Rebase against 5946973021285dd6ecb8df224956fea4817f8fed

patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch

@@ -1,4 +1,4 @@
-From facd838db32bcb086711fda48a7ae9d5419a2d3c Mon Sep 17 00:00:00 2001
+From fc180bdd73c68e855e82b2b285b9b4b16ec8ccad Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Mon, 26 Dec 2016 16:20:57 +0100
 Subject: [PATCH] bcrypt: Avoid crash in tests when compiling without gnutls
@@ -9,10 +9,10 @@ Subject: [PATCH] bcrypt: Avoid crash in tests when compiling without gnutls
  1 file changed, 5 insertions(+)
 
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index e05e94c..81dce08 100644
+index 69d5129a7d4..978a31fd48e 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
-@@ -1293,9 +1293,12 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
+@@ -1351,9 +1351,12 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
      TRACE( "%p, %p, %p, %u, %p, %u, %08x\n", algorithm, handle, object, object_len, secret, secret_len, flags );
  
      if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE;
@@ -25,7 +25,7 @@ index e05e94c..81dce08 100644
      key->hdr.magic = MAGIC_KEY;
  
      if ((status = key_init( key, alg, secret, secret_len )))
-@@ -1383,6 +1386,8 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
+@@ -1441,6 +1444,8 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
  
      if (!key_orig || key_orig->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
      if (!handle_copy) return STATUS_INVALID_PARAMETER;
@@ -35,5 +35,5 @@ index e05e94c..81dce08 100644
  
