X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=engines%2Fe_capi.c;h=58283e506d49de4b9e56b478b11b2511984c5289;hp=a38592b5f65194bf0ab76b7e75fddddabc78a24e;hb=580731aff3fc9855ea93ea734bd924febea027c3;hpb=b0700d2c8de79252ba605748a075cf2e5d670da1

diff --git a/engines/e_capi.c b/engines/e_capi.c
index a38592b5f6..58283e506d 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -1,4 +1,3 @@
-/* engines/e_capi.c */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -134,6 +133,10 @@
 #  define CALG_SHA_512            (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
 # endif
 
+# ifndef PROV_RSA_AES
+#  define PROV_RSA_AES 24
+# endif
+
 # include <openssl/engine.h>
 # include <openssl/pem.h>
 # include <openssl/x509v3.h>
@@ -188,6 +191,8 @@ static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
 static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
 # endif
 
+void engine_load_capi_internal(void);
+
 typedef PCCERT_CONTEXT(WINAPI *CERTDLG) (HCERTSTORE, HWND, LPCWSTR,
                                          LPCWSTR, DWORD, DWORD, void *);
 typedef HWND(WINAPI *GETCONSWIN) (void);
@@ -361,7 +366,7 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
 
     case CAPI_CMD_STORE_NAME:
         OPENSSL_free(ctx->storename);
-        ctx->storename = BUF_strdup(p);
+        ctx->storename = OPENSSL_strdup(p);
         CAPI_trace(ctx, "Setting store name to %s\n", p);
         break;
 
@@ -382,7 +387,7 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
         break;
 
     case CAPI_CMD_DEBUG_FILE:
-        ctx->debug_file = BUF_strdup(p);
+        ctx->debug_file = OPENSSL_strdup(p);
         CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
         break;
 
@@ -436,7 +441,7 @@ static RSA_METHOD capi_rsa_method = {
     0,                          /* bn_mod_exp */
     0,                          /* init */
     capi_rsa_free,              /* finish */
-    RSA_FLAG_SIGN_VER,          /* flags */
+    0,                          /* flags */
     NULL,                       /* app_data */
     capi_rsa_sign,              /* rsa_sign */
     0                           /* rsa_verify */
@@ -457,11 +462,14 @@ static DSA_METHOD capi_dsa_method = {
     0                           /* dsa_keygen */
 };
 
+static int use_aes_csp = 0;
+
 static int capi_init(ENGINE *e)
 {
     CAPI_CTX *ctx;
     const RSA_METHOD *ossl_rsa_meth;
     const DSA_METHOD *ossl_dsa_meth;
+    HCRYPTPROV hprov;
 
     if (capi_idx < 0) {
         capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
@@ -487,7 +495,7 @@ static int capi_init(ENGINE *e)
     }
 
     ctx = capi_ctx_new();
-    if (!ctx)
+    if (ctx == NULL)
         goto memerr;
 
     ENGINE_set_ex_data(e, capi_idx, ctx);
@@ -508,6 +516,14 @@ static int capi_init(ENGINE *e)
     }
 # endif
 
+    /* See if we support AES CSP */
+
+    if (CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_AES,
+                            CRYPT_VERIFYCONTEXT)) {
+        use_aes_csp = 1;
+        CryptReleaseContext(hprov, 0);
+    }
+
     return 1;
 
  memerr:
@@ -584,7 +600,7 @@ IMPLEMENT_DYNAMIC_CHECK_FN()
 static ENGINE *engine_capi(void)
 {
     ENGINE *ret = ENGINE_new();
-    if (!ret)
+    if (ret == NULL)
         return NULL;
     if (!bind_capi(ret)) {
         ENGINE_free(ret);
@@ -593,7 +609,7 @@ static ENGINE *engine_capi(void)
     return ret;
 }
 
-void ENGINE_load_capi(void)
+void engine_load_capi_internal(void)
 {
     /* Copied from eng_[openssl|dyn].c */
     ENGINE *toadd = engine_capi();
@@ -643,7 +659,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
 
     pubkey = OPENSSL_malloc(len);
 
