ReactOS 0.4.15-dev-8135-g1bc6c90
rootstore.c File Reference
#include "config.h"
#include <stdarg.h>
#include <stdio.h>
#include <sys/types.h>
#include <fcntl.h>
#include <errno.h>
#include <limits.h>
#include "ntstatus.h"
#include "windef.h"
#include "winbase.h"
#include "winreg.h"
#include "wincrypt.h"
#include "wine/winternl.h"
#include "wine/debug.h"
#include "crypt32_private.h"
Include dependency graph for rootstore.c:

Go to the source code of this file.

Classes

struct  DynamicBuffer
 
struct  CONST_BLOB
 

Macros

#define WIN32_NO_STATUS
 
#define INITIAL_CERT_BUFFER   1024
 

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (crypt)
 
static void reset_buffer (struct DynamicBuffer *buffer)
 
static BOOL add_line_to_buffer (struct DynamicBuffer *buffer, LPCSTR line)
 
static BOOL import_base64_certs_from_fp (FILE *fp, HCERTSTORE store)
 
static const chartrust_status_to_str (DWORD status)
 
static const charget_cert_common_name (PCCERT_CONTEXT cert)
 
static void check_and_store_certs (HCERTSTORE from, HCERTSTORE to)
 
static BOOL import_certs_from_file (int fd, HCERTSTORE store)
 
static BOOL import_certs_from_path (LPCSTR path, HCERTSTORE store, BOOL allow_dir)
 
static BOOL import_certs_from_dir (LPCSTR path, HCERTSTORE store)
 
static void add_ms_root_certs (HCERTSTORE to)
 
static void read_trusted_roots_from_known_locations (HCERTSTORE store)
 
static HCERTSTORE create_root_store (void)
 
void CRYPT_ImportSystemRootCertsToReg (void)
 

Variables

static const char *const CRYPT_knownLocations []
 
static const BYTE authenticode []
 
static const BYTE rootauthority []
 
static const BYTE rootcertauthority []
 
static const BYTE rootcertauthority2010 []
 
static const BYTE rootcertauthority2011 []
 
static const struct CONST_BLOB msRootCerts []
 
static const WCHAR certs_root_pathW []
 
static const WCHAR semaphoreW []
 

Macro Definition Documentation

◆ INITIAL_CERT_BUFFER

#define INITIAL_CERT_BUFFER   1024

Definition at line 49 of file rootstore.c.

◆ WIN32_NO_STATUS

#define WIN32_NO_STATUS

Definition at line 38 of file rootstore.c.

Function Documentation

◆ add_line_to_buffer()

static BOOL add_line_to_buffer ( struct DynamicBuffer buffer,
LPCSTR  line 
)
static

Definition at line 64 of file rootstore.c.

65{
66 BOOL ret;
67
68 if (buffer->used + strlen(line) + 1 > buffer->allocated)
69 {
70 if (!buffer->allocated)
71 {
73 if (buffer->data)
74 {
75 buffer->data[0] = 0;
76 buffer->allocated = INITIAL_CERT_BUFFER;
77 }
78 }
79 else
80 {
81 DWORD new_size = max(buffer->allocated * 2,
82 buffer->used + strlen(line) + 1);
83
84 buffer->data = CryptMemRealloc(buffer->data, new_size);
85 if (buffer->data)
86 buffer->allocated = new_size;
87 }
88 }
89 if (buffer->data)
90 {
91 strcpy((char *)buffer->data + strlen((char *)buffer->data), line);
92 /* Not strlen + 1, otherwise we'd count the NULL for every line's
93 * addition (but we overwrite the previous NULL character.) Not an
94 * overrun, we allocate strlen + 1 bytes above.
95 */
96 buffer->used += strlen(line);
97 ret = TRUE;
98 }
99 else
100 ret = FALSE;
101 return ret;
102}
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
Definition: main.c:131
LPVOID WINAPI CryptMemRealloc(LPVOID pv, ULONG cbSize)
Definition: main.c:136
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
GLuint buffer
Definition: glext.h:5915
#define INITIAL_CERT_BUFFER
Definition: rootstore.c:49
Definition: parser.c:49
#define max(a, b)
Definition: svc.c:63
int ret

Referenced by import_base64_certs_from_fp().

