wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2025-01-28 22:04:43 -08:00
Code Issues Packages Projects Releases Wiki Activity

Rebase against 866eec810e7342630d47887f8ad7e1fbb5a0e788.

Browse Source
This commit is contained in:
Sebastian Lackner 2017-08-17 20:17:02 +02:00
parent f6565eb6af
commit 0e27dc7034
9 changed files with 57 additions and 962 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

610
patches/bcrypt-Improvements/0001-bcrypt-Add-AES-provider.patch
View File

@ -1,610 +0,0 @@
From b05734fe9746e5dbbfcf248b2b892d6e09006956 Mon Sep 17 00:00:00 2001
From: Hans Leidekker <hans@codeweavers.com>
Date: Mon, 19 Dec 2016 19:38:52 +0100
Subject: bcrypt: Add AES provider.
---
dlls/bcrypt/bcrypt.spec | 10 +-
dlls/bcrypt/bcrypt_main.c | 353 ++++++++++++++++++++++++++++++++++++++++++++-
dlls/bcrypt/tests/bcrypt.c | 18 +--
dlls/ncrypt/ncrypt.spec | 10 +-
include/bcrypt.h | 3 +
5 files changed, 361 insertions(+), 33 deletions(-)
diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec
index a1cce4423dc..9ecd21d767c 100644
--- a/dlls/bcrypt/bcrypt.spec
+++ b/dlls/bcrypt/bcrypt.spec
@@ -5,15 +5,15 @@
@ stub BCryptConfigureContextFunction
@ stub BCryptCreateContext
@ stdcall BCryptCreateHash(ptr ptr ptr long ptr long long)
-@ stub BCryptDecrypt
+@ stdcall BCryptDecrypt(ptr ptr long ptr ptr long ptr long ptr long)
@ stub BCryptDeleteContext
@ stub BCryptDeriveKey
@ stdcall BCryptDestroyHash(ptr)
-@ stub BCryptDestroyKey
+@ stdcall BCryptDestroyKey(ptr)
@ stub BCryptDestroySecret
@ stdcall BCryptDuplicateHash(ptr ptr ptr long long)
@ stub BCryptDuplicateKey
-@ stub BCryptEncrypt
+@ stdcall BCryptEncrypt(ptr ptr long ptr ptr long ptr long ptr long)
@ stdcall BCryptEnumAlgorithms(long ptr ptr long)
@ stub BCryptEnumContextFunctionProviders
@ stub BCryptEnumContextFunctions
@@ -26,7 +26,7 @@
@ stub BCryptFreeBuffer
@ stdcall BCryptGenRandom(ptr ptr long long)
@ stub BCryptGenerateKeyPair
-@ stub BCryptGenerateSymmetricKey
+@ stdcall BCryptGenerateSymmetricKey(ptr ptr ptr long ptr long long)
@ stdcall BCryptGetFipsAlgorithmMode(ptr)
@ stdcall BCryptGetProperty(ptr wstr ptr long ptr long)
@ stdcall BCryptHash(ptr ptr long ptr long ptr long)
@@ -46,7 +46,7 @@
@ stub BCryptSecretAgreement
@ stub BCryptSetAuditingInterface
@ stub BCryptSetContextFunctionProperty
-@ stub BCryptSetProperty
+@ stdcall BCryptSetProperty(ptr wstr ptr long long)
@ stub BCryptSignHash
@ stub BCryptUnregisterConfigChangeNotify
@ stub BCryptUnregisterProvider
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 80d7ddb9466..247b3dc7327 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -51,6 +51,10 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag);
static void *libgnutls_handle;
#define MAKE_FUNCPTR(f) static typeof(f) * p##f
+MAKE_FUNCPTR(gnutls_cipher_init);
+MAKE_FUNCPTR(gnutls_cipher_deinit);
+MAKE_FUNCPTR(gnutls_cipher_encrypt2);
+MAKE_FUNCPTR(gnutls_cipher_decrypt2);
MAKE_FUNCPTR(gnutls_global_deinit);
MAKE_FUNCPTR(gnutls_global_init);
MAKE_FUNCPTR(gnutls_global_set_log_function);
@@ -80,6 +84,10 @@ static BOOL gnutls_initialize(void)
goto fail; \
}
+ LOAD_FUNCPTR(gnutls_cipher_init)
+ LOAD_FUNCPTR(gnutls_cipher_deinit)
+ LOAD_FUNCPTR(gnutls_cipher_encrypt2)
+ LOAD_FUNCPTR(gnutls_cipher_decrypt2)
LOAD_FUNCPTR(gnutls_global_deinit)
LOAD_FUNCPTR(gnutls_global_init)
LOAD_FUNCPTR(gnutls_global_set_log_function)
@@ -128,6 +136,7 @@ NTSTATUS WINAPI BCryptEnumAlgorithms(ULONG dwAlgOperations, ULONG *pAlgCount,
#define MAGIC_ALG (('A' << 24) | ('L' << 16) | ('G' << 8) | '0')
#define MAGIC_HASH (('H' << 24) | ('A' << 16) | ('S' << 8) | 'H')
+#define MAGIC_KEY (('K' << 24) | ('E' << 16) | ('Y' << 8) | '0')
struct object
{
ULONG magic;
@@ -135,6 +144,7 @@ struct object
enum alg_id
{
+ ALG_ID_AES,
ALG_ID_MD5,
ALG_ID_RNG,
ALG_ID_SHA1,
@@ -152,6 +162,7 @@ static const struct {
ULONG block_bits;
const WCHAR *alg_name;
} alg_props[] = {
+ /* ALG_ID_AES */ { 654, 0, 0, BCRYPT_AES_ALGORITHM },
/* ALG_ID_MD5 */ { 274, 16, 512, BCRYPT_MD5_ALGORITHM },
/* ALG_ID_RNG */ { 0, 0, 0, BCRYPT_RNG_ALGORITHM },
/* ALG_ID_SHA1 */ { 278, 20, 512, BCRYPT_SHA1_ALGORITHM },
@@ -210,11 +221,10 @@ NTSTATUS WINAPI BCryptGenRandom(BCRYPT_ALG_HANDLE handle, UCHAR *buffer, ULONG c
NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR id, LPCWSTR implementation, DWORD flags )
{
+ const DWORD supported_flags = BCRYPT_ALG_HANDLE_HMAC_FLAG;
struct algorithm *alg;
enum alg_id alg_id;
- const DWORD supported_flags = BCRYPT_ALG_HANDLE_HMAC_FLAG;
-
TRACE( "%p, %s, %s, %08x\n", handle, wine_dbgstr_w(id), wine_dbgstr_w(implementation), flags );
if (!handle || !id) return STATUS_INVALID_PARAMETER;
@@ -224,9 +234,10 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR
return STATUS_NOT_IMPLEMENTED;
}
- if (!strcmpW( id, BCRYPT_SHA1_ALGORITHM )) alg_id = ALG_ID_SHA1;
+ if (!strcmpW( id, BCRYPT_AES_ALGORITHM )) alg_id = ALG_ID_AES;
else if (!strcmpW( id, BCRYPT_MD5_ALGORITHM )) alg_id = ALG_ID_MD5;
else if (!strcmpW( id, BCRYPT_RNG_ALGORITHM )) alg_id = ALG_ID_RNG;
+ else if (!strcmpW( id, BCRYPT_SHA1_ALGORITHM )) alg_id = ALG_ID_SHA1;
else if (!strcmpW( id, BCRYPT_SHA256_ALGORITHM )) alg_id = ALG_ID_SHA256;
else if (!strcmpW( id, BCRYPT_SHA384_ALGORITHM )) alg_id = ALG_ID_SHA384;
else if (!strcmpW( id, BCRYPT_SHA512_ALGORITHM )) alg_id = ALG_ID_SHA512;
@@ -388,6 +399,8 @@ struct hash
struct hash_impl inner;
};
+#define BLOCK_LENGTH_AES 16
+
static NTSTATUS generic_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
{
if (!strcmpW( prop, BCRYPT_OBJECT_LENGTH ))
@@ -432,9 +445,43 @@ static NTSTATUS get_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *buf,
NTSTATUS status;
status = generic_alg_property( id, prop, buf, size, ret_size );
- if (status == STATUS_NOT_IMPLEMENTED)
- FIXME( "unsupported property %s\n", debugstr_w(prop) );
- return status;
+ if (status != STATUS_NOT_IMPLEMENTED)
+ return status;
+
+ switch (id)
+ {
+ case ALG_ID_AES:
+ if (!strcmpW( prop, BCRYPT_BLOCK_LENGTH ))
+ {
+ *ret_size = sizeof(ULONG);
+ if (size < sizeof(ULONG))
+ return STATUS_BUFFER_TOO_SMALL;
+ if (buf)
+ *(ULONG *)buf = BLOCK_LENGTH_AES;
+ return STATUS_SUCCESS;
+ }
+ if (!strcmpW( prop, BCRYPT_CHAINING_MODE ))
+ {
+ if (size >= sizeof(BCRYPT_CHAIN_MODE_CBC))
+ {
+ memcpy(buf, BCRYPT_CHAIN_MODE_CBC, sizeof(BCRYPT_CHAIN_MODE_CBC));
+ *ret_size = sizeof(BCRYPT_CHAIN_MODE_CBC) * sizeof(WCHAR);
+ return STATUS_SUCCESS;
+ }
+ else
+ {
+ *ret_size = sizeof(BCRYPT_CHAIN_MODE_CBC) * sizeof(WCHAR);
+ return STATUS_BUFFER_TOO_SMALL;
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
+
+ FIXME( "unsupported property %s\n", debugstr_w(prop) );
+ return STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS get_hash_property( enum alg_id id, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
@@ -474,6 +521,13 @@ NTSTATUS WINAPI BCryptGetProperty( BCRYPT_HANDLE handle, LPCWSTR prop, UCHAR *bu
}
}
+NTSTATUS WINAPI BCryptSetProperty( BCRYPT_HANDLE handle, const WCHAR *prop, UCHAR *value,
+ ULONG size, ULONG flags )
+{
+ FIXME( "%p, %s, %p, %u, %08x\n", handle, debugstr_w(prop), value, size, flags );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
NTSTATUS WINAPI BCryptCreateHash( BCRYPT_ALG_HANDLE algorithm, BCRYPT_HASH_HANDLE *handle, UCHAR *object, ULONG objectlen,
UCHAR *secret, ULONG secretlen, ULONG flags )
{
@@ -632,6 +686,293 @@ NTSTATUS WINAPI BCryptHash( BCRYPT_ALG_HANDLE algorithm, UCHAR *secret, ULONG se
return BCryptDestroyHash( handle );
}
+#if defined(HAVE_GNUTLS_HASH) && !defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H)
+struct key
+{
+ struct object hdr;
+ enum alg_id alg_id;
+ ULONG block_size;
+ gnutls_cipher_hd_t handle;
+ UCHAR *secret;
+ ULONG secret_len;
+};
+
+static ULONG get_block_size( enum alg_id alg )
+{
+ ULONG ret = 0, size = sizeof(ret);
+ get_alg_property( alg, BCRYPT_BLOCK_LENGTH, (UCHAR *)&ret, sizeof(ret), &size );
+ return ret;
+}
+
+static NTSTATUS key_init( struct key *key, enum alg_id id, UCHAR *secret, ULONG secret_len )
+{
+ if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
+
+ switch (id)
+ {
+ case ALG_ID_AES:
+ break;
+
+ default:
+ FIXME( "algorithm %u not supported\n", id );
+ return STATUS_NOT_SUPPORTED;
+ }
+
+ if (!(key->block_size = get_block_size( id ))) return STATUS_INVALID_PARAMETER;
+
+ key->alg_id = id;
+ key->handle = 0; /* initialized on first use */
+ key->secret = secret;
+ key->secret_len = secret_len;
+
+ return STATUS_SUCCESS;
+}
+
+static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
+{
+ switch (key->alg_id)
+ {
+ case ALG_ID_AES:
+ FIXME( "handle block size and chaining mode\n" );
+ return GNUTLS_CIPHER_AES_128_CBC;
+
+ default:
+ FIXME( "algorithm %u not supported\n", key->alg_id );
+ return GNUTLS_CIPHER_UNKNOWN;
+ }
+}
+
+static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
+{
+ gnutls_cipher_algorithm_t cipher;
+ gnutls_datum_t secret, vector;
+ int ret;
+
+ if (key->handle)
+ {
+ pgnutls_cipher_deinit( key->handle );
+ key->handle = NULL;
+ }
+
+ if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN)
+ return STATUS_NOT_SUPPORTED;
+
+ secret.data = key->secret;
+ secret.size = key->secret_len;
+ if (iv)
+ {
+ vector.data = iv;
+ vector.size = iv_len;
+ }
+
+ if ((ret = pgnutls_cipher_init( &key->handle, cipher, &secret, iv ? &vector : NULL )))
+ {
+ pgnutls_perror( ret );
+ return STATUS_INTERNAL_ERROR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
+ ULONG output_len )
+{
+ int ret;
+
+ if ((ret = pgnutls_cipher_encrypt2( key->handle, input, input_len, output, output_len )))
+ {
+ pgnutls_perror( ret );
+ return STATUS_INTERNAL_ERROR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
+ ULONG output_len )
+{
+ int ret;
+
+ if ((ret = pgnutls_cipher_decrypt2( key->handle, input, input_len, output, output_len )))
+ {
+ pgnutls_perror( ret );
+ return STATUS_INTERNAL_ERROR;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+static NTSTATUS key_destroy( struct key *key )
+{
+ if (key->handle) pgnutls_cipher_deinit( key->handle );
+ HeapFree( GetProcessHeap(), 0, key->secret );
+ HeapFree( GetProcessHeap(), 0, key );
+ return STATUS_SUCCESS;
+}
+#else
+struct key
+{
+ struct object hdr;
+ ULONG block_size;
+};
+
+static NTSTATUS key_init( struct key *key, enum alg_id id, const UCHAR *secret, ULONG secret_len )
+{
+ ERR( "support for keys not available at build time\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
+{
+ ERR( "support for keys not available at build time\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
+ ULONG output_len )
+{
+ ERR( "support for keys not available at build time\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output,
+ ULONG output_len )
+{
+ ERR( "support for keys not available at build time\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+
+static NTSTATUS key_destroy( struct key *key )
+{
+ ERR( "support for keys not available at build time\n" );
+ return STATUS_NOT_IMPLEMENTED;
+}
+#endif
+
+NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE *handle,
+ UCHAR *object, ULONG object_len, UCHAR *secret, ULONG secret_len,
+ ULONG flags )
+{
+ struct algorithm *alg = algorithm;
+ struct key *key;
+ NTSTATUS status;
+
+ TRACE( "%p, %p, %p, %u, %p, %u, %08x\n", alg, handle, object, object_len, secret, secret_len, flags );
+
+ if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE;
+ if (object) FIXME( "ignoring object buffer\n" );
+
+ if (!(key = HeapAlloc( GetProcessHeap(), 0, sizeof(*key) ))) return STATUS_NO_MEMORY;
+ key->hdr.magic = MAGIC_KEY;
+
+ if ((status = key_init( key, alg->id, secret, secret_len )))
+ {
+ HeapFree( GetProcessHeap(), 0, key );
+ return status;
+ }
+
+ *handle = key;
+ return STATUS_SUCCESS;
+}
+
+NTSTATUS WINAPI BCryptDestroyKey( BCRYPT_KEY_HANDLE handle )
+{
+ struct key *key = handle;
+
+ TRACE( "%p\n", handle );
+
+ if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
+ return key_destroy( key );
+}
+
+NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG input_len,
+ void *padding, UCHAR *iv, ULONG iv_len, UCHAR *output,
+ ULONG output_len, ULONG *ret_len, ULONG flags )
+{
+ struct key *key = handle;
+ ULONG bytes_left = input_len;
+ UCHAR *buf, *src, *dst;
+ NTSTATUS status;
+
+ TRACE( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len,
+ padding, iv, iv_len, output, output_len, ret_len, flags );
+
+ if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
+ if (padding)
+ {
+ FIXME( "padding info not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+ }
+ if (flags & ~BCRYPT_BLOCK_PADDING)
+ {
+ FIXME( "flags %08x not implemented\n", flags );
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
+ if ((status = key_set_params( key, iv, iv_len ))) return status;
+
+ *ret_len = input_len;
+ if (input_len & (key->block_size - 1))
+ {
+ if (!(flags & BCRYPT_BLOCK_PADDING)) return STATUS_INVALID_BUFFER_SIZE;
+ *ret_len = (input_len + key->block_size - 1) & ~(key->block_size - 1);
+ }
+ if (!output) return STATUS_SUCCESS;
+ if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
+
+ src = input;
+ dst = output;
+ while (bytes_left >= key->block_size)
+ {
+ if ((status = key_encrypt( key, src, key->block_size, dst, key->block_size ))) return status;
+ bytes_left -= key->block_size;
+ src += key->block_size;
+ dst += key->block_size;
+ }
+ if (bytes_left)
+ {
+ if (!(buf = HeapAlloc( GetProcessHeap(), 0, key->block_size ))) return STATUS_NO_MEMORY;
+ memcpy( buf, src, bytes_left );
+ memset( buf + bytes_left, key->block_size - bytes_left, key->block_size - bytes_left );
+ status = key_encrypt( key, buf, key->block_size, dst, key->block_size );
+ HeapFree( GetProcessHeap(), 0, buf );
+ }
+
+ return status;
+}
+
+NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG input_len,
+ void *padding, UCHAR *iv, ULONG iv_len, UCHAR *output,
+ ULONG output_len, ULONG *ret_len, ULONG flags )
+{
+ struct key *key = handle;
+ NTSTATUS status;
+
+ TRACE( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len,
+ padding, iv, iv_len, output, output_len, ret_len, flags );
+
+ if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
+ if (padding)
+ {
+ FIXME( "padding info not implemented\n" );
+ return STATUS_NOT_IMPLEMENTED;
+ }
+ if (flags & ~BCRYPT_BLOCK_PADDING)
+ {
+ FIXME( "flags %08x not supported\n", flags );
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
+ if ((status = key_set_params( key, iv, iv_len ))) return status;
+
+ *ret_len = input_len;
+ if (input_len & (key->block_size - 1)) return STATUS_INVALID_BUFFER_SIZE;
+ if (!output) return STATUS_SUCCESS;
+ if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
+
+ return key_decrypt( key, input, input_len, output, output_len );
+}
+
BOOL WINAPI DllMain( HINSTANCE hinst, DWORD reason, LPVOID reserved )
{
switch (reason)
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index 42312b45b78..4d5891b461b 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -704,7 +704,7 @@ static void test_aes(void)
ULONG size, len;
UCHAR mode[64];
NTSTATUS ret;
-todo_wine {
+
alg = NULL;
ret = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_AES_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0);
ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
@@ -738,7 +738,6 @@ todo_wine {
ret = pBCryptCloseAlgorithmProvider(alg, 0);
ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
}
-}
static void test_BCryptGenerateSymmetricKey(void)
{
@@ -757,11 +756,6 @@ static void test_BCryptGenerateSymmetricKey(void)
NTSTATUS ret;
ret = pBCryptOpenAlgorithmProvider(&aes, BCRYPT_AES_ALGORITHM, NULL, 0);
- if (ret != STATUS_SUCCESS) /* remove whole IF when Wine is fixed */
- {
- todo_wine ok(0, "AES provider not available\n");
- return;
- }
ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
len = size = 0xdeadbeef;
@@ -846,11 +840,6 @@ static void test_BCryptEncrypt(void)
NTSTATUS ret;
ret = pBCryptOpenAlgorithmProvider(&aes, BCRYPT_AES_ALGORITHM, NULL, 0);
- if (ret != STATUS_SUCCESS) /* remove whole IF when Wine is fixed */
- {
- todo_wine ok(0, "AES provider not available\n");
- return;
- }
ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
len = 0xdeadbeef;
@@ -937,11 +926,6 @@ static void test_BCryptDecrypt(void)
NTSTATUS ret;
ret = pBCryptOpenAlgorithmProvider(&aes, BCRYPT_AES_ALGORITHM, NULL, 0);
- if (ret != STATUS_SUCCESS) /* remove whole IF when Wine is fixed */
- {
- todo_wine ok(0, "AES provider not available\n");
- return;
- }
ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
len = 0xdeadbeef;
diff --git a/dlls/ncrypt/ncrypt.spec b/dlls/ncrypt/ncrypt.spec
index 6e871a5d6b8..1a78853bf49 100644
--- a/dlls/ncrypt/ncrypt.spec
+++ b/dlls/ncrypt/ncrypt.spec
@@ -5,17 +5,17 @@
@ stub BCryptConfigureContextFunction
@ stub BCryptCreateContext
@ stdcall BCryptCreateHash(ptr ptr ptr long ptr long long) bcrypt.BCryptCreateHash
-@ stub BCryptDecrypt
+@ stdcall BCryptDecrypt(ptr ptr long ptr ptr long ptr long ptr long) bcrypt.BCryptDecrypt
@ stub BCryptDeleteContext
@ stub BCryptDeriveKey
@ stub BCryptDeriveKeyCapi
@ stub BCryptDeriveKeyPBKDF2
@ stdcall BCryptDestroyHash(ptr) bcrypt.BCryptDestroyHash
-@ stub BCryptDestroyKey
+@ stdcall BCryptDestroyKey(ptr) bcrypt.BCryptDestroyKey
@ stub BCryptDestroySecret
@ stdcall BCryptDuplicateHash(ptr ptr ptr long long) bcrypt.BCryptDuplicateHash
@ stub BCryptDuplicateKey
-@ stub BCryptEncrypt
+@ stdcall BCryptEncrypt(ptr ptr long ptr ptr long ptr long ptr long) bcrypt.BCryptEncrypt
@ stdcall BCryptEnumAlgorithms(long ptr ptr long) bcrypt.BCryptEnumAlgorithms
@ stub BCryptEnumContextFunctionProviders
@ stub BCryptEnumContextFunctions
@@ -28,7 +28,7 @@
@ stub BCryptFreeBuffer
@ stdcall BCryptGenRandom(ptr ptr long long) bcrypt.BCryptGenRandom
@ stub BCryptGenerateKeyPair
-@ stub BCryptGenerateSymmetricKey
+@ stdcall BCryptGenerateSymmetricKey(ptr ptr ptr long ptr long long) bcrypt.BCryptGenerateSymmetricKey
@ stdcall BCryptGetFipsAlgorithmMode(ptr) bcrypt.BCryptGetFipsAlgorithmMode
@ stdcall BCryptGetProperty(ptr wstr ptr long ptr long) bcrypt.BCryptGetProperty
@ stdcall BCryptHash(ptr ptr long ptr long ptr long) bcrypt.BCryptHash
@@ -49,7 +49,7 @@
@ stub BCryptSecretAgreement
@ stub BCryptSetAuditingInterface
@ stub BCryptSetContextFunctionProperty
-@ stub BCryptSetProperty
+@ stdcall BCryptSetProperty(ptr wstr ptr long long) bcrypt.BCryptSetProperty
@ stub BCryptSignHash
@ stub BCryptUnregisterConfigChangeNotify
@ stub BCryptUnregisterProvider
diff --git a/include/bcrypt.h b/include/bcrypt.h
index 05d0691f9c3..6af85e36143 100644
--- a/include/bcrypt.h
+++ b/include/bcrypt.h
@@ -74,6 +74,9 @@ typedef LONG NTSTATUS;
#define BCRYPT_CHAIN_MODE_NA (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','N','/','A',0}
#define BCRYPT_CHAIN_MODE_CBC (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','C','B','C',0}
#define BCRYPT_CHAIN_MODE_ECB (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','E','C','B',0}
+#define BCRYPT_CHAIN_MODE_CFB (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','C','F','B',0}
+#define BCRYPT_CHAIN_MODE_CCM (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','C','C','M',0}
+#define BCRYPT_CHAIN_MODE_GCM (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','G','C','M',0}
typedef struct _BCRYPT_ALGORITHM_IDENTIFIER
{
--
2.11.0

