static int bind_helper (ENGINE *e) { if (!ENGINE_set_id(e, FS_ENGINE_ID) || !ENGINE_set_name (e, FS_ENGINE_NAME) || !ENGINE_set_destroy_function (e, engine_fs_destroy) || !ENGINE_set_finish_function (e, engine_fs_finish) || !ENGINE_set_ctrl_function (e, engine_fs_ctrl) || !ENGINE_set_load_privkey_function (e, engine_fs_load_private_key) || !ENGINE_set_RSA (e, &engine_fs_rsa) /*|| !ENGINE_set_load_pubkey_function (e, engine_fs_load_public_key) || !ENGINE_set_init_function (e, engine_fs_init) || !ENGINE_set_DSA (e, engine_fs_dsa) || !ENGINE_set_ECDH (e, engine_fs_dh) || !ENGINE_set_ECDSA (e, engine_fs_dh) || !ENGINE_set_DH (e, engine_fs_dh) || !ENGINE_set_RAND (e, engine_fs_rand) || !ENGINE_set_STORE (e, asn1_i2d_ex_primitiveengine_fs_rand) || !ENGINE_set_ciphers (e, engine_fs_syphers_f) || !ENGINE_set_digests (e, engine_fs_digest_f) || !ENGINE_set_flags (e, engine_fs_flags) || !ENGINE_set_cmd_defns (e, engine_fs_cmd_defns)*/) { return (0); } if (!ENGINE_set_RSA (e, &engine_fs_rsa) || !register_rsa_methods ()) { return 0; } return (1); }
/* This internal function is used by ENGINE_gmp() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { #ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; #endif if(!ENGINE_set_id(e, engine_e_gmp_id) || !ENGINE_set_name(e, engine_e_gmp_name) || #ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &e_gmp_rsa) || #endif !ENGINE_set_destroy_function(e, e_gmp_destroy) || !ENGINE_set_init_function(e, e_gmp_init) || !ENGINE_set_finish_function(e, e_gmp_finish) || !ENGINE_set_ctrl_function(e, e_gmp_ctrl) || !ENGINE_set_cmd_defns(e, e_gmp_cmd_defns)) return 0; #ifndef OPENSSL_NO_RSA meth1 = RSA_PKCS1_SSLeay(); e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc; e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec; e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc; e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec; e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp; #endif /* Ensure the e_gmp error handling is set up */ ERR_load_GMP_strings(); return 1; }
/* This internal function is used by ENGINE_pkcs11() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, PKCS11_ENGINE_ID) || !ENGINE_set_destroy_function(e, engine_destroy) || !ENGINE_set_init_function(e, engine_init) || !ENGINE_set_finish_function(e, engine_finish) || !ENGINE_set_ctrl_function(e, engine_ctrl) || !ENGINE_set_cmd_defns(e, engine_cmd_defns) || !ENGINE_set_name(e, PKCS11_ENGINE_NAME) || #ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, PKCS11_get_rsa_method()) || #endif #if OPENSSL_VERSION_NUMBER >= 0x10100002L #ifndef OPENSSL_NO_EC /* PKCS11_get_ec_key_method combines ECDSA and ECDH */ !ENGINE_set_EC(e, PKCS11_get_ec_key_method()) || #endif /* OPENSSL_NO_EC */ #else /* OPENSSL_VERSION_NUMBER */ #ifndef OPENSSL_NO_ECDSA !ENGINE_set_ECDSA(e, PKCS11_get_ecdsa_method()) || #endif #ifndef OPENSSL_NO_ECDH !ENGINE_set_ECDH(e, PKCS11_get_ecdh_method()) || #endif #endif /* OPENSSL_VERSION_NUMBER */ !ENGINE_set_load_pubkey_function(e, load_pubkey) || !ENGINE_set_load_privkey_function(e, load_privkey)) { return 0; } else { return 1; } }
static int keystore_engine_setup(ENGINE* e) { ALOGV("keystore_engine_setup"); if (!ENGINE_set_id(e, KEYSTORE_ENGINE_ID) || !ENGINE_set_name(e, KEYSTORE_ENGINE_NAME) || !ENGINE_set_load_privkey_function(e, keystore_loadkey) || !ENGINE_set_load_pubkey_function(e, keystore_loadkey) || !ENGINE_set_cmd_defns(e, keystore_cmd_defns)) { ALOGE("Could not set up keystore engine"); return 0; } if (!ENGINE_set_RSA(e, &keystore_rsa_meth) || !register_rsa_methods()) { ALOGE("Could not set up keystore RSA methods"); return 0; } /* We need a handle in the RSA keys as well for keygen if it's not already initialized. */ pthread_once(&rsa_key_handle_control, init_rsa_key_handle); if (rsa_key_handle < 0) { ALOGE("Could not set up RSA ex_data index"); return 0; } return 1; }
/* ---------------------*/ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, engine_cluster_labs_id) || !ENGINE_set_name(e, engine_cluster_labs_name) || # ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &cluster_labs_rsa) || # endif # ifndef OPENSSL_NO_DSA !ENGINE_set_DSA(e, &cluster_labs_dsa) || # endif # ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &cluster_labs_dh) || # endif !ENGINE_set_RAND(e, &cluster_labs_rand) || !ENGINE_set_destroy_function(e, cluster_labs_destroy) || !ENGINE_set_init_function(e, cluster_labs_init) || !ENGINE_set_finish_function(e, cluster_labs_finish) || !ENGINE_set_ctrl_function(e, cluster_labs_ctrl) || !ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns)) return 0; /* Ensure the error handling is set up */ ERR_load_CL_strings(); return 1; }
