int main(int argc, char *argv[]) { if(argc != 2) { printf("Usage: ./test_app <file_name>\n"); return -1; } ENGINE *e = load_engine(ENGINE_MODULE, "test_engine"); if(e == 0) { printf("Unable to load engine\n"); return -1; } ENGINE_ctrl_cmd_string(e, "username", "user", 0); ENGINE_ctrl_cmd_string(e, "password", "password", 0); ENGINE_init(e); HMAC_CTX ctx; HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, "test_key\0", 9, EVP_sha1(), e); FILE *f = fopen(argv[1], "r"); char buf[BUF_SIZE]; while(!feof(f)) { size_t ln = fread(buf, sizeof(char), BUF_SIZE, f); if(ln == 0) continue; HMAC_Update(&ctx, buf, ln); } fclose(f); unsigned int siglen; unsigned char md[20]; HMAC_Final(&ctx, md, &siglen); ENGINE_finish(e); printf("HMAC-SHA1: "); for(size_t i = 0; i < siglen; i++) printf("%02x", md[i]); printf("\n"); return 0; }
int main(int argc, char **argv) { OpenSSL_add_all_algorithms(); int len = 128 * MB; if (argc > 1) { len = atoi(argv[1]) * MB; } unsigned char *buf = (unsigned char *) malloc(TOTAL_LEN); if (!buf) { fprintf(stderr, "Error Allocating Memory"); } ENGINE_load_builtin_engines(); #ifdef OPENCL_ENGINE ENGINE *e = ENGINE_by_id("dynamic"); if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", OPENCL_ENGINE, 0) || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) { fprintf(stderr, "Failed to load OpenCL engine!\n"); return -1; } ENGINE_set_default(e, ENGINE_METHOD_ALL); #endif run(argv[0], buf, len); free(buf); return 0; }
DynamicEngine::DynamicEngine( const string & id, const StringList & engineLibPaths ) { DEBUG( "dynamic: ctor: loading and configuring dynamic engine" ); ENGINE_load_dynamic(); ENGINE * dyn = ENGINE_by_id( "dynamic" ); if ( ! dyn ) throw Exception( "dynamic: load failed" ); m_pEngine = dyn; const string engineLibPath( findFirstExisting( engineLibPaths ) ); if ( engineLibPath.empty() ) throw Exception( "dynamic: unable to find engine lib path" ); DEBUG( "dynamic: ctor: so_path=" << QS( engineLibPath ) ); if ( 1 != ENGINE_ctrl_cmd_string( dyn, "SO_PATH", engineLibPath.c_str(), CMD_MANDATORY ) ) throw Exception( "dynamic: setting so_path <= " + QS( engineLibPath ) ); DEBUG( "dynamic: ctor: id=" << QS( id ) ); if ( 1 != ENGINE_ctrl_cmd_string( dyn, "ID", id.c_str(), CMD_MANDATORY ) ) throw Exception( "dynamic: setting id <= " + QS( id ) ); DEBUG( "dynamic: ctor: list_add=1" ); if ( 1 != ENGINE_ctrl_cmd( dyn, "LIST_ADD", 1, NULL, NULL, CMD_MANDATORY ) ) throw Exception( "dynamic: setting list_add <= 1" ); DEBUG( "dynamic: ctor: load=1" ); if ( 1 != ENGINE_ctrl_cmd( dyn, "LOAD", 1, NULL, NULL, CMD_MANDATORY ) ) throw Exception( "dynamic: setting load <= 1" ); DEBUG( "dynamic: ctor: done" ); }
void tor_init_with_engine (const char* name, const char* path) { ENGINE* engine; if (initialized) { return; } tor_init(); if (path == NULL) { engine = ENGINE_by_id(name); } else { engine = ENGINE_by_id("dynamic"); if (!ENGINE_ctrl_cmd_string(engine, "ID", name, 0) || !ENGINE_ctrl_cmd_string(engine, "DIR_LOAD", "2", 0) || !ENGINE_ctrl_cmd_string(engine, "DIR_ADD", path, 0) || !ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0)) { ENGINE_free(engine); engine = NULL; } } if (engine) { ENGINE_set_default(engine, ENGINE_METHOD_ALL); } }
static int load_engine(void **ctx,MESSAGE *msg) { int i; ENGINE **e=(ENGINE **)ctx; ENGINE_load_dynamic(); if(!(*e=ENGINE_by_id("dynamic")))goto err1; if(!ENGINE_ctrl_cmd_string(*e,"SO_PATH",msg->engine,0))goto err2; for(i=0;pkcs11[i].name;i++) if(!ENGINE_ctrl_cmd_string(*e,pkcs11[i].name,pkcs11[i].value,0)) goto err2; if(!ENGINE_ctrl_cmd_string(*e,"MODULE_PATH",msg->pkcs11,0))goto err2; if(msg->nopin)if(!ENGINE_ctrl_cmd_string(*e,"NOLOGIN","1",0))goto err2; if(!ENGINE_ctrl_cmd_string(*e,"PIN",msg->nopin?"":msg->pin,0))goto err2; if(!ENGINE_init(*e)) { err2: ENGINE_free(*e); err1: ENGINE_cleanup(); return ENGFAIL; } ENGINE_free(*e); ENGINE_set_default(*e,ENGINE_METHOD_ALL&~ENGINE_METHOD_RAND); return OK; }
void sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card) { #if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) void (*locking_cb)(int, int, const char *, int); ENGINE *e; locking_cb = CRYPTO_get_locking_callback(); if (locking_cb) CRYPTO_set_locking_callback(NULL); e = ENGINE_by_id("gost"); if (!e) { #if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST) ENGINE_load_gost(); e = ENGINE_by_id("gost"); #else /* try to load dynamic gost engine */ e = ENGINE_by_id("dynamic"); if (!e) { ENGINE_load_dynamic(); e = ENGINE_by_id("dynamic"); } if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))) { ENGINE_free(e); e = NULL; } #endif /* !OPENSSL_NO_STATIC_ENGINE && !OPENSSL_NO_GOST */ } if (e) { ENGINE_set_default(e, ENGINE_METHOD_ALL); ENGINE_free(e); } if (locking_cb) CRYPTO_set_locking_callback(locking_cb); #endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) */ openssl_sha1_mech.mech_data = EVP_sha1(); sc_pkcs11_register_mechanism(card, &openssl_sha1_mech); #if OPENSSL_VERSION_NUMBER >= 0x00908000L openssl_sha256_mech.mech_data = EVP_sha256(); sc_pkcs11_register_mechanism(card, &openssl_sha256_mech); openssl_sha384_mech.mech_data = EVP_sha384(); sc_pkcs11_register_mechanism(card, &openssl_sha384_mech); openssl_sha512_mech.mech_data = EVP_sha512(); sc_pkcs11_register_mechanism(card, &openssl_sha512_mech); #endif openssl_md5_mech.mech_data = EVP_md5(); sc_pkcs11_register_mechanism(card, &openssl_md5_mech); openssl_ripemd160_mech.mech_data = EVP_ripemd160(); sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech); #if OPENSSL_VERSION_NUMBER >= 0x10000000L openssl_gostr3411_mech.mech_data = EVP_get_digestbynid(NID_id_GostR3411_94); sc_pkcs11_register_mechanism(card, &openssl_gostr3411_mech); #endif }