26
patches/bcrypt-Improvements/0001-include-Add-missing-BCRYPT_CHAIN_MODE-definitions.patch Normal file
View File

@ -0,0 +1,26 @@
From 1678dc51bead9b84a2670e122c87f70d1c023935 Mon Sep 17 00:00:00 2001
From: Hans Leidekker <hans@codeweavers.com>
Date: Thu, 17 Aug 2017 18:02:53 +0200
Subject: include: Add missing BCRYPT_CHAIN_MODE definitions.
---
include/bcrypt.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/include/bcrypt.h b/include/bcrypt.h
index 9e193da5de5..34ffc100d6b 100644
--- a/include/bcrypt.h
+++ b/include/bcrypt.h
@@ -74,6 +74,9 @@ typedef LONG NTSTATUS;
#define BCRYPT_CHAIN_MODE_NA (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','N','/','A',0}
#define BCRYPT_CHAIN_MODE_CBC (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','C','B','C',0}
#define BCRYPT_CHAIN_MODE_ECB (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','E','C','B',0}
+#define BCRYPT_CHAIN_MODE_CFB (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','C','F','B',0}
+#define BCRYPT_CHAIN_MODE_CCM (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','C','C','M',0}
+#define BCRYPT_CHAIN_MODE_GCM (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','G','C','M',0}
typedef struct _BCRYPT_ALGORITHM_IDENTIFIER
{
--
2.13.1

