dlls/crypt32/message.c

   1 /*
   2  * Copyright 2007 Juan Lang
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  17  */
  18
  19 #include <stdarg.h>
  20 #include "windef.h"
  21 #include "winbase.h"
  22 #include "wincrypt.h"
  23
  24 #include "wine/debug.h"
  25
  26 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
  27
  28 HCERTSTORE WINAPI CryptGetMessageCertificates(DWORD dwMsgAndCertEncodingType,
  29  HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, const BYTE* pbSignedBlob,
  30  DWORD cbSignedBlob)
  31 {
  32     CRYPT_DATA_BLOB blob = { cbSignedBlob, (LPBYTE)pbSignedBlob };
  33
  34     TRACE("(%08x, %ld, %d08x %p, %d)\n", dwMsgAndCertEncodingType, hCryptProv,
  35      dwFlags, pbSignedBlob, cbSignedBlob);
  36
  37     return CertOpenStore(CERT_STORE_PROV_PKCS7, dwMsgAndCertEncodingType,
  38      hCryptProv, dwFlags, &blob);
  39 }
  40
  41 LONG WINAPI CryptGetMessageSignerCount(DWORD dwMsgEncodingType,
  42  const BYTE *pbSignedBlob, DWORD cbSignedBlob)
  43 {
  44     HCRYPTMSG msg;
  45     LONG count = -1;
  46
  47     TRACE("(%08x, %p, %d)\n", dwMsgEncodingType, pbSignedBlob, cbSignedBlob);
  48
  49     msg = CryptMsgOpenToDecode(dwMsgEncodingType, 0, 0, 0, NULL, NULL);
  50     if (msg)
  51     {
  52         if (CryptMsgUpdate(msg, pbSignedBlob, cbSignedBlob, TRUE))
  53         {
  54             DWORD size = sizeof(count);
  55
  56             CryptMsgGetParam(msg, CMSG_SIGNER_COUNT_PARAM, 0, &count, &size);
  57         }
  58         CryptMsgClose(msg);
  59     }
  60     return count;
  61 }
  62
  63 static CERT_INFO *CRYPT_GetSignerCertInfoFromMsg(HCRYPTMSG msg,
  64  DWORD dwSignerIndex)
  65 {
  66     CERT_INFO *certInfo = NULL;
  67     DWORD size;
  68
  69     if (CryptMsgGetParam(msg, CMSG_SIGNER_CERT_INFO_PARAM, dwSignerIndex, NULL,
  70      &size))
  71     {
  72         certInfo = CryptMemAlloc(size);
  73         if (certInfo)
  74         {
  75             if (!CryptMsgGetParam(msg, CMSG_SIGNER_CERT_INFO_PARAM,
  76              dwSignerIndex, certInfo, &size))
  77             {
  78                 CryptMemFree(certInfo);
  79                 certInfo = NULL;
  80             }
  81         }
  82     }
  83     else
  84         SetLastError(CRYPT_E_UNEXPECTED_MSG_TYPE);
  85     return certInfo;
  86 }
  87
  88 static PCCERT_CONTEXT WINAPI CRYPT_DefaultGetSignerCertificate(void *pvGetArg,
  89  DWORD dwCertEncodingType, PCERT_INFO pSignerId, HCERTSTORE hMsgCertStore)
  90 {
  91     return CertFindCertificateInStore(hMsgCertStore, dwCertEncodingType, 0,
  92      CERT_FIND_SUBJECT_CERT, pSignerId, NULL);
  93 }
  94
  95 static inline PCCERT_CONTEXT CRYPT_GetSignerCertificate(HCRYPTMSG msg,
  96  PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, PCERT_INFO certInfo, HCERTSTORE store)
  97 {
  98     PFN_CRYPT_GET_SIGNER_CERTIFICATE getCert;
  99
 100     if (pVerifyPara->pfnGetSignerCertificate)
 101         getCert = pVerifyPara->pfnGetSignerCertificate;
 102     else
 103         getCert = CRYPT_DefaultGetSignerCertificate;
 104     return getCert(pVerifyPara->pvGetArg,
 105      pVerifyPara->dwMsgAndCertEncodingType, certInfo, store);
 106 }
 107
 108 BOOL WINAPI CryptVerifyDetachedMessageSignature(
 109  PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, DWORD dwSignerIndex,
 110  const BYTE *pbDetachedSignBlob, DWORD cbDetachedSignBlob, DWORD cToBeSigned,
 111  const BYTE *rgpbToBeSigned[], DWORD rgcbToBeSigned[],
 112  PCCERT_CONTEXT *ppSignerCert)
 113 {
 114     BOOL ret = FALSE;
 115     HCRYPTMSG msg;
 116
 117     TRACE("(%p, %d, %p, %d, %d, %p, %p, %p)\n", pVerifyPara, dwSignerIndex,
 118      pbDetachedSignBlob, cbDetachedSignBlob, cToBeSigned, rgpbToBeSigned,
 119      rgcbToBeSigned, ppSignerCert);
 120
 121     if (ppSignerCert)
 122         *ppSignerCert = NULL;
 123     if (!pVerifyPara ||
 124      pVerifyPara->cbSize != sizeof(CRYPT_VERIFY_MESSAGE_PARA) ||
 125      GET_CMSG_ENCODING_TYPE(pVerifyPara->dwMsgAndCertEncodingType) !=
 126      PKCS_7_ASN_ENCODING)
 127     {
 128         SetLastError(E_INVALIDARG);
 129         return FALSE;
 130     }
 131
 132     msg = CryptMsgOpenToDecode(pVerifyPara->dwMsgAndCertEncodingType,
 133      CMSG_DETACHED_FLAG, 0, pVerifyPara->hCryptProv, NULL, NULL);
 134     if (msg)
 135     {
 136         ret = CryptMsgUpdate(msg, pbDetachedSignBlob, cbDetachedSignBlob, TRUE);
 137         if (ret)
 138         {
 139             DWORD i;
 140
 141             for (i = 0; ret && i < cToBeSigned; i++)
 142                 ret = CryptMsgUpdate(msg, rgpbToBeSigned[i], rgcbToBeSigned[i],
 143                  i == cToBeSigned - 1 ? TRUE : FALSE);
 144         }
 145         if (ret)
 146         {
 147             CERT_INFO *certInfo = CRYPT_GetSignerCertInfoFromMsg(msg,
 148              dwSignerIndex);
 149
 150             ret = FALSE;
 151             if (certInfo)
 152             {
 153                 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MSG,
 154                  pVerifyPara->dwMsgAndCertEncodingType,
 155                  pVerifyPara->hCryptProv, 0, msg);
 156
 157                 if (store)
 158                 {
 159                     PCCERT_CONTEXT cert = CRYPT_GetSignerCertificate(
 160                      msg, pVerifyPara, certInfo, store);
 161
 162                     if (cert)
 163                     {
 164                         ret = CryptMsgControl(msg, 0,
 165                          CMSG_CTRL_VERIFY_SIGNATURE, cert->pCertInfo);
 166                         if (ret && ppSignerCert)
 167                             *ppSignerCert = cert;
 168                         else
 169                             CertFreeCertificateContext(cert);
 170                     }
 171                     else
 172                         SetLastError(CRYPT_E_NOT_FOUND);
 173                     CertCloseStore(store, 0);
 174                 }
 175                 CryptMemFree(certInfo);
 176             }
 177         }
 178         CryptMsgClose(msg);
 179     }
 180     TRACE("returning %d\n", ret);
 181     return ret;
 182 }
 183
 184 BOOL WINAPI CryptVerifyMessageSignature(PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara,