/* * This internal function is used by ENGINE_ubsec() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { # ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; # endif # ifndef OPENSSL_NO_DH # ifndef HAVE_UBSEC_DH const DH_METHOD *meth3; # endif /* HAVE_UBSEC_DH */ # endif if (!ENGINE_set_id(e, engine_ubsec_id) || !ENGINE_set_name(e, engine_ubsec_name) || # ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &ubsec_rsa) || # endif # ifndef OPENSSL_NO_DSA !ENGINE_set_DSA(e, &ubsec_dsa) || # endif # ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &ubsec_dh) || # endif !ENGINE_set_destroy_function(e, ubsec_destroy) || !ENGINE_set_init_function(e, ubsec_init) || !ENGINE_set_finish_function(e, ubsec_finish) || !ENGINE_set_ctrl_function(e, ubsec_ctrl) || !ENGINE_set_cmd_defns(e, ubsec_cmd_defns)) return 0; # ifndef OPENSSL_NO_RSA /* * We know that the "PKCS1_OpenSSL()" functions hook properly to the * Broadcom-specific mod_exp and mod_exp_crt so we use those functions. * NB: We don't use ENGINE_openssl() or anything "more generic" because * something like the RSAref code may not hook properly, and if you own * one of these cards then you have the right to do RSA operations on it * anyway! */ meth1 = RSA_PKCS1_OpenSSL(); ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc; ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec; ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc; ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec; # endif # ifndef OPENSSL_NO_DH # ifndef HAVE_UBSEC_DH /* Much the same for Diffie-Hellman */ meth3 = DH_OpenSSL(); ubsec_dh.generate_key = meth3->generate_key; ubsec_dh.compute_key = meth3->compute_key; # endif /* HAVE_UBSEC_DH */ # endif /* Ensure the ubsec error handling is set up */ ERR_load_UBSEC_strings(); return 1; }
void ca_engine_init(void) { ENGINE *e; const char *errstr, *name; if ((e = ENGINE_get_default_RSA()) == NULL) { if ((e = ENGINE_new()) == NULL) { errstr = "ENGINE_new"; goto fail; } if (!ENGINE_set_name(e, rsae_method.name)) { errstr = "ENGINE_set_name"; goto fail; } if ((rsa_default = RSA_get_default_method()) == NULL) { errstr = "RSA_get_default_method"; goto fail; } } else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) { errstr = "ENGINE_get_RSA"; goto fail; } if ((name = ENGINE_get_name(e)) == NULL) name = "unknown RSA engine"; log_debug("debug: %s: using %s", __func__, name); if (rsa_default->flags & RSA_FLAG_SIGN_VER) fatalx("unsupported RSA engine"); if (rsa_default->rsa_mod_exp == NULL) rsae_method.rsa_mod_exp = NULL; if (rsa_default->bn_mod_exp == NULL) rsae_method.bn_mod_exp = NULL; if (rsa_default->rsa_keygen == NULL) rsae_method.rsa_keygen = NULL; rsae_method.flags = rsa_default->flags | RSA_METHOD_FLAG_NO_CHECK; rsae_method.app_data = rsa_default->app_data; if (!ENGINE_set_RSA(e, &rsae_method)) { errstr = "ENGINE_set_RSA"; goto fail; } if (!ENGINE_set_default_RSA(e)) { errstr = "ENGINE_set_default_RSA"; goto fail; } return; fail: ssl_error(errstr); fatalx("%s", errstr); }
static ENGINE* LoadEngine() { // This function creates an engine for PKCS#11 and inspired by // the "ENGINE_load_dynamic" function from OpenSSL, in file // "crypto/engine/eng_dyn.c" ENGINE* engine = ENGINE_new(); if (!engine) { LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11"; throw OrthancException(ErrorCode_InternalError); } // Create a PKCS#11 context using libp11 context_ = pkcs11_new(); if (!context_) { LOG(ERROR) << "Cannot create a libp11 context for PKCS#11"; ENGINE_free(engine); throw OrthancException(ErrorCode_InternalError); } if (!ENGINE_set_id(engine, PKCS11_ENGINE_ID) || !ENGINE_set_name(engine, PKCS11_ENGINE_NAME) || !ENGINE_set_cmd_defns(engine, PKCS11_ENGINE_COMMANDS) || // Register the callback functions !ENGINE_set_init_function(engine, EngineInitialize) || !ENGINE_set_finish_function(engine, EngineFinalize) || !ENGINE_set_destroy_function(engine, EngineDestroy) || !ENGINE_set_ctrl_function(engine, EngineControl) || !ENGINE_set_load_pubkey_function(engine, EngineLoadPublicKey) || !ENGINE_set_load_privkey_function(engine, EngineLoadPrivateKey) || !ENGINE_set_RSA(engine, PKCS11_get_rsa_method()) || !ENGINE_set_ECDSA(engine, PKCS11_get_ecdsa_method()) || !ENGINE_set_ECDH(engine, PKCS11_get_ecdh_method()) || #if OPENSSL_VERSION_NUMBER >= 0x10100002L !ENGINE_set_EC(engine, PKCS11_get_ec_key_method()) || #endif // Make OpenSSL know about our PKCS#11 engine !ENGINE_add(engine)) { LOG(ERROR) << "Cannot initialize the OpenSSL engine for PKCS#11"; pkcs11_finish(context_); ENGINE_free(engine); throw OrthancException(ErrorCode_InternalError); } // If the "ENGINE_add" worked, it gets a structural // reference. We release our just-created reference. ENGINE_free(engine); return ENGINE_by_id(PKCS11_ENGINE_ID); }
static PKCS11H_BOOL __pkcs11h_openssl_session_setRSA( IN const pkcs11h_openssl_session_t openssl_session, IN EVP_PKEY * evp ) { PKCS11H_BOOL ret = FALSE; RSA *rsa = NULL; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_session_setRSA - entered openssl_session=%p, evp=%p", (void *)openssl_session, (void *)evp ); if ( (rsa = EVP_PKEY_get1_RSA (evp)) == NULL ) { _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get RSA key"); goto cleanup; } RSA_set_method (rsa, __openssl_methods.rsa); RSA_set_ex_data (rsa, __openssl_methods.rsa_index, openssl_session); #if OPENSSL_VERSION_NUMBER < 0x10100001L rsa->flags |= RSA_FLAG_SIGN_VER; #endif #ifdef BROKEN_OPENSSL_ENGINE if (!rsa->engine) { rsa->engine = ENGINE_get_default_RSA (); } ENGINE_set_RSA(ENGINE_get_default_RSA (), &openssl_session->rsa); _PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: OpenSSL engine support is broken! Workaround enabled"); #endif ret = TRUE; cleanup: if (rsa != NULL) { RSA_free (rsa); rsa = NULL; } _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: __pkcs11h_openssl_session_setRSA - return ret=%d", ret ); return ret; }