◆ add_ms_root_certs()

static void add_ms_root_certs ( HCERTSTORE  to)
static

Definition at line 928 of file rootstore.c.

929{
930 DWORD i;
931
932 TRACE("\n");
933
934 for (i = 0; i < ARRAY_SIZE(msRootCerts); i++)
937 WARN("adding root cert %d failed: %08x\n", i, GetLastError());
938}
#define ARRAY_SIZE(A)
Definition: main.h:33
#define WARN(fmt,...)
Definition: debug.h:115
#define NULL
Definition: types.h:112
BOOL WINAPI CertAddEncodedCertificateToStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded, DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext)
Definition: cert.c:58
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
static HMODULE MODULEINFO DWORD cb
Definition: module.c:33
static const struct CONST_BLOB msRootCerts[]
#define TRACE(s)
Definition: solgame.cpp:4
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
#define CERT_STORE_ADD_NEW
Definition: wincrypt.h:2482

Referenced by create_root_store().

◆ check_and_store_certs()

static void check_and_store_certs ( HCERTSTORE  from,
HCERTSTORE  to 
)
static

Definition at line 238 of file rootstore.c.

239{
240 DWORD root_count = 0;
241 CERT_CHAIN_ENGINE_CONFIG chainEngineConfig =
242 { sizeof(chainEngineConfig), 0 };
243 HCERTCHAINENGINE engine;
244
245 TRACE("\n");
246
248 engine = CRYPT_CreateChainEngine(to, CERT_SYSTEM_STORE_CURRENT_USER, &chainEngineConfig);
249 if (engine)
250 {
252
253 do {
255 if (cert)
256 {
257 CERT_CHAIN_PARA chainPara = { sizeof(chainPara), { 0 } };
259 BOOL ret;
260
263 if (!ret)
264 TRACE("rejecting %s: %s\n", get_cert_common_name(cert),
265 "chain creation failed");
266 else
267 {
268 DWORD allowedErrors = CERT_TRUST_IS_UNTRUSTED_ROOT |
272
273 /* The certificate chain verification only allows certain
274 * invalid CA certs if they're installed locally: CA
275 * certs missing the key usage extension, and CA certs
276 * missing the basic constraints extension. Of course
277 * there's a chicken and egg problem: we have to accept
278 * them here in order for them to be accepted later.
279 * Expired, locally installed certs are also allowed here,
280 * because we don't know (yet) what date will be checked
281 * for an item signed by one of these certs.
282 * Thus, accept certs with any of the allowed errors.
283 */
284 if (chain->TrustStatus.dwErrorStatus & ~allowedErrors)
285 TRACE("rejecting %s: %s\n", get_cert_common_name(cert),
286 trust_status_to_str(chain->TrustStatus.dwErrorStatus &
288 else
289 {
290 DWORD i, j;
291
292 for (i = 0; i < chain->cChain; i++)
293 for (j = 0; j < chain->rgpChain[i]->cElement; j++)
295 chain->rgpChain[i]->rgpElement[j]->pCertContext,
297 root_count++;
298 }
300 }
301 }
302 } while (cert);
304 }
305 TRACE("Added %d root certificates\n", root_count);
306}
BOOL WINAPI CertAddCertificateContextToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT *ppStoreContext)
Definition: cert.c:286
BOOL WINAPI CertGetCertificateChain(HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved, PCCERT_CHAIN_CONTEXT *ppChainContext)
Definition: chain.c:2879
VOID WINAPI CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
Definition: chain.c:2960
void WINAPI CertFreeCertificateChainEngine(HCERTCHAINENGINE hChainEngine)
Definition: chain.c:249
HCERTCHAINENGINE CRYPT_CreateChainEngine(HCERTSTORE root, DWORD system_store, const CERT_CHAIN_ENGINE_CONFIG *config)
Definition: chain.c:115
HCERTSTORE WINAPI CertDuplicateStore(HCERTSTORE hCertStore)
Definition: store.c:1116
PCCERT_CONTEXT WINAPI CertEnumCertificatesInStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pPrev)
Definition: store.c:928
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
static BYTE cert[]
Definition: msg.c:1437
static const char * trust_status_to_str(DWORD status)
Definition: rootstore.c:157
static const char * get_cert_common_name(PCCERT_CONTEXT cert)
Definition: rootstore.c:211
CardRegion * from
Definition: spigame.cpp:19
struct sock * chain
Definition: tcpcore.h:1
#define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL
Definition: wincrypt.h:3618
#define CERT_TRUST_INVALID_BASIC_CONSTRAINTS
Definition: wincrypt.h:880
#define CERT_SYSTEM_STORE_CURRENT_USER
Definition: wincrypt.h:2324
#define CERT_TRUST_IS_NOT_VALID_FOR_USAGE
Definition: wincrypt.h:874
#define CERT_TRUST_IS_UNTRUSTED_ROOT
Definition: wincrypt.h:875
#define CERT_TRUST_IS_NOT_TIME_VALID
Definition: wincrypt.h:870

