int ENGINE_set_default(ENGINE *e, unsigned int flags) { if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e)) return 0; if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) return 0; #ifndef OPENSSL_NO_RSA if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) return 0; #endif #ifndef OPENSSL_NO_DSA if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) return 0; #endif #ifndef OPENSSL_NO_DH if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) return 0; #endif #ifndef OPENSSL_NO_ECDH if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) return 0; #endif #ifndef OPENSSL_NO_ECDSA if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) return 0; #endif if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) return 0; return 1; }
static int openssl_engine_set_default(lua_State*L){ ENGINE* eng = CHECK_OBJECT(1,ENGINE,"openssl.engine"); int ret = 0; int first = 3; int top = lua_gettop(L); if(top==2){ if(lua_isnumber(L, 2)) { int methods = luaL_checkint(L, 2); ret = ENGINE_set_default(eng, methods); }else if(lua_isstring(L,2)){ const char* s = luaL_checkstring(L, 2); ret = ENGINE_set_default_string(eng, s); }else luaL_error(L, "#2 must be a number or string"); lua_pushboolean(L, ret); return 1; } while(first<=top){ int c = luaL_checkoption(L, first, "RSA",list); switch(c){ case 0: ret = ENGINE_set_default_RSA(eng); break; case 1: ret = ENGINE_set_default_DSA(eng); break; case 2: ret = ENGINE_set_default_ECDH(eng); break; case 3: ret = ENGINE_set_default_ECDSA(eng); break; case 4: ret = ENGINE_set_default_DH(eng); break; case 5: ret = ENGINE_set_default_RAND(eng); break; case 7: ret = ENGINE_set_default_ciphers(eng); break; case 8: ret = ENGINE_set_default_digests(eng); break; case 6: default: luaL_error(L,"not support %d for %s",c, list[c]); break; } first++; if(ret!=1){ lua_pushboolean(L, 0); return 1; } } lua_pushboolean(L, ret); return 1; };
CryptoDevEngine::CryptoDevEngine( int /* dummy */ ) { DEBUG( "cryptodev: ctor: loading and configuring" ); ENGINE_load_cryptodev(); ENGINE * cde = ENGINE_by_id( "cryptodev" ); if ( ! cde ) throw Exception( "cryptodev: load failed" ); m_pEngine = cde; DEBUG( "cryptodev: ctor: initializing " << m_pEngine ); if ( 1 != ENGINE_init( cde ) ) throw Exception( "cryptodev: init failed" ); #if USE_CRYPTODEV_RSA DEBUG( "cryptodev: ctor: setting as rsa default" ); if ( 1 != ENGINE_set_default_RSA( cde ) ) throw Exception( "cryptodev: could not use for RSA" ); #endif // USE_CRYPTODEV_RSA #if USE_CRYPTODEV_CIPHERS DEBUG( "cryptodev: ctor: setting as cipher default" ); if ( 1 != ENGINE_set_default_ciphers( cde ) ) throw Exception( "cryptodev: could not use for ciphers" ); #endif // USE_CRYPTODEV_CIPHERS #if USE_CRYPTODEV_DIGESTS DEBUG( "cryptodev: ctor: setting as digest default" ); if ( 1 != ENGINE_set_default_digests( cde ) ) throw Exception( "cryptodev: could not use for digests" ); #endif // USE_CRYPTODEV_DIGESTS DEBUG( "cryptodev: ctor: done" ); }
static SSL_CTX * ssl_server_init(const char *keypath, const char *certpath) { SSL_CTX *ctx; ENGINE *e; ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); e = ENGINE_by_id("padlock"); if (e) { fprintf(stderr, "[*] Using padlock engine for default ciphers\n"); ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); use_padlock_engine = 1; } else { fprintf(stderr, "[*] Padlock engine not available\n"); use_padlock_engine = 0; } SSL_load_error_strings(); SSL_library_init(); if (!RAND_poll()) return NULL; ctx = SSL_CTX_new(SSLv23_server_method()); if (!SSL_CTX_use_certificate_chain_file(ctx, certpath) || !SSL_CTX_use_PrivateKey_file(ctx, keypath, SSL_FILETYPE_PEM)) { fprintf(stderr, "Could not read %s or %s file\n", keypath, certpath); fprintf(stderr, "To generate a key and self-signed certificate, run:\n"); fprintf(stderr, "\topenssl genrsa -out key.pem 2048\n"); fprintf(stderr, "\topenssl req -new -key key.pem -out cert.req\n"); fprintf(stderr, "\topenssl x509 -req -days 365 -in cert.req -signkey key.pem -out cert.pem\n"); return NULL; } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); if (use_padlock_engine == 1) { if (SSL_CTX_set_cipher_list(ctx, "AES+SHA") != 1) { fprintf(stderr, "Error setting client cipher list\n"); return NULL; } } return ctx; }