Hi, Your patch is wrong: the flags CRYPT_NEWKEYSET and CRYPT_VERIFYCONTEXT can't be mixed and if they are set together like in your patch AcquireContext should return NTE_BAD_FLAGS. You can check that using the MS implementation under windows. It's also clearly stated in MSDN that CRYPT_VERIFYCONTEXT is reserved for non persistent operations which is not the case when you create a new container.
Mounir IDRASSI IDRIX - Cryptography and IT Security Experts http://www.idrix.fr
Maarten Lankhorst wrote:
According to msdn a combination of flags are set, since I'm not sure which combo's are valid I put up a FIXME.
Mounir IDRASSI schreef:
Hi, Your patch is wrong: the flags CRYPT_NEWKEYSET and CRYPT_VERIFYCONTEXT can't be mixed and if they are set together like in your patch AcquireContext should return NTE_BAD_FLAGS. You can check that using the MS implementation under windows. It's also clearly stated in MSDN that CRYPT_VERIFYCONTEXT is reserved for non persistent operations which is not the case when you create a new container.
After witing a simple test I can confirm that, I filed a bug report against msn messenger, wonder what will happen with that.
Hello,
After retrying, I tried the same function arguments that msn messenger 7.5 passes to advapi32. It seems that function _is_ allowed to define the flags CRYPT_NEWKEYSET and CRYPT_VERIFYCONTEXT at the same time.
I tried the same flags for advapi32 crosstest 'crypt' in linux and windows.
Linux: $ wine advapi32_crosstest.exe crypt crypt.c:198: Test failed: 0/80090009
windows 2000: Test didn't fail.
Patch attached. Note that second parameter must be NULL for this call to succeed.
Maarten
Hi Marteen, As you mentioned, I can confirm that this combination of flags is allowed only when the default container is specified (the second parameter pszContainer set to NULL). So, a small patch would consist of adding this flags combination to the same switch code of CRYPT_VERIFYCONTEXT. Could you please send the patching code along with the test to the patches list?. Thanks for pointing this behavior.
Mounir IDRASSI IDRIX - Cryptography and IT Security Experts http://www.idrix.fr
Maarten Lankhorst wrote:
Hello,
After retrying, I tried the same function arguments that msn messenger 7.5 passes to advapi32. It seems that function _is_ allowed to define the flags CRYPT_NEWKEYSET and CRYPT_VERIFYCONTEXT at the same time.
I tried the same flags for advapi32 crosstest 'crypt' in linux and windows.
Linux: $ wine advapi32_crosstest.exe crypt crypt.c:198: Test failed: 0/80090009
windows 2000: Test didn't fail.
Patch attached. Note that second parameter must be NULL for this call to succeed.
Maarten
-
Maarten Lankhorst -
Mounir IDRASSI