Referenced by read_trusted_roots_from_known_locations().

◆ create_root_store()

static HCERTSTORE create_root_store ( void  )
static

Definition at line 991 of file rootstore.c.

992{
993#ifdef __REACTOS__
995#endif
998
999 if (memStore)
1000 {
1001#ifdef __REACTOS__
1002 HCERTSTORE regStore;
1003 CERT_STORE_PROV_INFO provInfo = {
1004 sizeof(CERT_STORE_PROV_INFO),
1005 sizeof(rootProvFuncs) / sizeof(rootProvFuncs[0]),
1006 rootProvFuncs,
1007 NULL,
1008 0,
1009 NULL
1010 };
1011#endif
1012
1014 add_ms_root_certs(memStore);
1015#ifdef __REACTOS__
1016 root = CRYPT_ProvCreateStore(0, memStore, &provInfo);
1018 if (regStore)
1019 {
1022 CertAddStoreToCollection(collStore, regStore, 0, 0);
1023 CertAddStoreToCollection(collStore, root, 0, 0);
1024 root = collStore;
1025 }
1026#endif
1027 }
1028#ifdef __REACTOS__
1029 TRACE("returning %p\n", root);
1030 return root;
1031#else
1032 TRACE("returning %p\n", memStore);
1033 return memStore;
1034#endif
1035}
struct _root root
BOOL WINAPI CertAddStoreToCollection(HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore, DWORD dwUpdateFlags, DWORD dwPriority)
WINECRYPT_CERTSTORE * CRYPT_ProvCreateStore(DWORD dwFlags, WINECRYPT_CERTSTORE *memStore, const CERT_STORE_PROV_INFO *pProvInfo) DECLSPEC_HIDDEN
Definition: provstore.c:307
HCERTSTORE WINAPI CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
Definition: store.c:815
#define L(x)
Definition: ntvdm.h:50
static void add_ms_root_certs(HCERTSTORE to)
Definition: rootstore.c:928
static void read_trusted_roots_from_known_locations(HCERTSTORE store)
Definition: rootstore.c:945
struct _CERT_STORE_PROV_INFO CERT_STORE_PROV_INFO
#define CERT_STORE_PROV_COLLECTION
Definition: wincrypt.h:2261
#define CERT_STORE_CREATE_NEW_FLAG
Definition: wincrypt.h:2464
#define CERT_STORE_PROV_MEMORY
Definition: wincrypt.h:2251
#define CERT_SYSTEM_STORE_LOCAL_MACHINE
Definition: wincrypt.h:2326
#define CERT_STORE_PROV_SYSTEM_W
Definition: wincrypt.h:2259

Referenced by CRYPT_ImportSystemRootCertsToReg().

