dlls/crypt32/msg.c

   1 /*
   2  * Copyright 2007 Juan Lang
   3  *
   4  * This library is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU Lesser General Public
   6  * License as published by the Free Software Foundation; either
   7  * version 2.1 of the License, or (at your option) any later version.
   8  *
   9  * This library is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * Lesser General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU Lesser General Public
  15  * License along with this library; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  17  */
  18
  19 #include "config.h"
  20 #include "wine/port.h"
  21
  22 #include <stdarg.h>
  23 #define NONAMELESSUNION
  24 #include "windef.h"
  25 #include "winbase.h"
  26 #include "wincrypt.h"
  27 #include "snmp.h"
  28
  29 #include "wine/debug.h"
  30 #include "wine/exception.h"
  31 #include "crypt32_private.h"
  32
  33 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
  34
  35 /* Called when a message's ref count reaches zero.  Free any message-specific
  36  * data here.
  37  */
  38 typedef void (*CryptMsgCloseFunc)(HCRYPTMSG msg);
  39
  40 typedef BOOL (*CryptMsgGetParamFunc)(HCRYPTMSG hCryptMsg, DWORD dwParamType,
  41  DWORD dwIndex, void *pvData, DWORD *pcbData);
  42
  43 typedef BOOL (*CryptMsgUpdateFunc)(HCRYPTMSG hCryptMsg, const BYTE *pbData,
  44  DWORD cbData, BOOL fFinal);
  45
  46 typedef BOOL (*CryptMsgControlFunc)(HCRYPTMSG hCryptMsg, DWORD dwFlags,
  47  DWORD dwCtrlType, const void *pvCtrlPara);
  48
  49 static BOOL CRYPT_DefaultMsgControl(HCRYPTMSG hCryptMsg, DWORD dwFlags,
  50  DWORD dwCtrlType, const void *pvCtrlPara)
  51 {
  52     TRACE("(%p, %08x, %d, %p)\n", hCryptMsg, dwFlags, dwCtrlType, pvCtrlPara);
  53     SetLastError(E_INVALIDARG);
  54     return FALSE;
  55 }
  56
  57 typedef enum _CryptMsgState {
  58     MsgStateInit,
  59     MsgStateUpdated,
  60     MsgStateDataFinalized,
  61     MsgStateFinalized
  62 } CryptMsgState;
  63
  64 typedef struct _CryptMsgBase
  65 {
  66     LONG                 ref;
  67     DWORD                open_flags;
  68     BOOL                 streamed;
  69     CMSG_STREAM_INFO     stream_info;
  70     CryptMsgState        state;
  71     CryptMsgCloseFunc    close;
  72     CryptMsgUpdateFunc   update;
  73     CryptMsgGetParamFunc get_param;
  74     CryptMsgControlFunc  control;
  75 } CryptMsgBase;
  76
  77 static inline void CryptMsgBase_Init(CryptMsgBase *msg, DWORD dwFlags,
  78  PCMSG_STREAM_INFO pStreamInfo, CryptMsgCloseFunc close,
  79  CryptMsgGetParamFunc get_param, CryptMsgUpdateFunc update,
  80  CryptMsgControlFunc control)
  81 {
  82     msg->ref = 1;
  83     msg->open_flags = dwFlags;
  84     if (pStreamInfo)
  85     {
  86         msg->streamed = TRUE;
  87         msg->stream_info = *pStreamInfo;
  88     }
  89     else
  90     {
  91         msg->streamed = FALSE;
  92         memset(&msg->stream_info, 0, sizeof(msg->stream_info));
  93     }
  94     msg->close = close;
  95     msg->get_param = get_param;
  96     msg->update = update;
  97     msg->control = control;
  98     msg->state = MsgStateInit;
  99 }
 100
 101 typedef struct _CDataEncodeMsg
 102 {
 103     CryptMsgBase base;
 104     DWORD        bare_content_len;
 105     LPBYTE       bare_content;
 106 } CDataEncodeMsg;
 107
 108 static const BYTE empty_data_content[] = { 0x04,0x00 };
 109
 110 static void CDataEncodeMsg_Close(HCRYPTMSG hCryptMsg)
 111 {
 112     CDataEncodeMsg *msg = hCryptMsg;
 113
 114     if (msg->bare_content != empty_data_content)
 115         LocalFree(msg->bare_content);
 116 }
 117
 118 static BOOL WINAPI CRYPT_EncodeContentLength(DWORD dwCertEncodingType,
 119  LPCSTR lpszStructType, const void *pvStructInfo, DWORD dwFlags,
 120  PCRYPT_ENCODE_PARA pEncodePara, BYTE *pbEncoded, DWORD *pcbEncoded)
 121 {
 122     DWORD dataLen = *(DWORD *)pvStructInfo;
 123     DWORD lenBytes;
 124     BOOL ret = TRUE;
 125
 126     /* Trick:  report bytes needed based on total message length, even though
 127      * the message isn't available yet.  The caller will use the length
 128      * reported here to encode its length.
 129      */
 130     CRYPT_EncodeLen(dataLen, NULL, &lenBytes);
 131     if (!pbEncoded)
 132         *pcbEncoded = 1 + lenBytes + dataLen;
 133     else
 134     {
 135         if ((ret = CRYPT_EncodeEnsureSpace(dwFlags, pEncodePara, pbEncoded,
 136          pcbEncoded, 1 + lenBytes)))
 137         {
 138             if (dwFlags & CRYPT_ENCODE_ALLOC_FLAG)
 139                 pbEncoded = *(BYTE **)pbEncoded;
 140             *pbEncoded++ = ASN_OCTETSTRING;
 141             CRYPT_EncodeLen(dataLen, pbEncoded,
 142              &lenBytes);
 143         }
 144     }
 145     return ret;
 146 }
 147
 148 static BOOL CRYPT_EncodeDataContentInfoHeader(const CDataEncodeMsg *msg,
 149  CRYPT_DATA_BLOB *header)
 150 {
 151     BOOL ret;
 152
 153     if (msg->base.streamed && msg->base.stream_info.cbContent == 0xffffffff)
 154     {
 155         static const BYTE headerValue[] = { 0x30,0x80,0x06,0x09,0x2a,0x86,0x48,
 156          0x86,0xf7,0x0d,0x01,0x07,0x01,0xa0,0x80,0x24,0x80 };
 157
 158         header->pbData = LocalAlloc(0, sizeof(headerValue));
 159         if (header->pbData)
 160         {
 161             header->cbData = sizeof(headerValue);
 162             memcpy(header->pbData, headerValue, sizeof(headerValue));
 163             ret = TRUE;
 164         }
 165         else
 166             ret = FALSE;
 167     }
 168     else
 169     {
 170         struct AsnConstructedItem constructed = { 0,
 171          &msg->base.stream_info.cbContent, CRYPT_EncodeContentLength };
 172         struct AsnEncodeSequenceItem items[2] = {
 173          { szOID_RSA_data, CRYPT_AsnEncodeOid, 0 },
 174          { &constructed,   CRYPT_AsnEncodeConstructed, 0 },
 175         };
 176
 177         ret = CRYPT_AsnEncodeSequence(X509_ASN_ENCODING, items,
 178          sizeof(items) / sizeof(items[0]), CRYPT_ENCODE_ALLOC_FLAG, NULL,
 179          (LPBYTE)&header->pbData, &header->cbData);
 180         if (ret)
 181         {
 182             /* Trick:  subtract the content length from the reported length,
 183              * as the actual content hasn't come yet.
 184              */
 185             header->cbData -= msg->base.stream_info.cbContent;
 186         }
 187     }
 188     return ret;
 189 }
 190
 191 static BOOL CDataEncodeMsg_Update(HCRYPTMSG hCryptMsg, const BYTE *pbData,
 192  DWORD cbData, BOOL fFinal)
 193 {
 194     CDataEncodeMsg *msg = hCryptMsg;
 195     BOOL ret = FALSE;
 196
 197     if (msg->base.state == MsgStateFinalized)
 198         SetLastError(CRYPT_E_MSG_ERROR);
 199     else if (msg->base.streamed)
 200     {
 201         __TRY
 202         {
 203             if (msg->base.state != MsgStateUpdated)
 204             {
 205                 CRYPT_DATA_BLOB header;
 206
 207                 ret = CRYPT_EncodeDataContentInfoHeader(msg, &header);
 208                 if (ret)
 209                 {
 210                     ret = msg->base.stream_info.pfnStreamOutput(
 211                      msg->base.stream_info.pvArg, header.pbData, header.cbData,
 212                      FALSE);
 213                     LocalFree(header.pbData);
 214                 }
 215             }
 216             /* Curiously, every indefinite-length streamed update appears to
 217              * get its own tag and length, regardless of fFinal.
 218              */
 219             if (msg->base.stream_info.cbContent == 0xffffffff)
 220             {
 221                 BYTE *header;
 222                 DWORD headerLen;
 223
 224                 ret = CRYPT_EncodeContentLength(X509_ASN_ENCODING, NULL,
 225                  &cbData, CRYPT_ENCODE_ALLOC_FLAG, NULL, (BYTE *)&header,
 226                  &headerLen);
 227                 if (ret)
 228                 {
 229                     ret = msg->base.stream_info.pfnStreamOutput(
 230                      msg->base.stream_info.pvArg, header, headerLen,
 231                      FALSE);
 232                     LocalFree(header);
 233                 }
 234             }
 235             if (!fFinal)
 236             {
 237                 ret = msg->base.stream_info.pfnStreamOutput(
 238                  msg->base.stream_info.pvArg, (BYTE *)pbData, cbData,
 239                  FALSE);
 240                 msg->base.state = MsgStateUpdated;
 241             }
 242             else
 243             {
 244                 msg->base.state = MsgStateFinalized;
 245                 if (msg->base.stream_info.cbContent == 0xffffffff)
 246                 {
 247                     BYTE indefinite_trailer[6] = { 0 };
 248
 249                     ret = msg->base.stream_info.pfnStreamOutput(
 250                      msg->base.stream_info.pvArg, (BYTE *)pbData, cbData,
 251                      FALSE);
 252                     if (ret)
 253                         ret = msg->base.stream_info.pfnStreamOutput(
 254                          msg->base.stream_info.pvArg, indefinite_trailer,
 255                          sizeof(indefinite_trailer), TRUE);
 256                 }
 257                 else
 258                     ret = msg->base.stream_info.pfnStreamOutput(
 259                      msg->base.stream_info.pvArg, (BYTE *)pbData, cbData, TRUE);
 260             }
 261         }
 262         __EXCEPT_PAGE_FAULT
 263         {
 264             SetLastError(STATUS_ACCESS_VIOLATION);
 265             ret = FALSE;
 266         }
 267         __ENDTRY;
 268     }
 269     else
 270     {
 271         if (!fFinal)
 272         {
 273             if (msg->base.open_flags & CMSG_DETACHED_FLAG)
 274                 SetLastError(E_INVALIDARG);
 275             else
 276                 SetLastError(CRYPT_E_MSG_ERROR);
 277         }
 278         else
 279         {
 280             msg->base.state = MsgStateFinalized;
 281             if (!cbData)
 282                 SetLastError(E_INVALIDARG);
 283             else
 284             {
 285                 CRYPT_DATA_BLOB blob = { cbData, (LPBYTE)pbData };
 286
 287                 /* non-streamed data messages don't allow non-final updates,
 288                  * don't bother checking whether data already exist, they can't.
 289                  */
 290                 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_OCTET_STRING,
 291                  &blob, CRYPT_ENCODE_ALLOC_FLAG, NULL, &msg->bare_content,
 292                  &msg->bare_content_len);
 293             }
 294         }
 295     }
 296     return ret;
 297 }
 298
 299 static BOOL CRYPT_CopyParam(void *pvData, DWORD *pcbData, const void *src,
 300  DWORD len)
 301 {
 302     BOOL ret = TRUE;
 303
 304     if (!pvData)
 305         *pcbData = len;
 306     else if (*pcbData < len)
 307     {
 308         *pcbData = len;
 309         SetLastError(ERROR_MORE_DATA);
 310         ret = FALSE;
 311     }
 312     else
 313     {
 314         *pcbData = len;
 315         memcpy(pvData, src, len);
 316     }
 317     return ret;
 318 }
 319
 320 static BOOL CDataEncodeMsg_GetParam(HCRYPTMSG hCryptMsg, DWORD dwParamType,
 321  DWORD dwIndex, void *pvData, DWORD *pcbData)
 322 {
 323     CDataEncodeMsg *msg = hCryptMsg;
 324     BOOL ret = FALSE;
 325
 326     switch (dwParamType)
 327     {
 328     case CMSG_CONTENT_PARAM:
 329         if (msg->base.streamed)
 330             SetLastError(E_INVALIDARG);
 331         else
 332         {
 333             CRYPT_CONTENT_INFO info;
 334             char rsa_data[] = "1.2.840.113549.1.7.1";
 335
 336             info.pszObjId = rsa_data;
 337             info.Content.cbData = msg->bare_content_len;
 338             info.Content.pbData = msg->bare_content;
 339             ret = CryptEncodeObject(X509_ASN_ENCODING, PKCS_CONTENT_INFO, &info,
 340              pvData, pcbData);
 341         }
 342         break;
 343     case CMSG_BARE_CONTENT_PARAM:
 344         if (msg->base.streamed)
 345             SetLastError(E_INVALIDARG);
 346         else
 347             ret = CRYPT_CopyParam(pvData, pcbData, msg->bare_content,
 348              msg->bare_content_len);
 349         break;
 350     default:
 351         SetLastError(CRYPT_E_INVALID_MSG_TYPE);
 352     }
 353     return ret;
 354 }
 355
 356 static HCRYPTMSG CDataEncodeMsg_Open(DWORD dwFlags, const void *pvMsgEncodeInfo,
 357  LPSTR pszInnerContentObjID, PCMSG_STREAM_INFO pStreamInfo)
 358 {
 359     CDataEncodeMsg *msg;
 360
 361     if (pvMsgEncodeInfo)
 362     {
 363         SetLastError(E_INVALIDARG);
 364         return NULL;
 365     }
 366     msg = CryptMemAlloc(sizeof(CDataEncodeMsg));
 367     if (msg)
 368     {
 369         CryptMsgBase_Init((CryptMsgBase *)msg, dwFlags, pStreamInfo,
 370          CDataEncodeMsg_Close, CDataEncodeMsg_GetParam, CDataEncodeMsg_Update,
 371          CRYPT_DefaultMsgControl);
 372         msg->bare_content_len = sizeof(empty_data_content);
 373         msg->bare_content = (LPBYTE)empty_data_content;
 374     }
 375     return msg;
 376 }
 377
 378 typedef struct _CHashEncodeMsg
 379 {
 380     CryptMsgBase    base;
 381     HCRYPTPROV      prov;
 382     HCRYPTHASH      hash;
 383     CRYPT_DATA_BLOB data;
 384 } CHashEncodeMsg;
 385
 386 static void CHashEncodeMsg_Close(HCRYPTMSG hCryptMsg)
 387 {
 388     CHashEncodeMsg *msg = hCryptMsg;
 389
 390     CryptMemFree(msg->data.pbData);
 391     CryptDestroyHash(msg->hash);
 392     if (msg->base.open_flags & CMSG_CRYPT_RELEASE_CONTEXT_FLAG)
 393         CryptReleaseContext(msg->prov, 0);
 394 }
 395
 396 static BOOL CRYPT_EncodePKCSDigestedData(CHashEncodeMsg *msg, void *pvData,
 397  DWORD *pcbData)
 398 {
 399     BOOL ret;
 400     ALG_ID algID;
 401     DWORD size = sizeof(algID);
 402
 403     ret = CryptGetHashParam(msg->hash, HP_ALGID, (BYTE *)&algID, &size, 0);
 404     if (ret)
 405     {
 406         CRYPT_DIGESTED_DATA digestedData = { 0 };
 407         char oid_rsa_data[] = szOID_RSA_data;
 408
 409         digestedData.version = CMSG_HASHED_DATA_PKCS_1_5_VERSION;
 410         digestedData.DigestAlgorithm.pszObjId = (LPSTR)CertAlgIdToOID(algID);
 411         /* FIXME: what about digestedData.DigestAlgorithm.Parameters? */
 412         /* Quirk:  OID is only encoded messages if an update has happened */
 413         if (msg->base.state != MsgStateInit)
 414             digestedData.ContentInfo.pszObjId = oid_rsa_data;
 415         if (!(msg->base.open_flags & CMSG_DETACHED_FLAG) && msg->data.cbData)
 416         {
 417             ret = CRYPT_AsnEncodeOctets(0, NULL, &msg->data,
 418              CRYPT_ENCODE_ALLOC_FLAG, NULL,
 419              (LPBYTE)&digestedData.ContentInfo.Content.pbData,
 420              &digestedData.ContentInfo.Content.cbData);
 421         }
 422         if (msg->base.state == MsgStateFinalized)
 423         {
 424             size = sizeof(DWORD);
 425             ret = CryptGetHashParam(msg->hash, HP_HASHSIZE,
 426              (LPBYTE)&digestedData.hash.cbData, &size, 0);
 427             if (ret)
 428             {
 429                 digestedData.hash.pbData = CryptMemAlloc(
 430                  digestedData.hash.cbData);
 431                 ret = CryptGetHashParam(msg->hash, HP_HASHVAL,
 432                  digestedData.hash.pbData, &digestedData.hash.cbData, 0);
 433             }
 434         }
 435         if (ret)
 436             ret = CRYPT_AsnEncodePKCSDigestedData(&digestedData, pvData,
 437              pcbData);
 438         CryptMemFree(digestedData.hash.pbData);
 439         LocalFree(digestedData.ContentInfo.Content.pbData);
 440     }
 441     return ret;
 442 }
 443
 444 static BOOL CHashEncodeMsg_GetParam(HCRYPTMSG hCryptMsg, DWORD dwParamType,
 445  DWORD dwIndex, void *pvData, DWORD *pcbData)
 446 {
 447     CHashEncodeMsg *msg = hCryptMsg;
 448     BOOL ret = FALSE;
 449
 450     TRACE("(%p, %d, %d, %p, %p)\n", hCryptMsg, dwParamType, dwIndex,
 451      pvData, pcbData);
 452
 453     switch (dwParamType)
 454     {
 455     case CMSG_BARE_CONTENT_PARAM:
 456         if (msg->base.streamed)
 457             SetLastError(E_INVALIDARG);
 458         else
 459             ret = CRYPT_EncodePKCSDigestedData(msg, pvData, pcbData);
 460         break;
 461     case CMSG_CONTENT_PARAM:
 462     {
 463         CRYPT_CONTENT_INFO info;
 464
 465         ret = CryptMsgGetParam(hCryptMsg, CMSG_BARE_CONTENT_PARAM, 0, NULL,
 466          &info.Content.cbData);
 467         if (ret)
 468         {
 469             info.Content.pbData = CryptMemAlloc(info.Content.cbData);
 470             if (info.Content.pbData)
 471             {
 472                 ret = CryptMsgGetParam(hCryptMsg, CMSG_BARE_CONTENT_PARAM, 0,
 473                  info.Content.pbData, &info.Content.cbData);
 474                 if (ret)
 475                 {
 476                     char oid_rsa_hashed[] = szOID_RSA_hashedData;
 477
 478                     info.pszObjId = oid_rsa_hashed;
 479                     ret = CryptEncodeObjectEx(X509_ASN_ENCODING,
 480                      PKCS_CONTENT_INFO, &info, 0, NULL, pvData, pcbData);
 481                 }
 482                 CryptMemFree(info.Content.pbData);
 483             }
 484             else
 485                 ret = FALSE;
 486         }
 487         break;
 488     }
 489     case CMSG_COMPUTED_HASH_PARAM:
 490         ret = CryptGetHashParam(msg->hash, HP_HASHVAL, pvData, pcbData, 0);
 491         break;
 492     case CMSG_VERSION_PARAM:
 493         if (msg->base.state != MsgStateFinalized)
 494             SetLastError(CRYPT_E_MSG_ERROR);
 495         else
 496         {
 497             DWORD version = CMSG_HASHED_DATA_PKCS_1_5_VERSION;
 498
 499             /* Since the data are always encoded as octets, the version is
 500              * always 0 (see rfc3852, section 7)
 501              */
 502             ret = CRYPT_CopyParam(pvData, pcbData, &version, sizeof(version));
 503         }
 504         break;
 505     default:
 506         SetLastError(CRYPT_E_INVALID_MSG_TYPE);
 507     }
 508     return ret;
 509 }
 510
 511 static BOOL CHashEncodeMsg_Update(HCRYPTMSG hCryptMsg, const BYTE *pbData,
 512  DWORD cbData, BOOL fFinal)
 513 {
 514     CHashEncodeMsg *msg = hCryptMsg;
 515     BOOL ret = FALSE;
 516
 517     TRACE("(%p, %p, %d, %d)\n", hCryptMsg, pbData, cbData, fFinal);
 518
 519     if (msg->base.state == MsgStateFinalized)
 520         SetLastError(CRYPT_E_MSG_ERROR);
 521     else if (msg->base.streamed || (msg->base.open_flags & CMSG_DETACHED_FLAG))
 522     {
 523         /* Doesn't do much, as stream output is never called, and you
 524          * can't get the content.
