crypt32: Microsoft root policy does not include the base policy.

Signed-off-by: Hans Leidekker <hans@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

crypt32: Microsoft root policy does not include the base policy.
1f277190 · Hans Leidekker · Alexandre Julliard · 403b83fd · 1f277190 · 1f277190
Commit 1f277190 authored May 15, 2020 by Hans Leidekker Committed by Alexandre Julliard May 15, 2020
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 29 deletions

chain.c dlls/crypt32/chain.c +28 -29

chain.c dlls/crypt32/tests/chain.c +0 -0

No files found.
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -3703,38 +3703,37 @@ static BOOL WINAPI verify_ms_root_policy(LPCSTR szPolicyOID,
 PCCERT_CHAIN_CONTEXT pChainContext, PCERT_CHAIN_POLICY_PARA pPolicyPara,
 PCERT_CHAIN_POLICY_STATUS pPolicyStatus)
 {
-    BOOL ret = verify_base_policy(szPolicyOID, pChainContext, pPolicyPara,
-     pPolicyStatus);
+    BOOL isMSRoot = FALSE;

-    if (ret && !pPolicyStatus->dwError)
-    {
-        CERT_PUBLIC_KEY_INFO msPubKey = { { 0 } };
-        BOOL isMSRoot = FALSE;
-        DWORD i;
-        CRYPT_DATA_BLOB keyBlobs[] = {
-         { sizeof(msPubKey1), msPubKey1 },
-         { sizeof(msPubKey2), msPubKey2 },
-         { sizeof(msPubKey3), msPubKey3 },
-         { sizeof(msPubKey4), msPubKey4 },
-        };
-        PCERT_SIMPLE_CHAIN rootChain =
-         pChainContext->rgpChain[pChainContext->cChain -1 ];
-        PCCERT_CONTEXT root =
-         rootChain->rgpElement[rootChain->cElement - 1]->pCertContext;
+    CERT_PUBLIC_KEY_INFO msPubKey = { { 0 } };
+    DWORD i;
+    CRYPT_DATA_BLOB keyBlobs[] = {
+        { sizeof(msPubKey1), msPubKey1 },
+        { sizeof(msPubKey2), msPubKey2 },
+        { sizeof(msPubKey3), msPubKey3 },
+        { sizeof(msPubKey4), msPubKey4 },
+    };
+    PCERT_SIMPLE_CHAIN rootChain =
+        pChainContext->rgpChain[pChainContext->cChain - 1];
+    PCCERT_CONTEXT root =
+        rootChain->rgpElement[rootChain->cElement - 1]->pCertContext;

-        for (i = 0; !isMSRoot && i < ARRAY_SIZE(keyBlobs); i++)
-        {
-            msPubKey.PublicKey.cbData = keyBlobs[i].cbData;
-            msPubKey.PublicKey.pbData = keyBlobs[i].pbData;
-            if (CertComparePublicKeyInfo(
-             X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
-             &root->pCertInfo->SubjectPublicKeyInfo, &msPubKey))
-                isMSRoot = TRUE;
-        }
-        if (isMSRoot)
-            pPolicyStatus->lChainIndex = pPolicyStatus->lElementIndex = 0;
+    for (i = 0; !isMSRoot && i < ARRAY_SIZE(keyBlobs); i++)
+    {
+        msPubKey.PublicKey.cbData = keyBlobs[i].cbData;
+        msPubKey.PublicKey.pbData = keyBlobs[i].pbData;
+        if (CertComparePublicKeyInfo(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+                &root->pCertInfo->SubjectPublicKeyInfo, &msPubKey)) isMSRoot = TRUE;
    }
-    return ret;
+
+    pPolicyStatus->lChainIndex = pPolicyStatus->lElementIndex = 0;
+
+    if (isMSRoot)
+        pPolicyStatus->dwError = 0;
+    else
+        pPolicyStatus->dwError = CERT_E_UNTRUSTEDROOT;
+
+    return TRUE;
 }

 typedef BOOL (WINAPI *CertVerifyCertificateChainPolicyFunc)(LPCSTR szPolicyOID,

--- a/dlls/crypt32/tests/chain.c
+++ b/dlls/crypt32/tests/chain.c