 185  DWORD dwSignerIndex, const BYTE* pbSignedBlob, DWORD cbSignedBlob,
 186  BYTE* pbDecoded, DWORD* pcbDecoded, PCCERT_CONTEXT* ppSignerCert)
 187 {
 188     BOOL ret = FALSE;
 189     HCRYPTMSG msg;
 190
 191     TRACE("(%p, %d, %p, %d, %p, %p, %p)\n",
 192      pVerifyPara, dwSignerIndex, pbSignedBlob, cbSignedBlob,
 193      pbDecoded, pcbDecoded, ppSignerCert);
 194
 195     if (ppSignerCert)
 196         *ppSignerCert = NULL;
 197     if (!pVerifyPara ||
 198      pVerifyPara->cbSize != sizeof(CRYPT_VERIFY_MESSAGE_PARA) ||
 199      GET_CMSG_ENCODING_TYPE(pVerifyPara->dwMsgAndCertEncodingType) !=
 200      PKCS_7_ASN_ENCODING)
 201     {
 202         if(pcbDecoded)
 203             *pcbDecoded = 0;
 204         SetLastError(E_INVALIDARG);
 205         return FALSE;
 206     }
 207
 208     msg = CryptMsgOpenToDecode(pVerifyPara->dwMsgAndCertEncodingType, 0, 0,
 209      pVerifyPara->hCryptProv, NULL, NULL);
 210     if (msg)
 211     {
 212         ret = CryptMsgUpdate(msg, pbSignedBlob, cbSignedBlob, TRUE);
 213         if (ret)
 214         {
 215             CERT_INFO *certInfo = CRYPT_GetSignerCertInfoFromMsg(msg,
 216              dwSignerIndex);
 217
 218             ret = FALSE;
 219             if (certInfo)
 220             {
 221                 HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_MSG,
 222                  pVerifyPara->dwMsgAndCertEncodingType,
 223                  pVerifyPara->hCryptProv, 0, msg);
 224
 225                 if (store)
 226                 {
 227                     PCCERT_CONTEXT cert = CRYPT_GetSignerCertificate(
 228                      msg, pVerifyPara, certInfo, store);
 229
 230                     if (cert)
 231                     {
 232                         ret = CryptMsgControl(msg, 0,
 233                          CMSG_CTRL_VERIFY_SIGNATURE, cert->pCertInfo);
 234                         if (ret && ppSignerCert)
 235                             *ppSignerCert = cert;
 236                         else
 237                             CertFreeCertificateContext(cert);
 238                     }
 239                     CertCloseStore(store, 0);
 240                 }
 241             }
 242             CryptMemFree(certInfo);
 243         }
 244         if (ret)
 245         {
 246             /* The caller is expected to pass a valid pointer to pcbDecoded
 247              * when the message verifies successfully.
 248              */
 249             if (pcbDecoded)
 250                 ret = CryptMsgGetParam(msg, CMSG_CONTENT_PARAM, 0, pbDecoded,
 251                  pcbDecoded);
 252             else
 253             {
 254                 SetLastError(CRYPT_E_NOT_FOUND);
 255                 ret = FALSE;
 256             }
 257         }
 258         CryptMsgClose(msg);
 259     }
 260     if(!ret && pcbDecoded)
 261         *pcbDecoded = 0;
 262     TRACE("returning %d\n", ret);
 263     return ret;
 264 }
 265
 266 BOOL WINAPI CryptHashMessage(PCRYPT_HASH_MESSAGE_PARA pHashPara,
 267  BOOL fDetachedHash, DWORD cToBeHashed, const BYTE *rgpbToBeHashed[],
