自学教程：C++ CAPIerr函数代码示例

static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD idx)	{	LPSTR name;	DWORD len, err;	CAPI_trace(ctx, "capi_get_provname, index=%d/n", idx);	if (!CryptEnumProvidersA(idx, NULL, 0, ptype, NULL, &len))		{		err = GetLastError();		if (err == ERROR_NO_MORE_ITEMS)			return 2;		CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);		capi_adderror(err);		return 0;		}	name = OPENSSL_malloc(len);	if (!CryptEnumProvidersA(idx, NULL, 0, ptype, name, &len))		{		err = GetLastError();		if (err == ERROR_NO_MORE_ITEMS)			return 2;		CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);		capi_adderror(err);		return 0;		}	*pname = name;	CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d/n", name, *ptype);	return 1;	}

static char *wide_to_asc(LPWSTR wstr)	{	char *str;	int len_0,sz;	if (!wstr)		return NULL;	len_0 = (int)wcslen(wstr)+1;	/* WideCharToMultiByte expects int */        sz = WideCharToMultiByte(CP_ACP,0,wstr,len_0,NULL,0,NULL,NULL);	if (!sz)		{		CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);		return NULL;		}	str = OPENSSL_malloc(sz);	if (!str)		{		CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);		return NULL;		}	if (!WideCharToMultiByte(CP_ACP,0,wstr,len_0,str,sz,NULL,NULL))		{		OPENSSL_free(str);		CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);		return NULL;		}	return str;	}

static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)	{	CAPI_KEY *key;	key = OPENSSL_malloc(sizeof(CAPI_KEY));	CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d/n", 						contname, provname, ptype);	if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))		{		CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);		capi_addlasterror();		goto err;		}	if (!CryptGetUserKey(key->hprov, keyspec, &key->key))		{		CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);		capi_addlasterror();		CryptReleaseContext(key->hprov, 0);		goto err;		}	key->keyspec = keyspec;	key->pcert = NULL;	return key;	err:	OPENSSL_free(key);	return NULL;	}

int capi_rsa_priv_dec(int flen, const unsigned char *from,                unsigned char *to, RSA *rsa, int padding)	{	int i;	unsigned char *tmpbuf;	CAPI_KEY *capi_key;	CAPI_CTX *ctx;	ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);	CAPI_trace(ctx, "Called capi_rsa_priv_dec()/n");	capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);	if (!capi_key)		{		CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);		return -1;		}	if(padding != RSA_PKCS1_PADDING)		{		char errstr[10];		BIO_snprintf(errstr, 10, "%d", padding);		CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);		ERR_add_error_data(2, "padding=", errstr);		return -1;		}	/* Create temp reverse order version of input */	if(!(tmpbuf = OPENSSL_malloc(flen)) ) 		{		CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);		return -1;		}	for(i = 0; i < flen; i++)		tmpbuf[flen - i - 1] = from[i];		/* Finally decrypt it */	if(!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen))		{		CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);		capi_addlasterror();		OPENSSL_free(tmpbuf);		return -1;		} 	else memcpy(to, tmpbuf, flen);	OPENSSL_free(tmpbuf);	return flen;	}

static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,	UI_METHOD *ui_method, void *callback_data)	{	CAPI_CTX *ctx;	CAPI_KEY *key;	EVP_PKEY *ret;	ctx = ENGINE_get_ex_data(eng, capi_idx);	if (!ctx)		{		CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);		return NULL;		}	key = capi_find_key(ctx, key_id);	if (!key)		return NULL;	ret = capi_get_pkey(eng, key);	if (!ret)		capi_free_key(key);	return ret;	}

static int capi_init(ENGINE *e){    CAPI_CTX *ctx;    const RSA_METHOD *ossl_rsa_meth;    const DSA_METHOD *ossl_dsa_meth;    if (capi_idx < 0) {        capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);        if (capi_idx < 0)            goto memerr;        cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);        /* Setup RSA_METHOD */        rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);        ossl_rsa_meth = RSA_PKCS1_SSLeay();        capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;        capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;        capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;        capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;        /* Setup DSA Method */        dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);        ossl_dsa_meth = DSA_OpenSSL();        capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;        capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;        capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;    }    ctx = capi_ctx_new();    if (!ctx)        goto memerr;    ENGINE_set_ex_data(e, capi_idx, ctx);#  ifdef OPENSSL_CAPIENG_DIALOG    {        HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));        HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));        if (cryptui)            ctx->certselectdlg =                (CERTDLG) GetProcAddress(cryptui,                                         "CryptUIDlgSelectCertificateFromStore");        if (kernel)            ctx->getconswindow =                (GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow");        if (cryptui && !OPENSSL_isservice())            ctx->client_cert_select = cert_select_dialog;    }#  endif    return 1; memerr:    CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);    return 0;    return 1;}

static char *wide_to_asc(LPWSTR wstr)	{	char *str;	if (!wstr)		return NULL;	str = OPENSSL_malloc(wcslen(wstr) + 1);	if (!str)		{		CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);		return NULL;		}	sprintf(str, "%S", wstr);	return str;	}

HCERTSTORE capi_open_store(CAPI_CTX * ctx, char *storename){    HCERTSTORE hstore;    if (!storename)        storename = ctx->storename;    if (!storename)        storename = "MY";    CAPI_trace(ctx, "Opening certificate store %s/n", storename);    hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,                           ctx->store_flags, storename);    if (!hstore) {        CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);        capi_addlasterror();    }    return hstore;}

static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check)	{	CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d/n", pname, type);	if (check)		{		HCRYPTPROV hprov;		if (!CryptAcquireContextA(&hprov, NULL, pname, type,						CRYPT_VERIFYCONTEXT))			{			CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);			capi_addlasterror();			return 0;			}		CryptReleaseContext(hprov, 0);		}	ctx->cspname = BUF_strdup(pname);	ctx->csptype = type;	return 1;	}

char * capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)	{	LPWSTR wfname;	DWORD dlen;	CAPI_trace(ctx, "capi_cert_get_fname/n");	if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))		return NULL;	wfname = OPENSSL_malloc(dlen);	if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen))		{		char *fname = wide_to_asc(wfname);		OPENSSL_free(wfname);		return fname;		}	CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);	capi_addlasterror();	OPENSSL_free(wfname);	return NULL;	}

static CAPI_CTX *capi_ctx_new(){    CAPI_CTX *ctx;    ctx = OPENSSL_malloc(sizeof(CAPI_CTX));    if (!ctx) {        CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);        return NULL;    }    ctx->cspname = NULL;    ctx->csptype = PROV_RSA_FULL;    ctx->dump_flags = CAPI_DMP_SUMMARY | CAPI_DMP_FNAME;    ctx->keytype = AT_KEYEXCHANGE;    ctx->storename = NULL;    ctx->ssl_client_store = NULL;    ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |        CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER;    ctx->lookup_method = CAPI_LU_SUBSTR;    ctx->debug_level = 0;    ctx->debug_file = NULL;    ctx->client_cert_select = cert_select_simple;    return ctx;}

static int capi_list_containers(CAPI_CTX *ctx, BIO *out)	{	int ret = 1;	HCRYPTPROV hprov;	DWORD err, idx, flags, buflen = 0, clen;	LPSTR cname;	CAPI_trace(ctx, "Listing containers CSP=%s, type = %d/n", ctx->cspname, ctx->csptype);	if (!CryptAcquireContextA(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))		{		CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);		capi_addlasterror();		return 0;		}	if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST))		{		CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);		capi_addlasterror();		return 0;		}	CAPI_trace(ctx, "Got max container len %d/n", buflen);	if (buflen == 0)		buflen = 1024;	cname = OPENSSL_malloc(buflen);	if (!cname)		{		CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);		goto err;		}	for (idx = 0;;idx++)		{		clen = buflen;		cname[0] = 0;		if (idx == 0)			flags = CRYPT_FIRST;		else			flags = 0;		if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags))			{			err = GetLastError();			if (err == ERROR_NO_MORE_ITEMS)				goto done;			CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);			capi_adderror(err);			goto err;			}		CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d/n", cname, clen, idx, flags);		if (!cname[0] && (clen == buflen))			{			CAPI_trace(ctx, "Enumerate bug: using workaround/n");			goto done;			}		BIO_printf(out, "%d. %s/n", idx, cname);		}	err:	ret = 0;	done:	if (cname)		OPENSSL_free(cname);	CryptReleaseContext(hprov, 0);	return ret;	}

int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,             unsigned char *sigret, unsigned int *siglen, const RSA *rsa)	{	ALG_ID alg;	HCRYPTHASH hash;	DWORD slen;	unsigned int i;	int ret = -1;	CAPI_KEY *capi_key;	CAPI_CTX *ctx;	ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);	CAPI_trace(ctx, "Called CAPI_rsa_sign()/n");	capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);	if (!capi_key)		{		CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);		return -1;		}/* Convert the signature type to a CryptoAPI algorithm ID */	switch(dtype)		{	case NID_sha1:		alg = CALG_SHA1;		break;	case NID_md5:		alg = CALG_MD5;		break;	case NID_md5_sha1:		alg = CALG_SSL3_SHAMD5;		break;	default:		{		char algstr[10];		BIO_snprintf(algstr, 10, "%lx", dtype);		CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);		ERR_add_error_data(2, "NID=0x", algstr);		return -1;		}	}/* Create the hash object */	if(!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash))		{		CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);		capi_addlasterror();		return -1;		}/* Set the hash value to the value passed */	if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0))		{		CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);		capi_addlasterror();		goto err;		}/* Finally sign it */	slen = RSA_size(rsa);	if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen))		{		CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);		capi_addlasterror();		goto err;		}	else		{		ret = 1;		/* Inplace byte reversal of signature */		for(i = 0; i < slen / 2; i++)			{			unsigned char c;			c = sigret[i];			sigret[i] = sigret[slen - i - 1];			sigret[slen - i - 1] = c;			}		*siglen = slen;		}	/* Now cleanup */err:	CryptDestroyHash(hash);	return ret;	}

