rsaenh: Don't fail on signature verification if the signed hash lacks the OID.
This commit is contained in:
parent
7415946716
commit
f8755d8422
|
@ -4472,16 +4472,21 @@ BOOL WINAPI RSAENH_CPVerifySignature(HCRYPTPROV hProv, HCRYPTHASH hHash, CONST B
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags)) {
|
if (build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags) &&
|
||||||
|
!memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
|
||||||
|
res = TRUE;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
|
if (!(dwFlags & CRYPT_NOHASHOID) &&
|
||||||
SetLastError(NTE_BAD_SIGNATURE);
|
build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags|CRYPT_NOHASHOID) &&
|
||||||
|
!memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
|
||||||
|
res = TRUE;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
res = TRUE;
|
SetLastError(NTE_BAD_SIGNATURE);
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
HeapFree(GetProcessHeap(), 0, pbConstructed);
|
HeapFree(GetProcessHeap(), 0, pbConstructed);
|
||||||
HeapFree(GetProcessHeap(), 0, pbDecrypted);
|
HeapFree(GetProcessHeap(), 0, pbDecrypted);
|
||||||
|
|
|
@ -1771,15 +1771,14 @@ static void test_verify_signature(void) {
|
||||||
ok(result, "%08x\n", GetLastError());
|
ok(result, "%08x\n", GetLastError());
|
||||||
if (!result) return;
|
if (!result) return;
|
||||||
|
|
||||||
result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
|
/* It seems that CPVerifySignature doesn't care about the OID at all. */
|
||||||
|
result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, 0);
|
||||||
ok(result, "%08x\n", GetLastError());
|
ok(result, "%08x\n", GetLastError());
|
||||||
if (!result) return;
|
if (!result) return;
|
||||||
|
|
||||||
/* Next test fails on WinXP SP2. It seems that CPVerifySignature doesn't care about
|
result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
|
||||||
* the OID at all. */
|
ok(result, "%08x\n", GetLastError());
|
||||||
/*result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, 0);
|
if (!result) return;
|
||||||
ok(!result && GetLastError()==NTE_BAD_SIGNATURE, "%08lx\n", GetLastError());
|
|
||||||
if (result) return;*/
|
|
||||||
|
|
||||||
CryptDestroyHash(hHash);
|
CryptDestroyHash(hHash);
|
||||||
|
|
||||||
|
@ -1795,6 +1794,10 @@ static void test_verify_signature(void) {
|
||||||
ok(result, "%08x\n", GetLastError());
|
ok(result, "%08x\n", GetLastError());
|
||||||
if (!result) return;
|
if (!result) return;
|
||||||
|
|
||||||
|
result = CryptVerifySignature(hHash, abSignatureMD4NoOID, 128, hPubSignKey, NULL, 0);
|
||||||
|
ok(result, "%08x\n", GetLastError());
|
||||||
|
if (!result) return;
|
||||||
|
|
||||||
result = CryptVerifySignature(hHash, abSignatureMD4NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
|
result = CryptVerifySignature(hHash, abSignatureMD4NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
|
||||||
ok(result, "%08x\n", GetLastError());
|
ok(result, "%08x\n", GetLastError());
|
||||||
if (!result) return;
|
if (!result) return;
|
||||||
|
@ -1813,6 +1816,10 @@ static void test_verify_signature(void) {
|
||||||
ok(result, "%08x\n", GetLastError());
|
ok(result, "%08x\n", GetLastError());
|
||||||
if (!result) return;
|
if (!result) return;
|
||||||
|
|
||||||
|
result = CryptVerifySignature(hHash, abSignatureMD5NoOID, 128, hPubSignKey, NULL, 0);
|
||||||
|
ok(result, "%08x\n", GetLastError());
|
||||||
|
if (!result) return;
|
||||||
|
|
||||||
result = CryptVerifySignature(hHash, abSignatureMD5NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
|
result = CryptVerifySignature(hHash, abSignatureMD5NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
|
||||||
ok(result, "%08x\n", GetLastError());
|
ok(result, "%08x\n", GetLastError());
|
||||||
if (!result) return;
|
if (!result) return;
|
||||||
|
@ -1831,6 +1838,10 @@ static void test_verify_signature(void) {
|
||||||
ok(result, "%08x\n", GetLastError());
|
ok(result, "%08x\n", GetLastError());
|
||||||
if (!result) return;
|
if (!result) return;
|
||||||
|
|
||||||
|
result = CryptVerifySignature(hHash, abSignatureSHANoOID, 128, hPubSignKey, NULL, 0);
|
||||||
|
ok(result, "%08x\n", GetLastError());
|
||||||
|
if (!result) return;
|
||||||
|
|
||||||
result = CryptVerifySignature(hHash, abSignatureSHANoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
|
result = CryptVerifySignature(hHash, abSignatureSHANoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
|
||||||
ok(result, "%08x\n", GetLastError());
|
ok(result, "%08x\n", GetLastError());
|
||||||
if (!result) return;
|
if (!result) return;
|
||||||
|
|
Loading…
Reference in New Issue