Exemplo n.º 1
0
/* This internal function is used by ENGINE_pkcs11() and possibly by the
 * "dynamic" ENGINE support too */
static int bind_helper(ENGINE *e)
{
	if (!ENGINE_set_id(e, PKCS11_ENGINE_ID) ||
			!ENGINE_set_destroy_function(e, engine_destroy) ||
			!ENGINE_set_init_function(e, engine_init) ||
			!ENGINE_set_finish_function(e, engine_finish) ||
			!ENGINE_set_ctrl_function(e, engine_ctrl) ||
			!ENGINE_set_cmd_defns(e, engine_cmd_defns) ||
			!ENGINE_set_name(e, PKCS11_ENGINE_NAME) ||
#ifndef OPENSSL_NO_RSA
			!ENGINE_set_RSA(e, PKCS11_get_rsa_method()) ||
#endif
#if OPENSSL_VERSION_NUMBER  >= 0x10100002L
#ifndef OPENSSL_NO_EC
			/* PKCS11_get_ec_key_method combines ECDSA and ECDH */
			!ENGINE_set_EC(e, PKCS11_get_ec_key_method()) ||
#endif /* OPENSSL_NO_EC */
#else /* OPENSSL_VERSION_NUMBER */
#ifndef OPENSSL_NO_ECDSA
			!ENGINE_set_ECDSA(e, PKCS11_get_ecdsa_method()) ||
#endif
#ifndef OPENSSL_NO_ECDH
			!ENGINE_set_ECDH(e, PKCS11_get_ecdh_method()) ||
#endif
#endif /* OPENSSL_VERSION_NUMBER */
			!ENGINE_set_load_pubkey_function(e, load_pubkey) ||
			!ENGINE_set_load_privkey_function(e, load_privkey)) {
		return 0;
	} else {
		return 1;
	}
}
Exemplo n.º 2
0
static int bind_helper (ENGINE *e) {

	if (!ENGINE_set_id(e, FS_ENGINE_ID) ||
		!ENGINE_set_name (e, FS_ENGINE_NAME) ||
		!ENGINE_set_destroy_function (e, engine_fs_destroy) ||
		!ENGINE_set_finish_function (e, engine_fs_finish) ||
		!ENGINE_set_ctrl_function (e, engine_fs_ctrl) ||
		!ENGINE_set_load_privkey_function (e, engine_fs_load_private_key) ||
		!ENGINE_set_RSA (e, &engine_fs_rsa) /*||
		!ENGINE_set_load_pubkey_function (e, engine_fs_load_public_key) ||
		!ENGINE_set_init_function (e, engine_fs_init) ||
		!ENGINE_set_DSA (e, engine_fs_dsa) ||
		!ENGINE_set_ECDH (e, engine_fs_dh) ||
		!ENGINE_set_ECDSA (e, engine_fs_dh) ||
		!ENGINE_set_DH (e, engine_fs_dh) ||
		!ENGINE_set_RAND (e, engine_fs_rand) ||
		!ENGINE_set_STORE (e, asn1_i2d_ex_primitiveengine_fs_rand) ||
		!ENGINE_set_ciphers (e, engine_fs_syphers_f) ||
		!ENGINE_set_digests (e, engine_fs_digest_f) ||
		!ENGINE_set_flags (e, engine_fs_flags) ||
		!ENGINE_set_cmd_defns (e, engine_fs_cmd_defns)*/) {
		return (0);
	}
	
	if (!ENGINE_set_RSA (e, &engine_fs_rsa)
                || !register_rsa_methods ()) {
            return 0;
	}
	
	return (1);
}
Exemplo n.º 3
0
static int bind_afalg(ENGINE *e)
{
    /* Ensure the afalg error handling is set up */
    ERR_load_AFALG_strings();

    if (!ENGINE_set_id(e, engine_afalg_id)
        || !ENGINE_set_name(e, engine_afalg_name)
        || !ENGINE_set_destroy_function(e, afalg_destroy)
        || !ENGINE_set_init_function(e, afalg_init)
        || !ENGINE_set_finish_function(e, afalg_finish)) {
        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
        return 0;
    }

