Dmitry Timoshkov : crypt32: CertComparePublicKeyInfo should not try to decode a non-RSA public key. - wine-commits

26 Oct 2018

Module: wine
Branch: master
Commit: 8f488a71b9a0718b4c36823089df0309194e4e76
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=8f488a71b9a0718b4c3682308...
Author: Dmitry Timoshkov dmitry@baikal.ru
Date:   Fri Oct 26 13:17:26 2018 +0300
crypt32: CertComparePublicKeyInfo should not try to decode a non-RSA public key.
Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/crypt32/cert.c       | 7 +++++++
 dlls/crypt32/tests/cert.c | 6 ------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/dlls/crypt32/cert.c b/dlls/crypt32/cert.c
index 9157814..d09d049 100644
--- a/dlls/crypt32/cert.c
+++ b/dlls/crypt32/cert.c
@@ -28,6 +28,7 @@
 #include "winternl.h"
 #define CRYPT_OID_INFO_HAS_EXTRA_FIELDS
 #include "wincrypt.h"
+#include "snmp.h"
 #include "bcrypt.h"
 #include "winnls.h"
 #include "rpc.h"
@@ -1242,6 +1243,12 @@ BOOL WINAPI CertComparePublicKeyInfo(DWORD dwCertEncodingType,
TRACE("(%08x, %p, %p)\n", dwCertEncodingType, pPublicKey1, pPublicKey2);
+    /* RSA public key data should start with ASN_SEQUENCE,
+     * otherwise it's not a RSA_CSP_PUBLICKEYBLOB.
+     */
+    if (!pPublicKey1->PublicKey.cbData || pPublicKey1->PublicKey.pbData[0] != ASN_SEQUENCE)
+        dwCertEncodingType = 0;
+
     switch (GET_CERT_ENCODING_TYPE(dwCertEncodingType))
     {
     case 0:	/* Seems to mean "raw binary bits" */
diff --git a/dlls/crypt32/tests/cert.c b/dlls/crypt32/tests/cert.c
index cc7bd4c..f653741 100644
--- a/dlls/crypt32/tests/cert.c
+++ b/dlls/crypt32/tests/cert.c
@@ -3210,7 +3210,6 @@ static void testComparePublicKeyInfo(void)
     ret = CertComparePublicKeyInfo(0, &info1, &info2);
     ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
     ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
-todo_wine
     ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
/* Different OIDs appear to compare */
@@ -3219,14 +3218,12 @@ todo_wine
     ret = CertComparePublicKeyInfo(0, &info1, &info2);
     ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
     ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
-todo_wine
     ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
info2.Algorithm.pszObjId = oid_x957_dsa;
     ret = CertComparePublicKeyInfo(0, &info1, &info2);
     ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
     ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
-todo_wine
     ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
info1.PublicKey.cbData = sizeof(bits1);
@@ -3238,7 +3235,6 @@ todo_wine
     ret = CertComparePublicKeyInfo(0, &info1, &info2);
     ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
     ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info2);
-todo_wine
     ok(ret, "CertComparePublicKeyInfo failed: %08x\n", GetLastError());
info2.Algorithm.pszObjId = oid_rsa_rsa;
@@ -3297,11 +3293,9 @@ todo_wine
     ret = CertComparePublicKeyInfo(0, &info1, &info1);
     ok(ret, "CertComparePublicKeyInfo: as raw binary: keys should be equal\n");
     ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info1);
-todo_wine
     ok(ret, "CertComparePublicKeyInfo: as ASN.1 encoded: keys should be equal\n");
     info1.PublicKey.cbData--; /* kill one byte, make ASN.1 encoded data invalid */
     ret = CertComparePublicKeyInfo(X509_ASN_ENCODING, &info1, &info1);
-todo_wine
     ok(ret, "CertComparePublicKeyInfo: as ASN.1 encoded: keys should be equal\n");
/* ASN.1 encoded non-comparing case */

    