new flag to stop ENGINE methods being registered

[openssl.git] / engines / e_capi.c

diff --git a/engines/e_capi.c b/engines/e_capi.c
index e2a7cb58b0037cf0b31f4b2b75dd12fb749ab900..fdf173652ae1cd53ec2370a982b334afb2dfd695 100644 (file)
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -54,32 +54,43 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <stdlib.h>
+
 #include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
 
 #ifdef OPENSSL_SYS_WIN32
 #ifndef OPENSSL_NO_CAPIENG
 
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
 #include <openssl/rsa.h>
 
-#include <windows.h>
-
 #ifndef _WIN32_WINNT
 #define _WIN32_WINNT 0x0400
 #endif
 
+#include <windows.h>
 #include <wincrypt.h>
+#include <malloc.h>
+#ifndef alloca
+# define alloca _alloca
+#endif
 
 /*
  * This module uses several "new" interfaces, among which is
  * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
  * one of possible values you can pass to function in question. By
  * checking if it's defined we can see if wincrypt.h and accompanying
- * crypt32.lib are in shape. Yes, it's rather "weak" test and if
- * compilation fails, then re-configure with -DOPENSSL_NO_CAPIENG.
+ * crypt32.lib are in shape. The native MingW32 headers up to and
+ * including __W32API_VERSION 3.14 lack of struct DSSPUBKEY and the
+ * defines CERT_STORE_PROV_SYSTEM_A and CERT_STORE_READONLY_FLAG,
+ * so we check for these too and avoid compiling.
+ * Yes, it's rather "weak" test and if compilation fails,
+ * then re-configure with -DOPENSSL_NO_CAPIENG.
  */
-#ifdef CERT_KEY_PROV_INFO_PROP_ID
+#if defined(CERT_KEY_PROV_INFO_PROP_ID) && \
+    defined(CERT_STORE_PROV_SYSTEM_A) && \
+    defined(CERT_STORE_READONLY_FLAG)
 # define __COMPILE_CAPIENG
 #endif /* CERT_KEY_PROV_INFO_PROP_ID */
 #endif /* OPENSSL_NO_CAPIENG */
@@ -516,6 +527,7 @@ static int bind_capi(ENGINE *e)
        {
        if (!ENGINE_set_id(e, engine_capi_id)
                || !ENGINE_set_name(e, engine_capi_name)
+               || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
                || !ENGINE_set_init_function(e, capi_init)
                || !ENGINE_set_finish_function(e, capi_finish)
                || !ENGINE_set_destroy_function(e, capi_destroy)
@@ -843,7 +855,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
 
 /* Finally sign it */
        slen = RSA_size(rsa);
-       if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen))
+       if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen))
                {
                CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
                capi_addlasterror();
@@ -981,7 +993,7 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
 
        /* Finally sign it */
        slen = sizeof(csigbuf);
-       if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen))
+       if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen))
                {
                CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
                capi_addlasterror();
@@ -1053,7 +1065,7 @@ static void capi_adderror(DWORD err)
        ERR_add_error_data(2, "Error code= 0x", errstr);
        }
 
-static char *wide_to_asc(LPWSTR wstr)
+static char *wide_to_asc(LPCWSTR wstr)
        {
        char *str;
        int len_0,sz;
@@ -1084,10 +1096,10 @@ static char *wide_to_asc(LPWSTR wstr)
 
 static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD idx)
        {
-       LPSTR name;
        DWORD len, err;
+       LPTSTR name;
        CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
-       if (!CryptEnumProvidersA(idx, NULL, 0, ptype, NULL, &len))
+       if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len))
                {
                err = GetLastError();
                if (err == ERROR_NO_MORE_ITEMS)
@@ -1096,8 +1108,11 @@ static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD id
                capi_adderror(err);
                return 0;
                }
-       name = OPENSSL_malloc(len);
-       if (!CryptEnumProvidersA(idx, NULL, 0, ptype, name, &len))
+       if (sizeof(TCHAR) != sizeof(char))
+               name = alloca(len);
+       else
+               name = OPENSSL_malloc(len);
+       if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len))
                {
                err = GetLastError();
                if (err == ERROR_NO_MORE_ITEMS)
@@ -1106,8 +1121,11 @@ static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD id
                capi_adderror(err);
                return 0;
                }
-       *pname = name;
-       CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name, *ptype);
+       if (sizeof(TCHAR) != sizeof(char))
+               *pname = wide_to_asc((WCHAR *)name);
+       else
+               *pname = (char *)name;
+       CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", *pname, *ptype);
 
        return 1;
        }
@@ -1138,8 +1156,26 @@ static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
        HCRYPTPROV hprov;
        DWORD err, idx, flags, buflen = 0, clen;
        LPSTR cname;
+       LPTSTR cspname = NULL;
+
        CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype);
-       if (!CryptAcquireContextA(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
+       if (ctx->cspname && sizeof(TCHAR)!=sizeof(char))
+               {
+               if ((clen=MultiByteToWideChar(CP_ACP,0,ctx->cspname,-1,NULL,0)))
+                       {
+                       cspname = alloca(clen*sizeof(WCHAR));
+                       MultiByteToWideChar(CP_ACP,0,ctx->cspname,-1,(WCHAR *)cspname,clen);
+                       }
+               if (!cspname)
+                       {
+                       CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+                       capi_addlasterror();
+                       return 0;
+                       }
+               }
+       else
+               cspname = (TCHAR *)ctx->cspname;
+       if (!CryptAcquireContext(&hprov, NULL, cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
                {
                CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
                capi_addlasterror();
@@ -1170,7 +1206,7 @@ static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
                        flags = CRYPT_FIRST;
                else
                        flags = 0;
-               if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags))
+               if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, (BYTE *)cname, &clen, flags))
                        {
                        err = GetLastError();
                        if (err == ERROR_NO_MORE_ITEMS)
@@ -1366,7 +1402,6 @@ int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id)
                {
                for(idx = 0;;idx++)
                        {
-                       LPWSTR fname = NULL;
                        cert = CertEnumCertificatesInStore(hstore, cert);
                        if (!cert)
                                break;
@@ -1413,13 +1448,25 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE h
                }
        }
 
-static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
+static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const TCHAR *contname, TCHAR *provname, DWORD ptype, DWORD keyspec)
        {
        CAPI_KEY *key;
        key = OPENSSL_malloc(sizeof(CAPI_KEY));
-       CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", 
+       if (sizeof(TCHAR)==sizeof(char))
+               CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
                                                contname, provname, ptype);
-       if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
+       else if (ctx && ctx->debug_level>=CAPI_DBG_TRACE && ctx->debug_file)
+               {
+               /* above 'if' is optimization to minimize malloc-ations */
+               char *_contname = wide_to_asc((WCHAR *)contname);
+               char *_provname = wide_to_asc((WCHAR *)provname);
+
+               CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", 
+                                               _contname, _provname, ptype);
+               if (_provname) OPENSSL_free(_provname);
+               if (_contname) OPENSSL_free(_contname);
+               }
+       if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, 0))
                {
                CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
                capi_addlasterror();
@@ -1449,12 +1496,19 @@ static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
        pinfo = capi_get_prov_info(ctx, cert);
        if (!pinfo)
                goto err;
-       provname = wide_to_asc(pinfo->pwszProvName);
-       contname = wide_to_asc(pinfo->pwszContainerName);
-       if (!provname || !contname)
-               goto err;
-       key = capi_get_key(ctx, contname, provname,
+       if (sizeof(TCHAR) != sizeof(char))
+               key = capi_get_key(ctx, (TCHAR *)pinfo->pwszContainerName,
+                               (TCHAR *)pinfo->pwszProvName,
                                pinfo->dwProvType, pinfo->dwKeySpec);
+       else
+               {
+               provname = wide_to_asc(pinfo->pwszProvName);
+               contname = wide_to_asc(pinfo->pwszContainerName);
+               if (!provname || !contname)
+                       goto err;
+               key = capi_get_key(ctx, (TCHAR *)contname, (TCHAR *)provname,
+                               pinfo->dwProvType, pinfo->dwKeySpec);
+               }
 
        err:
        if (pinfo)
@@ -1488,8 +1542,25 @@ CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id)
                break;
 
                case CAPI_LU_CONTNAME:
-               key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype,
-                                                       ctx->keytype);
+               if (sizeof(TCHAR)!=sizeof(char))
+                       {
+                       WCHAR *contname, *provname;
+                       DWORD len;
+
+                       if ((len=MultiByteToWideChar(CP_ACP,0,id,-1,NULL,0)) &&
+                           (contname=alloca(len*sizeof(WCHAR)),
+                            MultiByteToWideChar(CP_ACP,0,id,-1,contname,len)) &&
+                           (len=MultiByteToWideChar(CP_ACP,0,ctx->cspname,-1,NULL,0)) &&
+                           (provname=alloca(len*sizeof(WCHAR)),
+                            MultiByteToWideChar(CP_ACP,0,ctx->cspname,-1,provname,len)))
+                               key = capi_get_key(ctx,(TCHAR *)contname,
+                                               (TCHAR *)provname,
+                                               ctx->csptype,ctx->keytype);
+                       }
+               else
+                       key = capi_get_key(ctx, (TCHAR *)id,
+                                               (TCHAR *)ctx->cspname,
+                                               ctx->csptype,ctx->keytype);
                break;
                }
 
@@ -1557,7 +1628,21 @@ static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int che
        if (check)
                {
                HCRYPTPROV hprov;
-               if (!CryptAcquireContextA(&hprov, NULL, pname, type,
+               LPTSTR name=NULL;
+
+               if (sizeof(TCHAR)!=sizeof(char))
+                       {
+                       DWORD len;
+                       if ((len=MultiByteToWideChar(CP_ACP,0,pname,-1,NULL,0)))
+                               {
+                               name = alloca(len*sizeof(WCHAR));
+                               MultiByteToWideChar(CP_ACP,0,pname,-1,(WCHAR *)name,len);
+                               }
+                       }
+               else
+                       name = (TCHAR *)pname;
+
+               if (!name || !CryptAcquireContext(&hprov, NULL, name, type,
                                                CRYPT_VERIFYCONTEXT))
                        {
                        CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
@@ -1808,6 +1893,8 @@ static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
 #include <openssl/engine.h>
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
 IMPLEMENT_DYNAMIC_CHECK_FN()
 #else