diff --git a/patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch b/patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch deleted file mode 100644 index e99b318d..00000000 --- a/patches/bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch +++ /dev/null @@ -1,39 +0,0 @@ -From fc180bdd73c68e855e82b2b285b9b4b16ec8ccad Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Mon, 26 Dec 2016 16:20:57 +0100 -Subject: [PATCH] bcrypt: Avoid crash in tests when compiling without gnutls - support. - ---- - dlls/bcrypt/bcrypt_main.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 69d5129a7d4..978a31fd48e 100644 ---- a/dlls/bcrypt/bcrypt_main.c -+++ b/dlls/bcrypt/bcrypt_main.c -@@ -1351,9 +1351,12 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ - TRACE( "%p, %p, %p, %u, %p, %u, %08x\n", algorithm, handle, object, object_len, secret, secret_len, flags ); - - if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; -+ if (!handle) return STATUS_INVALID_PARAMETER; - if (object) FIXME( "ignoring object buffer\n" ); - -+ *handle = NULL; - if (!(key = heap_alloc( sizeof(*key) ))) return STATUS_NO_MEMORY; -+ - key->hdr.magic = MAGIC_KEY; - - if ((status = key_init( key, alg, secret, secret_len ))) -@@ -1441,6 +1444,8 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE - - if (!key_orig || key_orig->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE; - if (!handle_copy) return STATUS_INVALID_PARAMETER; -+ -+ *handle_copy = NULL; - if (!(key_copy = heap_alloc( sizeof(*key_copy) ))) return STATUS_NO_MEMORY; - - if ((status = key_duplicate( key_orig, key_copy ))) --- -2.16.2 - diff --git a/patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch b/patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch deleted file mode 100644 index fe0c5f82..00000000 --- a/patches/bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch +++ /dev/null @@ -1,742 +0,0 @@ -From 1f6a9a71c832ecb076604f15abdfa502af37d4dd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20M=C3=BCller?= -Date: Fri, 29 Sep 2017 18:31:55 +0200 -Subject: [PATCH] bcrypt: Preparation for asymmetric keys. - ---- - dlls/bcrypt/bcrypt_main.c | 346 +++++++++++++++++++++++++++++----------------- - 1 file changed, 217 insertions(+), 129 deletions(-) - -diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 978a31fd48e..b1f79d830c2 100644 ---- a/dlls/bcrypt/bcrypt_main.c -+++ b/dlls/bcrypt/bcrypt_main.c -@@ -238,16 +238,17 @@ static const struct { - ULONG hash_length; - ULONG block_bits; - const WCHAR *alg_name; -+ BOOL symmetric; - } alg_props[] = { -- /* ALG_ID_AES */ { 654, 0, 0, BCRYPT_AES_ALGORITHM }, -- /* ALG_ID_MD2 */ { 270, 16, 128, BCRYPT_MD2_ALGORITHM }, -- /* ALG_ID_MD4 */ { 270, 16, 512, BCRYPT_MD4_ALGORITHM }, -- /* ALG_ID_MD5 */ { 274, 16, 512, BCRYPT_MD5_ALGORITHM }, -- /* ALG_ID_RNG */ { 0, 0, 0, BCRYPT_RNG_ALGORITHM }, -- /* ALG_ID_SHA1 */ { 278, 20, 512, BCRYPT_SHA1_ALGORITHM }, -- /* ALG_ID_SHA256 */ { 286, 32, 512, BCRYPT_SHA256_ALGORITHM }, -- /* ALG_ID_SHA384 */ { 382, 48, 1024, BCRYPT_SHA384_ALGORITHM }, -- /* ALG_ID_SHA512 */ { 382, 64, 1024, BCRYPT_SHA512_ALGORITHM } -+ /* ALG_ID_AES */ { 654, 0, 0, BCRYPT_AES_ALGORITHM, TRUE }, -+ /* ALG_ID_MD2 */ { 270, 16, 128, BCRYPT_MD2_ALGORITHM, FALSE }, -+ /* ALG_ID_MD4 */ { 270, 16, 512, BCRYPT_MD4_ALGORITHM, FALSE }, -+ /* ALG_ID_MD5 */ { 274, 16, 512, BCRYPT_MD5_ALGORITHM, FALSE }, -+ /* ALG_ID_RNG */ { 0, 0, 0, BCRYPT_RNG_ALGORITHM, FALSE }, -+ /* ALG_ID_SHA1 */ { 278, 20, 512, BCRYPT_SHA1_ALGORITHM, FALSE }, -+ /* ALG_ID_SHA256 */ { 286, 32, 512, BCRYPT_SHA256_ALGORITHM, FALSE }, -+ /* ALG_ID_SHA384 */ { 382, 48, 1024, BCRYPT_SHA384_ALGORITHM, FALSE }, -+ /* ALG_ID_SHA512 */ { 382, 64, 1024, BCRYPT_SHA512_ALGORITHM, FALSE } - }; - - struct algorithm -@@ -856,21 +857,28 @@ NTSTATUS WINAPI BCryptHash( BCRYPT_ALG_HANDLE algorithm, UCHAR *secret, ULONG se - } - - #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) --struct key -+struct key_symmetric - { -- struct object hdr; -- enum alg_id alg_id; - enum mode_id mode; - ULONG block_size; - gnutls_cipher_hd_t handle; - UCHAR *secret; - ULONG secret_len; - }; --#elif defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 -+ - struct key - { -- struct object hdr; -- enum alg_id alg_id; -+ struct object hdr; -+ enum alg_id alg_id; -+ union -+ { -+ struct key_symmetric s; -+ } u; -+}; -+ -+#elif defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 -+struct key_symmetric -+{ - enum mode_id mode; - ULONG block_size; - CCCryptorRef ref_encrypt; -@@ -878,16 +886,56 @@ struct key - UCHAR *secret; - ULONG secret_len; - }; --#else -+ - struct key - { -- struct object hdr; -+ struct object hdr; -+ enum alg_id alg_id; -+ union -+ { -+ struct key_symmetric s; -+ } u; -+}; -+#else -+struct key_symmetric -+{ - enum mode_id mode; - ULONG block_size; - }; -+ -+struct key -+{ -+ struct object hdr; -+ union -+ { -+ struct key_symmetric s; -+ } u; -+}; - #endif - - #if defined(HAVE_GNUTLS_CIPHER_INIT) || defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 -+static inline BOOL key_is_symmetric( struct key *key ) -+{ -+ return alg_props[key->alg_id].symmetric; -+} -+ -+static inline BOOL key_is_asymmetric( struct key *key ) -+{ -+ return !alg_props[key->alg_id].symmetric; -+} -+ -+static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode ) -+{ -+ *mode = key->u.s.mode; -+ return STATUS_SUCCESS; -+} -+ -+static NTSTATUS key_symmetric_get_blocksize( struct key *key, ULONG *size ) -+{ -+ *size = key->u.s.block_size; -+ return STATUS_SUCCESS; -+} -+ - static ULONG get_block_size( struct algorithm *alg ) - { - ULONG ret = 0, size = sizeof(ret); -@@ -900,15 +948,15 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U - if (!strcmpW( type, BCRYPT_KEY_DATA_BLOB )) - { - BCRYPT_KEY_DATA_BLOB_HEADER *header = (BCRYPT_KEY_DATA_BLOB_HEADER *)output; -- ULONG req_size = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + key->secret_len; -+ ULONG req_size = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + key->u.s.secret_len; - - *size = req_size; - if (output_len < req_size) return STATUS_BUFFER_TOO_SMALL; - - header->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC; - header->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1; -- header->cbKeyData = key->secret_len; -- memcpy( &header[1], key->secret, key->secret_len ); -+ header->cbKeyData = key->u.s.secret_len; -+ memcpy( &header[1], key->u.s.secret, key->u.s.secret_len ); - return STATUS_SUCCESS; - } - -@@ -920,23 +968,33 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) - { - UCHAR *buffer; - -- if (!(buffer = heap_alloc( key_orig->secret_len ))) return STATUS_NO_MEMORY; -- memcpy( buffer, key_orig->secret, key_orig->secret_len ); -+ key_copy->hdr = key_orig->hdr; -+ key_copy->alg_id = key_orig->alg_id; - -- memset( key_copy, 0, sizeof(*key_copy) ); -- key_copy->hdr = key_orig->hdr; -- key_copy->alg_id = key_orig->alg_id; -- key_copy->mode = key_orig->mode; -- key_copy->block_size = key_orig->block_size; -- key_copy->secret = buffer; -- key_copy->secret_len = key_orig->secret_len; -+ if (key_is_symmetric(key_orig)) -+ { -+ if (!(buffer = heap_alloc( key_orig->u.s.secret_len ))) return STATUS_NO_MEMORY; -+ memcpy( buffer, key_orig->u.s.secret, key_orig->u.s.secret_len ); -+ -+ memset( key_copy, 0, sizeof(*key_copy) ); -+ key_copy->hdr = key_orig->hdr; -+ key_copy->alg_id = key_orig->alg_id; -+ key_copy->u.s.mode = key_orig->u.s.mode; -+ key_copy->u.s.block_size = key_orig->u.s.block_size; -+ key_copy->u.s.secret = buffer; -+ key_copy->u.s.secret_len = key_orig->u.s.secret_len; -+ } -+ else -+ { -+ return STATUS_NOT_IMPLEMENTED; -+ } - - return STATUS_SUCCESS; - } - #endif - - #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) --static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len ) -+static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len ) - { - UCHAR *buffer; - -@@ -952,15 +1010,15 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s - return STATUS_NOT_SUPPORTED; - } - -- if (!(key->block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER; -+ if (!(key->u.s.block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER; - if (!(buffer = heap_alloc( secret_len ))) return STATUS_NO_MEMORY; - memcpy( buffer, secret, secret_len ); - -- key->alg_id = alg->id; -- key->mode = alg->mode; -- key->handle = 0; /* initialized on first use */ -- key->secret = buffer; -- key->secret_len = secret_len; -+ key->alg_id = alg->id; -+ key->u.s.mode = alg->mode; -+ key->u.s.handle = 0; /* initialized on first use */ -+ key->u.s.secret = buffer; -+ key->u.s.secret_len = secret_len; - - return STATUS_SUCCESS; - } -@@ -971,17 +1029,17 @@ static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *val - { - if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_ECB, size )) - { -- key->mode = MODE_ID_ECB; -+ key->u.s.mode = MODE_ID_ECB; - return STATUS_SUCCESS; - } - else if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size )) - { -- key->mode = MODE_ID_CBC; -+ key->u.s.mode = MODE_ID_CBC; - return STATUS_SUCCESS; - } - else if (!strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_GCM, size )) - { -- key->mode = MODE_ID_GCM; -+ key->u.s.mode = MODE_ID_GCM; - return STATUS_SUCCESS; - } - else -@@ -1001,22 +1059,22 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) - { - case ALG_ID_AES: - WARN( "handle block size\n" ); -- switch (key->mode) -+ switch (key->u.s.mode) - { - case MODE_ID_GCM: -- if (key->secret_len == 16) return GNUTLS_CIPHER_AES_128_GCM; -- if (key->secret_len == 32) return GNUTLS_CIPHER_AES_256_GCM; -+ if (key->u.s.secret_len == 16) return GNUTLS_CIPHER_AES_128_GCM; -+ if (key->u.s.secret_len == 32) return GNUTLS_CIPHER_AES_256_GCM; - break; - case MODE_ID_ECB: /* can be emulated with CBC + empty IV */ - case MODE_ID_CBC: -- if (key->secret_len == 16) return GNUTLS_CIPHER_AES_128_CBC; -- if (key->secret_len == 24) return GNUTLS_CIPHER_AES_192_CBC; -- if (key->secret_len == 32) return GNUTLS_CIPHER_AES_256_CBC; -+ if (key->u.s.secret_len == 16) return GNUTLS_CIPHER_AES_128_CBC; -+ if (key->u.s.secret_len == 24) return GNUTLS_CIPHER_AES_192_CBC; -+ if (key->u.s.secret_len == 32) return GNUTLS_CIPHER_AES_256_CBC; - break; - default: - break; - } -- FIXME( "aes mode %u with key length %u not supported\n", key->mode, key->secret_len ); -+ FIXME( "aes mode %u with key length %u not supported\n", key->u.s.mode, key->u.s.secret_len ); - return GNUTLS_CIPHER_UNKNOWN; - default: - FIXME( "algorithm %u not supported\n", key->alg_id ); -@@ -1024,30 +1082,30 @@ static gnutls_cipher_algorithm_t get_gnutls_cipher( const struct key *key ) - } - } - --static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) -+static NTSTATUS key_symmetric_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) - { - gnutls_cipher_algorithm_t cipher; - gnutls_datum_t secret, vector; - int ret; - -- if (key->handle) -+ if (key->u.s.handle) - { -- pgnutls_cipher_deinit( key->handle ); -- key->handle = NULL; -+ pgnutls_cipher_deinit( key->u.s.handle ); -+ key->u.s.handle = NULL; - } - - if ((cipher = get_gnutls_cipher( key )) == GNUTLS_CIPHER_UNKNOWN) - return STATUS_NOT_SUPPORTED; - -- secret.data = key->secret; -- secret.size = key->secret_len; -+ secret.data = key->u.s.secret; -+ secret.size = key->u.s.secret_len; - if (iv) - { - vector.data = iv; - vector.size = iv_len; - } - -- if ((ret = pgnutls_cipher_init( &key->handle, cipher, &secret, iv ? &vector : NULL ))) -+ if ((ret = pgnutls_cipher_init( &key->u.s.handle, cipher, &secret, &vector ))) - { - pgnutls_perror( ret ); - return STATUS_INTERNAL_ERROR; -@@ -1056,11 +1114,11 @@ static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) - return STATUS_SUCCESS; - } - --static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len ) -+static NTSTATUS key_symmetric_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len ) - { - int ret; - -- if ((ret = pgnutls_cipher_add_auth( key->handle, auth_data, len ))) -+ if ((ret = pgnutls_cipher_add_auth( key->u.s.handle, auth_data, len ))) - { - pgnutls_perror( ret ); - return STATUS_INTERNAL_ERROR; -@@ -1069,12 +1127,12 @@ static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len - return STATUS_SUCCESS; - } - --static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, -+static NTSTATUS key_symmetric_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, - ULONG output_len ) - { - int ret; - -- if ((ret = pgnutls_cipher_encrypt2( key->handle, input, input_len, output, output_len ))) -+ if ((ret = pgnutls_cipher_encrypt2( key->u.s.handle, input, input_len, output, output_len ))) - { - pgnutls_perror( ret ); - return STATUS_INTERNAL_ERROR; -@@ -1088,7 +1146,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le - { - int ret; - -- if ((ret = pgnutls_cipher_decrypt2( key->handle, input, input_len, output, output_len ))) -+ if ((ret = pgnutls_cipher_decrypt2( key->u.s.handle, input, input_len, output, output_len ))) - { - pgnutls_perror( ret ); - return STATUS_INTERNAL_ERROR; -@@ -1101,7 +1159,7 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) - { - int ret; - -- if ((ret = pgnutls_cipher_tag( key->handle, tag, len ))) -+ if ((ret = pgnutls_cipher_tag( key->u.s.handle, tag, len ))) - { - pgnutls_perror( ret ); - return STATUS_INTERNAL_ERROR; -@@ -1112,13 +1170,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) - - static NTSTATUS key_destroy( struct key *key ) - { -- if (key->handle) pgnutls_cipher_deinit( key->handle ); -- heap_free( key->secret ); -+ if (key->u.s.handle) pgnutls_cipher_deinit( key->u.s.handle ); -+ heap_free( key->u.s.secret ); - heap_free( key ); - return STATUS_SUCCESS; - } - #elif defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) && MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 --static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len ) -+static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len ) - { - UCHAR *buffer; - -@@ -1141,16 +1199,16 @@ static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *s - return STATUS_NOT_SUPPORTED; - } - -- if (!(key->block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER; -+ if (!(key->u.s.block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER; - if (!(buffer = heap_alloc( secret_len ))) return STATUS_NO_MEMORY; - memcpy( buffer, secret, secret_len ); - -- key->alg_id = alg->id; -- key->mode = alg->mode; -- key->ref_encrypt = NULL; /* initialized on first use */ -- key->ref_decrypt = NULL; -- key->secret = buffer; -- key->secret_len = secret_len; -+ key->alg_id = alg->id; -+ key->u.s.mode = alg->mode; -+ key->u.s.ref_encrypt = NULL; /* initialized on first use */ -+ key->u.s.ref_decrypt = NULL; -+ key->u.s.secret = buffer; -+ key->u.s.secret_len = secret_len; - - return STATUS_SUCCESS; - } -@@ -1192,54 +1250,54 @@ static CCMode get_cryptor_mode( struct key *key ) - } - } - --static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) -+static NTSTATUS key_symmetric_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) - { - CCCryptorStatus status; - CCMode mode; - - if (!(mode = get_cryptor_mode( key ))) return STATUS_NOT_SUPPORTED; - -- if (key->ref_encrypt) -+ if (key->u.s.ref_encrypt) - { -- CCCryptorRelease( key->ref_encrypt ); -- key->ref_encrypt = NULL; -+ CCCryptorRelease( key->u.s.ref_encrypt ); -+ key->u.s.ref_encrypt = NULL; - } -- if (key->ref_decrypt) -+ if (key->u.s.ref_decrypt) - { -- CCCryptorRelease( key->ref_decrypt ); -- key->ref_decrypt = NULL; -+ CCCryptorRelease( key->u.s.ref_decrypt ); -+ key->u.s.ref_decrypt = NULL; - } - - if ((status = CCCryptorCreateWithMode( kCCEncrypt, mode, kCCAlgorithmAES128, ccNoPadding, iv, key->secret, -- key->secret_len, NULL, 0, 0, 0, &key->ref_encrypt )) != kCCSuccess) -+ key->u.s.secret, key->u.s.secret_len, NULL, 0, 0, 0, &key->u.s.ref_encrypt )) != kCCSuccess) - { - WARN( "CCCryptorCreateWithMode failed %d\n", status ); - return STATUS_INTERNAL_ERROR; - } - if ((status = CCCryptorCreateWithMode( kCCDecrypt, mode, kCCAlgorithmAES128, ccNoPadding, iv, key->secret, -- key->secret_len, NULL, 0, 0, 0, &key->ref_decrypt )) != kCCSuccess) -+ key->u.s.secret, key->u.s.secret_len, NULL, 0, 0, 0, &key->u.s.ref_decrypt )) != kCCSuccess) - { - WARN( "CCCryptorCreateWithMode failed %d\n", status ); -- CCCryptorRelease( key->ref_encrypt ); -- key->ref_encrypt = NULL; -+ CCCryptorRelease( key->u.s.ref_encrypt ); -+ key->u.s.ref_encrypt = NULL; - return STATUS_INTERNAL_ERROR; - } - - return STATUS_SUCCESS; - } - --static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len ) -+static NTSTATUS key_symmetric_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len ) - { - FIXME( "not implemented on Mac\n" ); - return STATUS_NOT_IMPLEMENTED; - } - --static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, -+static NTSTATUS key_symmetric_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, - ULONG output_len ) - { - CCCryptorStatus status; - -- if ((status = CCCryptorUpdate( key->ref_encrypt, input, input_len, output, output_len, NULL )) != kCCSuccess) -+ if ((status = CCCryptorUpdate( key->u.s.ref_encrypt, input, input_len, output, output_len, NULL )) != kCCSuccess) - { - WARN( "CCCryptorUpdate failed %d\n", status ); - return STATUS_INTERNAL_ERROR; -@@ -1253,7 +1311,7 @@ static NTSTATUS key_decrypt( struct key *key, const UCHAR *input, ULONG input_le - { - CCCryptorStatus status; - -- if ((status = CCCryptorUpdate( key->ref_decrypt, input, input_len, output, output_len, NULL )) != kCCSuccess) -+ if ((status = CCCryptorUpdate( key->u.s.ref_decrypt, input, input_len, output, output_len, NULL )) != kCCSuccess) - { - WARN( "CCCryptorUpdate failed %d\n", status ); - return STATUS_INTERNAL_ERROR; -@@ -1270,14 +1328,14 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) - - static NTSTATUS key_destroy( struct key *key ) - { -- if (key->ref_encrypt) CCCryptorRelease( key->ref_encrypt ); -- if (key->ref_decrypt) CCCryptorRelease( key->ref_decrypt ); -- heap_free( key->secret ); -+ iif (key->u.s.ref_encrypt) CCCryptorRelease( key->u.s.ref_encrypt ); -+ if (key->u.s.ref_decrypt) CCCryptorRelease( key->u.s.ref_decrypt ); -+ heap_free( key->u.s.secret ); - heap_free( key ); - return STATUS_SUCCESS; - } - #else --static NTSTATUS key_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len ) -+static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, const UCHAR *secret, ULONG secret_len ) - { - ERR( "support for keys not available at build time\n" ); - return STATUS_NOT_IMPLEMENTED; -@@ -1295,19 +1353,19 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) - return STATUS_NOT_IMPLEMENTED; - } - --static NTSTATUS key_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) -+static NTSTATUS key_symmetric_set_params( struct key *key, UCHAR *iv, ULONG iv_len ) - { - ERR( "support for keys not available at build time\n" ); - return STATUS_NOT_IMPLEMENTED; - } - --static NTSTATUS key_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len ) -+static NTSTATUS key_symmetric_set_auth_data( struct key *key, UCHAR *auth_data, ULONG len ) - { - ERR( "support for keys not available at build time\n" ); - return STATUS_NOT_IMPLEMENTED; - } - --static NTSTATUS key_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, -+static NTSTATUS key_symmetric_encrypt( struct key *key, const UCHAR *input, ULONG input_len, UCHAR *output, - ULONG output_len ) - { - ERR( "support for keys not available at build time\n" ); -@@ -1338,6 +1396,24 @@ static NTSTATUS key_export( struct key *key, const WCHAR *type, UCHAR *output, U - ERR( "support for keys not available at build time\n" ); - return STATUS_NOT_IMPLEMENTED; - } -+ -+static inline BOOL key_is_symmetric( struct key *key ) -+{ -+ ERR( "support for keys not available at build time\n" ); -+ return FALSE; -+} -+ -+static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode ) -+{ -+ *mode = key->u.s.mode; -+ return STATUS_SUCCESS; -+} -+ -+static NTSTATUS