Stop encrypting hidden variables.

They were persisted in plaintext, and always had to be decrypted and sent to a separate process to actually be used.
author: Sean Hall <r.sean.hall@gmail.com> 2020-11-01 15:16:07 -0600
committer: Sean Hall <r.sean.hall@gmail.com> 2020-11-01 18:35:01 -0600
commit: 4921664f92bb6bd39ed7fd3dd24d58108973af25 (patch)
tree: 491cb08915b40708770b3b76f05eb1c98dc45691 /src/engine/variant.cpp
parent: b5553689ed1b1bd32f854654f56935c039a9b13b (diff)
download: wix-4921664f92bb6bd39ed7fd3dd24d58108973af25.tar.gz
wix-4921664f92bb6bd39ed7fd3dd24d58108973af25.tar.bz2
wix-4921664f92bb6bd39ed7fd3dd24d58108973af25.zip
1 files changed, 22 insertions, 292 deletions
diff --git a/src/engine/variant.cpp b/src/engine/variant.cpp
index 82f465b2..2267ee7b 100644
--- a/src/engine/variant.cpp
+++ b/src/engine/variant.cpp
@@ -2,8 +2,6 @@
 #include "precomp.h"
-#define VARIANT_ENCRYPTION_SCOPE CRYPTPROTECTMEMORY_SAME_PROCESS
 // internal function declarations
 static HRESULT GetVersionInternal(
@@ -12,25 +10,6 @@ static HRESULT GetVersionInternal(
    __in BOOL fSilent,
    __out VERUTIL_VERSION** ppValue
    );
-static HRESULT BVariantEncryptString(
-    __in BURN_VARIANT* pVariant,
-    __in BOOL fEncrypt
-    );
-static void BVariantRetrieveNumeric(
-    __in BURN_VARIANT* pVariant,
-    __out LONGLONG* pllValue
-    );
-static HRESULT BVariantRetrieveDecryptedString(
-    __in BURN_VARIANT* pVariant,
-    __out LPWSTR* psczValue
-    );
-static void BVariantRetrieveVersion(
-    __in BURN_VARIANT* pVariant,
-    __out VERUTIL_VERSION** ppValue
-    );
 // function definitions
@@ -46,38 +25,28 @@ extern "C" void BVariantUninitialize(
    SecureZeroMemory(pVariant, sizeof(BURN_VARIANT));
 }
-// The contents of pllValue may be sensitive, should keep encrypted and SecureZeroMemory.
 extern "C" HRESULT BVariantGetNumeric(
    __in BURN_VARIANT* pVariant,
    __out LONGLONG* pllValue
    )
 {
    HRESULT hr = S_OK;
-    LPWSTR sczValue = NULL;
-    VERUTIL_VERSION* pVersionValue = NULL;
    switch (pVariant->Type)
    {
    case BURN_VARIANT_TYPE_NUMERIC:
-        BVariantRetrieveNumeric(pVariant, pllValue);
+        *pllValue = pVariant->llValue;
        break;
    case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
    case BURN_VARIANT_TYPE_STRING:
-        hr = BVariantRetrieveDecryptedString(pVariant, &sczValue);
+        hr = StrStringToInt64(pVariant->sczValue, 0, pllValue);
-        if (SUCCEEDED(hr))
+        if (FAILED(hr))
        {
-            hr = StrStringToInt64(sczValue, 0, pllValue);
+            hr = DISP_E_TYPEMISMATCH;
-            if (FAILED(hr))
-            {
-                hr = DISP_E_TYPEMISMATCH;
-            }
        }
-        StrSecureZeroFreeString(sczValue);
        break;
    case BURN_VARIANT_TYPE_VERSION:
-        BVariantRetrieveVersion(pVariant, &pVersionValue);
+        hr = StrStringToInt64(pVariant->pValue ? pVariant->pValue->sczVersion : NULL, 0, pllValue);
-        hr = StrStringToInt64(pVersionValue->sczVersion, 0, pllValue);
        if (FAILED(hr))
        {
            hr = DISP_E_TYPEMISMATCH;
@@ -91,35 +60,27 @@ extern "C" HRESULT BVariantGetNumeric(
    return hr;
 }
-// The contents of psczValue may be sensitive, should keep encrypted and SecureZeroFree.
 extern "C" HRESULT BVariantGetString(
    __in BURN_VARIANT* pVariant,
    __out_z LPWSTR* psczValue
    )
 {
    HRESULT hr = S_OK;
-    LONGLONG llValue = 0;
-    VERUTIL_VERSION* pVersionValue = NULL;
    switch (pVariant->Type)
    {
    case BURN_VARIANT_TYPE_NUMERIC:
-        BVariantRetrieveNumeric(pVariant, &llValue);
+        hr = StrAllocFormattedSecure(psczValue, L"%I64d", pVariant->llValue);
-        if (SUCCEEDED(hr))
+        ExitOnFailure(hr, "Failed to convert int64 to string.");
-        {
-            hr = StrAllocFormattedSecure(psczValue, L"%I64d", llValue);
-            ExitOnFailure(hr, "Failed to convert int64 to string.");
-        }
-        SecureZeroMemory(&llValue, sizeof(llValue));
        break;
    case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
    case BURN_VARIANT_TYPE_STRING:
-        hr = BVariantRetrieveDecryptedString(pVariant, psczValue);
+        hr = StrAllocStringSecure(psczValue, pVariant->sczValue, 0);
+        ExitOnFailure(hr, "Failed to copy string value.");
        break;
    case BURN_VARIANT_TYPE_VERSION:
-        BVariantRetrieveVersion(pVariant, &pVersionValue);
+        hr = StrAllocStringSecure(psczValue, pVariant->pValue ? pVariant->pValue->sczVersion : NULL, 0);
+        ExitOnFailure(hr, "Failed to copy version value.");
-        hr = StrAllocStringSecure(psczValue, pVersionValue->sczVersion, 0);
        break;
    default:
        hr = E_INVALIDARG;
@@ -130,7 +91,6 @@ LExit:
    return hr;
 }
-// The contents of ppValue may be sensitive, should keep encrypted and SecureZeroMemory.
 extern "C" HRESULT BVariantGetVersion(
    __in BURN_VARIANT* pVariant,
    __out VERUTIL_VERSION** ppValue
@@ -139,7 +99,6 @@ extern "C" HRESULT BVariantGetVersion(
    return GetVersionInternal(pVariant, FALSE, FALSE, ppValue);
 }
-// The contents of ppValue may be sensitive, should keep encrypted and SecureZeroMemory.
 extern "C" HRESULT BVariantGetVersionHidden(
    __in BURN_VARIANT* pVariant,
    __in BOOL fHidden,
@@ -149,7 +108,6 @@ extern "C" HRESULT BVariantGetVersionHidden(
    return GetVersionInternal(pVariant, fHidden, FALSE, ppValue);
 }
-// The contents of ppValue may be sensitive, should keep encrypted and SecureZeroMemory.
 extern "C" HRESULT BVariantGetVersionSilent(
    __in BURN_VARIANT* pVariant,
    __in BOOL fSilent,
@@ -167,44 +125,28 @@ static HRESULT GetVersionInternal(
    )
 {
    HRESULT hr = S_OK;
-    LONGLONG llValue = 0;
-    LPWSTR sczValue = NULL;
-    VERUTIL_VERSION* pValue = NULL;
    switch (pVariant->Type)
    {
    case BURN_VARIANT_TYPE_NUMERIC:
-        BVariantRetrieveNumeric(pVariant, &llValue);
+        hr = VerVersionFromQword(pVariant->llValue, ppValue);
-        hr = VerVersionFromQword(llValue, ppValue);
        break;
    case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
    case BURN_VARIANT_TYPE_STRING:
-        hr = BVariantRetrieveDecryptedString(pVariant, &sczValue);
+        hr = VerParseVersion(pVariant->sczValue, 0, FALSE, ppValue);
-        if (SUCCEEDED(hr))
+        if (SUCCEEDED(hr) && !fSilent && (*ppValue)->fInvalid)
        {
-            hr = VerParseVersion(sczValue, 0, FALSE, ppValue);
+            LogId(REPORT_WARNING, MSG_INVALID_VERSION_COERSION, fHidden ? L"*****" : pVariant->sczValue);
-            if (FAILED(hr))
-            {
-                hr = DISP_E_TYPEMISMATCH;
-            }
-            else if (!fSilent && (*ppValue)->fInvalid)
-            {
-                LogId(REPORT_WARNING, MSG_INVALID_VERSION_COERSION, fHidden ? L"*****" : sczValue);
-            }
        }
-        StrSecureZeroFreeString(sczValue);
        break;
    case BURN_VARIANT_TYPE_VERSION:
-        BVariantRetrieveVersion(pVariant, &pValue);
+        if (!pVariant->pValue)
-        if (!pValue)
        {
            *ppValue = NULL;
        }
        else
        {
-            hr = VerCopyVersion(pValue, ppValue);
+            hr = VerCopyVersion(pVariant->pValue, ppValue);
        }
        break;
    default:
@@ -221,7 +163,6 @@ extern "C" HRESULT BVariantSetNumeric(
    )
 {
    HRESULT hr = S_OK;
-    BOOL fEncrypt = pVariant->fEncryptString;
    if (BURN_VARIANT_TYPE_FORMATTED == pVariant->Type ||
        BURN_VARIANT_TYPE_STRING == pVariant->Type)
@@ -231,7 +172,6 @@ extern "C" HRESULT BVariantSetNumeric(
    memset(pVariant, 0, sizeof(BURN_VARIANT));
    pVariant->llValue = llValue;
    pVariant->Type = BURN_VARIANT_TYPE_NUMERIC;
-    BVariantSetEncryption(pVariant, fEncrypt);
    return hr;
 }
@@ -244,7 +184,6 @@ extern "C" HRESULT BVariantSetString(
    )
 {
    HRESULT hr = S_OK;
-    BOOL fEncrypt = pVariant->fEncryptString;
    if (!wzValue) // if we're nulling out the string, make the variable NONE.
    {
@@ -257,11 +196,6 @@ extern "C" HRESULT BVariantSetString(
        {
            memset(pVariant, 0, sizeof(BURN_VARIANT));
        }
-        else
-        {
-            // We're about to copy an unencrypted value.
-            pVariant->fEncryptString = FALSE;
-        }
        hr = StrAllocStringSecure(&pVariant->sczValue, wzValue, cchValue);
        ExitOnFailure(hr, "Failed to copy string.");
@@ -270,7 +204,6 @@ extern "C" HRESULT BVariantSetString(
    }
 LExit:
-    BVariantSetEncryption(pVariant, fEncrypt);
    return hr;
 }
@@ -280,7 +213,6 @@ extern "C" HRESULT BVariantSetVersion(
    )
 {
    HRESULT hr = S_OK;
-    BOOL fEncryptValue = pVariant->fEncryptString;
    if (!pValue) // if we're nulling out the version, make the variable NONE.
    {
@@ -298,8 +230,6 @@ extern "C" HRESULT BVariantSetVersion(
        pVariant->Type = BURN_VARIANT_TYPE_VERSION;
    }
-    BVariantSetEncryption(pVariant, fEncryptValue);
    return hr;
 }
@@ -309,10 +239,6 @@ extern "C" HRESULT BVariantSetValue(
    )
 {
    HRESULT hr = S_OK;
-    LONGLONG llValue = 0;
-    LPWSTR sczValue = NULL;
-    VERUTIL_VERSION* pVersionValue = NULL;
-    BOOL fEncrypt = pVariant->fEncryptString;
    switch (pValue->Type)
    {
@@ -320,35 +246,19 @@ extern "C" HRESULT BVariantSetValue(
        BVariantUninitialize(pVariant);
        break;
    case BURN_VARIANT_TYPE_NUMERIC:
-        hr = BVariantGetNumeric(pValue, &llValue);
+        hr = BVariantSetNumeric(pVariant, pValue->llValue);
-        if (SUCCEEDED(hr))
-        {
-            hr = BVariantSetNumeric(pVariant, llValue);
-        }
-        SecureZeroMemory(&llValue, sizeof(llValue));
        break;
    case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
    case BURN_VARIANT_TYPE_STRING:
-        hr = BVariantGetString(pValue, &sczValue);
+        hr = BVariantSetString(pVariant, pValue->sczValue, 0, BURN_VARIANT_TYPE_FORMATTED == pValue->Type);
-        if (SUCCEEDED(hr))
-        {
-            hr = BVariantSetString(pVariant, sczValue, 0, BURN_VARIANT_TYPE_FORMATTED == pValue->Type);
-        }
-        StrSecureZeroFreeString(sczValue);
        break;
    case BURN_VARIANT_TYPE_VERSION:
-        hr = BVariantGetVersionSilent(pValue, TRUE, &pVersionValue);
+        hr = BVariantSetVersion(pVariant, pValue->pValue);
-        if (SUCCEEDED(hr))
-        {
-            hr = BVariantSetVersion(pVariant, pVersionValue);
-        }
        break;
    default:
        hr = E_INVALIDARG;
    }
-    ExitOnFailure(hr, "Failed to copy variant.");
+    ExitOnFailure(hr, "Failed to copy variant value.");
-    hr = BVariantSetEncryption(pVariant, fEncrypt);
 LExit:
    return hr;
@@ -359,50 +269,7 @@ extern "C" HRESULT BVariantCopy(
    __out BURN_VARIANT* pTarget
    )
 {
-    HRESULT hr = S_OK;
+    return BVariantSetValue(pTarget, pSource);
-    LONGLONG llValue = 0;
-    LPWSTR sczValue = NULL;
-    VERUTIL_VERSION* pVersionValue = 0;
-    BVariantUninitialize(pTarget);
-    switch (pSource->Type)
-    {
-    case BURN_VARIANT_TYPE_NONE:
-        break;
-    case BURN_VARIANT_TYPE_NUMERIC:
-        hr = BVariantGetNumeric(pSource, &llValue);
-        if (SUCCEEDED(hr))
-        {
-            hr = BVariantSetNumeric(pTarget, llValue);
-        }
-        SecureZeroMemory(&llValue, sizeof(llValue));
-        break;
-    case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
-    case BURN_VARIANT_TYPE_STRING:
-        hr = BVariantGetString(pSource, &sczValue);
-        if (SUCCEEDED(hr))
-        {
-            hr = BVariantSetString(pTarget, sczValue, 0, BURN_VARIANT_TYPE_FORMATTED == pSource->Type);
-        }
-        StrSecureZeroFreeString(sczValue);
-        break;
-    case BURN_VARIANT_TYPE_VERSION:
-        hr = BVariantGetVersionSilent(pSource, TRUE, &pVersionValue);
-        if (SUCCEEDED(hr))
-        {
-            hr = BVariantSetVersion(pTarget, pVersionValue);
-        }
-        break;
-    default:
-        hr = E_INVALIDARG;
-    }
-    ExitOnFailure(hr, "Failed to copy variant.");
-    hr = BVariantSetEncryption(pTarget, pSource->fEncryptString);
-LExit:
-    return hr;
 }
 extern "C" HRESULT BVariantChangeType(
@@ -412,7 +279,6 @@ extern "C" HRESULT BVariantChangeType(
 {
    HRESULT hr = S_OK;
    BURN_VARIANT variant = { };
-    BOOL fEncrypt = pVariant->fEncryptString;
    if (pVariant->Type == type)
    {
@@ -449,143 +315,7 @@ extern "C" HRESULT BVariantChangeType(
    BVariantUninitialize(pVariant);
    memcpy_s(pVariant, sizeof(BURN_VARIANT), &variant, sizeof(BURN_VARIANT));
    SecureZeroMemory(&variant, sizeof(BURN_VARIANT));
-    BVariantSetEncryption(pVariant, fEncrypt);
 LExit:
    return hr;
 }
-extern "C" HRESULT BVariantSetEncryption(
-    __in BURN_VARIANT* pVariant,
-    __in BOOL fEncrypt
-    )
-{
-    HRESULT hr = S_OK;
-    if (pVariant->fEncryptString == fEncrypt)
-    {
-        // The requested encryption state is already applied.
-        ExitFunction();
-    }
-    
-    switch (pVariant->Type)
-    {
-    case BURN_VARIANT_TYPE_NONE:
-    case BURN_VARIANT_TYPE_NUMERIC:
-    case BURN_VARIANT_TYPE_VERSION:
-        hr = S_OK;
-        break;
-    case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
-    case BURN_VARIANT_TYPE_STRING:
-        hr = BVariantEncryptString(pVariant, fEncrypt);
-        break;
-    default:
-        hr = E_INVALIDARG;
-    }
-    ExitOnFailure(hr, "Failed to set the variant's encryption state");
-    pVariant->fEncryptString = fEncrypt;
-LExit:
-    return hr;
-}
-static HRESULT BVariantEncryptString(
-    __in BURN_VARIANT* pVariant,
-    __in BOOL fEncrypt
-    )
-{
-    HRESULT hr = S_OK;
-    SIZE_T cbData = 0;
-    if (NULL == pVariant->sczValue)
-    {
-        ExitFunction();
-    }
-    cbData = MemSize(pVariant->sczValue);
-    if (-1 == cbData)
-    {
-        hr = E_INVALIDARG;
-        ExitOnFailure(hr, "Failed to get the size of the string");
-    }
-    
-    DWORD remainder = fEncrypt ? cbData % CRYP_ENCRYPT_MEMORY_SIZE : 0;
-    DWORD extraNeeded = 0 < remainder ? CRYP_ENCRYPT_MEMORY_SIZE - remainder : 0;
-    if ((MAXDWORD - extraNeeded) < cbData)
-    {
-        hr = E_INVALIDDATA;
-        ExitOnFailure(hr, "The string is too big: size %u", cbData);
-    }
-    else if (0 < extraNeeded)
-    {
-        cbData += extraNeeded;
-        LPVOID pvNew = NULL;
-        hr = MemReAllocSecure(static_cast<LPVOID>(pVariant->sczValue), cbData, TRUE, &pvNew);
-        ExitOnFailure(hr, "Failed to resize the string so it could be encrypted");
-        pVariant->sczValue = static_cast<LPWSTR>(pvNew);
-    }
-    
-    if (fEncrypt)
-    {
-        hr = CrypEncryptMemory(pVariant->sczValue, static_cast<DWORD>(cbData), VARIANT_ENCRYPTION_SCOPE);
-    }
-    else
-    {
-        hr = CrypDecryptMemory(pVariant->sczValue, static_cast<DWORD>(cbData), VARIANT_ENCRYPTION_SCOPE);
-    }
-LExit:
-    return hr;
-}
-static void BVariantRetrieveNumeric(
-    __in BURN_VARIANT* pVariant,
-    __out LONGLONG* pllValue
-    )
-{
-    Assert(NULL != pllValue);
-    *pllValue = pVariant->llValue;
-}
-// The contents of psczValue may be sensitive, should keep encrypted and SecureZeroFree.
-static HRESULT BVariantRetrieveDecryptedString(
-    __in BURN_VARIANT* pVariant,
-    __out LPWSTR* psczValue
-    )
-{
-    HRESULT hr = S_OK;
-    if (!pVariant->sczValue)
-    {
-        *psczValue = NULL;
-        ExitFunction();
-    }
-    if (pVariant->fEncryptString)
-    {
-        hr = BVariantEncryptString(pVariant, FALSE);
-        ExitOnFailure(hr, "Failed to decrypt string");
-    }
-    hr = StrAllocStringSecure(psczValue, pVariant->sczValue, 0);
-    ExitOnFailure(hr, "Failed to copy value.");
-    if (pVariant->fEncryptString)
-    {
-        hr = BVariantEncryptString(pVariant, TRUE);
-    }
-LExit:
-    return hr;
-}
-static void BVariantRetrieveVersion(
-    __in BURN_VARIANT* pVariant,
-    __out VERUTIL_VERSION** ppValue
-    )
-{
-    Assert(ppValue);
-    *ppValue = pVariant->pValue;
-}
author	Sean Hall <r.sean.hall@gmail.com>	2020-11-01 15:16:07 -0600
committer	Sean Hall <r.sean.hall@gmail.com>	2020-11-01 18:35:01 -0600
commit	4921664f92bb6bd39ed7fd3dd24d58108973af25 (patch)
tree	491cb08915b40708770b3b76f05eb1c98dc45691 /src/engine/variant.cpp
parent	b5553689ed1b1bd32f854654f56935c039a9b13b (diff)
download	wix-4921664f92bb6bd39ed7fd3dd24d58108973af25.tar.gz wix-4921664f92bb6bd39ed7fd3dd24d58108973af25.tar.bz2 wix-4921664f92bb6bd39ed7fd3dd24d58108973af25.zip

diff --git a/src/engine/variant.cpp b/src/engine/variant.cpp index 82f465b2..2267ee7b 100644 --- a/src/engine/variant.cpp +++ b/src/engine/variant.cpp
@@ -2,8 +2,6 @@
2		2
3	#include "precomp.h"	3	#include "precomp.h"
4		4
5	#define VARIANT_ENCRYPTION_SCOPE CRYPTPROTECTMEMORY_SAME_PROCESS
6
7	// internal function declarations	5	// internal function declarations
8		6
9	static HRESULT GetVersionInternal(	7	static HRESULT GetVersionInternal(
@@ -12,25 +10,6 @@ static HRESULT GetVersionInternal(
12	__in BOOL fSilent,	10	__in BOOL fSilent,
13	__out VERUTIL_VERSION** ppValue	11	__out VERUTIL_VERSION** ppValue
14	);	12	);
15	static HRESULT BVariantEncryptString(
16	__in BURN_VARIANT* pVariant,
17	__in BOOL fEncrypt
18	);
19
20	static void BVariantRetrieveNumeric(
21	__in BURN_VARIANT* pVariant,
22	__out LONGLONG* pllValue
23	);
24
25	static HRESULT BVariantRetrieveDecryptedString(
26	__in BURN_VARIANT* pVariant,
27	__out LPWSTR* psczValue
28	);
29
30	static void BVariantRetrieveVersion(
31	__in BURN_VARIANT* pVariant,
32	__out VERUTIL_VERSION** ppValue
33	);
34		13
35	// function definitions	14	// function definitions
36		15
@@ -46,38 +25,28 @@ extern "C" void BVariantUninitialize(
46	SecureZeroMemory(pVariant, sizeof(BURN_VARIANT));	25	SecureZeroMemory(pVariant, sizeof(BURN_VARIANT));
47	}	26	}
48		27
49	// The contents of pllValue may be sensitive, should keep encrypted and SecureZeroMemory.
