/* This internal function is used by ENGINE_pkcs11() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, PKCS11_ENGINE_ID) || !ENGINE_set_destroy_function(e, engine_destroy) || !ENGINE_set_init_function(e, engine_init) || !ENGINE_set_finish_function(e, engine_finish) || !ENGINE_set_ctrl_function(e, engine_ctrl) || !ENGINE_set_cmd_defns(e, engine_cmd_defns) || !ENGINE_set_name(e, PKCS11_ENGINE_NAME) || #ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, PKCS11_get_rsa_method()) || #endif #if OPENSSL_VERSION_NUMBER >= 0x10100002L #ifndef OPENSSL_NO_EC /* PKCS11_get_ec_key_method combines ECDSA and ECDH */ !ENGINE_set_EC(e, PKCS11_get_ec_key_method()) || #endif /* OPENSSL_NO_EC */ #else /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ECDSA !ENGINE_set_ECDSA(e, PKCS11_get_ecdsa_method()) || #endif #ifndef OPENSSL_NO_ECDH !ENGINE_set_ECDH(e, PKCS11_get_ecdh_method()) || #endif #endif /* OPENSSL_VERSION_NUMBER */ !ENGINE_set_load_pubkey_function(e, load_pubkey) || !ENGINE_set_load_privkey_function(e, load_privkey)) { return 0; } else { return 1; } }
static ENGINE* LoadEngine() { // This function creates an engine for PKCS#11 and inspired by // the "ENGINE_load_dynamic" function from OpenSSL, in file // "crypto/engine/eng_dyn.c" ENGINE* engine = ENGINE_new(); if (!engine) { LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11"; throw OrthancException(ErrorCode_InternalError); } // Create a PKCS#11 context using libp11 context_ = pkcs11_new(); if (!context_) { LOG(ERROR) << "Cannot create a libp11 context for PKCS#11"; ENGINE_free(engine); throw OrthancException(ErrorCode_InternalError); } if (!ENGINE_set_id(engine, PKCS11_ENGINE_ID) || !ENGINE_set_name(engine, PKCS11_ENGINE_NAME) || !ENGINE_set_cmd_defns(engine, PKCS11_ENGINE_COMMANDS) || // Register the callback functions !ENGINE_set_init_function(engine, EngineInitialize) || !ENGINE_set_finish_function(engine, EngineFinalize) || !ENGINE_set_destroy_function(engine, EngineDestroy) || !ENGINE_set_ctrl_function(engine, EngineControl) || !ENGINE_set_load_pubkey_function(engine, EngineLoadPublicKey) || !ENGINE_set_load_privkey_function(engine, EngineLoadPrivateKey) || !ENGINE_set_RSA(engine, PKCS11_get_rsa_method()) || !ENGINE_set_ECDSA(engine, PKCS11_get_ecdsa_method()) || !ENGINE_set_ECDH(engine, PKCS11_get_ecdh_method()) || #if OPENSSL_VERSION_NUMBER >= 0x10100002L !ENGINE_set_EC(engine, PKCS11_get_ec_key_method()) || #endif // Make OpenSSL know about our PKCS#11 engine !ENGINE_add(engine)) { LOG(ERROR) << "Cannot initialize the OpenSSL engine for PKCS#11"; pkcs11_finish(context_); ENGINE_free(engine); throw OrthancException(ErrorCode_InternalError); } // If the "ENGINE_add" worked, it gets a structural // reference. We release our just-created reference. ENGINE_free(engine); return ENGINE_by_id(PKCS11_ENGINE_ID); }
static int bind_devcrypto(ENGINE *e) { if (!ENGINE_set_id(e, engine_devcrypto_id) || !ENGINE_set_name(e, "/dev/crypto engine") || !ENGINE_set_destroy_function(e, devcrypto_unload) || !ENGINE_set_cmd_defns(e, devcrypto_cmds) || !ENGINE_set_ctrl_function(e, devcrypto_ctrl)) return 0; prepare_cipher_methods(); #ifdef IMPLEMENT_DIGEST prepare_digest_methods(); #endif return (ENGINE_set_ciphers(e, devcrypto_ciphers) #ifdef IMPLEMENT_DIGEST && ENGINE_set_digests(e, devcrypto_digests) #endif /* * Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD * implementations, it seems to only exist in FreeBSD, and regarding the * parameters in its crypt_kop, the manual crypto(4) has this to say: * * The semantics of these arguments are currently undocumented. * * Reading through the FreeBSD source code doesn't give much more than * their CRK_MOD_EXP implementation for ubsec. * * It doesn't look much better with cryptodev-linux. They have the crypt_kop * structure as well as the command (CRK_*) in cryptodev.h, but no support * seems to be implemented at all for the moment. * * At the time of writing, it seems impossible to write proper support for * FreeBSD's asym features without some very deep knowledge and access to * specific kernel modules. * * /Richard Levitte, 2017-05-11 */ #if 0 # ifndef OPENSSL_NO_RSA && ENGINE_set_RSA(e, devcrypto_rsa) # endif # ifndef OPENSSL_NO_DSA && ENGINE_set_DSA(e, devcrypto_dsa) # endif # ifndef OPENSSL_NO_DH && ENGINE_set_DH(e, devcrypto_dh) # endif # ifndef OPENSSL_NO_EC && ENGINE_set_EC(e, devcrypto_ec) # endif #endif ); }