static int bind_devcrypto(ENGINE *e) { if (!ENGINE_set_id(e, engine_devcrypto_id) || !ENGINE_set_name(e, "/dev/crypto engine") || !ENGINE_set_destroy_function(e, devcrypto_unload) || !ENGINE_set_cmd_defns(e, devcrypto_cmds) || !ENGINE_set_ctrl_function(e, devcrypto_ctrl)) return 0; prepare_cipher_methods(); #ifdef IMPLEMENT_DIGEST prepare_digest_methods(); #endif return (ENGINE_set_ciphers(e, devcrypto_ciphers) #ifdef IMPLEMENT_DIGEST && ENGINE_set_digests(e, devcrypto_digests) #endif /* * Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD * implementations, it seems to only exist in FreeBSD, and regarding the * parameters in its crypt_kop, the manual crypto(4) has this to say: * * The semantics of these arguments are currently undocumented. * * Reading through the FreeBSD source code doesn't give much more than * their CRK_MOD_EXP implementation for ubsec. * * It doesn't look much better with cryptodev-linux. They have the crypt_kop * structure as well as the command (CRK_*) in cryptodev.h, but no support * seems to be implemented at all for the moment. * * At the time of writing, it seems impossible to write proper support for * FreeBSD's asym features without some very deep knowledge and access to * specific kernel modules. * * /Richard Levitte, 2017-05-11 */ #if 0 # ifndef OPENSSL_NO_RSA && ENGINE_set_RSA(e, devcrypto_rsa) # endif # ifndef OPENSSL_NO_DSA && ENGINE_set_DSA(e, devcrypto_dsa) # endif # ifndef OPENSSL_NO_DH && ENGINE_set_DH(e, devcrypto_dh) # endif # ifndef OPENSSL_NO_EC && ENGINE_set_EC(e, devcrypto_ec) # endif #endif ); }
/* * This internal function is used by ENGINE_chil() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { # ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; # endif # ifndef OPENSSL_NO_DH const DH_METHOD *meth2; # endif if (!ENGINE_set_id(e, engine_hwcrhk_id) || !ENGINE_set_name(e, engine_hwcrhk_name) || # ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &hwcrhk_rsa) || # endif # ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &hwcrhk_dh) || # endif !ENGINE_set_RAND(e, &hwcrhk_rand) || !ENGINE_set_destroy_function(e, hwcrhk_destroy) || !ENGINE_set_init_function(e, hwcrhk_init) || !ENGINE_set_finish_function(e, hwcrhk_finish) || !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) || !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) || !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) || !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns)) return 0; # ifndef OPENSSL_NO_RSA /* * We know that the "PKCS1_SSLeay()" functions hook properly to the * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB: * We don't use ENGINE_openssl() or anything "more generic" because * something like the RSAref code may not hook properly, and if you own * one of these cards then you have the right to do RSA operations on it * anyway! */ meth1 = RSA_PKCS1_SSLeay(); hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc; hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec; # endif # ifndef OPENSSL_NO_DH /* Much the same for Diffie-Hellman */ meth2 = DH_OpenSSL(); hwcrhk_dh.generate_key = meth2->generate_key; hwcrhk_dh.compute_key = meth2->compute_key; # endif /* Ensure the hwcrhk error handling is set up */ ERR_load_HWCRHK_strings(); return 1; }
static int bind_dasync(ENGINE *e) { /* Ensure the dasync error handling is set up */ ERR_load_DASYNC_strings(); if (!ENGINE_set_id(e, engine_dasync_id) || !ENGINE_set_name(e, engine_dasync_name) || !ENGINE_set_RSA(e, &dasync_rsa_method) || !ENGINE_set_digests(e, dasync_digests) || !ENGINE_set_destroy_function(e, dasync_destroy) || !ENGINE_set_init_function(e, dasync_init) || !ENGINE_set_finish_function(e, dasync_finish)) { DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); return 0; } return 1; }
static int bind_rsaref(ENGINE *e) { const RSA_METHOD *meth1; if(!ENGINE_set_id(e, engine_rsaref_id) || !ENGINE_set_name(e, engine_rsaref_name) || !ENGINE_set_RSA(e, &rsaref_rsa) || !ENGINE_set_ciphers(e, rsaref_ciphers) || !ENGINE_set_digests(e, rsaref_digests) || !ENGINE_set_destroy_function(e, rsaref_destroy) || !ENGINE_set_init_function(e, rsaref_init) || !ENGINE_set_finish_function(e, rsaref_finish) /* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */ /* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns) */) return 0; /* Ensure the rsaref error handling is set up */ ERR_load_RSAREF_strings(); return 1; }
static ENGINE * sc_get_engine(void) { static ENGINE *smart_engine = NULL; if ((smart_engine = ENGINE_new()) == NULL) fatal("ENGINE_new failed"); ENGINE_set_id(smart_engine, "sectok"); ENGINE_set_name(smart_engine, "libsectok"); ENGINE_set_RSA(smart_engine, sc_get_rsa_method()); ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method()); ENGINE_set_DH(smart_engine, DH_get_default_openssl_method()); ENGINE_set_RAND(smart_engine, RAND_SSLeay()); ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp); return smart_engine; }
/* * This internal function is used by ENGINE_openssl() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, engine_openssl_id) || !ENGINE_set_name(e, engine_openssl_name) || !ENGINE_set_destroy_function(e, openssl_destroy) #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS # ifndef OPENSSL_NO_RSA || !ENGINE_set_RSA(e, RSA_get_default_method()) # endif # ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, DSA_get_default_method()) # endif # ifndef OPENSSL_NO_EC || !ENGINE_set_EC(e, EC_KEY_OpenSSL()) # endif # ifndef OPENSSL_NO_DH || !ENGINE_set_DH(e, DH_get_default_method()) # endif || !ENGINE_set_RAND(e, RAND_OpenSSL()) # ifdef TEST_ENG_OPENSSL_RC4 || !ENGINE_set_ciphers(e, openssl_ciphers) # endif # ifdef TEST_ENG_OPENSSL_SHA || !ENGINE_set_digests(e, openssl_digests) # endif #endif #ifdef TEST_ENG_OPENSSL_PKEY || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) #endif #ifdef TEST_ENG_OPENSSL_HMAC || !ossl_register_hmac_meth() || !ENGINE_set_pkey_meths(e, ossl_pkey_meths) #endif ) return 0; /* * If we add errors to this ENGINE, ensure the error handling is setup * here */ /* openssl_load_error_strings(); */ return 1; }
