Add ability to skip a local path candidate if it failed verification.

Fixes 6818
author: Sean Hall <r.sean.hall@gmail.com> 2022-08-03 14:55:23 -0500
committer: Sean Hall <r.sean.hall@gmail.com> 2022-08-03 15:57:24 -0500
commit: 124fef398a26bc8e139e889a2345602d2478590c (patch)
tree: 002c77e0c1d72b0cc0e46bed3c6f02d4179625fe /src/burn/engine/cache.cpp
parent: a896fec453056aa5e1ad803b04a672d2dceda981 (diff)
download: wix-124fef398a26bc8e139e889a2345602d2478590c.tar.gz
wix-124fef398a26bc8e139e889a2345602d2478590c.tar.bz2
wix-124fef398a26bc8e139e889a2345602d2478590c.zip
1 files changed, 63 insertions, 7 deletions
diff --git a/src/burn/engine/cache.cpp b/src/burn/engine/cache.cpp
index eb5cc508..a23ce9ed 100644
--- a/src/burn/engine/cache.cpp
+++ b/src/burn/engine/cache.cpp
@@ -12,7 +12,11 @@ static const DWORD FILE_OPERATION_RETRY_WAIT = 2000;
 static HRESULT CacheVerifyPayloadSignature(
    __in BURN_PAYLOAD* pPayload,
    __in_z LPCWSTR wzUnverifiedPayloadPath,
-    __in HANDLE hFile
+    __in HANDLE hFile,
+    __in BURN_CACHE_STEP cacheStep,
+    __in PFN_BURNCACHEMESSAGEHANDLER pfnCacheMessageHandler,
+    __in LPPROGRESS_ROUTINE pfnProgress,
+    __in LPVOID pContext
    );
 static HRESULT CalculatePotentialBaseWorkingFolders(
    __in BURN_CACHE* pCache,
@@ -159,7 +163,11 @@ static HRESULT SendCacheCompleteMessage(
    __in LPVOID pContext,
    __in HRESULT hrStatus
    );
+static HRESULT SendCacheFailureMessage(
+    __in PFN_BURNCACHEMESSAGEHANDLER pfnCacheMessageHandler,
+    __in LPVOID pContext,
+    __in BURN_CACHE_STEP cacheStep
+    );
 extern "C" HRESULT CacheInitialize(
    __in BURN_CACHE* pCache,
@@ -1254,11 +1262,16 @@ LExit:
 static HRESULT CacheVerifyPayloadSignature(
    __in BURN_PAYLOAD* pPayload,
    __in_z LPCWSTR wzUnverifiedPayloadPath,
-    __in HANDLE hFile
+    __in HANDLE hFile,
+    __in BURN_CACHE_STEP cacheStep,
+    __in PFN_BURNCACHEMESSAGEHANDLER pfnCacheMessageHandler,
+    __in LPPROGRESS_ROUTINE /*pfnProgress*/,
+    __in LPVOID pContext
    )
 {
    HRESULT hr = S_OK;
    LONG er = ERROR_SUCCESS;
+    BOOL fFailedVerification = FALSE;
    GUID guidAuthenticode = WINTRUST_ACTION_GENERIC_VERIFY_V2;
    WINTRUST_FILE_INFO wfi = { };
@@ -1266,6 +1279,11 @@ static HRESULT CacheVerifyPayloadSignature(
    CRYPT_PROVIDER_DATA* pProviderData = NULL;
    CRYPT_PROVIDER_SGNR* pSigner = NULL;
+    hr = SendCacheBeginMessage(pfnCacheMessageHandler, pContext, cacheStep);
+    ExitOnFailure(hr, "Aborted cache verify payload signature begin.");
+    fFailedVerification = TRUE;
    // Verify the payload assuming online.
    wfi.cbStruct = sizeof(wfi);
    wfi.pcwszFilePath = wzUnverifiedPayloadPath;
@@ -1297,7 +1315,19 @@ static HRESULT CacheVerifyPayloadSignature(
    hr = VerifyPayloadAgainstCertChain(pPayload, pSigner->pChainContext);
    ExitOnFailure(hr, "Failed to verify expected payload against actual certificate chain.");
+    fFailedVerification = FALSE;
+    hr = SendCacheSuccessMessage(pfnCacheMessageHandler, pContext, pPayload->qwFileSize);
 LExit:
+    if (fFailedVerification)
+    {
+        // Make sure the BA process marks this payload as having failed verification.
+        SendCacheFailureMessage(pfnCacheMessageHandler, pContext, cacheStep);
+    }
+    SendCacheCompleteMessage(pfnCacheMessageHandler, pContext, hr);
    return hr;
 }
@@ -1744,7 +1774,7 @@ static HRESULT VerifyThenTransferPayload(
    switch (pPayload->verification)
    {
    case BURN_PAYLOAD_VERIFICATION_AUTHENTICODE:
-        hr = CacheVerifyPayloadSignature(pPayload, wzUnverifiedPayloadPath, hFile);
+        hr = CacheVerifyPayloadSignature(pPayload, wzUnverifiedPayloadPath, hFile, BURN_CACHE_STEP_HASH, pfnCacheMessageHandler, pfnProgress, pContext);
        ExitOnFailure(hr, "Failed to verify payload signature: %ls", wzCachedPath);
        break;
    case BURN_PAYLOAD_VERIFICATION_HASH:
@@ -1890,7 +1920,7 @@ static HRESULT VerifyFileAgainstPayload(
    switch (pPayload->verification)
    {
    case BURN_PAYLOAD_VERIFICATION_AUTHENTICODE:
-        hr = CacheVerifyPayloadSignature(pPayload, wzVerifyPath, hFile);
+        hr = CacheVerifyPayloadSignature(pPayload, wzVerifyPath, hFile, cacheStep, pfnCacheMessageHandler, pfnProgress, pContext);
        ExitOnFailure(hr, "Failed to verify signature of payload: %ls", pPayload->sczKey);
        break;
    case BURN_PAYLOAD_VERIFICATION_HASH:
@@ -2285,17 +2315,18 @@ static HRESULT VerifyHash(
    __in LPVOID pContext
    )
 {
-    UNREFERENCED_PARAMETER(wzUnverifiedPayloadPath);
    HRESULT hr = S_OK;
    BYTE rgbActualHash[SHA512_HASH_LEN] = { };
    DWORD64 qwHashedBytes = 0;
    LPWSTR pszExpected = NULL;
    LPWSTR pszActual = NULL;
+    BOOL fFailedVerification = FALSE;
    hr = SendCacheBeginMessage(pfnCacheMessageHandler, pContext, cacheStep);
    ExitOnFailure(hr, "Aborted cache verify hash begin.");
+    fFailedVerification = TRUE;
    if (fVerifyFileSize)
    {
        hr = VerifyFileSize(hFile, qwFileSize, wzUnverifiedPayloadPath);
@@ -2323,9 +2354,17 @@ static HRESULT VerifyHash(
        }
    }
+    fFailedVerification = FALSE;
    hr = SendCacheSuccessMessage(pfnCacheMessageHandler, pContext, qwFileSize);
 LExit:
+    if (fFailedVerification)
+    {
+        // Make sure the BA process marks this container or payload as having failed verification.
