[xmlsec] mscrypto SHA-2 patch

Roumen Petrov xmlsec at roumenpetrov.info
Thu Jan 14 14:59:49 PST 2010 

Tomáš Stejskal wrote:
> The patch had mixed newlines, here is in CRLF format.
>
> 2010/1/14 Tomáš Stejskal<tom.stejskal at gmail.com>:
>> Hi,
>>
>> I added support for SHA-2 digests (SHA-256, SHA-384 and SHA-512) into
>> the mscrypto module, the code works with Windows XP SP3 and higher.
>> The attached patch is against version 1.2.14.
>>
>> Tom Stejskal

about defines

#define CALG_XXX  why is not in form #define CALG_XXX 
(ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_XXX) ?


#define MS_ENH_RSA_AES_PROV_XP and MS_ENH_RSA_AES_PROV_VISTA why ?
What are MSDN define for those ? I guess  just MS_ENH_RSA_AES_PROV 
defined to MS_ENH_RSA_AES_PROV_{A|W} . Also why _VISTA what about 2003 ?

For windows 5.1  (XP) the name is "XXX (Prototype)" and for subsequent 
release just "XXX". How is better to implement this - command line 
parameter , automatically to detect ?

Based on you post  MSDN is not correct for _SHA_XXX where XXX is 256 
384 512. MSDN say  for XP and W2K - algorithm is not supported.

Did provider name "Microsoft Enhanced RSA and AES Cryptographic 
Provider" work on XP SP3 ?

Based on this may be is better if not defined to define only 
MS_ENH_RSA_AES_PROV_{A|W} depending from value of _WIN32_WINNT(?) , i.e.:
==============
#if (_WIN32_WINNT == 0x0501)
#define MS_ENH_RSA_AES_PROV_A "XXX (Prototype)"
#define MS_ENH_RSA_AES_PROV_W L"XXX (Prototype)"
#elif (_WIN32_WINNT > 0x0501)
#define MS_ENH_RSA_AES_PROV_A "XXX"
#define MS_ENH_RSA_AES_PROV_W L"XXX"
#endif

#if (_WIN32_WINNT >= 0x0501)
#ifdef UNICODE
#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_W
#else
#define MS_ENH_RSA_AES_PROV MS_ENH_RSA_AES_PROV_A
#endif
==============


Other comments:
------------------
-        if (!CryptAcquireContext(&hProv,
+		if (ctx->providerType = 1)
+		{
+			if (!CryptAcquireContext(&hProv, NULL, MS_ENH_RSA_AES_PROV_XP,
+				24, CRYPT_VERIFYCONTEXT))
+			{
+				CryptAcquireContext(&hProv, NULL, MS_ENH_RSA_AES_PROV_VISTA,
+					24, CRYPT_VERIFYCONTEXT);
+			}
+		}
+		if ((hProv == 0) && !CryptAcquireContext(&hProv,
------------------
Where providerType  is set to value different from PROV_RSA_FULL (i.e. 1) ?

Return value is not checked (one same is above) !

Conversion from wide to ansi for container name . This may be is valid 
only if is not defined UNICODE.

Roumen

More information about the xmlsec mailing list