    /*
     * Create _hidden_aes_128_cbc by calling afalg_aes_128_cbc
     * now, as bind_aflag can only be called by one thread at a
     * time.
     */
    if (afalg_aes_128_cbc() == NULL) {
        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
        return 0;
    }

    if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
        return 0;
    }

    return 1;
}
Exemplo n.º 4
0
/* ---------------------*/
static int bind_helper(ENGINE *e)
{

    if (!ENGINE_set_id(e, engine_cluster_labs_id) ||
        !ENGINE_set_name(e, engine_cluster_labs_name) ||
#  ifndef OPENSSL_NO_RSA
        !ENGINE_set_RSA(e, &cluster_labs_rsa) ||
#  endif
#  ifndef OPENSSL_NO_DSA
        !ENGINE_set_DSA(e, &cluster_labs_dsa) ||
#  endif
#  ifndef OPENSSL_NO_DH
        !ENGINE_set_DH(e, &cluster_labs_dh) ||
#  endif
        !ENGINE_set_RAND(e, &cluster_labs_rand) ||
        !ENGINE_set_destroy_function(e, cluster_labs_destroy) ||
        !ENGINE_set_init_function(e, cluster_labs_init) ||
        !ENGINE_set_finish_function(e, cluster_labs_finish) ||
        !ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||
        !ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))
        return 0;
    /* Ensure the error handling is set up */
    ERR_load_CL_strings();
    return 1;
}
Exemplo n.º 5
0
static int bind_afalg(ENGINE *e)
{
    /* Ensure the afalg error handling is set up */
    unsigned short i;
    ERR_load_AFALG_strings();

    if (!ENGINE_set_id(e, engine_afalg_id)
        || !ENGINE_set_name(e, engine_afalg_name)
        || !ENGINE_set_destroy_function(e, afalg_destroy)
        || !ENGINE_set_init_function(e, afalg_init)
        || !ENGINE_set_finish_function(e, afalg_finish)) {
        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
        return 0;
    }

    /*
     * Create _hidden_aes_xxx_cbc by calling afalg_aes_xxx_cbc
     * now, as bind_aflag can only be called by one thread at a
     * time.
     */
    for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
        if (afalg_aes_cbc(afalg_cipher_nids[i]) == NULL) {
            AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
            return 0;
        }
    }

    if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
        return 0;
    }

    return 1;
}
/* This internal function is used by ENGINE_gmp() and possibly by the
 * "dynamic" ENGINE support too */
static int bind_helper(ENGINE *e)
	{
#ifndef OPENSSL_NO_RSA
	const RSA_METHOD *meth1;
#endif
	if(!ENGINE_set_id(e, engine_e_gmp_id) ||
			!ENGINE_set_name(e, engine_e_gmp_name) ||
#ifndef OPENSSL_NO_RSA
			!ENGINE_set_RSA(e, &e_gmp_rsa) ||
#endif
			!ENGINE_set_destroy_function(e, e_gmp_destroy) ||
			!ENGINE_set_init_function(e, e_gmp_init) ||
			!ENGINE_set_finish_function(e, e_gmp_finish) ||
			!ENGINE_set_ctrl_function(e, e_gmp_ctrl) ||
			!ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))
		return 0;

#ifndef OPENSSL_NO_RSA
	meth1 = RSA_PKCS1_SSLeay();
	e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
	e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
	e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
	e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
	e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;
#endif

	/* Ensure the e_gmp error handling is set up */
	ERR_load_GMP_strings();
	return 1;
	}
Exemplo n.º 7
0
    static ENGINE* LoadEngine()
    {
      // This function creates an engine for PKCS#11 and inspired by
      // the "ENGINE_load_dynamic" function from OpenSSL, in file
      // "crypto/engine/eng_dyn.c"