void Initialize(const std::string& module, const std::string& pin, bool verbose) { if (pkcs11Initialized_) { LOG(ERROR) << "The PKCS#11 engine has already been initialized"; throw OrthancException(ErrorCode_BadSequenceOfCalls); } if (module.empty() || !SystemToolbox::IsRegularFile(module)) { LOG(ERROR) << "The PKCS#11 module must be a path to one shared library (DLL or .so)"; throw OrthancException(ErrorCode_InexistentFile); } ENGINE* engine = LoadEngine(); if (!engine) { LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11"; throw OrthancException(ErrorCode_InternalError); } if (!ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", module.c_str(), 0)) { LOG(ERROR) << "Cannot configure the OpenSSL dynamic engine for PKCS#11"; throw OrthancException(ErrorCode_InternalError); } if (verbose) { ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0); } if (!pin.empty() && !ENGINE_ctrl_cmd_string(engine, "PIN", pin.c_str(), 0)) { LOG(ERROR) << "Cannot set the PIN code for PKCS#11"; throw OrthancException(ErrorCode_InternalError); } if (!ENGINE_init(engine)) { LOG(ERROR) << "Cannot initialize the OpenSSL dynamic engine for PKCS#11"; throw OrthancException(ErrorCode_InternalError); } LOG(WARNING) << "The PKCS#11 engine has been successfully initialized"; pkcs11Initialized_ = true; }
/* Try to load an engine in a shareable library */ static ENGINE * try_load_engine (const char *engine) { ENGINE *e = ENGINE_by_id ("dynamic"); if (e) { if (!ENGINE_ctrl_cmd_string (e, "SO_PATH", engine, 0) || !ENGINE_ctrl_cmd_string (e, "LOAD", NULL, 0)) { ENGINE_free (e); e = NULL; } } return e; }
isc_result_t dst__opensslgost_init(dst_func_t **funcp) { REQUIRE(funcp != NULL); /* check if the gost engine works properly */ e = ENGINE_by_id("gost"); if (e == NULL) return (DST_R_OPENSSLFAILURE); if (ENGINE_init(e) <= 0) { ENGINE_free(e); e = NULL; return (DST_R_OPENSSLFAILURE); } /* better than to rely on digest_gost symbol */ opensslgost_digest = ENGINE_get_digest(e, NID_id_GostR3411_94); /* from openssl.cnf */ if ((opensslgost_digest == NULL) || (ENGINE_register_pkey_asn1_meths(e) <= 0) || (ENGINE_ctrl_cmd_string(e, "CRYPT_PARAMS", "id-Gost28147-89-CryptoPro-A-ParamSet", 0) <= 0)) { ENGINE_finish(e); ENGINE_free(e); e = NULL; return (DST_R_OPENSSLFAILURE); } if (*funcp == NULL) *funcp = &opensslgost_functions; return (ISC_R_SUCCESS); }
static int openssl_engine_ctrl(lua_State*L){ ENGINE* eng = CHECK_OBJECT(1,ENGINE,"openssl.engine"); if(lua_isnumber(L, 2)){ int cmd = luaL_checkint(L, 2); if(lua_isnoneornil(L, 3)){ int ret = ENGINE_cmd_is_executable(eng, cmd); lua_pushboolean(L, ret); }else{ long i = (long)luaL_checknumber(L, 3); void* p = lua_touserdata(L, 4); int ret = ENGINE_ctrl(eng, cmd, i, p, NULL); lua_pushboolean(L, ret); } }else{ const char* cmd = luaL_checkstring(L, 2); if(lua_isnumber(L, 3)) { long i = (long)luaL_checknumber(L, 3); void* p = lua_touserdata(L, 4); int opt = luaL_optint(L, 5, 0); int ret = ENGINE_ctrl_cmd(eng, cmd, i, p, NULL, opt); lua_pushboolean(L, ret); }else{ const char* arg = luaL_optstring(L, 3, NULL); int opt = luaL_optint(L, 4, 0); int ret = ENGINE_ctrl_cmd_string(eng, cmd, arg, opt); lua_pushboolean(L, ret); } } return 1; }
ENGINE *load_engine(const char *so_path, const char *id) { ENGINE_load_dynamic(); ENGINE *de = ENGINE_by_id("dynamic"); if(de == 0) { printf("Unable to load dynamic engine\n"); return 0; } if(!ENGINE_ctrl_cmd_string(de, "SO_PATH", so_path, 0)) { printf("Unable to load desired engine\n"); return 0; } ENGINE_ctrl_cmd_string(de, "LIST_ADD", "2", 0); ENGINE_ctrl_cmd_string(de, "LOAD", NULL, 0); ENGINE_free(de); return ENGINE_by_id(id); }
void TokenEngine::login( const string & pin ) { if ( 1 != ENGINE_ctrl_cmd_string( m_pEngine, "PIN", pin.c_str(), CMD_MANDATORY ) ) throw Exception( "token: unable to log in" " with PIN=" + QS( pin ) ); }
static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent) { int loop, res, num = sk_num(cmds); if(num < 0) { BIO_printf(bio_out, "[Error]: internal stack error\n"); return; } for(loop = 0; loop < num; loop++) { char buf[256]; const char *cmd, *arg; cmd = sk_value(cmds, loop); res = 1; /* assume success */ /* Check if this command has no ":arg" */ if((arg = strstr(cmd, ":")) == NULL) { if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) res = 0; } else { if((int)(arg - cmd) > 254) { BIO_printf(bio_out,"[Error]: command name too long\n"); return; } memcpy(buf, cmd, (int)(arg - cmd)); buf[arg-cmd] = '\0'; arg++; /* Move past the ":" */ /* Call the command with the argument */ if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) res = 0; } if(res) BIO_printf(bio_out, "[Success]: %s\n", cmd); else { BIO_printf(bio_out, "[Failure]: %s\n", cmd); ERR_print_errors(bio_out); } } }
