archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/cryptoapi/mincrypt/lib/vercat.cpp

663 lines
20 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-------------------------------------------------------------------------
  2. // Microsoft Windows
  3. //
  4. // Copyright (C) Microsoft Corporation, 2001 - 2001
  5. //
  6. // File: vercat.cpp
  7. //
  8. // Contents: Minimal Cryptographic functions to verify hashes in the
  9. // system catalogs.
  10. //
  11. // Functions: MinCryptVerifyHashInSystemCatalogs
  12. //
  13. // History: 23-Jan-01 philh created
  14. //--------------------------------------------------------------------------
  16. #include "global.hxx"
  17. #include <softpub.h>
  18. #include <mscat.h>
  20. // #define szOID_CTL "1.3.6.1.4.1.311.10.1"
  21. const BYTE rgbOID_CTL[] =
  22. {0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0A, 0x01};
  24. // #define SPC_INDIRECT_DATA_OBJID "1.3.6.1.4.1.311.2.1.4"
  25. static const BYTE rgbSPC_INDIRECT_DATA_OBJID[] =
  26. {0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04};
  27. const CRYPT_DER_BLOB IndirectDataEncodedOIDBlob = {
  28. sizeof(rgbSPC_INDIRECT_DATA_OBJID),
  29. (BYTE *) rgbSPC_INDIRECT_DATA_OBJID
  30. };
  32. #define MAX_CAT_FILE_CNT 10
  33. #define MAX_CAT_ATTR_CNT 10
  34. #define MAX_CAT_EXT_CNT 10
  36. typedef struct _MAP_CAT_INFO {
  37. LONG lErr;
  38. CRYPT_DATA_BLOB FileBlob;
  39. CRYPT_DER_BLOB CTLSubjectsValueBlob;
  40. CRYPT_DER_BLOB CTLExtsValueBlob;
  41. CRYPT_DER_BLOB SignerAuthAttrsValueBlob;
  42. } MAP_CAT_INFO, *PMAP_CAT_INFO;
  44. #define MAP_CAT_IDX_MASK 0x0000FFFF
  45. #define MAP_CAT_MULTIPLE_FLAG 0x00010000
  48. LONG
  49. WINAPI
  50. I_GetAndMapSystemCatalogs(
  51. IN ALG_ID HashAlgId,
  52. IN DWORD cHash,
  53. IN CRYPT_HASH_BLOB rgHashBlob[],
  54. OUT LONG rglHashMapCatIdx[],
  55. OUT DWORD *pcMapCatInfo,
  56. OUT MAP_CAT_INFO rgMapCatInfo[MAX_CAT_FILE_CNT]
  57. )
  58. {
  59. LONG lErr;
  60. HCATADMIN hCatAdmin = NULL;
  61. const GUID guidCatRoot = DRIVER_ACTION_VERIFY;
  62. DWORD cMapCatInfo = 0;
  63. DWORD cCatInfo = 0;
  64. CATALOG_INFO rgCatInfo[MAX_CAT_FILE_CNT];
  65. LONG rglMapCatIdx[MAX_CAT_FILE_CNT];
  66. DWORD iHash;
  68. if (!(CryptCATAdminAcquireContext(&hCatAdmin, &guidCatRoot, 0)))
  69. goto CryptCATAdminAcquireContextError;
  71. for (iHash = 0; iHash < cHash; iHash++) {
  72. HCATINFO hCatInfo = NULL;
  74. // Set index to indicate no catalog file
  75. rglHashMapCatIdx[iHash] = -1;
  77. while (hCatInfo = CryptCATAdminEnumCatalogFromHash(hCatAdmin,
  78. rgHashBlob[iHash].pbData, rgHashBlob[iHash].cbData,
  79. 0, &hCatInfo)) {
  80. CATALOG_INFO CatInfo;
