Issue in upgrading code related to CAPI Engine for accessing Windows certificate Store(Windows7) (upgrade from 1.0.2p to 1.1.1c)

manoj upadhyay upadhyay.manoj at live.com
Mon Sep 30 18:28:06 UTC 2019 

Hi All,
I am facinmg issue while upgrading my OpenSSL version from 1.0.2p to 1.1.1c.
I am facing the issue where "ENGINE_by_id("capi")" is not returning proper pointer. I want to access windows certificate store with certificate and keys.

Snippet of my working code in 1.0.2p:(This is working fine)
This is working fine and I am able to get the Private key.
--------------------------------------
      ENGINE_load_capi()
      ce = ENGINE_by_id("capi");
      if (NULL == ce)
      {
         ENGINE_cleanup();
         return E_LOAD_FAILED;
      }
      if (!ENGINE_init(ce)||!ENGINE_register_STORE(ce) )
      {
         ENGINE_cleanup();
         ce = NULL;
         return E_INIT_FAILED;
      }
     (void)ENGINE_ctrl_cmd(ce,"store_flags",0, NULL, NULL, 0);
     (void)ENGINE_ctrl_cmd(ce,"store_name" ,0, (void*)storeName, NULL, 0);
     privateKey  = ENGINE_load_private_key(ce,"certname", 0, 0);


I can see that few CAPI API is deprecated in 1.1.1c, but they can be enabled by following configuration(Based on engine.h)
> "perl Configure debug-VC-WIN64A no-asm enable-capieng no-shared no-dynamic-engine --api=1.0.0"
Code from 1.1.1c:
-------------------



      ENGINE_load_capi()
      ce = ENGINE_by_id("capi");   <<================Returning NULL always
      if (NULL == ce)
      {
         ENGINE_cleanup();
         return E_LOAD_FAILED;
      }
      if (!ENGINE_init(ce)||!ENGINE_register_complete(ce) )
      {
         ENGINE_cleanup();
         ce = NULL;
         return E_INIT_FAILED;
      }
     (void)ENGINE_ctrl_cmd(ce,"store_flags",0, NULL, NULL, 0);
     (void)ENGINE_ctrl_cmd(ce,"store_name" ,0, (void*)storeName, NULL, 0);
     privateKey  = ENGINE_load_private_key(ce,"certname", 0, 0);


If I change my code to the following way, I get one pointer but when I try to load the private key I get always empty private key.
> "perl Configure debug-VC-WIN64A no-asm

Code:
  int rc = 0;
  ENGINE_load_builtin_engines();
  ce= ENGINE_by_id("dynamic"); <<==============Engine Pointer with no valid data
  rc = ENGINE_ctrl_cmd_string(ce, "SO_PATH", "c://mylib//capi.dll", 0); if (! rc) return ERROR_RC;
  rc=  ENGINE_ctrl_cmd_string(ce, "LOAD", NULL, 0); if (! rc) return ERROR_RC;
  rc = ENGINE_register_complete(ce); if (! rc) return ERROR_RC;
  rc = ERR_load_ENGINE_strings(); if (! rc) return ERROR_RC;

      if (NULL == ce)
      {
         ENGINE_cleanup();
         return LOAD_E_FAILED;
      }
        if (!ENGINE_init(ce))
      {
         ENGINE_cleanup();
         sCapiEngine = NULL;
         return INIT_E_FAILED;
      }
  ENGINE_register_complete(ce);
  (void)ENGINE_ctrl_cmd(ce,"store_flags",0, NULL, NULL, 0);
  (void)ENGINE_ctrl_cmd(ce,"store_name" ,0, (void*)storeName, NULL, 0);
  privateKey  = ENGINE_load_private_key(ce,"certname", 0, 0); <<============Always getting NULL Private key.


I am not able to figure out where things are going wrong.

Is there any way I can get the desired result from Capi for windows cert store? Please help.

Thanks & regards,
Manoj Upadhyay

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190930/99e4eb63/attachment-0001.html>

More information about the openssl-users mailing list