Release 2.18.

Thanks Michael Müller.

patches/Compiler_Warnings/0021-d2d1-Avoid-implicit-cast-of-interface-pointer.patch

@@ -1,18 +1,18 @@
-From 929eaf5dcdca040cd82141ad5ddfdcbc6c5f4a03 Mon Sep 17 00:00:00 2001
+From 79ff79dba6d5c8008c53e4bcf5e38c3a54271091 Mon Sep 17 00:00:00 2001
 From: Sebastian Lackner <sebastian@fds-team.de>
 Date: Tue, 22 Mar 2016 21:54:26 +0100
 Subject: d2d1: Avoid implicit cast of interface pointer.
 
 ---
- dlls/d2d1/brush.c    | 6 +++---
+ dlls/d2d1/brush.c    | 8 ++++----
  dlls/d2d1/geometry.c | 6 +++---
- 2 files changed, 6 insertions(+), 6 deletions(-)
+ 2 files changed, 7 insertions(+), 7 deletions(-)
 
 diff --git a/dlls/d2d1/brush.c b/dlls/d2d1/brush.c
-index aa92318..19b0993 100644
+index 7f4c7bbb763..30d25fec4b4 100644
 --- a/dlls/d2d1/brush.c
 +++ b/dlls/d2d1/brush.c
-@@ -181,7 +181,7 @@ static void d2d_brush_init(struct d2d_brush *brush, ID2D1Factory *factory,
+@@ -251,7 +251,7 @@ static void d2d_brush_init(struct d2d_brush *brush, ID2D1Factory *factory,
  
  static inline struct d2d_brush *impl_from_ID2D1SolidColorBrush(ID2D1SolidColorBrush *iface)
  {
@@ -21,7 +21,7 @@ index aa92318..19b0993 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_solid_color_brush_QueryInterface(ID2D1SolidColorBrush *iface,
-@@ -318,7 +318,7 @@ void d2d_solid_color_brush_init(struct d2d_brush *brush, ID2D1Factory *factory,
+@@ -394,7 +394,7 @@ HRESULT d2d_solid_color_brush_create(ID2D1Factory *factory, const D2D1_COLOR_F *
  
  static inline struct d2d_brush *impl_from_ID2D1LinearGradientBrush(ID2D1LinearGradientBrush *iface)
  {
@@ -30,7 +30,16 @@ index aa92318..19b0993 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_linear_gradient_brush_QueryInterface(ID2D1LinearGradientBrush *iface,
-@@ -476,7 +476,7 @@ void d2d_linear_gradient_brush_init(struct d2d_brush *brush, ID2D1Factory *facto
+@@ -580,7 +580,7 @@ HRESULT d2d_linear_gradient_brush_create(ID2D1Factory *factory, const D2D1_LINEA
+ 
+ static inline struct d2d_brush *impl_from_ID2D1RadialGradientBrush(ID2D1RadialGradientBrush *iface)
+ {
+-    return CONTAINING_RECORD(iface, struct d2d_brush, ID2D1Brush_iface);
++    return CONTAINING_RECORD((ID2D1Brush *)iface, struct d2d_brush, ID2D1Brush_iface);
+ }
+ 
+ static HRESULT STDMETHODCALLTYPE d2d_radial_gradient_brush_QueryInterface(ID2D1RadialGradientBrush *iface,
+@@ -776,7 +776,7 @@ HRESULT d2d_radial_gradient_brush_create(ID2D1Factory *factory, const D2D1_BRUSH
  
  static inline struct d2d_brush *impl_from_ID2D1BitmapBrush(ID2D1BitmapBrush *iface)
  {
@@ -40,10 +49,10 @@ index aa92318..19b0993 100644
  
  static HRESULT STDMETHODCALLTYPE d2d_bitmap_brush_QueryInterface(ID2D1BitmapBrush *iface,
 diff --git a/dlls/d2d1/geometry.c b/dlls/d2d1/geometry.c
-index 9fa1783..125c610 100644
+index a9588985642..b8457a9e1ea 100644
 --- a/dlls/d2d1/geometry.c
 +++ b/dlls/d2d1/geometry.c
-@@ -2022,7 +2022,7 @@ static const struct ID2D1GeometrySinkVtbl d2d_geometry_sink_vtbl =
+@@ -3024,7 +3024,7 @@ static const struct ID2D1GeometrySinkVtbl d2d_geometry_sink_vtbl =
  
  static inline struct d2d_geometry *impl_from_ID2D1PathGeometry(ID2D1PathGeometry *iface)
  {
@@ -52,7 +61,7 @@ index 9fa1783..125c610 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_path_geometry_QueryInterface(ID2D1PathGeometry *iface, REFIID iid, void **out)
-@@ -2283,7 +2283,7 @@ void d2d_path_geometry_init(struct d2d_geometry *geometry, ID2D1Factory *factory
+@@ -3540,7 +3540,7 @@ void d2d_path_geometry_init(struct d2d_geometry *geometry, ID2D1Factory *factory
  
  static inline struct d2d_geometry *impl_from_ID2D1RectangleGeometry(ID2D1RectangleGeometry *iface)
  {
@@ -61,7 +70,7 @@ index 9fa1783..125c610 100644
  }
  
  static HRESULT STDMETHODCALLTYPE d2d_rectangle_geometry_QueryInterface(ID2D1RectangleGeometry *iface,
-@@ -2531,7 +2531,7 @@ HRESULT d2d_rectangle_geometry_init(struct d2d_geometry *geometry, ID2D1Factory
+@@ -3876,7 +3876,7 @@ fail:
  
  static inline struct d2d_geometry *impl_from_ID2D1TransformedGeometry(ID2D1TransformedGeometry *iface)
  {
@@ -71,5 +80,5 @@ index 9fa1783..125c610 100644
  
  static HRESULT STDMETHODCALLTYPE d2d_transformed_geometry_QueryInterface(ID2D1TransformedGeometry *iface,
 -- 
-2.7.1
+2.14.1
 

patches/Compiler_Warnings/0033-evr-Avoid-implicit-cast-of-interface-pointer.patch

@@ -0,0 +1,25 @@
+From b4586e37df817f205c8bebe319b4765dea5c62d5 Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Sun, 24 Sep 2017 19:21:06 +0200
+Subject: evr: Avoid implicit cast of interface pointer.
+
+---
+ dlls/evr/evr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dlls/evr/evr.c b/dlls/evr/evr.c
+index c2d2933211e..5533f38a649 100644
+--- a/dlls/evr/evr.c
++++ b/dlls/evr/evr.c
+@@ -136,7 +136,7 @@ static const IUnknownVtbl evr_inner_vtbl =
+ 
+ static inline evr_filter *impl_from_IBaseFilter(IBaseFilter *iface)
+ {
+-    return CONTAINING_RECORD(iface, evr_filter, filter);
++    return CONTAINING_RECORD(iface, evr_filter, filter.IBaseFilter_iface);
+ }
+ 
+ static HRESULT WINAPI filter_QueryInterface(IBaseFilter *iface, REFIID riid, void **ppv)
+-- 
+2.14.1
+

patches/advapi-LsaLookupPrivilegeName/0003-advapi32-Implement-LsaLookupPrivilegeName.patch

@@ -1,31 +1,17 @@
-From fcefc5661656de44d02fed0431b4a61fa618b663 Mon Sep 17 00:00:00 2001
+From ca415799729a5330fc9def2df8fb9c4ffef80448 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sun, 5 Mar 2017 23:50:06 +0100
 Subject: advapi32: Implement LsaLookupPrivilegeName.
 
 ---
- dlls/advapi32/advapi32.spec   |  2 +-
  dlls/advapi32/advapi32_misc.h |  2 ++
- dlls/advapi32/lsa.c           | 39 +++++++++++++++++++++++++++++++++++++++
+ dlls/advapi32/lsa.c           | 30 ++++++++++++++++++++++++++++--
  dlls/advapi32/security.c      | 27 ++++++++++++++++++---------
  include/ntsecapi.h            |  1 +
- 5 files changed, 61 insertions(+), 10 deletions(-)
+ 4 files changed, 49 insertions(+), 11 deletions(-)
 
-diff --git a/dlls/advapi32/advapi32.spec b/dlls/advapi32/advapi32.spec
-index d5503490a0..709a385967 100644
---- a/dlls/advapi32/advapi32.spec
-+++ b/dlls/advapi32/advapi32.spec
-@@ -469,7 +469,7 @@
- @ stdcall LsaLookupNames(long long ptr ptr ptr)
- @ stdcall LsaLookupNames2(ptr long long ptr ptr ptr)
- @ stub LsaLookupPrivilegeDisplayName
--# @ stub LsaLookupPrivilegeName
-+@ stdcall LsaLookupPrivilegeName(long ptr ptr)
- # @ stub LsaLookupPrivilegeValue
- @ stdcall LsaLookupSids(ptr long ptr ptr ptr)
- # @ stub LsaLookupSids2
 diff --git a/dlls/advapi32/advapi32_misc.h b/dlls/advapi32/advapi32_misc.h
-index d116ecb836..ecb07f635a 100644
+index d116ecb836e..ecb07f635a6 100644
 --- a/dlls/advapi32/advapi32_misc.h
 +++ b/dlls/advapi32/advapi32_misc.h
 @@ -68,4 +68,6 @@ static inline WCHAR *strdupAW( const char *src )
@@ -36,28 +22,20 @@ index d116ecb836..ecb07f635a 100644
 +
  #endif /* __WINE_ADVAPI32MISC_H */
 diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c
-index 3da6d19b82..af5f9dd46d 100644
+index 61c91f497eb..e6f88d2fa73 100644
 --- a/dlls/advapi32/lsa.c
 +++ b/dlls/advapi32/lsa.c
-@@ -973,3 +973,42 @@ NTSTATUS WINAPI LsaUnregisterPolicyChangeNotification(
-     FIXME("(%d,%p) stub\n", class, event);
-     return STATUS_SUCCESS;
- }
-+
-+/******************************************************************************
-+ * LsaLookupPrivilegeName [ADVAPI32.@]
-+ *
-+ */
-+NTSTATUS WINAPI LsaLookupPrivilegeName(
-+    LSA_HANDLE handle,
-+    PLUID lpLuid,
-+    PUNICODE_STRING *name)
-+{
+@@ -983,6 +983,32 @@ NTSTATUS WINAPI LsaLookupPrivilegeName(
+     LUID *luid,
+     UNICODE_STRING **name)
+ {
+-    FIXME("(%p,%p,%p) stub\n", handle, luid, name);
+-    return STATUS_NO_SUCH_PRIVILEGE;
 +    UNICODE_STRING *priv_unicode;
 +    size_t priv_size;
 +    WCHAR *strW;
 +
-+    TRACE("(%p, %p, %p)\n", handle, lpLuid, name);
++    TRACE("(%p, %p, %p)\n", handle, luid, name);
 +
 +    if (!handle)
 +        return STATUS_INVALID_HANDLE;
@@ -65,25 +43,25 @@ index 3da6d19b82..af5f9dd46d 100644
 +    if (!name)
 +        return STATUS_INVALID_PARAMETER;
 +
-+    if (lpLuid->HighPart ||
-+        (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
-+         lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE ||
-+         !WellKnownPrivNames[lpLuid->LowPart]))
++    if (luid->HighPart ||
++        (luid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
++         luid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE ||
++         !WellKnownPrivNames[luid->LowPart]))
 +        return STATUS_NO_SUCH_PRIVILEGE;
 +
-+    priv_size = (strlenW(WellKnownPrivNames[lpLuid->LowPart]) + 1) * sizeof(WCHAR);
++    priv_size = (strlenW(WellKnownPrivNames[luid->LowPart]) + 1) * sizeof(WCHAR);
 +    priv_unicode = heap_alloc(sizeof(*priv_unicode) + priv_size);
 +    if (!priv_unicode) return STATUS_NO_MEMORY;
 +
 +    strW = (WCHAR *)(priv_unicode + 1);
-+    strcpyW(strW, WellKnownPrivNames[lpLuid->LowPart]);
++    strcpyW(strW, WellKnownPrivNames[luid->LowPart]);
 +    RtlInitUnicodeString(priv_unicode, strW);
 +
 +    *name = priv_unicode;
 +    return STATUS_SUCCESS;
-+}
+ }
 diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index e36792cff4..3bc8f48b19 100644
+index e36792cff4b..3bc8f48b19c 100644
 --- a/dlls/advapi32/security.c
 +++ b/dlls/advapi32/security.c
 @@ -1840,7 +1840,7 @@ static const WCHAR SE_IMPERSONATE_NAME_W[] =
@@ -147,7 +125,7 @@ index e36792cff4..3bc8f48b19 100644
      }
  }
 diff --git a/include/ntsecapi.h b/include/ntsecapi.h
-index 2bb3d312e4..0bf0eca43e 100644
+index 2bb3d312e43..0bf0eca43ed 100644
 --- a/include/ntsecapi.h
 +++ b/include/ntsecapi.h
 @@ -370,6 +370,7 @@ NTSTATUS WINAPI LsaLookupNames(LSA_HANDLE,ULONG,PLSA_UNICODE_STRING,PLSA_REFEREN
@@ -159,5 +137,5 @@ index 2bb3d312e4..0bf0eca43e 100644
  ULONG WINAPI LsaNtStatusToWinError(NTSTATUS);
  NTSTATUS WINAPI LsaOpenPolicy(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES,ACCESS_MASK,PLSA_HANDLE);
 -- 
-2.13.1
+2.14.1
 

patches/advapi32-Token_Integrity_Level/0006-ntdll-Add-function-to-create-new-tokens-for-elevatio.patch

@@ -1,4 +1,4 @@
-From fcceb1b0f1aee4ca4fe7362a4e87c4c94456f2ec Mon Sep 17 00:00:00 2001
+From 0d98f9a1ea69511f6bb2901e71c72ac715bffd27 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 01:45:29 +0200
 Subject: ntdll: Add function to create new tokens for elevation purposes.
@@ -13,10 +13,10 @@ Subject: ntdll: Add function to create new tokens for elevation purposes.
  6 files changed, 117 insertions(+)
 
 diff --git a/dlls/ntdll/ntdll.spec b/dlls/ntdll/ntdll.spec
-index 275fda57970..8f5357b944c 100644
+index 30dfa60b1a0..69bfe923234 100644
 --- a/dlls/ntdll/ntdll.spec
 +++ b/dlls/ntdll/ntdll.spec
-@@ -1487,6 +1487,9 @@
+@@ -1480,6 +1480,9 @@
  @ cdecl wine_server_send_fd(long)
  @ cdecl __wine_make_process_system()
  
@@ -27,11 +27,11 @@ index 275fda57970..8f5357b944c 100644
  @ cdecl wine_get_version() NTDLL_wine_get_version
  @ cdecl wine_get_patches() NTDLL_wine_get_patches
 diff --git a/dlls/ntdll/ntdll_misc.h b/dlls/ntdll/ntdll_misc.h
-index c6c60090d10..e64cb9e75a3 100644
+index c97b1e1f73f..030704e1727 100644
 --- a/dlls/ntdll/ntdll_misc.h
 +++ b/dlls/ntdll/ntdll_misc.h
-@@ -82,6 +82,9 @@ extern void fill_cpu_info(void) DECLSPEC_HIDDEN;
- extern void *grow_virtual_heap( HANDLE handle, SIZE_T *size ) DECLSPEC_HIDDEN;
+@@ -77,6 +77,9 @@ extern void virtual_init_threading(void) DECLSPEC_HIDDEN;
+ extern void fill_cpu_info(void) DECLSPEC_HIDDEN;
  extern void heap_set_debug_flags( HANDLE handle ) DECLSPEC_HIDDEN;
  
 +/* token */
@@ -41,7 +41,7 @@ index c6c60090d10..e64cb9e75a3 100644
  extern timeout_t server_start_time DECLSPEC_HIDDEN;
  extern unsigned int server_cpus DECLSPEC_HIDDEN;
 diff --git a/dlls/ntdll/process.c b/dlls/ntdll/process.c
-index f2eb09c142f..ba4613e87b3 100644
+index f615ce2fea7..77048003ace 100644
 --- a/dlls/ntdll/process.c
 +++ b/dlls/ntdll/process.c
 @@ -99,6 +99,24 @@ HANDLE CDECL __wine_make_process_system(void)
@@ -70,10 +70,10 @@ index f2eb09c142f..ba4613e87b3 100644
  
  #define UNIMPLEMENTED_INFO_CLASS(c) \
 diff --git a/server/protocol.def b/server/protocol.def
-index ac2e2242511..300f23fb9b6 100644
+index b5b2650c8ed..9140feee717 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3688,6 +3688,14 @@ struct handle_info
+@@ -3615,6 +3615,14 @@ struct handle_info
  @END
  
  
@@ -101,7 +101,7 @@ index 6c337143c3d..21e90ccf23f 100644
  
  /* token functions */
 diff --git a/server/token.c b/server/token.c
-index e61fe97bfa0..c9d36a5b4f3 100644
+index 3301283ee25..7abd92386ea 100644
 --- a/server/token.c
 +++ b/server/token.c
 @@ -71,6 +71,7 @@ static const SID anonymous_logon_sid = { SID_REVISION, 1, { SECURITY_NT_AUTHORIT
@@ -120,7 +120,7 @@ index e61fe97bfa0..c9d36a5b4f3 100644
  
  static luid_t prev_luid_value = { 1000, 0 };
  
-@@ -924,6 +926,64 @@ struct token *token_create_admin( void )
+@@ -915,6 +917,64 @@ struct token *token_create_admin( void )
      return token;
  }
  
@@ -185,7 +185,7 @@ index e61fe97bfa0..c9d36a5b4f3 100644
  static struct privilege *token_find_privilege( struct token *token, const LUID *luid, int enabled_only )
  {
      struct privilege *privilege;
-@@ -1738,3 +1798,27 @@ DECL_HANDLER(set_token_default_dacl)
+@@ -1729,3 +1789,27 @@ DECL_HANDLER(set_token_default_dacl)
          release_object( token );
      }
  }
@@ -214,5 +214,5 @@ index e61fe97bfa0..c9d36a5b4f3 100644
 +    }
 +}
 -- 
-2.13.1
+2.14.1
 

patches/advapi32-Token_Integrity_Level/0008-ntdll-Implement-process-token-elevation-through-mani.patch

@@ -1,4 +1,4 @@
-From 7b7147df179554c5701f5d759a7b161d79ef90f3 Mon Sep 17 00:00:00 2001
+From e15be9d22652dbf7ef027ce5f3ef3faa42139c7a Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 5 Aug 2017 03:39:55 +0200
 Subject: ntdll: Implement process token elevation through manifests.
@@ -12,13 +12,14 @@ Subject: ntdll: Implement process token elevation through manifests.
  5 files changed, 67 insertions(+)
 
 diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
-index a09eca9db75..2f6bcbde8fe 100644
+index cdf8d586c36..5162e2fc0ec 100644
 --- a/dlls/ntdll/loader.c
 +++ b/dlls/ntdll/loader.c
-@@ -3632,6 +3632,32 @@ static void load_global_options(void)
+@@ -3095,6 +3095,32 @@ static void load_global_options(void)
+ }
  
  
- /***********************************************************************
++/***********************************************************************
 + *           elevate_process
 + */
 +static void elevate_process( void )
@@ -44,11 +45,10 @@ index a09eca9db75..2f6bcbde8fe 100644
 +}
 +
 +
-+/***********************************************************************
+ /***********************************************************************
   *           start_process
   */
- static void start_process( void *arg )
-@@ -3679,6 +3705,7 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
+@@ -3111,6 +3137,7 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
                                  ULONG_PTR unknown3, ULONG_PTR unknown4 )
  {
      static const WCHAR globalflagW[] = {'G','l','o','b','a','l','F','l','a','g',0};
@@ -56,7 +56,7 @@ index a09eca9db75..2f6bcbde8fe 100644
      LARGE_INTEGER timeout;
      NTSTATUS status;
      WINE_MODREF *wm;
-@@ -3725,6 +3752,16 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
+@@ -3154,6 +3181,16 @@ void WINAPI LdrInitializeThunk( void *kernel_start, ULONG_PTR unknown2,
      if ((status = fixup_imports( wm, load_path )) != STATUS_SUCCESS) goto error;
      heap_set_debug_flags( GetProcessHeap() );
  
@@ -70,14 +70,14 @@ index a09eca9db75..2f6bcbde8fe 100644
 +        elevate_process();  /* FIXME: the process exists with a wrong token for a short time */
 +    }
 +
-     /* Store original entrypoint (in case it gets corrupted) */
-     start_params.kernel_start = kernel_start;
-     start_params.entry = wm->ldr.EntryPoint;
+     status = wine_call_on_stack( attach_process_dlls, wm, (char *)NtCurrentTeb()->Tib.StackBase - page_size );
+     if (status != STATUS_SUCCESS) goto error;
+ 
 diff --git a/server/process.c b/server/process.c
-index f0f60edcd3f..74675d343b4 100644
+index f8969433ede..10cf39d8962 100644
 --- a/server/process.c
 +++ b/server/process.c
-@@ -1146,6 +1146,14 @@ struct process_snapshot *process_snap( int *count )
+@@ -1136,6 +1136,14 @@ struct process_snapshot *process_snap( int *count )
      return snapshot;
  }
  
@@ -105,10 +105,10 @@ index 548796f9c22..262eb59627b 100644
  /* console functions */
  extern void inherit_console(struct thread *parent_thread, struct process *process, obj_handle_t hconin);
 diff --git a/server/protocol.def b/server/protocol.def
-index 300f23fb9b6..e5b598259f7 100644
+index 7590541ac8a..55cc768d21a 100644
 --- a/server/protocol.def
 +++ b/server/protocol.def
-@@ -3696,6 +3696,13 @@ struct handle_info
+@@ -3610,6 +3610,13 @@ struct handle_info
  @END
  
  
@@ -123,10 +123,10 @@ index 300f23fb9b6..e5b598259f7 100644
  @REQ(create_completion)
      unsigned int access;          /* desired access to a port */
 diff --git a/server/token.c b/server/token.c
-index c9d36a5b4f3..385ea3bbfda 100644
+index 7abd92386ea..49e84362a83 100644
 --- a/server/token.c
 +++ b/server/token.c
-@@ -1822,3 +1822,17 @@ DECL_HANDLER(create_token)
+@@ -1813,3 +1813,17 @@ DECL_HANDLER(create_token)
          release_object( token );
      }
  }
@@ -145,5 +145,5 @@ index c9d36a5b4f3..385ea3bbfda 100644
 +    }
 +}
 -- 
-2.13.1
+2.14.1
 

patches/advapi32-Token_Integrity_Level/definition

@@ -5,7 +5,6 @@ Depends: advapi32-GetExplicitEntriesFromAclW
 Depends: kernel32-COMSPEC
 Depends: kernel32-UmsStubs
 Depends: ntdll-APC_Start_Process
-Depends: ntdll-Grow_Virtual_Heap
 Depends: ntdll-TokenLogonSid
 Depends: ntdll-RunlevelInformationInActivationContext
 Depends: server-CreateProcess_ACLs

patches/api-ms-win-Stub_DLLs/0005-api-ms-win-core-heap-l2-1-0-Add-dll.patch

@@ -1,61 +0,0 @@
-From 55213631f626468dae79789336fb421aed983dc5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sat, 16 Jan 2016 20:03:48 +0100
-Subject: api-ms-win-core-heap-l2-1-0: Add dll.
-
----
- configure.ac                                                      | 1 +
- dlls/api-ms-win-core-heap-l2-1-0/Makefile.in                      | 1 +
- dlls/api-ms-win-core-heap-l2-1-0/api-ms-win-core-heap-l2-1-0.spec | 7 +++++++
- tools/make_specfiles                                              | 1 +
- 4 files changed, 10 insertions(+)
- create mode 100644 dlls/api-ms-win-core-heap-l2-1-0/Makefile.in
- create mode 100644 dlls/api-ms-win-core-heap-l2-1-0/api-ms-win-core-heap-l2-1-0.spec
-
-diff --git a/configure.ac b/configure.ac
-index 6b777c0..35e0636 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2676,6 +2676,7 @@ WINE_CONFIG_DLL(api-ms-win-core-file-l2-1-1)
- WINE_CONFIG_DLL(api-ms-win-core-handle-l1-1-0)
- WINE_CONFIG_DLL(api-ms-win-core-heap-l1-1-0)
- WINE_CONFIG_DLL(api-ms-win-core-heap-l1-2-0)
-+WINE_CONFIG_DLL(api-ms-win-core-heap-l2-1-0)
- WINE_CONFIG_DLL(api-ms-win-core-heap-obsolete-l1-1-0)
- WINE_CONFIG_DLL(api-ms-win-core-interlocked-l1-1-0)
- WINE_CONFIG_DLL(api-ms-win-core-interlocked-l1-2-0)
-diff --git a/dlls/api-ms-win-core-heap-l2-1-0/Makefile.in b/dlls/api-ms-win-core-heap-l2-1-0/Makefile.in
-new file mode 100644
-index 0000000..3caed9e
---- /dev/null
-+++ b/dlls/api-ms-win-core-heap-l2-1-0/Makefile.in
-@@ -0,0 +1 @@
-+MODULE    = api-ms-win-core-heap-l2-1-0.dll
-diff --git a/dlls/api-ms-win-core-heap-l2-1-0/api-ms-win-core-heap-l2-1-0.spec b/dlls/api-ms-win-core-heap-l2-1-0/api-ms-win-core-heap-l2-1-0.spec
-new file mode 100644
-index 0000000..81308d2
---- /dev/null
-+++ b/dlls/api-ms-win-core-heap-l2-1-0/api-ms-win-core-heap-l2-1-0.spec
-@@ -0,0 +1,7 @@
-+@ stdcall GlobalAlloc(long long) kernel32.GlobalAlloc
-+@ stdcall GlobalFree(long) kernel32.GlobalFree
-+@ stdcall LocalAlloc(long long) kernel32.LocalAlloc
-+@ stdcall LocalFree(long) kernel32.LocalFree
-+@ stdcall LocalLock(long) kernel32.LocalLock
-+@ stdcall LocalReAlloc(long long long) kernel32.LocalReAlloc
-+@ stdcall LocalUnlock(long) kernel32.LocalUnlock
-diff --git a/tools/make_specfiles b/tools/make_specfiles
-index 0bae7d4..cd4269e 100755
---- a/tools/make_specfiles
-+++ b/tools/make_specfiles
-@@ -169,6 +169,7 @@ my @dll_groups =
-   "api-ms-win-core-handle-l1-1-0",
-   "api-ms-win-core-heap-l1-1-0",
-   "api-ms-win-core-heap-l1-2-0",
-+  "api-ms-win-core-heap-l2-1-0",
-   "api-ms-win-core-heap-obsolete-l1-1-0",
-   "api-ms-win-core-io-l1-1-0",
-   "api-ms-win-core-io-l1-1-1",
--- 
-2.9.0
-

patches/api-ms-win-Stub_DLLs/0010-ext-ms-win-appmodel-usercontext-l1-1-0-Add-dll-and-a.patch

@@ -1,4 +1,4 @@
-From 23e58d6cb2f258da259a1efce72fd2e1d58a530b Mon Sep 17 00:00:00 2001
+From 9b292e1bcfc18eecb70ac34fdd302d1274f68bb0 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sun, 17 Jan 2016 17:12:45 +0100
 Subject: ext-ms-win-appmodel-usercontext-l1-1-0: Add dll and add stub for
@@ -15,11 +15,11 @@ Subject: ext-ms-win-appmodel-usercontext-l1-1-0: Add dll and add stub for
  create mode 100644 dlls/ext-ms-win-appmodel-usercontext-l1-1-0/main.c
 
 diff --git a/configure.ac b/configure.ac
-index 1d1846dbb7..e9cf69d3fe 100644
+index cd6fe607f65..3e0f37d2753 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3045,6 +3045,7 @@ WINE_CONFIG_DLL(esent)
- WINE_CONFIG_DLL(evr)
+@@ -3126,6 +3126,7 @@ WINE_CONFIG_DLL(evr)
+ WINE_CONFIG_TEST(dlls/evr/tests)
  WINE_CONFIG_DLL(explorerframe,,[clean])
  WINE_CONFIG_TEST(dlls/explorerframe/tests)
 +WINE_CONFIG_DLL(ext-ms-win-appmodel-usercontext-l1-1-0)
@@ -28,7 +28,7 @@ index 1d1846dbb7..e9cf69d3fe 100644
  WINE_CONFIG_DLL(ext-ms-win-gdi-dc-create-l1-1-1)
 diff --git a/dlls/ext-ms-win-appmodel-usercontext-l1-1-0/Makefile.in b/dlls/ext-ms-win-appmodel-usercontext-l1-1-0/Makefile.in
 new file mode 100644
-index 0000000000..16eee7588f
+index 00000000000..16eee7588ff
 --- /dev/null
 +++ b/dlls/ext-ms-win-appmodel-usercontext-l1-1-0/Makefile.in
 @@ -0,0 +1,4 @@
@@ -38,7 +38,7 @@ index 0000000000..16eee7588f
 +	main.c
 diff --git a/dlls/ext-ms-win-appmodel-usercontext-l1-1-0/ext-ms-win-appmodel-usercontext-l1-1-0.spec b/dlls/ext-ms-win-appmodel-usercontext-l1-1-0/ext-ms-win-appmodel-usercontext-l1-1-0.spec
 new file mode 100644
-index 0000000000..7642d156c9
+index 00000000000..7642d156c94
 --- /dev/null
 +++ b/dlls/ext-ms-win-appmodel-usercontext-l1-1-0/ext-ms-win-appmodel-usercontext-l1-1-0.spec
 @@ -0,0 +1,3 @@
@@ -47,7 +47,7 @@ index 0000000000..7642d156c9
 +@ stub UserContextExtSetToken
 diff --git a/dlls/ext-ms-win-appmodel-usercontext-l1-1-0/main.c b/dlls/ext-ms-win-appmodel-usercontext-l1-1-0/main.c
 new file mode 100644
-index 0000000000..7a9e75f710
+index 00000000000..7a9e75f7109
 --- /dev/null
 +++ b/dlls/ext-ms-win-appmodel-usercontext-l1-1-0/main.c
 @@ -0,0 +1,35 @@
@@ -87,5 +87,5 @@ index 0000000000..7a9e75f710
 +    return S_OK;
 +}
 -- 
-2.12.2
+2.14.1
 

patches/api-ms-win-Stub_DLLs/0013-api-ms-win-core-shlwapi-obsolete-l1-2-0-Add-dll.patch

