/* This internal function is used by ENGINE_pkcs11() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, PKCS11_ENGINE_ID) || !ENGINE_set_destroy_function(e, engine_destroy) || !ENGINE_set_init_function(e, engine_init) || !ENGINE_set_finish_function(e, engine_finish) || !ENGINE_set_ctrl_function(e, engine_ctrl) || !ENGINE_set_cmd_defns(e, engine_cmd_defns) || !ENGINE_set_name(e, PKCS11_ENGINE_NAME) || #ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, PKCS11_get_rsa_method()) || #endif #if OPENSSL_VERSION_NUMBER >= 0x10100002L #ifndef OPENSSL_NO_EC /* PKCS11_get_ec_key_method combines ECDSA and ECDH */ !ENGINE_set_EC(e, PKCS11_get_ec_key_method()) || #endif /* OPENSSL_NO_EC */ #else /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ECDSA !ENGINE_set_ECDSA(e, PKCS11_get_ecdsa_method()) || #endif #ifndef OPENSSL_NO_ECDH !ENGINE_set_ECDH(e, PKCS11_get_ecdh_method()) || #endif #endif /* OPENSSL_VERSION_NUMBER */ !ENGINE_set_load_pubkey_function(e, load_pubkey) || !ENGINE_set_load_privkey_function(e, load_privkey)) { return 0; } else { return 1; } }
static int keystore_engine_setup(ENGINE* e) { ALOGV("keystore_engine_setup"); if (!ENGINE_set_id(e, KEYSTORE_ENGINE_ID) || !ENGINE_set_name(e, KEYSTORE_ENGINE_NAME) || !ENGINE_set_load_privkey_function(e, keystore_loadkey) || !ENGINE_set_load_pubkey_function(e, keystore_loadkey) || !ENGINE_set_cmd_defns(e, keystore_cmd_defns)) { ALOGE("Could not set up keystore engine"); return 0; } if (!ENGINE_set_RSA(e, &keystore_rsa_meth) || !register_rsa_methods()) { ALOGE("Could not set up keystore RSA methods"); return 0; } /* We need a handle in the RSA keys as well for keygen if it's not already initialized. */ pthread_once(&rsa_key_handle_control, init_rsa_key_handle); if (rsa_key_handle < 0) { ALOGE("Could not set up RSA ex_data index"); return 0; } return 1; }
static int bind_helper (ENGINE *e) { if (!ENGINE_set_id(e, FS_ENGINE_ID) || !ENGINE_set_name (e, FS_ENGINE_NAME) || !ENGINE_set_destroy_function (e, engine_fs_destroy) || !ENGINE_set_finish_function (e, engine_fs_finish) || !ENGINE_set_ctrl_function (e, engine_fs_ctrl) || !ENGINE_set_load_privkey_function (e, engine_fs_load_private_key) || !ENGINE_set_RSA (e, &engine_fs_rsa) /*|| !ENGINE_set_load_pubkey_function (e, engine_fs_load_public_key) || !ENGINE_set_init_function (e, engine_fs_init) || !ENGINE_set_DSA (e, engine_fs_dsa) || !ENGINE_set_ECDH (e, engine_fs_dh) || !ENGINE_set_ECDSA (e, engine_fs_dh) || !ENGINE_set_DH (e, engine_fs_dh) || !ENGINE_set_RAND (e, engine_fs_rand) || !ENGINE_set_STORE (e, asn1_i2d_ex_primitiveengine_fs_rand) || !ENGINE_set_ciphers (e, engine_fs_syphers_f) || !ENGINE_set_digests (e, engine_fs_digest_f) || !ENGINE_set_flags (e, engine_fs_flags) || !ENGINE_set_cmd_defns (e, engine_fs_cmd_defns)*/) { return (0); } if (!ENGINE_set_RSA (e, &engine_fs_rsa) || !register_rsa_methods ()) { return 0; } return (1); }
static ENGINE* LoadEngine() { // This function creates an engine for PKCS#11 and inspired by // the "ENGINE_load_dynamic" function from OpenSSL, in file // "crypto/engine/eng_dyn.c" ENGINE* engine = ENGINE_new(); if (!engine) { LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11"; throw OrthancException(ErrorCode_InternalError); } // Create a PKCS#11 context using libp11 context_ = pkcs11_new(); if (!context_) { LOG(ERROR) << "Cannot create a libp11 context for PKCS#11"; ENGINE_free(engine); throw OrthancException(ErrorCode_InternalError); } if (!ENGINE_set_id(engine, PKCS11_ENGINE_ID) || !ENGINE_set_name(engine, PKCS11_ENGINE_NAME) || !ENGINE_set_cmd_defns(engine, PKCS11_ENGINE_COMMANDS) || // Register the callback functions !ENGINE_set_init_function(engine, EngineInitialize) || !ENGINE_set_finish_function(engine, EngineFinalize) || !ENGINE_set_destroy_function(engine, EngineDestroy) || !ENGINE_set_ctrl_function(engine, EngineControl) || !ENGINE_set_load_pubkey_function(engine, EngineLoadPublicKey) || !ENGINE_set_load_privkey_function(engine, EngineLoadPrivateKey) || !ENGINE_set_RSA(engine, PKCS11_get_rsa_method()) || !ENGINE_set_ECDSA(engine, PKCS11_get_ecdsa_method()) || !ENGINE_set_ECDH(engine, PKCS11_get_ecdh_method()) || #if OPENSSL_VERSION_NUMBER >= 0x10100002L !ENGINE_set_EC(engine, PKCS11_get_ec_key_method()) || #endif // Make OpenSSL know about our PKCS#11 engine !ENGINE_add(engine)) { LOG(ERROR) << "Cannot initialize the OpenSSL engine for PKCS#11"; pkcs11_finish(context_); ENGINE_free(engine); throw OrthancException(ErrorCode_InternalError); } // If the "ENGINE_add" worked, it gets a structural // reference. We release our just-created reference. ENGINE_free(engine); return ENGINE_by_id(PKCS11_ENGINE_ID); }
/* * This internal function is used by ENGINE_chil() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { # ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; # endif # ifndef OPENSSL_NO_DH const DH_METHOD *meth2; # endif if (!ENGINE_set_id(e, engine_hwcrhk_id) || !ENGINE_set_name(e, engine_hwcrhk_name) || # ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &hwcrhk_rsa) || # endif # ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &hwcrhk_dh) || # endif !ENGINE_set_RAND(e, &hwcrhk_rand) || !ENGINE_set_destroy_function(e, hwcrhk_destroy) || !ENGINE_set_init_function(e, hwcrhk_init) || !ENGINE_set_finish_function(e, hwcrhk_finish) || !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) || !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) || !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) || !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns)) return 0; # ifndef OPENSSL_NO_RSA /* * We know that the "PKCS1_SSLeay()" functions hook properly to the * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB: * We don't use ENGINE_openssl() or anything "more generic" because * something like the RSAref code may not hook properly, and if you own * one of these cards then you have the right to do RSA operations on it * anyway! */ meth1 = RSA_PKCS1_SSLeay(); hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc; hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec; # endif # ifndef OPENSSL_NO_DH /* Much the same for Diffie-Hellman */ meth2 = DH_OpenSSL(); hwcrhk_dh.generate_key = meth2->generate_key; hwcrhk_dh.compute_key = meth2->compute_key; # endif /* Ensure the hwcrhk error handling is set up */ ERR_load_HWCRHK_strings(); return 1; }
static int bind_helper(ENGINE *e) { fprintf(stderr, "arrive at bind_helper\n"); if(!ENGINE_set_id(e, engine_hwdev_id) || !ENGINE_set_name(e, engine_hwdev_name) || !ENGINE_set_ECDH(e, &ecdh_meth) || !ENGINE_set_destroy_function(e, hwdev_destroy) || !ENGINE_set_init_function(e, hwdev_init) || !ENGINE_set_finish_function(e, hwdev_finish) || !ENGINE_set_ctrl_function(e, hwdev_ctrl) || !ENGINE_set_load_privkey_function(e, hwdev_load_privkey) || !ENGINE_set_load_pubkey_function(e, hwdev_load_pubkey) || !ENGINE_set_cmd_defns(e, hwdev_cmd_defns)) return 0; return 1; }
/* * This internal function is used by ENGINE_openssl() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, engine_openssl_id) || !ENGINE_set_name(e, engine_openssl_name) || !ENGINE_set_destroy_function(e, openssl_destroy) #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS # ifndef OPENSSL_NO_RSA || !ENGINE_set_RSA(e, RSA_get_default_method()) # endif # ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, DSA_get_default_method()) # endif # ifndef OPENSSL_NO_EC || !ENGINE_set_EC(e, EC_KEY_OpenSSL()) # endif # ifndef OPENSSL_NO_DH || !ENGINE_set_DH(e, DH_get_default_method()) # endif || !ENGINE_set_RAND(e, RAND_OpenSSL()) # ifdef TEST_ENG_OPENSSL_RC4 || !ENGINE_set_ciphers(e, openssl_ciphers) # endif # ifdef TEST_ENG_OPENSSL_SHA || !ENGINE_set_digests(e, openssl_digests) # endif #endif #ifdef TEST_ENG_OPENSSL_PKEY || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) #endif #ifdef TEST_ENG_OPENSSL_HMAC || !ossl_register_hmac_meth() || !ENGINE_set_pkey_meths(e, ossl_pkey_meths) #endif ) return 0; /* * If we add errors to this ENGINE, ensure the error handling is setup * here */ /* openssl_load_error_strings(); */ return 1; }
