rsaenh: Disallow deriving schannel encryption keys before setting the encryption algorithm.

2011-02-10 09:38:36 -08:00 · 2011-02-10 09:38:36 -08:00 · 8e479f7803
parent ea43c5989c
commit 8e479f7803
2 changed files with 6 additions and 1 deletions
--- a/dlls/rsaenh/rsaenh.c
+++ b/dlls/rsaenh/rsaenh.c
@ -3923,6 +3923,12 @@ BOOL WINAPI RSAENH_CPDeriveKey(HCRYPTPROV hProv, ALG_ID Algid, HCRYPTHASH hBaseD
            {
                /* See RFC 2246, chapter 6.3 Key calculation */
                case CALG_SCHANNEL_ENC_KEY:
+                    if (!pMasterKey->siSChannelInfo.saEncAlg.Algid ||
+                        !pMasterKey->siSChannelInfo.saEncAlg.cBits)
+                    {
+                        SetLastError(NTE_BAD_FLAGS);
+                        return FALSE;
+                    }
                    *phKey = new_key(hProv, pMasterKey->siSChannelInfo.saEncAlg.Algid, 
                                     MAKELONG(LOWORD(dwFlags),pMasterKey->siSChannelInfo.saEncAlg.cBits),
                                     &pCryptKey);
--- a/dlls/rsaenh/tests/rsaenh.c
+++ b/dlls/rsaenh/tests/rsaenh.c
@ -2371,7 +2371,6 @@ static void test_schannel_provider(void)
     * succeed before the encryption key algorithm is set.
     */
    result = CryptDeriveKey(hProv, CALG_SCHANNEL_ENC_KEY, hMasterHash, CRYPT_SERVER, &hServerWriteKey);
-    todo_wine
    ok (!result && GetLastError() == NTE_BAD_FLAGS,
        "expected NTE_BAD_FLAGS, got %08x\n", GetLastError());