From bc6871e8626e34f3ece3962bdd79b0b57b4b791f Mon Sep 17 00:00:00 2001 From: dkulwin Date: Thu, 29 Oct 2015 15:46:37 -0500 Subject: [PATCH] Add CNG manual memory management code to support Vista Windows 7 improved the memory management in CNG. To support Vista we need to manage memory for cryptographic objects ourselves. This change adds a key object memory pointer to the cipher context and adds code to allocate and free it along with the key handle. --- contrib/win32/win32compat/cng_cipher.c | 18 ++++++++++++++++-- contrib/win32/win32compat/cng_cipher.h | 1 + 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/contrib/win32/win32compat/cng_cipher.c b/contrib/win32/win32compat/cng_cipher.c index 208e75b..d3d756a 100644 --- a/contrib/win32/win32compat/cng_cipher.c +++ b/contrib/win32/win32compat/cng_cipher.c @@ -216,6 +216,7 @@ unsigned int cng_cipher_init(PSSH_CNG_CIPHER_CTX x, const unsigned char *key, un DWORD cbData = 0; LPCWSTR pAlg = NULL; DWORD cbBlockLen = 0; + DWORD cbKeyObject = 0; if ((0 == (flags & _CNG_CIPHER_AES)) || (0 == (flags & (_CNG_MODE_CBC | _CNG_MODE_CTR)))) return STATUS_INVALID_PARAMETER; @@ -281,12 +282,23 @@ unsigned int cng_cipher_init(PSSH_CNG_CIPHER_CTX x, const unsigned char *key, un } if (status == S_OK) + { + status = BCryptGetProperty( + hAlg, + BCRYPT_OBJECT_LENGTH, + (PBYTE)cbKeyObject, + sizeof(DWORD), + &cbData, + 0); + } + + if ((status == S_OK) && (x->pKeyObject = (PBYTE)HeapAlloc(GetProcessHeap(),0,cbKeyObject))) { status = BCryptGenerateSymmetricKey( hAlg, &(x->hKey), - NULL, - 0, + x->pKeyObject, + cbKeyObject, (PBYTE)key, keylen, 0); @@ -310,6 +322,8 @@ void cng_cipher_cleanup(PSSH_CNG_CIPHER_CTX x) HeapFree(GetProcessHeap(), 0, x->pbIV); if (x->hKey) BCryptDestroyKey(x->hKey); + if (x->pKeyObject) + HeapFree(GetProcessHeap(), 0, x->pKeyObject); } #endif \ No newline at end of file diff --git a/contrib/win32/win32compat/cng_cipher.h b/contrib/win32/win32compat/cng_cipher.h index 80b4a31..ef35de0 100644 --- a/contrib/win32/win32compat/cng_cipher.h +++ b/contrib/win32/win32compat/cng_cipher.h @@ -63,6 +63,7 @@ extern "C" { unsigned char * pbIV; unsigned int cbBlockSize; unsigned int flags; + PBYTE pKeyObject; } SSH_CNG_CIPHER_CTX, *PSSH_CNG_CIPHER_CTX;