コード例 #1
1
ファイル: test_app.c プロジェクト: GarysRefererence2014/vhsm
int main(int argc, char *argv[]) {
    if(argc != 2) {
        printf("Usage: ./test_app <file_name>\n");
        return -1;
    }

    ENGINE *e = load_engine(ENGINE_MODULE, "test_engine");
    if(e == 0) {
        printf("Unable to load engine\n");
        return -1;
    }
    ENGINE_ctrl_cmd_string(e, "username", "user", 0);
    ENGINE_ctrl_cmd_string(e, "password", "password", 0);
    ENGINE_init(e);
    
    HMAC_CTX ctx;
    HMAC_CTX_init(&ctx);
    HMAC_Init_ex(&ctx, "test_key\0", 9, EVP_sha1(), e);

    FILE *f = fopen(argv[1], "r");
    char buf[BUF_SIZE];
    while(!feof(f)) {
        size_t ln = fread(buf, sizeof(char), BUF_SIZE, f);
        if(ln == 0) continue;
        HMAC_Update(&ctx, buf, ln);
    }
    fclose(f);
    
    unsigned int siglen;
    unsigned char md[20];
    HMAC_Final(&ctx, md, &siglen);
    ENGINE_finish(e);

    printf("HMAC-SHA1: ");
    for(size_t i = 0; i < siglen; i++) printf("%02x", md[i]);
    printf("\n");

    return 0;
}
コード例 #2
0
ファイル: benchmark.c プロジェクト: Optiminer/OpenCL-AES
int main(int argc, char **argv) {
	OpenSSL_add_all_algorithms();
	
	int len = 128 * MB;
	if (argc > 1) {
		len = atoi(argv[1]) * MB;
	}
	
	unsigned char *buf = (unsigned char *) malloc(TOTAL_LEN);
	if (!buf) {
		fprintf(stderr, "Error Allocating Memory");
	}
	
	ENGINE_load_builtin_engines();
#ifdef OPENCL_ENGINE
	ENGINE *e = ENGINE_by_id("dynamic");
	if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", OPENCL_ENGINE, 0) ||
		!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
		fprintf(stderr, "Failed to load OpenCL engine!\n");
		return -1;
	}
	ENGINE_set_default(e, ENGINE_METHOD_ALL);
#endif
	
	run(argv[0], buf, len);
	
	free(buf);
	
	return 0;
}
コード例 #3
0
DynamicEngine::DynamicEngine( const string & id,
                              const StringList & engineLibPaths )
{
    DEBUG( "dynamic: ctor: loading and configuring dynamic engine" );
    ENGINE_load_dynamic();

    ENGINE * dyn = ENGINE_by_id( "dynamic" );
    if ( ! dyn )
        throw Exception( "dynamic: load failed" );

    m_pEngine = dyn;

    const string engineLibPath( findFirstExisting( engineLibPaths ) );
    if ( engineLibPath.empty() )
        throw Exception( "dynamic: unable to find engine lib path" );

    DEBUG( "dynamic: ctor: so_path=" << QS( engineLibPath ) );
    if ( 1 != ENGINE_ctrl_cmd_string( dyn, "SO_PATH", engineLibPath.c_str(), CMD_MANDATORY ) )
        throw Exception( "dynamic: setting so_path <= " + QS( engineLibPath ) );

    DEBUG( "dynamic: ctor: id=" << QS( id ) );
    if ( 1 != ENGINE_ctrl_cmd_string( dyn, "ID", id.c_str(), CMD_MANDATORY ) )
        throw Exception( "dynamic: setting id <= " + QS( id ) );

    DEBUG( "dynamic: ctor: list_add=1" );
    if ( 1 != ENGINE_ctrl_cmd( dyn, "LIST_ADD", 1, NULL, NULL, CMD_MANDATORY ) )
        throw Exception( "dynamic: setting list_add <= 1" );

    DEBUG( "dynamic: ctor: load=1" );
    if ( 1 != ENGINE_ctrl_cmd( dyn, "LOAD", 1, NULL, NULL, CMD_MANDATORY ) )
        throw Exception( "dynamic: setting load <= 1" );

    DEBUG( "dynamic: ctor: done" );
}
コード例 #4
0
ファイル: tor.c プロジェクト: postfix/libtor
void
tor_init_with_engine (const char* name, const char* path)
{
	ENGINE* engine;

	if (initialized) {
		return;
	}

	tor_init();

	if (path == NULL) {
		engine = ENGINE_by_id(name);
	}
	else {
		engine = ENGINE_by_id("dynamic");

		if (!ENGINE_ctrl_cmd_string(engine, "ID", name, 0) ||
		    !ENGINE_ctrl_cmd_string(engine, "DIR_LOAD", "2", 0) ||
		    !ENGINE_ctrl_cmd_string(engine, "DIR_ADD", path, 0) ||
		    !ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0)) {
			ENGINE_free(engine);
			engine = NULL;
		}
	}

	if (engine) {
		ENGINE_set_default(engine, ENGINE_METHOD_ALL);
	}
}
コード例 #5
0
ファイル: pivhelper.c プロジェクト: not1337/pam_pivcard
static int load_engine(void **ctx,MESSAGE *msg)
{
	int i;
	ENGINE **e=(ENGINE **)ctx;

	ENGINE_load_dynamic();

	if(!(*e=ENGINE_by_id("dynamic")))goto err1;

	if(!ENGINE_ctrl_cmd_string(*e,"SO_PATH",msg->engine,0))goto err2;
	for(i=0;pkcs11[i].name;i++)
		if(!ENGINE_ctrl_cmd_string(*e,pkcs11[i].name,pkcs11[i].value,0))
			goto err2;
	if(!ENGINE_ctrl_cmd_string(*e,"MODULE_PATH",msg->pkcs11,0))goto err2;
	if(msg->nopin)if(!ENGINE_ctrl_cmd_string(*e,"NOLOGIN","1",0))goto err2;
	if(!ENGINE_ctrl_cmd_string(*e,"PIN",msg->nopin?"":msg->pin,0))goto err2;
	if(!ENGINE_init(*e))
	{
err2:		ENGINE_free(*e);
err1:		ENGINE_cleanup();
		return ENGFAIL;
	}

	ENGINE_free(*e);