/* * 'name' is the name the engine is known by to the dst library. * This may or may not match the name the engine is known by to * openssl. It is the name that is stored in the private key file. * * 'engine_id' is the openssl engine name. * * pre_cmds and post_cmds a sequence if command argument pairs * pre_num and post_num are a count of those pairs. * * "SO_PATH", PKCS11_SO_PATH ("/usr/local/lib/engines/engine_pkcs11.so") * "LOAD", NULL * "MODULE_PATH", PKCS11_MODULE_PATH ("/usr/lib/libpkcs11.so") */ static isc_result_t dst__openssl_load_engine(const char *name, const char *engine_id, const char **pre_cmds, int pre_num, const char **post_cmds, int post_num) { ENGINE *e; UNUSED(name); if (!strcasecmp(engine_id, "dynamic")) ENGINE_load_dynamic(); e = ENGINE_by_id(engine_id); if (e == NULL) return (ISC_R_NOTFOUND); while (pre_num--) { if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { ENGINE_free(e); return (ISC_R_FAILURE); } pre_cmds += 2; } if (!ENGINE_init(e)) { ENGINE_free(e); return (ISC_R_FAILURE); } /* * ENGINE_init() returned a functional reference, so free the * structural reference from ENGINE_by_id(). */ ENGINE_free(e); while (post_num--) { if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { ENGINE_free(e); return (ISC_R_FAILURE); } post_cmds += 2; } if (he != NULL) ENGINE_finish(he); he = e; return (ISC_R_SUCCESS); }
static ENGINE * InitEnginePKCS11( const char *pkcs11, const char *pin) { ENGINE *e; ENGINE_load_dynamic(); e = ENGINE_by_id("dynamic"); if (!e){ SSL_Error(_d("Engine_by_id:\n %s"), GetSSLErrorString()); return NULL; } if(!ENGINE_ctrl_cmd_string(e, "SO_PATH", ENGINE_PKCS11_PATH, 0)|| !ENGINE_ctrl_cmd_string(e, "ID", "pkcs11", 0) || !ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0) || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0) || !ENGINE_ctrl_cmd_string(e, "MODULE_PATH", pkcs11, 0) || !ENGINE_ctrl_cmd_string(e, "PIN", pin, 0) ){ SSL_Error(_d("Engine_ctrl_cmd_string failure:\n %s"), GetSSLErrorString()); ENGINE_free(e); return NULL; } if(!ENGINE_init(e)){ SSL_Error(_d("Engine_init failure:\n %s"), GetSSLErrorString()); ENGINE_free(e); return NULL; } return e; }
static VALUE ossl_engine_ctrl_cmd(int argc, VALUE *argv, VALUE self) { ENGINE *e; VALUE cmd, val; int ret; GetEngine(self, e); rb_scan_args(argc, argv, "11", &cmd, &val); StringValue(cmd); if (!NIL_P(val)) StringValue(val); ret = ENGINE_ctrl_cmd_string(e, RSTRING_PTR(cmd), NIL_P(val) ? NULL : RSTRING_PTR(val), 0); if (!ret) ossl_raise(eEngineError, NULL); return self; }
TokenEngine::TokenEngine( const StringList & modulePaths ) { ENGINE * tok = ENGINE_by_id( "pkcs11" ); if ( ! tok ) throw Exception( "token: unable to get engine" ); m_pEngine = tok; const string modulePath( findFirstExisting( modulePaths ) ); if ( modulePath.empty() ) throw Exception( "token: unable to find module path" ); DEBUG( "token: ctor: module_path=" << QS( modulePath ) ); if ( 1 != ENGINE_ctrl_cmd_string( tok, "MODULE_PATH", modulePath.c_str(), CMD_MANDATORY ) ) throw Exception( "token: setting module_path <= " + QS( modulePath ) ); DEBUG( "token: ctor: initializing " << m_pEngine ); if ( 1 != ENGINE_init( tok ) ) throw Exception( "token: unable to initialize" ); DEBUG( "token: ctor: done" ); }
static ENGINE *get_pkcs11_engine(GError **error) { static ENGINE *e = NULL; unsigned long err; const gchar *data; const gchar *env; int flags; g_return_val_if_fail(error == NULL || *error == NULL, NULL); ENGINE_load_builtin_engines(); e = ENGINE_by_id("pkcs11"); if (e == NULL) { err = ERR_get_error_line_data(NULL, NULL, &data, &flags); g_set_error( error, R_SIGNATURE_ERROR, R_SIGNATURE_ERROR_LOAD_FAILED, "failed to load PKCS11 engine: %s", (flags & ERR_TXT_STRING) ? data : ERR_error_string(err, NULL)); goto out; } env = g_getenv("RAUC_PKCS11_MODULE"); if (env != NULL) { if (!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", env, 0)) { err = ERR_get_error_line_data(NULL, NULL, &data, &flags); g_set_error( error, R_SIGNATURE_ERROR, R_SIGNATURE_ERROR_PARSE_ERROR, "failed to configure PKCS11 module path: %s", (flags & ERR_TXT_STRING) ? data : ERR_error_string(err, NULL)); goto free; } } if (ENGINE_init(e) == 0) { err = ERR_get_error_line_data(NULL, NULL, &data, &flags); g_set_error( error, R_SIGNATURE_ERROR, R_SIGNATURE_ERROR_LOAD_FAILED, "failed to initialize PKCS11 engine: %s", (flags & ERR_TXT_STRING) ? data : ERR_error_string(err, NULL)); goto free; } env = g_getenv("RAUC_PKCS11_PIN"); if (env != NULL) { if (!ENGINE_ctrl_cmd_string(e, "PIN", env, 0)) { err = ERR_get_error_line_data(NULL, NULL, &data, &flags); g_set_error( error, R_SIGNATURE_ERROR, R_SIGNATURE_ERROR_PARSE_ERROR, "failed to configure PKCS11 PIN: %s", (flags & ERR_TXT_STRING) ? data : ERR_error_string(err, NULL)); goto finish; } } goto out; finish: ENGINE_finish(e); free: ENGINE_free(e); e = NULL; out: return e; }
