void tor_init_with_engine (const char* name, const char* path) { ENGINE* engine; if (initialized) { return; } tor_init(); if (path == NULL) { engine = ENGINE_by_id(name); } else { engine = ENGINE_by_id("dynamic"); if (!ENGINE_ctrl_cmd_string(engine, "ID", name, 0) || !ENGINE_ctrl_cmd_string(engine, "DIR_LOAD", "2", 0) || !ENGINE_ctrl_cmd_string(engine, "DIR_ADD", path, 0) || !ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0)) { ENGINE_free(engine); engine = NULL; } } if (engine) { ENGINE_set_default(engine, ENGINE_METHOD_ALL); } }
void sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card) { #if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) void (*locking_cb)(int, int, const char *, int); ENGINE *e; locking_cb = CRYPTO_get_locking_callback(); if (locking_cb) CRYPTO_set_locking_callback(NULL); e = ENGINE_by_id("gost"); if (!e) { #if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST) ENGINE_load_gost(); e = ENGINE_by_id("gost"); #else /* try to load dynamic gost engine */ e = ENGINE_by_id("dynamic"); if (!e) { ENGINE_load_dynamic(); e = ENGINE_by_id("dynamic"); } if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))) { ENGINE_free(e); e = NULL; } #endif /* !OPENSSL_NO_STATIC_ENGINE && !OPENSSL_NO_GOST */ } if (e) { ENGINE_set_default(e, ENGINE_METHOD_ALL); ENGINE_free(e); } if (locking_cb) CRYPTO_set_locking_callback(locking_cb); #endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) */ openssl_sha1_mech.mech_data = EVP_sha1(); sc_pkcs11_register_mechanism(card, &openssl_sha1_mech); #if OPENSSL_VERSION_NUMBER >= 0x00908000L openssl_sha256_mech.mech_data = EVP_sha256(); sc_pkcs11_register_mechanism(card, &openssl_sha256_mech); openssl_sha384_mech.mech_data = EVP_sha384(); sc_pkcs11_register_mechanism(card, &openssl_sha384_mech); openssl_sha512_mech.mech_data = EVP_sha512(); sc_pkcs11_register_mechanism(card, &openssl_sha512_mech); #endif openssl_md5_mech.mech_data = EVP_md5(); sc_pkcs11_register_mechanism(card, &openssl_md5_mech); openssl_ripemd160_mech.mech_data = EVP_ripemd160(); sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech); #if OPENSSL_VERSION_NUMBER >= 0x10000000L openssl_gostr3411_mech.mech_data = EVP_get_digestbynid(NID_id_GostR3411_94); sc_pkcs11_register_mechanism(card, &openssl_gostr3411_mech); #endif }
ENGINE* dnssec_loadengine(const char* engine_name_const) { ENGINE* engine; char* token_pointer = NULL; char* engine_name = strdup(engine_name_const); char* token = strtok_r(engine_name, ENGINE_COMMAND_DELIMITER, &token_pointer); if(token == NULL) { engine = ENGINE_by_id(engine_name); } else { engine = ENGINE_by_id(token); token = strtok_r(NULL, ENGINE_COMMAND_DELIMITER, &token_pointer); } if(engine == NULL) { log_err("ENGINE %s not available", engine_name); DIE(DNSSEC_ERROR_NOENGINE); } while(token != NULL) { char* command_pointer; char* command = strtok_r(token, "=", &command_pointer); if(command == NULL) { log_err("bad command %s", command); DIE(DNSSEC_ERROR_INVALIDENGINE); } char* command_value = strtok_r(NULL, "=", &command_pointer); if(command_value == NULL) { log_err("bad command value %s", command_value); DIE(DNSSEC_ERROR_INVALIDENGINE); } ENGINE_ctrl_cmd((ENGINE*)engine, command, atoi(command_value), NULL, NULL, 0); token = strtok_r(NULL, ENGINE_COMMAND_DELIMITER, &token_pointer); } if(ENGINE_init((ENGINE*)engine) == 0) { log_err("ENGINE_init failed"); ENGINE_free((ENGINE*)engine); /* cfr: http://www.openssl.org/docs/crypto/engine.html */ DIE(DNSSEC_ERROR_INVALIDENGINE); } free(engine_name); return engine; }
