aboutsummaryrefslogtreecommitdiff
path: root/engines
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2015-10-23 19:46:02 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2015-10-23 19:46:02 +0000
commite9fcefce9bb70f20c272a996443928c5f6ab8cd8 (patch)
treeae816a5a768ec78af3610e509ca39507b33aa9f7 /engines
parentc07d7b3a386974c338492659291008bed07948e6 (diff)
downloadsrc-e9fcefce9bb70f20c272a996443928c5f6ab8cd8.tar.gz
src-e9fcefce9bb70f20c272a996443928c5f6ab8cd8.zip
Import OpenSSL 1.0.2d.vendor/openssl/1.0.2d
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=289848 svn path=/vendor-crypto/openssl/1.0.2d/; revision=289849; tag=vendor/openssl/1.0.2d
Diffstat (limited to 'engines')
-rw-r--r--engines/Makefile30
-rw-r--r--engines/ccgost/Makefile11
-rw-r--r--engines/ccgost/gost89.c19
-rw-r--r--engines/ccgost/gost_crypt.c4
-rw-r--r--engines/ccgost/gost_pmeth.c8
-rw-r--r--engines/e_capi.c142
-rw-r--r--engines/vendor_defns/hwcryptohook.h188
7 files changed, 245 insertions, 157 deletions
diff --git a/engines/Makefile b/engines/Makefile
index 23bd2f37f89c..2058ff405afe 100644
--- a/engines/Makefile
+++ b/engines/Makefile
@@ -111,7 +111,10 @@ install:
for l in $(LIBNAMES); do \
( echo installing $$l; \
pfx=lib; \
- if [ "$(PLATFORM)" != "Cygwin" ]; then \
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ else \
case "$(CFLAGS)" in \
*DSO_BEOS*) sfx=".so";; \
*DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
@@ -120,9 +123,6 @@ install:
*) sfx=".bad";; \
esac; \
cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
- else \
- sfx=".so"; \
- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
fi; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
@@ -216,17 +216,17 @@ e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
e_atalla.o: ../include/openssl/x509_vfy.h e_atalla.c e_atalla_err.c
e_atalla.o: e_atalla_err.h vendor_defns/atalla.h
e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-e_capi.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-e_capi.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-e_capi.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-e_capi.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-e_capi.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-e_capi.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-e_capi.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-e_capi.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-e_capi.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_capi.c
+e_capi.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+e_capi.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+e_capi.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+e_capi.o: ../include/openssl/engine.h ../include/openssl/evp.h
+e_capi.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+e_capi.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+e_capi.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_capi.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+e_capi.o: ../include/openssl/sha.h ../include/openssl/stack.h
+e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+e_capi.o: ../include/openssl/x509_vfy.h e_capi.c
e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h
e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h
e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h
diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile
index 4e183a467b40..17e1efbdff30 100644
--- a/engines/ccgost/Makefile
+++ b/engines/ccgost/Makefile
@@ -45,7 +45,10 @@ install:
set -e; \
echo installing $(LIBNAME); \
pfx=lib; \
