|
|
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1996 - 1999
//
// File: winvtrst.cpp
//
// Contents: Microsoft Internet Security Trust Provider
//
// Functions: WinVerifyTrustEx
// WinVerifyTrust
// WTHelperGetFileHash
//
// *** local functions ***
// _VerifyTrust
// _FillProviderData
// _CleanupProviderData
// _CleanupProviderNonStateData
// _WVTSipFreeSubjectInfo
// _WVTSipFreeSubjectInfoKeepState
// _WVTSetupProviderData
//
// History: 31-May-1997 pberkman created
//
//--------------------------------------------------------------------------
#include "global.hxx"
#include "wvtver1.h"
#include "softpub.h"
#include "imagehlp.h"
LONG _VerifyTrust( IN HWND hWnd, IN GUID *pgActionID, IN OUT PWINTRUST_DATA pWinTrustData, OUT OPTIONAL BYTE *pbSubjectHash, IN OPTIONAL OUT DWORD *pcbSubjectHash, OUT OPTIONAL ALG_ID *pHashAlgid );
BOOL _FillProviderData(CRYPT_PROVIDER_DATA *pProvData, HWND hWnd, WINTRUST_DATA *pWinTrustData);void _CleanupProviderData(CRYPT_PROVIDER_DATA *pProvData);void _CleanupProviderNonStateData(CRYPT_PROVIDER_DATA *ProvData);
BOOL _WVTSipFreeSubjectInfo(SIP_SUBJECTINFO *pSubj);BOOL _WVTSetupProviderData(CRYPT_PROVIDER_DATA *psProvData, CRYPT_PROVIDER_DATA *psStateProvData);BOOL _WVTSipFreeSubjectInfoKeepState(SIP_SUBJECTINFO *pSubj);
VOID FreeWintrustStateData (WINTRUST_DATA* pWintrustData);
extern CCatalogCache g_CatalogCache;
//////////////////////////////////////////////////////////////////////////////////////
//
// WinVerifyTrustEx
//
//
extern "C" HRESULT WINAPI WinVerifyTrustEx(HWND hWnd, GUID *pgActionID, WINTRUST_DATA *pWinTrustData){ return((HRESULT)WinVerifyTrust(hWnd, pgActionID, pWinTrustData));}
#define PE_EXE_HEADER_TAG "MZ"
#define PE_EXE_HEADER_TAG_LEN 2
BOOL _IsUnsignedPEFile( PWINTRUST_FILE_INFO pFileInfo ){ BOOL fIsUnsignedPEFile = FALSE; HANDLE hFile = NULL; BOOL fCloseFile = FALSE; BYTE rgbHeader[PE_EXE_HEADER_TAG_LEN]; DWORD dwBytesRead; DWORD dwCertCnt;
hFile = pFileInfo->hFile; if (NULL == hFile || INVALID_HANDLE_VALUE == hFile) { hFile = CreateFileU( pFileInfo->pcwszFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, // lpsa
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL // hTemplateFile
); if (INVALID_HANDLE_VALUE == hFile) goto CreateFileError; fCloseFile = TRUE; }
if (0 != SetFilePointer( hFile, 0, // lDistanceToMove
NULL, // lpDistanceToMoveHigh
FILE_BEGIN )) goto SetFilePointerError;
dwBytesRead = 0; if (!ReadFile( hFile, rgbHeader, PE_EXE_HEADER_TAG_LEN, &dwBytesRead, NULL // lpOverlapped
) || PE_EXE_HEADER_TAG_LEN != dwBytesRead) goto ReadFileError;
if (0 != memcmp(rgbHeader, PE_EXE_HEADER_TAG, PE_EXE_HEADER_TAG_LEN)) goto NotPEFile;
// Now see if the PE file is signed
dwCertCnt = 0; if (!ImageEnumerateCertificates( hFile, CERT_SECTION_TYPE_ANY, &dwCertCnt, NULL, // Indices
0 // IndexCount
) || 0 == dwCertCnt) fIsUnsignedPEFile = TRUE;
CommonReturn: if (fCloseFile) CloseHandle(hFile); return fIsUnsignedPEFile;
ErrorReturn: goto CommonReturn;
TRACE_ERROR(CreateFileError)TRACE_ERROR(SetFilePointerError)TRACE_ERROR(ReadFileError)TRACE_ERROR(NotPEFile)}
extern "C" LONG WINAPI WinVerifyTrust(HWND hWnd, GUID *pgActionID, LPVOID pOld){ PWINTRUST_DATA pWinTrustData = (PWINTRUST_DATA) pOld;