  81. LONG lMapCatIdx;
  82. DWORD iCatInfo;
  84. memset(&CatInfo, 0, sizeof(CATALOG_INFO));
  85. CatInfo.cbStruct = sizeof(CATALOG_INFO);
  87. if (!(CryptCATCatalogInfoFromContext(hCatInfo, &CatInfo, 0)))
  88. continue;
  90. // Ensure we have a NULL terminated string
  91. CatInfo.wszCatalogFile[
  92. sizeof(CatInfo.wszCatalogFile)/sizeof(WCHAR) - 1] = L'\0';
  94. // Check if we already encountered this catalog file
  95. for (iCatInfo = 0; iCatInfo < cCatInfo; iCatInfo++) {
  96. if (0 == _wcsicmp(CatInfo.wszCatalogFile,
  97. rgCatInfo[iCatInfo].wszCatalogFile))
  98. break;
  99. }
  101. if (iCatInfo >= cCatInfo) {
  102. // Attempt to map this new catalog file
  104. if (cCatInfo >= MAX_CAT_FILE_CNT)
  105. continue;
  107. wcscpy(rgCatInfo[cCatInfo].wszCatalogFile,
  108. CatInfo.wszCatalogFile);
  110. memset(&rgMapCatInfo[cMapCatInfo], 0, sizeof(MAP_CAT_INFO));
  112. if (ERROR_SUCCESS == I_MinCryptMapFile(
  113. MINCRYPT_FILE_NAME,
  114. (const VOID *) CatInfo.wszCatalogFile,
  115. &rgMapCatInfo[cMapCatInfo].FileBlob
  116. ))
  117. rglMapCatIdx[cCatInfo] = cMapCatInfo++;
  118. else
  119. rglMapCatIdx[cCatInfo] = -1;
  121. cCatInfo++;
  122. assert(iCatInfo < cCatInfo);
  123. }
  125. lMapCatIdx = rglMapCatIdx[iCatInfo];
  127. if (0 > rglHashMapCatIdx[iHash])
  128. rglHashMapCatIdx[iHash] = lMapCatIdx;
  129. else if (0 <= lMapCatIdx)
  130. rglHashMapCatIdx[iHash] |= MAP_CAT_MULTIPLE_FLAG;
  131. }
  132. }
  134. lErr = ERROR_SUCCESS;
  136. CommonReturn:
  137. *pcMapCatInfo = cMapCatInfo;
  138. if (hCatAdmin)
  139. CryptCATAdminReleaseContext(hCatAdmin, 0);
  140. return lErr;
  142. CryptCATAdminAcquireContextError:
  143. lErr = GetLastError();
  144. if (ERROR_SUCCESS == lErr)
  145. lErr = E_UNEXPECTED;
  146. goto CommonReturn;
  147. }
  150. VOID
  151. WINAPI
  152. I_VerifyMappedCatalog(
  153. IN OUT PMAP_CAT_INFO pMapCatInfo
  154. )
  155. {
  156. LONG lErr;
  157. CRYPT_DER_BLOB rgVerSignedDataBlob[MINCRYPT_VER_SIGNED_DATA_BLOB_CNT];
  158. CRYPT_DER_BLOB rgCTLBlob[MINASN1_CTL_BLOB_CNT];
  160. __try {
  161. lErr = MinCryptVerifySignedData(
  162. pMapCatInfo->FileBlob.pbData,
  163. pMapCatInfo->FileBlob.cbData,
  164. rgVerSignedDataBlob
  165. );
  166. if (ERROR_SUCCESS != lErr)
  167. goto ErrorReturn;
  169. // The data content should be a CTL
  170. if (sizeof(rgbOID_CTL) !=
  171. rgVerSignedDataBlob[
  172. MINCRYPT_VER_SIGNED_DATA_CONTENT_OID_IDX].cbData
  173. ||
  174. 0 != memcmp(rgbOID_CTL,
  175. rgVerSignedDataBlob[
  176. MINCRYPT_VER_SIGNED_DATA_CONTENT_OID_IDX].pbData,
  177. sizeof(rgbOID_CTL)))
  178. goto NotCTLOID;
  180. if (0 >= MinAsn1ParseCTL(
