static void init_openssl(void)
{
atexit(fini_openssl);
OpenSSL_add_all_algorithms();
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
}
//ignore
unsigned char *HMACRSA(const EVP_MD *evp_md, const void *key, int key_len,const unsigned char *d, size_t n, unsigned char *md,unsigned int *md_len)
{
HMAC_CTX c;
static unsigned char m[EVP_MAX_MD_SIZE];
//TODO: get/set rsa engine struct
const char *engine_id = "rsa";
ENGINE_load_builtin_engines();
ENGINE *e = ENGINE_by_id(engine_id);//ENGINE_;
if(!e)
fprintf(stderr,"Engine not available\n");
ENGINE_init(e);
if (md == NULL)
md = m;
HMAC_CTX_init(&c);
if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL))
goto err;
if (!HMAC_Update(&c, d, n))
goto err;
if (!HMAC_Final(&c, md, md_len))
goto err;
HMAC_CTX_cleanup(&c);
ENGINE_free(e);
return md;
err:
HMAC_CTX_cleanup(&c);
ENGINE_free(e);
return NULL;
}
int main(int argc, char **argv)
{
int i;
testdata *test = test_cases;
CRYPTO_malloc_debug_init();
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
OpenSSL_add_all_digests();
# ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
ENGINE_register_all_digests();
# endif
printf("PKCS5_PBKDF2_HMAC() tests ");
for (i = 0; test->pass != NULL; i++, test++) {
test_p5_pbkdf2(i, "sha1", test, sha1_results[i]);
test_p5_pbkdf2(i, "sha256", test, sha256_results[i]);
test_p5_pbkdf2(i, "sha512", test, sha512_results[i]);
printf(".");
}
printf(" done\n");
# ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
# endif
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_thread_state(NULL);
ERR_free_strings();
CRYPTO_mem_leaks_fp(stderr);
return 0;
}
void
tor_init (void)
{
if (initialized) {
return;
}
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
// enable proper threading
locks.length = CRYPTO_num_locks();
locks.item = malloc(locks.length * sizeof(uv_mutex_t));
for (size_t i = 0; i < locks.length; i++) {
uv_mutex_init(&locks.item[i]);
}
CRYPTO_set_locking_callback(_locking_callback);
CRYPTO_set_id_callback(uv_thread_self);
CRYPTO_set_dynlock_create_callback(_dynlock_create_callback);
CRYPTO_set_dynlock_lock_callback(_dynlock_lock_callback);
CRYPTO_set_dynlock_destroy_callback(_dynlock_destroy_callback);
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
initialized = true;
}
/* Use AES-NI if available. This is not supported with low-level calls,
we have to use EVP) */
static void init_aesni(void)
{
ENGINE *e;
const char *engine_id = "aesni";
ENGINE_load_builtin_engines();
e = ENGINE_by_id(engine_id);
if (!e) {
//fprintf(stderr, "AES-NI engine not available\n");
return;
}
if (!ENGINE_init(e)) {
fprintf(stderr, "AES-NI engine could not init\n");
ENGINE_free(e);
return;
}
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND)) {
/* This should only happen when 'e' can't initialise, but the
* previous statement suggests it did. */
fprintf(stderr, "AES-NI engine initialized but then failed\n");
abort();
}
ENGINE_finish(e);
ENGINE_free(e);
}
void openssl_init(bool threaded)
{
// initialize the SSL library
SSL_load_error_strings();
SSL_library_init();
unsigned int randSeed = 0;
RAND_bytes( (unsigned char*)&randSeed, sizeof(randSeed) );
srand( randSeed );
#ifndef OPENSSL_NO_ENGINE
/* Load all bundled ENGINEs into memory and make them visible */
ENGINE_load_builtin_engines();
/* Register all of them for every algorithm they collectively implement */
ENGINE_register_all_complete();
#endif // NO_ENGINE
if(threaded)
{
// provide locking functions to OpenSSL since we'll be running with
// threads accessing openssl in parallel.
