static int bind_afalg(ENGINE *e)
{
/* Ensure the afalg error handling is set up */
unsigned short i;
ERR_load_AFALG_strings();
if (!ENGINE_set_id(e, engine_afalg_id)
|| !ENGINE_set_name(e, engine_afalg_name)
|| !ENGINE_set_destroy_function(e, afalg_destroy)
|| !ENGINE_set_init_function(e, afalg_init)
|| !ENGINE_set_finish_function(e, afalg_finish)) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
/*
* Create _hidden_aes_xxx_cbc by calling afalg_aes_xxx_cbc
* now, as bind_aflag can only be called by one thread at a
* time.
*/
for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
if (afalg_aes_cbc(afalg_cipher_nids[i]) == NULL) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
}
if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
return 1;
}
/* Prepare the ENGINE structure for registration */
static int
padlock_bind_helper(ENGINE *e)
{
/* Check available features */
padlock_available();
#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */
padlock_use_rng=0;
#endif
/* Generate a nice engine name with available features */
BIO_snprintf(padlock_name, sizeof(padlock_name),
"VIA PadLock (%s, %s)",
padlock_use_rng ? "RNG" : "no-RNG",
padlock_use_ace ? "ACE" : "no-ACE");
/* Register everything or return with an error */
if (!ENGINE_set_id(e, padlock_id) ||
!ENGINE_set_name(e, padlock_name) ||
!ENGINE_set_init_function(e, padlock_init) ||
#ifndef OPENSSL_NO_AES
(padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
#endif
(padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
return 0;
}
/* Everything looks good */
return 1;
}
static int bind_afalg(ENGINE *e)
{
/* Ensure the afalg error handling is set up */
ERR_load_AFALG_strings();
if (!ENGINE_set_id(e, engine_afalg_id)
|| !ENGINE_set_name(e, engine_afalg_name)
|| !ENGINE_set_destroy_function(e, afalg_destroy)
|| !ENGINE_set_init_function(e, afalg_init)
|| !ENGINE_set_finish_function(e, afalg_finish)) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
/*
* Create _hidden_aes_128_cbc by calling afalg_aes_128_cbc
* now, as bind_aflag can only be called by one thread at a
* time.
*/
if (afalg_aes_128_cbc() == NULL) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
return 0;
}
return 1;
}
/* Prepare the ENGINE structure for registration */
static int padlock_bind_helper(ENGINE *e)
{
/* Check available features */
padlock_available();
/*
* RNG is currently disabled for reasons discussed in commentary just
* before padlock_rand_bytes function.
*/
padlock_use_rng = 0;
/* Generate a nice engine name with available features */
BIO_snprintf(padlock_name, sizeof(padlock_name),
"VIA PadLock (%s, %s)",
padlock_use_rng ? "RNG" : "no-RNG",
padlock_use_ace ? "ACE" : "no-ACE");
/* Register everything or return with an error */
if (!ENGINE_set_id(e, padlock_id) ||
!ENGINE_set_name(e, padlock_name) ||
!ENGINE_set_init_function(e, padlock_init) ||
# ifndef OPENSSL_NO_AES
(padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
# endif
(padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
return 0;
}
/* Everything looks good */
return 1;
}
static int bind_devcrypto(ENGINE *e) {
if (!ENGINE_set_id(e, engine_devcrypto_id)
|| !ENGINE_set_name(e, "/dev/crypto engine")
|| !ENGINE_set_destroy_function(e, devcrypto_unload)
|| !ENGINE_set_cmd_defns(e, devcrypto_cmds)
|| !ENGINE_set_ctrl_function(e, devcrypto_ctrl))
return 0;
prepare_cipher_methods();
#ifdef IMPLEMENT_DIGEST
prepare_digest_methods();
#endif
return (ENGINE_set_ciphers(e, devcrypto_ciphers)
#ifdef IMPLEMENT_DIGEST
&& ENGINE_set_digests(e, devcrypto_digests)
#endif
/*
* Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD
* implementations, it seems to only exist in FreeBSD, and regarding the
* parameters in its crypt_kop, the manual crypto(4) has this to say:
*
* The semantics of these arguments are currently undocumented.
*
* Reading through the FreeBSD source code doesn't give much more than
* their CRK_MOD_EXP implementation for ubsec.