	ENGINE_set_default(*e,ENGINE_METHOD_ALL&~ENGINE_METHOD_RAND);

	return OK;
}
コード例 #6
0
ファイル: openssl.c プロジェクト: securez/opendnie
void
sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *card)
{
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE)
	void (*locking_cb)(int, int, const char *, int);
	ENGINE *e;

	locking_cb = CRYPTO_get_locking_callback();
	if (locking_cb)
		CRYPTO_set_locking_callback(NULL);

	e = ENGINE_by_id("gost");
	if (!e)
	{
#if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST)
		ENGINE_load_gost();
		e = ENGINE_by_id("gost");
#else
		/* try to load dynamic gost engine */
		e = ENGINE_by_id("dynamic");
		if (!e) {
			ENGINE_load_dynamic();
			e = ENGINE_by_id("dynamic");
		}
		if (e && (!ENGINE_ctrl_cmd_string(e, "SO_PATH", "gost", 0) ||
					!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))) {
			ENGINE_free(e);
			e = NULL;
		}
#endif /* !OPENSSL_NO_STATIC_ENGINE && !OPENSSL_NO_GOST */
	}
	if (e) {
		ENGINE_set_default(e, ENGINE_METHOD_ALL);
		ENGINE_free(e);
	}

	if (locking_cb)
		CRYPTO_set_locking_callback(locking_cb);
#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ENGINE) */

	openssl_sha1_mech.mech_data = EVP_sha1();
	sc_pkcs11_register_mechanism(card, &openssl_sha1_mech);
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
	openssl_sha256_mech.mech_data = EVP_sha256();
	sc_pkcs11_register_mechanism(card, &openssl_sha256_mech);
	openssl_sha384_mech.mech_data = EVP_sha384();
	sc_pkcs11_register_mechanism(card, &openssl_sha384_mech);
	openssl_sha512_mech.mech_data = EVP_sha512();
	sc_pkcs11_register_mechanism(card, &openssl_sha512_mech);
#endif
	openssl_md5_mech.mech_data = EVP_md5();
	sc_pkcs11_register_mechanism(card, &openssl_md5_mech);
	openssl_ripemd160_mech.mech_data = EVP_ripemd160();
	sc_pkcs11_register_mechanism(card, &openssl_ripemd160_mech);
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
	openssl_gostr3411_mech.mech_data = EVP_get_digestbynid(NID_id_GostR3411_94);
	sc_pkcs11_register_mechanism(card, &openssl_gostr3411_mech);
#endif
}
コード例 #7
0
ファイル: Pkcs11.cpp プロジェクト: PACSinTERRA/orthanc
    void Initialize(const std::string& module,
                    const std::string& pin,
                    bool verbose)
    {
      if (pkcs11Initialized_)
      {
        LOG(ERROR) << "The PKCS#11 engine has already been initialized";
        throw OrthancException(ErrorCode_BadSequenceOfCalls);
      }

      if (module.empty() ||
          !SystemToolbox::IsRegularFile(module))
      {
        LOG(ERROR) << "The PKCS#11 module must be a path to one shared library (DLL or .so)";
        throw OrthancException(ErrorCode_InexistentFile);
      }

      ENGINE* engine = LoadEngine();
      if (!engine)
      {
        LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11";
        throw OrthancException(ErrorCode_InternalError);
      }

      if (!ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", module.c_str(), 0))
      {
        LOG(ERROR) << "Cannot configure the OpenSSL dynamic engine for PKCS#11";
        throw OrthancException(ErrorCode_InternalError);
      }

      if (verbose)
      {
        ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0);
      }

      if (!pin.empty() &&
          !ENGINE_ctrl_cmd_string(engine, "PIN", pin.c_str(), 0)) 
      {
        LOG(ERROR) << "Cannot set the PIN code for PKCS#11";
        throw OrthancException(ErrorCode_InternalError);
      }
  
      if (!ENGINE_init(engine))
      {
        LOG(ERROR) << "Cannot initialize the OpenSSL dynamic engine for PKCS#11";
        throw OrthancException(ErrorCode_InternalError);
      }

      LOG(WARNING) << "The PKCS#11 engine has been successfully initialized";
      pkcs11Initialized_ = true;
    }
コード例 #8
0
ファイル: crypto_openssl.c プロジェクト: AllardJ/Tomato
/* Try to load an engine in a shareable library */
static ENGINE *
try_load_engine (const char *engine)
{
  ENGINE *e = ENGINE_by_id ("dynamic");
  if (e)
    {
      if (!ENGINE_ctrl_cmd_string (e, "SO_PATH", engine, 0)
	  || !ENGINE_ctrl_cmd_string (e, "LOAD", NULL, 0))
	{
	  ENGINE_free (e);
	  e = NULL;
	}
    }
  return e;
}
コード例 #9
0
isc_result_t
dst__opensslgost_init(dst_func_t **funcp) {
	REQUIRE(funcp != NULL);

	/* check if the gost engine works properly */
	e = ENGINE_by_id("gost");
	if (e == NULL)
		return (DST_R_OPENSSLFAILURE);
	if (ENGINE_init(e) <= 0) {
		ENGINE_free(e);
		e = NULL;
		return (DST_R_OPENSSLFAILURE);
	}
	/* better than to rely on digest_gost symbol */
	opensslgost_digest = ENGINE_get_digest(e, NID_id_GostR3411_94);
	/* from openssl.cnf */
	if ((opensslgost_digest == NULL) ||
	    (ENGINE_register_pkey_asn1_meths(e) <= 0) ||
	    (ENGINE_ctrl_cmd_string(e,
				    "CRYPT_PARAMS",
				    "id-Gost28147-89-CryptoPro-A-ParamSet",
				    0) <= 0)) {
		ENGINE_finish(e);
		ENGINE_free(e);
		e = NULL;
		return (DST_R_OPENSSLFAILURE);
	}

	if (*funcp == NULL)
		*funcp = &opensslgost_functions;
	return (ISC_R_SUCCESS);
}
コード例 #10
0
ファイル: engine.c プロジェクト: alemic/lua-openssl
static int openssl_engine_ctrl(lua_State*L){
	ENGINE* eng = CHECK_OBJECT(1,ENGINE,"openssl.engine");

	if(lua_isnumber(L, 2)){
		int cmd = luaL_checkint(L, 2);
		if(lua_isnoneornil(L, 3)){
			int ret = ENGINE_cmd_is_executable(eng, cmd);
			lua_pushboolean(L, ret);
		}else{
			long i = (long)luaL_checknumber(L, 3);
			void* p = lua_touserdata(L, 4);
			int ret = ENGINE_ctrl(eng, cmd, i, p, NULL);
			lua_pushboolean(L, ret);
		}
	}else{
		const char* cmd = luaL_checkstring(L, 2);
		if(lua_isnumber(L, 3))
		{
			long i = (long)luaL_checknumber(L, 3);
			void* p = lua_touserdata(L, 4);
			int opt = luaL_optint(L, 5, 0);
			int ret = ENGINE_ctrl_cmd(eng, cmd, i, p, NULL, opt);
			lua_pushboolean(L, ret);
		}else{
			const char* arg  = luaL_optstring(L, 3, NULL);
			int opt = luaL_optint(L, 4, 0);
			int ret = ENGINE_ctrl_cmd_string(eng, cmd, arg, opt);
			lua_pushboolean(L, ret);
		}
	}
	return 1;
}
コード例 #11
0
ファイル: test_app.c プロジェクト: GarysRefererence2014/vhsm
ENGINE *load_engine(const char *so_path, const char *id) {
    ENGINE_load_dynamic();
    ENGINE *de = ENGINE_by_id("dynamic");
    if(de == 0) {
        printf("Unable to load dynamic engine\n");
        return 0;
    }

