crypt32: Accept end certificates with no extended key usage extension if a particular...
[wine] / dlls / crypt32 / sip.c
1 /*
2  * Copyright 2002 Mike McCormack for CodeWeavers
3  * Copyright 2005-2008 Juan Lang
4  * Copyright 2006 Paul Vriens
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19  */
20
21 #include <stdarg.h>
22 #include <stdio.h>
23
24 #include "windef.h"
25 #include "winbase.h"
26 #include "wincrypt.h"
27 #include "winreg.h"
28 #include "winnls.h"
29 #include "mssip.h"
30 #include "winuser.h"
31
32 #include "wine/debug.h"
33 #include "wine/list.h"
34
35 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
36
37 static const WCHAR szOID[] = {
38     'S','o','f','t','w','a','r','e','\\',
39     'M','i','c','r','o','s','o','f','t','\\',
40     'C','r','y','p','t','o','g','r','a','p','h','y','\\',
41     'O','I','D','\\',
42     'E','n','c','o','d','i','n','g','T','y','p','e',' ','0','\\',
43     'C','r','y','p','t','S','I','P','D','l','l', 0 };
44
45 static const WCHAR szPutSigned[] = {
46     'P','u','t','S','i','g','n','e','d','D','a','t','a','M','s','g','\\',0};
47 static const WCHAR szGetSigned[] = {
48     'G','e','t','S','i','g','n','e','d','D','a','t','a','M','s','g','\\',0};
49 static const WCHAR szRemoveSigned[] = {
50     'R','e','m','o','v','e','S','i','g','n','e','d','D','a','t','a','M','s','g','\\',0};
51 static const WCHAR szCreate[] = {
52     'C','r','e','a','t','e','I','n','d','i','r','e','c','t','D','a','t','a','\\',0};
53 static const WCHAR szVerify[] = {
54     'V','e','r','i','f','y','I','n','d','i','r','e','c','t','D','a','t','a','\\',0};
55 static const WCHAR szIsMyFile[] = {
56     'I','s','M','y','F','i','l','e','T','y','p','e','\\',0};
57 static const WCHAR szIsMyFile2[] = {
58     'I','s','M','y','F','i','l','e','T','y','p','e','2','\\',0};
59
60 static const WCHAR szDllName[] = { 'D','l','l',0 };
61 static const WCHAR szFuncName[] = { 'F','u','n','c','N','a','m','e',0 };
62
63 /* convert a guid to a wide character string */
64 static void CRYPT_guid2wstr( const GUID *guid, LPWSTR wstr )
65 {
66     char str[40];
67
68     sprintf(str, "{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}",
69            guid->Data1, guid->Data2, guid->Data3,
70            guid->Data4[0], guid->Data4[1], guid->Data4[2], guid->Data4[3],
71            guid->Data4[4], guid->Data4[5], guid->Data4[6], guid->Data4[7] );
72     MultiByteToWideChar( CP_ACP, 0, str, -1, wstr, 40 );
73 }
74
75 /***********************************************************************
76  *              CRYPT_SIPDeleteFunction
77  *
78  * Helper function for CryptSIPRemoveProvider
79  */
80 static LONG CRYPT_SIPDeleteFunction( const GUID *guid, LPCWSTR szKey )
81 {
82     WCHAR szFullKey[ 0x100 ];
83     LONG r = ERROR_SUCCESS;
84
85     /* max length of szFullKey depends on our code only, so we won't overrun */
86     lstrcpyW( szFullKey, szOID );
87     lstrcatW( szFullKey, szKey );
88     CRYPT_guid2wstr( guid, &szFullKey[ lstrlenW( szFullKey ) ] );
89
90     r = RegDeleteKeyW(HKEY_LOCAL_MACHINE, szFullKey);
91
92     return r;
93 }
94
95 /***********************************************************************
96  *             CryptSIPRemoveProvider (CRYPT32.@)
97  *
98  * Remove a SIP provider and its functions from the registry.
99  *
100  * PARAMS
101  *  pgProv     [I] Pointer to a GUID for this SIP provider
102  *
103  * RETURNS
104  *  Success: TRUE.
105  *  Failure: FALSE. (Look at GetLastError()).
106  *
107  * NOTES
108  *  Registry errors are always reported via SetLastError(). Every registry
109  *  deletion will be tried.
110  */
111 BOOL WINAPI CryptSIPRemoveProvider(GUID *pgProv)
112 {
113     LONG r = ERROR_SUCCESS;
114     LONG remove_error = ERROR_SUCCESS;
115
116     TRACE("%s\n", debugstr_guid(pgProv));
117
118     if (!pgProv)
119     {
120         SetLastError(ERROR_INVALID_PARAMETER);
121         return FALSE;
122     }
123
124
125 #define CRYPT_SIPREMOVEPROV( key ) \
126     r = CRYPT_SIPDeleteFunction( pgProv, key); \
127     if (r != ERROR_SUCCESS) remove_error = r
128
129     CRYPT_SIPREMOVEPROV( szPutSigned);
130     CRYPT_SIPREMOVEPROV( szGetSigned);
131     CRYPT_SIPREMOVEPROV( szRemoveSigned);
132     CRYPT_SIPREMOVEPROV( szCreate);
133     CRYPT_SIPREMOVEPROV( szVerify);
134     CRYPT_SIPREMOVEPROV( szIsMyFile);
135     CRYPT_SIPREMOVEPROV( szIsMyFile2);
136
137 #undef CRYPT_SIPREMOVEPROV
138
139     if (remove_error != ERROR_SUCCESS)
140     {
141         SetLastError(remove_error);
142         return FALSE;
143     }
144
145     return TRUE;
146 }
147
148 /*
149  * Helper for CryptSIPAddProvider
150  *
151  * Add a registry key containing a dll name and function under
152  *  "Software\\Microsoft\\Cryptography\\OID\\EncodingType 0\\<func>\\<guid>"
153  */
154 static LONG CRYPT_SIPWriteFunction( const GUID *guid, LPCWSTR szKey,
155               LPCWSTR szDll, LPCWSTR szFunction )
156 {
157     WCHAR szFullKey[ 0x100 ];
158     LONG r = ERROR_SUCCESS;
159     HKEY hKey;
160
161     if( !szFunction )
162          return ERROR_SUCCESS;
163
164     /* max length of szFullKey depends on our code only, so we won't overrun */
165     lstrcpyW( szFullKey, szOID );
166     lstrcatW( szFullKey, szKey );
167     CRYPT_guid2wstr( guid, &szFullKey[ lstrlenW( szFullKey ) ] );
168
169     TRACE("key is %s\n", debugstr_w( szFullKey ) );
170
171     r = RegCreateKeyW( HKEY_LOCAL_MACHINE, szFullKey, &hKey );
172     if( r != ERROR_SUCCESS ) goto error_close_key;
173
174     /* write the values */
175     r = RegSetValueExW( hKey, szFuncName, 0, REG_SZ, (const BYTE*) szFunction,
176                         ( lstrlenW( szFunction ) + 1 ) * sizeof (WCHAR) );
177     if( r != ERROR_SUCCESS ) goto error_close_key;
178     r = RegSetValueExW( hKey, szDllName, 0, REG_SZ, (const BYTE*) szDll,
179                         ( lstrlenW( szDll ) + 1) * sizeof (WCHAR) );
180
181 error_close_key:
182
183     RegCloseKey( hKey );
184
185     return r;
186 }
187
188 /***********************************************************************
189  *             CryptSIPAddProvider (CRYPT32.@)
190  *
191  * Add a SIP provider and its functions to the registry.
192  *
193  * PARAMS
194  *  psNewProv       [I] Pointer to a structure with information about
195  *                      the functions this SIP provider can perform.
196  *
197  * RETURNS
198  *  Success: TRUE.
199  *  Failure: FALSE. (Look at GetLastError()).
200  *
201  * NOTES
202  *  Registry errors are always reported via SetLastError(). If a
203  *  registry error occurs the rest of the registry write operations
204  *  will be skipped.
205  */
206 BOOL WINAPI CryptSIPAddProvider(SIP_ADD_NEWPROVIDER *psNewProv)
207 {
208     LONG r = ERROR_SUCCESS;
209
210     TRACE("%p\n", psNewProv);
211
212     if (!psNewProv ||
213         psNewProv->cbStruct != sizeof(SIP_ADD_NEWPROVIDER) ||
214         !psNewProv->pwszGetFuncName ||
215         !psNewProv->pwszPutFuncName ||
216         !psNewProv->pwszCreateFuncName ||
217         !psNewProv->pwszVerifyFuncName ||
218         !psNewProv->pwszRemoveFuncName)
219     {
220         SetLastError(ERROR_INVALID_PARAMETER);
221         return FALSE;
222     }
223
224     TRACE("%s %s %s %s %s\n",
225           debugstr_guid( psNewProv->pgSubject ),
226           debugstr_w( psNewProv->pwszDLLFileName ),
227           debugstr_w( psNewProv->pwszMagicNumber ),
228           debugstr_w( psNewProv->pwszIsFunctionName ),
229           debugstr_w( psNewProv->pwszIsFunctionNameFmt2 ) );
230
231 #define CRYPT_SIPADDPROV( key, field ) \
232     r = CRYPT_SIPWriteFunction( psNewProv->pgSubject, key, \
233            psNewProv->pwszDLLFileName, psNewProv->field); \
234     if (r != ERROR_SUCCESS) goto end_function
235
236     CRYPT_SIPADDPROV( szPutSigned, pwszPutFuncName );
237     CRYPT_SIPADDPROV( szGetSigned, pwszGetFuncName );
238     CRYPT_SIPADDPROV( szRemoveSigned, pwszRemoveFuncName );
239     CRYPT_SIPADDPROV( szCreate, pwszCreateFuncName );
240     CRYPT_SIPADDPROV( szVerify, pwszVerifyFuncName );
241     CRYPT_SIPADDPROV( szIsMyFile, pwszIsFunctionName );
242     CRYPT_SIPADDPROV( szIsMyFile2, pwszIsFunctionNameFmt2 );
243
244 #undef CRYPT_SIPADDPROV
245
246 end_function:
247
248     if (r != ERROR_SUCCESS)
249     {
250         SetLastError(r);
251         return FALSE;
252     }
253
254     return TRUE;
255 }
256
257 static void *CRYPT_LoadSIPFuncFromKey(HKEY key, HMODULE *pLib)
258 {
259     LONG r;
260     DWORD size;
261     WCHAR dllName[MAX_PATH];
262     char functionName[MAX_PATH];
263     HMODULE lib;
264     void *func = NULL;
265
266     /* Read the DLL entry */
267     size = sizeof(dllName);
268     r = RegQueryValueExW(key, szDllName, NULL, NULL, (LPBYTE)dllName, &size);
269     if (r) goto end;
270
271     /* Read the Function entry */
272     size = sizeof(functionName);
273     r = RegQueryValueExA(key, "FuncName", NULL, NULL, (LPBYTE)functionName,
274      &size);
275     if (r) goto end;
276
277     lib = LoadLibraryW(dllName);
278     if (!lib)
279         goto end;
280     func = GetProcAddress(lib, functionName);
281     if (func)
282         *pLib = lib;
283     else
284         FreeLibrary(lib);
285
286 end:
287     return func;
288 }
289
290 /***********************************************************************
291  *             CryptSIPRetrieveSubjectGuid (CRYPT32.@)
292  *
293  * Determine the right SIP GUID for the given file.
294  *
295  * PARAMS
296  *  FileName   [I] Filename.
297  *  hFileIn    [I] Optional handle to the file.
298  *  pgSubject  [O] The SIP's GUID.
299  *
300  * RETURNS
301  *  Success: TRUE. pgSubject contains the SIP GUID.
302  *  Failure: FALSE. (Look at GetLastError()).
303  *
304  * NOTES
305  *  On failure pgSubject will contain a NULL GUID.
306  *  The handle is always preferred above the filename.
307  */
308 BOOL WINAPI CryptSIPRetrieveSubjectGuid
309       (LPCWSTR FileName, HANDLE hFileIn, GUID *pgSubject)
310 {
311     HANDLE hFile;
312     BOOL   bRet = FALSE;
313     DWORD  count;
314     LARGE_INTEGER zero, oldPos;
315     /* FIXME, find out if there is a name for this GUID */
316     static const GUID unknown = { 0xC689AAB8, 0x8E78, 0x11D0, { 0x8C,0x47,0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
317     static const GUID cabGUID = { 0xc689aaba, 0x8e78, 0x11d0, {0x8c,0x47,0x00,0xc0,0x4f,0xc2,0x95,0xee }};
318     static const GUID catGUID = { 0xDE351A43, 0x8E59, 0x11D0, { 0x8C,0x47,0x00,0xC0,0x4F,0xC2,0x95,0xEE }};
319     static const WORD dosHdr = IMAGE_DOS_SIGNATURE;
320     static const BYTE cabHdr[] = { 'M','S','C','F' };
321     BYTE hdr[SIP_MAX_MAGIC_NUMBER];
322     WCHAR szFullKey[ 0x100 ];
323     LONG r = ERROR_SUCCESS;
324     HKEY key;
325
326     TRACE("(%s %p %p)\n", wine_dbgstr_w(FileName), hFileIn, pgSubject);
327
328     if (!pgSubject || (!FileName && !hFileIn))
329     {
330         SetLastError(ERROR_INVALID_PARAMETER);
331         return FALSE;
332     }
333
334     /* Set pgSubject to zero's */
335     memset(pgSubject, 0 , sizeof(GUID));
336
337     if (hFileIn)
338         /* Use the given handle, make sure not to close this one ourselves */
339         hFile = hFileIn;
340     else
341     {
342         hFile = CreateFileW(FileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
343         /* Last error is set by CreateFile */
344         if (hFile == INVALID_HANDLE_VALUE) return FALSE;
345     }
346
347     zero.QuadPart = 0;
348     SetFilePointerEx(hFile, zero, &oldPos, FILE_CURRENT);
349     SetFilePointer(hFile, 0, NULL, FILE_BEGIN);
350     if (!ReadFile(hFile, hdr, sizeof(hdr), &count, NULL))
351         goto cleanup;
352
353     if (count < SIP_MAX_MAGIC_NUMBER)
354     {
355         SetLastError(ERROR_INVALID_PARAMETER);
356         goto cleanup;
357     }
358
359     TRACE("file magic = 0x%02x%02x%02x%02x\n", hdr[0], hdr[1], hdr[2], hdr[3]);
360     /* As everything is in place now we start looking at the file header */
361     if (!memcmp(hdr, &dosHdr, sizeof(dosHdr)))
362     {
363         *pgSubject = unknown;
364         SetLastError(S_OK);
365         bRet = TRUE;
366         goto cleanup;
367     }
368     /* Quick-n-dirty check for a cab file. */
369     if (!memcmp(hdr, cabHdr, sizeof(cabHdr)))
370     {
371         *pgSubject = cabGUID;
372         SetLastError(S_OK);
373         bRet = TRUE;
374         goto cleanup;
375     }
376     /* If it's asn.1-encoded, it's probably a .cat file. */
377     if (hdr[0] == 0x30)
378     {
379         DWORD fileLen = GetFileSize(hFile, NULL);
380
381         TRACE("fileLen = %d\n", fileLen);
382         /* Sanity-check length */
383         if (hdr[1] < 0x80 && fileLen == 2 + hdr[1])
384         {
385             *pgSubject = catGUID;
386             SetLastError(S_OK);
387             bRet = TRUE;
388             goto cleanup;
389         }
390         else if (hdr[1] == 0x80)
391         {
392             /* Indefinite length, can't verify with just the header, assume it
393              * is.
