From: Hans Leidekker Subject: [PATCH] crypt32: Add support for CRYPT_MACHINE_KEYSET in PFXImportCertStore. Message-Id: <20200923100757.13517-1-hans@codeweavers.com> Date: Wed, 23 Sep 2020 12:07:57 +0200 Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=49857 Signed-off-by: Hans Leidekker --- dlls/crypt32/pfx.c | 15 +++++++++------ dlls/crypt32/tests/store.c | 10 ++++++++++ 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/dlls/crypt32/pfx.c b/dlls/crypt32/pfx.c index 3f38ae50565..80e6a3d017e 100644 --- a/dlls/crypt32/pfx.c +++ b/dlls/crypt32/pfx.c @@ -138,7 +138,7 @@ static HCRYPTPROV import_key( gnutls_x509_privkey_t key, DWORD flags ) HCRYPTPROV prov = 0; HCRYPTKEY cryptkey; BYTE *buf, *src, *dst; - DWORD size; + DWORD size, acquire_flags; if ((ret = pgnutls_x509_privkey_get_pk_algorithm2( key, &bitlen )) < 0) { @@ -208,17 +208,20 @@ static HCRYPTPROV import_key( gnutls_x509_privkey_t key, DWORD flags ) else src = d.data; for (i = bitlen / 8 - 1; i >= 0; i--) *dst++ = src[i]; - if (!CryptAcquireContextW( &prov, NULL, MS_ENHANCED_PROV_W, PROV_RSA_FULL, CRYPT_NEWKEYSET )) + acquire_flags = (flags & CRYPT_MACHINE_KEYSET) | CRYPT_NEWKEYSET; + if (!CryptAcquireContextW( &prov, NULL, MS_ENHANCED_PROV_W, PROV_RSA_FULL, acquire_flags )) { if (GetLastError() != NTE_EXISTS) goto done; - if (!CryptAcquireContextW( &prov, NULL, MS_ENHANCED_PROV_W, PROV_RSA_FULL, 0 )) + + acquire_flags &= ~CRYPT_NEWKEYSET; + if (!CryptAcquireContextW( &prov, NULL, MS_ENHANCED_PROV_W, PROV_RSA_FULL, acquire_flags )) { WARN( "CryptAcquireContextW failed %08x\n", GetLastError() ); goto done; } } - if (!CryptImportKey( prov, buf, size, 0, flags, &cryptkey )) + if (!CryptImportKey( prov, buf, size, 0, flags & CRYPT_EXPORTABLE, &cryptkey )) { WARN( "CryptImportKey failed %08x\n", GetLastError() ); CryptReleaseContext( prov, 0 ); @@ -346,7 +349,7 @@ HCERTSTORE WINAPI PFXImportCertStore( CRYPT_DATA_BLOB *pfx, const WCHAR *passwor SetLastError( ERROR_INVALID_PARAMETER ); return NULL; } - if (flags & ~(CRYPT_EXPORTABLE|CRYPT_USER_KEYSET|PKCS12_NO_PERSIST_KEY)) + if (flags & ~(CRYPT_EXPORTABLE|CRYPT_USER_KEYSET|CRYPT_MACHINE_KEYSET|PKCS12_NO_PERSIST_KEY)) { FIXME( "flags %08x not supported\n", flags ); return NULL; @@ -373,7 +376,7 @@ HCERTSTORE WINAPI PFXImportCertStore( CRYPT_DATA_BLOB *pfx, const WCHAR *passwor goto error; } - if (!(prov = import_key( key, flags & CRYPT_EXPORTABLE ))) goto error; + if (!(prov = import_key( key, flags ))) goto error; if (!(store = CertOpenStore( CERT_STORE_PROV_MEMORY, 0, 0, 0, NULL ))) { WARN( "CertOpenStore failed %08x\n", GetLastError() ); diff --git a/dlls/crypt32/tests/store.c b/dlls/crypt32/tests/store.c index b2d5c7cb7e0..46c9102686d 100644 --- a/dlls/crypt32/tests/store.c +++ b/dlls/crypt32/tests/store.c @@ -3348,6 +3348,16 @@ static void test_PFXImportCertStore(void) ok(ret, "got %u\n", GetLastError()); CertFreeCertificateContext( cert ); CertCloseStore( store, 0 ); + + /* CRYPT_MACHINE_KEYSET */ + store = PFXImportCertStore( &pfx, NULL, CRYPT_MACHINE_KEYSET ); + ok( store != NULL, "got %u\n", GetLastError() ); + + cert = CertFindCertificateInStore( store, X509_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, NULL ); + ok( cert != NULL, "got %08x\n", GetLastError() ); + + CertFreeCertificateContext( cert ); + CertCloseStore( store, 0 ); } static void test_CryptQueryObject(void) -- 2.20.1