X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=engines%2Fe_capi.c;h=24b620fc07f4d8f31920b0700b6855cf5535a242;hb=c90c41f09da5b0b0b56a3b3e1fe83f42ef590dee;hp=e98946c85a0a288c8ac925db665785f980bc32fe;hpb=492279f6f3acaa5365fbb41e4296f87569e4a8f2;p=oweals%2Fopenssl.git

diff --git a/engines/e_capi.c b/engines/e_capi.c
index e98946c85a..24b620fc07 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -56,12 +56,12 @@
 #include <string.h>
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
-#include <openssl/rsa.h>
 #include <openssl/bn.h>
 
 #ifdef OPENSSL_SYS_WIN32
 #ifndef OPENSSL_NO_CAPIENG
 
+#include <openssl/rsa.h>
 
 #include <windows.h>
 
@@ -71,6 +71,28 @@
 
 #include <wincrypt.h>
 
+/*
+ * This module uses several "new" interfaces, among which is
+ * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
+ * one of possible values you can pass to function in question. By
+ * checking if it's defined we can see if wincrypt.h and accompanying
+ * crypt32.lib are in shape. The native MingW32 headers up to and
+ * including __W32API_VERSION 3.14 lack of struct DSSPUBKEY and the
+ * defines CERT_STORE_PROV_SYSTEM_A and CERT_STORE_READONLY_FLAG,
+ * so we check for these too and avoid compiling.
+ * Yes, it's rather "weak" test and if compilation fails,
+ * then re-configure with -DOPENSSL_NO_CAPIENG.
+ */
+#if defined(CERT_KEY_PROV_INFO_PROP_ID) && \
+    defined(CERT_STORE_PROV_SYSTEM_A) && \
+    defined(CERT_STORE_READONLY_FLAG)
+# define __COMPILE_CAPIENG
+#endif /* CERT_KEY_PROV_INFO_PROP_ID */
+#endif /* OPENSSL_NO_CAPIENG */
+#endif /* OPENSSL_SYS_WIN32 */
+
+#ifdef __COMPILE_CAPIENG
+
 #undef X509_EXTENSIONS
 #undef X509_CERT_PAIR
 
@@ -83,6 +105,10 @@
 #define CERT_STORE_CREATE_NEW_FLAG                      0x00002000
 #endif
 
+#ifndef CERT_SYSTEM_STORE_CURRENT_USER
+#define CERT_SYSTEM_STORE_CURRENT_USER			0x00010000
+#endif 
+
 #include <openssl/engine.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
@@ -152,21 +178,21 @@ struct CAPI_CTX_st {
 	char *debug_file;
 	/* Parameters to use for container lookup */
 	DWORD keytype;
-	LPTSTR cspname;
+	LPSTR cspname;
 	DWORD csptype;
 	/* Certificate store name to use */
-	LPTSTR storename;
-	LPTSTR ssl_client_store;
+	LPSTR storename;
+	LPSTR ssl_client_store;
 	/* System store flags */
 	DWORD store_flags;
 
 /* Lookup string meanings in load_private_key */
 /* Substring of subject: uses "storename" */
-#define CAPI_LU_SUBSTR		0
+#define CAPI_LU_SUBSTR		1
 /* Friendly name: uses storename */
-#define CAPI_LU_FNAME		1
+#define CAPI_LU_FNAME		2
 /* Container name: uses cspname, keytype */
-#define CAPI_LU_CONTNAME	2
+#define CAPI_LU_CONTNAME	3
 	int lookup_method;
 /* Info to dump with dumpcerts option */
 /* Issuer and serial name strings */
@@ -442,7 +468,7 @@ static int capi_init(ENGINE *e)
 #ifdef OPENSSL_CAPIENG_DIALOG
 	{
 	HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
-	HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+	HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
 	if (cryptui)
 		ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore");
 	if (kernel)
@@ -823,7 +849,7 @@ int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
 
 /* Finally sign it */
 	slen = RSA_size(rsa);
-	if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen))
+	if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen))
 		{
 		CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
 		capi_addlasterror();
@@ -961,7 +987,7 @@ static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
 
 	/* Finally sign it */
 	slen = sizeof(csigbuf);
-	if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen))
+	if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen))
 		{
 		CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
 		capi_addlasterror();
@@ -1036,15 +1062,29 @@ static void capi_adderror(DWORD err)
 static char *wide_to_asc(LPWSTR wstr)
 	{
 	char *str;
+	int len_0,sz;
+
 	if (!wstr)
 		return NULL;
-	str = OPENSSL_malloc(wcslen(wstr) + 1);
+	len_0 = (int)wcslen(wstr)+1;	/* WideCharToMultiByte expects int */
+        sz = WideCharToMultiByte(CP_ACP,0,wstr,len_0,NULL,0,NULL,NULL);
+	if (!sz)
+		{
+		CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+		return NULL;
+		}
+	str = OPENSSL_malloc(sz);
 	if (!str)
 		{
 		CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
 		return NULL;
 		}
-	sprintf(str, "%S", wstr);
+	if (!WideCharToMultiByte(CP_ACP,0,wstr,len_0,str,sz,NULL,NULL))
+		{
+		OPENSSL_free(str);
+		CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+		return NULL;
+		}
 	return str;
 	}
 
@@ -1053,7 +1093,7 @@ static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD id
 	LPSTR name;
 	DWORD len, err;
 	CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
-	if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len))
+	if (!CryptEnumProvidersA(idx, NULL, 0, ptype, NULL, &len))
 		{
 		err = GetLastError();
 		if (err == ERROR_NO_MORE_ITEMS)
@@ -1063,7 +1103,7 @@ static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD id
 		return 0;
 		}
 	name = OPENSSL_malloc(len);
-		if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len))
+	if (!CryptEnumProvidersA(idx, NULL, 0, ptype, name, &len))
 		{
 		err = GetLastError();
 		if (err == ERROR_NO_MORE_ITEMS)
@@ -1082,7 +1122,7 @@ static int capi_list_providers(CAPI_CTX *ctx, BIO *out)
 	{
 	DWORD idx, ptype;
 	int ret;
-	LPTSTR provname = NULL;
+	LPSTR provname = NULL;
 	CAPI_trace(ctx, "capi_list_providers\n");
 	BIO_printf(out, "Available CSPs:\n");
 	for(idx = 0; ; idx++)
@@ -1105,7 +1145,7 @@ static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
 	DWORD err, idx, flags, buflen = 0, clen;
 	LPSTR cname;
 	CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype);
-	if (!CryptAcquireContext(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
+	if (!CryptAcquireContextA(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
 		{
 		CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
 		capi_addlasterror();
@@ -1385,7 +1425,7 @@ static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provnam
 	key = OPENSSL_malloc(sizeof(CAPI_KEY));
 	CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", 
 						contname, provname, ptype);
-	if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, 0))
+	if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
 		{
 		CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
 		capi_addlasterror();
@@ -1523,7 +1563,7 @@ static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int che
 	if (check)
 		{
 		HCRYPTPROV hprov;
-		if (!CryptAcquireContext(&hprov, NULL, pname, type,
+		if (!CryptAcquireContextA(&hprov, NULL, pname, type,
 						CRYPT_VERIFYCONTEXT))
 			{
 			CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
@@ -1770,12 +1810,15 @@ static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
 	}
 #endif
 
-#endif
-#else /* !WIN32 */
+#else /* !__COMPILE_CAPIENG */
 #include <openssl/engine.h>
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
 IMPLEMENT_DYNAMIC_CHECK_FN()
+#else
+void ENGINE_load_capi(void){}
 #endif
 #endif