Commit 7b029776 authored by Juan Lang's avatar Juan Lang Committed by Alexandre Julliard

crypt32: Use a helper function to find an existing cert by hash.

parent 77472187
...@@ -69,6 +69,24 @@ static inline void CRYPT_CloseStores(DWORD cStores, HCERTSTORE *stores) ...@@ -69,6 +69,24 @@ static inline void CRYPT_CloseStores(DWORD cStores, HCERTSTORE *stores)
static const WCHAR rootW[] = { 'R','o','o','t',0 }; static const WCHAR rootW[] = { 'R','o','o','t',0 };
/* Finds cert in store by comparing the cert's hashes. */
static PCCERT_CONTEXT CRYPT_FindCertInStore(HCERTSTORE store,
PCCERT_CONTEXT cert)
{
PCCERT_CONTEXT matching = NULL;
BYTE hash[20];
DWORD size = sizeof(hash);
if (CertGetCertificateContextProperty(cert, CERT_HASH_PROP_ID, hash, &size))
{
CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
matching = CertFindCertificateInStore(store, cert->dwCertEncodingType,
0, CERT_FIND_SHA1_HASH, &blob, NULL);
}
return matching;
}
static BOOL CRYPT_CheckRestrictedRoot(HCERTSTORE store) static BOOL CRYPT_CheckRestrictedRoot(HCERTSTORE store)
{ {
BOOL ret = TRUE; BOOL ret = TRUE;
...@@ -77,29 +95,15 @@ static BOOL CRYPT_CheckRestrictedRoot(HCERTSTORE store) ...@@ -77,29 +95,15 @@ static BOOL CRYPT_CheckRestrictedRoot(HCERTSTORE store)
{ {
HCERTSTORE rootStore = CertOpenSystemStoreW(0, rootW); HCERTSTORE rootStore = CertOpenSystemStoreW(0, rootW);
PCCERT_CONTEXT cert = NULL, check; PCCERT_CONTEXT cert = NULL, check;
BYTE hash[20];
DWORD size;
do { do {
cert = CertEnumCertificatesInStore(store, cert); cert = CertEnumCertificatesInStore(store, cert);
if (cert) if (cert)
{ {
size = sizeof(hash); if (!(check = CRYPT_FindCertInStore(rootStore, cert)))
ret = FALSE;
ret = CertGetCertificateContextProperty(cert, CERT_HASH_PROP_ID, else
hash, &size); CertFreeCertificateContext(check);
if (ret)
{
CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
check = CertFindCertificateInStore(rootStore,
cert->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH, &blob,
NULL);
if (!check)
ret = FALSE;
else
CertFreeCertificateContext(check);
}
} }
} while (ret && cert); } while (ret && cert);
if (cert) if (cert)
...@@ -336,16 +340,9 @@ static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain) ...@@ -336,16 +340,9 @@ static void CRYPT_FreeSimpleChain(PCERT_SIMPLE_CHAIN chain)
static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot, static void CRYPT_CheckTrustedStatus(HCERTSTORE hRoot,
PCERT_CHAIN_ELEMENT rootElement) PCERT_CHAIN_ELEMENT rootElement)
{ {
BYTE hash[20]; PCCERT_CONTEXT trustedRoot = CRYPT_FindCertInStore(hRoot,
DWORD size = sizeof(hash); rootElement->pCertContext);
CRYPT_HASH_BLOB blob = { sizeof(hash), hash };
PCCERT_CONTEXT trustedRoot;
CertGetCertificateContextProperty(rootElement->pCertContext,
CERT_HASH_PROP_ID, hash, &size);
trustedRoot = CertFindCertificateInStore(hRoot,
rootElement->pCertContext->dwCertEncodingType, 0, CERT_FIND_SHA1_HASH,
&blob, NULL);
if (!trustedRoot) if (!trustedRoot)
rootElement->TrustStatus.dwErrorStatus |= rootElement->TrustStatus.dwErrorStatus |=
CERT_TRUST_IS_UNTRUSTED_ROOT; CERT_TRUST_IS_UNTRUSTED_ROOT;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment