[Bug 42518] New: WinVerifyTrust fails for signatures using SHA256 digest

[wine-bugs at winehq.org]

https://bugs.winehq.org/show_bug.cgi?id=42518

            Bug ID: 42518
           Summary: WinVerifyTrust fails for signatures using SHA256
                    digest
           Product: Wine
           Version: 2.2
          Hardware: x86
                OS: Mac OS X
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: wintrust
          Assignee: wine-bugs at winehq.org
          Reporter: tomek at bayesfusion.com

Created attachment 57407
  --> https://bugs.winehq.org/attachment.cgi?id=57407
source code for a minimal program calling WinVerifyTrust

On both Linux and macOS WinVerifyTrust returns 0x80090008 (NTE_BAD_ALGID) when
called to verify the executable signed with SHA256 cerfificate and using SHA256
digest (/fd sha256 used when calling signtool). This does not happen when the
same SHA256 certificate is used to sign the executable, but with SHA1 digest
instead; WinVerifyTrust returns 0 in this case. 

WinVerifyTrust returns 0 (as expected) on Windows for SHA256 digest.

To reproduce the issue, either
a) use sigcheck.exe from SysInternals and verify the signature of SHA256 digest
signature (for example, Chrome 56). 

or

b) compile the attached C code (CallWVT.c) to get a program which calls
WinVerifyTrust on an executable file specified as its 1st argument.

Also attached are the stderr outputs with WINEDEBUG=+wintrust,+crypt. The
log_sha2.txt file is the full output. log_sha1_truncated.txt is truncated at
the point of successful return from SoftpubLoadMessage (the whole file would be
too large).

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.