ReactOS 0.4.15-dev-7942-gd23573b
Classes | Macros | Functions | Variables
rootstore.c File Reference
#include "config.h"
#include <stdarg.h>
#include <stdio.h>
#include <sys/types.h>
#include <fcntl.h>
#include <errno.h>
#include <limits.h>
#include "ntstatus.h"
#include "windef.h"
#include "winbase.h"
#include "winreg.h"
#include "wincrypt.h"
#include "wine/winternl.h"
#include "wine/debug.h"
#include "crypt32_private.h"
Include dependency graph for rootstore.c:

Go to the source code of this file.

Classes

struct  DynamicBuffer
 
struct  CONST_BLOB
 

Macros

#define WIN32_NO_STATUS
 
#define INITIAL_CERT_BUFFER   1024
 

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (crypt)
 
static void reset_buffer (struct DynamicBuffer *buffer)
 
static BOOL add_line_to_buffer (struct DynamicBuffer *buffer, LPCSTR line)
 
static BOOL import_base64_certs_from_fp (FILE *fp, HCERTSTORE store)
 
static const chartrust_status_to_str (DWORD status)
 
static const charget_cert_common_name (PCCERT_CONTEXT cert)
 
static void check_and_store_certs (HCERTSTORE from, HCERTSTORE to)
 
static BOOL import_certs_from_file (int fd, HCERTSTORE store)
 
static BOOL import_certs_from_path (LPCSTR path, HCERTSTORE store, BOOL allow_dir)
 
static BOOL import_certs_from_dir (LPCSTR path, HCERTSTORE store)
 
static void add_ms_root_certs (HCERTSTORE to)
 
static void read_trusted_roots_from_known_locations (HCERTSTORE store)
 
static HCERTSTORE create_root_store (void)
 
void CRYPT_ImportSystemRootCertsToReg (void)
 

Variables

static const char *const CRYPT_knownLocations []
 
static const BYTE authenticode []
 
static const BYTE rootauthority []
 
static const BYTE rootcertauthority []
 
static const BYTE rootcertauthority2010 []
 
static const BYTE rootcertauthority2011 []
 
static const struct CONST_BLOB msRootCerts []
 
static const WCHAR certs_root_pathW []
 
static const WCHAR semaphoreW []
 

Macro Definition Documentation

◆ INITIAL_CERT_BUFFER

#define INITIAL_CERT_BUFFER   1024

Definition at line 49 of file rootstore.c.

◆ WIN32_NO_STATUS

#define WIN32_NO_STATUS

Definition at line 38 of file rootstore.c.

Function Documentation

◆ add_line_to_buffer()

static BOOL add_line_to_buffer ( struct DynamicBuffer buffer,
LPCSTR  line 
)
static

Definition at line 64 of file rootstore.c.

65{
66 BOOL ret;
67
68 if (buffer->used + strlen(line) + 1 > buffer->allocated)
69 {
70 if (!buffer->allocated)
71 {
72 buffer->data = CryptMemAlloc(INITIAL_CERT_BUFFER);
73 if (buffer->data)
74 {
75 buffer->data[0] = 0;
76 buffer->allocated = INITIAL_CERT_BUFFER;
77 }
78 }
79 else
80 {
81 DWORD new_size = max(buffer->allocated * 2,
82 buffer->used + strlen(line) + 1);
83
84 buffer->data = CryptMemRealloc(buffer->data, new_size);
85 if (buffer->data)
86 buffer->allocated = new_size;
87 }
88 }
89 if (buffer->data)
90 {
91 strcpy((char *)buffer->data + strlen((char *)buffer->data), line);
92 /* Not strlen + 1, otherwise we'd count the NULL for every line's
93 * addition (but we overwrite the previous NULL character.) Not an
94 * overrun, we allocate strlen + 1 bytes above.
95 */
96 buffer->used += strlen(line);
97 ret = TRUE;
98 }
99 else
100 ret = FALSE;
101 return ret;
102}
strlen
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
strcpy
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
CryptMemAlloc
LPVOID WINAPI CryptMemAlloc(ULONG cbSize)
Definition: main.c:131
CryptMemRealloc
LPVOID WINAPI CryptMemRealloc(LPVOID pv, ULONG cbSize)
Definition: main.c:136
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
buffer
GLuint buffer
Definition: glext.h:5915
INITIAL_CERT_BUFFER
#define INITIAL_CERT_BUFFER
Definition: rootstore.c:49
line
Definition: parser.c:49
max
#define max(a, b)
Definition: svc.c:63
ret
int ret
Definition: wcstombs-tests.c:31

Referenced by import_base64_certs_from_fp().

◆ add_ms_root_certs()

static void add_ms_root_certs ( HCERTSTORE  to)
static

Definition at line 928 of file rootstore.c.