      if ((status = key_duplicate( key_orig, key_copy )))
 -- 
-1.9.1
+2.16.2
 

patches/bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch

@@ -1,379 +0,0 @@
-From e0586d6d6fcfeb9e49e53eb3470678131bc0b469 Mon Sep 17 00:00:00 2001
-From: Sebastian Lackner <sebastian@fds-team.de>
-Date: Sun, 5 Mar 2017 23:18:03 +0100
-Subject: [PATCH 26/36] bcrypt: Implement support for ECB chain mode.
-
----
- dlls/bcrypt/bcrypt_main.c  |  43 ++++++++--
- dlls/bcrypt/tests/bcrypt.c | 210 +++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 244 insertions(+), 9 deletions(-)
-
-diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index 1839edc..8dc1e7b 100644
---- a/dlls/bcrypt/bcrypt_main.c
-+++ b/dlls/bcrypt/bcrypt_main.c
-@@ -225,6 +225,7 @@ enum alg_id
- 
- enum mode_id
- {
-+    MODE_ID_ECB,
-     MODE_ID_CBC,
-     MODE_ID_GCM
- };
-@@ -577,8 +578,9 @@ static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop
-             const WCHAR *mode;
-             switch (alg->mode)
-             {
--                case MODE_ID_GCM: mode = BCRYPT_CHAIN_MODE_GCM; break;
-+                case MODE_ID_ECB: mode = BCRYPT_CHAIN_MODE_ECB; break;
-                 case MODE_ID_CBC: mode = BCRYPT_CHAIN_MODE_CBC; break;
-+                case MODE_ID_GCM: mode = BCRYPT_CHAIN_MODE_GCM; break;
-                 default: return STATUS_NOT_IMPLEMENTED;
-             }
- 
-@@ -631,7 +633,12 @@ static NTSTATUS set_alg_property( struct algorithm *alg, const WCHAR *prop, UCHA
-     case ALG_ID_AES:
-         if (!strcmpW( prop, BCRYPT_CHAINING_MODE ))
-         {
--            if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size ))
-+            if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_ECB, size ))
-+            {
-+                alg->mode = MODE_ID_ECB;
-+                return STATUS_SUCCESS;
-+            }
-+            else if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size ))
-             {
-                 alg->mode = MODE_ID_CBC;
-                 return STATUS_SUCCESS;
-@@ -990,7 +997,12 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
- {
-     if (!strcmpW( prop, BCRYPT_CHAINING_MODE ))
-     {
--        if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size ))
-+        if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_ECB, size ))
-+        {
-+            key->mode = MODE_ID_ECB;
-+            return STATUS_SUCCESS;
-+        }
-+        else if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size ))
-         {
-             key->mode = MODE_ID_CBC;
-             return STATUS_SUCCESS;
-@@ -1020,6 +1032,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
-         switch (key->mode)
-         {
-             case MODE_ID_GCM: return GNUTLS_CIPHER_AES_128_GCM;
-+            case MODE_ID_ECB: /* can be emulated with CBC + empty IV */
-             case MODE_ID_CBC:
-             default:          return GNUTLS_CIPHER_AES_128_CBC;
-         }
-@@ -1031,6 +1044,7 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
- 
- static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
- {
-+    static const UCHAR zero_iv[16];
-     gnutls_cipher_algorithm_t cipher;
-     gnutls_datum_t secret, vector;
-     int ret;
-@@ -1044,15 +1058,18 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
-     if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN)
-         return STATUS_NOT_SUPPORTED;
- 
--    secret.data = key->secret;
--    secret.size = key->secret_len;
--    if (iv)
-+    if (!iv)
-     {
--        vector.data = iv;
--        vector.size = iv_len;
-+        iv      = (UCHAR *)zero_iv;
-+        iv_len  = sizeof(zero_iv);
-     }
- 
--    if ((ret = pgnutls_cipher_init( &key->handle, cipher, &secret, iv ? &vector : NULL )))
-+    secret.data = key->secret;
-+    secret.size = key->secret_len;
-+    vector.data = iv;
-+    vector.size = iv_len;
-+
-+    if ((ret = pgnutls_cipher_init( &key->handle, cipher, &secret, &vector )))
-     {
-         pgnutls_perror( ret );
-         return STATUS_INTERNAL_ERROR;
-@@ -1523,11 +1540,15 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
-     if (!output) return STATUS_SUCCESS;
-     if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
- 
-+    if (key->mode == MODE_ID_ECB && iv)
-+        return STATUS_INVALID_PARAMETER;
-+
-     src = input;
-     dst = output;
-     while (bytes_left >= key->block_size)
-     {
-         if ((status = key_encrypt( key, src, key->block_size, dst, key->block_size ))) return status;
-+        if (key->mode == MODE_ID_ECB && (status = key_set_params( key, iv, iv_len ))) return status;
-         bytes_left -= key->block_size;
-         src += key->block_size;
-         dst += key->block_size;
-@@ -1610,11 +1631,15 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
-     else if (output_len < *ret_len)
-         return STATUS_BUFFER_TOO_SMALL;
- 
-+    if (key->mode == MODE_ID_ECB && iv)
-+        return STATUS_INVALID_PARAMETER;
-+
-     src = input;
-     dst = output;
-     while (bytes_left >= key->block_size)
-     {
-         if ((status = key_decrypt( key, src, key->block_size, dst, key->block_size ))) return status;
-+        if (key->mode == MODE_ID_ECB && (status = key_set_params( key, iv, iv_len ))) return status;
-         bytes_left -= key->block_size;
-         src += key->block_size;
-         dst += key->block_size;
-diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
-index bd22b80..81345a5 100644
---- a/dlls/bcrypt/tests/bcrypt.c
-+++ b/dlls/bcrypt/tests/bcrypt.c
-@@ -634,6 +634,15 @@ static void test_BCryptEncrypt(void)
-     static UCHAR expected4[] =
-         {0xe1,0x82,0xc3,0xc0,0x24,0xfb,0x86,0x85,0xf3,0xf1,0x2b,0x7d,0x09,0xb4,0x73,0x67,
-          0x86,0x64,0xc3,0xfe,0xa3,0x07,0x61,0xf8,0x16,0xc9,0x78,0x7f,0xe7,0xb1,0xc4,0x94};
-+    static UCHAR expected5[] =
-+        {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a};
-+    static UCHAR expected6[] =
-+        {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a,
-+         0x84,0x07,0x66,0xb7,0x49,0xc0,0x9b,0x49,0x74,0x28,0x8c,0x10,0xb9,0xc2,0x09,0x70};
-+    static UCHAR expected7[] =
-+        {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a,
-+         0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99,
-+         0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99};
-     static UCHAR expected_tag[] =
-         {0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0};
-     static UCHAR expected_tag2[] =
-@@ -846,6 +855,97 @@ static void test_BCryptEncrypt(void)
-     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-     HeapFree(GetProcessHeap(), 0, buf);
- 
-+    /******************
-+     * AES - ECB mode *
-+     ******************/
-+
-+    ret = BCryptSetProperty(aes, BCRYPT_CHAINING_MODE, (UCHAR*)BCRYPT_CHAIN_MODE_ECB, sizeof(BCRYPT_CHAIN_MODE_ECB), 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+
-+    len = 0xdeadbeef;
-+    size = sizeof(len);
-+    ret = pBCryptGetProperty(aes, BCRYPT_OBJECT_LENGTH, (UCHAR *)&len, sizeof(len), &size, 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+
-+    buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
-+    ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret, sizeof(secret), 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+
-+    /* initialization vector is not allowed */
-+    size = 0;
-+    memcpy(ivbuf, iv, sizeof(iv));
-+    ret = pBCryptEncrypt(key, data, 16, NULL, ivbuf, 16, ciphertext, 16, &size, 0);
-+    ok(ret == STATUS_INVALID_PARAMETER, "got %08x\n", ret);
-+    ok(size == 16, "got %u\n", size);
-+
-+    /* input size is a multiple of block size */
-+    size = 0;
-+    ret = pBCryptEncrypt(key, data, 16, NULL, NULL, 16, NULL, 0, &size, 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 16, "got %u\n", size);
-+
-+    size = 0;
-+    memset(ciphertext, 0, sizeof(ciphertext));
-+    ret = pBCryptEncrypt(key, data, 16, NULL, NULL, 16, ciphertext, 16, &size, 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 16, "got %u\n", size);
-+    ok(!memcmp(ciphertext, expected5, sizeof(expected5)), "wrong data\n");
-+    for (i = 0; i < 16; i++)
-+        ok(ciphertext[i] == expected5[i], "%u: %02x != %02x\n", i, ciphertext[i], expected5[i]);
-+
-+    /* input size is not a multiple of block size */
-+    size = 0;
-+    ret = pBCryptEncrypt(key, data, 17, NULL, NULL, 16, NULL, 0, &size, 0);
-+    ok(ret == STATUS_INVALID_BUFFER_SIZE, "got %08x\n", ret);
-+    ok(size == 17, "got %u\n", size);
-+
-+    /* input size is not a multiple of block size, block padding set */
-+    size = 0;
-+    ret = pBCryptEncrypt(key, data, 17, NULL, NULL, 16, NULL, 0, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 32, "got %u\n", size);
-+
-+    size = 0;
-+    memset(ciphertext, 0, sizeof(ciphertext));
-+    ret = pBCryptEncrypt(key, data, 17, NULL, NULL, 16, ciphertext, 32, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 32, "got %u\n", size);
-+    ok(!memcmp(ciphertext, expected6, sizeof(expected6)), "wrong data\n");
-+    for (i = 0; i < 32; i++)
-+        ok(ciphertext[i] == expected6[i], "%u: %02x != %02x\n", i, ciphertext[i], expected6[i]);
-+
-+    /* input size is a multiple of block size, block padding set */
-+    size = 0;
-+    ret = pBCryptEncrypt(key, data2, 32, NULL, NULL, 16, NULL, 0, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 48, "got %u\n", size);
-+
-+    size = 0;
-+    memset(ciphertext, 0, sizeof(ciphertext));
-+    ret = pBCryptEncrypt(key, data2, 32, NULL, NULL, 16, ciphertext, 48, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 48, "got %u\n", size);
-+    ok(!memcmp(ciphertext, expected7, sizeof(expected7)), "wrong data\n");
-+    for (i = 0; i < 48; i++)
-+        ok(ciphertext[i] == expected7[i], "%u: %02x != %02x\n", i, ciphertext[i], expected7[i]);
-+
-+    /* output size too small */
-+    size = 0;
-+    memset(ciphertext, 0, sizeof(ciphertext));
-+    ret = pBCryptEncrypt(key, data, 17, NULL, NULL, 16, ciphertext, 31, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
-+    ok(size == 32, "got %u\n", size);
-+
-+    size = 0;
-+    memset(ciphertext, 0, sizeof(ciphertext));
-+    ret = pBCryptEncrypt(key, data2, 32, NULL, NULL, 16, ciphertext, 32, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
-+    ok(size == 48, "got %u\n", size);
-+
-+    ret = pBCryptDestroyKey(key);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    HeapFree(GetProcessHeap(), 0, buf);
-+
-     ret = pBCryptCloseAlgorithmProvider(aes, 0);
-     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
- }
-@@ -880,6 +980,13 @@ static void test_BCryptDecrypt(void)
-     static UCHAR ciphertext4[] =
-         {0xe1,0x82,0xc3,0xc0,0x24,0xfb,0x86,0x85,0xf3,0xf1,0x2b,0x7d,0x09,0xb4,0x73,0x67,
-          0x86,0x64,0xc3,0xfe,0xa3,0x07,0x61,0xf8,0x16,0xc9,0x78,0x7f,0xe7,0xb1,0xc4,0x94};
-+    static UCHAR ciphertext5[] =
-+        {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a,
-+         0x84,0x07,0x66,0xb7,0x49,0xc0,0x9b,0x49,0x74,0x28,0x8c,0x10,0xb9,0xc2,0x09,0x70};
-+    static UCHAR ciphertext6[] =
-+        {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a,
-+         0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99,
-+         0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99};
-     static UCHAR tag[] =
-         {0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0};
-     static UCHAR tag2[] =
-@@ -1058,6 +1165,109 @@ static void test_BCryptDecrypt(void)
-     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-     HeapFree(GetProcessHeap(), 0, buf);
- 
-+    /******************
-+     * AES - ECB mode *
-+     ******************/
-+
-+    ret = BCryptSetProperty(aes, BCRYPT_CHAINING_MODE, (UCHAR*)BCRYPT_CHAIN_MODE_ECB, sizeof(BCRYPT_CHAIN_MODE_ECB), 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+
-+    len = 0xdeadbeef;
-+    size = sizeof(len);
-+    ret = pBCryptGetProperty(aes, BCRYPT_OBJECT_LENGTH, (UCHAR *)&len, sizeof(len), &size, 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+
-+    buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
-+    ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret, sizeof(secret), 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+
-+    /* initialization vector is not allowed */
-+    size = 0;
-+    memcpy(ivbuf, iv, sizeof(iv));
-+    ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, ivbuf, 16, plaintext, 32, &size, 0);
-+    ok(ret == STATUS_INVALID_PARAMETER, "got %08x\n", ret);
-+    ok(size == 32, "got %u\n", size);
-+
-+    /* input size is a multiple of block size */
-+    size = 0;
-+    ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, NULL, 0, &size, 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 32, "got %u\n", size);
-+
-+    size = 0;
-+    memset(plaintext, 0, sizeof(plaintext));
-+    ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, plaintext, 32, &size, 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 32, "got %u\n", size);
-+    ok(!memcmp(plaintext, expected, sizeof(expected)), "wrong data\n");
-+
-+    /* test with padding smaller than block size */
-+    size = 0;
-+    ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, NULL, 0, &size, 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 32, "got %u\n", size);
-+
-+    size = 0;
-+    memset(plaintext, 0, sizeof(plaintext));
-+    ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, plaintext, 17, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 17, "got %u\n", size);
-+    ok(!memcmp(plaintext, expected2, sizeof(expected2)), "wrong data\n");
-+
-+    /* test with padding of block size */
-+    size = 0;
-+    ret = pBCryptDecrypt(key, ciphertext6, 48, NULL, NULL, 16, NULL, 0, &size, 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 48, "got %u\n", size);
-+
-+    size = 0;
-+    memset(plaintext, 0, sizeof(plaintext));
-+    ret = pBCryptDecrypt(key, ciphertext6, 48, NULL, NULL, 16, plaintext, 32, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 32, "got %u\n", size);
-+    ok(!memcmp(plaintext, expected3, sizeof(expected3)), "wrong data\n");
-+
-+    /* output size too small */
-+    size = 0;
-+    ret = pBCryptDecrypt(key, ciphertext4, 32, NULL, NULL, 16, plaintext, 31, &size, 0);
-+    ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
-+    ok(size == 32, "got %u\n", size);
-+
-+    size = 0;
-+    ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, plaintext, 15, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
-+    ok(size == 32, "got %u\n", size);
-+
-+    size = 0;
-+    ret = pBCryptDecrypt(key, ciphertext5, 32, NULL, NULL, 16, plaintext, 16, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
-+    ok(size == 17, "got %u\n", size);
-+
-+    size = 0;
-+    ret = pBCryptDecrypt(key, ciphertext6, 48, NULL, NULL, 16, plaintext, 31, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
-+    ok(size == 48, "got %u\n", size);
-+
-+    /* input size is not a multiple of block size */
-+    size = 0;
-+    ret = pBCryptDecrypt(key, ciphertext4, 17, NULL, NULL, 16, NULL, 0, &size, 0);
-+    ok(ret == STATUS_INVALID_BUFFER_SIZE, "got %08x\n", ret);
-+    ok(size == 17 || broken(size == 0 /* Win < 7 */), "got %u\n", size);
-+
-+    /* input size is not a multiple of block size, block padding set */
-+    size = 0;
-+    ret = pBCryptDecrypt(key, ciphertext4, 17, NULL, NULL, 16, NULL, 0, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_INVALID_BUFFER_SIZE, "got %08x\n", ret);
-+    ok(size == 17 || broken(size == 0 /* Win < 7 */), "got %u\n", size);
-+
-+    ret = pBCryptDestroyKey(key);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    HeapFree(GetProcessHeap(), 0, buf);
-+
-+    ret = pBCryptDestroyKey(key);
-+    ok(ret == STATUS_INVALID_HANDLE, "got %08x\n", ret);
-+    HeapFree(GetProcessHeap(), 0, buf);
-+
-     ret = pBCryptCloseAlgorithmProvider(aes, 0);
-     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
- }
--- 
-2.7.4
-