394              */
395             *pgSubject = catGUID;
396             SetLastError(S_OK);
397             bRet = TRUE;
398             goto cleanup;
399         }
400         else
401         {
402             BYTE lenBytes = hdr[1] & 0x7f;
403
404             if (lenBytes == 1 && fileLen == 2 + lenBytes + hdr[2])
405             {
406                 *pgSubject = catGUID;
407                 SetLastError(S_OK);
408                 bRet = TRUE;
409                 goto cleanup;
410             }
411             else if (lenBytes == 2 && fileLen == 2 + lenBytes +
412              (hdr[2] << 8 | hdr[3]))
413             {
414                 *pgSubject = catGUID;
415                 SetLastError(S_OK);
416                 bRet = TRUE;
417                 goto cleanup;
418             }
419             else if (fileLen > 0xffff)
420             {
421                 /* The file size must be greater than 2 bytes in length, so
422                  * assume it is a .cat file
423                  */
424                 *pgSubject = catGUID;
425                 SetLastError(S_OK);
426                 bRet = TRUE;
427                 goto cleanup;
428             }
429         }
430     }
431
432     /* Check for supported functions using CryptSIPDllIsMyFileType */
433     /* max length of szFullKey depends on our code only, so we won't overrun */
434     lstrcpyW(szFullKey, szOID);
435     lstrcatW(szFullKey, szIsMyFile);
436     r = RegOpenKeyExW(HKEY_LOCAL_MACHINE, szFullKey, 0, KEY_READ, &key);
437     if (r == ERROR_SUCCESS)
438     {
439         DWORD index = 0, size;
440         WCHAR subKeyName[MAX_PATH];
441
442         do {
443             size = sizeof(subKeyName) / sizeof(subKeyName[0]);
444             r = RegEnumKeyExW(key, index++, subKeyName, &size, NULL, NULL,
445              NULL, NULL);
446             if (r == ERROR_SUCCESS)
447             {
448                 HKEY subKey;
449
450                 r = RegOpenKeyExW(key, subKeyName, 0, KEY_READ, &subKey);
451                 if (r == ERROR_SUCCESS)
452                 {
453                     HMODULE lib;
454                     pfnIsFileSupported isMy = CRYPT_LoadSIPFuncFromKey(subKey,
455                      &lib);
456
457                     if (isMy)
458                     {
459                         bRet = isMy(hFile, pgSubject);
460                         FreeLibrary(lib);
461                     }
462                     RegCloseKey(subKey);
463                 }
464             }
465         } while (!bRet && r == ERROR_SUCCESS);
466         RegCloseKey(key);
467     }
468
469     /* Check for supported functions using CryptSIPDllIsMyFileType2 */
470     if (!bRet)
471     {
472         lstrcpyW(szFullKey, szOID);
473         lstrcatW(szFullKey, szIsMyFile2);
474         r = RegOpenKeyExW(HKEY_LOCAL_MACHINE, szFullKey, 0, KEY_READ, &key);
475         if (r == ERROR_SUCCESS)
476         {
477             DWORD index = 0, size;
478             WCHAR subKeyName[MAX_PATH];
479
480             do {
481                 size = sizeof(subKeyName) / sizeof(subKeyName[0]);
482                 r = RegEnumKeyExW(key, index++, subKeyName, &size, NULL, NULL,
483                  NULL, NULL);
484                 if (r == ERROR_SUCCESS)
485                 {
486                     HKEY subKey;
487
488                     r = RegOpenKeyExW(key, subKeyName, 0, KEY_READ, &subKey);
489                     if (r == ERROR_SUCCESS)
490                     {
491                         HMODULE lib;
492                         pfnIsFileSupportedName isMy2 =
493                          CRYPT_LoadSIPFuncFromKey(subKey, &lib);
494
495                         if (isMy2)
496                         {
497                             bRet = isMy2((LPWSTR)FileName, pgSubject);
498                             FreeLibrary(lib);
499                         }
500                         RegCloseKey(subKey);
501                     }
502                 }
503             } while (!bRet && r == ERROR_SUCCESS);
504             RegCloseKey(key);
505         }
506     }
507
508     if (!bRet)
509         SetLastError(TRUST_E_SUBJECT_FORM_UNKNOWN);
510
511 cleanup:
512     /* If we didn't open this one we shouldn't close it (hFile is a copy),
513      * but we should reset the file pointer to its original position.
