Paul Gofman : bcrypt: Pass GNUTLS_VERIFY_ALLOW_BROKEN to gnutls_pubkey_verify_hash2(). - wine-commits

30 Jun 2023

Module: wine
Branch: master
Commit: 9af055170e8ed82682e752482ec8032b85c8d2b5
URL:    https://gitlab.winehq.org/wine/wine/-/commit/9af055170e8ed82682e752482ec8032...
Author: Paul Gofman pgofman@codeweavers.com
Date:   Thu Jun 29 19:19:02 2023 -0600
bcrypt: Pass GNUTLS_VERIFY_ALLOW_BROKEN to gnutls_pubkey_verify_hash2().
---
dlls/bcrypt/gnutls.c       |  7 ++++++-
 dlls/bcrypt/tests/bcrypt.c | 13 +++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/dlls/bcrypt/gnutls.c b/dlls/bcrypt/gnutls.c
index c54ebc471a9..bc0e036a53d 100644
--- a/dlls/bcrypt/gnutls.c
+++ b/dlls/bcrypt/gnutls.c
@@ -1714,6 +1714,11 @@ static NTSTATUS pubkey_set_rsa_pss_params( gnutls_pubkey_t key, gnutls_digest_al
static NTSTATUS key_asymmetric_verify( void *args )
 {
+#ifdef GNUTLS_VERIFY_ALLOW_BROKEN
+    static const unsigned int verify_flags = GNUTLS_VERIFY_ALLOW_BROKEN;
+#else
+    static const unsigned int verify_flags = 0;
+#endif
     const struct key_asymmetric_verify_params *params = args;
     struct key *key = params->key;
     unsigned flags = params->flags;
@@ -1806,8 +1811,8 @@ static NTSTATUS key_asymmetric_verify( void *args )
gnutls_hash.data = params->hash;
     gnutls_hash.size = params->hash_len;
-    ret = pgnutls_pubkey_verify_hash2( key_data(key)->a.pubkey, sign_alg, 0, &gnutls_hash, &gnutls_signature );
+    ret = pgnutls_pubkey_verify_hash2( key_data(key)->a.pubkey, sign_alg, verify_flags, &gnutls_hash, &gnutls_signature );
     if (gnutls_signature.data != params->signature) free( gnutls_signature.data );
     return (ret < 0) ? STATUS_INVALID_SIGNATURE : STATUS_SUCCESS;
 }
diff --git a/dlls/bcrypt/tests/bcrypt.c b/dlls/bcrypt/tests/bcrypt.c
index f58df8bcbbd..b0f7200ba2d 100644
--- a/dlls/bcrypt/tests/bcrypt.c
+++ b/dlls/bcrypt/tests/bcrypt.c
@@ -2583,12 +2583,25 @@ static void test_RSA(void)
     ret = BCryptSetProperty(key, BCRYPT_KEY_LENGTH, (UCHAR *)&keylen, sizeof(keylen), 0);
     ok(ret == STATUS_SUCCESS, "got %#lx\n", ret);
+    pad.pszAlgId = BCRYPT_MD5_ALGORITHM;
+    memset(sig, 0, sizeof(sig));
+    len = 0;
+    ret = BCryptSignHash(key, &pad, hash, 16, sig, sizeof(sig), &len, BCRYPT_PAD_PKCS1);
+    ok(!ret, "got %#lx\n", ret);
+    ok(len == 256, "got %lu\n", len);
+    pad.pszAlgId = BCRYPT_MD5_ALGORITHM;
+    ret = BCryptVerifySignature(key, &pad, hash, 16, sig, len, BCRYPT_PAD_PKCS1);
+    ok(!ret, "BCryptVerifySignature failed: %#lx\n", ret);
+
     pad.pszAlgId = BCRYPT_SHA1_ALGORITHM;
     memset(sig, 0, sizeof(sig));
     len = 0;
     ret = BCryptSignHash(key, &pad, hash, sizeof(hash), sig, sizeof(sig), &len, BCRYPT_PAD_PKCS1);
     ok(!ret, "got %#lx\n", ret);
     ok(len == 256, "got %lu\n", len);
+    pad.pszAlgId = BCRYPT_SHA1_ALGORITHM;
+    ret = BCryptVerifySignature(key, &pad, hash, sizeof(hash), sig, len, BCRYPT_PAD_PKCS1);
+    ok(!ret, "BCryptVerifySignature failed: %#lx\n", ret);
pad_pss.pszAlgId = BCRYPT_SHA384_ALGORITHM;
     pad_pss.cbSalt = 48;

    