[PATCH v2 1/1] rsaenh: Use TomCrypt for hash implementations.

20 Aug 2025

From: Hans Leidekker hans@codeweavers.com
Some apps unload bcrypt which causes a crash if rsaenh is used afterwards.
---
 dlls/rsaenh/Makefile.in |  2 +-
 dlls/rsaenh/implglue.c  | 42 +++++++++++++++++++++++------------------
 dlls/rsaenh/implglue.h  | 14 +++++++++-----
 dlls/rsaenh/rsaenh.c    | 35 +++++++++++++++-------------------
 4 files changed, 49 insertions(+), 44 deletions(-)

diff --git a/dlls/rsaenh/Makefile.in b/dlls/rsaenh/Makefile.in
index 18fbb0fba20..ad77cd6a6da 100644
--- a/dlls/rsaenh/Makefile.in
+++ b/dlls/rsaenh/Makefile.in
@@ -1,6 +1,6 @@
 MODULE    = rsaenh.dll
 IMPORTLIB = rsaenh
-IMPORTS   = $(TOMCRYPT_PE_LIBS) bcrypt crypt32 advapi32
+IMPORTS   = $(TOMCRYPT_PE_LIBS) crypt32 advapi32
 EXTRAINCL = $(TOMCRYPT_PE_CFLAGS)
SOURCES = \
diff --git a/dlls/rsaenh/implglue.c b/dlls/rsaenh/implglue.c
index ffb6b3d49dc..900c620c9ef 100644
--- a/dlls/rsaenh/implglue.c
+++ b/dlls/rsaenh/implglue.c
@@ -34,52 +34,58 @@
 prng_state prng = { 0 };
 int wprng = 0;
-BOOL init_hash_impl(ALG_ID aiAlgid, BCRYPT_HASH_HANDLE *hash_handle)
+BOOL init_hash_impl( ALG_ID algid, struct hash *hash )
 {
-    switch (aiAlgid)
+    memset( hash, 0, sizeof(*hash) );
+
+    switch (algid)
     {
     case CALG_MD2:
-        return !BCryptCreateHash(BCRYPT_MD2_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);
+        hash->desc = &md2_desc;
+        break;
case CALG_MD4:
-        return !BCryptCreateHash(BCRYPT_MD4_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);
+        hash->desc = &md4_desc;
+        break;
case CALG_MD5:
-        return !BCryptCreateHash(BCRYPT_MD5_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);
+        hash->desc = &md5_desc;
+        break;
case CALG_SHA:
-        return !BCryptCreateHash(BCRYPT_SHA1_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);
+        hash->desc = &sha1_desc;
+        break;
case CALG_SHA_256:
-        return !BCryptCreateHash(BCRYPT_SHA256_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);
+        hash->desc = &sha256_desc;
+        break;
case CALG_SHA_384:
-        return !BCryptCreateHash(BCRYPT_SHA384_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);
+        hash->desc = &sha384_desc;
+        break;
case CALG_SHA_512:
-        return !BCryptCreateHash(BCRYPT_SHA512_ALG_HANDLE, hash_handle, NULL, 0, NULL, 0, 0);
+        hash->desc = &sha512_desc;
+        break;
default:
         return TRUE;
     }
-}
-BOOL update_hash_impl(BCRYPT_HASH_HANDLE hash_handle, const BYTE *pbData, DWORD dwDataLen)
-{
-    BCryptHashData(hash_handle, (UCHAR*)pbData, dwDataLen, 0);
+    hash->desc->init( &hash->state );
     return TRUE;
 }
-BOOL finalize_hash_impl(BCRYPT_HASH_HANDLE hash_handle, BYTE *hash_value, DWORD hash_size)
+BOOL update_hash_impl( struct hash *hash, const BYTE *data, DWORD len )
 {
-    BCryptFinishHash(hash_handle, hash_value, hash_size, 0);
-    BCryptDestroyHash(hash_handle);
+    hash->desc->process( &hash->state, data, len );
     return TRUE;
 }
-BOOL duplicate_hash_impl(BCRYPT_HASH_HANDLE src_hash_handle, BCRYPT_HASH_HANDLE *dest_hash_handle)
+BOOL finalize_hash_impl( struct hash *hash, BYTE *hash_value, DWORD hash_size )
 {
-    return !BCryptDuplicateHash(src_hash_handle, dest_hash_handle, NULL, 0, 0);
+    hash->desc->done( &hash->state, hash_value );
+    return TRUE;
 }