- if [ "$(PLATFORM)" != "Cygwin" ]; then \
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ else \
case "$(CFLAGS)" in \
*DSO_BEOS*) sfx=".so";; \
*DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
@@ -54,9 +57,6 @@ install:
*) sfx=".bad";; \
esac; \
cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- else \
- sfx=".so"; \
- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
fi; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
@@ -75,8 +75,7 @@ local_depend:
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
files:
-
-
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
diff --git a/engines/ccgost/gost89.c b/engines/ccgost/gost89.c
index 945509db809d..4ff4ddd7a565 100644
--- a/engines/ccgost/gost89.c
+++ b/engines/ccgost/gost89.c
@@ -221,7 +221,7 @@ static void kboxinit(gost_ctx * c, const gost_subst_block * b)
int i;
for (i = 0; i < 256; i++) {
- c->k87[i] = (b->k8[i >> 4] << 4 | b->k7[i & 15]) << 24;
+ c->k87[i] = (word32) (b->k8[i >> 4] << 4 | b->k7[i & 15]) << 24;
c->k65[i] = (b->k6[i >> 4] << 4 | b->k5[i & 15]) << 16;
c->k43[i] = (b->k4[i >> 4] << 4 | b->k3[i & 15]) << 8;
c->k21[i] = b->k2[i >> 4] << 4 | b->k1[i & 15];
@@ -242,8 +242,8 @@ static word32 f(gost_ctx * c, word32 x)
void gostcrypt(gost_ctx * c, const byte * in, byte * out)
{
register word32 n1, n2; /* As named in the GOST */
- n1 = in[0] | (in[1] << 8) | (in[2] << 16) | (in[3] << 24);
- n2 = in[4] | (in[5] << 8) | (in[6] << 16) | (in[7] << 24);
+ n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32) in[3] << 24);
+ n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32) in[7] << 24);
/* Instead of swapping halves, swap names each round */
n2 ^= f(c, n1 + c->k[0]);
@@ -296,8 +296,8 @@ void gostcrypt(gost_ctx * c, const byte * in, byte * out)
void gostdecrypt(gost_ctx * c, const byte * in, byte * out)
{
register word32 n1, n2; /* As named in the GOST */
- n1 = in[0] | (in[1] << 8) | (in[2] << 16) | (in[3] << 24);
- n2 = in[4] | (in[5] << 8) | (in[6] << 16) | (in[7] << 24);
+ n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32) in[3] << 24);
+ n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32) in[7] << 24);
n2 ^= f(c, n1 + c->k[0]);
n1 ^= f(c, n2 + c->k[1]);
@@ -417,7 +417,8 @@ void gost_key(gost_ctx * c, const byte * k)
int i, j;
for (i = 0, j = 0; i < 8; i++, j += 4) {
c->k[i] =
- k[j] | (k[j + 1] << 8) | (k[j + 2] << 16) | (k[j + 3] << 24);
+ k[j] | (k[j + 1] << 8) | (k[j + 2] << 16) | ((word32) k[j + 3] <<
+ 24);
}
}
@@ -462,8 +463,10 @@ void mac_block(gost_ctx * c, byte * buffer, const byte * block)
for (i = 0; i < 8; i++) {
buffer[i] ^= block[i];
}
- n1 = buffer[0] | (buffer[1] << 8) | (buffer[2] << 16) | (buffer[3] << 24);
- n2 = buffer[4] | (buffer[5] << 8) | (buffer[6] << 16) | (buffer[7] << 24);
+ n1 = buffer[0] | (buffer[1] << 8) | (buffer[2] << 16) | ((word32)
+ buffer[3] << 24);
+ n2 = buffer[4] | (buffer[5] << 8) | (buffer[6] << 16) | ((word32)
+ buffer[7] << 24);
/* Instead of swapping halves, swap names each round */
n2 ^= f(c, n1 + c->k[0]);
diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c
index aae941e54b9e..2bbdc6ccd67a 100644
--- a/engines/ccgost/gost_crypt.c
+++ b/engines/ccgost/gost_crypt.c
@@ -251,13 +251,13 @@ static void gost_cnt_next(void *ctx, unsigned char *iv, unsigned char *buf)
} else {
memcpy(buf1, iv, 8);
}
- g = buf1[0] | (buf1[1] << 8) | (buf1[2] << 16) | (buf1[3] << 24);
+ g = buf1[0] | (buf1[1] << 8) | (buf1[2] << 16) | ((word32) buf1[3] << 24);
g += 0x01010101;
buf1[0] = (unsigned char)(g & 0xff);
buf1[1] = (unsigned char)((g >> 8) & 0xff);
buf1[2] = (unsigned char)((g >> 16) & 0xff);
