Skip to content
This repository has been archived by the owner on Oct 1, 2020. It is now read-only.

Commit

Permalink
wintrust-WinVerifyTrust: Update patchset to use MS_ENH_RSA_AES_PROV i…
Browse files Browse the repository at this point in the history 
…nstead of default provider.
  • Loading branch information
@slackner
slackner committed Aug 2, 2017
1 parent 71f0cf0 commit 5f7efc6
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 1 deletion.
4 changes: 3 additions & 1 deletion patches/patchinstall.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ usage()
# Get the upstream commit sha
upstream_commit()
{
echo "611c15953e8297ac1762abfb5aeca6665985fc0f"
echo "619b7e07d7ee1a20bb816ebec8e40eaedc47f870"
}

# Show version information
Expand Down Expand Up @@ -10159,10 +10159,12 @@ if test "$enable_wintrust_WinVerifyTrust" -eq 1; then
patch_apply wintrust-WinVerifyTrust/0001-wintrust-tests-Add-tests-for-WinVerifyTrust.-v2.patch
patch_apply wintrust-WinVerifyTrust/0002-wintrust-tests-Add-some-additional-tests.patch
patch_apply wintrust-WinVerifyTrust/0003-wintrust-Verify-image-hash-in-WinVerifyTrust.patch
patch_apply wintrust-WinVerifyTrust/0004-wintrust-use-enhanced-crypto-provider-in-VerifyImage.patch
(
printf '%s\n' '+ { "Mark Jansen", "wintrust/tests: Add tests for WinVerifyTrust.", 2 },';
printf '%s\n' '+ { "Sebastian Lackner", "wintrust/tests: Add some additional tests.", 1 },';
printf '%s\n' '+ { "Mark Jansen", "wintrust: Verify image hash in WinVerifyTrust.", 2 },';
printf '%s\n' '+ { "Marko Friedemann", "wintrust: Use enhanced crypto provider in VerifyImageHash.", 1 },';
) >> "$patchlist"
fi

Expand Down
28 changes: 28 additions & 0 deletions ...s/wintrust-WinVerifyTrust/0004-wintrust-use-enhanced-crypto-provider-in-VerifyImage.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
From e6f3153b82f6592607a9e78585da8ba5b0bd9f06 Mon Sep 17 00:00:00 2001
From: Marko Friedemann <marko@friedemann.email>
Date: Wed, 2 Aug 2017 01:56:39 +0200
Subject: wintrust: use enhanced crypto provider in VerifyImageHash

Softpub VerifyImageHash uses the default crypto provider and fails for
certificates using SHA256 et al. with NTE_BAD_ALGID (80090008).
Fixes startup cert error with SWTOR launcher as-of 2017-08-01.
---
dlls/wintrust/softpub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dlls/wintrust/softpub.c b/dlls/wintrust/softpub.c
index 35c0d7b5abb..0c04001985b 100644
--- a/dlls/wintrust/softpub.c
+++ b/dlls/wintrust/softpub.c
@@ -349,7 +349,7 @@ static DWORD SOFTPUB_VerifyImageHash(CRYPT_PROVIDER_DATA *data, HANDLE file)

if (!prov)
{
- if (!CryptAcquireContextW(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
+ if (!CryptAcquireContextW(&prov, NULL, MS_ENH_RSA_AES_PROV_W, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
return GetLastError();
release_prov = TRUE;
}
--
2.13.1

0 comments on commit 5f7efc6

Please sign in to comment.