# define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
# endif
+# ifndef PROV_RSA_AES
+# define PROV_RSA_AES 24
+# endif
+
# include <openssl/engine.h>
# include <openssl/pem.h>
# include <openssl/x509v3.h>
0 /* rsa_verify */
};
-static DSA_METHOD capi_dsa_method = {
- "CryptoAPI DSA method",
- capi_dsa_do_sign, /* dsa_do_sign */
- 0, /* dsa_sign_setup */
- 0, /* dsa_do_verify */
- 0, /* dsa_mod_exp */
- 0, /* bn_mod_exp */
- 0, /* init */
- capi_dsa_free, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- 0, /* dsa_paramgen */
- 0 /* dsa_keygen */
-};
+static DSA_METHOD *capi_dsa_method = NULL;
+
+static int use_aes_csp = 0;
static int capi_init(ENGINE *e)
{
CAPI_CTX *ctx;
const RSA_METHOD *ossl_rsa_meth;
const DSA_METHOD *ossl_dsa_meth;
+ HCRYPTPROV hprov;
if (capi_idx < 0) {
capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
/* Setup DSA Method */
dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_dsa_meth = DSA_OpenSSL();
- capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
- capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
- capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
+ if ( !DSA_meth_set_sign(capi_dsa_method, capi_dsa_do_sign)
+ || !DSA_meth_set_verify(capi_dsa_method,
+ DSA_meth_get_verify(ossl_dsa_meth))
+ || !DSA_meth_set_finish(capi_dsa_method, capi_dsa_free)
+ || !DSA_meth_set_mod_exp(capi_dsa_method,
+ DSA_meth_get_mod_exp(ossl_dsa_meth))
+ || !DSA_meth_set_bn_mod_exp(capi_dsa_method,
+ DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) {
+ goto memerr;
+ }
}
ctx = capi_ctx_new();
}
# endif
+ /* See if we support AES CSP */
+
+ if (CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_AES,
+ CRYPT_VERIFYCONTEXT)) {
+ use_aes_csp = 1;
+ CryptReleaseContext(hprov, 0);
+ }
+
return 1;
memerr:
static int capi_destroy(ENGINE *e)
{
+ DSA_meth_free(capi_dsa_method);
+ capi_dsa_method = NULL;
ERR_unload_CAPI_strings();
return 1;
}
static int bind_capi(ENGINE *e)
{
+ capi_dsa_method = DSA_meth_new("CryptoAPI DSA method", 0);
+ if (capi_dsa_method == NULL)
+ return 0;
if (!ENGINE_set_id(e, engine_capi_id)
|| !ENGINE_set_name(e, engine_capi_name)
|| !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
|| !ENGINE_set_finish_function(e, capi_finish)
|| !ENGINE_set_destroy_function(e, capi_destroy)
|| !ENGINE_set_RSA(e, &capi_rsa_method)
- || !ENGINE_set_DSA(e, &capi_dsa_method)
+ || !ENGINE_set_DSA(e, capi_dsa_method)
|| !ENGINE_set_load_privkey_function(e, capi_load_privkey)
|| !ENGINE_set_load_ssl_client_cert_function(e,
capi_load_ssl_client_cert)
DSSPUBKEY *dp;
DWORD dsa_plen;
unsigned char *btmp;
+ BIGNUM *p, *q, *g, *pub_key;
dp = (DSSPUBKEY *) (bh + 1);
if (dp->magic != 0x31535344) {
char magstr[10];
dkey = DSA_new_method(eng);
if (!dkey)
goto memerr;
- dkey->p = BN_new();
- dkey->q = BN_new();
- dkey->g = BN_new();
- dkey->pub_key = BN_new();
- if (dkey->p == NULL || dkey->q == NULL || dkey->g == NULL
- || dkey->pub_key == NULL)
+ p = BN_new();
+ q = BN_new();
+ g = BN_new();
+ pub_key = BN_new();
+ if (p == NULL || q == NULL || g == NULL || pub_key == NULL)
goto memerr;
- if (!lend_tobn(dkey->p, btmp, dsa_plen))
+ DSA_set0_pqg(dkey, p, q, g);
+ DSA_set0_key(dkey, pub_key, NULL);
+ if (!lend_tobn(p, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
- if (!lend_tobn(dkey->q, btmp, 20))
+ if (!lend_tobn(q, btmp, 20))
goto memerr;
btmp += 20;
- if (!lend_tobn(dkey->g, btmp, dsa_plen))
+ if (!lend_tobn(g, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
- if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
+ if (!lend_tobn(pub_key, btmp, dsa_plen))
goto memerr;
btmp += dsa_plen;
CAPI_CTX *ctx;
unsigned char csigbuf[40];
- ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
+ ctx = ENGINE_get_ex_data(DSA_get0_engine(dsa), capi_idx);
CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
capi_addlasterror();
goto err;
} else {
+ BIGNUM *r = NULL, *s = NULL;
ret = DSA_SIG_new();
if (ret == NULL)
goto err;
- ret->r = BN_new();
- ret->s = BN_new();
- if (ret->r == NULL || ret->s == NULL)
- goto err;
- if (!lend_tobn(ret->r, csigbuf, 20)
- || !lend_tobn(ret->s, csigbuf + 20, 20)) {
+ DSA_SIG_get0(&r, &s, ret);
+ if (!lend_tobn(r, csigbuf, 20)
+ || !lend_tobn(s, csigbuf + 20, 20)) {
DSA_SIG_free(ret);
ret = NULL;
goto err;
if (key == NULL)
return NULL;
- if (sizeof(TCHAR) == sizeof(char))
+ /* If PROV_RSA_AES supported use it instead */
+ if (ptype == PROV_RSA_FULL && use_aes_csp) {
+ provname = NULL;
+ ptype = PROV_RSA_AES;
+ CAPI_trace(ctx, "capi_get_key, contname=%s, RSA_AES_CSP\n", contname);
+ } else if (sizeof(TCHAR) == sizeof(char)) {
CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
contname, provname, ptype);
- else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
+ } else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
/* above 'if' is optimization to minimize malloc-ations */
char *_contname = wide_to_asc((WCHAR *)contname);
char *_provname = wide_to_asc((WCHAR *)provname);