// For SAFER, see if this is a unsigned PE file
if (_ISINSTRUCT(WINTRUST_DATA, pWinTrustData->cbStruct, dwProvFlags) && (pWinTrustData->dwProvFlags & WTD_SAFER_FLAG) && (WTD_STATEACTION_IGNORE == pWinTrustData->dwStateAction) && (WTD_CHOICE_FILE == pWinTrustData->dwUnionChoice)) { if (_IsUnsignedPEFile(pWinTrustData->pFile)) { SetLastError((DWORD) TRUST_E_NOSIGNATURE); return (LONG) TRUST_E_NOSIGNATURE; } }
return _VerifyTrust( hWnd, pgActionID, pWinTrustData, NULL, // pbSubjectHash
NULL, // pcbSubjectHash
NULL // pHashAlgid
);}
// Returns S_OK and the hash if the file was signed and contains a valid
// hash
extern "C" LONG WINAPI WTHelperGetFileHash( IN LPCWSTR pwszFilename, IN DWORD dwFlags, IN OUT OPTIONAL PVOID *pvReserved, OUT OPTIONAL BYTE *pbFileHash, IN OUT OPTIONAL DWORD *pcbFileHash, OUT OPTIONAL ALG_ID *pHashAlgid ){ GUID wvtFileActionID = WINTRUST_ACTION_GENERIC_VERIFY_V2; WINTRUST_FILE_INFO wvtFileInfo; WINTRUST_DATA wvtData;
//
// Initialize the _VerifyTrust input data structure
//
memset(&wvtData, 0, sizeof(wvtData)); // default all fields to 0
wvtData.cbStruct = sizeof(wvtData); // wvtData.pPolicyCallbackData = // use default code signing EKU
// wvtData.pSIPClientData = // no data to pass to SIP
wvtData.dwUIChoice = WTD_UI_NONE;
// wvtData.fdwRevocationChecks = // do revocation checking if
// enabled by admin policy or
// IE advanced user options
wvtData.dwUnionChoice = WTD_CHOICE_FILE; wvtData.pFile = &wvtFileInfo;
// wvtData.dwStateAction = // default verification
// wvtData.hWVTStateData = // not applicable for default
// wvtData.pwszURLReference = // not used
// Only want to get the hash
wvtData.dwProvFlags = WTD_HASH_ONLY_FLAG;
//
// Initialize the WinVerifyTrust file info data structure
//
memset(&wvtFileInfo, 0, sizeof(wvtFileInfo)); // default all fields to 0
wvtFileInfo.cbStruct = sizeof(wvtFileInfo); wvtFileInfo.pcwszFilePath = pwszFilename; // wvtFileInfo.hFile = // allow WVT to open
// wvtFileInfo.pgKnownSubject // allow WVT to determine
//
// Call _VerifyTrust
//
return _VerifyTrust( NULL, // hWnd
&wvtFileActionID, &wvtData, pbFileHash, pcbFileHash, pHashAlgid );}
LONG _VerifyTrust( IN HWND hWnd, IN GUID *pgActionID, IN OUT PWINTRUST_DATA pWinTrustData, OUT OPTIONAL BYTE *pbSubjectHash, IN OPTIONAL OUT DWORD *pcbSubjectHash, OUT OPTIONAL ALG_ID *pHashAlgid ){ CRYPT_PROVIDER_DATA sProvData; CRYPT_PROVIDER_DATA *pStateProvData; HRESULT hr; BOOL fVersion1; BOOL fCacheableCall; PCATALOG_CACHED_STATE pCachedState = NULL; BOOL fVersion1WVTCalled = FALSE; DWORD cbInSubjectHash; DWORD dwLastError = 0;
hr = TRUST_E_PROVIDER_UNKNOWN; pStateProvData = NULL;
if (pcbSubjectHash) { cbInSubjectHash = *pcbSubjectHash; *pcbSubjectHash = 0; } else { cbInSubjectHash = 0; }
if (pHashAlgid) *pHashAlgid = 0;
fCacheableCall = g_CatalogCache.IsCacheableWintrustCall( pWinTrustData );
if ( fCacheableCall == TRUE ) { g_CatalogCache.LockCache();
if ( pWinTrustData->dwStateAction == WTD_STATEACTION_AUTO_CACHE_FLUSH ) { g_CatalogCache.FlushCache(); g_CatalogCache.UnlockCache();
return( ERROR_SUCCESS ); }
pCachedState = g_CatalogCache.FindCachedState( pWinTrustData );
