaultIfNotSpecified 
)
static

Definition at line 513 of file chain.c.

515 {
516  BOOL ret = TRUE;
518  cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension);
519 
520  constraints->fPathLenConstraint = FALSE;
521  if (ext)
522  {
524  DWORD size = 0;
525 
527  ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG,
528  NULL, &info, &size);
529  if (ret)
530  {
531  if (info->SubjectType.cbData == 1)
532  constraints->fCA =
533  info->SubjectType.pbData[0] & CERT_CA_SUBJECT_FLAG;
534  LocalFree(info);
535  }
536  }
537  else
538  {
540  cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension);
541  if (ext)
542  {
544 
546  szOID_BASIC_CONSTRAINTS2, ext->Value.pbData, ext->Value.cbData,
547  0, NULL, constraints, &size);
548  }
549  else
550  constraints->fCA = defaultIfNotSpecified;
551  }
552  return ret;
553 }
#define TRUE
Definition: types.h:120
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
Definition: decode.c:6286
#define CERT_CA_SUBJECT_FLAG
Definition: wincrypt.h:378
#define szOID_BASIC_CONSTRAINTS2
Definition: wincrypt.h:3189
struct _test_info info[]
Definition: SetCursorPos.c:19
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
char ext[3]
Definition: mkdosfs.c:358
static BYTE cert[]
Definition: msg.c:1437
GLsizeiptr size
Definition: glext.h:5919
#define szOID_BASIC_CONSTRAINTS
Definition: wincrypt.h:3183
unsigned long DWORD
Definition: ntddk_ex.h:95
PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions, CERT_EXTENSION rgExtensions[])
Definition: cert.c:2028
struct _CERT_BASIC_CONSTRAINTS2_INFO CERT_BASIC_CONSTRAINTS2_INFO
int ret
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define CRYPT_DECODE_ALLOC_FLAG
Definition: wincrypt.h:3454

Referenced by CRYPT_CheckBasicConstraintsForCA(), and CRYPT_CheckSimpleChain().

◆ CRYPT_FindCertInStore()

static PCCERT_CONTEXT CRYPT_FindCertInStore ( HCERTSTORE  store,
PCCERT_CONTEXT  cert 
)
static

Definition at line 72 of file chain.c.

74 {
75  PCCERT_CONTEXT matching = NULL;
76  BYTE hash[20];
77  DWORD size = sizeof(hash);
78 
80  {
81  CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
82 
83  matching = CertFindCertificateInStore(store, cert->dwCertEncodingType,
85  }
86  return matching;
87 }
PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFlags, DWORD dwType, const void *pvPara, PCCERT_CONTEXT pPrevCertContext)
Definition: cert.c:1765
#define CERT_FIND_SHA1_HASH
Definition: wincrypt.h:2865
Definition: image.c:133
BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT pCertContext, DWORD dwPropId, void *pvData, DWORD *pcbData)
Definition: cert.c:551
int hash
Definition: main.c:58
smooth NULL
Definition: ftsmooth.c:416
static BYTE cert[]
Definition: msg.c:1437
GLsizeiptr size
Definition: glext.h:5919
unsigned long DWORD
Definition: ntddk_ex.h:95
#define CERT_HASH_PROP_ID
Definition: wincrypt.h:2688
unsigned char BYTE
Definition: mem.h:68
Definition: _hash_fun.h:40

Referenced by CRYPT_CheckRestrictedRoot(), and CRYPT_CheckTrustedStatus().

◆ CRYPT_FindIssuer()

static PCCERT_CONTEXT CRYPT_FindIssuer ( const CertificateChainEngine engine,
const CERT_CONTEXT cert,
HCERTSTORE  store,
DWORD  type,
void para,
DWORD  flags,
PCCERT_CONTEXT  prev_issuer 
)
static

Definition at line 1982 of file chain.c.

1984 {
1985  CRYPT_URL_ARRAY *urls;
1987  DWORD size;
1988  BOOL res;
1989 
1990  issuer = CertFindCertificateInStore(store, cert->dwCertEncodingType, 0, type, para, prev_issuer);
1991  if(issuer) {
1992  TRACE("Found in store %p\n", issuer);
1993  return issuer;
1994  }
1995 
1996  /* FIXME: For alternate issuers, we don't search world store nor try to retrieve issuer from URL.
1997  * This needs more tests.
1998  */
1999  if(prev_issuer)
2000  return NULL;
2001 
2002  if(engine->hWorld) {
2003  issuer = CertFindCertificateInStore(engine->hWorld, cert->dwCertEncodingType, 0, type, para, NULL);
2004  if(issuer) {
2005  TRACE("Found in world %p\n", issuer);
2006  return issuer;
2007  }
2008  }
2009 
2011  if(!res)
2012  return NULL;
2013 
2014  urls = HeapAlloc(GetProcessHeap(), 0, size);
2015  if(!urls)
2016  return NULL;
2017 
2019  if(res)
2020  {
2021  CERT_CONTEXT *new_cert;
2022  HCERTSTORE new_store;
2023  unsigned i;
2024 
2025  for(i=0; i < urls->cUrl; i++)
2026  {
2027  TRACE("Trying URL %s\n", debugstr_w(urls->rgwszUrl[i]));
2028 
2031  0, (void**)&new_cert, NULL, NULL, NULL, NULL);
2032  if(!res)
2033  {
2034  TRACE("CryptRetrieveObjectByUrlW failed: %u\n", GetLastError());
2035  continue;
2036  }
2037 
2038  /* FIXME: Use new_cert->hCertStore once cert ref count bug is fixed. */
2041  issuer = CertFindCertificateInStore(new_store, cert->dwCertEncodingType, 0, type, para, NULL);
2042  CertFreeCertificateContext(new_cert);
2043  CertCloseStore(new_store, 0);
2044  if(issuer)
2045  {
2046  TRACE("Found downloaded issuer %p\n", issuer);
2047  break;
2048  }
2049  }
2050  }
2051 
2052  HeapFree(GetProcessHeap(), 0, urls);
2053  return issuer;
2054 }
PCCERT_CONTEXT WINAPI CertFindCertificateInStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, DWORD dwFlags, DWORD dwType, const void *pvPara, PCCERT_CONTEXT pPrevCertContext)
Definition: cert.c:1765
BOOL WINAPI CryptGetObjectUrl(LPCSTR pszUrlOid, LPVOID pvPara, DWORD dwFlags, PCRYPT_URL_ARRAY pUrlArray, DWORD *pcbUrlArray, PCRYPT_URL_INFO pUrlInfo, DWORD *pcbUrlInfo, LPVOID pvReserved)
#define CRYPT_CACHE_ONLY_RETRIEVAL
Definition: wincrypt.h:1634
BOOL WINAPI CertAddCertificateContextToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT *ppStoreContext)
Definition: cert.c:286
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:371
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define CERT_STORE_ADD_NEW
Definition: wincrypt.h:2482
#define CRYPT_AIA_RETRIEVAL
Definition: wincrypt.h:1645
#define URL_OID_CERTIFICATE_ISSUER
Definition: wincrypt.h:1524
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define CERT_STORE_CREATE_NEW_FLAG
Definition: wincrypt.h:2464
#define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL
Definition: wincrypt.h:3618
unsigned int BOOL
Definition: ntddk_ex.h:94
BOOL WINAPI CryptRetrieveObjectByUrlW(LPCWSTR pszURL, LPCSTR pszObjectOid, DWORD dwRetrievalFlags, DWORD dwTimeout, LPVOID *ppvObject, HCRYPTASYNC hAsyncRetrieve, PCRYPT_CREDENTIALS pCredentials, LPVOID pvVerify, PCRYPT_RETRIEVE_AUX_INFO pAuxInfo)
#define debugstr_w
Definition: kernel32.h:32
#define CERT_STORE_PROV_MEMORY
Definition: wincrypt.h:2251
smooth NULL
Definition: ftsmooth.c:416
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
Definition: store.c:1127
static BYTE cert[]
Definition: msg.c:1437
#define TRACE(s)
Definition: solgame.cpp:4
GLsizeiptr size
Definition: glext.h:5919
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
LPWSTR * rgwszUrl
Definition: wincrypt.h:1514
unsigned long DWORD
Definition: ntddk_ex.h:95
GLbitfield flags
Definition: glext.h:7161
#define CONTEXT_OID_CERTIFICATE
Definition: wincrypt.h:1627
HCERTSTORE hWorld
Definition: chain.c:45
HCERTSTORE WINAPI CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
Definition: store.c:815
GLuint res
Definition: glext.h:9613
static WCHAR issuer[MAX_STRING_RESOURCE_LEN]
Definition: object.c:1905
#define HeapFree(x, y, z)
Definition: compat.h:394