static int bind_capi(ENGINE *e) { if (!ENGINE_set_id(e, engine_capi_id) || !ENGINE_set_name(e, engine_capi_name) || !ENGINE_set_init_function(e, capi_init) || !ENGINE_set_finish_function(e, capi_finish) || !ENGINE_set_destroy_function(e, capi_destroy) || !ENGINE_set_RSA(e, &capi_rsa_method) || !ENGINE_set_DSA(e, &capi_dsa_method) || !ENGINE_set_load_privkey_function(e, capi_load_privkey) || !ENGINE_set_load_ssl_client_cert_function(e, capi_load_ssl_client_cert) || !ENGINE_set_cmd_defns(e, capi_cmd_defns) || !ENGINE_set_ctrl_function(e, capi_ctrl)) return 0; ERR_load_CAPI_strings(); return 1; }
/* This internal function is used by ENGINE_tpm() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE * e) { if (!ENGINE_set_id(e, engine_tpm_id) || !ENGINE_set_name(e, engine_tpm_name) || #ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &tpm_rsa) || #endif !ENGINE_set_RAND(e, &tpm_rand) || !ENGINE_set_destroy_function(e, tpm_engine_destroy) || !ENGINE_set_init_function(e, tpm_engine_init) || !ENGINE_set_finish_function(e, tpm_engine_finish) || !ENGINE_set_ctrl_function(e, tpm_engine_ctrl) || !ENGINE_set_load_pubkey_function(e, tpm_engine_load_key) || !ENGINE_set_load_privkey_function(e, tpm_engine_load_key) || !ENGINE_set_cmd_defns(e, tpm_cmd_defns)) return 0; /* Ensure the tpm error handling is set up */ ERR_load_TPM_strings(); return 1; }
/* This internal function is used by ENGINE_openssl() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { if(!ENGINE_set_id(e, engine_openssl_id) || !ENGINE_set_name(e, engine_openssl_name) #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS #ifndef OPENSSL_NO_RSA || !ENGINE_set_RSA(e, RSA_get_default_method()) #endif #ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, DSA_get_default_method()) #endif #ifndef OPENSSL_NO_ECDH || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) #endif #ifndef OPENSSL_NO_ECDSA || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) #endif #ifndef OPENSSL_NO_DH || !ENGINE_set_DH(e, DH_get_default_method()) #endif || !ENGINE_set_RAND(e, RAND_SSLeay()) #ifdef TEST_ENG_OPENSSL_RC4 || !ENGINE_set_ciphers(e, openssl_ciphers) #endif #ifdef TEST_ENG_OPENSSL_SHA || !ENGINE_set_digests(e, openssl_digests) #endif #endif //MS: #ifndef OPENSSL_NO_STDIO #ifdef TEST_ENG_OPENSSL_PKEY || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) #endif #endif ) return 0; /* If we add errors to this ENGINE, ensure the error handling is setup here */ /* openssl_load_error_strings(); */ return 1; }
/* ---------------------*/ static int bind_helper(ENGINE *e) { if (!ENGINE_set_id(e, engine_4758_cca_id) || !ENGINE_set_name(e, engine_4758_cca_name) || # ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) || # endif !ENGINE_set_RAND(e, &ibm_4758_cca_rand) || !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) || !ENGINE_set_init_function(e, ibm_4758_cca_init) || !ENGINE_set_finish_function(e, ibm_4758_cca_finish) || !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) || # ifndef OPENSSL_NO_RSA !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) || !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) || # endif !ENGINE_set_cmd_defns(e, cca4758_cmd_defns)) return 0; /* Ensure the error handling is set up */ ERR_load_CCA4758_strings(); return 1; }
static int bind_HCSP(ENGINE* e) { if (!ENGINE_set_id(e, engine_HCSP_id) || !ENGINE_set_name(e, engine_HCSP_name) || !ENGINE_set_RSA(e, &HCSP_rsa) || !ENGINE_set_destroy_function(e, HCSP_destroy) || !ENGINE_set_init_function(e, HCSP_init) || !ENGINE_set_finish_function(e, HCSP_finish) || !ENGINE_set_load_pubkey_function(e, HCSP_load_key) || !ENGINE_set_load_privkey_function(e, HCSP_load_key) #ifdef FILE_CONFIG || !ENGINE_set_ctrl_function(e, HCSP_ctrl) || !ENGINE_set_cmd_defns(e, HCSP_cmd_defns) #endif ) return 0; /* Ensure the rsaref error handling is set up */ #ifndef OPENSSL_NO_ERR ERR_load_HCSP_strings(); #endif return 1; }
/* * This engine is always built into libcrypto, so it doesn't offer any * ability to be dynamically loadable. */ void engine_load_devcrypto_int() { ENGINE *e = NULL; if (access("/dev/crypto", R_OK | W_OK) < 0) { fprintf(stderr, "/dev/crypto not present, not enabling devcrypto engine\n"); return; } prepare_cipher_methods(); #if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL) prepare_digest_methods(); #endif if ((e = ENGINE_new()) == NULL) return; if (!ENGINE_set_id(e, "devcrypto") || !ENGINE_set_name(e, "/dev/crypto engine") || !ENGINE_set_destroy_function(e, devcrypto_unload) /* * Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD * implementations, it seems to only exist in FreeBSD, and regarding the * parameters in its crypt_kop, the manual crypto(4) has this to say: * * The semantics of these arguments are currently undocumented. * * Reading through the FreeBSD source code doesn't give much more than * their CRK_MOD_EXP implementation for ubsec. * * It doesn't look much better with cryptodev-linux. They have the crypt_kop * structure as well as the command (CRK_*) in cryptodev.h, but no support * seems to be implemented at all for the moment. * * At the time of writing, it seems impossible to write proper support for * FreeBSD's asym features without some very deep knowledge and access to * specific kernel modules. * * /Richard Levitte, 2017-05-11 */ #if 0 # ifndef OPENSSL_NO_RSA || !ENGINE_set_RSA(e, devcrypto_rsa) # endif # ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, devcrypto_dsa) # endif # ifndef OPENSSL_NO_DH || !ENGINE_set_DH(e, devcrypto_dh) # endif # ifndef OPENSSL_NO_EC || !ENGINE_set_EC(e, devcrypto_ec) # endif #endif || !ENGINE_set_ciphers(e, devcrypto_ciphers) #if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL) || !ENGINE_set_digests(e, devcrypto_digests) #endif ) { ENGINE_free(e); return; } ENGINE_add(e); ENGINE_free(e); /* Loose our local reference */ ERR_clear_error(); }