g_CatalogCache.AdjustWintrustDataToCachedState( pWinTrustData, pCachedState, FALSE ); }
if (WintrustIsVersion1ActionID(pgActionID)) { fVersion1 = TRUE; } else { fVersion1 = FALSE;
if (_ISINSTRUCT(WINTRUST_DATA, pWinTrustData->cbStruct, hWVTStateData)) { if ((pWinTrustData->dwStateAction == WTD_STATEACTION_VERIFY) || (pWinTrustData->dwStateAction == WTD_STATEACTION_CLOSE)) { pStateProvData = WTHelperProvDataFromStateData(pWinTrustData->hWVTStateData);
if (pWinTrustData->dwStateAction == WTD_STATEACTION_CLOSE) { if (pWinTrustData->hWVTStateData) { _CleanupProviderData(pStateProvData); DELETE_OBJECT(pWinTrustData->hWVTStateData); }
assert( fCacheableCall == FALSE );
return(ERROR_SUCCESS); } } } }
if (_WVTSetupProviderData(&sProvData, pStateProvData)) { sProvData.pgActionID = pgActionID;
if (!(pStateProvData)) { if (!(WintrustLoadFunctionPointers(pgActionID, sProvData.psPfns))) { //
// it may be that we are looking for a version 1 trust provider.
//
hr = Version1_WinVerifyTrust(hWnd, pgActionID, pWinTrustData); fVersion1WVTCalled = TRUE; }
if ( fVersion1WVTCalled == FALSE ) { if (fVersion1) { //
// backwards compatibility with IE3.x and previous
//
WINTRUST_DATA sWinTrustData; WINTRUST_FILE_INFO sWinTrustFileInfo;
pWinTrustData = ConvertDataFromVersion1(hWnd, pgActionID, &sWinTrustData, &sWinTrustFileInfo, pWinTrustData); }
if (!_FillProviderData(&sProvData, hWnd, pWinTrustData)) { hr = ERROR_NOT_ENOUGH_MEMORY; goto ErrorCase; } } }
// On July 27, 2000 removed support for the IE4 way of chain building.
sProvData.dwProvFlags |= CPD_USE_NT5_CHAIN_FLAG;
if ( fVersion1WVTCalled == FALSE ) { if (sProvData.psPfns->pfnInitialize) { (*sProvData.psPfns->pfnInitialize)(&sProvData); }
if (sProvData.psPfns->pfnObjectTrust) { (*sProvData.psPfns->pfnObjectTrust)(&sProvData); }
if (sProvData.psPfns->pfnSignatureTrust) { (*sProvData.psPfns->pfnSignatureTrust)(&sProvData); }
if (sProvData.psPfns->pfnCertificateTrust) { (*sProvData.psPfns->pfnCertificateTrust)(&sProvData); }
if (sProvData.psPfns->pfnFinalPolicy) { hr = (*sProvData.psPfns->pfnFinalPolicy)(&sProvData); }
if (sProvData.psPfns->pfnTestFinalPolicy) { (*sProvData.psPfns->pfnTestFinalPolicy)(&sProvData); }
if (sProvData.psPfns->pfnCleanupPolicy) { (*sProvData.psPfns->pfnCleanupPolicy)(&sProvData); }
dwLastError = sProvData.dwFinalError; if (0 == dwLastError) { dwLastError = (DWORD) hr; }
if (pcbSubjectHash && hr != TRUST_E_NOSIGNATURE) { // Return the subject's hash
DWORD cbHash; if (sProvData.pPDSip && sProvData.pPDSip->psIndirectData) { cbHash = sProvData.pPDSip->psIndirectData->Digest.cbData; } else { cbHash = 0; }
if (cbHash > 0) { *pcbSubjectHash = cbHash; if (pbSubjectHash) { if (cbInSubjectHash >= cbHash) { memcpy(pbSubjectHash, sProvData.pPDSip->psIndirectData->Digest.pbData, cbHash); } else if (S_OK == hr) { hr = ERROR_MORE_DATA; } }
if (pHashAlgid) { *pHashAlgid = CertOIDToAlgId( sProvData.pPDSip->psIndirectData->DigestAlgorithm.pszObjId); } } }
if (!(pStateProvData)) { //
// no previous state saved
//
if ((_ISINSTRUCT(WINTRUST_DATA, pWinTrustData->cbStruct, hWVTStateData)) && (pWinTrustData->dwStateAction == WTD_STATEACTION_VERIFY)) { //
// first time call and asking to maintain state...
