diff options
author | Dr Stephen Henson <steve@openssl.org> | 2016-02-09 14:33:51 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-02-11 16:01:44 +0000 |
commit | 7b548d3f11adccc67123e1f6f5c118aef857a8d2 (patch) | |
tree | 45267e47b0c60a0b7c14f08e392c4e252c90de3e | |
parent | 64c443e3f0057946ddd8f37a36821a7f9c0e0493 (diff) |
Test for and use AES CSP for RSA if present.
Some keys are attached to the full RSA CSP which doesn't support SHA2
algorithms: uses the AES CSP if present.
Reviewed-by: Tim Hudson <tjh@openssl.org>
-rw-r--r-- | engines/e_capi.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/engines/e_capi.c b/engines/e_capi.c index 62c4ad3c2d..8e78354b70 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -133,6 +133,10 @@ # define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512) # endif +# ifndef PROV_RSA_AES +# define PROV_RSA_AES 24 +# endif + # include <openssl/engine.h> # include <openssl/pem.h> # include <openssl/x509v3.h> @@ -458,11 +462,14 @@ static DSA_METHOD capi_dsa_method = { 0 /* dsa_keygen */ }; +static int use_aes_csp = 0; + static int capi_init(ENGINE *e) { CAPI_CTX *ctx; const RSA_METHOD *ossl_rsa_meth; const DSA_METHOD *ossl_dsa_meth; + HCRYPTPROV hprov; if (capi_idx < 0) { capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0); @@ -509,6 +516,14 @@ static int capi_init(ENGINE *e) } # endif + /* See if we support AES CSP */ + + if (CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_AES, + CRYPT_VERIFYCONTEXT)) { + use_aes_csp = 1; + CryptReleaseContext(hprov, 0); + } + return 1; memerr: @@ -1454,10 +1469,15 @@ static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname, if (key == NULL) return NULL; - if (sizeof(TCHAR) == sizeof(char)) + /* If PROV_RSA_AES supported use it instead */ + if (ptype == PROV_RSA_FULL && use_aes_csp) { + provname = NULL; + ptype = PROV_RSA_AES; + CAPI_trace(ctx, "capi_get_key, contname=%s, RSA_AES_CSP\n", contname); + } else if (sizeof(TCHAR) == sizeof(char)) { CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", contname, provname, ptype); - else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) { + } else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) { /* above 'if' is optimization to minimize malloc-ations */ char *_contname = wide_to_asc((WCHAR *)contname); char *_provname = wide_to_asc((WCHAR *)provname); |