      ENGINE* engine = ENGINE_new();
      if (!engine)
      {
        LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11";
        throw OrthancException(ErrorCode_InternalError);
      }

      // Create a PKCS#11 context using libp11
      context_ = pkcs11_new();
      if (!context_)
      {
        LOG(ERROR) << "Cannot create a libp11 context for PKCS#11";
        ENGINE_free(engine);
        throw OrthancException(ErrorCode_InternalError);
      }

      if (!ENGINE_set_id(engine, PKCS11_ENGINE_ID) ||
          !ENGINE_set_name(engine, PKCS11_ENGINE_NAME) ||
          !ENGINE_set_cmd_defns(engine, PKCS11_ENGINE_COMMANDS) ||

          // Register the callback functions
          !ENGINE_set_init_function(engine, EngineInitialize) ||
          !ENGINE_set_finish_function(engine, EngineFinalize) ||
          !ENGINE_set_destroy_function(engine, EngineDestroy) ||
          !ENGINE_set_ctrl_function(engine, EngineControl) ||
          !ENGINE_set_load_pubkey_function(engine, EngineLoadPublicKey) ||
          !ENGINE_set_load_privkey_function(engine, EngineLoadPrivateKey) ||

          !ENGINE_set_RSA(engine, PKCS11_get_rsa_method()) ||
          !ENGINE_set_ECDSA(engine, PKCS11_get_ecdsa_method()) ||
          !ENGINE_set_ECDH(engine, PKCS11_get_ecdh_method()) ||

#if OPENSSL_VERSION_NUMBER  >= 0x10100002L
          !ENGINE_set_EC(engine, PKCS11_get_ec_key_method()) ||
#endif

          // Make OpenSSL know about our PKCS#11 engine
          !ENGINE_add(engine))
      {
        LOG(ERROR) << "Cannot initialize the OpenSSL engine for PKCS#11";
        pkcs11_finish(context_);
        ENGINE_free(engine);
        throw OrthancException(ErrorCode_InternalError);
      }

      // If the "ENGINE_add" worked, it gets a structural
      // reference. We release our just-created reference.
      ENGINE_free(engine);

      return ENGINE_by_id(PKCS11_ENGINE_ID);
    }
Exemplo n.º 8
0
/*
 * This internal function is used by ENGINE_ubsec() and possibly by the
 * "dynamic" ENGINE support too
 */
static int bind_helper(ENGINE *e)
{
#  ifndef OPENSSL_NO_RSA
    const RSA_METHOD *meth1;
#  endif
#  ifndef OPENSSL_NO_DH
#   ifndef HAVE_UBSEC_DH
    const DH_METHOD *meth3;
#   endif                       /* HAVE_UBSEC_DH */
#  endif
    if (!ENGINE_set_id(e, engine_ubsec_id) ||
        !ENGINE_set_name(e, engine_ubsec_name) ||
#  ifndef OPENSSL_NO_RSA
        !ENGINE_set_RSA(e, &ubsec_rsa) ||
#  endif
#  ifndef OPENSSL_NO_DSA
        !ENGINE_set_DSA(e, &ubsec_dsa) ||
#  endif
#  ifndef OPENSSL_NO_DH
        !ENGINE_set_DH(e, &ubsec_dh) ||
#  endif
        !ENGINE_set_destroy_function(e, ubsec_destroy) ||
        !ENGINE_set_init_function(e, ubsec_init) ||
        !ENGINE_set_finish_function(e, ubsec_finish) ||
        !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
        !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
        return 0;

#  ifndef OPENSSL_NO_RSA
    /*
     * We know that the "PKCS1_OpenSSL()" functions hook properly to the
     * Broadcom-specific mod_exp and mod_exp_crt so we use those functions.
     * NB: We don't use ENGINE_openssl() or anything "more generic" because
     * something like the RSAref code may not hook properly, and if you own
     * one of these cards then you have the right to do RSA operations on it
     * anyway!
     */
    meth1 = RSA_PKCS1_OpenSSL();
    ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
    ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
    ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
    ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#  endif