CRYPTO_set_id_callback( threads_thread_id );
CRYPTO_set_locking_callback( threads_locking_callback );
}
}
int ssl_init(void) { /* init SSL before parsing configuration file */
SSL_load_error_strings();
SSL_library_init();
index_cli=SSL_get_ex_new_index(0, "cli index",
NULL, NULL, NULL);
index_opt=SSL_CTX_get_ex_new_index(0, "opt index",
NULL, NULL, NULL);
index_redirect=SSL_SESSION_get_ex_new_index(0, "redirect index",
NULL, NULL, NULL);
index_addr=SSL_SESSION_get_ex_new_index(0, "addr index",
NULL, NULL, cb_free);
if(index_cli<0 || index_opt<0 || index_redirect<0 || index_addr<0) {
s_log(LOG_ERR, "Application specific data initialization failed");
return 1;
}
#ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
#endif
#ifndef OPENSSL_NO_DH
dh_params=get_dh2048();
if(!dh_params) {
s_log(LOG_ERR, "Failed to get default DH parameters");
return 1;
}
#endif /* OPENSSL_NO_DH */
return 0;
}
static int apps_startup()
{
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
#endif
CRYPTO_malloc_init();
ERR_load_crypto_strings();
ERR_load_SSL_strings();
OPENSSL_load_builtin_modules();
#ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
#endif
if (!app_load_modules(NULL)) {
ERR_print_errors(bio_err);
BIO_printf(bio_err, "Error loading default configuration\n");
return 0;
}
OpenSSL_add_all_algorithms();
OpenSSL_add_ssl_algorithms();
setup_ui_method();
/*SSL_library_init();*/
return 1;
}
char* QBox_MakeUpToken(const QBox_AuthPolicy* auth)
{
char* uptoken;
char* policy_str;
char* encoded_digest;
char* encoded_policy_str;
char digest[EVP_MAX_MD_SIZE + 1];
unsigned int dgtlen = sizeof(digest);
HMAC_CTX ctx;
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
policy_str = QBox_AuthPolicy_json(auth);
encoded_policy_str = QBox_String_Encode(policy_str);
free(policy_str);
bzero(digest, sizeof(digest));
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, QBOX_SECRET_KEY, strlen(QBOX_SECRET_KEY), EVP_sha1(), NULL);
HMAC_Update(&ctx, encoded_policy_str, strlen(encoded_policy_str));
HMAC_Final(&ctx, digest, &dgtlen);
HMAC_CTX_cleanup(&ctx);
encoded_digest = QBox_Memory_Encode(digest, dgtlen);
uptoken = QBox_String_Concat(QBOX_ACCESS_KEY, ":", encoded_digest, ":", encoded_policy_str, NULL);
free(encoded_policy_str);
free(encoded_digest);
return uptoken;
}
static VALUE
ossl_engine_s_load(int argc, VALUE *argv, VALUE klass)
{
#if !defined(HAVE_ENGINE_LOAD_BUILTIN_ENGINES)
return Qnil;
#else
VALUE name;
rb_scan_args(argc, argv, "01", &name);
if(NIL_P(name)){
ENGINE_load_builtin_engines();
return Qtrue;
}
StringValue(name);
#ifndef OPENSSL_NO_STATIC_ENGINE
OSSL_ENGINE_LOAD_IF_MATCH(dynamic);
OSSL_ENGINE_LOAD_IF_MATCH(cswift);
OSSL_ENGINE_LOAD_IF_MATCH(chil);
OSSL_ENGINE_LOAD_IF_MATCH(atalla);
OSSL_ENGINE_LOAD_IF_MATCH(nuron);
OSSL_ENGINE_LOAD_IF_MATCH(ubsec);
OSSL_ENGINE_LOAD_IF_MATCH(aep);
OSSL_ENGINE_LOAD_IF_MATCH(sureware);
OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
#endif
#ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);
#endif
OSSL_ENGINE_LOAD_IF_MATCH(openssl);
rb_warning("no such builtin loader for `%s'", RSTRING_PTR(name));
return Qnil;
#endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
}
void BTCTrader::signRequest ( QString* header, QNetworkRequest* newRequest )
{
nonce += 1;
*header = ( header->length() == 0 ) ? "nonce=" + QString::number( nonce ) : "nonce=" + QString::number( nonce ) + "&" + *header;
QByteArray key = QByteArray::fromBase64( restSign.toStdString().c_str() );
unsigned char* result;
unsigned int result_len = 512;
HMAC_CTX ctx;
result = (unsigned char*) malloc(sizeof(unsigned char) * result_len);
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, key.constData(), key.length(), EVP_sha512(), NULL);
HMAC_Update(&ctx, (unsigned char*)header->toAscii().constData(), header->length());
HMAC_Final(&ctx, result, &result_len);
HMAC_CTX_cleanup(&ctx);