111
patches/bcrypt-Improvements/0006-bcrypt-Fix-handling-of-padding-when-input-size-equal.patch
View File

@ -1,111 +0,0 @@
From 026aff5aa7c66fdc8e8c724dc73217585e8edf91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Wed, 21 Dec 2016 04:09:03 +0100
Subject: bcrypt: Fix handling of padding when input size equals block size for
AES.
---
dlls/bcrypt/bcrypt_main.c | 14 ++++++++------
dlls/bcrypt/tests/bcrypt.c | 33 ++++++++++++++++++++++++++++++++-
2 files changed, 40 insertions(+), 7 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 944a9ea..f53ea1c 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -997,11 +997,12 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if ((status = key_set_params( key, iv, iv_len ))) return status;
*ret_len = input_len;
- if (input_len & (key->block_size - 1))
- {
- if (!(flags & BCRYPT_BLOCK_PADDING)) return STATUS_INVALID_BUFFER_SIZE;
- *ret_len = (input_len + key->block_size - 1) & ~(key->block_size - 1);
- }
+
+ if (flags & BCRYPT_BLOCK_PADDING)
+ *ret_len = (input_len + key->block_size) & ~(key->block_size - 1);
+ else if (input_len & (key->block_size - 1))
+ return STATUS_INVALID_BUFFER_SIZE;
+
if (!output) return STATUS_SUCCESS;
if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
@@ -1014,7 +1015,8 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
src += key->block_size;
dst += key->block_size;
}
- if (bytes_left)
+
+ if (flags & BCRYPT_BLOCK_PADDING)
{
if (!(buf = HeapAlloc( GetProcessHeap(), 0, key->block_size ))) return STATUS_NO_MEMORY;
memcpy( buf, src, bytes_left );
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index 2668153..64a4625 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -918,14 +918,21 @@ static void test_BCryptEncrypt(void)
{0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
static UCHAR data[] =
{0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10};
+ static UCHAR data2[] =
+ {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+ 0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10};
static UCHAR expected[] =
{0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79};
static UCHAR expected2[] =
{0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
0x28,0x73,0x3d,0xef,0x84,0x8f,0xb0,0xa6,0x5d,0x1a,0x51,0xb7,0xec,0x8f,0xea,0xe9};
+ static UCHAR expected3[] =
+ {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
+ 0xb1,0xa2,0x92,0x73,0xbe,0x2c,0x42,0x07,0xa5,0xac,0xe3,0x93,0x39,0x8c,0xb6,0xfb,
+ 0x87,0x5d,0xea,0xa3,0x7e,0x0f,0xde,0xfa,0xd9,0xec,0x6c,0x4e,0x3c,0x76,0x86,0xe4};
BCRYPT_ALG_HANDLE aes;
BCRYPT_KEY_HANDLE key;
- UCHAR *buf, ciphertext[32], ivbuf[16];
+ UCHAR *buf, ciphertext[48], ivbuf[16];
ULONG size, len, i;
NTSTATUS ret;
@@ -982,6 +989,23 @@ static void test_BCryptEncrypt(void)
for (i = 0; i < 32; i++)
ok(ciphertext[i] == expected2[i], "%u: %02x != %02x\n", i, ciphertext[i], expected2[i]);
+ /* input size is a multiple of block size, block padding set */
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ ret = pBCryptEncrypt(key, data2, 32, NULL, ivbuf, 16, NULL, 0, &size, BCRYPT_BLOCK_PADDING);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size == 48, "got %u\n", size);
+
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ memset(ciphertext, 0, sizeof(ciphertext));
+ ret = pBCryptEncrypt(key, data2, 32, NULL, ivbuf, 16, ciphertext, 48, &size, BCRYPT_BLOCK_PADDING);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size == 48, "got %u\n", size);
+ ok(!memcmp(ciphertext, expected3, sizeof(expected3)), "wrong data\n");
+ for (i = 0; i < 48; i++)
+ ok(ciphertext[i] == expected3[i], "%u: %02x != %02x\n", i, ciphertext[i], expected3[i]);
+
/* output size too small */
size = 0;
memcpy(ivbuf, iv, sizeof(iv));
@@ -990,6 +1014,13 @@ static void test_BCryptEncrypt(void)
ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
ok(size == 32, "got %u\n", size);
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ memset(ciphertext, 0, sizeof(ciphertext));
+ ret = pBCryptEncrypt(key, data2, 32, NULL, ivbuf, 16, ciphertext, 32, &size, BCRYPT_BLOCK_PADDING);
+ ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
+ ok(size == 48, "got %u\n", size);
+
ret = pBCryptDestroyKey(key);
ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
HeapFree(GetProcessHeap(), 0, buf);
--
2.9.0

165
patches/bcrypt-Improvements/0007-bcrypt-Properly-handle-padding-in-AES-decryption.patch
View File