ENGINE *ENGINE_by_id(const char *id) { ENGINE *iterator; char *load_dir = NULL; if (id == NULL) { ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER); return NULL; } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); iterator = engine_list_head; while (iterator && (strcmp(id, iterator->id) != 0)) iterator = iterator->next; if (iterator != NULL) { /* * We need to return a structural reference. If this is an ENGINE * type that returns copies, make a duplicate - otherwise increment * the existing ENGINE's reference count. */ if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) { ENGINE *cp = ENGINE_new(); if (cp == NULL) iterator = NULL; else { engine_cpy(cp, iterator); iterator = cp; } } else { iterator->struct_ref++; engine_ref_debug(iterator, 0, 1); } } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); if (iterator != NULL) return iterator; /* * Prevent infinite recursion if we're looking for the dynamic engine. */ if (strcmp(id, "dynamic")) { # ifdef OPENSSL_SYS_VMS if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; # else if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; # endif iterator = ENGINE_by_id("dynamic"); if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", load_dir, 0) || !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) || !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) goto notfound; return iterator; } notfound: ENGINE_free(iterator); ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE); ERR_add_error_data(2, "id=", id); return NULL; /* EEK! Experimental code ends */ }
int main(int argc, char *argv[]) { ENGINE *engine; EVP_PKEY *pkey; X509 *cert; FILE *cert_fp; const char *module, *efile, *certfile, *privkey; int ret = 0; if (argc < 4){ printf("Too few arguments\n"); usage(argv); return 1; } certfile = argv[1]; privkey = argv[2]; module = argv[3]; efile = argv[4]; cert_fp = fopen(certfile, "rb"); if (!cert_fp) { fprintf(stderr, "%s:%d Could not open file %s\n", __FILE__, __LINE__, certfile); ret = 1; goto end; } cert = PEM_read_X509(cert_fp, NULL, NULL, NULL); if (!cert) { fprintf(stderr, "%s:%d Could not read certificate file" "(must be PEM format)\n", __FILE__, __LINE__); } if (cert_fp) { fclose(cert_fp); } ret = CONF_modules_load_file(efile, "engines", 0); if (ret <= 0) { fprintf(stderr, "%s:%d cannot load %s\n", __FILE__, __LINE__, efile); display_openssl_errors(__LINE__); exit(1); } ENGINE_add_conf_module(); #if OPENSSL_VERSION_NUMBER>=0x10100000 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \ | OPENSSL_INIT_LOAD_CONFIG, NULL); #else OpenSSL_add_all_algorithms(); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); #endif ERR_clear_error(); ENGINE_load_builtin_engines(); engine = ENGINE_by_id("pkcs11"); if (engine == NULL) { printf("%s:%d Could not get engine\n", __FILE__, __LINE__); display_openssl_errors(__LINE__); ret = 1; goto end; } if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", module, 0)) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_init(engine)) { printf("Could not initialize engine\n"); display_openssl_errors(__LINE__); ret = 1; goto end; } pkey = ENGINE_load_private_key(engine, privkey, 0, 0); if (pkey == NULL) { printf("%s:%d Could not load key\n", __FILE__, __LINE__); display_openssl_errors(__LINE__); ret = 1; goto end; } ret = X509_check_private_key(cert, pkey); if (!ret) { printf("%s:%d Could not check private key\n", __FILE__, __LINE__); display_openssl_errors(__LINE__); ret = 1; goto end; } printf("Key and certificate matched\n"); ret = 0; CONF_modules_unload(1); end: X509_free(cert); EVP_PKEY_free(pkey); ENGINE_finish(engine); return ret; }
// Constructor OSSLCryptoFactory::OSSLCryptoFactory() { // Multi-thread support nlocks = CRYPTO_num_locks(); locks = new Mutex*[nlocks]; for (unsigned i = 0; i < nlocks; i++) { locks[i] = MutexFactory::i()->getMutex(); } #ifdef HAVE_PTHREAD_H CRYPTO_set_id_callback(id_callback); #endif CRYPTO_set_locking_callback(lock_callback); #ifdef WITH_FIPS // Already in FIPS mode on reenter (avoiding selftests) if (!FIPS_mode()) { FipsSelfTestStatus = false; if (!FIPS_mode_set(1)) { ERROR_MSG("can't enter into FIPS mode"); return; } } else { // Undo RAND_cleanup() RAND_init_fips(); } FipsSelfTestStatus = true; #endif // Initialise OpenSSL OpenSSL_add_all_algorithms(); // Initialise the one-and-only RNG rng = new OSSLRNG(); #ifdef WITH_GOST // Load engines ENGINE_load_builtin_engines(); // Initialise the GOST engine eg = ENGINE_by_id("gost"); if (eg == NULL) { ERROR_MSG("can't get the GOST engine"); return; } if (ENGINE_init(eg) <= 0) { ENGINE_free(eg); eg = NULL; ERROR_MSG("can't initialize the GOST engine"); return; } // better than digest_gost EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94); if (EVP_GOST_34_11 == NULL) { ERROR_MSG("can't get the GOST digest"); goto err; } // from the openssl.cnf if (ENGINE_register_pkey_asn1_meths(eg) <= 0) { ERROR_MSG("can't register ASN.1 for the GOST engine"); goto err; } if (ENGINE_ctrl_cmd_string(eg, "CRYPT_PARAMS", "id-Gost28147-89-CryptoPro-A-ParamSet", 0) <= 0) { ERROR_MSG("can't set params of the GOST engine"); goto err; } return; err: ENGINE_finish(eg); ENGINE_free(eg); eg = NULL; return; #endif }
