Release 2.0-rc5.

LICENSE.md

@@ -7,7 +7,7 @@ are part of **Wine Staging** and are licensed under the terms of the
 [LGPLv2.1](#gnu-lgpl-version-21), to stay compatible with Wine:
 
 ```
-Copyright (C) 2014-2016 the Wine Staging project authors.
+Copyright (C) 2014-2017 the Wine Staging project authors.
 
 Wine Staging is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public

patches/Compiler_Warnings/0026-dwrite-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,18 +1,18 @@
-From c695e014f25fd613ead12115a715cdb4303d632f Mon Sep 17 00:00:00 2001
+From 744549e1ecc76c3764079d337c09445d01a3527e Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:58:40 +0100
 Subject: dwrite: Avoid implicit cast of interface pointer.
 
 ---
- dlls/dwrite/font.c   | 6 +++---
+ dlls/dwrite/font.c   | 4 ++--
  dlls/dwrite/layout.c | 2 +-
- 2 files changed, 4 insertions(+), 4 deletions(-)
+ 2 files changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/dlls/dwrite/font.c b/dlls/dwrite/font.c
-index ba97025..0a90c20 100644
+index d9ddce0..0a90c20 100644
 --- a/dlls/dwrite/font.c
 +++ b/dlls/dwrite/font.c
-@@ -1684,15 +1684,15 @@ static struct dwrite_font *unsafe_impl_from_IDWriteFont(IDWriteFont *iface)
+@@ -1684,7 +1684,7 @@ static struct dwrite_font *unsafe_impl_from_IDWriteFont(IDWriteFont *iface)
      if (!iface)
          return NULL;
      assert(iface->lpVtbl == (IDWriteFontVtbl*)&dwritefontvtbl);
@@ -21,12 +21,11 @@ index ba97025..0a90c20 100644
  }
  
  static struct dwrite_fontface *unsafe_impl_from_IDWriteFontFace(IDWriteFontFace *iface)
- {
+@@ -1692,7 +1692,7 @@ static struct dwrite_fontface *unsafe_impl_from_IDWriteFontFace(IDWriteFontFace
      if (!iface)
          return NULL;
--    assert(iface->lpVtbl = (IDWriteFontFaceVtbl*)&dwritefontfacevtbl);
+     assert(iface->lpVtbl == (IDWriteFontFaceVtbl*)&dwritefontfacevtbl);
 -    return CONTAINING_RECORD(iface, struct dwrite_fontface, IDWriteFontFace4_iface);
-+    assert(iface->lpVtbl == (IDWriteFontFaceVtbl*)&dwritefontfacevtbl);
 +    return CONTAINING_RECORD((IDWriteFontFace4 *)iface, struct dwrite_fontface, IDWriteFontFace4_iface);
  }
  

patches/advapi32-AddMandatoryAce/0001-advapi32-Implement-AddMandatoryAce.patch

@@ -0,0 +1,185 @@
+From 9904ee15d00d0809c12759446c09adc1981e3cf9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 29 Aug 2016 19:45:47 +0200
+Subject: advapi32: Implement AddMandatoryAce.
+
+---
+ dlls/advapi32/security.c       |  6 ++++--
+ dlls/advapi32/tests/security.c | 45 ++++++++++++++++++++++++++++++++++++++++++
+ dlls/ntdll/ntdll.spec          |  1 +
+ dlls/ntdll/sec.c               | 25 +++++++++++++++++++++++
+ include/winbase.h              |  1 +
+ include/winternl.h             |  1 +
+ 6 files changed, 77 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index 28331df..45c0f7e 100644
+--- a/dlls/advapi32/security.c
++++ b/dlls/advapi32/security.c
+@@ -1711,10 +1711,12 @@ BOOL WINAPI AddAce(
+     return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
+ }
+ 
++/******************************************************************************
++ *  AddMandatoryAce [ADVAPI32.@]
++ */
+ BOOL WINAPI AddMandatoryAce(ACL *acl, DWORD ace_revision, DWORD ace_flags, DWORD mandatory_policy, PSID label_sid)
+ {
+-    FIXME("%p %x %x %x %p - stub\n", acl, ace_revision, ace_flags, mandatory_policy, label_sid);
+-    return FALSE;
++    return set_ntstatus(RtlAddMandatoryAce(acl, ace_revision, ace_flags, mandatory_policy, SYSTEM_MANDATORY_LABEL_ACE_TYPE, label_sid));
+ }
+ 
+ /******************************************************************************
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 18f4e04..cdbe4f8 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -65,6 +65,7 @@
+ static BOOL (WINAPI *pAddAccessAllowedAceEx)(PACL, DWORD, DWORD, DWORD, PSID);
+ static BOOL (WINAPI *pAddAccessDeniedAceEx)(PACL, DWORD, DWORD, DWORD, PSID);
+ static BOOL (WINAPI *pAddAuditAccessAceEx)(PACL, DWORD, DWORD, DWORD, PSID, BOOL, BOOL);
++static BOOL (WINAPI *pAddMandatoryAce)(PACL,DWORD,DWORD,DWORD,PSID);
+ static VOID (WINAPI *pBuildTrusteeWithSidA)( PTRUSTEEA pTrustee, PSID pSid );
+ static VOID (WINAPI *pBuildTrusteeWithNameA)( PTRUSTEEA pTrustee, LPSTR pName );
+ static VOID (WINAPI *pBuildTrusteeWithObjectsAndNameA)( PTRUSTEEA pTrustee,
+@@ -199,6 +200,7 @@ static void init(void)
+     pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx");
+     pAddAccessDeniedAceEx = (void *)GetProcAddress(hmod, "AddAccessDeniedAceEx");
+     pAddAuditAccessAceEx = (void *)GetProcAddress(hmod, "AddAuditAccessAceEx");
++    pAddMandatoryAce = (void *)GetProcAddress(hmod, "AddMandatoryAce");
+     pCheckTokenMembership = (void *)GetProcAddress(hmod, "CheckTokenMembership");
+     pConvertStringSecurityDescriptorToSecurityDescriptorA =
+         (void *)GetProcAddress(hmod, "ConvertStringSecurityDescriptorToSecurityDescriptorA" );
+@@ -6064,6 +6066,48 @@ static void test_default_dacl_owner_sid(void)
+     CloseHandle( handle );
+ }
+ 
++static void test_integrity(void)
++{
++    static SID low_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
++                                                    {SECURITY_MANDATORY_LOW_RID}};
++    SYSTEM_MANDATORY_LABEL_ACE *ace;
++    char buffer_acl[256];
++    ACL *pAcl = (ACL*)&buffer_acl;
++    BOOL ret, found;
++    DWORD index;
++
++    if (!pAddMandatoryAce)
++    {
++        win_skip("Mandatory integrity labels not supported, skipping test\n");
++        return;
++    }
++
++    ret = InitializeAcl(pAcl, 256, ACL_REVISION);
++    ok(ret, "InitializeAcl failed with %u\n", GetLastError());
++
++    ret = pAddMandatoryAce(pAcl, ACL_REVISION, 0, 0x1234, &low_level);
++    ok(!ret, "AddMandatoryAce succeeded\n");
++    ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER got %u\n", GetLastError());
++
++    ret = pAddMandatoryAce(pAcl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, &low_level);
++    ok(ret, "AddMandatoryAce failed with %u\n", GetLastError());
++
++    index = 0;
++    found = FALSE;
++    while (pGetAce( pAcl, index++, (void **)&ace ))
++    {
++        if (ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE)
++        {
++            found = TRUE;
++            ok(ace->Header.AceFlags == 0, "Expected 0 as flags, got %x\n", ace->Header.AceFlags);
++            ok(ace->Mask == SYSTEM_MANDATORY_LABEL_NO_WRITE_UP,
++               "Expected SYSTEM_MANDATORY_LABEL_NO_WRITE_UP as flag, got %x\n", ace->Mask);
++            ok(EqualSid(&ace->SidStart, &low_level), "Expected low integrity level\n");
++        }
++    }
++    ok(found, "Could not find mandatory label\n");
++}
++
+ static void test_AdjustTokenPrivileges(void)
+ {
+     TOKEN_PRIVILEGES tp, prev;
+@@ -6444,6 +6488,7 @@ START_TEST(security)
+     test_CreateRestrictedToken();
+     test_TokenIntegrityLevel();
+     test_default_dacl_owner_sid();
++    test_integrity();
+     test_AdjustTokenPrivileges();
+     test_AddAce();
+     test_system_security_access();
+diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
+index 28aa2df..f6f8eba 100644
+--- a/dlls/ntdll/ntdll.spec
++++ b/dlls/ntdll/ntdll.spec
+@@ -422,6 +422,7 @@
+ @ stdcall RtlAddAuditAccessAceEx(ptr long long long ptr long long)
+ @ stdcall RtlAddAuditAccessObjectAce(ptr long long long ptr ptr ptr long long)
+ # @ stub RtlAddCompoundAce
++@ stdcall RtlAddMandatoryAce(ptr long long long long ptr)
+ # @ stub RtlAddRange
+ @ cdecl -arch=arm,x86_64 RtlAddFunctionTable(ptr long long)
+ @ stdcall RtlAddRefActivationContext(ptr)
+diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c
+index 3bc52ac..daa2cae 100644
+--- a/dlls/ntdll/sec.c
++++ b/dlls/ntdll/sec.c
+@@ -1379,6 +1379,31 @@ NTSTATUS WINAPI RtlAddAuditAccessObjectAce(
+     return STATUS_NOT_IMPLEMENTED;
+ }
+ 
++/**************************************************************************
++ *  RtlAddMandatoryAce     [NTDLL.@]
++ */
++NTSTATUS WINAPI RtlAddMandatoryAce(
++    IN OUT PACL pAcl,
++    IN DWORD dwAceRevision,
++    IN DWORD dwAceFlags,
++    IN DWORD dwMandatoryFlags,
++    IN DWORD dwAceType,
++    IN PSID pSid)
++{
++    static DWORD valid_flags = SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | SYSTEM_MANDATORY_LABEL_NO_READ_UP |
++                               SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP;
++
++    TRACE("(%p,%d,0x%08x,0x%08x,%u,%p)\n",pAcl,dwAceRevision,dwAceFlags,dwMandatoryFlags, dwAceType, pSid);
++
++    if (dwAceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE)
++        return STATUS_INVALID_PARAMETER;
++
++    if (dwMandatoryFlags & ~valid_flags)
++        return STATUS_INVALID_PARAMETER;
++
++    return add_access_ace(pAcl, dwAceRevision, dwAceFlags, dwMandatoryFlags, pSid, dwAceType);
++}
++
+ /******************************************************************************
+  *  RtlValidAcl		[NTDLL.@]
+  */
+diff --git a/include/winbase.h b/include/winbase.h
+index eff5972..42c826d 100644
+--- a/include/winbase.h
++++ b/include/winbase.h
+@@ -1693,6 +1693,7 @@ WINBASEAPI ATOM        WINAPI AddAtomW(LPCWSTR);
+ #define                       AddAtom WINELIB_NAME_AW(AddAtom)
+ WINADVAPI  BOOL        WINAPI AddAuditAccessAce(PACL,DWORD,DWORD,PSID,BOOL,BOOL);
+ WINADVAPI  BOOL        WINAPI AddAuditAccessAceEx(PACL,DWORD,DWORD,DWORD,PSID,BOOL,BOOL);
++WINADVAPI  BOOL        WINAPI AddMandatoryAce(PACL,DWORD,DWORD,DWORD,PSID);
+ WINBASEAPI VOID        WINAPI AddRefActCtx(HANDLE);
+ WINBASEAPI PVOID       WINAPI AddVectoredExceptionHandler(ULONG,PVECTORED_EXCEPTION_HANDLER);
+ WINADVAPI  BOOL        WINAPI AdjustTokenGroups(HANDLE,BOOL,PTOKEN_GROUPS,DWORD,PTOKEN_GROUPS,PDWORD);
+diff --git a/include/winternl.h b/include/winternl.h
+index f35091c..c104e6f 100644
+--- a/include/winternl.h
++++ b/include/winternl.h
+@@ -2405,6 +2405,7 @@ NTSYSAPI NTSTATUS  WINAPI RtlAddAtomToAtomTable(RTL_ATOM_TABLE,const WCHAR*,RTL_
+ NTSYSAPI NTSTATUS  WINAPI RtlAddAuditAccessAce(PACL,DWORD,DWORD,PSID,BOOL,BOOL);
+ NTSYSAPI NTSTATUS  WINAPI RtlAddAuditAccessAceEx(PACL,DWORD,DWORD,DWORD,PSID,BOOL,BOOL);
+ NTSYSAPI NTSTATUS  WINAPI RtlAddAuditAccessObjectAce(PACL,DWORD,DWORD,DWORD,GUID*,GUID*,PSID,BOOL,BOOL);
++NTSYSAPI NTSTATUS  WINAPI RtlAddMandatoryAce(PACL,DWORD,DWORD,DWORD,DWORD,PSID);
+ NTSYSAPI void      WINAPI RtlAddRefActivationContext(HANDLE);
+ NTSYSAPI PVOID     WINAPI RtlAddVectoredExceptionHandler(ULONG,PVECTORED_EXCEPTION_HANDLER);
+ NTSYSAPI NTSTATUS  WINAPI RtlAdjustPrivilege(ULONG,BOOLEAN,BOOLEAN,PBOOLEAN);
+-- 
+2.9.0
+

patches/advapi32-AddMandatoryAce/definition

@@ -0,0 +1 @@
+Fixes: Implement advapi32.AddMandatoryAce

patches/advapi32-WinBuiltinAnyPackageSid/0001-advapi32-SDDL-assigns-the-AC-abbreviation-to-WinBuil.patch

@@ -0,0 +1,26 @@
+From e71a9b9a10c2de28a617f9490c3d135b1e12adf1 Mon Sep 17 00:00:00 2001
+From: Dmitry Timoshkov <dmitry@baikal.ru>
+Date: Fri, 16 Dec 2016 13:20:32 +0800
+Subject: advapi32: SDDL assigns the "AC" abbreviation to
+ WinBuiltinAnyPackageSid.
