Use SHA512 instead of SHA1.

#3992

4 files changed, 9 insertions, 9 deletions

diff --git a/src/engine/cache.cpp b/src/engine/cache.cpp
index 92a79eb9..2349a357 100644
--- a/src/engine/cache.cpp
+++ b/src/engine/cache.cpp
@@ -273,7 +273,7 @@ extern "C" HRESULT CacheCalculatePayloadWorkingPath(
     ExitOnFailure(hr, "Failed to get working folder for payload.");
 
     hr = StrAllocConcat(psczWorkingPath, pPayload->sczKey, 0);
-    ExitOnFailure(hr, "Failed to append SHA1 hash as payload unverified path.");
+    ExitOnFailure(hr, "Failed to append Id as payload unverified path.");
 
 LExit:
     return hr;
@@ -291,7 +291,7 @@ extern "C" HRESULT CacheCalculateContainerWorkingPath(
     ExitOnFailure(hr, "Failed to get working folder for container.");
 
     hr = StrAllocConcat(psczWorkingPath, pContainer->sczHash, 0);
-    ExitOnFailure(hr, "Failed to append SHA1 hash as container unverified path.");
+    ExitOnFailure(hr, "Failed to append hash as container unverified path.");
 
 LExit:
     return hr;
@@ -1750,23 +1750,23 @@ static HRESULT VerifyHash(
     UNREFERENCED_PARAMETER(wzUnverifiedPayloadPath);
 
     HRESULT hr = S_OK;
-    BYTE rgbActualHash[SHA1_HASH_LEN] = { };
+    BYTE rgbActualHash[SHA512_HASH_LEN] = { };
     DWORD64 qwHashedBytes;
     LPWSTR pszExpected = NULL;
     LPWSTR pszActual = NULL;
 
     // TODO: create a cryp hash file that sends progress.
-    hr = CrypHashFileHandle(hFile, PROV_RSA_FULL, CALG_SHA1, rgbActualHash, sizeof(rgbActualHash), &qwHashedBytes);
+    hr = CrypHashFileHandle(hFile, PROV_RSA_AES, CALG_SHA_512, rgbActualHash, sizeof(rgbActualHash), &qwHashedBytes);
     ExitOnFailure(hr, "Failed to calculate hash for path: %ls", wzUnverifiedPayloadPath);
 
     // Compare hashes.
-    if (cbHash != sizeof(rgbActualHash) || 0 != memcmp(pbHash, rgbActualHash, SHA1_HASH_LEN))
+    if (cbHash != sizeof(rgbActualHash) || 0 != memcmp(pbHash, rgbActualHash, SHA512_HASH_LEN))
     {
         hr = CRYPT_E_HASH_VALUE;
 
         // Best effort to log the expected and actual hash value strings.
         if (SUCCEEDED(StrAllocHexEncode(pbHash, cbHash, &pszExpected)) &&
-            SUCCEEDED(StrAllocHexEncode(rgbActualHash, SHA1_HASH_LEN, &pszActual)))
+            SUCCEEDED(StrAllocHexEncode(rgbActualHash, (SIZE_T)qwHashedBytes, &pszActual)))
         {
             ExitOnFailure(hr, "Hash mismatch for path: %ls, expected: %ls, actual: %ls", wzUnverifiedPayloadPath, pszExpected, pszActual);
         }
diff --git a/src/engine/cache.h b/src/engine/cache.h
index f8ad2a90..a00c50b7 100644
--- a/src/engine/cache.h
+++ b/src/engine/cache.h
@@ -16,7 +16,7 @@ HRESULT CacheInitialize(
     __in_z_opt LPCWSTR wzSourceProcessPath
     );
 HRESULT CacheEnsureWorkingFolder(
-    __in_z LPCWSTR wzBundleId,
+    __in_z_opt LPCWSTR wzBundleId,
     __deref_out_z_opt LPWSTR* psczWorkingFolder
     );
 HRESULT CacheCalculateBundleWorkingPath(
diff --git a/src/engine/externalengine.cpp b/src/engine/externalengine.cpp
index f9a06437..26ab9fba 100644
--- a/src/engine/externalengine.cpp
+++ b/src/engine/externalengine.cpp
@@ -288,7 +288,7 @@ HRESULT ExternalEngineSetUpdate(
     {
         hr = E_INVALIDARG;
     }
-    else if (BOOTSTRAPPER_UPDATE_HASH_TYPE_SHA1 == hashType && (SHA1_HASH_LEN != cbHash || !rgbHash))
+    else if (BOOTSTRAPPER_UPDATE_HASH_TYPE_SHA512 == hashType && (SHA512_HASH_LEN != cbHash || !rgbHash))
     {
         hr = E_INVALIDARG;
     }
diff --git a/src/engine/userexperience.cpp b/src/engine/userexperience.cpp
index 84e88718..40a30c5d 100644
--- a/src/engine/userexperience.cpp
+++ b/src/engine/userexperience.cpp
@@ -111,7 +111,7 @@ extern "C" HRESULT UserExperienceLoad(
     args.pCommand = pCommand;
     args.pfnBootstrapperEngineProc = EngineForApplicationProc;
     args.pvBootstrapperEngineProcContext = pEngineContext;
-    args.qwEngineAPIVersion = MAKEQWORDVERSION(2021, 2, 24, 0);
+    args.qwEngineAPIVersion = MAKEQWORDVERSION(2021, 3, 2, 0);
 
     results.cbSize = sizeof(BOOTSTRAPPER_CREATE_RESULTS);