diff options
| author | Matt Caswell <matt@openssl.org> | 2015-01-22 03:40:55 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:20:09 +0000 |
| commit | 0f113f3ee4d629ef9a4a30911b22b224772085e5 (patch) | |
| tree | e014603da5aed1d0751f587a66d6e270b6bda3de /engines/e_capi.c | |
| parent | 22b52164aaed31d6e93dbd2d397ace041360e6aa (diff) | |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'engines/e_capi.c')
| -rw-r--r-- | engines/e_capi.c | 3437 |
1 files changed, 1680 insertions, 1757 deletions
diff --git a/engines/e_capi.c b/engines/e_capi.c index 41257ad568..a6824d3884 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -1,5 +1,6 @@ /* engines/e_capi.c */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -51,7 +52,6 @@ * ==================================================================== */ - #include <stdio.h> #include <string.h> #include <stdlib.h> @@ -59,23 +59,23 @@ #include <openssl/crypto.h> #ifdef OPENSSL_SYS_WIN32 -#ifndef OPENSSL_NO_CAPIENG +# ifndef OPENSSL_NO_CAPIENG -#include <openssl/buffer.h> -#include <openssl/bn.h> -#include <openssl/rsa.h> -#include <openssl/dsa.h> +# include <openssl/buffer.h> +# include <openssl/bn.h> +# include <openssl/rsa.h> +# include <openssl/dsa.h> -#ifndef _WIN32_WINNT -#define _WIN32_WINNT 0x0400 -#endif +# ifndef _WIN32_WINNT +# define _WIN32_WINNT 0x0400 +# endif -#include <windows.h> -#include <wincrypt.h> -#include <malloc.h> -#ifndef alloca -# define alloca _alloca -#endif +# include <windows.h> +# include <wincrypt.h> +# include <malloc.h> +# ifndef alloca +# define alloca _alloca +# endif /* * This module uses several "new" interfaces, among which is @@ -89,59 +89,58 @@ * Yes, it's rather "weak" test and if compilation fails, * then re-configure with -DOPENSSL_NO_CAPIENG. */ -#if defined(CERT_KEY_PROV_INFO_PROP_ID) && \ +# if defined(CERT_KEY_PROV_INFO_PROP_ID) && \ defined(CERT_STORE_PROV_SYSTEM_A) && \ defined(CERT_STORE_READONLY_FLAG) -# define __COMPILE_CAPIENG -#endif /* CERT_KEY_PROV_INFO_PROP_ID */ -#endif /* OPENSSL_NO_CAPIENG */ -#endif /* OPENSSL_SYS_WIN32 */ +# define __COMPILE_CAPIENG +# endif /* CERT_KEY_PROV_INFO_PROP_ID */ +# endif /* OPENSSL_NO_CAPIENG */ +#endif /* OPENSSL_SYS_WIN32 */ #ifdef __COMPILE_CAPIENG -#undef X509_EXTENSIONS -#undef X509_CERT_PAIR +# undef X509_EXTENSIONS +# undef X509_CERT_PAIR /* Definitions which may be missing from earlier version of headers */ -#ifndef CERT_STORE_OPEN_EXISTING_FLAG -#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 -#endif - -#ifndef CERT_STORE_CREATE_NEW_FLAG -#define CERT_STORE_CREATE_NEW_FLAG 0x00002000 -#endif - -#ifndef CERT_SYSTEM_STORE_CURRENT_USER -#define CERT_SYSTEM_STORE_CURRENT_USER 0x00010000 -#endif - -#ifndef ALG_SID_SHA_256 - #define ALG_SID_SHA_256 12 -#endif -#ifndef ALG_SID_SHA_384 - #define ALG_SID_SHA_384 13 -#endif -#ifndef ALG_SID_SHA_512 - #define ALG_SID_SHA_512 14 -#endif - -#ifndef CALG_SHA_256 - #define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256) -#endif -#ifndef CALG_SHA_384 - #define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384) -#endif -#ifndef CALG_SHA_512 - #define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512) -#endif - -#include <openssl/engine.h> -#include <openssl/pem.h> -#include <openssl/x509v3.h> - -#include "e_capi_err.h" -#include "e_capi_err.c" - +# ifndef CERT_STORE_OPEN_EXISTING_FLAG +# define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 +# endif + +# ifndef CERT_STORE_CREATE_NEW_FLAG +# define CERT_STORE_CREATE_NEW_FLAG 0x00002000 +# endif + +# ifndef CERT_SYSTEM_STORE_CURRENT_USER +# define CERT_SYSTEM_STORE_CURRENT_USER 0x00010000 +# endif + +# ifndef ALG_SID_SHA_256 +# define ALG_SID_SHA_256 12 +# endif +# ifndef ALG_SID_SHA_384 +# define ALG_SID_SHA_384 13 +# endif +# ifndef ALG_SID_SHA_512 +# define ALG_SID_SHA_512 14 +# endif + +# ifndef CALG_SHA_256 +# define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256) +# endif +# ifndef CALG_SHA_384 +# define CALG_SHA_384 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384) +# endif +# ifndef CALG_SHA_512 +# define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512) +# endif + +# include <openssl/engine.h> +# include <openssl/pem.h> +# include <openssl/x509v3.h> + +# include "e_capi_err.h" +# include "e_capi_err.c" static const char *engine_capi_id = "capi"; static const char *engine_capi_name = "CryptoAPI ENGINE"; @@ -152,1825 +151,1749 @@ typedef struct CAPI_KEY_st CAPI_KEY; static void capi_addlasterror(void); static void capi_adderror(DWORD err); -static void CAPI_trace(CAPI_CTX *ctx, char *format, ...); +static void CAPI_trace(CAPI_CTX * ctx, char *format, ...); -static int capi_list_providers(CAPI_CTX *ctx, BIO *out); -static int capi_list_containers(CAPI_CTX *ctx, BIO *out); -int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename); -void capi_free_key(CAPI_KEY *key); +static int capi_list_providers(CAPI_CTX * ctx, BIO *out); +static int capi_list_containers(CAPI_CTX * ctx, BIO *out); +int capi_list_certs(CAPI_CTX * ctx, BIO *out, char *storename); +void capi_free_key(CAPI_KEY * key); -static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore); +static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id, + HCERTSTORE hstore); -CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id); +CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char *id); static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data); -static int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); + UI_METHOD *ui_method, void *callback_data); +static int capi_rsa_sign(int dtype, const unsigned char *m, + unsigned int m_len, unsigned char *sigret, + unsigned int *siglen, const RSA *rsa); static int capi_rsa_priv_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + unsigned char *to, RSA *rsa, int padding); static int capi_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); + unsigned char *to, RSA *rsa, int padding); static int capi_rsa_free(RSA *rsa); static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen, - DSA *dsa); + DSA *dsa); static int capi_dsa_free(DSA *dsa); static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl, - STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, - STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, + EVP_PKEY **pkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, + void *callback_data); static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); -#ifdef OPENSSL_CAPIENG_DIALOG +# ifdef OPENSSL_CAPIENG_DIALOG static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); -#endif +# endif -typedef PCCERT_CONTEXT (WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR, - LPCWSTR, DWORD, DWORD, - void *); -typedef HWND (WINAPI *GETCONSWIN)(void); +typedef PCCERT_CONTEXT(WINAPI *CERTDLG) (HCERTSTORE, HWND, LPCWSTR, + LPCWSTR, DWORD, DWORD, void *); +typedef HWND(WINAPI *GETCONSWIN) (void); -/* This structure contains CAPI ENGINE specific data: - * it contains various global options and affects how - * other functions behave. +/* + * This structure contains CAPI ENGINE specific data: it contains various + * global options and affects how other functions behave. */ -#define CAPI_DBG_TRACE 2 -#define CAPI_DBG_ERROR 1 +# define CAPI_DBG_TRACE 2 +# define CAPI_DBG_ERROR 1 struct CAPI_CTX_st { - int debug_level; - char *debug_file; - /* Parameters to use for container lookup */ - DWORD keytype; - LPSTR cspname; - DWORD csptype; - /* Certificate store name to use */ - LPSTR storename; - LPSTR ssl_client_store; - /* System store flags */ - DWORD store_flags; - + int debug_level; + char *debug_file; + /* Parameters to use for container lookup */ + DWORD keytype; + LPSTR cspname; + DWORD csptype; + /* Certificate store name to use */ + LPSTR storename; + LPSTR ssl_client_store; + /* System store flags */ + DWORD store_flags; /* Lookup string meanings in load_private_key */ /* Substring of subject: uses "storename" */ -#define CAPI_LU_SUBSTR 1 +# define CAPI_LU_SUBSTR 1 /* Friendly name: uses storename */ -#define CAPI_LU_FNAME 2 +# define CAPI_LU_FNAME 2 /* Container name: uses cspname, keytype */ -#define CAPI_LU_CONTNAME 3 - int lookup_method; +# define CAPI_LU_CONTNAME 3 + int lookup_method; /* Info to dump with dumpcerts option */ /* Issuer