929{
930 DWORD i;
931
932 TRACE("\n");
933
934 for (i = 0; i < ARRAY_SIZE(msRootCerts); i++)
935 if (!CertAddEncodedCertificateToStore(to, X509_ASN_ENCODING,
936 msRootCerts[i].pb, msRootCerts[i].cb, CERT_STORE_ADD_NEW, NULL))
937 WARN("adding root cert %d failed: %08x\n", i, GetLastError());
938}
ARRAY_SIZE
#define ARRAY_SIZE(A)
Definition: main.h:33
WARN
#define WARN(fmt,...)
Definition: debug.h:112
NULL
#define NULL
Definition: types.h:112
CertAddEncodedCertificateToStore
BOOL WINAPI CertAddEncodedCertificateToStore(HCERTSTORE hCertStore, DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded, DWORD dwAddDisposition, PCCERT_CONTEXT *ppCertContext)
Definition: cert.c:58
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
cb
static HMODULE MODULEINFO DWORD cb
Definition: module.c:33
msRootCerts
static const struct CONST_BLOB msRootCerts[]
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
X509_ASN_ENCODING
#define X509_ASN_ENCODING
Definition: wincrypt.h:2297
CERT_STORE_ADD_NEW
#define CERT_STORE_ADD_NEW
Definition: wincrypt.h:2482

Referenced by create_root_store().

◆ check_and_store_certs()

static void check_and_store_certs ( HCERTSTORE  from,
HCERTSTORE  to 
)
static

Definition at line 238 of file rootstore.c.

239{
240 DWORD root_count = 0;
241 CERT_CHAIN_ENGINE_CONFIG chainEngineConfig =
242 { sizeof(chainEngineConfig), 0 };
243 HCERTCHAINENGINE engine;
244
245 TRACE("\n");
246
247 CertDuplicateStore(to);
248 engine = CRYPT_CreateChainEngine(to, CERT_SYSTEM_STORE_CURRENT_USER, &chainEngineConfig);
249 if (engine)
250 {
251 PCCERT_CONTEXT cert = NULL;
252
253 do {
254 cert = CertEnumCertificatesInStore(from, cert);
255 if (cert)
256 {
257 CERT_CHAIN_PARA chainPara = { sizeof(chainPara), { 0 } };
258 PCCERT_CHAIN_CONTEXT chain;
259 BOOL ret;
260
261 ret = CertGetCertificateChain(engine, cert, NULL, from,
262 &chainPara, CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL, NULL, &chain);
263 if (!ret)
264 TRACE("rejecting %s: %s\n", get_cert_common_name(cert),
265 "chain creation failed");
266 else
267 {
268 DWORD allowedErrors = CERT_TRUST_IS_UNTRUSTED_ROOT |
269 CERT_TRUST_IS_NOT_VALID_FOR_USAGE |
270 CERT_TRUST_INVALID_BASIC_CONSTRAINTS |
271 CERT_TRUST_IS_NOT_TIME_VALID;
272
273 /* The certificate chain verification only allows certain
274 * invalid CA certs if they're installed locally: CA
275 * certs missing the key usage extension, and CA certs
276 * missing the basic constraints extension. Of course
277 * there's a chicken and egg problem: we have to accept
278 * them here in order for them to be accepted later.
279 * Expired, locally installed certs are also allowed here,
280 * because we don't know (yet) what date will be checked
281 * for an item signed by one of these certs.
282 * Thus, accept certs with any of the allowed errors.
283 */
284 if (chain->TrustStatus.dwErrorStatus & ~allowedErrors)
285 TRACE("rejecting %s: %s\n", get_cert_common_name(cert),
286 trust_status_to_str(chain->TrustStatus.dwErrorStatus &
287 ~CERT_TRUST_IS_UNTRUSTED_ROOT));
288 else
289 {
290 DWORD i, j;
291
292 for (i = 0; i < chain->cChain; i++)
293 for (j = 0; j < chain->rgpChain[i]->cElement; j++)
294 if (CertAddCertificateContextToStore(to,
295 chain->rgpChain[i]->rgpElement[j]->pCertContext,
296 CERT_STORE_ADD_NEW, NULL))
297 root_count++;
298 }
299 CertFreeCertificateChain(chain);
300 }
301 }
302 } while (cert);
303 CertFreeCertificateChainEngine(engine);
304 }
305 TRACE("Added %d root certificates\n", root_count);
306}
CertAddCertificateContextToStore
BOOL WINAPI CertAddCertificateContextToStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pCertContext, DWORD dwAddDisposition, PCCERT_CONTEXT *ppStoreContext)
Definition: cert.c:286
CertGetCertificateChain
BOOL WINAPI CertGetCertificateChain(HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved, PCCERT_CHAIN_CONTEXT *ppChainContext)
Definition: chain.c:2879
CertFreeCertificateChain
VOID WINAPI CertFreeCertificateChain(PCCERT_CHAIN_CONTEXT pChainContext)
Definition: chain.c:2960
CertFreeCertificateChainEngine
void WINAPI CertFreeCertificateChainEngine(HCERTCHAINENGINE hChainEngine)
Definition: chain.c:249
CRYPT_CreateChainEngine
HCERTCHAINENGINE CRYPT_CreateChainEngine(HCERTSTORE root, DWORD system_store, const CERT_CHAIN_ENGINE_CONFIG *config)
Definition: chain.c:115
CertDuplicateStore
HCERTSTORE WINAPI CertDuplicateStore(HCERTSTORE hCertStore)
Definition: store.c:1116
CertEnumCertificatesInStore
PCCERT_CONTEXT WINAPI CertEnumCertificatesInStore(HCERTSTORE hCertStore, PCCERT_CONTEXT pPrev)
Definition: store.c:928
j
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
cert
static BYTE cert[]
Definition: msg.c:1437
trust_status_to_str
static const char * trust_status_to_str(DWORD status)
Definition: rootstore.c:157
get_cert_common_name
static const char * get_cert_common_name(PCCERT_CONTEXT cert)
Definition: rootstore.c:211
from
CardRegion * from
Definition: spigame.cpp:19
_CERT_CHAIN_CONTEXT
Definition: wincrypt.h:937
_CERT_CHAIN_ENGINE_CONFIG
Definition: wincrypt.h:3624
_CERT_CHAIN_PARA
Definition: wincrypt.h:1068
_CERT_CONTEXT
Definition: wincrypt.h:478
chain
struct sock * chain
Definition: tcpcore.h:1
CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL
#define CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL
Definition: wincrypt.h:3618
CERT_TRUST_INVALID_BASIC_CONSTRAINTS
#define CERT_TRUST_INVALID_BASIC_CONSTRAINTS
Definition: wincrypt.h:880
CERT_SYSTEM_STORE_CURRENT_USER
#define CERT_SYSTEM_STORE_CURRENT_USER
Definition: wincrypt.h:2324
CERT_TRUST_IS_NOT_VALID_FOR_USAGE
#define CERT_TRUST_IS_NOT_VALID_FOR_USAGE
Definition: wincrypt.h:874
CERT_TRUST_IS_UNTRUSTED_ROOT
#define CERT_TRUST_IS_UNTRUSTED_ROOT
Definition: wincrypt.h:875
CERT_TRUST_IS_NOT_TIME_VALID
#define CERT_TRUST_IS_NOT_TIME_VALID
Definition: wincrypt.h:870