patches/bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch

@@ -1,98 +0,0 @@
-From 6bd98b26d6448c2a0cddd934f91bad42fe0fc9a0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sun, 13 Aug 2017 05:04:21 +0200
-Subject: [PATCH] bcrypt: Add support for 192 and 256 bit aes keys.
-
----
- dlls/bcrypt/bcrypt_main.c  | 14 ++++++++++++--
- dlls/bcrypt/tests/bcrypt.c | 32 ++++++++++++++++++++++++++++++++
- 2 files changed, 44 insertions(+), 2 deletions(-)
-
-diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index 9fb2268..2e6ed8b 100644
---- a/dlls/bcrypt/bcrypt_main.c
-+++ b/dlls/bcrypt/bcrypt_main.c
-@@ -1002,11 +1002,21 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
-         WARN( "handle block size\n" );
-         switch (key->mode)
-         {
--            case MODE_ID_GCM: return GNUTLS_CIPHER_AES_128_GCM;
-+            case MODE_ID_GCM:
-+                if (key->secret_len == 16) return GNUTLS_CIPHER_AES_128_GCM;
-+                if (key->secret_len == 32) return GNUTLS_CIPHER_AES_256_GCM;
-+                break;
-             case MODE_ID_ECB: /* can be emulated with CBC + empty IV */
-             case MODE_ID_CBC:
--            default:          return GNUTLS_CIPHER_AES_128_CBC;
-+                if (key->secret_len == 16) return GNUTLS_CIPHER_AES_128_CBC;
-+                if (key->secret_len == 24) return GNUTLS_CIPHER_AES_192_CBC;
-+                if (key->secret_len == 32) return GNUTLS_CIPHER_AES_256_CBC;
-+                break;
-+            default:
-+                break;
-         }
-+        FIXME( "aes mode %u with key length %u not supported\n", key->mode, key->secret_len );
-+        return GNUTLS_CIPHER_UNKNOWN;
-     default:
-         FIXME( "algorithm %u not supported\n", key->alg_id );
-         return GNUTLS_CIPHER_UNKNOWN;
-diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
-index 30fdb60..ac5fc36 100644
---- a/dlls/bcrypt/tests/bcrypt.c
-+++ b/dlls/bcrypt/tests/bcrypt.c
-@@ -615,6 +615,9 @@ static void test_BCryptEncrypt(void)
-         {0x60,0x50,0x40,0x30,0x20,0x10,0x60,0x50,0x40,0x30,0x20,0x10};
-     static UCHAR secret[] =
-         {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
-+    static UCHAR secret256[] =
-+        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
-+         0x0f,0x0e,0x0d,0x0c,0x0b,0x0a,0x09,0x08,0x07,0x06,0x05,0x04,0x03,0x02,0x01,0x00};
-     static UCHAR iv[] =
-         {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
-     static UCHAR data[] =
-@@ -643,6 +646,10 @@ static void test_BCryptEncrypt(void)
-         {0x0a,0x94,0x0b,0xb5,0x41,0x6e,0xf0,0x45,0xf1,0xc3,0x94,0x58,0xc6,0x53,0xea,0x5a,
-          0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99,
-          0x95,0x4f,0x64,0xf2,0xe4,0xe8,0x6e,0x9e,0xee,0x82,0xd2,0x02,0x16,0x68,0x48,0x99};
-+    static UCHAR expected8[] =
-+        {0x66,0xb8,0xbd,0xe5,0x90,0x6c,0xec,0xdf,0xfa,0x8a,0xb2,0xfd,0x92,0x84,0xeb,0xf0,
-+         0x95,0xc4,0xdf,0xa7,0x7a,0x62,0xe4,0xab,0xd4,0x0e,0x94,0x4e,0xd7,0x6e,0xa1,0x47,
-+         0x29,0x4b,0x37,0xfe,0x28,0x6d,0x5f,0x69,0x46,0x30,0x73,0xc0,0xaa,0x42,0xe4,0x46};
-     static UCHAR expected_tag[] =
-         {0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0};
-     static UCHAR expected_tag2[] =
-@@ -753,6 +760,31 @@ static void test_BCryptEncrypt(void)
-     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-     HeapFree(GetProcessHeap(), 0, buf);
- 
-+    /* 256 bit key */
-+    buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
-+    ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret256, sizeof(secret256), 0);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+
-+    size = 0;
-+    memcpy(ivbuf, iv, sizeof(iv));
-+    ret = pBCryptEncrypt(key, data2, 32, NULL, ivbuf, 16, NULL, 0, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 48, "got %u\n", size);
-+
-+    size = 0;
-+    memcpy(ivbuf, iv, sizeof(iv));
-+    memset(ciphertext, 0, sizeof(ciphertext));
-+    ret = pBCryptEncrypt(key, data2, 32, NULL, ivbuf, 16, ciphertext, 48, &size, BCRYPT_BLOCK_PADDING);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    ok(size == 48, "got %u\n", size);
-+    ok(!memcmp(ciphertext, expected8, sizeof(expected8)), "wrong data\n");
-+    for (i = 0; i < 48; i++)
-+        ok(ciphertext[i] == expected8[i], "%u: %02x != %02x\n", i, ciphertext[i], expected8[i]);
-+
-+    ret = pBCryptDestroyKey(key);
-+    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-+    HeapFree(GetProcessHeap(), 0, buf);
-+
-     /******************
-      * AES - GCM mode *
-      ******************/
--- 
-1.9.1
-

patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch

@@ -1,4 +1,4 @@
-From b3c2814f36f027657feb2ceb6abf1142ab7062b7 Mon Sep 17 00:00:00 2001
+From 1f6a9a71c832ecb076604f15abdfa502af37d4dd Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Fri, 29 Sep 2017 18:31:55 +0200
 Subject: [PATCH] bcrypt: Preparation for asymmetric keys.
@@ -8,7 +8,7 @@ Subject: [PATCH] bcrypt: Preparation for asymmetric keys.
  1 file changed, 217 insertions(+), 129 deletions(-)
 