/* * This internal function is used by ENGINE_openssl() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, engine_openssl_id) || !ENGINE_set_name(e, engine_openssl_name) || !ENGINE_set_destroy_function(e, openssl_destroy) #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS # ifndef OPENSSL_NO_RSA || !ENGINE_set_RSA(e, RSA_get_default_method()) # endif # ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, DSA_get_default_method()) # endif # ifndef OPENSSL_NO_EC || !ENGINE_set_EC(e, EC_KEY_OpenSSL()) # endif # ifndef OPENSSL_NO_DH || !ENGINE_set_DH(e, DH_get_default_method()) # endif || !ENGINE_set_RAND(e, RAND_OpenSSL()) # ifdef TEST_ENG_OPENSSL_RC4 || !ENGINE_set_ciphers(e, openssl_ciphers) # endif # ifdef TEST_ENG_OPENSSL_SHA || !ENGINE_set_digests(e, openssl_digests) # endif #endif #ifdef TEST_ENG_OPENSSL_PKEY || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) #endif #ifdef TEST_ENG_OPENSSL_HMAC || !ossl_register_hmac_meth() || !ENGINE_set_pkey_meths(e, ossl_pkey_meths) #endif ) return 0; /* * If we add errors to this ENGINE, ensure the error handling is setup * here */ /* openssl_load_error_strings(); */ return 1; }
/****************************************************************************** * function: * bind_qat(ENGINE *e, * const char *id) * * @param e [IN] - OpenSSL engine pointer * @param id [IN] - engine id * * description: * Connect Qat engine to OpenSSL engine library ******************************************************************************/ static int bind_qat(ENGINE *e, const char *id) { int ret = 0; WARN("QAT Warnings enabled.\n"); DEBUG("QAT Debug enabled.\n"); DEBUG("[%s] id=%s\n", __func__, id); if (id && (strcmp(id, engine_qat_id) != 0)) { WARN("ENGINE_id defined already!\n"); goto end; } if (!ENGINE_set_id(e, engine_qat_id)) { WARN("ENGINE_set_id failed\n"); goto end; } if (!ENGINE_set_name(e, engine_qat_name)) { WARN("ENGINE_set_name failed\n"); goto end; } /* Ensure the QAT error handling is set up */ ERR_load_QAT_strings(); /* * Create static structures for ciphers now * as this function will be called by a single thread. */ qat_create_ciphers(); #ifndef OPENSSL_ENABLE_QAT_SMALL_PACKET_CIPHER_OFFLOADS CRYPTO_THREAD_run_once(&qat_pkt_threshold_table_once,qat_pkt_threshold_table_make_key); #endif DEBUG("%s: About to set mem functions\n", __func__); if (!ENGINE_set_RSA(e, qat_get_RSA_methods())) { WARN("ENGINE_set_RSA failed\n"); goto end; } if (!ENGINE_set_DSA(e, qat_get_DSA_methods())) { WARN("ENGINE_set_DSA failed\n"); goto end; } if (!ENGINE_set_DH(e, qat_get_DH_methods())) { WARN("ENGINE_set_DH failed\n"); goto end; } if (!ENGINE_set_EC(e, qat_get_EC_methods())) { WARN("ENGINE_set_EC failed\n"); goto end; } if (!ENGINE_set_ciphers(e, qat_ciphers)) { WARN("ENGINE_set_ciphers failed\n"); goto end; } if (!ENGINE_set_pkey_meths(e, qat_PRF_pkey_methods)) { WARN("ENGINE_set_pkey_meths failed\n"); goto end; } pthread_atfork(engine_fork_handler, NULL, NULL); if (!ENGINE_set_destroy_function(e, qat_engine_destroy) || !ENGINE_set_init_function(e, qat_engine_init) || !ENGINE_set_finish_function(e, qat_engine_finish) || !ENGINE_set_ctrl_function(e, qat_engine_ctrl) || !ENGINE_set_cmd_defns(e, qat_cmd_defns)) { WARN("[%s] failed reg destroy, init or finish\n", __func__); goto end; } ret = 1; end: return ret; }
/* * This engine is always built into libcrypto, so it doesn't offer any * ability to be dynamically loadable. */ void engine_load_devcrypto_int() { ENGINE *e = NULL; if (access("/dev/crypto", R_OK | W_OK) < 0) { fprintf(stderr, "/dev/crypto not present, not enabling devcrypto engine\n"); return; } prepare_cipher_methods(); #if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL) prepare_digest_methods(); #endif if ((e = ENGINE_new()) == NULL) return; if (!ENGINE_set_id(e, "devcrypto") || !ENGINE_set_name(e, "/dev/crypto engine") || !ENGINE_set_destroy_function(e, devcrypto_unload) /* * Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD * implementations, it seems to only exist in FreeBSD, and regarding the * parameters in its crypt_kop, the manual crypto(4) has this to say: * * The semantics of these arguments are currently undocumented. * * Reading