ENGINE *scep_engine_init(ENGINE *e) { ENGINE_load_builtin_engines(); ENGINE_load_dynamic(); //if its not dynamic, try to load it directly. If OpenSSL has it already we are good to go! if(strcmp(g_char, "dynamic") != 0) { e = ENGINE_by_id(g_char); if ((e==NULL) && v_flag){ printf("%s: Engine %s could not be loaded. Trying to load dynamically...\n", pname, g_char); } } if(e == NULL) { ERR_clear_error(); e = scep_engine_load_dynamic(e); } if(scep_conf->engine->module_path) { if(ENGINE_ctrl_cmd_string(e, "MODULE_PATH", scep_conf->engine->module_path, 0) == 0) { fprintf(stderr, "%s: Adding MODULE PATH %s was not successful!\n", pname, scep_conf->engine->module_path); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } //define this engine as a default for all our crypto operations. This way OpenSSL automatically chooses the right functions if(ENGINE_set_default(e, ENGINE_METHOD_ALL) == 0) { fprintf(stderr, "%s: Error loading on setting defaults\n", pname); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } else if(v_flag) printf("%s: Engine %s made default for all operations\n", pname, g_char); //we need a functional reference and as such need to initialize if(ENGINE_init(e) == 0) { fprintf(stderr, "%s: Engine Init did not work\n", pname); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } else if(v_flag) printf("%s: Engine %s initialized\n", pname, g_char); //TODO: remove capi specific part! if(v_flag && strncmp(scep_conf->engine->engine_id, "capi", 4) == 0) { // set debug level if(!ENGINE_ctrl(e, (ENGINE_CMD_BASE + 2), 2, NULL, NULL)) { fprintf(stderr, "%s: Could not set debug level to %i\n", pname, 2); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } // set debug file (log) if(!ENGINE_ctrl(e, (ENGINE_CMD_BASE + 3), 0, "capi.log", NULL)) { fprintf(stderr, "%s: Could not set debug file to %s\n", pname, "capi.log"); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } //TODO: remove JKSEngine specific part! if(strncmp(scep_conf->engine->engine_id, "jksengine", 9) == 0) { if(scep_conf->engine->storepass) { if(!ENGINE_ctrl(e, 2, 0, scep_conf->engine->storepass, NULL)) { fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_KEYSTOREPASS); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } if(scep_conf->engine->jconnpath) { if(!ENGINE_ctrl(e, 3, 0, scep_conf->engine->jconnpath, 0)) { fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_JCONNPATH); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } if(scep_conf->engine->provider) { if(!ENGINE_ctrl(e, 4, 0, scep_conf->engine->provider, 0)) { fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_PROVIDER); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } if(scep_conf->engine->javapath) { if(!ENGINE_ctrl(e, 5, 0, scep_conf->engine->javapath, 0)) { fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_JAVAPATH); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } } //TODO: remove pkcs11 specific part! if(strncmp(scep_conf->engine->engine_id, "pkcs11", 6) == 0) { if(scep_conf->engine->pin) { if(!ENGINE_ctrl(e, (ENGINE_CMD_BASE + 2), 0, scep_conf->engine->pin, NULL)) { fprintf(stderr, "%s: Could not define PIN\n", pname); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } } return e; }
ERL_NIF_TERM engine_ctrl_cmd_strings_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Engine, Commands, Optional) */ #ifdef HAS_ENGINE_SUPPORT ERL_NIF_TERM ret; unsigned int cmds_len = 0; char **cmds = NULL; struct engine_ctx *ctx; unsigned int i; int optional = 0; int cmds_loaded = 0; // Get Engine ASSERT(argc == 3); if (!enif_get_resource(env, argv[0], engine_ctx_rtype, (void**)&ctx)) goto bad_arg; PRINTF_ERR1("Engine Id: %s\r\n", ENGINE_get_id(ctx->engine)); // Get Command List if (!enif_get_list_length(env, argv[1], &cmds_len)) goto bad_arg; if (cmds_len > (UINT_MAX / 2) - 1) goto err; cmds_len *= 2; // Key-Value list from erlang if ((size_t)cmds_len + 1 > SIZE_MAX / sizeof(char*)) goto err; if ((cmds = enif_alloc((cmds_len + 1) * sizeof(char*))) == NULL) goto err; if (get_engine_load_cmd_list(env, argv[1], cmds, 0)) goto err; cmds_loaded = 1; if (!enif_get_int(env, argv[2], &optional)) goto err; for(i = 0; i < cmds_len; i+=2) { PRINTF_ERR2("Cmd: %s:%s\r\n", cmds[i] ? cmds[i] : "(NULL)", cmds[i+1] ? cmds[i+1] : "(NULL)"); if(!ENGINE_ctrl_cmd_string(ctx->engine, cmds[i], cmds[i+1], optional)) { PRINTF_ERR2("Command failed: %s:%s\r\n", cmds[i] ? cmds[i] : "(NULL)", cmds[i+1] ? cmds[i+1] : "(NULL)"); goto cmd_failed; } } ret = atom_ok; goto done; bad_arg: err: ret = enif_make_badarg(env); goto done; cmd_failed: ret = ERROR_Atom(env, "ctrl_cmd_failed"); done: if (cmds_loaded) { for (i = 0; cmds != NULL && cmds[i] != NULL; i++) enif_free(cmds[i]); } if (cmds != NULL) enif_free(cmds); return ret; #else return atom_notsup; #endif }