  181. &rgVerSignedDataBlob[MINCRYPT_VER_SIGNED_DATA_CONTENT_DATA_IDX],
  182. rgCTLBlob
  183. ))
  184. goto ParseCTLError;
  187. pMapCatInfo->CTLSubjectsValueBlob =
  188. rgCTLBlob[MINASN1_CTL_SUBJECTS_IDX];
  189. pMapCatInfo->CTLExtsValueBlob =
  190. rgCTLBlob[MINASN1_CTL_EXTS_IDX];
  191. pMapCatInfo->SignerAuthAttrsValueBlob =
  192. rgVerSignedDataBlob[MINCRYPT_VER_SIGNED_DATA_AUTH_ATTRS_IDX];
  194. } __except(EXCEPTION_EXECUTE_HANDLER) {
  195. lErr = GetExceptionCode();
  196. if (ERROR_SUCCESS == lErr)
  197. lErr = E_UNEXPECTED;
  198. goto ErrorReturn;
  199. }
  201. lErr = ERROR_SUCCESS;
  203. CommonReturn:
  204. pMapCatInfo->lErr = lErr;
  205. return;
  207. ErrorReturn:
  208. goto CommonReturn;
  210. NotCTLOID:
  211. ParseCTLError:
  212. lErr = CRYPT_E_BAD_MSG;
  213. goto ErrorReturn;
  215. }
  217. VOID
  218. WINAPI
  219. I_VerifyMappedSystemCatalogs(
  220. IN DWORD cMapCatInfo,
  221. IN OUT MAP_CAT_INFO rgMapCatInfo[MAX_CAT_FILE_CNT]
  222. )
  223. {
  224. DWORD i;
  226. for (i = 0; i < cMapCatInfo; i++)
  227. I_VerifyMappedCatalog(&rgMapCatInfo[i]);
  228. }
  231. LONG
  232. WINAPI
  233. I_FindHashInCTLSubjects(
  234. IN ALG_ID HashAlgId,
  235. IN PCRYPT_HASH_BLOB pHashBlob,
  236. IN PCRYPT_DER_BLOB pCTLSubjectsValueBlob,
  237. OUT PCRYPT_DER_BLOB pCTLSubjectAttrsValueBlob
  238. )
  239. {
  240. DWORD cbEncoded;
  241. const BYTE *pbEncoded;
  243. // Advance past the outer tag and length
  244. if (0 >= MinAsn1ExtractContent(
  245. pCTLSubjectsValueBlob->pbData,
  246. pCTLSubjectsValueBlob->cbData,
  247. &cbEncoded,
  248. &pbEncoded
  249. ))
  250. goto NoOrInvalidSubjects;
  252. while (cbEncoded) {
  253. // Loop through the encoded subjects until we have a hash match
  254. // with the digest octets in the IndirectData attribute.
  256. LONG cbSubject;
  257. CRYPT_DER_BLOB rgCTLSubjectBlob[MINASN1_CTL_SUBJECT_BLOB_CNT];
  258. DWORD cAttr;
  259. CRYPT_DER_BLOB rgrgAttrBlob[MAX_CAT_ATTR_CNT][MINASN1_ATTR_BLOB_CNT];
  261. cbSubject = MinAsn1ParseCTLSubject(
  262. pbEncoded,
  263. cbEncoded,
  264. rgCTLSubjectBlob
  265. );
  266. if (0 >= cbSubject)
  267. goto InvalidSubject;
  269. cAttr = MAX_CAT_ATTR_CNT;
  270. if (0 < MinAsn1ParseAttributes(
  271. &rgCTLSubjectBlob[MINASN1_CTL_SUBJECT_ATTRS_IDX],
  272. &cAttr,
  273. rgrgAttrBlob
  274. )) {
  275. PCRYPT_DER_BLOB rgIndirectDataAttrBlob;
  276. CRYPT_DER_BLOB rgIndirectDataBlob[MINASN1_INDIRECT_DATA_BLOB_CNT];
  278. rgIndirectDataAttrBlob = MinAsn1FindAttribute(
  279. (PCRYPT_DER_BLOB) &IndirectDataEncodedOIDBlob,
  280. cAttr,
  281. rgrgAttrBlob
  282. );
  284. if (rgIndirectDataAttrBlob &&
  285. 0 < MinAsn1ParseIndirectData(