*
* It doesn't look much better with cryptodev-linux. They have the crypt_kop
* structure as well as the command (CRK_*) in cryptodev.h, but no support
* seems to be implemented at all for the moment.
*
* At the time of writing, it seems impossible to write proper support for
* FreeBSD's asym features without some very deep knowledge and access to
* specific kernel modules.
*
* /Richard Levitte, 2017-05-11
*/
#if 0
# ifndef OPENSSL_NO_RSA
&& ENGINE_set_RSA(e, devcrypto_rsa)
# endif
# ifndef OPENSSL_NO_DSA
&& ENGINE_set_DSA(e, devcrypto_dsa)
# endif
# ifndef OPENSSL_NO_DH
&& ENGINE_set_DH(e, devcrypto_dh)
# endif
# ifndef OPENSSL_NO_EC
&& ENGINE_set_EC(e, devcrypto_ec)
# endif
#endif
);
}
static int cuda_bind_helper(ENGINE * e) {
if (!ENGINE_set_id(e, CUDA_ENGINE_ID) ||
!ENGINE_set_init_function(e, cuda_init) ||
!ENGINE_set_finish_function(e, cuda_finish) ||
!ENGINE_set_ctrl_function(e, cuda_engine_ctrl) ||
!ENGINE_set_cmd_defns(e, cuda_cmd_defns) ||
!ENGINE_set_name(e, CUDA_ENGINE_NAME) ||
!ENGINE_set_ciphers (e, cuda_ciphers)) {
return 0;
} else {
return 1;
}
}
/* Prepare the ENGINE structure for registration */
static int
aesni_bind_helper(ENGINE *e)
{
int engage = (OPENSSL_ia32cap_P[1] & (1 << (57-32))) != 0;
/* Register everything or return with an error */
if (!ENGINE_set_id(e, aesni_id) ||
!ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) ||
!ENGINE_set_init_function(e, aesni_init) ||
(engage && !ENGINE_set_ciphers (e, aesni_ciphers))
)
return 0;
/* Everything looks good */
return 1;
}
static int bind_ossltest(ENGINE *e)
{
/* Ensure the ossltest error handling is set up */
ERR_load_OSSLTEST_strings();
if (!ENGINE_set_id(e, engine_ossltest_id)
|| !ENGINE_set_name(e, engine_ossltest_name)
|| !ENGINE_set_digests(e, ossltest_digests)
|| !ENGINE_set_ciphers(e, ossltest_ciphers)
|| !ENGINE_set_destroy_function(e, ossltest_destroy)
|| !ENGINE_set_init_function(e, ossltest_init)
|| !ENGINE_set_finish_function(e, ossltest_finish)) {
OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED);
return 0;
}
return 1;
}
static int bind_rsaref(ENGINE *e)
{
const RSA_METHOD *meth1;
if(!ENGINE_set_id(e, engine_rsaref_id)
|| !ENGINE_set_name(e, engine_rsaref_name)
|| !ENGINE_set_RSA(e, &rsaref_rsa)
|| !ENGINE_set_ciphers(e, rsaref_ciphers)
|| !ENGINE_set_digests(e, rsaref_digests)
|| !ENGINE_set_destroy_function(e, rsaref_destroy)
|| !ENGINE_set_init_function(e, rsaref_init)
|| !ENGINE_set_finish_function(e, rsaref_finish)
/* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */
/* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns) */)
return 0;
/* Ensure the rsaref error handling is set up */
ERR_load_RSAREF_strings();
return 1;
}
/*
* This internal function is used by ENGINE_openssl() and possibly by the
* "dynamic" ENGINE support too
*/
static int bind_helper(ENGINE *e)
{
if (!ENGINE_set_id(e, engine_openssl_id)
|| !ENGINE_set_name(e, engine_openssl_name)
|| !ENGINE_set_destroy_function(e, openssl_destroy)
#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
# ifndef OPENSSL_NO_RSA
|| !ENGINE_set_RSA(e, RSA_get_default_method())
# endif
# ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method())
# endif
# ifndef OPENSSL_NO_EC
|| !ENGINE_set_EC(e, EC_KEY_OpenSSL())
# endif
# ifndef OPENSSL_NO_DH
|| !ENGINE_set_DH(e, DH_get_default_method())
# endif
|| !ENGINE_set_RAND(e, RAND_OpenSSL())
# ifdef TEST_ENG_OPENSSL_RC4
|| !ENGINE_set_ciphers(e, openssl_ciphers)
# endif
# ifdef TEST_ENG_OPENSSL_SHA
|| !ENGINE_set_digests(e, openssl_digests)
# endif
#endif
#ifdef TEST_ENG_OPENSSL_PKEY
|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
#endif
#ifdef TEST_ENG_OPENSSL_HMAC
|| !ossl_register_hmac_meth()
|| !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
#endif
)
return 0;
/*
* If we add errors to this ENGINE, ensure the error handling is setup
* here
*/
/* openssl_load_error_strings(); */
