Add support for SHA2 in CAPI ENGINE.

[openssl.git] / engines / e_capi.c

diff --git a/engines/e_capi.c b/engines/e_capi.c
index 791629f0839f441aa33063b76934b2af5c64f3af..d4221cbae3f24e6a18a38f5ea4db7815e7cc71d6 100644 (file)
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -114,6 +114,26 @@
 #define CERT_SYSTEM_STORE_CURRENT_USER                 0x00010000
 #endif 
 
+#ifndef        ALG_SID_SHA_256
+       #define ALG_SID_SHA_256                 12
+#endif
+#ifndef        ALG_SID_SHA_384
+       #define ALG_SID_SHA_384                 13
+#endif
+#ifndef        ALG_SID_SHA_512
+       #define ALG_SID_SHA_512                 14
+#endif
+
+#ifndef        CALG_SHA_256
+       #define CALG_SHA_256            (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
+#endif
+#ifndef        CALG_SHA_384
+       #define CALG_SHA_384            (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
+#endif
+#ifndef        CALG_SHA_512
+       #define CALG_SHA_512            (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
+#endif
+
 #include <openssl/engine.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
@@ -821,6 +841,18 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
 /* Convert the signature type to a CryptoAPI algorithm ID */
        switch(dtype)
                {
+       case NID_sha256:
+               alg = CALG_SHA_256;
+               break;
+
+       case NID_sha384:
+               alg = CALG_SHA_384;
+               break;
+
+       case NID_sha512:
+               alg = CALG_SHA_512;
+               break;
+
        case NID_sha1:
                alg = CALG_SHA1;
                break;
@@ -1460,6 +1492,7 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE h
 static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const TCHAR *contname, TCHAR *provname, DWORD ptype, DWORD keyspec)
        {
        CAPI_KEY *key;
+       DWORD dwFlags = 0; 
        key = OPENSSL_malloc(sizeof(CAPI_KEY));
        if (sizeof(TCHAR)==sizeof(char))
                CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
@@ -1475,7 +1508,9 @@ static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const TCHAR *contname, TCHAR *provn
                if (_provname) OPENSSL_free(_provname);
                if (_contname) OPENSSL_free(_contname);
                }
-       if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, 0))
+       if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+               dwFlags = CRYPT_MACHINE_KEYSET;
+       if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, dwFlags))
                {
                CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
                capi_addlasterror();