key_symmetric_get_blocksize( struct key *key, ULONG *size ) -+{ -+ ERR( "support for keys not available at build time\n" ); -+ return STATUS_NOT_IMPLEMENTED; -+} - #endif - - NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE *handle, -@@ -1359,7 +1435,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_ - - key->hdr.magic = MAGIC_KEY; - -- if ((status = key_init( key, alg, secret, secret_len ))) -+ if ((status = key_symmetric_init( key, alg, secret, secret_len ))) - { - heap_free( key ); - return status; -@@ -1475,19 +1551,30 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp - struct key *key = handle; - ULONG bytes_left = input_len; - UCHAR *buf, *src, *dst; -+ enum mode_id mode; -+ ULONG block_size; - NTSTATUS status; - - TRACE( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len, - padding, iv, iv_len, output, output_len, ret_len, flags ); - - if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE; -+ -+ if (!key_is_symmetric(key)) -+ { -+ FIXME( "encryption with asymmetric keys not yet supported\n"); -+ return STATUS_NOT_IMPLEMENTED; -+ } -+ - if (flags & ~BCRYPT_BLOCK_PADDING) - { - FIXME( "flags %08x not implemented\n", flags ); - return STATUS_NOT_IMPLEMENTED; - } - -- if (key->mode == MODE_ID_GCM) -+ if ((status = key_symmetric_get_mode( key, &mode ))) return status; -+ -+ if (mode == MODE_ID_GCM) - { - BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding; - -@@ -1498,7 +1585,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp - if (auth_info->dwFlags & BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG) - FIXME( "call chaining not implemented\n" ); - -- if ((status = key_set_params( key, auth_info->pbNonce, auth_info->cbNonce ))) -+ if ((status = key_symmetric_set_params( key, auth_info->pbNonce, auth_info->cbNonce ))) - return status; - - *ret_len = input_len; -@@ -1506,44 +1593,45 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp - if (input && !output) return STATUS_SUCCESS; - if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; - -- if (auth_info->pbAuthData && (status = key_set_auth_data( key, auth_info->pbAuthData, auth_info->cbAuthData ))) -+ if (auth_info->pbAuthData && (status = key_symmetric_set_auth_data( key, auth_info->pbAuthData, auth_info->cbAuthData ))) - return status; -- if ((status = key_encrypt( key, input, input_len, output, output_len ))) -+ if ((status = key_symmetric_encrypt( key, input, input_len, output, output_len ))) - return status; - - return key_get_tag( key, auth_info->pbTag, auth_info->cbTag ); - } - -- if ((status = key_set_params( key, iv, iv_len ))) return status; -+ if ((status = key_symmetric_set_params( key, iv, iv_len ))) return status; -+ if ((status = key_symmetric_get_blocksize( key, &block_size ))) return status; - - *ret_len = input_len; - - if (flags & BCRYPT_BLOCK_PADDING) -- *ret_len = (input_len + key->block_size) & ~(key->block_size - 1); -- else if (input_len & (key->block_size - 1)) -+ *ret_len = (input_len + block_size) & ~(block_size - 1); -+ else if (input_len & (block_size - 1)) - return STATUS_INVALID_BUFFER_SIZE; - - if (!output) return STATUS_SUCCESS; - if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; -- if (key->mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER; -+ if (mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER; - - src = input; - dst = output; -- while (bytes_left >= key->block_size) -+ while (bytes_left >= block_size) - { -- if ((status = key_encrypt( key, src, key->block_size, dst, key->block_size ))) return status; -- if (key->mode == MODE_ID_ECB && (status = key_set_params( key, NULL, 0 ))) return status; -- bytes_left -= key->block_size; -- src += key->block_size; -- dst += key->block_size; -+ if ((status = key_symmetric_encrypt( key, src, block_size, dst, block_size ))) return status; -+ if (mode == MODE_ID_ECB && (status = key_symmetric_set_params( key, iv, iv_len ))) return status; -+ bytes_left -= block_size; -+ src += block_size; -+ dst += block_size; - } - - if (flags & BCRYPT_BLOCK_PADDING) - { -- if (!(buf = heap_alloc( key->block_size ))) return STATUS_NO_MEMORY; -+ if (!(buf = heap_alloc( block_size ))) return STATUS_NO_MEMORY; - memcpy( buf, src, bytes_left ); -- memset( buf + bytes_left, key->block_size - bytes_left, key->block_size - bytes_left ); -- status = key_encrypt( key, buf, key->block_size, dst, key->block_size ); -+ memset( buf + bytes_left, block_size - bytes_left, block_size - bytes_left ); -+ status = key_symmetric_encrypt( key, buf, block_size, dst, block_size ); - heap_free( buf ); - } - -@@ -1569,7 +1657,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp - return STATUS_NOT_IMPLEMENTED; - } - -- if (key->mode == MODE_ID_GCM) -+ if (key->u.s.mode == MODE_ID_GCM) - { - BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO *auth_info = padding; - UCHAR tag[16]; -@@ -1579,7 +1667,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp - if (!auth_info->pbTag) return STATUS_INVALID_PARAMETER; - if (auth_info->cbTag < 12 || auth_info->cbTag > 16) return STATUS_INVALID_PARAMETER; - -- if ((status = key_set_params( key, auth_info->pbNonce, auth_info->cbNonce ))) -+ if ((status = key_symmetric_set_params( key, auth_info->pbNonce, auth_info->cbNonce ))) - return status; - - *ret_len = input_len; -@@ -1587,7 +1675,7 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp - if (!output) return STATUS_SUCCESS; - if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; - -- if (auth_info->pbAuthData && (status = key_set_auth_data( key, auth_info->pbAuthData, auth_info->cbAuthData ))) -+ if (auth_info->pbAuthData && (status = key_symmetric_set_auth_data( key, auth_info->pbAuthData, auth_info->cbAuthData ))) - return status; - if ((status = key_decrypt( key, input, input_len, output, output_len ))) - return status; -@@ -1600,42 +1688,42 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp - return STATUS_SUCCESS; - } - -- if ((status = key_set_params( key, iv, iv_len ))) return status; -+ if ((status = key_symmetric_set_params( key, iv, iv_len ))) return status; - - *ret_len = input_len; - -- if (input_len & (key->block_size - 1)) return STATUS_INVALID_BUFFER_SIZE; -+ if (input_len & (key->u.s.block_size - 1)) return STATUS_INVALID_BUFFER_SIZE; - if (!output) return STATUS_SUCCESS; - if (flags & BCRYPT_BLOCK_PADDING) - { -- if (output_len + key->block_size < *ret_len) return STATUS_BUFFER_TOO_SMALL; -- if (input_len < key->block_size) return STATUS_BUFFER_TOO_SMALL; -- bytes_left -= key->block_size; -+ if (output_len + key->u.s.block_size < *ret_len) return STATUS_BUFFER_TOO_SMALL; -+ if (input_len < key->u.s.block_size) return STATUS_BUFFER_TOO_SMALL; -+ bytes_left -= key->u.s.block_size; - } - else if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL; - -- if (key->mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER; -+ if (key->u.s.mode == MODE_ID_ECB && iv) return STATUS_INVALID_PARAMETER; - - src = input; - dst = output; -- while (bytes_left >= key->block_size) -+ while (bytes_left >= key->u.s.block_size) - { -- if ((status = key_decrypt( key, src, key->block_size, dst, key->block_size ))) return status; -- if (key->mode == MODE_ID_ECB && (status = key_set_params( key, NULL, 0 ))) return status; -- bytes_left -= key->block_size; -- src += key->block_size; -- dst += key->block_size; -+ if ((status = key_decrypt( key, src, key->u.s.block_size, dst, key->u.s.block_size ))) return status; -+ if (key->u.s.mode == MODE_ID_ECB && (status = key_symmetric_set_params( key, iv, iv_len ))) return status; -+ bytes_left -= key->u.s.block_size; -+ src += key->u.s.block_size; -+ dst += key->u.s.block_size; - } - - if (flags & BCRYPT_BLOCK_PADDING) - { -- if (!(buf = heap_alloc( key->block_size ))) return STATUS_NO_MEMORY; -- status = key_decrypt( key, src, key->block_size, buf, key->block_size ); -- if (!status && buf[ key->block_size - 1 ] <= key->block_size) -+ if (!(buf = heap_alloc( key->u.s.block_size ))) return STATUS_NO_MEMORY; -+ status = key_decrypt( key, src, key->u.s.block_size, buf, key->u.s.block_size ); -+ if (!status && buf[ key->u.s.block_size - 1 ] <= key->u.s.block_size) - { -- *ret_len -= buf[ key->block_size - 1 ]; -+ *ret_len -= buf[ key->u.s.block_size - 1 ]; - if (output_len < *ret_len) status = STATUS_BUFFER_TOO_SMALL; -- else memcpy( dst, buf, key->block_size - buf[ key->block_size - 1 ] ); -+ else memcpy( dst, buf, key->u.s.block_size - buf[ key->u.s.block_size - 1 ] ); - } - else - status = STATUS_UNSUCCESSFUL; /* FIXME: invalid padding */ --- -2.16.2 - diff --git a/patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch b/patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch deleted file mode 100644 index 04e8fad7..00000000 --- a/patches/bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch +++ /dev/null @@ -1,321 +0,0 @@ -From 02f9996f8a3ebcff59cc3993c579ffc36eafa53f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20M=C3=BCller?