static int capi_init(ENGINE *e)
{
CAPI_CTX *ctx;
const RSA_METHOD *ossl_rsa_meth;
const DSA_METHOD *ossl_dsa_meth;
if (capi_idx < 0) {
capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
if (capi_idx < 0)
goto memerr;
cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
/* Setup RSA_METHOD */
rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_rsa_meth = RSA_PKCS1_SSLeay();
capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
/* Setup DSA Method */
dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
ossl_dsa_meth = DSA_OpenSSL();
capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
}
ctx = capi_ctx_new();
if (!ctx)
goto memerr;
ENGINE_set_ex_data(e, capi_idx, ctx);
# ifdef OPENSSL_CAPIENG_DIALOG
{
HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
if (cryptui)
ctx->certselectdlg =
(CERTDLG) GetProcAddress(cryptui,
"CryptUIDlgSelectCertificateFromStore");
if (kernel)
ctx->getconswindow =
(GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow");
if (cryptui && !OPENSSL_isservice())
ctx->client_cert_select = cert_select_dialog;
}
# endif
return 1;
memerr:
CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
return 0;
return 1;
}
inline int rsa_key::register_index(long argl, void* argp, CRYPTO_EX_new* new_func, CRYPTO_EX_dup* dup_func, CRYPTO_EX_free* free_func)
{
int index = RSA_get_ex_new_index(argl, argp, new_func, dup_func, free_func);
error::throw_error_if(index < 0);
return index;
}
static void alloc_rsa_ex_index()
{
if (rsa_ex_index == 0) {
while (rsa_ex_index == 0) /* Workaround for OpenSSL RT3710 */
rsa_ex_index = RSA_get_ex_new_index(0, "libp11 rsa",
NULL, NULL, NULL);
if (rsa_ex_index < 0)
rsa_ex_index = 0; /* Fallback to app_data */
}
}
/* (de)initialisation functions. */
static int e_gmp_init(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
if (hndidx_rsa == -1)
hndidx_rsa = RSA_get_ex_new_index(0,
"GMP-based RSA key handle",
NULL, NULL, NULL);
#endif
if (hndidx_rsa == -1)
return 0;
return 1;
}
static int tpm_rsa_init(RSA *rsa)
{
DBG("%s", __FUNCTION__);
if (ex_app_data == TPM_ENGINE_EX_DATA_UNINIT)
ex_app_data = RSA_get_ex_new_index(0, NULL, NULL, NULL, NULL);
if (ex_app_data == TPM_ENGINE_EX_DATA_UNINIT) {
TSSerr(TPM_F_TPM_RSA_INIT, TPM_R_REQUEST_FAILED);
return 0;
}
return 1;
}
static RSA_METHOD *get_pkcs11_rsa_method(void) {
static RSA_METHOD *pkcs11_rsa_method = NULL;
if(pkcs11_rsa_key_idx == -1) {
pkcs11_rsa_key_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
}
if(pkcs11_rsa_method == NULL) {
#if OPENSSL_VERSION_NUMBER < 0x10100005L
const RSA_METHOD *def = RSA_get_default_method();
pkcs11_rsa_method = calloc(1, sizeof(*pkcs11_rsa_method));
memcpy(pkcs11_rsa_method, def, sizeof(*pkcs11_rsa_method));
pkcs11_rsa_method->name = "pkcs11";
pkcs11_rsa_method->rsa_priv_enc = pkcs11_rsa_private_encrypt;
pkcs11_rsa_method->rsa_priv_dec = pkcs11_rsa_private_decrypt;
#else
pkcs11_rsa_method = RSA_meth_dup(RSA_get_default_method());
RSA_meth_set1_name(pkcs11_rsa_method, "pkcs11");
RSA_meth_set_priv_enc(pkcs11_rsa_method, pkcs11_rsa_private_encrypt);
RSA_meth_set_priv_dec(pkcs11_rsa_method, pkcs11_rsa_private_decrypt);
#endif
}
return pkcs11_rsa_method;
}
/* (de)initialisation functions. */
static int surewarehk_init(ENGINE *e)
{
char msg[64]="ENGINE_init";
SureWareHook_Init_t *p1=NULL;
SureWareHook_Finish_t *p2=NULL;
SureWareHook_Rand_Bytes_t *p3=NULL;
SureWareHook_Rand_Seed_t *p4=NULL;
SureWareHook_Load_Privkey_t *p5=NULL;
SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
SureWareHook_Free_t *p7=NULL;
SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
SureWareHook_Rsa_Sign_t *p9=NULL;
SureWareHook_Dsa_Sign_t *p12=NULL;
SureWareHook_Info_Pubkey_t *p13=NULL;
SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
SureWareHook_Mod_Exp_t *p15=NULL;
if(surewarehk_dso != NULL)
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
goto err;
}
/* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
if(surewarehk_dso == NULL)
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
goto err;
}
if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
!(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
!(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
!(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