static int bind_capi(ENGINE *e) { if (!ENGINE_set_id(e, engine_capi_id) || !ENGINE_set_name(e, engine_capi_name) || !ENGINE_set_init_function(e, capi_init) || !ENGINE_set_finish_function(e, capi_finish) || !ENGINE_set_destroy_function(e, capi_destroy) || !ENGINE_set_RSA(e, &capi_rsa_method) || !ENGINE_set_DSA(e, &capi_dsa_method) || !ENGINE_set_load_privkey_function(e, capi_load_privkey) || !ENGINE_set_load_ssl_client_cert_function(e, capi_load_ssl_client_cert) || !ENGINE_set_cmd_defns(e, capi_cmd_defns) || !ENGINE_set_ctrl_function(e, capi_ctrl)) return 0; ERR_load_CAPI_strings(); return 1; }
/* This internal function is used by ENGINE_tpm() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE * e) { if (!ENGINE_set_id(e, engine_tpm_id) || !ENGINE_set_name(e, engine_tpm_name) || #ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &tpm_rsa) || #endif !ENGINE_set_RAND(e, &tpm_rand) || !ENGINE_set_destroy_function(e, tpm_engine_destroy) || !ENGINE_set_init_function(e, tpm_engine_init) || !ENGINE_set_finish_function(e, tpm_engine_finish) || !ENGINE_set_ctrl_function(e, tpm_engine_ctrl) || !ENGINE_set_load_pubkey_function(e, tpm_engine_load_key) || !ENGINE_set_load_privkey_function(e, tpm_engine_load_key) || !ENGINE_set_cmd_defns(e, tpm_cmd_defns)) return 0; /* Ensure the tpm error handling is set up */ ERR_load_TPM_strings(); return 1; }
/* This internal function is used by ENGINE_openssl() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { if(!ENGINE_set_id(e, engine_openssl_id) || !ENGINE_set_name(e, engine_openssl_name) #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS #ifndef OPENSSL_NO_RSA || !ENGINE_set_RSA(e, RSA_get_default_method()) #endif #ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, DSA_get_default_method()) #endif #ifndef OPENSSL_NO_ECDH || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) #endif #ifndef OPENSSL_NO_ECDSA || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) #endif #ifndef OPENSSL_NO_DH || !ENGINE_set_DH(e, DH_get_default_method()) #endif || !ENGINE_set_RAND(e, RAND_SSLeay()) #ifdef TEST_ENG_OPENSSL_RC4 || !ENGINE_set_ciphers(e, openssl_ciphers) #endif #ifdef TEST_ENG_OPENSSL_SHA || !ENGINE_set_digests(e, openssl_digests) #endif #endif //MS: #ifndef OPENSSL_NO_STDIO #ifdef TEST_ENG_OPENSSL_PKEY || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) #endif #endif ) return 0; /* If we add errors to this ENGINE, ensure the error handling is setup here */ /* openssl_load_error_strings(); */ return 1; }
/* ---------------------*/ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, engine_4758_cca_id) || !ENGINE_set_name(e, engine_4758_cca_name) || # ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) || # endif !ENGINE_set_RAND(e, &ibm_4758_cca_rand) || !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) || !ENGINE_set_init_function(e, ibm_4758_cca_init) || !ENGINE_set_finish_function(e, ibm_4758_cca_finish) || !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) || # ifndef OPENSSL_NO_RSA !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) || !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) || # endif !ENGINE_set_cmd_defns(e, cca4758_cmd_defns)) return 0; /* Ensure the error handling is set up */ ERR_load_CCA4758_strings(); return 1; }
