Hi Maarten, You should not modify advapi32 to accommodate this behavior but rsaenh instead. The acceptance of this flags combination is specific to the Microsoft RSA CSP implementation and other vendors don't support it (I tested it with four third party CSPs). Moreover, your patch will clearly introduce unexpected CSP behavior when this combination of flags is specified as you start by acquiring a context using CRYPT_NEWKEYSET only: the returned context will not behave as intended by the CRYPT_VERIFYCONTEXT flag which normally limits many things. The modification to rsaenh is straightforward: in the code of RSAENH_CPAcquireContext, juste add the line "case CRYPT_VERIFYCONTEXT | CRYPT_NEWKEYSET:" above the existing line "case CRYPT_VERIFYCONTEXT:".
Mounir IDRASSI IDRIX - Cryptography and IT Security Experts http://www.idrix.fr
Maarten Lankhorst wrote:
With tests. I think this is the correct way to do this: First try to Acquire with CRYPT_NEWKEYSET, then CRYPT_VERIFYCONTEXT if it already exists.