return 1;
}
/* This internal function is used by ENGINE_openssl() and possibly by the
* "dynamic" ENGINE support too */
static int bind_helper(ENGINE *e)
{
if(!ENGINE_set_id(e, engine_openssl_id)
|| !ENGINE_set_name(e, engine_openssl_name)
#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
#ifndef OPENSSL_NO_RSA
|| !ENGINE_set_RSA(e, RSA_get_default_method())
#endif
#ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method())
#endif
#ifndef OPENSSL_NO_ECDH
|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
#endif
#ifndef OPENSSL_NO_ECDSA
|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
#endif
#ifndef OPENSSL_NO_DH
|| !ENGINE_set_DH(e, DH_get_default_method())
#endif
|| !ENGINE_set_RAND(e, RAND_SSLeay())
#ifdef TEST_ENG_OPENSSL_RC4
|| !ENGINE_set_ciphers(e, openssl_ciphers)
#endif
#ifdef TEST_ENG_OPENSSL_SHA
|| !ENGINE_set_digests(e, openssl_digests)
#endif
#endif
//MS:
#ifndef OPENSSL_NO_STDIO
#ifdef TEST_ENG_OPENSSL_PKEY
|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
#endif
#endif
)
return 0;
/* If we add errors to this ENGINE, ensure the error handling is setup here */
/* openssl_load_error_strings(); */
return 1;
}
void
ENGINE_load_cryptodev(void)
{
ENGINE *engine = ENGINE_new();
int fd;
if (engine == NULL)
return;
if ((fd = get_dev_crypto()) < 0) {
ENGINE_free(engine);
return;
}
/*
* find out what asymmetric crypto algorithms we support
*/
if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
close(fd);
ENGINE_free(engine);
return;
}
close(fd);
if (!ENGINE_set_id(engine, "cryptodev") ||
!ENGINE_set_name(engine, "BSD cryptodev engine") ||
!ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
!ENGINE_set_digests(engine, cryptodev_engine_digests) ||
!ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
!ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
ENGINE_free(engine);
return;
}
if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
if (cryptodev_asymfeat & CRF_MOD_EXP) {
cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
cryptodev_rsa.rsa_mod_exp =
cryptodev_rsa_mod_exp;
else
cryptodev_rsa.rsa_mod_exp =
cryptodev_rsa_nocrt_mod_exp;
}
}
if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
const DSA_METHOD *meth = DSA_OpenSSL();
memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
if (cryptodev_asymfeat & CRF_DSA_SIGN)
cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
if (cryptodev_asymfeat & CRF_MOD_EXP) {
cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
}
if (cryptodev_asymfeat & CRF_DSA_VERIFY)
cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
}
if (ENGINE_set_DH(engine, &cryptodev_dh)){
const DH_METHOD *dh_meth = DH_OpenSSL();
cryptodev_dh.generate_key = dh_meth->generate_key;
cryptodev_dh.compute_key = dh_meth->compute_key;
cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
if (cryptodev_asymfeat & CRF_MOD_EXP) {
cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
cryptodev_dh.compute_key =
cryptodev_dh_compute_key;
}
}
ENGINE_add(engine);
ENGINE_free(engine);
ERR_clear_error();
}
static int bind_dasync(ENGINE *e)
{
/* Setup RSA_METHOD */
if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL
|| RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
|| RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
|| RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
|| RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0
|| RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
|| RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
|| RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
|| RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) {
DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
return 0;
}
/* Ensure the dasync error handling is set up */
ERR_load_DASYNC_strings();
if (!ENGINE_set_id(e, engine_dasync_id)
|| !ENGINE_set_name(e, engine_dasync_name)