 525          */
 526         ret = CryptHashData(msg->hash, pbData, cbData, 0);
 527         msg->base.state = fFinal ? MsgStateFinalized : MsgStateUpdated;
 528     }
 529     else
 530     {
 531         if (!fFinal)
 532             SetLastError(CRYPT_E_MSG_ERROR);
 533         else
 534         {
 535             ret = CryptHashData(msg->hash, pbData, cbData, 0);
 536             if (ret)
 537             {
 538                 msg->data.pbData = CryptMemAlloc(cbData);
 539                 if (msg->data.pbData)
 540                 {
 541                     memcpy(msg->data.pbData + msg->data.cbData, pbData, cbData);
 542                     msg->data.cbData += cbData;
 543                 }
 544                 else
 545                     ret = FALSE;
 546             }
 547             msg->base.state = MsgStateFinalized;
 548         }
 549     }
 550     return ret;
 551 }
 552
 553 static HCRYPTMSG CHashEncodeMsg_Open(DWORD dwFlags, const void *pvMsgEncodeInfo,
 554  LPSTR pszInnerContentObjID, PCMSG_STREAM_INFO pStreamInfo)
 555 {
 556     CHashEncodeMsg *msg;
 557     const CMSG_HASHED_ENCODE_INFO *info = pvMsgEncodeInfo;
 558     HCRYPTPROV prov;
 559     ALG_ID algID;
 560
 561     if (info->cbSize != sizeof(CMSG_HASHED_ENCODE_INFO))
 562     {
 563         SetLastError(E_INVALIDARG);
 564         return NULL;
 565     }
 566     if (!(algID = CertOIDToAlgId(info->HashAlgorithm.pszObjId)))
 567     {
 568         SetLastError(CRYPT_E_UNKNOWN_ALGO);
 569         return NULL;
 570     }
 571     if (info->hCryptProv)
 572         prov = info->hCryptProv;
 573     else
 574     {
 575         prov = CRYPT_GetDefaultProvider();
 576         dwFlags &= ~CMSG_CRYPT_RELEASE_CONTEXT_FLAG;
 577     }
 578     msg = CryptMemAlloc(sizeof(CHashEncodeMsg));
 579     if (msg)
 580     {
 581         CryptMsgBase_Init((CryptMsgBase *)msg, dwFlags, pStreamInfo,
 582          CHashEncodeMsg_Close, CHashEncodeMsg_GetParam, CHashEncodeMsg_Update,
 583          CRYPT_DefaultMsgControl);
 584         msg->prov = prov;
 585         msg->data.cbData = 0;
 586         msg->data.pbData = NULL;
 587         if (!CryptCreateHash(prov, algID, 0, 0, &msg->hash))
 588         {
 589             CryptMsgClose(msg);
 590             msg = NULL;
 591         }
 592     }
 593     return msg;
 594 }
 595
 596 typedef struct _CMSG_SIGNER_ENCODE_INFO_WITH_CMS
 597 {
 598     DWORD                      cbSize;
 599     PCERT_INFO                 pCertInfo;
 600     HCRYPTPROV                 hCryptProv;
 601     DWORD                      dwKeySpec;
 602     CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
 603     void                      *pvHashAuxInfo;
 604     DWORD                      cAuthAttr;
 605     PCRYPT_ATTRIBUTE           rgAuthAttr;
 606     DWORD                      cUnauthAttr;
 607     PCRYPT_ATTRIBUTE           rgUnauthAttr;
 608     CERT_ID                    SignerId;
 609     CRYPT_ALGORITHM_IDENTIFIER HashEncryptionAlgorithm;
 610     void                      *pvHashEncryptionAuxInfo;
 611 } CMSG_SIGNER_ENCODE_INFO_WITH_CMS, *PCMSG_SIGNER_ENCODE_INFO_WITH_CMS;
 612
 613 typedef struct _CMSG_SIGNED_ENCODE_INFO_WITH_CMS
 614 {
 615     DWORD                             cbSize;
 616     DWORD                             cSigners;
 617     PCMSG_SIGNER_ENCODE_INFO_WITH_CMS rgSigners;
 618     DWORD                             cCertEncoded;
 619     PCERT_BLOB                        rgCertEncoded;
 620     DWORD                             cCrlEncoded;
 621     PCRL_BLOB                         rgCrlEncoded;
 622     DWORD                             cAttrCertEncoded;
 623     PCERT_BLOB                        rgAttrCertEncoded;
 624 } CMSG_SIGNED_ENCODE_INFO_WITH_CMS, *PCMSG_SIGNED_ENCODE_INFO_WITH_CMS;
 625
 626 static BOOL CRYPT_IsValidSigner(const CMSG_SIGNER_ENCODE_INFO_WITH_CMS *signer)
 627 {
 628     if (signer->cbSize != sizeof(CMSG_SIGNER_ENCODE_INFO) &&
 629      signer->cbSize != sizeof(CMSG_SIGNER_ENCODE_INFO_WITH_CMS))
 630     {
 631         SetLastError(E_INVALIDARG);
 632         return FALSE;
 633     }
 634     if (signer->cbSize == sizeof(CMSG_SIGNER_ENCODE_INFO))
 635     {
 636         if (!signer->pCertInfo->SerialNumber.cbData)
 637         {
 638             SetLastError(E_INVALIDARG);
 639             return FALSE;
 640         }
 641         if (!signer->pCertInfo->Issuer.cbData)
 642         {
 643             SetLastError(E_INVALIDARG);
 644             return FALSE;
 645         }
 646     }
 647     else if (signer->cbSize == sizeof(CMSG_SIGNER_ENCODE_INFO_WITH_CMS))
 648     {
 649         switch (signer->SignerId.dwIdChoice)
 650         {
 651         case 0:
 652             if (!signer->pCertInfo->SerialNumber.cbData)
 653             {
 654                 SetLastError(E_INVALIDARG);
 655                 return FALSE;
 656             }
 657             if (!signer->pCertInfo->Issuer.cbData)
 658             {
 659                 SetLastError(E_INVALIDARG);
 660                 return FALSE;
 661             }
 662             break;
 663         case CERT_ID_ISSUER_SERIAL_NUMBER:
 664             if (!signer->SignerId.u.IssuerSerialNumber.SerialNumber.cbData)
 665             {
 666                 SetLastError(E_INVALIDARG);
 667                 return FALSE;
 668             }
 669             if (!signer->SignerId.u.IssuerSerialNumber.Issuer.cbData)
 670             {
 671                 SetLastError(E_INVALIDARG);
 672                 return FALSE;
 673             }
 674             break;
 675         case CERT_ID_KEY_IDENTIFIER:
 676             if (!signer->SignerId.u.KeyId.cbData)
 677             {
 678                 SetLastError(E_INVALIDARG);
 679                 return FALSE;
 680             }
 681             break;
 682         default:
 683             SetLastError(E_INVALIDARG);
 684         }
 685         if (signer->HashEncryptionAlgorithm.pszObjId)
 686         {
 687             FIXME("CMSG_SIGNER_ENCODE_INFO with CMS fields unsupported\n");
 688             return FALSE;
 689         }
 690     }
 691     if (!signer->hCryptProv)
 692     {
 693         SetLastError(E_INVALIDARG);
 694         return FALSE;
 695     }
 696     if (!CertOIDToAlgId(signer->HashAlgorithm.pszObjId))
 697     {
 698         SetLastError(CRYPT_E_UNKNOWN_ALGO);
 699         return FALSE;
 700     }
 701     return TRUE;
 702 }
 703
 704 static BOOL CRYPT_ConstructBlob(CRYPT_DATA_BLOB *out, const CRYPT_DATA_BLOB *in)
 705 {
 706     BOOL ret = TRUE;
 707
 708     out->cbData = in->cbData;
 709     if (out->cbData)
 710     {
 711         out->pbData = CryptMemAlloc(out->cbData);
 712         if (out->pbData)
 713             memcpy(out->pbData, in->pbData, out->cbData);
 714         else
 715             ret = FALSE;
 716     }
 717     else
 718         out->pbData = NULL;
 719     return ret;
 720 }
 721
 722 static BOOL CRYPT_ConstructBlobArray(DWORD *outCBlobs,
 723  PCRYPT_DATA_BLOB *outPBlobs, DWORD cBlobs, const CRYPT_DATA_BLOB *pBlobs)
 724 {
 725     BOOL ret = TRUE;
 726
 727     *outCBlobs = cBlobs;
 728     if (cBlobs)
 729     {
 730         *outPBlobs = CryptMemAlloc(cBlobs * sizeof(CRYPT_DATA_BLOB));
 731         if (*outPBlobs)
 732         {
 733             DWORD i;
 734
 735             memset(*outPBlobs, 0, cBlobs * sizeof(CRYPT_DATA_BLOB));
 736             for (i = 0; ret && i < cBlobs; i++)
 737                 ret = CRYPT_ConstructBlob(&(*outPBlobs)[i], &pBlobs[i]);
 738         }
 739         else
 740             ret = FALSE;
 741     }
 742     return ret;
 743 }
 744
 745 static void CRYPT_FreeBlobArray(DWORD cBlobs, PCRYPT_DATA_BLOB blobs)
 746 {
 747     DWORD i;
 748
 749     for (i = 0; i < cBlobs; i++)
 750         CryptMemFree(blobs[i].pbData);
 751     CryptMemFree(blobs);
 752 }
 753
 754 static BOOL CRYPT_ConstructAttribute(CRYPT_ATTRIBUTE *out,
 755  const CRYPT_ATTRIBUTE *in)
 756 {
 757     BOOL ret;
 758
 759     out->pszObjId = CryptMemAlloc(strlen(in->pszObjId) + 1);
 760     if (out->pszObjId)
 761     {
 762         strcpy(out->pszObjId, in->pszObjId);
 763         ret = CRYPT_ConstructBlobArray(&out->cValue, &out->rgValue,
 764          in->cValue, in->rgValue);
 765     }
 766     else
 767         ret = FALSE;
 768     return ret;
 769 }
 770
 771 static BOOL CRYPT_ConstructAttributes(CRYPT_ATTRIBUTES *out,
 772  const CRYPT_ATTRIBUTES *in)
 773 {
 774     BOOL ret = TRUE;
 775
 776     out->cAttr = in->cAttr;
 777     if (out->cAttr)
 778     {
 779         out->rgAttr = CryptMemAlloc(out->cAttr * sizeof(CRYPT_ATTRIBUTE));
 780         if (out->rgAttr)
 781         {
 782             DWORD i;
 783
 784             memset(out->rgAttr, 0, out->cAttr * sizeof(CRYPT_ATTRIBUTE));
 785             for (i = 0; ret && i < out->cAttr; i++)
 786                 ret = CRYPT_ConstructAttribute(&out->rgAttr[i], &in->rgAttr[i]);
 787         }
 788         else
 789             ret = FALSE;
 790     }
 791     else
 792         out->rgAttr = NULL;
 793     return ret;
 794 }
 795
 796 /* Constructs a CMSG_CMS_SIGNER_INFO from a CMSG_SIGNER_ENCODE_INFO_WITH_CMS. */
 797 static BOOL CSignerInfo_Construct(CMSG_CMS_SIGNER_INFO *info,
 798  const CMSG_SIGNER_ENCODE_INFO_WITH_CMS *in)
 799 {
 800     BOOL ret;
 801
 802     if (in->cbSize == sizeof(CMSG_SIGNER_ENCODE_INFO))
 803     {
 804         info->dwVersion = CMSG_SIGNER_INFO_V1;
 805         ret = CRYPT_ConstructBlob(&info->SignerId.u.IssuerSerialNumber.Issuer,
 806          &in->pCertInfo->Issuer);
 807         if (ret)
 808             ret = CRYPT_ConstructBlob(
 809              &info->SignerId.u.IssuerSerialNumber.SerialNumber,
 810              &in->pCertInfo->SerialNumber);
 811         info->SignerId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
 812         info->HashEncryptionAlgorithm.pszObjId =
 813          in->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId;
 814         if (ret)
 815             ret = CRYPT_ConstructBlob(&info->HashEncryptionAlgorithm.Parameters,
 816              &in->pCertInfo->SubjectPublicKeyInfo.Algorithm.Parameters);
 817     }
 818     else
 819     {
 820         const CRYPT_ALGORITHM_IDENTIFIER *pEncrAlg;
 821
 822         /* Implicitly in->cbSize == sizeof(CMSG_SIGNER_ENCODE_INFO_WITH_CMS).
 823          * See CRYPT_IsValidSigner.
 824          */
 825         if (!in->SignerId.dwIdChoice)
 826         {
 827             info->dwVersion = CMSG_SIGNER_INFO_V1;
 828             ret = CRYPT_ConstructBlob(&info->SignerId.u.IssuerSerialNumber.Issuer,
 829              &in->pCertInfo->Issuer);
 830             if (ret)
 831                 ret = CRYPT_ConstructBlob(
 832                  &info->SignerId.u.IssuerSerialNumber.SerialNumber,
 833                  &in->pCertInfo->SerialNumber);
 834             info->SignerId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
 835         }
 836         else if (in->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER)
 837         {
 838             info->dwVersion = CMSG_SIGNER_INFO_V1;
 839             info->SignerId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
 840             ret = CRYPT_ConstructBlob(&info->SignerId.u.IssuerSerialNumber.Issuer,
 841              &in->SignerId.u.IssuerSerialNumber.Issuer);
 842             if (ret)
 843                 ret = CRYPT_ConstructBlob(
 844                  &info->SignerId.u.IssuerSerialNumber.SerialNumber,
 845                  &in->SignerId.u.IssuerSerialNumber.SerialNumber);
 846         }
 847         else
 848         {
 849             /* Implicitly dwIdChoice == CERT_ID_KEY_IDENTIFIER */
 850             info->dwVersion = CMSG_SIGNER_INFO_V3;
 851             info->SignerId.dwIdChoice = CERT_ID_KEY_IDENTIFIER;
 852             ret = CRYPT_ConstructBlob(&info->SignerId.u.KeyId,
 853              &in->SignerId.u.KeyId);
 854         }
 855         pEncrAlg = in->HashEncryptionAlgorithm.pszObjId ?
 856          &in->HashEncryptionAlgorithm :
 857          &in->pCertInfo->SubjectPublicKeyInfo.Algorithm;
 858         info->HashEncryptionAlgorithm.pszObjId = pEncrAlg->pszObjId;
 859         if (ret)
 860             ret = CRYPT_ConstructBlob(&info->HashEncryptionAlgorithm.Parameters,
 861              &pEncrAlg->Parameters);
 862     }
 863     /* Assumption:  algorithm IDs will point to static strings, not
 864      * stack-based ones, so copying the pointer values is safe.
 865      */
 866     info->HashAlgorithm.pszObjId = in->HashAlgorithm.pszObjId;
 867     if (ret)
 868         ret = CRYPT_ConstructBlob(&info->HashAlgorithm.Parameters,
 869          &in->HashAlgorithm.Parameters);
 870     if (ret)
 871         ret = CRYPT_ConstructAttributes(&info->AuthAttrs,
 872          (CRYPT_ATTRIBUTES *)&in->cAuthAttr);
 873     if (ret)
 874         ret = CRYPT_ConstructAttributes(&info->UnauthAttrs,
 875          (CRYPT_ATTRIBUTES *)&in->cUnauthAttr);
 876     return ret;
 877 }
 878
 879 static void CSignerInfo_Free(CMSG_CMS_SIGNER_INFO *info)
 880 {
 881     DWORD i, j;
 882
 883     if (info->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER)
 884     {
 885         CryptMemFree(info->SignerId.u.IssuerSerialNumber.Issuer.pbData);
 886         CryptMemFree(info->SignerId.u.IssuerSerialNumber.SerialNumber.pbData);
 887     }
 888     else
 889         CryptMemFree(info->SignerId.u.KeyId.pbData);
 890     CryptMemFree(info->HashAlgorithm.Parameters.pbData);
 891     CryptMemFree(info->HashEncryptionAlgorithm.Parameters.pbData);
 892     CryptMemFree(info->EncryptedHash.pbData);
 893     for (i = 0; i < info->AuthAttrs.cAttr; i++)
 894     {
 895         for (j = 0; j < info->AuthAttrs.rgAttr[i].cValue; j++)
 896             CryptMemFree(info->AuthAttrs.rgAttr[i].rgValue[j].pbData);
 897         CryptMemFree(info->AuthAttrs.rgAttr[i].rgValue);
 898         CryptMemFree(info->AuthAttrs.rgAttr[i].pszObjId);
 899     }
 900     CryptMemFree(info->AuthAttrs.rgAttr);
 901     for (i = 0; i < info->UnauthAttrs.cAttr; i++)
 902     {
 903         for (j = 0; j < info->UnauthAttrs.rgAttr[i].cValue; j++)
 904             CryptMemFree(info->UnauthAttrs.rgAttr[i].rgValue[j].pbData);
 905         CryptMemFree(info->UnauthAttrs.rgAttr[i].rgValue);
 906         CryptMemFree(info->UnauthAttrs.rgAttr[i].pszObjId);
 907     }
 908     CryptMemFree(info->UnauthAttrs.rgAttr);
 909 }
 910
 911 typedef struct _CSignerHandles
 912 {
 913     HCRYPTHASH contentHash;
 914     HCRYPTHASH authAttrHash;
 915 } CSignerHandles;
 916
 917 typedef struct _CSignedMsgData
 918 {
 919     CRYPT_SIGNED_INFO *info;
 920     DWORD              cSignerHandle;
 921     CSignerHandles    *signerHandles;
 922 } CSignedMsgData;
 923
 924 /* Constructs the signer handles for the signerIndex'th signer of msg_data.
 925  * Assumes signerIndex is a valid idnex, and that msg_data's info has already
 926  * been constructed.
 927  */
 928 static BOOL CSignedMsgData_ConstructSignerHandles(CSignedMsgData *msg_data,
 929  DWORD signerIndex, HCRYPTPROV crypt_prov)
 930 {
 931     ALG_ID algID;
 932     BOOL ret;
 933
 934     algID = CertOIDToAlgId(
 935      msg_data->info->rgSignerInfo[signerIndex].HashAlgorithm.pszObjId);
 936     ret = CryptCreateHash(crypt_prov, algID, 0, 0,
 937      &msg_data->signerHandles->contentHash);
 938     if (ret && msg_data->info->rgSignerInfo[signerIndex].AuthAttrs.cAttr > 0)
 939         ret = CryptCreateHash(crypt_prov, algID, 0, 0,
 940          &msg_data->signerHandles->authAttrHash);
 941     return ret;
 942 }
 943
 944 /* Allocates a CSignedMsgData's handles.  Assumes its info has already been
 945  * constructed.
 946  */
 947 static BOOL CSignedMsgData_AllocateHandles(CSignedMsgData *msg_data)
 948 {
 949     BOOL ret = TRUE;
 950
 951     if (msg_data->info->cSignerInfo)
 952     {
 953         msg_data->signerHandles =
 954          CryptMemAlloc(msg_data->info->cSignerInfo * sizeof(CSignerHandles));
 955         if (msg_data->signerHandles)
 956         {
 957             msg_data->cSignerHandle = msg_data->info->cSignerInfo;
 958             memset(msg_data->signerHandles, 0,
 959              msg_data->info->cSignerInfo * sizeof(CSignerHandles));
 960         }
 961         else
 962         {
 963             msg_data->cSignerHandle = 0;
 964             ret = FALSE;
 965         }
 966     }
 967     else
 968     {
 969         msg_data->cSignerHandle = 0;
 970         msg_data->signerHandles = NULL;
 971     }
 972     return ret;
 973 }
 974
 975 static void CSignedMsgData_CloseHandles(CSignedMsgData *msg_data)
 976 {
 977     DWORD i;
 978
 979     for (i = 0; i < msg_data->cSignerHandle; i++)
 980     {
 981         if (msg_data->signerHandles[i].contentHash)
 982             CryptDestroyHash(msg_data->signerHandles[i].contentHash);
 983         if (msg_data->signerHandles[i].authAttrHash)
 984             CryptDestroyHash(msg_data->signerHandles[i].authAttrHash);
 985     }
 986     CryptMemFree(msg_data->signerHandles);
 987     msg_data->signerHandles = NULL;
 988     msg_data->cSignerHandle = 0;
 989 }
 990
 991 static BOOL CSignedMsgData_UpdateHash(CSignedMsgData *msg_data,
 992  const BYTE *pbData, DWORD cbData)
 993 {
 994     DWORD i;
 995     BOOL ret = TRUE;
 996
 997     for (i = 0; ret && i < msg_data->cSignerHandle; i++)
 998         ret = CryptHashData(msg_data->signerHandles[i].contentHash, pbData,
 999          cbData, 0);
1000     return ret;
1001 }
1002
1003 static BOOL CRYPT_AppendAttribute(CRYPT_ATTRIBUTES *out,
1004  const CRYPT_ATTRIBUTE *in)
1005 {
1006     BOOL ret = FALSE;
1007
1008     out->rgAttr = CryptMemRealloc(out->rgAttr,
1009      (out->cAttr + 1) * sizeof(CRYPT_ATTRIBUTE));
1010     if (out->rgAttr)
1011     {
1012         ret = CRYPT_ConstructAttribute(&out->rgAttr[out->cAttr], in);
1013         if (ret)
1014             out->cAttr++;
1015     }
1016     return ret;
1017 }
1018
1019 static BOOL CSignedMsgData_AppendMessageDigestAttribute(
1020  CSignedMsgData *msg_data, DWORD signerIndex)
1021 {
1022     BOOL ret;
1023     DWORD size;
1024     CRYPT_HASH_BLOB hash = { 0, NULL }, encodedHash = { 0, NULL };
1025     char messageDigest[] = szOID_RSA_messageDigest;
1026     CRYPT_ATTRIBUTE messageDigestAttr = { messageDigest, 1, &encodedHash };
1027
1028     size = sizeof(DWORD);
1029     ret = CryptGetHashParam(
1030      msg_data->signerHandles[signerIndex].contentHash, HP_HASHSIZE,
1031      (LPBYTE)&hash.cbData, &size, 0);
1032     if (ret)
1033     {
1034         hash.pbData = CryptMemAlloc(hash.cbData);
1035         ret = CryptGetHashParam(
1036          msg_data->signerHandles[signerIndex].contentHash, HP_HASHVAL,
1037          hash.pbData, &hash.cbData, 0);
1038         if (ret)
1039         {
1040             ret = CRYPT_AsnEncodeOctets(0, NULL, &hash, CRYPT_ENCODE_ALLOC_FLAG,
1041              NULL, (LPBYTE)&encodedHash.pbData, &encodedHash.cbData);
1042             if (ret)
1043             {
1044                 ret = CRYPT_AppendAttribute(
1045                  &msg_data->info->rgSignerInfo[signerIndex].AuthAttrs,
1046                  &messageDigestAttr);
1047                 LocalFree(encodedHash.pbData);
1048             }
1049         }
1050         CryptMemFree(hash.pbData);
1051     }
1052     return ret;
1053 }
1054
1055 typedef enum {
1056     Sign,
1057     Verify
1058 } SignOrVerify;
1059
1060 static BOOL CSignedMsgData_UpdateAuthenticatedAttributes(
1061  CSignedMsgData *msg_data, SignOrVerify flag)
1062 {
1063     DWORD i;
1064     BOOL ret = TRUE;
1065
1066     TRACE("(%p)\n", msg_data);
1067
1068     for (i = 0; ret && i < msg_data->info->cSignerInfo; i++)
1069     {
1070         if (msg_data->info->rgSignerInfo[i].AuthAttrs.cAttr)
1071         {
1072             if (flag == Sign)
1073             {
1074                 BYTE oid_rsa_data_encoded[] = { 0x06,0x09,0x2a,0x86,0x48,0x86,
1075                  0xf7,0x0d,0x01,0x07,0x01 };
1076                 CRYPT_DATA_BLOB content = { sizeof(oid_rsa_data_encoded),
1077                  oid_rsa_data_encoded };
1078                 char contentType[] = szOID_RSA_contentType;
1079                 CRYPT_ATTRIBUTE contentTypeAttr = { contentType, 1, &content };
1080
1081                 /* FIXME: does this depend on inner OID? */
1082                 ret = CRYPT_AppendAttribute(
1083                  &msg_data->info->rgSignerInfo[i].AuthAttrs, &contentTypeAttr);
1084                 if (ret)
1085                     ret = CSignedMsgData_AppendMessageDigestAttribute(msg_data,
1086                      i);
1087             }
1088             if (ret)
1089             {
1090                 LPBYTE encodedAttrs;
1091                 DWORD size;
1092
1093                 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, PKCS_ATTRIBUTES,
1094                  &msg_data->info->rgSignerInfo[i].AuthAttrs,
1095                  CRYPT_ENCODE_ALLOC_FLAG, NULL, &encodedAttrs, &size);
1096                 if (ret)
1097                 {
1098                     ret = CryptHashData(
1099                      msg_data->signerHandles[i].authAttrHash, encodedAttrs,
1100                      size, 0);
1101                     LocalFree(encodedAttrs);
1102                 }
1103             }
1104         }
1105     }
1106     TRACE("returning %d\n", ret);
1107     return ret;
1108 }
1109
1110 static void CRYPT_ReverseBytes(CRYPT_HASH_BLOB *hash)
1111 {
1112     DWORD i;
1113     BYTE tmp;
1114
1115     for (i = 0; i < hash->cbData / 2; i++)
1116     {
1117         tmp = hash->pbData[hash->cbData - i - 1];
1118         hash->pbData[hash->cbData - i - 1] = hash->pbData[i];
1119         hash->pbData[i] = tmp;
1120     }
1121 }
1122
1123 static BOOL CSignedMsgData_Sign(CSignedMsgData *msg_data)
1124 {
1125     DWORD i;
1126     BOOL ret = TRUE;
1127
1128     TRACE("(%p)\n", msg_data);
1129
1130     for (i = 0; ret && i < msg_data->info->cSignerInfo; i++)
1131     {
1132         HCRYPTHASH hash;
1133
1134         if (msg_data->info->rgSignerInfo[i].AuthAttrs.cAttr)
1135             hash = msg_data->signerHandles[i].authAttrHash;
1136         else
1137             hash = msg_data->signerHandles[i].contentHash;
1138         ret = CryptSignHashW(hash, AT_SIGNATURE, NULL, 0, NULL,
1139          &msg_data->info->rgSignerInfo[i].EncryptedHash.cbData);
1140         if (ret)
1141         {
1142             msg_data->info->rgSignerInfo[i].EncryptedHash.pbData =
1143              CryptMemAlloc(
1144              msg_data->info->rgSignerInfo[i].EncryptedHash.cbData);
1145             if (msg_data->info->rgSignerInfo[i].EncryptedHash.pbData)
1146             {
1147                 ret = CryptSignHashW(hash, AT_SIGNATURE, NULL, 0,
1148                  msg_data->info->rgSignerInfo[i].EncryptedHash.pbData,
1149                  &msg_data->info->rgSignerInfo[i].EncryptedHash.cbData);
1150                 if (ret)
1151                     CRYPT_ReverseBytes(
1152                      &msg_data->info->rgSignerInfo[i].EncryptedHash);
1153             }
1154             else
1155                 ret = FALSE;
1156         }
1157     }
1158     return ret;
1159 }
1160
1161 static BOOL CSignedMsgData_Update(CSignedMsgData *msg_data,
1162  const BYTE *pbData, DWORD cbData, BOOL fFinal, SignOrVerify flag)
1163 {
1164     BOOL ret = CSignedMsgData_UpdateHash(msg_data, pbData, cbData);
1165
1166     if (ret && fFinal)
1167     {
1168         ret = CSignedMsgData_UpdateAuthenticatedAttributes(msg_data, flag);
1169         if (ret && flag == Sign)
1170             ret = CSignedMsgData_Sign(msg_data);
1171     }
1172     return ret;
1173 }
1174
1175 typedef struct _CSignedEncodeMsg
1176 {
1177     CryptMsgBase    base;
1178     LPSTR           innerOID;
1179     CRYPT_DATA_BLOB data;
1180     CSignedMsgData  msg_data;
1181 } CSignedEncodeMsg;
1182
1183 static void CSignedEncodeMsg_Close(HCRYPTMSG hCryptMsg)
1184 {
1185     CSignedEncodeMsg *msg = hCryptMsg;
1186     DWORD i;
1187
1188     CryptMemFree(msg->innerOID);
1189     CryptMemFree(msg->data.pbData);
1190     CRYPT_FreeBlobArray(msg->msg_data.info->cCertEncoded,
1191      msg->msg_data.info->rgCertEncoded);
1192     CRYPT_FreeBlobArray(msg->msg_data.info->cCrlEncoded,
1193      msg->msg_data.info->rgCrlEncoded);
1194     for (i = 0; i < msg->msg_data.info->cSignerInfo; i++)
1195         CSignerInfo_Free(&msg->msg_data.info->rgSignerInfo[i]);
1196     CSignedMsgData_CloseHandles(&msg->msg_data);
1197     CryptMemFree(msg->msg_data.info->rgSignerInfo);
1198     CryptMemFree(msg->msg_data.info);
1199 }
1200
1201 static BOOL CSignedEncodeMsg_GetParam(HCRYPTMSG hCryptMsg, DWORD dwParamType,
1202  DWORD dwIndex, void *pvData, DWORD *pcbData)
1203 {
1204     CSignedEncodeMsg *msg = hCryptMsg;
1205     BOOL ret = FALSE;
1206
1207     switch (dwParamType)
1208     {
1209     case CMSG_CONTENT_PARAM:
1210     {
1211         CRYPT_CONTENT_INFO info;
1212
1213         ret = CryptMsgGetParam(hCryptMsg, CMSG_BARE_CONTENT_PARAM, 0, NULL,
1214          &info.Content.cbData);
1215         if (ret)
1216         {
1217             info.Content.pbData = CryptMemAlloc(info.Content.cbData);
1218             if (info.Content.pbData)
1219             {
1220                 ret = CryptMsgGetParam(hCryptMsg, CMSG_BARE_CONTENT_PARAM, 0,
1221                  info.Content.pbData, &info.Content.cbData);
1222                 if (ret)
1223                 {
1224                     char oid_rsa_signed[] = szOID_RSA_signedData;
1225
1226                     info.pszObjId = oid_rsa_signed;
1227                     ret = CryptEncodeObjectEx(X509_ASN_ENCODING,
1228                      PKCS_CONTENT_INFO, &info, 0, NULL, pvData, pcbData);
1229                 }
1230                 CryptMemFree(info.Content.pbData);
1231             }
1232             else
1233                 ret = FALSE;
1234         }
1235         break;
1236     }
1237     case CMSG_BARE_CONTENT_PARAM:
1238     {
1239         CRYPT_SIGNED_INFO info;
1240         BOOL freeContent = FALSE;
1241
1242         info = *msg->msg_data.info;
1243         if (!msg->innerOID || !strcmp(msg->innerOID, szOID_RSA_data))
1244         {
1245             char oid_rsa_data[] = szOID_RSA_data;
1246
1247             /* Quirk:  OID is only encoded messages if an update has happened */
1248             if (msg->base.state != MsgStateInit)
1249                 info.content.pszObjId = oid_rsa_data;
1250             else
1251                 info.content.pszObjId = NULL;
1252             if (msg->data.cbData)
1253             {
1254                 CRYPT_DATA_BLOB blob = { msg->data.cbData, msg->data.pbData };
1255
1256                 ret = CryptEncodeObjectEx(X509_ASN_ENCODING, X509_OCTET_STRING,
1257                  &blob, CRYPT_ENCODE_ALLOC_FLAG, NULL,
1258                  &info.content.Content.pbData, &info.content.Content.cbData);
1259                 freeContent = TRUE;
1260             }
1261             else
1262             {
1263                 info.content.Content.cbData = 0;
1264                 info.content.Content.pbData = NULL;
1265                 ret = TRUE;
1266             }
1267         }
1268         else
1269         {
1270             info.content.pszObjId = msg->innerOID;
1271             info.content.Content.cbData = msg->data.cbData;
1272             info.content.Content.pbData = msg->data.pbData;
1273             ret = TRUE;
1274         }
1275         if (ret)
1276         {
1277             ret = CRYPT_AsnEncodeCMSSignedInfo(&info, pvData, pcbData);
1278             if (freeContent)
1279                 LocalFree(info.content.Content.pbData);
1280         }
1281         break;
1282     }
1283     case CMSG_COMPUTED_HASH_PARAM:
1284         if (dwIndex >= msg->msg_data.cSignerHandle)
1285             SetLastError(CRYPT_E_INVALID_INDEX);
1286         else
1287             ret = CryptGetHashParam(
1288              msg->msg_data.signerHandles[dwIndex].contentHash, HP_HASHVAL,
1289              pvData, pcbData, 0);
1290         break;
1291     case CMSG_ENCODED_SIGNER:
1292         if (dwIndex >= msg->msg_data.info->cSignerInfo)