int main(int argc, char **argv) { ENGINE *engine = NULL; int idx = 0; setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx)) usage(1); if (help_flag) usage(0); if(version_flag){ print_version(NULL); exit(0); } argc -= idx; argv += idx; OpenSSL_add_all_algorithms(); #ifdef OPENSSL ENGINE_load_openssl(); #endif ENGINE_load_builtin_engines(); if (id_string) { engine = ENGINE_by_id(id_string); if (engine == NULL) engine = ENGINE_by_dso(id_string, id_string); } else { engine = ENGINE_by_id("builtin"); } if (engine == NULL) errx(1, "ENGINE_by_dso failed"); printf("dh %s\n", ENGINE_get_DH(engine)->name); { struct prime *p = primes; for (; p->name; ++p) if (check_prime(engine, p)) printf("%s: shared secret OK\n", p->name); else printf("%s: shared secret FAILURE\n", p->name); return 0; } return 0; }
int sldns_key_EVP_load_gost_id(void) { static int gost_id = 0; const EVP_PKEY_ASN1_METHOD* meth; ENGINE* e; if(gost_id) return gost_id; /* see if configuration loaded gost implementation from other engine*/ meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1); if(meth) { EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); return gost_id; } /* see if engine can be loaded already */ e = ENGINE_by_id("gost"); if(!e) { /* load it ourself, in case statically linked */ ENGINE_load_builtin_engines(); ENGINE_load_dynamic(); e = ENGINE_by_id("gost"); } if(!e) { /* no gost engine in openssl */ return 0; } if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { ENGINE_finish(e); ENGINE_free(e); return 0; } meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1); if(!meth) { /* algo not found */ ENGINE_finish(e); ENGINE_free(e); return 0; } /* Note: do not ENGINE_finish and ENGINE_free the acquired engine * on some platforms this frees up the meth and unloads gost stuff */ sldns_gost_engine = e; EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); return gost_id; }
CryptoDevEngine::CryptoDevEngine( int /* dummy */ ) { DEBUG( "cryptodev: ctor: loading and configuring" ); ENGINE_load_cryptodev(); ENGINE * cde = ENGINE_by_id( "cryptodev" ); if ( ! cde ) throw Exception( "cryptodev: load failed" ); m_pEngine = cde; DEBUG( "cryptodev: ctor: initializing " << m_pEngine ); if ( 1 != ENGINE_init( cde ) ) throw Exception( "cryptodev: init failed" ); #if USE_CRYPTODEV_RSA DEBUG( "cryptodev: ctor: setting as rsa default" ); if ( 1 != ENGINE_set_default_RSA( cde ) ) throw Exception( "cryptodev: could not use for RSA" ); #endif // USE_CRYPTODEV_RSA #if USE_CRYPTODEV_CIPHERS DEBUG( "cryptodev: ctor: setting as cipher default" ); if ( 1 != ENGINE_set_default_ciphers( cde ) ) throw Exception( "cryptodev: could not use for ciphers" ); #endif // USE_CRYPTODEV_CIPHERS #if USE_CRYPTODEV_DIGESTS DEBUG( "cryptodev: ctor: setting as digest default" ); if ( 1 != ENGINE_set_default_digests( cde ) ) throw Exception( "cryptodev: could not use for digests" ); #endif // USE_CRYPTODEV_DIGESTS DEBUG( "cryptodev: ctor: done" ); }
int main(int argc, char **argv) { OpenSSL_add_all_algorithms(); int len = 128 * MB; if (argc > 1) { len = atoi(argv[1]) * MB; } unsigned char *buf = (unsigned char *) malloc(TOTAL_LEN); if (!buf) { fprintf(stderr, "Error Allocating Memory"); } ENGINE_load_builtin_engines(); #ifdef OPENCL_ENGINE ENGINE *e = ENGINE_by_id("dynamic"); if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", OPENCL_ENGINE, 0) || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) { fprintf(stderr, "Failed to load OpenCL engine!\n"); return -1; } ENGINE_set_default(e, ENGINE_METHOD_ALL); #endif run(argv[0], buf, len); free(buf); return 0; }
