static int capi_init(ENGINE *e) { CAPI_CTX *ctx; const RSA_METHOD *ossl_rsa_meth; const DSA_METHOD *ossl_dsa_meth; if (capi_idx < 0) { capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0); if (capi_idx < 0) goto memerr; cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0); /* Setup RSA_METHOD */ rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0); ossl_rsa_meth = RSA_PKCS1_SSLeay(); capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc; capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec; capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp; capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp; /* Setup DSA Method */ dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0); ossl_dsa_meth = DSA_OpenSSL(); capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify; capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp; capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp; } ctx = capi_ctx_new(); if (!ctx) goto memerr; ENGINE_set_ex_data(e, capi_idx, ctx); # ifdef OPENSSL_CAPIENG_DIALOG { HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL")); HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL")); if (cryptui) ctx->certselectdlg = (CERTDLG) GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore"); if (kernel) ctx->getconswindow = (GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow"); if (cryptui && !OPENSSL_isservice()) ctx->client_cert_select = cert_select_dialog; } # endif return 1; memerr: CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE); return 0; return 1; }
inline int rsa_key::register_index(long argl, void* argp, CRYPTO_EX_new* new_func, CRYPTO_EX_dup* dup_func, CRYPTO_EX_free* free_func) { int index = RSA_get_ex_new_index(argl, argp, new_func, dup_func, free_func); error::throw_error_if(index < 0); return index; }
static void alloc_rsa_ex_index() { if (rsa_ex_index == 0) { while (rsa_ex_index == 0) /* Workaround for OpenSSL RT3710 */ rsa_ex_index = RSA_get_ex_new_index(0, "libp11 rsa", NULL, NULL, NULL); if (rsa_ex_index < 0) rsa_ex_index = 0; /* Fallback to app_data */ } }
/* (de)initialisation functions. */ static int e_gmp_init(ENGINE *e) { #ifndef OPENSSL_NO_RSA if (hndidx_rsa == -1) hndidx_rsa = RSA_get_ex_new_index(0, "GMP-based RSA key handle", NULL, NULL, NULL); #endif if (hndidx_rsa == -1) return 0; return 1; }
static int tpm_rsa_init(RSA *rsa) { DBG("%s", __FUNCTION__); if (ex_app_data == TPM_ENGINE_EX_DATA_UNINIT) ex_app_data = RSA_get_ex_new_index(0, NULL, NULL, NULL, NULL); if (ex_app_data == TPM_ENGINE_EX_DATA_UNINIT) { TSSerr(TPM_F_TPM_RSA_INIT, TPM_R_REQUEST_FAILED); return 0; } return 1; }
static RSA_METHOD *get_pkcs11_rsa_method(void) { static RSA_METHOD *pkcs11_rsa_method = NULL; if(pkcs11_rsa_key_idx == -1) { pkcs11_rsa_key_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0); } if(pkcs11_rsa_method == NULL) { #if OPENSSL_VERSION_NUMBER < 0x10100005L const RSA_METHOD *def = RSA_get_default_method(); pkcs11_rsa_method = calloc(1, sizeof(*pkcs11_rsa_method)); memcpy(pkcs11_rsa_method, def, sizeof(*pkcs11_rsa_method)); pkcs11_rsa_method->name = "pkcs11"; pkcs11_rsa_method->rsa_priv_enc = pkcs11_rsa_private_encrypt; pkcs11_rsa_method->rsa_priv_dec = pkcs11_rsa_private_decrypt; #else pkcs11_rsa_method = RSA_meth_dup(RSA_get_default_method()); RSA_meth_set1_name(pkcs11_rsa_method, "pkcs11"); RSA_meth_set_priv_enc(pkcs11_rsa_method, pkcs11_rsa_private_encrypt); RSA_meth_set_priv_dec(pkcs11_rsa_method, pkcs11_rsa_private_decrypt); #endif } return pkcs11_rsa_method; }
/* (de)initialisation functions. */ static int surewarehk_init(ENGINE *e) { char msg[64]="ENGINE_init"; SureWareHook_Init_t *p1=NULL; SureWareHook_Finish_t *p2=NULL; SureWareHook_Rand_Bytes_t *p3=NULL; SureWareHook_Rand_Seed_t *p4=NULL; SureWareHook_Load_Privkey_t *p5=NULL; SureWareHook_Load_Rsa_Pubkey_t *p6=NULL; SureWareHook_Free_t *p7=NULL; SureWareHook_Rsa_Priv_Dec_t *p8=NULL; SureWareHook_Rsa_Sign_t *p9=NULL; SureWareHook_Dsa_Sign_t *p12=NULL; SureWareHook_Info_Pubkey_t *p13=NULL; SureWareHook_Load_Dsa_Pubkey_t *p14=NULL; SureWareHook_Mod_Exp_t *p15=NULL; if(surewarehk_dso != NULL) { SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED); goto err; } /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */ surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0); if(surewarehk_dso == NULL) { SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE); goto err; } if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) || !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) || !