/* * This internal function is used by ENGINE_skf() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { # ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; # endif if (!ENGINE_set_id(e, engine_hwskf_id) || !ENGINE_set_name(e, engine_hwskf_name) || !ENGINE_set_destroy_function(e, hwskf_destroy) || !ENGINE_set_init_function(e, hwskf_init) || !ENGINE_set_finish_function(e, hwskf_finish) || !ENGINE_set_ctrl_function(e, hwskf_ctrl) || !ENGINE_set_load_privkey_function(e, hwskf_load_privkey) || !ENGINE_set_load_pubkey_function(e, hwskf_load_pubkey) || !ENGINE_set_cmd_defns(e, hwskf_cmd_defns)) return 0; # ifndef OPENSSL_NO_RSA /* * We know that the "PKCS1_SSLeay()" functions hook properly to the * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB: * We don't use ENGINE_openssl() or anything "more generic" because * something like the RSAref code may not hook properly, and if you own * one of these cards then you have the right to do RSA operations on it * anyway! */ /* meth1 = RSA_PKCS1_SSLeay(); hwskf_rsa.rsa_pub_enc = meth1->rsa_pub_enc; hwskf_rsa.rsa_pub_dec = meth1->rsa_pub_dec; hwskf_rsa.rsa_priv_enc = meth1->rsa_priv_enc; hwskf_rsa.rsa_priv_dec = meth1->rsa_priv_dec; */ # endif /* Ensure the hwcrhk error handling is set up */ //ERR_load_HWSKF_strings(); return 1; }
static int bind_HCSP(ENGINE* e) { if (!ENGINE_set_id(e, engine_HCSP_id) || !ENGINE_set_name(e, engine_HCSP_name) || !ENGINE_set_RSA(e, &HCSP_rsa) || !ENGINE_set_destroy_function(e, HCSP_destroy) || !ENGINE_set_init_function(e, HCSP_init) || !ENGINE_set_finish_function(e, HCSP_finish) || !ENGINE_set_load_pubkey_function(e, HCSP_load_key) || !ENGINE_set_load_privkey_function(e, HCSP_load_key) #ifdef FILE_CONFIG || !ENGINE_set_ctrl_function(e, HCSP_ctrl) || !ENGINE_set_cmd_defns(e, HCSP_cmd_defns) #endif ) return 0; /* Ensure the rsaref error handling is set up */ #ifndef OPENSSL_NO_ERR ERR_load_HCSP_strings(); #endif return 1; }
/* As this is only ever called once, there's no need for locking * (indeed - the lock will already be held by our caller!!!) */ static int bind_sureware(ENGINE *e) { #ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; #endif #ifndef OPENSSL_NO_DSA const DSA_METHOD *meth2; #endif #ifndef OPENSSL_NO_DH const DH_METHOD *meth3; #endif if(!ENGINE_set_id(e, engine_sureware_id) || !ENGINE_set_name(e, engine_sureware_name) || #ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &surewarehk_rsa) || #endif #ifndef OPENSSL_NO_DSA !ENGINE_set_DSA(e, &surewarehk_dsa) || #endif #ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &surewarehk_dh) || #endif !ENGINE_set_RAND(e, &surewarehk_rand) || !ENGINE_set_destroy_function(e, surewarehk_destroy) || !ENGINE_set_init_function(e, surewarehk_init) || !ENGINE_set_finish_function(e, surewarehk_finish) || !ENGINE_set_ctrl_function(e, (ENGINE_CTRL_FUNC_PTR)surewarehk_ctrl) || !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) || !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey)) return 0; #ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly * to the cswift-specific mod_exp and mod_exp_crt so we use * those functions. NB: We don't use ENGINE_openssl() or * anything "more generic" because something like the RSAref * code may not hook properly, and if you own one of these * cards then you have the right to do RSA operations on it * anyway! */ meth1 = RSA_PKCS1_SSLeay(); if (meth1) { surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; } #endif #ifndef OPENSSL_NO_DSA /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish * bits. */ meth2 = DSA_OpenSSL(); if (meth2) { surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify; } #endif #ifndef OPENSSL_NO_DH /* Much the same for Diffie-Hellman */ meth3 = DH_OpenSSL(); if (meth3) { surewarehk_dh.generate_key = meth3->generate_key; surewarehk_dh.compute_key = meth3->compute_key; } #endif /* Ensure the sureware error handling is set up */ ERR_load_SUREWARE_strings(); return 1; }