DynamicEngine::DynamicEngine( const string & id, const StringList & engineLibPaths ) { DEBUG( "dynamic: ctor: loading and configuring dynamic engine" ); ENGINE_load_dynamic(); ENGINE * dyn = ENGINE_by_id( "dynamic" ); if ( ! dyn ) throw Exception( "dynamic: load failed" ); m_pEngine = dyn; const string engineLibPath( findFirstExisting( engineLibPaths ) ); if ( engineLibPath.empty() ) throw Exception( "dynamic: unable to find engine lib path" ); DEBUG( "dynamic: ctor: so_path=" << QS( engineLibPath ) ); if ( 1 != ENGINE_ctrl_cmd_string( dyn, "SO_PATH", engineLibPath.c_str(), CMD_MANDATORY ) ) throw Exception( "dynamic: setting so_path <= " + QS( engineLibPath ) ); DEBUG( "dynamic: ctor: id=" << QS( id ) ); if ( 1 != ENGINE_ctrl_cmd_string( dyn, "ID", id.c_str(), CMD_MANDATORY ) ) throw Exception( "dynamic: setting id <= " + QS( id ) ); DEBUG( "dynamic: ctor: list_add=1" ); if ( 1 != ENGINE_ctrl_cmd( dyn, "LIST_ADD", 1, NULL, NULL, CMD_MANDATORY ) ) throw Exception( "dynamic: setting list_add <= 1" ); DEBUG( "dynamic: ctor: load=1" ); if ( 1 != ENGINE_ctrl_cmd( dyn, "LOAD", 1, NULL, NULL, CMD_MANDATORY ) ) throw Exception( "dynamic: setting load <= 1" ); DEBUG( "dynamic: ctor: done" ); }
ENGINE *ENGINE_CTGOST_get_ptr(){ LOGGER_FN(); ENGINE *e = ENGINE_by_id("ctgostcp"); if (!e) THROW_OPENSSL_EXCEPTION(0, Common, NULL, "ENGINE 'ctgostcp' is not loaded"); return e; }
int TS_CONF_set_default_engine(const char *name) { ENGINE *e = NULL; int ret = 0; /* Leave the default if builtin specified. */ if (strcmp(name, "builtin") == 0) return 1; if (!(e = ENGINE_by_id(name))) goto err; /* Enable the use of the NCipher HSM for forked children. */ if (strcmp(name, "chil") == 0) ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); /* All the operations are going to be carried out by the engine. */ if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) goto err; ret = 1; err: if (!ret) { TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, TS_R_COULD_NOT_SET_ENGINE); ERR_add_error_data(2, "engine:", name); } if (e) ENGINE_free(e); return ret; }
/* Selects an OpenSSL crypto engine */ CURLcode Curl_ossl_set_engine(struct SessionHandle *data, const char *engine) { #if defined(USE_SSLEAY) && defined(HAVE_OPENSSL_ENGINE_H) ENGINE *e = ENGINE_by_id(engine); if (!e) { failf(data, "SSL Engine '%s' not found", engine); return (CURLE_SSL_ENGINE_NOTFOUND); } if (data->state.engine) { ENGINE_finish(data->state.engine); ENGINE_free(data->state.engine); } data->state.engine = NULL; if (!ENGINE_init(e)) { char buf[256]; ENGINE_free(e); failf(data, "Failed to initialise SSL Engine '%s':\n%s", engine, SSL_strerror(ERR_get_error(), buf, sizeof(buf))); return (CURLE_SSL_ENGINE_INITFAILED); } data->state.engine = e; return (CURLE_OK); #else (void)engine; failf(data, "SSL Engine not supported"); return (CURLE_SSL_ENGINE_NOTFOUND); #endif }
void ssl_init_Engine(server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); ENGINE *e; if (mc->szCryptoDevice) { if (!(e = ENGINE_by_id(mc->szCryptoDevice))) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Init: Failed to load Crypto Device API `%s'", mc->szCryptoDevice); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); } if (strEQ(mc->szCryptoDevice, "chil")) { ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); } if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Init: Failed to enable Crypto Device API `%s'", mc->szCryptoDevice); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); } ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Init: loaded Crypto Device API `%s'", mc->szCryptoDevice); ENGINE_free(e); } }