1293             SetLastError(CRYPT_E_INVALID_INDEX);
1294         else
1295             ret = CryptEncodeObjectEx(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
1296              CMS_SIGNER_INFO, &msg->msg_data.info->rgSignerInfo[dwIndex], 0,
1297              NULL, pvData, pcbData);
1298         break;
1299     case CMSG_VERSION_PARAM:
1300         ret = CRYPT_CopyParam(pvData, pcbData, &msg->msg_data.info->version,
1301          sizeof(msg->msg_data.info->version));
1302         break;
1303     default:
1304         SetLastError(CRYPT_E_INVALID_MSG_TYPE);
1305     }
1306     return ret;
1307 }
1308
1309 static BOOL CSignedEncodeMsg_Update(HCRYPTMSG hCryptMsg, const BYTE *pbData,
1310  DWORD cbData, BOOL fFinal)
1311 {
1312     CSignedEncodeMsg *msg = hCryptMsg;
1313     BOOL ret = FALSE;
1314
1315     if (msg->base.state == MsgStateFinalized)
1316         SetLastError(CRYPT_E_MSG_ERROR);
1317     else if (msg->base.streamed || (msg->base.open_flags & CMSG_DETACHED_FLAG))
1318     {
1319         ret = CSignedMsgData_Update(&msg->msg_data, pbData, cbData, fFinal,
1320          Sign);
1321         if (msg->base.streamed)
1322             FIXME("streamed partial stub\n");
1323         msg->base.state = fFinal ? MsgStateFinalized : MsgStateUpdated;
1324     }
1325     else
1326     {
1327         if (!fFinal)
1328             SetLastError(CRYPT_E_MSG_ERROR);
1329         else
1330         {
1331             if (cbData)
1332             {
1333                 msg->data.pbData = CryptMemAlloc(cbData);
1334                 if (msg->data.pbData)
1335                 {
1336                     memcpy(msg->data.pbData, pbData, cbData);
1337                     msg->data.cbData = cbData;
1338                     ret = TRUE;
1339                 }
1340             }
1341             else
1342                 ret = TRUE;
1343             if (ret)
1344                 ret = CSignedMsgData_Update(&msg->msg_data, pbData, cbData,
1345                  fFinal, Sign);
1346             msg->base.state = MsgStateFinalized;
1347         }
1348     }
1349     return ret;
1350 }
1351
1352 static HCRYPTMSG CSignedEncodeMsg_Open(DWORD dwFlags,
1353  const void *pvMsgEncodeInfo, LPCSTR pszInnerContentObjID,
1354  PCMSG_STREAM_INFO pStreamInfo)
1355 {
1356     const CMSG_SIGNED_ENCODE_INFO_WITH_CMS *info = pvMsgEncodeInfo;
1357     DWORD i;
1358     CSignedEncodeMsg *msg;
1359
1360     if (info->cbSize != sizeof(CMSG_SIGNED_ENCODE_INFO) &&
1361      info->cbSize != sizeof(CMSG_SIGNED_ENCODE_INFO_WITH_CMS))
1362     {
1363         SetLastError(E_INVALIDARG);
1364         return NULL;
1365     }
1366     if (info->cbSize == sizeof(CMSG_SIGNED_ENCODE_INFO_WITH_CMS) &&
1367      info->cAttrCertEncoded)
1368     {
1369         FIXME("CMSG_SIGNED_ENCODE_INFO with CMS fields unsupported\n");
1370         return NULL;
1371     }
1372     for (i = 0; i < info->cSigners; i++)
1373         if (!CRYPT_IsValidSigner(&info->rgSigners[i]))
1374             return NULL;
1375     msg = CryptMemAlloc(sizeof(CSignedEncodeMsg));
1376     if (msg)
1377     {
1378         BOOL ret = TRUE;
1379
1380         CryptMsgBase_Init((CryptMsgBase *)msg, dwFlags, pStreamInfo,
1381          CSignedEncodeMsg_Close, CSignedEncodeMsg_GetParam,
1382          CSignedEncodeMsg_Update, CRYPT_DefaultMsgControl);
1383         if (pszInnerContentObjID)
1384         {
1385             msg->innerOID = CryptMemAlloc(strlen(pszInnerContentObjID) + 1);
1386             if (msg->innerOID)
1387                 strcpy(msg->innerOID, pszInnerContentObjID);
1388             else
1389                 ret = FALSE;
1390         }
1391         else
1392             msg->innerOID = NULL;
1393         msg->data.cbData = 0;
1394         msg->data.pbData = NULL;
1395         if (ret)
1396             msg->msg_data.info = CryptMemAlloc(sizeof(CRYPT_SIGNED_INFO));
1397         else
1398             msg->msg_data.info = NULL;
1399         if (msg->msg_data.info)
1400         {
1401             memset(msg->msg_data.info, 0, sizeof(CRYPT_SIGNED_INFO));
1402             msg->msg_data.info->version = CMSG_SIGNED_DATA_V1;
1403         }
1404         else
1405             ret = FALSE;
1406         if (ret)
1407         {
1408             if (info->cSigners)
1409             {
1410                 msg->msg_data.info->rgSignerInfo =
1411                  CryptMemAlloc(info->cSigners * sizeof(CMSG_CMS_SIGNER_INFO));
1412                 if (msg->msg_data.info->rgSignerInfo)
1413                 {
1414                     msg->msg_data.info->cSignerInfo = info->cSigners;
1415                     memset(msg->msg_data.info->rgSignerInfo, 0,
1416                      msg->msg_data.info->cSignerInfo *
1417                      sizeof(CMSG_CMS_SIGNER_INFO));
1418                     ret = CSignedMsgData_AllocateHandles(&msg->msg_data);
1419                     for (i = 0; ret && i < msg->msg_data.info->cSignerInfo; i++)
1420                     {
1421                         if (info->rgSigners[i].SignerId.dwIdChoice ==
1422                          CERT_ID_KEY_IDENTIFIER)
1423                             msg->msg_data.info->version = CMSG_SIGNED_DATA_V3;
1424                         ret = CSignerInfo_Construct(
1425                          &msg->msg_data.info->rgSignerInfo[i],
1426                          &info->rgSigners[i]);
1427                         if (ret)
1428                         {
1429                             ret = CSignedMsgData_ConstructSignerHandles(
1430                              &msg->msg_data, i, info->rgSigners[i].hCryptProv);
1431                             if (dwFlags & CMSG_CRYPT_RELEASE_CONTEXT_FLAG)
1432                                 CryptReleaseContext(info->rgSigners[i].hCryptProv,
1433                                  0);
1434                         }
1435                     }
1436                 }
1437                 else
1438                     ret = FALSE;
1439             }
1440             else
1441             {
1442                 msg->msg_data.info->cSignerInfo = 0;
1443                 msg->msg_data.signerHandles = NULL;
1444                 msg->msg_data.cSignerHandle = 0;
1445             }
1446         }
1447         if (ret)
1448             ret = CRYPT_ConstructBlobArray(&msg->msg_data.info->cCertEncoded,
1449              &msg->msg_data.info->rgCertEncoded, info->cCertEncoded,
1450              info->rgCertEncoded);
1451         if (ret)
1452             ret = CRYPT_ConstructBlobArray(&msg->msg_data.info->cCrlEncoded,
1453              &msg->msg_data.info->rgCrlEncoded, info->cCrlEncoded,
1454              info->rgCrlEncoded);
1455         if (!ret)
1456         {
1457             CSignedEncodeMsg_Close(msg);
1458             msg = NULL;
1459         }
1460     }
1461     return msg;
1462 }
1463
1464 typedef struct _CMSG_ENVELOPED_ENCODE_INFO_WITH_CMS
1465 {
1466     DWORD                       cbSize;
1467     HCRYPTPROV_LEGACY           hCryptProv;
1468     CRYPT_ALGORITHM_IDENTIFIER  ContentEncryptionAlgorithm;
1469     void                       *pvEncryptionAuxInfo;
1470     DWORD                       cRecipients;
1471     PCERT_INFO                 *rgpRecipientCert;
1472     PCMSG_RECIPIENT_ENCODE_INFO rgCmsRecipients;
1473     DWORD                       cCertEncoded;
1474     PCERT_BLOB                  rgCertEncoded;
1475     DWORD                       cCrlEncoded;
1476     PCRL_BLOB                   rgCrlEncoded;
1477     DWORD                       cAttrCertEncoded;
1478     PCERT_BLOB                  rgAttrCertEncoded;
1479     DWORD                       cUnprotectedAttr;
1480     PCRYPT_ATTRIBUTE            rgUnprotectedAttr;
1481 } CMSG_ENVELOPED_ENCODE_INFO_WITH_CMS, *PCMSG_ENVELOPED_ENCODE_INFO_WITH_CMS;
1482
1483 typedef struct _CEnvelopedEncodeMsg
1484 {
1485     CryptMsgBase                   base;
1486     CRYPT_ALGORITHM_IDENTIFIER     algo;
1487     HCRYPTPROV                     prov;
1488     HCRYPTKEY                      key;
1489     DWORD                          cRecipientInfo;
1490     CMSG_KEY_TRANS_RECIPIENT_INFO *recipientInfo;
1491     CRYPT_DATA_BLOB                data;
1492 } CEnvelopedEncodeMsg;
1493
1494 static BOOL CRYPT_ConstructAlgorithmId(CRYPT_ALGORITHM_IDENTIFIER *out,
1495  const CRYPT_ALGORITHM_IDENTIFIER *in)
1496 {
1497     out->pszObjId = CryptMemAlloc(strlen(in->pszObjId) + 1);
1498     if (out->pszObjId)
1499     {
1500         strcpy(out->pszObjId, in->pszObjId);
1501         return CRYPT_ConstructBlob(&out->Parameters, &in->Parameters);
1502     }
1503     else
1504         return FALSE;
1505 }
1506
1507 static BOOL CRYPT_ConstructBitBlob(CRYPT_BIT_BLOB *out, const CRYPT_BIT_BLOB *in)
1508 {
1509     out->cbData = in->cbData;
1510     out->cUnusedBits = in->cUnusedBits;
1511     if (out->cbData)
1512     {
1513         out->pbData = CryptMemAlloc(out->cbData);
1514         if (out->pbData)
1515             memcpy(out->pbData, in->pbData, out->cbData);
1516         else
1517             return FALSE;
1518     }
1519     else
1520         out->pbData = NULL;
1521     return TRUE;
1522 }
1523
1524 static BOOL CRYPT_GenKey(CMSG_CONTENT_ENCRYPT_INFO *info, ALG_ID algID)
1525 {
1526     static HCRYPTOIDFUNCSET set = NULL;
1527     PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY genKeyFunc = NULL;
1528     HCRYPTOIDFUNCADDR hFunc;
1529     BOOL ret;
1530
1531     if (!set)
1532         set = CryptInitOIDFunctionSet(CMSG_OID_GEN_CONTENT_ENCRYPT_KEY_FUNC, 0);
1533     CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1534      info->ContentEncryptionAlgorithm.pszObjId, 0, (void **)&genKeyFunc, &hFunc);
1535     if (genKeyFunc)
1536     {
1537         ret = genKeyFunc(info, 0, NULL);
1538         CryptFreeOIDFunctionAddress(hFunc, 0);
1539     }
1540     else
1541         ret = CryptGenKey(info->hCryptProv, algID, CRYPT_EXPORTABLE,
1542          &info->hContentEncryptKey);
1543     return ret;
1544 }
1545
1546 static BOOL WINAPI CRYPT_ExportKeyTrans(
1547  PCMSG_CONTENT_ENCRYPT_INFO pContentEncryptInfo,
1548  PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO pKeyTransEncodeInfo,
1549  PCMSG_KEY_TRANS_ENCRYPT_INFO pKeyTransEncryptInfo,
1550  DWORD dwFlags, void *pvReserved)
1551 {
1552     CERT_PUBLIC_KEY_INFO keyInfo;
1553     HCRYPTKEY expKey;
1554     BOOL ret;
1555
1556     ret = CRYPT_ConstructAlgorithmId(&keyInfo.Algorithm,
1557         &pKeyTransEncodeInfo->KeyEncryptionAlgorithm);
1558     if (ret)
1559         CRYPT_ConstructBitBlob(&keyInfo.PublicKey,
1560          &pKeyTransEncodeInfo->RecipientPublicKey);
1561
1562     if (ret)
1563         ret = CryptImportPublicKeyInfo(pKeyTransEncodeInfo->hCryptProv,
1564          X509_ASN_ENCODING, &keyInfo, &expKey);
1565     if (ret)
1566     {
1567         BYTE *keyBlob;
1568         DWORD size;
1569
1570         ret = CryptExportKey(pContentEncryptInfo->hContentEncryptKey, expKey,
1571          SIMPLEBLOB, 0, NULL, &size);
1572         keyBlob = CryptMemAlloc(size);
1573         if (keyBlob)
1574         {
1575             ret = CryptExportKey(pContentEncryptInfo->hContentEncryptKey,
1576              expKey, SIMPLEBLOB, 0, keyBlob, &size);
1577             if (ret)
1578             {
1579                 DWORD head = sizeof(BLOBHEADER) + sizeof(ALG_ID);
1580
1581                 pKeyTransEncryptInfo->EncryptedKey.pbData =
1582                  CryptMemAlloc(size - head);
1583                 if (pKeyTransEncryptInfo->EncryptedKey.pbData)
1584                 {
1585                     DWORD i, k = 0;
1586
1587                     pKeyTransEncryptInfo->EncryptedKey.cbData = size - head;
1588                     for (i = size - 1; i >= head; --i, ++k)
1589                         pKeyTransEncryptInfo->EncryptedKey.pbData[k] =
1590                          keyBlob[i];
1591                 }
1592                 else
1593                     ret = FALSE;
1594             }
1595             CryptMemFree(keyBlob);
1596         }
1597         else
1598             ret = FALSE;
1599         CryptDestroyKey(expKey);
1600     }
1601
1602     CryptMemFree(keyInfo.Algorithm.pszObjId);
1603     CryptMemFree(keyInfo.Algorithm.Parameters.pbData);
1604     return ret;
1605 }
1606
1607 static BOOL CRYPT_ExportEncryptedKey(CMSG_CONTENT_ENCRYPT_INFO *info, DWORD i,
1608  CRYPT_DATA_BLOB *key)
1609 {
1610     static HCRYPTOIDFUNCSET set = NULL;
1611     PFN_CMSG_EXPORT_KEY_TRANS exportKeyFunc = NULL;
1612     HCRYPTOIDFUNCADDR hFunc = NULL;
1613     CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO *encodeInfo =
1614      info->rgCmsRecipients[i].u.pKeyTrans;
1615     CMSG_KEY_TRANS_ENCRYPT_INFO encryptInfo;
1616     BOOL ret;
1617
1618     memset(&encryptInfo, 0, sizeof(encryptInfo));
1619     encryptInfo.cbSize = sizeof(encryptInfo);
1620     encryptInfo.dwRecipientIndex = i;
1621     ret = CRYPT_ConstructAlgorithmId(&encryptInfo.KeyEncryptionAlgorithm,
1622      &encodeInfo->KeyEncryptionAlgorithm);
1623
1624     if (!set)
1625         set = CryptInitOIDFunctionSet(CMSG_OID_EXPORT_KEY_TRANS_FUNC, 0);
1626     CryptGetOIDFunctionAddress(set, X509_ASN_ENCODING,
1627      encryptInfo.KeyEncryptionAlgorithm.pszObjId, 0, (void **)&exportKeyFunc,
1628      &hFunc);
1629     if (!exportKeyFunc)
1630         exportKeyFunc = CRYPT_ExportKeyTrans;
1631     if (ret)
1632     {
1633         ret = exportKeyFunc(info, encodeInfo, &encryptInfo, 0, NULL);
1634         if (ret)
1635         {
1636             key->cbData = encryptInfo.EncryptedKey.cbData;
1637             key->pbData = encryptInfo.EncryptedKey.pbData;
1638         }
1639     }
1640     if (hFunc)
1641         CryptFreeOIDFunctionAddress(hFunc, 0);
1642
1643     CryptMemFree(encryptInfo.KeyEncryptionAlgorithm.pszObjId);
1644     CryptMemFree(encryptInfo.KeyEncryptionAlgorithm.Parameters.pbData);
1645     return ret;
1646 }
1647
1648 static BOOL CContentEncryptInfo_Construct(CMSG_CONTENT_ENCRYPT_INFO *info,
1649  const CMSG_ENVELOPED_ENCODE_INFO_WITH_CMS *in, HCRYPTPROV prov)
1650 {
1651     BOOL ret;
1652
1653     info->cbSize = sizeof(CMSG_CONTENT_ENCRYPT_INFO);
1654     info->hCryptProv = prov;
1655     ret = CRYPT_ConstructAlgorithmId(&info->ContentEncryptionAlgorithm,
1656      &in->ContentEncryptionAlgorithm);
1657     info->pvEncryptionAuxInfo = in->pvEncryptionAuxInfo;
1658     info->cRecipients = in->cRecipients;
1659     if (ret)
1660     {
1661         info->rgCmsRecipients = CryptMemAlloc(in->cRecipients *
1662          sizeof(CMSG_RECIPIENT_ENCODE_INFO));
1663         if (info->rgCmsRecipients)
1664         {
1665             DWORD i;
1666
1667             for (i = 0; ret && i < in->cRecipients; ++i)
1668             {
1669                 CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO *encodeInfo;
1670                 CERT_INFO *cert = in->rgpRecipientCert[i];
1671
1672                 info->rgCmsRecipients[i].dwRecipientChoice =
1673                  CMSG_KEY_TRANS_RECIPIENT;
1674                 encodeInfo = CryptMemAlloc(sizeof(*encodeInfo));
1675                 info->rgCmsRecipients[i].u.pKeyTrans = encodeInfo;
1676                 if (encodeInfo)
1677                 {
1678                     encodeInfo->cbSize = sizeof(*encodeInfo);
1679                     ret = CRYPT_ConstructAlgorithmId(
1680                      &encodeInfo->KeyEncryptionAlgorithm,
1681                      &cert->SubjectPublicKeyInfo.Algorithm);
1682                     encodeInfo->pvKeyEncryptionAuxInfo = NULL;
1683                     encodeInfo->hCryptProv = prov;
1684                     if (ret)
1685                         ret = CRYPT_ConstructBitBlob(
1686                          &encodeInfo->RecipientPublicKey,
