Release 2.1.

Also remove a broken link.

LICENSE.md

@@ -7,7 +7,7 @@ are part of **Wine Staging** and are licensed under the terms of the
 [LGPLv2.1](#gnu-lgpl-version-21), to stay compatible with Wine:
 
 ```
-Copyright (C) 2014-2016 the Wine Staging project authors.
+Copyright (C) 2014-2017 the Wine Staging project authors.
 
 Wine Staging is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public

patches/Compiler_Warnings/definition

@@ -1 +0,0 @@
-Category: stable

patches/Staging/0001-kernel32-Add-winediag-message-to-show-warning-that-t.patch

@@ -1,4 +1,4 @@
-From a41dac0b19ec2ba3807da4ac42d77717d79f1115 Mon Sep 17 00:00:00 2001
+From 41ee5d7699182ea01c61223ab9d0a10473e16ac2 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Thu, 2 Oct 2014 19:44:31 +0200
 Subject: kernel32: Add winediag message to show warning, that this isn't
@@ -9,7 +9,7 @@ Subject: kernel32: Add winediag message to show warning, that this isn't
  1 file changed, 9 insertions(+)
 
 diff --git a/dlls/kernel32/process.c b/dlls/kernel32/process.c
-index b0c06e3..a2c1d4c 100644
+index 6d0fc74cdf4..ed1d967ffdf 100644
 --- a/dlls/kernel32/process.c
 +++ b/dlls/kernel32/process.c
 @@ -65,6 +65,7 @@
@@ -20,7 +20,7 @@ index b0c06e3..a2c1d4c 100644
  
  #ifdef __APPLE__
  extern char **__wine_get_main_environment(void);
-@@ -1099,6 +1100,14 @@ static DWORD WINAPI start_process( PEB *peb )
+@@ -1104,6 +1105,14 @@ static DWORD WINAPI start_process( PEB *peb )
          DPRINTF( "%04x:Starting process %s (entryproc=%p)\n", GetCurrentThreadId(),
                   debugstr_w(peb->ProcessParameters->ImagePathName.Buffer), entry );
  
@@ -32,9 +32,9 @@ index b0c06e3..a2c1d4c 100644
 +    else
 +        WARN_(winediag)("Wine Staging %s is a testing version containing experimental patches.\n", wine_get_version());
 +
-     SetLastError( 0 );  /* clear error code */
-     if (peb->BeingDebugged) DbgBreakPoint();
-     return call_process_entry( peb, entry );
+     if (!CheckRemoteDebuggerPresent( GetCurrentProcess(), &being_debugged ))
+         being_debugged = FALSE;
+ 
 -- 
-2.5.1
+2.11.0
 

patches/Staging/definition

@@ -1 +1 @@
-Category: stable
+Depends: kernel32-BeingDebugged

patches/advapi32-LookupSecurityDescriptorParts/0001-advapi32-add-LookupSecurityDescriptorPartsA-W-stubs.patch

@@ -0,0 +1,61 @@
+From bb079b53bc79d44987d5f7ac93d0e1d2c5b00698 Mon Sep 17 00:00:00 2001
+From: Austin English <austinenglish@gmail.com>
+Date: Wed, 9 Nov 2016 21:46:10 -0600
+Subject: advapi32: add LookupSecurityDescriptorPartsA/W stubs
+
+Fixes https://bugs.winehq.org/show_bug.cgi?id=41682
+---
+ dlls/advapi32/advapi32.spec |  4 ++--
+ dlls/advapi32/security.c    | 24 ++++++++++++++++++++++++
+ 2 files changed, 26 insertions(+), 2 deletions(-)
+
+diff --git a/dlls/advapi32/advapi32.spec b/dlls/advapi32/advapi32.spec
+index 6c57c88adf7..88d8634ef64 100644
+--- a/dlls/advapi32/advapi32.spec
++++ b/dlls/advapi32/advapi32.spec
+@@ -415,8 +415,8 @@
+ @ stdcall LookupPrivilegeNameW(wstr ptr ptr ptr)
+ @ stdcall LookupPrivilegeValueA(ptr ptr ptr)
+ @ stdcall LookupPrivilegeValueW(ptr ptr ptr)
+-# @ stub LookupSecurityDescriptorPartsA
+-# @ stub LookupSecurityDescriptorPartsW
++@ stdcall LookupSecurityDescriptorPartsA(ptr ptr ptr ptr ptr ptr ptr)
++@ stdcall LookupSecurityDescriptorPartsW(ptr ptr ptr ptr ptr ptr ptr)
+ @ stdcall LsaAddAccountRights(ptr ptr ptr long)
+ @ stub LsaAddPrivilegesToAccount
+ # @ stub LsaClearAuditLog
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index 3b5d7a42b6f..01e8ea02706 100644
+--- a/dlls/advapi32/security.c
++++ b/dlls/advapi32/security.c
+@@ -6199,3 +6199,27 @@ BOOL WINAPI SaferSetLevelInformation(SAFER_LEVEL_HANDLE handle, SAFER_OBJECT_INF
+     FIXME("(%p %u %p %u) stub\n", handle, infotype, buffer, size);
+     return FALSE;
+ }
++
++/******************************************************************************
++ * LookupSecurityDescriptorPartsA   [ADVAPI32.@]
++ */
++DWORD WINAPI LookupSecurityDescriptorPartsA(TRUSTEEA *owner, TRUSTEEA *group, ULONG *access_count,
++                                            EXPLICIT_ACCESSA *access_list, ULONG *audit_count,
++                                            EXPLICIT_ACCESSA *audit_list, SECURITY_DESCRIPTOR *descriptor)
++{
++    FIXME("(%p %p %p %p %p %p %p) stub\n", owner, group, access_count,
++          access_list, audit_count, audit_list, descriptor);
++    return ERROR_CALL_NOT_IMPLEMENTED;
++}
++
++/******************************************************************************
++ * LookupSecurityDescriptorPartsW   [ADVAPI32.@]
++ */
++DWORD WINAPI LookupSecurityDescriptorPartsW(TRUSTEEW *owner, TRUSTEEW *group, ULONG *access_count,
++                                            EXPLICIT_ACCESSW *access_list, ULONG *audit_count,
++                                            EXPLICIT_ACCESSW *audit_list, SECURITY_DESCRIPTOR *descriptor)
++{
++    FIXME("(%p %p %p %p %p %p %p) stub\n", owner, group, access_count,
++          access_list, audit_count, audit_list, descriptor);
++    return ERROR_CALL_NOT_IMPLEMENTED;
++}
+-- 
+2.11.0
+

patches/advapi32-LookupSecurityDescriptorParts/definition

@@ -0,0 +1 @@
+Fixes: [41682] Add stub for advapi32.LookupSecurityDescriptorPartsA/W

patches/advapi32-LsaLookupSids/0004-advapi32-Fallback-to-Sid-string-when-LookupAccountSi.patch

@@ -1,4 +1,4 @@
-From 616c17cc58a4943d3a367704943e737d5713740d Mon Sep 17 00:00:00 2001
+From 77d43d721793edda9b419f7426442a35f0cb5918 Mon Sep 17 00:00:00 2001
 From: Qian Hong <qhong@codeweavers.com>
 Date: Tue, 7 Apr 2015 11:23:34 +0800
 Subject: advapi32: Fallback to Sid string when LookupAccountSid fails.
@@ -8,7 +8,7 @@ Subject: advapi32: Fallback to Sid string when LookupAccountSid fails.