50	extern "C" HRESULT BVariantGetNumeric(	28	extern "C" HRESULT BVariantGetNumeric(
51	__in BURN_VARIANT* pVariant,	29	__in BURN_VARIANT* pVariant,
52	__out LONGLONG* pllValue	30	__out LONGLONG* pllValue
53	)	31	)
54	{	32	{
55	HRESULT hr = S_OK;	33	HRESULT hr = S_OK;
56	LPWSTR sczValue = NULL;
57	VERUTIL_VERSION* pVersionValue = NULL;
58		34
59	switch (pVariant->Type)	35	switch (pVariant->Type)
60	{	36	{
61	case BURN_VARIANT_TYPE_NUMERIC:	37	case BURN_VARIANT_TYPE_NUMERIC:
62	BVariantRetrieveNumeric(pVariant, pllValue);	38	*pllValue = pVariant->llValue;
63	break;	39	break;
64	case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;	40	case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
65	case BURN_VARIANT_TYPE_STRING:	41	case BURN_VARIANT_TYPE_STRING:
66	hr = BVariantRetrieveDecryptedString(pVariant, &sczValue);	42	hr = StrStringToInt64(pVariant->sczValue, 0, pllValue);
67	if (SUCCEEDED(hr))	43	if (FAILED(hr))
68	{	44	{
69	hr = StrStringToInt64(sczValue, 0, pllValue);	45	hr = DISP_E_TYPEMISMATCH;
70	if (FAILED(hr))
71	{
72	hr = DISP_E_TYPEMISMATCH;
73	}
74	}	46	}
75	StrSecureZeroFreeString(sczValue);
76	break;	47	break;
77	case BURN_VARIANT_TYPE_VERSION:	48	case BURN_VARIANT_TYPE_VERSION:
78	BVariantRetrieveVersion(pVariant, &pVersionValue);	49	hr = StrStringToInt64(pVariant->pValue ? pVariant->pValue->sczVersion : NULL, 0, pllValue);
79
80	hr = StrStringToInt64(pVersionValue->sczVersion, 0, pllValue);
81	if (FAILED(hr))	50	if (FAILED(hr))
82	{	51	{
83	hr = DISP_E_TYPEMISMATCH;	52	hr = DISP_E_TYPEMISMATCH;
@@ -91,35 +60,27 @@ extern "C" HRESULT BVariantGetNumeric(
91	return hr;	60	return hr;
92	}	61	}
93		62
94	// The contents of psczValue may be sensitive, should keep encrypted and SecureZeroFree.
95	extern "C" HRESULT BVariantGetString(	63	extern "C" HRESULT BVariantGetString(
96	__in BURN_VARIANT* pVariant,	64	__in BURN_VARIANT* pVariant,
97	__out_z LPWSTR* psczValue	65	__out_z LPWSTR* psczValue
98	)	66	)
99	{	67	{
100	HRESULT hr = S_OK;	68	HRESULT hr = S_OK;
101	LONGLONG llValue = 0;
102	VERUTIL_VERSION* pVersionValue = NULL;
103		69
104	switch (pVariant->Type)	70	switch (pVariant->Type)
105	{	71	{
106	case BURN_VARIANT_TYPE_NUMERIC:	72	case BURN_VARIANT_TYPE_NUMERIC:
107	BVariantRetrieveNumeric(pVariant, &llValue);	73	hr = StrAllocFormattedSecure(psczValue, L"%I64d", pVariant->llValue);
108	if (SUCCEEDED(hr))	74	ExitOnFailure(hr, "Failed to convert int64 to string.");
109	{
110	hr = StrAllocFormattedSecure(psczValue, L"%I64d", llValue);
111	ExitOnFailure(hr, "Failed to convert int64 to string.");
112	}
113	SecureZeroMemory(&llValue, sizeof(llValue));
114	break;	75	break;
115	case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;	76	case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
116	case BURN_VARIANT_TYPE_STRING:	77	case BURN_VARIANT_TYPE_STRING:
117	hr = BVariantRetrieveDecryptedString(pVariant, psczValue);	78	hr = StrAllocStringSecure(psczValue, pVariant->sczValue, 0);
		79	ExitOnFailure(hr, "Failed to copy string value.");
118	break;	80	break;
119	case BURN_VARIANT_TYPE_VERSION:	81	case BURN_VARIANT_TYPE_VERSION:
120	BVariantRetrieveVersion(pVariant, &pVersionValue);	82	hr = StrAllocStringSecure(psczValue, pVariant->pValue ? pVariant->pValue->sczVersion : NULL, 0);
121		83	ExitOnFailure(hr, "Failed to copy version value.");
122	hr = StrAllocStringSecure(psczValue, pVersionValue->sczVersion, 0);
123	break;	84	break;
124	default:	85	default:
125	hr = E_INVALIDARG;	86	hr = E_INVALIDARG;
@@ -130,7 +91,6 @@ LExit:
130	return hr;	91	return hr;
131	}	92	}
132		93
133	// The contents of ppValue may be sensitive, should keep encrypted and SecureZeroMemory.
134	extern "C" HRESULT BVariantGetVersion(	94	extern "C" HRESULT BVariantGetVersion(
135	__in BURN_VARIANT* pVariant,	95	__in BURN_VARIANT* pVariant,
136	__out VERUTIL_VERSION** ppValue	96	__out VERUTIL_VERSION** ppValue
@@ -139,7 +99,6 @@ extern "C" HRESULT BVariantGetVersion(
139	return GetVersionInternal(pVariant, FALSE, FALSE, ppValue);	99	return GetVersionInternal(pVariant, FALSE, FALSE, ppValue);
140	}	100	}
141		101
142	// The contents of ppValue may be sensitive, should keep encrypted and SecureZeroMemory.