  286. &rgIndirectDataAttrBlob[MINASN1_ATTR_VALUE_IDX],
  287. rgIndirectDataBlob)) {
  288. if (pHashBlob->cbData ==
  289. rgIndirectDataBlob[
  290. MINASN1_INDIRECT_DATA_DIGEST_IDX].cbData
  291. &&
  292. 0 == memcmp(pHashBlob->pbData,
  293. rgIndirectDataBlob[
  294. MINASN1_INDIRECT_DATA_DIGEST_IDX].pbData,
  295. pHashBlob->cbData)) {
  297. *pCTLSubjectAttrsValueBlob =
  298. rgCTLSubjectBlob[MINASN1_CTL_SUBJECT_ATTRS_IDX];
  299. return ERROR_SUCCESS;
  300. }
  301. }
  302. }
  304. pbEncoded += cbSubject;
  305. cbEncoded -= cbSubject;
  306. }
  308. NoOrInvalidSubjects:
  309. InvalidSubject:
  310. pCTLSubjectAttrsValueBlob->pbData = NULL;
  311. pCTLSubjectAttrsValueBlob->cbData = 0;
  313. return ERROR_FILE_NOT_FOUND;
  314. }
  317. LONG
  318. WINAPI
  319. I_FindHashInMappedSystemCatalogs(
  320. IN ALG_ID HashAlgId,
  321. IN PCRYPT_HASH_BLOB pHashBlob,
  322. IN DWORD cMapCatInfo,
  323. IN MAP_CAT_INFO rgMapCatInfo[MAX_CAT_FILE_CNT],
  324. IN OUT LONG *plMapCatIdx,
  325. OUT PCRYPT_DER_BLOB pCTLSubjectAttrsValueBlob
  326. )
  327. {
  328. LONG lErr;
  329. LONG lMapCatIdx = *plMapCatIdx;
  330. BOOL fMultiple = FALSE;
  332. if (0 > lMapCatIdx)
  333. goto NotInCatalog;
  334. if (lMapCatIdx & MAP_CAT_MULTIPLE_FLAG)
  335. fMultiple = TRUE;
  336. else
  337. fMultiple = FALSE;
  338. lMapCatIdx &= MAP_CAT_IDX_MASK;
  340. assert((DWORD) lMapCatIdx < cMapCatInfo);
  342. if (ERROR_SUCCESS == rgMapCatInfo[lMapCatIdx].lErr
  343. &&
  344. ERROR_SUCCESS == I_FindHashInCTLSubjects(
  345. HashAlgId,
  346. pHashBlob,
  347. &rgMapCatInfo[lMapCatIdx].CTLSubjectsValueBlob,
  348. pCTLSubjectAttrsValueBlob
  349. ))
  350. goto SuccessReturn;
  352. if (fMultiple) {
  353. DWORD i;
  354. for (i = 0; i < cMapCatInfo; i++) {
  355. if ((DWORD) lMapCatIdx == i)
  356. continue;
  358. if (ERROR_SUCCESS == rgMapCatInfo[i].lErr
  359. &&
  360. ERROR_SUCCESS == I_FindHashInCTLSubjects(
  361. HashAlgId,
  362. pHashBlob,
  363. &rgMapCatInfo[i].CTLSubjectsValueBlob,
  364. pCTLSubjectAttrsValueBlob
  365. )) {
  366. lMapCatIdx = i;
  367. goto SuccessReturn;
  368. }
  369. }
  370. }
  372. NotInCatalog:
  373. lErr = ERROR_FILE_NOT_FOUND;
  374. lMapCatIdx = -1;
  375. pCTLSubjectAttrsValueBlob->pbData = NULL;
  376. pCTLSubjectAttrsValueBlob->cbData = 0;
  377. goto CommonReturn;
  379. SuccessReturn:
  380. lErr = ERROR_SUCCESS;
  381. CommonReturn:
  382. *plMapCatIdx = lMapCatIdx;
  383. return lErr;
  384. }
  387. VOID
  388. WINAPI
  389. I_GetHashAttributes(
  390. IN OPTIONAL DWORD cAttrOID,
  391. IN OPTIONAL CRYPT_DER_BLOB rgAttrEncodedOIDBlob[],
  393. IN PCRYPT_DER_BLOB pCTLSubjectAttrsValueBlob,
