From 71f58158c1960a42ab89384ee5640064826fa6a9 Mon Sep 17 00:00:00 2001 From: Paul Gofman Date: Fri, 30 Sep 2022 21:25:18 -0500 Subject: [PATCH] wintrust: Load secondary signatures in SoftpubLoadSignature(). --- dlls/wintrust/softpub.c | 54 +++++++++++++++++++++++++++++++++++ dlls/wintrust/tests/softpub.c | 2 +- include/wintrust.h | 2 ++ 3 files changed, 57 insertions(+), 1 deletion(-) diff --git a/dlls/wintrust/softpub.c b/dlls/wintrust/softpub.c index 1165f03c075..d4f0088f620 100644 --- a/dlls/wintrust/softpub.c +++ b/dlls/wintrust/softpub.c @@ -830,6 +830,57 @@ static DWORD WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx) return err; } +static void load_secondary_signatures(CRYPT_PROVIDER_DATA *data, HCRYPTMSG msg) +{ + CRYPT_PROVIDER_SIGSTATE *s = data->pSigState; + CRYPT_ATTRIBUTES *attrs; + unsigned int i, j; + DWORD size; + + if (!CryptMsgGetParam(msg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, NULL, &size)) + return; + + if (!(attrs = data->psPfns->pfnAlloc(size))) + { + ERR("No memory.\n"); + return; + } + if (!CryptMsgGetParam(msg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, attrs, &size)) + goto done; + + for (i = 0; i < attrs->cAttr; ++i) + { + if (strcmp(attrs->rgAttr[i].pszObjId, szOID_NESTED_SIGNATURE)) + continue; + + if (!(s->rhSecondarySigs = data->psPfns->pfnAlloc(attrs->rgAttr[i].cValue * sizeof(*s->rhSecondarySigs)))) + { + ERR("No memory"); + goto done; + } + s->cSecondarySigs = 0; + for (j = 0; j < attrs->rgAttr[i].cValue; ++j) + { + if (!(msg = CryptMsgOpenToDecode(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, 0, 0, NULL, NULL))) + { + ERR("Could not create crypt message.\n"); + goto done; + } + if (!CryptMsgUpdate(msg, attrs->rgAttr[i].rgValue[j].pbData, attrs->rgAttr[i].rgValue[j].cbData, TRUE)) + { + ERR("Could not update crypt message, err %lu.\n", GetLastError()); + CryptMsgClose(msg); + goto done; + } + s->rhSecondarySigs[j] = msg; + ++s->cSecondarySigs; + } + break; + } +done: + data->psPfns->pfnFree(attrs); +} + HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data) { DWORD err = ERROR_SUCCESS; @@ -854,7 +905,10 @@ HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data) data->pSigState->fSupportMultiSig = TRUE; data->pSigState->dwCryptoPolicySupport = WSS_SIGTRUST_SUPPORT | WSS_OBJTRUST_SUPPORT | WSS_CERTTRUST_SUPPORT; if (data->hMsg) + { data->pSigState->hPrimarySig = CryptMsgDuplicate(data->hMsg); + load_secondary_signatures(data, data->pSigState->hPrimarySig); + } } if (!err && data->hMsg) diff --git a/dlls/wintrust/tests/softpub.c b/dlls/wintrust/tests/softpub.c index 070e7c52034..eb411bc7daf 100644 --- a/dlls/wintrust/tests/softpub.c +++ b/dlls/wintrust/tests/softpub.c @@ -1840,7 +1840,7 @@ static void test_multiple_signatures(void) ok(prov->pSigState->fSupportMultiSig, "Got %d.\n", prov->pSigState->fSupportMultiSig); ok(prov->pSigState->dwCryptoPolicySupport == (WSS_SIGTRUST_SUPPORT | WSS_OBJTRUST_SUPPORT | WSS_CERTTRUST_SUPPORT), "Got %#lx.\n", prov->pSigState->dwCryptoPolicySupport); - todo_wine ok(prov->pSigState->cSecondarySigs == 2, "Got %lu.\n", prov->pSigState->cSecondarySigs); + ok(prov->pSigState->cSecondarySigs == 2, "Got %lu.\n", prov->pSigState->cSecondarySigs); size = sizeof(buf); bret = CryptMsgGetParam(prov->pSigState->hPrimarySig, CMSG_SIGNER_CERT_INFO_PARAM, 0, buf, &size); diff --git a/include/wintrust.h b/include/wintrust.h index dd85369e322..eeb149822b4 100644 --- a/include/wintrust.h +++ b/include/wintrust.h @@ -475,6 +475,8 @@ CRYPT_PROVIDER_SGNR * WINAPI WTHelperGetProvSignerFromChain( CRYPT_PROVIDER_DATA * WINAPI WTHelperProvDataFromStateData(HANDLE hStateData); CRYPT_PROVIDER_PRIVDATA * WINAPI WTHelperGetProvPrivateDataFromChain(CRYPT_PROVIDER_DATA *,GUID *); +#define szOID_NESTED_SIGNATURE "1.3.6.1.4.1.311.2.4.1" + #define SPC_INDIRECT_DATA_OBJID "1.3.6.1.4.1.311.2.1.4" #define SPC_SP_AGENCY_INFO_OBJID "1.3.6.1.4.1.311.2.1.10" #define SPC_STATEMENT_TYPE_OBJID "1.3.6.1.4.1.311.2.1.11"