 268  DWORD rgcbToBeHashed[], BYTE *pbHashedBlob, DWORD *pcbHashedBlob,
 269  BYTE *pbComputedHash, DWORD *pcbComputedHash)
 270 {
 271     DWORD i, flags;
 272     BOOL ret = FALSE;
 273     HCRYPTMSG msg;
 274     CMSG_HASHED_ENCODE_INFO info;
 275
 276     TRACE("(%p, %d, %d, %p, %p, %p, %p, %p, %p)\n", pHashPara, fDetachedHash,
 277      cToBeHashed, rgpbToBeHashed, rgcbToBeHashed, pbHashedBlob, pcbHashedBlob,
 278      pbComputedHash, pcbComputedHash);
 279
 280     if (pHashPara->cbSize != sizeof(CRYPT_HASH_MESSAGE_PARA))
 281     {
 282         SetLastError(E_INVALIDARG);
 283         return FALSE;
 284     }
 285     /* Native seems to ignore any encoding type other than the expected
 286      * PKCS_7_ASN_ENCODING
 287      */
 288     if (GET_CMSG_ENCODING_TYPE(pHashPara->dwMsgEncodingType) !=
 289      PKCS_7_ASN_ENCODING)
 290         return TRUE;
 291     /* Native also seems to do nothing if the output parameter isn't given */
 292     if (!pcbHashedBlob)
 293         return TRUE;
 294
 295     flags = fDetachedHash ? CMSG_DETACHED_FLAG : 0;
 296     memset(&info, 0, sizeof(info));
 297     info.cbSize = sizeof(info);
 298     info.hCryptProv = pHashPara->hCryptProv;
 299     memcpy(&info.HashAlgorithm, &pHashPara->HashAlgorithm,
 300      sizeof(info.HashAlgorithm));
 301     info.pvHashAuxInfo = pHashPara->pvHashAuxInfo;
 302     msg = CryptMsgOpenToEncode(pHashPara->dwMsgEncodingType, flags, CMSG_HASHED,
 303      &info, NULL, NULL);
 304     if (msg)
 305     {
 306         for (i = 0, ret = TRUE; ret && i < cToBeHashed; i++)
 307             ret = CryptMsgUpdate(msg, rgpbToBeHashed[i], rgcbToBeHashed[i],
 308              i == cToBeHashed - 1 ? TRUE : FALSE);
 309         if (ret)
 310         {
 311             ret = CryptMsgGetParam(msg, CMSG_CONTENT_PARAM, 0, pbHashedBlob,
 312              pcbHashedBlob);
 313             if (ret && pcbComputedHash)
 314                 ret = CryptMsgGetParam(msg, CMSG_COMPUTED_HASH_PARAM, 0,
 315                  pbComputedHash, pcbComputedHash);
 316         }
 317         CryptMsgClose(msg);
 318     }
 319     return ret;
 320 }
 321
 322 BOOL WINAPI CryptVerifyDetachedMessageHash(PCRYPT_HASH_MESSAGE_PARA pHashPara,
 323  BYTE *pbDetachedHashBlob, DWORD cbDetachedHashBlob, DWORD cToBeHashed,
 324  const BYTE *rgpbToBeHashed[], DWORD rgcbToBeHashed[], BYTE *pbComputedHash,
 325  DWORD *pcbComputedHash)
 326 {
 327     HCRYPTMSG msg;
 328     BOOL ret = FALSE;
 329
 330     TRACE("(%p, %p, %d, %d, %p, %p, %p, %p)\n", pHashPara, pbDetachedHashBlob,
 331      cbDetachedHashBlob, cToBeHashed, rgpbToBeHashed, rgcbToBeHashed,
 332      pbComputedHash, pcbComputedHash);
 333
 334     if (pHashPara->cbSize != sizeof(CRYPT_HASH_MESSAGE_PARA))
 335     {
 336         SetLastError(E_INVALIDARG);
 337         return FALSE;
 338     }
 339     if (GET_CMSG_ENCODING_TYPE(pHashPara->dwMsgEncodingType) !=
 340      PKCS_7_ASN_ENCODING)
 341     {
 342         SetLastError(E_INVALIDARG);
 343         return FALSE;
 344     }
 345     msg = CryptMsgOpenToDecode(pHashPara->dwMsgEncodingType, CMSG_DETACHED_FLAG,