Referenced by CRYPT_GetIssuer().

◆ CRYPT_FindIthElementInChain()

static PCERT_CHAIN_ELEMENT CRYPT_FindIthElementInChain ( const CERT_CHAIN_CONTEXT chain,
DWORD  i 
)
static

Definition at line 2611 of file chain.c.

2613 {
2614  DWORD j, iElement;
2616 
2617  for (j = 0, iElement = 0; !element && j < chain->cChain; j++)
2618  {
2619  if (iElement + chain->rgpChain[j]->cElement < i)
2620  iElement += chain->rgpChain[j]->cElement;
2621  else
2622  element = chain->rgpChain[j]->rgpElement[i - iElement];
2623  }
2624  return element;
2625 }
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
unsigned long DWORD
Definition: ntddk_ex.h:95

Referenced by CRYPT_VerifyChainRevocation().

◆ CRYPT_FreeChainContext()

static void CRYPT_FreeChainContext ( CertificateChain chain)
static

Definition at line 2362 of file chain.c.

2363 {
2364  DWORD i;
2365 
2367  for (i = 0; i < chain->context.cChain; i++)
2368  CRYPT_FreeSimpleChain(chain->context.rgpChain[i]);
2369  CryptMemFree(chain->context.rgpChain);
2370  CertCloseStore(chain->world, 0);
2372 }
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
static void CRYPT_FreeLowerQualityChains(CertificateChain *chain)
Definition: chain.c:2351
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
Definition: store.c:1127
struct sock * chain
Definition: tcpcore.h:1164
unsigned long DWORD
Definition: ntddk_ex.h:95
static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain)
Definition: chain.c:468
VOID WINAPI CryptMemFree(LPVOID pv)
Definition: main.c:141

Referenced by CertFreeCertificateChain(), CRYPT_BuildAlternateContextFromChain(), and CRYPT_CopyChainToElement().

◆ CRYPT_FreeChainElement()

static void CRYPT_FreeChainElement ( PCERT_CHAIN_ELEMENT  element)
static

Definition at line 377 of file chain.c.

378 {
379  CertFreeCertificateContext(element->pCertContext);
381 }
BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext)
Definition: cert.c:371
VOID WINAPI CryptMemFree(LPVOID pv)
Definition: main.c:141

Referenced by CRYPT_CheckSimpleChainForCycles(), and CRYPT_FreeSimpleChain().

◆ CRYPT_FreeLowerQualityChains()

static void CRYPT_FreeLowerQualityChains ( CertificateChain chain)
static

Definition at line 2351 of file chain.c.