@ -1,165 +0,0 @@
From 6a57c0b62866b751a5140d35ae7b131bd895745f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Wed, 21 Dec 2016 05:12:06 +0100
Subject: bcrypt: Properly handle padding in AES decryption.
---
dlls/bcrypt/bcrypt_main.c | 39 +++++++++++++++++++++++++++--
dlls/bcrypt/tests/bcrypt.c | 62 +++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 98 insertions(+), 3 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index f97638f..653301b 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1032,6 +1032,8 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
ULONG output_len, ULONG *ret_len, ULONG flags )
{
struct key *key = handle;
+ ULONG bytes_left = input_len;
+ UCHAR *buf, *src, *dst;
NTSTATUS status;
TRACE( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len,
@@ -1052,11 +1054,44 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if ((status = key_set_params( key, iv, iv_len ))) return status;
*ret_len = input_len;
+
if (input_len & (key->block_size - 1)) return STATUS_INVALID_BUFFER_SIZE;
if (!output) return STATUS_SUCCESS;
- if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
+ if (flags & BCRYPT_BLOCK_PADDING)
+ {
+ if (output_len + key->block_size < *ret_len) return STATUS_BUFFER_TOO_SMALL;
+ if (input_len < key->block_size) return STATUS_BUFFER_TOO_SMALL;
+ bytes_left -= key->block_size;
+ }
+ else if (output_len < *ret_len)
+ return STATUS_BUFFER_TOO_SMALL;
- return key_decrypt( key, input, input_len, output, output_len );
+ src = input;
+ dst = output;
+ while (bytes_left >= key->block_size)
+ {
+ if ((status = key_decrypt( key, src, key->block_size, dst, key->block_size ))) return status;
+ bytes_left -= key->block_size;
+ src += key->block_size;
+ dst += key->block_size;
+ }
+
+ if (flags & BCRYPT_BLOCK_PADDING)
+ {
+ if (!(buf = HeapAlloc( GetProcessHeap(), 0, key->block_size ))) return STATUS_NO_MEMORY;
+ status = key_decrypt( key, src, key->block_size, buf, key->block_size );
+ if (!status && buf[ key->block_size - 1 ] <= key->block_size)
+ {
+ *ret_len -= buf[ key->block_size - 1 ];
+ if (output_len < *ret_len) status = STATUS_BUFFER_TOO_SMALL;
+ else memcpy( dst, buf, key->block_size - buf[ key->block_size - 1 ] );
+ }
+ else
+ status = STATUS_UNSUCCESSFUL; /* FIXME: invalid padding */
+ HeapFree( GetProcessHeap(), 0, buf );
+ }
+
+ return status;
}
BOOL WINAPI DllMain( HINSTANCE hinst, DWORD reason, LPVOID reserved )
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index 64a4625..997b298 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -1037,12 +1037,24 @@ static void test_BCryptDecrypt(void)
{0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
static UCHAR expected[] =
{0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
+ static UCHAR expected2[] =
+ {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10};
+ static UCHAR expected3[] =
+ {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+ 0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10};
static UCHAR ciphertext[32] =
{0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
0x28,0x73,0x3d,0xef,0x84,0x8f,0xb0,0xa6,0x5d,0x1a,0x51,0xb7,0xec,0x8f,0xea,0xe9};
+ static UCHAR ciphertext2[] =
+ {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
+ 0x28,0x73,0x3d,0xef,0x84,0x8f,0xb0,0xa6,0x5d,0x1a,0x51,0xb7,0xec,0x8f,0xea,0xe9};
+ static UCHAR ciphertext3[] =
+ {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
+ 0xb1,0xa2,0x92,0x73,0xbe,0x2c,0x42,0x07,0xa5,0xac,0xe3,0x93,0x39,0x8c,0xb6,0xfb,
+ 0x87,0x5d,0xea,0xa3,0x7e,0x0f,0xde,0xfa,0xd9,0xec,0x6c,0x4e,0x3c,0x76,0x86,0xe4};
BCRYPT_ALG_HANDLE aes;
BCRYPT_KEY_HANDLE key;
- UCHAR *buf, plaintext[32], ivbuf[16];
+ UCHAR *buf, plaintext[48], ivbuf[16];
ULONG size, len;
NTSTATUS ret;
@@ -1073,6 +1085,36 @@ static void test_BCryptDecrypt(void)
ok(size == 32, "got %u\n", size);
ok(!memcmp(plaintext, expected, sizeof(expected)), "wrong data\n");
+ /* test with padding smaller than block size */
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ ret = pBCryptDecrypt(key, ciphertext2, 32, NULL, ivbuf, 16, NULL, 0, &size, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size == 32, "got %u\n", size);
+
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ memset(plaintext, 0, sizeof(plaintext));
+ ret = pBCryptDecrypt(key, ciphertext2, 32, NULL, ivbuf, 16, plaintext, 17, &size, BCRYPT_BLOCK_PADDING);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size == 17, "got %u\n", size);
+ ok(!memcmp(plaintext, expected2, sizeof(expected2)), "wrong data\n");
+
+ /* test with padding of block size */
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ ret = pBCryptDecrypt(key, ciphertext3, 48, NULL, ivbuf, 16, NULL, 0, &size, 0);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size == 48, "got %u\n", size);
+
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ memset(plaintext, 0, sizeof(plaintext));
+ ret = pBCryptDecrypt(key, ciphertext3, 48, NULL, ivbuf, 16, plaintext, 32, &size, BCRYPT_BLOCK_PADDING);
+ ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ ok(size == 32, "got %u\n", size);
+ ok(!memcmp(plaintext, expected3, sizeof(expected3)), "wrong data\n");
+
/* output size too small */
size = 0;
memcpy(ivbuf, iv, sizeof(iv));
@@ -1080,6 +1122,24 @@ static void test_BCryptDecrypt(void)
ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
ok(size == 32, "got %u\n", size);
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ ret = pBCryptDecrypt(key, ciphertext2, 32, NULL, ivbuf, 16, plaintext, 15, &size, BCRYPT_BLOCK_PADDING);
+ ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
+ ok(size == 32, "got %u\n", size);
+
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ ret = pBCryptDecrypt(key, ciphertext2, 32, NULL, ivbuf, 16, plaintext, 16, &size, BCRYPT_BLOCK_PADDING);
+ ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
+ ok(size == 17, "got %u\n", size);
+
+ size = 0;
+ memcpy(ivbuf, iv, sizeof(iv));
+ ret = pBCryptDecrypt(key, ciphertext3, 48, NULL, ivbuf, 16, plaintext, 31, &size, BCRYPT_BLOCK_PADDING);
+ ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
+ ok(size == 48, "got %u\n", size);
+
/* input size is not a multiple of block size */
size = 0;
memcpy(ivbuf, iv, sizeof(iv));
--
2.9.0

39
patches/bcrypt-Improvements/0008-bcrypt-Fix-use-after-free-in-key_init.patch
View File