1687                          &cert->SubjectPublicKeyInfo.PublicKey);
1688                     if (ret)
1689                         ret = CRYPT_ConstructBlob(
1690                          &encodeInfo->RecipientId.u.IssuerSerialNumber.Issuer,
1691                          &cert->Issuer);
1692                     if (ret)
1693                         ret = CRYPT_ConstructBlob(
1694                          &encodeInfo->RecipientId.u.IssuerSerialNumber.SerialNumber,
1695                          &cert->SerialNumber);
1696                 }
1697                 else
1698                     ret = FALSE;
1699             }
1700         }
1701         else
1702             ret = FALSE;
1703     }
1704     info->pfnAlloc = CryptMemAlloc;
1705     info->pfnFree = CryptMemFree;
1706     return ret;
1707 }
1708
1709 static void CContentEncryptInfo_Free(CMSG_CONTENT_ENCRYPT_INFO *info)
1710 {
1711     CryptMemFree(info->ContentEncryptionAlgorithm.pszObjId);
1712     CryptMemFree(info->ContentEncryptionAlgorithm.Parameters.pbData);
1713     if (info->rgCmsRecipients)
1714     {
1715         DWORD i;
1716
1717         for (i = 0; i < info->cRecipients; ++i)
1718         {
1719             CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO *encodeInfo =
1720              info->rgCmsRecipients[i].u.pKeyTrans;
1721
1722             CryptMemFree(encodeInfo->KeyEncryptionAlgorithm.pszObjId);
1723             CryptMemFree(encodeInfo->KeyEncryptionAlgorithm.Parameters.pbData);
1724             CryptMemFree(encodeInfo->RecipientPublicKey.pbData);
1725             CryptMemFree(
1726              encodeInfo->RecipientId.u.IssuerSerialNumber.Issuer.pbData);
1727             CryptMemFree(
1728              encodeInfo->RecipientId.u.IssuerSerialNumber.SerialNumber.pbData);
1729             CryptMemFree(encodeInfo);
1730         }
1731         CryptMemFree(info->rgCmsRecipients);
1732     }
1733 }
1734
1735 static BOOL CRecipientInfo_Construct(CMSG_KEY_TRANS_RECIPIENT_INFO *info,
1736  const CERT_INFO *cert, CRYPT_DATA_BLOB *key)
1737 {
1738     BOOL ret;
1739
1740     info->dwVersion = CMSG_KEY_TRANS_PKCS_1_5_VERSION;
1741     info->RecipientId.dwIdChoice = CERT_ID_ISSUER_SERIAL_NUMBER;
1742     ret = CRYPT_ConstructBlob(&info->RecipientId.u.IssuerSerialNumber.Issuer,
1743      &cert->Issuer);
1744     if (ret)
1745         ret = CRYPT_ConstructBlob(
1746          &info->RecipientId.u.IssuerSerialNumber.SerialNumber,
1747          &cert->SerialNumber);
1748     if (ret)
1749         ret = CRYPT_ConstructAlgorithmId(&info->KeyEncryptionAlgorithm,
1750          &cert->SubjectPublicKeyInfo.Algorithm);
1751     info->EncryptedKey.cbData = key->cbData;
1752     info->EncryptedKey.pbData = key->pbData;
1753     return ret;
1754 }
1755
1756 static void CRecipientInfo_Free(CMSG_KEY_TRANS_RECIPIENT_INFO *info)
1757 {
1758     CryptMemFree(info->RecipientId.u.IssuerSerialNumber.Issuer.pbData);
1759     CryptMemFree(info->RecipientId.u.IssuerSerialNumber.SerialNumber.pbData);
1760     CryptMemFree(info->KeyEncryptionAlgorithm.pszObjId);
1761     CryptMemFree(info->KeyEncryptionAlgorithm.Parameters.pbData);
1762     CryptMemFree(info->EncryptedKey.pbData);
1763 }
1764
1765 static void CEnvelopedEncodeMsg_Close(HCRYPTMSG hCryptMsg)
1766 {
1767     CEnvelopedEncodeMsg *msg = hCryptMsg;
1768
1769     CryptMemFree(msg->algo.pszObjId);
1770     CryptMemFree(msg->algo.Parameters.pbData);
1771     if (msg->base.open_flags & CMSG_CRYPT_RELEASE_CONTEXT_FLAG)
1772         CryptReleaseContext(msg->prov, 0);
1773     CryptDestroyKey(msg->key);
1774     if (msg->recipientInfo)
1775     {
1776         DWORD i;
1777
1778         for (i = 0; i < msg->cRecipientInfo; ++i)
1779             CRecipientInfo_Free(&msg->recipientInfo[i]);
1780         CryptMemFree(msg->recipientInfo);
1781     }
1782     CryptMemFree(msg->data.pbData);
1783 }
1784
1785 static BOOL CEnvelopedEncodeMsg_GetParam(HCRYPTMSG hCryptMsg, DWORD dwParamType,
1786  DWORD dwIndex, void *pvData, DWORD *pcbData)
1787 {
1788     FIXME("(%p, %d, %d, %p, %p): stub\n", hCryptMsg, dwParamType, dwIndex,
1789      pvData, pcbData);
1790     return FALSE;
1791 }
1792
1793 static BOOL CEnvelopedEncodeMsg_Update(HCRYPTMSG hCryptMsg, const BYTE *pbData,
1794  DWORD cbData, BOOL fFinal)
1795 {
1796     FIXME("(%p, %p, %d, %d): stub\n", hCryptMsg, pbData, cbData, fFinal);
1797     return FALSE;
1798 }
1799
1800 static HCRYPTMSG CEnvelopedEncodeMsg_Open(DWORD dwFlags,
1801  const void *pvMsgEncodeInfo, LPCSTR pszInnerContentObjID,
1802  PCMSG_STREAM_INFO pStreamInfo)
1803 {
1804     CEnvelopedEncodeMsg *msg;
1805     const CMSG_ENVELOPED_ENCODE_INFO_WITH_CMS *info = pvMsgEncodeInfo;
1806     HCRYPTPROV prov;
1807     ALG_ID algID;
1808
1809     if (info->cbSize != sizeof(CMSG_ENVELOPED_ENCODE_INFO) &&
1810      info->cbSize != sizeof(CMSG_ENVELOPED_ENCODE_INFO_WITH_CMS))
1811     {
1812         SetLastError(E_INVALIDARG);
1813         return NULL;
1814     }
1815     if (info->cbSize == sizeof(CMSG_ENVELOPED_ENCODE_INFO_WITH_CMS))
1816         FIXME("CMS fields unsupported\n");
1817     if (!(algID = CertOIDToAlgId(info->ContentEncryptionAlgorithm.pszObjId)))
1818     {
1819         SetLastError(CRYPT_E_UNKNOWN_ALGO);
1820         return NULL;
1821     }
1822     if (info->cRecipients && !info->rgpRecipientCert)
1823     {
1824         SetLastError(E_INVALIDARG);
1825         return NULL;
1826     }
1827     if (info->hCryptProv)
1828         prov = info->hCryptProv;
1829     else
1830     {
1831         prov = CRYPT_GetDefaultProvider();
1832         dwFlags &= ~CMSG_CRYPT_RELEASE_CONTEXT_FLAG;
1833     }
1834     msg = CryptMemAlloc(sizeof(CEnvelopedEncodeMsg));
1835     if (msg)
1836     {
1837         CRYPT_DATA_BLOB encryptedKey = { 0, NULL };
1838         CMSG_CONTENT_ENCRYPT_INFO encryptInfo;
1839         BOOL ret;
1840         DWORD i;
1841
1842         CryptMsgBase_Init((CryptMsgBase *)msg, dwFlags, pStreamInfo,
1843          CEnvelopedEncodeMsg_Close, CEnvelopedEncodeMsg_GetParam,
1844          CEnvelopedEncodeMsg_Update, CRYPT_DefaultMsgControl);
1845         ret = CRYPT_ConstructAlgorithmId(&msg->algo,
1846          &info->ContentEncryptionAlgorithm);
1847         msg->prov = prov;
1848         msg->data.cbData = 0;
1849         msg->data.pbData = NULL;
1850         msg->cRecipientInfo = info->cRecipients;
1851         msg->recipientInfo = CryptMemAlloc(info->cRecipients *
1852          sizeof(CMSG_KEY_TRANS_RECIPIENT_INFO));
1853         if (!msg->recipientInfo)
1854             ret = FALSE;
1855         memset(&encryptInfo, 0, sizeof(encryptInfo));
1856         if (ret)
1857         {
1858             ret = CContentEncryptInfo_Construct(&encryptInfo, info, prov);
1859             if (ret)
1860             {
1861                 ret = CRYPT_GenKey(&encryptInfo, algID);
1862                 if (ret)
1863                     msg->key = encryptInfo.hContentEncryptKey;
1864             }
1865         }
1866         for (i = 0; ret && i < msg->cRecipientInfo; ++i)
1867         {
1868             ret = CRYPT_ExportEncryptedKey(&encryptInfo, i, &encryptedKey);
1869             if (ret)
1870                 ret = CRecipientInfo_Construct(&msg->recipientInfo[i],
1871                  info->rgpRecipientCert[i], &encryptedKey);
1872         }
1873         CContentEncryptInfo_Free(&encryptInfo);
1874         if (!ret)
1875         {
1876             CryptMsgClose(msg);
1877             msg = NULL;
1878         }
1879     }
1880     if (!msg && (dwFlags & CMSG_CRYPT_RELEASE_CONTEXT_FLAG))
1881         CryptReleaseContext(prov, 0);
1882     return msg;
1883 }
1884
1885 HCRYPTMSG WINAPI CryptMsgOpenToEncode(DWORD dwMsgEncodingType, DWORD dwFlags,
1886  DWORD dwMsgType, const void *pvMsgEncodeInfo, LPSTR pszInnerContentObjID,
1887  PCMSG_STREAM_INFO pStreamInfo)
1888 {
1889     HCRYPTMSG msg = NULL;
1890
1891     TRACE("(%08x, %08x, %08x, %p, %s, %p)\n", dwMsgEncodingType, dwFlags,
1892      dwMsgType, pvMsgEncodeInfo, debugstr_a(pszInnerContentObjID), pStreamInfo);
1893
1894     if (GET_CMSG_ENCODING_TYPE(dwMsgEncodingType) != PKCS_7_ASN_ENCODING)
1895     {
1896         SetLastError(E_INVALIDARG);
1897         return NULL;
1898     }
1899     switch (dwMsgType)
1900     {
1901     case CMSG_DATA:
1902         msg = CDataEncodeMsg_Open(dwFlags, pvMsgEncodeInfo,
1903          pszInnerContentObjID, pStreamInfo);
1904         break;
1905     case CMSG_HASHED:
1906         msg = CHashEncodeMsg_Open(dwFlags, pvMsgEncodeInfo,
1907          pszInnerContentObjID, pStreamInfo);
1908         break;
1909     case CMSG_SIGNED:
1910         msg = CSignedEncodeMsg_Open(dwFlags, pvMsgEncodeInfo,
1911          pszInnerContentObjID, pStreamInfo);
1912         break;
1913     case CMSG_ENVELOPED:
1914         msg = CEnvelopedEncodeMsg_Open(dwFlags, pvMsgEncodeInfo,
1915          pszInnerContentObjID, pStreamInfo);
1916         break;
1917     case CMSG_SIGNED_AND_ENVELOPED:
1918     case CMSG_ENCRYPTED:
1919         /* defined but invalid, fall through */
1920     default:
1921         SetLastError(CRYPT_E_INVALID_MSG_TYPE);
1922     }
1923     return msg;
1924 }
1925
1926 typedef struct _CDecodeMsg
1927 {
1928     CryptMsgBase           base;
1929     DWORD                  type;
1930     HCRYPTPROV             crypt_prov;
1931     union {
1932         HCRYPTHASH     hash;
1933         CSignedMsgData signed_data;
1934     } u;
1935     CRYPT_DATA_BLOB        msg_data;
1936     CRYPT_DATA_BLOB        detached_data;
1937     PCONTEXT_PROPERTY_LIST properties;
1938 } CDecodeMsg;
1939
1940 static void CDecodeMsg_Close(HCRYPTMSG hCryptMsg)
1941 {
1942     CDecodeMsg *msg = hCryptMsg;
1943
1944     if (msg->base.open_flags & CMSG_CRYPT_RELEASE_CONTEXT_FLAG)
1945         CryptReleaseContext(msg->crypt_prov, 0);
1946     switch (msg->type)
1947     {
1948     case CMSG_HASHED:
1949         if (msg->u.hash)
1950             CryptDestroyHash(msg->u.hash);
1951         break;
1952     case CMSG_SIGNED:
1953         if (msg->u.signed_data.info)
1954         {
1955             LocalFree(msg->u.signed_data.info);
1956             CSignedMsgData_CloseHandles(&msg->u.signed_data);
1957         }
1958         break;
1959     }
1960     CryptMemFree(msg->msg_data.pbData);
1961     CryptMemFree(msg->detached_data.pbData);
1962     ContextPropertyList_Free(msg->properties);
1963 }
1964
1965 static BOOL CDecodeMsg_CopyData(CRYPT_DATA_BLOB *blob, const BYTE *pbData,
1966  DWORD cbData)
1967 {
1968     BOOL ret = TRUE;
1969
1970     if (cbData)
1971     {
1972         if (blob->cbData)
1973             blob->pbData = CryptMemRealloc(blob->pbData,
1974              blob->cbData + cbData);
1975         else
1976             blob->pbData = CryptMemAlloc(cbData);
1977         if (blob->pbData)
1978         {
1979             memcpy(blob->pbData + blob->cbData, pbData, cbData);
1980             blob->cbData += cbData;
1981         }
1982         else
1983             ret = FALSE;
1984     }
1985     return ret;
1986 }
1987
1988 static BOOL CDecodeMsg_DecodeDataContent(CDecodeMsg *msg, const CRYPT_DER_BLOB *blob)
1989 {
1990     BOOL ret;
1991     CRYPT_DATA_BLOB *data;
1992     DWORD size;
1993
1994     ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_OCTET_STRING,
1995      blob->pbData, blob->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &data, &size);
1996     if (ret)
1997     {
1998         ret = ContextPropertyList_SetProperty(msg->properties,
1999          CMSG_CONTENT_PARAM, data->pbData, data->cbData);
2000         LocalFree(data);
2001     }
2002     return ret;
2003 }
2004
2005 static void CDecodeMsg_SaveAlgorithmID(CDecodeMsg *msg, DWORD param,
2006  const CRYPT_ALGORITHM_IDENTIFIER *id)
2007 {
2008     static const BYTE nullParams[] = { ASN_NULL, 0 };
2009     CRYPT_ALGORITHM_IDENTIFIER *copy;
2010     DWORD len = sizeof(CRYPT_ALGORITHM_IDENTIFIER);
2011
2012     /* Linearize algorithm id */
2013     len += strlen(id->pszObjId) + 1;
2014     len += id->Parameters.cbData;
2015     copy = CryptMemAlloc(len);
2016     if (copy)
2017     {
2018         copy->pszObjId =
2019          (LPSTR)((BYTE *)copy + sizeof(CRYPT_ALGORITHM_IDENTIFIER));
2020         strcpy(copy->pszObjId, id->pszObjId);
2021         copy->Parameters.pbData = (BYTE *)copy->pszObjId + strlen(id->pszObjId)
2022          + 1;
2023         /* Trick:  omit NULL parameters */
2024         if (id->Parameters.cbData == sizeof(nullParams) &&
2025          !memcmp(id->Parameters.pbData, nullParams, sizeof(nullParams)))
2026         {
2027             copy->Parameters.cbData = 0;
2028             len -= sizeof(nullParams);
2029         }
2030         else
2031             copy->Parameters.cbData = id->Parameters.cbData;
2032         if (copy->Parameters.cbData)
2033             memcpy(copy->Parameters.pbData, id->Parameters.pbData,
2034              id->Parameters.cbData);
2035         ContextPropertyList_SetProperty(msg->properties, param, (BYTE *)copy,
2036          len);
2037         CryptMemFree(copy);
2038     }
2039 }
2040
2041 static inline void CRYPT_FixUpAlgorithmID(CRYPT_ALGORITHM_IDENTIFIER *id)
2042 {
2043     id->pszObjId = (LPSTR)((BYTE *)id + sizeof(CRYPT_ALGORITHM_IDENTIFIER));
2044     id->Parameters.pbData = (BYTE *)id->pszObjId + strlen(id->pszObjId) + 1;
2045 }
2046
2047 static BOOL CDecodeMsg_DecodeHashedContent(CDecodeMsg *msg,
2048  const CRYPT_DER_BLOB *blob)
2049 {
2050     BOOL ret;
2051     CRYPT_DIGESTED_DATA *digestedData;
2052     DWORD size;
2053
2054     ret = CRYPT_AsnDecodePKCSDigestedData(blob->pbData, blob->cbData,
2055      CRYPT_DECODE_ALLOC_FLAG, NULL, (CRYPT_DIGESTED_DATA *)&digestedData,
2056      &size);
2057     if (ret)
2058     {
2059         ContextPropertyList_SetProperty(msg->properties, CMSG_VERSION_PARAM,
2060          (const BYTE *)&digestedData->version, sizeof(digestedData->version));
2061         CDecodeMsg_SaveAlgorithmID(msg, CMSG_HASH_ALGORITHM_PARAM,
2062          &digestedData->DigestAlgorithm);
2063         ContextPropertyList_SetProperty(msg->properties,
2064          CMSG_INNER_CONTENT_TYPE_PARAM,
2065          (const BYTE *)digestedData->ContentInfo.pszObjId,
2066          digestedData->ContentInfo.pszObjId ?
2067          strlen(digestedData->ContentInfo.pszObjId) + 1 : 0);
2068         if (!(msg->base.open_flags & CMSG_DETACHED_FLAG))
2069         {
2070             if (digestedData->ContentInfo.Content.cbData)
2071                 CDecodeMsg_DecodeDataContent(msg,
2072                  &digestedData->ContentInfo.Content);
2073             else
2074                 ContextPropertyList_SetProperty(msg->properties,
2075                  CMSG_CONTENT_PARAM, NULL, 0);
2076         }
2077         ContextPropertyList_SetProperty(msg->properties, CMSG_HASH_DATA_PARAM,
2078          digestedData->hash.pbData, digestedData->hash.cbData);
2079         LocalFree(digestedData);
2080     }
2081     return ret;
2082 }
2083
2084 static BOOL CDecodeMsg_DecodeSignedContent(CDecodeMsg *msg,
2085  const CRYPT_DER_BLOB *blob)
2086 {
2087     BOOL ret;
2088     CRYPT_SIGNED_INFO *signedInfo;
2089     DWORD size;
2090
2091     ret = CRYPT_AsnDecodeCMSSignedInfo(blob->pbData, blob->cbData,
2092      CRYPT_DECODE_ALLOC_FLAG, NULL, (CRYPT_SIGNED_INFO *)&signedInfo,
2093      &size);
2094     if (ret)
2095         msg->u.signed_data.info = signedInfo;
2096     return ret;
2097 }
2098
2099 /* Decodes the content in blob as the type given, and updates the value
2100  * (type, parameters, etc.) of msg based on what blob contains.
2101  * It doesn't just use msg's type, to allow a recursive call from an implicitly
2102  * typed message once the outer content info has been decoded.