-    if (!pubkey)
+    if (pubkey == NULL)
         goto memerr;
 
     if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) {
@@ -678,7 +694,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
         rkey->e = BN_new();
         rkey->n = BN_new();
 
-        if (!rkey->e || !rkey->n)
+        if (rkey->e == NULL || rkey->n == NULL)
             goto memerr;
 
         if (!BN_set_word(rkey->e, rp->pubexp))
@@ -718,7 +734,8 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
         dkey->q = BN_new();
         dkey->g = BN_new();
         dkey->pub_key = BN_new();
-        if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
+        if (dkey->p == NULL || dkey->q == NULL || dkey->g == NULL
+                || dkey->pub_key == NULL)
             goto memerr;
         if (!lend_tobn(dkey->p, btmp, dsa_plen))
             goto memerr;
@@ -1005,15 +1022,13 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
         capi_addlasterror();
         goto err;
     } else {
+        BIGNUM *r = NULL, *s = NULL;
         ret = DSA_SIG_new();
-        if (!ret)
+        if (ret == NULL)
             goto err;
-        ret->r = BN_new();
-        ret->s = BN_new();
-        if (!ret->r || !ret->s)
-            goto err;
-        if (!lend_tobn(ret->r, csigbuf, 20)
-            || !lend_tobn(ret->s, csigbuf + 20, 20)) {
+        DSA_SIG_get0(&r, &s, ret);
+        if (!lend_tobn(r, csigbuf, 20)
+            || !lend_tobn(s, csigbuf + 20, 20)) {
             DSA_SIG_free(ret);
             ret = NULL;
             goto err;
@@ -1087,7 +1102,7 @@ static char *wide_to_asc(LPCWSTR wstr)
         return NULL;
     }
     str = OPENSSL_malloc(sz);
-    if (!str) {
+    if (str == NULL) {
         CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -1201,7 +1216,7 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out)
     if (buflen == 0)
         buflen = 1024;
     cname = OPENSSL_malloc(buflen);
-    if (!cname) {
+    if (cname == NULL) {
         CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
         goto err;
     }
@@ -1251,7 +1266,7 @@ static CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX * ctx, PCCERT_CONTEXT ce
         (cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len))
         return NULL;
     pinfo = OPENSSL_malloc(len);
-    if (!pinfo) {
+    if (pinfo == NULL) {
         CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -1452,10 +1467,15 @@ static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname,
 
     if (key == NULL)
         return NULL;
-    if (sizeof(TCHAR) == sizeof(char))
+    /* If PROV_RSA_AES supported use it instead */
+    if (ptype == PROV_RSA_FULL && use_aes_csp) {
+        provname = NULL;
+        ptype = PROV_RSA_AES;
+        CAPI_trace(ctx, "capi_get_key, contname=%s, RSA_AES_CSP\n", contname);
+    } else if (sizeof(TCHAR) == sizeof(char)) {
         CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
                    contname, provname, ptype);
-    else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
+    } else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
         /* above 'if' is optimization to minimize malloc-ations */
         char *_contname = wide_to_asc((WCHAR *)contname);
         char *_provname = wide_to_asc((WCHAR *)provname);
@@ -1581,7 +1601,7 @@ static CAPI_CTX *capi_ctx_new(void)
 {
     CAPI_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
-    if (!ctx) {
+    if (ctx == NULL) {
         CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -1634,7 +1654,7 @@ static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
         CryptReleaseContext(hprov, 0);
     }
     OPENSSL_free(ctx->cspname);
-    ctx->cspname = BUF_strdup(pname);
+    ctx->cspname = OPENSSL_strdup(pname);
     ctx->csptype = type;
     return 1;
 }
@@ -1874,7 +1894,8 @@ OPENSSL_EXPORT
 
 IMPLEMENT_DYNAMIC_CHECK_FN()
 # else
-void ENGINE_load_capi(void)
+void engine_load_capi_internal(void);
+void engine_load_capi_internal(void)
 {
 }
 # endif