Referenced by read_trusted_roots_from_known_locations().

◆ create_root_store()

static HCERTSTORE create_root_store ( void  )
static

Definition at line 991 of file rootstore.c.

992{
993#ifdef __REACTOS__
994 HCERTSTORE root = NULL;
995#endif
996 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
997 X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
998
999 if (memStore)
1000 {
1001#ifdef __REACTOS__
1002 HCERTSTORE regStore;
1003 CERT_STORE_PROV_INFO provInfo = {
1004 sizeof(CERT_STORE_PROV_INFO),
1005 sizeof(rootProvFuncs) / sizeof(rootProvFuncs[0]),
1006 rootProvFuncs,
1007 NULL,
1008 0,
1009 NULL
1010 };
1011#endif
1012
1013 read_trusted_roots_from_known_locations(memStore);
1014 add_ms_root_certs(memStore);
1015#ifdef __REACTOS__
1016 root = CRYPT_ProvCreateStore(0, memStore, &provInfo);
1017 regStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W, 0, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"AuthRoot");
1018 if (regStore)
1019 {
1020 HCERTSTORE collStore = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
1021 CERT_STORE_CREATE_NEW_FLAG, NULL);
1022 CertAddStoreToCollection(collStore, regStore, 0, 0);
1023 CertAddStoreToCollection(collStore, root, 0, 0);
1024 root = collStore;
1025 }
1026#endif
1027 }
1028#ifdef __REACTOS__
1029 TRACE("returning %p\n", root);
1030 return root;
1031#else
1032 TRACE("returning %p\n", memStore);
1033 return memStore;
1034#endif
1035}
root
struct _root root
CertAddStoreToCollection
BOOL WINAPI CertAddStoreToCollection(HCERTSTORE hCollectionStore, HCERTSTORE hSiblingStore, DWORD dwUpdateFlags, DWORD dwPriority)
Definition: collectionstore.c:489
CRYPT_ProvCreateStore
WINECRYPT_CERTSTORE * CRYPT_ProvCreateStore(DWORD dwFlags, WINECRYPT_CERTSTORE *memStore, const CERT_STORE_PROV_INFO *pProvInfo) DECLSPEC_HIDDEN
Definition: provstore.c:307
CertOpenStore
HCERTSTORE WINAPI CertOpenStore(LPCSTR lpszStoreProvider, DWORD dwMsgAndCertEncodingType, HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const void *pvPara)
Definition: store.c:815
L
#define L(x)
Definition: ntvdm.h:50
add_ms_root_certs
static void add_ms_root_certs(HCERTSTORE to)
Definition: rootstore.c:928
read_trusted_roots_from_known_locations
static void read_trusted_roots_from_known_locations(HCERTSTORE store)
Definition: rootstore.c:945
_CERT_STORE_PROV_INFO
Definition: wincrypt.h:1146
_root
Definition: btrfs_drv.h:450
CERT_STORE_PROV_INFO
struct _CERT_STORE_PROV_INFO CERT_STORE_PROV_INFO
CERT_STORE_PROV_COLLECTION
#define CERT_STORE_PROV_COLLECTION
Definition: wincrypt.h:2261
CERT_STORE_CREATE_NEW_FLAG
#define CERT_STORE_CREATE_NEW_FLAG
Definition: wincrypt.h:2464
CERT_STORE_PROV_MEMORY
#define CERT_STORE_PROV_MEMORY
Definition: wincrypt.h:2251
CERT_SYSTEM_STORE_LOCAL_MACHINE
#define CERT_SYSTEM_STORE_LOCAL_MACHINE
Definition: wincrypt.h:2326
CERT_STORE_PROV_SYSTEM_W
#define CERT_STORE_PROV_SYSTEM_W
Definition: wincrypt.h:2259

Referenced by CRYPT_ImportSystemRootCertsToReg().

◆ CRYPT_ImportSystemRootCertsToReg()

void CRYPT_ImportSystemRootCertsToReg ( void  )

Definition at line 1044 of file rootstore.c.

1045{
1046 HCERTSTORE store = NULL;
1047 HKEY key;
1048 LONG rc;
1049 HANDLE hsem;
1050
1051 static BOOL root_certs_imported = FALSE;
1052
1053 if (root_certs_imported)
1054 return;
1055
1056 hsem = CreateSemaphoreW( NULL, 0, 1, semaphoreW);
1057 if (!hsem)
1058 {
1059 ERR("Failed to create semaphore\n");
1060 return;
1061 }
1062
1063 if(GetLastError() == ERROR_ALREADY_EXISTS)
1064 WaitForSingleObject(hsem, INFINITE);
1065 else
1066 {
1067 if ((store = create_root_store()))
1068 {
1069 rc = RegCreateKeyExW(HKEY_LOCAL_MACHINE, certs_root_pathW, 0, NULL, 0,
1070 KEY_ALL_ACCESS, NULL, &key, 0);
1071 if (!rc)
1072 {
1073 if (!CRYPT_SerializeContextsToReg(key, REG_OPTION_VOLATILE, pCertInterface, store))
1074 ERR("Failed to import system certs into registry, %08x\n", GetLastError());
1075 RegCloseKey(key);
1076 }
1077 CertCloseStore(store, 0);
1078 } else
1079 ERR("Failed to create root store\n");
1080 }
1081
1082 root_certs_imported = TRUE;
1083 ReleaseSemaphore(hsem, 1, NULL);
1084 CloseHandle(hsem);
1085}
ERR
#define ERR(fmt,...)
Definition: debug.h:110
RegCloseKey
#define RegCloseKey(hKey)
Definition: registry.h:49
CRYPT_SerializeContextsToReg
BOOL CRYPT_SerializeContextsToReg(HKEY key, DWORD flags, const WINE_CONTEXT_INTERFACE *contextInterface, HCERTSTORE memStore) DECLSPEC_HIDDEN
Definition: regstore.c:208
RegCreateKeyExW
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
Definition: reg.c:1096
pCertInterface
const WINE_CONTEXT_INTERFACE * pCertInterface
Definition: store.c:54
CertCloseStore
BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
Definition: store.c:1127
CloseHandle
#define CloseHandle
Definition: compat.h:739
INFINITE
#define INFINITE
Definition: serial.h:102
ERROR_ALREADY_EXISTS
#define ERROR_ALREADY_EXISTS
Definition: disk.h:80
KEY_ALL_ACCESS
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
REG_OPTION_VOLATILE
#define REG_OPTION_VOLATILE
Definition: nt_native.h:1060
LONG
long LONG
Definition: pedump.c:60
create_root_store
static HCERTSTORE create_root_store(void)
Definition: rootstore.c:991
certs_root_pathW
static const WCHAR certs_root_pathW[]
Definition: rootstore.c:1037
semaphoreW
static const WCHAR semaphoreW[]
Definition: rootstore.c:1041
key
Definition: copy.c:22
WaitForSingleObject
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
CreateSemaphoreW
HANDLE WINAPI DECLSPEC_HOTPATCH CreateSemaphoreW(IN LPSECURITY_ATTRIBUTES lpSemaphoreAttributes OPTIONAL, IN LONG lInitialCount, IN LONG lMaximumCount, IN LPCWSTR lpName OPTIONAL)
Definition: synch.c:444
ReleaseSemaphore
BOOL WINAPI DECLSPEC_HOTPATCH ReleaseSemaphore(IN HANDLE hSemaphore, IN LONG lReleaseCount, IN LPLONG lpPreviousCount)
Definition: synch.c:542
HKEY_LOCAL_MACHINE
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12

Referenced by CRYPT_SysRegOpenStoreW().

◆ get_cert_common_name()

static const char * get_cert_common_name ( PCCERT_CONTEXT  cert)
static

Definition at line 211 of file rootstore.c.