  1 file changed, 31 insertions(+)
 
 diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
-index 258b8ca..93afa20 100644
+index 1b270a80829..b8dedbd6d58 100644
 --- a/dlls/advapi32/lsa.c
 +++ b/dlls/advapi32/lsa.c
 @@ -29,6 +29,7 @@
@@ -19,8 +19,8 @@ index 258b8ca..93afa20 100644
  #include "advapi32_misc.h"
  
  #include "wine/debug.h"
-@@ -554,6 +555,21 @@ NTSTATUS WINAPI LsaLookupSids(
-                 heap_free(name);
+@@ -562,6 +563,21 @@ NTSTATUS WINAPI LsaLookupSids(
+                 domain.MaximumLength = sizeof(WCHAR);
              }
          }
 +        else
@@ -41,9 +41,9 @@ index 258b8ca..93afa20 100644
      }
  
      /* now we have full length needed for both */
-@@ -593,6 +609,21 @@ NTSTATUS WINAPI LsaLookupSids(
-                 heap_free(domain.Buffer);
-             }
+@@ -605,6 +621,21 @@ NTSTATUS WINAPI LsaLookupSids(
+             (*Names)[i].DomainIndex = lsa_reflist_add_domain(*ReferencedDomains, &domain, &domain_data);
+             heap_free(domain.Buffer);
          }
 +        else
 +        {
@@ -64,5 +64,5 @@ index 258b8ca..93afa20 100644
          name_buffer += name_size;
      }
 -- 
-2.3.5
+2.11.0
 

patches/api-ms-win-Stub_DLLs/0001-kernelbase-Add-dll-and-add-stub-for-QuirkIsEnabled.patch

@@ -1,4 +1,4 @@
-From 51fb5229fdb33887fe25440defc8df09d1623abb Mon Sep 17 00:00:00 2001
+From 306414ced0169b9ee4de34706e9235acb1bd93d6 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Fri, 15 Jan 2016 13:01:15 +0100
 Subject: kernelbase: Add dll and add stub for QuirkIsEnabled.
@@ -13,7 +13,7 @@ Subject: kernelbase: Add dll and add stub for QuirkIsEnabled.
  create mode 100644 dlls/kernelbase/misc.c
 
 diff --git a/dlls/kernelbase/Makefile.in b/dlls/kernelbase/Makefile.in
-index b9caed0..2beb34b 100644
+index b9caed090b2..2beb34bafdb 100644
 --- a/dlls/kernelbase/Makefile.in
 +++ b/dlls/kernelbase/Makefile.in
 @@ -1 +1,4 @@
@@ -22,7 +22,7 @@ index b9caed0..2beb34b 100644
 +C_SRCS = \
 +	misc.c
 diff --git a/dlls/kernelbase/kernelbase.spec b/dlls/kernelbase/kernelbase.spec
-index f104030..e09112e 100644
+index f104030ab25..74ff728cbc8 100644
 --- a/dlls/kernelbase/kernelbase.spec
 +++ b/dlls/kernelbase/kernelbase.spec
 @@ -1,3 +1,6 @@
@@ -96,7 +96,7 @@ index f104030..e09112e 100644
 -@ stub BaseReleaseProcessDllPath
 -@ stub BaseReleaseProcessExePath
 +@ stub BaseDumpAppcompatCache
-+@ stub BaseFlushAppcompatCache
++@ stdcall BaseFlushAppcompatCache() kernel32.BaseFlushAppcompatCache
 +@ stub BaseFormatObjectAttributes
 +@ stub BaseFreeAppCompatDataForProcess
 +@ stub BaseGetNamedObjectDirectory
@@ -244,7 +244,7 @@ index f104030..e09112e 100644
 +@ stdcall CreateWaitableTimerW(ptr long wstr) kernel32.CreateWaitableTimerW
  @ stdcall CreateWellKnownSid(long ptr ptr ptr) advapi32.CreateWellKnownSid
 +@ stub CtrlRoutine
-+@ stdcall DeactivateActCtx(long ptr) kernel32.DeactivateActCtx
++@ stdcall DeactivateActCtx(long long) kernel32.DeactivateActCtx
 +@ stdcall DebugActiveProcess(long) kernel32.DebugActiveProcess
 +@ stdcall DebugActiveProcessStop(long) kernel32.DebugActiveProcessStop
  @ stdcall DebugBreak() kernel32.DebugBreak
@@ -433,7 +433,7 @@ index f104030..e09112e 100644
  @ stub GetCalendar
  @ stdcall GetCalendarInfoEx(wstr long ptr long ptr long ptr) kernel32.GetCalendarInfoEx
  @ stdcall GetCalendarInfoW(long long long ptr long ptr) kernel32.GetCalendarInfoW
-+@ stdcall GetCommConfig(long ptr long) kernel32.GetCommConfig
++@ stdcall GetCommConfig(long ptr ptr) kernel32.GetCommConfig
 +@ stdcall GetCommMask(long ptr) kernel32.GetCommMask
 +@ stdcall GetCommModemStatus(long ptr) kernel32.GetCommModemStatus
 +@ stdcall GetCommProperties(long ptr) kernel32.GetCommProperties
@@ -1354,7 +1354,7 @@ index f104030..e09112e 100644
 +@ stub SetClientTimeZoneInformation
 +@ stdcall SetCommBreak(long) kernel32.SetCommBreak
 +@ stdcall SetCommConfig(long ptr long) kernel32.SetCommConfig
-+@ stdcall SetCommMask(long ptr) kernel32.SetCommMask
++@ stdcall SetCommMask(long long) kernel32.SetCommMask
 +@ stdcall SetCommState(long ptr) kernel32.SetCommState
 +@ stdcall SetCommTimeouts(long ptr) kernel32.SetCommTimeouts
 +@ stdcall SetComputerNameA(str) kernel32.SetComputerNameA
@@ -1715,7 +1715,7 @@ index f104030..e09112e 100644
 +@ stub wprintf
 diff --git a/dlls/kernelbase/misc.c b/dlls/kernelbase/misc.c
 new file mode 100644
-index 0000000..be1591a
+index 00000000000..be1591aee7e
 --- /dev/null
 +++ b/dlls/kernelbase/misc.c
 @@ -0,0 +1,37 @@
@@ -1757,7 +1757,7 @@ index 0000000..be1591a
 +    return FALSE;
 +}
 diff --git a/dlls/shlwapi/shlwapi.spec b/dlls/shlwapi/shlwapi.spec
-index 6b6ead2..7c2a9d1 100644
+index 6b6ead26968..7c2a9d117e0 100644
 --- a/dlls/shlwapi/shlwapi.spec
 +++ b/dlls/shlwapi/shlwapi.spec
 @@ -417,7 +417,7 @@
@@ -1770,10 +1770,10 @@ index 6b6ead2..7c2a9d1 100644
  422 stdcall -noname SHGlobalCounterCreateNamedA(str long)
  423 stdcall -noname SHGlobalCounterCreateNamedW(wstr long)
 diff --git a/tools/make_specfiles b/tools/make_specfiles
-index 8e11529..eba8548 100755
+index 1e2400e4c7f..a245aefe406 100755
 --- a/tools/make_specfiles
 +++ b/tools/make_specfiles
-@@ -233,6 +233,7 @@ my @dll_groups =
+@@ -249,6 +249,7 @@ my @dll_groups =
   [
    "kernel32",
    "advapi32",
@@ -1782,5 +1782,5 @@ index 8e11529..eba8548 100755
    "kernelbase",
    "api-ms-win-core-bem-l1-1-0",
 -- 
-2.9.0
+2.11.0
 

patches/avifil32-AVIFileGetStream/0001-avifil32-AVIFileGetStream-should-set-stream-to-NULL-.patch

@@ -1,42 +0,0 @@
-From 64ce8c391c3706a2b3ce9b5f8f76710d5751a766 Mon Sep 17 00:00:00 2001
-From: Dmitry Timoshkov <dmitry@baikal.ru>
-Date: Thu, 20 Oct 2016 17:48:24 +0800
-Subject: avifil32: AVIFileGetStream should set stream to NULL in case of an
- error.
