[Bug 42518] New: WinVerifyTrust fails for signatures using SHA256 digest
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Feb 24 10:57:51 CST 2017
https://bugs.winehq.org/show_bug.cgi?id=42518
Bug ID: 42518
Summary: WinVerifyTrust fails for signatures using SHA256
digest
Product: Wine
Version: 2.2
Hardware: x86
OS: Mac OS X
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: wintrust
Assignee: wine-bugs at winehq.org
Reporter: tomek at bayesfusion.com
Created attachment 57407
--> https://bugs.winehq.org/attachment.cgi?id=57407
source code for a minimal program calling WinVerifyTrust
On both Linux and macOS WinVerifyTrust returns 0x80090008 (NTE_BAD_ALGID) when
called to verify the executable signed with SHA256 cerfificate and using SHA256
digest (/fd sha256 used when calling signtool). This does not happen when the
same SHA256 certificate is used to sign the executable, but with SHA1 digest
instead; WinVerifyTrust returns 0 in this case.
WinVerifyTrust returns 0 (as expected) on Windows for SHA256 digest.
To reproduce the issue, either
a) use sigcheck.exe from SysInternals and verify the signature of SHA256 digest
signature (for example, Chrome 56).
or
b) compile the attached C code (CallWVT.c) to get a program which calls
WinVerifyTrust on an executable file specified as its 1st argument.
Also attached are the stderr outputs with WINEDEBUG=+wintrust,+crypt. The
log_sha2.txt file is the full output. log_sha1_truncated.txt is truncated at
the point of successful return from SoftpubLoadMessage (the whole file would be
too large).
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list