//
if (!(pWinTrustData->hWVTStateData = (HANDLE)WVTNew(sizeof(CRYPT_PROVIDER_DATA)))) { _CleanupProviderData(&sProvData); hr = ERROR_NOT_ENOUGH_MEMORY; } else { _CleanupProviderNonStateData(&sProvData);
memcpy(pWinTrustData->hWVTStateData, &sProvData, sizeof(CRYPT_PROVIDER_DATA)); } } else { _CleanupProviderData(&sProvData); } } else { //
// only free up memory specific to this object/member
//
_CleanupProviderNonStateData(&sProvData); memcpy(pWinTrustData->hWVTStateData, &sProvData, sizeof(CRYPT_PROVIDER_DATA)); }
//
// in version 1, when called by IE3.x and earlier, if security level is HIGH,
// then the no bad UI is set. If we had an error, we want to
// set the error to TRUST_E_FAIL. If we do not trust the object, every other
// case sets it to TRUST_E_SUBJECT_NOT_TRUSTED and IE throws NO UI....
//
if (fVersion1) { if (hr != ERROR_SUCCESS) { if ((pWinTrustData) && (_ISINSTRUCT(WINTRUST_DATA, pWinTrustData->cbStruct, dwUIChoice))) { if (pWinTrustData->dwUIChoice == WTD_UI_NOBAD) { hr = TRUST_E_FAIL; // ie throws UI.
} else { hr = TRUST_E_SUBJECT_NOT_TRUSTED; // ie throws no UI.
} } else { hr = TRUST_E_SUBJECT_NOT_TRUSTED; // ie throws no UI.
} } } } } else { hr = TRUST_E_SYSTEM_ERROR; }
ErrorCase:
if ( fCacheableCall == TRUE ) { if ( pCachedState == NULL ) { if ( g_CatalogCache.CreateCachedStateFromWintrustData( pWinTrustData, &pCachedState ) == TRUE ) { g_CatalogCache.AddCachedState( pCachedState ); } }
if ( pCachedState == NULL ) { FreeWintrustStateData( pWinTrustData ); }
g_CatalogCache.AdjustWintrustDataToCachedState( pWinTrustData, pCachedState, TRUE );
g_CatalogCache.ReleaseCachedState( pCachedState );
g_CatalogCache.UnlockCache(); }
SetLastError(dwLastError);
return (LONG) hr;}
//////////////////////////////////////////////////////////////////////////////////////
//
// local utility functions
//
//
BOOL _FillProviderData(CRYPT_PROVIDER_DATA *pProvData, HWND hWnd, WINTRUST_DATA *pWinTrustData){ BOOL fHasTrustPubFlags;
//
// remember: we do NOT want to return FALSE unless it is an absolutely
// catastrophic error! Let the Trust provider handle (eg: none!)
//
if (pWinTrustData && _ISINSTRUCT(WINTRUST_DATA, pWinTrustData->cbStruct, dwProvFlags)) pProvData->dwProvFlags = pWinTrustData->dwProvFlags & WTD_PROV_FLAGS_MASK;
if ((hWnd == INVALID_HANDLE_VALUE) || !(hWnd)) { if (pWinTrustData->dwUIChoice != WTD_UI_NONE) { hWnd = GetDesktopWindow(); } } pProvData->hWndParent = hWnd; pProvData->hProv = I_CryptGetDefaultCryptProv(0); // get the default and DONT RELEASE IT!!!!
