For master windows build dsa.h is now needed.

[openssl.git] / engines / e_capi.c
diff --git a/engines/e_capi.c b/engines/e_capi.c

index d8d976d2e13ee5eac784d7c51b4aa9e0d5447af4..41257ad568377eac7d52aba242ad77439e6013f0 100644 (file)
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -64,6 +64,7 @@
  #include <openssl/buffer.h>
  #include <openssl/bn.h>
  #include <openssl/rsa.h>
+#include <openssl/dsa.h>
  
  #ifndef _WIN32_WINNT
  #define _WIN32_WINNT 0x0400
@@ -114,6 +115,26 @@
  #define CERT_SYSTEM_STORE_CURRENT_USER                 0x00010000
  #endif 
  
+#ifndef        ALG_SID_SHA_256
+       #define ALG_SID_SHA_256                 12
+#endif
+#ifndef        ALG_SID_SHA_384
+       #define ALG_SID_SHA_384                 13
+#endif
+#ifndef        ALG_SID_SHA_512
+       #define ALG_SID_SHA_512                 14
+#endif
+
+#ifndef        CALG_SHA_256
+       #define CALG_SHA_256            (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
+#endif
+#ifndef        CALG_SHA_384
+       #define CALG_SHA_384            (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
+#endif
+#ifndef        CALG_SHA_512
+       #define CALG_SHA_512            (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
+#endif
+
  #include <openssl/engine.h>
  #include <openssl/pem.h>
  #include <openssl/x509v3.h>
@@ -320,6 +341,11 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
                 }
         ctx = ENGINE_get_ex_data(e, capi_idx);
         out = BIO_new_fp(stdout, BIO_NOCLOSE);
+       if (out == NULL)
+               {
+               CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_FILE_OPEN_ERROR);
+               return 0;
+               }
         switch (cmd)
                 {
                 case CAPI_CMD_LIST_CSPS:
@@ -386,6 +412,7 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
                 if (i < 1 || i > 3)
                         {
                         CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
+                       BIO_free(out);
                         return 0;
                         }
                 ctx->lookup_method = i;
@@ -821,6 +848,18 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
  /* Convert the signature type to a CryptoAPI algorithm ID */
         switch(dtype)
                 {
+       case NID_sha256:
+               alg = CALG_SHA_256;
+               break;
+
+       case NID_sha384:
+               alg = CALG_SHA_384;
+               break;
+
+       case NID_sha512:
+               alg = CALG_SHA_512;
+               break;
+
         case NID_sha1:
                 alg = CALG_SHA1;
                 break;
@@ -1049,6 +1088,11 @@ static void capi_vtrace(CAPI_CTX *ctx, int level, char *format, va_list argptr)
         if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
                 return;
         out = BIO_new_file(ctx->debug_file, "a+");
+       if (out == NULL)
+               {
+               CAPIerr(CAPI_F_CAPI_VTRACE, CAPI_R_FILE_OPEN_ERROR);
+               return;
+               }
         BIO_vprintf(out, format, argptr);
         BIO_free(out);
         }
@@ -1116,13 +1160,16 @@ static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD id
                 capi_adderror(err);
                 return 0;
                 }
-       if (sizeof(TCHAR) != sizeof(char))
-               name = alloca(len);
-       else
-               name = OPENSSL_malloc(len);
+       name = OPENSSL_malloc(len);
+       if (name == NULL)
+               {
+               CAPIerr(CAPI_F_CAPI_GET_PROVNAME, ERR_R_MALLOC_FAILURE);
+               return 0;
+               }
         if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len))
                 {
                 err = GetLastError();
+               OPENSSL_free(name);
                 if (err == ERROR_NO_MORE_ITEMS)
                         return 2;
                 CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
@@ -1130,7 +1177,12 @@ static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD id
                 return 0;
                 }
         if (sizeof(TCHAR) != sizeof(char))
+               {
                 *pname = wide_to_asc((WCHAR *)name);
+               OPENSSL_free(name);
+               if (*pname == NULL)
+                       return 0;
+               }
         else
                 *pname = (char *)name;
         CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", *pname, *ptype);
@@ -1193,6 +1245,7 @@ static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
                 {
                 CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
                 capi_addlasterror();
+               CryptReleaseContext(hprov, 0);
                 return 0;
                 }
         CAPI_trace(ctx, "Got max container len %d\n", buflen);
@@ -1298,6 +1351,8 @@ char * capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
         if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
                 return NULL;
         wfname = OPENSSL_malloc(dlen);
+       if (wfname == NULL)
+               return NULL;
         if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen))
                 {
                 char *fname = wide_to_asc(wfname);
@@ -1459,7 +1514,10 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE h
  static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const TCHAR *contname, TCHAR *provname, DWORD ptype, DWORD keyspec)
         {
         CAPI_KEY *key;
+       DWORD dwFlags = 0; 
         key = OPENSSL_malloc(sizeof(CAPI_KEY));
+       if (key == NULL)
+               return NULL;
         if (sizeof(TCHAR)==sizeof(char))
                 CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
                                                 contname, provname, ptype);
@@ -1474,7 +1532,9 @@ static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const TCHAR *contname, TCHAR *provn
                 if (_provname) OPENSSL_free(_provname);
                 if (_contname) OPENSSL_free(_contname);
                 }
-       if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, 0))
+       if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+               dwFlags = CRYPT_MACHINE_KEYSET;
+       if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, dwFlags))
                 {
                 CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
                 capi_addlasterror();
@@ -1659,6 +1719,8 @@ static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int che
                         }
                 CryptReleaseContext(hprov, 0);
                 }
+       if (ctx->cspname)
+               OPENSSL_free(ctx->cspname);
         ctx->cspname = BUF_strdup(pname);
         ctx->csptype = type;
         return 1;
@@ -1668,9 +1730,12 @@ static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
         {
         LPSTR pname;
         DWORD type;
+       int res;
         if (capi_get_provname(ctx, &pname, &type, idx) != 1)
                 return 0;
-       return capi_ctx_set_provname(ctx, pname, type, 0);
+       res = capi_ctx_set_provname(ctx, pname, type, 0);
+       OPENSSL_free(pname);
+       return res;
         }
  
  static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)