BOOL new_key_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen) 
diff --git a/dlls/rsaenh/implglue.h b/dlls/rsaenh/implglue.h
index ad497a81c1f..b0a518830ac 100644
--- a/dlls/rsaenh/implglue.h
+++ b/dlls/rsaenh/implglue.h
@@ -24,7 +24,6 @@
 #ifndef __WINE_IMPLGLUE_H
 #define __WINE_IMPLGLUE_H
-#include "bcrypt.h"
 #include "tomcrypt.h"
#define RSAENH_MAX_HASH_SIZE        104
@@ -38,10 +37,15 @@ typedef union tagKEY_CONTEXT {
 extern prng_state prng;
 extern int wprng;
-BOOL init_hash_impl(ALG_ID aiAlgid, BCRYPT_HASH_HANDLE *hash_handle);
-BOOL update_hash_impl(BCRYPT_HASH_HANDLE hash_handle, const BYTE *pbData, DWORD dwDataLen);
-BOOL finalize_hash_impl(BCRYPT_HASH_HANDLE hash_handle, BYTE *hash_value, DWORD hash_size);
-BOOL duplicate_hash_impl(BCRYPT_HASH_HANDLE src_hash_handle, BCRYPT_HASH_HANDLE *dest_hash_handle);
+struct hash
+{
+    const struct ltc_hash_descriptor *desc;
+    hash_state state;
+};
+
+BOOL init_hash_impl(ALG_ID algid, struct hash *hash);
+BOOL update_hash_impl(struct hash *hash, const BYTE *data, DWORD len);
+BOOL finalize_hash_impl(struct hash *hash, BYTE *hash_value, DWORD hash_size);
BOOL new_key_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen);
 BOOL free_key_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext);
diff --git a/dlls/rsaenh/rsaenh.c b/dlls/rsaenh/rsaenh.c
index b3d55d9db16..98363fe5087 100644
--- a/dlls/rsaenh/rsaenh.c
+++ b/dlls/rsaenh/rsaenh.c
@@ -68,7 +68,7 @@ typedef struct tagCRYPTHASH
     HCRYPTPROV   hProv;
     DWORD        dwHashSize;
     DWORD        dwState;
-    BCRYPT_HASH_HANDLE hash_handle;
+    struct hash  hash;
     BYTE         abHashValue[RSAENH_MAX_HASH_SIZE];
     PHMAC_INFO   pHMACInfo;
     RSAENH_TLS1PRF_PARAMS tpPRFParams;
@@ -663,7 +663,6 @@ static void destroy_hash(OBJECTHDR *pObject)
 {
     CRYPTHASH *pCryptHash = (CRYPTHASH*)pObject;
-    BCryptDestroyHash(pCryptHash->hash_handle);
     free_hmac_info(pCryptHash->pHMACInfo);
     free_data_blob(&pCryptHash->tpPRFParams.blobLabel);
     free_data_blob(&pCryptHash->tpPRFParams.blobSeed);
@@ -698,9 +697,8 @@ static inline BOOL init_hash(CRYPTHASH *pCryptHash) {
                     return FALSE;
                 }
                 pCryptHash->dwHashSize = pAlgInfo->dwDefaultLen >> 3;
-                init_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->hash_handle);
-                update_hash_impl(pCryptHash->hash_handle,
-                                 pCryptHash->pHMACInfo->pbInnerString, 
+                init_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->hash);
+                update_hash_impl(&pCryptHash->hash, pCryptHash->pHMACInfo->pbInnerString,
                                  pCryptHash->pHMACInfo->cbInnerString);
             }
             return TRUE;
@@ -713,7 +711,7 @@ static inline BOOL init_hash(CRYPTHASH *pCryptHash) {
             return TRUE;
default:
-            return init_hash_impl(pCryptHash->aiAlgid, &pCryptHash->hash_handle);
+            return init_hash_impl(pCryptHash->aiAlgid, &pCryptHash->hash);
     }
 }
@@ -737,7 +735,7 @@ static inline void update_hash(CRYPTHASH *pCryptHash, const BYTE *pbData, DWORD
     {
         case CALG_HMAC:
             if (pCryptHash->pHMACInfo) 
-                update_hash_impl(pCryptHash->hash_handle, pbData, dwDataLen);
+                update_hash_impl(&pCryptHash->hash, pbData, dwDataLen);
             break;
case CALG_MAC:
