rsaenh: Don't fail on signature verification if the signed hash lacks the OID.

This commit is contained in:
David Hedberg 2011-06-15 06:21:30 +02:00 committed by Alexandre Julliard
parent 7415946716
commit f8755d8422
2 changed files with 27 additions and 11 deletions

View File

@ -4472,16 +4472,21 @@ BOOL WINAPI RSAENH_CPVerifySignature(HCRYPTPROV hProv, HCRYPTHASH hHash, CONST B
goto cleanup; goto cleanup;
} }
if (!build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags)) { if (build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags) &&
!memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
res = TRUE;
goto cleanup; goto cleanup;
} }
if (memcmp(pbDecrypted, pbConstructed, dwSigLen)) { if (!(dwFlags & CRYPT_NOHASHOID) &&
SetLastError(NTE_BAD_SIGNATURE); build_hash_signature(pbConstructed, dwSigLen, aiAlgid, abHashValue, dwHashLen, dwFlags|CRYPT_NOHASHOID) &&
!memcmp(pbDecrypted, pbConstructed, dwSigLen)) {
res = TRUE;
goto cleanup; goto cleanup;
} }
res = TRUE; SetLastError(NTE_BAD_SIGNATURE);
cleanup: cleanup:
HeapFree(GetProcessHeap(), 0, pbConstructed); HeapFree(GetProcessHeap(), 0, pbConstructed);
HeapFree(GetProcessHeap(), 0, pbDecrypted); HeapFree(GetProcessHeap(), 0, pbDecrypted);

View File

@ -1771,15 +1771,14 @@ static void test_verify_signature(void) {
ok(result, "%08x\n", GetLastError()); ok(result, "%08x\n", GetLastError());
if (!result) return; if (!result) return;
result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID); /* It seems that CPVerifySignature doesn't care about the OID at all. */
result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, 0);
ok(result, "%08x\n", GetLastError()); ok(result, "%08x\n", GetLastError());
if (!result) return; if (!result) return;
/* Next test fails on WinXP SP2. It seems that CPVerifySignature doesn't care about result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
* the OID at all. */ ok(result, "%08x\n", GetLastError());
/*result = CryptVerifySignature(hHash, abSignatureMD2NoOID, 128, hPubSignKey, NULL, 0); if (!result) return;
ok(!result && GetLastError()==NTE_BAD_SIGNATURE, "%08lx\n", GetLastError());
if (result) return;*/
CryptDestroyHash(hHash); CryptDestroyHash(hHash);
@ -1795,6 +1794,10 @@ static void test_verify_signature(void) {
ok(result, "%08x\n", GetLastError()); ok(result, "%08x\n", GetLastError());
if (!result) return; if (!result) return;
result = CryptVerifySignature(hHash, abSignatureMD4NoOID, 128, hPubSignKey, NULL, 0);
ok(result, "%08x\n", GetLastError());
if (!result) return;
result = CryptVerifySignature(hHash, abSignatureMD4NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID); result = CryptVerifySignature(hHash, abSignatureMD4NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
ok(result, "%08x\n", GetLastError()); ok(result, "%08x\n", GetLastError());
if (!result) return; if (!result) return;
@ -1813,6 +1816,10 @@ static void test_verify_signature(void) {
ok(result, "%08x\n", GetLastError()); ok(result, "%08x\n", GetLastError());
if (!result) return; if (!result) return;
result = CryptVerifySignature(hHash, abSignatureMD5NoOID, 128, hPubSignKey, NULL, 0);
ok(result, "%08x\n", GetLastError());
if (!result) return;
result = CryptVerifySignature(hHash, abSignatureMD5NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID); result = CryptVerifySignature(hHash, abSignatureMD5NoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
ok(result, "%08x\n", GetLastError()); ok(result, "%08x\n", GetLastError());
if (!result) return; if (!result) return;
@ -1831,6 +1838,10 @@ static void test_verify_signature(void) {
ok(result, "%08x\n", GetLastError()); ok(result, "%08x\n", GetLastError());
if (!result) return; if (!result) return;
result = CryptVerifySignature(hHash, abSignatureSHANoOID, 128, hPubSignKey, NULL, 0);
ok(result, "%08x\n", GetLastError());
if (!result) return;
result = CryptVerifySignature(hHash, abSignatureSHANoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID); result = CryptVerifySignature(hHash, abSignatureSHANoOID, 128, hPubSignKey, NULL, CRYPT_NOHASHOID);
ok(result, "%08x\n", GetLastError()); ok(result, "%08x\n", GetLastError());
if (!result) return; if (!result) return;