 346      0, pHashPara->hCryptProv, NULL, NULL);
 347     if (msg)
 348     {
 349         DWORD i;
 350
 351         ret = CryptMsgUpdate(msg, pbDetachedHashBlob, cbDetachedHashBlob, TRUE);
 352         if (ret)
 353         {
 354             if (cToBeHashed)
 355             {
 356                 for (i = 0; ret && i < cToBeHashed; i++)
 357                 {
 358                     ret = CryptMsgUpdate(msg, rgpbToBeHashed[i],
 359                      rgcbToBeHashed[i], i == cToBeHashed - 1 ? TRUE : FALSE);
 360                 }
 361             }
 362             else
 363                 ret = CryptMsgUpdate(msg, NULL, 0, TRUE);
 364         }
 365         if (ret)
 366         {
 367             ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_HASH, NULL);
 368             if (ret && pcbComputedHash)
 369                 ret = CryptMsgGetParam(msg, CMSG_COMPUTED_HASH_PARAM, 0,
 370                  pbComputedHash, pcbComputedHash);
 371         }
 372         CryptMsgClose(msg);
 373     }
 374     return ret;
 375 }
 376
 377 BOOL WINAPI CryptVerifyMessageHash(PCRYPT_HASH_MESSAGE_PARA pHashPara,
 378  BYTE *pbHashedBlob, DWORD cbHashedBlob, BYTE *pbToBeHashed,
 379  DWORD *pcbToBeHashed, BYTE *pbComputedHash, DWORD *pcbComputedHash)
 380 {
 381     HCRYPTMSG msg;
 382     BOOL ret = FALSE;
 383
 384     TRACE("(%p, %p, %d, %p, %p, %p, %p)\n", pHashPara, pbHashedBlob,
 385      cbHashedBlob, pbToBeHashed, pcbToBeHashed, pbComputedHash,
 386      pcbComputedHash);
 387
 388     if (pHashPara->cbSize != sizeof(CRYPT_HASH_MESSAGE_PARA))
 389     {
 390         SetLastError(E_INVALIDARG);
 391         return FALSE;
 392     }
 393     if (GET_CMSG_ENCODING_TYPE(pHashPara->dwMsgEncodingType) !=
 394      PKCS_7_ASN_ENCODING)
 395     {
 396         SetLastError(E_INVALIDARG);
 397         return FALSE;
 398     }
 399     msg = CryptMsgOpenToDecode(pHashPara->dwMsgEncodingType, 0, 0,
 400      pHashPara->hCryptProv, NULL, NULL);
 401     if (msg)
 402     {
 403         ret = CryptMsgUpdate(msg, pbHashedBlob, cbHashedBlob, TRUE);
 404         if (ret)
 405         {
 406             ret = CryptMsgControl(msg, 0, CMSG_CTRL_VERIFY_HASH, NULL);
 407             if (ret && pcbToBeHashed)
 408                 ret = CryptMsgGetParam(msg, CMSG_CONTENT_PARAM, 0,
 409                  pbToBeHashed, pcbToBeHashed);
 410             if (ret && pcbComputedHash)
 411                 ret = CryptMsgGetParam(msg, CMSG_COMPUTED_HASH_PARAM, 0,
 412                  pbComputedHash, pcbComputedHash);
 413         }
 414         CryptMsgClose(msg);
 415     }
 416     return ret;
 417 }
 418
 419 BOOL WINAPI CryptSignMessage(PCRYPT_SIGN_MESSAGE_PARA pSignPara,
 420  BOOL fDetachedSignature, DWORD cToBeSigned, const BYTE *rgpbToBeSigned[],
 421  DWORD rgcbToBeSigned[], BYTE *pbSignedBlob, DWORD *pcbSignedBlob)
 422 {
 423     HCRYPTPROV hCryptProv;
 424     BOOL ret, freeProv = FALSE;
 425     DWORD i, keySpec;
 426     PCERT_BLOB certBlob = NULL;
 427     PCRL_BLOB crlBlob = NULL;
 428     CMSG_SIGNED_ENCODE_INFO signInfo;
 429     CMSG_SIGNER_ENCODE_INFO signer;