    if(!ENGINE_ctrl_cmd_string(de, "SO_PATH", so_path, 0)) {
        printf("Unable to load desired engine\n");
        return 0;
    }
    ENGINE_ctrl_cmd_string(de, "LIST_ADD", "2", 0);
    ENGINE_ctrl_cmd_string(de, "LOAD", NULL, 0);
    ENGINE_free(de);
    return ENGINE_by_id(id);
}
コード例 #12
0
void 
TokenEngine::login( const string & pin )
{
    if ( 1 != ENGINE_ctrl_cmd_string( m_pEngine, "PIN",
                                      pin.c_str(), CMD_MANDATORY ) )
        throw Exception( "token: unable to log in"
                               " with PIN=" + QS( pin ) );
}
コード例 #13
0
static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
	{
	int loop, res, num = sk_num(cmds);
	if(num < 0)
		{
		BIO_printf(bio_out, "[Error]: internal stack error\n");
		return;
		}
	for(loop = 0; loop < num; loop++)
		{
		char buf[256];
		const char *cmd, *arg;
		cmd = sk_value(cmds, loop);
		res = 1; /* assume success */
		/* Check if this command has no ":arg" */
		if((arg = strstr(cmd, ":")) == NULL)
			{
			if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
				res = 0;
			}
		else
			{
			if((int)(arg - cmd) > 254)
				{
				BIO_printf(bio_out,"[Error]: command name too long\n");
				return;
				}
			memcpy(buf, cmd, (int)(arg - cmd));
			buf[arg-cmd] = '\0';
			arg++; /* Move past the ":" */
			/* Call the command with the argument */
			if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
				res = 0;
			}
		if(res)
			BIO_printf(bio_out, "[Success]: %s\n", cmd);
		else
			{
			BIO_printf(bio_out, "[Failure]: %s\n", cmd);
			ERR_print_errors(bio_out);
			}
		}
	}
コード例 #14
0
ファイル: openssl_link.c プロジェクト: rodrigc/bz-vimage
/*
 * 'name' is the name the engine is known by to the dst library.
 * This may or may not match the name the engine is known by to
 * openssl.  It is the name that is stored in the private key file.
 *
 * 'engine_id' is the openssl engine name.
 *
 * pre_cmds and post_cmds a sequence if command argument pairs
 * pre_num and post_num are a count of those pairs.
 *
 * "SO_PATH", PKCS11_SO_PATH ("/usr/local/lib/engines/engine_pkcs11.so")
 * "LOAD", NULL
 * "MODULE_PATH", PKCS11_MODULE_PATH ("/usr/lib/libpkcs11.so")
 */
static isc_result_t
dst__openssl_load_engine(const char *name, const char *engine_id,
			 const char **pre_cmds, int pre_num,
			 const char **post_cmds, int post_num)
{
	ENGINE *e;

	UNUSED(name);

	if (!strcasecmp(engine_id, "dynamic"))
		ENGINE_load_dynamic();
	e = ENGINE_by_id(engine_id);
	if (e == NULL)
		return (ISC_R_NOTFOUND);
	while (pre_num--) {
		if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
			ENGINE_free(e);
			return (ISC_R_FAILURE);
		}
		pre_cmds += 2;
	}
	if (!ENGINE_init(e)) {
		ENGINE_free(e);
		return (ISC_R_FAILURE);
	}
	/*
	 * ENGINE_init() returned a functional reference, so free the
	 * structural reference from ENGINE_by_id().
	 */
	ENGINE_free(e);
	while (post_num--) {
		if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
			ENGINE_free(e);
			return (ISC_R_FAILURE);
		}
		post_cmds += 2;
	}
	if (he != NULL)
		ENGINE_finish(he);
	he = e;
	return (ISC_R_SUCCESS);
}
コード例 #15
0
ファイル: net.c プロジェクト: authorNari/panda
static ENGINE *
InitEnginePKCS11( const char *pkcs11, const char *pin)
{
	ENGINE *e;
	ENGINE_load_dynamic();
	e = ENGINE_by_id("dynamic");
	if (!e){
		SSL_Error(_d("Engine_by_id:\n %s"), GetSSLErrorString());
		return NULL;
	}

	if(!ENGINE_ctrl_cmd_string(e, "SO_PATH", ENGINE_PKCS11_PATH, 0)||
	   !ENGINE_ctrl_cmd_string(e, "ID", "pkcs11", 0) ||
	   !ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0) ||
	   !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0) ||
	   !ENGINE_ctrl_cmd_string(e, "MODULE_PATH", pkcs11, 0) ||
	   !ENGINE_ctrl_cmd_string(e, "PIN", pin, 0) ){
		SSL_Error(_d("Engine_ctrl_cmd_string failure:\n %s"), GetSSLErrorString());
		ENGINE_free(e);
		return NULL;
	}

	if(!ENGINE_init(e)){
		SSL_Error(_d("Engine_init failure:\n %s"), GetSSLErrorString());
		ENGINE_free(e);
		return NULL;
	}

	return e; 
}
コード例 #16
0
ファイル: ossl_engine.c プロジェクト: Emily/rubinius
static VALUE
ossl_engine_ctrl_cmd(int argc, VALUE *argv, VALUE self)
{
    ENGINE *e;
    VALUE cmd, val;
    int ret;

    GetEngine(self, e);
    rb_scan_args(argc, argv, "11", &cmd, &val);
    StringValue(cmd);
    if (!NIL_P(val)) StringValue(val);
    ret = ENGINE_ctrl_cmd_string(e, RSTRING_PTR(cmd),
				 NIL_P(val) ? NULL : RSTRING_PTR(val), 0);
    if (!ret) ossl_raise(eEngineError, NULL);

    return self;
}
コード例 #17
0
TokenEngine::TokenEngine( const StringList & modulePaths )
{
    ENGINE * tok = ENGINE_by_id( "pkcs11" );
    if ( ! tok )
        throw Exception( "token: unable to get engine" );

    m_pEngine = tok;

    const string modulePath( findFirstExisting( modulePaths ) );
    if ( modulePath.empty() )
        throw Exception( "token: unable to find module path" );

    DEBUG( "token: ctor: module_path=" << QS( modulePath ) );
    if ( 1 != ENGINE_ctrl_cmd_string( tok, "MODULE_PATH", modulePath.c_str(), CMD_MANDATORY ) )
        throw Exception( "token: setting module_path <= " + QS( modulePath ) );

    DEBUG( "token: ctor: initializing " << m_pEngine );
    if ( 1 != ENGINE_init( tok ) )
        throw Exception( "token: unable to initialize" );

    DEBUG( "token: ctor: done" );
}
コード例 #18
0
ファイル: signature.c プロジェクト: ukleinek/rauc
static ENGINE *get_pkcs11_engine(GError **error)
{
	static ENGINE *e = NULL;
	unsigned long err;
	const gchar *data;
	const gchar *env;
	int flags;

	g_return_val_if_fail(error == NULL || *error == NULL, NULL);