2103  */
2104 static BOOL CDecodeMsg_DecodeContent(CDecodeMsg *msg, const CRYPT_DER_BLOB *blob,
2105  DWORD type)
2106 {
2107     BOOL ret;
2108
2109     switch (type)
2110     {
2111     case CMSG_DATA:
2112         if ((ret = CDecodeMsg_DecodeDataContent(msg, blob)))
2113             msg->type = CMSG_DATA;
2114         break;
2115     case CMSG_HASHED:
2116         if ((ret = CDecodeMsg_DecodeHashedContent(msg, blob)))
2117             msg->type = CMSG_HASHED;
2118         break;
2119     case CMSG_ENVELOPED:
2120         FIXME("unimplemented for type CMSG_ENVELOPED\n");
2121         ret = TRUE;
2122         break;
2123     case CMSG_SIGNED:
2124         if ((ret = CDecodeMsg_DecodeSignedContent(msg, blob)))
2125             msg->type = CMSG_SIGNED;
2126         break;
2127     default:
2128     {
2129         CRYPT_CONTENT_INFO *info;
2130         DWORD size;
2131
2132         ret = CryptDecodeObjectEx(X509_ASN_ENCODING, PKCS_CONTENT_INFO,
2133          msg->msg_data.pbData, msg->msg_data.cbData, CRYPT_DECODE_ALLOC_FLAG,
2134          NULL, &info, &size);
2135         if (ret)
2136         {
2137             if (!strcmp(info->pszObjId, szOID_RSA_data))
2138                 ret = CDecodeMsg_DecodeContent(msg, &info->Content, CMSG_DATA);
2139             else if (!strcmp(info->pszObjId, szOID_RSA_digestedData))
2140                 ret = CDecodeMsg_DecodeContent(msg, &info->Content,
2141                  CMSG_HASHED);
2142             else if (!strcmp(info->pszObjId, szOID_RSA_envelopedData))
2143                 ret = CDecodeMsg_DecodeContent(msg, &info->Content,
2144                  CMSG_ENVELOPED);
2145             else if (!strcmp(info->pszObjId, szOID_RSA_signedData))
2146                 ret = CDecodeMsg_DecodeContent(msg, &info->Content,
2147                  CMSG_SIGNED);
2148             else
2149             {
2150                 SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2151                 ret = FALSE;
2152             }
2153             LocalFree(info);
2154         }
2155     }
2156     }
2157     return ret;
2158 }
2159
2160 static BOOL CDecodeMsg_FinalizeHashedContent(CDecodeMsg *msg,
2161  CRYPT_DER_BLOB *blob)
2162 {
2163     CRYPT_ALGORITHM_IDENTIFIER *hashAlgoID = NULL;
2164     DWORD size = 0;
2165     ALG_ID algID = 0;
2166     BOOL ret;
2167
2168     CryptMsgGetParam(msg, CMSG_HASH_ALGORITHM_PARAM, 0, NULL, &size);
2169     hashAlgoID = CryptMemAlloc(size);
2170     ret = CryptMsgGetParam(msg, CMSG_HASH_ALGORITHM_PARAM, 0, hashAlgoID,
2171      &size);
2172     if (ret)
2173         algID = CertOIDToAlgId(hashAlgoID->pszObjId);
2174     ret = CryptCreateHash(msg->crypt_prov, algID, 0, 0, &msg->u.hash);
2175     if (ret)
2176     {
2177         CRYPT_DATA_BLOB content;
2178
2179         if (msg->base.open_flags & CMSG_DETACHED_FLAG)
2180         {
2181             /* Unlike for non-detached messages, the data were never stored as
2182              * the content param, but were saved in msg->detached_data instead.
2183              */
2184             content.pbData = msg->detached_data.pbData;
2185             content.cbData = msg->detached_data.cbData;
2186         }
2187         else
2188             ret = ContextPropertyList_FindProperty(msg->properties,
2189              CMSG_CONTENT_PARAM, &content);
2190         if (ret)
2191             ret = CryptHashData(msg->u.hash, content.pbData, content.cbData, 0);
2192     }
2193     CryptMemFree(hashAlgoID);
2194     return ret;
2195 }
2196
2197 static BOOL CDecodeMsg_FinalizeSignedContent(CDecodeMsg *msg,
2198  CRYPT_DER_BLOB *blob)
2199 {
2200     BOOL ret;
2201     DWORD i, size;
2202
2203     ret = CSignedMsgData_AllocateHandles(&msg->u.signed_data);
2204     for (i = 0; ret && i < msg->u.signed_data.info->cSignerInfo; i++)
2205         ret = CSignedMsgData_ConstructSignerHandles(&msg->u.signed_data, i,
2206          msg->crypt_prov);
2207     if (ret)
2208     {
2209         CRYPT_DATA_BLOB *content;
2210
2211         /* Now that we have all the content, update the hash handles with
2212          * it.  If the message is a detached message, the content is stored
2213          * in msg->detached_data rather than in the signed message's
2214          * content.
2215          */
2216         if (msg->base.open_flags & CMSG_DETACHED_FLAG)
2217             content = &msg->detached_data;
2218         else
2219             content = &msg->u.signed_data.info->content.Content;
2220         if (content->cbData)
2221         {
2222             /* If the message is not detached, have to decode the message's
2223              * content if the type is szOID_RSA_data.
2224              */
2225             if (!(msg->base.open_flags & CMSG_DETACHED_FLAG) &&
2226              !strcmp(msg->u.signed_data.info->content.pszObjId,
2227              szOID_RSA_data))
2228             {
2229                 CRYPT_DATA_BLOB *blob;
2230
2231                 ret = CryptDecodeObjectEx(X509_ASN_ENCODING,
2232                  X509_OCTET_STRING, content->pbData, content->cbData,
2233                  CRYPT_DECODE_ALLOC_FLAG, NULL, &blob, &size);
2234                 if (ret)
2235                 {
2236                     ret = CSignedMsgData_Update(&msg->u.signed_data,
2237                      blob->pbData, blob->cbData, TRUE, Verify);
2238                     LocalFree(blob);
2239                 }
2240             }
2241             else
2242                 ret = CSignedMsgData_Update(&msg->u.signed_data,
2243                  content->pbData, content->cbData, TRUE, Verify);
2244         }
2245     }
2246     return ret;
2247 }
2248
2249 static BOOL CDecodeMsg_FinalizeContent(CDecodeMsg *msg, CRYPT_DER_BLOB *blob)
2250 {
2251     BOOL ret = FALSE;
2252
2253     switch (msg->type)
2254     {
2255     case CMSG_HASHED:
2256         ret = CDecodeMsg_FinalizeHashedContent(msg, blob);
2257         break;
2258     case CMSG_SIGNED:
2259         ret = CDecodeMsg_FinalizeSignedContent(msg, blob);
2260         break;
2261     default:
2262         ret = TRUE;
2263     }
2264     return ret;
2265 }
2266
2267 static BOOL CDecodeMsg_Update(HCRYPTMSG hCryptMsg, const BYTE *pbData,
2268  DWORD cbData, BOOL fFinal)
2269 {
2270     CDecodeMsg *msg = hCryptMsg;
2271     BOOL ret = FALSE;
2272
2273     TRACE("(%p, %p, %d, %d)\n", hCryptMsg, pbData, cbData, fFinal);
2274
2275     if (msg->base.state == MsgStateFinalized)
2276         SetLastError(CRYPT_E_MSG_ERROR);
2277     else if (msg->base.streamed)
2278     {
2279         FIXME("(%p, %p, %d, %d): streamed update stub\n", hCryptMsg, pbData,
2280          cbData, fFinal);
2281         switch (msg->base.state)
2282         {
2283         case MsgStateInit:
2284             ret = CDecodeMsg_CopyData(&msg->msg_data, pbData, cbData);
2285             if (fFinal)
2286             {
2287                 if (msg->base.open_flags & CMSG_DETACHED_FLAG)
2288                     msg->base.state = MsgStateDataFinalized;
2289                 else
2290                     msg->base.state = MsgStateFinalized;
2291             }
2292             else
2293                 msg->base.state = MsgStateUpdated;
2294             break;
2295         case MsgStateUpdated:
2296             ret = CDecodeMsg_CopyData(&msg->msg_data, pbData, cbData);
2297             if (fFinal)
2298             {
2299                 if (msg->base.open_flags & CMSG_DETACHED_FLAG)
2300                     msg->base.state = MsgStateDataFinalized;
2301                 else
2302                     msg->base.state = MsgStateFinalized;
2303             }
2304             break;
2305         case MsgStateDataFinalized:
2306             ret = CDecodeMsg_CopyData(&msg->detached_data, pbData, cbData);
2307             if (fFinal)
2308                 msg->base.state = MsgStateFinalized;
2309             break;
2310         default:
2311             SetLastError(CRYPT_E_MSG_ERROR);
2312             break;
2313         }
2314     }
2315     else
2316     {
2317         if (!fFinal)
2318             SetLastError(CRYPT_E_MSG_ERROR);
2319         else
2320         {
2321             switch (msg->base.state)
2322             {
2323             case MsgStateInit:
2324                 ret = CDecodeMsg_CopyData(&msg->msg_data, pbData, cbData);
2325                 if (msg->base.open_flags & CMSG_DETACHED_FLAG)
2326                     msg->base.state = MsgStateDataFinalized;
2327                 else
2328                     msg->base.state = MsgStateFinalized;
2329                 break;
2330             case MsgStateDataFinalized:
2331                 ret = CDecodeMsg_CopyData(&msg->detached_data, pbData, cbData);
2332                 msg->base.state = MsgStateFinalized;
2333                 break;
2334             default:
2335                 SetLastError(CRYPT_E_MSG_ERROR);
2336             }
2337         }
2338     }
2339     if (ret && fFinal &&
2340      ((msg->base.open_flags & CMSG_DETACHED_FLAG && msg->base.state ==
2341      MsgStateDataFinalized) ||
2342      (!(msg->base.open_flags & CMSG_DETACHED_FLAG) && msg->base.state ==
2343      MsgStateFinalized)))
2344         ret = CDecodeMsg_DecodeContent(msg, &msg->msg_data, msg->type);
2345     if (ret && msg->base.state == MsgStateFinalized)
2346         ret = CDecodeMsg_FinalizeContent(msg, &msg->msg_data);
2347     return ret;
2348 }
2349
2350 static BOOL CDecodeHashMsg_GetParam(CDecodeMsg *msg, DWORD dwParamType,
2351  DWORD dwIndex, void *pvData, DWORD *pcbData)
2352 {
2353     BOOL ret = FALSE;
2354
2355     switch (dwParamType)
2356     {
2357     case CMSG_TYPE_PARAM:
2358         ret = CRYPT_CopyParam(pvData, pcbData, &msg->type, sizeof(msg->type));
2359         break;
2360     case CMSG_HASH_ALGORITHM_PARAM:
2361     {
2362         CRYPT_DATA_BLOB blob;
2363
2364         ret = ContextPropertyList_FindProperty(msg->properties, dwParamType,
2365          &blob);
2366         if (ret)
2367         {
2368             ret = CRYPT_CopyParam(pvData, pcbData, blob.pbData, blob.cbData);
2369             if (ret && pvData)
2370                 CRYPT_FixUpAlgorithmID(pvData);
2371         }
2372         else
2373             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2374         break;
2375     }
2376     case CMSG_COMPUTED_HASH_PARAM:
2377         ret = CryptGetHashParam(msg->u.hash, HP_HASHVAL, pvData, pcbData, 0);
2378         break;
2379     default:
2380     {
2381         CRYPT_DATA_BLOB blob;
2382
2383         ret = ContextPropertyList_FindProperty(msg->properties, dwParamType,
2384          &blob);
2385         if (ret)
2386             ret = CRYPT_CopyParam(pvData, pcbData, blob.pbData, blob.cbData);
2387         else
2388             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2389     }
2390     }
2391     return ret;
2392 }
2393
2394 /* nextData is an in/out parameter - on input it's the memory location in
2395  * which a copy of in's data should be made, and on output it's the memory
2396  * location immediately after out's copy of in's data.
2397  */
2398 static inline void CRYPT_CopyBlob(CRYPT_DATA_BLOB *out,
2399  const CRYPT_DATA_BLOB *in, LPBYTE *nextData)
2400 {
2401     out->cbData = in->cbData;
2402     if (in->cbData)
2403     {
2404         out->pbData = *nextData;
2405         memcpy(out->pbData, in->pbData, in->cbData);
2406         *nextData += in->cbData;
2407     }
2408 }
2409
2410 static inline void CRYPT_CopyAlgorithmId(CRYPT_ALGORITHM_IDENTIFIER *out,
2411  const CRYPT_ALGORITHM_IDENTIFIER *in, LPBYTE *nextData)
2412 {
2413     if (in->pszObjId)
2414     {
2415         out->pszObjId = (LPSTR)*nextData;
2416         strcpy(out->pszObjId, in->pszObjId);
2417         *nextData += strlen(out->pszObjId) + 1;
2418     }
2419     CRYPT_CopyBlob(&out->Parameters, &in->Parameters, nextData);
2420 }
2421
2422 static inline void CRYPT_CopyAttributes(CRYPT_ATTRIBUTES *out,
2423  const CRYPT_ATTRIBUTES *in, LPBYTE *nextData)
2424 {
2425     out->cAttr = in->cAttr;
2426     if (in->cAttr)
2427     {
2428         DWORD i;
2429
2430         *nextData = POINTER_ALIGN_DWORD_PTR(*nextData);
2431         out->rgAttr = (CRYPT_ATTRIBUTE *)*nextData;
2432         *nextData += in->cAttr * sizeof(CRYPT_ATTRIBUTE);
2433         for (i = 0; i < in->cAttr; i++)
2434         {
2435             if (in->rgAttr[i].pszObjId)
2436             {
2437                 out->rgAttr[i].pszObjId = (LPSTR)*nextData;
2438                 strcpy(out->rgAttr[i].pszObjId, in->rgAttr[i].pszObjId);
2439                 *nextData += strlen(in->rgAttr[i].pszObjId) + 1;
2440             }
2441             if (in->rgAttr[i].cValue)
2442             {
2443                 DWORD j;
2444
2445                 out->rgAttr[i].cValue = in->rgAttr[i].cValue;
2446                 *nextData = POINTER_ALIGN_DWORD_PTR(*nextData);
2447                 out->rgAttr[i].rgValue = (PCRYPT_DATA_BLOB)*nextData;
2448                 *nextData += in->rgAttr[i].cValue * sizeof(CRYPT_DATA_BLOB);
2449                 for (j = 0; j < in->rgAttr[i].cValue; j++)
2450                     CRYPT_CopyBlob(&out->rgAttr[i].rgValue[j],
2451                      &in->rgAttr[i].rgValue[j], nextData);
2452             }
2453         }
2454     }
2455 }
2456
2457 static DWORD CRYPT_SizeOfAttributes(const CRYPT_ATTRIBUTES *attr)
2458 {
2459     DWORD size = attr->cAttr * sizeof(CRYPT_ATTRIBUTE), i, j;
2460
2461     for (i = 0; i < attr->cAttr; i++)
2462     {
2463         if (attr->rgAttr[i].pszObjId)
2464             size += strlen(attr->rgAttr[i].pszObjId) + 1;
2465         /* align pointer */
2466         size = ALIGN_DWORD_PTR(size);
2467         size += attr->rgAttr[i].cValue * sizeof(CRYPT_DATA_BLOB);
2468         for (j = 0; j < attr->rgAttr[i].cValue; j++)
2469             size += attr->rgAttr[i].rgValue[j].cbData;
2470     }
2471     /* align pointer again to be conservative */
2472     size = ALIGN_DWORD_PTR(size);
2473     return size;
2474 }
2475
2476 static DWORD CRYPT_SizeOfKeyIdAsIssuerAndSerial(const CRYPT_DATA_BLOB *keyId)
2477 {
2478     static char oid_key_rdn[] = szOID_KEYID_RDN;
2479     DWORD size = 0;
2480     CERT_RDN_ATTR attr;
2481     CERT_RDN rdn = { 1, &attr };
2482     CERT_NAME_INFO name = { 1, &rdn };
2483
2484     attr.pszObjId = oid_key_rdn;
2485     attr.dwValueType = CERT_RDN_OCTET_STRING;
2486     attr.Value.cbData = keyId->cbData;
2487     attr.Value.pbData = keyId->pbData;
2488     if (CryptEncodeObject(X509_ASN_ENCODING, X509_NAME, &name, NULL, &size))
2489         size++; /* Only include size of special zero serial number on success */
2490     return size;
2491 }
2492
2493 static BOOL CRYPT_CopyKeyIdAsIssuerAndSerial(CERT_NAME_BLOB *issuer,
2494  CRYPT_INTEGER_BLOB *serialNumber, const CRYPT_DATA_BLOB *keyId, DWORD encodedLen,
2495  LPBYTE *nextData)
2496 {
2497     static char oid_key_rdn[] = szOID_KEYID_RDN;
2498     CERT_RDN_ATTR attr;
2499     CERT_RDN rdn = { 1, &attr };
2500     CERT_NAME_INFO name = { 1, &rdn };
2501     BOOL ret;
2502
2503     /* Encode special zero serial number */
2504     serialNumber->cbData = 1;
2505     serialNumber->pbData = *nextData;
2506     **nextData = 0;
2507     (*nextData)++;
2508     /* Encode issuer */
2509     issuer->pbData = *nextData;
2510     attr.pszObjId = oid_key_rdn;
2511     attr.dwValueType = CERT_RDN_OCTET_STRING;
2512     attr.Value.cbData = keyId->cbData;
2513     attr.Value.pbData = keyId->pbData;
2514     ret = CryptEncodeObject(X509_ASN_ENCODING, X509_NAME, &name, *nextData,
2515      &encodedLen);
2516     if (ret)
2517     {
2518         *nextData += encodedLen;
2519         issuer->cbData = encodedLen;
2520     }
2521     return ret;
2522 }
2523
2524 static BOOL CRYPT_CopySignerInfo(void *pvData, DWORD *pcbData,
2525  const CMSG_CMS_SIGNER_INFO *in)
2526 {
2527     DWORD size = sizeof(CMSG_SIGNER_INFO), rdnSize = 0;
2528     BOOL ret;
2529
2530     TRACE("(%p, %d, %p)\n", pvData, pvData ? *pcbData : 0, in);
2531
2532     if (in->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER)
2533     {
2534         size += in->SignerId.u.IssuerSerialNumber.Issuer.cbData;
2535         size += in->SignerId.u.IssuerSerialNumber.SerialNumber.cbData;
2536     }
2537     else
2538     {
2539         rdnSize = CRYPT_SizeOfKeyIdAsIssuerAndSerial(&in->SignerId.u.KeyId);
2540         size += rdnSize;
2541     }