◆ CRYPT_ImportSystemRootCertsToReg()

void CRYPT_ImportSystemRootCertsToReg ( void  )

Definition at line 1044 of file rootstore.c.

1045{
1046 HCERTSTORE store = NULL;
1047 HKEY key;
1048 LONG rc;
1049 HANDLE hsem;
1050
1051 static BOOL root_certs_imported = FALSE;
1052
1053 if (root_certs_imported)
1054 return;
1055
1056 hsem = CreateSemaphoreW( NULL, 0, 1, semaphoreW);
1057 if (!hsem)
1058 {
1059 ERR("Failed to create semaphore\n");
1060 return;
1061 }
1062
1065 else
1066 {
1067 if ((store = create_root_store()))
1068 {
1070 KEY_ALL_ACCESS, NULL, &key, 0);
1071 if (!rc)
1072 {
1074 ERR("Failed to import system certs into registry, %08x\n", GetLastError());
1076 }
1077 CertCloseStore(store, 0);
1078 } else
1079 ERR("Failed to create root store\n");
1080 }
1081
1082 root_certs_imported = TRUE;
1083 ReleaseSemaphore(hsem, 1, NULL);
1084 CloseHandle(hsem);
1085}
#define ERR(fmt,...)
Definition: debug.h:113
#define RegCloseKey(hKey)
Definition: registry.h:49
BOOL CRYPT_SerializeContextsToReg(HKEY key, DWORD flags, const WINE_CONTEXT_INTERFACE *contextInterface, HCERTSTORE memStore) DECLSPEC_HIDDEN
Definition: regstore.c:208
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
Definition: reg.c:1096
const WINE_CONTEXT_INTERFACE * pCertInterface
Definition: store.c:54
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
Definition: store.c:1127
#define CloseHandle
Definition: compat.h:739
#define INFINITE
Definition: serial.h:102
#define ERROR_ALREADY_EXISTS
Definition: disk.h:80
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
#define REG_OPTION_VOLATILE
Definition: nt_native.h:1060
long LONG
Definition: pedump.c:60
static HCERTSTORE create_root_store(void)
Definition: rootstore.c:991
static const WCHAR certs_root_pathW[]
Definition: rootstore.c:1037
static const WCHAR semaphoreW[]
Definition: rootstore.c:1041
Definition: copy.c:22
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
HANDLE WINAPI DECLSPEC_HOTPATCH CreateSemaphoreW(IN LPSECURITY_ATTRIBUTES lpSemaphoreAttributes OPTIONAL, IN LONG lInitialCount, IN LONG lMaximumCount, IN LPCWSTR lpName OPTIONAL)
Definition: synch.c:444
BOOL WINAPI DECLSPEC_HOTPATCH ReleaseSemaphore(IN HANDLE hSemaphore, IN LONG lReleaseCount, IN LPLONG lpPreviousCount)
Definition: synch.c:542
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12

Referenced by CRYPT_SysRegOpenStoreW().

◆ get_cert_common_name()

static const char * get_cert_common_name ( PCCERT_CONTEXT  cert)
static

Definition at line 211 of file rootstore.c.