514      */
515     if (!hFileIn)
516         CloseHandle(hFile);
517     else
518         SetFilePointerEx(hFile, oldPos, NULL, FILE_BEGIN);
519
520     return bRet;
521 }
522
523 static LONG CRYPT_OpenSIPFunctionKey(const GUID *guid, LPCWSTR function,
524  HKEY *key)
525 {
526     WCHAR szFullKey[ 0x100 ];
527
528     lstrcpyW(szFullKey, szOID);
529     lstrcatW(szFullKey, function);
530     CRYPT_guid2wstr(guid, &szFullKey[lstrlenW(szFullKey)]);
531     return RegOpenKeyExW(HKEY_LOCAL_MACHINE, szFullKey, 0, KEY_READ, key);
532 }
533
534 /* Loads the function named function for the SIP specified by pgSubject, and
535  * returns it if found.  Returns NULL on error.  If the function is loaded,
536  * *pLib is set to the library in which it is found.
537  */
538 static void *CRYPT_LoadSIPFunc(const GUID *pgSubject, LPCWSTR function,
539  HMODULE *pLib)
540 {
541     LONG r;
542     HKEY key;
543     void *func = NULL;
544
545     TRACE("(%s, %s)\n", debugstr_guid(pgSubject), debugstr_w(function));
546
547     r = CRYPT_OpenSIPFunctionKey(pgSubject, function, &key);
548     if (!r)
549     {
550         func = CRYPT_LoadSIPFuncFromKey(key, pLib);
551         RegCloseKey(key);
552     }
553     TRACE("returning %p\n", func);
554     return func;
555 }
556
557 typedef struct _WINE_SIP_PROVIDER {
558     GUID              subject;
559     SIP_DISPATCH_INFO info;
560     struct list       entry;
561 } WINE_SIP_PROVIDER;
562
563 static struct list providers = { &providers, &providers };
564 static CRITICAL_SECTION providers_cs;
565 static CRITICAL_SECTION_DEBUG providers_cs_debug =
566 {
567     0, 0, &providers_cs,
568     { &providers_cs_debug.ProcessLocksList,
569     &providers_cs_debug.ProcessLocksList },
570     0, 0, { (DWORD_PTR)(__FILE__ ": providers_cs") }
571 };
572 static CRITICAL_SECTION providers_cs = { &providers_cs_debug, -1, 0, 0, 0, 0 };
573
574 static void CRYPT_CacheSIP(const GUID *pgSubject, SIP_DISPATCH_INFO *info)
575 {
576     WINE_SIP_PROVIDER *prov = CryptMemAlloc(sizeof(WINE_SIP_PROVIDER));
577
578     if (prov)
579     {
580         prov->subject = *pgSubject;
581         prov->info = *info;
582         EnterCriticalSection(&providers_cs);
583         list_add_tail(&providers, &prov->entry);
584         LeaveCriticalSection(&providers_cs);
585     }
586 }
587
588 static WINE_SIP_PROVIDER *CRYPT_GetCachedSIP(const GUID *pgSubject)
589 {
590     WINE_SIP_PROVIDER *provider = NULL, *ret = NULL;
591
592     EnterCriticalSection(&providers_cs);
593     LIST_FOR_EACH_ENTRY(provider, &providers, WINE_SIP_PROVIDER, entry)
594     {
595         if (IsEqualGUID(pgSubject, &provider->subject))
596             break;
597     }
598     if (provider && IsEqualGUID(pgSubject, &provider->subject))
599         ret = provider;
600     LeaveCriticalSection(&providers_cs);
601     return ret;
602 }
603
604 static inline BOOL CRYPT_IsSIPCached(const GUID *pgSubject)
605 {
606     return CRYPT_GetCachedSIP(pgSubject) != NULL;
607 }
608
609 void crypt_sip_free(void)
610 {
611     WINE_SIP_PROVIDER *prov, *next;
612
613     LIST_FOR_EACH_ENTRY_SAFE(prov, next, &providers, WINE_SIP_PROVIDER, entry)
614     {
615         list_remove(&prov->entry);
616         FreeLibrary(prov->info.hSIP);
617         CryptMemFree(prov);
618     }
619 }
620
621 /* Loads the SIP for pgSubject into the global cache.  Returns FALSE if the
622  * SIP isn't registered or is invalid.