newRequest->setRawHeader( "Rest-Key", restKey.toStdString().c_str() );
newRequest->setRawHeader( "Rest-Sign", QByteArray::fromRawData( (char*)result, result_len ).toBase64() );
newRequest->setRawHeader( "content-type","application/x-www-form-urlencoded" );
free ( result );
}
int main(int argc, char **argv) {
OpenSSL_add_all_algorithms();
int len = 128 * MB;
if (argc > 1) {
len = atoi(argv[1]) * MB;
}
unsigned char *buf = (unsigned char *) malloc(TOTAL_LEN);
if (!buf) {
fprintf(stderr, "Error Allocating Memory");
}
ENGINE_load_builtin_engines();
#ifdef OPENCL_ENGINE
ENGINE *e = ENGINE_by_id("dynamic");
if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", OPENCL_ENGINE, 0) ||
!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
fprintf(stderr, "Failed to load OpenCL engine!\n");
return -1;
}
ENGINE_set_default(e, ENGINE_METHOD_ALL);
#endif
run(argv[0], buf, len);
free(buf);
return 0;
}
static ENGINE *
setup_engine (const char *engine)
{
ENGINE *e = NULL;
ENGINE_load_builtin_engines ();
if (engine)
{
if (strcmp (engine, "auto") == 0)
{
msg (M_INFO, "Initializing OpenSSL auto engine support");
ENGINE_register_all_complete ();
return NULL;
}
if ((e = ENGINE_by_id (engine)) == NULL
&& (e = try_load_engine (engine)) == NULL)
{
msg (M_FATAL, "OpenSSL error: cannot load engine '%s'", engine);
}
if (!ENGINE_set_default (e, ENGINE_METHOD_ALL))
{
msg (M_FATAL, "OpenSSL error: ENGINE_set_default failed on engine '%s'",
engine);
}
msg (M_INFO, "Initializing OpenSSL support for engine '%s'",
ENGINE_get_id (e));
}
return e;
}
int openssl_config_int(const OPENSSL_INIT_SETTINGS *settings)
{
int ret;
const char *filename;
const char *appname;
unsigned long flags;
if (openssl_configured)
return 1;
filename = settings ? settings->filename : NULL;
appname = settings ? settings->appname : NULL;
flags = settings ? settings->flags : DEFAULT_CONF_MFLAGS;
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: openssl_config_int(%s, %s, %lu)\n",
filename, appname, flags);
#endif
OPENSSL_load_builtin_modules();
#ifndef OPENSSL_NO_ENGINE
/* Need to load ENGINEs */
ENGINE_load_builtin_engines();
#endif
ERR_clear_error();
#ifndef OPENSSL_SYS_UEFI
ret = CONF_modules_load_file(filename, appname, flags);
#endif
openssl_configured = 1;
return ret;
}
void OPENSSL_config(const char *config_name)
{
if (openssl_configured)
return;
OPENSSL_load_builtin_modules();
#ifndef OPENSSL_NO_ENGINE
/* Need to load ENGINEs */
ENGINE_load_builtin_engines();
#endif
/* Add others here? */
ERR_clear_error();
if (CONF_modules_load_file(NULL, config_name,
CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
{
BIO *bio_err;
ERR_load_crypto_strings();
if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
{
BIO_printf(bio_err,"Auto configuration failed\n");
ERR_print_errors(bio_err);
BIO_free(bio_err);
}
fprintf(stderr, "OpenSSL could not auto-configure.\n");
exit(1);
}
return;
}
int global_init(void)
{
ENGINE_load_builtin_engines();
# ifndef OPENSSL_NO_STATIC_ENGINE
OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL);
# endif
return 1;
}
void _libssh2_openssl_crypto_init(void)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
#else
OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers();
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
#endif
#ifndef HAVE_EVP_AES_128_CTR
_libssh2_EVP_aes_128_ctr();
_libssh2_EVP_aes_192_ctr();
_libssh2_EVP_aes_256_ctr();
#endif
}
void
ssh_SSLeay_add_all_algorithms(void)
{
SSLeay_add_all_algorithms();
/* Enable use of crypto hardware */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
}
static int load_tpm_certificate(struct openconnect_info *vpninfo)
{
ENGINE *e;
EVP_PKEY *key;
UI_METHOD *meth = NULL;
int ret = 0;
ENGINE_load_builtin_engines();
e = ENGINE_by_id("tpm");
if (!e) {
vpn_progress(vpninfo, PRG_ERR, _("Can't load TPM engine.\n"));
openconnect_report_ssl_errors(vpninfo);
return -EINVAL;
}
