Dmitry Timoshkov : crypt32: CertComparePublicKeyInfo should not try to decode a non-RSA public key.
Alexandre Julliard
julliard at winehq.org
Fri Oct 26 14:23:56 CDT 2018
Module: wine
Branch: master
Commit: 8f488a71b9a0718b4c36823089df0309194e4e76
URL: https://source.winehq.org/git/wine.git/?a=commit;h=8f488a71b9a0718b4c36823089df0309194e4e76
Author: Dmitry Timoshkov <dmitry at baikal.ru>
Date: Fri Oct 26 13:17:26 2018 +0300
crypt32: CertComparePublicKeyInfo should not try to decode a non-RSA public key.
Signed-off-by: Dmitry Timoshkov <dmitry at baikal.ru>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/crypt32/cert.c | 7 +++++++
dlls/crypt32/tests/cert.c | 6 ------
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 9157814..d09d049 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -28,6 +28,7 @@
#include "winternl.h"
#define CRYPT_OID_INFO_HAS_EXTRA_FIELDS
#include "wincrypt.h"
+#include "snmp.h"
#include "bcrypt.h"
#include "winnls.h"
#include "rpc.h"
@@ -1242,6 +1243,12 @@ BOOL WINAPI CertComparePublicKeyInfo(DWORD dwCertEncodingType,
TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pPublicKey1, pPublicKey2);
+ /* RSA public key data should start with ASN_SEQUENCE,
+ * otherwise it's not a RSA_CSP_PUBLICKEYBLOB.
+ */
+ if (!pPublicKey1->PublicKey.cbData || pPublicKey1->PublicKey.pbData[0] != ASN_SEQUENCE)
+ dwCertEncodingType = 0;
+
switch (GET_CERT_ENCODING_TYPE(dwCertEncodingType))
{
case 0: /* Seems to mean "raw binary bits" */
diff --git a/dlls/crypt32/tests/cert.c b/dlls/crypt32/tests/cert.c
index cc7bd4c..f653741 100644
--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -3210,7 +3210,6 @@ static void testComparePublicKeyInfo(void)
ret = CertComparePublicKeyInfo(0, &info1, &info2);
ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
-todo_wine
ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
/* Different OIDs appear to compare */
@@ -3219,14 +3218,12 @@ todo_wine
ret = CertComparePublicKeyInfo(0, &info1, &info2);
ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
-todo_wine
ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
info2.Algorithm.pszObjId = oid_x957_dsa;
ret = CertComparePublicKeyInfo(0, &info1, &info2);
ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
-todo_wine
ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
info1.PublicKey.cbData = sizeof(bits1);
@@ -3238,7 +3235,6 @@ todo_wine
ret = CertComparePublicKeyInfo(0, &info1, &info2);
ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
-todo_wine
ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
info2.Algorithm.pszObjId = oid_rsa_rsa;
@@ -3297,11 +3293,9 @@ todo_wine
ret = CertComparePublicKeyInfo(0, &info1, &info1);
ok(ret, "CertComparePublicKeyInfo: as raw binary: keys should be equal\n");
ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info1);
-todo_wine
ok(ret, "CertComparePublicKeyInfo: as ASN.1 encoded: keys should be equal\n");
info1.PublicKey.cbData--; /* kill one byte, make ASN.1 encoded data invalid */
ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info1);
-todo_wine
ok(ret, "CertComparePublicKeyInfo: as ASN.1 encoded: keys should be equal\n");
/* ASN.1 encoded non-comparing case */
More information about the wine-cvs
mailing list