2352 {
2353  DWORD i;
2354 
2355  for (i = 0; i < chain->context.cLowerQualityChainContext; i++)
2356  CertFreeCertificateChain(chain->context.rgpLowerQualityChainContext[i]);
2357  CryptMemFree(chain->context.rgpLowerQualityChainContext);
2358  chain->context.cLowerQualityChainContext = 0;
2359  chain->context.rgpLowerQualityChainContext = NULL;
2360 }
VOID WINAPI CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
Definition: chain.c:2960
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
unsigned long DWORD
Definition: ntddk_ex.h:95
VOID WINAPI CryptMemFree(LPVOID pv)
Definition: main.c:141

Referenced by CertGetCertificateChain(), and CRYPT_FreeChainContext().

◆ CRYPT_FreeSimpleChain()

static void CRYPT_FreeSimpleChain ( PCERT_SIMPLE_CHAIN  chain)
static

Definition at line 468 of file chain.c.

469 {
470  DWORD i;
471 
472  for (i = 0; i < chain->cElement; i++)
473  CRYPT_FreeChainElement(chain->rgpElement[i]);
474  CryptMemFree(chain->rgpElement);
476 }
static void CRYPT_FreeChainElement(PCERT_CHAIN_ELEMENT element)
Definition: chain.c:377
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
struct sock * chain
Definition: tcpcore.h:1164
unsigned long DWORD
Definition: ntddk_ex.h:95
VOID WINAPI CryptMemFree(LPVOID pv)
Definition: main.c:141

Referenced by CRYPT_BuildCandidateChainFromCert(), CRYPT_FreeChainContext(), and CRYPT_GetSimpleChainForCert().

◆ CRYPT_GetIssuer()

static PCCERT_CONTEXT CRYPT_GetIssuer ( const CertificateChainEngine engine,
HCERTSTORE  store,
PCCERT_CONTEXT  subject,
PCCERT_CONTEXT  prevIssuer,
DWORD  flags,
DWORD infoStatus 
)
static

Definition at line 2056 of file chain.c.