212{
213 static char buf[1024];
214 const char *name = NULL;
215 CERT_NAME_INFO *nameInfo;
216 DWORD size;
218 cert->pCertInfo->Subject.pbData, cert->pCertInfo->Subject.cbData,
220 &size);
221
222 if (ret)
223 {
225 nameInfo);
226
227 if (commonName)
228 {
229 CertRDNValueToStrA(commonName->dwValueType,
230 &commonName->Value, buf, sizeof(buf));
231 name = buf;
232 }
233 LocalFree(nameInfo);
234 }
235 return name;
236}
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
Definition: decode.c:6286
PCERT_RDN_ATTR WINAPI CertFindRDNAttr(LPCSTR pszObjId, PCERT_NAME_INFO pName)
Definition: cert.c:2051
DWORD WINAPI CertRDNValueToStrA(DWORD dwValueType, PCERT_RDN_VALUE_BLOB pValue, LPSTR psz, DWORD csz)
Definition: str.c:33
GLsizeiptr size
Definition: glext.h:5919
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
static const char commonName[]
Definition: encode.c:673
Definition: name.c:39
#define CRYPT_DECODE_NOCOPY_FLAG
Definition: wincrypt.h:3450
#define X509_NAME
Definition: wincrypt.h:3372
#define CRYPT_DECODE_ALLOC_FLAG
Definition: wincrypt.h:3454
#define szOID_COMMON_NAME
Definition: wincrypt.h:3134

Referenced by check_and_store_certs().

◆ import_base64_certs_from_fp()

static BOOL import_base64_certs_from_fp ( FILE fp,
HCERTSTORE  store 
)
static

Definition at line 107 of file rootstore.c.

108{
109 char line[1024];
110 BOOL in_cert = FALSE;
111 struct DynamicBuffer saved_cert = { 0, 0, NULL };
112 int num_certs = 0;
113
114 TRACE("\n");
115 while (fgets(line, sizeof(line), fp))
116 {
117 static const char header[] = "-----BEGIN CERTIFICATE-----";
118 static const char trailer[] = "-----END CERTIFICATE-----";
119
121 {
122 TRACE("begin new certificate\n");
123 in_cert = TRUE;
124 reset_buffer(&saved_cert);
125 }
126 else if (!strncmp(line, trailer, strlen(trailer)))
127 {
128 DWORD size;
129
130 TRACE("end of certificate, adding cert\n");
131 in_cert = FALSE;
132 if (CryptStringToBinaryA((char *)saved_cert.data, saved_cert.used,
134 {
136
137 if (buf)
138 {
139 CryptStringToBinaryA((char *)saved_cert.data,
140 saved_cert.used, CRYPT_STRING_BASE64, buf, &size, NULL,
141 NULL);
144 num_certs++;
146 }
147 }
148 }
149 else if (in_cert)
150 add_line_to_buffer(&saved_cert, line);
151 }
152 CryptMemFree(saved_cert.data);
153 TRACE("Read %d certs\n", num_certs);
154 return num_certs > 0;
155}
int strncmp(const char *String1, const char *String2, ACPI_SIZE Count)
Definition: utclib.c:534
BOOL WINAPI CryptStringToBinaryA(LPCSTR pszString, DWORD cchString, DWORD dwFlags, BYTE *pbBinary, DWORD *pcbBinary, DWORD *pdwSkip, DWORD *pdwFlags)
Definition: base64.c:772
VOID WINAPI CryptMemFree(LPVOID pv)
Definition: main.c:141
_Check_return_opt_ _CRTIMP char *__cdecl fgets(_Out_writes_z_(_MaxCount) char *_Buf, _In_ int _MaxCount, _Inout_ FILE *_File)
static BOOL add_line_to_buffer(struct DynamicBuffer *buffer, LPCSTR line)
Definition: rootstore.c:64
static void reset_buffer(struct DynamicBuffer *buffer)
Definition: rootstore.c:58
DWORD used
Definition: rootstore.c:54
BYTE * data
Definition: rootstore.c:55
unsigned char * LPBYTE
Definition: typedefs.h:53
#define CRYPT_STRING_BASE64
Definition: wincrypt.h:2985

Referenced by import_certs_from_file().

◆ import_certs_from_dir()

static BOOL import_certs_from_dir ( LPCSTR  path,
HCERTSTORE  store 
)
static

Definition at line 362 of file rootstore.c.