+
+---
+ dlls/advapi32/security.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index 28331df..3b585aa 100644
+--- a/dlls/advapi32/security.c
++++ b/dlls/advapi32/security.c
+@@ -135,7 +135,7 @@ static const WELLKNOWNSID WellKnownSids[] =
+     { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
+     { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
+     { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
+-    { {0,0}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
++    { {'A','C'}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
+ };
+ 
+ /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
+-- 
+2.9.0
+

patches/advapi32-WinBuiltinAnyPackageSid/0002-advapi32-tests-Add-a-test-that-compares-a-well-known.patch

@@ -0,0 +1,227 @@
+From 13a60cc5ea59cc2f18ac19888fe51628f9f0774a Mon Sep 17 00:00:00 2001
+From: Dmitry Timoshkov <dmitry@baikal.ru>
+Date: Fri, 16 Dec 2016 13:23:15 +0800
+Subject: advapi32/tests: Add a test that compares a well-known SID to a SID
+ created from a SDDL abbreviation.
+
+---
+ dlls/advapi32/tests/security.c | 130 +++++++++++++++++++++++++++++------------
+ 1 file changed, 92 insertions(+), 38 deletions(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 18f4e04..4e1f53b 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -2,7 +2,7 @@
+  * Unit tests for security functions
+  *
+  * Copyright (c) 2004 Mike McCormack
+- * Copyright (c) 2011 Dmitry Timoshkov
++ * Copyright (c) 2011,2013,2014,2016 Dmitry Timoshkov
+  *
+  * This library is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU Lesser General Public
+@@ -138,14 +138,6 @@ static HMODULE hmod;
+ static int     myARGC;
+ static char**  myARGV;
+ 
+-struct strsid_entry
+-{
+-    const char *str;
+-    DWORD flags;
+-};
+-#define STRSID_OK     0
+-#define STRSID_OPT    1
+-
+ #define SID_SLOTS 4
+ static char debugsid_str[SID_SLOTS][256];
+ static int debugsid_index = 0;
+@@ -175,12 +167,6 @@ static const char* debugstr_sid(PSID sid)
+     return res;
+ }
+ 
+-struct sidRef
+-{
+-    SID_IDENTIFIER_AUTHORITY auth;
+-    const char *refStr;
+-};
+-
+ static void init(void)
+ {
+     HMODULE hntdll;
+@@ -297,7 +283,11 @@ static void test_group_equal(HANDLE Handle, PSID expected, int line)
+ 
+ static void test_sid(void)
+ {
+-    struct sidRef refs[] = {
++    static struct
++    {
++        SID_IDENTIFIER_AUTHORITY auth;
++        const char *refStr;
++    } refs[] = {
+      { { {0x00,0x00,0x33,0x44,0x55,0x66} }, "S-1-860116326-1" },
+      { { {0x00,0x00,0x01,0x02,0x03,0x04} }, "S-1-16909060-1"  },
+      { { {0x00,0x00,0x00,0x01,0x02,0x03} }, "S-1-66051-1"     },
+@@ -305,24 +295,60 @@ static void test_sid(void)
+      { { {0x00,0x00,0x00,0x00,0x00,0x02} }, "S-1-2-1"         },
+      { { {0x00,0x00,0x00,0x00,0x00,0x0c} }, "S-1-12-1"        },
+     };
+-    struct strsid_entry strsid_table[] = {
+-        {"AO", STRSID_OK},  {"RU", STRSID_OK},  {"AN", STRSID_OK},  {"AU", STRSID_OK},
+-        {"BA", STRSID_OK},  {"BG", STRSID_OK},  {"BO", STRSID_OK},  {"BU", STRSID_OK},
+-        {"CA", STRSID_OPT}, {"CG", STRSID_OK},  {"CO", STRSID_OK},  {"DA", STRSID_OPT},
+-        {"DC", STRSID_OPT}, {"DD", STRSID_OPT}, {"DG", STRSID_OPT}, {"DU", STRSID_OPT},
+-        {"EA", STRSID_OPT}, {"ED", STRSID_OK},  {"WD", STRSID_OK},  {"PA", STRSID_OPT},
+-        {"IU", STRSID_OK},  {"LA", STRSID_OK},  {"LG", STRSID_OK},  {"LS", STRSID_OK},
+-        {"SY", STRSID_OK},  {"NU", STRSID_OK},  {"NO", STRSID_OK},  {"NS", STRSID_OK},
+-        {"PO", STRSID_OK},  {"PS", STRSID_OK},  {"PU", STRSID_OK},  {"RS", STRSID_OPT},
+-        {"RD", STRSID_OK},  {"RE", STRSID_OK},  {"RC", STRSID_OK},  {"SA", STRSID_OPT},
+-        {"SO", STRSID_OK},  {"SU", STRSID_OK}};
+-
++    static const struct
++    {
++        const char *str;
++        WELL_KNOWN_SID_TYPE sid_type;
++        BOOL optional;
++    } strsid_table[] = {
++        /* Please keep the list sorted. */
++        { "AC", WinBuiltinAnyPackageSid, TRUE },
++        { "AN", WinAnonymousSid },
++        { "AO", WinBuiltinAccountOperatorsSid },
++        { "AU", WinAuthenticatedUserSid },
++        { "BA", WinBuiltinAdministratorsSid },
++        { "BG", WinBuiltinGuestsSid },
++        { "BO", WinBuiltinBackupOperatorsSid },
++        { "BU", WinBuiltinUsersSid },
++        { "CA", WinAccountCertAdminsSid, TRUE},
++        { "CG", WinCreatorGroupSid },
++        { "CO", WinCreatorOwnerSid },
++        { "DA", WinAccountDomainAdminsSid, TRUE},
++        { "DC", WinAccountComputersSid, TRUE},
++        { "DD", WinAccountControllersSid, TRUE},
++        { "DG", WinAccountDomainGuestsSid, TRUE},
++        { "DU", WinAccountDomainUsersSid, TRUE},
++        { "EA", WinAccountEnterpriseAdminsSid, TRUE},
++        { "ED", WinEnterpriseControllersSid },
++        { "IU", WinInteractiveSid },
++        { "LA", WinAccountAdministratorSid },
++        { "LG", WinAccountGuestSid },
++        { "LS", WinLocalServiceSid },
++        { "NO", WinBuiltinNetworkConfigurationOperatorsSid },
++        { "NS", WinNetworkServiceSid },
++        { "NU", WinNetworkSid },
++        { "PA", WinAccountPolicyAdminsSid, TRUE},
++        { "PO", WinBuiltinPrintOperatorsSid },
++        { "PS", WinSelfSid },
++        { "PU", WinBuiltinPowerUsersSid },
++        { "RC", WinRestrictedCodeSid },
++        { "RD", WinBuiltinRemoteDesktopUsersSid },
++        { "RE", WinBuiltinReplicatorSid },
++        { "RS", WinAccountRasAndIasServersSid, TRUE },
++        { "RU", WinBuiltinPreWindows2000CompatibleAccessSid },
++        { "SA", WinAccountSchemaAdminsSid, TRUE },
++        { "SO", WinBuiltinSystemOperatorsSid },
++        { "SU", WinServiceSid },
++        { "SY", WinLocalSystemSid },
++        { "WD", WinWorldSid },
++    };
++    SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
+     const char noSubAuthStr[] = "S-1-5";
+     unsigned int i;
+-    PSID psid = NULL;
++    PSID psid, domain_sid;
+     SID *pisid;
+     BOOL r;
+-    LPSTR str = NULL;
++    LPSTR str;
+ 
+     if( !pConvertSidToStringSidA || !pConvertStringSidToSidA )
+     {
+@@ -402,7 +428,7 @@ static void test_sid(void)
+     }
+ 
+     /* string constant format not supported before XP */
+-    r = pConvertStringSidToSidA(strsid_table[0].str, &psid);
++    r = pConvertStringSidToSidA("AN", &psid);
+     if(!r)
+     {
+         win_skip("String constant format not supported\n");
+@@ -410,25 +436,51 @@ static void test_sid(void)
+     }
+     LocalFree(psid);
+ 
++    AllocateAndInitializeSid(&domain_ident, 4, SECURITY_NT_NON_UNIQUE, 0, 0, 0, 0, 0, 0, 0, &domain_sid);
++
+     for(i = 0; i < sizeof(strsid_table) / sizeof(strsid_table[0]); i++)
+     {
+-        char *temp;
+-
+         SetLastError(0xdeadbeef);
+         r = pConvertStringSidToSidA(strsid_table[i].str, &psid);
+ 
+-        if (!(strsid_table[i].flags & STRSID_OPT))
++        if (!(strsid_table[i].optional))
+         {
+             ok(r, "%s: got %u\n", strsid_table[i].str, GetLastError());
+         }
+ 
+         if (r)
+         {
+-            if ((winetest_debug > 1) && (pConvertSidToStringSidA(psid, &temp)))
++            char buf[SECURITY_MAX_SID_SIZE];
++            char *sid_string, *well_known_sid_string;
++            DWORD n, size;
++
++            /* zero out domain id before comparison to simplify things */
++            if (strsid_table[i].sid_type == WinAccountAdministratorSid ||
++                strsid_table[i].sid_type == WinAccountGuestSid)
+             {
+-                trace(" %s: %s\n", strsid_table[i].str, temp);
+-                LocalFree(temp);
++                for (n = 1; n <= 3; n++)
++                    *GetSidSubAuthority(psid, n) = 0;
+             }
++
++            r = pConvertSidToStringSidA(psid, &sid_string);
++            ok(r, "%s: ConvertSidToStringSid error %u\n", strsid_table[i].str, GetLastError());
++            if (winetest_debug > 1)
++                trace("%s => %s\n", strsid_table[i].str, sid_string);
++
++            size = sizeof(buf);
++            r = pCreateWellKnownSid(strsid_table[i].sid_type, domain_sid, buf, &size);
++            ok(r, "%u: CreateWellKnownSid(%u) error %u\n", i, strsid_table[i].sid_type, GetLastError());
++
++            r = pConvertSidToStringSidA(buf, &well_known_sid_string);
++            ok(r, "%u: ConvertSidToStringSi(%u) error %u\n", i, strsid_table[i].sid_type, GetLastError());
++            if (winetest_debug > 1)
++                trace("%u => %s\n", strsid_table[i].sid_type, well_known_sid_string);
++
++            ok(strcmp(sid_string, well_known_sid_string) == 0,
++               "%u: (%u) expected %s, got %s\n", i, strsid_table[i].sid_type, well_known_sid_string, sid_string);
++
++            LocalFree(well_known_sid_string);
++            LocalFree(sid_string);
+             LocalFree(psid);
+         }
+         else
+@@ -439,6 +491,8 @@ static void test_sid(void)
+                 trace(" %s: couldn't be converted\n", strsid_table[i].str);
+         }
+     }
++
++    LocalFree(domain_sid);
+ }
+ 
+ static void test_trustee(void)
+@@ -2288,7 +2342,7 @@ static void test_LookupAccountSid(void)
+     if (pCreateWellKnownSid && pConvertSidToStringSidA)
+     {
+         trace("Well Known SIDs:\n");
+-        for (i = 0; i <= 60; i++)
++        for (i = 0; i <= 84; i++)
+         {
+             size = SECURITY_MAX_SID_SIZE;
+             if (pCreateWellKnownSid(i, NULL, &max_sid.sid, &size))
+-- 
+2.9.0
+

patches/advapi32-WinBuiltinAnyPackageSid/definition

@@ -0,0 +1 @@
+Fixes: [41934] Assigns the AC abbreviation to WinBuiltinAnyPackageSid

patches/bcrypt-Improvements/0002-bcrypt-Directly-implement-hmac-computation.patch

@@ -0,0 +1,469 @@
+From f527689b793100c79654ac5d6c1376d128ca3175 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 19 Dec 2016 23:58:52 +0100
+Subject: bcrypt: Directly implement hmac computation.