and serial name strings */ -#define CAPI_DMP_SUMMARY 0x1 +# define CAPI_DMP_SUMMARY 0x1 /* Friendly name */ -#define CAPI_DMP_FNAME 0x2 +# define CAPI_DMP_FNAME 0x2 /* Full X509_print dump */ -#define CAPI_DMP_FULL 0x4 +# define CAPI_DMP_FULL 0x4 /* Dump PEM format certificate */ -#define CAPI_DMP_PEM 0x8 +# define CAPI_DMP_PEM 0x8 /* Dump pseudo key (if possible) */ -#define CAPI_DMP_PSKEY 0x10 +# define CAPI_DMP_PSKEY 0x10 /* Dump key info (if possible) */ -#define CAPI_DMP_PKEYINFO 0x20 - - DWORD dump_flags; - int (*client_cert_select)(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); - - CERTDLG certselectdlg; - GETCONSWIN getconswindow; +# define CAPI_DMP_PKEYINFO 0x20 + DWORD dump_flags; + int (*client_cert_select) (ENGINE *e, SSL *ssl, STACK_OF(X509) *certs); + CERTDLG certselectdlg; + GETCONSWIN getconswindow; }; - static CAPI_CTX *capi_ctx_new(); -static void capi_ctx_free(CAPI_CTX *ctx); -static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check); -static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx); - -#define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE -#define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1) -#define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2) -#define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3) -#define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4) -#define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5) -#define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6) -#define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7) -#define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8) -#define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9) -#define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10) -#define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11) -#define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12) -#define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13) +static void capi_ctx_free(CAPI_CTX * ctx); +static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type, + int check); +static int capi_ctx_set_provname_idx(CAPI_CTX * ctx, int idx); + +# define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE +# define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1) +# define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2) +# define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3) +# define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4) +# define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5) +# define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6) +# define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7) +# define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8) +# define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9) +# define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10) +# define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11) +# define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12) +# define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13) static const ENGINE_CMD_DEFN capi_cmd_defns[] = { - {CAPI_CMD_LIST_CERTS, - "list_certs", - "List all certificates in store", - ENGINE_CMD_FLAG_NO_INPUT}, - {CAPI_CMD_LOOKUP_CERT, - "lookup_cert", - "Lookup and output certificates", - ENGINE_CMD_FLAG_STRING}, - {CAPI_CMD_DEBUG_LEVEL, - "debug_level", - "debug level (1=errors, 2=trace)", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_DEBUG_FILE, - "debug_file", - "debugging filename)", - ENGINE_CMD_FLAG_STRING}, - {CAPI_CMD_KEYTYPE, - "key_type", - "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_LIST_CSPS, - "list_csps", - "List all CSPs", - ENGINE_CMD_FLAG_NO_INPUT}, - {CAPI_CMD_SET_CSP_IDX, - "csp_idx", - "Set CSP by index", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_SET_CSP_NAME, - "csp_name", - "Set CSP name, (default CSP used if not specified)", - ENGINE_CMD_FLAG_STRING}, - {CAPI_CMD_SET_CSP_TYPE, - "csp_type", - "Set CSP type, (default RSA_PROV_FULL)", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_LIST_CONTAINERS, - "list_containers", - "list container