[PATCH] cryptnet: Resolve object id to algorithm id when verifying OCSP response.
Torge Matthies
openglfreak at googlemail.com
Sun Jun 5 19:53:07 CDT 2022
From: Torge Matthies <tmatthies at codeweavers.com>
Instead of only allowing the SHA256RSA algorithm.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=53102
Signed-off-by: Torge Matthies <tmatthies at codeweavers.com>
---
dlls/cryptnet/cryptnet_main.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c
index e8c17407a9b..ac282f5aa82 100644
--- a/dlls/cryptnet/cryptnet_main.c
+++ b/dlls/cryptnet/cryptnet_main.c
@@ -1918,6 +1918,7 @@ static DWORD verify_signed_ocsp_response_info(const CERT_INFO *cert, const CERT_
HCRYPTPROV prov = 0;
HCRYPTHASH hash = 0;
HCRYPTKEY key = 0;
+ DWORD algid;
if (!CryptDecodeObjectEx(X509_ASN_ENCODING, OCSP_BASIC_SIGNED_RESPONSE, blob->pbData, blob->cbData,
CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)) return GetLastError();
@@ -1925,7 +1926,7 @@ static DWORD verify_signed_ocsp_response_info(const CERT_INFO *cert, const CERT_
if ((error = check_ocsp_response_info(cert, issuer, &info->ToBeSigned, &status))) goto done;
alg = &info->SignatureInfo.SignatureAlgorithm;
- if (!alg->pszObjId || strcmp(alg->pszObjId, szOID_RSA_SHA256RSA))
+ if (!alg->pszObjId || !(algid = CertOIDToAlgId(alg->pszObjId)))
{
FIXME("unhandled signature algorithm %s\n", debugstr_a(alg->pszObjId));
error = CRYPT_E_NO_REVOCATION_CHECK;
@@ -1933,7 +1934,7 @@ static DWORD verify_signed_ocsp_response_info(const CERT_INFO *cert, const CERT_
}
if (!CryptAcquireContextW(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) goto done;
- if (!CryptCreateHash(prov, CALG_SHA_256, 0, 0, &hash)) goto done;
+ if (!CryptCreateHash(prov, algid, 0, 0, &hash)) goto done;
if (!CryptHashData(hash, info->ToBeSigned.pbData, info->ToBeSigned.cbData, 0)) goto done;
sig = &info->SignatureInfo.Signature;
--
2.36.1
More information about the wine-devel
mailing list