static int openssl_engine_set_default(lua_State*L){ ENGINE* eng = CHECK_OBJECT(1,ENGINE,"openssl.engine"); int ret = 0; int first = 3; int top = lua_gettop(L); if(top==2){ if(lua_isnumber(L, 2)) { int methods = luaL_checkint(L, 2); ret = ENGINE_set_default(eng, methods); }else if(lua_isstring(L,2)){ const char* s = luaL_checkstring(L, 2); ret = ENGINE_set_default_string(eng, s); }else luaL_error(L, "#2 must be a number or string"); lua_pushboolean(L, ret); return 1; } while(first<=top){ int c = luaL_checkoption(L, first, "RSA",list); switch(c){ case 0: ret = ENGINE_set_default_RSA(eng); break; case 1: ret = ENGINE_set_default_DSA(eng); break; case 2: ret = ENGINE_set_default_ECDH(eng); break; case 3: ret = ENGINE_set_default_ECDSA(eng); break; case 4: ret = ENGINE_set_default_DH(eng); break; case 5: ret = ENGINE_set_default_RAND(eng); break; case 7: ret = ENGINE_set_default_ciphers(eng); break; case 8: ret = ENGINE_set_default_digests(eng); break; case 6: default: luaL_error(L,"not support %d for %s",c, list[c]); break; } first++; if(ret!=1){ lua_pushboolean(L, 0); return 1; } } lua_pushboolean(L, ret); return 1; };
int ENGINE_set_default(ENGINE *e, unsigned int flags) { if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e)) return 0; if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) return 0; #ifndef OPENSSL_NO_RSA if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) return 0; #endif #ifndef OPENSSL_NO_DSA if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) return 0; #endif #ifndef OPENSSL_NO_DH if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) return 0; #endif #ifndef OPENSSL_NO_ECDH if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) return 0; #endif #ifndef OPENSSL_NO_ECDSA if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) return 0; #endif if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) return 0; return 1; }
CryptoDevEngine::CryptoDevEngine( int /* dummy */ ) { DEBUG( "cryptodev: ctor: loading and configuring" ); ENGINE_load_cryptodev(); ENGINE * cde = ENGINE_by_id( "cryptodev" ); if ( ! cde ) throw Exception( "cryptodev: load failed" ); m_pEngine = cde; DEBUG( "cryptodev: ctor: initializing " << m_pEngine ); if ( 1 != ENGINE_init( cde ) ) throw Exception( "cryptodev: init failed" ); #if USE_CRYPTODEV_RSA DEBUG( "cryptodev: ctor: setting as rsa default" ); if ( 1 != ENGINE_set_default_RSA( cde ) ) throw Exception( "cryptodev: could not use for RSA" ); #endif // USE_CRYPTODEV_RSA #if USE_CRYPTODEV_CIPHERS DEBUG( "cryptodev: ctor: setting as cipher default" ); if ( 1 != ENGINE_set_default_ciphers( cde ) ) throw Exception( "cryptodev: could not use for ciphers" ); #endif // USE_CRYPTODEV_CIPHERS #if USE_CRYPTODEV_DIGESTS DEBUG( "cryptodev: ctor: setting as digest default" ); if ( 1 != ENGINE_set_default_digests( cde ) ) throw Exception( "cryptodev: could not use for digests" ); #endif // USE_CRYPTODEV_DIGESTS DEBUG( "cryptodev: ctor: done" ); }
static int load_tpm_certificate(struct openconnect_info *vpninfo) { ENGINE *e; EVP_PKEY *key; UI_METHOD *meth = NULL; int ret = 0; ENGINE_load_builtin_engines(); e = ENGINE_by_id("tpm"); if (!e) { vpn_progress(vpninfo, PRG_ERR, _("Can't load TPM engine.\n")); openconnect_report_ssl_errors(vpninfo); return -EINVAL; } if (!ENGINE_init(e) || !ENGINE_set_default_RSA(e) || !ENGINE_set_default_RAND(e)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to init TPM engine\n")); openconnect_report_ssl_errors(vpninfo); ENGINE_free(e); return -EINVAL; } if (vpninfo->cert_password) { if (!ENGINE_ctrl_cmd(e, "PIN", strlen(vpninfo->cert_password), vpninfo->cert_password, NULL, 0)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set TPM SRK password\n")); openconnect_report_ssl_errors(vpninfo); } vpninfo->cert_password = NULL; free(vpninfo->cert_password); } else { /* Provide our own UI method to handle the PIN callback. */ meth = create_openssl_ui(vpninfo); } key = ENGINE_load_private_key(e, vpninfo->sslkey, meth, NULL); if (meth) UI_destroy_method(meth); if (!key) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM private key\n")); openconnect_report_ssl_errors(vpninfo); ret = -EINVAL; goto out; } if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) { vpn_progress(vpninfo, PRG_ERR, _("Add key from TPM failed\n")); openconnect_report_ssl_errors(vpninfo); ret = -EINVAL; } EVP_PKEY_free(key); out: ENGINE_finish(e); ENGINE_free(e); return ret; }