+
+---
+ dlls/bcrypt/bcrypt_main.c | 277 +++++++++++++++++-----------------------------
+ 1 file changed, 104 insertions(+), 173 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index 937bdf7..af2314a 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -60,9 +60,6 @@ MAKE_FUNCPTR(gnutls_global_set_log_level);
+ MAKE_FUNCPTR(gnutls_hash);
+ MAKE_FUNCPTR(gnutls_hash_deinit);
+ MAKE_FUNCPTR(gnutls_hash_init);
+-MAKE_FUNCPTR(gnutls_hmac);
+-MAKE_FUNCPTR(gnutls_hmac_deinit);
+-MAKE_FUNCPTR(gnutls_hmac_init);
+ MAKE_FUNCPTR(gnutls_perror);
+ #undef MAKE_FUNCPTR
+ 
+@@ -99,9 +96,6 @@ static BOOL gnutls_initialize(void)
+     LOAD_FUNCPTR(gnutls_hash);
+     LOAD_FUNCPTR(gnutls_hash_deinit);
+     LOAD_FUNCPTR(gnutls_hash_init);
+-    LOAD_FUNCPTR(gnutls_hmac);
+-    LOAD_FUNCPTR(gnutls_hmac_deinit);
+-    LOAD_FUNCPTR(gnutls_hmac_init);
+     LOAD_FUNCPTR(gnutls_perror)
+ #undef LOAD_FUNCPTR
+ 
+@@ -163,6 +157,8 @@ enum alg_id
+     ALG_ID_SHA512
+ };
+ 
++#define MAX_HASH_OUTPUT_BYTES 64
++
+ static const struct {
+     ULONG hash_length;
+     const WCHAR *alg_name;
+@@ -183,6 +179,19 @@ struct algorithm
+     BOOL hmac;
+ };
+ 
++#define MAX_HASH_BLOCK_BITS 1024
++
++int alg_block_bits[] =
++{
++    /* ALG_ID_AES    */    0,
++    /* ALG_ID_MD5    */  512,
++    /* ALG_ID_RNG    */    0,
++    /* ALG_ID_SHA1   */  512,
++    /* ALG_ID_SHA256 */  512,
++    /* ALG_ID_SHA384 */ 1024,
++    /* ALG_ID_SHA512 */ 1024
++};
++
+ NTSTATUS WINAPI BCryptGenRandom(BCRYPT_ALG_HANDLE handle, UCHAR *buffer, ULONG count, ULONG flags)
+ {
+     const DWORD supported_flags = BCRYPT_USE_SYSTEM_PREFERRED_RNG;
+@@ -289,24 +298,20 @@ NTSTATUS WINAPI BCryptGetFipsAlgorithmMode(BOOLEAN *enabled)
+ }
+ 
+ #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
+-struct hash
++struct hash_impl
+ {
+-    struct object hdr;
+-    enum alg_id   alg_id;
+-    BOOL hmac;
+     union
+     {
+         CC_MD5_CTX    md5_ctx;
+         CC_SHA1_CTX   sha1_ctx;
+         CC_SHA256_CTX sha256_ctx;
+         CC_SHA512_CTX sha512_ctx;
+-        CCHmacContext hmac_ctx;
+     } u;
+ };
+ 
+-static NTSTATUS hash_init( struct hash *hash )
++static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
+ {
+-    switch (hash->alg_id)
++    switch (alg_id)
+     {
+     case ALG_ID_MD5:
+         CC_MD5_Init( &hash->u.md5_ctx );
+@@ -329,50 +334,16 @@ static NTSTATUS hash_init( struct hash *hash )
+         break;
+ 
+     default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
++        ERR( "unhandled id %u\n", alg_id );
+         return STATUS_NOT_IMPLEMENTED;
+     }
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hmac_init( struct hash *hash, UCHAR *key, ULONG key_size )
++static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *input, ULONG size )
+ {
+-    CCHmacAlgorithm cc_algorithm;
+-    switch (hash->alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        cc_algorithm = kCCHmacAlgMD5;
+-        break;
+-
+-    case ALG_ID_SHA1:
+-        cc_algorithm = kCCHmacAlgSHA1;
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        cc_algorithm = kCCHmacAlgSHA256;
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        cc_algorithm = kCCHmacAlgSHA384;
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        cc_algorithm = kCCHmacAlgSHA512;
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
+-        return STATUS_NOT_IMPLEMENTED;
+-    }
+-
+-    CCHmacInit( &hash->u.hmac_ctx, cc_algorithm, key, key_size );
+-    return STATUS_SUCCESS;
+-}
+-
+-
+-static NTSTATUS hash_update( struct hash *hash, UCHAR *input, ULONG size )
+-{
+-    switch (hash->alg_id)
++    switch (alg_id)
+     {
+     case ALG_ID_MD5:
+         CC_MD5_Update( &hash->u.md5_ctx, input, size );
+@@ -395,21 +366,16 @@ static NTSTATUS hash_update( struct hash *hash, UCHAR *input, ULONG size )
+         break;
+ 
+     default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
++        ERR( "unhandled id %u\n", alg_id );
+         return STATUS_NOT_IMPLEMENTED;
+     }
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hmac_update( struct hash *hash, UCHAR *input, ULONG size )
+-{
+-    CCHmacUpdate( &hash->u.hmac_ctx, input, size );
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_finish( struct hash *hash, UCHAR *output, ULONG size )
++static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *output, ULONG size )
+ {
+-    switch (hash->alg_id)
++    switch (alg_id)
+     {
+     case ALG_ID_MD5:
+         CC_MD5_Final( output, &hash->u.md5_ctx );
+@@ -432,37 +398,25 @@ static NTSTATUS hash_finish( struct hash *hash, UCHAR *output, ULONG size )
+         break;
+ 
+     default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
++        ERR( "unhandled id %u\n", alg_id );
+         break;
+     }
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hmac_finish( struct hash *hash, UCHAR *output, ULONG size )
+-{
+-    CCHmacFinal( &hash->u.hmac_ctx, output );
+-    return STATUS_SUCCESS;
+-}
+ #elif defined(HAVE_GNUTLS_HASH)
+-struct hash
++struct hash_impl
+ {
+-    struct object    hdr;
+-    enum alg_id      alg_id;
+-    BOOL hmac;
+-    union
+-    {
+-        gnutls_hash_hd_t hash_handle;
+-        gnutls_hmac_hd_t hmac_handle;
+-    } u;
++    gnutls_hash_hd_t hash_handle;
+ };
+ 
+-static NTSTATUS hash_init( struct hash *hash )
++static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
+ {
+     gnutls_digest_algorithm_t alg;
+ 
+     if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
+ 
+-    switch (hash->alg_id)
++    switch (alg_id)
+     {
+     case ALG_ID_MD5:
+         alg = GNUTLS_DIG_MD5;
+@@ -484,117 +438,63 @@ static NTSTATUS hash_init( struct hash *hash )
+         break;
+ 
+     default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
+-        return STATUS_NOT_IMPLEMENTED;
+-    }
+-
+-    if (pgnutls_hash_init( &hash->u.hash_handle, alg )) return STATUS_INTERNAL_ERROR;
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hmac_init( struct hash *hash, UCHAR *key, ULONG key_size )
+-{
+-    gnutls_mac_algorithm_t alg;
+-
+-    if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
+-
+-    switch (hash->alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        alg = GNUTLS_MAC_MD5;
+-        break;
+-    case ALG_ID_SHA1:
+-        alg = GNUTLS_MAC_SHA1;
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        alg = GNUTLS_MAC_SHA256;
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        alg = GNUTLS_MAC_SHA384;
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        alg = GNUTLS_MAC_SHA512;
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", hash->alg_id );
++        ERR( "unhandled id %u\n", alg_id );
+         return STATUS_NOT_IMPLEMENTED;
+     }
+ 
+-    if (pgnutls_hmac_init( &hash->u.hmac_handle, alg, key, key_size )) return STATUS_INTERNAL_ERROR;
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_update( struct hash *hash, UCHAR *input, ULONG size )
+-{
+-    if (pgnutls_hash( hash->u.hash_handle, input, size )) return STATUS_INTERNAL_ERROR;
++    if (pgnutls_hash_init( &hash->hash_handle, alg )) return STATUS_INTERNAL_ERROR;
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hmac_update( struct hash *hash, UCHAR *input, ULONG size )
++static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *input, ULONG size )
+ {
+-    if (pgnutls_hmac( hash->u.hmac_handle, input, size )) return STATUS_INTERNAL_ERROR;
++    if (pgnutls_hash( hash->hash_handle, input, size )) return STATUS_INTERNAL_ERROR;
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hash_finish( struct hash *hash, UCHAR *output, ULONG size )
++static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *output, ULONG size )
+ {
+-    pgnutls_hash_deinit( hash->u.hash_handle, output );
++    pgnutls_hash_deinit( hash->hash_handle, output );
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS hmac_finish( struct hash *hash, UCHAR *output, ULONG size )
+-{
+-    pgnutls_hmac_deinit( hash->u.hmac_handle, output );
+-    return STATUS_SUCCESS;
+-}
+ #else
+-struct hash
++struct hash_impl
+ {
+-    struct object hdr;
+-    BOOL hmac;
+-    enum alg_id   alg_id;
+-};
+ 
+-static NTSTATUS hash_init( struct hash *hash )
+-{
+-    ERR( "support for hashes not available at build time\n" );
+-    return STATUS_NOT_IMPLEMENTED;
+-}
+-
+-static NTSTATUS hmac_init( struct hash *hash, UCHAR *key, ULONG key_size )
+-{
+-    ERR( "support for hashes not available at build time\n" );
+-    return STATUS_NOT_IMPLEMENTED;
+-}
++};
+ 
+-static NTSTATUS hash_update( struct hash *hash, UCHAR *input, ULONG size )
++static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
+ {
+     ERR( "support for hashes not available at build time\n" );
+     return STATUS_NOT_IMPLEMENTED;
+ }
+ 
+-static NTSTATUS hmac_update( struct hash *hash, UCHAR *input, ULONG size )
++static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *input, ULONG size )
+ {
+     ERR( "support for hashes not available at build time\n" );
+     return STATUS_NOT_IMPLEMENTED;
+ }
+ 
+-static NTSTATUS hash_finish( struct hash *hash, UCHAR *output, ULONG size )
++static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
++                             UCHAR *output, ULONG size )
+ {
+     ERR( "support for hashes not available at build time\n" );
+     return STATUS_NOT_IMPLEMENTED;
+ }
++#endif
+ 
+-static NTSTATUS hmac_finish( struct hash *hash, UCHAR *output, ULONG size )
++struct hash
+ {
+-    ERR( "support for hashes not available at build time\n" );
+-    return STATUS_NOT_IMPLEMENTED;
+-}
+-#endif
++    struct object    hdr;
++    enum alg_id      alg_id;
++    BOOL hmac;
++    struct hash_impl outer;
++    struct hash_impl inner;
++};
+ 
+ #ifdef _WIN64
+ #define OBJECT_LENGTH_AES       654