|| !ENGINE_set_RSA(e, dasync_rsa_method)
|| !ENGINE_set_digests(e, dasync_digests)
|| !ENGINE_set_ciphers(e, dasync_ciphers)
|| !ENGINE_set_destroy_function(e, dasync_destroy)
|| !ENGINE_set_init_function(e, dasync_init)
|| !ENGINE_set_finish_function(e, dasync_finish)) {
DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
return 0;
}
/*
* Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
* supplied by this engine
*/
_hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);
if (_hidden_sha1_md == NULL
|| !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
|| !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
|| !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,
sizeof(EVP_MD *) + sizeof(SHA_CTX))
|| !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
|| !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)
|| !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)
|| !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {
EVP_MD_meth_free(_hidden_sha1_md);
_hidden_sha1_md = NULL;
}
_hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
16 /* block size */,
16 /* key len */);
if (_hidden_aes_128_cbc == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
EVP_CIPH_FLAG_DEFAULT_ASN1
| EVP_CIPH_CBC_MODE
| EVP_CIPH_FLAG_PIPELINE)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
dasync_aes128_init_key)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
dasync_aes128_cbc_cipher)
|| !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
dasync_aes128_cbc_cleanup)
|| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,
dasync_aes128_cbc_ctrl)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
sizeof(struct dasync_pipeline_ctx))) {
EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
_hidden_aes_128_cbc = NULL;
}
_hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(
NID_aes_128_cbc_hmac_sha1,
16 /* block size */,
16 /* key len */);
if (_hidden_aes_128_cbc_hmac_sha1 == NULL
|| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
|| !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
EVP_CIPH_CBC_MODE
| EVP_CIPH_FLAG_DEFAULT_ASN1
| EVP_CIPH_FLAG_AEAD_CIPHER
| EVP_CIPH_FLAG_PIPELINE)
|| !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_init_key)
|| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_cipher)
|| !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_cleanup)
|| !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
dasync_aes128_cbc_hmac_sha1_ctrl)
|| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
sizeof(struct dasync_pipeline_ctx))) {
EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
_hidden_aes_128_cbc_hmac_sha1 = NULL;
}
return 1;
}
/* This internal function is used by ENGINE_zencod () and possibly by the
* "dynamic" ENGINE support too ;-)
*/
static int bind_helper ( ENGINE *e )
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth_rsa ;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth_dsa ;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth_dh ;
#endif
const RAND_METHOD *meth_rand ;
if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
!ENGINE_set_name ( e, engine_zencod_name ) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA ( e, &zencod_rsa ) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA ( e, &zencod_dsa ) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH ( e, &zencod_dh ) ||
#endif
!ENGINE_set_RAND ( e, &zencod_rand ) ||
!ENGINE_set_destroy_function ( e, zencod_destroy ) ||
!ENGINE_set_init_function ( e, zencod_init ) ||
!ENGINE_set_finish_function ( e, zencod_finish ) ||
!ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
!ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
!ENGINE_set_digests ( e, engine_digests ) ||
!ENGINE_set_ciphers ( e, engine_ciphers ) ) {
return 0 ;
}
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the Zencod-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway!