 430     HCRYPTMSG msg = 0;
 431
 432     TRACE("(%p, %d, %d, %p, %p, %p, %p)\n", pSignPara, fDetachedSignature,
 433      cToBeSigned, rgpbToBeSigned, rgcbToBeSigned, pbSignedBlob, pcbSignedBlob);
 434
 435     if (pSignPara->cbSize != sizeof(CRYPT_SIGN_MESSAGE_PARA) ||
 436      GET_CMSG_ENCODING_TYPE(pSignPara->dwMsgEncodingType) !=
 437      PKCS_7_ASN_ENCODING)
 438     {
 439         *pcbSignedBlob = 0;
 440         SetLastError(E_INVALIDARG);
 441         return FALSE;
 442     }
 443     if (!pSignPara->pSigningCert)
 444         return TRUE;
 445
 446     ret = CryptAcquireCertificatePrivateKey(pSignPara->pSigningCert,
 447      CRYPT_ACQUIRE_CACHE_FLAG, NULL, &hCryptProv, &keySpec, &freeProv);
 448     if (!ret)
 449         return FALSE;
 450
 451     memset(&signer, 0, sizeof(signer));
 452     signer.cbSize = sizeof(signer);
 453     signer.pCertInfo = pSignPara->pSigningCert->pCertInfo;
 454     signer.hCryptProv = hCryptProv;
 455     signer.dwKeySpec = keySpec;
 456     signer.HashAlgorithm = pSignPara->HashAlgorithm;
 457     signer.pvHashAuxInfo = pSignPara->pvHashAuxInfo;
 458     signer.cAuthAttr = pSignPara->cAuthAttr;
 459     signer.rgAuthAttr = pSignPara->rgAuthAttr;
 460     signer.cUnauthAttr = pSignPara->cUnauthAttr;
 461     signer.rgUnauthAttr = pSignPara->rgUnauthAttr;
 462
 463     memset(&signInfo, 0, sizeof(signInfo));
 464     signInfo.cbSize = sizeof(signInfo);
 465     signInfo.cSigners = 1;
 466     signInfo.rgSigners = &signer;
 467
 468     if (pSignPara->cMsgCert)
 469     {
 470         certBlob = CryptMemAlloc(sizeof(CERT_BLOB) * pSignPara->cMsgCert);
 471         if (certBlob)
 472         {
 473             for (i = 0; i < pSignPara->cMsgCert; ++i)
 474             {
 475                 certBlob[i].cbData = pSignPara->rgpMsgCert[i]->cbCertEncoded;
 476                 certBlob[i].pbData = pSignPara->rgpMsgCert[i]->pbCertEncoded;
 477             }
 478             signInfo.cCertEncoded = pSignPara->cMsgCert;
 479             signInfo.rgCertEncoded = certBlob;
 480         }
 481         else
 482             ret = FALSE;
 483     }
 484     if (pSignPara->cMsgCrl)
 485     {
 486         crlBlob = CryptMemAlloc(sizeof(CRL_BLOB) * pSignPara->cMsgCrl);
 487         if (crlBlob)
 488         {
 489             for (i = 0; i < pSignPara->cMsgCrl; ++i)
 490             {
 491                 crlBlob[i].cbData = pSignPara->rgpMsgCrl[i]->cbCrlEncoded;
 492                 crlBlob[i].pbData = pSignPara->rgpMsgCrl[i]->pbCrlEncoded;
 493             }
 494             signInfo.cCrlEncoded = pSignPara->cMsgCrl;
 495             signInfo.rgCrlEncoded = crlBlob;
 496         }
 497         else
 498             ret = FALSE;
 499     }
 500     if (pSignPara->dwFlags || pSignPara->dwInnerContentType)
 501         FIXME("unimplemented feature\n");
 502
 503     if (ret)
 504         msg = CryptMsgOpenToEncode(pSignPara->dwMsgEncodingType,
 505          fDetachedSignature ? CMSG_DETACHED_FLAG : 0, CMSG_SIGNED, &signInfo,
 506          NULL, NULL);
 507     if (msg)
 508     {
 509         if (cToBeSigned)
 510         {