!(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
!(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
!(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
!(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
!(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
!(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
!(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
!(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
!(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
goto err;
}
/* Copy the pointers */
p_surewarehk_Init = p1;
p_surewarehk_Finish = p2;
p_surewarehk_Rand_Bytes = p3;
p_surewarehk_Rand_Seed = p4;
p_surewarehk_Load_Privkey = p5;
p_surewarehk_Load_Rsa_Pubkey = p6;
p_surewarehk_Free = p7;
p_surewarehk_Rsa_Priv_Dec = p8;
p_surewarehk_Rsa_Sign = p9;
p_surewarehk_Dsa_Sign = p12;
p_surewarehk_Info_Pubkey = p13;
p_surewarehk_Load_Dsa_Pubkey = p14;
p_surewarehk_Mod_Exp = p15;
/* Contact the hardware and initialises it. */
if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
goto err;
}
if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
goto err;
}
/* try to load the default private key, if failed does not return a failure but
wait for an explicit ENGINE_load_privakey */
surewarehk_load_privkey(e,NULL,NULL,NULL);
/* Everything's fine. */
#ifndef OPENSSL_NO_RSA
if (rsaHndidx == -1)
rsaHndidx = RSA_get_ex_new_index(0,
(void*)"SureWareHook RSA key handle",
NULL, NULL, surewarehk_ex_free);
#endif
#ifndef OPENSSL_NO_DSA
if (dsaHndidx == -1)
dsaHndidx = DSA_get_ex_new_index(0,
(void*)"SureWareHook DSA key handle",
NULL, NULL, surewarehk_ex_free);
#endif
return 1;
err:
if(surewarehk_dso)
DSO_free(surewarehk_dso);
surewarehk_dso = NULL;
p_surewarehk_Init = NULL;
p_surewarehk_Finish = NULL;
p_surewarehk_Rand_Bytes = NULL;
p_surewarehk_Rand_Seed = NULL;
p_surewarehk_Load_Privkey = NULL;
p_surewarehk_Load_Rsa_Pubkey = NULL;
p_surewarehk_Free = NULL;
p_surewarehk_Rsa_Priv_Dec = NULL;
p_surewarehk_Rsa_Sign = NULL;
p_surewarehk_Dsa_Sign = NULL;
p_surewarehk_Info_Pubkey = NULL;
p_surewarehk_Load_Dsa_Pubkey = NULL;
p_surewarehk_Mod_Exp = NULL;
return 0;
}
static int ibm_4758_cca_init(ENGINE *e)
{
if (dso) {
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_ALREADY_LOADED);
goto err;
}
dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
if (!dso) {
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
goto err;
}
# ifndef OPENSSL_NO_RSA
if (!(keyRecordRead = (F_KEYRECORDREAD)
DSO_bind_func(dso, n_keyRecordRead)) ||
!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
DSO_bind_func(dso, n_randomNumberGenerate)) ||
!(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
!(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
DSO_bind_func(dso, n_digitalSignatureVerify)) ||
!(publicKeyExtract = (F_PUBLICKEYEXTRACT)
DSO_bind_func(dso, n_publicKeyExtract)) ||
!(pkaEncrypt = (F_PKAENCRYPT)
DSO_bind_func(dso, n_pkaEncrypt)) || !(pkaDecrypt = (F_PKADECRYPT)
DSO_bind_func(dso,
n_pkaDecrypt)))
{
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
goto err;
}
# else
if (!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
DSO_bind_func(dso, n_randomNumberGenerate))) {
CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
goto err;
}
# endif
# ifndef OPENSSL_NO_RSA
hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
NULL, NULL, cca_ex_free);
# endif
return 1;
err:
if (dso)
DSO_free(dso);
dso = NULL;
# ifndef OPENSSL_NO_RSA
keyRecordRead = (F_KEYRECORDREAD) 0;
digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0;
digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
pkaEncrypt = (F_PKAENCRYPT) 0;
pkaDecrypt = (F_PKADECRYPT) 0;
# endif
randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
return 0;
}
/* (de)initialisation functions. */
static int hwcrhk_init(ENGINE *e)
{
HWCryptoHook_Init_t *p1;
HWCryptoHook_Finish_t *p2;
HWCryptoHook_ModExp_t *p3;
#ifndef OPENSSL_NO_RSA
HWCryptoHook_RSA_t *p4;
HWCryptoHook_RSALoadKey_t *p5;
HWCryptoHook_RSAGetPublicKey_t *p6;
HWCryptoHook_RSAUnloadKey_t *p7;
#endif
HWCryptoHook_RandomBytes_t *p8;
HWCryptoHook_ModExpCRT_t *p9;
if(hwcrhk_dso != NULL)
{
HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
goto err;
}
/* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