	ENGINE_load_builtin_engines();

	e = ENGINE_by_id("pkcs11");
	if (e == NULL) {
		err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
		g_set_error(
				error,
				R_SIGNATURE_ERROR,
				R_SIGNATURE_ERROR_LOAD_FAILED,
				"failed to load PKCS11 engine: %s",
				(flags & ERR_TXT_STRING) ? data : ERR_error_string(err, NULL));

		goto out;
	}

	env = g_getenv("RAUC_PKCS11_MODULE");
	if (env != NULL) {
		if (!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", env, 0)) {
			err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
			g_set_error(
					error,
					R_SIGNATURE_ERROR,
					R_SIGNATURE_ERROR_PARSE_ERROR,
					"failed to configure PKCS11 module path: %s",
					(flags & ERR_TXT_STRING) ? data : ERR_error_string(err, NULL));
			goto free;
		}
	}

	if (ENGINE_init(e) == 0) {
		err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
		g_set_error(
				error,
				R_SIGNATURE_ERROR,
				R_SIGNATURE_ERROR_LOAD_FAILED,
				"failed to initialize PKCS11 engine: %s",
				(flags & ERR_TXT_STRING) ? data : ERR_error_string(err, NULL));

		goto free;
	}

	env = g_getenv("RAUC_PKCS11_PIN");
	if (env != NULL) {
		if (!ENGINE_ctrl_cmd_string(e, "PIN", env, 0)) {
			err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
			g_set_error(
					error,
					R_SIGNATURE_ERROR,
					R_SIGNATURE_ERROR_PARSE_ERROR,
					"failed to configure PKCS11 PIN: %s",
					(flags & ERR_TXT_STRING) ? data : ERR_error_string(err, NULL));
			goto finish;
		}
	}

	goto out;

finish:
	ENGINE_finish(e);
free:
	ENGINE_free(e);
	e = NULL;
out:
	return e;
}
コード例 #19
0
ファイル: eng_list.c プロジェクト: Voxer/openssl
ENGINE *ENGINE_by_id(const char *id)
{
    ENGINE *iterator;
    char *load_dir = NULL;
    if (id == NULL) {
        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
        return NULL;
    }
    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
    iterator = engine_list_head;
    while (iterator && (strcmp(id, iterator->id) != 0))
        iterator = iterator->next;
    if (iterator != NULL) {
        /*
         * We need to return a structural reference. If this is an ENGINE
         * type that returns copies, make a duplicate - otherwise increment
         * the existing ENGINE's reference count.
         */
        if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
            ENGINE *cp = ENGINE_new();
            if (cp == NULL)
                iterator = NULL;
            else {
                engine_cpy(cp, iterator);
                iterator = cp;
            }
        } else {
            iterator->struct_ref++;
            engine_ref_debug(iterator, 0, 1);
        }
    }
    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
    if (iterator != NULL)
        return iterator;
    /*
     * Prevent infinite recursion if we're looking for the dynamic engine.
     */
    if (strcmp(id, "dynamic")) {
# ifdef OPENSSL_SYS_VMS
        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
            load_dir = "SSLROOT:[ENGINES]";
# else
        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
            load_dir = ENGINESDIR;
# endif
        iterator = ENGINE_by_id("dynamic");
        if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
            !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
            !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
                                    load_dir, 0) ||
            !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
            !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
            goto notfound;
        return iterator;
    }
 notfound:
    ENGINE_free(iterator);
    ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
    ERR_add_error_data(2, "id=", id);
    return NULL;
    /* EEK! Experimental code ends */
}
コード例 #20
0
ファイル: check-privkey.c プロジェクト: mouse07410/libp11
int main(int argc, char *argv[])
{
	ENGINE *engine;
	EVP_PKEY *pkey;
	X509 *cert;
	FILE *cert_fp;

	const char *module, *efile, *certfile, *privkey;

	int ret = 0;

	if (argc < 4){
		printf("Too few arguments\n");
		usage(argv);
		return 1;
	}

	certfile = argv[1];
	privkey = argv[2];
	module = argv[3];
	efile = argv[4];

	cert_fp = fopen(certfile, "rb");
	if (!cert_fp) {
		fprintf(stderr, "%s:%d Could not open file %s\n", __FILE__, __LINE__, certfile);
		ret = 1;
		goto end;
	}

	cert = PEM_read_X509(cert_fp, NULL, NULL, NULL);
	if (!cert) {
		fprintf(stderr, "%s:%d Could not read certificate file"
		        "(must be PEM format)\n", __FILE__, __LINE__);
	}

	if (cert_fp) {
		fclose(cert_fp);
	}

	ret = CONF_modules_load_file(efile, "engines", 0);
	if (ret <= 0) {
		fprintf(stderr, "%s:%d cannot load %s\n", __FILE__, __LINE__, efile);
		display_openssl_errors(__LINE__);
		exit(1);
	}

	ENGINE_add_conf_module();
#if OPENSSL_VERSION_NUMBER>=0x10100000
	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
		| OPENSSL_INIT_ADD_ALL_DIGESTS \
		| OPENSSL_INIT_LOAD_CONFIG, NULL);
#else
	OpenSSL_add_all_algorithms();
	OpenSSL_add_all_digests();
	ERR_load_crypto_strings();
#endif
	ERR_clear_error();

	ENGINE_load_builtin_engines();

	engine = ENGINE_by_id("pkcs11");
	if (engine == NULL) {
		printf("%s:%d Could not get engine\n", __FILE__, __LINE__);
		display_openssl_errors(__LINE__);
		ret = 1;
		goto end;
	}

	if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) {
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (!ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", module, 0)) {
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (!ENGINE_init(engine)) {
		printf("Could not initialize engine\n");
		display_openssl_errors(__LINE__);
		ret = 1;
		goto end;
	}

	pkey = ENGINE_load_private_key(engine, privkey, 0, 0);

	if (pkey == NULL) {
		printf("%s:%d Could not load key\n", __FILE__, __LINE__);
		display_openssl_errors(__LINE__);
		ret = 1;
		goto end;
	}



	ret = X509_check_private_key(cert, pkey);
	if (!ret) {
		printf("%s:%d Could not check private key\n", __FILE__, __LINE__);
		display_openssl_errors(__LINE__);
		ret = 1;
		goto end;
	}

	printf("Key and certificate matched\n");
	ret = 0;

	CONF_modules_unload(1);
end:
	X509_free(cert);
	EVP_PKEY_free(pkey);
	
	ENGINE_finish(engine);

	return ret;
}
コード例 #21
0
ファイル: OSSLCryptoFactory.cpp プロジェクト: bzero/SoftHSMv2
// Constructor
OSSLCryptoFactory::OSSLCryptoFactory()
{
	// Multi-thread support
	nlocks = CRYPTO_num_locks();
	locks = new Mutex*[nlocks];
	for (unsigned i = 0; i < nlocks; i++)
	{
		locks[i] = MutexFactory::i()->getMutex();
	}
#ifdef HAVE_PTHREAD_H
	CRYPTO_set_id_callback(id_callback);
#endif
	CRYPTO_set_locking_callback(lock_callback);

#ifdef WITH_FIPS
	// Already in FIPS mode on reenter (avoiding selftests)
	if (!FIPS_mode())
	{
		FipsSelfTestStatus = false;
		if (!FIPS_mode_set(1))
		{
			ERROR_MSG("can't enter into FIPS mode");
			return;
		}
	} else {
		// Undo RAND_cleanup()
		RAND_init_fips();
	}
	FipsSelfTestStatus = true;
#endif