*/
meth_rsa = RSA_PKCS1_SSLeay () ;
zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
/* meth_rsa->rsa_mod_exp */
/* meth_rsa->bn_mod_exp */
zencod_rsa.init = meth_rsa->init ;
zencod_rsa.finish = meth_rsa->finish ;
#endif
#ifndef OPENSSL_NO_DSA
/* We use OpenSSL meth to supply what we don't provide ;-*)
*/
meth_dsa = DSA_OpenSSL () ;
/* meth_dsa->dsa_do_sign */
zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
/* meth_dsa->dsa_do_verify */
zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
/* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
zencod_dsa.init = meth_dsa->init ;
zencod_dsa.finish = meth_dsa->finish ;
#endif
#ifndef OPENSSL_NO_DH
/* We use OpenSSL meth to supply what we don't provide ;-*)
*/
meth_dh = DH_OpenSSL () ;
/* zencod_dh.generate_key = meth_dh->generate_key ; */
/* zencod_dh.compute_key = meth_dh->compute_key ; */
/* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
zencod_dh.init = meth_dh->init ;
zencod_dh.finish = meth_dh->finish ;
#endif
/* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
*/
meth_rand = RAND_SSLeay () ;
/* meth_rand->seed ; */
/* zencod_rand.seed = meth_rand->seed ; */
/* meth_rand->bytes ; */
/* zencod_rand.bytes = meth_rand->bytes ; */
zencod_rand.cleanup = meth_rand->cleanup ;
zencod_rand.add = meth_rand->add ;
/* meth_rand->pseudorand ; */
/* zencod_rand.pseudorand = meth_rand->pseudorand ; */
/* zencod_rand.status = meth_rand->status ; */
/* meth_rand->status ; */
/* Ensure the zencod error handling is set up */
ERR_load_ZENCOD_strings () ;
return 1 ;
}
/******************************************************************************
* function:
* bind_qat(ENGINE *e,
* const char *id)
*
* @param e [IN] - OpenSSL engine pointer
* @param id [IN] - engine id
*
* description:
* Connect Qat engine to OpenSSL engine library
******************************************************************************/
static int bind_qat(ENGINE *e, const char *id)
{
int ret = 0;
WARN("QAT Warnings enabled.\n");
DEBUG("QAT Debug enabled.\n");
DEBUG("[%s] id=%s\n", __func__, id);
if (id && (strcmp(id, engine_qat_id) != 0)) {
WARN("ENGINE_id defined already!\n");
goto end;
}
if (!ENGINE_set_id(e, engine_qat_id)) {
WARN("ENGINE_set_id failed\n");
goto end;
}
if (!ENGINE_set_name(e, engine_qat_name)) {
WARN("ENGINE_set_name failed\n");
goto end;
}
/* Ensure the QAT error handling is set up */
ERR_load_QAT_strings();
/*
* Create static structures for ciphers now
* as this function will be called by a single thread.
*/
qat_create_ciphers();
#ifndef OPENSSL_ENABLE_QAT_SMALL_PACKET_CIPHER_OFFLOADS
CRYPTO_THREAD_run_once(&qat_pkt_threshold_table_once,qat_pkt_threshold_table_make_key);
#endif
DEBUG("%s: About to set mem functions\n", __func__);
if (!ENGINE_set_RSA(e, qat_get_RSA_methods())) {
WARN("ENGINE_set_RSA failed\n");
goto end;
}
if (!ENGINE_set_DSA(e, qat_get_DSA_methods())) {
WARN("ENGINE_set_DSA failed\n");
goto end;
}
if (!ENGINE_set_DH(e, qat_get_DH_methods())) {
WARN("ENGINE_set_DH failed\n");
goto end;
}
if (!ENGINE_set_EC(e, qat_get_EC_methods())) {
WARN("ENGINE_set_EC failed\n");
goto end;
}
if (!ENGINE_set_ciphers(e, qat_ciphers)) {
WARN("ENGINE_set_ciphers failed\n");
goto end;
}
if (!ENGINE_set_pkey_meths(e, qat_PRF_pkey_methods)) {
WARN("ENGINE_set_pkey_meths failed\n");
goto end;
}
pthread_atfork(engine_fork_handler, NULL, NULL);
if (!ENGINE_set_destroy_function(e, qat_engine_destroy)
|| !ENGINE_set_init_function(e, qat_engine_init)
|| !ENGINE_set_finish_function(e, qat_engine_finish)
|| !ENGINE_set_ctrl_function(e, qat_engine_ctrl)
|| !ENGINE_set_cmd_defns(e, qat_cmd_defns)) {
WARN("[%s] failed reg destroy, init or finish\n", __func__);
goto end;
}
ret = 1;
end:
return ret;
}
/* This internal function is used by ENGINE_safenet() and possibly by the
* "dynamic" ENGINE support too */
static int bind_helper(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DSA
const DSA_METHOD *meth2;
#endif
#ifndef OPENSSL_NO_DH
const DH_METHOD *meth3;
#endif
if(!ENGINE_set_id(e, engine_safenet_id) ||
!ENGINE_set_name(e, engine_safenet_name) ||
#ifndef OPENSSL_NO_RSA
!ENGINE_set_RSA(e, &safenet_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