//ignore unsigned char *HMACRSA(const EVP_MD *evp_md, const void *key, int key_len,const unsigned char *d, size_t n, unsigned char *md,unsigned int *md_len) { HMAC_CTX c; static unsigned char m[EVP_MAX_MD_SIZE]; //TODO: get/set rsa engine struct const char *engine_id = "rsa"; ENGINE_load_builtin_engines(); ENGINE *e = ENGINE_by_id(engine_id);//ENGINE_; if(!e) fprintf(stderr,"Engine not available\n"); ENGINE_init(e); if (md == NULL) md = m; HMAC_CTX_init(&c); if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL)) goto err; if (!HMAC_Update(&c, d, n)) goto err; if (!HMAC_Final(&c, md, md_len)) goto err; HMAC_CTX_cleanup(&c); ENGINE_free(e); return md; err: HMAC_CTX_cleanup(&c); ENGINE_free(e); return NULL; }
static ENGINE * InitEnginePKCS11( const char *pkcs11, const char *pin) { ENGINE *e; ENGINE_load_dynamic(); e = ENGINE_by_id("dynamic"); if (!e){ SSL_Error(_d("Engine_by_id:\n %s"), GetSSLErrorString()); return NULL; } if(!ENGINE_ctrl_cmd_string(e, "SO_PATH", ENGINE_PKCS11_PATH, 0)|| !ENGINE_ctrl_cmd_string(e, "ID", "pkcs11", 0) || !ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0) || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0) || !ENGINE_ctrl_cmd_string(e, "MODULE_PATH", pkcs11, 0) || !ENGINE_ctrl_cmd_string(e, "PIN", pin, 0) ){ SSL_Error(_d("Engine_ctrl_cmd_string failure:\n %s"), GetSSLErrorString()); ENGINE_free(e); return NULL; } if(!ENGINE_init(e)){ SSL_Error(_d("Engine_init failure:\n %s"), GetSSLErrorString()); ENGINE_free(e); return NULL; } return e; }
isc_result_t dst__opensslgost_init(dst_func_t **funcp) { REQUIRE(funcp != NULL); /* check if the gost engine works properly */ e = ENGINE_by_id("gost"); if (e == NULL) return (DST_R_OPENSSLFAILURE); if (ENGINE_init(e) <= 0) { ENGINE_free(e); e = NULL; return (DST_R_OPENSSLFAILURE); } /* better than to rely on digest_gost symbol */ opensslgost_digest = ENGINE_get_digest(e, NID_id_GostR3411_94); /* from openssl.cnf */ if ((opensslgost_digest == NULL) || (ENGINE_register_pkey_asn1_meths(e) <= 0) || (ENGINE_ctrl_cmd_string(e, "CRYPT_PARAMS", "id-Gost28147-89-CryptoPro-A-ParamSet", 0) <= 0)) { ENGINE_finish(e); ENGINE_free(e); e = NULL; return (DST_R_OPENSSLFAILURE); } if (*funcp == NULL) *funcp = &opensslgost_functions; return (ISC_R_SUCCESS); }
static int load_engine(void **ctx,MESSAGE *msg) { int i; ENGINE **e=(ENGINE **)ctx; ENGINE_load_dynamic(); if(!(*e=ENGINE_by_id("dynamic")))goto err1; if(!ENGINE_ctrl_cmd_string(*e,"SO_PATH",msg->engine,0))goto err2; for(i=0;pkcs11[i].name;i++) if(!ENGINE_ctrl_cmd_string(*e,pkcs11[i].name,pkcs11[i].value,0)) goto err2; if(!ENGINE_ctrl_cmd_string(*e,"MODULE_PATH",msg->pkcs11,0))goto err2; if(msg->nopin)if(!ENGINE_ctrl_cmd_string(*e,"NOLOGIN","1",0))goto err2; if(!ENGINE_ctrl_cmd_string(*e,"PIN",msg->nopin?"":msg->pin,0))goto err2; if(!ENGINE_init(*e)) { err2: ENGINE_free(*e); err1: ENGINE_cleanup(); return ENGFAIL; } ENGINE_free(*e); ENGINE_set_default(*e,ENGINE_METHOD_ALL&~ENGINE_METHOD_RAND); return OK; }
static ENGINE * setup_engine (const char *engine) { ENGINE *e = NULL; ENGINE_load_builtin_engines (); if (engine) { if (strcmp (engine, "auto") == 0) { msg (M_INFO, "Initializing OpenSSL auto engine support"); ENGINE_register_all_complete (); return NULL; } if ((e = ENGINE_by_id (engine)) == NULL && (e = try_load_engine (engine)) == NULL) { msg (M_FATAL, "OpenSSL error: cannot load engine '%s'", engine); } if (!ENGINE_set_default (e, ENGINE_METHOD_ALL)) { msg (M_FATAL, "OpenSSL error: ENGINE_set_default failed on engine '%s'", engine); } msg (M_INFO, "Initializing OpenSSL support for engine '%s'", ENGINE_get_id (e)); } return e; }