2059 {
2062  DWORD size;
2063 
2064  *infoStatus = 0;
2066  subject->pCertInfo->cExtension, subject->pCertInfo->rgExtension)))
2067  {
2069  BOOL ret;
2070 
2072  X509_AUTHORITY_KEY_ID, ext->Value.pbData, ext->Value.cbData,
2074  &info, &size);
2075  if (ret)
2076  {
2077  CERT_ID id;
2078 
2079  if (info->CertIssuer.cbData && info->CertSerialNumber.cbData)
2080  {
2081  id.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
2082  memcpy(&id.u.IssuerSerialNumber.Issuer, &info->CertIssuer,
2083  sizeof(CERT_NAME_BLOB));
2084  memcpy(&id.u.IssuerSerialNumber.SerialNumber,
2085  &info->CertSerialNumber, sizeof(CRYPT_INTEGER_BLOB));
2086 
2087  issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
2088  if (issuer)
2089  {
2090  TRACE_(chain)("issuer found by issuer/serial number\n");
2091  *infoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER;
2092  }
2093  }
2094  else if (info->KeyId.cbData)
2095  {
2096  id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
2097 
2098  memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
2099  issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
2100  if (issuer)
2101  {
2102  TRACE_(chain)("issuer found by key id\n");
2103  *infoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
2104  }
2105  }
2106  LocalFree(info);
2107  }
2108  }
2110  subject->pCertInfo->cExtension, subject->pCertInfo->rgExtension)))
2111  {
2113  BOOL ret;
2114 
2116  X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
2118  &info, &size);
2119  if (ret)
2120  {
2121  CERT_ID id;
2122 
2123  if (info->AuthorityCertIssuer.cAltEntry &&
2124  info->AuthorityCertSerialNumber.cbData)
2125  {
2126  PCERT_ALT_NAME_ENTRY directoryName = NULL;
2127  DWORD i;
2128 
2129  for (i = 0; !directoryName &&
2130  i < info->AuthorityCertIssuer.cAltEntry; i++)
2131  if (info->AuthorityCertIssuer.rgAltEntry[i].dwAltNameChoice
2133  directoryName =
2134  &info->AuthorityCertIssuer.rgAltEntry[i];
2135  if (directoryName)
2136  {
2137  id.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
2138  memcpy(&id.u.IssuerSerialNumber.Issuer,
2139  &directoryName->u.DirectoryName, sizeof(CERT_NAME_BLOB));
2140  memcpy(&id.u.IssuerSerialNumber.SerialNumber,
2141  &info->AuthorityCertSerialNumber,
2142  sizeof(CRYPT_INTEGER_BLOB));
2143 
2144  issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
2145  if (issuer)
2146  {
2147  TRACE_(chain)("issuer found by directory name\n");
2148  *infoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER;
2149  }
2150  }
2151  else
2152  FIXME("no supported name type in authority key id2\n");
2153  }
2154  else if (info->KeyId.cbData)
2155  {
2156  id.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
2157  memcpy(&id.u.KeyId, &info->KeyId, sizeof(CRYPT_HASH_BLOB));
2158  issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_CERT_ID, &id, flags, prevIssuer);
2159  if (issuer)
2160  {
2161  TRACE_(chain)("issuer found by key id\n");
2162  *infoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER;
2163  }
2164  }
2165  LocalFree(info);
2166  }
2167  }
2168  else
2169  {
2170  issuer = CRYPT_FindIssuer(engine, subject, store, CERT_FIND_SUBJECT_NAME,
2171  &subject->pCertInfo->Issuer, flags, prevIssuer);
2172  TRACE_(chain)("issuer found by name\n");
2173  *infoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER;
2174  }
2175  return issuer;
2176 }
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble * u
Definition: glfuncs.h:240
CERT_NAME_BLOB DirectoryName
Definition: wincrypt.h:338
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
Definition: decode.c:6286
#define CERT_ALT_NAME_DIRECTORY_NAME
Definition: wincrypt.h:349
#define CERT_FIND_SUBJECT_NAME
Definition: wincrypt.h:2878
DWORD dwCertEncodingType
Definition: wincrypt.h:479
Definition: wincrypt.h:332
#define CERT_TRUST_HAS_NAME_MATCH_ISSUER
Definition: wincrypt.h:898
struct _test_info info[]
Definition: SetCursorPos.c:19
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int BOOL
Definition: ntddk_ex.h:94
CERT_NAME_BLOB Issuer
Definition: wincrypt.h:244
#define FIXME(fmt,...)
Definition: debug.h:110
PCERT_EXTENSION rgExtension
Definition: wincrypt.h:252
smooth NULL
Definition: ftsmooth.c:416
char ext[3]
Definition: mkdosfs.c:358
struct sock * chain
Definition: tcpcore.h:1164
#define TRACE_(x)
Definition: compat.h:66
PCERT_INFO pCertInfo
Definition: wincrypt.h:482
static PCCERT_CONTEXT CRYPT_FindIssuer(const CertificateChainEngine *engine, const CERT_CONTEXT *cert, HCERTSTORE store, DWORD type, void *para, DWORD flags, PCCERT_CONTEXT prev_issuer)
Definition: chain.c:1982
GLsizeiptr size
Definition: glext.h:5919
#define CERT_ID_KEY_IDENTIFIER
Definition: wincrypt.h:3674
unsigned long DWORD
Definition: ntddk_ex.h:95
PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions, CERT_EXTENSION rgExtensions[])
Definition: cert.c:2028
#define CERT_TRUST_HAS_KEY_MATCH_ISSUER
Definition: wincrypt.h:897
GLbitfield flags
Definition: glext.h:7161
int ret
#define szOID_AUTHORITY_KEY_IDENTIFIER
Definition: wincrypt.h:3175
#define X509_AUTHORITY_KEY_ID
Definition: wincrypt.h:3374
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
#define CERT_ID_ISSUER_SERIAL_NUMBER
Definition: wincrypt.h:3673
#define CERT_TRUST_HAS_EXACT_MATCH_ISSUER
Definition: wincrypt.h:896
#define CRYPT_DECODE_NOCOPY_FLAG
Definition: wincrypt.h:3450
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define szOID_AUTHORITY_KEY_IDENTIFIER2
Definition: wincrypt.h:3200
DWORD cExtension
Definition: wincrypt.h:251
#define X509_AUTHORITY_KEY_ID2
Definition: wincrypt.h:3398
GLenum GLuint id
Definition: glext.h:5579
#define CRYPT_DECODE_ALLOC_FLAG
Definition: wincrypt.h:3454
static WCHAR issuer[MAX_STRING_RESOURCE_LEN]
Definition: object.c:1905
#define CERT_FIND_CERT_ID
Definition: wincrypt.h:2907