+@@ -787,8 +687,11 @@ NTSTATUS WINAPI BCryptCreateHash( BCRYPT_ALG_HANDLE algorithm, BCRYPT_HASH_HANDL
+                                   UCHAR *secret, ULONG secretlen, ULONG flags )
+ {
+     struct algorithm *alg = algorithm;
++    UCHAR buffer[MAX_HASH_BLOCK_BITS / 8];
+     struct hash *hash;
++    int block_bytes;
+     NTSTATUS status;
++    int i;
+ 
+     TRACE( "%p, %p, %p, %u, %p, %u, %08x - stub\n", algorithm, handle, object, objectlen,
+            secret, secretlen, flags );
+@@ -806,17 +709,45 @@ NTSTATUS WINAPI BCryptCreateHash( BCRYPT_ALG_HANDLE algorithm, BCRYPT_HASH_HANDL
+     hash->alg_id    = alg->id;
+     hash->hmac      = alg->hmac;
+ 
+-    if (hash->hmac)
++    status = hash_init( &hash->inner, hash->alg_id );
++    if (status || !hash->hmac) goto end;
++    status = hash_init( &hash->outer, hash->alg_id );
++    if (status) goto end;
++
++    /* reduce key size if too big */
++    block_bytes = alg_block_bits[hash->alg_id] / 8;
++    if (secretlen > block_bytes)
+     {
+-        status = hmac_init( hash, secret, secretlen );
++        struct hash_impl temp;
++        status = hash_init( &temp, hash->alg_id );
++        if (status) goto end;
++        status = hash_update( &temp, hash->alg_id, secret, secretlen );
++        if (status) goto end;
++        memset( buffer, 0, block_bytes );
++        status = hash_finish( &temp, hash->alg_id, buffer, alg_props[hash->alg_id].hash_length );
++        if (status) goto end;
+     }
+     else
+     {
+-        status = hash_init( hash );
++        memset( buffer, 0, block_bytes );
++        memcpy( buffer, secret, secretlen );
+     }
+ 
++    /* initialize outer hash */
++    for (i = 0; i < block_bytes; i++)
++        buffer[i] ^= 0x5c;
++    status = hash_update( &hash->outer, hash->alg_id, buffer, block_bytes );
++    if (status) goto end;
++
++    /* initialize inner hash */
++    for (i = 0; i < block_bytes; i++)
++        buffer[i] ^= (0x5c ^ 0x36);
++    status = hash_update( &hash->inner, hash->alg_id, buffer, block_bytes );
++
++end:
+     if (status != STATUS_SUCCESS)
+     {
++        /* FIXME: call hash_finish to release resources */
+         HeapFree( GetProcessHeap(), 0, hash );
+         return status;
+     }
+@@ -845,33 +776,33 @@ NTSTATUS WINAPI BCryptHashData( BCRYPT_HASH_HANDLE handle, UCHAR *input, ULONG s
+     if (!hash || hash->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
+     if (!input) return STATUS_SUCCESS;
+ 
+-    if (hash->hmac)
+-    {
+-        return hmac_update( hash, input, size );
+-    }
+-    else
+-    {
+-        return hash_update( hash, input, size );
+-    }
++    return hash_update( &hash->inner, hash->alg_id, input, size );
+ }
+ 
+ NTSTATUS WINAPI BCryptFinishHash( BCRYPT_HASH_HANDLE handle, UCHAR *output, ULONG size, ULONG flags )
+ {
++    UCHAR buffer[MAX_HASH_OUTPUT_BYTES];
+     struct hash *hash = handle;
++    NTSTATUS status;
++    int hash_size;
+ 
+     TRACE( "%p, %p, %u, %08x\n", handle, output, size, flags );
+ 
+     if (!hash || hash->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
+     if (!output) return STATUS_INVALID_PARAMETER;
+ 
+-    if (hash->hmac)
+-    {
+-        return hmac_finish( hash, output, size );
+-    }
+-    else
+-    {
+-        return hash_finish( hash, output, size );
+-    }
++    if (!hash->hmac)
++        return hash_finish( &hash->inner, hash->alg_id, output, size );
++
++    hash_size = alg_props[hash->alg_id].hash_length;
++
++    status = hash_finish( &hash->inner, hash->alg_id, buffer, hash_size);
++    if (status) return status;
++
++    status = hash_update( &hash->outer, hash->alg_id, buffer, hash_size);
++    if (status) return status;
++
++    return hash_finish( &hash->outer, hash->alg_id, output, size);
+ }
+ 
+ NTSTATUS WINAPI BCryptHash( BCRYPT_ALG_HANDLE algorithm, UCHAR *secret, ULONG secretlen,
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0004-bcrypt-Use-hash-fallback-implementation-as-default-a.patch

@@ -0,0 +1,216 @@
+From ae04ece5f64a29a67e187d5aa32c6b8d3e399d61 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Tue, 20 Dec 2016 02:39:26 +0100
+Subject: bcrypt: Use hash fallback implementation as default and remove gnutls
+ / commoncrypto hash implemetation.
+
+---
+ dlls/bcrypt/bcrypt_main.c | 171 ----------------------------------------------
+ 1 file changed, 171 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index 9441cf0..3e2b22d 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -59,9 +59,6 @@ MAKE_FUNCPTR(gnutls_global_deinit);
+ MAKE_FUNCPTR(gnutls_global_init);
+ MAKE_FUNCPTR(gnutls_global_set_log_function);
+ MAKE_FUNCPTR(gnutls_global_set_log_level);
+-MAKE_FUNCPTR(gnutls_hash);
+-MAKE_FUNCPTR(gnutls_hash_deinit);
+-MAKE_FUNCPTR(gnutls_hash_init);
+ MAKE_FUNCPTR(gnutls_perror);
+ #undef MAKE_FUNCPTR
+ 
+@@ -95,9 +92,6 @@ static BOOL gnutls_initialize(void)
+     LOAD_FUNCPTR(gnutls_global_init)
+     LOAD_FUNCPTR(gnutls_global_set_log_function)
+     LOAD_FUNCPTR(gnutls_global_set_log_level)
+-    LOAD_FUNCPTR(gnutls_hash);
+-    LOAD_FUNCPTR(gnutls_hash_deinit);
+-    LOAD_FUNCPTR(gnutls_hash_init);
+     LOAD_FUNCPTR(gnutls_perror)
+ #undef LOAD_FUNCPTR
+ 
+@@ -299,170 +293,6 @@ NTSTATUS WINAPI BCryptGetFipsAlgorithmMode(BOOLEAN *enabled)
+     return STATUS_SUCCESS;
+ }
+ 
+-#ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H
+-struct hash_impl
+-{
+-    union
+-    {
+-        CC_MD5_CTX    md5_ctx;
+-        CC_SHA1_CTX   sha1_ctx;
+-        CC_SHA256_CTX sha256_ctx;
+-        CC_SHA512_CTX sha512_ctx;
+-    } u;
+-};
+-
+-static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
+-{
+-    switch (alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        CC_MD5_Init( &hash->u.md5_ctx );
+-        break;
+-
+-    case ALG_ID_SHA1:
+-        CC_SHA1_Init( &hash->u.sha1_ctx );
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        CC_SHA256_Init( &hash->u.sha256_ctx );
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        CC_SHA384_Init( &hash->u.sha512_ctx );
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        CC_SHA512_Init( &hash->u.sha512_ctx );
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", alg_id );
+-        return STATUS_NOT_IMPLEMENTED;
+-    }
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
+-                             UCHAR *input, ULONG size )
+-{
+-    switch (alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        CC_MD5_Update( &hash->u.md5_ctx, input, size );
+-        break;
+-
+-    case ALG_ID_SHA1:
+-        CC_SHA1_Update( &hash->u.sha1_ctx, input, size );
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        CC_SHA256_Update( &hash->u.sha256_ctx, input, size );
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        CC_SHA384_Update( &hash->u.sha512_ctx, input, size );
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        CC_SHA512_Update( &hash->u.sha512_ctx, input, size );
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", alg_id );
+-        return STATUS_NOT_IMPLEMENTED;
+-    }
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
+-                             UCHAR *output, ULONG size )
+-{
+-    switch (alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        CC_MD5_Final( output, &hash->u.md5_ctx );
+-        break;
+-
+-    case ALG_ID_SHA1:
+-        CC_SHA1_Final( output, &hash->u.sha1_ctx );
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        CC_SHA256_Final( output, &hash->u.sha256_ctx );
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        CC_SHA384_Final( output, &hash->u.sha512_ctx );
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        CC_SHA512_Final( output, &hash->u.sha512_ctx );
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", alg_id );
+-        break;
+-    }
+-    return STATUS_SUCCESS;
+-}
+-
+-#elif defined(HAVE_GNUTLS_HASH)
+-struct hash_impl
+-{
+-    gnutls_hash_hd_t hash_handle;
+-};
+-
+-static NTSTATUS hash_init( struct hash_impl *hash, enum alg_id alg_id )
+-{
+-    gnutls_digest_algorithm_t alg;
+-
+-    if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
+-
+-    switch (alg_id)
+-    {
+-    case ALG_ID_MD5:
+-        alg = GNUTLS_DIG_MD5;
+-        break;
+-    case ALG_ID_SHA1:
+-        alg = GNUTLS_DIG_SHA1;
+-        break;
+-
+-    case ALG_ID_SHA256:
+-        alg = GNUTLS_DIG_SHA256;
+-        break;
+-
+-    case ALG_ID_SHA384:
+-        alg = GNUTLS_DIG_SHA384;
+-        break;
+-
+-    case ALG_ID_SHA512:
+-        alg = GNUTLS_DIG_SHA512;
+-        break;
+-
+-    default:
+-        ERR( "unhandled id %u\n", alg_id );
+-        return STATUS_NOT_IMPLEMENTED;
+-    }
+-
+-    if (pgnutls_hash_init( &hash->hash_handle, alg )) return STATUS_INTERNAL_ERROR;
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_update( struct hash_impl *hash, enum alg_id alg_id,
+-                             UCHAR *input, ULONG size )
+-{
+-    if (pgnutls_hash( hash->hash_handle, input, size )) return STATUS_INTERNAL_ERROR;
+-    return STATUS_SUCCESS;
+-}
+-
+-static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
+-                             UCHAR *output, ULONG size )
+-{
+-    pgnutls_hash_deinit( hash->hash_handle, output );
+-    return STATUS_SUCCESS;
+-}
+-
+-#else
+ struct hash_impl
+ {
+     union
+@@ -572,7 +402,6 @@ static NTSTATUS hash_finish( struct hash_impl *hash, enum alg_id alg_id,
+ 
+     return STATUS_SUCCESS;
+ }
+-#endif
+ 
+ struct hash
+ {
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0005-bcrypt-Implement-BCryptDuplicateHash.patch

@@ -0,0 +1,56 @@
+From 9331e2a78e8ec0ba29ed1041a9f851ffd39cc249 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Tue, 20 Dec 2016 03:59:19 +0100
+Subject: bcrypt: Implement BCryptDuplicateHash.