int openssl_engine(lua_State *L) { const ENGINE* eng = NULL; if (lua_isstring(L, 1)) { const char* id = luaL_checkstring(L, 1); eng = ENGINE_by_id(id); } else if (lua_isboolean(L, 1)) { int first = lua_toboolean(L, 1); if (first) eng = ENGINE_get_first(); else eng = ENGINE_get_last(); } else luaL_error(L, "#1 may be string or boolean\n" "\tstring for an engine id to load\n" "\ttrue for first engine, false or last engine\n" "\tbut we get %s:%s", lua_typename(L, lua_type(L, 1)), lua_tostring(L, 1)); if (eng) { PUSH_OBJECT((void*)eng, "openssl.engine"); } else lua_pushnil(L); return 1; }
/* Use AES-NI if available. This is not supported with low-level calls, we have to use EVP) */ static void init_aesni(void) { ENGINE *e; const char *engine_id = "aesni"; ENGINE_load_builtin_engines(); e = ENGINE_by_id(engine_id); if (!e) { //fprintf(stderr, "AES-NI engine not available\n"); return; } if (!ENGINE_init(e)) { fprintf(stderr, "AES-NI engine could not init\n"); ENGINE_free(e); return; } if (!ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND)) { /* This should only happen when 'e' can't initialise, but the * previous statement suggests it did. */ fprintf(stderr, "AES-NI engine initialized but then failed\n"); abort(); } ENGINE_finish(e); ENGINE_free(e); }
ENGINE *load_engine(const char *so_path, const char *id) { ENGINE_load_dynamic(); ENGINE *de = ENGINE_by_id("dynamic"); if(de == 0) { printf("Unable to load dynamic engine\n"); return 0; } if(!ENGINE_ctrl_cmd_string(de, "SO_PATH", so_path, 0)) { printf("Unable to load desired engine\n"); return 0; } ENGINE_ctrl_cmd_string(de, "LIST_ADD", "2", 0); ENGINE_ctrl_cmd_string(de, "LOAD", NULL, 0); ENGINE_free(de); return ENGINE_by_id(id); }
int main(int argc, char **argv) { #ifdef ANDROID_CHANGES int control = android_get_control_and_arguments(&argc, &argv); ENGINE *e; if (control != -1) { pname = "%p"; monitor_fd(control, NULL); ENGINE_load_dynamic(); e = ENGINE_by_id("keystore"); if (!e || !ENGINE_init(e)) { do_plog(LLV_ERROR, "ipsec-tools: cannot load keystore engine"); exit(1); } } #endif do_plog(LLV_INFO, "ipsec-tools 0.7.3 (http://ipsec-tools.sf.net)\n"); signal(SIGHUP, terminate); signal(SIGINT, terminate); signal(SIGTERM, terminate); signal(SIGPIPE, SIG_IGN); atexit(terminated); setup(argc, argv); #ifdef ANDROID_CHANGES shutdown(control, SHUT_WR); setuid(AID_VPN); #endif while (1) { struct timeval *tv = schedular(); int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000 + 1; if (poll(pollfds, monitors, timeout) > 0) { int i; for (i = 0; i < monitors; ++i) { if (pollfds[i].revents & POLLHUP) { do_plog(LLV_ERROR, "Connection is closed\n", pollfds[i].fd); exit(1); } if (pollfds[i].revents & POLLIN) { callbacks[i](pollfds[i].fd); } } } } #ifdef ANDROID_CHANGES if (e) { ENGINE_finish(e); ENGINE_free(e); } #endif return 0; }
static SSL_CTX * ssl_server_init(const char *keypath, const char *certpath) { SSL_CTX *ctx; ENGINE *e; ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); e = ENGINE_by_id("padlock"); if (e) { fprintf(stderr, "[*] Using padlock engine for default ciphers\n"); ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); use_padlock_engine = 1; } else { fprintf(stderr, "[*] Padlock engine not available\n"); use_padlock_engine = 0; } SSL_load_error_strings(); SSL_library_init(); if (!RAND_poll()) return NULL; ctx = SSL_CTX_new(SSLv23_server_method()); if (!SSL_CTX_use_certificate_chain_file(ctx, certpath) || !SSL_CTX_use_PrivateKey_file(ctx, keypath, SSL_FILETYPE_PEM)) { fprintf(stderr, "Could not read %s or %s file\n", keypath, certpath); fprintf(stderr, "To generate a key and self-signed certificate, run:\n"); fprintf(stderr, "\topenssl genrsa -out key.pem 2048\n"); fprintf(stderr, "\topenssl req -new -key key.pem -out cert.req\n"); fprintf(stderr, "\topenssl x509 -req -days 365 -in cert.req -signkey key.pem -out cert.pem\n"); return NULL; } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); if (use_padlock_engine == 1) { if (SSL_CTX_set_cipher_list(ctx, "AES+SHA") != 1) { fprintf(stderr, "Error setting client cipher list\n"); return NULL; } } return ctx; }