names", - ENGINE_CMD_FLAG_NO_INPUT}, - {CAPI_CMD_LIST_OPTIONS, - "list_options", - "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, " - "32=private key info)", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_LOOKUP_METHOD, - "lookup_method", - "Set key lookup method (1=substring, 2=friendlyname, 3=container name)", - ENGINE_CMD_FLAG_NUMERIC}, - {CAPI_CMD_STORE_NAME, - "store_name", - "certificate store name, default \"MY\"", - ENGINE_CMD_FLAG_STRING}, - {CAPI_CMD_STORE_FLAGS, - "store_flags", - "Certificate store flags: 1 = system store", - ENGINE_CMD_FLAG_NUMERIC}, - - {0, NULL, NULL, 0} - }; + {CAPI_CMD_LIST_CERTS, + "list_certs", + "List all certificates in store", + ENGINE_CMD_FLAG_NO_INPUT}, + {CAPI_CMD_LOOKUP_CERT, + "lookup_cert", + "Lookup and output certificates", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_DEBUG_LEVEL, + "debug_level", + "debug level (1=errors, 2=trace)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_DEBUG_FILE, + "debug_file", + "debugging filename)", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_KEYTYPE, + "key_type", + "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_LIST_CSPS, + "list_csps", + "List all CSPs", + ENGINE_CMD_FLAG_NO_INPUT}, + {CAPI_CMD_SET_CSP_IDX, + "csp_idx", + "Set CSP by index", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_SET_CSP_NAME, + "csp_name", + "Set CSP name, (default CSP used if not specified)", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_SET_CSP_TYPE, + "csp_type", + "Set CSP type, (default RSA_PROV_FULL)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_LIST_CONTAINERS, + "list_containers", + "list container names", + ENGINE_CMD_FLAG_NO_INPUT}, + {CAPI_CMD_LIST_OPTIONS, + "list_options", + "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, " + "32=private key info)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_LOOKUP_METHOD, + "lookup_method", + "Set key lookup method (1=substring, 2=friendlyname, 3=container name)", + ENGINE_CMD_FLAG_NUMERIC}, + {CAPI_CMD_STORE_NAME, + "store_name", + "certificate store name, default \"MY\"", + ENGINE_CMD_FLAG_STRING}, + {CAPI_CMD_STORE_FLAGS, + "store_flags", + "Certificate store flags: 1 = system store", + ENGINE_CMD_FLAG_NUMERIC}, + + {0, NULL, NULL, 0} +}; static int capi_idx = -1; static int rsa_capi_idx = -1; static int dsa_capi_idx = -1; static int cert_capi_idx = -1; -static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) - { - int ret = 1; - CAPI_CTX *ctx; - BIO *out; - if (capi_idx == -1) - { - CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED); - return 0; - } - ctx = ENGINE_get_ex_data(e, capi_idx); - out = BIO_new_fp(stdout, BIO_NOCLOSE); - if (out == NULL) - { - CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_FILE_OPEN_ERROR); - return 0; - } - switch (cmd) - { - case CAPI_CMD_LIST_CSPS: - ret = capi_list_providers(ctx, out); - break; - - case CAPI_CMD_LIST_CERTS: - ret = capi_list_certs(ctx, out, NULL); - break; - - case CAPI_CMD_LOOKUP_CERT: - ret = capi_list_certs(ctx, out, p); - break; - - case CAPI_CMD_LIST_CONTAINERS: - ret = capi_list_containers(ctx, out); - break; - - case CAPI_CMD_STORE_NAME: - if (ctx->storename) - OPENSSL_free(ctx->storename); - ctx->storename = BUF_strdup(p); - CAPI_trace(ctx, "Setting store name to %s\n", p); - break; - - case CAPI_CMD_STORE_FLAGS: - if (i & 1) - { - ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE; - ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER; - } - else - { - ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER; - ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE; - } - CAPI_trace(ctx, "Setting flags to %d\n", i); - break; - - case CAPI_CMD_DEBUG_LEVEL: - ctx->debug_level = (int)i; - CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level); - break; - - case CAPI_CMD_DEBUG_FILE: - ctx->debug_file = BUF_strdup(p); - CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file); - break; - - case CAPI_CMD_KEYTYPE: - ctx->keytype = i; - CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype); - break; - - case CAPI_CMD_SET_CSP_IDX: - ret = capi_ctx_set_provname_idx(ctx, i); - break; - - case