+        SendCacheFailureMessage(pfnCacheMessageHandler, pContext, cacheStep);
+    }
    SendCacheCompleteMessage(pfnCacheMessageHandler, pContext, hr);
    ReleaseStr(pszActual);
@@ -2448,3 +2487,20 @@ static HRESULT SendCacheCompleteMessage(
    return hr;
 }
+static HRESULT SendCacheFailureMessage(
+    __in PFN_BURNCACHEMESSAGEHANDLER pfnCacheMessageHandler,
+    __in LPVOID pContext,
+    __in BURN_CACHE_STEP cacheStep
+    )
+{
+    HRESULT hr = S_OK;
+    BURN_CACHE_MESSAGE message = { };
+    message.type = BURN_CACHE_MESSAGE_FAILURE;
+    message.failure.cacheStep = cacheStep;
+    hr = pfnCacheMessageHandler(&message, pContext);
+    return hr;
+}
author	Sean Hall <r.sean.hall@gmail.com>	2022-08-03 14:55:23 -0500
committer	Sean Hall <r.sean.hall@gmail.com>	2022-08-03 15:57:24 -0500
commit	124fef398a26bc8e139e889a2345602d2478590c (patch)
tree	002c77e0c1d72b0cc0e46bed3c6f02d4179625fe /src/burn/engine/cache.cpp
parent	a896fec453056aa5e1ad803b04a672d2dceda981 (diff)
download	wix-124fef398a26bc8e139e889a2345602d2478590c.tar.gz wix-124fef398a26bc8e139e889a2345602d2478590c.tar.bz2 wix-124fef398a26bc8e139e889a2345602d2478590c.zip

diff --git a/src/burn/engine/cache.cpp b/src/burn/engine/cache.cpp index eb5cc508..a23ce9ed 100644 --- a/src/burn/engine/cache.cpp +++ b/src/burn/engine/cache.cpp
@@ -12,7 +12,11 @@ static const DWORD FILE_OPERATION_RETRY_WAIT = 2000;
12	static HRESULT CacheVerifyPayloadSignature(	12	static HRESULT CacheVerifyPayloadSignature(
13	__in BURN_PAYLOAD* pPayload,	13	__in BURN_PAYLOAD* pPayload,
14	__in_z LPCWSTR wzUnverifiedPayloadPath,	14	__in_z LPCWSTR wzUnverifiedPayloadPath,
15	__in HANDLE hFile	15	__in HANDLE hFile,
		16	__in BURN_CACHE_STEP cacheStep,
		17	__in PFN_BURNCACHEMESSAGEHANDLER pfnCacheMessageHandler,
		18	__in LPPROGRESS_ROUTINE pfnProgress,
		19	__in LPVOID pContext
16	);	20	);
17	static HRESULT CalculatePotentialBaseWorkingFolders(	21	static HRESULT CalculatePotentialBaseWorkingFolders(
18	__in BURN_CACHE* pCache,	22	__in BURN_CACHE* pCache,
@@ -159,7 +163,11 @@ static HRESULT SendCacheCompleteMessage(
159	__in LPVOID pContext,	163	__in LPVOID pContext,
160	__in HRESULT hrStatus	164	__in HRESULT hrStatus
161	);	165	);
162		166	static HRESULT SendCacheFailureMessage(
		167	__in PFN_BURNCACHEMESSAGEHANDLER pfnCacheMessageHandler,
		168	__in LPVOID pContext,
		169	__in BURN_CACHE_STEP cacheStep
		170	);
163		171
164	extern "C" HRESULT CacheInitialize(	172	extern "C" HRESULT CacheInitialize(
165	__in BURN_CACHE* pCache,	173	__in BURN_CACHE* pCache,
@@ -1254,11 +1262,16 @@ LExit:
1254	static HRESULT CacheVerifyPayloadSignature(	1262	static HRESULT CacheVerifyPayloadSignature(
1255	__in BURN_PAYLOAD* pPayload,	1263	__in BURN_PAYLOAD* pPayload,
1256	__in_z LPCWSTR wzUnverifiedPayloadPath,	1264	__in_z LPCWSTR wzUnverifiedPayloadPath,
1257	__in HANDLE hFile	1265	__in HANDLE hFile,
		1266	__in BURN_CACHE_STEP cacheStep,
		1267	__in PFN_BURNCACHEMESSAGEHANDLER pfnCacheMessageHandler,
		1268	__in LPPROGRESS_ROUTINE /pfnProgress/,
		1269	__in LPVOID pContext
1258	)	1270	)
1259	{	1271	{
1260	HRESULT hr = S_OK;	1272	HRESULT hr = S_OK;
1261	LONG er = ERROR_SUCCESS;	1273	LONG er = ERROR_SUCCESS;
		1274	BOOL fFailedVerification = FALSE;
1262		1275
1263	GUID guidAuthenticode = WINTRUST_ACTION_GENERIC_VERIFY_V2;	1276	GUID guidAuthenticode = WINTRUST_ACTION_GENERIC_VERIFY_V2;
1264	WINTRUST_FILE_INFO wfi = { };	1277	WINTRUST_FILE_INFO wfi = { };
@@ -1266,6 +1279,11 @@ static HRESULT CacheVerifyPayloadSignature(
1266	CRYPT_PROVIDER_DATA* pProviderData = NULL;	1279	CRYPT_PROVIDER_DATA* pProviderData = NULL;
1267	CRYPT_PROVIDER_SGNR* pSigner = NULL;	1280	CRYPT_PROVIDER_SGNR* pSigner = NULL;
1268		1281
		1282	hr = SendCacheBeginMessage(pfnCacheMessageHandler, pContext, cacheStep);
		1283	ExitOnFailure(hr, "Aborted cache verify payload signature begin.");
		1284
		1285	fFailedVerification = TRUE;
		1286
1269	// Verify the payload assuming online.	1287	// Verify the payload assuming online.