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) || !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) || !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) || !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) || !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) || !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) || !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) || !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) || !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) || !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) || !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp))) { SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE); goto err; } /* Copy the pointers */ p_surewarehk_Init = p1; p_surewarehk_Finish = p2; p_surewarehk_Rand_Bytes = p3; p_surewarehk_Rand_Seed = p4; p_surewarehk_Load_Privkey = p5; p_surewarehk_Load_Rsa_Pubkey = p6; p_surewarehk_Free = p7; p_surewarehk_Rsa_Priv_Dec = p8; p_surewarehk_Rsa_Sign = p9; p_surewarehk_Dsa_Sign = p12; p_surewarehk_Info_Pubkey = p13; p_surewarehk_Load_Dsa_Pubkey = p14; p_surewarehk_Mod_Exp = p15; /* Contact the hardware and initialises it. */ if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE) { SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE); goto err; } if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE) { SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE); goto err; } /* try to load the default private key, if failed does not return a failure but wait for an explicit ENGINE_load_privakey */ surewarehk_load_privkey(e,NULL,NULL,NULL); /* Everything's fine. */ #ifndef OPENSSL_NO_RSA if (rsaHndidx == -1) rsaHndidx = RSA_get_ex_new_index(0, (void*)"SureWareHook RSA key handle", NULL, NULL, surewarehk_ex_free); #endif #ifndef OPENSSL_NO_DSA if (dsaHndidx == -1) dsaHndidx = DSA_get_ex_new_index(0, (void*)"SureWareHook DSA key handle", NULL, NULL, surewarehk_ex_free); #endif return 1; err: if(surewarehk_dso) DSO_free(surewarehk_dso); surewarehk_dso = NULL; p_surewarehk_Init = NULL; p_surewarehk_Finish = NULL; p_surewarehk_Rand_Bytes = NULL; p_surewarehk_Rand_Seed = NULL; p_surewarehk_Load_Privkey = NULL; p_surewarehk_Load_Rsa_Pubkey = NULL; p_surewarehk_Free = NULL; p_surewarehk_Rsa_Priv_Dec = NULL; p_surewarehk_Rsa_Sign = NULL; p_surewarehk_Dsa_Sign = NULL; p_surewarehk_Info_Pubkey = NULL; p_surewarehk_Load_Dsa_Pubkey = NULL; p_surewarehk_Mod_Exp = NULL; return 0; }
static int ibm_4758_cca_init(ENGINE *e) { if (dso) { CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_ALREADY_LOADED); goto err; } dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0); if (!dso) { CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE); goto err; } # ifndef OPENSSL_NO_RSA if (!(keyRecordRead = (F_KEYRECORDREAD) DSO_bind_func(dso, n_keyRecordRead)) || !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE) DSO_bind_func(dso, n_randomNumberGenerate)) || !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) DSO_bind_func(dso, n_digitalSignatureGenerate)) || !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY) DSO_bind_func(dso, n_digitalSignatureVerify)) || !(publicKeyExtract = (F_PUBLICKEYEXTRACT) DSO_bind_func(dso, n_publicKeyExtract)) || !(pkaEncrypt = (F_PKAENCRYPT) DSO_bind_func(dso, n_pkaEncrypt)) || !(pkaDecrypt = (F_PKADECRYPT) DSO_bind_func(dso, n_pkaDecrypt))) { CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE); goto err; } # else if (!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE) DSO_bind_func(dso, n_randomNumberGenerate))) { CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE); goto err; } # endif # ifndef OPENSSL_NO_RSA hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle", NULL, NULL, cca_ex_free); # endif return 1; err: if (dso) DSO_free(dso); dso = NULL; # ifndef OPENSSL_NO_RSA keyRecordRead = (F_KEYRECORDREAD) 0; digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0; digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0; publicKeyExtract = (F_PUBLICKEYEXTRACT)0; pkaEncrypt = (F_PKAENCRYPT) 0; pkaDecrypt = (F_PKADECRYPT) 0; # endif randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0; return 0; }