-
----
- dlls/avifil32/avifile.c   | 1 +
- dlls/avifil32/tests/api.c | 5 +++++
- 2 files changed, 6 insertions(+)
-
-diff --git a/dlls/avifil32/avifile.c b/dlls/avifil32/avifile.c
-index f649d05..7a4caaa 100644
---- a/dlls/avifil32/avifile.c
-+++ b/dlls/avifil32/avifile.c
-@@ -316,6 +316,7 @@ static HRESULT WINAPI IAVIFile_fnGetStream(IAVIFile *iface, IAVIStream **avis, D
-   }
- 
-   /* Sorry, but the specified stream doesn't exist */
-+  *avis = NULL;
-   return AVIERR_NODATA;
- }
- 
-diff --git a/dlls/avifil32/tests/api.c b/dlls/avifil32/tests/api.c
-index b3d822d..8a00865 100644
---- a/dlls/avifil32/tests/api.c
-+++ b/dlls/avifil32/tests/api.c
-@@ -373,6 +373,11 @@ static void test_default_data(void)
-     res = AVIFileOpenA(&pFile, filename, OF_SHARE_DENY_WRITE, 0L);
-     ok(res == 0, "Unable to open file: error=%u\n", res);
- 
-+    pStream0 = (void *)0xdeadbeef;
-+    res = AVIFileGetStream(pFile, &pStream0, ~0, 0);
-+    ok(res == AVIERR_NODATA, "expected AVIERR_NODATA, got %#x\n", res);
-+    ok(pStream0 == NULL, "AVIFileGetStream should set stream to NULL\n");
-+
-     res = AVIFileGetStream(pFile, &pStream0, 0, 0);
-     ok(res == 0, "Unable to open video stream: error=%u\n", res);
- 
--- 
-2.9.0
-

patches/avifil32-AVIFileGetStream/definition

@@ -1 +0,0 @@
-Fixes: [41579] AVIFileGetStream should set stream to NULL in case of an error

patches/bcrypt-Improvements/0001-bcrypt-Add-AES-provider.patch

@@ -1,4 +1,4 @@
-From b6efa0b8bb1bba73863ca985c13d46a5eaec4198 Mon Sep 17 00:00:00 2001
+From 489a67ec803b382248134be53f3449c206e208ff Mon Sep 17 00:00:00 2001
 From: Hans Leidekker <hans@codeweavers.com>
 Date: Mon, 19 Dec 2016 19:38:52 +0100
 Subject: bcrypt: Add AES provider.
@@ -7,11 +7,12 @@ Subject: bcrypt: Add AES provider.
  dlls/bcrypt/bcrypt.spec    |  10 +-
  dlls/bcrypt/bcrypt_main.c  | 347 ++++++++++++++++++++++++++++++++++++++++++++-
  dlls/bcrypt/tests/bcrypt.c |  18 +--
+ dlls/ncrypt/ncrypt.spec    |  10 +-
  include/bcrypt.h           |   3 +
- 4 files changed, 352 insertions(+), 26 deletions(-)
+ 5 files changed, 357 insertions(+), 31 deletions(-)
 
 diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec
-index e299fe0..962953e 100644
+index e299fe0cce8..962953e509b 100644
 --- a/dlls/bcrypt/bcrypt.spec
 +++ b/dlls/bcrypt/bcrypt.spec
 @@ -5,15 +5,15 @@
@@ -52,7 +53,7 @@ index e299fe0..962953e 100644
  @ stub BCryptUnregisterConfigChangeNotify
  @ stub BCryptUnregisterProvider
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index 6023c94..937bdf7 100644
+index 6023c942e49..5867dbdc3fa 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
 @@ -49,6 +49,10 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag);
@@ -207,7 +208,7 @@ index 6023c94..937bdf7 100644
      return BCryptDestroyHash( handle );
  }
  
-+#if defined(HAVE_GNUTLS_HASH)
++#if defined(HAVE_GNUTLS_HASH) && !defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H)
 +struct key
 +{
 +    struct object      hdr;
@@ -469,7 +470,7 @@ index 6023c94..937bdf7 100644
 +    struct key *key = handle;
 +    NTSTATUS status;
 +
-+    FIXME( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len,
++    TRACE( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len,
 +           padding, iv, iv_len, output, output_len, ret_len, flags );
 +
 +    if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
@@ -498,7 +499,7 @@ index 6023c94..937bdf7 100644
  {
      switch (reason)
 diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
-index 3e41335..2668153 100644
+index 422f2cfd340..d2df74ed919 100644
 --- a/dlls/bcrypt/tests/bcrypt.c
 +++ b/dlls/bcrypt/tests/bcrypt.c
 @@ -780,7 +780,7 @@ static void test_aes(void)
@@ -510,7 +511,7 @@ index 3e41335..2668153 100644
      alg = NULL;
      ret = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_AES_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0);
      ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
-@@ -828,7 +828,6 @@ todo_wine {
+@@ -814,7 +814,6 @@ todo_wine {
      ret = pBCryptCloseAlgorithmProvider(alg, 0);
      ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
  }
@@ -518,7 +519,7 @@ index 3e41335..2668153 100644
  
  static void test_BCryptGenerateSymmetricKey(void)
  {
-@@ -847,11 +846,6 @@ static void test_BCryptGenerateSymmetricKey(void)
+@@ -833,11 +832,6 @@ static void test_BCryptGenerateSymmetricKey(void)
      NTSTATUS ret;
  
      ret = pBCryptOpenAlgorithmProvider(&aes, BCRYPT_AES_ALGORITHM, NULL, 0);
@@ -530,7 +531,7 @@ index 3e41335..2668153 100644
      ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
  
      len = size = 0xdeadbeef;
-@@ -936,11 +930,6 @@ static void test_BCryptEncrypt(void)
+@@ -922,11 +916,6 @@ static void test_BCryptEncrypt(void)
      NTSTATUS ret;
  
      ret = pBCryptOpenAlgorithmProvider(&aes, BCRYPT_AES_ALGORITHM, NULL, 0);
@@ -542,7 +543,7 @@ index 3e41335..2668153 100644
      ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
  
      len = 0xdeadbeef;
-@@ -1027,11 +1016,6 @@ static void test_BCryptDecrypt(void)
+@@ -1013,11 +1002,6 @@ static void test_BCryptDecrypt(void)
      NTSTATUS ret;
  
      ret = pBCryptOpenAlgorithmProvider(&aes, BCRYPT_AES_ALGORITHM, NULL, 0);
@@ -554,8 +555,51 @@ index 3e41335..2668153 100644
      ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
  
      len = 0xdeadbeef;
+diff --git a/dlls/ncrypt/ncrypt.spec b/dlls/ncrypt/ncrypt.spec
+index 04127608d68..60b7eb37075 100644
+--- a/dlls/ncrypt/ncrypt.spec
++++ b/dlls/ncrypt/ncrypt.spec
+@@ -5,17 +5,17 @@
+ @ stub BCryptConfigureContextFunction
+ @ stub BCryptCreateContext
+ @ stdcall BCryptCreateHash(ptr ptr ptr long ptr long long) bcrypt.BCryptCreateHash
+-@ stub BCryptDecrypt
++@ stdcall BCryptDecrypt(ptr ptr long ptr ptr long ptr long ptr long) bcrypt.BCryptDecrypt
+ @ stub BCryptDeleteContext
+ @ stub BCryptDeriveKey
+ @ stub BCryptDeriveKeyCapi
+ @ stub BCryptDeriveKeyPBKDF2
+ @ stdcall BCryptDestroyHash(ptr) bcrypt.BCryptDestroyHash
+-@ stub BCryptDestroyKey
++@ stdcall BCryptDestroyKey(ptr) bcrypt.BCryptDestroyKey
+ @ stub BCryptDestroySecret
+ @ stub BCryptDuplicateHash
+ @ stub BCryptDuplicateKey
+-@ stub BCryptEncrypt
++@ stdcall BCryptEncrypt(ptr ptr long ptr ptr long ptr long ptr long) bcrypt.BCryptEncrypt
+ @ stdcall BCryptEnumAlgorithms(long ptr ptr long) bcrypt.BCryptEnumAlgorithms
+ @ stub BCryptEnumContextFunctionProviders
+ @ stub BCryptEnumContextFunctions
+@@ -28,7 +28,7 @@
+ @ stub BCryptFreeBuffer
+ @ stdcall BCryptGenRandom(ptr ptr long long) bcrypt.BCryptGenRandom
+ @ stub BCryptGenerateKeyPair
+-@ stub BCryptGenerateSymmetricKey
++@ stdcall BCryptGenerateSymmetricKey(ptr ptr ptr long ptr long long) bcrypt.BCryptGenerateSymmetricKey
+ @ stdcall BCryptGetFipsAlgorithmMode(ptr) bcrypt.BCryptGetFipsAlgorithmMode
+ @ stdcall BCryptGetProperty(ptr wstr ptr long ptr long) bcrypt.BCryptGetProperty
+ @ stdcall BCryptHash(ptr ptr long ptr long ptr long) bcrypt.BCryptHash
+@@ -49,7 +49,7 @@
+ @ stub BCryptSecretAgreement
+ @ stub BCryptSetAuditingInterface
+ @ stub BCryptSetContextFunctionProperty
+-@ stub BCryptSetProperty
++@ stdcall BCryptSetProperty(ptr wstr ptr long long) bcrypt.BCryptSetProperty
+ @ stub BCryptSignHash
+ @ stub BCryptUnregisterConfigChangeNotify
+ @ stub BCryptUnregisterProvider
 diff --git a/include/bcrypt.h b/include/bcrypt.h
-index 05d0691..6af85e3 100644
+index 05d0691f9c3..6af85e36143 100644
 --- a/include/bcrypt.h
 +++ b/include/bcrypt.h
 @@ -74,6 +74,9 @@ typedef LONG NTSTATUS;
@@ -569,5 +613,5 @@ index 05d0691..6af85e3 100644
  typedef struct _BCRYPT_ALGORITHM_IDENTIFIER
  {
 -- 
-2.9.0
+2.11.0
 

patches/bcrypt-Improvements/0003-bcrypt-Add-internal-fallback-implementation-for-hash.patch

@@ -1,4 +1,4 @@
-From ecff30df4deadc0df006a880a5528343a4ab788f Mon Sep 17 00:00:00 2001
+From 3439b4e5a1fd05c4fb68491c3814de2581e8a5aa Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Tue, 20 Dec 2016 02:36:57 +0100
 Subject: bcrypt: Add internal fallback implementation for hash calculations.