@@ -1,113 +0,0 @@
-From 116f061509b35ca571b5a7b19477d82c94437502 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Thu, 21 Jan 2016 00:52:33 +0100
-Subject: api-ms-win-core-shlwapi-obsolete-l1-2-0: Add dll.
-
----
- configure.ac                                       |  1 +
- .../Makefile.in                                    |  1 +
- .../api-ms-win-core-shlwapi-obsolete-l1-2-0.spec   | 58 ++++++++++++++++++++++
- tools/make_specfiles                               |  1 +
- 4 files changed, 61 insertions(+)
- create mode 100644 dlls/api-ms-win-core-shlwapi-obsolete-l1-2-0/Makefile.in
- create mode 100644 dlls/api-ms-win-core-shlwapi-obsolete-l1-2-0/api-ms-win-core-shlwapi-obsolete-l1-2-0.spec
-
-diff --git a/configure.ac b/configure.ac
-index b7361d1..1ceda28 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2716,6 +2716,7 @@ WINE_CONFIG_DLL(api-ms-win-core-rtlsupport-l1-1-0)
- WINE_CONFIG_DLL(api-ms-win-core-rtlsupport-l1-2-0)
- WINE_CONFIG_DLL(api-ms-win-core-shlwapi-legacy-l1-1-0)
- WINE_CONFIG_DLL(api-ms-win-core-shlwapi-obsolete-l1-1-0)
-+WINE_CONFIG_DLL(api-ms-win-core-shlwapi-obsolete-l1-2-0)
- WINE_CONFIG_DLL(api-ms-win-core-sidebyside-l1-1-0)
- WINE_CONFIG_DLL(api-ms-win-core-string-l1-1-0)
- WINE_CONFIG_DLL(api-ms-win-core-string-l2-1-0)
-diff --git a/dlls/api-ms-win-core-shlwapi-obsolete-l1-2-0/Makefile.in b/dlls/api-ms-win-core-shlwapi-obsolete-l1-2-0/Makefile.in
-new file mode 100644
-index 0000000..3f39b0b
---- /dev/null
-+++ b/dlls/api-ms-win-core-shlwapi-obsolete-l1-2-0/Makefile.in
-@@ -0,0 +1 @@
-+MODULE    = api-ms-win-core-shlwapi-obsolete-l1-2-0.dll
-\ No newline at end of file
-diff --git a/dlls/api-ms-win-core-shlwapi-obsolete-l1-2-0/api-ms-win-core-shlwapi-obsolete-l1-2-0.spec b/dlls/api-ms-win-core-shlwapi-obsolete-l1-2-0/api-ms-win-core-shlwapi-obsolete-l1-2-0.spec
-new file mode 100644
-index 0000000..8b8b520
---- /dev/null
-+++ b/dlls/api-ms-win-core-shlwapi-obsolete-l1-2-0/api-ms-win-core-shlwapi-obsolete-l1-2-0.spec
-@@ -0,0 +1,58 @@
-+@ stdcall QISearch(long long long long) shlwapi.QISearch
-+@ stdcall StrCSpnA(str str) shlwapi.StrCSpnA
-+@ stdcall StrCSpnIA(str str) shlwapi.StrCSpnIA
-+@ stdcall StrCSpnIW(wstr wstr) shlwapi.StrCSpnIW
-+@ stdcall StrCSpnW(wstr wstr) shlwapi.StrCSpnW
-+@ stdcall StrCatBuffA(str str long) shlwapi.StrCatBuffA
-+@ stdcall StrCatBuffW(wstr wstr long) shlwapi.StrCatBuffW
-+@ stdcall StrCatChainW(ptr long long wstr) shlwapi.StrCatChainW
-+@ stdcall StrChrA(str long) shlwapi.StrChrA
-+@ stdcall StrChrIA(str long) shlwapi.StrChrIA
-+@ stdcall StrChrIW(wstr long) shlwapi.StrChrIW
-+@ stub StrChrNIW
-+@ stdcall StrChrNW(wstr long long) shlwapi.StrChrNW
-+@ stdcall StrChrW(wstr long) shlwapi.StrChrW
-+@ stdcall StrCmpCA(str str) shlwapi.StrCmpCA
-+@ stdcall StrCmpCW(wstr wstr) shlwapi.StrCmpCW
-+@ stdcall StrCmpICA(str str) shlwapi.StrCmpICA
-+@ stdcall StrCmpICW(wstr wstr) shlwapi.StrCmpICW
-+@ stdcall StrCmpIW(wstr wstr) shlwapi.StrCmpIW
-+@ stdcall StrCmpLogicalW(wstr wstr) shlwapi.StrCmpLogicalW
-+@ stdcall StrCmpNA(str str long) shlwapi.StrCmpNA
-+@ stdcall StrCmpNCA(str ptr long) shlwapi.StrCmpNCA
-+@ stdcall StrCmpNCW(wstr wstr long) shlwapi.StrCmpNCW
-+@ stdcall StrCmpNIA(str str long) shlwapi.StrCmpNIA
-+@ stdcall StrCmpNICA(long long long) shlwapi.StrCmpNICA
-+@ stdcall StrCmpNICW(wstr wstr long) shlwapi.StrCmpNICW
-+@ stdcall StrCmpNIW(wstr wstr long) shlwapi.StrCmpNIW
-+@ stdcall StrCmpNW(wstr wstr long) shlwapi.StrCmpNW
-+@ stdcall StrCmpW(wstr wstr) shlwapi.StrCmpW
-+@ stdcall StrCpyNW(ptr wstr long) shlwapi.StrCpyNW
-+@ stdcall StrDupA(str) shlwapi.StrDupA
-+@ stdcall StrDupW(wstr) shlwapi.StrDupW
-+@ stdcall StrIsIntlEqualA(long str str long) shlwapi.StrIsIntlEqualA
-+@ stdcall StrIsIntlEqualW(long wstr wstr long) shlwapi.StrIsIntlEqualW
-+@ stdcall StrPBrkA(str str) shlwapi.StrPBrkA
-+@ stdcall StrPBrkW(wstr wstr) shlwapi.StrPBrkW
-+@ stdcall StrRChrA(str str long) shlwapi.StrRChrA
-+@ stdcall StrRChrIA(str str long) shlwapi.StrRChrIA
-+@ stdcall StrRChrIW(wstr wstr long) shlwapi.StrRChrIW
-+@ stdcall StrRChrW(wstr wstr long) shlwapi.StrRChrW
-+@ stdcall StrRStrIA(str str str) shlwapi.StrRStrIA
-+@ stdcall StrRStrIW(wstr wstr wstr) shlwapi.StrRStrIW
-+@ stdcall StrSpnA(str str) shlwapi.StrSpnA
-+@ stdcall StrSpnW(wstr wstr) shlwapi.StrSpnW
-+@ stdcall StrStrA(str str) shlwapi.StrStrA
-+@ stdcall StrStrIA(str str) shlwapi.StrStrIA
-+@ stdcall StrStrIW(wstr wstr) shlwapi.StrStrIW
-+@ stdcall StrStrNIW(wstr wstr long) shlwapi.StrStrNIW
-+@ stdcall StrStrNW(wstr wstr long) shlwapi.StrStrNW
-+@ stdcall StrStrW(wstr wstr) shlwapi.StrStrW
-+@ stdcall StrToInt64ExA(str long ptr) shlwapi.StrToInt64ExA
-+@ stdcall StrToInt64ExW(wstr long ptr) shlwapi.StrToInt64ExW
-+@ stdcall StrToIntA(str) shlwapi.StrToIntA
-+@ stdcall StrToIntExA(str long ptr) shlwapi.StrToIntExA
-+@ stdcall StrToIntExW(wstr long ptr) shlwapi.StrToIntExW
-+@ stdcall StrToIntW(wstr) shlwapi.StrToIntW
-+@ stdcall StrTrimA(str str) shlwapi.StrTrimA
-+@ stdcall StrTrimW(wstr wstr) shlwapi.StrTrimW
-diff --git a/tools/make_specfiles b/tools/make_specfiles
-index 8b202da..0f58756 100755
---- a/tools/make_specfiles
-+++ b/tools/make_specfiles
-@@ -235,6 +235,7 @@ my @dll_groups =
-   "api-ms-win-core-registryuserspecific-l1-1-0",
-   "api-ms-win-core-shlwapi-legacy-l1-1-0",
-   "api-ms-win-core-shlwapi-obsolete-l1-1-0",
-+  "api-ms-win-core-shlwapi-obsolete-l1-2-0",
-   "api-ms-win-core-url-l1-1-0",
-  ],
-  [
--- 
-2.9.0
-

patches/api-ms-win-Stub_DLLs/0015-ext-ms-win-ntuser-mouse-l1-1-0-Add-dll.patch

@@ -1,4 +1,4 @@
-From 1d6b09ecb94a11bef9142a975b1d2053696193c4 Mon Sep 17 00:00:00 2001
+From ac72ceb861a2f245f4a79e783cac404f613b40e4 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 23 Jan 2016 21:00:39 +0100
 Subject: ext-ms-win-ntuser-mouse-l1-1-0: Add dll.
@@ -13,10 +13,10 @@ Subject: ext-ms-win-ntuser-mouse-l1-1-0: Add dll.
  create mode 100644 dlls/ext-ms-win-ntuser-mouse-l1-1-0/ext-ms-win-ntuser-mouse-l1-1-0.spec
 
 diff --git a/configure.ac b/configure.ac
-index dd536e88742..6fa34f04129 100644
+index f653064bce0..9ff3018ffa0 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3105,6 +3105,7 @@ WINE_CONFIG_DLL(ext-ms-win-gdi-render-l1-1-0)
+@@ -3138,6 +3138,7 @@ WINE_CONFIG_DLL(ext-ms-win-gdi-render-l1-1-0)
  WINE_CONFIG_DLL(ext-ms-win-kernel32-package-current-l1-1-0)
  WINE_CONFIG_DLL(ext-ms-win-kernel32-package-l1-1-1)
  WINE_CONFIG_DLL(ext-ms-win-ntuser-message-l1-1-1)
@@ -43,17 +43,17 @@ index 00000000000..22128a256f1
 +@ stdcall SetCapture(long) user32.SetCapture
 +@ stdcall TrackMouseEvent(ptr) user32.TrackMouseEvent
 diff --git a/tools/make_specfiles b/tools/make_specfiles
-index c84686b111b..7e2a921ed18 100755
+index 48fae02c87f..4e5d114356c 100755
 --- a/tools/make_specfiles
 +++ b/tools/make_specfiles
-@@ -330,6 +330,7 @@ my @dll_groups =
+@@ -339,6 +339,7 @@ my @dll_groups =
    "api-ms-win-ntuser-dc-access-l1-1-0",
    "api-ms-win-rtcore-ntuser-private-l1-1-0",
    "ext-ms-win-ntuser-message-l1-1-1",
 +  "ext-ms-win-ntuser-mouse-l1-1-0",
    "ext-ms-win-ntuser-private-l1-1-1",
    "ext-ms-win-ntuser-rectangle-ext-l1-1-0",
-   "ext-ms-win-ntuser-uicontext-ext-l1-1-0",
+   "api-ms-win-ntuser-rectangle-l1-1-0",
 -- 
-2.13.1
+2.14.1
 

patches/api-ms-win-Stub_DLLs/0019-api-ms-win-rtcore-ntuser-draw-l1-1-0-Add-dll.patch

@@ -1,4 +1,4 @@
-From d1fc786a0fe69d811970d4edd1403e1383b9d5f8 Mon Sep 17 00:00:00 2001
+From acffeda04d634fcbf0e35734f2d758c4db558e53 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
 Date: Sat, 23 Jan 2016 21:08:48 +0100
 Subject: api-ms-win-rtcore-ntuser-draw-l1-1-0: Add dll.
@@ -13,11 +13,11 @@ Subject: api-ms-win-rtcore-ntuser-draw-l1-1-0: Add dll.
  create mode 100644 dlls/api-ms-win-rtcore-ntuser-draw-l1-1-0/api-ms-win-rtcore-ntuser-draw-l1-1-0.spec
 
 diff --git a/configure.ac b/configure.ac
-index 2e2bcd12af6..d6a4e04dd8d 100644
+index 6621de58f49..db6567341b4 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -2856,6 +2856,7 @@ WINE_CONFIG_DLL(api-ms-win-mm-mme-l1-1-0)
- WINE_CONFIG_DLL(api-ms-win-ntuser-dc-access-l1-1-0)
+@@ -2897,6 +2897,7 @@ WINE_CONFIG_DLL(api-ms-win-ntuser-dc-access-l1-1-0)
+ WINE_CONFIG_DLL(api-ms-win-ntuser-rectangle-l1-1-0)
  WINE_CONFIG_DLL(api-ms-win-power-base-l1-1-0)
  WINE_CONFIG_DLL(api-ms-win-power-setting-l1-1-0)
 +WINE_CONFIG_DLL(api-ms-win-rtcore-ntuser-draw-l1-1-0)
@@ -39,10 +39,10 @@ index 00000000000..59900a93eb5
 @@ -0,0 +1 @@
 +@ stdcall RedrawWindow(long ptr long long) user32.RedrawWindow
 diff --git a/tools/make_specfiles b/tools/make_specfiles
-index 2748a12d038..b9959cc51f1 100755
+index d62172215fc..82717b9ceb3 100755
 --- a/tools/make_specfiles
 +++ b/tools/make_specfiles
-@@ -314,6 +314,7 @@ my @dll_groups =
+@@ -337,6 +337,7 @@ my @dll_groups =
    "api-ms-win-core-string-l2-1-0",
    "api-ms-win-downlevel-user32-l1-1-0",
    "api-ms-win-ntuser-dc-access-l1-1-0",
@@ -51,5 +51,5 @@ index 2748a12d038..b9959cc51f1 100755
    "api-ms-win-rtcore-ntuser-window-l1-1-0",
    "ext-ms-win-ntuser-message-l1-1-1",
 -- 
-2.12.2
+2.14.1
 

patches/comctl32-TTM_ADDTOOLW/0001-comctl32-tooltip-Protect-TTM_ADDTOOLW-from-invalid-t.patch

@@ -66,13 +66,13 @@ index 8bf6919..eea1d2e 100644
              }
              else if (isW) {
 -                INT len = lstrlenW (ti->lpszText);
--                TRACE("add text %s!\n", debugstr_w(ti->lpszText));
+-                TRACE("add text %s\n", debugstr_w(ti->lpszText));
 -                toolPtr->lpszText =	Alloc ((len + 1)*sizeof(WCHAR));
 -                strcpyW (toolPtr->lpszText, ti->lpszText);
 +                __TRY
 +                {
 +                    INT len = lstrlenW (ti->lpszText);
-+                    TRACE("add text %s!\n", debugstr_w(ti->lpszText));
++                    TRACE("add text %s\n", debugstr_w(ti->lpszText));
 +                    toolPtr->lpszText =	Alloc ((len + 1)*sizeof(WCHAR));
 +                    strcpyW (toolPtr->lpszText, ti->lpszText);
 +                }

patches/crypt32-ECDSA_Cert_Chains/0002-include-Add-ecdsa-and-asymmetric-key-related-bcrypt-.patch

@@ -0,0 +1,86 @@
+From 4deacb4fe26419c2c3e7e9e7b194736e2f0b6063 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Fri, 29 Sep 2017 18:49:09 +0200
+Subject: include: Add ecdsa and asymmetric key related bcrypt definitions.
+
+---
+ include/bcrypt.h   | 28 ++++++++++++++++++++++++++++
+ include/ntstatus.h |  2 ++
+ 2 files changed, 30 insertions(+)
+
+diff --git a/include/bcrypt.h b/include/bcrypt.h
+index de812ffe333..f524cb9afdc 100644
+--- a/include/bcrypt.h
++++ b/include/bcrypt.h
+@@ -61,6 +61,8 @@ typedef LONG NTSTATUS;
+ #define BCRYPT_OPAQUE_KEY_BLOB   (const WCHAR []){'O','p','a','q','u','e','K','e','y','B','l','o','b',0}
+ #define BCRYPT_KEY_DATA_BLOB     (const WCHAR []){'K','e','y','D','a','t','a','B','l','o','b',0}
+ #define BCRYPT_AES_WRAP_KEY_BLOB (const WCHAR []){'R','f','c','3','5','6','5','K','e','y','W','r','a','p','B','l','o','b',0}
++#define BCRYPT_ECCPUBLIC_BLOB    (const WCHAR []){'E','C','C','P','U','B','L','I','C','B','L','O','B',0}
++#define BCRYPT_ECCPRIVATE_BLOB   (const WCHAR []){'E','C','C','P','R','I','V','A','T','E','B','L','O','B',0}
+ 
+ #define MS_PRIMITIVE_PROVIDER (const WCHAR [])\
+     {'M','i','c','r','o','s','o','f','t',' ','P','r','i','m','i','t','i','v','e',' ','P','r','o','v','i','d','e','r',0}
+@@ -74,6 +76,9 @@ typedef LONG NTSTATUS;
+ #define BCRYPT_SHA256_ALGORITHM     (const WCHAR []){'S','H','A','2','5','6',0}
+ #define BCRYPT_SHA384_ALGORITHM     (const WCHAR []){'S','H','A','3','8','4',0}
+ #define BCRYPT_SHA512_ALGORITHM     (const WCHAR []){'S','H','A','5','1','2',0}
++#define BCRYPT_ECDSA_P256_ALGORITHM (const WCHAR []){'E','C','D','S','A','_','P','2','5','6',0}
++#define BCRYPT_ECDSA_P384_ALGORITHM (const WCHAR []){'E','C','D','S','A','_','P','3','8','4',0}
++#define BCRYPT_ECDSA_P521_ALGORITHM (const WCHAR []){'E','C','D','S','A','_','P','5','2','1',0}
+ 
+ #define BCRYPT_CHAIN_MODE_NA        (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','N','/','A',0}
+ #define BCRYPT_CHAIN_MODE_CBC       (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','C','B','C',0}
+@@ -82,6 +87,13 @@ typedef LONG NTSTATUS;
+ #define BCRYPT_CHAIN_MODE_CCM       (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','C','C','M',0}
+ #define BCRYPT_CHAIN_MODE_GCM       (const WCHAR []){'C','h','a','i','n','i','n','g','M','o','d','e','G','C','M',0}
+ 
++#define BCRYPT_ECDSA_PUBLIC_P256_MAGIC  0x31534345
++#define BCRYPT_ECDSA_PRIVATE_P256_MAGIC 0x32534345
++#define BCRYPT_ECDSA_PUBLIC_P384_MAGIC  0x33534345
++#define BCRYPT_ECDSA_PRIVATE_P384_MAGIC 0x34534345
++#define BCRYPT_ECDSA_PUBLIC_P521_MAGIC  0x35534345
++#define BCRYPT_ECDSA_PRIVATE_P521_MAGIC 0x36534345
++
+ typedef struct _BCRYPT_ALGORITHM_IDENTIFIER
+ {
+     LPWSTR pszName;
+@@ -120,6 +132,22 @@ typedef struct _BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
+     ULONG dwFlags;
+ } BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO, *PBCRYPT_AUTHENTICATED_CIPHER_MODE_INFO;
+ 
++typedef struct _BCRYPT_ECCKEY_BLOB
++{
++    ULONG dwMagic;
++    ULONG cbKey;
++} BCRYPT_ECCKEY_BLOB, *PBCRYPT_ECCKEY_BLOB;
++
++typedef struct _BCRYPT_PKCS1_PADDING_INFO
++{
++    LPCWSTR pszAlgId;
++} BCRYPT_PKCS1_PADDING_INFO;
++
++#define BCRYPT_PAD_NONE   0x00000001
++#define BCRYPT_PAD_PKCS1  0x00000002
++#define BCRYPT_PAD_OAEP   0x00000004
++#define BCRYPT_PAD_PSS    0x00000008
++
+ #define BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO_VERSION 1
+ 
+ #define BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG 0x00000001
+diff --git a/include/ntstatus.h b/include/ntstatus.h
+index 7026de7f85f..735b6c2c41c 100644
+--- a/include/ntstatus.h
++++ b/include/ntstatus.h
+@@ -990,6 +990,8 @@
+ 
+ #define STATUS_WOW_ASSERTION             ((NTSTATUS) 0xC0009898)
+ 
++#define STATUS_INVALID_SIGNATURE         ((NTSTATUS) 0xC000A000)
++#define STATUS_HMAC_NOT_SUPPORTED        ((NTSTATUS) 0xC000A001)
+ #define STATUS_AUTH_TAG_MISMATCH         ((NTSTATUS) 0xC000A002)
+ 
+ #define RPC_NT_INVALID_STRING_BINDING    ((NTSTATUS) 0xC0020001)
+-- 
+2.14.1
+

patches/crypt32-ECDSA_Cert_Chains/0003-bcrypt-tests-Add-basic-test-for-ecdsa.patch

@@ -0,0 +1,109 @@
+From bbc4343e5ce6b5a5404dbd9d61ce7f49f042da52 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Fri, 29 Sep 2017 18:50:04 +0200
+Subject: bcrypt/tests: Add basic test for ecdsa.
+
+---
+ dlls/bcrypt/tests/bcrypt.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 65 insertions(+)
+
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index ae48914b5de..be901202970 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -50,6 +50,8 @@ static NTSTATUS (WINAPI *pBCryptDestroyKey)(BCRYPT_KEY_HANDLE);
+ static NTSTATUS (WINAPI *pBCryptImportKey)(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, BCRYPT_KEY_HANDLE *,
+                                            PUCHAR, ULONG, PUCHAR, ULONG, ULONG);
+ static NTSTATUS (WINAPI *pBCryptExportKey)(BCRYPT_KEY_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, PUCHAR, ULONG, ULONG *, ULONG);
++static NTSTATUS (WINAPI *pBCryptImportKeyPair)(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, BCRYPT_KEY_HANDLE *, UCHAR *, ULONG, ULONG);
++static NTSTATUS (WINAPI *pBCryptVerifySignature)(BCRYPT_KEY_HANDLE, VOID *, UCHAR *, ULONG, UCHAR *, ULONG, ULONG);
+ 
+ static void test_BCryptGenRandom(void)
+ {
+@@ -1635,6 +1637,66 @@ static void test_key_import_export(void)
+     ok(ret == STATUS_SUCCESS, "got %08x\n", ret);
+ }
+ 
++static BYTE eccPubkey[] =
++{
++    /* X */
++    0x3b, 0x3c, 0x34, 0xc8, 0x3f, 0x15, 0xea, 0x02, 0x68, 0x46, 0x69, 0xdf, 0x0c, 0xa6, 0xee, 0x7a,
++    0xd9, 0x82, 0x08, 0x9b, 0x37, 0x53, 0x42, 0xf3, 0x13, 0x63, 0xda, 0x65, 0x79, 0xe8, 0x04, 0x9e,
++    /* Y */
++    0x8c, 0x77, 0xc4, 0x33, 0x77, 0xd9, 0x5a, 0x7f, 0x60, 0x7b, 0x98, 0xce, 0xf3, 0x96, 0x56, 0xd6,
++    0xb5, 0x8d, 0x87, 0x7a, 0x00, 0x2b, 0xf3, 0x70, 0xb3, 0x90, 0x73, 0xa0, 0x56, 0x06, 0x3b, 0x22,
++};
++static BYTE certHash[] =
++{
++    0x28, 0x19, 0x0f, 0x15, 0x6d, 0x75, 0xcc, 0xcf, 0x62, 0xf1, 0x5e, 0xe6, 0x8a, 0xc3, 0xf0, 0x5d,
++    0x89, 0x28, 0x2d, 0x48, 0xd8, 0x73, 0x7c, 0x05, 0x05, 0x8e, 0xbc, 0xce, 0x28, 0xb7, 0xba, 0xc9,
++};
++static BYTE certSignature[] =
++{
++    /* r */
++    0xd7, 0x29, 0xce, 0x5a, 0xef, 0x74, 0x85, 0xd1, 0x18, 0x5f, 0x6e, 0xf1, 0xba, 0x53, 0xd4, 0xcd,
++    0xdd, 0xe0, 0x5d, 0xf1, 0x5e, 0x48, 0x51, 0xea, 0x63, 0xc0, 0xe8, 0xe2, 0xf6, 0xfa, 0x4c, 0xaf,
++    /* s */
++    0xe3, 0x94, 0x15, 0x3b, 0x6c, 0x71, 0x6e, 0x44, 0x22, 0xcb, 0xa0, 0x88, 0xcd, 0x0a, 0x5a, 0x50,
++    0x29, 0x7c, 0x5c, 0xd6, 0x6c, 0xd2, 0xe0, 0x7f, 0xcd, 0x02, 0x92, 0x21, 0x4c, 0x2c, 0x92, 0xee,
++};
++
++static void test_ECDSA(void)
++{
++    BYTE buffer[sizeof(BCRYPT_ECCKEY_BLOB) + sizeof(eccPubkey)];
++    BCRYPT_ECCKEY_BLOB *ecckey = (void *)buffer;
++    BCRYPT_ALG_HANDLE alg = NULL;
++    BCRYPT_KEY_HANDLE key = NULL;
++    NTSTATUS status;
++
++    status = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_ECDSA_P256_ALGORITHM, NULL, 0);
++    if (status)
++    {
++        todo_wine win_skip("Failed to open ECDSA provider: %08x, skipping test\n", status);
++        return;
++    }
++
++    ecckey->dwMagic = BCRYPT_ECDSA_PUBLIC_P256_MAGIC;
++    memcpy(ecckey + 1, eccPubkey, sizeof(eccPubkey));
++
++    ecckey->cbKey = 2;
++    status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, &key, buffer, sizeof(buffer), 0);
++    ok(status == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", status);
++
++    ecckey->cbKey = sizeof(eccPubkey) / 2;
++    status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, &key, buffer, sizeof(buffer), 0);
++    ok(!status, "BCryptImportKeyPair failed: %08x\n", status);
++
++    status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0);
++    ok(status == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", status);
++
++    status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash), certSignature, sizeof(certSignature), 0);
++    ok(!status, "BCryptVerifySignature failed: %08x\n", status);
++
++    pBCryptDestroyKey(key);
++    pBCryptCloseAlgorithmProvider(alg, 0);
++}
++
+ START_TEST(bcrypt)
+ {
+     HMODULE module;
+@@ -1665,6 +1727,8 @@ START_TEST(bcrypt)
+     pBCryptDestroyKey = (void *)GetProcAddress(module, "BCryptDestroyKey");
+     pBCryptImportKey = (void *)GetProcAddress(module, "BCryptImportKey");
+     pBCryptExportKey = (void *)GetProcAddress(module, "BCryptExportKey");
++    pBCryptImportKeyPair = (void *)GetProcAddress(module, "BCryptImportKeyPair");
++    pBCryptVerifySignature = (void *)GetProcAddress(module, "BCryptVerifySignature");
+ 
+     test_BCryptGenRandom();
+     test_BCryptGetFipsAlgorithmMode();
+@@ -1679,6 +1743,7 @@ START_TEST(bcrypt)
+     test_BCryptEncrypt();
+     test_BCryptDecrypt();
+     test_key_import_export();
++    test_ECDSA();
+ 
+     if (pBCryptHash) /* >= Win 10 */
+         test_BcryptHash();
+-- 
+2.14.1
+

patches/crypt32-ECDSA_Cert_Chains/0004-bcrypt-Implement-importing-of-ecdsa-keys.patch

@@ -0,0 +1,308 @@
+From 745f8d61f2335efb96078f937ca113f144892cc3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Fri, 29 Sep 2017 19:18:58 +0200
+Subject: bcrypt: Implement importing of ecdsa keys.
+
+---
+ dlls/bcrypt/bcrypt.spec    |   4 +-
+ dlls/bcrypt/bcrypt_main.c  | 156 ++++++++++++++++++++++++++++++++++++++++++---
+ dlls/bcrypt/tests/bcrypt.c |   6 +-
+ include/bcrypt.h           |   2 +
+ 4 files changed, 154 insertions(+), 14 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt.spec b/dlls/bcrypt/bcrypt.spec
+index f8a8c45a1d5..5d21b4646cc 100644
+--- a/dlls/bcrypt/bcrypt.spec
++++ b/dlls/bcrypt/bcrypt.spec
+@@ -32,7 +32,7 @@
+ @ stdcall BCryptHash(ptr ptr long ptr long ptr long)
+ @ stdcall BCryptHashData(ptr ptr long long)
+ @ stdcall BCryptImportKey(ptr ptr wstr ptr ptr long ptr long long)
+-@ stub BCryptImportKeyPair
++@ stdcall BCryptImportKeyPair(ptr ptr wstr ptr ptr long long)
+ @ stdcall BCryptOpenAlgorithmProvider(ptr wstr wstr long)
+ @ stub BCryptQueryContextConfiguration
+ @ stub BCryptQueryContextFunctionConfiguration
+@@ -50,7 +50,7 @@
+ @ stub BCryptSignHash
+ @ stub BCryptUnregisterConfigChangeNotify
+ @ stub BCryptUnregisterProvider
+-@ stub BCryptVerifySignature
++@ stdcall BCryptVerifySignature(ptr ptr ptr long ptr long long)
+ @ stub GetAsymmetricEncryptionInterface
+ @ stub GetCipherInterface
+ @ stub GetHashInterface
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index 4e1992292cd..f822a7aadf3 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -181,7 +181,9 @@ enum alg_id
+     ALG_ID_SHA1,
+     ALG_ID_SHA256,
+     ALG_ID_SHA384,
+-    ALG_ID_SHA512
++    ALG_ID_SHA512,
++    ALG_ID_ECDSA_P256,
++    ALG_ID_ECDSA_P384,
+ };
+ 
+ enum mode_id
+@@ -201,13 +203,15 @@ static const struct {
+     const WCHAR *alg_name;
+     BOOL symmetric;
+ } alg_props[] = {
+-    /* ALG_ID_AES    */ {  654,    0,    0, BCRYPT_AES_ALGORITHM,    TRUE  },
+-    /* ALG_ID_MD5    */ {  274,   16,  512, BCRYPT_MD5_ALGORITHM,    FALSE },
+-    /* ALG_ID_RNG    */ {    0,    0,    0, BCRYPT_RNG_ALGORITHM,    FALSE },
+-    /* ALG_ID_SHA1   */ {  278,   20,  512, BCRYPT_SHA1_ALGORITHM,   FALSE },
+-    /* ALG_ID_SHA256 */ {  286,   32,  512, BCRYPT_SHA256_ALGORITHM, FALSE },
+-    /* ALG_ID_SHA384 */ {  382,   48, 1024, BCRYPT_SHA384_ALGORITHM, FALSE },
+-    /* ALG_ID_SHA512 */ {  382,   64, 1024, BCRYPT_SHA512_ALGORITHM, FALSE },
++    /* ALG_ID_AES    */     {  654,    0,    0, BCRYPT_AES_ALGORITHM,        TRUE  },
++    /* ALG_ID_MD5    */     {  274,   16,  512, BCRYPT_MD5_ALGORITHM,        FALSE },
++    /* ALG_ID_RNG    */     {    0,    0,    0, BCRYPT_RNG_ALGORITHM,        FALSE },
++    /* ALG_ID_SHA1   */     {  278,   20,  512, BCRYPT_SHA1_ALGORITHM,       FALSE },
++    /* ALG_ID_SHA256 */     {  286,   32,  512, BCRYPT_SHA256_ALGORITHM,     FALSE },
++    /* ALG_ID_SHA384 */     {  382,   48, 1024, BCRYPT_SHA384_ALGORITHM,     FALSE },
++    /* ALG_ID_SHA512 */     {  382,   64, 1024, BCRYPT_SHA512_ALGORITHM,     FALSE },
++    /* ALG_ID_ECDSA_P256 */ {    0,   0,     0, BCRYPT_ECDSA_P256_ALGORITHM, FALSE  },
++    /* ALG_ID_ECDSA_P384 */ {    0,   0,     0, BCRYPT_ECDSA_P384_ALGORITHM, FALSE  },
+ };
+ 
+ struct algorithm
+@@ -284,6 +288,8 @@ NTSTATUS WINAPI BCryptOpenAlgorithmProvider( BCRYPT_ALG_HANDLE *handle, LPCWSTR
+     else if (!strcmpW( id, BCRYPT_SHA256_ALGORITHM )) alg_id = ALG_ID_SHA256;
+     else if (!strcmpW( id, BCRYPT_SHA384_ALGORITHM )) alg_id = ALG_ID_SHA384;
+     else if (!strcmpW( id, BCRYPT_SHA512_ALGORITHM )) alg_id = ALG_ID_SHA512;
++    else if (!strcmpW( id, BCRYPT_ECDSA_P256_ALGORITHM )) alg_id = ALG_ID_ECDSA_P256;
++    else if (!strcmpW( id, BCRYPT_ECDSA_P384_ALGORITHM )) alg_id = ALG_ID_ECDSA_P384;
+     else
+     {
+         FIXME( "algorithm %s not supported\n", debugstr_w(id) );
+@@ -825,6 +831,12 @@ struct key_symmetric
+     ULONG              secret_len;
+ };
+ 
++struct key_asymmetric
++{
++    UCHAR             *pubkey;
++    ULONG              pubkey_len;
++};
++
+ struct key
+ {
+     struct object      hdr;
+@@ -832,6 +844,7 @@ struct key
+     union
+     {
+         struct key_symmetric s;
++        struct key_asymmetric a;
+     } u;
+ };
+ 
+@@ -871,6 +884,33 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, cons
+     return STATUS_SUCCESS;
+ }
+ 
++static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, const UCHAR *pubkey, ULONG pubkey_len )
++{
++    UCHAR *buffer;
++
++    if (!libgnutls_handle) return STATUS_INTERNAL_ERROR;
++
++    switch (alg->id)
++    {
++    case ALG_ID_ECDSA_P256:
++    case ALG_ID_ECDSA_P384:
++        break;
++
++    default:
++        FIXME( "algorithm %u not supported\n", alg->id );
++        return STATUS_NOT_SUPPORTED;
++    }
++
++    if (!(buffer = HeapAlloc( GetProcessHeap(), 0, pubkey_len ))) return STATUS_NO_MEMORY;
++    memcpy( buffer, pubkey, pubkey_len );
++
++    key->alg_id         = alg->id;
++    key->u.a.pubkey     = buffer;
++    key->u.a.pubkey_len = pubkey_len;
++
++    return STATUS_SUCCESS;
++}
++
+ static inline BOOL key_is_symmetric( struct key *key )
+ {
+     return alg_props[key->alg_id].symmetric;
+@@ -903,7 +943,13 @@ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
+     }
+     else
+     {
+-        return STATUS_NOT_IMPLEMENTED;
++        if (!(buffer = HeapAlloc( GetProcessHeap(), 0, key_orig->u.a.pubkey_len ))) return STATUS_NO_MEMORY;
++        memcpy( buffer, key_orig->u.a.pubkey, key_orig->u.a.pubkey_len );
++
++        key_copy->u.a.pubkey      = buffer;
++        key_copy->u.a.pubkey_len  = key_orig->u.a.pubkey_len;
++
++        return STATUS_SUCCESS;
+     }
+ }
+ 
+@@ -1085,6 +1131,10 @@ static NTSTATUS key_destroy( struct key *key )
+         if (key->u.s.handle) pgnutls_cipher_deinit( key->u.s.handle );
+         HeapFree( GetProcessHeap(), 0, key->u.s.secret );
+     }
++    else
++    {
++        HeapFree( GetProcessHeap(), 0, key->u.a.pubkey );
++    }
+     HeapFree( GetProcessHeap(), 0, key );
+     return STATUS_SUCCESS;
+ }
+@@ -1112,6 +1162,12 @@ static NTSTATUS key_symmetric_init( struct key *key, struct algorithm *alg, UCHA
+     return STATUS_NOT_IMPLEMENTED;
+ }
+ 
++static NTSTATUS key_asymmetric_init( struct key *key, struct algorithm *alg, const UCHAR *pubkey, ULONG pubkey_len )
++{
++    ERR( "support for keys not available at build time\n" );
++    return STATUS_NOT_IMPLEMENTED;
++}
++
+ static NTSTATUS key_duplicate( struct key *key_orig, struct key *key_copy )
+ {
+     ERR( "support for keys not available at build time\n" );
+@@ -1334,6 +1390,88 @@ NTSTATUS WINAPI BCryptExportKey( BCRYPT_KEY_HANDLE export_key, BCRYPT_KEY_HANDLE
+     return STATUS_INVALID_PARAMETER;
+ }
+ 
++NTSTATUS WINAPI BCryptImportKeyPair( BCRYPT_ALG_HANDLE algorithm, BCRYPT_KEY_HANDLE decrypt_key, const WCHAR *type,
++                                     BCRYPT_KEY_HANDLE *ret_key, UCHAR *input, ULONG input_len, ULONG flags )
++{
++    struct algorithm *alg = algorithm;
++    NTSTATUS status;
++    struct key *key;
++
++    TRACE( "%p, %p, %s, %p, %p, %u, %u\n", algorithm, decrypt_key, debugstr_w(type), ret_key, input, input_len, flags );
++
++    if (!alg || alg->hdr.magic != MAGIC_ALG) return STATUS_INVALID_HANDLE;
++    if (!ret_key || !type || !input) return STATUS_INVALID_PARAMETER;
++
++    *ret_key = NULL;
++
++    if (decrypt_key)
++    {
++        FIXME( "decrypting of key not yet supported\n" );
++        return STATUS_NOT_IMPLEMENTED;
++    }
++
++    if (!strcmpW( type, BCRYPT_ECCPUBLIC_BLOB ))
++    {
++        BCRYPT_ECCKEY_BLOB *ecc_blob = (BCRYPT_ECCKEY_BLOB *)input;
++        DWORD key_size, magic;
++
++        if (input_len < sizeof(*ecc_blob))
++            return STATUS_INVALID_PARAMETER;
++
++        switch (alg->id)
++        {
++            case ALG_ID_ECDSA_P256:
++                key_size = 32;
++                magic = BCRYPT_ECDSA_PUBLIC_P256_MAGIC;
++                break;
++            case ALG_ID_ECDSA_P384:
++                key_size = 48;
++                magic = BCRYPT_ECDSA_PUBLIC_P384_MAGIC;
++                break;
++
++            default:
++                FIXME("Algorithm %d does not yet support importing blob of type: %s\n", alg->id, debugstr_w(type));
++                return STATUS_NOT_SUPPORTED;
++        }
++
++        if (ecc_blob->dwMagic != magic)
++            return STATUS_NOT_SUPPORTED;
++
++        if (ecc_blob->cbKey != key_size)
++            return STATUS_INVALID_PARAMETER;
++
++        if (!(key = HeapAlloc( GetProcessHeap(), 0, sizeof(*key) )))
++            return STATUS_NO_MEMORY;
++
++        key->hdr.magic = MAGIC_KEY;
++        if ((status = key_asymmetric_init( key, alg, (BYTE *)(ecc_blob + 1), ecc_blob->cbKey * 2 )))
++        {
++            HeapFree( GetProcessHeap(), 0, key );
++            return status;
++        }
++
++        *ret_key = key;
++        return STATUS_SUCCESS;
++    }
++
++    FIXME( "unsupported key type %s\n", debugstr_w(type) );
++    return STATUS_NOT_SUPPORTED;
++}
++
++NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding, UCHAR *hash, ULONG hash_len,
++                                       UCHAR *signature, ULONG signature_len, ULONG flags )
++{
++    struct key *key = handle;
++
++    FIXME( "%p, %p, %p, %u, %p, %u, %08x: stub!\n", handle, padding, hash,
++           hash_len, signature, signature_len, flags );
++
++    if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
++    if (!key_is_asymmetric(key)) return STATUS_NOT_SUPPORTED;
++
++    return STATUS_NOT_IMPLEMENTED;
++}
++
+ NTSTATUS WINAPI BCryptDestroyKey( BCRYPT_KEY_HANDLE handle )
+ {
+     struct key *key = handle;
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index be901202970..20f70706430 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -1672,7 +1672,7 @@ static void test_ECDSA(void)
+     status = pBCryptOpenAlgorithmProvider(&alg, BCRYPT_ECDSA_P256_ALGORITHM, NULL, 0);
+     if (status)
+     {
+-        todo_wine win_skip("Failed to open ECDSA provider: %08x, skipping test\n", status);
++        win_skip("Failed to open ECDSA provider: %08x, skipping test\n", status);
+         return;
+     }
+ 
+@@ -1688,10 +1688,10 @@ static void test_ECDSA(void)
+     ok(!status, "BCryptImportKeyPair failed: %08x\n", status);
+ 
+     status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0);
+-    ok(status == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", status);
++    todo_wine ok(status == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", status);
+ 
+     status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash), certSignature, sizeof(certSignature), 0);
+-    ok(!status, "BCryptVerifySignature failed: %08x\n", status);
++    todo_wine ok(!status, "BCryptVerifySignature failed: %08x\n", status);
+ 
+     pBCryptDestroyKey(key);
+     pBCryptCloseAlgorithmProvider(alg, 0);
+diff --git a/include/bcrypt.h b/include/bcrypt.h
+index f524cb9afdc..3dcc953e9ed 100644
+--- a/include/bcrypt.h
++++ b/include/bcrypt.h
+@@ -185,8 +185,10 @@ NTSTATUS WINAPI BCryptGetFipsAlgorithmMode(BOOLEAN *);
+ NTSTATUS WINAPI BCryptGetProperty(BCRYPT_HANDLE, LPCWSTR, PUCHAR, ULONG, ULONG *, ULONG);
+ NTSTATUS WINAPI BCryptHash(BCRYPT_ALG_HANDLE, PUCHAR, ULONG, PUCHAR, ULONG, PUCHAR, ULONG);
+ NTSTATUS WINAPI BCryptHashData(BCRYPT_HASH_HANDLE, PUCHAR, ULONG, ULONG);
++NTSTATUS WINAPI BCryptImportKeyPair(BCRYPT_ALG_HANDLE, BCRYPT_KEY_HANDLE, LPCWSTR, BCRYPT_KEY_HANDLE *, UCHAR *, ULONG, ULONG);
+ NTSTATUS WINAPI BCryptOpenAlgorithmProvider(BCRYPT_ALG_HANDLE *, LPCWSTR, LPCWSTR, ULONG);
+ NTSTATUS WINAPI BCryptSetProperty(BCRYPT_HANDLE, LPCWSTR, PUCHAR, ULONG, ULONG);
+ NTSTATUS WINAPI BCryptDuplicateHash(BCRYPT_HASH_HANDLE, BCRYPT_HASH_HANDLE *, UCHAR *, ULONG, ULONG);
++NTSTATUS WINAPI BCryptVerifySignature(BCRYPT_KEY_HANDLE, void *, UCHAR *, ULONG, UCHAR *, ULONG, ULONG);
+ 
+ #endif  /* __WINE_BCRYPT_H */
+-- 
+2.14.1
+

patches/crypt32-ECDSA_Cert_Chains/0005-bcrypt-Implement-BCryptVerifySignature-for-ecdsa-sig.patch

@@ -0,0 +1,437 @@
+From 09e86a5b33ead90b064eeb1d728f567283dfa389 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Fri, 29 Sep 2017 20:31:00 +0200
+Subject: bcrypt: Implement BCryptVerifySignature for ecdsa signatures.
+
+---
+ dlls/bcrypt/bcrypt_main.c  | 326 ++++++++++++++++++++++++++++++++++++++++++++-
+ dlls/bcrypt/tests/bcrypt.c |   4 +-
+ 2 files changed, 326 insertions(+), 4 deletions(-)
+
+diff --git a/dlls/bcrypt/bcrypt_main.c b/dlls/bcrypt/bcrypt_main.c
+index f822a7aadf3..881f6f7eb0c 100644
+--- a/dlls/bcrypt/bcrypt_main.c
++++ b/dlls/bcrypt/bcrypt_main.c
+@@ -27,6 +27,7 @@
+ #elif defined(SONAME_LIBGNUTLS)
+ #include <gnutls/gnutls.h>
+ #include <gnutls/crypto.h>
++#include <gnutls/abstract.h>
+ #endif
+ 
+ #include "ntstatus.h"
+@@ -49,9 +50,26 @@ static HINSTANCE instance;
+ #if defined(HAVE_GNUTLS_CIPHER_INIT) && !defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H)
+ WINE_DECLARE_DEBUG_CHANNEL(winediag);
+ 
++#if GNUTLS_VERSION_MAJOR < 3
++typedef enum
++{
++    GNUTLS_ECC_CURVE_INVALID = 0,
++    GNUTLS_ECC_CURVE_SECP224R1,
++    GNUTLS_ECC_CURVE_SECP256R1,
++    GNUTLS_ECC_CURVE_SECP384R1,
++    GNUTLS_ECC_CURVE_SECP521R1,
++} gnutls_ecc_curve_t;
++#endif
++
+ /* Not present in gnutls version < 3.0 */
+ static int (*pgnutls_cipher_tag)(gnutls_cipher_hd_t handle, void *tag, size_t tag_size);
+ static int (*pgnutls_cipher_add_auth)(gnutls_cipher_hd_t handle, const void *ptext, size_t ptext_size);
++static int (*pgnutls_pubkey_import_ecc_raw)(gnutls_pubkey_t key, gnutls_ecc_curve_t curve,
++                                            const gnutls_datum_t *x, const gnutls_datum_t *y);
++static gnutls_sign_algorithm_t (*pgnutls_pk_to_sign)(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash);
++static int (*pgnutls_pubkey_verify_hash2)(gnutls_pubkey_t key, gnutls_sign_algorithm_t algo,
++                                          unsigned int flags, const gnutls_datum_t *hash,
++                                          const gnutls_datum_t *signature);
+ 
+ static void *libgnutls_handle;
+ #define MAKE_FUNCPTR(f) static typeof(f) * p##f
+@@ -64,12 +82,15 @@ MAKE_FUNCPTR(gnutls_global_init);
+ MAKE_FUNCPTR(gnutls_global_set_log_function);
+ MAKE_FUNCPTR(gnutls_global_set_log_level);
+ MAKE_FUNCPTR(gnutls_perror);
++MAKE_FUNCPTR(gnutls_pubkey_init);
++MAKE_FUNCPTR(gnutls_pubkey_deinit);
+ #undef MAKE_FUNCPTR
+ 
+ #if GNUTLS_VERSION_MAJOR < 3
+ #define GNUTLS_CIPHER_AES_192_CBC 92
+ #define GNUTLS_CIPHER_AES_128_GCM 93
+ #define GNUTLS_CIPHER_AES_256_GCM 94
++#define GNUTLS_PK_ECC 4
+ #endif
+ 
+ static int compat_gnutls_cipher_tag(gnutls_cipher_hd_t handle, void *tag, size_t tag_size)
+@@ -82,6 +103,24 @@ static int compat_gnutls_cipher_add_auth(gnutls_cipher_hd_t handle, const void *
+     return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ }
+ 
++static int compat_gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, gnutls_ecc_curve_t curve,
++                                               const gnutls_datum_t *x, const gnutls_datum_t *y)
++{
++    return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
++}
++
++static gnutls_sign_algorithm_t compat_gnutls_pk_to_sign(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash)
++{
++    return GNUTLS_SIGN_UNKNOWN;
++}
++
++static int compat_gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, gnutls_sign_algorithm_t algo,
++                                             unsigned int flags, const gnutls_datum_t *hash,
++                                             const gnutls_datum_t *signature)
++{
++    return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
++}
++
+ static void gnutls_log( int level, const char *msg )
+ {
+     TRACE( "<%d> %s", level, msg );
+@@ -113,6 +152,8 @@ static BOOL gnutls_initialize(void)
+     LOAD_FUNCPTR(gnutls_global_set_log_function)
+     LOAD_FUNCPTR(gnutls_global_set_log_level)
+     LOAD_FUNCPTR(gnutls_perror)
++    LOAD_FUNCPTR(gnutls_pubkey_init);
++    LOAD_FUNCPTR(gnutls_pubkey_deinit);
+ #undef LOAD_FUNCPTR
+ 
+     if (!(pgnutls_cipher_tag = wine_dlsym( libgnutls_handle, "gnutls_cipher_tag", NULL, 0 )))
+@@ -125,6 +166,21 @@ static BOOL gnutls_initialize(void)
+         WARN("gnutls_cipher_add_auth not found\n");
+         pgnutls_cipher_add_auth = compat_gnutls_cipher_add_auth;
+     }
++    if (!(pgnutls_pubkey_import_ecc_raw = wine_dlsym( libgnutls_handle, "gnutls_pubkey_import_ecc_raw", NULL, 0 )))
++    {
++        WARN("gnutls_pubkey_import_ecc_raw not found\n");
++        pgnutls_pubkey_import_ecc_raw = compat_gnutls_pubkey_import_ecc_raw;
++    }
++    if (!(pgnutls_pk_to_sign = wine_dlsym( libgnutls_handle, "gnutls_pk_to_sign", NULL, 0 )))
++    {
++        WARN("gnutls_pk_to_sign not found\n");
++        pgnutls_pk_to_sign = compat_gnutls_pk_to_sign;
++    }
++    if (!(pgnutls_pubkey_verify_hash2 = wine_dlsym( libgnutls_handle, "gnutls_pubkey_verify_hash2", NULL, 0 )))
++    {
++        WARN("gnutls_pubkey_verify_hash2 not found\n");
++        pgnutls_pubkey_verify_hash2 = compat_gnutls_pubkey_verify_hash2;
++    }
+ 
+     if ((ret = pgnutls_global_init()) != GNUTLS_E_SUCCESS)
+     {
+@@ -1124,6 +1180,264 @@ static NTSTATUS key_symmetric_get_secret( struct key *key, UCHAR **secret, ULONG
+     return STATUS_SUCCESS;
+ }
+ 
++struct buffer
++{
++    BYTE *buffer;
++    DWORD length;
++    DWORD pos;
++    BOOL error;
++};
++
++static void buffer_init( struct buffer *buffer )
++{
++    buffer->buffer = NULL;
++    buffer->length = 0;
++    buffer->pos = 0;
++    buffer->error = FALSE;
++}
++
++static void buffer_free( struct buffer *buffer )
++{
++    HeapFree( GetProcessHeap(), 0, buffer->buffer );
++}
++
++static void buffer_append( struct buffer *buffer, BYTE *data, DWORD len )
++{
++    if (!len) return;
++
++    if (buffer->pos + len > buffer->length)
++    {
++        DWORD new_length = max( max( buffer->pos + len, buffer->length * 2 ), 64 );
++        BYTE *new_buffer;
++
++        if (buffer->buffer)
++            new_buffer = HeapReAlloc( GetProcessHeap(), 0, buffer->buffer, new_length );
++        else
++            new_buffer = HeapAlloc( GetProcessHeap(), 0, new_length );
++
++        if (!new_buffer)
++        {
++            ERR( "out of memory\n" );
++            buffer->error = TRUE;
++            return;
++        }
++
++        buffer->buffer = new_buffer;
++        buffer->length = new_length;
++    }
++
++    memcpy( &buffer->buffer[buffer->pos], data, len );
++    buffer->pos += len;
++}
++
++static void buffer_append_byte( struct buffer *buffer, BYTE value )
++{
++    buffer_append( buffer, &value, sizeof(value) );
++}
++
++static void buffer_append_asn1_length( struct buffer *buffer, DWORD length )
++{
++    DWORD num_bytes;
++
++    if (length < 128)
++    {
++        buffer_append_byte( buffer, length );
++        return;
++    }
++
++    if (length <= 0xff) num_bytes = 1;
++    else if (length <= 0xffff) num_bytes = 2;
++    else if (length <= 0xffffff) num_bytes = 3;
++    else num_bytes = 4;
++
++    buffer_append_byte( buffer, 0x80 | num_bytes );
++    while (num_bytes--)
++        buffer_append_byte( buffer, length >> (num_bytes * 8) );
++}
++
++static void buffer_append_asn1_integer( struct buffer *buffer, BYTE *data, DWORD len )
++{
++    DWORD leading_zero = (*data & 0x80) != 0;
++
++    buffer_append_byte( buffer, 0x02 );  /* tag */
++    buffer_append_asn1_length( buffer, len + leading_zero );
++    if (leading_zero) buffer_append_byte( buffer, 0 );
++    buffer_append( buffer, data, len );
++}
++
++static void buffer_append_asn1_sequence( struct buffer *buffer, struct buffer *content )
++{
++    if (content->error)
++    {
++        buffer->error = TRUE;
++        return;
++    }
++
++    buffer_append_byte( buffer, 0x30 );  /* tag */
++    buffer_append_asn1_length( buffer, content->pos );
++    buffer_append( buffer, content->buffer, content->pos );
++}
++
++static void buffer_append_asn1_r_s( struct buffer *buffer, BYTE *r, DWORD r_len, BYTE *s, DWORD s_len )
++{
++    struct buffer value;
++
++    buffer_init( &value );
++    buffer_append_asn1_integer( &value, r, r_len );
++    buffer_append_asn1_integer( &value, s, s_len );
++    buffer_append_asn1_sequence( buffer, &value );
++    buffer_free( &value );
++}
++
++static NTSTATUS import_gnutls_pubkey_ecc( struct key *key, gnutls_pubkey_t *gnutls_key )
++{
++    gnutls_ecc_curve_t curve;
++    gnutls_datum_t x, y;
++    int ret;
++
++    switch (key->alg_id)
++    {
++        case ALG_ID_ECDSA_P256: curve = GNUTLS_ECC_CURVE_SECP256R1; break;
++        case ALG_ID_ECDSA_P384: curve = GNUTLS_ECC_CURVE_SECP384R1; break;
++
++        default:
++            FIXME( "Algorithm %d not yet supported\n", key->alg_id );
++            return STATUS_NOT_IMPLEMENTED;
++    }
++
++    if ((ret = pgnutls_pubkey_init( gnutls_key )))
++    {
++        pgnutls_perror( ret );
++        return STATUS_INTERNAL_ERROR;
++    }
++
++    x.data = key->u.a.pubkey;
++    x.size = key->u.a.pubkey_len / 2;
++    y.data = key->u.a.pubkey + x.size;
++    y.size = x.size;
++
++    if ((ret = pgnutls_pubkey_import_ecc_raw( *gnutls_key, curve, &x, &y )))
++    {
++        pgnutls_perror( ret );
++        pgnutls_pubkey_deinit( *gnutls_key );
++        return STATUS_INTERNAL_ERROR;
++    }
++
++    return STATUS_SUCCESS;
++}
++
++static NTSTATUS import_gnutls_pubkey( struct key *key,  gnutls_pubkey_t *gnutls_key)
++{
++    switch (key->alg_id)
++    {
++        case ALG_ID_ECDSA_P256:
++        case ALG_ID_ECDSA_P384:
++            return import_gnutls_pubkey_ecc( key, gnutls_key );
++
++        default:
++            FIXME("Algorithm %d not yet supported\n", key->alg_id);
++            return STATUS_NOT_IMPLEMENTED;
++    }
++}
++
++static NTSTATUS prepare_gnutls_signature_ecc( struct key *key, UCHAR *signature, ULONG signature_len,
++                                              gnutls_datum_t *gnutls_signature )
++{
++    struct buffer buffer;
++    DWORD r_len = signature_len / 2;
++    DWORD s_len = r_len;
++    BYTE *r = signature;
++    BYTE *s = signature + r_len;
++
++    buffer_init( &buffer );
++    buffer_append_asn1_r_s( &buffer, r, r_len, s, s_len );
++    if (buffer.error)
++    {
++        buffer_free( &buffer );
++        return STATUS_NO_MEMORY;
++    }
++
++    gnutls_signature->data = buffer.buffer;
++    gnutls_signature->size = buffer.pos;
++    return STATUS_SUCCESS;
++}
++
++static NTSTATUS prepare_gnutls_signature( struct key *key, UCHAR *signature, ULONG signature_len,
++                                          gnutls_datum_t *gnutls_signature )
++{
++    switch (key->alg_id)
++    {
++        case ALG_ID_ECDSA_P256:
++        case ALG_ID_ECDSA_P384:
++            return prepare_gnutls_signature_ecc( key, signature, signature_len, gnutls_signature );
++
++        default:
++            FIXME( "Algorithm %d not yet supported\n", key->alg_id );
++            return STATUS_NOT_IMPLEMENTED;
++    }
++}
++
++static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *hash, ULONG hash_len,
++                                       UCHAR *signature, ULONG signature_len, DWORD flags )
++{
++    gnutls_digest_algorithm_t hash_algo;
++    gnutls_sign_algorithm_t sign_algo;
++    gnutls_datum_t gnutls_hash, gnutls_signature;
++    gnutls_pk_algorithm_t pk_algo;
++    gnutls_pubkey_t gnutls_key;
++    NTSTATUS status;
++    int ret;
++
++    if (flags)
++        FIXME( "Flags %08x not supported\n", flags );
++
++    /* only the hash size must match, not the actual hash function */
++    switch (hash_len)
++    {
++        case 32: hash_algo = GNUTLS_DIG_SHA256; break;
++        case 48: hash_algo = GNUTLS_DIG_SHA384; break;
++
++        default:
++            FIXME( "Hash size %u not yet supported\n", hash_len );
++            return STATUS_INVALID_SIGNATURE;
++    }
++
++    switch (key->alg_id)
++    {
++        case ALG_ID_ECDSA_P256:
++        case ALG_ID_ECDSA_P384:
++            pk_algo = GNUTLS_PK_ECC;
++            break;
++
++        default:
++            FIXME( "Algorithm %d not yet supported\n", key->alg_id );
++            return STATUS_NOT_IMPLEMENTED;
++    }
++
++    if ((sign_algo = pgnutls_pk_to_sign( pk_algo, hash_algo )) == GNUTLS_SIGN_UNKNOWN)
++    {
++        FIXME("Gnutls does not support algorithm %d with hash len %u\n", key->alg_id, hash_len);
++        return STATUS_NOT_IMPLEMENTED;
++    }
++
++    if ((status = import_gnutls_pubkey( key, &gnutls_key )))
++        return status;
++
++    if ((status = prepare_gnutls_signature( key, signature, signature_len, &gnutls_signature )))
++    {
++        pgnutls_pubkey_deinit( gnutls_key );
++        return status;
++    }
++
++    gnutls_hash.data = hash;
++    gnutls_hash.size = hash_len;
++    ret = pgnutls_pubkey_verify_hash2( gnutls_key, sign_algo, 0, &gnutls_hash, &gnutls_signature );
++
++    HeapFree( GetProcessHeap(), 0, gnutls_signature.data );
++    pgnutls_pubkey_deinit( gnutls_key );
++    return (ret < 0) ? STATUS_INVALID_SIGNATURE : STATUS_SUCCESS;
++}
++
+ static NTSTATUS key_destroy( struct key *key )
+ {
+     if (key_is_symmetric(key))
+@@ -1230,6 +1544,13 @@ static NTSTATUS key_symmetric_get_secret( struct key *key, UCHAR **secret, ULONG
+     return STATUS_NOT_IMPLEMENTED;
+ }
+ 
++static NTSTATUS key_asymmetric_verify( struct key *key, void *padding, UCHAR *hash, ULONG hash_len,
++                                       UCHAR *signature, ULONG signature_len, DWORD flags )
++{
++    ERR( "support for keys not available at build time\n" );
++    return STATUS_NOT_IMPLEMENTED;
++}
++
+ static NTSTATUS key_destroy( struct key *key )
+ {
+     ERR( "support for keys not available at build time\n" );
+@@ -1463,13 +1784,14 @@ NTSTATUS WINAPI BCryptVerifySignature( BCRYPT_KEY_HANDLE handle, void *padding,
+ {
+     struct key *key = handle;
+ 
+-    FIXME( "%p, %p, %p, %u, %p, %u, %08x: stub!\n", handle, padding, hash,
++    TRACE( "%p, %p, %p, %u, %p, %u, %08x\n", handle, padding, hash,
+            hash_len, signature, signature_len, flags );
+ 
+     if (!key || key->hdr.magic != MAGIC_KEY) return STATUS_INVALID_HANDLE;
++    if (!hash || !hash_len || !signature || !signature_len) return STATUS_INVALID_PARAMETER;
+     if (!key_is_asymmetric(key)) return STATUS_NOT_SUPPORTED;
+ 
+-    return STATUS_NOT_IMPLEMENTED;
++    return key_asymmetric_verify( key, padding, hash, hash_len, signature, signature_len, flags );
+ }
+ 
+ NTSTATUS WINAPI BCryptDestroyKey( BCRYPT_KEY_HANDLE handle )
+diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
+index 20f70706430..73bd4d69a5b 100644
+--- a/dlls/bcrypt/tests/bcrypt.c
++++ b/dlls/bcrypt/tests/bcrypt.c
+@@ -1688,10 +1688,10 @@ static void test_ECDSA(void)
+     ok(!status, "BCryptImportKeyPair failed: %08x\n", status);
+ 
+     status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash) - 1, certSignature, sizeof(certSignature), 0);
+-    todo_wine ok(status == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", status);
++    ok(status == STATUS_INVALID_SIGNATURE, "Expected STATUS_INVALID_SIGNATURE, got %08x\n", status);
+ 
+     status = pBCryptVerifySignature(key, NULL, certHash, sizeof(certHash), certSignature, sizeof(certSignature), 0);
+-    todo_wine ok(!status, "BCryptVerifySignature failed: %08x\n", status);
++    ok(!status, "BCryptVerifySignature failed: %08x\n", status);
+ 
+     pBCryptDestroyKey(key);
+     pBCryptCloseAlgorithmProvider(alg, 0);
+-- 
+2.14.1
+

patches/crypt32-ECDSA_Cert_Chains/0006-crypt32-tests-Basic-tests-for-decoding-ECDSA-signed-.patch

@@ -0,0 +1,251 @@
+From 929e67829c47d2fcb99f0aac8ac983f0c3a56836 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Wed, 27 Sep 2017 18:31:07 +0200
+Subject: crypt32/tests: Basic tests for decoding ECDSA signed certificate.
+
+---
+ dlls/crypt32/tests/encode.c | 168 ++++++++++++++++++++++++++++++++++++++++++++
+ include/wincrypt.h          |  15 ++++
+ 2 files changed, 183 insertions(+)
+
+diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c
+index 8cb384c3395..fa389c41ff1 100644
+--- a/dlls/crypt32/tests/encode.c
++++ b/dlls/crypt32/tests/encode.c
+@@ -8352,6 +8352,173 @@ static void testPortPublicKeyInfo(void)
+     ok(ret,"CryptAcquireContextA failed\n");
+ }
+ 
++static const BYTE eccCert[] = {
++0x30,0x82,0x01,0x46,0x30,0x81,0xec,0x02,0x09,0x00,0xe7,0x6b,
++0x26,0x86,0x0a,0x82,0xff,0xe9,0x30,0x0a,0x06,0x08,0x2a,0x86,
++0x48,0xce,0x3d,0x04,0x03,0x02,0x30,0x2b,0x31,0x0b,0x30,0x09,
++0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x44,0x45,0x31,0x0d,0x30,
++0x0b,0x06,0x03,0x55,0x04,0x0a,0x0c,0x04,0x57,0x69,0x6e,0x65,
++0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x03,0x0c,0x04,0x57,
++0x69,0x6e,0x65,0x30,0x1e,0x17,0x0d,0x31,0x37,0x30,0x39,0x32,
++0x37,0x31,0x33,0x34,0x31,0x30,0x34,0x5a,0x17,0x0d,0x32,0x37,
++0x30,0x39,0x32,0x35,0x31,0x33,0x34,0x31,0x30,0x34,0x5a,0x30,
++0x2b,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
++0x44,0x45,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0a,0x0c,
++0x04,0x54,0x65,0x73,0x74,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,
++0x04,0x03,0x0c,0x04,0x54,0x65,0x73,0x74,0x30,0x59,0x30,0x13,
++0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x02,0x01,0x06,0x08,0x2a,
++0x86,0x48,0xce,0x3d,0x03,0x01,0x07,0x03,0x42,0x00,0x04,0xed,
++0xfc,0x77,0xd8,0xb9,0xe7,0xf3,0xf8,0xce,0x13,0xb8,0x7f,0x0f,
++0x78,0xea,0x73,0x87,0x29,0x10,0xe1,0x6d,0x10,0xce,0x57,0x60,
++0x3b,0x3e,0xb4,0x5f,0x0d,0x20,0xc1,0xeb,0x6d,0x74,0xe9,0x7b,
++0x11,0x51,0x9a,0x00,0xe8,0xe9,0x12,0x84,0xb9,0x07,0x7e,0x7b,
++0x62,0x67,0x12,0x67,0x08,0xe5,0x2e,0x27,0xce,0xa2,0x57,0x15,
++0xad,0xc5,0x1f,0x30,0x0a,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,
++0x04,0x03,0x02,0x03,0x49,0x00,0x30,0x46,0x02,0x21,0x00,0xd7,
++0x29,0xce,0x5a,0xef,0x74,0x85,0xd1,0x18,0x5f,0x6e,0xf1,0xba,
++0x53,0xd4,0xcd,0xdd,0xe0,0x5d,0xf1,0x5e,0x48,0x51,0xea,0x63,
++0xc0,0xe8,0xe2,0xf6,0xfa,0x4c,0xaf,0x02,0x21,0x00,0xe3,0x94,
++0x15,0x3b,0x6c,0x71,0x6e,0x44,0x22,0xcb,0xa0,0x88,0xcd,0x0a,
++0x5a,0x50,0x29,0x7c,0x5c,0xd6,0x6c,0xd2,0xe0,0x7f,0xcd,0x02,
++0x92,0x21,0x4c,0x2c,0x92,0xee };
++static const BYTE ecdsaSig[] = {
++0x30,0x46,0x02,0x21,0x00,0xd7,0x29,0xce,0x5a,0xef,0x74,0x85,
++0xd1,0x18,0x5f,0x6e,0xf1,0xba,0x53,0xd4,0xcd,0xdd,0xe0,0x5d,
++0xf1,0x5e,0x48,0x51,0xea,0x63,0xc0,0xe8,0xe2,0xf6,0xfa,0x4c,
++0xaf,0x02,0x21,0x00,0xe3,0x94,0x15,0x3b,0x6c,0x71,0x6e,0x44,
++0x22,0xcb,0xa0,0x88,0xcd,0x0a,0x5a,0x50,0x29,0x7c,0x5c,0xd6,
++0x6c,0xd2,0xe0,0x7f,0xcd,0x02,0x92,0x21,0x4c,0x2c,0x92,0xee };
++static const BYTE eccPubKey[] = {
++0x30,0x59,0x30,0x13,0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x02,
++0x01,0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07,0x03,
++0x42,0x00,0x04,0xed,0xfc,0x77,0xd8,0xb9,0xe7,0xf3,0xf8,0xce,
++0x13,0xb8,0x7f,0x0f,0x78,0xea,0x73,0x87,0x29,0x10,0xe1,0x6d,
++0x10,0xce,0x57,0x60,0x3b,0x3e,0xb4,0x5f,0x0d,0x20,0xc1,0xeb,
++0x6d,0x74,0xe9,0x7b,0x11,0x51,0x9a,0x00,0xe8,0xe9,0x12,0x84,
++0xb9,0x07,0x7e,0x7b,0x62,0x67,0x12,0x67,0x08,0xe5,0x2e,0x27,
++0xce,0xa2,0x57,0x15,0xad,0xc5,0x1f };
++
++static void testECDSACert(void)
++{
++    DWORD decode_flags = CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG;
++    CERT_SIGNED_CONTENT_INFO *info;
++    CERT_PUBLIC_KEY_INFO *pubkey;
++    CERT_ECC_SIGNATURE *ecc_sig;
++    LPSTR *ecc_curve;
++    DWORD size;
++    BOOL ret;
++    int i;
++
++    info = NULL;
++    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT, eccCert, sizeof(eccCert), decode_flags,
++                               NULL, &info, &size);
++    ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
++
++    ok(!strcmp(info->SignatureAlgorithm.pszObjId, szOID_ECDSA_SHA256),
++       "Expected 1.2.840.10045.4.3.2, got %s\n", info->SignatureAlgorithm.pszObjId);
++    ok(!info->SignatureAlgorithm.Parameters.cbData,
++       "Expected no parameter data, got %d bytes\n", info->SignatureAlgorithm.Parameters.cbData);
++    ok(!info->SignatureAlgorithm.Parameters.pbData,
++       "Expected no parameter data, got %p pointer\n", info->SignatureAlgorithm.Parameters.pbData);
++
++    ok(info->Signature.cbData == sizeof(ecdsaSig),
++       "Expected %d bytes, got %d\n", (int)sizeof(ecdsaSig), info->Signature.cbData);
++    ok(info->Signature.pbData != NULL, "Got NULL pointer\n");
++    ok(!info->Signature.cUnusedBits, "Expected no unused bytes, got %d\n", info->Signature.cUnusedBits);
++    for (i = 0; i < info->Signature.cbData; i++)
++    {
++        ok(ecdsaSig[i] == info->Signature.pbData[i], "Expected %02x, got %02x at offset %d\n",
++           ecdsaSig[i], info->Signature.pbData[i], i);
++    }
++
++    ecc_sig = NULL;
++    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_ECC_SIGNATURE, info->Signature.pbData,
++                               info->Signature.cbData, decode_flags, NULL, &ecc_sig, &size);
++    todo_wine ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
++    if (ret)
++    {
++        ok(ecc_sig->r.cbData == 32, "Expected 32 bytes, got %d\n", ecc_sig->r.cbData);
++        ok(ecc_sig->r.pbData != NULL, "Got NULL pointer\n");
++        ok(ecc_sig->s.cbData == 32, "Expected 32 bytes, got %d\n", ecc_sig->s.cbData);
++        ok(ecc_sig->s.pbData != NULL, "Got NULL pointer\n");
++        for (i = 0; i < ecc_sig->r.cbData; i++)
++        {
++            ok(ecdsaSig[4+32-i] == ecc_sig->r.pbData[i], "Expected %02x, got %02x at offset %d\n",
++               ecdsaSig[4+32-i], ecc_sig->r.pbData[i], i);
++        }
++        for (i = 0; i < ecc_sig->s.cbData; i++)
++        {
++            ok(ecdsaSig[4+35+32-i] == ecc_sig->s.pbData[i], "Expected %02x, got %02x at offset %d\n",
++               ecdsaSig[4+35+32-i], ecc_sig->s.pbData[i], i);
++        }
++        LocalFree(ecc_sig);
++    }
++
++    LocalFree(info);
++
++    info = NULL;
++    decode_flags &= ~CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG;
++    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_CERT, eccCert, sizeof(eccCert), decode_flags,
++                               NULL, &info, &size);
++    ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
++
++    ok(info->Signature.cbData == sizeof(ecdsaSig),
++       "Expected %d bytes, got %d\n", (int)sizeof(ecdsaSig), info->Signature.cbData);
++    ok(info->Signature.pbData != NULL, "Got NULL pointer\n");
++    ok(!info->Signature.cUnusedBits, "Expected no unused bytes, got %d\n", info->Signature.cUnusedBits);
++    for (i = 0; i < info->Signature.cbData; i++)
++    {
++        ok(ecdsaSig[sizeof(ecdsaSig)-i-1] == info->Signature.pbData[i], "Expected %02x, got %02x at offset %d\n",
++           ecdsaSig[sizeof(ecdsaSig)-i-1], info->Signature.pbData[i], i);
++    }
++
++    LocalFree(info);
++
++    pubkey = NULL;
++    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_PUBLIC_KEY_INFO, eccPubKey, sizeof(eccPubKey),
++                               decode_flags, NULL, &pubkey, &size);
++    ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
++
++    ok(!strcmp(pubkey->Algorithm.pszObjId, szOID_ECC_PUBLIC_KEY),
++       "Expected 1.2.840.10045.2.1, got %s\n", pubkey->Algorithm.pszObjId);
++    ok(pubkey->Algorithm.Parameters.cbData == 10,
++       "Expected 10 bytes parameters, got %d bytes\n", pubkey->Algorithm.Parameters.cbData);
++    ok(pubkey->Algorithm.Parameters.pbData != NULL,
++       "Expected pointer to parameters, got NULL\n");
++
++    ecc_curve = NULL;
++    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_OBJECT_IDENTIFIER, pubkey->Algorithm.Parameters.pbData,
++                               pubkey->Algorithm.Parameters.cbData, decode_flags, NULL, &ecc_curve, &size);
++    todo_wine ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */),
++                 "CryptDecodeObjectEx failed with %d\n", GetLastError());
++    if (ret)
++    {
++        ok(!strcmp(*ecc_curve, szOID_ECC_CURVE_P256), "Expected 1.2.840.10045.3.1.7, got %s\n", *ecc_curve);
++        LocalFree(ecc_curve);
++    }
++
++    ecc_curve = NULL;
++    ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, szOID_ECC_PUBLIC_KEY, pubkey->Algorithm.Parameters.pbData,
++                               pubkey->Algorithm.Parameters.cbData, decode_flags, NULL, &ecc_curve, &size);
++    todo_wine ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */),
++                 "CryptDecodeObjectEx failed with %d\n", GetLastError());
++    if (ret)
++    {
++        ok(!strcmp(*ecc_curve, szOID_ECC_CURVE_P256), "Expected 1.2.840.10045.3.1.7, got %s\n", *ecc_curve);
++        LocalFree(ecc_curve);
++    }
++
++    ok(pubkey->PublicKey.cbData == 65, "Expected 32 bytes parameters, got %d bytes\n", pubkey->PublicKey.cbData);
++    ok(pubkey->PublicKey.pbData != NULL, "Expected pointer to parameters, got NULL\n");
++    for (i = 0; i < pubkey->PublicKey.cbData; i++)
++    {
++        ok(eccPubKey[26+i] == pubkey->PublicKey.pbData[i], "Expected %02x, got %02x at offset %d\n",
++           eccPubKey[26+i], pubkey->PublicKey.pbData[i], i);
++    }
++
++    LocalFree(pubkey);
++}
++
+ START_TEST(encode)
+ {
+     static const DWORD encodings[] = { X509_ASN_ENCODING, PKCS_7_ASN_ENCODING,
+@@ -8445,4 +8612,5 @@ START_TEST(encode)
+         test_decodeRsaPrivateKey(encodings[i]);
+     }
+     testPortPublicKeyInfo();
++    testECDSACert();
+ }
+diff --git a/include/wincrypt.h b/include/wincrypt.h
+index 8b120206cd8..22ff350923a 100644
+--- a/include/wincrypt.h
++++ b/include/wincrypt.h
+@@ -288,6 +288,11 @@ typedef struct _CERT_KEY_ATTRIBUTES_INFO {
+     PCERT_PRIVATE_KEY_VALIDITY pPrivateKeyUsagePeriod;
+ } CERT_KEY_ATTRIBUTES_INFO, *PCERT_KEY_ATTRIBUTES_INFO;
+ 
++typedef struct _CERT_ECC_SIGNATURE {
++    CRYPT_UINT_BLOB r;
++    CRYPT_UINT_BLOB s;
++} CERT_ECC_SIGNATURE, *PCERT_ECC_SIGNATURE;
++
+ /* byte 0 */
+ #define CERT_DIGITAL_SIGNATURE_KEY_USAGE 0x80
+ #define CERT_NON_REPUDIATION_KEY_USAGE   0x40
+@@ -2878,6 +2883,12 @@ typedef struct _CTL_FIND_SUBJECT_PARA
+ #define szOID_X957                          "1.2.840.10040"
+ #define szOID_X957_DSA                      "1.2.840.10040.4.1"
+ #define szOID_X957_SHA1DSA                  "1.2.840.10040.4.3"
++#define szOID_ECC_PUBLIC_KEY                "1.2.840.10045.2.1"
++#define szOID_ECC_CURVE_P256                "1.2.840.10045.3.1.7"
++#define szOID_ECDSA_SPECIFIED               "1.2.840.10045.4.3"
++#define szOID_ECDSA_SHA256                  "1.2.840.10045.4.3.2"
++#define szOID_ECDSA_SHA384                  "1.2.840.10045.4.3.3"
++#define szOID_ECDSA_SHA512                  "1.2.840.10045.4.3.4"
+ #define szOID_DS                            "2.5"
+ #define szOID_DSALG                         "2.5.8"
+ #define szOID_DSALG_CRPT                    "2.5.8.1"
+@@ -2919,6 +2930,8 @@ typedef struct _CTL_FIND_SUBJECT_PARA
+ #define szOID_OIWDIR_SIGN                   "1.3.14.7.2.3"
+ #define szOID_OIWDIR_md2                    "1.3.14.7.2.2.1"
+ #define szOID_OIWDIR_md2RSA                 "1.3.14.7.2.3.1"
++#define szOID_ECC_CURVE_P384                "1.3.132.0.34"
++#define szOID_ECC_CURVE_P521                "1.3.132.0.35"
+ #define szOID_INFOSEC                       "2.16.840.1.101.2.1"
+ #define szOID_INFOSEC_sdnsSignature         "2.16.840.1.101.2.1.1.1"
+ #define szOID_INFOSEC_mosaicSignature       "2.16.840.1.101.2.1.1.2"
+@@ -3224,6 +3237,7 @@ typedef struct _CTL_FIND_SUBJECT_PARA
+ #define X509_PKIX_POLICY_QUALIFIER_USERNOTICE ((LPCSTR)46)
+ #define X509_DH_PUBLICKEY                    X509_MULTI_BYTE_UINT
+ #define X509_DH_PARAMETERS                   ((LPCSTR)47)
++#define X509_ECC_SIGNATURE                   ((LPCSTR)47)
+ #define PKCS_ATTRIBUTES                      ((LPCSTR)48)
+ #define PKCS_SORTED_CTL                      ((LPCSTR)49)
+ #define X942_DH_PARAMETERS                   ((LPCSTR)50)
+@@ -3241,6 +3255,7 @@ typedef struct _CTL_FIND_SUBJECT_PARA
+ #define CMC_ADD_EXTENSIONS                   ((LPCSTR)62)
+ #define CMC_ADD_ATTRIBUTES                   ((LPCSTR)63)
+ #define X509_CERTIFICATE_TEMPLATE            ((LPCSTR)64)
++#define X509_OBJECT_IDENTIFIER               ((LPCSTR)73)
+ #define PKCS7_SIGNER_INFO                    ((LPCSTR)500)
+ #define CMS_SIGNER_INFO                      ((LPCSTR)501)
+ 
+-- 
+2.14.1
+