212{
213 static char buf[1024];
214 const char *name = NULL;
215 CERT_NAME_INFO *nameInfo;
216 DWORD size;
217 BOOL ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME,
218 cert->pCertInfo->Subject.pbData, cert->pCertInfo->Subject.cbData,
219 CRYPT_DECODE_NOCOPY_FLAG | CRYPT_DECODE_ALLOC_FLAG, NULL, &nameInfo,
220 &size);
221
222 if (ret)
223 {
224 PCERT_RDN_ATTR commonName = CertFindRDNAttr(szOID_COMMON_NAME,
225 nameInfo);
226
227 if (commonName)
228 {
229 CertRDNValueToStrA(commonName->dwValueType,
230 &commonName->Value, buf, sizeof(buf));
231 name = buf;
232 }
233 LocalFree(nameInfo);
234 }
235 return name;
236}
CryptDecodeObjectEx
BOOL WINAPI CryptDecodeObjectEx(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
Definition: decode.c:6286
CertFindRDNAttr
PCERT_RDN_ATTR WINAPI CertFindRDNAttr(LPCSTR pszObjId, PCERT_NAME_INFO pName)
Definition: cert.c:2051
CertRDNValueToStrA
DWORD WINAPI CertRDNValueToStrA(DWORD dwValueType, PCERT_RDN_VALUE_BLOB pValue, LPSTR psz, DWORD csz)
Definition: str.c:33
size
GLsizeiptr size
Definition: glext.h:5919
buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
commonName
static const char commonName[]
Definition: encode.c:673
_CERT_NAME_INFO
Definition: wincrypt.h:266
_CERT_RDN_ATTR
Definition: wincrypt.h:255
name
Definition: name.c:39
CRYPT_DECODE_NOCOPY_FLAG
#define CRYPT_DECODE_NOCOPY_FLAG
Definition: wincrypt.h:3450
X509_NAME
#define X509_NAME
Definition: wincrypt.h:3372
CRYPT_DECODE_ALLOC_FLAG
#define CRYPT_DECODE_ALLOC_FLAG
Definition: wincrypt.h:3454
szOID_COMMON_NAME
#define szOID_COMMON_NAME
Definition: wincrypt.h:3134

Referenced by check_and_store_certs().

◆ import_base64_certs_from_fp()

static BOOL import_base64_certs_from_fp ( FILE fp,
HCERTSTORE  store 
)
static

Definition at line 107 of file rootstore.c.

108{
109 char line[1024];
110 BOOL in_cert = FALSE;
111 struct DynamicBuffer saved_cert = { 0, 0, NULL };
112 int num_certs = 0;
113
114 TRACE("\n");
115 while (fgets(line, sizeof(line), fp))
116 {
117 static const char header[] = "-----BEGIN CERTIFICATE-----";
118 static const char trailer[] = "-----END CERTIFICATE-----";
119
120 if (!strncmp(line, header, strlen(header)))
121 {
122 TRACE("begin new certificate\n");
123 in_cert = TRUE;
124 reset_buffer(&saved_cert);
125 }
126 else if (!strncmp(line, trailer, strlen(trailer)))
127 {
128 DWORD size;
129
130 TRACE("end of certificate, adding cert\n");
131 in_cert = FALSE;
132 if (CryptStringToBinaryA((char *)saved_cert.data, saved_cert.used,
133 CRYPT_STRING_BASE64, NULL, &size, NULL, NULL))
134 {
135 LPBYTE buf = CryptMemAlloc(size);
136
137 if (buf)
138 {
139 CryptStringToBinaryA((char *)saved_cert.data,
140 saved_cert.used, CRYPT_STRING_BASE64, buf, &size, NULL,
141 NULL);
142 if (CertAddEncodedCertificateToStore(store,
143 X509_ASN_ENCODING, buf, size, CERT_STORE_ADD_NEW, NULL))
144 num_certs++;
145 CryptMemFree(buf);
146 }
147 }
148 }
149 else if (in_cert)
150 add_line_to_buffer(&saved_cert, line);
151 }
152 CryptMemFree(saved_cert.data);
153 TRACE("Read %d certs\n", num_certs);
154 return num_certs > 0;
155}
strncmp
int strncmp(const char *String1, const char *String2, ACPI_SIZE Count)
Definition: utclib.c:534
CryptStringToBinaryA
BOOL WINAPI CryptStringToBinaryA(LPCSTR pszString, DWORD cchString, DWORD dwFlags, BYTE *pbBinary, DWORD *pcbBinary, DWORD *pdwSkip, DWORD *pdwFlags)
Definition: base64.c:772
CryptMemFree
VOID WINAPI CryptMemFree(LPVOID pv)
Definition: main.c:141
fgets
_Check_return_opt_ _CRTIMP char *__cdecl fgets(_Out_writes_z_(_MaxCount) char *_Buf, _In_ int _MaxCount, _Inout_ FILE *_File)
add_line_to_buffer
static BOOL add_line_to_buffer(struct DynamicBuffer *buffer, LPCSTR line)
Definition: rootstore.c:64
reset_buffer
static void reset_buffer(struct DynamicBuffer *buffer)
Definition: rootstore.c:58
DynamicBuffer::used
DWORD used
Definition: rootstore.c:54
DynamicBuffer::data
BYTE * data
Definition: rootstore.c:55
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53
CRYPT_STRING_BASE64
#define CRYPT_STRING_BASE64
Definition: wincrypt.h:2985

Referenced by import_certs_from_file().