143	extern "C" HRESULT BVariantGetVersionHidden(	102	extern "C" HRESULT BVariantGetVersionHidden(
144	__in BURN_VARIANT* pVariant,	103	__in BURN_VARIANT* pVariant,
145	__in BOOL fHidden,	104	__in BOOL fHidden,
@@ -149,7 +108,6 @@ extern "C" HRESULT BVariantGetVersionHidden(
149	return GetVersionInternal(pVariant, fHidden, FALSE, ppValue);	108	return GetVersionInternal(pVariant, fHidden, FALSE, ppValue);
150	}	109	}
151		110
152	// The contents of ppValue may be sensitive, should keep encrypted and SecureZeroMemory.
153	extern "C" HRESULT BVariantGetVersionSilent(	111	extern "C" HRESULT BVariantGetVersionSilent(
154	__in BURN_VARIANT* pVariant,	112	__in BURN_VARIANT* pVariant,
155	__in BOOL fSilent,	113	__in BOOL fSilent,
@@ -167,44 +125,28 @@ static HRESULT GetVersionInternal(
167	)	125	)
168	{	126	{
169	HRESULT hr = S_OK;	127	HRESULT hr = S_OK;
170	LONGLONG llValue = 0;
171	LPWSTR sczValue = NULL;
172	VERUTIL_VERSION* pValue = NULL;
173		128
174	switch (pVariant->Type)	129	switch (pVariant->Type)
175	{	130	{
176	case BURN_VARIANT_TYPE_NUMERIC:	131	case BURN_VARIANT_TYPE_NUMERIC:
177	BVariantRetrieveNumeric(pVariant, &llValue);	132	hr = VerVersionFromQword(pVariant->llValue, ppValue);
178
179	hr = VerVersionFromQword(llValue, ppValue);
180	break;	133	break;
181	case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;	134	case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
182	case BURN_VARIANT_TYPE_STRING:	135	case BURN_VARIANT_TYPE_STRING:
183	hr = BVariantRetrieveDecryptedString(pVariant, &sczValue);	136	hr = VerParseVersion(pVariant->sczValue, 0, FALSE, ppValue);
184	if (SUCCEEDED(hr))	137	if (SUCCEEDED(hr) && !fSilent && (*ppValue)->fInvalid)
185	{	138	{
186	hr = VerParseVersion(sczValue, 0, FALSE, ppValue);	139	LogId(REPORT_WARNING, MSG_INVALID_VERSION_COERSION, fHidden ? L"*****" : pVariant->sczValue);
187	if (FAILED(hr))
188	{
189	hr = DISP_E_TYPEMISMATCH;
190	}
191	else if (!fSilent && (*ppValue)->fInvalid)
192	{
193	LogId(REPORT_WARNING, MSG_INVALID_VERSION_COERSION, fHidden ? L"*****" : sczValue);
194	}
195	}	140	}
196	StrSecureZeroFreeString(sczValue);
197	break;	141	break;
198	case BURN_VARIANT_TYPE_VERSION:	142	case BURN_VARIANT_TYPE_VERSION:
199	BVariantRetrieveVersion(pVariant, &pValue);	143	if (!pVariant->pValue)
200
201	if (!pValue)
202	{	144	{
203	*ppValue = NULL;	145	*ppValue = NULL;
204	}	146	}
205	else	147	else
206	{	148	{
207	hr = VerCopyVersion(pValue, ppValue);	149	hr = VerCopyVersion(pVariant->pValue, ppValue);
208	}	150	}
209	break;	151	break;
210	default:	152	default:
@@ -221,7 +163,6 @@ extern "C" HRESULT BVariantSetNumeric(
221	)	163	)
222	{	164	{
223	HRESULT hr = S_OK;	165	HRESULT hr = S_OK;
224	BOOL fEncrypt = pVariant->fEncryptString;
225		166
226	if (BURN_VARIANT_TYPE_FORMATTED == pVariant->Type \|\|	167	if (BURN_VARIANT_TYPE_FORMATTED == pVariant->Type \|\|
227	BURN_VARIANT_TYPE_STRING == pVariant->Type)	168	BURN_VARIANT_TYPE_STRING == pVariant->Type)
@@ -231,7 +172,6 @@ extern "C" HRESULT BVariantSetNumeric(
231	memset(pVariant, 0, sizeof(BURN_VARIANT));	172	memset(pVariant, 0, sizeof(BURN_VARIANT));
232	pVariant->llValue = llValue;	173	pVariant->llValue = llValue;
233	pVariant->Type = BURN_VARIANT_TYPE_NUMERIC;	174	pVariant->Type = BURN_VARIANT_TYPE_NUMERIC;
234	BVariantSetEncryption(pVariant, fEncrypt);
235		175
236	return hr;	176	return hr;
237	}	177	}
@@ -244,7 +184,6 @@ extern "C" HRESULT BVariantSetString(
244	)	184	)
245	{	185	{
246	HRESULT hr = S_OK;	186	HRESULT hr = S_OK;
247	BOOL fEncrypt = pVariant->fEncryptString;
248		187
249	if (!wzValue) // if we're nulling out the string, make the variable NONE.	188	if (!wzValue) // if we're nulling out the string, make the variable NONE.
250	{	189	{
@@ -257,11 +196,6 @@ extern "C" HRESULT BVariantSetString(
257	{	196	{
258	memset(pVariant, 0, sizeof(BURN_VARIANT));	197	memset(pVariant, 0, sizeof(BURN_VARIANT));
259	}	198	}
260	else
261	{
262	// We're about to copy an unencrypted value.
