Wintrust: use enhanced provider in VerifyImageHash Accepted

Revisions: 

Revision 3

user image Marko Friedemann Author
02 Aug. 17

Latest Star Wars: The Old Republic fails to start (certificate verification failure).

Running with +wintrust revealed that it failed to verify the hash, HRESULT NTE_BAD_ALGID (80090008).

I propose to change the CryptAcquireContextW call to explicitly ask for the enhanced provider, as discussed in
https://stackoverflow.com/a/10294881

Marko

user image Marko Friedemann Author
02 Aug. 17

Patch fixes the issue, as I am playing right now.

Issue was caused by a new launcher released today, which is apparently signed with SHA256 (and causes issues on people's ancient Windows boxes as well).

user image Sebastian Lackner
03 Aug. 17

Thanks, the patch has been added.

Single files Merged diff Tar archive
You have unsaved changes. Press CTRL + ENTER in a text field to submit your comments.

0001-Wintrust-use-enhanced-crypto-provider-in-VerifyImage.patch

From 67d4121dffda03da078c1d36a8090c071dd3b2b5 Mon Sep 17 00:00:00 2001
From: Marko Friedemann <marko@friedemann.email>
Date: Wed, 2 Aug 2017 01:56:39 +0200
Subject: Wintrust: use enhanced crypto provider in VerifyImageHash
Softpub VerifyImageHash uses the default crypto provider and fails for
certificates using SHA256 et al. with NTE_BAD_ALGID (80090008).
Fixes startup cert error with SWTOR launcher as-of 2017-08-01.
---
dlls/wintrust/softpub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dlls/wintrust/softpub.c b/dlls/wintrust/softpub.c
index 35c0d7b..0c04001 100644
--- a/dlls/wintrust/softpub.c
+++ b/dlls/wintrust/softpub.c
@@ -349,7 +349,7 @@ static DWORD SOFTPUB_VerifyImageHash(CRYPT_PROVIDER_DATA *data, HANDLE file)
if (!prov)
{
- if (!CryptAcquireContextW(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
+ if (!CryptAcquireContextW(&prov, NULL, MS_ENH_RSA_AES_PROV_W, PROV_RSA_AES, CRYPT_VERIFYCONTEXT))
return GetLastError();
release_prov = TRUE;
}
--
1.9.1