623  */
624 static BOOL CRYPT_LoadSIP(const GUID *pgSubject)
625 {
626     SIP_DISPATCH_INFO sip = { 0 };
627     HMODULE lib = NULL, temp = NULL;
628
629     sip.pfGet = CRYPT_LoadSIPFunc(pgSubject, szGetSigned, &lib);
630     if (!sip.pfGet)
631         goto error;
632     sip.pfPut = CRYPT_LoadSIPFunc(pgSubject, szPutSigned, &temp);
633     if (!sip.pfPut || temp != lib)
634         goto error;
635     FreeLibrary(temp);
636     sip.pfCreate = CRYPT_LoadSIPFunc(pgSubject, szCreate, &temp);
637     if (!sip.pfCreate || temp != lib)
638         goto error;
639     FreeLibrary(temp);
640     sip.pfVerify = CRYPT_LoadSIPFunc(pgSubject, szVerify, &temp);
641     if (!sip.pfVerify || temp != lib)
642         goto error;
643     FreeLibrary(temp);
644     sip.pfRemove = CRYPT_LoadSIPFunc(pgSubject, szRemoveSigned, &temp);
645     if (!sip.pfRemove || temp != lib)
646         goto error;
647     FreeLibrary(temp);
648     sip.hSIP = lib;
649     CRYPT_CacheSIP(pgSubject, &sip);
650     return TRUE;
651
652 error:
653     FreeLibrary(lib);
654     FreeLibrary(temp);
655     SetLastError(TRUST_E_SUBJECT_FORM_UNKNOWN);
656     return FALSE;
657 }
658
659 /***********************************************************************
660  *             CryptSIPLoad (CRYPT32.@)
661  *
662  * Load some internal crypt32 functions into a SIP_DISPATCH_INFO structure.
663  *
664  * PARAMS
665  *  pgSubject    [I] The GUID.
666  *  dwFlags      [I] Flags.
667  *  pSipDispatch [I] The loaded functions.
668  *
669  * RETURNS
670  *  Success: TRUE. pSipDispatch contains the functions.
671  *  Failure: FALSE. (Look at GetLastError()).
672  *
673  * NOTES
674  *  CryptSIPLoad uses caching for the list of GUIDs and whether a SIP is
675  *  already loaded.
676  *
677  *  An application calls CryptSipLoad which will return a structure with the
678  *  function addresses of some internal crypt32 functions. The application will
679  *  then call these functions which will be forwarded to the appropriate SIP.
680  *
681  *  CryptSIPLoad will load the needed SIP but doesn't unload this dll. The unloading
682  *  is done when crypt32 is unloaded.
683  */
684 BOOL WINAPI CryptSIPLoad
685        (const GUID *pgSubject, DWORD dwFlags, SIP_DISPATCH_INFO *pSipDispatch)
686 {
687     TRACE("(%s %d %p)\n", debugstr_guid(pgSubject), dwFlags, pSipDispatch);
688
689     if (!pgSubject || dwFlags != 0 || !pSipDispatch)
690     {
691         SetLastError(ERROR_INVALID_PARAMETER);
692         return FALSE;
693     }
694     if (!CRYPT_IsSIPCached(pgSubject) && !CRYPT_LoadSIP(pgSubject))
695         return FALSE;
696
697     pSipDispatch->hSIP = NULL;
698     pSipDispatch->pfGet = CryptSIPGetSignedDataMsg;
699     pSipDispatch->pfPut = CryptSIPPutSignedDataMsg;
700     pSipDispatch->pfCreate = CryptSIPCreateIndirectData;
701     pSipDispatch->pfVerify = CryptSIPVerifyIndirectData;
702     pSipDispatch->pfRemove = CryptSIPRemoveSignedDataMsg;
703
704     return TRUE;
705 }
706
707 /***********************************************************************
708  *             CryptSIPCreateIndirectData (CRYPT32.@)
709  */
710 BOOL WINAPI CryptSIPCreateIndirectData(SIP_SUBJECTINFO* pSubjectInfo, DWORD* pcbIndirectData,