  394. IN PCRYPT_DER_BLOB pCTLExtsValueBlob,
  395. IN PCRYPT_DER_BLOB pSignerAuthAttrsValueBlob,
  397. IN OUT OPTIONAL CRYPT_DER_BLOB rgAttrValueBlob[],
  398. IN OUT LONG *plRemainExtra,
  399. IN OUT BYTE **ppbExtra
  400. )
  401. {
  402. DWORD cSubjectAttr;
  403. CRYPT_DER_BLOB rgrgSubjectAttrBlob[MAX_CAT_ATTR_CNT][MINASN1_ATTR_BLOB_CNT];
  404. DWORD cExt;
  405. CRYPT_DER_BLOB rgrgExtBlob[MAX_CAT_EXT_CNT][MINASN1_EXT_BLOB_CNT];
  406. DWORD cSignerAttr;
  407. CRYPT_DER_BLOB rgrgSignerAttrBlob[MAX_CAT_ATTR_CNT][MINASN1_ATTR_BLOB_CNT];
  409. DWORD i;
  410. LONG lRemainExtra = *plRemainExtra;
  411. BYTE *pbExtra = *ppbExtra;
  413. // Parse the attributes and extensions
  414. cSubjectAttr = MAX_CAT_ATTR_CNT;
  415. if (0 >= MinAsn1ParseAttributes(
  416. pCTLSubjectAttrsValueBlob,
  417. &cSubjectAttr,
  418. rgrgSubjectAttrBlob))
  419. cSubjectAttr = 0;
  421. cExt = MAX_CAT_EXT_CNT;
  422. if (0 >= MinAsn1ParseExtensions(
  423. pCTLExtsValueBlob,
  424. &cExt,
  425. rgrgExtBlob))
  426. cExt = 0;
  428. cSignerAttr = MAX_CAT_ATTR_CNT;
  429. if (0 >= MinAsn1ParseAttributes(
  430. pSignerAuthAttrsValueBlob,
  431. &cSignerAttr,
  432. rgrgSignerAttrBlob))
  433. cSignerAttr = 0;
  435. for (i = 0; i < cAttrOID; i++) {
  436. PCRYPT_DER_BLOB rgFindAttrBlob;
  437. PCRYPT_DER_BLOB rgFindExtBlob;
  438. PCRYPT_DER_BLOB pFindAttrValue;
  440. if (rgFindAttrBlob = MinAsn1FindAttribute(
  441. &rgAttrEncodedOIDBlob[i],
  442. cSubjectAttr,
  443. rgrgSubjectAttrBlob
  444. ))
  445. pFindAttrValue = &rgFindAttrBlob[MINASN1_ATTR_VALUE_IDX];
  446. else if (rgFindExtBlob = MinAsn1FindExtension(
  447. &rgAttrEncodedOIDBlob[i],
  448. cExt,
  449. rgrgExtBlob
  450. ))
  451. pFindAttrValue = &rgFindExtBlob[MINASN1_EXT_VALUE_IDX];
  452. else if (rgFindAttrBlob = MinAsn1FindAttribute(
  453. &rgAttrEncodedOIDBlob[i],
  454. cSignerAttr,
  455. rgrgSignerAttrBlob
  456. ))
  457. pFindAttrValue = &rgFindAttrBlob[MINASN1_ATTR_VALUE_IDX];
  458. else
  459. pFindAttrValue = NULL;
  461. if (pFindAttrValue && 0 != pFindAttrValue->cbData) {
  462. const BYTE *pbFindValue = pFindAttrValue->pbData;
  463. DWORD cbFindValue = pFindAttrValue->cbData;
  465. lRemainExtra -= cbFindValue;
  466. if (0 <= lRemainExtra) {
  467. rgAttrValueBlob[i].pbData = pbExtra;
  468. rgAttrValueBlob[i].cbData = cbFindValue;
  470. memcpy(pbExtra, pbFindValue, cbFindValue);
  471. pbExtra += cbFindValue;
  472. }
  473. }
  474. }
  476. *plRemainExtra = lRemainExtra;
  477. *ppbExtra = pbExtra;
  478. }
  483. //+-------------------------------------------------------------------------
  484. // Verifies the hashes in the system catalogs.
