Fixed ecdh_list_keys for some providers that report only ECDH, not EC…

…DH_P256
Yubico · Nov 4, 2021 · 351a56c · 351a56c
1 parent dd16407
commit 351a56c
Showing 1 changed file with 17 additions and 14 deletions.
diff --git a/common/ecdh.c b/common/ecdh.c
@@ -133,7 +133,8 @@ int ecdh_list_keys(int curve, void *ctx,
                    int (*callback)(void *ctx, const char *key)) {
   NCryptProviderName *names = 0;
   DWORD count = 0;
-  SECURITY_STATUS st = NCryptEnumStorageProviders(&count, &names, 0);
+  SECURITY_STATUS st =
+    NCryptEnumStorageProviders(&count, &names, NCRYPT_SILENT_FLAG);
   if (st) {
     mserror("NCryptEnumStorageProviders", st);
     return -1;
@@ -150,37 +151,42 @@ int ecdh_list_keys(int curve, void *ctx,
       while ((st = NCryptEnumKeys(prov, 0, &name, &state,
                                   NCRYPT_SILENT_FLAG |
                                     NCRYPT_MACHINE_KEY_FLAG)) == 0) {
-        if (!wcscmp(name->pszAlgid, algo[curve])) {
+        if (wcsstr(algo[curve], name->pszAlgid)) {
           sprintf_s(buf, sizeof(buf), "MACHINE:%ws:%ws", names[i].pszName,
                     name->pszName);
           callback(ctx, buf);
         }
         st = NCryptFreeBuffer(name);
+        name = 0;
         if (st) {
           mserror("NCryptFreeBuffer", st);
         }
       }
-      if (st && st != NTE_NO_MORE_ITEMS && st != NTE_BAD_FLAGS) {
+      if (st && st != NTE_NO_MORE_ITEMS && st != NTE_BAD_FLAGS &&
+          st != NTE_PERM) {
         mserror("NCryptEnumKeys", st);
       }
       st = NCryptFreeBuffer(state);
       if (st) {
         mserror("NCryptFreeBuffer", st);
       }
       state = 0;
+      name = 0;
       while ((st = NCryptEnumKeys(prov, 0, &name, &state,
                                   NCRYPT_SILENT_FLAG)) == 0) {
-        if (!wcscmp(name->pszAlgid, algo[curve])) {
+        if (wcsstr(algo[curve], name->pszAlgid)) {
           sprintf_s(buf, sizeof(buf), "%ws:%ws", names[i].pszName,
                     name->pszName);
           callback(ctx, buf);
         }
         st = NCryptFreeBuffer(name);
+        name = 0;
         if (st) {
           mserror("NCryptFreeBuffer", st);
         }
       }
-      if (st && st != NTE_NO_MORE_ITEMS && st != NTE_BAD_FLAGS) {
+      if (st && st != NTE_NO_MORE_ITEMS && st != NTE_BAD_FLAGS &&
+          st != NTE_PERM) {
         mserror("NCryptEnumKeys", st);
       }
       st = NCryptFreeBuffer(state);
@@ -220,9 +226,8 @@ void ncrypt_parse_name(wchar_t *name, const wchar_t **prov, const wchar_t **key,
   *flags = _wcsicmp(sys, L"MACHINE") ? 0 : NCRYPT_MACHINE_KEY_FLAG;
 }
 
-static SECURITY_STATUS ncrypt_open_key(const char *keyname,
-                                       NCRYPT_PROV_HANDLE *ph,
-                                       NCRYPT_KEY_HANDLE *kh) {
+SECURITY_STATUS ncrypt_open_key(const char *keyname, NCRYPT_PROV_HANDLE *ph,
+                                NCRYPT_KEY_HANDLE *kh) {
   size_t n = 0;
   wchar_t buf[2048] = {0};
   mbstowcs_s(&n, buf, _countof(buf), keyname, _TRUNCATE);
@@ -407,16 +412,15 @@ int ecdh_generate_keypair_ex(int curve, const char *privkey, uint8_t *pubkey,
     goto err;
   }
 
-  rc = 1 + 2 * blob->cbKey;
-
-  if (cb_pubkey < rc) {
+  if (cb_pubkey < 1 + 2ull * blob->cbKey) {
     rc = -6;
     goto err;
   }
 
   *pubkey = 4;
   memcpy(pubkey + 1, buf + sizeof(BCRYPT_ECCKEY_BLOB), 2ull * blob->cbKey);
 
+  rc = 1 + 2 * blob->cbKey;
 err:
   NCryptFreeObject(priv);
   NCryptFreeObject(prov);
@@ -452,16 +456,15 @@ int ecdh_calculate_public_key_ex(int curve, const char *privkey,
     goto err;
   }
 
-  rc = 1 + 2 * blob->cbKey;
-
-  if (cb_pubkey < rc) {
+  if (cb_pubkey < 1 + 2ull * blob->cbKey) {
     rc = -4;
     goto err;
   }
 
   *pubkey = 4;
   memcpy(pubkey + 1, buf + sizeof(BCRYPT_ECCKEY_BLOB), 2ull * blob->cbKey);
 
+  rc = 1 + 2 * blob->cbKey;
 err:
   NCryptFreeObject(priv);
   NCryptFreeObject(prov);