if(hwcrhk_dso == NULL)
{
HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
goto err;
}
if(!(p1 = (HWCryptoHook_Init_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
!(p2 = (HWCryptoHook_Finish_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
!(p3 = (HWCryptoHook_ModExp_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
#ifndef OPENSSL_NO_RSA
!(p4 = (HWCryptoHook_RSA_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
!(p5 = (HWCryptoHook_RSALoadKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
!(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
!(p7 = (HWCryptoHook_RSAUnloadKey_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
#endif
!(p8 = (HWCryptoHook_RandomBytes_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
!(p9 = (HWCryptoHook_ModExpCRT_t *)
DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
{
HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
goto err;
}
/* Copy the pointers */
p_hwcrhk_Init = p1;
p_hwcrhk_Finish = p2;
p_hwcrhk_ModExp = p3;
#ifndef OPENSSL_NO_RSA
p_hwcrhk_RSA = p4;
p_hwcrhk_RSALoadKey = p5;
p_hwcrhk_RSAGetPublicKey = p6;
p_hwcrhk_RSAUnloadKey = p7;
#endif
p_hwcrhk_RandomBytes = p8;
p_hwcrhk_ModExpCRT = p9;
/* Check if the application decided to support dynamic locks,
and if it does, use them. */
if (disable_mutex_callbacks == 0)
{
if (CRYPTO_get_dynlock_create_callback() != NULL &&
CRYPTO_get_dynlock_lock_callback() != NULL &&
CRYPTO_get_dynlock_destroy_callback() != NULL)
{
hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
}
}
/* Try and get a context - if not, we may have a DSO but no
* accelerator! */
if(!get_context(&hwcrhk_context, &password_context))
{
HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
goto err;
}
/* Everything's fine. */
#ifndef OPENSSL_NO_RSA
if (hndidx_rsa == -1)
hndidx_rsa = RSA_get_ex_new_index(0,
"nFast HWCryptoHook RSA key handle",
NULL, NULL, NULL);
#endif
return 1;
err:
if(hwcrhk_dso)
DSO_free(hwcrhk_dso);
hwcrhk_dso = NULL;
p_hwcrhk_Init = NULL;
p_hwcrhk_Finish = NULL;
p_hwcrhk_ModExp = NULL;
#ifndef OPENSSL_NO_RSA
p_hwcrhk_RSA = NULL;
p_hwcrhk_RSALoadKey = NULL;
p_hwcrhk_RSAGetPublicKey = NULL;
p_hwcrhk_RSAUnloadKey = NULL;
#endif
p_hwcrhk_ModExpCRT = NULL;
p_hwcrhk_RandomBytes = NULL;
return 0;
}
/**
* Called to initialize RSA's ex_data for the key_id handle. This should
* only be called when protected by a lock.
*/
static void init_rsa_key_handle() {
rsa_key_handle = RSA_get_ex_new_index(0, NULL, keyhandle_new, keyhandle_dup,
keyhandle_free);
}
PKCS11H_BOOL
_pkcs11h_openssl_initialize (void) {
PKCS11H_BOOL ret = FALSE;
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_openssl_initialize - entered"
);
#ifndef OPENSSL_NO_RSA
if (__openssl_methods.rsa != NULL) {
RSA_meth_free (__openssl_methods.rsa);
}
if ((__openssl_methods.rsa = RSA_meth_dup (RSA_get_default_method ())) == NULL) {
goto cleanup;
}
RSA_meth_set1_name (__openssl_methods.rsa, "pkcs11h");
RSA_meth_set_priv_dec (__openssl_methods.rsa, __pkcs11h_openssl_rsa_dec);
RSA_meth_set_priv_enc (__openssl_methods.rsa, __pkcs11h_openssl_rsa_enc);
RSA_meth_set_flags (__openssl_methods.rsa, RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY);
__openssl_methods.rsa_index = RSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
#ifndef OPENSSL_NO_DSA
if (__openssl_methods.dsa != NULL) {
DSA_meth_free (__openssl_methods.dsa);
}
__openssl_methods.dsa = DSA_meth_dup (DSA_get_default_method ());
DSA_meth_set1_name (__openssl_methods.dsa, "pkcs11h");
DSA_meth_set_sign (__openssl_methods.dsa, __pkcs11h_openssl_dsa_do_sign);
__openssl_methods.dsa_index = DSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
#ifdef __ENABLE_EC
if (__openssl_methods.ecdsa != NULL) {
ECDSA_METHOD_free(__openssl_methods.ecdsa);
}
__openssl_methods.ecdsa = ECDSA_METHOD_new ((ECDSA_METHOD *)ECDSA_get_default_method ());
ECDSA_METHOD_set_name(__openssl_methods.ecdsa, "pkcs11h");
ECDSA_METHOD_set_sign(__openssl_methods.ecdsa, __pkcs11h_openssl_ecdsa_do_sign);
__openssl_methods.ecdsa_index = ECDSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
ret = TRUE;
cleanup:
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_openssl_initialize - return %d",
ret
);
return ret;
}