static int int_engine_configure(char *name, char *value, const CONF *cnf) { int i; int ret = 0; long do_init = -1; STACK_OF(CONF_VALUE) *ecmds; CONF_VALUE *ecmd; char *ctrlname, *ctrlvalue; ENGINE *e = NULL; name = skip_dot(name); #ifdef ENGINE_CONF_DEBUG fprintf(stderr, "Configuring engine %s\n", name); #endif /* Value is a section containing ENGINE commands */ ecmds = NCONF_get_section(cnf, value); if (!ecmds) { ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR); return 0; } for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { ecmd = sk_CONF_VALUE_value(ecmds, i); ctrlname = skip_dot(ecmd->name); ctrlvalue = ecmd->value; #ifdef ENGINE_CONF_DEBUG fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue); #endif /* First handle some special pseudo ctrls */ /* Override engine name to use */ if (!strcmp(ctrlname, "engine_id")) name = ctrlvalue; /* Load a dynamic ENGINE */ else if (!strcmp(ctrlname, "dynamic_path")) { e = ENGINE_by_id("dynamic"); if (!e) goto err; if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0)) goto err; if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0)) goto err; if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) goto err; } /* ... add other pseudos here ... */ else { /* At this point we need an ENGINE structural reference * if we don't already have one. */ if (!e) { e = ENGINE_by_id(name); if (!e) return 0; } /* Allow "EMPTY" to mean no value: this allows a valid * "value" to be passed to ctrls of type NO_INPUT */ if (!strcmp(ctrlvalue, "EMPTY")) ctrlvalue = NULL; if (!strcmp(ctrlname, "init")) { if (!NCONF_get_number_e(cnf, value, "init", &do_init)) goto err; if (do_init == 1) { if (!int_engine_init(e)) goto err; } else if (do_init != 0) { ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE); goto err; } } else if (!strcmp(ctrlname, "default_algorithms")) { if (!ENGINE_set_default_string(e, ctrlvalue)) goto err; } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0)) return 0; } } if (e && (do_init == -1) && !int_engine_init(e)) goto err; ret = 1; err: if (e) ENGINE_free(e); return ret; }
ENGINE *scep_engine_load_dynamic(ENGINE *e) { //it seems OpenSSL did not already have it. In this case we will try to load it dynamically e = ENGINE_by_id("dynamic"); //if we can't even load the dynamic engine, something is seriously wrong. We can't go on from here! if(e == NULL) { fprintf(stderr, "%s: Engine dynamic could not be loaded, Error message\n", pname); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } else if(v_flag) printf("%s: Engine dynamic was loaded\n", pname); //To load dynamically we have to tell openssl where to find it. if(scep_conf->engine->dynamic_path) { if(ENGINE_ctrl_cmd_string(e, "SO_PATH", scep_conf->engine->dynamic_path, 0) == 0) { fprintf(stderr, "%s: Loading %s did not succeed\n", pname, g_char); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } else if (v_flag) printf("%s: %s was found.\n", pname, g_char); } //engine will be added to the list of available engines. Should be done for complete import. if(ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0) == 0) { fprintf(stderr, "%s: Executing LIST_ADD did not succeed:\n", pname); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } else if(v_flag) printf("%s: Added %s to list of engines.\n", pname, g_char); /*if(!ENGINE_ctrl(e, (ENGINE_CMD_BASE + 12), 0, (void*)"REQUEST", NULL)) { } else if(v_flag) printf("Altered storename to %s\n", "REQUEST");*/ //Finally we load the engine. if(ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0) == 0) { fprintf(stderr, "%s: Executing LOAD did not succeed:\n", pname); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } else if(v_flag) printf("%s: Loading engine %s succeeded\n", pname, g_char); // Now issue any dynamic engine init cmds if any are configured if(scep_conf->engine->cmds != NULL) { int i=0; while(scep_conf->engine->cmds[i] != NULL) { NAME_VALUE_PAIR *cmd = scep_conf->engine->cmds[i]; if(ENGINE_ctrl_cmd_string(e, cmd->name, cmd->value, 0) == 0) { fprintf(stderr, "%s: Executing %s=%s failed\n", pname, cmd->name, cmd->value); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } else if(v_flag) { fprintf(stderr, "%s: Engine command %s=%s succeeded\n", pname, cmd->name, cmd->value); } i++; } } //all these functions were only needed if we loaded dynamically. Otherwise we could just skip this step. return e; }