	// Initialise OpenSSL
	OpenSSL_add_all_algorithms();

	// Initialise the one-and-only RNG
	rng = new OSSLRNG();

#ifdef WITH_GOST
	// Load engines
	ENGINE_load_builtin_engines();

	// Initialise the GOST engine
	eg = ENGINE_by_id("gost");
	if (eg == NULL)
	{
		ERROR_MSG("can't get the GOST engine");
		return;
	}
	if (ENGINE_init(eg) <= 0)
	{
		ENGINE_free(eg);
		eg = NULL;
		ERROR_MSG("can't initialize the GOST engine");
		return;
	}
	// better than digest_gost
	EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94);
	if (EVP_GOST_34_11 == NULL)
	{
		ERROR_MSG("can't get the GOST digest");
		goto err;
	}
	// from the openssl.cnf
	if (ENGINE_register_pkey_asn1_meths(eg) <= 0)
	{
		ERROR_MSG("can't register ASN.1 for the GOST engine");
		goto err;
	}
	if (ENGINE_ctrl_cmd_string(eg,
				   "CRYPT_PARAMS",
				   "id-Gost28147-89-CryptoPro-A-ParamSet",
				   0) <= 0)
	{
		ERROR_MSG("can't set params of the GOST engine");
		goto err;
	}
	return;

err:
	ENGINE_finish(eg);
	ENGINE_free(eg);
	eg = NULL;
	return;
#endif
}
コード例 #22
0
ファイル: engine.c プロジェクト: certnanny/sscep
ENGINE *scep_engine_init(ENGINE *e) {
	

		ENGINE_load_builtin_engines();
		ENGINE_load_dynamic();
		//if its not dynamic, try to load it directly. If OpenSSL has it already we are good to go!
		if(strcmp(g_char, "dynamic") != 0)
		{
			e = ENGINE_by_id(g_char);
			if ((e==NULL) && v_flag){
				printf("%s: Engine %s could not be loaded. Trying to load dynamically...\n", pname, g_char);
			}
		}

		if(e == NULL)
		{
			ERR_clear_error();
			e = scep_engine_load_dynamic(e);
		}

		if(scep_conf->engine->module_path) {
			if(ENGINE_ctrl_cmd_string(e, "MODULE_PATH", scep_conf->engine->module_path, 0) == 0) {
				fprintf(stderr, "%s: Adding MODULE PATH %s was not successful!\n", pname, scep_conf->engine->module_path);
				sscep_engine_report_error();
				exit (SCEP_PKISTATUS_ERROR);
			}
		}

		//define this engine as a default for all our crypto operations. This way OpenSSL automatically chooses the right functions
		if(ENGINE_set_default(e, ENGINE_METHOD_ALL) == 0) {
				fprintf(stderr, "%s: Error loading on setting defaults\n", pname);
				sscep_engine_report_error();
				exit (SCEP_PKISTATUS_ERROR);
		} else if(v_flag)
			printf("%s: Engine %s made default for all operations\n", pname, g_char);

		//we need a functional reference and as such need to initialize
		if(ENGINE_init(e) == 0) {
			fprintf(stderr, "%s: Engine Init did not work\n", pname);
			sscep_engine_report_error();
			exit (SCEP_PKISTATUS_ERROR);
		} else if(v_flag)
			printf("%s: Engine %s initialized\n", pname, g_char);


		//TODO: remove capi specific part!
		if(v_flag && strncmp(scep_conf->engine->engine_id, "capi", 4) == 0) {
			// set debug level
			if(!ENGINE_ctrl(e, (ENGINE_CMD_BASE + 2), 2, NULL, NULL)) {
				fprintf(stderr, "%s: Could not set debug level to %i\n", pname, 2);
				sscep_engine_report_error();
				exit (SCEP_PKISTATUS_ERROR);
			}
			// set debug file (log)
			if(!ENGINE_ctrl(e, (ENGINE_CMD_BASE + 3), 0, "capi.log", NULL)) {
				fprintf(stderr, "%s: Could not set debug file to %s\n", pname, "capi.log");
				sscep_engine_report_error();
				exit (SCEP_PKISTATUS_ERROR);
			}
		}

		//TODO: remove JKSEngine specific part!
		if(strncmp(scep_conf->engine->engine_id, "jksengine", 9) == 0) {
			if(scep_conf->engine->storepass) {
				if(!ENGINE_ctrl(e, 2, 0, scep_conf->engine->storepass, NULL)) {
					fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_KEYSTOREPASS);
					sscep_engine_report_error();
					exit (SCEP_PKISTATUS_ERROR);
				}
			}

			if(scep_conf->engine->jconnpath) {
				if(!ENGINE_ctrl(e, 3, 0, scep_conf->engine->jconnpath, 0)) {
					fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_JCONNPATH);
					sscep_engine_report_error();
					exit (SCEP_PKISTATUS_ERROR);
				}
			}

			if(scep_conf->engine->provider) {
				if(!ENGINE_ctrl(e, 4, 0, scep_conf->engine->provider, 0)) {
					fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_PROVIDER);
					sscep_engine_report_error();
					exit (SCEP_PKISTATUS_ERROR);
				}
			}

			if(scep_conf->engine->javapath) {
				if(!ENGINE_ctrl(e, 5, 0, scep_conf->engine->javapath, 0)) {
					fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_JAVAPATH);
					sscep_engine_report_error();
					exit (SCEP_PKISTATUS_ERROR);
				}
			}
		}

		//TODO: remove pkcs11 specific part!
		if(strncmp(scep_conf->engine->engine_id, "pkcs11", 6) == 0) {
			if(scep_conf->engine->pin) {
				if(!ENGINE_ctrl(e, (ENGINE_CMD_BASE + 2), 0, scep_conf->engine->pin, NULL)) {
					fprintf(stderr, "%s: Could not define PIN\n", pname);
					sscep_engine_report_error();
					exit (SCEP_PKISTATUS_ERROR);
				}
			}
		}


		return e;
}
コード例 #23
0
ファイル: engine.c プロジェクト: bjorng/otp
ERL_NIF_TERM engine_ctrl_cmd_strings_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{/* (Engine, Commands, Optional) */
#ifdef HAS_ENGINE_SUPPORT
    ERL_NIF_TERM ret;
    unsigned int cmds_len = 0;
    char **cmds = NULL;
    struct engine_ctx *ctx;
    unsigned int i;
    int optional = 0;
    int cmds_loaded = 0;

    // Get Engine
    ASSERT(argc == 3);

    if (!enif_get_resource(env, argv[0], engine_ctx_rtype, (void**)&ctx))
        goto bad_arg;