@@ -17,7 +17,7 @@ Subject: bcrypt: Add internal fallback implementation for hash calculations.
  create mode 100644 dlls/bcrypt/sha512.c
 
 diff --git a/dlls/bcrypt/Makefile.in b/dlls/bcrypt/Makefile.in
-index ef9d7ea..38753bd 100644
+index ef9d7ead6bc..f54fc5cd482 100644
 --- a/dlls/bcrypt/Makefile.in
 +++ b/dlls/bcrypt/Makefile.in
 @@ -4,6 +4,9 @@ IMPORTLIB = bcrypt
@@ -27,13 +27,13 @@ index ef9d7ea..38753bd 100644
 -	bcrypt_main.c
 +	bcrypt_main.c \
 +	sha256.c \
-+	sha512.c \
-+	sha384.c
++	sha384.c \
++	sha512.c
  
  RC_SRCS = version.rc
 diff --git a/dlls/bcrypt/bcrypt_internal.h b/dlls/bcrypt/bcrypt_internal.h
 new file mode 100644
-index 0000000..8a8f6d1
+index 00000000000..8a8f6d170c4
 --- /dev/null
 +++ b/dlls/bcrypt/bcrypt_internal.h
 @@ -0,0 +1,79 @@
@@ -117,7 +117,7 @@ index 0000000..8a8f6d1
 +
 +#endif /* __BCRYPT_INTERNAL_H */
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index af2314a..9441cf0 100644
+index 1f22063dbda..fbaece21f47 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
 @@ -36,6 +36,8 @@
@@ -251,7 +251,7 @@ index af2314a..9441cf0 100644
  
 diff --git a/dlls/bcrypt/sha256.c b/dlls/bcrypt/sha256.c
 new file mode 100644
-index 0000000..48c4a48
+index 00000000000..48c4a48d031
 --- /dev/null
 +++ b/dlls/bcrypt/sha256.c
 @@ -0,0 +1,169 @@
@@ -426,7 +426,7 @@ index 0000000..48c4a48
 +}
 diff --git a/dlls/bcrypt/sha384.c b/dlls/bcrypt/sha384.c
 new file mode 100644
-index 0000000..81e7e08
+index 00000000000..81e7e08fd07
 --- /dev/null
 +++ b/dlls/bcrypt/sha384.c
 @@ -0,0 +1,41 @@
@@ -473,7 +473,7 @@ index 0000000..81e7e08
 +}
 diff --git a/dlls/bcrypt/sha512.c b/dlls/bcrypt/sha512.c
 new file mode 100644
-index 0000000..fdd7867
+index 00000000000..fdd7867eab7
 --- /dev/null
 +++ b/dlls/bcrypt/sha512.c
 @@ -0,0 +1,191 @@
@@ -669,5 +669,5 @@ index 0000000..fdd7867
 +    }
 +}
 -- 
-2.9.0
+2.11.0
 

patches/bcrypt-Improvements/0005-bcrypt-Implement-BCryptDuplicateHash.patch

@@ -1,4 +1,4 @@
-From 9331e2a78e8ec0ba29ed1041a9f851ffd39cc249 Mon Sep 17 00:00:00 2001
+From 3dc21336baced97a110773ac9e72db210a56af82 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Tue, 20 Dec 2016 03:59:19 +0100
 Subject: bcrypt: Implement BCryptDuplicateHash.
@@ -7,10 +7,11 @@ FIXME: Should we check for NULL pointers?
 ---
  dlls/bcrypt/bcrypt.spec   |  2 +-
  dlls/bcrypt/bcrypt_main.c | 18 ++++++++++++++++++
- 2 files changed, 19 insertions(+), 1 deletion(-)
+ dlls/ncrypt/ncrypt.spec   |  2 +-
+ 3 files changed, 20 insertions(+), 2 deletions(-)
 
 diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec
-index 962953e..9ecd21d 100644
+index 962953e509b..9ecd21d767c 100644
 --- a/dlls/bcrypt/bcrypt.spec
 +++ b/dlls/bcrypt/bcrypt.spec
 @@ -11,7 +11,7 @@
@@ -23,7 +24,7 @@ index 962953e..9ecd21d 100644
  @ stdcall BCryptEncrypt(ptr ptr long ptr ptr long ptr long ptr long)
  @ stdcall BCryptEnumAlgorithms(long ptr ptr long)
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index 3e2b22d..944a9ea 100644
+index 4f09948096c..3eb0135b37c 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
 @@ -672,6 +672,24 @@ end:
@@ -51,6 +52,19 @@ index 3e2b22d..944a9ea 100644
  NTSTATUS WINAPI BCryptDestroyHash( BCRYPT_HASH_HANDLE handle )
  {
      struct hash *hash = handle;
+diff --git a/dlls/ncrypt/ncrypt.spec b/dlls/ncrypt/ncrypt.spec
+index 60b7eb37075..1a78853bf49 100644
+--- a/dlls/ncrypt/ncrypt.spec
++++ b/dlls/ncrypt/ncrypt.spec
+@@ -13,7 +13,7 @@
+ @ stdcall BCryptDestroyHash(ptr) bcrypt.BCryptDestroyHash
+ @ stdcall BCryptDestroyKey(ptr) bcrypt.BCryptDestroyKey
+ @ stub BCryptDestroySecret
+-@ stub BCryptDuplicateHash
++@ stdcall BCryptDuplicateHash(ptr ptr ptr long long) bcrypt.BCryptDuplicateHash
+ @ stub BCryptDuplicateKey
+ @ stdcall BCryptEncrypt(ptr ptr long ptr ptr long ptr long ptr long) bcrypt.BCryptEncrypt
+ @ stdcall BCryptEnumAlgorithms(long ptr ptr long) bcrypt.BCryptEnumAlgorithms
 -- 
-2.9.0
+2.11.0
 

patches/bcrypt-Improvements/0006-bcrypt-Fix-handling-of-padding-when-input-size-equal.patch

@@ -1,16 +1,16 @@
-From 8554c6eea279baa21e10d3b742e1c62a732bbe69 Mon Sep 17 00:00:00 2001
+From 026aff5aa7c66fdc8e8c724dc73217585e8edf91 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Wed, 21 Dec 2016 04:09:03 +0100
 Subject: bcrypt: Fix handling of padding when input size equals block size for
  AES.