/* * This internal function is used by ENGINE_nuron() and possibly by the * "dynamic" ENGINE support too */ static int bind_helper(ENGINE *e) { # ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; # endif # ifndef OPENSSL_NO_DSA const DSA_METHOD *meth2; # endif # ifndef OPENSSL_NO_DH const DH_METHOD *meth3; # endif if (!ENGINE_set_id(e, engine_nuron_id) || !ENGINE_set_name(e, engine_nuron_name) || # ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &nuron_rsa) || # endif # ifndef OPENSSL_NO_DSA !ENGINE_set_DSA(e, &nuron_dsa) || # endif # ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &nuron_dh) || # endif !ENGINE_set_destroy_function(e, nuron_destroy) || !ENGINE_set_init_function(e, nuron_init) || !ENGINE_set_finish_function(e, nuron_finish) || !ENGINE_set_ctrl_function(e, nuron_ctrl) || !ENGINE_set_cmd_defns(e, nuron_cmd_defns)) return 0; # ifndef OPENSSL_NO_RSA /* * We know that the "PKCS1_SSLeay()" functions hook properly to the * nuron-specific mod_exp and mod_exp_crt so we use those functions. NB: * We don't use ENGINE_openssl() or anything "more generic" because * something like the RSAref code may not hook properly, and if you own * one of these cards then you have the right to do RSA operations on it * anyway! */ meth1 = RSA_PKCS1_SSLeay(); nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc; nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec; nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc; nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec; # endif # ifndef OPENSSL_NO_DSA /* * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits. */ meth2 = DSA_OpenSSL(); nuron_dsa.dsa_do_sign = meth2->dsa_do_sign; nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup; nuron_dsa.dsa_do_verify = meth2->dsa_do_verify; # endif # ifndef OPENSSL_NO_DH /* Much the same for Diffie-Hellman */ meth3 = DH_OpenSSL(); nuron_dh.generate_key = meth3->generate_key; nuron_dh.compute_key = meth3->compute_key; # endif /* Ensure the nuron error handling is set up */ ERR_load_NURON_strings(); return 1; }
/* ARGSUSED */ static int t4_bind(ENGINE *e) { _Bool aes_engage, digest_engage, des_engage, montmul_engage; t4_instructions_present(&aes_engage, &des_engage, &digest_engage, &montmul_engage); #ifdef DEBUG_T4 (void) fprintf(stderr, "t4_bind: engage aes=%d, des=%d, digest=%d\n", aes_engage, des_engage, digest_engage); #endif #ifndef OPENSSL_NO_DES if (!des_engage) { /* Remove DES ciphers from list */ t4_cipher_count -= t4_des_cipher_count; } #endif #ifndef SOLARIS_NO_AES_CTR /* * We must do this before we start working with slots since we need all * NIDs there. */ if (aes_engage) { if (t4_add_aes_ctr_NIDs() == 0) { T4_FREE_AES_CTR_NIDS; return (0); } } #endif /* !SOLARIS_NO_AES_CTR */ #ifdef DEBUG_T4 (void) fprintf(stderr, "t4_cipher_count = %d; t4_cipher_nids[] =\n", t4_cipher_count); for (int i = 0; i < t4_cipher_count; ++i) { (void) fprintf(stderr, " %d", t4_cipher_nids[i]); } (void) fprintf(stderr, "\n"); #endif /* DEBUG_T4 */ /* Register T4 engine ID, name, and functions */ if (!ENGINE_set_id(e, ENGINE_T4_ID) || !ENGINE_set_name(e, aes_engage ? ENGINE_T4_NAME: ENGINE_NO_T4_NAME) || !ENGINE_set_init_function(e, t4_init) || (aes_engage && !ENGINE_set_ciphers(e, t4_get_all_ciphers)) || (digest_engage && !ENGINE_set_digests(e, t4_get_all_digests)) || #ifndef OPENSSL_NO_RSA (montmul_engage && !ENGINE_set_RSA(e, t4_RSA())) || #endif /* OPENSSL_NO_RSA */ #ifndef OPENSSL_NO_DH (montmul_engage && !ENGINE_set_DH(e, t4_DH())) || #endif /* OPENSSL_NO_DH */ #ifndef OPENSSL_NO_DSA (montmul_engage && !ENGINE_set_DSA(e, t4_DSA())) || #endif /* OPENSSL_NO_DSA */ !ENGINE_set_destroy_function(e, t4_destroy)) { T4_FREE_AES_CTR_NIDS; return (0); } return (1); }
void ENGINE_load_builtin_engines(void) { ENGINE *engine; int ret; engine = ENGINE_new(); if (engine == NULL) return; ENGINE_set_id(engine, "builtin"); ENGINE_set_name(engine, "Heimdal crypto builtin (ltm) engine version " PACKAGE_VERSION); ENGINE_set_RSA(engine, RSA_ltm_method()); ENGINE_set_DH(engine, DH_ltm_method()); ret = add_engine(engine); if (ret != 1) ENGINE_finish(engine); #ifdef USE_HCRYPTO_TFM /* * TFM */ engine = ENGINE_new(); if (engine == NULL) return; ENGINE_set_id(engine, "tfm"); ENGINE_set_name(engine, "Heimdal crypto tfm engine version " PACKAGE_VERSION); ENGINE_set_RSA(engine, RSA_tfm_method()); ENGINE_set_DH(engine, DH_tfm_method()); ret = add_engine(engine); if (ret != 1) ENGINE_finish(engine); #endif /* USE_HCRYPTO_TFM */ #ifdef USE_HCRYPTO_LTM /* * ltm */ engine = ENGINE_new(); if (engine == NULL) return; ENGINE_set_id(engine, "ltm"); ENGINE_set_name(engine, "Heimdal crypto ltm engine version " PACKAGE_VERSION); ENGINE_set_RSA(engine, RSA_ltm_method()); ENGINE_set_DH(engine, DH_ltm_method()); ret = add_engine(engine); if (ret != 1) ENGINE_finish(engine); #endif #ifdef HAVE_GMP /* * gmp */ engine = ENGINE_new(); if (engine == NULL) return; ENGINE_set_id(engine, "gmp"); ENGINE_set_name(engine, "Heimdal crypto gmp engine version " PACKAGE_VERSION); ENGINE_set_RSA(engine, RSA_gmp_method()); ret = add_engine(engine); if (ret != 1) ENGINE_finish(engine); #endif }