263	pVariant->fEncryptString = FALSE;
264	}
265		199
266	hr = StrAllocStringSecure(&pVariant->sczValue, wzValue, cchValue);	200	hr = StrAllocStringSecure(&pVariant->sczValue, wzValue, cchValue);
267	ExitOnFailure(hr, "Failed to copy string.");	201	ExitOnFailure(hr, "Failed to copy string.");
@@ -270,7 +204,6 @@ extern "C" HRESULT BVariantSetString(
270	}	204	}
271		205
272	LExit:	206	LExit:
273	BVariantSetEncryption(pVariant, fEncrypt);
274	return hr;	207	return hr;
275	}	208	}
276		209
@@ -280,7 +213,6 @@ extern "C" HRESULT BVariantSetVersion(
280	)	213	)
281	{	214	{
282	HRESULT hr = S_OK;	215	HRESULT hr = S_OK;
283	BOOL fEncryptValue = pVariant->fEncryptString;
284		216
285	if (!pValue) // if we're nulling out the version, make the variable NONE.	217	if (!pValue) // if we're nulling out the version, make the variable NONE.
286	{	218	{
@@ -298,8 +230,6 @@ extern "C" HRESULT BVariantSetVersion(
298	pVariant->Type = BURN_VARIANT_TYPE_VERSION;	230	pVariant->Type = BURN_VARIANT_TYPE_VERSION;
299	}	231	}
300		232
301	BVariantSetEncryption(pVariant, fEncryptValue);
302
303	return hr;	233	return hr;
304	}	234	}
305		235
@@ -309,10 +239,6 @@ extern "C" HRESULT BVariantSetValue(
309	)	239	)
310	{	240	{
311	HRESULT hr = S_OK;	241	HRESULT hr = S_OK;
312	LONGLONG llValue = 0;
313	LPWSTR sczValue = NULL;
314	VERUTIL_VERSION* pVersionValue = NULL;
315	BOOL fEncrypt = pVariant->fEncryptString;
316		242
317	switch (pValue->Type)	243	switch (pValue->Type)
318	{	244	{
@@ -320,35 +246,19 @@ extern "C" HRESULT BVariantSetValue(
320	BVariantUninitialize(pVariant);	246	BVariantUninitialize(pVariant);
321	break;	247	break;
322	case BURN_VARIANT_TYPE_NUMERIC:	248	case BURN_VARIANT_TYPE_NUMERIC:
323	hr = BVariantGetNumeric(pValue, &llValue);	249	hr = BVariantSetNumeric(pVariant, pValue->llValue);
324	if (SUCCEEDED(hr))
325	{
326	hr = BVariantSetNumeric(pVariant, llValue);
327	}
328	SecureZeroMemory(&llValue, sizeof(llValue));
329	break;	250	break;
330	case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;	251	case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
331	case BURN_VARIANT_TYPE_STRING:	252	case BURN_VARIANT_TYPE_STRING:
332	hr = BVariantGetString(pValue, &sczValue);	253	hr = BVariantSetString(pVariant, pValue->sczValue, 0, BURN_VARIANT_TYPE_FORMATTED == pValue->Type);
333	if (SUCCEEDED(hr))
334	{
335	hr = BVariantSetString(pVariant, sczValue, 0, BURN_VARIANT_TYPE_FORMATTED == pValue->Type);
336	}
337	StrSecureZeroFreeString(sczValue);
338	break;	254	break;
339	case BURN_VARIANT_TYPE_VERSION:	255	case BURN_VARIANT_TYPE_VERSION:
340	hr = BVariantGetVersionSilent(pValue, TRUE, &pVersionValue);	256	hr = BVariantSetVersion(pVariant, pValue->pValue);
341	if (SUCCEEDED(hr))
342	{
343	hr = BVariantSetVersion(pVariant, pVersionValue);
344	}
345	break;	257	break;
346	default:	258	default:
347	hr = E_INVALIDARG;	259	hr = E_INVALIDARG;
348	}	260	}
349	ExitOnFailure(hr, "Failed to copy variant.");	261	ExitOnFailure(hr, "Failed to copy variant value.");
350
351	hr = BVariantSetEncryption(pVariant, fEncrypt);
352		262
353	LExit:	263	LExit:
354	return hr;	264	return hr;
@@ -359,50 +269,7 @@ extern "C" HRESULT BVariantCopy(
359	__out BURN_VARIANT* pTarget	269	__out BURN_VARIANT* pTarget
360	)	270	)
361	{	271	{
362	HRESULT hr = S_OK;	272	return BVariantSetValue(pTarget, pSource);
363	LONGLONG llValue = 0;
364	LPWSTR sczValue = NULL;
365	VERUTIL_VERSION* pVersionValue = 0;
366
367	BVariantUninitialize(pTarget);
368
369	switch (pSource->Type)
370	{
371	case BURN_VARIANT_TYPE_NONE:
372	break;
373	case BURN_VARIANT_TYPE_NUMERIC:
374	hr = BVariantGetNumeric(pSource, &llValue);
375	if (SUCCEEDED(hr))
376	{
377	hr = BVariantSetNumeric(pTarget, llValue);
378	}
379	SecureZeroMemory(&llValue, sizeof(llValue));
380	break;
381	case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
382	case BURN_VARIANT_TYPE_STRING:
383	hr = BVariantGetString(pSource, &sczValue);
384	if (SUCCEEDED(hr))
385	{
386	hr = BVariantSetString(pTarget, sczValue, 0, BURN_VARIANT_TYPE_FORMATTED == pSource->Type);
387	}
388	StrSecureZeroFreeString(sczValue);
389	break;
390	case BURN_VARIANT_TYPE_VERSION:
391	hr = BVariantGetVersionSilent(pSource, TRUE, &pVersionValue);
392	if (SUCCEEDED(hr))
393	{
394	hr = BVariantSetVersion(pTarget, pVersionValue);
395	}
396	break;
397	default:
398	hr = E_INVALIDARG;
399	}
400	ExitOnFailure(hr, "Failed to copy variant.");
401
402	hr = BVariantSetEncryption(pTarget, pSource->fEncryptString);
403
404	LExit:
405	return hr;
406	}	273	}
407		274
408	extern "C" HRESULT BVariantChangeType(	275	extern "C" HRESULT BVariantChangeType(
@@ -412,7 +279,6 @@ extern "C" HRESULT BVariantChangeType(
412	{	279	{
413	HRESULT hr = S_OK;	280	HRESULT hr = S_OK;
414	BURN_VARIANT variant = { };	281	BURN_VARIANT variant = { };
415	BOOL fEncrypt = pVariant->fEncryptString;
416		282
417	if (pVariant->Type == type)	283	if (pVariant->Type == type)
418	{	284	{
@@ -449,143 +315,7 @@ extern "C" HRESULT BVariantChangeType(
449	BVariantUninitialize(pVariant);	315	BVariantUninitialize(pVariant);
450	memcpy_s(pVariant, sizeof(BURN_VARIANT), &variant, sizeof(BURN_VARIANT));	316	memcpy_s(pVariant, sizeof(BURN_VARIANT), &variant, sizeof(BURN_VARIANT));
451	SecureZeroMemory(&variant, sizeof(BURN_VARIANT));	317	SecureZeroMemory(&variant, sizeof(BURN_VARIANT));
452	BVariantSetEncryption(pVariant, fEncrypt);
453		318
454	LExit:	319	LExit:
455	return hr;	320	return hr;
456	}	321	}
457
458	extern "C" HRESULT BVariantSetEncryption(
459	__in BURN_VARIANT* pVariant,
460	__in BOOL fEncrypt
461	)
462	{
463	HRESULT hr = S_OK;
464
465	if (pVariant->fEncryptString == fEncrypt)
466	{
467	// The requested encryption state is already applied.