363{
364#ifdef HAVE_READDIR
365 BOOL ret = FALSE;
366 DIR *dir;
367
368 TRACE("(%s, %p)\n", debugstr_a(path), store);
369
370 dir = opendir(path);
371 if (dir)
372 {
373 size_t path_len = strlen(path), bufsize = 0;
374 char *filebuf = NULL;
375
376 struct dirent *entry;
377 while ((entry = readdir(dir)))
378 {
379 if (strcmp(entry->d_name, ".") && strcmp(entry->d_name, ".."))
380 {
381 size_t name_len = strlen(entry->d_name);
382
383 if (!check_buffer_resize(&filebuf, &bufsize, path_len + 1 + name_len + 1))
384 {
385 ERR("Path buffer (re)allocation failed with out of memory condition\n");
386 break;
387 }
388 snprintf(filebuf, bufsize, "%s/%s", path, entry->d_name);
389 if (import_certs_from_path(filebuf, store, FALSE) && !ret)
390 ret = TRUE;
391 }
392 }
394 closedir(dir);
395 }
396 return ret;
397#else
398 FIXME("not implemented without readdir available\n");
399 return FALSE;
400#endif
401}
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469
unsigned int dir
Definition: maze.c:112
#define FIXME(fmt,...)
Definition: debug.h:114
GLenum GLuint GLsizei bufsize
Definition: glext.h:7473
int __cdecl closedir(DIR *)
DIR *__cdecl opendir(const char *)
struct dirent *__cdecl readdir(DIR *)
uint32_t entry
Definition: isohybrid.c:63
#define debugstr_a
Definition: kernel32.h:31
static DWORD path_len
Definition: batch.c:31
static BOOL import_certs_from_path(LPCSTR path, HCERTSTORE store, BOOL allow_dir)
Definition: rootstore.c:407
Definition: dirent.h:40
Definition: fatfs.h:198
#define snprintf
Definition: wintirpc.h:48

Referenced by import_certs_from_path().

◆ import_certs_from_file()

static BOOL import_certs_from_file ( int  fd,
HCERTSTORE  store 
)
static

Definition at line 311 of file rootstore.c.

312{
313 BOOL ret = FALSE;
314 FILE *fp;
315
316 TRACE("\n");
317
318 fp = fdopen(fd, "r");
319 if (fp)
320 {
321 ret = import_base64_certs_from_fp(fp, store);
322 fclose(fp);
323 }
324 return ret;
325}
_Check_return_ _CRTIMP FILE *__cdecl fdopen(_In_ int _FileHandle, _In_z_ const char *_Format)
_Check_return_opt_ _CRTIMP int __cdecl fclose(_Inout_ FILE *_File)
static BOOL import_base64_certs_from_fp(FILE *fp, HCERTSTORE store)
Definition: rootstore.c:107
static int fd
Definition: io.c:51

Referenced by import_certs_from_path().

◆ import_certs_from_path()

static BOOL import_certs_from_path ( LPCSTR  path,
HCERTSTORE  store,
BOOL  allow_dir 
)
static

Definition at line 407 of file rootstore.c.

409{
410 BOOL ret = FALSE;
411 int fd;
412
413 TRACE("(%s, %p, %d)\n", debugstr_a(path), store, allow_dir);
414
415 fd = open(path, O_RDONLY);
416 if (fd != -1)
417 {
418 struct stat st;
419
420 if (fstat(fd, &st) == 0)
421 {
422 if (S_ISREG(st.st_mode))
423 ret = import_certs_from_file(fd, store);
424 else if (S_ISDIR(st.st_mode))
425 {
426 if (allow_dir)
428 else
429 WARN("%s is a directory and directories are disallowed\n",
431 }
432 else
433 ERR("%s: invalid file type\n", path);
434 }
435 close(fd);
436 }
437 return ret;
438}
#define O_RDONLY
Definition: acwin.h:108
#define open
Definition: acwin.h:95
#define close
Definition: acwin.h:98
#define fstat
Definition: acwin.h:100
#define S_ISDIR(mode)
Definition: various.h:18
#define S_ISREG(mode)
Definition: various.h:17
static BOOL import_certs_from_file(int fd, HCERTSTORE store)
Definition: rootstore.c:311
static BOOL import_certs_from_dir(LPCSTR path, HCERTSTORE store)
Definition: rootstore.c:362
Definition: stat.h:55

Referenced by import_certs_from_dir(), and read_trusted_roots_from_known_locations().