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index c20abb8..2dd839f 100644
+index 978a31fd48e..b1f79d830c2 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
 @@ -238,16 +238,17 @@ static const struct {
@@ -268,14 +268,13 @@ index c20abb8..2dd839f 100644
          return GNUTLS_CIPHER_UNKNOWN;
      default:
          FIXME( "algorithm %u not supported\n", key->alg_id );
-@@ -1024,17 +1082,17 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
+@@ -1024,30 +1082,30 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key )
      }
  }
  
 -static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
 +static NTSTATUS key_symmetric_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
  {
-     static const UCHAR zero_iv[16];
      gnutls_cipher_algorithm_t cipher;
      gnutls_datum_t secret, vector;
      int ret;
@@ -290,23 +289,24 @@ index c20abb8..2dd839f 100644
      }
  
      if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN)
-@@ -1046,12 +1104,12 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
-         iv_len  = sizeof(zero_iv);
-     }
+         return STATUS_NOT_SUPPORTED;
  
 -    secret.data = key->secret;
 -    secret.size = key->secret_len;
 +    secret.data = key->u.s.secret;
 +    secret.size = key->u.s.secret_len;
-     vector.data = iv;
-     vector.size = iv_len;
+     if (iv)
+     {
+         vector.data = iv;
+         vector.size = iv_len;
+     }
  
--    if ((ret = pgnutls_cipher_init( &key->handle, cipher, &secret, &vector )))
+-    if ((ret = pgnutls_cipher_init( &key->handle, cipher, &secret, iv ? &vector : NULL )))
 +    if ((ret = pgnutls_cipher_init( &key->u.s.handle, cipher, &secret, &vector )))
      {
          pgnutls_perror( ret );
          return STATUS_INTERNAL_ERROR;
-@@ -1060,11 +1118,11 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
+@@ -1056,11 +1114,11 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
      return STATUS_SUCCESS;
  }
  
@@ -320,7 +320,7 @@ index c20abb8..2dd839f 100644
      {
          pgnutls_perror( ret );
          return STATUS_INTERNAL_ERROR;
-@@ -1073,12 +1131,12 @@ static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len
+@@ -1069,12 +1127,12 @@ static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len
      return STATUS_SUCCESS;
  }
  
@@ -335,7 +335,7 @@ index c20abb8..2dd839f 100644
      {
          pgnutls_perror( ret );
          return STATUS_INTERNAL_ERROR;
-@@ -1092,7 +1150,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
+@@ -1088,7 +1146,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
  {
      int ret;
  
@@ -344,7 +344,7 @@ index c20abb8..2dd839f 100644
      {
          pgnutls_perror( ret );
          return STATUS_INTERNAL_ERROR;
-@@ -1105,7 +1163,7 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
+@@ -1101,7 +1159,7 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
  {
      int ret;
  
@@ -353,7 +353,7 @@ index c20abb8..2dd839f 100644
      {
          pgnutls_perror( ret );
          return STATUS_INTERNAL_ERROR;
-@@ -1116,13 +1174,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
+@@ -1112,13 +1170,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
  
  static NTSTATUS key_destroy( struct key *key )
  {
@@ -370,7 +370,7 @@ index c20abb8..2dd839f 100644
  {
      UCHAR *buffer;
  
-@@ -1144,16 +1202,16 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s
+@@ -1141,16 +1199,16 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s
          return STATUS_NOT_SUPPORTED;
      }
  
@@ -394,14 +394,17 @@ index c20abb8..2dd839f 100644
  
      return STATUS_SUCCESS;
  }
-@@ -1164,51 +1222,51 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val
-     return STATUS_NOT_IMPLEMENTED;
+@@ -1192,54 +1250,54 @@ static CCMode get_cryptor_mode( struct key *key )
+     }
  }
  
 -static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
 +static NTSTATUS key_symmetric_set_params( struct key *key, UCHAR *iv, ULONG iv_len )
  {
      CCCryptorStatus status;
+     CCMode mode;
+ 
+     if (!(mode = get_cryptor_mode( key ))) return STATUS_NOT_SUPPORTED;
  
 -    if (key->ref_encrypt)
 +    if (key->u.s.ref_encrypt)
@@ -420,15 +423,15 @@ index c20abb8..2dd839f 100644
 +        key->u.s.ref_decrypt = NULL;
      }
  
-     if ((status = CCCryptorCreateWithMode( kCCEncrypt, kCCModeCBC, kCCAlgorithmAES128, ccNoPadding, iv,
--                                           key->secret, key->secret_len, NULL, 0, 0, 0, &key->ref_encrypt )) != kCCSuccess)
+     if ((status = CCCryptorCreateWithMode( kCCEncrypt, mode, kCCAlgorithmAES128, ccNoPadding, iv, key->secret,
+-                                           key->secret_len, NULL, 0, 0, 0, &key->ref_encrypt )) != kCCSuccess)
 +                                           key->u.s.secret, key->u.s.secret_len, NULL, 0, 0, 0, &key->u.s.ref_encrypt )) != kCCSuccess)
      {
          WARN( "CCCryptorCreateWithMode failed %d\n", status );
          return STATUS_INTERNAL_ERROR;
      }
-     if ((status = CCCryptorCreateWithMode( kCCDecrypt, kCCModeCBC, kCCAlgorithmAES128, ccNoPadding, iv,
--                                           key->secret, key->secret_len, NULL, 0, 0, 0, &key->ref_decrypt )) != kCCSuccess)
+     if ((status = CCCryptorCreateWithMode( kCCDecrypt, mode, kCCAlgorithmAES128, ccNoPadding, iv, key->secret,
+-                                           key->secret_len, NULL, 0, 0, 0, &key->ref_decrypt )) != kCCSuccess)
 +                                           key->u.s.secret, key->u.s.secret_len, NULL, 0, 0, 0, &key->u.s.ref_decrypt )) != kCCSuccess)
      {
          WARN( "CCCryptorCreateWithMode failed %d\n", status );
@@ -460,7 +463,7 @@ index c20abb8..2dd839f 100644
      {
          WARN( "CCCryptorUpdate failed %d\n", status );
          return STATUS_INTERNAL_ERROR;
-@@ -1222,7 +1280,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
+@@ -1253,7 +1311,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le
  {
      CCCryptorStatus status;
  
@@ -469,7 +472,7 @@ index c20abb8..2dd839f 100644
      {
          WARN( "CCCryptorUpdate failed %d\n", status );
          return STATUS_INTERNAL_ERROR;
-@@ -1239,14 +1297,14 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
+@@ -1270,14 +1328,14 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
  
  static NTSTATUS key_destroy( struct key *key )
  {
@@ -488,7 +491,7 @@ index c20abb8..2dd839f 100644
  {
      ERR( "support for keys not available at build time\n" );
      return STATUS_NOT_IMPLEMENTED;
-@@ -1264,19 +1322,19 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
+@@ -1295,19 +1353,19 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
      return STATUS_NOT_IMPLEMENTED;
  }
  
@@ -511,7 +514,7 @@ index c20abb8..2dd839f 100644
                               ULONG output_len  )
  {
      ERR( "support for keys not available at build time\n" );
-@@ -1307,6 +1365,24 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
+@@ -1338,6 +1396,24 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U
      ERR( "support for keys not available at build time\n" );
      return STATUS_NOT_IMPLEMENTED;
  }
@@ -536,7 +539,7 @@ index c20abb8..2dd839f 100644
  #endif
  
  NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE *handle,
-@@ -1328,7 +1404,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
+@@ -1359,7 +1435,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
  
      key->hdr.magic = MAGIC_KEY;
  
