From 408f3d96c5bbc84e5a1e32255364ed9fc78b1bad Mon Sep 17 00:00:00 2001
From: Juan Lang <juan.lang@gmail.com>
Date: Mon, 28 Jul 2008 20:15:37 -0700
Subject: [PATCH] rsaenh: Test and correct the maximum allowable salt length.

---
 dlls/rsaenh/rsaenh.c       |  6 +++---
 dlls/rsaenh/tests/rsaenh.c | 30 ++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/dlls/rsaenh/rsaenh.c b/dlls/rsaenh/rsaenh.c
index f957a1ffa7c..e681d69f7dd 100644
--- a/dlls/rsaenh/rsaenh.c
+++ b/dlls/rsaenh/rsaenh.c
@@ -2826,10 +2826,10 @@ BOOL WINAPI RSAENH_CPSetKeyParam(HCRYPTPROV hProv, HCRYPTKEY hKey, DWORD dwParam
         {
             CRYPT_INTEGER_BLOB *blob = (CRYPT_INTEGER_BLOB *)pbData;
 
-            /* salt length can't be greater than 128 bits = 16 bytes */
-            if (blob->cbData > 16)
+            /* salt length can't be greater than 184 bits = 24 bytes */
+            if (blob->cbData > 24)
             {
-                SetLastError(ERROR_INVALID_PARAMETER);
+                SetLastError(NTE_BAD_DATA);
                 return FALSE;
             }
             memcpy(pCryptKey->abKeyValue + pCryptKey->dwKeyLen, blob->pbData,
diff --git a/dlls/rsaenh/tests/rsaenh.c b/dlls/rsaenh/tests/rsaenh.c
index 479b4286d46..4f25831f217 100644
--- a/dlls/rsaenh/tests/rsaenh.c
+++ b/dlls/rsaenh/tests/rsaenh.c
@@ -749,6 +749,8 @@ static void test_rc2(void)
     if (!result) {
         ok(GetLastError()==NTE_BAD_ALGID, "%08x\n", GetLastError());
     } else {
+        CRYPT_INTEGER_BLOB salt;
+
         result = CryptHashData(hHash, (BYTE*)pbData, sizeof(pbData), 0);
         ok(result, "%08x\n", GetLastError());
 
@@ -812,6 +814,19 @@ static void test_rc2(void)
         result = CryptDecrypt(hKey, (HCRYPTHASH)NULL, TRUE, 0, pbData, &dwDataLen);
         ok(result, "%08x\n", GetLastError());
 
+        /* What sizes salt can I set? */
+        salt.pbData = pbData;
+        for (i=0; i<24; i++)
+        {
+            salt.cbData = i;
+            result = CryptSetKeyParam(hKey, KP_SALT_EX, (BYTE *)&salt, 0);
+            ok(result, "setting salt failed for size %d: %08x\n", i, GetLastError());
+        }
+        salt.cbData = 25;
+        SetLastError(0xdeadbeef);
+        result = CryptSetKeyParam(hKey, KP_SALT_EX, (BYTE *)&salt, 0);
+        ok(!result && GetLastError() == NTE_BAD_DATA, "%08x\n", GetLastError());
+
         result = CryptDestroyKey(hKey);
         ok(result, "%08x\n", GetLastError());
     }
@@ -901,6 +916,8 @@ static void test_rc4(void)
         /* rsaenh compiled without OpenSSL */
         ok(GetLastError() == NTE_BAD_ALGID, "%08x\n", GetLastError());
     } else {
+        CRYPT_INTEGER_BLOB salt;
+
         result = CryptHashData(hHash, (BYTE*)pbData, sizeof(pbData), 0);
            ok(result, "%08x\n", GetLastError());
 
@@ -949,6 +966,19 @@ static void test_rc4(void)
         result = CryptDecrypt(hKey, (HCRYPTHASH)NULL, TRUE, 0, pbData, &dwDataLen);
         ok(result, "%08x\n", GetLastError());
 
+        /* What sizes salt can I set? */
+        salt.pbData = pbData;
+        for (i=0; i<24; i++)
+        {
+            salt.cbData = i;
+            result = CryptSetKeyParam(hKey, KP_SALT_EX, (BYTE *)&salt, 0);
+            ok(result, "setting salt failed for size %d: %08x\n", i, GetLastError());
+        }
+        salt.cbData = 25;
+        SetLastError(0xdeadbeef);
+        result = CryptSetKeyParam(hKey, KP_SALT_EX, (BYTE *)&salt, 0);
+        ok(!result && GetLastError() == NTE_BAD_DATA, "%08x\n", GetLastError());
+
         result = CryptDestroyKey(hKey);
         ok(result, "%08x\n", GetLastError());
     }