  485. //
  486. // Iterates through the hashes and attempts to find the system catalog
  487. // containing it. If found, the system catalog file is verified as a
  488. // PKCS #7 Signed Data message with its signer cert verified up to a baked
  489. // in root.
  490. //
  491. // The following mscat32.dll APIs are called to find the system catalog file:
  492. // CryptCATAdminAcquireContext
  493. // CryptCATAdminReleaseContext
  494. // CryptCATAdminEnumCatalogFromHash
  495. // CryptCATAdminReleaseCatalogContext
  496. // CryptCATCatalogInfoFromContext
  497. //
  498. // If the hash was successfully verified, rglErr[] is set to ERROR_SUCCESS.
  499. // Otherwise, rglErr[] is set to a nonzero error code.
  500. //
  501. // The caller can request one or more catalog subject attribute,
  502. // extension or signer authenticated attribute values to be returned for
  503. // each hash. The still encoded values are returned in the
  504. // caller allocated memory. The beginning of this returned memory will
  505. // be set to a 2 dimensional array of attribute value blobs pointing to these
  506. // encoded values (CRYPT_DER_BLOB rgrgAttrValueBlob[cHash][cAttrOID]).
  507. // The caller should make every attempt to allow for a
  508. // single pass call. The necessary memory size is:
  509. // (cHash * cAttrOID * sizeof(CRYPT_DER_BLOB)) +
  510. // total length of encoded attribute values.
  511. //
  512. // *pcbAttr will be updated with the number of bytes required to contain
  513. // the attribute blobs and values. If the input memory is insufficient,
  514. // ERROR_INSUFFICIENT_BUFFER will be returned if no other error.
  515. //
  516. // For a multi-valued attribute, only the first value is returned.
  517. //
  518. // If the function succeeds, the return value is ERROR_SUCCESS. This may
  519. // be returned for unsuccessful rglErr[] values. Otherwise,
  520. // a nonzero error code is returned.
  521. //--------------------------------------------------------------------------
  522. LONG
  523. WINAPI
  524. MinCryptVerifyHashInSystemCatalogs(
  525. IN ALG_ID HashAlgId,
  526. IN DWORD cHash,
  527. IN CRYPT_HASH_BLOB rgHashBlob[],
  528. OUT LONG rglErr[],
  530. IN OPTIONAL DWORD cAttrOID,
  531. IN OPTIONAL CRYPT_DER_BLOB rgAttrEncodedOIDBlob[],
  532. // CRYPT_DER_BLOB rgrgAttrValueBlob[cHash][cAttrOID] header is at beginning
  533. // with the bytes pointed to immediately following
  534. OUT OPTIONAL CRYPT_DER_BLOB *rgrgAttrValueBlob,
  535. IN OUT OPTIONAL DWORD *pcbAttr
  536. )
  537. {
  538. LONG lErr;
  539. DWORD cMapCatInfo = 0;
  540. MAP_CAT_INFO rgMapCatInfo[MAX_CAT_FILE_CNT];
  541. DWORD iMapCat;
  543. //**********************************************************************
  544. // WARNING!!!!
  545. //
  546. // The following function calls into other DLLs such as, kernel32.dll
  547. // and wintrust.dll to find and map the system catalog files. The input
  548. // array of hashes must be protected!!
  549. //
  550. // After returning we won't be calling into other DLLs until
  551. // UnmapViewOfFile is called in CommonReturn.
  552. //
  553. //**********************************************************************
  555. // Note, rglErr[] is overloaded and also used to contain the indices
  556. // into rgMapCatInfo for each corresponding hash.