/* As this is only ever called once, there's no need for locking * (indeed - the lock will already be held by our caller!!!) */ static int bind_sureware(ENGINE *e) { #ifndef OPENSSL_NO_RSA const RSA_METHOD *meth1; #endif #ifndef OPENSSL_NO_DSA const DSA_METHOD *meth2; #endif #ifndef OPENSSL_NO_DH const DH_METHOD *meth3; #endif if(!ENGINE_set_id(e, engine_sureware_id) || !ENGINE_set_name(e, engine_sureware_name) || #ifndef OPENSSL_NO_RSA !ENGINE_set_RSA(e, &surewarehk_rsa) || #endif #ifndef OPENSSL_NO_DSA !ENGINE_set_DSA(e, &surewarehk_dsa) || #endif #ifndef OPENSSL_NO_DH !ENGINE_set_DH(e, &surewarehk_dh) || #endif !ENGINE_set_RAND(e, &surewarehk_rand) || !ENGINE_set_destroy_function(e, surewarehk_destroy) || !ENGINE_set_init_function(e, surewarehk_init) || !ENGINE_set_finish_function(e, surewarehk_finish) || !ENGINE_set_ctrl_function(e, (ENGINE_CTRL_FUNC_PTR)surewarehk_ctrl) || !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) || !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey)) return 0; #ifndef OPENSSL_NO_RSA /* We know that the "PKCS1_SSLeay()" functions hook properly * to the cswift-specific mod_exp and mod_exp_crt so we use * those functions. NB: We don't use ENGINE_openssl() or * anything "more generic" because something like the RSAref * code may not hook properly, and if you own one of these * cards then you have the right to do RSA operations on it * anyway! */ meth1 = RSA_PKCS1_SSLeay(); if (meth1) { surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; } #endif #ifndef OPENSSL_NO_DSA /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish * bits. */ meth2 = DSA_OpenSSL(); if (meth2) { surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify; } #endif #ifndef OPENSSL_NO_DH /* Much the same for Diffie-Hellman */ meth3 = DH_OpenSSL(); if (meth3) { surewarehk_dh.generate_key = meth3->generate_key; surewarehk_dh.compute_key = meth3->compute_key; } #endif /* Ensure the sureware error handling is set up */ ERR_load_SUREWARE_strings(); return 1; }
void ENGINE_load_cryptodev(void) { ENGINE *engine = ENGINE_new(); int fd; if (engine == NULL) return; if ((fd = get_dev_crypto()) < 0) { ENGINE_free(engine); return; } /* * find out what asymmetric crypto algorithms we support */ if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { close(fd); ENGINE_free(engine); return; } close(fd); if (!ENGINE_set_id(engine, "cryptodev") || !ENGINE_set_name(engine, "BSD cryptodev engine") || !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || !ENGINE_set_digests(engine, cryptodev_engine_digests) || !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { ENGINE_free(engine); return; } if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; if (cryptodev_asymfeat & CRF_MOD_EXP) { cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp; else cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp; } } if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { const DSA_METHOD *meth = DSA_OpenSSL(); memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); if (cryptodev_asymfeat & CRF_DSA_SIGN) cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; if (cryptodev_asymfeat & CRF_MOD_EXP) { cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; } if (cryptodev_asymfeat & CRF_DSA_VERIFY) cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; } if (ENGINE_set_DH(engine, &cryptodev_dh)){ const DH_METHOD *dh_meth = DH_OpenSSL(); cryptodev_dh.generate_key = dh_meth->generate_key; cryptodev_dh.compute_key = dh_meth->compute_key; cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; if (cryptodev_asymfeat & CRF_MOD_EXP) { cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) cryptodev_dh.compute_key = cryptodev_dh_compute_key; } } ENGINE_add(engine); ENGINE_free(engine); ERR_clear_error(); }
int neverbleed_init(neverbleed_t *nb, char *errbuf) { int pipe_fds[2] = {-1, -1}, listen_fd = -1; char *tempdir = NULL; const RSA_METHOD *default_method = RSA_PKCS1_SSLeay(); rsa_method.rsa_pub_enc = default_method->rsa_pub_enc; rsa_method.rsa_pub_dec = default_method->rsa_pub_dec; rsa_method.rsa_verify = default_method->rsa_verify; /* setup the daemon */ if (pipe(pipe_fds) != 0) { snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "pipe(2) failed:%s", strerror(errno)); goto Fail; } fcntl(pipe_fds[1], F_SETFD, O_CLOEXEC); if ((tempdir = strdup("/tmp/openssl-privsep.XXXXXX")) == NULL) { snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "no memory"); goto Fail; } if (mkdtemp(tempdir) == NULL) { snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "failed to create temporary directory under /tmp:%s", strerror(errno)); goto Fail; } memset(&nb->sun_, 0, sizeof(nb->sun_)); nb->sun_.sun_family = AF_UNIX; snprintf(nb->sun_.sun_path, sizeof(nb->sun_.sun_path), "%s/_", tempdir); RAND_bytes(nb->auth_token, sizeof(nb->auth_token)); if ((listen_fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) { snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "socket(2) failed:%s", strerror(errno)); goto Fail; } if (bind(listen_fd, (void *)&nb->sun_, sizeof(nb->sun_)) != 0) { snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "failed to bind to %s:%s", nb->sun_.sun_path, strerror(errno)); goto Fail; } if (listen(listen_fd, SOMAXCONN) != 0) { snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "listen(2) failed:%s", strerror(errno)); goto Fail; } switch (fork()) { case -1: snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "fork(2) failed:%s", strerror(errno)); goto Fail; case 0: close(pipe_fds[1]); #ifdef __linux__ prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); #endif memcpy(daemon_auth_token, nb->auth_token, NEVERBLEED_AUTH_TOKEN_SIZE); daemon_main(listen_fd, pipe_fds[0], tempdir); break; default: break; } close(listen_fd); listen_fd = -1; close(pipe_fds[0]); pipe_fds[0] = -1; /* setup engine */ if ((nb->engine = ENGINE_new()) == NULL || !ENGINE_set_id(nb->engine, "neverbleed") || !ENGINE_set_name(nb->engine, "privilege separation software engine") || !ENGINE_set_RSA(nb->engine, &rsa_method)) { snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "failed to initialize the OpenSSL engine"); goto Fail; } ENGINE_add(nb->engine); /* setup thread key */ pthread_key_create(&nb->thread_key, dispose_thread_data); free(tempdir); return 0; Fail: if (pipe_fds[0] != -1) close(pipe_fds[0]); if (pipe_fds[1] != -1) close(pipe_fds[1]); if (tempdir != NULL) { unlink_dir(tempdir); free(tempdir); } if (listen_fd != -1) close(listen_fd); if (nb->engine != NULL) { ENGINE_free(nb->engine); nb->engine = NULL; } return -1; }
void ENGINE_load_builtin_engines(void) { ENGINE *engine; int ret; engine = ENGINE_new(); if (engine == NULL) { return; } ENGINE_set_id(engine, "builtin"); ENGINE_set_name(engine, "cryptoshims builtin engine version " PACKAGE_VERSION); /* * XXX <radr://problem/107832242> and <rda://problem/8174874> are * blocking the use of CommonCrypto's RSA code for OpenSSH. * * XXX <rdar://problem/10488503> is blocking the use of * CommonCrypto's (non-existing) DSA. * * XXX <rdar://problem/10771223> and <rdar://problem/10771188> are * blocking the use of CommonCrypto's DH code. */ #if !defined(PR_10783242_FIXED) || !defined(PR_8174774_FIXED) || !defined(PR_10488503_FIXED) || !defined(PR_10771223_FIXED) || !defined(PR_10771188_FIXED) ENGINE_set_DH(engine, DH_eay_method()); ENGINE_set_DSA(engine, DSA_eay_method()); ENGINE_set_RSA(engine, RSA_eay_method()); #elif defined(HAVE_COMMONCRYPTO_COMMONRSACRYPTOR_H) && defined(HAVE_COMMONCRYPTO_COMMONDH_H) && defined(HAVE_COMMONCRYPTO_COMMONDSACRYPTOR_H) ENGINE_set_DH(engine, DH_eay_method()); ENGINE_set_DSA(engine, DSA_eay_method()); ENGINE_set_RSA(engine, RSA_cc_method()); #elif HAVE_CDSA ENGINE_set_DH(engine, DH_cdsa_method()); ENGINE_set_DSA(engine, DSA_null_method()); ENGINE_set_RSA(engine, RSA_cdsa_method()); #elif defined(__APPLE_TARGET_EMBEDDED__) ENGINE_set_DH(engine, DH_null_method()); ENGINE_set_DSA(engine, DSA_null_method()); ENGINE_set_RSA(engine, RSA_null_method()); #elif defined(HEIM_HC_SF) ENGINE_set_RSA(engine, RSA_ltm_method()); ENGINE_set_DH(engine, DH_sf_method()); ENGINE_set_DSA(engine, DSA_null_method()); #elif defined(HEIM_HC_LTM) ENGINE_set_RSA(engine, RSA_ltm_method()); ENGINE_set_DH(engine, DH_ltm_method()); ENGINE_set_DSA(engine, DSA_null_method()); #else ENGINE_set_RSA(engine, RSA_tfm_method()); ENGINE_set_DH(engine, DH_tfm_method()); ENGINE_set_DSA(engine, DSA_null_method()); #endif ret = add_engine(engine); if (ret != 1) { ENGINE_finish(engine); } #if !defined(PR_10783242_FIXED) || !defined(PR_8174774_FIXED) || !defined(PR_1048850_FIXED) || !defined(PR_10771223_FIXED) || !defined(PR_10771188_FIXED) /* * EAY */ engine = ENGINE_new(); if (engine == NULL) { return; } ENGINE_set_id(engine, "eay"); ENGINE_set_name(engine, "ossl eay engine version " PACKAGE_VERSION); ENGINE_set_RSA(engine, RSA_eay_method()); ENGINE_set_DH(engine, DH_eay_method()); ENGINE_set_DSA(engine, DSA_eay_method()); ret = add_engine(engine); if (ret != 1) { ENGINE_finish(engine); } #endif #if defined(HAVE_COMMONCRYPTO_COMMONRSACRYPTOR_H) && defined(HAVE_COMMONCRYPTO_COMMONDH_H) && defined(HAVE_COMMONCRYPTO_COMMONDSACRYPTOR_H) /* * CC */ engine = ENGINE_new(); if (engine == NULL) { return; } ENGINE_set_id(engine, "cc"); ENGINE_set_name(engine, "ossl cc engine version " PACKAGE_VERSION); ENGINE_set_RSA(engine, RSA_cc_method()); ENGINE_set_DH(engine, DH_cc_method()); ENGINE_set_DSA(engine, DSA_eay_method()); ret = add_engine(engine); if (ret != 1) { ENGINE_finish(engine); } #endif /* COMMONCRYPTO */ #ifdef USE_HCRYPTO_TFM /* * TFM */ engine = ENGINE_new(); if (engine == NULL) { return; } ENGINE_set_id(engine, "tfm"); ENGINE_set_name(engine, "ossl tfm engine version " PACKAGE_VERSION); ENGINE_set_RSA(engine, RSA_tfm_method()); ENGINE_set_DH(engine, DH_tfm_method()); ret = add_engine(engine); if (ret != 1) { ENGINE_finish(engine); } #endif /* USE_HCRYPTO_TFM */ #ifdef USE_HCRYPTO_LTM /* * ltm */ engine = ENGINE_new(); if (engine == NULL) { return; } ENGINE_set_id(engine, "ltm"); ENGINE_set_name(engine, "ossl ltm engine version " PACKAGE_VERSION); ENGINE_set_RSA(engine, RSA_ltm_method()); ENGINE_set_DH(engine, DH_ltm_method()); ret = add_engine(engine); if (ret != 1) { ENGINE_finish(engine); } #endif #ifdef HAVE_GMP /* * gmp */ engine = ENGINE_new(); if (engine == NULL) { return; } ENGINE_set_id(engine, "gmp"); ENGINE_set_name(engine, "ossl gmp engine version " PACKAGE_VERSION); ENGINE_set_RSA(engine, RSA_gmp_method()); ret = add_engine(engine); if (ret != 1) { ENGINE_finish(engine); } #endif }