+
+FIXME: Should we check for NULL pointers?
+---
+ dlls/bcrypt/bcrypt.spec   |  2 +-
+ dlls/bcrypt/bcrypt_main.c | 18 ++++++++++++++++++
+ 2 files changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec
+index 962953e..9ecd21d 100644
+--- a/dlls/bcrypt/bcrypt.spec
++++ b/dlls/bcrypt/bcrypt.spec
+@@ -11,7 +11,7 @@
+ @ stdcall BCryptDestroyHash(ptr)
+ @ stdcall BCryptDestroyKey(ptr)
+ @ stub BCryptDestroySecret
+-@ stub BCryptDuplicateHash
++@ stdcall BCryptDuplicateHash(ptr ptr ptr long long)
+ @ stub BCryptDuplicateKey
+ @ stdcall BCryptEncrypt(ptr ptr long ptr ptr long ptr long ptr long)
+ @ stdcall BCryptEnumAlgorithms(long ptr ptr long)
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index 3e2b22d..944a9ea 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -672,6 +672,24 @@ end:
+     return STATUS_SUCCESS;
+ }
+ 
++NTSTATUS WINAPI BCryptDuplicateHash( BCRYPT_HASH_HANDLE handle, BCRYPT_HASH_HANDLE *handle_copy,
++                                     UCHAR *object, ULONG object_count, ULONG flags )
++{
++    struct hash *hash_orig = handle;
++    struct hash *hash_copy;
++
++    TRACE( "%p, %p, %p, %u, %u\n", handle, handle_copy, object, object_count, flags );
++
++    if (!hash_orig || hash_orig->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
++    if (!(hash_copy = HeapAlloc( GetProcessHeap(), 0, sizeof(*hash_copy) )))
++        return STATUS_NO_MEMORY;
++
++    memcpy( hash_copy, hash_orig, sizeof(*hash_orig) );
++
++    *handle_copy = hash_copy;
++    return STATUS_SUCCESS;
++}
++
+ NTSTATUS WINAPI BCryptDestroyHash( BCRYPT_HASH_HANDLE handle )
+ {
+     struct hash *hash = handle;
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0006-bcrypt-Fix-handling-of-padding-when-input-size-equal.patch

@@ -0,0 +1,111 @@
+From 026aff5aa7c66fdc8e8c724dc73217585e8edf91 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Wed, 21 Dec 2016 04:09:03 +0100
+Subject: bcrypt: Fix handling of padding when input size equals block size for
+ AES.
+
+---
+ dlls/bcrypt/bcrypt_main.c  | 14 ++++++++------
+ dlls/bcrypt/tests/bcrypt.c | 33 ++++++++++++++++++++++++++++++++-
+ 2 files changed, 40 insertions(+), 7 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index 944a9ea..f53ea1c 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -997,11 +997,12 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+     if ((status = key_set_params( key, iv, iv_len ))) return status;
+ 
+     *ret_len = input_len;
+-    if (input_len & (key->block_size - 1))
+-    {
+-        if (!(flags & BCRYPT_BLOCK_PADDING)) return STATUS_INVALID_BUFFER_SIZE;
+-        *ret_len = (input_len + key->block_size - 1) & ~(key->block_size - 1);
+-    }
++
++    if (flags & BCRYPT_BLOCK_PADDING)
++        *ret_len = (input_len + key->block_size) & ~(key->block_size - 1);
++    else if (input_len & (key->block_size - 1))
++        return STATUS_INVALID_BUFFER_SIZE;
++
+     if (!output) return STATUS_SUCCESS;
+     if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
+ 
+@@ -1014,7 +1015,8 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+         src += key->block_size;
+         dst += key->block_size;
+     }
+-    if (bytes_left)
++
++    if (flags & BCRYPT_BLOCK_PADDING)
+     {
+         if (!(buf = HeapAlloc( GetProcessHeap(), 0, key->block_size ))) return STATUS_NO_MEMORY;
+         memcpy( buf, src, bytes_left );
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index 2668153..64a4625 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -918,14 +918,21 @@ static void test_BCryptEncrypt(void)
+         {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
+     static UCHAR data[] =
+         {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10};
++    static UCHAR data2[] =
++        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
++         0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10};
+     static UCHAR expected[] =
+         {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79};
+     static UCHAR expected2[] =
+         {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
+          0x28,0x73,0x3d,0xef,0x84,0x8f,0xb0,0xa6,0x5d,0x1a,0x51,0xb7,0xec,0x8f,0xea,0xe9};
++    static UCHAR expected3[] =
++        {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
++         0xb1,0xa2,0x92,0x73,0xbe,0x2c,0x42,0x07,0xa5,0xac,0xe3,0x93,0x39,0x8c,0xb6,0xfb,
++         0x87,0x5d,0xea,0xa3,0x7e,0x0f,0xde,0xfa,0xd9,0xec,0x6c,0x4e,0x3c,0x76,0x86,0xe4};
+     BCRYPT_ALG_HANDLE aes;
+     BCRYPT_KEY_HANDLE key;
+-    UCHAR *buf, ciphertext[32], ivbuf[16];
++    UCHAR *buf, ciphertext[48], ivbuf[16];
+     ULONG size, len, i;
+     NTSTATUS ret;
+ 
+@@ -982,6 +989,23 @@ static void test_BCryptEncrypt(void)
+     for (i = 0; i < 32; i++)
+         ok(ciphertext[i] == expected2[i], "%u: %02x != %02x\n", i, ciphertext[i], expected2[i]);
+ 
++    /* input size is a multiple of block size, block padding set */
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    ret = pBCryptEncrypt(key, data2, 32, NULL, ivbuf, 16, NULL, 0, &size, BCRYPT_BLOCK_PADDING);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    ok(size == 48, "got %u\n", size);
++
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(ciphertext, 0, sizeof(ciphertext));
++    ret = pBCryptEncrypt(key, data2, 32, NULL, ivbuf, 16, ciphertext, 48, &size, BCRYPT_BLOCK_PADDING);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    ok(size == 48, "got %u\n", size);
++    ok(!memcmp(ciphertext, expected3, sizeof(expected3)), "wrong data\n");
++    for (i = 0; i < 48; i++)
++        ok(ciphertext[i] == expected3[i], "%u: %02x != %02x\n", i, ciphertext[i], expected3[i]);
++
+     /* output size too small */
+     size = 0;
+     memcpy(ivbuf, iv, sizeof(iv));
+@@ -990,6 +1014,13 @@ static void test_BCryptEncrypt(void)
+     ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
+     ok(size == 32, "got %u\n", size);
+ 
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(ciphertext, 0, sizeof(ciphertext));
++    ret = pBCryptEncrypt(key, data2, 32, NULL, ivbuf, 16, ciphertext, 32, &size, BCRYPT_BLOCK_PADDING);
++    ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
++    ok(size == 48, "got %u\n", size);
++
+     ret = pBCryptDestroyKey(key);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+     HeapFree(GetProcessHeap(), 0, buf);
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0007-bcrypt-Properly-handle-padding-in-AES-decryption.patch

@@ -0,0 +1,165 @@
+From 6a57c0b62866b751a5140d35ae7b131bd895745f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Wed, 21 Dec 2016 05:12:06 +0100
+Subject: bcrypt: Properly handle padding in AES decryption.
+
+---
+ dlls/bcrypt/bcrypt_main.c  | 39 +++++++++++++++++++++++++++--
+ dlls/bcrypt/tests/bcrypt.c | 62 +++++++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 98 insertions(+), 3 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index f97638f..653301b 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -1032,6 +1032,8 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+                                ULONG output_len, ULONG *ret_len, ULONG flags )
+ {
+     struct key *key = handle;
++    ULONG bytes_left = input_len;
++    UCHAR *buf, *src, *dst;
+     NTSTATUS status;
+ 
+     TRACE( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len,
+@@ -1052,11 +1054,44 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+     if ((status = key_set_params( key, iv, iv_len ))) return status;
+ 
+     *ret_len = input_len;
++
+     if (input_len & (key->block_size - 1)) return STATUS_INVALID_BUFFER_SIZE;
+     if (!output) return STATUS_SUCCESS;
+-    if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
++    if (flags & BCRYPT_BLOCK_PADDING)
++    {
++        if (output_len + key->block_size < *ret_len) return STATUS_BUFFER_TOO_SMALL;
++        if (input_len < key->block_size) return STATUS_BUFFER_TOO_SMALL;
++        bytes_left -= key->block_size;
++    }
++    else if (output_len < *ret_len)
++        return STATUS_BUFFER_TOO_SMALL;
+ 
+-    return key_decrypt( key, input, input_len, output, output_len );
++    src = input;
++    dst = output;
++    while (bytes_left >= key->block_size)
++    {
++        if ((status = key_decrypt( key, src, key->block_size, dst, key->block_size ))) return status;
++        bytes_left -= key->block_size;
++        src += key->block_size;
++        dst += key->block_size;
++    }
++
++    if (flags & BCRYPT_BLOCK_PADDING)
++    {
++        if (!(buf = HeapAlloc( GetProcessHeap(), 0, key->block_size ))) return STATUS_NO_MEMORY;
++        status = key_decrypt( key, src, key->block_size, buf, key->block_size );
++        if (!status && buf[ key->block_size - 1 ] <= key->block_size)
++        {
++            *ret_len -= buf[ key->block_size - 1 ];
++            if (output_len < *ret_len) status = STATUS_BUFFER_TOO_SMALL;
++            else memcpy( dst, buf, key->block_size - buf[ key->block_size - 1 ] );
++        }
++        else
++            status = STATUS_UNSUCCESSFUL; /* FIXME: invalid padding */
++        HeapFree( GetProcessHeap(), 0, buf );
++    }
++
++    return status;
+ }
+ 
+ BOOL WINAPI DllMain( HINSTANCE hinst, DWORD reason, LPVOID reserved )
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index 64a4625..997b298 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -1037,12 +1037,24 @@ static void test_BCryptDecrypt(void)
+         {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
+     static UCHAR expected[] =
+         {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
++    static UCHAR expected2[] =
++        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10};
++    static UCHAR expected3[] =
++        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
++         0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10,0x10};
+     static UCHAR ciphertext[32] =
+         {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
+          0x28,0x73,0x3d,0xef,0x84,0x8f,0xb0,0xa6,0x5d,0x1a,0x51,0xb7,0xec,0x8f,0xea,0xe9};
++    static UCHAR ciphertext2[] =
++        {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
++         0x28,0x73,0x3d,0xef,0x84,0x8f,0xb0,0xa6,0x5d,0x1a,0x51,0xb7,0xec,0x8f,0xea,0xe9};
++    static UCHAR ciphertext3[] =
++        {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
++         0xb1,0xa2,0x92,0x73,0xbe,0x2c,0x42,0x07,0xa5,0xac,0xe3,0x93,0x39,0x8c,0xb6,0xfb,
++         0x87,0x5d,0xea,0xa3,0x7e,0x0f,0xde,0xfa,0xd9,0xec,0x6c,0x4e,0x3c,0x76,0x86,0xe4};
+     BCRYPT_ALG_HANDLE aes;
+     BCRYPT_KEY_HANDLE key;
+-    UCHAR *buf, plaintext[32], ivbuf[16];
++    UCHAR *buf, plaintext[48], ivbuf[16];
+     ULONG size, len;
+     NTSTATUS ret;
+ 
+@@ -1073,6 +1085,36 @@ static void test_BCryptDecrypt(void)
+     ok(size == 32, "got %u\n", size);
+     ok(!memcmp(plaintext, expected, sizeof(expected)), "wrong data\n");
+ 
++    /* test with padding smaller than block size */
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    ret = pBCryptDecrypt(key, ciphertext2, 32, NULL, ivbuf, 16, NULL, 0, &size, 0);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    ok(size == 32, "got %u\n", size);
++
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(plaintext, 0, sizeof(plaintext));
++    ret = pBCryptDecrypt(key, ciphertext2, 32, NULL, ivbuf, 16, plaintext, 17, &size, BCRYPT_BLOCK_PADDING);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    ok(size == 17, "got %u\n", size);
++    ok(!memcmp(plaintext, expected2, sizeof(expected2)), "wrong data\n");
++
++    /* test with padding of block size */
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    ret = pBCryptDecrypt(key, ciphertext3, 48, NULL, ivbuf, 16, NULL, 0, &size, 0);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    ok(size == 48, "got %u\n", size);
++
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(plaintext, 0, sizeof(plaintext));
++    ret = pBCryptDecrypt(key, ciphertext3, 48, NULL, ivbuf, 16, plaintext, 32, &size, BCRYPT_BLOCK_PADDING);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    ok(size == 32, "got %u\n", size);
++    ok(!memcmp(plaintext, expected3, sizeof(expected3)), "wrong data\n");
++
+     /* output size too small */
+     size = 0;
+     memcpy(ivbuf, iv, sizeof(iv));
+@@ -1080,6 +1122,24 @@ static void test_BCryptDecrypt(void)
+     ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
+     ok(size == 32, "got %u\n", size);
+ 
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    ret = pBCryptDecrypt(key, ciphertext2, 32, NULL, ivbuf, 16, plaintext, 15, &size, BCRYPT_BLOCK_PADDING);
++    ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
++    ok(size == 32, "got %u\n", size);
++
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    ret = pBCryptDecrypt(key, ciphertext2, 32, NULL, ivbuf, 16, plaintext, 16, &size, BCRYPT_BLOCK_PADDING);
++    ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
++    ok(size == 17, "got %u\n", size);
++
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    ret = pBCryptDecrypt(key, ciphertext3, 48, NULL, ivbuf, 16, plaintext, 31, &size, BCRYPT_BLOCK_PADDING);
++    ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
++    ok(size == 48, "got %u\n", size);
++
+     /* input size is not a multiple of block size */
+     size = 0;
+     memcpy(ivbuf, iv, sizeof(iv));
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0008-bcrypt-Fix-use-after-free-in-key_init.patch

@@ -0,0 +1,39 @@
+From f7dc69131cc016917b31c5deedf97da31b11c597 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 26 Dec 2016 02:43:39 +0100
+Subject: bcrypt: Fix use-after-free in key_init.
