[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Thu Feb 11 16:02:33 UTC 2016
The branch master has been updated
via 7b548d3f11adccc67123e1f6f5c118aef857a8d2 (commit)
from 64c443e3f0057946ddd8f37a36821a7f9c0e0493 (commit)
- Log -----------------------------------------------------------------
commit 7b548d3f11adccc67123e1f6f5c118aef857a8d2
Author: Dr Stephen Henson <steve at openssl.org>
Date: Tue Feb 9 14:33:51 2016 +0000
Test for and use AES CSP for RSA if present.
Some keys are attached to the full RSA CSP which doesn't support SHA2
algorithms: uses the AES CSP if present.
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
engines/e_capi.c | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/engines/e_capi.c b/engines/e_capi.c
index 62c4ad3..8e78354 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -133,6 +133,10 @@
# define CALG_SHA_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
# endif
+# ifndef PROV_RSA_AES
+# define PROV_RSA_AES 24
+# endif
+
# include <openssl/engine.h>
# include <openssl/pem.h>
# include <openssl/x509v3.h>
@@ -458,11 +462,14 @@ static DSA_METHOD capi_dsa_method = {
0 /* dsa_keygen */
};
+static int use_aes_csp = 0;
+
static int capi_init(ENGINE *e)
{
CAPI_CTX *ctx;
const RSA_METHOD *ossl_rsa_meth;
const DSA_METHOD *ossl_dsa_meth;
+ HCRYPTPROV hprov;
if (capi_idx < 0) {
capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
@@ -509,6 +516,14 @@ static int capi_init(ENGINE *e)
}
# endif
+ /* See if we support AES CSP */
+
+ if (CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_AES,
+ CRYPT_VERIFYCONTEXT)) {
+ use_aes_csp = 1;
+ CryptReleaseContext(hprov, 0);
+ }
+
return 1;
memerr:
@@ -1454,10 +1469,15 @@ static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname,
if (key == NULL)
return NULL;
- if (sizeof(TCHAR) == sizeof(char))
+ /* If PROV_RSA_AES supported use it instead */
+ if (ptype == PROV_RSA_FULL && use_aes_csp) {
+ provname = NULL;
+ ptype = PROV_RSA_AES;
+ CAPI_trace(ctx, "capi_get_key, contname=%s, RSA_AES_CSP\n", contname);
+ } else if (sizeof(TCHAR) == sizeof(char)) {
CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
contname, provname, ptype);
- else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
+ } else if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
/* above 'if' is optimization to minimize malloc-ations */
char *_contname = wide_to_asc((WCHAR *)contname);
char *_provname = wide_to_asc((WCHAR *)provname);
More information about the openssl-commits
mailing list