through the FreeBSD source code doesn't give much more than * their CRK_MOD_EXP implementation for ubsec. * * It doesn't look much better with cryptodev-linux. They have the crypt_kop * structure as well as the command (CRK_*) in cryptodev.h, but no support * seems to be implemented at all for the moment. * * At the time of writing, it seems impossible to write proper support for * FreeBSD's asym features without some very deep knowledge and access to * specific kernel modules. * * /Richard Levitte, 2017-05-11 */ #if 0 # ifndef OPENSSL_NO_RSA || !ENGINE_set_RSA(e, devcrypto_rsa) # endif # ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, devcrypto_dsa) # endif # ifndef OPENSSL_NO_DH || !ENGINE_set_DH(e, devcrypto_dh) # endif # ifndef OPENSSL_NO_EC || !ENGINE_set_EC(e, devcrypto_ec) # endif #endif || !ENGINE_set_ciphers(e, devcrypto_ciphers) #if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL) || !ENGINE_set_digests(e, devcrypto_digests) #endif ) { ENGINE_free(e); return; } ENGINE_add(e); ENGINE_free(e); /* Loose our local reference */ ERR_clear_error(); }
/****************************************************************************** * function: * bind_qat(ENGINE *e, * const char *id) * * @param e [IN] - OpenSSL engine pointer * @param id [IN] - engine id * * description: * Connect Qat engine to OpenSSL engine library ******************************************************************************/ static int bind_qat(ENGINE *e, const char *id) { int ret = 0; #ifndef OPENSSL_ENABLE_QAT_UPSTREAM_DRIVER int upstream_flags = 0; unsigned int devmasks[] = { 0, 0, 0, 0, 0 }; #endif QAT_DEBUG_LOG_INIT(); WARN("QAT Warnings enabled.\n"); DEBUG("QAT Debug enabled.\n"); DEBUG("id=%s\n", id); if (access(QAT_DEV, F_OK) != 0) { WARN("Qat memory driver not present\n"); QATerr(QAT_F_BIND_QAT, QAT_R_MEM_DRV_NOT_PRESENT); goto end; } #ifndef OPENSSL_ENABLE_QAT_UPSTREAM_DRIVER if (!getDevices(devmasks, &upstream_flags)) { WARN("Qat device not present\n"); QATerr(QAT_F_BIND_QAT, QAT_R_QAT_DEV_NOT_PRESENT); goto end; } #endif if (id && (strcmp(id, engine_qat_id) != 0)) { WARN("ENGINE_id defined already!\n"); QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_ID_ALREADY_DEFINED); goto end; } if (!ENGINE_set_id(e, engine_qat_id)) { WARN("ENGINE_set_id failed\n"); QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_ID_FAILURE); goto end; } if (!ENGINE_set_name(e, engine_qat_name)) { WARN("ENGINE_set_name failed\n"); QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_NAME_FAILURE); goto end; } /* Ensure the QAT error handling is set up */ ERR_load_QAT_strings(); /* * Create static structures for ciphers now * as this function will be called by a single thread. */ qat_create_ciphers(); if (!ENGINE_set_RSA(e, qat_get_RSA_methods())) { WARN("ENGINE_set_RSA failed\n"); QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_RSA_FAILURE); goto end; } if (!ENGINE_set_DSA(e, qat_get_DSA_methods())) { WARN("ENGINE_set_DSA failed\n"); QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_DSA_FAILURE); goto end; } if (!ENGINE_set_DH(e, qat_get_DH_methods())) { WARN("ENGINE_set_DH failed\n"); QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_DH_FAILURE); goto end; } if (!ENGINE_set_EC(e, qat_get_EC_methods())) { WARN("ENGINE_set_EC failed\n"); QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_EC_FAILURE); goto end; } if (!ENGINE_set_ciphers(e, qat_ciphers)) { WARN("ENGINE_set_ciphers failed\n"); QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_CIPHER_FAILURE); goto end; } if (!ENGINE_set_pkey_meths(e, qat_PRF_pkey_methods)) { WARN("ENGINE_set_pkey_meths failed\n"); QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_PKEY_FAILURE); goto end; } pthread_atfork(engine_finish_before_fork_handler, NULL, engine_init_child_at_fork_handler); ret = 1; ret &= ENGINE_set_destroy_function(e, qat_engine_destroy); ret &= ENGINE_set_init_function(e, qat_engine_init); ret &= ENGINE_set_finish_function(e, qat_engine_finish); ret &= ENGINE_set_ctrl_function(e, qat_engine_ctrl); ret &= ENGINE_set_cmd_defns(e, qat_cmd_defns); if (ret == 0) { WARN("Engine failed to register init, finish or destroy functions\n"); QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_REGISTER_FUNC_FAILURE); } end: return ret; }