pProvData->dwEncoding = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING; pProvData->pWintrustData = pWinTrustData; pProvData->dwError = ERROR_SUCCESS;
// allocate errors
if (!(pProvData->padwTrustStepErrors)) { if (!(pProvData->padwTrustStepErrors = (DWORD *)WVTNew(TRUSTERROR_MAX_STEPS * sizeof(DWORD)))) { pProvData->dwError = GetLastError(); //
// NOTE!! this is currently the only FALSE return, so the caller will
// assume ERROR_NOT_ENOUGH_MEMORY if FALSE is returned from this function
//
return(FALSE); }
pProvData->cdwTrustStepErrors = TRUSTERROR_MAX_STEPS; }
memset(pProvData->padwTrustStepErrors, 0x00, sizeof(DWORD) * TRUSTERROR_MAX_STEPS);
WintrustGetRegPolicyFlags(&pProvData->dwRegPolicySettings);
//
// do NOT allow test certs EVER!
//
// Bug 581160: changed April 4, 2001
//
pProvData->dwRegPolicySettings &= ~(WTPF_TRUSTTEST | WTPF_TESTCANBEVALID);
GetRegSecuritySettings(&pProvData->dwRegSecuritySettings);
fHasTrustPubFlags = I_CryptReadTrustedPublisherDWORDValueFromRegistry( CERT_TRUST_PUB_AUTHENTICODE_FLAGS_VALUE_NAME, &pProvData->dwTrustPubSettings );
if (fHasTrustPubFlags) { if (pProvData->dwTrustPubSettings & (CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST | CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST)) { // End User trust not allowed
pProvData->dwRegPolicySettings = WTPF_IGNOREREVOKATION | WTPF_IGNOREREVOCATIONONTS | WTPF_OFFLINEOK_IND | WTPF_OFFLINEOK_COM | WTPF_OFFLINEOKNBU_IND | WTPF_OFFLINEOKNBU_COM | WTPF_ALLOWONLYPERTRUST; }
// Allow the safer UI to enable revocation checking
if (pProvData->dwTrustPubSettings & CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG) { pProvData->dwRegPolicySettings &= ~WTPF_IGNOREREVOKATION; pProvData->dwRegPolicySettings |= WTPF_OFFLINEOK_IND | WTPF_OFFLINEOK_COM | WTPF_OFFLINEOKNBU_IND | WTPF_OFFLINEOKNBU_COM; }
if (pProvData->dwTrustPubSettings & CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG) { pProvData->dwRegPolicySettings &= ~WTPF_IGNOREREVOCATIONONTS; pProvData->dwRegPolicySettings |= WTPF_OFFLINEOK_IND | WTPF_OFFLINEOK_COM | WTPF_OFFLINEOKNBU_IND | WTPF_OFFLINEOKNBU_COM; } }
if (!(pWinTrustData) || !(_ISINSTRUCT(WINTRUST_DATA, pWinTrustData->cbStruct, dwUIChoice)))
{ pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_WVTINIT] = (DWORD)ERROR_INVALID_PARAMETER; }
return(TRUE);}
void _CleanupProviderData(CRYPT_PROVIDER_DATA *pProvData){ // pProvData->hProv: we're using crypt32's default
// pProvData->pWintrustData->xxx->hFile
if ((pProvData->fOpenedFile) && (pProvData->pWintrustData != NULL)) { HANDLE *phFile;
phFile = NULL;
switch (pProvData->pWintrustData->dwUnionChoice) { case WTD_CHOICE_FILE: phFile = &pProvData->pWintrustData->pFile->hFile; break;
case WTD_CHOICE_CATALOG: phFile = &pProvData->pWintrustData->pCatalog->hMemberFile; break; }
if ((phFile) && (*phFile) && (*phFile != INVALID_HANDLE_VALUE)) { CloseHandle(*phFile); *phFile = INVALID_HANDLE_VALUE; pProvData->fOpenedFile = FALSE; } }
if (pProvData->dwSubjectChoice == CPD_CHOICE_SIP) { DELETE_OBJECT(pProvData->pPDSip->pSip); DELETE_OBJECT(pProvData->pPDSip->pCATSip);
_WVTSipFreeSubjectInfo(pProvData->pPDSip->psSipSubjectInfo); DELETE_OBJECT(pProvData->pPDSip->psSipSubjectInfo);
_WVTSipFreeSubjectInfo(pProvData->pPDSip->psSipCATSubjectInfo); DELETE_OBJECT(pProvData->pPDSip->psSipCATSubjectInfo);
TrustFreeDecode(WVT_MODID_WINTRUST, (BYTE **)&pProvData->pPDSip->psIndirectData);
DELETE_OBJECT(pProvData->pPDSip); }
if (pProvData->hMsg) { CryptMsgClose(pProvData->hMsg); pProvData->hMsg = NULL; }
