From 351a56c53953d2d129751999458465203fcd588e Mon Sep 17 00:00:00 2001 From: Per Nilsson Date: Wed, 3 Nov 2021 13:52:30 +0100 Subject: [PATCH] Fixed ecdh_list_keys for some providers that report only ECDH, not ECDH_P256 --- common/ecdh.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/common/ecdh.c b/common/ecdh.c index 983e4785..e2f707ef 100644 --- a/common/ecdh.c +++ b/common/ecdh.c @@ -133,7 +133,8 @@ int ecdh_list_keys(int curve, void *ctx, int (*callback)(void *ctx, const char *key)) { NCryptProviderName *names = 0; DWORD count = 0; - SECURITY_STATUS st = NCryptEnumStorageProviders(&count, &names, 0); + SECURITY_STATUS st = + NCryptEnumStorageProviders(&count, &names, NCRYPT_SILENT_FLAG); if (st) { mserror("NCryptEnumStorageProviders", st); return -1; @@ -150,17 +151,19 @@ int ecdh_list_keys(int curve, void *ctx, while ((st = NCryptEnumKeys(prov, 0, &name, &state, NCRYPT_SILENT_FLAG | NCRYPT_MACHINE_KEY_FLAG)) == 0) { - if (!wcscmp(name->pszAlgid, algo[curve])) { + if (wcsstr(algo[curve], name->pszAlgid)) { sprintf_s(buf, sizeof(buf), "MACHINE:%ws:%ws", names[i].pszName, name->pszName); callback(ctx, buf); } st = NCryptFreeBuffer(name); + name = 0; if (st) { mserror("NCryptFreeBuffer", st); } } - if (st && st != NTE_NO_MORE_ITEMS && st != NTE_BAD_FLAGS) { + if (st && st != NTE_NO_MORE_ITEMS && st != NTE_BAD_FLAGS && + st != NTE_PERM) { mserror("NCryptEnumKeys", st); } st = NCryptFreeBuffer(state); @@ -168,19 +171,22 @@ int ecdh_list_keys(int curve, void *ctx, mserror("NCryptFreeBuffer", st); } state = 0; + name = 0; while ((st = NCryptEnumKeys(prov, 0, &name, &state, NCRYPT_SILENT_FLAG)) == 0) { - if (!wcscmp(name->pszAlgid, algo[curve])) { + if (wcsstr(algo[curve], name->pszAlgid)) { sprintf_s(buf, sizeof(buf), "%ws:%ws", names[i].pszName, name->pszName); callback(ctx, buf); } st = NCryptFreeBuffer(name); + name = 0; if (st) { mserror("NCryptFreeBuffer", st); } } - if (st && st != NTE_NO_MORE_ITEMS && st != NTE_BAD_FLAGS) { + if (st && st != NTE_NO_MORE_ITEMS && st != NTE_BAD_FLAGS && + st != NTE_PERM) { mserror("NCryptEnumKeys", st); } st = NCryptFreeBuffer(state); @@ -220,9 +226,8 @@ void ncrypt_parse_name(wchar_t *name, const wchar_t **prov, const wchar_t **key, *flags = _wcsicmp(sys, L"MACHINE") ? 0 : NCRYPT_MACHINE_KEY_FLAG; } -static SECURITY_STATUS ncrypt_open_key(const char *keyname, - NCRYPT_PROV_HANDLE *ph, - NCRYPT_KEY_HANDLE *kh) { +SECURITY_STATUS ncrypt_open_key(const char *keyname, NCRYPT_PROV_HANDLE *ph, + NCRYPT_KEY_HANDLE *kh) { size_t n = 0; wchar_t buf[2048] = {0}; mbstowcs_s(&n, buf, _countof(buf), keyname, _TRUNCATE); @@ -407,9 +412,7 @@ int ecdh_generate_keypair_ex(int curve, const char *privkey, uint8_t *pubkey, goto err; } - rc = 1 + 2 * blob->cbKey; - - if (cb_pubkey < rc) { + if (cb_pubkey < 1 + 2ull * blob->cbKey) { rc = -6; goto err; } @@ -417,6 +420,7 @@ int ecdh_generate_keypair_ex(int curve, const char *privkey, uint8_t *pubkey, *pubkey = 4; memcpy(pubkey + 1, buf + sizeof(BCRYPT_ECCKEY_BLOB), 2ull * blob->cbKey); + rc = 1 + 2 * blob->cbKey; err: NCryptFreeObject(priv); NCryptFreeObject(prov); @@ -452,9 +456,7 @@ int ecdh_calculate_public_key_ex(int curve, const char *privkey, goto err; } - rc = 1 + 2 * blob->cbKey; - - if (cb_pubkey < rc) { + if (cb_pubkey < 1 + 2ull * blob->cbKey) { rc = -4; goto err; } @@ -462,6 +464,7 @@ int ecdh_calculate_public_key_ex(int curve, const char *privkey, *pubkey = 4; memcpy(pubkey + 1, buf + sizeof(BCRYPT_ECCKEY_BLOB), 2ull * blob->cbKey); + rc = 1 + 2 * blob->cbKey; err: NCryptFreeObject(priv); NCryptFreeObject(prov);