= -Date: Fri, 29 Sep 2017 19:18:58 +0200 -Subject: [PATCH] bcrypt: Implement importing of ecdsa keys. - ---- - dlls/bcrypt/bcrypt.spec | 4 +- - dlls/bcrypt/bcrypt_main.c | 160 +++++++++++++++++++++++++++++++++++++++++++-- - dlls/bcrypt/tests/bcrypt.c | 4 +- - include/bcrypt.h | 2 + - 4 files changed, 161 insertions(+), 9 deletions(-) - -diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec -index 28c2394ce45..78824d73b39 100644 ---- a/dlls/bcrypt/bcrypt.spec -+++ b/dlls/bcrypt/bcrypt.spec -@@ -32,7 +32,7 @@ - @ stdcall BCryptHash(ptr ptr long ptr long ptr long) - @ stdcall BCryptHashData(ptr ptr long long) - @ stdcall BCryptImportKey(ptr ptr wstr ptr ptr long ptr long long) --@ stub BCryptImportKeyPair -+@ stdcall BCryptImportKeyPair(ptr ptr wstr ptr ptr long long) - @ stdcall BCryptOpenAlgorithmProvider(ptr wstr wstr long) - @ stub BCryptQueryContextConfiguration - @ stub BCryptQueryContextFunctionConfiguration -@@ -50,7 +50,7 @@ - @ stub BCryptSignHash - @ stub BCryptUnregisterConfigChangeNotify - @ stdcall BCryptUnregisterProvider(wstr) --@ stub BCryptVerifySignature -+@ stdcall BCryptVerifySignature(ptr ptr ptr long ptr long long) - @ stub GetAsymmetricEncryptionInterface - @ stub GetCipherInterface - @ stub GetHashInterface -diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index b1f79d830c2..bae9a4b2663 100644 ---- a/dlls/bcrypt/bcrypt_main.c -+++ b/dlls/bcrypt/bcrypt_main.c -@@ -220,7 +220,9 @@ enum alg_id - ALG_ID_SHA1, - ALG_ID_SHA256, - ALG_ID_SHA384, -- ALG_ID_SHA512 -+ ALG_ID_SHA512, -+ ALG_ID_ECDSA_P256, -+ ALG_ID_ECDSA_P384, - }; - - enum mode_id -@@ -248,7 +250,9 @@ static const struct { - /* ALG_ID_SHA1 */ { 278, 20, 512, BCRYPT_SHA1_ALGORITHM, FALSE }, - /* ALG_ID_SHA256 */ { 286, 32, 512, BCRYPT_SHA256_ALGORITHM, FALSE }, - /* ALG_ID_SHA384 */ { 382, 48, 1024, BCRYPT_SHA384_ALGORITHM, FALSE }, -- /* ALG_ID_SHA512 */ { 382, 64, 1024, BCRYPT_SHA512_ALGORITHM, FALSE } -+ /* ALG_ID_SHA512 */ { 382, 64, 1024, BCRYPT_SHA512_ALGORITHM, FALSE }, -+ /* ALG_ID_ECDSA_P256 */ { 0, 0, 0, BCRYPT_ECDSA_P256_ALGORITHM, FALSE }, -+ /* ALG_ID_ECDSA_P384 */ { 0, 0, 0, BCRYPT_ECDSA_P384_ALGORITHM, FALSE }, - }; - - struct algorithm -@@ -324,6 +328,8 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR - else if (!strcmpW( id, BCRYPT_SHA256_ALGORITHM )) alg_id = ALG_ID_SHA256; - else if (!strcmpW( id, BCRYPT_SHA384_ALGORITHM )) alg_id = ALG_ID_SHA384; - else if (!strcmpW( id, BCRYPT_SHA512_ALGORITHM )) alg_id = ALG_ID_SHA512; -+ else if (!strcmpW( id, BCRYPT_ECDSA_P256_ALGORITHM )) alg_id = ALG_ID_ECDSA_P256; -+ else if (!strcmpW( id, BCRYPT_ECDSA_P384_ALGORITHM )) alg_id = ALG_ID_ECDSA_P384; - else - { - FIXME( "algorithm %s not supported\n", debugstr_w(id) ); -@@ -866,6 +872,12 @@ struct key_symmetric - ULONG secret_len; - }; - -+struct key_asymmetric -+{ -+ UCHAR *pubkey; -+ ULONG pubkey_len; -+}; -+ - struct key - { - struct object hdr; -@@ -873,6 +885,7 @@ struct key - union - { - struct key_symmetric s; -+ struct key_asymmetric a; - } u; - }; - -@@ -887,6 +900,12 @@ struct key_symmetric - ULONG secret_len; - }; - -+struct key_asymmetric -+{ -+ UCHAR *pubkey; -+ ULONG pubkey_len; -+}; -+ - struct key - { - struct object hdr; -@@ -894,6 +913,7 @@ struct key - union - { - struct key_symmetric s; -+ struct key_asymmetric a; - } u; - }; - #else -@@ -986,11 +1006,42 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy ) - } - else - { -- return STATUS_NOT_IMPLEMENTED; -+ if (!(buffer = heap_alloc( key_orig->u.a.pubkey_len ))) return STATUS_NO_MEMORY; -+ memcpy( buffer, key_orig->u.a.pubkey, key_orig->u.a.pubkey_len ); -+ -+ key_copy->u.a.pubkey = buffer; -+ key_copy->u.a.pubkey_len = key_orig->u.a.pubkey_len; - } - - return STATUS_SUCCESS; - } -+ -+static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, const UCHAR *pubkey, ULONG pubkey_len ) -+{ -+ UCHAR *buffer; -+ -+ if (!libgnutls_handle) return STATUS_INTERNAL_ERROR; -+ -+ switch (alg->id) -+ { -+ case ALG_ID_ECDSA_P256: -+ case ALG_ID_ECDSA_P384: -+ break; -+ -+ default: -+ FIXME( "algorithm %u not supported\n", alg->id ); -+ return STATUS_NOT_SUPPORTED; -+ } -+ -+ if (!(buffer = heap_alloc( pubkey_len ))) return STATUS_NO_MEMORY; -+ memcpy( buffer, pubkey, pubkey_len ); -+ -+ key->alg_id = alg->id; -+ key->u.a.pubkey = buffer; -+ key->u.a.pubkey_len = pubkey_len; -+ -+ return STATUS_SUCCESS; -+} - #endif - - #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) -@@ -1170,8 +1221,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) - - static NTSTATUS key_destroy( struct key *key ) - { -- if (key->u.s.handle) pgnutls_cipher_deinit( key->u.s.handle ); -- heap_free( key->u.s.secret ); -+ if(key_is_symmetric(key)) -+ { -+ if (key->u.s.handle) pgnutls_cipher_deinit( key->u.s.handle ); -+ heap_free( key->u.s.secret ); -+ } -+ else -+ heap_free( key->u.a.pubkey ); - heap_free( key ); - return STATUS_SUCCESS; - } -@@ -1341,6 +1397,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons - return STATUS_NOT_IMPLEMENTED; - } - -+static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, const UCHAR *pubkey, ULONG pubkey_len ) -+{ -+ FIXME( "not implemented on Mac\n" ); -+ return STATUS_NOT_IMPLEMENTED; -+} -+ - static NTSTATUS set_key_property( struct key *key, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags ) - { - ERR( "support for keys not available at build time\n" ); -@@ -1403,6 +1465,12 @@ static inline BOOL key_is_symmetric( struct key *key ) - return FALSE; - } - -+static inline BOOL key_is_asymmetric( struct key *key ) -+{ -+ ERR( "support for keys not available at build time\n" ); -+ return FALSE; -+} -+ - static NTSTATUS key_symmetric_get_mode( struct key *key, enum mode_id *mode ) - { - *mode = key->u.s.mode; -@@ -1534,6 +1602,88 @@ NTSTATUS WINAPI BCryptDuplicateKey( BCRYPT_KEY_HANDLE handle, BCRYPT_KEY_HANDLE - return STATUS_SUCCESS; - } - -+NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE decrypt_key, const WCHAR *type, -+ BCRYPT_KEY_HANDLE *ret_key, UCHAR *input, ULONG input_len, ULONG flags ) -+{ -+ struct algorithm *alg = algorithm; -+ NTSTATUS status; -+ struct key *key; -+ -+ TRACE( "%p, %p, %s, %p, %p, %u, %u\n", algorithm, decrypt_key, debugstr_w(type), ret_key, input, input_len, flags ); -+ -+ if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE; -+ if (!ret_key || !type || !input) return STATUS_INVALID_PARAMETER; -+ -+ *ret_key = NULL; -+ -+ if (decrypt_key) -+ { -+ FIXME( "decrypting of key not yet supported\n" ); -+ return STATUS_NOT_IMPLEMENTED; -+ } -+ -+ if (!strcmpW( type, BCRYPT_ECCPUBLIC_BLOB )) -+ { -+ BCRYPT_ECCKEY_BLOB *ecc_blob = (BCRYPT_ECCKEY_BLOB *)input; -+ DWORD key_size, magic; -+ -+ if (input_len < sizeof(*ecc_blob)) -+ return STATUS_INVALID_PARAMETER; -+ -+ switch (alg->id) -+ { -+ case ALG_ID_ECDSA_P256: -+ key_size = 32; -+ magic = BCRYPT_ECDSA_PUBLIC_P256_MAGIC; -+ break; -+ case ALG_ID_ECDSA_P384: -+ key_size = 48; -+ magic = BCRYPT_ECDSA_PUBLIC_P384_MAGIC; -+ break; -+ -+ default: -+ FIXME("Algorithm %d does not yet support importing blob of type: %s\n", alg->id, debugstr_w(type)); -+ return STATUS_NOT_SUPPORTED; -+ } -+ -+ if (ecc_blob->dwMagic != magic) -+ return STATUS_NOT_SUPPORTED; -+ -+ if (ecc_blob->cbKey != key_size) -+ return STATUS_INVALID_PARAMETER; -+ -+ if (!(key = heap_alloc( sizeof(*key) ))) -+ return STATUS_NO_MEMORY; -+ -+ key->hdr.magic = MAGIC_KEY; -+ if ((status = key_asymmetric_init( key, alg, (BYTE *)(ecc_blob + 1), ecc_blob->cbKey * 2 ))) -+ { -+ heap_free( key ); -+ return status; -+ } -+ -+ *ret_key = key; -+ return STATUS_SUCCESS; -+ } -+ -+ FIXME( "unsupported key type %s\n", debugstr_w(type) ); -+ return STATUS_NOT_SUPPORTED; -+} -+ -+NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding, UCHAR *hash, ULONG hash_len, -+ UCHAR *signature, ULONG signature_len, ULONG flags ) -+{ -+ struct key *key = handle; -+ -+ FIXME( "%p, %p, %p, %u, %p, %u, %08x: stub!\n", handle, padding, hash, -+ hash_len, signature, signature_len, flags ); -+ -+ if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE; -+ if (!key_is_asymmetric(key)) return STATUS_NOT_SUPPORTED; -+ -+ return STATUS_NOT_IMPLEMENTED; -+} -+ - NTSTATUS WINAPI BCryptDestroyKey( BCRYPT_KEY_HANDLE handle ) - { - struct key *key = handle; -diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index 57d04882b54..fa244d19249 100644 ---- a/dlls/bcrypt/tests/bcrypt.c -+++ b/dlls/bcrypt/tests/bcrypt.c -@@ -1486,10 +1486,10 @@ static void test_ECDSA(void) - ok(!status, "BCryptImportKeyPair failed: %08x\n", status); - - status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0); -- ok(status == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", status); -+ todo_wine ok(status == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", status); - - status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash), certSignature, sizeof(certSignature), 0); -- ok(!status, "BCryptVerifySignature failed: %08x\n", status); -+ todo_wine ok(!status, "BCryptVerifySignature failed: %08x\n", status); - - pBCryptDestroyKey(key); - pBCryptCloseAlgorithmProvider(alg, 0); -diff --git a/include/bcrypt.h b/include/bcrypt.h -index 717d77c7319..f28b0d395d1 100644 ---- a/include/bcrypt.h -+++ b/include/bcrypt.h -@@ -211,8 +211,10 @@ NTSTATUS WINAPI BCryptGetFipsAlgorithmMode(BOOLEAN *); - NTSTATUS WINAPI BCryptGetProperty(BCRYPT_HANDLE, LPCWSTR, PUCHAR, ULONG, ULONG *, ULONG); - NTSTATUS WINAPI BCryptHash(BCRYPT_ALG_HANDLE, PUCHAR, ULONG, PUCHAR, ULONG, PUCHAR, ULONG); - NTSTATUS WINAPI BCryptHashData(BCRYPT_HASH_HANDLE, PUCHAR, ULONG, ULONG); -+NTSTATUS WINAPI BCryptImportKeyPair(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, BCRYPT_KEY_HANDLE *, UCHAR *, ULONG, ULONG); - NTSTATUS WINAPI BCryptOpenAlgorithmProvider(BCRYPT_ALG_HANDLE *, LPCWSTR, LPCWSTR, ULONG); - NTSTATUS WINAPI BCryptSetProperty(BCRYPT_HANDLE, LPCWSTR, PUCHAR, ULONG, ULONG); - NTSTATUS WINAPI BCryptDuplicateHash(BCRYPT_HASH_HANDLE, BCRYPT_HASH_HANDLE *, UCHAR *, ULONG, ULONG); -+NTSTATUS WINAPI BCryptVerifySignature(BCRYPT_KEY_HANDLE, void *, UCHAR *, ULONG, UCHAR *, ULONG, ULONG); - - #endif /* __WINE_BCRYPT_H */ --- -2.16.2 - diff --git a/patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch b/patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch deleted file mode 100644 index 0b305be7..00000000 --- a/patches/bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch +++ /dev/null @@ -1,457 +0,0 @@ -From 6960c89a6bf588d483211ee16014d6753d682d0e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michael=20M=C3=BCller?