468	ExitFunction();
469	}
470
471	switch (pVariant->Type)
472	{
473	case BURN_VARIANT_TYPE_NONE:
474	case BURN_VARIANT_TYPE_NUMERIC:
475	case BURN_VARIANT_TYPE_VERSION:
476	hr = S_OK;
477	break;
478	case BURN_VARIANT_TYPE_FORMATTED: __fallthrough;
479	case BURN_VARIANT_TYPE_STRING:
480	hr = BVariantEncryptString(pVariant, fEncrypt);
481	break;
482	default:
483	hr = E_INVALIDARG;
484	}
485	ExitOnFailure(hr, "Failed to set the variant's encryption state");
486	pVariant->fEncryptString = fEncrypt;
487
488	LExit:
489	return hr;
490	}
491
492	static HRESULT BVariantEncryptString(
493	__in BURN_VARIANT* pVariant,
494	__in BOOL fEncrypt
495	)
496	{
497	HRESULT hr = S_OK;
498	SIZE_T cbData = 0;
499
500	if (NULL == pVariant->sczValue)
501	{
502	ExitFunction();
503	}
504
505	cbData = MemSize(pVariant->sczValue);
506	if (-1 == cbData)
507	{
508	hr = E_INVALIDARG;
509	ExitOnFailure(hr, "Failed to get the size of the string");
510	}
511
512	DWORD remainder = fEncrypt ? cbData % CRYP_ENCRYPT_MEMORY_SIZE : 0;
513	DWORD extraNeeded = 0 < remainder ? CRYP_ENCRYPT_MEMORY_SIZE - remainder : 0;
514	if ((MAXDWORD - extraNeeded) < cbData)
515	{
516	hr = E_INVALIDDATA;
517	ExitOnFailure(hr, "The string is too big: size %u", cbData);
518	}
519	else if (0 < extraNeeded)
520	{
521	cbData += extraNeeded;
522	LPVOID pvNew = NULL;
523	hr = MemReAllocSecure(static_cast<LPVOID>(pVariant->sczValue), cbData, TRUE, &pvNew);
524	ExitOnFailure(hr, "Failed to resize the string so it could be encrypted");
525	pVariant->sczValue = static_cast<LPWSTR>(pvNew);
526	}
527
528	if (fEncrypt)
529	{
530	hr = CrypEncryptMemory(pVariant->sczValue, static_cast<DWORD>(cbData), VARIANT_ENCRYPTION_SCOPE);
531	}
532	else
533	{
534	hr = CrypDecryptMemory(pVariant->sczValue, static_cast<DWORD>(cbData), VARIANT_ENCRYPTION_SCOPE);
535	}
536
537	LExit:
538	return hr;
539	}
540
541	static void BVariantRetrieveNumeric(
542	__in BURN_VARIANT* pVariant,
543	__out LONGLONG* pllValue
544	)
545	{
546	Assert(NULL != pllValue);
547
548	*pllValue = pVariant->llValue;
549	}
550
551	// The contents of psczValue may be sensitive, should keep encrypted and SecureZeroFree.
552	static HRESULT BVariantRetrieveDecryptedString(
553	__in BURN_VARIANT* pVariant,
554	__out LPWSTR* psczValue
555	)
556	{
557	HRESULT hr = S_OK;
558
559	if (!pVariant->sczValue)
560	{
561	*psczValue = NULL;
562	ExitFunction();
563	}
564
565	if (pVariant->fEncryptString)
566	{
567	hr = BVariantEncryptString(pVariant, FALSE);
568	ExitOnFailure(hr, "Failed to decrypt string");
569	}
570
571	hr = StrAllocStringSecure(psczValue, pVariant->sczValue, 0);
572	ExitOnFailure(hr, "Failed to copy value.");
573
574	if (pVariant->fEncryptString)
575	{
576	hr = BVariantEncryptString(pVariant, TRUE);
577	}
578
579	LExit:
580	return hr;
581	}
582
583	static void BVariantRetrieveVersion(
584	__in BURN_VARIANT* pVariant,
585	__out VERUTIL_VERSION** ppValue
586	)
587	{
588	Assert(ppValue);
589
590	*ppValue = pVariant->pValue;
591	}