From: Torge Matthies tmatthies@codeweavers.com

Instead of only allowing the SHA256RSA algorithm.

Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=53102 Signed-off-by: Torge Matthies tmatthies@codeweavers.com --- dlls/cryptnet/cryptnet_main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/dlls/cryptnet/cryptnet_main.c b/dlls/cryptnet/cryptnet_main.c index e8c17407a9b..ac282f5aa82 100644 --- a/dlls/cryptnet/cryptnet_main.c +++ b/dlls/cryptnet/cryptnet_main.c @@ -1918,6 +1918,7 @@ static DWORD verify_signed_ocsp_response_info(const CERT_INFO *cert, const CERT_ HCRYPTPROV prov = 0; HCRYPTHASH hash = 0; HCRYPTKEY key = 0; + DWORD algid;

if (!CryptDecodeObjectEx(X509_ASN_ENCODING, OCSP_BASIC_SIGNED_RESPONSE, blob->pbData, blob->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size)) return GetLastError(); @@ -1925,7 +1926,7 @@ static DWORD verify_signed_ocsp_response_info(const CERT_INFO *cert, const CERT_ if ((error = check_ocsp_response_info(cert, issuer, &info->ToBeSigned, &status))) goto done;

alg = &info->SignatureInfo.SignatureAlgorithm; - if (!alg->pszObjId || strcmp(alg->pszObjId, szOID_RSA_SHA256RSA)) + if (!alg->pszObjId || !(algid = CertOIDToAlgId(alg->pszObjId))) { FIXME("unhandled signature algorithm %s\n", debugstr_a(alg->pszObjId)); error = CRYPT_E_NO_REVOCATION_CHECK; @@ -1933,7 +1934,7 @@ static DWORD verify_signed_ocsp_response_info(const CERT_INFO *cert, const CERT_ }

if (!CryptAcquireContextW(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) goto done; - if (!CryptCreateHash(prov, CALG_SHA_256, 0, 0, &hash)) goto done; + if (!CryptCreateHash(prov, algid, 0, 0, &hash)) goto done; if (!CryptHashData(hash, info->ToBeSigned.pbData, info->ToBeSigned.cbData, 0)) goto done;

sig = &info->SignatureInfo.Signature;