Commit 9af05517 authored by Paul Gofman's avatar Paul Gofman Committed by Alexandre Julliard

bcrypt: Pass GNUTLS_VERIFY_ALLOW_BROKEN to gnutls_pubkey_verify_hash2().

parent 650fe1fd
...@@ -1714,6 +1714,11 @@ static NTSTATUS pubkey_set_rsa_pss_params( gnutls_pubkey_t key, gnutls_digest_al ...@@ -1714,6 +1714,11 @@ static NTSTATUS pubkey_set_rsa_pss_params( gnutls_pubkey_t key, gnutls_digest_al
static NTSTATUS key_asymmetric_verify( void *args ) static NTSTATUS key_asymmetric_verify( void *args )
{ {
#ifdef GNUTLS_VERIFY_ALLOW_BROKEN
static const unsigned int verify_flags = GNUTLS_VERIFY_ALLOW_BROKEN;
#else
static const unsigned int verify_flags = 0;
#endif
const struct key_asymmetric_verify_params *params = args; const struct key_asymmetric_verify_params *params = args;
struct key *key = params->key; struct key *key = params->key;
unsigned flags = params->flags; unsigned flags = params->flags;
...@@ -1806,8 +1811,8 @@ static NTSTATUS key_asymmetric_verify( void *args ) ...@@ -1806,8 +1811,8 @@ static NTSTATUS key_asymmetric_verify( void *args )
gnutls_hash.data = params->hash; gnutls_hash.data = params->hash;
gnutls_hash.size = params->hash_len; gnutls_hash.size = params->hash_len;
ret = pgnutls_pubkey_verify_hash2( key_data(key)->a.pubkey, sign_alg, 0, &gnutls_hash, &gnutls_signature );
ret = pgnutls_pubkey_verify_hash2( key_data(key)->a.pubkey, sign_alg, verify_flags, &gnutls_hash, &gnutls_signature );
if (gnutls_signature.data != params->signature) free( gnutls_signature.data ); if (gnutls_signature.data != params->signature) free( gnutls_signature.data );
return (ret < 0) ? STATUS_INVALID_SIGNATURE : STATUS_SUCCESS; return (ret < 0) ? STATUS_INVALID_SIGNATURE : STATUS_SUCCESS;
} }
......
...@@ -2583,12 +2583,25 @@ static void test_RSA(void) ...@@ -2583,12 +2583,25 @@ static void test_RSA(void)
ret = BCryptSetProperty(key, BCRYPT_KEY_LENGTH, (UCHAR *)&keylen, sizeof(keylen), 0); ret = BCryptSetProperty(key, BCRYPT_KEY_LENGTH, (UCHAR *)&keylen, sizeof(keylen), 0);
ok(ret == STATUS_SUCCESS, "got %#lx\n", ret); ok(ret == STATUS_SUCCESS, "got %#lx\n", ret);
pad.pszAlgId = BCRYPT_MD5_ALGORITHM;
memset(sig, 0, sizeof(sig));
len = 0;
ret = BCryptSignHash(key, &pad, hash, 16, sig, sizeof(sig), &len, BCRYPT_PAD_PKCS1);
ok(!ret, "got %#lx\n", ret);
ok(len == 256, "got %lu\n", len);
pad.pszAlgId = BCRYPT_MD5_ALGORITHM;
ret = BCryptVerifySignature(key, &pad, hash, 16, sig, len, BCRYPT_PAD_PKCS1);
ok(!ret, "BCryptVerifySignature failed: %#lx\n", ret);
pad.pszAlgId = BCRYPT_SHA1_ALGORITHM; pad.pszAlgId = BCRYPT_SHA1_ALGORITHM;
memset(sig, 0, sizeof(sig)); memset(sig, 0, sizeof(sig));
len = 0; len = 0;
ret = BCryptSignHash(key, &pad, hash, sizeof(hash), sig, sizeof(sig), &len, BCRYPT_PAD_PKCS1); ret = BCryptSignHash(key, &pad, hash, sizeof(hash), sig, sizeof(sig), &len, BCRYPT_PAD_PKCS1);
ok(!ret, "got %#lx\n", ret); ok(!ret, "got %#lx\n", ret);
ok(len == 256, "got %lu\n", len); ok(len == 256, "got %lu\n", len);
pad.pszAlgId = BCRYPT_SHA1_ALGORITHM;
ret = BCryptVerifySignature(key, &pad, hash, sizeof(hash), sig, len, BCRYPT_PAD_PKCS1);
ok(!ret, "BCryptVerifySignature failed: %#lx\n", ret);
pad_pss.pszAlgId = BCRYPT_SHA384_ALGORITHM; pad_pss.pszAlgId = BCRYPT_SHA384_ALGORITHM;
pad_pss.cbSalt = 48; pad_pss.cbSalt = 48;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment