bcrypt: Return STATUS_INVALID_PARAMETER on ECC magic mismatch.

Flight Simulator XAL authentication hits this condition because of buggy bcrypt private key export (see next patch). Signed-off-by: Rémi Bernon <rbernon@codeweavers.com> Signed-off-by: Hans Leidekker <hans@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

bcrypt: Return STATUS_INVALID_PARAMETER on ECC magic mismatch.
4bc5b822 · Rémi Bernon · Alexandre Julliard · 00a0e2cd · 4bc5b822 · 4bc5b822
Commit 4bc5b822 authored Sep 02, 2020 by Rémi Bernon Committed by Alexandre Julliard Sep 02, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 2 deletions

bcrypt_main.c dlls/bcrypt/bcrypt_main.c +2 -2

bcrypt.c dlls/bcrypt/tests/bcrypt.c +12 -0

No files found.
--- a/dlls/bcrypt/bcrypt_main.c
+++ b/dlls/bcrypt/bcrypt_main.c
@@ -1171,7 +1171,7 @@ static NTSTATUS key_import_pair( struct algorithm *alg, const WCHAR *type, BCRYP
            return STATUS_NOT_SUPPORTED;
        }
-        if (ecc_blob->dwMagic != magic) return STATUS_NOT_SUPPORTED;
+        if (ecc_blob->dwMagic != magic) return STATUS_INVALID_PARAMETER;
        if (ecc_blob->cbKey != key_size || input_len < sizeof(*ecc_blob) + ecc_blob->cbKey * 2)
            return STATUS_INVALID_PARAMETER;
@@ -1211,7 +1211,7 @@ static NTSTATUS key_import_pair( struct algorithm *alg, const WCHAR *type, BCRYP
            return STATUS_NOT_SUPPORTED;
        }
-        if (ecc_blob->dwMagic != magic) return STATUS_NOT_SUPPORTED;
+        if (ecc_blob->dwMagic != magic) return STATUS_INVALID_PARAMETER;
        if (ecc_blob->cbKey != key_size || input_len < sizeof(*ecc_blob) + ecc_blob->cbKey * 3)
            return STATUS_INVALID_PARAMETER;

--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -1730,6 +1730,12 @@ static void test_ECDSA(void)
    status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, &key, buffer, size, 0);
    ok(status == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", status);
+    ecckey->dwMagic = BCRYPT_ECDH_PUBLIC_P256_MAGIC;
+    ecckey->cbKey = 32;
+    status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, &key, buffer, size, 0);
+    ok(status == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", status);
+    ecckey->dwMagic = BCRYPT_ECDSA_PUBLIC_P256_MAGIC;
    ecckey->cbKey = 32;
    status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPUBLIC_BLOB, &key, buffer, size, 0);
    ok(!status, "BCryptImportKeyPair failed: %08x\n", status);
@@ -1749,6 +1755,12 @@ static void test_ECDSA(void)
    status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPRIVATE_BLOB, &key, buffer, size, 0);
    ok(status == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", status);
+    ecckey->dwMagic = BCRYPT_ECDH_PRIVATE_P256_MAGIC;
+    ecckey->cbKey = 32;
+    status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPRIVATE_BLOB, &key, buffer, size, 0);
+    ok(status == STATUS_INVALID_PARAMETER, "Expected STATUS_INVALID_PARAMETER, got %08x\n", status);
+    ecckey->dwMagic = BCRYPT_ECDSA_PRIVATE_P256_MAGIC;
    ecckey->cbKey = 32;
    status = pBCryptImportKeyPair(alg, NULL, BCRYPT_ECCPRIVATE_BLOB, &key, buffer, size, 0);
    ok(!status, "BCryptImportKeyPair failed: %08x\n", status);