Closed Forst closed 6 years ago
Thanks for the report.
Despite many people (including myself) using the latest fully patched Windows 10, you are the only person reporting this, so I logically have to suspect that this has to do more with something that is specific to your environment, as opposed to something that Microsoft may have broken for everybody.
For one thing, I certainly cannot replicate this issue.
From the error you are getting (Invalid algorithm specified
), and from the code in CreateSelfSignedCert()
, the only possibility I see is that, somehow, your Windows configuration disabled the use of SHA-256 RSA implementation (szOID_RSA_SHA256RSA
), as this is the only way I see where you would get Unknown/Invalid cryptographic algorithm as an error.
I know that, for instance, Local Group Policy settings can disable the use of some cryptographic algorithms, though that should be for obsolete or potentially vulnerable ones, which SHA-256 isn't.
What happens if you try on a different Windows 10 platform?
I succeeded in reproducing this issue on a new installation of Windows 10. The problem is caused by CryptoPro CSP – a crypto provider implementing support for Russian cryptographic algorithms. Trying it with CSP version 5.0.10874.
If my understanding is correct, Windows can have multiple crypto providers installed and can choose whichever one it needs. Zadig perhaps picks the first available one, which happens to be CryptoPro?
If my understanding is correct, Windows can have multiple crypto providers installed and can choose whichever one it needs.
Which is already what we do. We explicitly request PROV_RSA_FULL
which is the RSA provider, and should still provide the szOID_RSA_SHA256RSA
algorithm that we need.
The fact that this fails seems to indicate that CryptoPro CSP is actually trying to replace the RSA provider, instead of installing itself as an additional provider, which, if true, is very bad practice and suspicious...
For the record, this is the part where we select the Cryptographic Service Provider, so we are most certainly expecting to have properly selected the RSA version, rather than an additional provider, if this call succeed (which it does).
Which means that, if after we explicitly told Windows we wanted to use the RSA CSP for our PKI needs, Windows tells us that szOID_RSA_SHA256RSA
is unavailable, it logically means that your CryptoPro CSP has altered the RSA provider, which is not something it should ever do if it is meant to coexist with existing providers, and again, sounds exceedingly suspicious...
At this stage, considering that the problem is external to libwdi/Zadig and that I am certainly not planning to go out of my way to add support for non native CSP, especially if they prevent native CSP from being used, I will simply close this issue. If you are unhappy with that, I will kindly request that you alter the PKI code yourself to use your CSP, and recompile your own version.
Thank you very much for a thorough explanation!
It is indeed trying to reimplement RSA and ECDSA if you tell it to, however it's not the default option, that might explain why nobody encountered this issue before.
For the record, in case anyone else gets hit by this. What one has to do is to uncheck "Support for RSA/ECDSA cryptoproviders" in Add/remove programs for CryptoPro CSP, which removes relevant broken components and thus fixes the problem.
Hello!
I am unable to install the WinUSB (or any other, in fact) driver for my RTL-SDR stick. My wild guess is that the latest Windows 10 update removed some obsolete ciphers/hashes/whatever, as it's complaining about an invalid algorithm:
(translates as "Invalid algorithm specified")
Full log attached below.