From ba684c82545935d6ea3c667680e22b9df7725dad Mon Sep 17 00:00:00 2001 From: kloploid Date: Fri, 15 May 2026 12:12:02 +0300 Subject: [PATCH] Use SHA-512 algorithm for SHA-512 RSA-PSS signing in CNG backend The SHA-512 branch of the PSS padding switch in QCNG::sign() set pszAlgId to NCRYPT_SHA256_ALGORITHM with salt length 64, which made CNG sign with MGF1-SHA256 while the advertised XML-DSIG method is sha512-rsa-MGF1. The PKCS#11 backend correctly uses CKG_MGF1_SHA512 for the same case (QPKCS11.cpp). Signed-off-by: kloploid --- client/QCNG.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/QCNG.cpp b/client/QCNG.cpp index 7107299e5..441b6ec95 100644 --- a/client/QCNG.cpp +++ b/client/QCNG.cpp @@ -290,7 +290,7 @@ QByteArray QCNG::sign(QCryptographicHash::Algorithm type, const QByteArray &dige case QCryptographicHash::Sha224: rsaPSS = { L"SHA224", 24 }; break; case QCryptographicHash::Sha256: rsaPSS = { NCRYPT_SHA256_ALGORITHM, 32 }; break; case QCryptographicHash::Sha384: rsaPSS = { NCRYPT_SHA384_ALGORITHM, 48 }; break; - case QCryptographicHash::Sha512: rsaPSS = { NCRYPT_SHA256_ALGORITHM, 64 }; break; + case QCryptographicHash::Sha512: rsaPSS = { NCRYPT_SHA512_ALGORITHM, 64 }; break; default: return NTE_INVALID_PARAMETER; } BCRYPT_PKCS1_PADDING_INFO rsaPKCS1 { rsaPSS.pszAlgId };