int capi_rsa_priv_enc(int flen, const unsigned char *from,                unsigned char *to, RSA *rsa, int padding)	{	CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);	return -1;	}

static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)	{	unsigned char *pubkey = NULL;	DWORD len;	BLOBHEADER *bh;	RSA *rkey = NULL;	DSA *dkey = NULL;	EVP_PKEY *ret = NULL;	if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len))		{		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);		capi_addlasterror();		return NULL;		}	pubkey = OPENSSL_malloc(len);	if (!pubkey)		goto memerr;	if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len))		{		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);		capi_addlasterror();		goto err;		}	bh = (BLOBHEADER *)pubkey;	if (bh->bType != PUBLICKEYBLOB)		{		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);		goto err;		}	if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX)		{		RSAPUBKEY *rp;		DWORD rsa_modlen;		unsigned char *rsa_modulus;		rp = (RSAPUBKEY *)(bh + 1);		if (rp->magic != 0x31415352)			{			char magstr[10];			BIO_snprintf(magstr, 10, "%lx", rp->magic);			CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);			ERR_add_error_data(2, "magic=0x", magstr);			goto err;			}		rsa_modulus = (unsigned char *)(rp + 1);		rkey = RSA_new_method(eng);		if (!rkey)			goto memerr;		rkey->e = BN_new();		rkey->n = BN_new();		if (!rkey->e || !rkey->n)			goto memerr;		if (!BN_set_word(rkey->e, rp->pubexp))			goto memerr;		rsa_modlen = rp->bitlen / 8;		if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))			goto memerr;		RSA_set_ex_data(rkey, rsa_capi_idx, key);		if (!(ret = EVP_PKEY_new()))			goto memerr;		EVP_PKEY_assign_RSA(ret, rkey);		rkey = NULL;		}	else if (bh->aiKeyAlg == CALG_DSS_SIGN)		{		DSSPUBKEY *dp;		DWORD dsa_plen;		unsigned char *btmp;		dp = (DSSPUBKEY *)(bh + 1);		if (dp->magic != 0x31535344)			{			char magstr[10];			BIO_snprintf(magstr, 10, "%lx", dp->magic);			CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);			ERR_add_error_data(2, "magic=0x", magstr);			goto err;			}		dsa_plen = dp->bitlen / 8;		btmp = (unsigned char *)(dp + 1);		dkey = DSA_new_method(eng);		if (!dkey)			goto memerr;		dkey->p = BN_new();		dkey->q = BN_new();		dkey->g = BN_new();		dkey->pub_key = BN_new();		if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)			goto memerr;		if (!lend_tobn(dkey->p, btmp, dsa_plen))//.........这里部分代码省略.........

static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))	{	int ret = 1;	CAPI_CTX *ctx;	BIO *out;	if (capi_idx == -1)		{		CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);		return 0;		}	ctx = ENGINE_get_ex_data(e, capi_idx);	out = BIO_new_fp(stdout, BIO_NOCLOSE);	switch (cmd)		{		case CAPI_CMD_LIST_CSPS:		ret = capi_list_providers(ctx, out);		break;		case CAPI_CMD_LIST_CERTS:		ret = capi_list_certs(ctx, out, NULL);		break;		case CAPI_CMD_LOOKUP_CERT:		ret = capi_list_certs(ctx, out, p);		break;		case CAPI_CMD_LIST_CONTAINERS:		ret = capi_list_containers(ctx, out);		break;		case CAPI_CMD_STORE_NAME:		if (ctx->storename)			OPENSSL_free(ctx->storename);		ctx->storename = BUF_strdup(p);		CAPI_trace(ctx, "Setting store name to %s/n", p);		break;		case CAPI_CMD_STORE_FLAGS:		if (i & 1)			{			ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;			ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER;			}		else			{			ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER;			ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE;			}		CAPI_trace(ctx, "Setting flags to %d/n", i);		break;		case CAPI_CMD_DEBUG_LEVEL:		ctx->debug_level = (int)i;		CAPI_trace(ctx, "Setting debug level to %d/n", ctx->debug_level);		break;		case CAPI_CMD_DEBUG_FILE:		ctx->debug_file = BUF_strdup(p);		CAPI_trace(ctx, "Setting debug file to %s/n", ctx->debug_file);		break;		case CAPI_CMD_KEYTYPE:		ctx->keytype = i;		CAPI_trace(ctx, "Setting key type to %d/n", ctx->keytype);		break;		case CAPI_CMD_SET_CSP_IDX:		ret = capi_ctx_set_provname_idx(ctx, i);		break;		case CAPI_CMD_LIST_OPTIONS:		ctx->dump_flags = i;		break;		case CAPI_CMD_LOOKUP_METHOD:		if (i < 1 || i > 3)			{			CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);			return 0;			}		ctx->lookup_method = i;		break;		case CAPI_CMD_SET_CSP_NAME:		ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);		break;		case CAPI_CMD_SET_CSP_TYPE:		ctx->csptype = i;		break;		default:		CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);		ret = 0;	}	BIO_free(out);	return ret;	}