Juan Lang : crypt32: Make it clearer where alg ids come from in CryptVerifyCertificateSignatureEx . - wine-commits

3 Oct 2006

Module: wine
Branch: master
Commit: 44ba993b6ea224104f7aabe9dce67b94e4e43cc9
URL:    http://source.winehq.org/git/?p=wine.git;a=commit;h=44ba993b6ea224104f7aabe9...
Author: Juan Lang juan_lang@yahoo.com
Date:   Tue Oct  3 08:32:10 2006 -0700
crypt32: Make it clearer where alg ids come from in CryptVerifyCertificateSignatureEx.
---
dlls/crypt32/cert.c |   43 +++++++++++++++++++++++++++++++++++++------
 1 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 78efb5a..80a8ce2 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -1326,22 +1326,53 @@ static BOOL CRYPT_VerifyCertSignatureFro
  PCERT_SIGNED_CONTENT_INFO signedCert)
 {
     BOOL ret;
-    ALG_ID algID = CertOIDToAlgId(pubKeyInfo->Algorithm.pszObjId);
     HCRYPTKEY key;
+    PCCRYPT_OID_INFO info;
+    ALG_ID pubKeyID, hashID;
+    info = CryptFindOIDInfo(CRYPT_OID_INFO_OID_KEY,
+     pubKeyInfo->Algorithm.pszObjId, 0);
+    if (!info || (info->dwGroupId != CRYPT_PUBKEY_ALG_OID_GROUP_ID &&
+     info->dwGroupId != CRYPT_SIGN_ALG_OID_GROUP_ID))
+    {
+        SetLastError(NTE_BAD_ALGID);
+        return FALSE;
+    }
+    if (info->dwGroupId == CRYPT_PUBKEY_ALG_OID_GROUP_ID)
+    {
+        switch (info->Algid)
+        {
+            case CALG_RSA_KEYX:
+                pubKeyID = CALG_RSA_SIGN;
+                hashID = CALG_SHA1;
+                break;
+            case CALG_RSA_SIGN:
+                pubKeyID = CALG_RSA_SIGN;
+                hashID = CALG_SHA1;
+                break;
+            default:
+                FIXME("unimplemented for %s\n", pubKeyInfo->Algorithm.pszObjId);
+                return FALSE;
+        }
+    }
+    else
+    {
+        hashID = info->Algid;
+        if (info->ExtraInfo.cbData >= sizeof(ALG_ID))
+            pubKeyID = *(ALG_ID *)info->ExtraInfo.pbData;
+        else
+            pubKeyID = hashID;
+    }
     /* Load the default provider if necessary */
     if (!hCryptProv)
         hCryptProv = CRYPT_GetDefaultProvider();
     ret = CryptImportPublicKeyInfoEx(hCryptProv, dwCertEncodingType,
-     pubKeyInfo, algID, 0, NULL, &key);
+     pubKeyInfo, pubKeyID, 0, NULL, &key);
     if (ret)
     {
         HCRYPTHASH hash;
-        /* Some key algorithms aren't hash algorithms, so map them */
-        if (algID == CALG_RSA_SIGN || algID == CALG_RSA_KEYX)
-            algID = CALG_SHA1;
-        ret = CryptCreateHash(hCryptProv, algID, 0, 0, &hash);
+        ret = CryptCreateHash(hCryptProv, hashID, 0, 0, &hash);
         if (ret)
         {
             ret = CryptHashData(hash, signedCert->ToBeSigned.pbData,

    