 511             for (i = 0; ret && i < cToBeSigned; ++i)
 512             {
 513                 ret = CryptMsgUpdate(msg, rgpbToBeSigned[i], rgcbToBeSigned[i],
 514                  i == cToBeSigned - 1 ? TRUE : FALSE);
 515             }
 516         }
 517         else
 518             ret = CryptMsgUpdate(msg, NULL, 0, TRUE);
 519         if (ret)
 520             ret = CryptMsgGetParam(msg, CMSG_CONTENT_PARAM, 0, pbSignedBlob,
 521              pcbSignedBlob);
 522         CryptMsgClose(msg);
 523     }
 524     else
 525         ret = FALSE;
 526
 527     CryptMemFree(crlBlob);
 528     CryptMemFree(certBlob);
 529     if (freeProv)
 530         CryptReleaseContext(hCryptProv, 0);
 531     return ret;
 532 }
 533
 534 BOOL WINAPI CryptEncryptMessage(PCRYPT_ENCRYPT_MESSAGE_PARA pEncryptPara,
 535  DWORD cRecipientCert, PCCERT_CONTEXT rgpRecipientCert[],
 536  const BYTE *pbToBeEncrypted, DWORD cbToBeEncrypted, BYTE *pbEncryptedBlob,
 537  DWORD *pcbEncryptedBlob)
 538 {
 539     BOOL ret = TRUE;
 540     DWORD i;
 541     PCERT_INFO *certInfo = NULL;
 542     CMSG_ENVELOPED_ENCODE_INFO envelopedInfo;
 543     HCRYPTMSG msg = 0;
 544
 545     TRACE("(%p, %d, %p, %p, %d, %p, %p)\n", pEncryptPara, cRecipientCert,
 546      rgpRecipientCert, pbToBeEncrypted, cbToBeEncrypted, pbEncryptedBlob,
 547      pcbEncryptedBlob);
 548
 549     if (pEncryptPara->cbSize != sizeof(CRYPT_ENCRYPT_MESSAGE_PARA) ||
 550      GET_CMSG_ENCODING_TYPE(pEncryptPara->dwMsgEncodingType) !=
 551      PKCS_7_ASN_ENCODING)
 552     {
 553         *pcbEncryptedBlob = 0;
 554         SetLastError(E_INVALIDARG);
 555         return FALSE;
 556     }
 557
 558     memset(&envelopedInfo, 0, sizeof(envelopedInfo));
 559     envelopedInfo.cbSize = sizeof(envelopedInfo);
 560     envelopedInfo.hCryptProv = pEncryptPara->hCryptProv;
 561     envelopedInfo.ContentEncryptionAlgorithm =
 562      pEncryptPara->ContentEncryptionAlgorithm;
 563     envelopedInfo.pvEncryptionAuxInfo = pEncryptPara->pvEncryptionAuxInfo;
 564
 565     if (cRecipientCert)
 566     {
 567         certInfo = CryptMemAlloc(sizeof(PCERT_INFO) * cRecipientCert);
 568         if (certInfo)
 569         {
 570             for (i = 0; i < cRecipientCert; ++i)
 571                 certInfo[i] = rgpRecipientCert[i]->pCertInfo;
 572             envelopedInfo.cRecipients = cRecipientCert;
 573             envelopedInfo.rgpRecipientCert = certInfo;
 574         }
 575         else
 576             ret = FALSE;
 577     }
 578
 579     if (ret)
 580         msg = CryptMsgOpenToEncode(pEncryptPara->dwMsgEncodingType, 0,
 581          CMSG_ENVELOPED, &envelopedInfo, NULL, NULL);
 582     if (msg)
 583     {
 584         ret = CryptMsgUpdate(msg, pbToBeEncrypted, cbToBeEncrypted, TRUE);
 585         if (ret)
 586             ret = CryptMsgGetParam(msg, CMSG_CONTENT_PARAM, 0, pbEncryptedBlob,
 587              pcbEncryptedBlob);
 588         CryptMsgClose(msg);
 589     }
 590     else
 591         ret = FALSE;
 592
 593     CryptMemFree(certInfo);
 594     if (!ret) *pcbEncryptedBlob = 0;
 595     return ret;
 596 }