void ca_engine_init(void) { ENGINE *e; const char *errstr, *name; if ((e = ENGINE_get_default_RSA()) == NULL) { if ((e = ENGINE_new()) == NULL) { errstr = "ENGINE_new"; goto fail; } if (!ENGINE_set_name(e, rsae_method.name)) { errstr = "ENGINE_set_name"; goto fail; } if ((rsa_default = RSA_get_default_method()) == NULL) { errstr = "RSA_get_default_method"; goto fail; } } else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) { errstr = "ENGINE_get_RSA"; goto fail; } if ((name = ENGINE_get_name(e)) == NULL) name = "unknown RSA engine"; log_debug("debug: %s: using %s", __func__, name); if (rsa_default->flags & RSA_FLAG_SIGN_VER) fatalx("unsupported RSA engine"); if (rsa_default->rsa_mod_exp == NULL) rsae_method.rsa_mod_exp = NULL; if (rsa_default->bn_mod_exp == NULL) rsae_method.bn_mod_exp = NULL; if (rsa_default->rsa_keygen == NULL) rsae_method.rsa_keygen = NULL; rsae_method.flags = rsa_default->flags | RSA_METHOD_FLAG_NO_CHECK; rsae_method.app_data = rsa_default->app_data; if (!ENGINE_set_RSA(e, &rsae_method)) { errstr = "ENGINE_set_RSA"; goto fail; } if (!ENGINE_set_default_RSA(e)) { errstr = "ENGINE_set_default_RSA"; goto fail; } return; fail: ssl_error(errstr); fatalx("%s", errstr); }
int main(int argc, char *argv[]) { int err=0; int v; RSA *key; unsigned char ptext[256]; unsigned char ctext[256]; static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; unsigned char ctext_ex[256]; int plen; int clen = 0; int num; int n; ENGINE *e; const char *engine_id = "remote"; ENGINE_load_builtin_engines(); e = ENGINE_by_id(engine_id); if(!e) /* the engine isn't available */ return 1; if(!ENGINE_init(e)) { /* the engine couldn't initialise, release 'e' */ ERR_print_errors_fp(stderr); ENGINE_free(e); return 1; } if(!ENGINE_set_default_RSA(e)) /* This should only happen when 'e' can't initialise, but the previous * statement suggests it did. */ abort(); ENGINE_ctrl_cmd_string(e, "ADD_WORKER", "local1,127.0.0.1:1234", 0); CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ plen = sizeof(ptext_ex) - 1; for (v = 0; v < 6; v++) { key = RSA_new(); switch (v%3) { case 0: clen = key1(key, ctext_ex); break; case 1: clen = key2(key, ctext_ex); break; case 2: clen = key3(key, ctext_ex); break; } if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME; num = RSA_public_encrypt(plen, ptext_ex, ctext, key, RSA_PKCS1_PADDING); if (num != clen) { printf("PKCS#1 v1.5 encryption failed!\n"); err=1; goto oaep; } num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING); if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { printf("PKCS#1 v1.5 decryption failed!\n"); err=1; } else printf("PKCS #1 v1.5 encryption/decryption ok\n"); oaep: ERR_clear_error(); num = RSA_public_encrypt(plen, ptext_ex, ctext, key, RSA_PKCS1_OAEP_PADDING); if (num == -1 && pad_unknown()) { printf("No OAEP support\n"); goto next; } if (num != clen) { printf("OAEP encryption failed!\n"); err=1; goto next; } num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_OAEP_PADDING); if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { printf("OAEP decryption (encrypted data) failed!\n"); err=1; } else if (memcmp(ctext, ctext_ex, num) == 0) printf("OAEP test vector %d passed!\n", v); /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try decrypting ctext_ex */ num = RSA_private_decrypt(clen, ctext_ex, ptext, key, RSA_PKCS1_OAEP_PADDING); if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { printf("OAEP decryption (test vector data) failed!\n"); err=1; } else printf("OAEP encryption/decryption ok\n"); /* Try decrypting corrupted ciphertexts */ for(n = 0 ; n < clen ; ++n) { int b; unsigned char saved = ctext[n]; for(b = 0 ; b < 256 ; ++b) { if(b == saved) continue; ctext[n] = b; num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_OAEP_PADDING); if(num > 0) { printf("Corrupt data decrypted!\n"); err = 1; } } } next: RSA_free(key); } ENGINE_finish(e); ENGINE_free(e); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); CRYPTO_mem_leaks_fp(stderr); #ifdef OPENSSL_SYS_NETWARE if (err) printf("ERROR: %d\n", err); #endif return err; }