= -Date: Fri, 29 Sep 2017 20:31:00 +0200 -Subject: [PATCH] bcrypt: Implement BCryptVerifySignature for ecdsa signatures. - ---- - dlls/bcrypt/bcrypt_main.c | 343 +++++++++++++++++++++++++++++++++++++++++++-- - dlls/bcrypt/tests/bcrypt.c | 4 +- - 2 files changed, 337 insertions(+), 10 deletions(-) - -diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index bae9a4b2663..593a806c612 100644 ---- a/dlls/bcrypt/bcrypt_main.c -+++ b/dlls/bcrypt/bcrypt_main.c -@@ -27,6 +27,7 @@ - #elif defined(HAVE_GNUTLS_CIPHER_INIT) - #include - #include -+#include - #endif - - #include "ntstatus.h" -@@ -50,9 +51,31 @@ static HINSTANCE instance; - #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONCRYPTOR_H) - WINE_DECLARE_DEBUG_CHANNEL(winediag); - -+#if GNUTLS_VERSION_MAJOR < 3 -+#define GNUTLS_CIPHER_AES_192_CBC 92 -+#define GNUTLS_CIPHER_AES_128_GCM 93 -+#define GNUTLS_CIPHER_AES_256_GCM 94 -+#define GNUTLS_PK_ECC 4 -+ -+typedef enum -+{ -+ GNUTLS_ECC_CURVE_INVALID = 0, -+ GNUTLS_ECC_CURVE_SECP224R1, -+ GNUTLS_ECC_CURVE_SECP256R1, -+ GNUTLS_ECC_CURVE_SECP384R1, -+ GNUTLS_ECC_CURVE_SECP521R1, -+} gnutls_ecc_curve_t; -+#endif -+ - /* Not present in gnutls version < 3.0 */ - static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t handle, void * tag, size_t tag_size); - static int (*pgnutls_cipher_add_auth)(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size); -+static int (*pgnutls_pubkey_import_ecc_raw)(gnutls_pubkey_t key, gnutls_ecc_curve_t curve, -+ const gnutls_datum_t *x, const gnutls_datum_t *y); -+static gnutls_sign_algorithm_t (*pgnutls_pk_to_sign)(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash); -+static int (*pgnutls_pubkey_verify_hash2)(gnutls_pubkey_t key, gnutls_sign_algorithm_t algo, -+ unsigned int flags, const gnutls_datum_t *hash, -+ const gnutls_datum_t *signature); - - static void *libgnutls_handle; - #define MAKE_FUNCPTR(f) static typeof(f) * p##f -@@ -65,14 +88,10 @@ MAKE_FUNCPTR(gnutls_global_init); - MAKE_FUNCPTR(gnutls_global_set_log_function); - MAKE_FUNCPTR(gnutls_global_set_log_level); - MAKE_FUNCPTR(gnutls_perror); -+MAKE_FUNCPTR(gnutls_pubkey_init); -+MAKE_FUNCPTR(gnutls_pubkey_deinit); - #undef MAKE_FUNCPTR - --#if GNUTLS_VERSION_MAJOR < 3 --#define GNUTLS_CIPHER_AES_192_CBC 92 --#define GNUTLS_CIPHER_AES_128_GCM 93 --#define GNUTLS_CIPHER_AES_256_GCM 94 --#endif -- - static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, size_t tag_size) - { - return GNUTLS_E_UNKNOWN_CIPHER_TYPE; -@@ -83,6 +102,24 @@ static int compat_gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void * - return GNUTLS_E_UNKNOWN_CIPHER_TYPE; - } - -+static int compat_gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, gnutls_ecc_curve_t curve, -+ const gnutls_datum_t *x, const gnutls_datum_t *y) -+{ -+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE; -+} -+ -+static gnutls_sign_algorithm_t compat_gnutls_pk_to_sign(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash) -+{ -+ return GNUTLS_SIGN_UNKNOWN; -+} -+ -+static int compat_gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, gnutls_sign_algorithm_t algo, -+ unsigned int flags, const gnutls_datum_t *hash, -+ const gnutls_datum_t *signature) -+{ -+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE; -+} -+ - static void gnutls_log( int level, const char *msg ) - { - TRACE( "<%d> %s", level, msg ); -@@ -114,6 +151,8 @@ static BOOL gnutls_initialize(void) - LOAD_FUNCPTR(gnutls_global_set_log_function) - LOAD_FUNCPTR(gnutls_global_set_log_level) - LOAD_FUNCPTR(gnutls_perror) -+ LOAD_FUNCPTR(gnutls_pubkey_init); -+ LOAD_FUNCPTR(gnutls_pubkey_deinit); - #undef LOAD_FUNCPTR - - if (!(pgnutls_cipher_tag = wine_dlsym( libgnutls_handle, "gnutls_cipher_tag", NULL, 0 ))) -@@ -132,6 +171,21 @@ static BOOL gnutls_initialize(void) - pgnutls_perror( ret ); - goto fail; - } -+ if (!(pgnutls_pubkey_import_ecc_raw = wine_dlsym( libgnutls_handle, "gnutls_pubkey_import_ecc_raw", NULL, 0 ))) -+ { -+ WARN("gnutls_pubkey_import_ecc_raw not found\n"); -+ pgnutls_pubkey_import_ecc_raw = compat_gnutls_pubkey_import_ecc_raw; -+ } -+ if (!(pgnutls_pk_to_sign = wine_dlsym( libgnutls_handle, "gnutls_pk_to_sign", NULL, 0 ))) -+ { -+ WARN("gnutls_pk_to_sign not found\n"); -+ pgnutls_pk_to_sign = compat_gnutls_pk_to_sign; -+ } -+ if (!(pgnutls_pubkey_verify_hash2 = wine_dlsym( libgnutls_handle, "gnutls_pubkey_verify_hash2", NULL, 0 ))) -+ { -+ WARN("gnutls_pubkey_verify_hash2 not found\n"); -+ pgnutls_pubkey_verify_hash2 = compat_gnutls_pubkey_verify_hash2; -+ } - - if (TRACE_ON( bcrypt )) - { -@@ -1219,6 +1273,264 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) - return STATUS_SUCCESS; - } - -+struct buffer -+{ -+ BYTE *buffer; -+ DWORD length; -+ DWORD pos; -+ BOOL error; -+}; -+ -+static void buffer_init( struct buffer *buffer ) -+{ -+ buffer->buffer = NULL; -+ buffer->length = 0; -+ buffer->pos = 0; -+ buffer->error = FALSE; -+} -+ -+static void buffer_free( struct buffer *buffer ) -+{ -+ HeapFree( GetProcessHeap(), 0, buffer->buffer ); -+} -+ -+static void buffer_append( struct buffer *buffer, BYTE *data, DWORD len ) -+{ -+ if (!len) return; -+ -+ if (buffer->pos + len > buffer->length) -+ { -+ DWORD new_length = max( max( buffer->pos + len, buffer->length * 2 ), 64 ); -+ BYTE *new_buffer; -+ -+ if (buffer->buffer) -+ new_buffer = HeapReAlloc( GetProcessHeap(), 0, buffer->buffer, new_length ); -+ else -+ new_buffer = HeapAlloc( GetProcessHeap(), 0, new_length ); -+ -+ if (!new_buffer) -+ { -+ ERR( "out of memory\n" ); -+ buffer->error = TRUE; -+ return; -+ } -+ -+ buffer->buffer = new_buffer; -+ buffer->length = new_length; -+ } -+ -+ memcpy( &buffer->buffer[buffer->pos], data, len ); -+ buffer->pos += len; -+} -+ -+static void buffer_append_byte( struct buffer *buffer, BYTE value ) -+{ -+ buffer_append( buffer, &value, sizeof(value) ); -+} -+ -+static void buffer_append_asn1_length( struct buffer *buffer, DWORD length ) -+{ -+ DWORD num_bytes; -+ -+ if (length < 128) -+ { -+ buffer_append_byte( buffer, length ); -+ return; -+ } -+ -+ if (length <= 0xff) num_bytes = 1; -+ else if (length <= 0xffff) num_bytes = 2; -+ else if (length <= 0xffffff) num_bytes = 3; -+ else num_bytes = 4; -+ -+ buffer_append_byte( buffer, 0x80 | num_bytes ); -+ while (num_bytes--) -+ buffer_append_byte( buffer, length >> (num_bytes * 8) ); -+} -+ -+static void buffer_append_asn1_integer( struct buffer *buffer, BYTE *data, DWORD len ) -+{ -+ DWORD leading_zero = (*data & 0x80) != 0; -+ -+ buffer_append_byte( buffer, 0x02 ); /* tag */ -+ buffer_append_asn1_length( buffer, len + leading_zero ); -+ if (leading_zero) buffer_append_byte( buffer, 0 ); -+ buffer_append( buffer, data, len ); -+} -+ -+static void buffer_append_asn1_sequence( struct buffer *buffer, struct buffer *content ) -+{ -+ if (content->error) -+ { -+ buffer->error = TRUE; -+ return; -+ } -+ -+ buffer_append_byte( buffer, 0x30 ); /* tag */ -+ buffer_append_asn1_length( buffer, content->pos ); -+ buffer_append( buffer, content->buffer, content->pos ); -+} -+ -+static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len, BYTE *s, DWORD s_len ) -+{ -+ struct buffer value; -+ -+ buffer_init( &value ); -+ buffer_append_asn1_integer( &value, r, r_len ); -+ buffer_append_asn1_integer( &value, s, s_len ); -+ buffer_append_asn1_sequence( buffer, &value ); -+ buffer_free( &value ); -+} -+ -+static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnutls_key ) -+{ -+ gnutls_ecc_curve_t curve; -+ gnutls_datum_t x, y; -+ int ret; -+ -+ switch (key->alg_id) -+ { -+ case ALG_ID_ECDSA_P256: curve = GNUTLS_ECC_CURVE_SECP256R1; break; -+ case ALG_ID_ECDSA_P384: curve = GNUTLS_ECC_CURVE_SECP384R1; break; -+ -+ default: -+ FIXME( "Algorithm %d not yet supported\n", key->alg_id ); -+ return STATUS_NOT_IMPLEMENTED; -+ } -+ -+ if ((ret = pgnutls_pubkey_init( gnutls_key ))) -+ { -+ pgnutls_perror( ret ); -+ return STATUS_INTERNAL_ERROR; -+ } -+ -+ x.data = key->u.a.pubkey; -+ x.size = key->u.a.pubkey_len / 2; -+ y.data = key->u.a.pubkey + x.size; -+ y.size = x.size; -+ -+ if ((ret = pgnutls_pubkey_import_ecc_raw( *gnutls_key, curve, &x, &y ))) -+ { -+ pgnutls_perror( ret ); -+ pgnutls_pubkey_deinit( *gnutls_key ); -+ return STATUS_INTERNAL_ERROR; -+ } -+ -+ return STATUS_SUCCESS; -+} -+ -+static NTSTATUS import_gnutls_pubkey( struct key *key, gnutls_pubkey_t *gnutls_key) -+{ -+ switch (key->alg_id) -+ { -+ case ALG_ID_ECDSA_P256: -+ case ALG_ID_ECDSA_P384: -+ return import_gnutls_pubkey_ecc( key, gnutls_key ); -+ -+ default: -+ FIXME("Algorithm %d not yet supported\n", key->alg_id); -+ return STATUS_NOT_IMPLEMENTED; -+ } -+} -+ -+static NTSTATUS prepare_gnutls_signature_ecc( struct key *key, UCHAR *signature, ULONG signature_len, -+ gnutls_datum_t *gnutls_signature ) -+{ -+ struct buffer buffer; -+ DWORD r_len = signature_len / 2; -+ DWORD s_len = r_len; -+ BYTE *r = signature; -+ BYTE *s = signature + r_len; -+ -+ buffer_init( &buffer ); -+ buffer_append_asn1_r_s( &buffer, r, r_len, s, s_len ); -+ if (buffer.error) -+ { -+ buffer_free( &buffer ); -+ return STATUS_NO_MEMORY; -+ } -+ -+ gnutls_signature->data = buffer.buffer; -+ gnutls_signature->size = buffer.pos; -+ return STATUS_SUCCESS; -+} -+ -+static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULONG signature_len, -+ gnutls_datum_t *gnutls_signature ) -+{ -+ switch (key->alg_id) -+ { -+ case ALG_ID_ECDSA_P256: -+ case ALG_ID_ECDSA_P384: -+ return prepare_gnutls_signature_ecc( key, signature, signature_len, gnutls_signature ); -+ -+ default: -+ FIXME( "Algorithm %d not yet supported\n", key->alg_id ); -+ return STATUS_NOT_IMPLEMENTED; -+ } -+} -+ -+static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *hash, ULONG hash_len, -+ UCHAR *signature, ULONG signature_len, DWORD flags ) -+{ -+ gnutls_digest_algorithm_t hash_algo; -+ gnutls_sign_algorithm_t sign_algo; -+ gnutls_datum_t gnutls_hash, gnutls_signature; -+ gnutls_pk_algorithm_t pk_algo; -+ gnutls_pubkey_t gnutls_key; -+ NTSTATUS status; -+ int ret; -+ -+ if (flags) -+ FIXME( "Flags %08x not supported\n", flags ); -+ -+ /* only the hash size must match, not the actual hash function */ -+ switch (hash_len) -+ { -+ case 32: hash_algo = GNUTLS_DIG_SHA256; break; -+ case 48: hash_algo = GNUTLS_DIG_SHA384; break; -+ -+ default: -+ FIXME( "Hash size %u not yet supported\n", hash_len ); -+ return STATUS_INVALID_SIGNATURE; -+ } -+ -+ switch (key->alg_id) -+ { -+ case ALG_ID_ECDSA_P256: -+ case ALG_ID_ECDSA_P384: -+ pk_algo = GNUTLS_PK_ECC; -+ break; -+ -+ default: -+ FIXME( "Algorithm %d not yet supported\n", key->alg_id ); -+ return STATUS_NOT_IMPLEMENTED; -+ } -+ -+ if ((sign_algo = pgnutls_pk_to_sign( pk_algo, hash_algo )) == GNUTLS_SIGN_UNKNOWN) -+ { -+ FIXME("Gnutls does not support algorithm %d with hash len %u\n", key->alg_id, hash_len); -+ return STATUS_NOT_IMPLEMENTED; -+ } -+ -+ if ((status = import_gnutls_pubkey( key, &gnutls_key ))) -+ return status; -+ -+ if ((status = prepare_gnutls_signature( key, signature, signature_len, &gnutls_signature ))) -+ { -+ pgnutls_pubkey_deinit( gnutls_key ); -+ return status; -+ } -+ -+ gnutls_hash.data = hash; -+ gnutls_hash.size = hash_len; -+ ret = pgnutls_pubkey_verify_hash2( gnutls_key, sign_algo, 0, &gnutls_hash, &gnutls_signature ); -+ -+ HeapFree( GetProcessHeap(), 0, gnutls_signature.data ); -+ pgnutls_pubkey_deinit( gnutls_key ); -+ return (ret < 0) ? STATUS_INVALID_SIGNATURE : STATUS_SUCCESS; -+} -+ - static NTSTATUS key_destroy( struct key *key ) - { - if(key_is_symmetric(key)) -@@ -1382,6 +1694,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) - return STATUS_NOT_IMPLEMENTED; - } - -+static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *hash, ULONG hash_len, -+ UCHAR *signature, ULONG signature_len, DWORD flags ) -+{ -+ FIXME( "not implemented on Mac\n" ); -+ return STATUS_NOT_IMPLEMENTED; -+} -+ - static NTSTATUS key_destroy( struct key *key ) - { - iif (key->u.s.ref_encrypt) CCCryptorRelease( key->u.s.ref_encrypt ); -@@ -1447,6 +1766,13 @@ static NTSTATUS key_get_tag( struct key *key, UCHAR *tag, ULONG len ) - return STATUS_NOT_IMPLEMENTED; - } - -+static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *hash, ULONG hash_len, -+ UCHAR *signature, ULONG signature_len, DWORD flags ) -+{ -+ ERR( "support for keys not available at build time\n" ); -+ return STATUS_NOT_IMPLEMENTED; -+} -+ - static NTSTATUS key_destroy( struct key *key ) - { - ERR( "support for keys not available at build time\n" ); -@@ -1675,13 +2001,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding, - { - struct key *key = handle; - -- FIXME( "%p, %p, %p, %u, %p, %u, %08x: stub!\n", handle, padding, hash, -+ TRACE( "%p, %p, %p, %u, %p, %u, %08x\n", handle, padding, hash, - hash_len, signature, signature_len, flags ); - - if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE; -+ if (!hash || !hash_len || !signature || !signature_len) return STATUS_INVALID_PARAMETER; - if (!key_is_asymmetric(key)) return STATUS_NOT_SUPPORTED; - -- return STATUS_NOT_IMPLEMENTED; -+ return key_asymmetric_verify( key, padding, hash, hash_len, signature, signature_len, flags ); - } - - NTSTATUS WINAPI BCryptDestroyKey( BCRYPT_KEY_HANDLE handle ) -diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index fa244d19249..57d04882b54 100644 ---- a/dlls/bcrypt/tests/bcrypt.c -+++ b/dlls/bcrypt/tests/bcrypt.c -@@ -1486,10 +1486,10 @@ static void test_ECDSA(void) - ok(!status, "BCryptImportKeyPair failed: %08x\n", status); - - status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0); -- todo_wine ok(status == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", status); -+ ok(status == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", status); - - status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash), certSignature, sizeof(certSignature), 0); -- todo_wine ok(!status, "BCryptVerifySignature failed: %08x\n", status); -+ ok(!status, "BCryptVerifySignature failed: %08x\n", status); - - pBCryptDestroyKey(key); - pBCryptCloseAlgorithmProvider(alg, 0); --- -2.16.2 - diff --git a/patches/bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch b/patches/bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch deleted file mode 100644 index b78bf467..00000000 --- a/patches/bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch +++ /dev/null @@ -1,296 +0,0 @@ -From 26c14820b2293bf466191b655a515ddfb0814f55 Mon Sep 17 00:00:00 2001 -From: Kimmo Myllyvirta -Date: Tue, 10 Oct 2017 16:40:41 +0300 -Subject: [PATCH] bcrypt: Initial implementation for RSA key import and - signature verification. - ---- - dlls/bcrypt/bcrypt_main.c | 128 ++++++++++++++++++++++++++++++++++++++++++---- - include/bcrypt.h | 17 ++++++ - 2 files changed, 135 insertions(+), 10 deletions(-) - -diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index 593a806c612..e30e52b8b68 100644 ---- a/dlls/bcrypt/bcrypt_main.c -+++ b/dlls/bcrypt/bcrypt_main.c -@@ -77,6 +77,9 @@ static int (*pgnutls_pubkey_verify_hash2)(gnutls_pubkey_t key, gnutls_sign_algor - unsigned int flags, const gnutls_datum_t *hash, - const gnutls_datum_t *signature); - -+/* Not present in gnutls version < 2.11.0 */ -+static int (*pgnutls_pubkey_import_rsa_raw)(gnutls_pubkey_t key, const gnutls_datum_t *m, const gnutls_datum_t *e); -+ - static void *libgnutls_handle; - #define MAKE_FUNCPTR(f) static typeof(f) * p##f - MAKE_FUNCPTR(gnutls_cipher_decrypt2); -@@ -120,6 +123,11 @@ static int compat_gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, gnutls_sign_al - return GNUTLS_E_UNKNOWN_CIPHER_TYPE; - } - -+static int compat_gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, const gnutls_datum_t *m, const gnutls_datum_t *e) -+{ -+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE; -+} -+ - static void gnutls_log( int level, const char *msg ) - { - TRACE( "<%d> %s", level, msg ); -@@ -186,6 +194,11 @@ static BOOL gnutls_initialize(void) - WARN("gnutls_pubkey_verify_hash2 not found\n"); - pgnutls_pubkey_verify_hash2 = compat_gnutls_pubkey_verify_hash2; - } -+ if (!(pgnutls_pubkey_import_rsa_raw = wine_dlsym( libgnutls_handle, "gnutls_pubkey_import_rsa_raw", NULL, 0 ))) -+ { -+ WARN("gnutls_pubkey_import_rsa_raw not found\n"); -+ pgnutls_pubkey_import_rsa_raw = compat_gnutls_pubkey_import_rsa_raw; -+ } - - if (TRACE_ON( bcrypt )) - { -@@ -271,6 +284,7 @@ enum alg_id - ALG_ID_MD4, - ALG_ID_MD5, - ALG_ID_RNG, -+ ALG_ID_RSA, - ALG_ID_SHA1, - ALG_ID_SHA256, - ALG_ID_SHA384, -@@ -301,6 +315,7 @@ static const struct { - /* ALG_ID_MD4 */ { 270, 16, 512, BCRYPT_MD4_ALGORITHM, FALSE }, - /* ALG_ID_MD5 */ { 274, 16, 512, BCRYPT_MD5_ALGORITHM, FALSE }, - /* ALG_ID_RNG */ { 0, 0, 0, BCRYPT_RNG_ALGORITHM, FALSE }, -+ /* ALG_ID_RSA */ { 0, 0, 0, BCRYPT_RSA_ALGORITHM, FALSE }, - /* ALG_ID_SHA1 */ { 278, 20, 512, BCRYPT_SHA1_ALGORITHM, FALSE }, - /* ALG_ID_SHA256 */ { 286, 32, 512, BCRYPT_SHA256_ALGORITHM, FALSE }, - /* ALG_ID_SHA384 */ { 382, 48, 1024, BCRYPT_SHA384_ALGORITHM, FALSE }, -@@ -378,6 +393,7 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR - else if (!strcmpW( id, BCRYPT_MD4_ALGORITHM )) alg_id = ALG_ID_MD4; - else if (!strcmpW( id, BCRYPT_MD5_ALGORITHM )) alg_id = ALG_ID_MD5; - else if (!strcmpW( id, BCRYPT_RNG_ALGORITHM )) alg_id = ALG_ID_RNG; -+ else if (!strcmpW( id, BCRYPT_RSA_ALGORITHM )) alg_id = ALG_ID_RSA; - else if (!strcmpW( id, BCRYPT_SHA1_ALGORITHM )) alg_id = ALG_ID_SHA1; - else if (!strcmpW( id, BCRYPT_SHA256_ALGORITHM )) alg_id = ALG_ID_SHA256; - else if (!strcmpW( id, BCRYPT_SHA384_ALGORITHM )) alg_id = ALG_ID_SHA384; -@@ -1080,6 +1096,7 @@ static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, con - { - case ALG_ID_ECDSA_P256: - case ALG_ID_ECDSA_P384: -+ case ALG_ID_RSA: - break; - - default: -@@ -1419,6 +1436,34 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut - return STATUS_SUCCESS; - } - -+static NTSTATUS import_gnutls_pubkey_rsa( struct key *key, gnutls_pubkey_t *gnutls_key ) -+{ -+ BCRYPT_RSAKEY_BLOB *rsa_blob; -+ gnutls_datum_t m, e; -+ int ret; -+ -+ if ((ret = pgnutls_pubkey_init( gnutls_key ))) -+ { -+ pgnutls_perror( ret ); -+ return STATUS_INTERNAL_ERROR; -+ } -+ -+ rsa_blob = (BCRYPT_RSAKEY_BLOB *)key->u.a.pubkey; -+ e.data = key->u.a.pubkey + sizeof(*rsa_blob); -+ e.size = rsa_blob->cbPublicExp; -+ m.data = key->u.a.pubkey + sizeof(*rsa_blob) + rsa_blob->cbPublicExp; -+ m.size = rsa_blob->cbModulus; -+ -+ if ((ret = pgnutls_pubkey_import_rsa_raw( *gnutls_key, &m, &e ))) -+ { -+ pgnutls_perror( ret ); -+ pgnutls_pubkey_deinit( *gnutls_key ); -+ return STATUS_INTERNAL_ERROR; -+ } -+ -+ return STATUS_SUCCESS; -+} -+ - static NTSTATUS import_gnutls_pubkey( struct key *key, gnutls_pubkey_t *gnutls_key) - { - switch (key->alg_id) -@@ -1426,6 +1471,8 @@ static NTSTATUS import_gnutls_pubkey( struct key *key, gnutls_pubkey_t *gnutls_ - case ALG_ID_ECDSA_P256: - case ALG_ID_ECDSA_P384: - return import_gnutls_pubkey_ecc( key, gnutls_key ); -+ case ALG_ID_RSA: -+ return import_gnutls_pubkey_rsa( key, gnutls_key ); - - default: - FIXME("Algorithm %d not yet supported\n", key->alg_id); -@@ -1455,6 +1502,14 @@ static NTSTATUS prepare_gnutls_signature_ecc( struct key *key, UCHAR *signature, - return STATUS_SUCCESS; - } - -+static NTSTATUS prepare_gnutls_signature_rsa( struct key *key, UCHAR *signature, ULONG signature_len, -+ gnutls_datum_t *gnutls_signature ) -+{ -+ gnutls_signature->data = signature; -+ gnutls_signature->size = signature_len; -+ return STATUS_SUCCESS; -+} -+ - static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULONG signature_len, - gnutls_datum_t *gnutls_signature ) - { -@@ -1463,6 +1518,8 @@ static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULO - case ALG_ID_ECDSA_P256: - case ALG_ID_ECDSA_P384: - return prepare_gnutls_signature_ecc( key, signature, signature_len, gnutls_signature ); -+ case ALG_ID_RSA: -+ return prepare_gnutls_signature_rsa( key, signature, signature_len, gnutls_signature ); - - default: - FIXME( "Algorithm %d not yet supported\n", key->alg_id ); -@@ -1481,18 +1538,38 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha - NTSTATUS status; - int ret; - -- if (flags) -- FIXME( "Flags %08x not supported\n", flags ); -+ if (key->alg_id == ALG_ID_RSA) -+ { -+ BCRYPT_PKCS1_PADDING_INFO *pinfo = (BCRYPT_PKCS1_PADDING_INFO *)padding; -+ -+ if (!