◆ import_certs_from_dir()

static BOOL import_certs_from_dir ( LPCSTR  path,
HCERTSTORE  store 
)
static

Definition at line 362 of file rootstore.c.

363{
364#ifdef HAVE_READDIR
365 BOOL ret = FALSE;
366 DIR *dir;
367
368 TRACE("(%s, %p)\n", debugstr_a(path), store);
369
370 dir = opendir(path);
371 if (dir)
372 {
373 size_t path_len = strlen(path), bufsize = 0;
374 char *filebuf = NULL;
375
376 struct dirent *entry;
377 while ((entry = readdir(dir)))
378 {
379 if (strcmp(entry->d_name, ".") && strcmp(entry->d_name, ".."))
380 {
381 size_t name_len = strlen(entry->d_name);
382
383 if (!check_buffer_resize(&filebuf, &bufsize, path_len + 1 + name_len + 1))
384 {
385 ERR("Path buffer (re)allocation failed with out of memory condition\n");
386 break;
387 }
388 snprintf(filebuf, bufsize, "%s/%s", path, entry->d_name);
389 if (import_certs_from_path(filebuf, store, FALSE) && !ret)
390 ret = TRUE;
391 }
392 }
393 CryptMemFree(filebuf);
394 closedir(dir);
395 }
396 return ret;
397#else
398 FIXME("not implemented without readdir available\n");
399 return FALSE;
400#endif
401}
strcmp
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469
dir
unsigned int dir
Definition: maze.c:112
FIXME
#define FIXME(fmt,...)
Definition: debug.h:111
basic_filebuf< char, char_traits< char > >
bufsize
GLenum GLuint GLsizei bufsize
Definition: glext.h:7473
closedir
int __cdecl closedir(DIR *)
opendir
DIR *__cdecl opendir(const char *)
readdir
struct dirent *__cdecl readdir(DIR *)
entry
uint32_t entry
Definition: isohybrid.c:63
debugstr_a
#define debugstr_a
Definition: kernel32.h:31
path_len
static DWORD path_len
Definition: batch.c:31
import_certs_from_path
static BOOL import_certs_from_path(LPCSTR path, HCERTSTORE store, BOOL allow_dir)
Definition: rootstore.c:407
DIR
Definition: dirent.h:40
dirent
Definition: fatfs.h:198
snprintf
#define snprintf
Definition: wintirpc.h:48

Referenced by import_certs_from_path().

◆ import_certs_from_file()

static BOOL import_certs_from_file ( int  fd,
HCERTSTORE  store 
)
static

Definition at line 311 of file rootstore.c.

312{
313 BOOL ret = FALSE;
314 FILE *fp;
315
316 TRACE("\n");
317
318 fp = fdopen(fd, "r");
319 if (fp)
320 {
321 ret = import_base64_certs_from_fp(fp, store);
322 fclose(fp);
323 }
324 return ret;
325}
fdopen
_Check_return_ _CRTIMP FILE *__cdecl fdopen(_In_ int _FileHandle, _In_z_ const char *_Format)
fclose
_Check_return_opt_ _CRTIMP int __cdecl fclose(_Inout_ FILE *_File)
import_base64_certs_from_fp
static BOOL import_base64_certs_from_fp(FILE *fp, HCERTSTORE store)
Definition: rootstore.c:107
fd
static int fd
Definition: io.c:51
_iobuf
Definition: mbstring.h:19

Referenced by import_certs_from_path().

◆ import_certs_from_path()

static BOOL import_certs_from_path ( LPCSTR  path,
HCERTSTORE  store,
BOOL  allow_dir 
)
static

Definition at line 407 of file rootstore.c.

409{
410 BOOL ret = FALSE;
411 int fd;
412
413 TRACE("(%s, %p, %d)\n", debugstr_a(path), store, allow_dir);
414
415 fd = open(path, O_RDONLY);
416 if (fd != -1)
417 {
418 struct stat st;
419
420 if (fstat(fd, &st) == 0)
421 {
422 if (S_ISREG(st.st_mode))
423 ret = import_certs_from_file(fd, store);
424 else if (S_ISDIR(st.st_mode))
425 {
426 if (allow_dir)
427 ret = import_certs_from_dir(path, store);
428 else
429 WARN("%s is a directory and directories are disallowed\n",
430 debugstr_a(path));
431 }
432 else
433 ERR("%s: invalid file type\n", path);
434 }
435 close(fd);
436 }
437 return ret;
438}
O_RDONLY
#define O_RDONLY
Definition: acwin.h:108
open
#define open
Definition: acwin.h:95
close
#define close
Definition: acwin.h:98
fstat
#define fstat
Definition: acwin.h:100
S_ISDIR
#define S_ISDIR(mode)
Definition: various.h:18
S_ISREG
#define S_ISREG(mode)
Definition: various.h:17
import_certs_from_file
static BOOL import_certs_from_file(int fd, HCERTSTORE store)
Definition: rootstore.c:311
import_certs_from_dir
static BOOL import_certs_from_dir(LPCSTR path, HCERTSTORE store)
Definition: rootstore.c:362
stat
Definition: stat.h:55

Referenced by import_certs_from_dir(), and read_trusted_roots_from_known_locations().

