David Hedberg : rsaenh: Don' t fail on signature verification if the signed hash lacks the OID.
Alexandre Julliard
julliard at winehq.org
Wed Jun 15 13:42:56 CDT 2011
Module: wine
Branch: master
Commit: f8755d84221ce6dc803af2ea89ae98d7e3260393
URL: http://source.winehq.org/git/wine.git/?a=commit;h=f8755d84221ce6dc803af2ea89ae98d7e3260393
Author: David Hedberg <dhedberg at codeweavers.com>
Date: Wed Jun 15 06:21:30 2011 +0200
rsaenh: Don't fail on signature verification if the signed hash lacks the OID.
---
dlls/rsaenh/rsaenh.c | 15 ++++++++++-----
dlls/rsaenh/tests/rsaenh.c | 23 +++++++++++++++++------
2 files changed, 27 insertions(+), 11 deletions(-)
diff --git a/dlls/rsaenh/rsaenh.c b/dlls/rsaenh/rsaenh.c
index 61d1b87..2516af6 100644
--- a/dlls/rsaenh/rsaenh.c
+++ b/dlls/rsaenh/rsaenh.c
@@ -4472,16 +4472,21 @@ BOOL WINAPI RSAENH_CPVerifySignature(HCRYPTPROV hProv, HCRYPTHASH hHash, CONST B
goto cleanup;
}
- if (!build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags)) {
+ if (build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags) &&
+ !memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
+ res = TRUE;
goto cleanup;
}
- if (memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
- SetLastError(NTE_BAD_SIGNATURE);
+ if (!(dwFlags & CRYPT_NOHASHOID) &&
+ build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags|CRYPT_NOHASHOID) &&
+ !memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
+ res = TRUE;
goto cleanup;
}
-
- res = TRUE;
+
+ SetLastError(NTE_BAD_SIGNATURE);
+
cleanup:
HeapFree(GetProcessHeap(), 0, pbConstructed);
HeapFree(GetProcessHeap(), 0, pbDecrypted);
diff --git a/dlls/rsaenh/tests/rsaenh.c b/dlls/rsaenh/tests/rsaenh.c
index ccccb59..27fedd9 100644
--- a/dlls/rsaenh/tests/rsaenh.c
+++ b/dlls/rsaenh/tests/rsaenh.c
@@ -1771,15 +1771,14 @@ static void test_verify_signature(void) {
ok(result, "%08x\n", GetLastError());
if (!result) return;
- result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
+ /* It seems that CPVerifySignature doesn't care about the OID at all. */
+ result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, 0);
ok(result, "%08x\n", GetLastError());
if (!result) return;
- /* Next test fails on WinXP SP2. It seems that CPVerifySignature doesn't care about
- * the OID at all. */
- /*result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, 0);
- ok(!result && GetLastError()==NTE_BAD_SIGNATURE, "%08lx\n", GetLastError());
- if (result) return;*/
+ result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
+ ok(result, "%08x\n", GetLastError());
+ if (!result) return;
CryptDestroyHash(hHash);
@@ -1795,6 +1794,10 @@ static void test_verify_signature(void) {
ok(result, "%08x\n", GetLastError());
if (!result) return;
+ result = CryptVerifySignature(hHash, abSignatureMD4NoOID, 128, hPubSignKey, NULL, 0);
+ ok(result, "%08x\n", GetLastError());
+ if (!result) return;
+
result = CryptVerifySignature(hHash, abSignatureMD4NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
ok(result, "%08x\n", GetLastError());
if (!result) return;
@@ -1813,6 +1816,10 @@ static void test_verify_signature(void) {
ok(result, "%08x\n", GetLastError());
if (!result) return;
+ result = CryptVerifySignature(hHash, abSignatureMD5NoOID, 128, hPubSignKey, NULL, 0);
+ ok(result, "%08x\n", GetLastError());
+ if (!result) return;
+
result = CryptVerifySignature(hHash, abSignatureMD5NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
ok(result, "%08x\n", GetLastError());
if (!result) return;
@@ -1831,6 +1838,10 @@ static void test_verify_signature(void) {
ok(result, "%08x\n", GetLastError());
if (!result) return;
+ result = CryptVerifySignature(hHash, abSignatureSHANoOID, 128, hPubSignKey, NULL, 0);
+ ok(result, "%08x\n", GetLastError());
+ if (!result) return;
+
result = CryptVerifySignature(hHash, abSignatureSHANoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
ok(result, "%08x\n", GetLastError());
if (!result) return;
More information about the wine-cvs
mailing list