advapi32: Allow setting CRYPT_VERIFYCONTEXT and CRYPT_NEWKEYSET in CryptAcquireContext

Mounir IDRASSI mounir.idrassi at idrix.fr
Tue Jun 12 20:01:54 CDT 2007


Hi Maarten,
You should not modify advapi32 to accommodate this behavior but rsaenh
instead. The acceptance of this flags combination is specific to the
Microsoft RSA CSP implementation and other vendors don't support it (I
tested it with four third party CSPs). Moreover, your patch will clearly
introduce unexpected CSP behavior when this combination of flags is
specified as you start by acquiring a context using CRYPT_NEWKEYSET
only: the returned context will not behave as intended by the
CRYPT_VERIFYCONTEXT flag which normally limits many things.
The modification to rsaenh is straightforward: in the code of
RSAENH_CPAcquireContext, juste add the line "case CRYPT_VERIFYCONTEXT |
CRYPT_NEWKEYSET:" above the existing line "case CRYPT_VERIFYCONTEXT:".

Mounir IDRASSI
IDRIX - Cryptography and IT Security Experts
http://www.idrix.fr


Maarten Lankhorst wrote:
> With tests. I think this is the correct way to do this: First try to
> Acquire with CRYPT_NEWKEYSET, then CRYPT_VERIFYCONTEXT if it already exists.
>   




More information about the wine-devel mailing list