// signer structure
for (int i = 0; i < (int)pProvData->csSigners; i++) { TrustFreeDecode(WVT_MODID_WINTRUST, (BYTE **)&pProvData->pasSigners[i].psSigner);
DeallocateCertChain(pProvData->pasSigners[i].csCertChain, &pProvData->pasSigners[i].pasCertChain);
DELETE_OBJECT(pProvData->pasSigners[i].pasCertChain);
if (_ISINSTRUCT(CRYPT_PROVIDER_SGNR, pProvData->pasSigners[i].cbStruct, pChainContext) && pProvData->pasSigners[i].pChainContext) CertFreeCertificateChain(pProvData->pasSigners[i].pChainContext);
// counter signers
for (int i2 = 0; i2 < (int)pProvData->pasSigners[i].csCounterSigners; i2++) { TrustFreeDecode(WVT_MODID_WINTRUST, (BYTE **)&pProvData->pasSigners[i].pasCounterSigners[i2].psSigner);
DeallocateCertChain(pProvData->pasSigners[i].pasCounterSigners[i2].csCertChain, &pProvData->pasSigners[i].pasCounterSigners[i2].pasCertChain);
DELETE_OBJECT(pProvData->pasSigners[i].pasCounterSigners[i2].pasCertChain); if (_ISINSTRUCT(CRYPT_PROVIDER_SGNR, pProvData->pasSigners[i].pasCounterSigners[i2].cbStruct, pChainContext) && pProvData->pasSigners[i].pasCounterSigners[i2].pChainContext) CertFreeCertificateChain( pProvData->pasSigners[i].pasCounterSigners[i2].pChainContext); }
DELETE_OBJECT(pProvData->pasSigners[i].pasCounterSigners); }
DELETE_OBJECT(pProvData->pasSigners);
// MUST BE DONE LAST!!! Using the force flag!!!
if (pProvData->pahStores) { DeallocateStoreChain(pProvData->chStores, pProvData->pahStores);
DELETE_OBJECT(pProvData->pahStores); }
pProvData->chStores = 0;
// pProvData->padwTrustStepErrors
DELETE_OBJECT(pProvData->padwTrustStepErrors);
// pProvData->pasProvPrivData
DELETE_OBJECT(pProvData->pasProvPrivData); pProvData->csProvPrivData = 0;
// pProvData->psPfns
if (pProvData->psPfns) { if (pProvData->psPfns->psUIpfns) { DELETE_OBJECT(pProvData->psPfns->psUIpfns->psUIData); DELETE_OBJECT(pProvData->psPfns->psUIpfns); }
DELETE_OBJECT(pProvData->psPfns); }}
void _CleanupProviderNonStateData(CRYPT_PROVIDER_DATA *pProvData){ // pProvData->hProv: we're using default!
// pProvData->pWintrustData->xxx->hFile: close!
if ((pProvData->fOpenedFile) && (pProvData->pWintrustData != NULL)) { HANDLE *phFile;
phFile = NULL;
switch (pProvData->pWintrustData->dwUnionChoice) { case WTD_CHOICE_FILE: phFile = &pProvData->pWintrustData->pFile->hFile; break;
case WTD_CHOICE_CATALOG: phFile = &pProvData->pWintrustData->pCatalog->hMemberFile; break; }
if ((phFile) && (*phFile) && (*phFile != INVALID_HANDLE_VALUE)) { CloseHandle(*phFile); *phFile = INVALID_HANDLE_VALUE; pProvData->fOpenedFile = FALSE; } }
if (pProvData->dwSubjectChoice == CPD_CHOICE_SIP) { DELETE_OBJECT(pProvData->pPDSip->pSip);
_WVTSipFreeSubjectInfoKeepState(pProvData->pPDSip->psSipSubjectInfo);
// pProvData->pPDSip->psSipSubjectInfo: keep
// pProvData->pPDSip->pCATSip: keep
// pProvData->pPDSip->psSipCATSubjectInfo: keep
TrustFreeDecode(WVT_MODID_WINTRUST, (BYTE **)&pProvData->pPDSip->psIndirectData);
// pProvData->pPDSip: keep
}
// pProvData->hMsg: keep
// signer structure: keep
// pProvData->pahStores: keep
// pProvData->padwTrustStepErrors: keep
// pProvData->pasProvPrivData: keep
// pProvData->psPfns: keep
}
BOOL _WVTSipFreeSubjectInfo(SIP_SUBJECTINFO *pSubj){ if (!(pSubj)) { return(FALSE); }
DELETE_OBJECT(pSubj->pgSubjectType);
switch(pSubj->dwUnionChoice) { case MSSIP_ADDINFO_BLOB: DELETE_OBJECT(pSubj->psBlob); break;
case MSSIP_ADDINFO_CATMEMBER: if (pSubj->psCatMember) { // The following APIs are in DELAYLOAD'ed mscat32.dll. If the
// DELAYLOAD fails an exception is raised.