/* (de)initialisation functions. */ static int hwcrhk_init(ENGINE *e) { HWCryptoHook_Init_t *p1; HWCryptoHook_Finish_t *p2; HWCryptoHook_ModExp_t *p3; #ifndef OPENSSL_NO_RSA HWCryptoHook_RSA_t *p4; HWCryptoHook_RSALoadKey_t *p5; HWCryptoHook_RSAGetPublicKey_t *p6; HWCryptoHook_RSAUnloadKey_t *p7; #endif HWCryptoHook_RandomBytes_t *p8; HWCryptoHook_ModExpCRT_t *p9; if(hwcrhk_dso != NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED); goto err; } /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */ hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0); if(hwcrhk_dso == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); goto err; } if(!(p1 = (HWCryptoHook_Init_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) || !(p2 = (HWCryptoHook_Finish_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) || !(p3 = (HWCryptoHook_ModExp_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) || #ifndef OPENSSL_NO_RSA !(p4 = (HWCryptoHook_RSA_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) || !(p5 = (HWCryptoHook_RSALoadKey_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) || !(p6 = (HWCryptoHook_RSAGetPublicKey_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) || !(p7 = (HWCryptoHook_RSAUnloadKey_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) || #endif !(p8 = (HWCryptoHook_RandomBytes_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) || !(p9 = (HWCryptoHook_ModExpCRT_t *) DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); goto err; } /* Copy the pointers */ p_hwcrhk_Init = p1; p_hwcrhk_Finish = p2; p_hwcrhk_ModExp = p3; #ifndef OPENSSL_NO_RSA p_hwcrhk_RSA = p4; p_hwcrhk_RSALoadKey = p5; p_hwcrhk_RSAGetPublicKey = p6; p_hwcrhk_RSAUnloadKey = p7; #endif p_hwcrhk_RandomBytes = p8; p_hwcrhk_ModExpCRT = p9; /* Check if the application decided to support dynamic locks, and if it does, use them. */ if (disable_mutex_callbacks == 0) { if (CRYPTO_get_dynlock_create_callback() != NULL && CRYPTO_get_dynlock_lock_callback() != NULL && CRYPTO_get_dynlock_destroy_callback() != NULL) { hwcrhk_globals.mutex_init = hwcrhk_mutex_init; hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; } } /* Try and get a context - if not, we may have a DSO but no * accelerator! */ if(!get_context(&hwcrhk_context, &password_context)) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE); goto err; } /* Everything's fine. */ #ifndef OPENSSL_NO_RSA if (hndidx_rsa == -1) hndidx_rsa = RSA_get_ex_new_index(0, "nFast HWCryptoHook RSA key handle", NULL, NULL, NULL); #endif return 1; err: if(hwcrhk_dso) DSO_free(hwcrhk_dso); hwcrhk_dso = NULL; p_hwcrhk_Init = NULL; p_hwcrhk_Finish = NULL; p_hwcrhk_ModExp = NULL; #ifndef OPENSSL_NO_RSA p_hwcrhk_RSA = NULL; p_hwcrhk_RSALoadKey = NULL; p_hwcrhk_RSAGetPublicKey = NULL; p_hwcrhk_RSAUnloadKey = NULL; #endif p_hwcrhk_ModExpCRT = NULL; p_hwcrhk_RandomBytes = NULL; return 0; }
/** * Called to initialize RSA's ex_data for the key_id handle. This should * only be called when protected by a lock. */ static void init_rsa_key_handle() { rsa_key_handle = RSA_get_ex_new_index(0, NULL, keyhandle_new, keyhandle_dup, keyhandle_free); }
PKCS11H_BOOL _pkcs11h_openssl_initialize (void) { PKCS11H_BOOL ret = FALSE; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_openssl_initialize - entered" ); #ifndef OPENSSL_NO_RSA if (__openssl_methods.rsa != NULL) { RSA_meth_free (__openssl_methods.rsa); } if ((__openssl_methods.rsa = RSA_meth_dup (RSA_get_default_method ())) == NULL) { goto cleanup; } RSA_meth_set1_name (__openssl_methods.rsa, "pkcs11h"); RSA_meth_set_priv_dec (__openssl_methods.rsa, __pkcs11h_openssl_rsa_dec); RSA_meth_set_priv_enc (__openssl_methods.rsa, __pkcs11h_openssl_rsa_enc); RSA_meth_set_flags (__openssl_methods.rsa, RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY); __openssl_methods.rsa_index = RSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif #ifndef OPENSSL_NO_DSA if (__openssl_methods.dsa != NULL) { DSA_meth_free (__openssl_methods.dsa); } __openssl_methods.dsa = DSA_meth_dup (DSA_get_default_method ()); DSA_meth_set1_name (__openssl_methods.dsa, "pkcs11h"); DSA_meth_set_sign (__openssl_methods.dsa, __pkcs11h_openssl_dsa_do_sign); __openssl_methods.dsa_index = DSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif #ifdef __ENABLE_EC if (__openssl_methods.ecdsa != NULL) { ECDSA_METHOD_free(__openssl_methods.ecdsa); } __openssl_methods.ecdsa = ECDSA_METHOD_new ((ECDSA_METHOD *)ECDSA_get_default_method ()); ECDSA_METHOD_set_name(__openssl_methods.ecdsa, "pkcs11h"); ECDSA_METHOD_set_sign(__openssl_methods.ecdsa, __pkcs11h_openssl_ecdsa_do_sign); __openssl_methods.ecdsa_index = ECDSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif ret = TRUE; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_openssl_initialize - return %d", ret ); return ret; }