Commit 78f59dd7 authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32: Correct self-signed cert creation.

- use correct function names for rpcrt functions - use CryptGenRandom to create unique serial numbers
parent 2660b8f9
...@@ -1826,6 +1826,7 @@ static PCCERT_CONTEXT CRYPT_CreateSignedCert(PCRYPT_DER_BLOB blob, ...@@ -1826,6 +1826,7 @@ static PCCERT_CONTEXT CRYPT_CreateSignedCert(PCRYPT_DER_BLOB blob,
} }
/* Copies data from the parameters into info, where: /* Copies data from the parameters into info, where:
* pSerialNumber: The serial number. Must not be NULL.
* pSubjectIssuerBlob: Specifies both the subject and issuer for info. * pSubjectIssuerBlob: Specifies both the subject and issuer for info.
* Must not be NULL * Must not be NULL
* pSignatureAlgorithm: Optional. * pSignatureAlgorithm: Optional.
...@@ -1836,23 +1837,22 @@ static PCCERT_CONTEXT CRYPT_CreateSignedCert(PCRYPT_DER_BLOB blob, ...@@ -1836,23 +1837,22 @@ static PCCERT_CONTEXT CRYPT_CreateSignedCert(PCRYPT_DER_BLOB blob,
* pubKey: The public key of the certificate. Must not be NULL. * pubKey: The public key of the certificate. Must not be NULL.
* pExtensions: Extensions to be included with the certificate. Optional. * pExtensions: Extensions to be included with the certificate. Optional.
*/ */
static void CRYPT_MakeCertInfo(PCERT_INFO info, static void CRYPT_MakeCertInfo(PCERT_INFO info, PCRYPT_DATA_BLOB pSerialNumber,
PCERT_NAME_BLOB pSubjectIssuerBlob, PCERT_NAME_BLOB pSubjectIssuerBlob,
PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, PSYSTEMTIME pStartTime,
PSYSTEMTIME pEndTime, PCERT_PUBLIC_KEY_INFO pubKey, PSYSTEMTIME pEndTime, PCERT_PUBLIC_KEY_INFO pubKey,
PCERT_EXTENSIONS pExtensions) PCERT_EXTENSIONS pExtensions)
{ {
/* FIXME: what serial number to use? */
static const BYTE serialNum[] = { 1 };
static CHAR oid[] = szOID_RSA_SHA1RSA; static CHAR oid[] = szOID_RSA_SHA1RSA;
assert(info); assert(info);
assert(pSerialNumber);
assert(pSubjectIssuerBlob); assert(pSubjectIssuerBlob);
assert(pubKey); assert(pubKey);
info->dwVersion = CERT_V3; info->dwVersion = CERT_V3;
info->SerialNumber.cbData = sizeof(serialNum); info->SerialNumber.cbData = pSerialNumber->cbData;
info->SerialNumber.pbData = (LPBYTE)serialNum; info->SerialNumber.pbData = pSerialNumber->pbData;
if (pSignatureAlgorithm) if (pSignatureAlgorithm)
memcpy(&info->SignatureAlgorithm, pSignatureAlgorithm, memcpy(&info->SignatureAlgorithm, pSignatureAlgorithm,
sizeof(info->SignatureAlgorithm)); sizeof(info->SignatureAlgorithm));
...@@ -1910,9 +1910,9 @@ static HCRYPTPROV CRYPT_CreateKeyProv(void) ...@@ -1910,9 +1910,9 @@ static HCRYPTPROV CRYPT_CreateKeyProv(void)
UuidCreateFunc uuidCreate = (UuidCreateFunc)GetProcAddress(rpcrt, UuidCreateFunc uuidCreate = (UuidCreateFunc)GetProcAddress(rpcrt,
"UuidCreate"); "UuidCreate");
UuidToStringFunc uuidToString = (UuidToStringFunc)GetProcAddress(rpcrt, UuidToStringFunc uuidToString = (UuidToStringFunc)GetProcAddress(rpcrt,
"UuidToString"); "UuidToStringA");
RpcStringFreeFunc rpcStringFree = (RpcStringFreeFunc)GetProcAddress( RpcStringFreeFunc rpcStringFree = (RpcStringFreeFunc)GetProcAddress(
rpcrt, "RpcStringFree"); rpcrt, "RpcStringFreeA");
if (uuidCreate && uuidToString && rpcStringFree) if (uuidCreate && uuidToString && rpcStringFree)
{ {
...@@ -1978,10 +1978,12 @@ PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(HCRYPTPROV hProv, ...@@ -1978,10 +1978,12 @@ PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate(HCRYPTPROV hProv,
{ {
CERT_INFO info = { 0 }; CERT_INFO info = { 0 };
CRYPT_DER_BLOB blob = { 0, NULL }; CRYPT_DER_BLOB blob = { 0, NULL };
BOOL ret; BYTE serial[16];
CRYPT_DATA_BLOB serialBlob = { sizeof(serial), serial };
CRYPT_MakeCertInfo(&info, pSubjectIssuerBlob, pSignatureAlgorithm, CryptGenRandom(hProv, sizeof(serial), serial);
pStartTime, pEndTime, pubKey, pExtensions); CRYPT_MakeCertInfo(&info, &serialBlob, pSubjectIssuerBlob,
pSignatureAlgorithm, pStartTime, pEndTime, pubKey, pExtensions);
ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED, ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_CERT_TO_BE_SIGNED,
&info, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&blob.pbData, &info, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&blob.pbData,
&blob.cbData); &blob.cbData);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment