We had the password callback for ENGINEs pretty much wrong. And

#endif

#endif

#include <openssl/rand.h>

#include <openssl/rand.h>

#include <openssl/evp.h>

#include <openssl/evp.h>

#include <openssl/pem.h>

#include <openssl/symhacks.h>

#include <openssl/symhacks.h>

#ifdef  __cplusplus

#ifdef  __cplusplus

/* Specific control function pointer */

/* Specific control function pointer */

typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)());

typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)());

/* Generic load_key function pointer */

/* Generic load_key function pointer */

typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, const char *);

typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,

	pem_password_cb *callback, void *callback_data);

/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE

/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE

 * structures where the pointers have a "structural reference". This means that

 * structures where the pointers have a "structural reference". This means that

 * location, handled by the engine.  The storage may be on a card or

 * location, handled by the engine.  The storage may be on a card or

 * whatever. */

 * whatever. */

EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,

EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,

	const char *passphrase);

	pem_password_cb *callback, void *callback_data);

EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,

EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,

	const char *passphrase);

	pem_password_cb *callback, void *callback_data);

/* This returns a pointer for the current ENGINE structure that

/* This returns a pointer for the current ENGINE structure that

 * is (by default) performing any RSA operations. The value returned

 * is (by default) performing any RSA operations. The value returned

	}

	}

EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,

EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,

	const char *passphrase)

	pem_password_cb *callback, void *callback_data)

	{

	{

	EVP_PKEY *pkey;

	EVP_PKEY *pkey;

			ENGINE_R_NO_LOAD_FUNCTION);

			ENGINE_R_NO_LOAD_FUNCTION);

		return 0;

		return 0;

		}

		}

	pkey = e->load_privkey(e, key_id, passphrase);

	pkey = e->load_privkey(e, key_id, callback, callback_data);

	if (!pkey)

	if (!pkey)

		{

		{

		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,

		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,

	}

	}

EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,

EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,

	const char *passphrase)

	pem_password_cb *callback, void *callback_data)

	{

	{

	EVP_PKEY *pkey;

	EVP_PKEY *pkey;

			ENGINE_R_NO_LOAD_FUNCTION);

			ENGINE_R_NO_LOAD_FUNCTION);

		return 0;

		return 0;

		}

		}

	pkey = e->load_pubkey(e, key_id, passphrase);

	pkey = e->load_pubkey(e, key_id, callback, callback_data);

	if (!pkey)

	if (!pkey)

		{

		{

		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,

		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,

 */

 */

#include <stdio.h>

#include <stdio.h>

#include <string.h>

#include <openssl/crypto.h>

#include <openssl/crypto.h>

#include <openssl/pem.h>

#include <openssl/pem.h>

#include "cryptlib.h"

#include "cryptlib.h"

/* KM stuff */

/* KM stuff */

static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,

static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,

	const char *passphrase);

	pem_password_cb *callback, void *callback_data);

static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,

static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,

	const char *passphrase);

	pem_password_cb *callback, void *callback_data);

static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

	int ind,long argl, void *argp);

	int ind,long argl, void *argp);

   into HWCryptoHook_PassphraseContext */

   into HWCryptoHook_PassphraseContext */

struct HWCryptoHook_PassphraseContextValue

struct HWCryptoHook_PassphraseContextValue

	{

	{

	void *any;

	pem_password_cb *password_callback; /* If != NULL, will be called */

	void *callback_data;

	};

	};

/* hwcryptohook.h has some typedefs that turn

/* hwcryptohook.h has some typedefs that turn

	}

	}

static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,

static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,

	const char *passphrase)

	pem_password_cb *callback, void *callback_data)

	{

	{

#ifndef OPENSSL_NO_RSA

#ifndef OPENSSL_NO_RSA

	RSA *rtmp = NULL;

	RSA *rtmp = NULL;

#if !defined(OPENSSL_NO_RSA)

#if !defined(OPENSSL_NO_RSA)

	HWCryptoHook_ErrMsgBuf rmsg;

	HWCryptoHook_ErrMsgBuf rmsg;

#endif

#endif

	HWCryptoHook_PassphraseContext ppctx;

	if(!hwcrhk_context)

	if(!hwcrhk_context)

		{

		{

			ERR_R_MALLOC_FAILURE);

			ERR_R_MALLOC_FAILURE);

		goto err;

		goto err;

		}

		}

	ppctx.password_callback = callback;

	ppctx.callback_data = callback_data;

	if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,

	if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,

		&rmsg, NULL))

		&rmsg, &ppctx))

		{

		{

		ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,

		ENGINEerr(ENGINE_F_HWCRHK_LOAD_PRIVKEY,

			ENGINE_R_CHIL_ERROR);

			ENGINE_R_CHIL_ERROR);

	}

	}

static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,

static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,

	const char *passphrase)

	pem_password_cb *callback, void *callback_data)

	{

	{

	EVP_PKEY *res = NULL;

	EVP_PKEY *res = NULL;

#ifndef OPENSSL_NO_RSA

#ifndef OPENSSL_NO_RSA

        res = hwcrhk_load_privkey(eng, key_id, passphrase);

        res = hwcrhk_load_privkey(eng, key_id, callback, callback_data);

#endif

#endif

	if (res)

	if (res)

	HWCryptoHook_PassphraseContext *ppctx,

	HWCryptoHook_PassphraseContext *ppctx,

	HWCryptoHook_CallerContext *cactx)

	HWCryptoHook_CallerContext *cactx)

	{

	{

	int l = 0;

	pem_password_cb *callback = password_callback;

	char prompt[1024];

	void *callback_data = NULL;

	if (password_callback == NULL)

	if (ppctx)

		{

		{

		ENGINEerr(ENGINE_F_HWCRHK_GET_PASS,ENGINE_R_NO_CALLBACK);

		if (ppctx->password_callback)

		return -1;

			callback = ppctx->password_callback;

		if (ppctx->callback_data)

			callback_data = ppctx->callback_data;

		}

		}

	if (prompt_info)

	if (callback == NULL)

		{

		{

		strncpy(prompt, "Card: \"", sizeof(prompt));

		ENGINEerr(ENGINE_F_HWCRHK_GET_PASS,ENGINE_R_NO_CALLBACK);

		l += 5;

		return -1;

		strncpy(prompt + l, prompt_info, sizeof(prompt) - l);

		l += strlen(prompt_info);

		if (l + 2 < sizeof(prompt))

			{

			strncpy(prompt + l, "\"\n", sizeof(prompt) - l);

			l += 2;

			}

		}

	if (l < sizeof(prompt) - 1)

		{

		strncpy(prompt, "Enter Passphrase <enter to cancel>:",

			sizeof(prompt) - l);

		l += 35;

		}

		}

	prompt[l] = '\0';

	/* I know, passing on the prompt instead of the user data *is*

	*len_io = callback(buf, *len_io, 0, callback_data);

	   a bad thing.  However, that's all we have right now.

	   --  Richard Levitte */

	*len_io = password_callback(buf, *len_io, 0, prompt);

	if(!*len_io)

	if(!*len_io)

		return -1;

		return -1;

	return 0;

	return 0;