!ENGINE_set_DSA(e, &safenet_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
!ENGINE_set_DH(e, &safenet_dh) ||
#endif
!ENGINE_set_RAND(e, &safenet_rand) ||
!ENGINE_set_destroy_function(e, safenet_destroy) ||
!ENGINE_set_init_function(e, safenet_init) ||
!ENGINE_set_finish_function(e, safenet_finish) ||
!ENGINE_set_ctrl_function(e, safenet_ctrl) ||
!ENGINE_set_cmd_defns(e, safenet_cmd_defns) ||
!ENGINE_set_ciphers(e, safenet_engine_ciphers) ||
!ENGINE_set_digests(e, safenet_engine_digests))
return 0;
#ifndef OPENSSL_NO_RSA
/* We know that the "PKCS1_SSLeay()" functions hook properly
* to the safenet-specific mod_exp and mod_exp_crt so we use
* those functions. NB: We don't use ENGINE_openssl() or
* anything "more generic" because something like the RSAref
* code may not hook properly, and if you own one of these
* cards then you have the right to do RSA operations on it
* anyway! */
meth1 = RSA_PKCS1_SSLeay();
safenet_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
safenet_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
safenet_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
safenet_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif
#ifndef OPENSSL_NO_DSA
/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
* bits. */
meth2 = DSA_OpenSSL();
safenet_dsa.dsa_do_sign = meth2->dsa_do_sign;
safenet_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
safenet_dsa.dsa_do_verify = meth2->dsa_do_verify;
#endif
#ifndef OPENSSL_NO_DH
/* Much the same for Diffie-Hellman */
meth3 = DH_OpenSSL();
safenet_dh.generate_key = meth3->generate_key;
safenet_dh.compute_key = meth3->compute_key;
#endif
/* Ensure the safenet error handling is set up */
ERR_load_SAFENET_strings();
return 1;
}
/*
* This engine is always built into libcrypto, so it doesn't offer any
* ability to be dynamically loadable.
*/
void engine_load_devcrypto_int()
{
ENGINE *e = NULL;
if (access("/dev/crypto", R_OK | W_OK) < 0) {
fprintf(stderr,
"/dev/crypto not present, not enabling devcrypto engine\n");
return;
}
prepare_cipher_methods();
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
prepare_digest_methods();
#endif
if ((e = ENGINE_new()) == NULL)
return;
if (!ENGINE_set_id(e, "devcrypto")
|| !ENGINE_set_name(e, "/dev/crypto engine")
|| !ENGINE_set_destroy_function(e, devcrypto_unload)
/*
* Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD
* implementations, it seems to only exist in FreeBSD, and regarding the
* parameters in its crypt_kop, the manual crypto(4) has this to say:
*
* The semantics of these arguments are currently undocumented.
*
* Reading through the FreeBSD source code doesn't give much more than
* their CRK_MOD_EXP implementation for ubsec.
*
* It doesn't look much better with cryptodev-linux. They have the crypt_kop
* structure as well as the command (CRK_*) in cryptodev.h, but no support
* seems to be implemented at all for the moment.
*
* At the time of writing, it seems impossible to write proper support for
* FreeBSD's asym features without some very deep knowledge and access to
* specific kernel modules.
*
* /Richard Levitte, 2017-05-11
*/
#if 0
# ifndef OPENSSL_NO_RSA
|| !ENGINE_set_RSA(e, devcrypto_rsa)
# endif
# ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, devcrypto_dsa)
# endif
# ifndef OPENSSL_NO_DH
|| !ENGINE_set_DH(e, devcrypto_dh)
# endif
# ifndef OPENSSL_NO_EC
|| !ENGINE_set_EC(e, devcrypto_ec)
# endif
#endif
|| !ENGINE_set_ciphers(e, devcrypto_ciphers)
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
|| !ENGINE_set_digests(e, devcrypto_digests)
#endif
) {
ENGINE_free(e);
return;
}
ENGINE_add(e);
ENGINE_free(e); /* Loose our local reference */
ERR_clear_error();
}
/* ARGSUSED */
static int
t4_bind(ENGINE *e)
{
_Bool aes_engage, digest_engage, des_engage, montmul_engage;
t4_instructions_present(&aes_engage, &des_engage, &digest_engage,
&montmul_engage);
#ifdef DEBUG_T4
(void) fprintf(stderr,
"t4_bind: engage aes=%d, des=%d, digest=%d\n",
aes_engage, des_engage, digest_engage);
#endif
#ifndef OPENSSL_NO_DES
if (!des_engage) { /* Remove DES ciphers from list */
t4_cipher_count -= t4_des_cipher_count;
}
#endif
#ifndef SOLARIS_NO_AES_CTR
/*
* We must do this before we start working with slots since we need all
* NIDs there.