 
 ---
- dlls/bcrypt/bcrypt_main.c  | 13 +++++++------
+ dlls/bcrypt/bcrypt_main.c  | 14 ++++++++------
  dlls/bcrypt/tests/bcrypt.c | 33 ++++++++++++++++++++++++++++++++-
- 2 files changed, 39 insertions(+), 7 deletions(-)
+ 2 files changed, 40 insertions(+), 7 deletions(-)
 
 diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
-index 944a9ea..f97638f 100644
+index 944a9ea..f53ea1c 100644
 --- a/dlls/bcrypt/bcrypt_main.c
 +++ b/dlls/bcrypt/bcrypt_main.c
 @@ -997,11 +997,12 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
@@ -31,12 +31,13 @@ index 944a9ea..f97638f 100644
      if (!output) return STATUS_SUCCESS;
      if (output_len < *ret_len) return STATUS_BUFFER_TOO_SMALL;
  
-@@ -1014,7 +1015,7 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
+@@ -1014,7 +1015,8 @@ NTSTATUS WINAPI BCryptEncrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
          src += key->block_size;
          dst += key->block_size;
      }
 -    if (bytes_left)
-+    if (bytes_left || (flags & BCRYPT_BLOCK_PADDING))
++
++    if (flags & BCRYPT_BLOCK_PADDING)
      {
          if (!(buf = HeapAlloc( GetProcessHeap(), 0, key->block_size ))) return STATUS_NO_MEMORY;
          memcpy( buf, src, bytes_left );

patches/bcrypt-Improvements/0007-bcrypt-Properly-handle-padding-in-AES-decryption.patch

@@ -20,7 +20,7 @@ index f97638f..653301b 100644
 +    UCHAR *buf, *src, *dst;
      NTSTATUS status;
  
-     FIXME( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len,
+     TRACE( "%p, %p, %u, %p, %p, %u, %p, %u, %p, %08x\n", handle, input, input_len,
 @@ -1052,11 +1054,44 @@ NTSTATUS WINAPI BCryptDecrypt( BCRYPT_KEY_HANDLE handle, UCHAR *input, ULONG inp
      if ((status = key_set_params( key, iv, iv_len ))) return status;
  

patches/bcrypt-Improvements/0008-bcrypt-Fix-use-after-free-in-key_init.patch

@@ -0,0 +1,39 @@
+From f7dc69131cc016917b31c5deedf97da31b11c597 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 26 Dec 2016 02:43:39 +0100
+Subject: bcrypt: Fix use-after-free in key_init.
+
+---
+ dlls/bcrypt/bcrypt_main.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index 09bf6c30..a9006a4 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -791,6 +791,8 @@ static ULONG get_block_size( enum alg_id alg )
+ 
+ static NTSTATUS key_init( struct key *key, enum alg_id id, UCHAR *secret, ULONG secret_len )
+ {
++    UCHAR *buffer;
++
+     if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
+ 
+     switch (id)
+@@ -804,10 +806,12 @@ static NTSTATUS key_init( struct key *key, enum alg_id id, UCHAR *secret, ULONG
+     }
+ 
+     if (!(key->block_size = get_block_size( id ))) return STATUS_INVALID_PARAMETER;
++    if (!(buffer = HeapAlloc( GetProcessHeap(), 0, secret_len ))) return STATUS_NO_MEMORY;
++    memcpy( buffer, secret, secret_len );
+ 
+     key->alg_id     = id;
+     key->handle     = 0;        /* initialized on first use */
+-    key->secret     = secret;
++    key->secret     = buffer;
+     key->secret_len = secret_len;
+ 
+     return STATUS_SUCCESS;
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0009-bcrypt-Handle-NULL-pointers-in-BCryptDuplicateHash-a.patch

@@ -0,0 +1,83 @@
+From 873d431347aa25effc70e47566e562c122a5edc8 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Mon, 26 Dec 2016 04:23:31 +0100
+Subject: bcrypt: Handle NULL pointers in BCryptDuplicateHash and add tests.
+
+---
+ dlls/bcrypt/bcrypt_main.c  |  1 +
+ dlls/bcrypt/tests/bcrypt.c | 26 +++++++++++++++++++++++++-
+ 2 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index a9006a4..d1516cc 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -681,6 +681,7 @@ NTSTATUS WINAPI BCryptDuplicateHash( BCRYPT_HASH_HANDLE handle, BCRYPT_HASH_HAND
+     TRACE( "%p, %p, %p, %u, %u\n", handle, handle_copy, object, object_count, flags );
+ 
+     if (!hash_orig || hash_orig->hdr.magic != MAGIC_HASH) return STATUS_INVALID_HANDLE;
++    if (!handle_copy) return STATUS_INVALID_PARAMETER;
+     if (!(hash_copy = HeapAlloc( GetProcessHeap(), 0, sizeof(*hash_copy) )))
+         return STATUS_NO_MEMORY;
+ 
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index 997b298..bfe3a7e 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -33,6 +33,7 @@ static NTSTATUS (WINAPI *pBCryptCreateHash)(BCRYPT_ALG_HANDLE, BCRYPT_HASH_HANDL
+                                             ULONG, ULONG);
+ static NTSTATUS (WINAPI *pBCryptHash)(BCRYPT_ALG_HANDLE, UCHAR *, ULONG, UCHAR *, ULONG, UCHAR *, ULONG);
+ static NTSTATUS (WINAPI *pBCryptHashData)(BCRYPT_HASH_HANDLE, PUCHAR, ULONG, ULONG);
++static NTSTATUS (WINAPI *pBCryptDuplicateHash)(BCRYPT_HASH_HANDLE, BCRYPT_HASH_HANDLE *, UCHAR *, ULONG, ULONG);
+ static NTSTATUS (WINAPI *pBCryptFinishHash)(BCRYPT_HASH_HANDLE, PUCHAR, ULONG, ULONG);
+ static NTSTATUS (WINAPI *pBCryptDestroyHash)(BCRYPT_HASH_HANDLE);
+ static NTSTATUS (WINAPI *pBCryptGenRandom)(BCRYPT_ALG_HANDLE, PUCHAR, ULONG, ULONG);
+@@ -173,7 +174,7 @@ static void test_sha1(void)
+     static const char expected[] = "961fa64958818f767707072755d7018dcd278e94";
+     static const char expected_hmac[] = "2472cf65d0e090618d769d3e46f0d9446cf212da";
+     BCRYPT_ALG_HANDLE alg;
+-    BCRYPT_HASH_HANDLE hash;
++    BCRYPT_HASH_HANDLE hash, hash2;
+     UCHAR buf[512], buf_hmac[1024], sha1[20], sha1_hmac[20];
+     ULONG size, len;
+     char str[41];
+@@ -260,6 +261,28 @@ static void test_sha1(void)
+     test_hash_length(hash, 20);
+     test_alg_name(hash, "SHA1");
+ 
++    ret = pBCryptDuplicateHash(NULL, &hash2, NULL, 0, 0);
++    ok(ret == STATUS_INVALID_HANDLE, "got %08x\n", ret);
++
++    ret = pBCryptDuplicateHash(hash, NULL, NULL, 0, 0);
++    ok(ret == STATUS_INVALID_PARAMETER, "got %08x\n", ret);
++
++    hash2 = (void *)0xdeadbeef;
++    ret = pBCryptDuplicateHash(hash, &hash2, NULL, 0, 0);
++    ok(ret == STATUS_SUCCESS || broken(ret == STATUS_INVALID_PARAMETER) /* < Win 7 */, "got %08x\n", ret);
++
++    if (ret == STATUS_SUCCESS)
++    {
++        memset(sha1_hmac, 0, sizeof(sha1_hmac));
++        ret = pBCryptFinishHash(hash2, sha1_hmac, sizeof(sha1_hmac), 0);
++        ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++        format_hash( sha1_hmac, sizeof(sha1_hmac), str );
++        ok(!strcmp(str, expected_hmac), "got %s\n", str);
++
++        ret = pBCryptDestroyHash(hash2);
++        ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    }
++
+     memset(sha1_hmac, 0, sizeof(sha1_hmac));
+     ret = pBCryptFinishHash(hash, sha1_hmac, sizeof(sha1_hmac), 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+@@ -1179,6 +1202,7 @@ START_TEST(bcrypt)
+     pBCryptCreateHash = (void *)GetProcAddress(module, "BCryptCreateHash");
+     pBCryptHash = (void *)GetProcAddress(module, "BCryptHash");
+     pBCryptHashData = (void *)GetProcAddress(module, "BCryptHashData");
++    pBCryptDuplicateHash = (void *)GetProcAddress(module, "BCryptDuplicateHash");
+     pBCryptFinishHash = (void *)GetProcAddress(module, "BCryptFinishHash");
+     pBCryptDestroyHash = (void *)GetProcAddress(module, "BCryptDestroyHash");
+     pBCryptGenRandom = (void *)GetProcAddress(module, "BCryptGenRandom");
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0010-bcrypt-tests-Add-test-for-bugs-in-BCryptGetProperty.patch

@@ -0,0 +1,29 @@
+From 83b15bed14a0999bacd2a5959297bff842a125e0 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Mon, 26 Dec 2016 04:38:15 +0100
+Subject: bcrypt/tests: Add test for bugs in BCryptGetProperty.
+
+---
+ dlls/bcrypt/tests/bcrypt.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index bfe3a7e..23e150e 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -841,6 +841,12 @@ static void test_aes(void)
+     ok(size == 64, "got %u\n", size);
+ 
+     size = 0;
++    ret = pBCryptGetProperty(alg, BCRYPT_CHAINING_MODE, mode, sizeof(mode) - 1, &size, 0);
++    todo_wine ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
++    ok(size == 64, "got %u\n", size);
++
++    size = 0;
++    memset(mode, 0, sizeof(mode));
+     ret = pBCryptGetProperty(alg, BCRYPT_CHAINING_MODE, mode, sizeof(mode), &size, 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+     ok(!lstrcmpW((const WCHAR *)mode, BCRYPT_CHAIN_MODE_CBC), "got %s\n", mode);
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0011-bcrypt-tests-Add-tests-for-AES-GCM-mode.patch

@@ -0,0 +1,282 @@
+From 9e70e218c8a5c497ece71e17034ccae2e0baa218 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 26 Dec 2016 05:37:02 +0100
+Subject: bcrypt/tests: Add tests for AES GCM mode.
+
+---
+ dlls/bcrypt/tests/bcrypt.c | 155 ++++++++++++++++++++++++++++++++++++++++++++-
+ include/bcrypt.h           |  29 +++++++++
+ include/ntstatus.h         |   2 +
+ 3 files changed, 185 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index 23e150e..699a995 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -941,6 +941,8 @@ static void test_BCryptGenerateSymmetricKey(void)
+ 
+ static void test_BCryptEncrypt(void)
+ {
++    static UCHAR nonce[] =
++        {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x10, 0x20, 0x30, 0x40, 0x50, 0x60};
+     static UCHAR secret[] =
+         {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
+     static UCHAR iv[] =
+@@ -959,15 +961,28 @@ static void test_BCryptEncrypt(void)
+         {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
+          0xb1,0xa2,0x92,0x73,0xbe,0x2c,0x42,0x07,0xa5,0xac,0xe3,0x93,0x39,0x8c,0xb6,0xfb,
+          0x87,0x5d,0xea,0xa3,0x7e,0x0f,0xde,0xfa,0xd9,0xec,0x6c,0x4e,0x3c,0x76,0x86,0xe4};
++    static UCHAR expected4[] =
++        {0xe1,0x82,0xc3,0xc0,0x24,0xfb,0x86,0x85,0xf3,0xf1,0x2b,0x7d,0x09,0xb4,0x73,0x67,
++         0x86,0x64,0xc3,0xfe,0xa3,0x07,0x61,0xf8,0x16,0xc9,0x78,0x7f,0xe7,0xb1,0xc4,0x94};
++    static UCHAR expected_tag[] =
++        {0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0};
++    static UCHAR expected_tag2[] =
++        {0x9a,0x92,0x32,0x2c,0x61,0x2a,0xae,0xef,0x66,0x2a,0xfb,0x55,0xe9,0x48,0xdf,0xbd};
++    BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO auth_info;
++    UCHAR *buf, ciphertext[48], ivbuf[16], tag[16];
++    BCRYPT_AUTH_TAG_LENGTHS_STRUCT tag_length;
+     BCRYPT_ALG_HANDLE aes;
+     BCRYPT_KEY_HANDLE key;
+-    UCHAR *buf, ciphertext[48], ivbuf[16];
+     ULONG size, len, i;
+     NTSTATUS ret;
+ 
+     ret = pBCryptOpenAlgorithmProvider(&aes, BCRYPT_AES_ALGORITHM, NULL, 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ 
++    /******************
++     * AES - CBC mode *
++     ******************/
++
+     len = 0xdeadbeef;
+     size = sizeof(len);
+     ret = pBCryptGetProperty(aes, BCRYPT_OBJECT_LENGTH, (UCHAR *)&len, sizeof(len), &size, 0);
+@@ -1054,12 +1069,101 @@ static void test_BCryptEncrypt(void)
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+     HeapFree(GetProcessHeap(), 0, buf);
+ 
++    /******************
++     * AES - GCM mode *
++     ******************/
++
++    size = 0;
++    ret = BCryptGetProperty(aes, BCRYPT_AUTH_TAG_LENGTH, NULL, 0, &size, 0);
++    todo_wine ok(ret == STATUS_NOT_SUPPORTED, "got %08x\n", ret);
++
++    ret = BCryptSetProperty(aes, BCRYPT_CHAINING_MODE, (UCHAR*)BCRYPT_CHAIN_MODE_GCM, sizeof(BCRYPT_CHAIN_MODE_GCM), 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++
++    size = 0;
++    ret = BCryptGetProperty(aes, BCRYPT_AUTH_TAG_LENGTH, NULL, 0, &size, 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    todo_wine ok(size == sizeof(tag_length), "got %u\n", size);
++
++    size = 0;
++    memset(&tag_length, 0, sizeof(tag_length));
++    ret = BCryptGetProperty(aes, BCRYPT_AUTH_TAG_LENGTH, (UCHAR*)&tag_length, sizeof(tag_length), &size, 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    todo_wine ok(size == sizeof(tag_length), "got %u\n", size);
++    todo_wine ok(tag_length.dwMinLength == 12, "Expected 12, got %d\n", tag_length.dwMinLength);
++    todo_wine ok(tag_length.dwMaxLength == 16, "Expected 16, got %d\n", tag_length.dwMaxLength);
++    todo_wine ok(tag_length.dwIncrement == 1, "Expected 1, got %d\n", tag_length.dwIncrement);
++
++    len = 0xdeadbeef;
++    size = sizeof(len);
++    ret = pBCryptGetProperty(aes, BCRYPT_OBJECT_LENGTH, (UCHAR *)&len, sizeof(len), &size, 0);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++
++    buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
++    ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret, sizeof(secret), 0);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++
++    memset(&auth_info, 0, sizeof(auth_info));
++    auth_info.cbSize = sizeof(auth_info);
++    auth_info.dwInfoVersion = 1;
++    auth_info.pbNonce = nonce;
++    auth_info.cbNonce = sizeof(nonce);
++    auth_info.pbTag = tag;
++    auth_info.cbTag = sizeof(tag);
++
++    /* input size is a multiple of block size */
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(ciphertext, 0xff, sizeof(ciphertext));
++    memset(tag, 0xff, sizeof(tag));
++    ret = pBCryptEncrypt(key, data2, 32, &auth_info, ivbuf, 16, ciphertext, 32, &size, 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    todo_wine ok(size == 32, "got %u\n", size);
++    todo_wine ok(!memcmp(ciphertext, expected4, sizeof(expected4)), "wrong data\n");
++    todo_wine ok(!memcmp(tag, expected_tag, sizeof(expected_tag)), "wrong tag\n");
++    for (i = 0; i < 32; i++)
++        todo_wine ok(ciphertext[i] == expected4[i], "%u: %02x != %02x\n", i, ciphertext[i], expected4[i]);
++    for (i = 0; i < 16; i++)
++        todo_wine ok(tag[i] == expected_tag[i], "%u: %02x != %02x\n", i, tag[i], expected_tag[i]);
++
++    /* input size is not multiple of block size */
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(ciphertext, 0xff, sizeof(ciphertext));
++    memset(tag, 0xff, sizeof(tag));
++    ret = pBCryptEncrypt(key, data2, 24, &auth_info, ivbuf, 16, ciphertext, 24, &size, 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    todo_wine ok(size == 24, "got %u\n", size);
++    todo_wine ok(!memcmp(ciphertext, expected4, 24), "wrong data\n");
++    todo_wine ok(!memcmp(tag, expected_tag2, sizeof(expected_tag2)), "wrong tag\n");
++    for (i = 0; i < 24; i++)
++        todo_wine ok(ciphertext[i] == expected4[i], "%u: %02x != %02x\n", i, ciphertext[i], expected4[i]);
++    for (i = 0; i < 16; i++)
++        todo_wine ok(tag[i] == expected_tag2[i], "%u: %02x != %02x\n", i, tag[i], expected_tag2[i]);
++
++    /* test with padding */
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(ciphertext, 0, sizeof(ciphertext));
++    ret = pBCryptEncrypt(key, data2, 32, &auth_info, ivbuf, 16, ciphertext, 32, &size, BCRYPT_BLOCK_PADDING);
++    todo_wine ok(ret == STATUS_BUFFER_TOO_SMALL, "got %08x\n", ret);
++
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(ciphertext, 0, sizeof(ciphertext));
++    ret = pBCryptEncrypt(key, data2, 32, &auth_info, ivbuf, 16, ciphertext, 48, &size, BCRYPT_BLOCK_PADDING);
++    todo_wine ok(ret == STATUS_INVALID_PARAMETER, "got %08x\n", ret);
++
++    ret = pBCryptDestroyKey(key);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    HeapFree(GetProcessHeap(), 0, buf);
++
+     ret = pBCryptCloseAlgorithmProvider(aes, 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ }
+ 
+ static void test_BCryptDecrypt(void)
+ {
++    static UCHAR nonce[] =
++        {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x10, 0x20, 0x30, 0x40, 0x50, 0x60};
+     static UCHAR secret[] =
+         {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f};
+     static UCHAR iv[] =
+@@ -1081,6 +1185,12 @@ static void test_BCryptDecrypt(void)
+         {0xc6,0xa1,0x3b,0x37,0x87,0x8f,0x5b,0x82,0x6f,0x4f,0x81,0x62,0xa1,0xc8,0xd8,0x79,
+          0xb1,0xa2,0x92,0x73,0xbe,0x2c,0x42,0x07,0xa5,0xac,0xe3,0x93,0x39,0x8c,0xb6,0xfb,
+          0x87,0x5d,0xea,0xa3,0x7e,0x0f,0xde,0xfa,0xd9,0xec,0x6c,0x4e,0x3c,0x76,0x86,0xe4};
++    static UCHAR ciphertext4[] =
++        {0xe1,0x82,0xc3,0xc0,0x24,0xfb,0x86,0x85,0xf3,0xf1,0x2b,0x7d,0x09,0xb4,0x73,0x67,
++         0x86,0x64,0xc3,0xfe,0xa3,0x07,0x61,0xf8,0x16,0xc9,0x78,0x7f,0xe7,0xb1,0xc4,0x94};
++    static UCHAR tag[] =
++        {0x89,0xb3,0x92,0x00,0x39,0x20,0x09,0xb4,0x6a,0xd6,0xaf,0xca,0x4b,0x5b,0xfd,0xd0};
++    BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO auth_info;
+     BCRYPT_ALG_HANDLE aes;
+     BCRYPT_KEY_HANDLE key;
+     UCHAR *buf, plaintext[48], ivbuf[16];
+@@ -1090,6 +1200,10 @@ static void test_BCryptDecrypt(void)
+     ret = pBCryptOpenAlgorithmProvider(&aes, BCRYPT_AES_ALGORITHM, NULL, 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ 
++    /******************
++     * AES - CBC mode *
++     ******************/
++
+     len = 0xdeadbeef;
+     size = sizeof(len);
+     ret = pBCryptGetProperty(aes, BCRYPT_OBJECT_LENGTH, (UCHAR *)&len, sizeof(len), &size, 0);
+@@ -1187,6 +1301,45 @@ static void test_BCryptDecrypt(void)
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+     HeapFree(GetProcessHeap(), 0, buf);
+ 
++    /******************
++     * AES - GCM mode *
++     ******************/
++
++    ret = BCryptSetProperty(aes, BCRYPT_CHAINING_MODE, (UCHAR*)BCRYPT_CHAIN_MODE_GCM, sizeof(BCRYPT_CHAIN_MODE_GCM), 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++
++    buf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
++    ret = pBCryptGenerateSymmetricKey(aes, &key, buf, len, secret, sizeof(secret), 0);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++
++    memset(&auth_info, 0, sizeof(auth_info));
++    auth_info.cbSize = sizeof(auth_info);
++    auth_info.dwInfoVersion = 1;
++    auth_info.pbNonce = nonce;
++    auth_info.cbNonce = sizeof(nonce);
++    auth_info.pbTag = tag;
++    auth_info.cbTag = sizeof(tag);
++
++    /* input size is a multiple of block size */
++    size = 0;
++    memcpy(ivbuf, iv, sizeof(iv));
++    memset(plaintext, 0, sizeof(plaintext));
++    ret = pBCryptDecrypt(key, ciphertext4, 32, &auth_info, ivbuf, 16, plaintext, 32, &size, 0);
++    todo_wine ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    todo_wine ok(size == 32, "got %u\n", size);
++    todo_wine ok(!memcmp(plaintext, expected3, sizeof(expected3)), "wrong data\n");
++
++    /* test with wrong tag */
++    memcpy(ivbuf, iv, sizeof(iv));
++    auth_info.pbTag = iv; /* wrong tag */
++    ret = pBCryptDecrypt(key, ciphertext4, 32, &auth_info, ivbuf, 16, plaintext, 32, &size, 0);
++    todo_wine ok(ret == STATUS_AUTH_TAG_MISMATCH, "got %08x\n", ret);
++    todo_wine ok(size == 32, "got %u\n", size);
++
++    ret = pBCryptDestroyKey(key);
++    ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
++    HeapFree(GetProcessHeap(), 0, buf);
++
+     ret = pBCryptCloseAlgorithmProvider(aes, 0);
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ }
+diff --git a/include/bcrypt.h b/include/bcrypt.h
+index 6af85e3..b8ff624 100644
+--- a/include/bcrypt.h
++++ b/include/bcrypt.h
+@@ -85,6 +85,35 @@ typedef struct _BCRYPT_ALGORITHM_IDENTIFIER
+     ULONG  dwFlags;
+ } BCRYPT_ALGORITHM_IDENTIFIER;
+ 
++typedef struct __BCRYPT_KEY_LENGTHS_STRUCT
++{
++    ULONG dwMinLength;
++    ULONG dwMaxLength;
++    ULONG dwIncrement;
++} BCRYPT_KEY_LENGTHS_STRUCT, BCRYPT_AUTH_TAG_LENGTHS_STRUCT;
++
++typedef struct _BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
++{
++    ULONG cbSize;
++    ULONG dwInfoVersion;
++    UCHAR *pbNonce;
++    ULONG cbNonce;
++    UCHAR *pbAuthData;
++    ULONG cbAuthData;
++    UCHAR *pbTag;
++    ULONG cbTag;
++    UCHAR *pbMacContext;
++    ULONG cbMacContext;
++    ULONG cbAAD;
++    ULONGLONG cbData;
++    ULONG dwFlags;
++} BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO, *PBCRYPT_AUTHENTICATED_CIPHER_MODE_INFO;
++
++#define BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO_VERSION 1
++
++#define BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG 0x00000001
++#define BCRYPT_AUTH_MODE_IN_PROGRESS_FLAG 0x00000002
++
+ typedef PVOID BCRYPT_ALG_HANDLE;
+ typedef PVOID BCRYPT_KEY_HANDLE;
+ typedef PVOID BCRYPT_HANDLE;
+diff --git a/include/ntstatus.h b/include/ntstatus.h
+index 86dad85..7026de7 100644
+--- a/include/ntstatus.h
++++ b/include/ntstatus.h
+@@ -990,6 +990,8 @@
+ 
+ #define STATUS_WOW_ASSERTION             ((NTSTATUS) 0xC0009898)
+ 
++#define STATUS_AUTH_TAG_MISMATCH         ((NTSTATUS) 0xC000A002)
++
+ #define RPC_NT_INVALID_STRING_BINDING    ((NTSTATUS) 0xC0020001)
+ #define RPC_NT_WRONG_KIND_OF_BINDING     ((NTSTATUS) 0xC0020002)
+ #define RPC_NT_INVALID_BINDING           ((NTSTATUS) 0xC0020003)
+-- 
+2.9.0
+

patches/bcrypt-Improvements/0012-bcrypt-Pass-object-to-get_-alg-hash-_property-instea.patch

@@ -0,0 +1,133 @@
+From 9f68ea60cf840c9366aefe1ab486e9d1ee192843 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Mon, 26 Dec 2016 06:18:01 +0100
+Subject: bcrypt: Pass object to get_{alg,hash}_property instead of alg_id.
+
+---
+ dlls/bcrypt/bcrypt_main.c | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index d1516cc..8a5161b 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -450,16 +450,16 @@ static NTSTATUS generic_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *
+     return STATUS_NOT_IMPLEMENTED;
+ }
+ 
+-static NTSTATUS get_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
++static NTSTATUS get_alg_property( const struct algorithm *alg, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
+ {
+     NTSTATUS status;
+     ULONG value;
+ 
+-    status = generic_alg_property( id, prop, buf, size, ret_size );
++    status = generic_alg_property( alg->id, prop, buf, size, ret_size );
+     if (status != STATUS_NOT_IMPLEMENTED)
+         return status;
+ 
+-    switch (id)
++    switch (alg->id)
+     {
+     case ALG_ID_AES:
+         if (!strcmpW( prop, BCRYPT_BLOCK_LENGTH ))
+@@ -540,7 +540,7 @@ static NTSTATUS get_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *buf,
+         return STATUS_NOT_IMPLEMENTED;
+ 
+     default:
+-        FIXME( "unsupported algorithm %u\n", id );
++        FIXME( "unsupported algorithm %u\n", alg->id );
+         return STATUS_NOT_IMPLEMENTED;
+     }
+ 
+@@ -555,11 +555,11 @@ static NTSTATUS get_alg_property( enum alg_id id, const WCHAR *prop, UCHAR *buf,
+     return STATUS_SUCCESS;
+ }
+ 
+-static NTSTATUS get_hash_property( enum alg_id id, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
++static NTSTATUS get_hash_property( const struct hash *hash, const WCHAR *prop, UCHAR *buf, ULONG size, ULONG *ret_size )
+ {
+     NTSTATUS status;
+ 
+-    status = generic_alg_property( id, prop, buf, size, ret_size );
++    status = generic_alg_property( hash->alg_id, prop, buf, size, ret_size );
+     if (status == STATUS_NOT_IMPLEMENTED)
+         FIXME( "unsupported property %s\n", debugstr_w(prop) );
+     return status;
+@@ -579,12 +579,12 @@ NTSTATUS WINAPI BCryptGetProperty( BCRYPT_HANDLE handle, LPCWSTR prop, UCHAR *bu
+     case MAGIC_ALG:
+     {
+         const struct algorithm *alg = (const struct algorithm *)object;
+-        return get_alg_property( alg->id, prop, buffer, count, res );
++        return get_alg_property( alg, prop, buffer, count, res );
+     }
+     case MAGIC_HASH:
+     {
+         const struct hash *hash = (const struct hash *)object;
+-        return get_hash_property( hash->alg_id, prop, buffer, count, res );
++        return get_hash_property( hash, prop, buffer, count, res );
+     }
+     default:
+         WARN( "unknown magic %08x\n", object->magic );
+@@ -783,34 +783,34 @@ struct key
+     ULONG              secret_len;
+ };
+ 
+-static ULONG get_block_size( enum alg_id alg )
++static ULONG get_block_size( struct algorithm *alg )
+ {
+     ULONG ret = 0, size = sizeof(ret);
+     get_alg_property( alg, BCRYPT_BLOCK_LENGTH, (UCHAR *)&ret, sizeof(ret), &size );
+     return ret;
+ }
+ 
+-static NTSTATUS key_init( struct key *key, enum alg_id id, UCHAR *secret, ULONG secret_len )
++static NTSTATUS key_init( struct key *key, struct algorithm *alg, UCHAR *secret, ULONG secret_len )
+ {
+     UCHAR *buffer;
+ 
+     if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
+ 
+-    switch (id)
++    switch (alg->id)
+     {
+     case ALG_ID_AES:
+         break;
+ 
+     default:
+-        FIXME( "algorithm %u not supported\n", id );
++        FIXME( "algorithm %u not supported\n", alg->id );
+         return STATUS_NOT_SUPPORTED;
+     }
+ 
+-    if (!(key->block_size = get_block_size( id ))) return STATUS_INVALID_PARAMETER;
++    if (!(key->block_size = get_block_size( alg ))) return STATUS_INVALID_PARAMETER;
+     if (!(buffer = HeapAlloc( GetProcessHeap(), 0, secret_len ))) return STATUS_NO_MEMORY;
+     memcpy( buffer, secret, secret_len );
+ 
+-    key->alg_id     = id;
++    key->alg_id     = alg->id;
+     key->handle     = 0;        /* initialized on first use */
+     key->secret     = buffer;
+     key->secret_len = secret_len;
+@@ -906,7 +906,7 @@ struct key
+     ULONG         block_size;
+ };
+ 
+-static NTSTATUS key_init( struct key *key, enum alg_id id, const UCHAR *secret, ULONG secret_len )
++static NTSTATUS key_init( struct key *key, struct algorithm *alg, UCHAR *secret, ULONG secret_len )
+ {
+     ERR( "support for keys not available at build time\n" );
+     return STATUS_NOT_IMPLEMENTED;
+@@ -955,7 +955,7 @@ NTSTATUS WINAPI BCryptGenerateSymmetricKey( BCRYPT_ALG_HANDLE algorithm, BCRYPT_
+     if (!(key = HeapAlloc( GetProcessHeap(), 0, sizeof(*key) ))) return STATUS_NO_MEMORY;
+     key->hdr.magic = MAGIC_KEY;
+ 
+-    if ((status = key_init( key, alg->id, secret, secret_len )))
++    if ((status = key_init( key, alg, secret, secret_len )))
+     {
+         HeapFree( GetProcessHeap(), 0, key );
+         return status;
+-- 
+2.9.0
+