isc_result_t
dst__opensslgost_init(dst_func_t **funcp) {
REQUIRE(funcp != NULL);
/* check if the gost engine works properly */
e = ENGINE_by_id("gost");
if (e == NULL)
return (DST_R_OPENSSLFAILURE);
if (ENGINE_init(e) <= 0) {
ENGINE_free(e);
e = NULL;
return (DST_R_OPENSSLFAILURE);
}
/* better than to rely on digest_gost symbol */
opensslgost_digest = ENGINE_get_digest(e, NID_id_GostR3411_94);
/* from openssl.cnf */
if ((opensslgost_digest == NULL) ||
(ENGINE_register_pkey_asn1_meths(e) <= 0) ||
(ENGINE_ctrl_cmd_string(e,
"CRYPT_PARAMS",
"id-Gost28147-89-CryptoPro-A-ParamSet",
0) <= 0)) {
ENGINE_finish(e);
ENGINE_free(e);
e = NULL;
return (DST_R_OPENSSLFAILURE);
}
if (*funcp == NULL)
*funcp = &opensslgost_functions;
return (ISC_R_SUCCESS);
}
static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
{
if (*ptype)
{
/* Ensure an ENGINE left lying around from last time is cleared
* (the previous check attempted to avoid this if the same
* ENGINE and EVP_MD could be used). */
if(ctx->engine)
ENGINE_finish(ctx->engine);
if(impl)
{
if (!ENGINE_init(impl))
{
EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
return 0;
}
}
else
/* Ask if an ENGINE is reserved for this job */
impl = ENGINE_get_digest_engine((*ptype)->type);
if(impl)
{
/* There's an ENGINE for this job ... (apparently) */
const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
if(!d)
{
/* Same comment from evp_enc.c */
EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
return 0;
}
/* We'll use the ENGINE's private digest definition */
*ptype = d;
/* Store the ENGINE functional reference so we know
* 'type' came from an ENGINE and we need to release
* it when done. */
ctx->engine = impl;
}
else
ctx->engine = NULL;
}
else
if(!ctx->digest)
{
EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_NO_DIGEST_SET);
return 0;
}
return 1;
}
static VALUE
ossl_engine_get_digest(VALUE self, VALUE name)
{
ENGINE *e;
const EVP_MD *md, *tmp;
char *s;
int nid;
s = StringValuePtr(name);
tmp = EVP_get_digestbyname(s);
if(!tmp) ossl_raise(eEngineError, "no such digest `%s'", s);
nid = EVP_MD_nid(tmp);
GetEngine(self, e);
md = ENGINE_get_digest(e, nid);
if(!md) ossl_raise(eEngineError, NULL);
return ossl_digest_new(md);
}
static VALUE
ossl_engine_get_digest(VALUE self, VALUE name)
{
#if defined(HAVE_ENGINE_GET_DIGEST)
ENGINE *e;
const EVP_MD *md, *tmp;
char *s;
int nid;
s = StringValuePtr(name);
tmp = EVP_get_digestbyname(s);
if(!tmp) ossl_raise(eEngineError, "no such digest `%s'", s);
nid = EVP_MD_nid(tmp);
GetEngine(self, e);
md = ENGINE_get_digest(e, nid);
if(!md) ossl_raise(eEngineError, NULL);
return ossl_digest_new(md);
#else
rb_notimplement();
#endif
}
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
* so this context may already have an ENGINE! Try to avoid releasing
* the previous handle, re-querying for an ENGINE, and having a
* reinitialisation, when it may all be unecessary. */
if (ctx->engine && ctx->digest && (!type ||
(type && (type->type == ctx->digest->type))))
goto skip_to_init;
if (type)
{
/* Ensure an ENGINE left lying around from last time is cleared
* (the previous check attempted to avoid this if the same
* ENGINE and EVP_MD could be used). */
if(ctx->engine)
ENGINE_finish(ctx->engine);
if(impl)
{
if (!ENGINE_init(impl))
{
EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
return 0;
}
}
else
/* Ask if an ENGINE is reserved for this job */
impl = ENGINE_get_digest_engine(type->type);
if(impl)
{
/* There's an ENGINE for this job ... (apparently) */
const EVP_MD *d = ENGINE_get_digest(impl, type->type);
if(!d)
{
/* Same comment from evp_enc.c */
EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
ENGINE_finish(impl);
return 0;
}
/* We'll use the ENGINE's private digest definition */
type = d;
/* Store the ENGINE functional reference so we know
* 'type' came from an ENGINE and we need to release
* it when done. */
ctx->engine = impl;
}
else
ctx->engine = NULL;
}
else
if(!ctx->digest)
{
EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);
return 0;
}
#endif
if (ctx->digest != type)
{
if (ctx->digest && ctx->digest->ctx_size)
OPENSSL_free(ctx->md_data);
ctx->digest=type;
if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size)
{
ctx->update = type->update;
ctx->md_data=OPENSSL_malloc(type->ctx_size);
if (ctx->md_data == NULL)
{
EVPerr(EVP_F_EVP_DIGESTINIT_EX,
ERR_R_MALLOC_FAILURE);
return 0;
}
}
}
#ifndef OPENSSL_NO_ENGINE
skip_to_init:
#endif
if (ctx->pctx)
{
int r;
r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
if (r <= 0 && (r != -2))
return 0;
}
if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
return 1;
return ctx->digest->init(ctx);
}
// Constructor
OSSLCryptoFactory::OSSLCryptoFactory()
{
// Multi-thread support
nlocks = CRYPTO_num_locks();
locks = new Mutex*[nlocks];
for (unsigned i = 0; i < nlocks; i++)
{
locks[i] = MutexFactory::i()->getMutex();
}
#ifdef HAVE_PTHREAD_H
CRYPTO_set_id_callback(id_callback);
#endif
CRYPTO_set_locking_callback(lock_callback);
#ifdef WITH_FIPS
// Already in FIPS mode on reenter (avoiding selftests)
if (!FIPS_mode())
{
FipsSelfTestStatus = false;
if (!FIPS_mode_set(1))
{
ERROR_MSG("can't enter into FIPS mode");
return;
}
} else {
// Undo RAND_cleanup()
RAND_init_fips();
}
FipsSelfTestStatus = true;
#endif
// Initialise OpenSSL
OpenSSL_add_all_algorithms();
// Initialise the one-and-only RNG
rng = new OSSLRNG();
#ifdef WITH_GOST
// Load engines
ENGINE_load_builtin_engines();
// Initialise the GOST engine
eg = ENGINE_by_id("gost");
if (eg == NULL)
{
ERROR_MSG("can't get the GOST engine");
return;
}
if (ENGINE_init(eg) <= 0)
{
ENGINE_free(eg);
eg = NULL;
ERROR_MSG("can't initialize the GOST engine");
return;
}
// better than digest_gost
EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94);
if (EVP_GOST_34_11 == NULL)
{
ERROR_MSG("can't get the GOST digest");
goto err;
}
// from the openssl.cnf
if (ENGINE_register_pkey_asn1_meths(eg) <= 0)
{
ERROR_MSG("can't register ASN.1 for the GOST engine");
goto err;
}
if (ENGINE_ctrl_cmd_string(eg,
"CRYPT_PARAMS",
"id-Gost28147-89-CryptoPro-A-ParamSet",
0) <= 0)
{
ERROR_MSG("can't set params of the GOST engine");
goto err;
}
return;
err:
ENGINE_finish(eg);
ENGINE_free(eg);
eg = NULL;
return;
#endif
}