#  ifndef OPENSSL_NO_DH
#   ifndef HAVE_UBSEC_DH
    /* Much the same for Diffie-Hellman */
    meth3 = DH_OpenSSL();
    ubsec_dh.generate_key = meth3->generate_key;
    ubsec_dh.compute_key = meth3->compute_key;
#   endif                       /* HAVE_UBSEC_DH */
#  endif

    /* Ensure the ubsec error handling is set up */
    ERR_load_UBSEC_strings();
    return 1;
}
Exemplo n.º 9
0
static int bind_devcrypto(ENGINE *e) {

    if (!ENGINE_set_id(e, engine_devcrypto_id)
        || !ENGINE_set_name(e, "/dev/crypto engine")
        || !ENGINE_set_destroy_function(e, devcrypto_unload)
        || !ENGINE_set_cmd_defns(e, devcrypto_cmds)
        || !ENGINE_set_ctrl_function(e, devcrypto_ctrl))
        return 0;

    prepare_cipher_methods();
#ifdef IMPLEMENT_DIGEST
    prepare_digest_methods();
#endif

    return (ENGINE_set_ciphers(e, devcrypto_ciphers)
#ifdef IMPLEMENT_DIGEST
        && ENGINE_set_digests(e, devcrypto_digests)
#endif
/*
 * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD
 * implementations, it seems to only exist in FreeBSD, and regarding the
 * parameters in its crypt_kop, the manual crypto(4) has this to say:
 *
 *    The semantics of these arguments are currently undocumented.
 *
 * Reading through the FreeBSD source code doesn't give much more than
 * their CRK_MOD_EXP implementation for ubsec.
 *
 * It doesn't look much better with cryptodev-linux.  They have the crypt_kop
 * structure as well as the command (CRK_*) in cryptodev.h, but no support
 * seems to be implemented at all for the moment.
 *
 * At the time of writing, it seems impossible to write proper support for
 * FreeBSD's asym features without some very deep knowledge and access to
 * specific kernel modules.
 *
 * /Richard Levitte, 2017-05-11
 */
#if 0
# ifndef OPENSSL_NO_RSA
        && ENGINE_set_RSA(e, devcrypto_rsa)
# endif
# ifndef OPENSSL_NO_DSA
        && ENGINE_set_DSA(e, devcrypto_dsa)
# endif
# ifndef OPENSSL_NO_DH
        && ENGINE_set_DH(e, devcrypto_dh)
# endif
# ifndef OPENSSL_NO_EC
        && ENGINE_set_EC(e, devcrypto_ec)
# endif
#endif
        );
}
Exemplo n.º 10
0
/*
 * This internal function is used by ENGINE_chil() and possibly by the
 * "dynamic" ENGINE support too
 */
static int bind_helper(ENGINE *e)
{
#  ifndef OPENSSL_NO_RSA
    const RSA_METHOD *meth1;
#  endif
#  ifndef OPENSSL_NO_DH
    const DH_METHOD *meth2;
#  endif
    if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
        !ENGINE_set_name(e, engine_hwcrhk_name) ||
#  ifndef OPENSSL_NO_RSA
        !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
#  endif
#  ifndef OPENSSL_NO_DH
        !ENGINE_set_DH(e, &hwcrhk_dh) ||
#  endif
        !ENGINE_set_RAND(e, &hwcrhk_rand) ||
        !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
        !ENGINE_set_init_function(e, hwcrhk_init) ||
        !ENGINE_set_finish_function(e, hwcrhk_finish) ||
        !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
        !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
        !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
        !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
        return 0;

#  ifndef OPENSSL_NO_RSA
    /*
     * We know that the "PKCS1_SSLeay()" functions hook properly to the
     * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
     * We don't use ENGINE_openssl() or anything "more generic" because
     * something like the RSAref code may not hook properly, and if you own
     * one of these cards then you have the right to do RSA operations on it
     * anyway!
     */
    meth1 = RSA_PKCS1_SSLeay();
    hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
    hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
    hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
    hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#  endif

