- /* salt length can't be greater than 128 bits = 16 bytes */ - if (blob->cbData > 16) - { - SetLastError(ERROR_INVALID_PARAMETER); - return FALSE; - } memcpy(pCryptKey->abKeyValue + pCryptKey->dwKeyLen, blob->pbData, blob->cbData);

You can't just remove the check, an app that passes in a bad blob will overwrite memory. If that's not allowed in Windows, it shouldn't be in Wine, either. You really need to write a test case that shows what the correct limit for the salt length is, or show that Windows just crashes if you pass in too much salt data. That'll prevent future regressions from cropping up, too. --Juan