patches/crypt32-ECDSA_Cert_Chains/0007-crypt32-Implement-decoding-of-X509_OBJECT_IDENTIFIER.patch

@@ -0,0 +1,109 @@
+From e271981b27492ce0612b5c2b7b0c18fd747ce2a7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Wed, 27 Sep 2017 19:08:43 +0200
+Subject: crypt32: Implement decoding of X509_OBJECT_IDENTIFIER.
+
+---
+ dlls/crypt32/decode.c       | 45 +++++++++++++++++++++++++++++++++++++++++++++
+ dlls/crypt32/tests/encode.c |  8 ++++----
+ 2 files changed, 49 insertions(+), 4 deletions(-)
+
+diff --git a/dlls/crypt32/decode.c b/dlls/crypt32/decode.c
+index ddeb0552906..6b124f9db7d 100644
+--- a/dlls/crypt32/decode.c
++++ b/dlls/crypt32/decode.c
+@@ -5890,6 +5890,46 @@ BOOL CRYPT_AsnDecodePKCSEnvelopedData(const BYTE *pbEncoded, DWORD cbEncoded,
+     return ret;
+ }
+ 
++static BOOL WINAPI CRYPT_AsnDecodeObjectIdentifier(DWORD dwCertEncodingType,
++ LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags,
++ PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
++{
++    DWORD bytesNeeded = 0;
++    BOOL ret;
++
++    __TRY
++    {
++        ret = CRYPT_AsnDecodeOidInternal(pbEncoded, cbEncoded, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG,
++                                         NULL, &bytesNeeded, NULL);
++        if (ret)
++        {
++            if (!pvStructInfo)
++                *pcbStructInfo = bytesNeeded;
++            else if ((ret = CRYPT_DecodeEnsureSpace(dwFlags, pDecodePara, pvStructInfo, pcbStructInfo, bytesNeeded)))
++            {
++                LPSTR *info;
++
++                if (dwFlags & CRYPT_DECODE_ALLOC_FLAG)
++                    pvStructInfo = *(BYTE **)pvStructInfo;
++
++                info = pvStructInfo;
++                *info = (void *)((BYTE *)info + sizeof(*info));
++                ret = CRYPT_AsnDecodeOidInternal(pbEncoded, cbEncoded, dwFlags & ~CRYPT_DECODE_ALLOC_FLAG,
++                                                 pvStructInfo, &bytesNeeded, NULL);
++                if (!ret && (dwFlags & CRYPT_DECODE_ALLOC_FLAG))
++                    CRYPT_FreeSpace(pDecodePara, info);
++            }
++        }
++    }
++    __EXCEPT_PAGE_FAULT
++    {
++        SetLastError(STATUS_ACCESS_VIOLATION);
++        ret = FALSE;
++    }
++    __ENDTRY
++    return ret;
++}
++
+ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType,
+  LPCSTR lpszStructType)
+ {
+@@ -6029,6 +6069,9 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType,
+         case LOWORD(CMS_SIGNER_INFO):
+             decodeFunc = CRYPT_AsnDecodeCMSSignerInfo;
+             break;
++        case LOWORD(X509_OBJECT_IDENTIFIER):
++            decodeFunc = CRYPT_AsnDecodeObjectIdentifier;
++            break;
+         }
+     }
+     else if (!strcmp(lpszStructType, szOID_CERT_EXTENSIONS))
+@@ -6083,6 +6126,8 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType,
+         decodeFunc = CRYPT_AsnDecodePolicyQualifierUserNotice;
+     else if (!strcmp(lpszStructType, szOID_CTL))
+         decodeFunc = CRYPT_AsnDecodeCTL;
++    else if (!strcmp(lpszStructType, szOID_ECC_PUBLIC_KEY))
++        decodeFunc = CRYPT_AsnDecodeObjectIdentifier;
+     return decodeFunc;
+ }
+ 
+diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c
+index fa389c41ff1..574b1e95351 100644
+--- a/dlls/crypt32/tests/encode.c
++++ b/dlls/crypt32/tests/encode.c
+@@ -8489,8 +8489,8 @@ static void testECDSACert(void)
+     ecc_curve = NULL;
+     ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_OBJECT_IDENTIFIER, pubkey->Algorithm.Parameters.pbData,
+                                pubkey->Algorithm.Parameters.cbData, decode_flags, NULL, &ecc_curve, &size);
+-    todo_wine ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */),
+-                 "CryptDecodeObjectEx failed with %d\n", GetLastError());
++    ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */),
++       "CryptDecodeObjectEx failed with %d\n", GetLastError());
+     if (ret)
+     {
+         ok(!strcmp(*ecc_curve, szOID_ECC_CURVE_P256), "Expected 1.2.840.10045.3.1.7, got %s\n", *ecc_curve);
+@@ -8500,8 +8500,8 @@ static void testECDSACert(void)
+     ecc_curve = NULL;
+     ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, szOID_ECC_PUBLIC_KEY, pubkey->Algorithm.Parameters.pbData,
+                                pubkey->Algorithm.Parameters.cbData, decode_flags, NULL, &ecc_curve, &size);
+-    todo_wine ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */),
+-                 "CryptDecodeObjectEx failed with %d\n", GetLastError());
++    ok(ret || broken(GetLastError() == ERROR_FILE_NOT_FOUND /* < Vista */),
++       "CryptDecodeObjectEx failed with %d\n", GetLastError());
+     if (ret)
+     {
+         ok(!strcmp(*ecc_curve, szOID_ECC_CURVE_P256), "Expected 1.2.840.10045.3.1.7, got %s\n", *ecc_curve);
+-- 
+2.14.1
+

patches/crypt32-ECDSA_Cert_Chains/0008-crypt32-Implement-decoding-of-X509_ECC_SIGNATURE.patch

@@ -0,0 +1,76 @@
+From 4f3a56480857ec2b17c6bb6dd53f40420aebdc3b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Thu, 28 Sep 2017 05:35:49 +0200
+Subject: crypt32: Implement decoding of X509_ECC_SIGNATURE.
+
+---
+ dlls/crypt32/decode.c       | 32 ++++++++++++++++++++++++++++++++
+ dlls/crypt32/tests/encode.c |  2 +-
+ 2 files changed, 33 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/crypt32/decode.c b/dlls/crypt32/decode.c
+index 6b124f9db7d..02392ec6bf0 100644
+--- a/dlls/crypt32/decode.c
++++ b/dlls/crypt32/decode.c
+@@ -5930,6 +5930,35 @@ static BOOL WINAPI CRYPT_AsnDecodeObjectIdentifier(DWORD dwCertEncodingType,
+     return ret;
+ }
+ 
++static BOOL WINAPI CRYPT_AsnDecodeEccSignature(DWORD dwCertEncodingType,
++ LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags,
++ PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo)
++{
++    BOOL ret;
++    struct AsnDecodeSequenceItem items[] = {
++     { ASN_INTEGER, offsetof(CERT_ECC_SIGNATURE, r),
++       CRYPT_AsnDecodeUnsignedIntegerInternal, sizeof(CRYPT_UINT_BLOB), FALSE,
++       TRUE, offsetof(CERT_ECC_SIGNATURE, r.pbData), 0 },
++     { ASN_INTEGER, offsetof(CERT_ECC_SIGNATURE, s),
++       CRYPT_AsnDecodeUnsignedIntegerInternal, sizeof(CRYPT_UINT_BLOB), FALSE,
++       TRUE, offsetof(CERT_ECC_SIGNATURE, s.pbData), 0 },
++    };
++
++    __TRY
++    {
++        ret = CRYPT_AsnDecodeSequence(items, sizeof(items) / sizeof(items[0]),
++         pbEncoded, cbEncoded, dwFlags, pDecodePara, pvStructInfo,
++         pcbStructInfo, NULL, NULL);
++    }
++    __EXCEPT_PAGE_FAULT
++    {
++        SetLastError(STATUS_ACCESS_VIOLATION);
++        ret = FALSE;
++    }
++    __ENDTRY
++    return ret;
++}
++
+ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType,
+  LPCSTR lpszStructType)
+ {
+@@ -6072,6 +6101,9 @@ static CryptDecodeObjectExFunc CRYPT_GetBuiltinDecoder(DWORD dwCertEncodingType,
+         case LOWORD(X509_OBJECT_IDENTIFIER):
+             decodeFunc = CRYPT_AsnDecodeObjectIdentifier;
+             break;
++        case LOWORD(X509_ECC_SIGNATURE):
++            decodeFunc = CRYPT_AsnDecodeEccSignature;
++            break;
+         }
+     }
+     else if (!strcmp(lpszStructType, szOID_CERT_EXTENSIONS))
+diff --git a/dlls/crypt32/tests/encode.c b/dlls/crypt32/tests/encode.c
+index 574b1e95351..5ab828151fa 100644
+--- a/dlls/crypt32/tests/encode.c
++++ b/dlls/crypt32/tests/encode.c
+@@ -8434,7 +8434,7 @@ static void testECDSACert(void)
+     ecc_sig = NULL;
+     ret = pCryptDecodeObjectEx(X509_ASN_ENCODING, X509_ECC_SIGNATURE, info->Signature.pbData,
+                                info->Signature.cbData, decode_flags, NULL, &ecc_sig, &size);
+-    todo_wine ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
++    ok(ret, "CryptDecodeObjectEx failed with %d\n", GetLastError());
+     if (ret)
+     {
+         ok(ecc_sig->r.cbData == 32, "Expected 32 bytes, got %d\n", ecc_sig->r.cbData);
+-- 
+2.14.1
+