CAPI_CMD_LIST_OPTIONS: - ctx->dump_flags = i; - break; - - case CAPI_CMD_LOOKUP_METHOD: - if (i < 1 || i > 3) - { - CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD); - BIO_free(out); - return 0; - } - ctx->lookup_method = i; - break; - - case CAPI_CMD_SET_CSP_NAME: - ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1); - break; - - case CAPI_CMD_SET_CSP_TYPE: - ctx->csptype = i; - break; - - default: - CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND); - ret = 0; - } - - BIO_free(out); - return ret; - - } - -static RSA_METHOD capi_rsa_method = - { - "CryptoAPI RSA method", - 0, /* pub_enc */ - 0, /* pub_dec */ - capi_rsa_priv_enc, /* priv_enc */ - capi_rsa_priv_dec, /* priv_dec */ - 0, /* rsa_mod_exp */ - 0, /* bn_mod_exp */ - 0, /* init */ - capi_rsa_free, /* finish */ - RSA_FLAG_SIGN_VER, /* flags */ - NULL, /* app_data */ - capi_rsa_sign, /* rsa_sign */ - 0 /* rsa_verify */ - }; - -static DSA_METHOD capi_dsa_method = - { - "CryptoAPI DSA method", - capi_dsa_do_sign, /* dsa_do_sign */ - 0, /* dsa_sign_setup */ - 0, /* dsa_do_verify */ - 0, /* dsa_mod_exp */ - 0, /* bn_mod_exp */ - 0, /* init */ - capi_dsa_free, /* finish */ - 0, /* flags */ - NULL, /* app_data */ - 0, /* dsa_paramgen */ - 0 /* dsa_keygen */ - }; - -static int capi_init(ENGINE *e) - { - CAPI_CTX *ctx; - const RSA_METHOD *ossl_rsa_meth; - const DSA_METHOD *ossl_dsa_meth; - - if (capi_idx < 0) - { - capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0); - if (capi_idx < 0) - goto memerr; - - cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0); - - /* Setup RSA_METHOD */ - rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0); - ossl_rsa_meth = RSA_PKCS1_SSLeay(); - capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc; - capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec; - capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp; - capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp; - - /* Setup DSA Method */ - dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0); - ossl_dsa_meth = DSA_OpenSSL(); - capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify; - capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp; - capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp; - } - - ctx = capi_ctx_new(); - if (!ctx) - goto memerr; - - ENGINE_set_ex_data(e, capi_idx, ctx); - -#ifdef OPENSSL_CAPIENG_DIALOG - { - HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL")); - HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL")); - if (cryptui) - ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore"); - if (kernel) - ctx->getconswindow = (GETCONSWIN)GetProcAddress(kernel, "GetConsoleWindow"); - if (cryptui && !OPENSSL_isservice()) - ctx->client_cert_select = cert_select_dialog; - } -#endif - - - return 1; +static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) +{ + int ret = 1; + CAPI_CTX *ctx; + BIO *out; + if (capi_idx == -1) { + CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED); + return 0; + } + ctx = ENGINE_get_ex_data(e, capi_idx); + out = BIO_new_fp(stdout, BIO_NOCLOSE); + if (out == NULL) { + CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_FILE_OPEN_ERROR); + return 0; + } + switch (cmd) { + case CAPI_CMD_LIST_CSPS: + ret = capi_list_providers(ctx, out); + break; + + case CAPI_CMD_LIST_CERTS: + ret = capi_list_certs(ctx, out, NULL); + break; + + case CAPI_CMD_LOOKUP_CERT: + ret = capi_list_certs(ctx, out, p); + break; + + case CAPI_CMD_LIST_CONTAINERS: + ret = capi_list_containers(ctx, out); + break; + + case CAPI_CMD_STORE_NAME: + if (ctx->storename) + OPENSSL_free(ctx->storename); + ctx->storename = BUF_strdup(p); + CAPI_trace(ctx, "Setting store name to %s\n", p); + break; + + case CAPI_CMD_STORE_FLAGS: + if (i & 1) { + ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE; + ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER; + } else { + ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER; + ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE; + } + CAPI_trace(ctx, "Setting flags to %d\n", i); + break; + + case CAPI_CMD_DEBUG_LEVEL: + ctx->debug_level = (int)i; + CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level); + break; + + case CAPI_CMD_DEBUG_FILE: + ctx->debug_file = BUF_strdup(p); + CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file); + break; + + case CAPI_CMD_KEYTYPE: + ctx->keytype = i; + CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype); + break; + + case CAPI_CMD_SET_CSP_IDX: + ret = capi_ctx_set_provname_idx(ctx, i); + break; + + case CAPI_CMD_LIST_OPTIONS: + ctx->dump_flags = i; + break; + + case CAPI_CMD_LOOKUP_METHOD: + if (i < 1 || i > 3) { + CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD); + BIO_free(out); + return 0; + } + ctx->lookup_method = i; + break; + + case CAPI_CMD_SET_CSP_NAME: + ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1); + break; + + case CAPI_CMD_SET_CSP_TYPE: + ctx->csptype = i; + break; + + default: + CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND); + ret = 0; + } + + BIO_free(out); + return ret; + +} + +static RSA_METHOD capi_rsa_method = { + "CryptoAPI RSA method", + 0, /* pub_enc */ + 0, /* pub_dec */ + capi_rsa_priv_enc, /* priv_enc */ + capi_rsa_priv_dec, /* priv_dec */ + 0, /* rsa_mod_exp */ + 0, /* bn_mod_exp */ + 0, /* init */ + capi_rsa_free, /* finish */ + RSA_FLAG_SIGN_VER, /* flags */ + NULL, /* app_data */ + capi_rsa_sign, /* rsa_sign */ + 0 /* rsa_verify */ +}; - memerr: - CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE); - return 0; +static DSA_METHOD capi_dsa_method = { + "CryptoAPI DSA method", + capi_dsa_do_sign, /* dsa_do_sign */ + 0, /* dsa_sign_setup */ + 0, /* dsa_do_verify */ + 0, /* dsa_mod_exp */ + 0, /* bn_mod_exp */ + 0, /* init */ + capi_dsa_free, /* finish */ + 0, /* flags */ + NULL, /* app_data */ + 0, /* dsa_paramgen */ + 0 /* dsa_keygen */ +}; - return 1; - } +static int capi_init(ENGINE *e) +{ + CAPI_CTX *ctx; + const RSA_METHOD *ossl_rsa_meth; + const DSA_METHOD *ossl_dsa_meth; + + if (capi_idx < 0) { + capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0); + if (capi_idx < 0) + goto memerr; + + cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0); + + /* Setup RSA_METHOD */ + rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0); + ossl_rsa_meth = RSA_PKCS1_SSLeay(); + capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc; + capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec; + capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp; + capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp; + + /* Setup DSA Method */ + dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0); + ossl_dsa_meth = DSA_OpenSSL(); + capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify; + capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp; + capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp; + } + + ctx = capi_ctx_new(); + if (!ctx) + goto memerr; + + ENGINE_set_ex_data(e, capi_idx, ctx); + +# ifdef OPENSSL_CAPIENG_DIALOG + { + HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL")); + HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL")); + if (cryptui) + ctx->certselectdlg = + (CERTDLG) GetProcAddress(cryptui, + "CryptUIDlgSelectCertificateFromStore"); + if (kernel) + ctx->getconswindow = + (GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow"); + if (cryptui && !OPENSSL_isservice()) + ctx->client_cert_select = cert_select_dialog; + } +# endif + + return 1; + + memerr: + CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE); + return 0; + + return 1; +} static int capi_destroy(ENGINE *e) - { - ERR_unload_CAPI_strings(); - return 1; - } +{ + ERR_unload_CAPI_strings(); + return 1; +} static int capi_finish(ENGINE *e) - { - CAPI_CTX *ctx; - ctx = ENGINE_get_ex_data(e, capi_idx); - capi_ctx_free(ctx); - ENGINE_set_ex_data(e, capi_idx, NULL); - return 1; - } - - -/* CryptoAPI key application data. This contains - * a handle to the private key container (for sign operations) - * and a handle to the key (for decrypt operations). +{ + CAPI_CTX *ctx; + ctx = ENGINE_get_ex_data(e, capi_idx); + capi_ctx_free(ctx); + ENGINE_set_ex_data(e, capi_idx, NULL); + return 1; +} + +/* + * CryptoAPI key application data. This contains a