diff options
author | Jung-uk Kim <jkim@FreeBSD.org> | 2015-10-23 19:46:02 +0000 |
---|---|---|
committer | Jung-uk Kim <jkim@FreeBSD.org> | 2015-10-23 19:46:02 +0000 |
commit | e9fcefce9bb70f20c272a996443928c5f6ab8cd8 (patch) | |
tree | ae816a5a768ec78af3610e509ca39507b33aa9f7 /engines | |
parent | c07d7b3a386974c338492659291008bed07948e6 (diff) | |
download | src-e9fcefce9bb70f20c272a996443928c5f6ab8cd8.tar.gz src-e9fcefce9bb70f20c272a996443928c5f6ab8cd8.zip |
Import OpenSSL 1.0.2d.vendor/openssl/1.0.2d
Notes
Notes:
svn path=/vendor-crypto/openssl/dist/; revision=289848
svn path=/vendor-crypto/openssl/1.0.2d/; revision=289849; tag=vendor/openssl/1.0.2d
Diffstat (limited to 'engines')
-rw-r--r-- | engines/Makefile | 30 | ||||
-rw-r--r-- | engines/ccgost/Makefile | 11 | ||||
-rw-r--r-- | engines/ccgost/gost89.c | 19 | ||||
-rw-r--r-- | engines/ccgost/gost_crypt.c | 4 | ||||
-rw-r--r-- | engines/ccgost/gost_pmeth.c | 8 | ||||
-rw-r--r-- | engines/e_capi.c | 142 | ||||
-rw-r--r-- | engines/vendor_defns/hwcryptohook.h | 188 |
7 files changed, 245 insertions, 157 deletions
diff --git a/engines/Makefile b/engines/Makefile index 23bd2f37f89c..2058ff405afe 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -111,7 +111,10 @@ install: for l in $(LIBNAMES); do \ ( echo installing $$l; \ pfx=lib; \ - if [ "$(PLATFORM)" != "Cygwin" ]; then \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + sfx=".so"; \ + cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ + else \ case "$(CFLAGS)" in \ *DSO_BEOS*) sfx=".so";; \ *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ @@ -120,9 +123,6 @@ install: *) sfx=".bad";; \ esac; \ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - else \ - sfx=".so"; \ - cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ fi; \ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ @@ -216,17 +216,17 @@ e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/x509.h e_atalla.o: ../include/openssl/x509_vfy.h e_atalla.c e_atalla_err.c e_atalla.o: e_atalla_err.h vendor_defns/atalla.h e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h -e_capi.o: ../include/openssl/bn.h ../include/openssl/buffer.h -e_capi.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -e_capi.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -e_capi.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_capi.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_capi.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_capi.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_capi.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_capi.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_capi.c +e_capi.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +e_capi.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +e_capi.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +e_capi.o: ../include/openssl/engine.h ../include/openssl/evp.h +e_capi.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_capi.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_capi.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_capi.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +e_capi.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_capi.o: ../include/openssl/x509_vfy.h e_capi.c e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile index 4e183a467b40..17e1efbdff30 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile @@ -45,7 +45,10 @@ install: set -e; \ echo installing $(LIBNAME); \ pfx=lib; \ - if [ "$(PLATFORM)" != "Cygwin" ]; then \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + sfx=".so"; \ + cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + else \ case "$(CFLAGS)" in \ *DSO_BEOS*) sfx=".so";; \ *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ @@ -54,9 +57,6 @@ install: *) sfx=".bad";; \ esac; \ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - else \ - sfx=".so"; \ - cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ fi; \ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ @@ -75,8 +75,7 @@ local_depend: @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) files: - - + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO lint: lint -DLINT $(INCLUDES) $(SRC)>fluff diff --git a/engines/ccgost/gost89.c b/engines/ccgost/gost89.c index 945509db809d..4ff4ddd7a565 100644 --- a/engines/ccgost/gost89.c +++ b/engines/ccgost/gost89.c @@ -221,7 +221,7 @@ static void kboxinit(gost_ctx * c, const gost_subst_block * b) int i; for (i = 0; i < 256; i++) { - c->k87[i] = (b->k8[i >> 4] << 4 | b->k7[i & 15]) << 24; + c->k87[i] = (word32) (b->k8[i >> 4] << 4 | b->k7[i & 15]) << 24; c->k65[i] = (b->k6[i >> 4] << 4 | b->k5[i & 15]) << 16; c->k43[i] = (b->k4[i >> 4] << 4 | b->k3[i & 15]) << 8; c->k21[i] = b->k2[i >> 4] << 4 | b->k1[i & 15]; @@ -242,8 +242,8 @@ static word32 f(gost_ctx * c, word32 x) void gostcrypt(gost_ctx * c, const byte * in, byte * out) { register word32 n1, n2; /* As named in the GOST */ - n1 = in[0] | (in[1] << 8) | (in[2] << 16) | (in[3] << 24); - n2 = in[4] | (in[5] << 8) | (in[6] << 16) | (in[7] << 24); + n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32) in[3] << 24); + n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32) in[7] << 24); /* Instead of swapping halves, swap names each round */ n2 ^= f(c, n1 + c->k[0]); @@ -296,8 +296,8 @@ void gostcrypt(gost_ctx * c, const byte * in, byte * out) void gostdecrypt(gost_ctx * c, const byte * in, byte * out) { register word32 n1, n2; /* As named in the GOST */ - n1 = in[0] | (in[1] << 8) | (in[2] << 16) | (in[3] << 24); - n2 = in[4] | (in[5] << 8) | (in[6] << 16) | (in[7] << 24); + n1 = in[0] | (in[1] << 8) | (in[2] << 16) | ((word32) in[3] << 24); + n2 = in[4] | (in[5] << 8) | (in[6] << 16) | ((word32) in[7] << 24); n2 ^= f(c, n1 + c->k[0]); n1 ^= f(c, n2 + c->k[1]); @@ -417,7 +417,8 @@ void gost_key(gost_ctx * c, const byte * k) int i, j; for (i = 0, j = 0; i < 8; i++, j += 4) { c->k[i] = - k[j] | (k[j + 1] << 8) | (k[j + 2] << 16) | (k[j + 3] << 24); + k[j] | (k[j + 1] << 8) | (k[j + 2] << 16) | ((word32) k[j + 3] << + 24); } } @@ -462,8 +463,10 @@ void mac_block(gost_ctx * c, byte * buffer, const byte * block) for (i = 0; i < 8; i++) { buffer[i] ^= block[i]; } - n1 = buffer[0] | (buffer[1] << 8) | (buffer[2] << 16) | (buffer[3] << 24); - n2 = buffer[4] | (buffer[5] << 8) | (buffer[6] << 16) | (buffer[7] << 24); + n1 = buffer[0] | (buffer[1] << 8) | (buffer[2] << 16) | ((word32) + buffer[3] << 24); + n2 = buffer[4] | (buffer[5] << 8) | (buffer[6] << 16) | ((word32) + buffer[7] << 24); /* Instead of swapping halves, swap names each round */ n2 ^= f(c, n1 + c->k[0]); diff --git a/engines/ccgost/gost_crypt.c b/engines/ccgost/gost_crypt.c index aae941e54b9e..2bbdc6ccd67a 100644 --- a/engines/ccgost/gost_crypt.c +++ b/engines/ccgost/gost_crypt.c @@ -251,13 +251,13 @@ static void gost_cnt_next(void *ctx, unsigned char *iv, unsigned char *buf) } else { memcpy(buf1, iv, 8); } - g = buf1[0] | (buf1[1] << 8) | (buf1[2] << 16) | (buf1[3] << 24); + g = buf1[0] | (buf1[1] << 8) | (buf1[2] << 16) | ((word32) buf1[3] << 24); g += 0x01010101; buf1[0] = (unsigned char)(g & 0xff); buf1[1] = (unsigned char)((g >> 8) & 0xff); buf1[2] = (unsigned char)((g >> 16) & 0xff); buf1[3] = (unsigned char)((g >> 24) & 0xff); - g = buf1[4] | (buf1[5] << 8) | (buf1[6] << 16) | (buf1[7] << 24); + g = buf1[4] | (buf1[5] << 8) | (buf1[6] << 16) | ((word32) buf1[7] << 24); go = g; g += 0x01010104; if (go > g) /* overflow */ diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c index b6275b255889..4a79a85cfc62 100644 --- a/engines/ccgost/gost_pmeth.c +++ b/engines/ccgost/gost_pmeth.c @@ -87,6 +87,10 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } break; + case EVP_PKEY_CTRL_GET_MD: + *(const EVP_MD **)p2 = pctx->md; + return 1; + case EVP_PKEY_CTRL_PKCS7_ENCRYPT: case EVP_PKEY_CTRL_PKCS7_DECRYPT: case EVP_PKEY_CTRL_PKCS7_SIGN: @@ -447,6 +451,10 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } break; + case EVP_PKEY_CTRL_GET_MD: + *(const EVP_MD **)p2 = data->md; + return 1; + case EVP_PKEY_CTRL_PKCS7_ENCRYPT: case EVP_PKEY_CTRL_PKCS7_DECRYPT: case EVP_PKEY_CTRL_PKCS7_SIGN: diff --git a/engines/e_capi.c b/engines/e_capi.c index 43dd3106c1cb..f4cd2ffe7fa1 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -54,22 +54,27 @@ #include <stdio.h> #include <string.h> +#include <stdlib.h> + #include <openssl/crypto.h> -#include <openssl/buffer.h> -#include <openssl/bn.h> #ifdef OPENSSL_SYS_WIN32 # ifndef OPENSSL_NO_CAPIENG +# include <openssl/buffer.h> +# include <openssl/bn.h> # include <openssl/rsa.h> -# include <windows.h> - # ifndef _WIN32_WINNT # define _WIN32_WINNT 0x0400 # endif +# include <windows.h> # include <wincrypt.h> +# include <malloc.h> +# ifndef alloca +# define alloca _alloca +# endif /* * This module uses several "new" interfaces, among which is @@ -832,7 +837,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, /* Finally sign it */ slen = RSA_size(rsa); - if (!