int main(int argc, char **argv) { EVP_PKEY *private_key, *public_key; EVP_PKEY_CTX *pkey_ctx; EVP_MD_CTX *md_ctx; const EVP_MD *digest_algo; char *private_key_name, *public_key_name; unsigned char sig[4096]; size_t sig_len; unsigned char md[128]; size_t md_len; unsigned digest_len; char *key_pass = NULL; const char *module_path, *efile; ENGINE *e; int ret; if (argc < 5) { fprintf(stderr, "usage: %s [PIN] [CONF] [private key URL] [public key URL] [module]\n", argv[0]); fprintf(stderr, "\n"); exit(1); } key_pass = argv[1]; efile = argv[2]; private_key_name = argv[3]; public_key_name = argv[4]; module_path = argv[5]; ret = CONF_modules_load_file(efile, "engines", 0); if (ret <= 0) { fprintf(stderr, "cannot load %s\n", efile); display_openssl_errors(__LINE__); exit(1); } ENGINE_add_conf_module(); #if OPENSSL_VERSION_NUMBER>=0x10100000 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \ | OPENSSL_INIT_LOAD_CONFIG, NULL); #else OpenSSL_add_all_algorithms(); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); #endif ERR_clear_error(); ENGINE_load_builtin_engines(); e = ENGINE_by_id("pkcs11"); if (e == NULL) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_ctrl_cmd_string(e, "VERBOSE", NULL, 0)) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", module_path, 0)) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_init(e)) { display_openssl_errors(__LINE__); exit(1); } if (key_pass && !ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) { display_openssl_errors(__LINE__); exit(1); } private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL); if (private_key == NULL) { fprintf(stderr, "cannot load: %s\n", private_key_name); display_openssl_errors(__LINE__); exit(1); } public_key = ENGINE_load_public_key(e, public_key_name, NULL, NULL); if (public_key == NULL) { fprintf(stderr, "cannot load: %s\n", public_key_name); display_openssl_errors(__LINE__); exit(1); } digest_algo = EVP_get_digestbyname("sha256"); #define TEST_DATA "test data" md_ctx = EVP_MD_CTX_create(); if (EVP_DigestInit(md_ctx, digest_algo) <= 0) { display_openssl_errors(__LINE__); exit(1); } if (EVP_DigestUpdate(md_ctx, TEST_DATA, sizeof(TEST_DATA)) <= 0) { display_openssl_errors(__LINE__); exit(1); } digest_len = sizeof(md); if (EVP_DigestFinal(md_ctx, md, &digest_len) <= 0) { display_openssl_errors(__LINE__); exit(1); } md_len = digest_len; EVP_MD_CTX_destroy(md_ctx); /* Sign the hash */ pkey_ctx = EVP_PKEY_CTX_new(private_key, e); if (pkey_ctx == NULL) { fprintf(stderr, "Could not create context\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_sign_init(pkey_ctx) <= 0) { fprintf(stderr, "Could not init signature\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) { fprintf(stderr, "Could not set padding\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, digest_algo) <= 0) { fprintf(stderr, "Could not set message digest algorithm\n"); display_openssl_errors(__LINE__); exit(1); } sig_len = sizeof(sig); if (EVP_PKEY_sign(pkey_ctx, sig, &sig_len, md, EVP_MD_size(digest_algo)) <= 0) { display_openssl_errors(__LINE__); exit(1); } EVP_PKEY_CTX_free(pkey_ctx); printf("Signature created\n"); #if OPENSSL_VERSION_NUMBER >= 0x1000000fL pkey_ctx = EVP_PKEY_CTX_new(public_key, e); if (pkey_ctx == NULL) { fprintf(stderr, "Could not create context\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_verify_init(pkey_ctx) <= 0) { fprintf(stderr, "Could not init verify\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) { fprintf(stderr, "Could not set padding\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, digest_algo) <= 0) { fprintf(stderr, "Could not set message digest algorithm\n"); display_openssl_errors(__LINE__); exit(1); } ret = EVP_PKEY_verify(pkey_ctx, sig, sig_len, md, md_len); if (ret < 0) { display_openssl_errors(__LINE__); exit(1); } EVP_PKEY_CTX_free(pkey_ctx); if (ret == 1) { printf("Signature verified\n"); } else { printf("Verification failed\n"); display_openssl_errors(__LINE__); exit(1); } #else /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */ printf("Unable to verify signature with %s\n", OPENSSL_VERSION_TEXT); #endif /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */ ENGINE_finish(e); CONF_modules_unload(1); return 0; }
int main(int argc, char *argv[]) { int err=0; int v; RSA *key; unsigned char ptext[256]; unsigned char ctext[256]; static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; unsigned char ctext_ex[256]; int plen; int clen = 0; int num; int n; ENGINE *e; const char *engine_id = "remote"; ENGINE_load_builtin_engines(); e = ENGINE_by_id(engine_id); if(!e) /* the engine isn't available */ return 1; if(!ENGINE_init(e)) { /* the engine couldn't initialise, release 'e' */ ERR_print_errors_fp(stderr); ENGINE_free(e); return 1; } if(!ENGINE_set_default_RSA(e)) /* This should only happen when 'e' can't initialise, but the previous * statement suggests it did. */ abort(); ENGINE_ctrl_cmd_string(e, "ADD_WORKER", "local1,127.0.0.1:1234", 0); CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ plen = sizeof(ptext_ex) - 1; for (v = 0; v < 6; v++) { key = RSA_new(); switch (v%3) { case 0: clen = key1(key, ctext_ex); break; case 1: clen = key2(key, ctext_ex); break; case 2: clen = key3(key, ctext_ex); break; } if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME; num = RSA_public_encrypt(plen, ptext_ex, ctext, key, RSA_PKCS1_PADDING); if (num != clen) { printf("PKCS#1 v1.5 encryption failed!