1270	wfi.cbStruct = sizeof(wfi);	1288	wfi.cbStruct = sizeof(wfi);
1271	wfi.pcwszFilePath = wzUnverifiedPayloadPath;	1289	wfi.pcwszFilePath = wzUnverifiedPayloadPath;
@@ -1297,7 +1315,19 @@ static HRESULT CacheVerifyPayloadSignature(
1297	hr = VerifyPayloadAgainstCertChain(pPayload, pSigner->pChainContext);	1315	hr = VerifyPayloadAgainstCertChain(pPayload, pSigner->pChainContext);
1298	ExitOnFailure(hr, "Failed to verify expected payload against actual certificate chain.");	1316	ExitOnFailure(hr, "Failed to verify expected payload against actual certificate chain.");
1299		1317
		1318	fFailedVerification = FALSE;
		1319
		1320	hr = SendCacheSuccessMessage(pfnCacheMessageHandler, pContext, pPayload->qwFileSize);
		1321
1300	LExit:	1322	LExit:
		1323	if (fFailedVerification)
		1324	{
		1325	// Make sure the BA process marks this payload as having failed verification.
		1326	SendCacheFailureMessage(pfnCacheMessageHandler, pContext, cacheStep);
		1327	}
		1328
		1329	SendCacheCompleteMessage(pfnCacheMessageHandler, pContext, hr);
		1330
1301	return hr;	1331	return hr;
1302	}	1332	}
1303		1333
@@ -1744,7 +1774,7 @@ static HRESULT VerifyThenTransferPayload(
1744	switch (pPayload->verification)	1774	switch (pPayload->verification)
1745	{	1775	{
1746	case BURN_PAYLOAD_VERIFICATION_AUTHENTICODE:	1776	case BURN_PAYLOAD_VERIFICATION_AUTHENTICODE:
1747	hr = CacheVerifyPayloadSignature(pPayload, wzUnverifiedPayloadPath, hFile);	1777	hr = CacheVerifyPayloadSignature(pPayload, wzUnverifiedPayloadPath, hFile, BURN_CACHE_STEP_HASH, pfnCacheMessageHandler, pfnProgress, pContext);
1748	ExitOnFailure(hr, "Failed to verify payload signature: %ls", wzCachedPath);	1778	ExitOnFailure(hr, "Failed to verify payload signature: %ls", wzCachedPath);
1749	break;	1779	break;
1750	case BURN_PAYLOAD_VERIFICATION_HASH:	1780	case BURN_PAYLOAD_VERIFICATION_HASH:
@@ -1890,7 +1920,7 @@ static HRESULT VerifyFileAgainstPayload(
1890	switch (pPayload->verification)	1920	switch (pPayload->verification)
1891	{	1921	{
1892	case BURN_PAYLOAD_VERIFICATION_AUTHENTICODE:	1922	case BURN_PAYLOAD_VERIFICATION_AUTHENTICODE:
1893	hr = CacheVerifyPayloadSignature(pPayload, wzVerifyPath, hFile);	1923	hr = CacheVerifyPayloadSignature(pPayload, wzVerifyPath, hFile, cacheStep, pfnCacheMessageHandler, pfnProgress, pContext);
1894	ExitOnFailure(hr, "Failed to verify signature of payload: %ls", pPayload->sczKey);	1924	ExitOnFailure(hr, "Failed to verify signature of payload: %ls", pPayload->sczKey);
1895	break;	1925	break;
