wintrust: Load secondary signatures in SoftpubLoadSignature().

2025-03-07 03:53:26 +01:00 · 2022-09-30 21:25:18 -05:00 · 2022-09-30 21:25:18 -05:00 · 71f58158c1
commit 71f58158c1
parent 2f5ad179e5
3 changed files with 57 additions and 1 deletions
--- a/dlls/wintrust/softpub.c
+++ b/dlls/wintrust/softpub.c
@ -830,6 +830,57 @@ static DWORD WINTRUST_VerifySigner(CRYPT_PROVIDER_DATA *data, DWORD signerIdx)
    return err;
 }

+static void load_secondary_signatures(CRYPT_PROVIDER_DATA *data, HCRYPTMSG msg)
+{
+    CRYPT_PROVIDER_SIGSTATE *s = data->pSigState;
+    CRYPT_ATTRIBUTES *attrs;
+    unsigned int i, j;
+    DWORD size;
+
+    if (!CryptMsgGetParam(msg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, NULL, &size))
+        return;
+
+    if (!(attrs = data->psPfns->pfnAlloc(size)))
+    {
+        ERR("No memory.\n");
+        return;
+    }
+    if (!CryptMsgGetParam(msg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, attrs, &size))
+        goto done;
+
+    for (i = 0; i < attrs->cAttr; ++i)
+    {
+        if (strcmp(attrs->rgAttr[i].pszObjId, szOID_NESTED_SIGNATURE))
+            continue;
+
+        if (!(s->rhSecondarySigs = data->psPfns->pfnAlloc(attrs->rgAttr[i].cValue * sizeof(*s->rhSecondarySigs))))
+        {
+            ERR("No memory");
+            goto done;
+        }
+        s->cSecondarySigs = 0;
+        for (j = 0; j < attrs->rgAttr[i].cValue; ++j)
+        {
+            if (!(msg = CryptMsgOpenToDecode(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, 0, 0, NULL, NULL)))
+            {
+                ERR("Could not create crypt message.\n");
+                goto done;
+            }
+            if (!CryptMsgUpdate(msg, attrs->rgAttr[i].rgValue[j].pbData, attrs->rgAttr[i].rgValue[j].cbData, TRUE))
+            {
+                ERR("Could not update crypt message, err %lu.\n", GetLastError());
+                CryptMsgClose(msg);
+                goto done;
+            }
+            s->rhSecondarySigs[j] = msg;
+            ++s->cSecondarySigs;
+        }
+        break;
+    }
+done:
+    data->psPfns->pfnFree(attrs);
+}
+
 HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data)
 {
    DWORD err = ERROR_SUCCESS;
@ -854,7 +905,10 @@ HRESULT WINAPI SoftpubLoadSignature(CRYPT_PROVIDER_DATA *data)
        data->pSigState->fSupportMultiSig = TRUE;
        data->pSigState->dwCryptoPolicySupport = WSS_SIGTRUST_SUPPORT | WSS_OBJTRUST_SUPPORT | WSS_CERTTRUST_SUPPORT;
        if (data->hMsg)
+        {
            data->pSigState->hPrimarySig = CryptMsgDuplicate(data->hMsg);
+            load_secondary_signatures(data, data->pSigState->hPrimarySig);
+        }
    }

    if (!err && data->hMsg)
--- a/dlls/wintrust/tests/softpub.c
+++ b/dlls/wintrust/tests/softpub.c
@ -1840,7 +1840,7 @@ static void test_multiple_signatures(void)
        ok(prov->pSigState->fSupportMultiSig, "Got %d.\n", prov->pSigState->fSupportMultiSig);
        ok(prov->pSigState->dwCryptoPolicySupport == (WSS_SIGTRUST_SUPPORT | WSS_OBJTRUST_SUPPORT
                | WSS_CERTTRUST_SUPPORT), "Got %#lx.\n", prov->pSigState->dwCryptoPolicySupport);
-        todo_wine ok(prov->pSigState->cSecondarySigs == 2, "Got %lu.\n", prov->pSigState->cSecondarySigs);
+        ok(prov->pSigState->cSecondarySigs == 2, "Got %lu.\n", prov->pSigState->cSecondarySigs);

        size = sizeof(buf);
        bret = CryptMsgGetParam(prov->pSigState->hPrimarySig, CMSG_SIGNER_CERT_INFO_PARAM, 0, buf, &size);
--- a/include/wintrust.h
+++ b/include/wintrust.h
@ -475,6 +475,8 @@ CRYPT_PROVIDER_SGNR * WINAPI WTHelperGetProvSignerFromChain(
 CRYPT_PROVIDER_DATA * WINAPI WTHelperProvDataFromStateData(HANDLE hStateData);
 CRYPT_PROVIDER_PRIVDATA * WINAPI WTHelperGetProvPrivateDataFromChain(CRYPT_PROVIDER_DATA *,GUID *);

+#define szOID_NESTED_SIGNATURE       "1.3.6.1.4.1.311.2.4.1"
+
 #define SPC_INDIRECT_DATA_OBJID      "1.3.6.1.4.1.311.2.1.4"
 #define SPC_SP_AGENCY_INFO_OBJID     "1.3.6.1.4.1.311.2.1.10"
 #define SPC_STATEMENT_TYPE_OBJID     "1.3.6.1.4.1.311.2.1.11"