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) { + if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) { CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH); capi_addlasterror(); goto err; @@ -956,7 +961,7 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen, /* Finally sign it */ slen = sizeof(csigbuf); - if (!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen)) { + if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen)) { CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH); capi_addlasterror(); goto err; @@ -1025,7 +1030,7 @@ static void capi_adderror(DWORD err) ERR_add_error_data(2, "Error code= 0x", errstr); } -static char *wide_to_asc(LPWSTR wstr) +static char *wide_to_asc(LPCWSTR wstr) { char *str; int len_0, sz; @@ -1054,10 +1059,10 @@ static char *wide_to_asc(LPWSTR wstr) static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype, DWORD idx) { - LPSTR name; DWORD len, err; + LPTSTR name; CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx); - if (!CryptEnumProvidersA(idx, NULL, 0, ptype, NULL, &len)) { + if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len)) { err = GetLastError(); if (err == ERROR_NO_MORE_ITEMS) return 2; @@ -1065,8 +1070,11 @@ static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype, capi_adderror(err); return 0; } - name = OPENSSL_malloc(len); - if (!CryptEnumProvidersA(idx, NULL, 0, ptype, name, &len)) { + if (sizeof(TCHAR) != sizeof(char)) + name = alloca(len); + else + name = OPENSSL_malloc(len); + if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len)) { err = GetLastError(); if (err == ERROR_NO_MORE_ITEMS) return 2; @@ -1074,8 +1082,11 @@ static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype, capi_adderror(err); return 0; } - *pname = name; - CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name, + if (sizeof(TCHAR) != sizeof(char)) + *pname = wide_to_asc((WCHAR *)name); + else + *pname = (char *)name; + CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", *pname, *ptype); return 1; @@ -1106,10 +1117,26 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out) HCRYPTPROV hprov; DWORD err, idx, flags, buflen = 0, clen; LPSTR cname; + LPTSTR cspname = NULL; + CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype); - if (!CryptAcquireContextA - (&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT)) { + if (ctx->cspname && sizeof(TCHAR) != sizeof(char)) { + if ((clen = + MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, NULL, 0))) { + cspname = alloca(clen * sizeof(WCHAR)); + MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, (WCHAR *)cspname, + clen); + } + if (!cspname) { + CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE); + capi_addlasterror(); + return 0; + } + } else + cspname = (TCHAR *)ctx->cspname; + if (!CryptAcquireContext + (&hprov, NULL, cspname, ctx->csptype, CRYPT_VERIFYCONTEXT)) { CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); capi_addlasterror(); @@ -1139,7 +1166,8 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out) flags = CRYPT_FIRST; else flags = 0; - if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags)) { + if (!CryptGetProvParam + (hprov, PP_ENUMCONTAINERS, (BYTE *) cname, &clen, flags)) { err = GetLastError(); if (err == ERROR_NO_MORE_ITEMS) goto done; @@ -1326,7 +1354,6 @@ int capi_list_certs(CAPI_CTX * ctx, BIO *out, char *id) CertFreeCertificateContext(cert); } else { for (idx = 0;; idx++) { - LPWSTR fname = NULL; cert = CertEnumCertificatesInStore(hstore, cert); if (!cert) break; @@ -1371,18 +1398,30 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id, } } -static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const char *contname, - char *provname, DWORD ptype, DWORD keyspec) +static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname, + TCHAR *provname, DWORD ptype, DWORD keyspec) { CAPI_KEY *key; DWORD dwFlags = 0; key = OPENSSL_malloc(sizeof(CAPI_KEY)); - CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", - contname, provname, ptype); + if (sizeof(TCHAR) == sizeof(char)) + CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", + contname, provname, ptype); + else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) { + /* above 'if' is optimization to minimize malloc-ations */ + char *_contname = wide_to_asc((WCHAR *)contname); + char *_provname = wide_to_asc((WCHAR *)provname); + + CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", + _contname, _provname, ptype); + if (_provname) + OPENSSL_free(_provname); + if (_contname) + OPENSSL_free(_contname); + } if (ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE) dwFlags = CRYPT_MACHINE_KEYSET; - if (!CryptAcquireContextA - (&key->hprov, contname, provname, ptype, dwFlags)) { + if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, dwFlags)) { CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); capi_addlasterror(); goto err; @@ -1410,12 +1449,18 @@ static CAPI_KEY *capi_get_cert_key(CAPI_CTX * ctx, PCCERT_CONTEXT cert) pinfo = capi_get_prov_info(ctx, cert); if (!pinfo) goto err; - provname = wide_to_asc(pinfo->pwszProvName); - contname = wide_to_asc(pinfo->pwszContainerName); - if (!provname || !contname) - goto err; - key = capi_get_key(ctx, contname, provname, - pinfo->dwProvType, pinfo->dwKeySpec); + if (sizeof(TCHAR) != sizeof(char)) + key = capi_get_key(ctx, (TCHAR *)pinfo->pwszContainerName, + (TCHAR *)pinfo->pwszProvName, + pinfo->dwProvType, pinfo->dwKeySpec); + else { + provname = wide_to_asc(pinfo->pwszProvName); + contname = wide_to_asc(pinfo->pwszContainerName); + if (!provname || !contname) + goto err; + key = capi_get_key(ctx, (TCHAR *)contname, (TCHAR *)provname, + pinfo->dwProvType, pinfo->dwKeySpec); + } err: if (pinfo) @@ -1447,7 +1492,29 @@ CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char *id) break; case CAPI_LU_CONTNAME: - key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype, ctx->keytype); + if (sizeof(TCHAR) != sizeof(char)) { + WCHAR *contname, *provname; + DWORD len; + + if ((len = MultiByteToWideChar(CP_ACP, 0, id, -1, NULL, 0)) && + (contname = alloca(len * sizeof(WCHAR)), + MultiByteToWideChar(CP_ACP, 0, id, -1, contname, len)) && + (len = + MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, NULL, 0)) + && (provname = + alloca(len * sizeof(WCHAR)), MultiByteToWideChar(CP_ACP, + 0, + ctx->cspname, + -1, + provname, + len))) + key = + capi_get_key(ctx, (TCHAR *)contname, (TCHAR *)provname, + ctx->csptype, ctx->keytype); + } else + key = capi_get_key(ctx, (TCHAR *)id, + (TCHAR *)ctx->cspname, + ctx->csptype, ctx->keytype); break; } @@ -1512,8 +1579,19 @@ static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type, CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type); if (check) { HCRYPTPROV hprov; - if (!CryptAcquireContextA(&hprov, NULL, pname, type, - CRYPT_VERIFYCONTEXT)) { + LPTSTR name = NULL; + + if (sizeof(TCHAR) != sizeof(char)) { + DWORD len; + if ((len = MultiByteToWideChar(CP_ACP, 0, pname, -1, NULL, 0))) { + name = alloca(len * sizeof(WCHAR)); + MultiByteToWideChar(CP_ACP, 0, pname, -1, (WCHAR *)name, len); + } + } else + name = (TCHAR *)pname; + + if (!name || !CryptAcquireContext(&hprov, NULL, name, type, + CRYPT_VERIFYCONTEXT)) { CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR); capi_addlasterror(); diff --git a/engines/vendor_defns/hwcryptohook.h b/engines/vendor_defns/hwcryptohook.h index 9fc7b89acbd1..fa06396a01a0 100644 --- a/engines/vendor_defns/hwcryptohook.h +++ b/engines/vendor_defns/hwcryptohook.h @@ -214,12 +214,12 @@ typedef struct { int (*mutex_acquire) (HWCryptoHook_Mutex *); void (*mutex_release) (HWCryptoHook_Mutex *); void (*mutex_destroy) (HWCryptoHook_Mutex *); - /*- - * For greater efficiency, can use condition vars internally for - * synchronisation. In this case maxsimultaneous is ignored, but - * the other mutex stuff must be available. In singlethreaded - * programs, set everything to 0. - */ + /*- + * For greater efficiency, can use condition vars internally for + * synchronisation. In this case maxsimultaneous is ignored, but + * the other mutex stuff must be available. In singlethreaded + * programs, set everything to 0. + */ size_t condvarsize; int (*condvar_init) (HWCryptoHook_CondVar *, HWCryptoHook_CallerContext * cactx); @@ -227,103 +227,103 @@ typedef struct { void (*condvar_signal) (HWCryptoHook_CondVar *); void (*condvar_broadcast) (HWCryptoHook_CondVar *); void (*condvar_destroy) (HWCryptoHook_CondVar *); - /*- - * The semantics of acquiring and releasing mutexes and broadcasting - * and waiting on condition variables are expected to be those from - * POSIX threads (pthreads). The mutexes may be (in pthread-speak) - * fast mutexes, recursive mutexes, or nonrecursive ones. - * - * The _release/_signal/_broadcast and _destroy functions must - * always succeed when given a valid argument; if they are given an - * invalid argument then the program (crypto plugin + application) - * has an internal error, and they should abort the program. - */ + /*- + * The semantics of acquiring and releasing mutexes and broadcasting + * and waiting on condition variables are expected to be those from + * POSIX threads (pthreads). The mutexes may be (in pthread-speak) + * fast mutexes, recursive mutexes, or nonrecursive ones. + * + * The _release/_signal/_broadcast and _destroy functions must + * always succeed when given a valid argument; if they are given an + * invalid argument then the program (crypto plugin + application) + * has an internal error, and they should abort the program. + */ int (*getpassphrase) (const char *prompt_info, int *len_io, char *buf, HWCryptoHook_PassphraseContext * ppctx, HWCryptoHook_CallerContext * cactx); - /*- - * Passphrases and the prompt_info, if they contain high-bit-set - * characters, are UTF-8. The prompt_info may be a null pointer if - * no prompt information is available (it should not be an empty - * string). It will not contain text like `enter passphrase'; - * instead it might say something like `Operator Card for John - * Smith' or `SmartCard in nFast Module #1, Slot #1'. - * - * buf points to a buffer in which to return the passphrase; on - * entry *len_io is the length of the buffer. It should be updated - * by the callback. The returned passphrase should not be - * null-terminated by the callback. - */ + /*- + * Passphrases and the prompt_info, if they contain high-bit-set + * characters, are UTF-8. The prompt_info may be a null pointer if + * no prompt information is available (it should not be an empty + * string). It will not contain text like `enter passphrase'; + * instead it might say something like `Operator Card for John + * Smith' or `SmartCard in nFast Module #1, Slot #1'. + * + * buf points to a buffer in which to return the passphrase; on + * entry *len_io is the length of the buffer. It should be updated + * by the callback. The returned passphrase should not be + * null-terminated by the callback. + */ int (*getphystoken) (const char *prompt_info, const char *wrong_info, HWCryptoHook_PassphraseContext * ppctx, HWCryptoHook_CallerContext * cactx); - /*- - * Requests that the human user physically insert a different - * smartcard, DataKey, etc. The plugin should check whether the - * currently inserted token(s) are appropriate, and if they are it - * should not make this call. - * - * prompt_info is as before. wrong_info is a description of the - * currently inserted token(s) so that the user is told what - * something is. wrong_info, like prompt_info, may be null, but - * should not be an empty string. Its contents should be - * syntactically similar to that of prompt_info. - */ - /*- - * Note that a single LoadKey operation might cause several calls to - * getpassphrase and/or requestphystoken. If requestphystoken is - * not provided (ie, a null pointer is passed) then the plugin may - * not support loading keys for which authorisation by several cards - * is required. If getpassphrase is not provided then cards with - * passphrases may not be supported. - * - * getpassphrase and getphystoken do not need to check that the - * passphrase has been entered correctly or the correct token - * inserted; the crypto plugin will do that. If this is not the - * case then the crypto plugin is responsible for calling these - * routines again as appropriate until the correct token(s) and - * passphrase(s) are supplied as required, or until any retry limits - * implemented by the crypto plugin are reached. - * - * In either case, the application must allow the user to say `no' - * or `cancel' to indicate that they do not know the passphrase or - * have the appropriate token; this should cause the callback to - * return nonzero indicating error. - */ + /*- + * Requests that the human user physically insert a different + * smartcard, DataKey, etc. The plugin should check whether the + * currently inserted token(s) are appropriate, and if they are it + * should not make this call. + * + * prompt_info is as before. wrong_info is a description of the + * currently inserted token(s) so that the user is told what + * something is. wrong_info, like prompt_info, may be null, but + * should not be an empty string. Its contents should be + * syntactically similar to that of prompt_info. + */ + /*- + * Note that a single LoadKey operation might cause several calls to + * getpassphrase and/or requestphystoken. If requestphystoken is + * not provided (ie, a null pointer is passed) then the plugin may + * not support loading keys for which authorisation by several cards + * is required. If getpassphrase is not provided then cards with + * passphrases may not be supported. + * + * getpassphrase and getphystoken do not need to check that the + * passphrase has been entered correctly or the correct token + * inserted; the crypto plugin will do that. If this is not the + * case then the crypto plugin is responsible for calling these + * routines again as appropriate until the correct token(s) and + * passphrase(s) are supplied as required, or until any retry limits + * implemented by the crypto plugin are reached. + * + * In either case, the application must allow the user to say `no' + * or `cancel' to indicate that they do not know the passphrase or + * have the appropriate token; this should cause the callback to + * return nonzero indicating error. + */ void (*logmessage) (void *logstream, const char *message); - /*- - * A log message will be generated at least every time something goes - * wrong and an ErrMsgBuf is filled in (or would be if one was - * provided). Other diagnostic information may be written there too, - * including more detailed reasons for errors which are reported in an - * ErrMsgBuf. - * - * When a log message is generated, this callback is called. It - * should write a message to the relevant logging arrangements. - * - * The message string passed will be null-terminated and may be of arbitrary - * length. It will not be prefixed by the time and date, nor by the - * name of the library that is generating it - if this is required, - * the logmessage callback must do it. The message will not have a - * trailing newline (though it may contain internal newlines). - * - * If a null pointer is passed for logmessage a default function is - * used. The default function treats logstream as a FILE* which has - * been converted to a void*. If logstream is 0 it does nothing. - * Otherwise it prepends the date and time and library name and - * writes the message to logstream. Each line will be prefixed by a - * descriptive string containing the date, time and identity of the - * crypto plugin. Errors on the logstream are not reported - * anywhere, and the default function doesn't flush the stream, so - * the application must set the buffering how it wants it. - * - * The crypto plugin may also provide a facility to have copies of - * log messages sent elsewhere, and or for adjusting the verbosity - * of the log messages; any such facilities will be configured by - * external means. - */ + /*- + * A log message will be generated at least every time something goes + * wrong and an ErrMsgBuf is filled in (or would be if one was + * provided). Other diagnostic information may be written there too, + * including more detailed reasons for errors which are reported in an + * ErrMsgBuf. + * + * When a log message is generated, this callback is called. It + * should write a message to the relevant logging arrangements. + * + * The message string passed will be null-terminated and may be of arbitrary + * length. It will not be prefixed by the time and date, nor by the + * name of the library that is generating it - if this is required, + * the logmessage callback must do it. The message will not have a + * trailing newline (though it may contain internal newlines). + * + * If a null pointer is passed for logmessage a default function is + * used. The default function treats logstream as a FILE* which has + * been converted to a void*. If logstream is 0 it does nothing. + * Otherwise it prepends the date and time and library name and + * writes the message to logstream. Each line will be prefixed by a + * descriptive string containing the date, time and identity of the + * crypto plugin. Errors on the logstream are not reported + * anywhere, and the default function doesn't flush the stream, so + * the application must set the buffering how it wants it. + * + * The crypto plugin may also provide a facility to have copies of + * log messages sent elsewhere, and or for adjusting the verbosity + * of the log messages; any such facilities will be configured by + * external means. + */ } HWCryptoHook_InitInfo; typedef |