@@ -545,7 +548,7 @@ index c20abb8..2dd839f 100644
      {
          heap_free( key );
          return status;
-@@ -1444,19 +1520,30 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+@@ -1475,19 +1551,30 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
      struct key *key = handle;
      ULONG bytes_left = input_len;
      UCHAR *buf, *src, *dst;
@@ -577,7 +580,7 @@ index c20abb8..2dd839f 100644
      {
          BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;
  
-@@ -1467,7 +1554,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+@@ -1498,7 +1585,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
          if (auth_info->dwFlags & BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG)
              FIXME( "call chaining not implemented\n" );
  
@@ -586,7 +589,7 @@ index c20abb8..2dd839f 100644
              return status;
  
          *ret_len = input_len;
-@@ -1475,46 +1562,47 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+@@ -1506,44 +1593,45 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
          if (input && !output) return STATUS_SUCCESS;
          if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
  
@@ -615,10 +618,8 @@ index c20abb8..2dd839f 100644
  
      if (!output) return STATUS_SUCCESS;
      if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
- 
--    if (key->mode == MODE_ID_ECB && iv)
-+    if (mode == MODE_ID_ECB && iv)
-         return STATUS_INVALID_PARAMETER;
+-    if (key->mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER;
++    if (mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER;
  
      src = input;
      dst = output;
@@ -626,7 +627,7 @@ index c20abb8..2dd839f 100644
 +    while (bytes_left >= block_size)
      {
 -        if ((status = key_encrypt( key, src, key->block_size, dst, key->block_size ))) return status;
--        if (key->mode == MODE_ID_ECB && (status = key_set_params( key, iv, iv_len ))) return status;
+-        if (key->mode == MODE_ID_ECB && (status = key_set_params( key, NULL, 0 ))) return status;
 -        bytes_left -= key->block_size;
 -        src += key->block_size;
 -        dst += key->block_size;
@@ -649,7 +650,7 @@ index c20abb8..2dd839f 100644
          heap_free( buf );
      }
  
-@@ -1540,7 +1628,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+@@ -1569,7 +1657,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
          return STATUS_NOT_IMPLEMENTED;
      }
  
@@ -658,7 +659,7 @@ index c20abb8..2dd839f 100644
      {
          BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding;
          UCHAR tag[16];
-@@ -1550,7 +1638,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+@@ -1579,7 +1667,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
          if (!auth_info->pbTag) return STATUS_INVALID_PARAMETER;
          if (auth_info->cbTag < 12 || auth_info->cbTag > 16) return STATUS_INVALID_PARAMETER;
  
@@ -667,7 +668,7 @@ index c20abb8..2dd839f 100644
              return status;
  
          *ret_len = input_len;
-@@ -1558,7 +1646,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+@@ -1587,7 +1675,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
          if (!output) return STATUS_SUCCESS;
          if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
  
@@ -676,7 +677,7 @@ index c20abb8..2dd839f 100644
              return status;
          if ((status = key_decrypt( key, input, input_len, output, output_len )))
              return status;
-@@ -1571,44 +1659,44 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+@@ -1600,42 +1688,42 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
          return STATUS_SUCCESS;
      }
  
@@ -697,12 +698,10 @@ index c20abb8..2dd839f 100644
 +        if (input_len < key->u.s.block_size) return STATUS_BUFFER_TOO_SMALL;
 +        bytes_left -= key->u.s.block_size;
      }
-     else if (output_len < *ret_len)
-         return STATUS_BUFFER_TOO_SMALL;
+     else if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
  
--    if (key->mode == MODE_ID_ECB && iv)
-+    if (key->u.s.mode == MODE_ID_ECB && iv)
-         return STATUS_INVALID_PARAMETER;
+-    if (key->mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER;
++    if (key->u.s.mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER;
  
      src = input;
      dst = output;
@@ -710,7 +709,7 @@ index c20abb8..2dd839f 100644
 +    while (bytes_left >= key->u.s.block_size)
      {
 -        if ((status = key_decrypt( key, src, key->block_size, dst, key->block_size ))) return status;
--        if (key->mode == MODE_ID_ECB && (status = key_set_params( key, iv, iv_len ))) return status;
+-        if (key->mode == MODE_ID_ECB && (status = key_set_params( key, NULL, 0 ))) return status;
 -        bytes_left -= key->block_size;
 -        src += key->block_size;
 -        dst += key->block_size;
@@ -739,5 +738,5 @@ index c20abb8..2dd839f 100644
          else
              status = STATUS_UNSUCCESSFUL; /* FIXME: invalid padding */
 -- 
-1.9.1
+2.16.2
 

patches/bcrypt-Improvements/0032-bcrypt-tests-Add-basic-test-for-ecdsa.patch

@@ -1,109 +0,0 @@
-From 095c654875966c29472ceb56be564f689ad4f22c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Fri, 29 Sep 2017 18:50:04 +0200
-Subject: [PATCH] bcrypt/tests: Add basic test for ecdsa.
-
----
- dlls/bcrypt/tests/bcrypt.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 65 insertions(+)
-
-diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
-index ac5fc36..22a0ffe 100644
---- a/dlls/bcrypt/tests/bcrypt.c
-+++ b/dlls/bcrypt/tests/bcrypt.c
-@@ -50,6 +50,8 @@ static NTSTATUS (WINAPI *pBCryptDestroyKey)(BCRYPT_KEY_HANDLE);
- static NTSTATUS (WINAPI *pBCryptImportKey)(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, BCRYPT_KEY_HANDLE *,
-                                            PUCHAR, ULONG, PUCHAR, ULONG, ULONG);
- static NTSTATUS (WINAPI *pBCryptExportKey)(BCRYPT_KEY_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, PUCHAR, ULONG, ULONG *, ULONG);
-+static NTSTATUS (WINAPI *pBCryptImportKeyPair)(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, BCRYPT_KEY_HANDLE *, UCHAR *, ULONG, ULONG);
-+static NTSTATUS (WINAPI *pBCryptVerifySignature)(BCRYPT_KEY_HANDLE, VOID *, UCHAR *, ULONG, UCHAR *, ULONG, ULONG);
- 
- static void test_BCryptGenRandom(void)
- {
-@@ -1367,6 +1369,66 @@ static void test_key_import_export(void)
-     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
- }
- 
-+static BYTE eccPubkey[] =
-+{
-+    /* X */
-+    0x3b, 0x3c, 0x34, 0xc8, 0x3f, 0x15, 0xea, 0x02, 0x68, 0x46, 0x69, 0xdf, 0x0c, 0xa6, 0xee, 0x7a,
-+    0xd9, 0x82, 0x08, 0x9b, 0x37, 0x53, 0x42, 0xf3, 0x13, 0x63, 0xda, 0x65, 0x79, 0xe8, 0x04, 0x9e,
-+    /* Y */
-+    0x8c, 0x77, 0xc4, 0x33, 0x77, 0xd9, 0x5a, 0x7f, 0x60, 0x7b, 0x98, 0xce, 0xf3, 0x96, 0x56, 0xd6,
-+    0xb5, 0x8d, 0x87, 0x7a, 0x00, 0x2b, 0xf3, 0x70, 0xb3, 0x90, 0x73, 0xa0, 0x56, 0x06, 0x3b, 0x22,
-+};
-+static BYTE certHash[] =
-+{
-+    0x28, 0x19, 0x0f, 0x15, 0x6d, 0x75, 0xcc, 0xcf, 0x62, 0xf1, 0x5e, 0xe6, 0x8a, 0xc3, 0xf0, 0x5d,
-+    0x89, 0x28, 0x2d, 0x48, 0xd8, 0x73, 0x7c, 0x05, 0x05, 0x8e, 0xbc, 0xce, 0x28, 0xb7, 0xba, 0xc9,
-+};
-+static BYTE certSignature[] =
-+{
-+    /* r */
-+    0xd7, 0x29, 0xce, 0x5a, 0xef, 0x74, 0x85, 0xd1, 0x18, 0x5f, 0x6e, 0xf1, 0xba, 0x53, 0xd4, 0xcd,
-+    0xdd, 0xe0, 0x5d, 0xf1, 0x5e, 0x48, 0x51, 0xea, 0x63, 0xc0, 0xe8, 0xe2, 0xf6, 0xfa, 0x4c, 0xaf,
-+    /* s */
-+    0xe3, 0x94, 0x15, 0x3b, 0x6c, 0x71, 0x6e, 0x44, 0x22, 0xcb, 0xa0, 0x88, 0xcd, 0x0a, 0x5a, 0x50,
-+    0x29, 0x7c, 0x5c, 0xd6, 0x6c, 0xd2, 0xe0, 0x7f, 0xcd, 0x02, 0x92, 0x21, 0x4c, 0x2c, 0x92, 0xee,
-+};
-+
-+static void test_ECDSA(void)
-+{
-+    BYTE buffer[sizeof(BCRYPT_ECCKEY_BLOB) + sizeof(eccPubkey)];
-+    BCRYPT_ECCKEY_BLOB *ecckey = (void *)buffer;
-+    BCRYPT_ALG_HANDLE alg = NULL;
-+    BCRYPT_KEY_HANDLE key = NULL;
-+    NTSTATUS status;
-+
-+    status = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_ECDSA_P256_ALGORITHM, NULL, 0);
-+    if (status)
-+    {
-+        todo_wine win_skip("Failed to open ECDSA provider: %08x, skipping test\n", status);
-+        return;
-+    }
-+
-+    ecckey->dwMagic = BCRYPT_ECDSA_PUBLIC_P256_MAGIC;
-+    memcpy(ecckey + 1, eccPubkey, sizeof(eccPubkey));
-+
-+    ecckey->cbKey = 2;
-+    status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, &key, buffer, sizeof(buffer), 0);
-+    ok(status == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", status);
-+
-+    ecckey->cbKey = sizeof(eccPubkey) / 2;
-+    status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, &key, buffer, sizeof(buffer), 0);
-+    ok(!status, "BCryptImportKeyPair failed: %08x\n", status);
-+
-+    status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0);
-+    ok(status == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", status);
-+
-+    status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash), certSignature, sizeof(certSignature), 0);
-+    ok(!status, "BCryptVerifySignature failed: %08x\n", status);
-+
-+    pBCryptDestroyKey(key);
-+    pBCryptCloseAlgorithmProvider(alg, 0);
-+}
-+
- START_TEST(bcrypt)
- {
-     HMODULE module;
-@@ -1397,6 +1459,8 @@ START_TEST(bcrypt)
-     pBCryptDestroyKey = (void *)GetProcAddress(module, "BCryptDestroyKey");
-     pBCryptImportKey = (void *)GetProcAddress(module, "BCryptImportKey");
-     pBCryptExportKey = (void *)GetProcAddress(module, "BCryptExportKey");
-+    pBCryptImportKeyPair = (void *)GetProcAddress(module, "BCryptImportKeyPair");
-+    pBCryptVerifySignature = (void *)GetProcAddress(module, "BCryptVerifySignature");
- 
-     test_BCryptGenRandom();
-     test_BCryptGetFipsAlgorithmMode();
-@@ -1407,6 +1471,7 @@ START_TEST(bcrypt)
-     test_BCryptEncrypt();
-     test_BCryptDecrypt();
-     test_key_import_export();
-+    test_ECDSA();
- 
-     if (pBCryptHash) /* >= Win 10 */
-         test_BcryptHash();
--- 
-1.9.1
-

patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch

@@ -1,4 +1,4 @@
-From 6879933e1a7630c2b8d22f2c0e0d2519c8416d5b Mon Sep 17 00:00:00 2001
+From 02f9996f8a3ebcff59cc3993c579ffc36eafa53f Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Fri, 29 Sep 2017 19:18:58 +0200
 Subject: [PATCH] bcrypt: Implement importing of ecdsa keys.
@@ -6,12 +6,12 @@ Subject: [PATCH] bcrypt: Implement importing of ecdsa keys.
 ---
  dlls/bcrypt/bcrypt.spec    |   4 +-
  dlls/bcrypt/bcrypt_main.c  | 160 +++++++++++++++++++++++++++++++++++++++++++--
- dlls/bcrypt/tests/bcrypt.c |   6 +-
+ dlls/bcrypt/tests/bcrypt.c |   4 +-
  include/bcrypt.h           |   2 +
- 4 files changed, 162 insertions(+), 10 deletions(-)
+ 4 files changed, 161 insertions(+), 9 deletions(-)
 
 diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec
-index 28c2394..78824d7 100644
+index 28c2394ce45..78824d73b39 100644
 --- a/dlls/bcrypt/bcrypt.spec
 +++ b/dlls/bcrypt/bcrypt.spec
 @@ -32,7 +32,7 @@
@@ -33,7 +33,7 @@ index 28c2394..78824d7 100644
  @ stub GetCipherInterface
  @ stub GetHashInterface
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index 2dd839f..b1736fa 100644
+index b1f79d830c2..bae9a4b2663 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
 @@ -220,7 +220,9 @@ enum alg_id
@@ -153,7 +153,7 @@ index 2dd839f..b1736fa 100644
  #endif
  
  #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H)
-@@ -1174,8 +1225,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
+@@ -1170,8 +1221,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
  
  static NTSTATUS key_destroy( struct key *key )
  {
@@ -169,7 +169,7 @@ index 2dd839f..b1736fa 100644
      heap_free( key );
      return STATUS_SUCCESS;
  }
-@@ -1310,6 +1366,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons
+@@ -1341,6 +1397,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons
      return STATUS_NOT_IMPLEMENTED;
  }
  
@@ -182,7 +182,7 @@ index 2dd839f..b1736fa 100644
  static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
  {
      ERR( "support for keys not available at build time\n" );
-@@ -1372,6 +1434,12 @@ static inline BOOL key_is_symmetric( struct key *key )
+@@ -1403,6 +1465,12 @@ static inline BOOL key_is_symmetric( struct key *key )
      return FALSE;
  }
  
@@ -195,7 +195,7 @@ index 2dd839f..b1736fa 100644
  static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode )
  {
      *mode = key->u.s.mode;
-@@ -1503,6 +1571,88 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
+@@ -1534,6 +1602,88 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE
      return STATUS_SUCCESS;
  }
  
@@ -285,19 +285,10 @@ index 2dd839f..b1736fa 100644
  {
      struct key *key = handle;
 diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
-index a262251..d5f08be 100644
+index 57d04882b54..fa244d19249 100644
 --- a/dlls/bcrypt/tests/bcrypt.c
 +++ b/dlls/bcrypt/tests/bcrypt.c
-@@ -1419,7 +1419,7 @@ static void test_ECDSA(void)
-     status = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_ECDSA_P256_ALGORITHM, NULL, 0);
-     if (status)
-     {
--        todo_wine win_skip("Failed to open ECDSA provider: %08x, skipping test\n", status);
-+        win_skip("Failed to open ECDSA provider: %08x, skipping test\n", status);
-         return;
-     }
- 
-@@ -1435,10 +1435,10 @@ static void test_ECDSA(void)
+@@ -1486,10 +1486,10 @@ static void test_ECDSA(void)
      ok(!status, "BCryptImportKeyPair failed: %08x\n", status);
  
      status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0);
@@ -311,7 +302,7 @@ index a262251..d5f08be 100644
      pBCryptDestroyKey(key);
      pBCryptCloseAlgorithmProvider(alg, 0);
 diff --git a/include/bcrypt.h b/include/bcrypt.h
-index 717d77c..f28b0d3 100644
+index 717d77c7319..f28b0d395d1 100644
 --- a/include/bcrypt.h
 +++ b/include/bcrypt.h
 @@ -211,8 +211,10 @@ NTSTATUS WINAPI BCryptGetFipsAlgorithmMode(BOOLEAN *);
@@ -326,5 +317,5 @@ index 717d77c..f28b0d3 100644
  
  #endif  /* __WINE_BCRYPT_H */
 -- 
-1.9.1
+2.16.2
 

patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch

@@ -1,4 +1,4 @@
-From 6b19309d0496fef0d87553b074bd80a487d9cac1 Mon Sep 17 00:00:00 2001
+From 6960c89a6bf588d483211ee16014d6753d682d0e Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Fri, 29 Sep 2017 20:31:00 +0200
 Subject: [PATCH] bcrypt: Implement BCryptVerifySignature for ecdsa signatures.
@@ -9,7 +9,7 @@ Subject: [PATCH] bcrypt: Implement BCryptVerifySignature for ecdsa signatures.
  2 files changed, 337 insertions(+), 10 deletions(-)
 
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index c1a5114..057a27d 100644
+index bae9a4b2663..593a806c612 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
 @@ -27,6 +27,7 @@
@@ -125,7 +125,7 @@ index c1a5114..057a27d 100644
  
      if (TRACE_ON( bcrypt ))
      {
-@@ -1246,6 +1300,264 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
+@@ -1219,6 +1273,264 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
      return STATUS_SUCCESS;
  }
  
@@ -390,7 +390,7 @@ index c1a5114..057a27d 100644
  static NTSTATUS key_destroy( struct key *key )
  {
      if(key_is_symmetric(key))
-@@ -1399,6 +1711,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
+@@ -1382,6 +1694,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
      return STATUS_NOT_IMPLEMENTED;
  }
  
@@ -404,7 +404,7 @@ index c1a5114..057a27d 100644
  static NTSTATUS key_destroy( struct key *key )
  {
      iif (key->u.s.ref_encrypt) CCCryptorRelease( key->u.s.ref_encrypt );
-@@ -1464,6 +1783,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
+@@ -1447,6 +1766,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len )
      return STATUS_NOT_IMPLEMENTED;
  }
  
@@ -418,7 +418,7 @@ index c1a5114..057a27d 100644
  static NTSTATUS key_destroy( struct key *key )
  {
      ERR( "support for keys not available at build time\n" );
-@@ -1674,13 +2000,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding,
+@@ -1675,13 +2001,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding,
  {
      struct key *key = handle;
  
@@ -436,10 +436,10 @@ index c1a5114..057a27d 100644
  
  NTSTATUS WINAPI BCryptDestroyKey( BCRYPT_KEY_HANDLE handle )
 diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
-index 73d3325..d0bc52d 100644
+index fa244d19249..57d04882b54 100644
 --- a/dlls/bcrypt/tests/bcrypt.c
 +++ b/dlls/bcrypt/tests/bcrypt.c
-@@ -1420,10 +1420,10 @@ static void test_ECDSA(void)
+@@ -1486,10 +1486,10 @@ static void test_ECDSA(void)
      ok(!status, "BCryptImportKeyPair failed: %08x\n", status);
  
      status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0);
@@ -453,5 +453,5 @@ index 73d3325..d0bc52d 100644
      pBCryptDestroyKey(key);
      pBCryptCloseAlgorithmProvider(alg, 0);
 -- 
-1.9.1
+2.16.2
 

patches/bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch

@@ -1,4 +1,4 @@
-From 53cb3911bc744414e3f0dce3e33ccad2bbd507e7 Mon Sep 17 00:00:00 2001
+From 26c14820b2293bf466191b655a515ddfb0814f55 Mon Sep 17 00:00:00 2001
 From: Kimmo Myllyvirta <kimmo.myllyvirta@gmail.com>
 Date: Tue, 10 Oct 2017 16:40:41 +0300
 Subject: [PATCH] bcrypt: Initial implementation for RSA key import and
@@ -10,7 +10,7 @@ Subject: [PATCH] bcrypt: Initial implementation for RSA key import and
  2 files changed, 135 insertions(+), 10 deletions(-)
 
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index 057a27d..f858bec 100644
+index 593a806c612..e30e52b8b68 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
 @@ -77,6 +77,9 @@ static int (*pgnutls_pubkey_verify_hash2)(gnutls_pubkey_t key, gnutls_sign_algor
@@ -71,7 +71,7 @@ index 057a27d..f858bec 100644
      else if (!strcmpW( id, BCRYPT_SHA1_ALGORITHM )) alg_id = ALG_ID_SHA1;
      else if (!strcmpW( id, BCRYPT_SHA256_ALGORITHM )) alg_id = ALG_ID_SHA256;
      else if (!strcmpW( id, BCRYPT_SHA384_ALGORITHM )) alg_id = ALG_ID_SHA384;
-@@ -1132,6 +1148,7 @@ static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, con
+@@ -1080,6 +1096,7 @@ static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, con
      {
      case ALG_ID_ECDSA_P256:
      case ALG_ID_ECDSA_P384:
@@ -79,7 +79,7 @@ index 057a27d..f858bec 100644
          break;
  
      default:
-@@ -1446,6 +1463,34 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut
+@@ -1419,6 +1436,34 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut
      return STATUS_SUCCESS;
  }
  
@@ -114,7 +114,7 @@ index 057a27d..f858bec 100644
  static NTSTATUS import_gnutls_pubkey( struct key *key,  gnutls_pubkey_t *gnutls_key)
  {
      switch (key->alg_id)
-@@ -1453,6 +1498,8 @@ static NTSTATUS import_gnutls_pubkey( struct key *key,  gnutls_pubkey_t *gnutls_
+@@ -1426,6 +1471,8 @@ static NTSTATUS import_gnutls_pubkey( struct key *key,  gnutls_pubkey_t *gnutls_
          case ALG_ID_ECDSA_P256:
          case ALG_ID_ECDSA_P384:
              return import_gnutls_pubkey_ecc( key, gnutls_key );
@@ -123,7 +123,7 @@ index 057a27d..f858bec 100644
  
          default:
              FIXME("Algorithm %d not yet supported\n", key->alg_id);
-@@ -1482,6 +1529,14 @@ static NTSTATUS prepare_gnutls_signature_ecc( struct key *key, UCHAR *signature,
+@@ -1455,6 +1502,14 @@ static NTSTATUS prepare_gnutls_signature_ecc( struct key *key, UCHAR *signature,
      return STATUS_SUCCESS;
  }
  
@@ -138,7 +138,7 @@ index 057a27d..f858bec 100644
  static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULONG signature_len,
                                            gnutls_datum_t *gnutls_signature )
  {
-@@ -1490,6 +1545,8 @@ static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULO
+@@ -1463,6 +1518,8 @@ static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULO
          case ALG_ID_ECDSA_P256:
          case ALG_ID_ECDSA_P384:
              return prepare_gnutls_signature_ecc( key, signature, signature_len, gnutls_signature );
@@ -147,7 +147,7 @@ index 057a27d..f858bec 100644
  
          default:
              FIXME( "Algorithm %d not yet supported\n", key->alg_id );
-@@ -1508,18 +1565,38 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
+@@ -1481,18 +1538,38 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
      NTSTATUS status;
      int ret;
  
@@ -156,12 +156,12 @@ index 057a27d..f858bec 100644
 +    if (key->alg_id == ALG_ID_RSA)
 +    {
 +        BCRYPT_PKCS1_PADDING_INFO *pinfo = (BCRYPT_PKCS1_PADDING_INFO *)padding;
++
++        if (!(flags & BCRYPT_PAD_PKCS1) || !pinfo) return STATUS_INVALID_PARAMETER;
++        if (!pinfo->pszAlgId) return STATUS_INVALID_SIGNATURE;
  