1896	case BURN_PAYLOAD_VERIFICATION_HASH:	1926	case BURN_PAYLOAD_VERIFICATION_HASH:
@@ -2285,17 +2315,18 @@ static HRESULT VerifyHash(
2285	__in LPVOID pContext	2315	__in LPVOID pContext
2286	)	2316	)
2287	{	2317	{
2288	UNREFERENCED_PARAMETER(wzUnverifiedPayloadPath);
2289
2290	HRESULT hr = S_OK;	2318	HRESULT hr = S_OK;
2291	BYTE rgbActualHash[SHA512_HASH_LEN] = { };	2319	BYTE rgbActualHash[SHA512_HASH_LEN] = { };
2292	DWORD64 qwHashedBytes = 0;	2320	DWORD64 qwHashedBytes = 0;
2293	LPWSTR pszExpected = NULL;	2321	LPWSTR pszExpected = NULL;
2294	LPWSTR pszActual = NULL;	2322	LPWSTR pszActual = NULL;
		2323	BOOL fFailedVerification = FALSE;
2295		2324
2296	hr = SendCacheBeginMessage(pfnCacheMessageHandler, pContext, cacheStep);	2325	hr = SendCacheBeginMessage(pfnCacheMessageHandler, pContext, cacheStep);
2297	ExitOnFailure(hr, "Aborted cache verify hash begin.");	2326	ExitOnFailure(hr, "Aborted cache verify hash begin.");
2298		2327
		2328	fFailedVerification = TRUE;
		2329
2299	if (fVerifyFileSize)	2330	if (fVerifyFileSize)
2300	{	2331	{
2301	hr = VerifyFileSize(hFile, qwFileSize, wzUnverifiedPayloadPath);	2332	hr = VerifyFileSize(hFile, qwFileSize, wzUnverifiedPayloadPath);
@@ -2323,9 +2354,17 @@ static HRESULT VerifyHash(
2323	}	2354	}
2324	}	2355	}
2325		2356
		2357	fFailedVerification = FALSE;
		2358
2326	hr = SendCacheSuccessMessage(pfnCacheMessageHandler, pContext, qwFileSize);	2359	hr = SendCacheSuccessMessage(pfnCacheMessageHandler, pContext, qwFileSize);
2327		2360
2328	LExit:	2361	LExit:
		2362	if (fFailedVerification)
		2363	{
		2364	// Make sure the BA process marks this container or payload as having failed verification.
		2365	SendCacheFailureMessage(pfnCacheMessageHandler, pContext, cacheStep);
		2366	}
		2367
2329	SendCacheCompleteMessage(pfnCacheMessageHandler, pContext, hr);	2368	SendCacheCompleteMessage(pfnCacheMessageHandler, pContext, hr);
2330		2369
2331	ReleaseStr(pszActual);	2370	ReleaseStr(pszActual);
@@ -2448,3 +2487,20 @@ static HRESULT SendCacheCompleteMessage(
2448		2487
2449	return hr;	2488	return hr;
2450	}	2489	}
		2490
		2491	static HRESULT SendCacheFailureMessage(
		2492	__in PFN_BURNCACHEMESSAGEHANDLER pfnCacheMessageHandler,
		2493	__in LPVOID pContext,
		2494	__in BURN_CACHE_STEP cacheStep
		2495	)
		2496	{
		2497	HRESULT hr = S_OK;
		2498	BURN_CACHE_MESSAGE message = { };
		2499
		2500	message.type = BURN_CACHE_MESSAGE_FAILURE;
		2501	message.failure.cacheStep = cacheStep;
		2502
		2503	hr = pfnCacheMessageHandler(&message, pContext);
		2504
		2505	return hr;
		2506	}