update: fix URL in signature check / use bcrypt API on Windows
The URL used contains the platform. Regression from c79116dc.
All the bcrypt API's used are available since Vista and in UWP.
Merge request reports
Activity
changed milestone to %4.0
added Component::Core Platform::Windows desktop labels
added MRStatus::Reviewable label
741 762 742 763 743 764 /* final part of the hash */ 744 static uint8_t *hash_finish( gcry_md_hd_t hd, signature_packet_t *p_sig ) 765 static uint8_t *hash_finish( vlc_crypto_t hd, signature_packet_t *p_sig ) 745 766 { 746 767 if( p_sig->version == 3 ) 747 768 { 748 gcry_md_putc( hd, p_sig->type ); 749 gcry_md_write( hd, &p_sig->specific.v3.timestamp, 4 ); 769 vlc_crypto_putc( hd, p_sig->type ); 770 vlc_crypto_write( hd, p_sig->specific.v3.timestamp, 4 ); BTW this was likely wrong in the first place. It was writing the pointer value of the table, not the values of the table. So it was probably never working.
Should we just remove support for the v3 signature version ? I don't see the point in signing VLC 4 with this.
Also security-wise if someone to forge a v3 version because it's easier (I suppose that's why there's a v4), we should avoid validating such signatures.
cc @jbk
Edited by Steve Lhomme
requested review from @jbk
added MRStatus::WaitingForReviewerFeedback label and removed MRStatus::Reviewable label