2542     if (in->HashAlgorithm.pszObjId)
2543         size += strlen(in->HashAlgorithm.pszObjId) + 1;
2544     size += in->HashAlgorithm.Parameters.cbData;
2545     if (in->HashEncryptionAlgorithm.pszObjId)
2546         size += strlen(in->HashEncryptionAlgorithm.pszObjId) + 1;
2547     size += in->HashEncryptionAlgorithm.Parameters.cbData;
2548     size += in->EncryptedHash.cbData;
2549     /* align pointer */
2550     size = ALIGN_DWORD_PTR(size);
2551     size += CRYPT_SizeOfAttributes(&in->AuthAttrs);
2552     size += CRYPT_SizeOfAttributes(&in->UnauthAttrs);
2553     if (!pvData)
2554     {
2555         *pcbData = size;
2556         ret = TRUE;
2557     }
2558     else if (*pcbData < size)
2559     {
2560         *pcbData = size;
2561         SetLastError(ERROR_MORE_DATA);
2562         ret = FALSE;
2563     }
2564     else
2565     {
2566         LPBYTE nextData = (BYTE *)pvData + sizeof(CMSG_SIGNER_INFO);
2567         CMSG_SIGNER_INFO *out = pvData;
2568
2569         ret = TRUE;
2570         out->dwVersion = in->dwVersion;
2571         if (in->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER)
2572         {
2573             CRYPT_CopyBlob(&out->Issuer,
2574              &in->SignerId.u.IssuerSerialNumber.Issuer, &nextData);
2575             CRYPT_CopyBlob(&out->SerialNumber,
2576              &in->SignerId.u.IssuerSerialNumber.SerialNumber, &nextData);
2577         }
2578         else
2579             ret = CRYPT_CopyKeyIdAsIssuerAndSerial(&out->Issuer, &out->SerialNumber,
2580              &in->SignerId.u.KeyId, rdnSize, &nextData);
2581         if (ret)
2582         {
2583             CRYPT_CopyAlgorithmId(&out->HashAlgorithm, &in->HashAlgorithm,
2584              &nextData);
2585             CRYPT_CopyAlgorithmId(&out->HashEncryptionAlgorithm,
2586              &in->HashEncryptionAlgorithm, &nextData);
2587             CRYPT_CopyBlob(&out->EncryptedHash, &in->EncryptedHash, &nextData);
2588             nextData = POINTER_ALIGN_DWORD_PTR(nextData);
2589             CRYPT_CopyAttributes(&out->AuthAttrs, &in->AuthAttrs, &nextData);
2590             CRYPT_CopyAttributes(&out->UnauthAttrs, &in->UnauthAttrs, &nextData);
2591         }
2592     }
2593     TRACE("returning %d\n", ret);
2594     return ret;
2595 }
2596
2597 static BOOL CRYPT_CopyCMSSignerInfo(void *pvData, DWORD *pcbData,
2598  const CMSG_CMS_SIGNER_INFO *in)
2599 {
2600     DWORD size = sizeof(CMSG_CMS_SIGNER_INFO);
2601     BOOL ret;
2602
2603     TRACE("(%p, %d, %p)\n", pvData, pvData ? *pcbData : 0, in);
2604
2605     if (in->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER)
2606     {
2607         size += in->SignerId.u.IssuerSerialNumber.Issuer.cbData;
2608         size += in->SignerId.u.IssuerSerialNumber.SerialNumber.cbData;
2609     }
2610     else
2611         size += in->SignerId.u.KeyId.cbData;
2612     if (in->HashAlgorithm.pszObjId)
2613         size += strlen(in->HashAlgorithm.pszObjId) + 1;
2614     size += in->HashAlgorithm.Parameters.cbData;
2615     if (in->HashEncryptionAlgorithm.pszObjId)
2616         size += strlen(in->HashEncryptionAlgorithm.pszObjId) + 1;
2617     size += in->HashEncryptionAlgorithm.Parameters.cbData;
2618     size += in->EncryptedHash.cbData;
2619     /* align pointer */
2620     size = ALIGN_DWORD_PTR(size);
2621     size += CRYPT_SizeOfAttributes(&in->AuthAttrs);
2622     size += CRYPT_SizeOfAttributes(&in->UnauthAttrs);
2623     if (!pvData)
2624     {
2625         *pcbData = size;
2626         ret = TRUE;
2627     }
2628     else if (*pcbData < size)
2629     {
2630         *pcbData = size;
2631         SetLastError(ERROR_MORE_DATA);
2632         ret = FALSE;
2633     }
2634     else
2635     {
2636         LPBYTE nextData = (BYTE *)pvData + sizeof(CMSG_CMS_SIGNER_INFO);
2637         CMSG_CMS_SIGNER_INFO *out = pvData;
2638
2639         out->dwVersion = in->dwVersion;
2640         out->SignerId.dwIdChoice = in->SignerId.dwIdChoice;
2641         if (in->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER)
2642         {
2643             CRYPT_CopyBlob(&out->SignerId.u.IssuerSerialNumber.Issuer,
2644              &in->SignerId.u.IssuerSerialNumber.Issuer, &nextData);
2645             CRYPT_CopyBlob(&out->SignerId.u.IssuerSerialNumber.SerialNumber,
2646              &in->SignerId.u.IssuerSerialNumber.SerialNumber, &nextData);
2647         }
2648         else
2649             CRYPT_CopyBlob(&out->SignerId.u.KeyId, &in->SignerId.u.KeyId, &nextData);
2650         CRYPT_CopyAlgorithmId(&out->HashAlgorithm, &in->HashAlgorithm,
2651          &nextData);
2652         CRYPT_CopyAlgorithmId(&out->HashEncryptionAlgorithm,
2653          &in->HashEncryptionAlgorithm, &nextData);
2654         CRYPT_CopyBlob(&out->EncryptedHash, &in->EncryptedHash, &nextData);
2655         nextData = POINTER_ALIGN_DWORD_PTR(nextData);
2656         CRYPT_CopyAttributes(&out->AuthAttrs, &in->AuthAttrs, &nextData);
2657         CRYPT_CopyAttributes(&out->UnauthAttrs, &in->UnauthAttrs, &nextData);
2658         ret = TRUE;
2659     }
2660     TRACE("returning %d\n", ret);
2661     return ret;
2662 }
2663
2664 static BOOL CRYPT_CopySignerCertInfo(void *pvData, DWORD *pcbData,
2665  const CMSG_CMS_SIGNER_INFO *in)
2666 {
2667     DWORD size = sizeof(CERT_INFO), rdnSize = 0;
2668     BOOL ret;
2669
2670     TRACE("(%p, %d, %p)\n", pvData, pvData ? *pcbData : 0, in);
2671
2672     if (in->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER)
2673     {
2674         size += in->SignerId.u.IssuerSerialNumber.Issuer.cbData;
2675         size += in->SignerId.u.IssuerSerialNumber.SerialNumber.cbData;
2676     }
2677     else
2678     {
2679         rdnSize = CRYPT_SizeOfKeyIdAsIssuerAndSerial(&in->SignerId.u.KeyId);
2680         size += rdnSize;
2681     }
2682     if (!pvData)
2683     {
2684         *pcbData = size;
2685         ret = TRUE;
2686     }
2687     else if (*pcbData < size)
2688     {
2689         *pcbData = size;
2690         SetLastError(ERROR_MORE_DATA);
2691         ret = FALSE;
2692     }
2693     else
2694     {
2695         LPBYTE nextData = (BYTE *)pvData + sizeof(CERT_INFO);
2696         CERT_INFO *out = pvData;
2697
2698         memset(out, 0, sizeof(CERT_INFO));
2699         if (in->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER)
2700         {
2701             CRYPT_CopyBlob(&out->Issuer,
2702              &in->SignerId.u.IssuerSerialNumber.Issuer, &nextData);
2703             CRYPT_CopyBlob(&out->SerialNumber,
2704              &in->SignerId.u.IssuerSerialNumber.SerialNumber, &nextData);
2705             ret = TRUE;
2706         }
2707         else
2708             ret = CRYPT_CopyKeyIdAsIssuerAndSerial(&out->Issuer, &out->SerialNumber,
2709              &in->SignerId.u.KeyId, rdnSize, &nextData);
2710     }
2711     TRACE("returning %d\n", ret);
2712     return ret;
2713 }
2714
2715 static BOOL CDecodeSignedMsg_GetParam(CDecodeMsg *msg, DWORD dwParamType,
2716  DWORD dwIndex, void *pvData, DWORD *pcbData)
2717 {
2718     BOOL ret = FALSE;
2719
2720     switch (dwParamType)
2721     {
2722     case CMSG_TYPE_PARAM:
2723         ret = CRYPT_CopyParam(pvData, pcbData, &msg->type, sizeof(msg->type));
2724         break;
2725     case CMSG_CONTENT_PARAM:
2726         if (msg->u.signed_data.info)
2727         {
2728             if (!strcmp(msg->u.signed_data.info->content.pszObjId,
2729              szOID_RSA_data))
2730             {
2731                 CRYPT_DATA_BLOB *blob;
2732                 DWORD size;
2733
2734                 ret = CryptDecodeObjectEx(X509_ASN_ENCODING, X509_OCTET_STRING,
2735                  msg->u.signed_data.info->content.Content.pbData,
2736                  msg->u.signed_data.info->content.Content.cbData,
2737                  CRYPT_DECODE_ALLOC_FLAG, NULL, &blob, &size);
2738                 if (ret)
2739                 {
2740                     ret = CRYPT_CopyParam(pvData, pcbData, blob->pbData,
2741                      blob->cbData);
2742                     LocalFree(blob);
2743                 }
2744             }
2745             else
2746                 ret = CRYPT_CopyParam(pvData, pcbData,
2747                  msg->u.signed_data.info->content.Content.pbData,
2748                  msg->u.signed_data.info->content.Content.cbData);
2749         }
2750         else
2751             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2752         break;
2753     case CMSG_INNER_CONTENT_TYPE_PARAM:
2754         if (msg->u.signed_data.info)
2755             ret = CRYPT_CopyParam(pvData, pcbData,
2756              msg->u.signed_data.info->content.pszObjId,
2757              strlen(msg->u.signed_data.info->content.pszObjId) + 1);
2758         else
2759             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2760         break;
2761     case CMSG_SIGNER_COUNT_PARAM:
2762         if (msg->u.signed_data.info)
2763             ret = CRYPT_CopyParam(pvData, pcbData,
2764              &msg->u.signed_data.info->cSignerInfo, sizeof(DWORD));
2765         else
2766             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2767         break;
2768     case CMSG_SIGNER_INFO_PARAM:
2769         if (msg->u.signed_data.info)
2770         {
2771             if (dwIndex >= msg->u.signed_data.info->cSignerInfo)
2772                 SetLastError(CRYPT_E_INVALID_INDEX);
2773             else
2774                 ret = CRYPT_CopySignerInfo(pvData, pcbData,
2775                  &msg->u.signed_data.info->rgSignerInfo[dwIndex]);
2776         }
2777         else
2778             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2779         break;
2780     case CMSG_SIGNER_CERT_INFO_PARAM:
2781         if (msg->u.signed_data.info)
2782         {
2783             if (dwIndex >= msg->u.signed_data.info->cSignerInfo)
2784                 SetLastError(CRYPT_E_INVALID_INDEX);
2785             else
2786                 ret = CRYPT_CopySignerCertInfo(pvData, pcbData,
2787                  &msg->u.signed_data.info->rgSignerInfo[dwIndex]);
2788         }
2789         else
2790             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2791         break;
2792     case CMSG_CERT_COUNT_PARAM:
2793         if (msg->u.signed_data.info)
2794             ret = CRYPT_CopyParam(pvData, pcbData,
2795              &msg->u.signed_data.info->cCertEncoded, sizeof(DWORD));
2796         else
2797             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2798         break;
2799     case CMSG_CERT_PARAM:
2800         if (msg->u.signed_data.info)
2801         {
2802             if (dwIndex >= msg->u.signed_data.info->cCertEncoded)
2803                 SetLastError(CRYPT_E_INVALID_INDEX);
2804             else
2805                 ret = CRYPT_CopyParam(pvData, pcbData,
2806                  msg->u.signed_data.info->rgCertEncoded[dwIndex].pbData,
2807                  msg->u.signed_data.info->rgCertEncoded[dwIndex].cbData);
2808         }
2809         else
2810             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2811         break;
2812     case CMSG_CRL_COUNT_PARAM:
2813         if (msg->u.signed_data.info)
2814             ret = CRYPT_CopyParam(pvData, pcbData,
2815              &msg->u.signed_data.info->cCrlEncoded, sizeof(DWORD));
2816         else
2817             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2818         break;
2819     case CMSG_CRL_PARAM:
2820         if (msg->u.signed_data.info)
2821         {
2822             if (dwIndex >= msg->u.signed_data.info->cCrlEncoded)
2823                 SetLastError(CRYPT_E_INVALID_INDEX);
2824             else
2825                 ret = CRYPT_CopyParam(pvData, pcbData,
2826                  msg->u.signed_data.info->rgCrlEncoded[dwIndex].pbData,
2827                  msg->u.signed_data.info->rgCrlEncoded[dwIndex].cbData);
2828         }
2829         else
2830             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2831         break;
2832     case CMSG_COMPUTED_HASH_PARAM:
2833         if (msg->u.signed_data.info)
2834         {
2835             if (dwIndex >= msg->u.signed_data.cSignerHandle)
2836                 SetLastError(CRYPT_E_INVALID_INDEX);
2837             else
2838                 ret = CryptGetHashParam(
2839                  msg->u.signed_data.signerHandles[dwIndex].contentHash,
2840                  HP_HASHVAL, pvData, pcbData, 0);
2841         }
2842         else
2843             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2844         break;
2845     case CMSG_ENCODED_SIGNER:
2846         if (msg->u.signed_data.info)
2847         {
2848             if (dwIndex >= msg->u.signed_data.info->cSignerInfo)
2849                 SetLastError(CRYPT_E_INVALID_INDEX);
2850             else
2851                 ret = CryptEncodeObjectEx(
2852                  X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, CMS_SIGNER_INFO,
2853                  &msg->u.signed_data.info->rgSignerInfo[dwIndex], 0, NULL,
2854                  pvData, pcbData);
2855         }
2856         else
2857             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2858         break;
2859     case CMSG_ATTR_CERT_COUNT_PARAM:
2860         if (msg->u.signed_data.info)
2861         {
2862             DWORD attrCertCount = 0;
2863
2864             ret = CRYPT_CopyParam(pvData, pcbData,
2865              &attrCertCount, sizeof(DWORD));
2866         }
2867         else
2868             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2869         break;
2870     case CMSG_ATTR_CERT_PARAM:
2871         if (msg->u.signed_data.info)
2872             SetLastError(CRYPT_E_INVALID_INDEX);
2873         else
2874             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2875         break;
2876     case CMSG_CMS_SIGNER_INFO_PARAM:
2877         if (msg->u.signed_data.info)
2878         {
2879             if (dwIndex >= msg->u.signed_data.info->cSignerInfo)
2880                 SetLastError(CRYPT_E_INVALID_INDEX);
2881             else
2882                 ret = CRYPT_CopyCMSSignerInfo(pvData, pcbData,
2883                  &msg->u.signed_data.info->rgSignerInfo[dwIndex]);
2884         }
2885         else
2886             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2887         break;
2888     default:
2889         FIXME("unimplemented for %d\n", dwParamType);
2890         SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2891     }
2892     return ret;
2893 }
2894
2895 static BOOL CDecodeMsg_GetParam(HCRYPTMSG hCryptMsg, DWORD dwParamType,
2896  DWORD dwIndex, void *pvData, DWORD *pcbData)
2897 {
2898     CDecodeMsg *msg = hCryptMsg;
2899     BOOL ret = FALSE;
2900
2901     switch (msg->type)
2902     {
2903     case CMSG_HASHED:
2904         ret = CDecodeHashMsg_GetParam(msg, dwParamType, dwIndex, pvData,
2905          pcbData);
2906         break;
2907     case CMSG_SIGNED:
2908         ret = CDecodeSignedMsg_GetParam(msg, dwParamType, dwIndex, pvData,
2909          pcbData);
2910         break;
2911     default:
2912         switch (dwParamType)
2913         {
2914         case CMSG_TYPE_PARAM:
2915             ret = CRYPT_CopyParam(pvData, pcbData, &msg->type,
2916              sizeof(msg->type));
2917             break;
2918         default:
2919         {
2920             CRYPT_DATA_BLOB blob;
2921
2922             ret = ContextPropertyList_FindProperty(msg->properties, dwParamType,
2923              &blob);
2924             if (ret)
2925                 ret = CRYPT_CopyParam(pvData, pcbData, blob.pbData,
2926                  blob.cbData);
2927             else
2928                 SetLastError(CRYPT_E_INVALID_MSG_TYPE);
2929         }
2930         }
2931     }
2932     return ret;
2933 }
2934
2935 static BOOL CDecodeHashMsg_VerifyHash(CDecodeMsg *msg)
2936 {
2937     BOOL ret;
2938     CRYPT_DATA_BLOB hashBlob;
2939
2940     ret = ContextPropertyList_FindProperty(msg->properties,
2941      CMSG_HASH_DATA_PARAM, &hashBlob);
2942     if (ret)
2943     {
2944         DWORD computedHashSize = 0;
2945
2946         ret = CDecodeHashMsg_GetParam(msg, CMSG_COMPUTED_HASH_PARAM, 0, NULL,
2947          &computedHashSize);
2948         if (hashBlob.cbData == computedHashSize)
2949         {
2950             LPBYTE computedHash = CryptMemAlloc(computedHashSize);
2951
2952             if (computedHash)
2953             {