if (!ENGINE_init(e) || !ENGINE_set_default_RSA(e) ||
!ENGINE_set_default_RAND(e)) {
vpn_progress(vpninfo, PRG_ERR, _("Failed to init TPM engine\n"));
openconnect_report_ssl_errors(vpninfo);
ENGINE_free(e);
return -EINVAL;
}
if (vpninfo->cert_password) {
if (!ENGINE_ctrl_cmd(e, "PIN", strlen(vpninfo->cert_password),
vpninfo->cert_password, NULL, 0)) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set TPM SRK password\n"));
openconnect_report_ssl_errors(vpninfo);
}
vpninfo->cert_password = NULL;
free(vpninfo->cert_password);
} else {
/* Provide our own UI method to handle the PIN callback. */
meth = create_openssl_ui(vpninfo);
}
key = ENGINE_load_private_key(e, vpninfo->sslkey, meth, NULL);
if (meth)
UI_destroy_method(meth);
if (!key) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM private key\n"));
openconnect_report_ssl_errors(vpninfo);
ret = -EINVAL;
goto out;
}
if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) {
vpn_progress(vpninfo, PRG_ERR, _("Add key from TPM failed\n"));
openconnect_report_ssl_errors(vpninfo);
ret = -EINVAL;
}
EVP_PKEY_free(key);
out:
ENGINE_finish(e);
ENGINE_free(e);
return ret;
}
void
ssh_OpenSSL_add_all_algorithms(void)
{
OpenSSL_add_all_algorithms();
/* Enable use of crypto hardware */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
OPENSSL_config(NULL);
}
void
ca_sslinit(void)
{
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Init hardware crypto engines. */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
}
int
main(int argc, char **argv)
{
ENGINE *engine = NULL;
int idx = 0;
setprogname(argv[0]);
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
usage(1);
if (help_flag)
usage(0);
if(version_flag){
print_version(NULL);
exit(0);
}
argc -= idx;
argv += idx;
OpenSSL_add_all_algorithms();
#ifdef OPENSSL
ENGINE_load_openssl();
#endif
ENGINE_load_builtin_engines();
if (id_string) {
engine = ENGINE_by_id(id_string);
if (engine == NULL)
engine = ENGINE_by_dso(id_string, id_string);
} else {
engine = ENGINE_by_id("builtin");
}
if (engine == NULL)
errx(1, "ENGINE_by_dso failed");
printf("dh %s\n", ENGINE_get_DH(engine)->name);
{
struct prime *p = primes;
for (; p->name; ++p)
if (check_prime(engine, p))
printf("%s: shared secret OK\n", p->name);
else
printf("%s: shared secret FAILURE\n", p->name);
return 0;
}
return 0;
}
static void SMSSLInit(void)
{
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
//ERR_load_crypto_strings();
/* Init available hardware crypto engines. */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
}
void initializeSecHandler()
{
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
// <FS:ND If we can, enabled the rdrand engine. It is available as a CPU instruction on newer Intel CPUs
ENGINE_load_builtin_engines();
ENGINE* engRdRand = ENGINE_by_id("rdrand");
if( engRdRand )
ENGINE_set_default(engRdRand, ENGINE_METHOD_RAND);
unsigned long lErr ( ERR_get_error() );
while( lErr )
{
char aError[128];
ERR_error_string_n( lErr, aError, sizeof( aError ) );
LL_WARNS() << aError << LL_ENDL;
lErr = ERR_get_error();
}
// </FS:ND>
gHandlerMap[BASIC_SECHANDLER] = new LLSecAPIBasicHandler();
// Currently, we only have the Basic handler, so we can point the main sechandler
// pointer to the basic handler. Later, we'll create a wrapper handler that
// selects the appropriate sechandler as needed, for instance choosing the
// mac keyring handler, with fallback to the basic sechandler
gSecAPIHandler = gHandlerMap[BASIC_SECHANDLER];
// initialize all SecAPIHandlers
std::string exception_msg;
std::map<std::string, LLPointer<LLSecAPIHandler> >::const_iterator itr;
for(itr = gHandlerMap.begin(); itr != gHandlerMap.end(); ++itr)
{
LLPointer<LLSecAPIHandler> handler = (*itr).second;
try
{
handler->init();
}
catch (LLProtectedDataException e)
{
exception_msg = e.getMessage();
}
}
if (!exception_msg.empty()) // an exception was thrown.