Referenced by CRYPT_BuildAlternateContextFromChain(), and CRYPT_BuildSimpleChain().

◆ CRYPT_GetNameConstraints()

static CERT_NAME_CONSTRAINTS_INFO* CRYPT_GetNameConstraints ( CERT_INFO cert)
static

Definition at line 1215 of file chain.c.

1216 {
1218 
1220 
1221  if ((ext = CertFindExtension(szOID_NAME_CONSTRAINTS, cert->cExtension,
1222  cert->rgExtension)))
1223  {
1224  DWORD size;
1225 
1227  ext->Value.pbData, ext->Value.cbData,
1229  &size);
1230  }
1231  return info;
1232 }
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
Definition: decode.c:6286
#define X509_NAME_CONSTRAINTS
Definition: wincrypt.h:3425
struct _test_info info[]
Definition: SetCursorPos.c:19
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
smooth NULL
Definition: ftsmooth.c:416
char ext[3]
Definition: mkdosfs.c:358
static BYTE cert[]
Definition: msg.c:1437
GLsizeiptr size
Definition: glext.h:5919
unsigned long DWORD
Definition: ntddk_ex.h:95
#define szOID_NAME_CONSTRAINTS
Definition: wincrypt.h:3195
PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions, CERT_EXTENSION rgExtensions[])
Definition: cert.c:2028
#define CRYPT_DECODE_NOCOPY_FLAG
Definition: wincrypt.h:3450
#define CRYPT_DECODE_ALLOC_FLAG
Definition: wincrypt.h:3454

Referenced by CRYPT_CheckChainNameConstraints().

◆ CRYPT_GetPolicies()

static CERT_POLICIES_INFO* CRYPT_GetPolicies ( PCCERT_CONTEXT  cert)
static

Definition at line 1339 of file chain.c.

1340 {
1342  CERT_POLICIES_INFO *policies = NULL;
1343 
1344  ext = CertFindExtension(szOID_KEY_USAGE, cert->pCertInfo->cExtension,
1345  cert->pCertInfo->rgExtension);
1346  if (ext)
1347  {
1348  DWORD size;
1349 
1351  ext->Value.pbData, ext->Value.cbData, CRYPT_DECODE_ALLOC_FLAG, NULL,
1352  &policies, &size);
1353  }
1354  return policies;
1355 }
#define szOID_KEY_USAGE
Definition: wincrypt.h:3185
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
Definition: decode.c:6286
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
#define X509_CERT_POLICIES
Definition: wincrypt.h:3381
smooth NULL
Definition: ftsmooth.c:416
char ext[3]
Definition: mkdosfs.c:358
static BYTE cert[]
Definition: msg.c:1437
GLsizeiptr size
Definition: glext.h:5919
unsigned long DWORD
Definition: ntddk_ex.h:95
PCERT_EXTENSION WINAPI CertFindExtension(LPCSTR pszObjId, DWORD cExtensions, CERT_EXTENSION rgExtensions[])
Definition: cert.c:2028
#define CRYPT_DECODE_ALLOC_FLAG
Definition: wincrypt.h:3454

Referenced by CRYPT_CheckChainPolicies().