static int load_tpm_certificate(struct openconnect_info *vpninfo) { ENGINE *e; EVP_PKEY *key; UI_METHOD *meth = NULL; int ret = 0; ENGINE_load_builtin_engines(); e = ENGINE_by_id("tpm"); if (!e) { vpn_progress(vpninfo, PRG_ERR, _("Can't load TPM engine.\n")); openconnect_report_ssl_errors(vpninfo); return -EINVAL; } if (!ENGINE_init(e) || !ENGINE_set_default_RSA(e) || !ENGINE_set_default_RAND(e)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to init TPM engine\n")); openconnect_report_ssl_errors(vpninfo); ENGINE_free(e); return -EINVAL; } if (vpninfo->cert_password) { if (!ENGINE_ctrl_cmd(e, "PIN", strlen(vpninfo->cert_password), vpninfo->cert_password, NULL, 0)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set TPM SRK password\n")); openconnect_report_ssl_errors(vpninfo); } vpninfo->cert_password = NULL; free(vpninfo->cert_password); } else { /* Provide our own UI method to handle the PIN callback. */ meth = create_openssl_ui(vpninfo); } key = ENGINE_load_private_key(e, vpninfo->sslkey, meth, NULL); if (meth) UI_destroy_method(meth); if (!key) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM private key\n")); openconnect_report_ssl_errors(vpninfo); ret = -EINVAL; goto out; } if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) { vpn_progress(vpninfo, PRG_ERR, _("Add key from TPM failed\n")); openconnect_report_ssl_errors(vpninfo); ret = -EINVAL; } EVP_PKEY_free(key); out: ENGINE_finish(e); ENGINE_free(e); return ret; }
static ENGINE* LoadEngine() { // This function creates an engine for PKCS#11 and inspired by // the "ENGINE_load_dynamic" function from OpenSSL, in file // "crypto/engine/eng_dyn.c" ENGINE* engine = ENGINE_new(); if (!engine) { LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11"; throw OrthancException(ErrorCode_InternalError); } // Create a PKCS#11 context using libp11 context_ = pkcs11_new(); if (!context_) { LOG(ERROR) << "Cannot create a libp11 context for PKCS#11"; ENGINE_free(engine); throw OrthancException(ErrorCode_InternalError); } if (!ENGINE_set_id(engine, PKCS11_ENGINE_ID) || !ENGINE_set_name(engine, PKCS11_ENGINE_NAME) || !ENGINE_set_cmd_defns(engine, PKCS11_ENGINE_COMMANDS) || // Register the callback functions !ENGINE_set_init_function(engine, EngineInitialize) || !ENGINE_set_finish_function(engine, EngineFinalize) || !ENGINE_set_destroy_function(engine, EngineDestroy) || !ENGINE_set_ctrl_function(engine, EngineControl) || !ENGINE_set_load_pubkey_function(engine, EngineLoadPublicKey) || !ENGINE_set_load_privkey_function(engine, EngineLoadPrivateKey) || !ENGINE_set_RSA(engine, PKCS11_get_rsa_method()) || !ENGINE_set_ECDSA(engine, PKCS11_get_ecdsa_method()) || !ENGINE_set_ECDH(engine, PKCS11_get_ecdh_method()) || #if OPENSSL_VERSION_NUMBER >= 0x10100002L !ENGINE_set_EC(engine, PKCS11_get_ec_key_method()) || #endif // Make OpenSSL know about our PKCS#11 engine !ENGINE_add(engine)) { LOG(ERROR) << "Cannot initialize the OpenSSL engine for PKCS#11"; pkcs11_finish(context_); ENGINE_free(engine); throw OrthancException(ErrorCode_InternalError); } // If the "ENGINE_add" worked, it gets a structural // reference. We release our just-created reference. ENGINE_free(engine); return ENGINE_by_id(PKCS11_ENGINE_ID); }