#  ifndef OPENSSL_NO_DH
    /* Much the same for Diffie-Hellman */
    meth2 = DH_OpenSSL();
    hwcrhk_dh.generate_key = meth2->generate_key;
    hwcrhk_dh.compute_key = meth2->compute_key;
#  endif

    /* Ensure the hwcrhk error handling is set up */
    ERR_load_HWCRHK_strings();
    return 1;
}
Exemplo n.º 11
0
static int bind_helper(ENGINE *e)
{
    fprintf(stderr, "arrive at bind_helper\n");
	if(!ENGINE_set_id(e, engine_hwdev_id) ||
	   !ENGINE_set_name(e, engine_hwdev_name) ||
	   !ENGINE_set_ECDH(e, &ecdh_meth) ||
	   !ENGINE_set_destroy_function(e, hwdev_destroy) ||
	   !ENGINE_set_init_function(e, hwdev_init) ||
	   !ENGINE_set_finish_function(e, hwdev_finish) ||
	   !ENGINE_set_ctrl_function(e, hwdev_ctrl) ||
	   !ENGINE_set_load_privkey_function(e, hwdev_load_privkey) ||
	   !ENGINE_set_load_pubkey_function(e, hwdev_load_pubkey) ||
	   !ENGINE_set_cmd_defns(e, hwdev_cmd_defns))
		return 0;

	return 1;
}
Exemplo n.º 12
0
static int bind_dasync(ENGINE *e)
{
    /* Ensure the dasync error handling is set up */
    ERR_load_DASYNC_strings();

    if (!ENGINE_set_id(e, engine_dasync_id)
        || !ENGINE_set_name(e, engine_dasync_name)
        || !ENGINE_set_RSA(e, &dasync_rsa_method)
        || !ENGINE_set_digests(e, dasync_digests)
        || !ENGINE_set_destroy_function(e, dasync_destroy)
        || !ENGINE_set_init_function(e, dasync_init)
        || !ENGINE_set_finish_function(e, dasync_finish)) {
        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
        return 0;
    }

    return 1;
}
Exemplo n.º 13
0
static int bind_ossltest(ENGINE *e)
{
    /* Ensure the ossltest error handling is set up */
    ERR_load_OSSLTEST_strings();

    if (!ENGINE_set_id(e, engine_ossltest_id)
        || !ENGINE_set_name(e, engine_ossltest_name)
        || !ENGINE_set_digests(e, ossltest_digests)
        || !ENGINE_set_ciphers(e, ossltest_ciphers)
        || !ENGINE_set_destroy_function(e, ossltest_destroy)
        || !ENGINE_set_init_function(e, ossltest_init)
        || !ENGINE_set_finish_function(e, ossltest_finish)) {
        OSSLTESTerr(OSSLTEST_F_BIND_OSSLTEST, OSSLTEST_R_INIT_FAILED);
        return 0;
    }

    return 1;
}
Exemplo n.º 14
0
static int bind_rsaref(ENGINE *e)
	{
	const RSA_METHOD *meth1;
	if(!ENGINE_set_id(e, engine_rsaref_id)
		|| !ENGINE_set_name(e, engine_rsaref_name)
		|| !ENGINE_set_RSA(e, &rsaref_rsa)
		|| !ENGINE_set_ciphers(e, rsaref_ciphers)
		|| !ENGINE_set_digests(e, rsaref_digests)
		|| !ENGINE_set_destroy_function(e, rsaref_destroy)
		|| !ENGINE_set_init_function(e, rsaref_init)
		|| !ENGINE_set_finish_function(e, rsaref_finish)
		/* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */
		/* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns) */)
		return 0;

	/* Ensure the rsaref error handling is set up */
	ERR_load_RSAREF_strings();
	return 1;
	}
Exemplo n.º 15
0
/*
 * This internal function is used by ENGINE_openssl() and possibly by the
 * "dynamic" ENGINE support too
 */
static int bind_helper(ENGINE *e)
{
    if (!ENGINE_set_id(e, engine_openssl_id)
        || !ENGINE_set_name(e, engine_openssl_name)
        || !ENGINE_set_destroy_function(e, openssl_destroy)
#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
# ifndef OPENSSL_NO_RSA
        || !ENGINE_set_RSA(e, RSA_get_default_method())
# endif
# ifndef OPENSSL_NO_DSA
        || !ENGINE_set_DSA(e, DSA_get_default_method())
# endif
# ifndef OPENSSL_NO_EC
        || !ENGINE_set_EC(e, EC_KEY_OpenSSL())
# endif
# ifndef OPENSSL_NO_DH
        || !ENGINE_set_DH(e, DH_get_default_method())
# endif
        || !ENGINE_set_RAND(e, RAND_OpenSSL())
# ifdef TEST_ENG_OPENSSL_RC4
        || !ENGINE_set_ciphers(e, openssl_ciphers)
# endif
# ifdef TEST_ENG_OPENSSL_SHA
        || !ENGINE_set_digests(e, openssl_digests)
# endif
#endif
#ifdef TEST_ENG_OPENSSL_PKEY
        || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
#endif
#ifdef TEST_ENG_OPENSSL_HMAC
        || !ossl_register_hmac_meth()
        || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
#endif
        )
        return 0;
    /*
     * If we add errors to this ENGINE, ensure the error handling is setup
     * here
     */
    /* openssl_load_error_strings(); */
    return 1;
}
Exemplo n.º 16
0
static int bind_capi(ENGINE *e)
	{
	if (!ENGINE_set_id(e, engine_capi_id)
		|| !ENGINE_set_name(e, engine_capi_name)
		|| !ENGINE_set_init_function(e, capi_init)
		|| !ENGINE_set_finish_function(e, capi_finish)
		|| !ENGINE_set_destroy_function(e, capi_destroy)
		|| !ENGINE_set_RSA(e, &capi_rsa_method)
		|| !ENGINE_set_DSA(e, &capi_dsa_method)
		|| !ENGINE_set_load_privkey_function(e, capi_load_privkey)
		|| !ENGINE_set_load_ssl_client_cert_function(e,
						capi_load_ssl_client_cert)
		|| !ENGINE_set_cmd_defns(e, capi_cmd_defns)
		|| !ENGINE_set_ctrl_function(e, capi_ctrl))
			return 0;
	ERR_load_CAPI_strings();

	return 1;

	}
Exemplo n.º 17
0
/* This internal function is used by ENGINE_tpm() and possibly by the
 * "dynamic" ENGINE support too */
static int bind_helper(ENGINE * e)
{
	if (!ENGINE_set_id(e, engine_tpm_id) ||
	    !ENGINE_set_name(e, engine_tpm_name) ||
#ifndef OPENSSL_NO_RSA
	    !ENGINE_set_RSA(e, &tpm_rsa) ||
#endif
	    !ENGINE_set_RAND(e, &tpm_rand) ||
	    !ENGINE_set_destroy_function(e, tpm_engine_destroy) ||
	    !ENGINE_set_init_function(e, tpm_engine_init) ||
	    !ENGINE_set_finish_function(e, tpm_engine_finish) ||
	    !ENGINE_set_ctrl_function(e, tpm_engine_ctrl) ||
	    !ENGINE_set_load_pubkey_function(e, tpm_engine_load_key) ||
	    !ENGINE_set_load_privkey_function(e, tpm_engine_load_key) ||
	    !ENGINE_set_cmd_defns(e, tpm_cmd_defns))
		return 0;