{
throw LLProtectedDataException(exception_msg.c_str());
}
}
int get_aes_sha1_threshold()
{
AES_KEY key;
uint8_t ukey[16];
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
memset(ukey, 0xaf, sizeof(ukey));
AES_set_encrypt_key(ukey, 16*8, &key);
return aead_test(CRYPTO_AES_CBC, CRYPTO_SHA1, ukey, 16, &key, aes_sha_combo);
}
static QBox_Error QBox_DigestAuth_Auth(void* self, QBox_Header** header, const char* url, const char* addition, size_t addlen)
{
QBox_Error err;
char const* path = NULL;
char* auth = NULL;
char digest[EVP_MAX_MD_SIZE + 1];
unsigned int dgtlen = sizeof(digest);
char* enc_digest = NULL;
HMAC_CTX ctx;
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
path = strstr(url, "://");
if (path != NULL) {
path = strchr(path + 3, '/');
}
if (path == NULL) {
err.code = 400;
err.message = "Invalid URL";
return err;
}
/* Do digest calculation */
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, QBOX_SECRET_KEY, strlen(QBOX_SECRET_KEY), EVP_sha1(), NULL);
HMAC_Update(&ctx, path, strlen(path));
HMAC_Update(&ctx, "\n", 1);
if (addlen > 0) {
HMAC_Update(&ctx, addition, addlen);
}
HMAC_Final(&ctx, digest, &dgtlen);
HMAC_CTX_cleanup(&ctx);
digest[dgtlen] = '\0';
enc_digest = QBox_String_Encode(digest);
/* Set appopriate HTTP header */
auth = QBox_String_Concat("Authorization: QBox ", QBOX_ACCESS_KEY, ":", enc_digest, NULL);
free(enc_digest);
*header = curl_slist_append(*header, auth);
free(auth);
err.code = 200;
err.message = "OK";
return err;
}
void OPENSSL_config(const char *config_name)
{
if (openssl_configured)
return;
OPENSSL_load_builtin_modules();
#ifndef OPENSSL_NO_ENGINE
/* Need to load ENGINEs */
ENGINE_load_builtin_engines();
#endif
ERR_clear_error();
CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION |
CONF_MFLAGS_IGNORE_MISSING_FILE);
}
/**
* Initialise the crypto library and perform one time initialisation.
*/
static apr_status_t crypto_init(apr_pool_t *pool, const char *params, int *rc)
{
CRYPTO_malloc_init();
ERR_load_crypto_strings();
/* SSL_load_error_strings(); */
OpenSSL_add_all_algorithms();
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
apr_pool_cleanup_register(pool, pool, crypto_shutdown_helper,
apr_pool_cleanup_null);
return APR_SUCCESS;
}
static void
openssl_startup(void)
{
signal(SIGPIPE, SIG_IGN);
CRYPTO_malloc_init();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
#ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
#endif
setup_ui_method();
}
/**
* Global SSL init
*
* @retval 0 error initializing SSL
* @retval 1 SSL initialized successfully
*/
int Curl_ossl_init(void)
{
#ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_load_builtin_engines();
#endif
/* Lets get nice error messages */
SSL_load_error_strings();
/* Setup all the global SSL stuff */
if (!SSLeay_add_ssl_algorithms())
return 0;
return 1;
}