__try { CryptCATClose( CryptCATHandleFromStore(pSubj->psCatMember->pStore)); } __except(EXCEPTION_EXECUTE_HANDLER) { DWORD dwExceptionCode = GetExceptionCode(); }
DELETE_OBJECT(pSubj->psCatMember); } break; }
return(TRUE);}
BOOL _WVTSipFreeSubjectInfoKeepState(SIP_SUBJECTINFO *pSubj){ if (!(pSubj)) { return(FALSE); }
DELETE_OBJECT(pSubj->pgSubjectType);
switch(pSubj->dwUnionChoice) { case MSSIP_ADDINFO_BLOB: DELETE_OBJECT(pSubj->psBlob); break;
case MSSIP_ADDINFO_CATMEMBER: break; }
return(TRUE);}
BOOL _WVTSetupProviderData(CRYPT_PROVIDER_DATA *psProvData, CRYPT_PROVIDER_DATA *psState){ if (psState) { memcpy(psProvData, psState, sizeof(CRYPT_PROVIDER_DATA));
if (_ISINSTRUCT(CRYPT_PROVIDER_DATA, psProvData->cbStruct, fRecallWithState)) { psProvData->fRecallWithState = TRUE; }
return(TRUE); }
memset(psProvData, 0x00, sizeof(CRYPT_PROVIDER_DATA));
psProvData->cbStruct = sizeof(CRYPT_PROVIDER_DATA);
if (!(psProvData->psPfns = (CRYPT_PROVIDER_FUNCTIONS *)WVTNew(sizeof(CRYPT_PROVIDER_FUNCTIONS)))) { return(FALSE); } memset(psProvData->psPfns, 0x00, sizeof(CRYPT_PROVIDER_FUNCTIONS)); psProvData->psPfns->cbStruct = sizeof(CRYPT_PROVIDER_FUNCTIONS);
if (!(psProvData->psPfns->psUIpfns = (CRYPT_PROVUI_FUNCS *)WVTNew(sizeof(CRYPT_PROVUI_FUNCS)))) { return(FALSE); } memset(psProvData->psPfns->psUIpfns, 0x00, sizeof(CRYPT_PROVUI_FUNCS)); psProvData->psPfns->psUIpfns->cbStruct = sizeof(CRYPT_PROVUI_FUNCS);
if (!(psProvData->psPfns->psUIpfns->psUIData = (CRYPT_PROVUI_DATA *)WVTNew(sizeof(CRYPT_PROVUI_DATA)))) { return(FALSE); } memset(psProvData->psPfns->psUIpfns->psUIData, 0x00, sizeof(CRYPT_PROVUI_DATA)); psProvData->psPfns->psUIpfns->psUIData->cbStruct = sizeof(CRYPT_PROVUI_DATA);
GetSystemTimeAsFileTime(&psProvData->sftSystemTime);
return(TRUE);}
VOID FreeWintrustStateData (WINTRUST_DATA* pWintrustData){ PCRYPT_PROVIDER_DATA pStateProvData;
pStateProvData = WTHelperProvDataFromStateData( pWintrustData->hWVTStateData );
if ( pStateProvData != NULL ) { _CleanupProviderData( pStateProvData ); DELETE_OBJECT( pWintrustData->hWVTStateData ); }}
|