◆ CRYPT_GetSimpleChainForCert()

static BOOL CRYPT_GetSimpleChainForCert ( CertificateChainEngine engine,
HCERTSTORE  world,
PCCERT_CONTEXT  cert,
LPFILETIME  pTime,
DWORD  flags,
PCERT_SIMPLE_CHAIN ppChain 
)
static

Definition at line 2220 of file chain.c.

2223 {
2224  BOOL ret = FALSE;
2226 
2227  TRACE("(%p, %p, %p, %s)\n", engine, world, cert, debugstr_filetime(pTime));
2228 
2230  if (chain)
2231  {
2232  memset(chain, 0, sizeof(CERT_SIMPLE_CHAIN));
2233  chain->cbSize = sizeof(CERT_SIMPLE_CHAIN);
2234  ret = CRYPT_AddCertToSimpleChain(engine, chain, cert, 0);
2235  if (ret)
2236  {
2237  ret = CRYPT_BuildSimpleChain(engine, world, flags, chain);
2238  if (ret)
2240  }
2241  if (!ret)
2242  {
2244  chain = NULL;
2245  }
2246  *ppChain = chain;
2247  }
2248  return ret;
2249 }
struct _CERT_SIMPLE_CHAIN CERT_SIMPLE_CHAIN
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
Definition: main.c:131
unsigned int BOOL
Definition: ntddk_ex.h:94
_In_ PCCERT_CONTEXT _In_opt_ LPFILETIME pTime
Definition: wincrypt.h:4840
smooth NULL
Definition: ftsmooth.c:416
struct sock * chain
Definition: tcpcore.h:1164
static BYTE cert[]
Definition: msg.c:1437
static void CRYPT_CheckSimpleChain(CertificateChainEngine *engine, PCERT_SIMPLE_CHAIN chain, LPFILETIME time)
Definition: chain.c:1879
#define TRACE(s)
Definition: solgame.cpp:4
static BOOL CRYPT_BuildSimpleChain(const CertificateChainEngine *engine, HCERTSTORE world, DWORD flags, PCERT_SIMPLE_CHAIN chain)
Definition: chain.c:2181
static BOOL CRYPT_AddCertToSimpleChain(const CertificateChainEngine *engine, PCERT_SIMPLE_CHAIN chain, PCCERT_CONTEXT cert, DWORD subjectInfoStatus)
Definition: chain.c:427
GLbitfield flags
Definition: glext.h:7161
int ret
static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain)
Definition: chain.c:468
static LPCSTR debugstr_filetime(LPFILETIME pTime)
Definition: chain.c:2213
#define memset(x, y, z)
Definition: compat.h:39

Referenced by CRYPT_BuildCandidateChainFromCert().

◆ CRYPT_IsCertificateSelfSigned()

DWORD CRYPT_IsCertificateSelfSigned ( const CERT_CONTEXT cert)

Definition at line 268 of file chain.c.

269 {
270  DWORD size, status = 0;
272  BOOL ret;
273 
275  cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension)))
276  {
278 
279  ret = CryptDecodeObjectEx(cert->dwCertEncodingType,
280  X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData,
282  &info, &size);
283  if (ret)
284  {
285  if (info->AuthorityCertIssuer.cAltEntry &&
286  info->AuthorityCertSerialNumber.cbData)
287  {
288  PCERT_ALT_NAME_ENTRY directoryName = NULL;
289  DWORD i;
290 
291  for (i = 0; !directoryName &&
292  i < info->AuthorityCertIssuer.cAltEntry; i++)
293  if (info->AuthorityCertIssuer.rgAltEntry[i].dwAltNameChoice
295  directoryName =
296  &info->AuthorityCertIssuer.rgAltEntry[i];
297  if (directoryName)
298  {
299  if (CertCompareCertificateName(cert->dwCertEncodingType, &directoryName->u.DirectoryName, &