◆ read_trusted_roots_from_known_locations()

static void read_trusted_roots_from_known_locations ( HCERTSTORE  store)
static

Definition at line 945 of file rootstore.c.

946{
949
950 if (from)
951 {
952 DWORD i;
953 BOOL ret = FALSE;
954
955#ifdef HAVE_SECURITY_SECURITY_H
956 OSStatus status;
957 CFArrayRef rootCerts;
958
959 status = SecTrustCopyAnchorCertificates(&rootCerts);
960 if (status == noErr)
961 {
962 int i;
963 for (i = 0; i < CFArrayGetCount(rootCerts); i++)
964 {
965 SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(rootCerts, i);
966 CFDataRef certData;
967 if ((status = SecKeychainItemExport(cert, kSecFormatX509Cert, 0, NULL, &certData)) == noErr)
968 {
970 CFDataGetBytePtr(certData), CFDataGetLength(certData),
972 ret = TRUE;
973 else
974 WARN("adding root cert %d failed: %08x\n", i, GetLastError());
975 CFRelease(certData);
976 }
977 else
978 WARN("could not export certificate %d to X509 format: 0x%08x\n", i, (unsigned int)status);
979 }
980 CFRelease(rootCerts);
981 }
982#endif
983
984 for (i = 0; !ret && i < ARRAY_SIZE(CRYPT_knownLocations); i++)
987 }
989}
static const char *const CRYPT_knownLocations[]
Definition: rootstore.c:491
static void check_and_store_certs(HCERTSTORE from, HCERTSTORE to)
Definition: rootstore.c:238
Definition: ps.c:97

Referenced by create_root_store().

◆ reset_buffer()

static void reset_buffer ( struct DynamicBuffer buffer)
inlinestatic

Definition at line 58 of file rootstore.c.

59{
60 buffer->used = 0;
61 if (buffer->data) buffer->data[0] = 0;
62}

Referenced by import_base64_certs_from_fp().

◆ trust_status_to_str()

static const char * trust_status_to_str ( DWORD  status)
static

Definition at line 157 of file rootstore.c.

158{
159 static char buf[1024];
160 int pos = 0;
161
163 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\texpired");
165 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad time nesting");
167 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\trevoked");
169 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad signature");
171 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad usage");
173 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tuntrusted root");
175 pos += snprintf(buf + pos, sizeof(buf) - pos,
176 "\n\tunknown revocation status");
178 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tcyclic chain");
180 pos += snprintf(buf + pos, sizeof(buf) - pos,
181 "\n\tunsupported critical extension");
183 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad policy");
185 pos += snprintf(buf + pos, sizeof(buf) - pos,
186 "\n\tbad basic constraints");
188 pos += snprintf(buf + pos, sizeof(buf) - pos,
189 "\n\tbad name constraints");
191 pos += snprintf(buf + pos, sizeof(buf) - pos,
192 "\n\tunsupported name constraint");
194 pos += snprintf(buf + pos, sizeof(buf) - pos,
195 "\n\tundefined name constraint");
197 pos += snprintf(buf + pos, sizeof(buf) - pos,
198 "\n\tdisallowed name constraint");
200 pos += snprintf(buf + pos, sizeof(buf) - pos,
201 "\n\texcluded name constraint");
203 pos += snprintf(buf + pos, sizeof(buf) - pos,
204 "\n\trevocation server offline");
206 pos += snprintf(buf + pos, sizeof(buf) - pos,
207 "\n\tno issuance policy");
208 return buf;
209}
#define CERT_TRUST_IS_REVOKED
Definition: wincrypt.h:872
#define CERT_TRUST_INVALID_POLICY_CONSTRAINTS
Definition: wincrypt.h:879
#define CERT_TRUST_REVOCATION_STATUS_UNKNOWN
Definition: wincrypt.h:876
#define CERT_TRUST_IS_CYCLIC
Definition: wincrypt.h:877
#define CERT_TRUST_INVALID_EXTENSION
Definition: wincrypt.h:878
#define CERT_TRUST_IS_NOT_TIME_NESTED
Definition: wincrypt.h:871
#define CERT_TRUST_IS_OFFLINE_REVOCATION
Definition: wincrypt.h:886
#define CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY
Definition: wincrypt.h:887
#define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT
Definition: wincrypt.h:884
#define CERT_TRUST_INVALID_NAME_CONSTRAINTS
Definition: wincrypt.h:881
#define CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT
Definition: wincrypt.h:883
#define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT
Definition: wincrypt.h:885
#define CERT_TRUST_IS_NOT_SIGNATURE_VALID
Definition: wincrypt.h:873
#define CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT
Definition: wincrypt.h:882