    PRINTF_ERR1("Engine Id:  %s\r\n", ENGINE_get_id(ctx->engine));
    // Get Command List
    if (!enif_get_list_length(env, argv[1], &cmds_len))
        goto bad_arg;

    if (cmds_len > (UINT_MAX / 2) - 1)
        goto err;
    cmds_len *= 2; // Key-Value list from erlang

    if ((size_t)cmds_len + 1 > SIZE_MAX / sizeof(char*))
        goto err;
    if ((cmds = enif_alloc((cmds_len + 1) * sizeof(char*))) == NULL)
        goto err;
    if (get_engine_load_cmd_list(env, argv[1], cmds, 0))
        goto err;
    cmds_loaded = 1;
    if (!enif_get_int(env, argv[2], &optional))
        goto err;

    for(i = 0; i < cmds_len; i+=2) {
        PRINTF_ERR2("Cmd:  %s:%s\r\n",
                   cmds[i] ? cmds[i] : "(NULL)",
                   cmds[i+1] ? cmds[i+1] : "(NULL)");
        if(!ENGINE_ctrl_cmd_string(ctx->engine, cmds[i], cmds[i+1], optional)) {
            PRINTF_ERR2("Command failed:  %s:%s\r\n",
                        cmds[i] ? cmds[i] : "(NULL)",
                        cmds[i+1] ? cmds[i+1] : "(NULL)");
            goto cmd_failed;
        }
    }
    ret = atom_ok;
    goto done;

 bad_arg:
 err:
    ret = enif_make_badarg(env);
    goto done;

 cmd_failed:
    ret = ERROR_Atom(env, "ctrl_cmd_failed");

 done:
    if (cmds_loaded) {
        for (i = 0; cmds != NULL && cmds[i] != NULL; i++)
            enif_free(cmds[i]);
    }

    if (cmds != NULL)
        enif_free(cmds);

    return ret;

#else
    return atom_notsup;
#endif
}
コード例 #24
0
ファイル: eng_cnf.c プロジェクト: hackshields/antivirus
static int int_engine_configure(char *name, char *value, const CONF *cnf)
	{
	int i;
	int ret = 0;
	long do_init = -1;
	STACK_OF(CONF_VALUE) *ecmds;
	CONF_VALUE *ecmd;
	char *ctrlname, *ctrlvalue;
	ENGINE *e = NULL;
	name = skip_dot(name);
#ifdef ENGINE_CONF_DEBUG
	fprintf(stderr, "Configuring engine %s\n", name);
#endif
	/* Value is a section containing ENGINE commands */
	ecmds = NCONF_get_section(cnf, value);

	if (!ecmds)
		{
		ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
		return 0;
		}

	for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
		{
		ecmd = sk_CONF_VALUE_value(ecmds, i);
		ctrlname = skip_dot(ecmd->name);
		ctrlvalue = ecmd->value;
#ifdef ENGINE_CONF_DEBUG
	fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
#endif

		/* First handle some special pseudo ctrls */

		/* Override engine name to use */
		if (!strcmp(ctrlname, "engine_id"))
			name = ctrlvalue;
		/* Load a dynamic ENGINE */
		else if (!strcmp(ctrlname, "dynamic_path"))
			{
			e = ENGINE_by_id("dynamic");
			if (!e)
				goto err;
			if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
				goto err;
			if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
				goto err;
			if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
				goto err;
			}
		/* ... add other pseudos here ... */
		else
			{
			/* At this point we need an ENGINE structural reference
			 * if we don't already have one.
			 */
			if (!e)
				{
				e = ENGINE_by_id(name);
				if (!e)
					return 0;
				}
			/* Allow "EMPTY" to mean no value: this allows a valid
			 * "value" to be passed to ctrls of type NO_INPUT
		 	 */
			if (!strcmp(ctrlvalue, "EMPTY"))
				ctrlvalue = NULL;
			if (!strcmp(ctrlname, "init"))
				{
				if (!NCONF_get_number_e(cnf, value, "init", &do_init))
					goto err;
				if (do_init == 1)
					{
					if (!int_engine_init(e))
						goto err;
					}
				else if (do_init != 0)
					{
					ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
					goto err;
					}
				}
			else if (!strcmp(ctrlname, "default_algorithms"))
				{
				if (!ENGINE_set_default_string(e, ctrlvalue))
					goto err;
				}
			else if (!ENGINE_ctrl_cmd_string(e,
					ctrlname, ctrlvalue, 0))
				return 0;
			}



		}
	if (e && (do_init == -1) && !int_engine_init(e))
		goto err;
	ret = 1;
	err:
	if (e)
		ENGINE_free(e);
	return ret;
	}
コード例 #25
0
ファイル: engine.c プロジェクト: certnanny/sscep
ENGINE *scep_engine_load_dynamic(ENGINE *e) {
	//it seems OpenSSL did not already have it. In this case we will try to load it dynamically
	e = ENGINE_by_id("dynamic");

	//if we can't even load the dynamic engine, something is seriously wrong. We can't go on from here!
	if(e == NULL) {
		fprintf(stderr, "%s: Engine dynamic could not be loaded, Error message\n", pname);
		sscep_engine_report_error();
		exit (SCEP_PKISTATUS_ERROR);
	} else if(v_flag)
		printf("%s: Engine dynamic was loaded\n", pname);

	//To load dynamically we have to tell openssl where to find it.
	if(scep_conf->engine->dynamic_path) {
		if(ENGINE_ctrl_cmd_string(e, "SO_PATH", scep_conf->engine->dynamic_path, 0) == 0) {
			fprintf(stderr, "%s: Loading %s did not succeed\n", pname, g_char);
			sscep_engine_report_error();
			exit (SCEP_PKISTATUS_ERROR);
		} else if (v_flag)
			printf("%s: %s was found.\n", pname, g_char);
	}

	//engine will be added to the list of available engines. Should be done for complete import.
	if(ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0) == 0) {
		fprintf(stderr, "%s: Executing LIST_ADD did not succeed:\n", pname);
		sscep_engine_report_error();
		exit (SCEP_PKISTATUS_ERROR);
	} else if(v_flag)
		printf("%s: Added %s to list of engines.\n", pname, g_char);

	/*if(!ENGINE_ctrl(e, (ENGINE_CMD_BASE + 12), 0, (void*)"REQUEST", NULL)) {
	} else if(v_flag)
		printf("Altered storename to %s\n", "REQUEST");*/

	//Finally we load the engine.
	if(ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0) == 0) {
		fprintf(stderr, "%s: Executing LOAD did not succeed:\n", pname);
		sscep_engine_report_error();
		exit (SCEP_PKISTATUS_ERROR);
	} else if(v_flag)
		printf("%s: Loading engine %s succeeded\n", pname, g_char);

	// Now issue any dynamic engine init cmds if any are configured
	if(scep_conf->engine->cmds != NULL) {
        int i=0;
        while(scep_conf->engine->cmds[i] != NULL) {
                 NAME_VALUE_PAIR *cmd = scep_conf->engine->cmds[i];
                 if(ENGINE_ctrl_cmd_string(e, cmd->name, cmd->value, 0) == 0) {
                         fprintf(stderr, "%s: Executing %s=%s failed\n", pname, cmd->name, cmd->value);
                         sscep_engine_report_error();
                         exit (SCEP_PKISTATUS_ERROR);
                 } else if(v_flag) {
                         fprintf(stderr, "%s: Engine command %s=%s succeeded\n", pname, cmd->name, cmd->value);
                 }
                 i++;
         }
	}