◆ read_trusted_roots_from_known_locations()

static void read_trusted_roots_from_known_locations ( HCERTSTORE  store)
static

Definition at line 945 of file rootstore.c.

946{
947 HCERTSTORE from = CertOpenStore(CERT_STORE_PROV_MEMORY,
948 X509_ASN_ENCODING, 0, CERT_STORE_CREATE_NEW_FLAG, NULL);
949
950 if (from)
951 {
952 DWORD i;
953 BOOL ret = FALSE;
954
955#ifdef HAVE_SECURITY_SECURITY_H
956 OSStatus status;
957 CFArrayRef rootCerts;
958
959 status = SecTrustCopyAnchorCertificates(&rootCerts);
960 if (status == noErr)
961 {
962 int i;
963 for (i = 0; i < CFArrayGetCount(rootCerts); i++)
964 {
965 SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(rootCerts, i);
966 CFDataRef certData;
967 if ((status = SecKeychainItemExport(cert, kSecFormatX509Cert, 0, NULL, &certData)) == noErr)
968 {
969 if (CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING,
970 CFDataGetBytePtr(certData), CFDataGetLength(certData),
971 CERT_STORE_ADD_NEW, NULL))
972 ret = TRUE;
973 else
974 WARN("adding root cert %d failed: %08x\n", i, GetLastError());
975 CFRelease(certData);
976 }
977 else
978 WARN("could not export certificate %d to X509 format: 0x%08x\n", i, (unsigned int)status);
979 }
980 CFRelease(rootCerts);
981 }
982#endif
983
984 for (i = 0; !ret && i < ARRAY_SIZE(CRYPT_knownLocations); i++)
985 ret = import_certs_from_path(CRYPT_knownLocations[i], from, TRUE);
986 check_and_store_certs(from, store);
987 }
988 CertCloseStore(from, 0);
989}
CRYPT_knownLocations
static const char *const CRYPT_knownLocations[]
Definition: rootstore.c:491
check_and_store_certs
static void check_and_store_certs(HCERTSTORE from, HCERTSTORE to)
Definition: rootstore.c:238
status
Definition: ps.c:97

Referenced by create_root_store().

◆ reset_buffer()

static void reset_buffer ( struct DynamicBuffer buffer)
inlinestatic

Definition at line 58 of file rootstore.c.

59{
60 buffer->used = 0;
61 if (buffer->data) buffer->data[0] = 0;
62}

Referenced by import_base64_certs_from_fp().

◆ trust_status_to_str()

static const char * trust_status_to_str ( DWORD  status)
static

Definition at line 157 of file rootstore.c.

158{
159 static char buf[1024];
160 int pos = 0;
161
162 if (status & CERT_TRUST_IS_NOT_TIME_VALID)
163 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\texpired");
164 if (status & CERT_TRUST_IS_NOT_TIME_NESTED)
165 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad time nesting");
166 if (status & CERT_TRUST_IS_REVOKED)
167 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\trevoked");
168 if (status & CERT_TRUST_IS_NOT_SIGNATURE_VALID)
169 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad signature");
170 if (status & CERT_TRUST_IS_NOT_VALID_FOR_USAGE)
171 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad usage");
172 if (status & CERT_TRUST_IS_UNTRUSTED_ROOT)
173 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tuntrusted root");
174 if (status & CERT_TRUST_REVOCATION_STATUS_UNKNOWN)
175 pos += snprintf(buf + pos, sizeof(buf) - pos,
176 "\n\tunknown revocation status");
177 if (status & CERT_TRUST_IS_CYCLIC)
178 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tcyclic chain");
179 if (status & CERT_TRUST_INVALID_EXTENSION)
180 pos += snprintf(buf + pos, sizeof(buf) - pos,
181 "\n\tunsupported critical extension");
182 if (status & CERT_TRUST_INVALID_POLICY_CONSTRAINTS)
183 pos += snprintf(buf + pos, sizeof(buf) - pos, "\n\tbad policy");
184 if (status & CERT_TRUST_INVALID_BASIC_CONSTRAINTS)
185 pos += snprintf(buf + pos, sizeof(buf) - pos,
186 "\n\tbad basic constraints");
187 if (status & CERT_TRUST_INVALID_NAME_CONSTRAINTS)
188 pos += snprintf(buf + pos, sizeof(buf) - pos,
189 "\n\tbad name constraints");
190 if (status & CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT)
191 pos += snprintf(buf + pos, sizeof(buf) - pos,
192 "\n\tunsupported name constraint");
193 if (status & CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT)
194 pos += snprintf(buf + pos, sizeof(buf) - pos,
195 "\n\tundefined name constraint");
196 if (status & CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT)
197 pos += snprintf(buf + pos, sizeof(buf) - pos,
198 "\n\tdisallowed name constraint");
199 if (status & CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT)
200 pos += snprintf(buf + pos, sizeof(buf) - pos,
201 "\n\texcluded name constraint");
202 if (status & CERT_TRUST_IS_OFFLINE_REVOCATION)
203 pos += snprintf(buf + pos, sizeof(buf) - pos,
204 "\n\trevocation server offline");
205 if (status & CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY)
206 pos += snprintf(buf + pos, sizeof(buf) - pos,
207 "\n\tno issuance policy");
208 return buf;
209}
CERT_TRUST_IS_REVOKED
#define CERT_TRUST_IS_REVOKED
Definition: wincrypt.h:872
CERT_TRUST_INVALID_POLICY_CONSTRAINTS
#define CERT_TRUST_INVALID_POLICY_CONSTRAINTS
Definition: wincrypt.h:879
CERT_TRUST_REVOCATION_STATUS_UNKNOWN
#define CERT_TRUST_REVOCATION_STATUS_UNKNOWN
Definition: wincrypt.h:876
CERT_TRUST_IS_CYCLIC
#define CERT_TRUST_IS_CYCLIC
Definition: wincrypt.h:877
CERT_TRUST_INVALID_EXTENSION
#define CERT_TRUST_INVALID_EXTENSION
Definition: wincrypt.h:878
CERT_TRUST_IS_NOT_TIME_NESTED
#define CERT_TRUST_IS_NOT_TIME_NESTED
Definition: wincrypt.h:871
CERT_TRUST_IS_OFFLINE_REVOCATION
#define CERT_TRUST_IS_OFFLINE_REVOCATION
Definition: wincrypt.h:886
CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY
#define CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY
Definition: wincrypt.h:887
CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT
#define CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT
Definition: wincrypt.h:884
CERT_TRUST_INVALID_NAME_CONSTRAINTS
#define CERT_TRUST_INVALID_NAME_CONSTRAINTS
Definition: wincrypt.h:881
CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT
#define CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT
Definition: wincrypt.h:883
CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT
#define CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT
Definition: wincrypt.h:885
CERT_TRUST_IS_NOT_SIGNATURE_VALID
#define CERT_TRUST_IS_NOT_SIGNATURE_VALID
Definition: wincrypt.h:873
CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT
#define CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT
Definition: wincrypt.h:882