2954                 ret = CDecodeHashMsg_GetParam(msg, CMSG_COMPUTED_HASH_PARAM, 0,
2955                  computedHash, &computedHashSize);
2956                 if (ret)
2957                 {
2958                     if (memcmp(hashBlob.pbData, computedHash, hashBlob.cbData))
2959                     {
2960                         SetLastError(CRYPT_E_HASH_VALUE);
2961                         ret = FALSE;
2962                     }
2963                 }
2964                 CryptMemFree(computedHash);
2965             }
2966             else
2967             {
2968                 SetLastError(ERROR_OUTOFMEMORY);
2969                 ret = FALSE;
2970             }
2971         }
2972         else
2973         {
2974             SetLastError(CRYPT_E_HASH_VALUE);
2975             ret = FALSE;
2976         }
2977     }
2978     return ret;
2979 }
2980
2981 static BOOL CDecodeSignedMsg_VerifySignatureWithKey(CDecodeMsg *msg,
2982  HCRYPTPROV prov, DWORD signerIndex, PCERT_PUBLIC_KEY_INFO keyInfo)
2983 {
2984     HCRYPTKEY key;
2985     BOOL ret;
2986
2987     if (!prov)
2988         prov = msg->crypt_prov;
2989     ret = CryptImportPublicKeyInfo(prov, X509_ASN_ENCODING, keyInfo, &key);
2990     if (ret)
2991     {
2992         HCRYPTHASH hash;
2993         CRYPT_HASH_BLOB reversedHash;
2994
2995         if (msg->u.signed_data.info->rgSignerInfo[signerIndex].AuthAttrs.cAttr)
2996             hash = msg->u.signed_data.signerHandles[signerIndex].authAttrHash;
2997         else
2998             hash = msg->u.signed_data.signerHandles[signerIndex].contentHash;
2999         ret = CRYPT_ConstructBlob(&reversedHash,
3000          &msg->u.signed_data.info->rgSignerInfo[signerIndex].EncryptedHash);
3001         if (ret)
3002         {
3003             CRYPT_ReverseBytes(&reversedHash);
3004             ret = CryptVerifySignatureW(hash, reversedHash.pbData,
3005              reversedHash.cbData, key, NULL, 0);
3006             CryptMemFree(reversedHash.pbData);
3007         }
3008         CryptDestroyKey(key);
3009     }
3010     return ret;
3011 }
3012
3013 static BOOL CDecodeSignedMsg_VerifySignature(CDecodeMsg *msg, PCERT_INFO info)
3014 {
3015     BOOL ret = FALSE;
3016     DWORD i;
3017
3018     if (!msg->u.signed_data.signerHandles)
3019     {
3020         SetLastError(NTE_BAD_SIGNATURE);
3021         return FALSE;
3022     }
3023     for (i = 0; !ret && i < msg->u.signed_data.info->cSignerInfo; i++)
3024     {
3025         PCMSG_CMS_SIGNER_INFO signerInfo =
3026          &msg->u.signed_data.info->rgSignerInfo[i];
3027
3028         if (signerInfo->SignerId.dwIdChoice == CERT_ID_ISSUER_SERIAL_NUMBER)
3029         {
3030             ret = CertCompareCertificateName(X509_ASN_ENCODING,
3031              &signerInfo->SignerId.u.IssuerSerialNumber.Issuer,
3032              &info->Issuer);
3033             if (ret)
3034             {
3035                 ret = CertCompareIntegerBlob(
3036                  &signerInfo->SignerId.u.IssuerSerialNumber.SerialNumber,
3037                  &info->SerialNumber);
3038                 if (ret)
3039                     break;
3040             }
3041         }
3042         else
3043         {
3044             FIXME("signer %d: unimplemented for key id\n", i);
3045         }
3046     }
3047     if (ret)
3048         ret = CDecodeSignedMsg_VerifySignatureWithKey(msg, 0, i,
3049          &info->SubjectPublicKeyInfo);
3050     else
3051         SetLastError(CRYPT_E_SIGNER_NOT_FOUND);
3052
3053     return ret;
3054 }
3055
3056 static BOOL CDecodeSignedMsg_VerifySignatureEx(CDecodeMsg *msg,
3057  PCMSG_CTRL_VERIFY_SIGNATURE_EX_PARA para)
3058 {
3059     BOOL ret = FALSE;
3060
3061     if (para->cbSize != sizeof(CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA))
3062         SetLastError(ERROR_INVALID_PARAMETER);
3063     else if (para->dwSignerIndex >= msg->u.signed_data.info->cSignerInfo)
3064         SetLastError(CRYPT_E_SIGNER_NOT_FOUND);
3065     else if (!msg->u.signed_data.signerHandles)
3066         SetLastError(NTE_BAD_SIGNATURE);
3067     else
3068     {
3069         switch (para->dwSignerType)
3070         {
3071         case CMSG_VERIFY_SIGNER_PUBKEY:
3072             ret = CDecodeSignedMsg_VerifySignatureWithKey(msg,
3073              para->hCryptProv, para->dwSignerIndex, para->pvSigner);
3074             break;
3075         case CMSG_VERIFY_SIGNER_CERT:
3076         {
3077             PCCERT_CONTEXT cert = para->pvSigner;
3078
3079             ret = CDecodeSignedMsg_VerifySignatureWithKey(msg, para->hCryptProv,
3080              para->dwSignerIndex, &cert->pCertInfo->SubjectPublicKeyInfo);
3081             break;
3082         }
3083         default:
3084             FIXME("unimplemented for signer type %d\n", para->dwSignerType);
3085             SetLastError(CRYPT_E_SIGNER_NOT_FOUND);
3086         }
3087     }
3088     return ret;
3089 }
3090
3091 static BOOL CDecodeMsg_Control(HCRYPTMSG hCryptMsg, DWORD dwFlags,
3092  DWORD dwCtrlType, const void *pvCtrlPara)
3093 {
3094     CDecodeMsg *msg = hCryptMsg;
3095     BOOL ret = FALSE;
3096
3097     switch (dwCtrlType)
3098     {
3099     case CMSG_CTRL_VERIFY_SIGNATURE:
3100         switch (msg->type)
3101         {
3102         case CMSG_SIGNED:
3103             ret = CDecodeSignedMsg_VerifySignature(msg, (PCERT_INFO)pvCtrlPara);
3104             break;
3105         default:
3106             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
3107         }
3108         break;
3109     case CMSG_CTRL_DECRYPT:
3110         switch (msg->type)
3111         {
3112         default:
3113             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
3114         }
3115         break;
3116     case CMSG_CTRL_VERIFY_HASH:
3117         switch (msg->type)
3118         {
3119         case CMSG_HASHED:
3120             ret = CDecodeHashMsg_VerifyHash(msg);
3121             break;
3122         default:
3123             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
3124         }
3125         break;
3126     case CMSG_CTRL_VERIFY_SIGNATURE_EX:
3127         switch (msg->type)
3128         {
3129         case CMSG_SIGNED:
3130             ret = CDecodeSignedMsg_VerifySignatureEx(msg,
3131              (PCMSG_CTRL_VERIFY_SIGNATURE_EX_PARA)pvCtrlPara);
3132             break;
3133         default:
3134             SetLastError(CRYPT_E_INVALID_MSG_TYPE);
3135         }
3136         break;
3137     default:
3138         SetLastError(CRYPT_E_CONTROL_TYPE);
3139     }
3140     return ret;
3141 }
3142
3143 HCRYPTMSG WINAPI CryptMsgOpenToDecode(DWORD dwMsgEncodingType, DWORD dwFlags,
3144  DWORD dwMsgType, HCRYPTPROV_LEGACY hCryptProv, PCERT_INFO pRecipientInfo,
3145  PCMSG_STREAM_INFO pStreamInfo)
3146 {
3147     CDecodeMsg *msg;
3148
3149     TRACE("(%08x, %08x, %08x, %08lx, %p, %p)\n", dwMsgEncodingType,
3150      dwFlags, dwMsgType, hCryptProv, pRecipientInfo, pStreamInfo);
3151
3152     if (GET_CMSG_ENCODING_TYPE(dwMsgEncodingType) != PKCS_7_ASN_ENCODING)
3153     {
3154         SetLastError(E_INVALIDARG);
3155         return NULL;
3156     }
3157     msg = CryptMemAlloc(sizeof(CDecodeMsg));
3158     if (msg)
3159     {
3160         CryptMsgBase_Init((CryptMsgBase *)msg, dwFlags, pStreamInfo,
3161          CDecodeMsg_Close, CDecodeMsg_GetParam, CDecodeMsg_Update,
3162          CDecodeMsg_Control);
3163         msg->type = dwMsgType;
3164         if (hCryptProv)
3165             msg->crypt_prov = hCryptProv;
3166         else
3167         {
3168             msg->crypt_prov = CRYPT_GetDefaultProvider();
3169             msg->base.open_flags &= ~CMSG_CRYPT_RELEASE_CONTEXT_FLAG;
3170         }
3171         memset(&msg->u, 0, sizeof(msg->u));
3172         msg->msg_data.cbData = 0;
3173         msg->msg_data.pbData = NULL;
3174         msg->detached_data.cbData = 0;
3175         msg->detached_data.pbData = NULL;
3176         msg->properties = ContextPropertyList_Create();
3177     }
3178     return msg;
3179 }
3180
3181 HCRYPTMSG WINAPI CryptMsgDuplicate(HCRYPTMSG hCryptMsg)
3182 {
3183     TRACE("(%p)\n", hCryptMsg);
3184
3185     if (hCryptMsg)
3186     {
3187         CryptMsgBase *msg = hCryptMsg;
3188
3189         InterlockedIncrement(&msg->ref);
3190     }
3191     return hCryptMsg;
3192 }
3193
3194 BOOL WINAPI CryptMsgClose(HCRYPTMSG hCryptMsg)
3195 {
3196     TRACE("(%p)\n", hCryptMsg);
3197
3198     if (hCryptMsg)
3199     {
3200         CryptMsgBase *msg = hCryptMsg;
3201
3202         if (InterlockedDecrement(&msg->ref) == 0)
3203         {
3204             TRACE("freeing %p\n", msg);
3205             if (msg->close)
3206                 msg->close(msg);
3207             CryptMemFree(msg);
3208         }
3209     }
3210     return TRUE;
3211 }
3212
3213 BOOL WINAPI CryptMsgUpdate(HCRYPTMSG hCryptMsg, const BYTE *pbData,
3214  DWORD cbData, BOOL fFinal)
3215 {
3216     CryptMsgBase *msg = hCryptMsg;
3217
3218     TRACE("(%p, %p, %d, %d)\n", hCryptMsg, pbData, cbData, fFinal);
3219
3220     return msg->update(hCryptMsg, pbData, cbData, fFinal);
3221 }
3222
3223 BOOL WINAPI CryptMsgGetParam(HCRYPTMSG hCryptMsg, DWORD dwParamType,
3224  DWORD dwIndex, void *pvData, DWORD *pcbData)
3225 {
3226     CryptMsgBase *msg = hCryptMsg;
3227
3228     TRACE("(%p, %d, %d, %p, %p)\n", hCryptMsg, dwParamType, dwIndex,
3229      pvData, pcbData);
3230     return msg->get_param(hCryptMsg, dwParamType, dwIndex, pvData, pcbData);
3231 }
3232
3233 BOOL WINAPI CryptMsgControl(HCRYPTMSG hCryptMsg, DWORD dwFlags,
3234  DWORD dwCtrlType, const void *pvCtrlPara)
3235 {
3236     CryptMsgBase *msg = hCryptMsg;
3237
3238     TRACE("(%p, %08x, %d, %p)\n", hCryptMsg, dwFlags, dwCtrlType,
3239      pvCtrlPara);
3240     return msg->control(hCryptMsg, dwFlags, dwCtrlType, pvCtrlPara);
3241 }
3242
3243 static CERT_INFO *CRYPT_GetSignerCertInfoFromMsg(HCRYPTMSG msg,
3244  DWORD dwSignerIndex)
3245 {
3246     CERT_INFO *certInfo = NULL;
3247     DWORD size;
3248
3249     if (CryptMsgGetParam(msg, CMSG_SIGNER_CERT_INFO_PARAM, dwSignerIndex, NULL,
3250      &size))
3251     {
3252         certInfo = CryptMemAlloc(size);
3253         if (certInfo)
3254         {
3255             if (!CryptMsgGetParam(msg, CMSG_SIGNER_CERT_INFO_PARAM,
3256              dwSignerIndex, certInfo, &size))
3257             {
3258                 CryptMemFree(certInfo);
3259                 certInfo = NULL;
3260             }
3261         }
3262     }
3263     return certInfo;
3264 }
3265
3266 BOOL WINAPI CryptMsgGetAndVerifySigner(HCRYPTMSG hCryptMsg, DWORD cSignerStore,
3267  HCERTSTORE *rghSignerStore, DWORD dwFlags, PCCERT_CONTEXT *ppSigner,
3268  DWORD *pdwSignerIndex)
3269 {
3270     HCERTSTORE store;
3271     DWORD i, signerIndex = 0;
3272     PCCERT_CONTEXT signerCert = NULL;
3273     BOOL ret = FALSE;
3274
3275     TRACE("(%p, %d, %p, %08x, %p, %p)\n", hCryptMsg, cSignerStore,
3276      rghSignerStore, dwFlags, ppSigner, pdwSignerIndex);
3277
3278     /* Clear output parameters */
3279     if (ppSigner)
3280         *ppSigner = NULL;
3281     if (pdwSignerIndex && !(dwFlags & CMSG_USE_SIGNER_INDEX_FLAG))
3282         *pdwSignerIndex = 0;
3283
3284     /* Create store to search for signer certificates */
3285     store = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0,
3286      CERT_STORE_CREATE_NEW_FLAG, NULL);
3287     if (!(dwFlags & CMSG_TRUSTED_SIGNER_FLAG))
3288     {
3289         HCERTSTORE msgStore = CertOpenStore(CERT_STORE_PROV_MSG, 0, 0, 0,
3290          hCryptMsg);
3291
3292         CertAddStoreToCollection(store, msgStore, 0, 0);
3293         CertCloseStore(msgStore, 0);
3294     }
3295     for (i = 0; i < cSignerStore; i++)
3296         CertAddStoreToCollection(store, rghSignerStore[i], 0, 0);
3297
3298     /* Find signer cert */
3299     if (dwFlags & CMSG_USE_SIGNER_INDEX_FLAG)
3300     {
3301         CERT_INFO *signer = CRYPT_GetSignerCertInfoFromMsg(hCryptMsg,
3302          *pdwSignerIndex);
3303
3304         if (signer)
3305         {
3306             signerIndex = *pdwSignerIndex;
3307             signerCert = CertFindCertificateInStore(store, X509_ASN_ENCODING,
3308              0, CERT_FIND_SUBJECT_CERT, signer, NULL);
3309             CryptMemFree(signer);
3310         }
3311     }
3312     else
3313     {
3314         DWORD count, size = sizeof(count);
3315
3316         if (CryptMsgGetParam(hCryptMsg, CMSG_SIGNER_COUNT_PARAM, 0, &count,
3317          &size))
3318         {
3319             for (i = 0; !signerCert && i < count; i++)
3320             {
3321                 CERT_INFO *signer = CRYPT_GetSignerCertInfoFromMsg(hCryptMsg,
3322                  i);
3323
3324                 if (signer)
3325                 {
3326                     signerCert = CertFindCertificateInStore(store,
3327                      X509_ASN_ENCODING, 0, CERT_FIND_SUBJECT_CERT, signer,
3328                      NULL);
3329                     if (signerCert)
3330                         signerIndex = i;
3331                     CryptMemFree(signer);
3332                 }
3333             }
3334         }
3335         if (!signerCert)
3336             SetLastError(CRYPT_E_NO_TRUSTED_SIGNER);
3337     }
3338     if (signerCert)
3339     {
3340         if (!(dwFlags & CMSG_SIGNER_ONLY_FLAG))
3341             ret = CryptMsgControl(hCryptMsg, 0, CMSG_CTRL_VERIFY_SIGNATURE,
3342              signerCert->pCertInfo);
3343         else
3344             ret = TRUE;
3345         if (ret)
3346         {
3347             if (ppSigner)
3348                 *ppSigner = CertDuplicateCertificateContext(signerCert);
3349             if (pdwSignerIndex)
3350                 *pdwSignerIndex = signerIndex;
3351         }
3352         CertFreeCertificateContext(signerCert);
3353     }
3354
3355     CertCloseStore(store, 0);
3356     return ret;
3357 }
3358
3359 BOOL WINAPI CryptMsgVerifyCountersignatureEncodedEx(HCRYPTPROV_LEGACY hCryptProv,
3360  DWORD dwEncodingType, PBYTE pbSignerInfo, DWORD cbSignerInfo,
3361  PBYTE pbSignerInfoCountersignature, DWORD cbSignerInfoCountersignature,
3362  DWORD dwSignerType, void *pvSigner, DWORD dwFlags, void *pvReserved)
3363 {
3364     FIXME("(%08lx, %08x, %p, %d, %p, %d, %d, %p, %08x, %p): stub\n", hCryptProv,
3365      dwEncodingType, pbSignerInfo, cbSignerInfo, pbSignerInfoCountersignature,
3366      cbSignerInfoCountersignature, dwSignerType, pvSigner, dwFlags, pvReserved);
3367     return FALSE;
3368 }
3369
3370 BOOL WINAPI CryptMsgEncodeAndSignCTL(DWORD dwMsgEncodingType,
3371  PCTL_INFO pCtlInfo, PCMSG_SIGNED_ENCODE_INFO pSignInfo, DWORD dwFlags,
3372  BYTE *pbEncoded, DWORD *pcbEncoded)
3373 {
3374     BOOL ret;
3375     BYTE *pbCtlContent;
3376     DWORD cbCtlContent;
3377
3378     TRACE("(%08x, %p, %p, %08x, %p, %p)\n", dwMsgEncodingType, pCtlInfo,
3379      pSignInfo, dwFlags, pbEncoded, pcbEncoded);
3380
3381     if (dwFlags)
3382     {
3383         FIXME("unimplemented for flags %08x\n", dwFlags);
3384         return FALSE;
3385     }
3386     if ((ret = CryptEncodeObjectEx(dwMsgEncodingType, PKCS_CTL, pCtlInfo,
3387      CRYPT_ENCODE_ALLOC_FLAG, NULL, &pbCtlContent, &cbCtlContent)))
3388     {
3389         ret = CryptMsgSignCTL(dwMsgEncodingType, pbCtlContent, cbCtlContent,
3390          pSignInfo, dwFlags, pbEncoded, pcbEncoded);
3391         LocalFree(pbCtlContent);
3392     }
3393     return ret;
3394 }
3395
3396 BOOL WINAPI CryptMsgSignCTL(DWORD dwMsgEncodingType, BYTE *pbCtlContent,
3397  DWORD cbCtlContent, PCMSG_SIGNED_ENCODE_INFO pSignInfo, DWORD dwFlags,
3398  BYTE *pbEncoded, DWORD *pcbEncoded)
3399 {
3400     static char oid_ctl[] = szOID_CTL;
3401     BOOL ret;
3402     HCRYPTMSG msg;
3403
3404     TRACE("(%08x, %p, %d, %p, %08x, %p, %p)\n", dwMsgEncodingType,
3405      pbCtlContent, cbCtlContent, pSignInfo, dwFlags, pbEncoded, pcbEncoded);
3406
3407     if (dwFlags)
3408     {
3409         FIXME("unimplemented for flags %08x\n", dwFlags);
3410         return FALSE;
3411     }
3412     msg = CryptMsgOpenToEncode(dwMsgEncodingType, 0, CMSG_SIGNED, pSignInfo,
3413      oid_ctl, NULL);
3414     if (msg)
3415     {
3416         ret = CryptMsgUpdate(msg, pbCtlContent, cbCtlContent, TRUE);
3417         if (ret)
3418             ret = CryptMsgGetParam(msg, CMSG_CONTENT_PARAM, 0, pbEncoded,
3419              pcbEncoded);
3420         CryptMsgClose(msg);
3421     }
3422     else
3423         ret = FALSE;
3424     return ret;
3425 }