@ -1,39 +0,0 @@
From f7dc69131cc016917b31c5deedf97da31b11c597 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 02:43:39 +0100
Subject: bcrypt: Fix use-after-free in key_init.
---
dlls/bcrypt/bcrypt_main.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index 09bf6c30..a9006a4 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -791,6 +791,8 @@ static ULONG get_block_size( enum alg_id alg )
static NTSTATUS key_init( struct key *key, enum alg_id id, UCHAR *secret, ULONG secret_len )
{
+ UCHAR *buffer;
+
if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
switch (id)
@@ -804,10 +806,12 @@ static NTSTATUS key_init( struct key *key, enum alg_id id, UCHAR *secret, ULONG
}
if (!(key->block_size = get_block_size( id ))) return STATUS_INVALID_PARAMETER;
+ if (!(buffer = HeapAlloc( GetProcessHeap(), 0, secret_len ))) return STATUS_NO_MEMORY;
+ memcpy( buffer, secret, secret_len );
key->alg_id = id;
key->handle = 0; /* initialized on first use */
- key->secret = secret;
+ key->secret = buffer;
key->secret_len = secret_len;
return STATUS_SUCCESS;
--
2.9.0

16
patches/bcrypt-Improvements/0012-bcrypt-Pass-object-to-get_-alg-hash-_property-instea.patch
View File

@ -1,4 +1,4 @@
From a93745453350f9eabcab0f49528c3f027a303c24 Mon Sep 17 00:00:00 2001
From 5cfd49e478e1f4d432cfa7140265c15813939fe5 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 26 Dec 2016 06:18:01 +0100
Subject: bcrypt: Pass object to get_{alg,hash}_property instead of alg_id.
@ -8,7 +8,7 @@ Subject: bcrypt: Pass object to get_{alg,hash}_property instead of alg_id.
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index d0a1b074b50..deab6f28bd9 100644
index 7a935150778..4869206ab49 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -440,15 +440,15 @@ static NTSTATUS generic_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *
@ -59,7 +59,7 @@ index d0a1b074b50..deab6f28bd9 100644
}
default:
WARN( "unknown magic %08x\n", object->magic );
@@ -697,34 +697,34 @@ struct key
@@ -696,34 +696,34 @@ struct key
ULONG secret_len;
};
@ -71,8 +71,8 @@ index d0a1b074b50..deab6f28bd9 100644
return ret;
}
-static NTSTATUS key_init( struct key *key, enum alg_id id, UCHAR *secret, ULONG secret_len )
+static NTSTATUS key_init( struct key *key, struct algorithm *alg, UCHAR *secret, ULONG secret_len )
-static NTSTATUS key_init( struct key *key, enum alg_id id, const UCHAR *secret, ULONG secret_len )
+static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len )
{
UCHAR *buffer;
@ -100,7 +100,7 @@ index d0a1b074b50..deab6f28bd9 100644
key->handle = 0; /* initialized on first use */
key->secret = buffer;
key->secret_len = secret_len;
@@ -820,7 +820,7 @@ struct key
@@ -819,7 +819,7 @@ struct key
ULONG block_size;
};
@ -109,7 +109,7 @@ index d0a1b074b50..deab6f28bd9 100644
{
ERR( "support for keys not available at build time\n" );
return STATUS_NOT_IMPLEMENTED;
@@ -869,7 +869,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
@@ -868,7 +868,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
if (!(key = HeapAlloc( GetProcessHeap(), 0, sizeof(*key) ))) return STATUS_NO_MEMORY;
key->hdr.magic = MAGIC_KEY;
@ -119,5 +119,5 @@ index d0a1b074b50..deab6f28bd9 100644
HeapFree( GetProcessHeap(), 0, key );
return status;
--
2.11.0
2.13.1

12
patches/bcrypt-Improvements/0013-bcrypt-Implement-BCryptSetProperty-for-algorithms.patch
View File

@ -1,4 +1,4 @@
From 2f57d906c55bdc99f476b6547f67d864e7210f16 Mon Sep 17 00:00:00 2001
From b1132f420bf61b9a6f44ee62ea8f90a239010541 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 06:08:33 +0100
Subject: bcrypt: Implement BCryptSetProperty for algorithms.
@ -9,7 +9,7 @@ Subject: bcrypt: Implement BCryptSetProperty for algorithms.
2 files changed, 67 insertions(+), 5 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index deab6f28bd9..595d36d7dbe 100644
index 4869206ab49..07c3f8b8d74 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -153,6 +153,12 @@ enum alg_id
@ -82,9 +82,9 @@ index deab6f28bd9..595d36d7dbe 100644
static NTSTATUS get_hash_property( const struct hash *hash, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
{
NTSTATUS status;
@@ -524,8 +566,28 @@ NTSTATUS WINAPI BCryptGetProperty( BCRYPT_HANDLE handle, LPCWSTR prop, UCHAR *bu
NTSTATUS WINAPI BCryptSetProperty( BCRYPT_HANDLE handle, const WCHAR *prop, UCHAR *value,
ULONG size, ULONG flags )
@@ -523,8 +565,28 @@ NTSTATUS WINAPI BCryptGetProperty( BCRYPT_HANDLE handle, LPCWSTR prop, UCHAR *bu
NTSTATUS WINAPI BCryptSetProperty( BCRYPT_HANDLE handle, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
{
- FIXME( "%p, %s, %p, %u, %08x\n", handle, debugstr_w(prop), value, size, flags );
- return STATUS_NOT_IMPLEMENTED;
@ -145,5 +145,5 @@ index abf59c8404d..08a83aaf7a5 100644
buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret, sizeof(secret), 0);
--
2.11.0
2.13.1

28
patches/bcrypt-Improvements/0019-bcrypt-Add-support-for-computing-comparing-cipher-ta.patch
View File