 -    /* only the hash size must match, not the actual hash function */
 -    switch (hash_len)
-+        if (!(flags & BCRYPT_PAD_PKCS1) || !pinfo) return STATUS_INVALID_PARAMETER;
-+        if (!pinfo->pszAlgId) return STATUS_INVALID_SIGNATURE;
-+
 +        if (!strcmpW( pinfo->pszAlgId, BCRYPT_SHA1_ALGORITHM )) hash_algo = GNUTLS_DIG_SHA1;
 +        else if (!strcmpW( pinfo->pszAlgId, BCRYPT_SHA256_ALGORITHM )) hash_algo = GNUTLS_DIG_SHA256;
 +        else if (!strcmpW( pinfo->pszAlgId, BCRYPT_SHA384_ALGORITHM )) hash_algo = GNUTLS_DIG_SHA384;
@@ -195,7 +195,7 @@ index 057a27d..f858bec 100644
      }
  
      switch (key->alg_id)
-@@ -1528,6 +1605,9 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
+@@ -1501,6 +1578,9 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
          case ALG_ID_ECDSA_P384:
              pk_algo = GNUTLS_PK_ECC;
              break;
@@ -205,7 +205,7 @@ index 057a27d..f858bec 100644
  
          default:
              FIXME( "Algorithm %d not yet supported\n", key->alg_id );
-@@ -1553,7 +1633,8 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
+@@ -1526,7 +1606,8 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha
      gnutls_hash.size = hash_len;
      ret = pgnutls_pubkey_verify_hash2( gnutls_key, sign_algo, 0, &gnutls_hash, &gnutls_signature );
  
@@ -215,7 +215,7 @@ index 057a27d..f858bec 100644
      pgnutls_pubkey_deinit( gnutls_key );
      return (ret < 0) ? STATUS_INVALID_SIGNATURE : STATUS_SUCCESS;
  }
-@@ -1990,6 +2071,33 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN
+@@ -1991,6 +2072,33 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN
          *ret_key = key;
          return STATUS_SUCCESS;
      }
@@ -250,7 +250,7 @@ index 057a27d..f858bec 100644
      FIXME( "unsupported key type %s\n", debugstr_w(type) );
      return STATUS_NOT_SUPPORTED;
 diff --git a/include/bcrypt.h b/include/bcrypt.h
-index f28b0d3..df54f62 100644
+index f28b0d395d1..df54f621fa7 100644
 --- a/include/bcrypt.h
 +++ b/include/bcrypt.h
 @@ -63,6 +63,8 @@ typedef LONG NTSTATUS;
@@ -292,5 +292,5 @@ index f28b0d3..df54f62 100644
  {
      LPCWSTR pszAlgId;
 -- 
-1.9.1
+2.16.2
 

patches/bcrypt-Improvements/0036-bcrypt-tests-Add-simple-test-for-RSA.patch

@@ -1,4 +1,4 @@
-From 40c9ce94bf6975c77741669a86136935303a138e Mon Sep 17 00:00:00 2001
+From fef95e1d96adc99a5767328c4b0b85f68a1e9af3 Mon Sep 17 00:00:00 2001
 From: Kimmo Myllyvirta <kimmo.myllyvirta@gmail.com>
 Date: Tue, 10 Oct 2017 16:41:09 +0300
 Subject: [PATCH] bcrypt/tests: Add simple test for RSA.
@@ -12,10 +12,10 @@ Based on patch from Bernhard Übelacker.
  1 file changed, 95 insertions(+)
 
 diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
-index d0bc52d..feb74c4 100644
+index 57d04882b54..7d59f6d4c1d 100644
 --- a/dlls/bcrypt/tests/bcrypt.c
 +++ b/dlls/bcrypt/tests/bcrypt.c
-@@ -1429,6 +1429,100 @@ static void test_ECDSA(void)
+@@ -1495,6 +1495,100 @@ static void test_ECDSA(void)
      pBCryptCloseAlgorithmProvider(alg, 0);
  }
  
@@ -116,7 +116,7 @@ index d0bc52d..feb74c4 100644
  START_TEST(bcrypt)
  {
      HMODULE module;
-@@ -1472,6 +1566,7 @@ START_TEST(bcrypt)
+@@ -1538,6 +1632,7 @@ START_TEST(bcrypt)
      test_BCryptDecrypt();
      test_key_import_export();
      test_ECDSA();
@@ -125,5 +125,5 @@ index d0bc52d..feb74c4 100644
      if (pBCryptHash) /* >= Win 10 */
          test_BcryptHash();
 -- 
-1.9.1
+2.16.2
 

patches/bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch

@@ -1,4 +1,4 @@
-From 8a9bfbd2670fb200c280a73addc0fb012f5576ce Mon Sep 17 00:00:00 2001
+From 951414bb416ebf3858ec79df87441025d842bf47 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Sat, 14 Oct 2017 22:44:13 +0200
 Subject: [PATCH] bcrypt: Store full ECCKEY_BLOB struct in BCryptImportKeyPair.
@@ -8,10 +8,10 @@ Subject: [PATCH] bcrypt: Store full ECCKEY_BLOB struct in BCryptImportKeyPair.
  1 file changed, 7 insertions(+), 5 deletions(-)
 
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index 131082a..9443d04 100644
+index e30e52b8b68..733e608e1ee 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
-@@ -1405,6 +1405,7 @@ static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len,
+@@ -1401,6 +1401,7 @@ static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len,
  
  static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnutls_key )
  {
@@ -19,7 +19,7 @@ index 131082a..9443d04 100644
      gnutls_ecc_curve_t curve;
      gnutls_datum_t x, y;
      int ret;
-@@ -1425,10 +1426,11 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut
+@@ -1421,10 +1422,11 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut
          return STATUS_INTERNAL_ERROR;
      }
  
@@ -35,7 +35,7 @@ index 131082a..9443d04 100644
  
      if ((ret = pgnutls_pubkey_import_ecc_raw( *gnutls_key, curve, &x, &y )))
      {
-@@ -2032,7 +2034,7 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN
+@@ -2063,7 +2065,7 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN
              return STATUS_NO_MEMORY;
  
          key->hdr.magic = MAGIC_KEY;
@@ -45,5 +45,5 @@ index 131082a..9443d04 100644
              heap_free( key );
              return status;
 -- 
-1.9.1
+2.16.2
 

patches/patchinstall.sh

@@ -52,7 +52,7 @@ usage()
 # Get the upstream commit sha
 upstream_commit()
 {
-	echo "afef57f872433bcd3032c2ccbc0453bef5b62178"
+	echo "5946973021285dd6ecb8df224956fea4817f8fed"
 }
 
 # Show version information
@@ -2982,10 +2982,7 @@ fi
 # |
 if test "$enable_bcrypt_Improvements" -eq 1; then
 	patch_apply bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch
-	patch_apply bcrypt-Improvements/0026-bcrypt-Implement-support-for-ECB-chain-mode.patch
-	patch_apply bcrypt-Improvements/0029-bcrypt-Add-support-for-192-and-256-bit-aes-keys.patch
 	patch_apply bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch
-	patch_apply bcrypt-Improvements/0032-bcrypt-tests-Add-basic-test-for-ecdsa.patch
 	patch_apply bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch
 	patch_apply bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch
 	patch_apply bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch
@@ -2993,10 +2990,7 @@ if test "$enable_bcrypt_Improvements" -eq 1; then
 	patch_apply bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch
 	(
 		printf '%s\n' '+    { "Sebastian Lackner", "bcrypt: Avoid crash in tests when compiling without gnutls support.", 1 },';
-		printf '%s\n' '+    { "Sebastian Lackner", "bcrypt: Implement support for ECB chain mode.", 1 },';
-		printf '%s\n' '+    { "Michael Müller", "bcrypt: Add support for 192 and 256 bit aes keys.", 1 },';
 		printf '%s\n' '+    { "Michael Müller", "bcrypt: Preparation for asymmetric keys.", 1 },';
-		printf '%s\n' '+    { "Michael Müller", "bcrypt/tests: Add basic test for ecdsa.", 1 },';
 		printf '%s\n' '+    { "Michael Müller", "bcrypt: Implement importing of ecdsa keys.", 1 },';
 		printf '%s\n' '+    { "Michael Müller", "bcrypt: Implement BCryptVerifySignature for ecdsa signatures.", 1 },';
 		printf '%s\n' '+    { "Kimmo Myllyvirta", "bcrypt: Initial implementation for RSA key import and signature verification.", 1 },';