[PATCH 8/8] crypt32: Do not reject key usage data longer than 1 byte.

28 Jan 2025

From: Dmitry Timoshkov dmitry@baikal.ru
At least there are certificates with 2 and 4 bytes of key usage data.
Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru
---
 dlls/crypt32/chain.c | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index f03bc6c1a7b..e7c7afe9147 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -1737,13 +1737,6 @@ static BOOL CRYPT_KeyUsageValid(CertificateChainEngine *engine,
          &usage, &size);
         if (!ret)
             return FALSE;
-        else if (usage.cbData > 2)
-        {
-            /* The key usage extension only defines 9 bits => no more than 2
-             * bytes are needed to encode all known usages.
-             */
-            return FALSE;
-        }
         else
         {
             /* The only bit relevant to chain validation is the keyCertSign
-- 
GitLab

https://gitlab.winehq.org/wine/wine/-/merge_requests/7215

    

2025

2024

2023

2022

[PATCH 8/8] crypt32: Do not reject key usage data longer than 1 byte.