static int bind_dasync(ENGINE *e) { /* Setup RSA_METHOD */ if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0 || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0 || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0 || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0 || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0 || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0 || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0 || RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) { DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); return 0; } /* Ensure the dasync error handling is set up */ ERR_load_DASYNC_strings(); if (!ENGINE_set_id(e, engine_dasync_id) || !ENGINE_set_name(e, engine_dasync_name) || !ENGINE_set_RSA(e, dasync_rsa_method) || !ENGINE_set_digests(e, dasync_digests) || !ENGINE_set_ciphers(e, dasync_ciphers) || !ENGINE_set_destroy_function(e, dasync_destroy) || !ENGINE_set_init_function(e, dasync_init) || !ENGINE_set_finish_function(e, dasync_finish)) { DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED); return 0; } /* * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests * supplied by this engine */ _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption); if (_hidden_sha1_md == NULL || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH) || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK) || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md, sizeof(EVP_MD *) + sizeof(SHA_CTX)) || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT) || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init) || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update) || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) { EVP_MD_meth_free(_hidden_sha1_md); _hidden_sha1_md = NULL; } _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc, 16 /* block size */, 16 /* key len */); if (_hidden_aes_128_cbc == NULL || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16) || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc, EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_PIPELINE) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc, dasync_aes128_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc, dasync_aes128_cbc_cipher) || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc, dasync_aes128_cbc_cleanup) || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc, dasync_aes128_cbc_ctrl) || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc, sizeof(struct dasync_pipeline_ctx))) { EVP_CIPHER_meth_free(_hidden_aes_128_cbc); _hidden_aes_128_cbc = NULL; } _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new( NID_aes_128_cbc_hmac_sha1, 16 /* block size */, 16 /* key len */); if (_hidden_aes_128_cbc_hmac_sha1 == NULL || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16) || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1, EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_PIPELINE) || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1, dasync_aes128_cbc_hmac_sha1_init_key) || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1, dasync_aes128_cbc_hmac_sha1_cipher) || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1, dasync_aes128_cbc_hmac_sha1_cleanup) || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1, dasync_aes128_cbc_hmac_sha1_ctrl) || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1, sizeof(struct dasync_pipeline_ctx))) { EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); _hidden_aes_128_cbc_hmac_sha1 = NULL; } return 1; }
/****************************************************************************** * function: * bind_qat(ENGINE *e, * const char *id) * * @param e [IN] - OpenSSL engine pointer * @param id [IN] - engine id * * description: * Connect Qat engine to OpenSSL engine library ******************************************************************************/ static int bind_qat(ENGINE *e, const char *id) { int ret = 0; WARN("QAT Warnings enabled.\n"); DEBUG("QAT Debug enabled.\n"); DEBUG("[%s] id=%s\n", __func__, id); if (id && (strcmp(id, engine_qat_id) != 0)) { WARN("ENGINE_id defined already!\n"); goto end; } if (!ENGINE_set_id(e, engine_qat_id)) { WARN("ENGINE_set_id failed\n"); goto end; } if (!ENGINE_set_name(e, engine_qat_name)) { WARN("ENGINE_set_name failed\n"); goto end; } /* Ensure the QAT error handling is set up */ ERR_load_QAT_strings(); /* * Create static structures for ciphers now * as this function will be called by a single thread. */ qat_create_ciphers(); #ifndef OPENSSL_ENABLE_QAT_SMALL_PACKET_CIPHER_OFFLOADS CRYPTO_THREAD_run_once(&qat_pkt_threshold_table_once,qat_pkt_threshold_table_make_key); #endif DEBUG("%s: About to set mem functions\n", __func__); if (!ENGINE_set_RSA(e, qat_get_RSA_methods())) { WARN("ENGINE_set_RSA failed\n"); goto end; } if (!ENGINE_set_DSA(e, qat_get_DSA_methods())) { WARN("ENGINE_set_DSA failed\n"); goto end; } if (!ENGINE_set_DH(e, qat_get_DH_methods())) { WARN("ENGINE_set_DH failed\n"); goto end; } if (!ENGINE_set_EC(e, qat_get_EC_methods())) { WARN("ENGINE_set_EC failed\n"); goto end; } if (!ENGINE_set_ciphers(e, qat_ciphers)) { WARN("ENGINE_set_ciphers failed\n"); goto end; } if (!ENGINE_set_pkey_meths(e, qat_PRF_pkey_methods)) { WARN("ENGINE_set_pkey_meths failed\n"); goto end; } pthread_atfork(engine_fork_handler, NULL, NULL); if (!ENGINE_set_destroy_function(e, qat_engine_destroy) || !ENGINE_set_init_function(e, qat_engine_init) || !ENGINE_set_finish_function(e, qat_engine_finish) || !ENGINE_set_ctrl_function(e, qat_engine_ctrl) || !ENGINE_set_cmd_defns(e, qat_cmd_defns)) { WARN("[%s] failed reg destroy, init or finish\n", __func__); goto end; } ret = 1; end: return ret; }