	//all these functions were only needed if we loaded dynamically. Otherwise we could just skip this step.

	return e;
}
コード例 #26
0
ファイル: rsa-pss-sign.c プロジェクト: OpenSC/libp11
int main(int argc, char **argv)
{
	EVP_PKEY *private_key, *public_key;
	EVP_PKEY_CTX *pkey_ctx;
	EVP_MD_CTX *md_ctx;

	const EVP_MD *digest_algo;

	char *private_key_name, *public_key_name;

	unsigned char sig[4096];
	size_t sig_len;

	unsigned char md[128];
	size_t md_len;
	unsigned digest_len;

	char *key_pass = NULL;
	const char *module_path, *efile;

	ENGINE *e;

	int ret;

	if (argc < 5) {
		fprintf(stderr, "usage: %s [PIN] [CONF] [private key URL] [public key URL] [module]\n", argv[0]);
		fprintf(stderr, "\n");
		exit(1);
	}

	key_pass = argv[1];
	efile = argv[2];
	private_key_name = argv[3];
	public_key_name = argv[4];
	module_path = argv[5];

	ret = CONF_modules_load_file(efile, "engines", 0);
	if (ret <= 0) {
		fprintf(stderr, "cannot load %s\n", efile);
		display_openssl_errors(__LINE__);
		exit(1);
	}

	ENGINE_add_conf_module();
#if OPENSSL_VERSION_NUMBER>=0x10100000
	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
		| OPENSSL_INIT_ADD_ALL_DIGESTS \
		| OPENSSL_INIT_LOAD_CONFIG, NULL);
#else
	OpenSSL_add_all_algorithms();
	OpenSSL_add_all_digests();
	ERR_load_crypto_strings();
#endif
	ERR_clear_error();

	ENGINE_load_builtin_engines();
	e = ENGINE_by_id("pkcs11");
	if (e == NULL) {
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (!ENGINE_ctrl_cmd_string(e, "VERBOSE", NULL, 0)) {
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", module_path, 0)) {
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (!ENGINE_init(e)) {
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (key_pass && !ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) {
		display_openssl_errors(__LINE__);
		exit(1);
	}

	private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL);
	if (private_key == NULL) {
		fprintf(stderr, "cannot load: %s\n", private_key_name);
		display_openssl_errors(__LINE__);
		exit(1);
	}

	public_key = ENGINE_load_public_key(e, public_key_name, NULL, NULL);
	if (public_key == NULL) {
		fprintf(stderr, "cannot load: %s\n", public_key_name);
		display_openssl_errors(__LINE__);
		exit(1);
	}

	digest_algo = EVP_get_digestbyname("sha256");

#define TEST_DATA "test data"

	md_ctx = EVP_MD_CTX_create();
	if (EVP_DigestInit(md_ctx, digest_algo) <= 0) {
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (EVP_DigestUpdate(md_ctx, TEST_DATA, sizeof(TEST_DATA)) <= 0) {
		display_openssl_errors(__LINE__);
		exit(1);
	}

	digest_len = sizeof(md);
	if (EVP_DigestFinal(md_ctx, md, &digest_len) <= 0) {
		display_openssl_errors(__LINE__);
		exit(1);
	}
	md_len = digest_len;

	EVP_MD_CTX_destroy(md_ctx);

	/* Sign the hash */
	pkey_ctx = EVP_PKEY_CTX_new(private_key, e);

	if (pkey_ctx == NULL) {
		fprintf(stderr, "Could not create context\n");
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (EVP_PKEY_sign_init(pkey_ctx) <= 0) {
		fprintf(stderr, "Could not init signature\n");
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
		fprintf(stderr, "Could not set padding\n");
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, digest_algo) <= 0) {
		fprintf(stderr, "Could not set message digest algorithm\n");
		display_openssl_errors(__LINE__);
		exit(1);
	}

	sig_len = sizeof(sig);
	if (EVP_PKEY_sign(pkey_ctx, sig, &sig_len, md,
			EVP_MD_size(digest_algo)) <= 0) {
		display_openssl_errors(__LINE__);
		exit(1);
	}

	EVP_PKEY_CTX_free(pkey_ctx);

	printf("Signature created\n");

#if OPENSSL_VERSION_NUMBER >= 0x1000000fL

	pkey_ctx = EVP_PKEY_CTX_new(public_key, e);

	if (pkey_ctx == NULL) {
		fprintf(stderr, "Could not create context\n");
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (EVP_PKEY_verify_init(pkey_ctx) <= 0) {
		fprintf(stderr, "Could not init verify\n");
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
		fprintf(stderr, "Could not set padding\n");
		display_openssl_errors(__LINE__);
		exit(1);
	}

	if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, digest_algo) <= 0) {
		fprintf(stderr, "Could not set message digest algorithm\n");
		display_openssl_errors(__LINE__);
		exit(1);
	}

	ret = EVP_PKEY_verify(pkey_ctx, sig, sig_len, md, md_len);
	if (ret < 0) {
		display_openssl_errors(__LINE__);
		exit(1);
	}

	EVP_PKEY_CTX_free(pkey_ctx);

	if (ret == 1) {
		printf("Signature verified\n");
	}
	else {
		printf("Verification failed\n");
		display_openssl_errors(__LINE__);
		exit(1);
	}

#else /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */

	printf("Unable to verify signature with %s\n", OPENSSL_VERSION_TEXT);

#endif /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */

	ENGINE_finish(e);
	CONF_modules_unload(1);
	return 0;
}
コード例 #27
0
ファイル: rsa_test.c プロジェクト: ghoff/accessl
int main(int argc, char *argv[])
{
  int err=0;
  int v;
  RSA *key;
  unsigned char ptext[256];
  unsigned char ctext[256];
  static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
  unsigned char ctext_ex[256];
  int plen;
  int clen = 0;
  int num;
  int n;

  ENGINE *e;
  const char *engine_id = "remote";
  ENGINE_load_builtin_engines();
  e = ENGINE_by_id(engine_id);
  if(!e)
    /* the engine isn't available */
    return 1;
  if(!ENGINE_init(e)) {
    /* the engine couldn't initialise, release 'e' */
    ERR_print_errors_fp(stderr);
    ENGINE_free(e);
    return 1;
  }
  if(!ENGINE_set_default_RSA(e))
    /* This should only happen when 'e' can't initialise, but the previous
     * statement suggests it did. */
    abort();

  ENGINE_ctrl_cmd_string(e, "ADD_WORKER", "local1,127.0.0.1:1234", 0);

  CRYPTO_malloc_debug_init();
  CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

  RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */

  plen = sizeof(ptext_ex) - 1;

  for (v = 0; v < 6; v++)
  {
    key = RSA_new();
    switch (v%3) {
      case 0:
        clen = key1(key, ctext_ex);
        break;
      case 1:
        clen = key2(key, ctext_ex);
        break;
      case 2:
        clen = key3(key, ctext_ex);
        break;
    }
    if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME;

    num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
        RSA_PKCS1_PADDING);
    if (num != clen)
    {
      printf("PKCS#1 v1.5 encryption failed!\n");
      err=1;
      goto oaep;
    }

    num = RSA_private_decrypt(num, ctext, ptext, key,
        RSA_PKCS1_PADDING);
    if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
    {
      printf("PKCS#1 v1.5 decryption failed!\n");
      err=1;
    }
    else
      printf("PKCS #1 v1.5 encryption/decryption ok\n");

oaep:
    ERR_clear_error();
    num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
        RSA_PKCS1_OAEP_PADDING);
    if (num == -1 && pad_unknown())
    {
      printf("No OAEP support\n");
      goto next;
    }
    if (num != clen)
    {
      printf("OAEP encryption failed!\n");
      err=1;
      goto next;
    }

    num = RSA_private_decrypt(num, ctext, ptext, key,
        RSA_PKCS1_OAEP_PADDING);
    if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
    {
      printf("OAEP decryption (encrypted data) failed!\n");
      err=1;
    }
    else if (memcmp(ctext, ctext_ex, num) == 0)
      printf("OAEP test vector %d passed!\n", v);

    /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
       Try decrypting ctext_ex */

    num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
        RSA_PKCS1_OAEP_PADDING);

    if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
    {
      printf("OAEP decryption (test vector data) failed!\n");
      err=1;
    }
    else
      printf("OAEP encryption/decryption ok\n");

    /* Try decrypting corrupted ciphertexts */
    for(n = 0 ; n < clen ; ++n)
    {
      int b;
      unsigned char saved = ctext[n];
      for(b = 0 ; b < 256 ; ++b)
      {
        if(b == saved)
          continue;
        ctext[n] = b;
        num = RSA_private_decrypt(num, ctext, ptext, key,
            RSA_PKCS1_OAEP_PADDING);
        if(num > 0)
        {
          printf("Corrupt data decrypted!\n");
          err = 1;
        }
      }
    }
next:
    RSA_free(key);
  }

  ENGINE_finish(e);
  ENGINE_free(e);

  CRYPTO_cleanup_all_ex_data();
  ERR_remove_state(0);

  CRYPTO_mem_leaks_fp(stderr);

#ifdef OPENSSL_SYS_NETWARE
  if (err) printf("ERROR: %d\n", err);
#endif
  return err;
}
コード例 #28
0
int
main(int argc, char *argv[])
{
    ENGINE *e;
    EVP_PKEY *pub_key;
    FILE *fp;
    char *engine = NULL;
    char *pin = NULL;
    char *keyname = NULL;
    char *filename = NULL;
    int c, errflg = 0;
    extern char *optarg;
    extern int optopt;
       
    while ((c = getopt(argc, argv, ":e:p:k:f:")) != -1) {
        switch (c) {
        case 'e':
            engine = optarg;
            break;
	case 'p':
	    pin = optarg;
	    break;
        case 'k':
            keyname = optarg;
            break;
        case 'f':
            filename = optarg;
            break;
        case ':':
            fprintf(stderr, "Option -%c requires an operand\n", optopt);
            errflg++;
            break;
        case '?':
	default:
            fprintf(stderr, "Unrecognised option: -%c\n", optopt);
            errflg++;
        }
    }
    if ((errflg) || (!engine) || (!filename) || (!keyname)) {
        fprintf(stderr,
		"usage: PEM_write_pubkey -e engine [-p pin] "
		"-k keyname -f filename\n");
        exit(1);
    }
    
    /* Load the config file */
    OPENSSL_config(NULL);

    /* Register engine */
    e = ENGINE_by_id(engine);
    if (!e) {
        /* the engine isn't available */
        printf("The engine isn't available\n");
	ERR_print_errors_fp(stderr);
        exit(1);
    }
    
    /* Send PIN to engine */
    if (pin && !ENGINE_ctrl_cmd_string(e, "PIN", pin, 0)){
        printf("Error sending PIN to engine\n");
	ERR_print_errors_fp(stderr);
        ENGINE_free(e);
        exit(1);
    }
    
    if (!ENGINE_init(e)) {
        /* the engine couldn't initialise, release 'e' */
        printf("The engine couldn't initialise\n");
	ERR_print_errors_fp(stderr);
        ENGINE_free(e);
        exit(1);
    }

    if (!ENGINE_register_RSA(e)){
        /* This should only happen when 'e' can't initialise, but the previous
	 * statement suggests it did. */
        printf("This should not happen\n");
	ERR_print_errors_fp(stderr);
        exit(1);
    }
    
    /* Load public key */
    pub_key = ENGINE_load_public_key(e, keyname, NULL, NULL);
    if (pub_key == NULL) {
        /* No public key */
        printf("Error loading public key\n");
	ERR_print_errors_fp(stderr);
        ENGINE_free(e);
        exit(1);
    }

    /* write public key to file in PEM format */
    fp = fopen(filename, "w");
    if (fp == NULL) {
        printf("Error opening output file.\n");
	ENGINE_free(e);
        exit(1);
    }
     
    if (!PEM_write_PUBKEY(fp, pub_key)) {
        /* Error writing public key */
        printf("Error writing public key");
	ERR_print_errors_fp(stderr);
        ENGINE_free(e);
        exit(1);
    }
    
    fclose(fp);
    exit(0);
}
コード例 #29
0
ファイル: extract-cert.c プロジェクト: 020gzh/linux
int main(int argc, char **argv)
{
	char *cert_src;

	OpenSSL_add_all_algorithms();
	ERR_load_crypto_strings();
	ERR_clear_error();

	kbuild_verbose = atoi(getenv("KBUILD_VERBOSE")?:"0");

        key_pass = getenv("KBUILD_SIGN_PIN");

	if (argc != 3)
		format();

	cert_src = argv[1];
	cert_dst = argv[2];

	if (!cert_src[0]) {
		/* Invoked with no input; create empty file */
		FILE *f = fopen(cert_dst, "wb");
		ERR(!f, "%s", cert_dst);
		fclose(f);
		exit(0);
	} else if (!strncmp(cert_src, "pkcs11:", 7)) {
		ENGINE *e;
		struct {
			const char *cert_id;
			X509 *cert;
		} parms;

		parms.cert_id = cert_src;
		parms.cert = NULL;

		ENGINE_load_builtin_engines();
		drain_openssl_errors();
		e = ENGINE_by_id("pkcs11");
		ERR(!e, "Load PKCS#11 ENGINE");
		if (ENGINE_init(e))
			drain_openssl_errors();
		else
			ERR(1, "ENGINE_init");
		if (key_pass)
			ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
		ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
		ERR(!parms.cert, "Get X.509 from PKCS#11");
		write_cert(parms.cert);
	} else {
		BIO *b;
		X509 *x509;

		b = BIO_new_file(cert_src, "rb");
		ERR(!b, "%s", cert_src);

		while (1) {
			x509 = PEM_read_bio_X509(b, NULL, NULL, NULL);
			if (wb && !x509) {
				unsigned long err = ERR_peek_last_error();
				if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
				    ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
					ERR_clear_error();
					break;
				}
			}
			ERR(!x509, "%s", cert_src);
			write_cert(x509);
		}
	}

	BIO_free(wb);

	return 0;
}