711                                        SIP_INDIRECT_DATA* pIndirectData)
712 {
713     WINE_SIP_PROVIDER *sip;
714     BOOL ret = FALSE;
715
716     TRACE("(%p %p %p)\n", pSubjectInfo, pcbIndirectData, pIndirectData);
717
718     if ((sip = CRYPT_GetCachedSIP(pSubjectInfo->pgSubjectType)))
719         ret = sip->info.pfCreate(pSubjectInfo, pcbIndirectData, pIndirectData);
720     TRACE("returning %d\n", ret);
721     return ret;
722 }
723
724 /***********************************************************************
725  *             CryptSIPGetSignedDataMsg (CRYPT32.@)
726  */
727 BOOL WINAPI CryptSIPGetSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo, DWORD* pdwEncodingType,
728                                        DWORD dwIndex, DWORD* pcbSignedDataMsg, BYTE* pbSignedDataMsg)
729 {
730     WINE_SIP_PROVIDER *sip;
731     BOOL ret = FALSE;
732
733     TRACE("(%p %p %d %p %p)\n", pSubjectInfo, pdwEncodingType, dwIndex,
734           pcbSignedDataMsg, pbSignedDataMsg);
735
736     if ((sip = CRYPT_GetCachedSIP(pSubjectInfo->pgSubjectType)))
737         ret = sip->info.pfGet(pSubjectInfo, pdwEncodingType, dwIndex,
738          pcbSignedDataMsg, pbSignedDataMsg);
739     TRACE("returning %d\n", ret);
740     return ret;
741 }
742
743 /***********************************************************************
744  *             CryptSIPPutSignedDataMsg (CRYPT32.@)
745  */
746 BOOL WINAPI CryptSIPPutSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo, DWORD pdwEncodingType,
747                                        DWORD* pdwIndex, DWORD cbSignedDataMsg, BYTE* pbSignedDataMsg)
748 {
749     WINE_SIP_PROVIDER *sip;
750     BOOL ret = FALSE;
751
752     TRACE("(%p %d %p %d %p)\n", pSubjectInfo, pdwEncodingType, pdwIndex,
753           cbSignedDataMsg, pbSignedDataMsg);
754
755     if ((sip = CRYPT_GetCachedSIP(pSubjectInfo->pgSubjectType)))
756         ret = sip->info.pfPut(pSubjectInfo, pdwEncodingType, pdwIndex,
757          cbSignedDataMsg, pbSignedDataMsg);
758     TRACE("returning %d\n", ret);
759     return ret;
760 }
761
762 /***********************************************************************
763  *             CryptSIPRemoveSignedDataMsg (CRYPT32.@)
764  */
765 BOOL WINAPI CryptSIPRemoveSignedDataMsg(SIP_SUBJECTINFO* pSubjectInfo,
766                                        DWORD dwIndex)
767 {
768     WINE_SIP_PROVIDER *sip;
769     BOOL ret = FALSE;
770
771     TRACE("(%p %d)\n", pSubjectInfo, dwIndex);
772
773     if ((sip = CRYPT_GetCachedSIP(pSubjectInfo->pgSubjectType)))
774         ret = sip->info.pfRemove(pSubjectInfo, dwIndex);
775     TRACE("returning %d\n", ret);
776     return ret;
777 }
778
779 /***********************************************************************
780  *             CryptSIPVerifyIndirectData (CRYPT32.@)
781  */
782 BOOL WINAPI CryptSIPVerifyIndirectData(SIP_SUBJECTINFO* pSubjectInfo,
783                                        SIP_INDIRECT_DATA* pIndirectData)
784 {
785     WINE_SIP_PROVIDER *sip;
786     BOOL ret = FALSE;
787
788     TRACE("(%p %p)\n", pSubjectInfo, pIndirectData);
789
790     if ((sip = CRYPT_GetCachedSIP(pSubjectInfo->pgSubjectType)))
791         ret = sip->info.pfVerify(pSubjectInfo, pIndirectData);
792     TRACE("returning %d\n", ret);
793     return ret;
794 }