buf1[3] = (unsigned char)((g >> 24) & 0xff);
- g = buf1[4] | (buf1[5] << 8) | (buf1[6] << 16) | (buf1[7] << 24);
+ g = buf1[4] | (buf1[5] << 8) | (buf1[6] << 16) | ((word32) buf1[7] << 24);
go = g;
g += 0x01010104;
if (go > g) /* overflow */
diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c
index b6275b255889..4a79a85cfc62 100644
--- a/engines/ccgost/gost_pmeth.c
+++ b/engines/ccgost/gost_pmeth.c
@@ -87,6 +87,10 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
}
break;
+ case EVP_PKEY_CTRL_GET_MD:
+ *(const EVP_MD **)p2 = pctx->md;
+ return 1;
+
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
case EVP_PKEY_CTRL_PKCS7_SIGN:
@@ -447,6 +451,10 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
}
break;
+ case EVP_PKEY_CTRL_GET_MD:
+ *(const EVP_MD **)p2 = data->md;
+ return 1;
+
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
case EVP_PKEY_CTRL_PKCS7_SIGN:
diff --git a/engines/e_capi.c b/engines/e_capi.c
index 43dd3106c1cb..f4cd2ffe7fa1 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -54,22 +54,27 @@
#include <stdio.h>
#include <string.h>
+#include <stdlib.h>
+
#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
#ifdef OPENSSL_SYS_WIN32
# ifndef OPENSSL_NO_CAPIENG
+# include <openssl/buffer.h>
+# include <openssl/bn.h>
# include <openssl/rsa.h>
-# include <windows.h>
-
# ifndef _WIN32_WINNT
# define _WIN32_WINNT 0x0400
# endif
+# include <windows.h>
# include <wincrypt.h>
+# include <malloc.h>
+# ifndef alloca
+# define alloca _alloca
+# endif
/*
* This module uses several "new" interfaces, among which is
@@ -832,7 +837,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
/* Finally sign it */
slen = RSA_size(rsa);
- if (!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) {
+ if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) {
CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
capi_addlasterror();
goto err;
@@ -956,7 +961,7 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
/* Finally sign it */
slen = sizeof(csigbuf);
- if (!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen)) {
+ if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen)) {
CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
capi_addlasterror();
goto err;
@@ -1025,7 +1030,7 @@ static void capi_adderror(DWORD err)
ERR_add_error_data(2, "Error code= 0x", errstr);
}
-static char *wide_to_asc(LPWSTR wstr)
+static char *wide_to_asc(LPCWSTR wstr)
{
char *str;
int len_0, sz;
@@ -1054,10 +1059,10 @@ static char *wide_to_asc(LPWSTR wstr)
static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype,
DWORD idx)
{
- LPSTR name;
DWORD len, err;
+ LPTSTR name;
CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
- if (!CryptEnumProvidersA(idx, NULL, 0, ptype, NULL, &len)) {
+ if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len)) {
err = GetLastError();
if (err == ERROR_NO_MORE_ITEMS)
return 2;
@@ -1065,8 +1070,11 @@ static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype,
capi_adderror(err);
return 0;
}
- name = OPENSSL_malloc(len);
- if (!CryptEnumProvidersA(idx, NULL, 0, ptype, name, &len)) {
+ if (sizeof(TCHAR) != sizeof(char))
+ name = alloca(len);
+ else
+ name = OPENSSL_malloc(len);
+ if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len)) {
err = GetLastError();
if (err == ERROR_NO_MORE_ITEMS)
return 2;
@@ -1074,8 +1082,11 @@ static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype,
capi_adderror(err);
return 0;
}
- *pname = name;
- CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name,
+ if (sizeof(TCHAR) != sizeof(char))