+
+---
+ dlls/bcrypt/bcrypt_main.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index 09bf6c30..a9006a4 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -791,6 +791,8 @@ static ULONG get_block_size( enum alg_id alg )
+ 
+ static NTSTATUS key_init( struct key *key, enum alg_id id, UCHAR *secret, ULONG secret_len )
+ {
++    UCHAR *buffer;
++
+     if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
+ 
+     switch (id)
+@@ -804,10 +806,12 @@ static NTSTATUS key_init( struct key *key, enum alg_id id, UCHAR *secret, ULONG
+     }
+ 
+     if (!(key->block_size = get_block_size( id ))) return STATUS_INVALID_PARAMETER;
++    if (!(buffer = HeapAlloc( GetProcessHeap(), 0, secret_len ))) return STATUS_NO_MEMORY;
++    memcpy( buffer, secret, secret_len );
+ 
+     key->alg_id     = id;
+     key->handle     = 0;        /* initialized on first use */
+-    key->secret     = secret;
++    key->secret     = buffer;
+     key->secret_len = secret_len;
+ 
+     return STATUS_SUCCESS;
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0009-bcrypt-Handle-NULL-pointers-in-BCryptDuplicateHash-a.patch

@@ -0,0 +1,83 @@
+From 873d431347aa25effc70e47566e562c122a5edc8 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Mon, 26 Dec 2016 04:23:31 +0100
+Subject: bcrypt: Handle NULL pointers in BCryptDuplicateHash and add tests.
+
+---
+ dlls/bcrypt/bcrypt_main.c  |  1 +
+ dlls/bcrypt/tests/bcrypt.c | 26 +++++++++++++++++++++++++-
+ 2 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index a9006a4..d1516cc 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -681,6 +681,7 @@ NTSTATUS WINAPI BCryptDuplicateHash( BCRYPT_HASH_HANDLE handle, BCRYPT_HASH_HAND
+     TRACE( "%p, %p, %p, %u, %u\n", handle, handle_copy, object, object_count, flags );
+ 
+     if (!hash_orig || hash_orig->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
++    if (!handle_copy) return STATUS_INVALID_PARAMETER;
+     if (!(hash_copy = HeapAlloc( GetProcessHeap(), 0, sizeof(*hash_copy) )))
+         return STATUS_NO_MEMORY;
+ 
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index 997b298..bfe3a7e 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -33,6 +33,7 @@ static NTSTATUS (WINAPI *pBCryptCreateHash)(BCRYPT_ALG_HANDLE, BCRYPT_HASH_HANDL
+                                             ULONG, ULONG);
+ static NTSTATUS (WINAPI *pBCryptHash)(BCRYPT_ALG_HANDLE, UCHAR *, ULONG, UCHAR *, ULONG, UCHAR *, ULONG);
+ static NTSTATUS (WINAPI *pBCryptHashData)(BCRYPT_HASH_HANDLE, PUCHAR, ULONG, ULONG);
++static NTSTATUS (WINAPI *pBCryptDuplicateHash)(BCRYPT_HASH_HANDLE, BCRYPT_HASH_HANDLE *, UCHAR *, ULONG, ULONG);
+ static NTSTATUS (WINAPI *pBCryptFinishHash)(BCRYPT_HASH_HANDLE, PUCHAR, ULONG, ULONG);
+ static NTSTATUS (WINAPI *pBCryptDestroyHash)(BCRYPT_HASH_HANDLE);
+ static NTSTATUS (WINAPI *pBCryptGenRandom)(BCRYPT_ALG_HANDLE, PUCHAR, ULONG, ULONG);
+@@ -173,7 +174,7 @@ static void test_sha1(void)
+     static const char expected[] = "961fa64958818f767707072755d7018dcd278e94";
+     static const char expected_hmac[] = "2472cf65d0e090618d769d3e46f0d9446cf212da";
+     BCRYPT_ALG_HANDLE alg;
+-    BCRYPT_HASH_HANDLE hash;
++    BCRYPT_HASH_HANDLE hash, hash2;
+     UCHAR buf[512], buf_hmac[1024], sha1[20], sha1_hmac[20];
+     ULONG size, len;
+     char str[41];
+@@ -260,6 +261,28 @@ static void test_sha1(void)
+     test_hash_length(hash, 20);
+     test_alg_name(hash, "SHA1");
+ 
++    ret = pBCryptDuplicateHash(NULL, &hash2, NULL, 0, 0);
++    ok(ret == STATUS_INVALID_HANDLE, "got %08x\n", ret);
++
++    ret = pBCryptDuplicateHash(hash, NULL, NULL, 0, 0);
++    ok(ret == STATUS_INVALID_PARAMETER, "got %08x\n", ret);
++
++    hash2 = (void *)0xdeadbeef;
++    ret = pBCryptDuplicateHash(hash, &hash2, NULL, 0, 0);
++    ok(ret == STATUS_SUCCESS || broken(ret == STATUS_INVALID_PARAMETER) /* < Win 7 */, "got %08x\n", ret);
++
++    if (ret == STATUS_SUCCESS)
++    {
++        memset(sha1_hmac, 0, sizeof(sha1_hmac));
++        ret = pBCryptFinishHash(hash2, sha1_hmac, sizeof(sha1_hmac), 0);
++        ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++        format_hash( sha1_hmac, sizeof(sha1_hmac), str );
++        ok(!strcmp(str, expected_hmac), "got %s\n", str);
++
++        ret = pBCryptDestroyHash(hash2);
++        ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    }
++
+     memset(sha1_hmac, 0, sizeof(sha1_hmac));
+     ret = pBCryptFinishHash(hash, sha1_hmac, sizeof(sha1_hmac), 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+@@ -1179,6 +1202,7 @@ START_TEST(bcrypt)
+     pBCryptCreateHash = (void *)GetProcAddress(module, "BCryptCreateHash");
+     pBCryptHash = (void *)GetProcAddress(module, "BCryptHash");
+     pBCryptHashData = (void *)GetProcAddress(module, "BCryptHashData");
++    pBCryptDuplicateHash = (void *)GetProcAddress(module, "BCryptDuplicateHash");
+     pBCryptFinishHash = (void *)GetProcAddress(module, "BCryptFinishHash");
+     pBCryptDestroyHash = (void *)GetProcAddress(module, "BCryptDestroyHash");
+     pBCryptGenRandom = (void *)GetProcAddress(module, "BCryptGenRandom");
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0010-bcrypt-tests-Add-test-for-bugs-in-BCryptGetProperty.patch

@@ -0,0 +1,29 @@
+From 83b15bed14a0999bacd2a5959297bff842a125e0 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Mon, 26 Dec 2016 04:38:15 +0100
+Subject: bcrypt/tests: Add test for bugs in BCryptGetProperty.
+
+---
+ dlls/bcrypt/tests/bcrypt.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index bfe3a7e..23e150e 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -841,6 +841,12 @@ static void test_aes(void)
+     ok(size == 64, "got %u\n", size);
+ 
+     size = 0;
++    ret = pBCryptGetProperty(alg, BCRYPT_CHAINING_MODE, mode, sizeof(mode) - 1, &size, 0);
++    todo_wine ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
++    ok(size == 64, "got %u\n", size);
++
++    size = 0;
++    memset(mode, 0, sizeof(mode));
+     ret = pBCryptGetProperty(alg, BCRYPT_CHAINING_MODE, mode, sizeof(mode), &size, 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+     ok(!lstrcmpW((const WCHAR *)mode, BCRYPT_CHAIN_MODE_CBC), "got %s\n", mode);
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0011-bcrypt-tests-Add-tests-for-AES-GCM-mode.patch

@@ -0,0 +1,282 @@
+From 9e70e218c8a5c497ece71e17034ccae2e0baa218 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 26 Dec 2016 05:37:02 +0100
+Subject: bcrypt/tests: Add tests for AES GCM mode.
+
+---
+ dlls/bcrypt/tests/bcrypt.c | 155 ++++++++++++++++++++++++++++++++++++++++++++-
+ include/bcrypt.h           |  29 +++++++++
+ include/ntstatus.h         |   2 +
+ 3 files changed, 185 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index 23e150e..699a995 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -941,6 +941,8 @@ static void test_BCryptGenerateSymmetricKey(void)
+ 
+ static void test_BCryptEncrypt(void)
+ {
++    static UCHAR nonce[] =
++        {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x10, 0x20, 0x30, 0x40, 0x50, 0x60};
+     static UCHAR secret[] =
+         {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
+     static UCHAR iv[] =
+@@ -959,15 +961,28 @@ static void test_BCryptEncrypt(void)
+         {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
+          0xb1,0xa2,0x92,0x73,0xbe,0x2c,0x42,0x07,0xa5,0xac,0xe3,0x93,0x39,0x8c,0xb6,0xfb,
+          0x87,0x5d,0xea,0xa3,0x7e,0x0f,0xde,0xfa,0xd9,0xec,0x6c,0x4e,0x3c,0x76,0x86,0xe4};
++    static UCHAR expected4[] =
++        {0xe1,0x82,0xc3,0xc0,0x24,0xfb,0x86,0x85,0xf3,0xf1,0x2b,0x7d,0x09,0xb4,0x73,0x67,
++         0x86,0x64,0xc3,0xfe,0xa3,0x07,0x61,0xf8,0x16,0xc9,0x78,0x7f,0xe7,0xb1,0xc4,0x94};
++    static UCHAR expected_tag[] =
++        {0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0};
++    static UCHAR expected_tag2[] =
++        {0x9a,0x92,0x32,0x2c,0x61,0x2a,0xae,0xef,0x66,0x2a,0xfb,0x55,0xe9,0x48,0xdf,0xbd};
++    BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO auth_info;
++    UCHAR *buf, ciphertext[48], ivbuf[16], tag[16];
++    BCRYPT_AUTH_TAG_LENGTHS_STRUCT tag_length;
+     BCRYPT_ALG_HANDLE aes;
+     BCRYPT_KEY_HANDLE key;
+-    UCHAR *buf, ciphertext[48], ivbuf[16];
+     ULONG size, len, i;
+     NTSTATUS ret;
+ 
+     ret = pBCryptOpenAlgorithmProvider(&aes, BCRYPT_AES_ALGORITHM, NULL, 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ 
++    /******************
++     * AES - CBC mode *
++     ******************/
++
+     len = 0xdeadbeef;
+     size = sizeof(len);
+     ret = pBCryptGetProperty(aes, BCRYPT_OBJECT_LENGTH, (UCHAR *)&len, sizeof(len), &size, 0);
+@@ -1054,12 +1069,101 @@ static void test_BCryptEncrypt(void)
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+     HeapFree(GetProcessHeap(), 0, buf);
+ 
++    /******************
++     * AES - GCM mode *
++     ******************/
++
++    size = 0;
++    ret = BCryptGetProperty(aes, BCRYPT_AUTH_TAG_LENGTH, NULL, 0, &size, 0);
++    todo_wine ok(ret == STATUS_NOT_SUPPORTED, "got %08x\n", ret);
++
++    ret = BCryptSetProperty(aes, BCRYPT_CHAINING_MODE, (UCHAR*)BCRYPT_CHAIN_MODE_GCM, sizeof(BCRYPT_CHAIN_MODE_GCM), 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++
++    size = 0;
++    ret = BCryptGetProperty(aes, BCRYPT_AUTH_TAG_LENGTH, NULL, 0, &size, 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    todo_wine ok(size == sizeof(tag_length), "got %u\n", size);
++
++    size = 0;
++    memset(&tag_length, 0, sizeof(tag_length));
++    ret = BCryptGetProperty(aes, BCRYPT_AUTH_TAG_LENGTH, (UCHAR*)&tag_length, sizeof(tag_length), &size, 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    todo_wine ok(size == sizeof(tag_length), "got %u\n", size);
++    todo_wine ok(tag_length.dwMinLength == 12, "Expected 12, got %d\n", tag_length.dwMinLength);
++    todo_wine ok(tag_length.dwMaxLength == 16, "Expected 16, got %d\n", tag_length.dwMaxLength);
++    todo_wine ok(tag_length.dwIncrement == 1, "Expected 1, got %d\n", tag_length.dwIncrement);
++
++    len = 0xdeadbeef;
++    size = sizeof(len);
++    ret = pBCryptGetProperty(aes, BCRYPT_OBJECT_LENGTH, (UCHAR *)&len, sizeof(len), &size, 0);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++
++    buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
++    ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret, sizeof(secret), 0);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++
++    memset(&auth_info, 0, sizeof(auth_info));
++    auth_info.cbSize = sizeof(auth_info);
++    auth_info.dwInfoVersion = 1;
++    auth_info.pbNonce = nonce;
++    auth_info.cbNonce = sizeof(nonce);
++    auth_info.pbTag = tag;
++    auth_info.cbTag = sizeof(tag);
++
++    /* input size is a multiple of block size */
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(ciphertext, 0xff, sizeof(ciphertext));
++    memset(tag, 0xff, sizeof(tag));
++    ret = pBCryptEncrypt(key, data2, 32, &auth_info, ivbuf, 16, ciphertext, 32, &size, 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    todo_wine ok(size == 32, "got %u\n", size);
++    todo_wine ok(!memcmp(ciphertext, expected4, sizeof(expected4)), "wrong data\n");
++    todo_wine ok(!memcmp(tag, expected_tag, sizeof(expected_tag)), "wrong tag\n");
++    for (i = 0; i < 32; i++)
++        todo_wine ok(ciphertext[i] == expected4[i], "%u: %02x != %02x\n", i, ciphertext[i], expected4[i]);
++    for (i = 0; i < 16; i++)
++        todo_wine ok(tag[i] == expected_tag[i], "%u: %02x != %02x\n", i, tag[i], expected_tag[i]);
++
++    /* input size is not multiple of block size */
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(ciphertext, 0xff, sizeof(ciphertext));
++    memset(tag, 0xff, sizeof(tag));
++    ret = pBCryptEncrypt(key, data2, 24, &auth_info, ivbuf, 16, ciphertext, 24, &size, 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    todo_wine ok(size == 24, "got %u\n", size);
++    todo_wine ok(!memcmp(ciphertext, expected4, 24), "wrong data\n");
++    todo_wine ok(!memcmp(tag, expected_tag2, sizeof(expected_tag2)), "wrong tag\n");
++    for (i = 0; i < 24; i++)
++        todo_wine ok(ciphertext[i] == expected4[i], "%u: %02x != %02x\n", i, ciphertext[i], expected4[i]);
++    for (i = 0; i < 16; i++)
++        todo_wine ok(tag[i] == expected_tag2[i], "%u: %02x != %02x\n", i, tag[i], expected_tag2[i]);
++
++    /* test with padding */
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(ciphertext, 0, sizeof(ciphertext));
++    ret = pBCryptEncrypt(key, data2, 32, &auth_info, ivbuf, 16, ciphertext, 32, &size, BCRYPT_BLOCK_PADDING);
++    todo_wine ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
++
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(ciphertext, 0, sizeof(ciphertext));
++    ret = pBCryptEncrypt(key, data2, 32, &auth_info, ivbuf, 16, ciphertext, 48, &size, BCRYPT_BLOCK_PADDING);
++    todo_wine ok(ret == STATUS_INVALID_PARAMETER, "got %08x\n", ret);
++
++    ret = pBCryptDestroyKey(key);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    HeapFree(GetProcessHeap(), 0, buf);
++
+     ret = pBCryptCloseAlgorithmProvider(aes, 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ }
+ 
+ static void test_BCryptDecrypt(void)
+ {
++    static UCHAR nonce[] =
++        {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x10, 0x20, 0x30, 0x40, 0x50, 0x60};
+     static UCHAR secret[] =
+         {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
+     static UCHAR iv[] =
+@@ -1081,6 +1185,12 @@ static void test_BCryptDecrypt(void)
+         {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
+          0xb1,0xa2,0x92,0x73,0xbe,0x2c,0x42,0x07,0xa5,0xac,0xe3,0x93,0x39,0x8c,0xb6,0xfb,
+          0x87,0x5d,0xea,0xa3,0x7e,0x0f,0xde,0xfa,0xd9,0xec,0x6c,0x4e,0x3c,0x76,0x86,0xe4};
++    static UCHAR ciphertext4[] =
++        {0xe1,0x82,0xc3,0xc0,0x24,0xfb,0x86,0x85,0xf3,0xf1,0x2b,0x7d,0x09,0xb4,0x73,0x67,
++         0x86,0x64,0xc3,0xfe,0xa3,0x07,0x61,0xf8,0x16,0xc9,0x78,0x7f,0xe7,0xb1,0xc4,0x94};
++    static UCHAR tag[] =
++        {0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0};
++    BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO auth_info;
+     BCRYPT_ALG_HANDLE aes;
+     BCRYPT_KEY_HANDLE key;
+     UCHAR *buf, plaintext[48], ivbuf[16];
+@@ -1090,6 +1200,10 @@ static void test_BCryptDecrypt(void)
+     ret = pBCryptOpenAlgorithmProvider(&aes, BCRYPT_AES_ALGORITHM, NULL, 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ 
++    /******************
++     * AES - CBC mode *
++     ******************/
++
+     len = 0xdeadbeef;
+     size = sizeof(len);
+     ret = pBCryptGetProperty(aes, BCRYPT_OBJECT_LENGTH, (UCHAR *)&len, sizeof(len), &size, 0);
+@@ -1187,6 +1301,45 @@ static void test_BCryptDecrypt(void)
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+     HeapFree(GetProcessHeap(), 0, buf);
+ 
++    /******************
++     * AES - GCM mode *
++     ******************/
++
++    ret = BCryptSetProperty(aes, BCRYPT_CHAINING_MODE, (UCHAR*)BCRYPT_CHAIN_MODE_GCM, sizeof(BCRYPT_CHAIN_MODE_GCM), 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++
++    buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
++    ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret, sizeof(secret), 0);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++
++    memset(&auth_info, 0, sizeof(auth_info));
++    auth_info.cbSize = sizeof(auth_info);
++    auth_info.dwInfoVersion = 1;
++    auth_info.pbNonce = nonce;
++    auth_info.cbNonce = sizeof(nonce);
++    auth_info.pbTag = tag;
++    auth_info.cbTag = sizeof(tag);
++
++    /* input size is a multiple of block size */
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(plaintext, 0, sizeof(plaintext));
++    ret = pBCryptDecrypt(key, ciphertext4, 32, &auth_info, ivbuf, 16, plaintext, 32, &size, 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    todo_wine ok(size == 32, "got %u\n", size);
++    todo_wine ok(!memcmp(plaintext, expected3, sizeof(expected3)), "wrong data\n");
++
++    /* test with wrong tag */
++    memcpy(ivbuf, iv, sizeof(iv));
++    auth_info.pbTag = iv; /* wrong tag */
++    ret = pBCryptDecrypt(key, ciphertext4, 32, &auth_info, ivbuf, 16, plaintext, 32, &size, 0);
++    todo_wine ok(ret == STATUS_AUTH_TAG_MISMATCH, "got %08x\n", ret);
++    todo_wine ok(size == 32, "got %u\n", size);
++
++    ret = pBCryptDestroyKey(key);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    HeapFree(GetProcessHeap(), 0, buf);
++
+     ret = pBCryptCloseAlgorithmProvider(aes, 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ }
+diff --git a/include/bcrypt.h b/include/bcrypt.h
+index 6af85e3..b8ff624 100644
+--- a/include/bcrypt.h
++++ b/include/bcrypt.h
+@@ -85,6 +85,35 @@ typedef struct _BCRYPT_ALGORITHM_IDENTIFIER
+     ULONG  dwFlags;
+ } BCRYPT_ALGORITHM_IDENTIFIER;
+ 
++typedef struct __BCRYPT_KEY_LENGTHS_STRUCT
++{
++    ULONG dwMinLength;
++    ULONG dwMaxLength;
++    ULONG dwIncrement;
++} BCRYPT_KEY_LENGTHS_STRUCT, BCRYPT_AUTH_TAG_LENGTHS_STRUCT;
++
++typedef struct _BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
++{
++    ULONG cbSize;
++    ULONG dwInfoVersion;
++    UCHAR *pbNonce;
++    ULONG cbNonce;
++    UCHAR *pbAuthData;
++    ULONG cbAuthData;
++    UCHAR *pbTag;
++    ULONG cbTag;
++    UCHAR *pbMacContext;
++    ULONG cbMacContext;
++    ULONG cbAAD;
++    ULONGLONG cbData;
++    ULONG dwFlags;
++} BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO, *PBCRYPT_AUTHENTICATED_CIPHER_MODE_INFO;
++
++#define BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO_VERSION 1
++
++#define BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG 0x00000001
++#define BCRYPT_AUTH_MODE_IN_PROGRESS_FLAG 0x00000002
++
+ typedef PVOID BCRYPT_ALG_HANDLE;
+ typedef PVOID BCRYPT_KEY_HANDLE;
+ typedef PVOID BCRYPT_HANDLE;
+diff --git a/include/ntstatus.h b/include/ntstatus.h
+index 86dad85..7026de7 100644
+--- a/include/ntstatus.h
++++ b/include/ntstatus.h
+@@ -990,6 +990,8 @@
+ 
+ #define STATUS_WOW_ASSERTION             ((NTSTATUS) 0xC0009898)
+ 
++#define STATUS_AUTH_TAG_MISMATCH         ((NTSTATUS) 0xC000A002)
++
+ #define RPC_NT_INVALID_STRING_BINDING    ((NTSTATUS) 0xC0020001)
+ #define RPC_NT_WRONG_KIND_OF_BINDING     ((NTSTATUS) 0xC0020002)
+ #define RPC_NT_INVALID_BINDING           ((NTSTATUS) 0xC0020003)
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0012-bcrypt-Pass-object-to-get_-alg-hash-_property-instea.patch

@@ -0,0 +1,133 @@
+From 9f68ea60cf840c9366aefe1ab486e9d1ee192843 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Mon, 26 Dec 2016 06:18:01 +0100
+Subject: bcrypt: Pass object to get_{alg,hash}_property instead of alg_id.