handle to the private key + * container (for sign operations) and a handle to the key (for decrypt + * operations). */ -struct CAPI_KEY_st - { - /* Associated certificate context (if any) */ - PCCERT_CONTEXT pcert; - HCRYPTPROV hprov; - HCRYPTKEY key; - DWORD keyspec; - }; +struct CAPI_KEY_st { + /* Associated certificate context (if any) */ + PCCERT_CONTEXT pcert; + HCRYPTPROV hprov; + HCRYPTKEY key; + DWORD keyspec; +}; static int bind_capi(ENGINE *e) - { - if (!ENGINE_set_id(e, engine_capi_id) - || !ENGINE_set_name(e, engine_capi_name) - || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) - || !ENGINE_set_init_function(e, capi_init) - || !ENGINE_set_finish_function(e, capi_finish) - || !ENGINE_set_destroy_function(e, capi_destroy) - || !ENGINE_set_RSA(e, &capi_rsa_method) - || !ENGINE_set_DSA(e, &capi_dsa_method) - || !ENGINE_set_load_privkey_function(e, capi_load_privkey) - || !ENGINE_set_load_ssl_client_cert_function(e, - capi_load_ssl_client_cert) - || !ENGINE_set_cmd_defns(e, capi_cmd_defns) - || !ENGINE_set_ctrl_function(e, capi_ctrl)) - return 0; - ERR_load_CAPI_strings(); - - return 1; - - } - -#ifndef OPENSSL_NO_DYNAMIC_ENGINE +{ + if (!ENGINE_set_id(e, engine_capi_id) + || !ENGINE_set_name(e, engine_capi_name) + || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) + || !ENGINE_set_init_function(e, capi_init) + || !ENGINE_set_finish_function(e, capi_finish) + || !ENGINE_set_destroy_function(e, capi_destroy) + || !ENGINE_set_RSA(e, &capi_rsa_method) + || !ENGINE_set_DSA(e, &capi_dsa_method) + || !ENGINE_set_load_privkey_function(e, capi_load_privkey) + || !ENGINE_set_load_ssl_client_cert_function(e, + capi_load_ssl_client_cert) + || !ENGINE_set_cmd_defns(e, capi_cmd_defns) + || !ENGINE_set_ctrl_function(e, capi_ctrl)) + return 0; + ERR_load_CAPI_strings(); + + return 1; + +} + +# ifndef OPENSSL_NO_DYNAMIC_ENGINE static int bind_helper(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_capi_id) != 0)) - return 0; - if(!bind_capi(e)) - return 0; - return 1; - } +{ + if (id && (strcmp(id, engine_capi_id) != 0)) + return 0; + if (!bind_capi(e)) + return 0; + return 1; +} + IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) -#else + IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) +# else static ENGINE *engine_capi(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!bind_capi(ret)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } +{ + ENGINE *ret = ENGINE_new(); + if (!ret) + return NULL; + if (!bind_capi(ret)) { + ENGINE_free(ret); + return NULL; + } + return ret; +} void ENGINE_load_capi(void) - { - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_capi(); - if(!toadd) return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); - } -#endif - +{ + /* Copied from eng_[openssl|dyn].c */ + ENGINE *toadd = engine_capi(); + if (!toadd) + return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); +} +# endif static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen) - { - int i; - /* Reverse buffer in place: since this is a keyblob structure - * that will be freed up after conversion anyway it doesn't - * matter if we change it. - */ - for(i = 0; i < binlen / 2; i++) - { - unsigned char c; - c = bin[i]; - bin[i] = bin[binlen - i - 1]; - bin[binlen - i - 1] = c; - } - - if (!BN_bin2bn(bin, binlen, bn)) - return 0; - return 1; - } +{ + int i; + /* + * Reverse buffer in place: since this is a keyblob structure that will + * be freed up after conversion anyway it doesn't matter if we change + * it. + */ + for (i = 0; i < binlen / 2; i++) { + unsigned char c; + c = bin[i]; + bin[i] = bin[binlen - i - 1]; + bin[binlen - i - 1] = c; + } + + if (!BN_bin2bn(bin, binlen, bn)) + return 0; + return 1; +} /* Given a CAPI_KEY get an EVP_PKEY structure */ -static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key) - { - unsigned char *pubkey = NULL; - DWORD len; - BLOBHEADER *bh; - RSA *rkey = NULL; - DSA *dkey = NULL; - EVP_PKEY *ret = NULL; - if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len)) - { - CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR); - capi_addlasterror(); - return NULL; - } - |