+ *pname = wide_to_asc((WCHAR *)name);
+ else
+ *pname = (char *)name;
+ CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", *pname,
*ptype);
return 1;
@@ -1106,10 +1117,26 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out)
HCRYPTPROV hprov;
DWORD err, idx, flags, buflen = 0, clen;
LPSTR cname;
+ LPTSTR cspname = NULL;
+
CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname,
ctx->csptype);
- if (!CryptAcquireContextA
- (&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT)) {
+ if (ctx->cspname && sizeof(TCHAR) != sizeof(char)) {
+ if ((clen =
+ MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, NULL, 0))) {
+ cspname = alloca(clen * sizeof(WCHAR));
+ MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, (WCHAR *)cspname,
+ clen);
+ }
+ if (!cspname) {
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+ capi_addlasterror();
+ return 0;
+ }
+ } else
+ cspname = (TCHAR *)ctx->cspname;
+ if (!CryptAcquireContext
+ (&hprov, NULL, cspname, ctx->csptype, CRYPT_VERIFYCONTEXT)) {
CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS,
CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
capi_addlasterror();
@@ -1139,7 +1166,8 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out)
flags = CRYPT_FIRST;
else
flags = 0;
- if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags)) {
+ if (!CryptGetProvParam
+ (hprov, PP_ENUMCONTAINERS, (BYTE *) cname, &clen, flags)) {
err = GetLastError();
if (err == ERROR_NO_MORE_ITEMS)
goto done;
@@ -1326,7 +1354,6 @@ int capi_list_certs(CAPI_CTX * ctx, BIO *out, char *id)
CertFreeCertificateContext(cert);
} else {
for (idx = 0;; idx++) {
- LPWSTR fname = NULL;
cert = CertEnumCertificatesInStore(hstore, cert);
if (!cert)
break;
@@ -1371,18 +1398,30 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id,
}
}
-static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const char *contname,
- char *provname, DWORD ptype, DWORD keyspec)
+static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname,
+ TCHAR *provname, DWORD ptype, DWORD keyspec)
{
CAPI_KEY *key;
DWORD dwFlags = 0;
key = OPENSSL_malloc(sizeof(CAPI_KEY));
- CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
- contname, provname, ptype);
+ if (sizeof(TCHAR) == sizeof(char))
+ CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
+ contname, provname, ptype);
+ else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
+ /* above 'if' is optimization to minimize malloc-ations */
+ char *_contname = wide_to_asc((WCHAR *)contname);
+ char *_provname = wide_to_asc((WCHAR *)provname);
+
+ CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
+ _contname, _provname, ptype);
+ if (_provname)
+ OPENSSL_free(_provname);
+ if (_contname)
+ OPENSSL_free(_contname);
+ }
if (ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
dwFlags = CRYPT_MACHINE_KEYSET;
- if (!CryptAcquireContextA
- (&key->hprov, contname, provname, ptype, dwFlags)) {
+ if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, dwFlags)) {
CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
capi_addlasterror();
goto err;
@@ -1410,12 +1449,18 @@ static CAPI_KEY *capi_get_cert_key(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
pinfo = capi_get_prov_info(ctx, cert);
if (!pinfo)
goto err;
- provname = wide_to_asc(pinfo->pwszProvName);
- contname = wide_to_asc(pinfo->pwszContainerName);
- if (!provname || !contname)
- goto err;
- key = capi_get_key(ctx, contname, provname,
- pinfo->dwProvType, pinfo->dwKeySpec);
+ if (sizeof(TCHAR) != sizeof(char))
+ key = capi_get_key(ctx, (TCHAR *)pinfo->pwszContainerName,
+ (TCHAR *)pinfo->pwszProvName,
+ pinfo->dwProvType, pinfo->dwKeySpec);
+ else {
+ provname = wide_to_asc(pinfo->pwszProvName);
+ contname = wide_to_asc(pinfo->pwszContainerName);
+ if (!provname || !contname)
+ goto err;
+ key = capi_get_key(ctx, (TCHAR *)contname, (TCHAR *)provname,
+ pinfo->dwProvType, pinfo->dwKeySpec);
+ }
err:
if (pinfo)
@@ -1447,7 +1492,29 @@ CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char *id)
break;
case CAPI_LU_CONTNAME:
- key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype, ctx->keytype);
+ if (sizeof(TCHAR) != sizeof(char)) {
+ WCHAR *contname, *provname;
+ DWORD len;
+
+ if ((len = MultiByteToWideChar(CP_ACP, 0, id, -1, NULL, 0)) &&
+ (contname = alloca(len * sizeof(WCHAR)),
+ MultiByteToWideChar(CP_ACP, 0, id, -1, contname, len)) &&
+ (len =
+ MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, NULL, 0))
+ && (provname =
+ alloca(len * sizeof(WCHAR)), MultiByteToWideChar(CP_ACP,
+ 0,
+ ctx->cspname,
+ -1,
+ provname,
+ len)))
+ key =
+ capi_get_key(ctx, (TCHAR *)contname, (TCHAR *)provname,
+ ctx->csptype, ctx->keytype);
+ } else
+ key = capi_get_key(ctx, (TCHAR *)id,
+ (TCHAR *)ctx->cspname,
+ ctx->csptype, ctx->keytype);
break;
}
@@ -1512,8 +1579,19 @@ static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
if (check) {
HCRYPTPROV hprov;
- if (!CryptAcquireContextA(&hprov, NULL, pname, type,
- CRYPT_VERIFYCONTEXT)) {
+ LPTSTR name = NULL;
+
+ if (sizeof(TCHAR) != sizeof(char)) {
+ DWORD len;
+ if ((len = MultiByteToWideChar(CP_ACP, 0, pname, -1, NULL, 0))) {
+ name = alloca(len * sizeof(WCHAR));
+ MultiByteToWideChar(CP_ACP, 0, pname, -1, (WCHAR *)name, len);
+ }
+ } else
+ name = (TCHAR *)pname;
+
+ if (!name || !CryptAcquireContext(&hprov, NULL, name, type,
+ CRYPT_VERIFYCONTEXT)) {
CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME,
CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
capi_addlasterror();
diff --git a/engines/vendor_defns/hwcryptohook.h b/engines/vendor_defns/hwcryptohook.h
index 9fc7b89acbd1..fa06396a01a0 100644
--- a/engines/vendor_defns/hwcryptohook.h
+++ b/engines/vendor_defns/hwcryptohook.h
@@ -214,12 +214,12 @@ typedef struct {
int (*mutex_acquire) (HWCryptoHook_Mutex *);
void (*mutex_release) (HWCryptoHook_Mutex *);
void (*mutex_destroy) (HWCryptoHook_Mutex *);
- /*-
- * For greater efficiency, can use condition vars internally for
- * synchronisation. In this case maxsimultaneous is ignored, but
- * the other mutex stuff must be available. In singlethreaded
- * programs, set everything to 0.
- */
+ /*-
+ * For greater efficiency, can use condition vars internally for
+ * synchronisation. In this case maxsimultaneous is ignored, but
+ * the other mutex stuff must be available. In singlethreaded
+ * programs, set everything to 0.
+ */
size_t condvarsize;
int (*condvar_init) (HWCryptoHook_CondVar *,
HWCryptoHook_CallerContext * cactx);
@@ -227,103 +227,103 @@ typedef struct {
void (*condvar_signal) (HWCryptoHook_CondVar *);
void (*condvar_broadcast) (HWCryptoHook_CondVar *);
void (*condvar_destroy) (HWCryptoHook_CondVar *);
- /*-
- * The semantics of acquiring and releasing mutexes and broadcasting
- * and waiting on condition variables are expected to be those from
- * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
- * fast mutexes, recursive mutexes, or nonrecursive ones.
- *
- * The _release/_signal/_broadcast and _destroy functions must
- * always succeed when given a valid argument; if they are given an
- * invalid argument then the program (crypto plugin + application)
- * has an internal error, and they should abort the program.
- */
+ /*-
+ * The semantics of acquiring and releasing mutexes and broadcasting
+ * and waiting on condition variables are expected to be those from
+ * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
+ * fast mutexes, recursive mutexes, or nonrecursive ones.
+ *
+ * The _release/_signal/_broadcast and _destroy functions must
+ * always succeed when given a valid argument; if they are given an
+ * invalid argument then the program (crypto plugin + application)
+ * has an internal error, and they should abort the program.
+ */
int (*getpassphrase) (const char *prompt_info,
int *len_io, char *buf,
HWCryptoHook_PassphraseContext * ppctx,
HWCryptoHook_CallerContext * cactx);
- /*-
- * Passphrases and the prompt_info, if they contain high-bit-set
- * characters, are UTF-8. The prompt_info may be a null pointer if
- * no prompt information is available (it should not be an empty
- * string). It will not contain text like `enter passphrase';
- * instead it might say something like `Operator Card for John
- * Smith' or `SmartCard in nFast Module #1, Slot #1'.
- *
- * buf points to a buffer in which to return the passphrase; on
- * entry *len_io is the length of the buffer. It should be updated
- * by the callback. The returned passphrase should not be
- * null-terminated by the callback.
- */
+ /*-
+ * Passphrases and the prompt_info, if they contain high-bit-set
+ * characters, are UTF-8. The prompt_info may be a null pointer if
+ * no prompt information is available (it should not be an empty
+ * string). It will not contain text like `enter passphrase';
+ * instead it might say something like `Operator Card for John
+ * Smith' or `SmartCard in nFast Module #1, Slot #1'.
+ *
+ * buf points to a buffer in which to return the passphrase; on
+ * entry *len_io is the length of the buffer. It should be updated
+ * by the callback. The returned passphrase should not be
+ * null-terminated by the callback.
+ */
int (*getphystoken) (const char *prompt_info,
const char *wrong_info,
HWCryptoHook_PassphraseContext * ppctx,
HWCryptoHook_CallerContext * cactx);
- /*-
- * Requests that the human user physically insert a different
- * smartcard, DataKey, etc. The plugin should check whether the
- * currently inserted token(s) are appropriate, and if they are it
- * should not make this call.
- *
- * prompt_info is as before. wrong_info is a description of the
- * currently inserted token(s) so that the user is told what
- * something is. wrong_info, like prompt_info, may be null, but
- * should not be an empty string. Its contents should be
- * syntactically similar to that of prompt_info.
- */
- /*-
- * Note that a single LoadKey operation might cause several calls to
- * getpassphrase and/or requestphystoken. If requestphystoken is
- * not provided (ie, a null pointer is passed) then the plugin may
- * not support loading keys for which authorisation by several cards
- * is required. If getpassphrase is not provided then cards with
- * passphrases may not be supported.
- *
- * getpassphrase and getphystoken do not need to check that the
- * passphrase has been entered correctly or the correct token
- * inserted; the crypto plugin will do that. If this is not the
- * case then the crypto plugin is responsible for calling these
- * routines again as appropriate until the correct token(s) and
- * passphrase(s) are supplied as required, or until any retry limits
- * implemented by the crypto plugin are reached.
- *
- * In either case, the application must allow the user to say `no'
- * or `cancel' to indicate that they do not know the passphrase or
- * have the appropriate token; this should cause the callback to
- * return nonzero indicating error.
- */
+ /*-
+ * Requests that the human user physically insert a different
+ * smartcard, DataKey, etc. The plugin should check whether the
+ * currently inserted token(s) are appropriate, and if they are it
+ * should not make this call.
+ *
+ * prompt_info is as before. wrong_info is a description of the
+ * currently inserted token(s) so that the user is told what
+ * something is. wrong_info, like prompt_info, may be null, but
+ * should not be an empty string. Its contents should be
+ * syntactically similar to that of prompt_info.
+ */
+ /*-
+ * Note that a single LoadKey operation might cause several calls to
+ * getpassphrase and/or requestphystoken. If requestphystoken is
+ * not provided (ie, a null pointer is passed) then the plugin may
+ * not support loading keys for which authorisation by several cards
+ * is required. If getpassphrase is not provided then cards with
+ * passphrases may not be supported.
+ *
+ * getpassphrase and getphystoken do not need to check that the
+ * passphrase has been entered correctly or the correct token
+ * inserted; the crypto plugin will do that. If this is not the
+ * case then the crypto plugin is responsible for calling these
+ * routines again as appropriate until the correct token(s) and
+ * passphrase(s) are supplied as required, or until any retry limits
+ * implemented by the crypto plugin are reached.
+ *
+ * In either case, the application must allow the user to say `no'
+ * or `cancel' to indicate that they do not know the passphrase or
+ * have the appropriate token; this should cause the callback to
+ * return nonzero indicating error.
+ */
void (*logmessage) (void *logstream, const char *message);
- /*-
- * A log message will be generated at least every time something goes
- * wrong and an ErrMsgBuf is filled in (or would be if one was
- * provided). Other diagnostic information may be written there too,
- * including more detailed reasons for errors which are reported in an
- * ErrMsgBuf.
- *
- * When a log message is generated, this callback is called. It
- * should write a message to the relevant logging arrangements.
- *
- * The message string passed will be null-terminated and may be of arbitrary
- * length. It will not be prefixed by the time and date, nor by the
- * name of the library that is generating it - if this is required,
- * the logmessage callback must do it. The message will not have a
- * trailing newline (though it may contain internal newlines).
- *
- * If a null pointer is passed for logmessage a default function is
- * used. The default function treats logstream as a FILE* which has
- * been converted to a void*. If logstream is 0 it does nothing.
- * Otherwise it prepends the date and time and library name and
- * writes the message to logstream. Each line will be prefixed by a
- * descriptive string containing the date, time and identity of the
- * crypto plugin. Errors on the logstream are not reported
- * anywhere, and the default function doesn't flush the stream, so
- * the application must set the buffering how it wants it.
- *
- * The crypto plugin may also provide a facility to have copies of
- * log messages sent elsewhere, and or for adjusting the verbosity
- * of the log messages; any such facilities will be configured by
- * external means.
- */
+ /*-
+ * A log message will be generated at least every time something goes
+ * wrong and an ErrMsgBuf is filled in (or would be if one was
+ * provided). Other diagnostic information may be written there too,
+ * including more detailed reasons for errors which are reported in an
+ * ErrMsgBuf.
+ *
+ * When a log message is generated, this callback is called. It
+ * should write a message to the relevant logging arrangements.
+ *
+ * The message string passed will be null-terminated and may be of arbitrary
+ * length. It will not be prefixed by the time and date, nor by the
+ * name of the library that is generating it - if this is required,
+ * the logmessage callback must do it. The message will not have a
+ * trailing newline (though it may contain internal newlines).
+ *
+ * If a null pointer is passed for logmessage a default function is
+ * used. The default function treats logstream as a FILE* which has
+ * been converted to a void*. If logstream is 0 it does nothing.
+ * Otherwise it prepends the date and time and library name and
+ * writes the message to logstream. Each line will be prefixed by a
+ * descriptive string containing the date, time and identity of the
+ * crypto plugin. Errors on the logstream are not reported
+ * anywhere, and the default function doesn't flush the stream, so
+ * the application must set the buffering how it wants it.
+ *
+ * The crypto plugin may also provide a facility to have copies of
+ * log messages sent elsewhere, and or for adjusting the verbosity
+ * of the log messages; any such facilities will be configured by
+ * external means.
+ */
} HWCryptoHook_InitInfo;
typedef