Referenced by check_and_store_certs().

◆ WINE_DEFAULT_DEBUG_CHANNEL()

WINE_DEFAULT_DEBUG_CHANNEL ( crypt  )

Variable Documentation

◆ authenticode

const BYTE authenticode[]
static

Definition at line 501 of file rootstore.c.

◆ certs_root_pathW

const WCHAR certs_root_pathW[]
static
Initial value:
=
{'S','o','f','t','w','a','r','e','\\','M','i','c','r','o','s','o','f','t','\\',
'S','y','s','t','e','m','C','e','r','t','i','f','i','c','a','t','e','s','\\',
'R','o','o','t','\\', 'C','e','r','t','i','f','i','c','a','t','e','s', 0}

Definition at line 1037 of file rootstore.c.

Referenced by CRYPT_ImportSystemRootCertsToReg().

◆ CRYPT_knownLocations

const char* const CRYPT_knownLocations[]
static
Initial value:
= {
"/etc/ssl/certs/ca-certificates.crt",
"/etc/ssl/certs",
"/etc/pki/tls/certs/ca-bundle.crt",
"/usr/share/ca-certificates/ca-bundle.crt",
"/usr/local/share/certs/",
"/etc/sfw/openssl/certs",
"/etc/security/cacerts",
}

Definition at line 491 of file rootstore.c.

Referenced by read_trusted_roots_from_known_locations().

◆ msRootCerts

const struct CONST_BLOB msRootCerts[]
static
Initial value:
= {
{ authenticode, sizeof(authenticode) },
}
static const BYTE authenticode[]
Definition: rootstore.c:501
static const BYTE rootcertauthority2011[]
Definition: rootstore.c:819
static const BYTE rootcertauthority[]
Definition: rootstore.c:631
static const BYTE rootauthority[]
Definition: rootstore.c:564
static const BYTE rootcertauthority2010[]
Definition: rootstore.c:722

Referenced by add_ms_root_certs().

◆ rootauthority

const BYTE rootauthority[]
static

Definition at line 564 of file rootstore.c.

◆ rootcertauthority

const BYTE rootcertauthority[]
static

Definition at line 631 of file rootstore.c.

◆ rootcertauthority2010

const BYTE rootcertauthority2010[]
static

Definition at line 722 of file rootstore.c.

◆ rootcertauthority2011

const BYTE rootcertauthority2011[]
static

Definition at line 819 of file rootstore.c.

◆ semaphoreW

const WCHAR semaphoreW[]
static
Initial value:
=
{'c','r','y','p','t','3','2','_','r','o','o','t','_','s','e','m','a','p','h','o','r','e',0}

Definition at line 1041 of file rootstore.c.

Referenced by CRYPT_ImportSystemRootCertsToReg().