Engine* Engines::getEngineById(std::string id) throw (EngineException) { ENGINE *eng; eng = ENGINE_by_id(id.c_str()); if (!eng) { throw EngineException(EngineException::ENGINE_NOT_FOUND, "Engines::getEngineById", true); } return new Engine(eng); }
static void engine_fork_handler(void) { /*Reset engine*/ ENGINE* e = ENGINE_by_id(engine_qat_id); if(e == NULL) { return; } qat_engine_finish(e); keep_polling = 1; }
void initializeSecHandler() { ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); // <FS:ND If we can, enabled the rdrand engine. It is available as a CPU instruction on newer Intel CPUs ENGINE_load_builtin_engines(); ENGINE* engRdRand = ENGINE_by_id("rdrand"); if( engRdRand ) ENGINE_set_default(engRdRand, ENGINE_METHOD_RAND); unsigned long lErr ( ERR_get_error() ); while( lErr ) { char aError[128]; ERR_error_string_n( lErr, aError, sizeof( aError ) ); LL_WARNS() << aError << LL_ENDL; lErr = ERR_get_error(); } // </FS:ND> gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler(); // Currently, we only have the Basic handler, so we can point the main sechandler // pointer to the basic handler. Later, we'll create a wrapper handler that // selects the appropriate sechandler as needed, for instance choosing the // mac keyring handler, with fallback to the basic sechandler gSecAPIHandler = gHandlerMap[BASIC_SECHANDLER]; // initialize all SecAPIHandlers std::string exception_msg; std::map<std::string, LLPointer<LLSecAPIHandler> >::const_iterator itr; for(itr = gHandlerMap.begin(); itr != gHandlerMap.end(); ++itr) { LLPointer<LLSecAPIHandler> handler = (*itr).second; try { handler->init(); } catch (LLProtectedDataException e) { exception_msg = e.getMessage(); } } if (!exception_msg.empty()) // an exception was thrown. { throw LLProtectedDataException(exception_msg.c_str()); } }
ERL_NIF_TERM engine_by_id_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (EngineId) */ #ifdef HAS_ENGINE_SUPPORT ERL_NIF_TERM ret, result; ErlNifBinary engine_id_bin; char *engine_id = NULL; ENGINE *engine; struct engine_ctx *ctx = NULL; // Get Engine Id ASSERT(argc == 1); if (!enif_inspect_binary(env, argv[0], &engine_id_bin)) goto bad_arg; if ((engine_id = enif_alloc(engine_id_bin.size+1)) == NULL) goto err; (void) memcpy(engine_id, engine_id_bin.data, engine_id_bin.size); engine_id[engine_id_bin.size] = '\0'; if ((engine = ENGINE_by_id(engine_id)) == NULL) { PRINTF_ERR0("engine_by_id_nif Leaved: {error, bad_engine_id}"); ret = ERROR_Atom(env, "bad_engine_id"); goto done; } if ((ctx = enif_alloc_resource(engine_ctx_rtype, sizeof(struct engine_ctx))) == NULL) goto err; ctx->engine = engine; ctx->id = engine_id; /* ctx now owns engine_id */ engine_id = NULL; result = enif_make_resource(env, ctx); ret = enif_make_tuple2(env, atom_ok, result); goto done; bad_arg: err: ret = enif_make_badarg(env); done: if (engine_id) enif_free(engine_id); if (ctx) enif_release_resource(ctx); return ret; #else return atom_notsup; #endif }
void initEngine(void) { // init printf("**** Load engine ****\n"); qeo_openssl_engine_init(); qeo_openssl_engine_get_engine_id(&_engine_id); /* to be free()'d */ _pkcs12_engine = ENGINE_by_id(_engine_id); qeo_platform_get_device_storage_path_StubWithCallback(qeo_platform_get_device_storage_path_callback); printf("**** Init engine ****\n"); ck_assert_msg(ENGINE_init(_pkcs12_engine), "Failed to init engine"); }
/* Try to load an engine in a shareable library */ static ENGINE * try_load_engine (const char *engine) { ENGINE *e = ENGINE_by_id ("dynamic"); if (e) { if (!ENGINE_ctrl_cmd_string (e, "SO_PATH", engine, 0) || !ENGINE_ctrl_cmd_string (e, "LOAD", NULL, 0)) { ENGINE_free (e); e = NULL; } } return e; }