int ENGINE_set_default(ENGINE *e, unsigned int flags)
{
if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
return 0;
if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
return 0;
#ifndef OPENSSL_NO_RSA
if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
return 0;
#endif
#ifndef OPENSSL_NO_DSA
if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
return 0;
#endif
#ifndef OPENSSL_NO_DH
if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
return 0;
#endif
#ifndef OPENSSL_NO_ECDH
if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
return 0;
#endif
#ifndef OPENSSL_NO_ECDSA
if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
return 0;
#endif
if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
return 0;
return 1;
}
static int openssl_engine_set_default(lua_State*L){
ENGINE* eng = CHECK_OBJECT(1,ENGINE,"openssl.engine");
int ret = 0;
int first = 3;
int top = lua_gettop(L);
if(top==2){
if(lua_isnumber(L, 2))
{
int methods = luaL_checkint(L, 2);
ret = ENGINE_set_default(eng, methods);
}else if(lua_isstring(L,2)){
const char* s = luaL_checkstring(L, 2);
ret = ENGINE_set_default_string(eng, s);
}else
luaL_error(L, "#2 must be a number or string");
lua_pushboolean(L, ret);
return 1;
}
while(first<=top){
int c = luaL_checkoption(L, first, "RSA",list);
switch(c){
case 0:
ret = ENGINE_set_default_RSA(eng);
break;
case 1:
ret = ENGINE_set_default_DSA(eng);
break;
case 2:
ret = ENGINE_set_default_ECDH(eng);
break;
case 3:
ret = ENGINE_set_default_ECDSA(eng);
break;
case 4:
ret = ENGINE_set_default_DH(eng);
break;
case 5:
ret = ENGINE_set_default_RAND(eng);
break;
case 7:
ret = ENGINE_set_default_ciphers(eng);
break;
case 8:
ret = ENGINE_set_default_digests(eng);
break;
case 6:
default:
luaL_error(L,"not support %d for %s",c, list[c]);
break;
}
first++;
if(ret!=1){
lua_pushboolean(L, 0);
return 1;
}
}
lua_pushboolean(L, ret);
return 1;
};
CryptoDevEngine::CryptoDevEngine( int /* dummy */ )
{
DEBUG( "cryptodev: ctor: loading and configuring" );
ENGINE_load_cryptodev();
ENGINE * cde = ENGINE_by_id( "cryptodev" );
if ( ! cde )
throw Exception( "cryptodev: load failed" );
m_pEngine = cde;
DEBUG( "cryptodev: ctor: initializing " << m_pEngine );
if ( 1 != ENGINE_init( cde ) )
throw Exception( "cryptodev: init failed" );
#if USE_CRYPTODEV_RSA
DEBUG( "cryptodev: ctor: setting as rsa default" );
if ( 1 != ENGINE_set_default_RSA( cde ) )
throw Exception( "cryptodev: could not use for RSA" );
#endif // USE_CRYPTODEV_RSA
#if USE_CRYPTODEV_CIPHERS
DEBUG( "cryptodev: ctor: setting as cipher default" );
if ( 1 != ENGINE_set_default_ciphers( cde ) )
throw Exception( "cryptodev: could not use for ciphers" );
#endif // USE_CRYPTODEV_CIPHERS
#if USE_CRYPTODEV_DIGESTS
DEBUG( "cryptodev: ctor: setting as digest default" );
if ( 1 != ENGINE_set_default_digests( cde ) )
throw Exception( "cryptodev: could not use for digests" );
#endif // USE_CRYPTODEV_DIGESTS
DEBUG( "cryptodev: ctor: done" );
}
static SSL_CTX * ssl_server_init(const char *keypath, const char *certpath)
{
SSL_CTX *ctx;
ENGINE *e;
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
e = ENGINE_by_id("padlock");
if (e) {
fprintf(stderr, "[*] Using padlock engine for default ciphers\n");
ENGINE_set_default_ciphers(ENGINE_by_id("padlock"));
use_padlock_engine = 1;
} else {
fprintf(stderr, "[*] Padlock engine not available\n");
use_padlock_engine = 0;
}
SSL_load_error_strings();
SSL_library_init();
if (!RAND_poll())
return NULL;
ctx = SSL_CTX_new(SSLv23_server_method());
if (!SSL_CTX_use_certificate_chain_file(ctx, certpath) ||
!SSL_CTX_use_PrivateKey_file(ctx, keypath, SSL_FILETYPE_PEM)) {
fprintf(stderr, "Could not read %s or %s file\n", keypath, certpath);
fprintf(stderr, "To generate a key and self-signed certificate, run:\n");
fprintf(stderr, "\topenssl genrsa -out key.pem 2048\n");
fprintf(stderr, "\topenssl req -new -key key.pem -out cert.req\n");
fprintf(stderr, "\topenssl x509 -req -days 365 -in cert.req -signkey key.pem -out cert.pem\n");
return NULL;
}
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
if (use_padlock_engine == 1) {
if (SSL_CTX_set_cipher_list(ctx, "AES+SHA") != 1) {
fprintf(stderr, "Error setting client cipher list\n");
return NULL;
}
}
return ctx;
}