@ -1,4 +1,4 @@
From ec780b6b895ed5d9cd7bad5a2f24a822c3ae0e33 Mon Sep 17 00:00:00 2001
From cb5fa7e822dcd6105f189507ab648eacc86ab91a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
Date: Mon, 26 Dec 2016 08:02:36 +0100
Subject: bcrypt: Add support for computing/comparing cipher tag.
@ -9,11 +9,11 @@ Subject: bcrypt: Add support for computing/comparing cipher tag.
2 files changed, 45 insertions(+), 6 deletions(-)
diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
index c41524d..8a2df46 100644
index 97c437a20c0..0ff461adc91 100644
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -49,6 +49,9 @@ static HINSTANCE instance;
#if defined(HAVE_GNUTLS_HASH) && !defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H)
#if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H)
WINE_DECLARE_DEBUG_CHANNEL(winediag);
+/* Not present in gnutls version < 3.0 */
@ -21,7 +21,7 @@ index c41524d..8a2df46 100644
+
static void *libgnutls_handle;
#define MAKE_FUNCPTR(f) static typeof(f) * p##f
MAKE_FUNCPTR(gnutls_cipher_init);
MAKE_FUNCPTR(gnutls_cipher_decrypt2);
@@ -68,6 +71,11 @@ MAKE_FUNCPTR(gnutls_perror);
#define GNUTLS_CIPHER_AES_256_GCM 94
#endif
@ -47,7 +47,7 @@ index c41524d..8a2df46 100644
if ((ret = pgnutls_global_init()) != GNUTLS_E_SUCCESS)
{
pgnutls_perror( ret );
@@ -979,6 +993,19 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
@@ -892,6 +906,19 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
return STATUS_SUCCESS;
}
@ -67,7 +67,7 @@ index c41524d..8a2df46 100644
static NTSTATUS key_destroy( struct key *key )
{
if (key->handle) pgnutls_cipher_deinit( key->handle );
@@ -1019,6 +1046,12 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
@@ -934,6 +961,12 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
return STATUS_NOT_IMPLEMENTED;
}
@ -80,7 +80,7 @@ index c41524d..8a2df46 100644
static NTSTATUS key_destroy( struct key *key )
{
ERR( "support for keys not available at build time\n" );
@@ -1103,7 +1136,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1018,7 +1051,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if ((status = key_encrypt( key, input, input_len, output, output_len )))
return status;
@ -89,7 +89,7 @@ index c41524d..8a2df46 100644
}
if ((status = key_set_params( key, iv, iv_len ))) return status;
@@ -1162,6 +1195,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1077,6 +1110,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if (key->mode == MODE_ID_GCM)
{
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;
@ -97,7 +97,7 @@ index c41524d..8a2df46 100644
if (!auth_info) return STATUS_INVALID_PARAMETER;
if (!auth_info->pbNonce) return STATUS_INVALID_PARAMETER;
@@ -1179,6 +1213,11 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -1094,6 +1128,11 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
if ((status = key_decrypt( key, input, input_len, output, output_len )))
return status;
@ -110,10 +110,10 @@ index c41524d..8a2df46 100644
}
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index 3a1bc00..5d8447c 100644
index 79e8c4c36d3..14725a52b7a 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -1131,11 +1131,11 @@ static void test_BCryptEncrypt(void)
@@ -1018,11 +1018,11 @@ static void test_BCryptEncrypt(void)
ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
ok(size == 32, "got %u\n", size);
ok(!memcmp(ciphertext, expected4, sizeof(expected4)), "wrong data\n");
@ -127,7 +127,7 @@ index 3a1bc00..5d8447c 100644
/* input size is not multiple of block size */
size = 0;
@@ -1146,11 +1146,11 @@ static void test_BCryptEncrypt(void)
@@ -1033,11 +1033,11 @@ static void test_BCryptEncrypt(void)
ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
ok(size == 24, "got %u\n", size);
ok(!memcmp(ciphertext, expected4, 24), "wrong data\n");
@ -141,7 +141,7 @@ index 3a1bc00..5d8447c 100644
/* test with padding */
memcpy(ivbuf, iv, sizeof(iv));
@@ -1344,7 +1344,7 @@ static void test_BCryptDecrypt(void)
@@ -1231,7 +1231,7 @@ static void test_BCryptDecrypt(void)
memcpy(ivbuf, iv, sizeof(iv));
auth_info.pbTag = iv; /* wrong tag */
ret = pBCryptDecrypt(key, ciphertext4, 32, &auth_info, ivbuf, 16, plaintext, 32, &size, 0);
@ -151,5 +151,5 @@ index 3a1bc00..5d8447c 100644
ret = pBCryptDestroyKey(key);
--
2.9.0
2.13.1

12
patches/patchinstall.sh
View File

@ -52,7 +52,7 @@ usage()
# Get the upstream commit sha
upstream_commit()
{
echo "ae2d6e836b98440cdc938718226dc89592a64eda"
echo "866eec810e7342630d47887f8ad7e1fbb5a0e788"
}
# Show version information
@ -3502,10 +3502,7 @@ fi
# | include/bcrypt.h, include/ntstatus.h
# |
if test "$enable_bcrypt_Improvements" -eq 1; then
patch_apply bcrypt-Improvements/0001-bcrypt-Add-AES-provider.patch
patch_apply bcrypt-Improvements/0006-bcrypt-Fix-handling-of-padding-when-input-size-equal.patch
patch_apply bcrypt-Improvements/0007-bcrypt-Properly-handle-padding-in-AES-decryption.patch
patch_apply bcrypt-Improvements/0008-bcrypt-Fix-use-after-free-in-key_init.patch
patch_apply bcrypt-Improvements/0001-include-Add-missing-BCRYPT_CHAIN_MODE-definitions.patch
patch_apply bcrypt-Improvements/0010-bcrypt-tests-Add-test-for-bugs-in-BCryptGetProperty.patch
patch_apply bcrypt-Improvements/0011-bcrypt-tests-Add-tests-for-AES-GCM-mode.patch
patch_apply bcrypt-Improvements/0012-bcrypt-Pass-object-to-get_-alg-hash-_property-instea.patch
@ -3527,10 +3524,7 @@ if test "$enable_bcrypt_Improvements" -eq 1; then
patch_apply bcrypt-Improvements/0028-bcrypt-Partial-implementation-of-BCryptImportKey-and.patch
patch_apply bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch
(
printf '%s\n' '+ { "Hans Leidekker", "bcrypt: Add AES provider.", 1 },';
printf '%s\n' '+ { "Michael Müller", "bcrypt: Fix handling of padding when input size equals block size for AES.", 1 },';
printf '%s\n' '+ { "Michael Müller", "bcrypt: Properly handle padding in AES decryption.", 1 },';
printf '%s\n' '+ { "Michael Müller", "bcrypt: Fix use-after-free in key_init.", 1 },';
printf '%s\n' '+ { "Hans Leidekker", "include: Add missing BCRYPT_CHAIN_MODE definitions.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "bcrypt/tests: Add test for bugs in BCryptGetProperty.", 1 },';
printf '%s\n' '+ { "Michael Müller", "bcrypt/tests: Add tests for AES GCM mode.", 1 },';
printf '%s\n' '+ { "Sebastian Lackner", "bcrypt: Pass object to get_{alg,hash}_property instead of alg_id.", 1 },';