*/
if (aes_engage) {
if (t4_add_aes_ctr_NIDs() == 0) {
T4_FREE_AES_CTR_NIDS;
return (0);
}
}
#endif /* !SOLARIS_NO_AES_CTR */
#ifdef DEBUG_T4
(void) fprintf(stderr, "t4_cipher_count = %d; t4_cipher_nids[] =\n",
t4_cipher_count);
for (int i = 0; i < t4_cipher_count; ++i) {
(void) fprintf(stderr, " %d", t4_cipher_nids[i]);
}
(void) fprintf(stderr, "\n");
#endif /* DEBUG_T4 */
/* Register T4 engine ID, name, and functions */
if (!ENGINE_set_id(e, ENGINE_T4_ID) ||
!ENGINE_set_name(e,
aes_engage ? ENGINE_T4_NAME: ENGINE_NO_T4_NAME) ||
!ENGINE_set_init_function(e, t4_init) ||
(aes_engage && !ENGINE_set_ciphers(e, t4_get_all_ciphers)) ||
(digest_engage && !ENGINE_set_digests(e, t4_get_all_digests)) ||
#ifndef OPENSSL_NO_RSA
(montmul_engage && !ENGINE_set_RSA(e, t4_RSA())) ||
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DH
(montmul_engage && !ENGINE_set_DH(e, t4_DH())) ||
#endif /* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DSA
(montmul_engage && !ENGINE_set_DSA(e, t4_DSA())) ||
#endif /* OPENSSL_NO_DSA */
!ENGINE_set_destroy_function(e, t4_destroy)) {
T4_FREE_AES_CTR_NIDS;
return (0);
}
return (1);
}
static int bind_gost (ENGINE * e, const char *id)
{
int ret = 0;
if (id && strcmp (id, engine_gost_id))
return 0;
if (ameth_GostR3410_94)
{
printf ("GOST engine already loaded\n");
goto end;
}
if (!ENGINE_set_id (e, engine_gost_id))
{
printf ("ENGINE_set_id failed\n");
goto end;
}
if (!ENGINE_set_name (e, engine_gost_name))
{
printf ("ENGINE_set_name failed\n");
goto end;
}
if (!ENGINE_set_digests (e, gost_digests))
{
printf ("ENGINE_set_digests failed\n");
goto end;
}
if (!ENGINE_set_ciphers (e, gost_ciphers))
{
printf ("ENGINE_set_ciphers failed\n");
goto end;
}
if (!ENGINE_set_pkey_meths (e, gost_pkey_meths))
{
printf ("ENGINE_set_pkey_meths failed\n");
goto end;
}
if (!ENGINE_set_pkey_asn1_meths (e, gost_pkey_asn1_meths))
{
printf ("ENGINE_set_pkey_asn1_meths failed\n");
goto end;
}
/* Control function and commands */
if (!ENGINE_set_cmd_defns (e, gost_cmds))
{
fprintf (stderr, "ENGINE_set_cmd_defns failed\n");
goto end;
}
if (!ENGINE_set_ctrl_function (e, gost_control_func))
{
fprintf (stderr, "ENGINE_set_ctrl_func failed\n");
goto end;
}
if (!ENGINE_set_destroy_function (e, gost_engine_destroy)
|| !ENGINE_set_init_function (e, gost_engine_init) || !ENGINE_set_finish_function (e, gost_engine_finish))
{
goto end;
}
if (!register_ameth_gost (NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94", "GOST R 34.10-94"))
goto end;
if (!register_ameth_gost (NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001", "GOST R 34.10-2001"))
goto end;
if (!register_ameth_gost (NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC, "GOST-MAC", "GOST 28147-89 MAC"))
goto end;
if (!register_pmeth_gost (NID_id_GostR3410_94, &pmeth_GostR3410_94, 0))
goto end;
if (!register_pmeth_gost (NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0))
goto end;
if (!register_pmeth_gost (NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
goto end;
if (!ENGINE_register_ciphers (e) || !ENGINE_register_digests (e) || !ENGINE_register_pkey_meths (e)
/* These two actually should go in LIST_ADD command */
|| !EVP_add_cipher (&cipher_gost)
|| !EVP_add_cipher (&cipher_gost_cpacnt) || !EVP_add_digest (&digest_gost) || !EVP_add_digest (&imit_gost_cpa))