  557. lErr = I_GetAndMapSystemCatalogs(
  558. HashAlgId,
  559. cHash,
  560. rgHashBlob,
  561. rglErr,
  562. &cMapCatInfo,
  563. rgMapCatInfo
  564. );
  565. if (ERROR_SUCCESS != lErr)
  566. goto ErrorReturn;
  568. __try {
  569. DWORD cbAttr = 0;
  570. LONG lRemainExtra = 0;
  571. BYTE *pbExtra = NULL;
  572. DWORD iHash;
  574. if (0 != cAttrOID && 0 != cHash) {
  575. if (rgrgAttrValueBlob)
  576. cbAttr = *pcbAttr;
  578. lRemainExtra = cbAttr - sizeof(CRYPT_DER_BLOB) * cAttrOID * cHash;
  579. if (0 <= lRemainExtra) {
  580. memset(rgrgAttrValueBlob, 0,
  581. sizeof(CRYPT_DER_BLOB) * cAttrOID * cHash);
  582. pbExtra = (BYTE *) &rgrgAttrValueBlob[cAttrOID * cHash];
  583. }
  584. }
  586. I_VerifyMappedSystemCatalogs(
  587. cMapCatInfo,
  588. rgMapCatInfo
  589. );
  591. for (iHash = 0; iHash < cHash; iHash++) {
  592. LONG lMapCatIdx = rglErr[iHash];
  593. CRYPT_DER_BLOB CTLSubjectAttrsValueBlob;
  595. rglErr[iHash] = I_FindHashInMappedSystemCatalogs(
  596. HashAlgId,
  597. &rgHashBlob[iHash],
  598. cMapCatInfo,
  599. rgMapCatInfo,
  600. &lMapCatIdx,
  601. &CTLSubjectAttrsValueBlob
  602. );
  604. if (0 != cAttrOID && ERROR_SUCCESS == rglErr[iHash]) {
  605. assert(0 <= lMapCatIdx && (DWORD) lMapCatIdx < cMapCatInfo);
  606. I_GetHashAttributes(
  607. cAttrOID,
  608. rgAttrEncodedOIDBlob,
  609. &CTLSubjectAttrsValueBlob,
  610. &rgMapCatInfo[lMapCatIdx].CTLExtsValueBlob,
  611. &rgMapCatInfo[lMapCatIdx].SignerAuthAttrsValueBlob,
  612. 0 <= lRemainExtra ?
  613. &rgrgAttrValueBlob[cAttrOID * iHash] : NULL,
  614. &lRemainExtra,
  615. &pbExtra
  616. );
  617. }
  618. }
  620. if (0 != cAttrOID && 0 != cHash) {
  621. if (0 <= lRemainExtra)
  622. *pcbAttr = cbAttr - (DWORD) lRemainExtra;
  623. else {
  624. *pcbAttr = cbAttr + (DWORD) -lRemainExtra;
  625. goto InsufficientBuffer;
  626. }
  627. }
  629. } __except(EXCEPTION_EXECUTE_HANDLER) {
  630. lErr = GetExceptionCode();
  631. if (ERROR_SUCCESS == lErr)
  632. lErr = E_UNEXPECTED;
  633. goto ErrorReturn;
  634. }
  635. lErr = ERROR_SUCCESS;
  637. CommonReturn:
  638. //**********************************************************************
  639. // WARNING!!!!
  640. //
  641. // UnmapViewOfFile is in another DLL, kernel32.dll.
  642. // lErr and the return error for each hash in rglErr[] must be protected.
  643. //
  644. //**********************************************************************
  645. for (iMapCat = 0; iMapCat < cMapCatInfo; iMapCat++)
  646. UnmapViewOfFile(rgMapCatInfo[iMapCat].FileBlob.pbData);
  648. return lErr;
  650. ErrorReturn:
  651. assert(ERROR_SUCCESS != lErr);
  652. if (ERROR_INSUFFICIENT_BUFFER == lErr)
  653. // This error can only be set when we determine that the attribute
  654. // buffer isn't big enough.
  655. lErr = E_UNEXPECTED;
  656. goto CommonReturn;
  658. InsufficientBuffer:
  659. lErr = ERROR_INSUFFICIENT_BUFFER;
  660. // Don't goto ErrorReturn. It explicitly checks that noone else can
  661. // set this error
  662. goto CommonReturn;
  663. }