@@ -792,7 +790,7 @@ static inline void update_hash(CRYPTHASH *pCryptHash, const BYTE *pbData, DWORD
             break;
default:
-            update_hash_impl(pCryptHash->hash_handle, pbData, dwDataLen);
+            update_hash_impl(&pCryptHash->hash, pbData, dwDataLen);
     }
 }
@@ -816,16 +814,14 @@ static inline void finalize_hash(CRYPTHASH *pCryptHash)
             if (pCryptHash->pHMACInfo) {
                 BYTE abHashValue[RSAENH_MAX_HASH_SIZE];
-                finalize_hash_impl(pCryptHash->hash_handle, pCryptHash->abHashValue, pCryptHash->dwHashSize);
+                finalize_hash_impl(&pCryptHash->hash, pCryptHash->abHashValue, pCryptHash->dwHashSize);
                 memcpy(abHashValue, pCryptHash->abHashValue, pCryptHash->dwHashSize);
-                init_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->hash_handle);
-                update_hash_impl(pCryptHash->hash_handle,
-                                 pCryptHash->pHMACInfo->pbOuterString, 
+                init_hash_impl(pCryptHash->pHMACInfo->HashAlgid, &pCryptHash->hash);
+                update_hash_impl(&pCryptHash->hash, pCryptHash->pHMACInfo->pbOuterString,
                                  pCryptHash->pHMACInfo->cbOuterString);
-                update_hash_impl(pCryptHash->hash_handle,
-                                 abHashValue, pCryptHash->dwHashSize);
-                finalize_hash_impl(pCryptHash->hash_handle, pCryptHash->abHashValue, pCryptHash->dwHashSize);
-                pCryptHash->hash_handle = NULL;
+                update_hash_impl(&pCryptHash->hash, abHashValue, pCryptHash->dwHashSize);
+                finalize_hash_impl(&pCryptHash->hash, pCryptHash->abHashValue, pCryptHash->dwHashSize);
+                memset(&pCryptHash->hash, 0, sizeof(pCryptHash->hash));
             } 
             break;
@@ -842,8 +838,8 @@ static inline void finalize_hash(CRYPTHASH *pCryptHash)
             break;
default:
-            finalize_hash_impl(pCryptHash->hash_handle, pCryptHash->abHashValue, pCryptHash->dwHashSize);
-            pCryptHash->hash_handle = NULL;
+            finalize_hash_impl(&pCryptHash->hash, pCryptHash->abHashValue, pCryptHash->dwHashSize);
+            memset(&pCryptHash->hash, 0, sizeof(pCryptHash->hash));
     }
 }
@@ -2351,7 +2347,7 @@ BOOL WINAPI RSAENH_CPCreateHash(HCRYPTPROV hProv, ALG_ID Algid, HCRYPTKEY hKey,
     pCryptHash->hProv = hProv;
     pCryptHash->dwState = RSAENH_HASHSTATE_HASHING;
     pCryptHash->pHMACInfo = NULL;
-    pCryptHash->hash_handle = NULL;
+    memset(&pCryptHash->hash, 0, sizeof(pCryptHash->hash));
     pCryptHash->dwHashSize = peaAlgidInfo->dwDefaultLen >> 3;
     pCryptHash->buffered_hash_bytes = 0;
     init_data_blob(&pCryptHash->tpPRFParams.blobLabel);
@@ -2513,7 +2509,6 @@ BOOL WINAPI RSAENH_CPDuplicateHash(HCRYPTPROV hUID, HCRYPTHASH hHash, DWORD *pdw
     if (*phHash != (HCRYPTHASH)INVALID_HANDLE_VALUE)
     {
         *pDestHash = *pSrcHash;
-        duplicate_hash_impl(pSrcHash->hash_handle, &pDestHash->hash_handle);
         copy_hmac_info(&pDestHash->pHMACInfo, pSrcHash->pHMACInfo);
         copy_data_blob(&pDestHash->tpPRFParams.blobLabel, &pSrcHash->tpPRFParams.blobLabel);
         copy_data_blob(&pDestHash->tpPRFParams.blobSeed, &pSrcHash->tpPRFParams.blobSeed);
-- 
GitLab

https://gitlab.winehq.org/wine/wine/-/merge_requests/8785

    

2025

2024

2023

2022

[PATCH v2 1/1] rsaenh: Use TomCrypt for hash implementations.