{
goto end;
}
ERR_load_GOST_strings ();
ret = 1;
end:
return ret;
}
/******************************************************************************
* function:
* bind_qat(ENGINE *e,
* const char *id)
*
* @param e [IN] - OpenSSL engine pointer
* @param id [IN] - engine id
*
* description:
* Connect Qat engine to OpenSSL engine library
******************************************************************************/
static int bind_qat(ENGINE *e, const char *id)
{
int ret = 0;
#ifndef OPENSSL_ENABLE_QAT_UPSTREAM_DRIVER
int upstream_flags = 0;
unsigned int devmasks[] = { 0, 0, 0, 0, 0 };
#endif
QAT_DEBUG_LOG_INIT();
WARN("QAT Warnings enabled.\n");
DEBUG("QAT Debug enabled.\n");
DEBUG("id=%s\n", id);
if (access(QAT_DEV, F_OK) != 0) {
WARN("Qat memory driver not present\n");
QATerr(QAT_F_BIND_QAT, QAT_R_MEM_DRV_NOT_PRESENT);
goto end;
}
#ifndef OPENSSL_ENABLE_QAT_UPSTREAM_DRIVER
if (!getDevices(devmasks, &upstream_flags)) {
WARN("Qat device not present\n");
QATerr(QAT_F_BIND_QAT, QAT_R_QAT_DEV_NOT_PRESENT);
goto end;
}
#endif
if (id && (strcmp(id, engine_qat_id) != 0)) {
WARN("ENGINE_id defined already!\n");
QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_ID_ALREADY_DEFINED);
goto end;
}
if (!ENGINE_set_id(e, engine_qat_id)) {
WARN("ENGINE_set_id failed\n");
QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_ID_FAILURE);
goto end;
}
if (!ENGINE_set_name(e, engine_qat_name)) {
WARN("ENGINE_set_name failed\n");
QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_NAME_FAILURE);
goto end;
}
/* Ensure the QAT error handling is set up */
ERR_load_QAT_strings();
/*
* Create static structures for ciphers now
* as this function will be called by a single thread.
*/
qat_create_ciphers();
if (!ENGINE_set_RSA(e, qat_get_RSA_methods())) {
WARN("ENGINE_set_RSA failed\n");
QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_RSA_FAILURE);
goto end;
}
if (!ENGINE_set_DSA(e, qat_get_DSA_methods())) {
WARN("ENGINE_set_DSA failed\n");
QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_DSA_FAILURE);
goto end;
}
if (!ENGINE_set_DH(e, qat_get_DH_methods())) {
WARN("ENGINE_set_DH failed\n");
QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_DH_FAILURE);
goto end;
}
if (!ENGINE_set_EC(e, qat_get_EC_methods())) {
WARN("ENGINE_set_EC failed\n");
QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_EC_FAILURE);
goto end;
}
if (!ENGINE_set_ciphers(e, qat_ciphers)) {
WARN("ENGINE_set_ciphers failed\n");
QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_CIPHER_FAILURE);
goto end;
}
if (!ENGINE_set_pkey_meths(e, qat_PRF_pkey_methods)) {
WARN("ENGINE_set_pkey_meths failed\n");
QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_PKEY_FAILURE);
goto end;
}
pthread_atfork(engine_finish_before_fork_handler, NULL,
engine_init_child_at_fork_handler);
ret = 1;
ret &= ENGINE_set_destroy_function(e, qat_engine_destroy);
ret &= ENGINE_set_init_function(e, qat_engine_init);
ret &= ENGINE_set_finish_function(e, qat_engine_finish);
ret &= ENGINE_set_ctrl_function(e, qat_engine_ctrl);
ret &= ENGINE_set_cmd_defns(e, qat_cmd_defns);
if (ret == 0) {
WARN("Engine failed to register init, finish or destroy functions\n");
QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_REGISTER_FUNC_FAILURE);
}
end:
return ret;
}