(flags & BCRYPT_PAD_PKCS1) || !pinfo) return STATUS_INVALID_PARAMETER; -+ if (!pinfo->pszAlgId) return STATUS_INVALID_SIGNATURE; - -- /* only the hash size must match, not the actual hash function */ -- switch (hash_len) -+ if (!strcmpW( pinfo->pszAlgId, BCRYPT_SHA1_ALGORITHM )) hash_algo = GNUTLS_DIG_SHA1; -+ else if (!strcmpW( pinfo->pszAlgId, BCRYPT_SHA256_ALGORITHM )) hash_algo = GNUTLS_DIG_SHA256; -+ else if (!strcmpW( pinfo->pszAlgId, BCRYPT_SHA384_ALGORITHM )) hash_algo = GNUTLS_DIG_SHA384; -+ else if (!strcmpW( pinfo->pszAlgId, BCRYPT_SHA512_ALGORITHM )) hash_algo = GNUTLS_DIG_SHA512; -+ else -+ { -+ FIXME( "Hash algorithm %s not supported\n", debugstr_w(pinfo->pszAlgId) ); -+ return STATUS_NOT_SUPPORTED; -+ } -+ } -+ else - { -- case 32: hash_algo = GNUTLS_DIG_SHA256; break; -- case 48: hash_algo = GNUTLS_DIG_SHA384; break; -+ if (flags) -+ FIXME( "Flags %08x not supported\n", flags ); - -- default: -- FIXME( "Hash size %u not yet supported\n", hash_len ); -- return STATUS_INVALID_SIGNATURE; -+ /* only the hash size must match, not the actual hash function */ -+ switch (hash_len) -+ { -+ case 32: hash_algo = GNUTLS_DIG_SHA256; break; -+ case 48: hash_algo = GNUTLS_DIG_SHA384; break; -+ -+ default: -+ FIXME( "Hash size %u not yet supported\n", hash_len ); -+ return STATUS_INVALID_SIGNATURE; -+ } - } - - switch (key->alg_id) -@@ -1501,6 +1578,9 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha - case ALG_ID_ECDSA_P384: - pk_algo = GNUTLS_PK_ECC; - break; -+ case ALG_ID_RSA: -+ pk_algo = GNUTLS_PK_RSA; -+ break; - - default: - FIXME( "Algorithm %d not yet supported\n", key->alg_id ); -@@ -1526,7 +1606,8 @@ static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *ha - gnutls_hash.size = hash_len; - ret = pgnutls_pubkey_verify_hash2( gnutls_key, sign_algo, 0, &gnutls_hash, &gnutls_signature ); - -- HeapFree( GetProcessHeap(), 0, gnutls_signature.data ); -+ if (gnutls_signature.data != signature) -+ HeapFree( GetProcessHeap(), 0, gnutls_signature.data ); - pgnutls_pubkey_deinit( gnutls_key ); - return (ret < 0) ? STATUS_INVALID_SIGNATURE : STATUS_SUCCESS; - } -@@ -1991,6 +2072,33 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN - *ret_key = key; - return STATUS_SUCCESS; - } -+ else if (!strcmpW( type, BCRYPT_RSAPUBLIC_BLOB )) -+ { -+ BCRYPT_RSAKEY_BLOB *rsa_blob = (BCRYPT_RSAKEY_BLOB *)input; -+ -+ if (input_len < sizeof(*rsa_blob)) -+ return STATUS_INVALID_PARAMETER; -+ -+ if (alg->id != ALG_ID_RSA) -+ return STATUS_NOT_SUPPORTED; -+ -+ if (rsa_blob->Magic != BCRYPT_RSAPUBLIC_MAGIC) -+ return STATUS_NOT_SUPPORTED; -+ -+ if (!(key = HeapAlloc( GetProcessHeap(), 0, sizeof(*key) ))) -+ return STATUS_NO_MEMORY; -+ -+ key->hdr.magic = MAGIC_KEY; -+ if ((status = key_asymmetric_init( key, alg, (BYTE *)rsa_blob, -+ sizeof(*rsa_blob) + rsa_blob->cbPublicExp + rsa_blob->cbModulus ))) -+ { -+ HeapFree( GetProcessHeap(), 0, key ); -+ return status; -+ } -+ -+ *ret_key = key; -+ return STATUS_SUCCESS; -+ } - - FIXME( "unsupported key type %s\n", debugstr_w(type) ); - return STATUS_NOT_SUPPORTED; -diff --git a/include/bcrypt.h b/include/bcrypt.h -index f28b0d395d1..df54f621fa7 100644 ---- a/include/bcrypt.h -+++ b/include/bcrypt.h -@@ -63,6 +63,8 @@ typedef LONG NTSTATUS; - #define BCRYPT_AES_WRAP_KEY_BLOB (const WCHAR []){'R','f','c','3','5','6','5','K','e','y','W','r','a','p','B','l','o','b',0} - #define BCRYPT_ECCPUBLIC_BLOB (const WCHAR []){'E','C','C','P','U','B','L','I','C','B','L','O','B',0} - #define BCRYPT_ECCPRIVATE_BLOB (const WCHAR []){'E','C','C','P','R','I','V','A','T','E','B','L','O','B',0} -+#define BCRYPT_RSAPUBLIC_BLOB (const WCHAR []){'R','S','A','P','U','B','L','I','C','B','L','O','B',0} -+#define BCRYPT_RSAPRIVATE_BLOB (const WCHAR []){'R','S','A','P','R','I','V','A','T','E','B','L','O','B',0} - - #define MS_PRIMITIVE_PROVIDER (const WCHAR [])\ - {'M','i','c','r','o','s','o','f','t',' ','P','r','i','m','i','t','i','v','e',' ','P','r','o','v','i','d','e','r',0} -@@ -74,6 +76,7 @@ typedef LONG NTSTATUS; - #define BCRYPT_MD4_ALGORITHM (const WCHAR []){'M','D','4',0} - #define BCRYPT_MD5_ALGORITHM (const WCHAR []){'M','D','5',0} - #define BCRYPT_RNG_ALGORITHM (const WCHAR []){'R','N','G',0} -+#define BCRYPT_RSA_ALGORITHM (const WCHAR []){'R','S','A',0} - #define BCRYPT_SHA1_ALGORITHM (const WCHAR []){'S','H','A','1',0} - #define BCRYPT_SHA256_ALGORITHM (const WCHAR []){'S','H','A','2','5','6',0} - #define BCRYPT_SHA384_ALGORITHM (const WCHAR []){'S','H','A','3','8','4',0} -@@ -133,6 +136,20 @@ typedef struct _BCRYPT_ECCKEY_BLOB - ULONG cbKey; - } BCRYPT_ECCKEY_BLOB, *PBCRYPT_ECCKEY_BLOB; - -+#define BCRYPT_RSAPUBLIC_MAGIC 0x31415352 -+#define BCRYPT_RSAPRIVATE_MAGIC 0x32415352 -+#define BCRYPT_RSAFULLPRIVATE_MAGIC 0x33415352 -+ -+typedef struct _BCRYPT_RSAKEY_BLOB -+{ -+ ULONG Magic; -+ ULONG BitLength; -+ ULONG cbPublicExp; -+ ULONG cbModulus; -+ ULONG cbPrime1; -+ ULONG cbPrime2; -+} BCRYPT_RSAKEY_BLOB; -+ - typedef struct _BCRYPT_PKCS1_PADDING_INFO - { - LPCWSTR pszAlgId; --- -2.16.2 - diff --git a/patches/bcrypt-Improvements/0036-bcrypt-tests-Add-simple-test-for-RSA.patch b/patches/bcrypt-Improvements/0036-bcrypt-tests-Add-simple-test-for-RSA.patch deleted file mode 100644 index b07d7aae..00000000 --- a/patches/bcrypt-Improvements/0036-bcrypt-tests-Add-simple-test-for-RSA.patch +++ /dev/null @@ -1,129 +0,0 @@ -From fef95e1d96adc99a5767328c4b0b85f68a1e9af3 Mon Sep 17 00:00:00 2001 -From: Kimmo Myllyvirta -Date: Tue, 10 Oct 2017 16:41:09 +0300 -Subject: [PATCH] bcrypt/tests: Add simple test for RSA. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Based on patch from Bernhard Übelacker. ---- - dlls/bcrypt/tests/bcrypt.c | 95 ++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 95 insertions(+) - -diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c -index 57d04882b54..7d59f6d4c1d 100644 ---- a/dlls/bcrypt/tests/bcrypt.c -+++ b/dlls/bcrypt/tests/bcrypt.c -@@ -1495,6 +1495,100 @@ static void test_ECDSA(void) - pBCryptCloseAlgorithmProvider(alg, 0); - } - -+static UCHAR rsaPublicBlob[] = -+{ -+ 0x52, 0x53, 0x41, 0x31, 0x00, 0x08, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0xad, 0x41, 0x09, 0xa2, 0x56, -+ 0x3a, 0x7b, 0x75, 0x4b, 0x72, 0x9b, 0x28, 0x72, 0x3b, 0xae, 0x9f, 0xd8, 0xa8, 0x25, 0x4a, 0x4c, -+ 0x19, 0xf5, 0xa6, 0xd0, 0x05, 0x1c, 0x59, 0x8f, 0xe3, 0xf3, 0x2d, 0x29, 0x47, 0xf8, 0x80, 0x25, -+ 0x25, 0x21, 0x58, 0xc2, 0xac, 0xa1, 0x9e, 0x93, 0x8e, 0x82, 0x6d, 0xd7, 0xf3, 0xe7, 0x8f, 0x0b, -+ 0xc0, 0x41, 0x85, 0x29, 0x3c, 0xf1, 0x0b, 0x2c, 0x5d, 0x49, 0xed, 0xb4, 0x30, 0x6e, 0x02, 0x15, -+ 0x4b, 0x9a, 0x08, 0x0d, 0xe1, 0x6f, 0xa8, 0xd3, 0x12, 0xab, 0x66, 0x48, 0x4d, 0xd9, 0x28, 0x03, -+ 0x6c, 0x9d, 0x44, 0x7a, 0xed, 0xc9, 0x43, 0x4f, 0x9d, 0x4e, 0x3c, 0x7d, 0x0e, 0xff, 0x07, 0x87, -+ 0xeb, 0xca, 0xca, 0x65, 0x6d, 0xbe, 0xc5, 0x31, 0x8b, 0xcc, 0x7e, 0x0a, 0x71, 0x4a, 0x4d, 0x9d, -+ 0x3d, 0xfd, 0x7a, 0x56, 0x32, 0x8a, 0x6c, 0x6d, 0x9d, 0x2a, 0xd9, 0x8e, 0x68, 0x89, 0x63, 0xc6, -+ 0x4f, 0x24, 0xd1, 0x2a, 0x72, 0x69, 0x08, 0x77, 0xa0, 0x7f, 0xfe, 0xc6, 0x33, 0x8d, 0xb4, 0x7d, -+ 0x73, 0x91, 0x13, 0x9c, 0x47, 0x53, 0x6a, 0x13, 0xdf, 0x19, 0xc7, 0xed, 0x48, 0x81, 0xed, 0xd8, -+ 0x1f, 0x11, 0x11, 0xbb, 0x41, 0x15, 0x5b, 0xa4, 0xf5, 0xc9, 0x2b, 0x48, 0x5e, 0xd8, 0x4b, 0x52, -+ 0x1f, 0xf7, 0x87, 0xf2, 0x68, 0x25, 0x28, 0x79, 0xee, 0x39, 0x41, 0xc9, 0x0e, 0xc8, 0xf9, 0xf2, -+ 0xd8, 0x24, 0x09, 0xb4, 0xd4, 0xb7, 0x90, 0xba, 0x26, 0xe8, 0x1d, 0xb4, 0xd7, 0x09, 0x00, 0xc4, -+ 0xa0, 0xb6, 0x14, 0xe8, 0x4c, 0x29, 0x60, 0x54, 0x2e, 0x01, 0xde, 0x54, 0x66, 0x40, 0x22, 0x50, -+ 0x27, 0xf1, 0xe7, 0x62, 0xa9, 0x00, 0x5a, 0x61, 0x2e, 0xfa, 0xfe, 0x16, 0xd8, 0xe0, 0xe7, 0x66, -+ 0x17, 0xda, 0xb8, 0x0c, 0xa6, 0x04, 0x8d, 0xf8, 0x21, 0x68, 0x39 -+}; -+ -+static UCHAR rsaHash[] = -+{ -+ 0x96, 0x1f, 0xa6, 0x49, 0x58, 0x81, 0x8f, 0x76, 0x77, 0x07, 0x07, 0x27, 0x55, 0xd7, 0x01, 0x8d, -+ 0xcd, 0x27, 0x8e, 0x94 -+}; -+ -+static UCHAR rsaSignature[] = -+{ -+ 0xa8, 0x3a, 0x9d, 0xaf, 0x92, 0x94, 0xa4, 0x4d, 0x34, 0xba, 0x41, 0x0c, 0xc1, 0x23, 0x91, 0xc7, -+ 0x91, 0xa8, 0xf8, 0xfc, 0x94, 0x87, 0x4d, 0x05, 0x85, 0x63, 0xe8, 0x7d, 0xea, 0x7f, 0x6b, 0x8d, -+ 0xbb, 0x9a, 0xd4, 0x46, 0xa6, 0xc0, 0xd6, 0xdc, 0x91, 0xba, 0xd3, 0x1a, 0xbf, 0xf4, 0x52, 0xa0, -+ 0xc7, 0x15, 0x87, 0xe9, 0x1e, 0x60, 0x49, 0x9c, 0xee, 0x5a, 0x9c, 0x6c, 0xbd, 0x7a, 0x3e, 0xc3, -+ 0x48, 0xb3, 0xee, 0xca, 0x68, 0x40, 0x9b, 0xa1, 0x4c, 0x6e, 0x20, 0xd6, 0xca, 0x6c, 0x72, 0xaf, -+ 0x2b, 0x6b, 0x62, 0x7c, 0x78, 0x06, 0x94, 0x4c, 0x02, 0xf3, 0x8d, 0x49, 0xe0, 0x11, 0xc4, 0x9b, -+ 0x62, 0x5b, 0xc2, 0xfd, 0x68, 0xf4, 0x07, 0x15, 0x71, 0x11, 0x4c, 0x35, 0x97, 0x5d, 0xc0, 0xe6, -+ 0x22, 0xc9, 0x8a, 0x7b, 0x96, 0xc9, 0xc3, 0xe4, 0x2b, 0x1e, 0x88, 0x17, 0x4f, 0x98, 0x9b, 0xf3, -+ 0x42, 0x23, 0x0c, 0xa0, 0xfa, 0x19, 0x03, 0x2a, 0xf7, 0x13, 0x2d, 0x27, 0xac, 0x9f, 0xaf, 0x2d, -+ 0xa3, 0xce, 0xf7, 0x63, 0xbb, 0x39, 0x9f, 0x72, 0x80, 0xdd, 0x6c, 0x73, 0x00, 0x85, 0x70, 0xf2, -+ 0xed, 0x50, 0xed, 0xa0, 0x74, 0x42, 0xd7, 0x22, 0x46, 0x24, 0xee, 0x67, 0xdf, 0xb5, 0x45, 0xe8, -+ 0x49, 0xf4, 0x9c, 0xe4, 0x00, 0x83, 0xf2, 0x27, 0x8e, 0xa2, 0xb1, 0xc3, 0xc2, 0x01, 0xd7, 0x59, -+ 0x2e, 0x4d, 0xac, 0x49, 0xa2, 0xc1, 0x8d, 0x88, 0x4b, 0xfe, 0x28, 0xe5, 0xac, 0xa6, 0x85, 0xc4, -+ 0x1f, 0xf8, 0xc5, 0xc5, 0x14, 0x4e, 0xa3, 0xcb, 0x17, 0xb7, 0x64, 0xb3, 0xc2, 0x12, 0xf8, 0xf8, -+ 0x36, 0x99, 0x1c, 0x91, 0x9b, 0xbd, 0xed, 0x55, 0x0f, 0xfd, 0x49, 0x85, 0xbb, 0x32, 0xad, 0x78, -+ 0xc1, 0x74, 0xe6, 0x7c, 0x18, 0x0f, 0x2b, 0x3b, 0xaa, 0xd1, 0x9d, 0x40, 0x71, 0x1d, 0x19, 0x53 -+}; -+ -+static void test_RSA(void) -+{ -+ BCRYPT_PKCS1_PADDING_INFO pad; -+ BCRYPT_ALG_HANDLE alg = NULL; -+ BCRYPT_KEY_HANDLE key = NULL; -+ NTSTATUS ret; -+ -+ ret = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_RSA_ALGORITHM, NULL, 0); -+ if (ret) -+ { -+ win_skip("Failed to open RSA provider: %08x, skipping test\n", ret); -+ return; -+ } -+ -+ ret = pBCryptImportKeyPair(alg, NULL, BCRYPT_RSAPUBLIC_BLOB, &key, rsaPublicBlob, sizeof(rsaPublicBlob), 0); -+ ok(!ret, "pBCryptImportKeyPair failed: %08x\n", ret); -+ -+ pad.pszAlgId = BCRYPT_SHA1_ALGORITHM; -+ ret = pBCryptVerifySignature(key, &pad, rsaHash, sizeof(rsaHash), rsaSignature, sizeof(rsaSignature), BCRYPT_PAD_PKCS1); -+ ok(!ret, "pBCryptVerifySignature failed: %08x\n", ret); -+ -+ ret = pBCryptVerifySignature(key, NULL, rsaHash, sizeof(rsaHash), rsaSignature, sizeof(rsaSignature), BCRYPT_PAD_PKCS1); -+ ok(ret == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", ret); -+ -+ pad.pszAlgId = BCRYPT_SHA1_ALGORITHM; -+ ret = pBCryptVerifySignature(key, &pad, rsaHash, sizeof(rsaHash), rsaSignature, sizeof(rsaSignature), 0); -+ ok(ret == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", ret); -+ -+ ret = pBCryptVerifySignature(key, NULL, rsaHash, sizeof(rsaHash), rsaSignature, sizeof(rsaSignature), 0); -+ ok(ret == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", ret); -+ -+ pad.pszAlgId = BCRYPT_AES_ALGORITHM; -+ ret = pBCryptVerifySignature(key, &pad, rsaHash, sizeof(rsaHash), rsaSignature, sizeof(rsaSignature), BCRYPT_PAD_PKCS1); -+ ok(ret == STATUS_NOT_SUPPORTED, "Expected STATUS_NOT_SUPPORTED, got %08x\n", ret); -+ -+ pad.pszAlgId = NULL; -+ ret = pBCryptVerifySignature(key, &pad, rsaHash, sizeof(rsaHash), rsaSignature, sizeof(rsaSignature), BCRYPT_PAD_PKCS1); -+ ok(ret == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", ret); -+ -+ ret = pBCryptDestroyKey(key); -+ ok(!ret, "pBCryptDestroyKey failed: %08x\n", ret); -+ -+ ret = pBCryptCloseAlgorithmProvider(alg, 0); -+ ok(!ret, "pBCryptCloseAlgorithmProvider failed: %08x\n", ret); -+} -+ - START_TEST(bcrypt) - { - HMODULE module; -@@ -1538,6 +1632,7 @@ START_TEST(bcrypt) - test_BCryptDecrypt(); - test_key_import_export(); - test_ECDSA(); -+ test_RSA(); - - if (pBCryptHash) /* >= Win 10 */ - test_BcryptHash(); --- -2.16.2 - diff --git a/patches/bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch b/patches/bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch deleted file mode 100644 index 1e3530e1..00000000 --- a/patches/bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 951414bb416ebf3858ec79df87441025d842bf47 Mon Sep 17 00:00:00 2001 -From: Sebastian Lackner -Date: Sat, 14 Oct 2017 22:44:13 +0200 -Subject: [PATCH] bcrypt: Store full ECCKEY_BLOB struct in BCryptImportKeyPair. - ---- - dlls/bcrypt/bcrypt_main.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c -index e30e52b8b68..733e608e1ee 100644 ---- a/dlls/bcrypt/bcrypt_main.c -+++ b/dlls/bcrypt/bcrypt_main.c -@@ -1401,6 +1401,7 @@ static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len, - - static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnutls_key ) - { -+ BCRYPT_ECCKEY_BLOB *ecc_blob; - gnutls_ecc_curve_t curve; - gnutls_datum_t x, y; - int ret; -@@ -1421,10 +1422,11 @@ static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnut - return STATUS_INTERNAL_ERROR; - } - -- x.data = key->u.a.pubkey; -- x.size = key->u.a.pubkey_len / 2; -- y.data = key->u.a.pubkey + x.size; -- y.size = x.size; -+ ecc_blob = (BCRYPT_ECCKEY_BLOB *)key->u.a.pubkey; -+ x.data = key->u.a.pubkey + sizeof(*ecc_blob); -+ x.size = ecc_blob->cbKey; -+ y.data = key->u.a.pubkey + sizeof(*ecc_blob) + ecc_blob->cbKey; -+ y.size = ecc_blob->cbKey; - - if ((ret = pgnutls_pubkey_import_ecc_raw( *gnutls_key, curve, &x, &y ))) - { -@@ -2063,7 +2065,7 @@ NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HAN - return STATUS_NO_MEMORY; - - key->hdr.magic = MAGIC_KEY; -- if ((status = key_asymmetric_init( key, alg, (BYTE *)(ecc_blob + 1), ecc_blob->cbKey * 2 ))) -+ if ((status = key_asymmetric_init( key, alg, (BYTE *)ecc_blob, sizeof(*ecc_blob) + ecc_blob->cbKey * 2 ))) - { - heap_free( key ); - return status; --- -2.16.2 - diff --git a/patches/bcrypt-Improvements/definition b/patches/bcrypt-Improvements/definition deleted file mode 100644 index b6639dfa..00000000 --- a/patches/bcrypt-Improvements/definition +++ /dev/null @@ -1,5 +0,0 @@ -Fixes: Implement BCrypt AES provider -# 40418 was originally here, but was apparently satisfied with less. -Fixes: [42553] Implement BCrypt ECB chaining mode -Fixes: [39582] Implement BCrypt RSA provider -Fixes: [43605] Implement elliptic curve (ECDSA) cryptography \ No newline at end of file diff --git a/patches/crypt32-ECDSA_Cert_Chains/definition b/patches/crypt32-ECDSA_Cert_Chains/definition index 024166dd..cfd9c615 100644 --- a/patches/crypt32-ECDSA_Cert_Chains/definition +++ b/patches/crypt32-ECDSA_Cert_Chains/definition @@ -1,2 +1 @@ Fixes: [35902] Implement support for validating ECDSA certificate chains -Depends: bcrypt-Improvements diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh index 8d523290..cce63fd5 100755 --- a/patches/patchinstall.sh +++ b/patches/patchinstall.sh @@ -52,7 +52,7 @@ usage() # Get the upstream commit sha upstream_commit() { - echo "5946973021285dd6ecb8df224956fea4817f8fed" + echo "e1c7a1f7ce03c1e69e008378e90523e85e1c6e8f" } # Show version information @@ -98,7 +98,6 @@ patch_enable_all () enable_api_ms_win_Stub_DLLs="$1" enable_avifil32_IGetFrame_fnSetFormat="$1" enable_avifile_dll16_AVIStreamGetFrame="$1" - enable_bcrypt_Improvements="$1" enable_browseui_Progress_Dialog="$1" enable_combase_RoApi="$1" enable_comctl32_Listview_DrawItem="$1" @@ -502,9 +501,6 @@ patch_enable () avifile.dll16-AVIStreamGetFrame) enable_avifile_dll16_AVIStreamGetFrame="$2" ;; - bcrypt-Improvements) - enable_bcrypt_Improvements="$2" - ;; browseui-Progress_Dialog) enable_browseui_Progress_Dialog="$2" ;; @@ -2472,13 +2468,6 @@ if test "$enable_d3d11_Deferred_Context" -eq 1; then enable_wined3d_1DTextures=1 fi -if test "$enable_crypt32_ECDSA_Cert_Chains" -eq 1; then - if test "$enable_bcrypt_Improvements" -gt 1; then - abort "Patchset bcrypt-Improvements disabled, but crypt32-ECDSA_Cert_Chains depends on that." - fi - enable_bcrypt_Improvements=1 -fi - if test "$enable_api_ms_win_Stub_DLLs" -eq 1; then if test "$enable_combase_RoApi" -gt 1; then abort "Patchset combase-RoApi disabled, but api-ms-win-Stub_DLLs depends on that." @@ -2970,35 +2959,6 @@ if test "$enable_avifile_dll16_AVIStreamGetFrame" -eq 1; then ) >> "$patchlist" fi -# Patchset bcrypt-Improvements -# | -# | This patchset fixes the following Wine bugs: -# | * [#42553] Implement BCrypt ECB chaining mode -# | * [#39582] Implement BCrypt RSA provider -# | * [#43605] Implement elliptic curve (ECDSA) cryptography -# | -# | Modified files: -# | * dlls/bcrypt/bcrypt.spec, dlls/bcrypt/bcrypt_main.c, dlls/bcrypt/tests/bcrypt.c, include/bcrypt.h -# | -if test "$enable_bcrypt_Improvements" -eq 1; then - patch_apply bcrypt-Improvements/0025-bcrypt-Avoid-crash-in-tests-when-compiling-without-g.patch - patch_apply bcrypt-Improvements/0030-bcrypt-Preparation-for-asymmetric-keys.patch - patch_apply bcrypt-Improvements/0033-bcrypt-Implement-importing-of-ecdsa-keys.patch - patch_apply bcrypt-Improvements/0034-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch - patch_apply bcrypt-Improvements/0035-bcrypt-Initial-implementation-for-RSA-key-import-and.patch - patch_apply bcrypt-Improvements/0036-bcrypt-tests-Add-simple-test-for-RSA.patch - patch_apply bcrypt-Improvements/0037-bcrypt-Store-full-ECCKEY_BLOB-struct-in-BCryptImport.patch - ( - printf '%s\n' '+ { "Sebastian Lackner", "bcrypt: Avoid crash in tests when compiling without gnutls support.", 1 },'; - printf '%s\n' '+ { "Michael Müller", "bcrypt: Preparation for asymmetric keys.", 1 },'; - printf '%s\n' '+ { "Michael Müller", "bcrypt: Implement importing of ecdsa keys.", 1 },'; - printf '%s\n' '+ { "Michael Müller", "bcrypt: Implement BCryptVerifySignature for ecdsa signatures.", 1 },'; - printf '%s\n' '+ { "Kimmo Myllyvirta", "bcrypt: Initial implementation for RSA key import and signature verification.", 1 },'; - printf '%s\n' '+ { "Kimmo Myllyvirta", "bcrypt/tests: Add simple test for RSA.", 1 },'; - printf '%s\n' '+ { "Sebastian Lackner", "bcrypt: Store full ECCKEY_BLOB struct in BCryptImportKeyPair.", 1 },'; - ) >> "$patchlist" -fi - # Patchset browseui-Progress_Dialog # | # | Modified files: @@ -3103,9 +3063,6 @@ fi # Patchset crypt32-ECDSA_Cert_Chains # | -# | This patchset has the following (direct or indirect) dependencies: -# | * bcrypt-Improvements -# | # | This patchset fixes the following Wine bugs: # | * [#35902] Implement support for validating ECDSA certificate chains # | diff --git a/patches/wined3d-1DTextures/0006-wined3d-Implement-uploading-for-1d-textures.patch b/patches/wined3d-1DTextures/0006-wined3d-Implement-uploading-for-1d-textures.patch index 47711e60..490a845d 100644 --- a/patches/wined3d-1DTextures/0006-wined3d-Implement-uploading-for-1d-textures.patch +++ b/patches/wined3d-1DTextures/0006-wined3d-Implement-uploading-for-1d-textures.patch @@ -1,29 +1,14 @@ -From c70ae0c4b0a6b7929472b844f374baa42c868fc1 Mon Sep 17 00:00:00 2001 +From 4353549a289101aed8b4fca9a32f3458b0068093 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Sat, 27 Aug 2016 22:25:20 +0200 Subject: [PATCH] wined3d: Implement uploading for 1d textures. --- - dlls/wined3d/device.c | 3 ++- dlls/wined3d/texture.c | 12 ++++++++++++ - 2 files changed, 14 insertions(+), 1 deletion(-) + 1 file changed, 12 insertions(+) -diff --git a/dlls/wined3d/device.c b/dlls/wined3d/device.c -index bdc551e..bb61f78 100644 ---- a/dlls/wined3d/device.c -+++ b/dlls/wined3d/device.c -@@ -4272,7 +4272,8 @@ void CDECL wined3d_device_update_sub_resource(struct wined3d_device *device, str - height = 1; - depth = 1; - } -- else if (resource->type == WINED3D_RTYPE_TEXTURE_2D || resource->type == WINED3D_RTYPE_TEXTURE_3D) -+ else if (resource->type == WINED3D_RTYPE_TEXTURE_1D || -+ resource->type == WINED3D_RTYPE_TEXTURE_2D || resource->type == WINED3D_RTYPE_TEXTURE_3D) - { - struct wined3d_texture *texture = texture_from_resource(resource); - unsigned int level; diff --git a/dlls/wined3d/texture.c b/dlls/wined3d/texture.c -index cb02276..45b5afb 100644 +index 66e72b4..242e600 100644 --- a/dlls/wined3d/texture.c +++ b/dlls/wined3d/texture.c @@ -1953,6 +1953,18 @@ void wined3d_texture_upload_data(struct wined3d_texture *texture, unsigned int s