Referenced by check_and_store_certs().

◆ WINE_DEFAULT_DEBUG_CHANNEL()

WINE_DEFAULT_DEBUG_CHANNEL ( crypt  )

Variable Documentation

◆ authenticode

const BYTE authenticode[]
static

Definition at line 501 of file rootstore.c.

◆ certs_root_pathW

const WCHAR certs_root_pathW[]
static
Initial value:
=
{'S','o','f','t','w','a','r','e','\\','M','i','c','r','o','s','o','f','t','\\',
'S','y','s','t','e','m','C','e','r','t','i','f','i','c','a','t','e','s','\\',
'R','o','o','t','\\', 'C','e','r','t','i','f','i','c','a','t','e','s', 0}

Definition at line 1037 of file rootstore.c.

Referenced by CRYPT_ImportSystemRootCertsToReg().

◆ CRYPT_knownLocations

const char* const CRYPT_knownLocations[]
static
Initial value:
= {
"/etc/ssl/certs/ca-certificates.crt",
"/etc/ssl/certs",
"/etc/pki/tls/certs/ca-bundle.crt",
"/usr/share/ca-certificates/ca-bundle.crt",
"/usr/local/share/certs/",
"/etc/sfw/openssl/certs",
"/etc/security/cacerts",
}

Definition at line 491 of file rootstore.c.

Referenced by read_trusted_roots_from_known_locations().

◆ msRootCerts

const struct CONST_BLOB msRootCerts[]
static
Initial value:
= {
{ authenticode, sizeof(authenticode) },
{ rootauthority, sizeof(rootauthority) },
{ rootcertauthority, sizeof(rootcertauthority) },
{ rootcertauthority2010, sizeof(rootcertauthority2010) },
{ rootcertauthority2011, sizeof(rootcertauthority2011) },
}
authenticode
static const BYTE authenticode[]
Definition: rootstore.c:501
rootcertauthority2011
static const BYTE rootcertauthority2011[]
Definition: rootstore.c:819
rootcertauthority
static const BYTE rootcertauthority[]
Definition: rootstore.c:631
rootauthority
static const BYTE rootauthority[]
Definition: rootstore.c:564
rootcertauthority2010
static const BYTE rootcertauthority2010[]
Definition: rootstore.c:722

Referenced by add_ms_root_certs().

◆ rootauthority

const BYTE rootauthority[]
static

Definition at line 564 of file rootstore.c.

◆ rootcertauthority

const BYTE rootcertauthority[]
static

Definition at line 631 of file rootstore.c.

◆ rootcertauthority2010

const BYTE rootcertauthority2010[]
static

Definition at line 722 of file rootstore.c.

◆ rootcertauthority2011

const BYTE rootcertauthority2011[]
static

Definition at line 819 of file rootstore.c.

◆ semaphoreW

const WCHAR semaphoreW[]
static
Initial value:
=
{'c','r','y','p','t','3','2','_','r','o','o','t','_','s','e','m','a','p','h','o','r','e',0}

Definition at line 1041 of file rootstore.c.

Referenced by CRYPT_ImportSystemRootCertsToReg().