\n"); err=1; goto oaep; } num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING); if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { printf("PKCS#1 v1.5 decryption failed!\n"); err=1; } else printf("PKCS #1 v1.5 encryption/decryption ok\n"); oaep: ERR_clear_error(); num = RSA_public_encrypt(plen, ptext_ex, ctext, key, RSA_PKCS1_OAEP_PADDING); if (num == -1 && pad_unknown()) { printf("No OAEP support\n"); goto next; } if (num != clen) { printf("OAEP encryption failed!\n"); err=1; goto next; } num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_OAEP_PADDING); if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { printf("OAEP decryption (encrypted data) failed!\n"); err=1; } else if (memcmp(ctext, ctext_ex, num) == 0) printf("OAEP test vector %d passed!\n", v); /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try decrypting ctext_ex */ num = RSA_private_decrypt(clen, ctext_ex, ptext, key, RSA_PKCS1_OAEP_PADDING); if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { printf("OAEP decryption (test vector data) failed!\n"); err=1; } else printf("OAEP encryption/decryption ok\n"); /* Try decrypting corrupted ciphertexts */ for(n = 0 ; n < clen ; ++n) { int b; unsigned char saved = ctext[n]; for(b = 0 ; b < 256 ; ++b) { if(b == saved) continue; ctext[n] = b; num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_OAEP_PADDING); if(num > 0) { printf("Corrupt data decrypted!\n"); err = 1; } } } next: RSA_free(key); } ENGINE_finish(e); ENGINE_free(e); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); CRYPTO_mem_leaks_fp(stderr); #ifdef OPENSSL_SYS_NETWARE if (err) printf("ERROR: %d\n", err); #endif return err; }
int main(int argc, char *argv[]) { ENGINE *e; EVP_PKEY *pub_key; FILE *fp; char *engine = NULL; char *pin = NULL; char *keyname = NULL; char *filename = NULL; int c, errflg = 0; extern char *optarg; extern int optopt; while ((c = getopt(argc, argv, ":e:p:k:f:")) != -1) { switch (c) { case 'e': engine = optarg; break; case 'p': pin = optarg; break; case 'k': keyname = optarg; break; case 'f': filename = optarg; break; case ':': fprintf(stderr, "Option -%c requires an operand\n", optopt); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", optopt); errflg++; } } if ((errflg) || (!engine) || (!filename) || (!keyname)) { fprintf(stderr, "usage: PEM_write_pubkey -e engine [-p pin] " "-k keyname -f filename\n"); exit(1); } /* Load the config file */ OPENSSL_config(NULL); /* Register engine */ e = ENGINE_by_id(engine); if (!e) { /* the engine isn't available */ printf("The engine isn't available\n"); ERR_print_errors_fp(stderr); exit(1); } /* Send PIN to engine */ if (pin && !ENGINE_ctrl_cmd_string(e, "PIN", pin, 0)){ printf("Error sending PIN to engine\n"); ERR_print_errors_fp(stderr); ENGINE_free(e); exit(1); } if (!ENGINE_init(e)) { /* the engine couldn't initialise, release 'e' */ printf("The engine couldn't initialise\n"); ERR_print_errors_fp(stderr); ENGINE_free(e); exit(1); } if (!ENGINE_register_RSA(e)){ /* This should only happen when 'e' can't initialise, but the previous * statement suggests it did. */ printf("This should not happen\n"); ERR_print_errors_fp(stderr); exit(1); } /* Load public key */ pub_key = ENGINE_load_public_key(e, keyname, NULL, NULL); if (pub_key == NULL) { /* No public key */ printf("Error loading public key\n"); ERR_print_errors_fp(stderr); ENGINE_free(e); exit(1); } /* write public key to file in PEM format */ fp = fopen(filename, "w"); if (fp == NULL) { printf("Error opening output file.\n"); ENGINE_free(e); exit(1); } if (!PEM_write_PUBKEY(fp, pub_key)) { /* Error writing public key */ printf("Error writing public key"); ERR_print_errors_fp(stderr); ENGINE_free(e); exit(1); } fclose(fp); exit(0); }
int main(int argc, char **argv) { char *cert_src; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ERR_clear_error(); kbuild_verbose = atoi(getenv("KBUILD_VERBOSE")?:"0"); key_pass = getenv("KBUILD_SIGN_PIN"); if (argc != 3) format(); cert_src = argv[1]; cert_dst = argv[2]; if (!cert_src[0]) { /* Invoked with no input; create empty file */ FILE *f = fopen(cert_dst, "wb"); ERR(!f, "%s", cert_dst); fclose(f); exit(0); } else if (!strncmp(cert_src, "pkcs11:", 7)) { ENGINE *e; struct { const char *cert_id; X509 *cert; } parms; parms.cert_id = cert_src; parms.cert = NULL; ENGINE_load_builtin_engines(); drain_openssl_errors(); e = ENGINE_by_id("pkcs11"); ERR(!e, "Load PKCS#11 ENGINE"); if (ENGINE_init(e)) drain_openssl_errors(); else ERR(1, "ENGINE_init"); if (key_pass) ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN"); ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); ERR(!parms.cert, "Get X.509 from PKCS#11"); write_cert(parms.cert); } else { BIO *b; X509 *x509; b = BIO_new_file(cert_src, "rb"); ERR(!b, "%s", cert_src); while (1) { x509 = PEM_read_bio_X509(b, NULL, NULL, NULL); if (wb && !x509) { unsigned long err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { ERR_clear_error(); break; } } ERR(!x509, "%s", cert_src); write_cert(x509); } } BIO_free(wb); return 0; }