+
+---
+ dlls/bcrypt/bcrypt_main.c | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index d1516cc..8a5161b 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -450,16 +450,16 @@ static NTSTATUS generic_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *
+     return STATUS_NOT_IMPLEMENTED;
+ }
+ 
+-static NTSTATUS get_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
++static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
+ {
+     NTSTATUS status;
+     ULONG value;
+ 
+-    status = generic_alg_property( id, prop, buf, size, ret_size );
++    status = generic_alg_property( alg->id, prop, buf, size, ret_size );
+     if (status != STATUS_NOT_IMPLEMENTED)
+         return status;
+ 
+-    switch (id)
++    switch (alg->id)
+     {
+     case ALG_ID_AES:
+         if (!strcmpW( prop, BCRYPT_BLOCK_LENGTH ))
+@@ -540,7 +540,7 @@ static NTSTATUS get_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *buf,
+         return STATUS_NOT_IMPLEMENTED;
+ 
+     default:
+-        FIXME( "unsupported algorithm %u\n", id );
++        FIXME( "unsupported algorithm %u\n", alg->id );
+         return STATUS_NOT_IMPLEMENTED;
+     }
+ 
+@@ -555,11 +555,11 @@ static NTSTATUS get_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *buf,
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS get_hash_property( enum alg_id id, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
++static NTSTATUS get_hash_property( const struct hash *hash, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
+ {
+     NTSTATUS status;
+ 
+-    status = generic_alg_property( id, prop, buf, size, ret_size );
++    status = generic_alg_property( hash->alg_id, prop, buf, size, ret_size );
+     if (status == STATUS_NOT_IMPLEMENTED)
+         FIXME( "unsupported property %s\n", debugstr_w(prop) );
+     return status;
+@@ -579,12 +579,12 @@ NTSTATUS WINAPI BCryptGetProperty( BCRYPT_HANDLE handle, LPCWSTR prop, UCHAR *bu
+     case MAGIC_ALG:
+     {
+         const struct algorithm *alg = (const struct algorithm *)object;
+-        return get_alg_property( alg->id, prop, buffer, count, res );
++        return get_alg_property( alg, prop, buffer, count, res );
+     }
+     case MAGIC_HASH:
+     {
+         const struct hash *hash = (const struct hash *)object;
+-        return get_hash_property( hash->alg_id, prop, buffer, count, res );
++        return get_hash_property( hash, prop, buffer, count, res );
+     }
+     default:
+         WARN( "unknown magic %08x\n", object->magic );
+@@ -783,34 +783,34 @@ struct key
+     ULONG              secret_len;
+ };
+ 
+-static ULONG get_block_size( enum alg_id alg )
++static ULONG get_block_size( struct algorithm *alg )
+ {
+     ULONG ret = 0, size = sizeof(ret);
+     get_alg_property( alg, BCRYPT_BLOCK_LENGTH, (UCHAR *)&ret, sizeof(ret), &size );
+     return ret;
+ }
+ 
+-static NTSTATUS key_init( struct key *key, enum alg_id id, UCHAR *secret, ULONG secret_len )
++static NTSTATUS key_init( struct key *key, struct algorithm *alg, UCHAR *secret, ULONG secret_len )
+ {
+     UCHAR *buffer;
+ 
+     if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
+ 
+-    switch (id)
++    switch (alg->id)
+     {
+     case ALG_ID_AES:
+         break;
+ 
+     default:
+-        FIXME( "algorithm %u not supported\n", id );
++        FIXME( "algorithm %u not supported\n", alg->id );
+         return STATUS_NOT_SUPPORTED;
+     }
+ 
+-    if (!(key->block_size = get_block_size( id ))) return STATUS_INVALID_PARAMETER;
++    if (!(key->block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER;
+     if (!(buffer = HeapAlloc( GetProcessHeap(), 0, secret_len ))) return STATUS_NO_MEMORY;
+     memcpy( buffer, secret, secret_len );
+ 
+-    key->alg_id     = id;
++    key->alg_id     = alg->id;
+     key->handle     = 0;        /* initialized on first use */
+     key->secret     = buffer;
+     key->secret_len = secret_len;
+@@ -906,7 +906,7 @@ struct key
+     ULONG         block_size;
+ };
+ 
+-static NTSTATUS key_init( struct key *key, enum alg_id id, const UCHAR *secret, ULONG secret_len )
++static NTSTATUS key_init( struct key *key, struct algorithm *alg, UCHAR *secret, ULONG secret_len )
+ {
+     ERR( "support for keys not available at build time\n" );
+     return STATUS_NOT_IMPLEMENTED;
+@@ -955,7 +955,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
+     if (!(key = HeapAlloc( GetProcessHeap(), 0, sizeof(*key) ))) return STATUS_NO_MEMORY;
+     key->hdr.magic = MAGIC_KEY;
+ 
+-    if ((status = key_init( key, alg->id, secret, secret_len )))
++    if ((status = key_init( key, alg, secret, secret_len )))
+     {
+         HeapFree( GetProcessHeap(), 0, key );
+         return status;
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0013-bcrypt-Implement-BCryptSetProperty-for-algorithms.patch

@@ -0,0 +1,149 @@
+From 5313398cdabe97a17b21e2d9f25a191da7bd9434 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 26 Dec 2016 06:08:33 +0100
+Subject: bcrypt: Implement BCryptSetProperty for algorithms.
+
+---
+ dlls/bcrypt/bcrypt_main.c  | 66 ++++++++++++++++++++++++++++++++++++++++++++--
+ dlls/bcrypt/tests/bcrypt.c |  6 ++---
+ 2 files changed, 67 insertions(+), 5 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index 8a5161b..4757878 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -153,6 +153,12 @@ enum alg_id
+     ALG_ID_SHA512
+ };
+ 
++enum mode_id
++{
++    MODE_ID_CBC,
++    MODE_ID_GCM
++};
++
+ #define MAX_HASH_OUTPUT_BYTES 64
+ 
+ static const struct {
+@@ -172,6 +178,7 @@ struct algorithm
+ {
+     struct object hdr;
+     enum alg_id   id;
++    enum mode_id  mode;
+     BOOL hmac;
+ };
+ 
+@@ -265,6 +272,7 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR
+     if (!(alg = HeapAlloc( GetProcessHeap(), 0, sizeof(*alg) ))) return STATUS_NO_MEMORY;
+     alg->hdr.magic = MAGIC_ALG;
+     alg->id        = alg_id;
++    alg->mode      = MODE_ID_CBC;
+     alg->hmac      = flags & BCRYPT_ALG_HANDLE_HMAC_FLAG;
+ 
+     *handle = alg;
+@@ -555,6 +563,40 @@ static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop
+     return STATUS_SUCCESS;
+ }
+ 
++static NTSTATUS set_alg_property( struct algorithm *alg, const WCHAR *prop, UCHAR *value, ULONG size, ULONG flags )
++{
++    switch (alg->id)
++    {
++    case ALG_ID_AES:
++        if (!strcmpW( prop, BCRYPT_CHAINING_MODE ))
++        {
++            if (size == sizeof(BCRYPT_CHAIN_MODE_CBC) &&
++                !strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_CBC, size ))
++            {
++                alg->mode = MODE_ID_CBC;
++                return STATUS_SUCCESS;
++            }
++            else if (size == sizeof(BCRYPT_CHAIN_MODE_GCM) &&
++                     !strncmpW( (WCHAR *)value, BCRYPT_CHAIN_MODE_GCM, size ))
++            {
++                alg->mode = MODE_ID_GCM;
++                return STATUS_SUCCESS;
++            }
++            else
++            {
++                FIXME( "unsupported mode %s\n", debugstr_wn( (WCHAR *)value, size ) );
++                return STATUS_NOT_IMPLEMENTED;
++            }
++        }
++        FIXME( "unsupported aes algorithm property %s\n", debugstr_w(prop) );
++        return STATUS_NOT_IMPLEMENTED;
++
++    default:
++        FIXME( "unsupported algorithm %u\n", alg->id );
++        return STATUS_NOT_IMPLEMENTED;
++    }
++}
++
+ static NTSTATUS get_hash_property( const struct hash *hash, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
+ {
+     NTSTATUS status;
+@@ -595,8 +637,28 @@ NTSTATUS WINAPI BCryptGetProperty( BCRYPT_HANDLE handle, LPCWSTR prop, UCHAR *bu
+ NTSTATUS WINAPI BCryptSetProperty( BCRYPT_HANDLE handle, const WCHAR *prop, UCHAR *value,
+                                    ULONG size, ULONG flags )
+ {
+-    FIXME( "%p, %s, %p, %u, %08x\n", handle, debugstr_w(prop), value, size, flags );
+-    return STATUS_NOT_IMPLEMENTED;
++    struct object *object = handle;
++
++    TRACE( "%p, %s, %p, %u, %08x\n", handle, debugstr_w(prop), value, size, flags );
++
++    if (!object) return STATUS_INVALID_HANDLE;
++
++    switch (object->magic)
++    {
++    case MAGIC_ALG:
++    {
++        struct algorithm *alg = (struct algorithm *)object;
++        return set_alg_property( alg, prop, value, size, flags );
++    }
++    case MAGIC_KEY:
++    {
++        FIXME( "keys not implemented yet\n" );
++        return STATUS_NOT_IMPLEMENTED;
++    }
++    default:
++        WARN( "unknown magic %08x\n", object->magic );
++        return STATUS_INVALID_HANDLE;
++    }
+ }
+ 
+ NTSTATUS WINAPI BCryptCreateHash( BCRYPT_ALG_HANDLE algorithm, BCRYPT_HASH_HANDLE *handle, UCHAR *object, ULONG objectlen,
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index 699a995..d850738 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -889,7 +889,7 @@ static void test_BCryptGenerateSymmetricKey(void)
+ 
+     ret = pBCryptSetProperty(aes, BCRYPT_CHAINING_MODE, (UCHAR *)BCRYPT_CHAIN_MODE_CBC,
+                             sizeof(BCRYPT_CHAIN_MODE_CBC), 0);
+-    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ 
+     size = 0xdeadbeef;
+     ret = pBCryptEncrypt(key, NULL, 0, NULL, NULL, 0, NULL, 0, &size, 0);
+@@ -1078,7 +1078,7 @@ static void test_BCryptEncrypt(void)
+     todo_wine ok(ret == STATUS_NOT_SUPPORTED, "got %08x\n", ret);
+ 
+     ret = BCryptSetProperty(aes, BCRYPT_CHAINING_MODE, (UCHAR*)BCRYPT_CHAIN_MODE_GCM, sizeof(BCRYPT_CHAIN_MODE_GCM), 0);
+-    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ 
+     size = 0;
+     ret = BCryptGetProperty(aes, BCRYPT_AUTH_TAG_LENGTH, NULL, 0, &size, 0);
+@@ -1306,7 +1306,7 @@ static void test_BCryptDecrypt(void)
+      ******************/
+ 
+     ret = BCryptSetProperty(aes, BCRYPT_CHAINING_MODE, (UCHAR*)BCRYPT_CHAIN_MODE_GCM, sizeof(BCRYPT_CHAIN_MODE_GCM), 0);
+-    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ 
+     buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
+     ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret, sizeof(secret), 0);
+-- 
+2.9.0
+