	/* Ensure the tpm error handling is set up */
	ERR_load_TPM_strings();
	return 1;
}
Exemplo n.º 18
0
/* ---------------------*/
static int bind_helper(ENGINE *e)
{
    if (!ENGINE_set_id(e, engine_4758_cca_id) ||
        !ENGINE_set_name(e, engine_4758_cca_name) ||
#  ifndef OPENSSL_NO_RSA
        !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
#  endif
        !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
        !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
        !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
        !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
        !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
#  ifndef OPENSSL_NO_RSA
        !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
        !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
#  endif
        !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
        return 0;
    /* Ensure the error handling is set up */
    ERR_load_CCA4758_strings();
    return 1;
}
Exemplo n.º 19
0
/*
 * This internal function is used by ENGINE_skf() and possibly by the
 * "dynamic" ENGINE support too
 */
static int bind_helper(ENGINE *e)
{
#  ifndef OPENSSL_NO_RSA
    const RSA_METHOD *meth1;
#  endif
    if (!ENGINE_set_id(e, engine_hwskf_id) ||
        !ENGINE_set_name(e, engine_hwskf_name) ||
        
        !ENGINE_set_destroy_function(e, hwskf_destroy) ||
        !ENGINE_set_init_function(e, hwskf_init) ||
        !ENGINE_set_finish_function(e, hwskf_finish) ||
        !ENGINE_set_ctrl_function(e, hwskf_ctrl) ||
        !ENGINE_set_load_privkey_function(e, hwskf_load_privkey) ||
        !ENGINE_set_load_pubkey_function(e, hwskf_load_pubkey) ||
        !ENGINE_set_cmd_defns(e, hwskf_cmd_defns))
        return 0;

#  ifndef OPENSSL_NO_RSA
    /*
     * We know that the "PKCS1_SSLeay()" functions hook properly to the
     * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
     * We don't use ENGINE_openssl() or anything "more generic" because
     * something like the RSAref code may not hook properly, and if you own
     * one of these cards then you have the right to do RSA operations on it
     * anyway!
     */
     /*
    meth1 = RSA_PKCS1_SSLeay();
    hwskf_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
    hwskf_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
    hwskf_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
    hwskf_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
    */
#  endif

    /* Ensure the hwcrhk error handling is set up */
    //ERR_load_HWSKF_strings();
    return 1;
}
Exemplo n.º 20
0
static int bind_HCSP(ENGINE* e)
{
   if (!ENGINE_set_id(e, engine_HCSP_id)
    || !ENGINE_set_name(e, engine_HCSP_name)
    || !ENGINE_set_RSA(e, &HCSP_rsa)
    || !ENGINE_set_destroy_function(e, HCSP_destroy)
    || !ENGINE_set_init_function(e, HCSP_init)
    || !ENGINE_set_finish_function(e, HCSP_finish)
    || !ENGINE_set_load_pubkey_function(e, HCSP_load_key)
    || !ENGINE_set_load_privkey_function(e, HCSP_load_key)
#ifdef FILE_CONFIG
    || !ENGINE_set_ctrl_function(e, HCSP_ctrl)
    || !ENGINE_set_cmd_defns(e, HCSP_cmd_defns)
#endif
   ) return 0;

   /* Ensure the rsaref error handling is set up */

#ifndef OPENSSL_NO_ERR
   ERR_load_HCSP_strings();
#endif

   return 1;
}
Exemplo n.º 21
0
/* This internal function is used by ENGINE_zencod () and possibly by the
 * "dynamic" ENGINE support too   ;-)
 */
static int bind_helper ( ENGINE *e )
{

#ifndef OPENSSL_NO_RSA
	const RSA_METHOD *meth_rsa ;
#endif
#ifndef OPENSSL_NO_DSA
	const DSA_METHOD *meth_dsa ;
#endif
#ifndef OPENSSL_NO_DH
	const DH_METHOD *meth_dh ;
#endif

	const RAND_METHOD *meth_rand ;


	if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
			!ENGINE_set_name ( e, engine_zencod_name ) ||
#ifndef OPENSSL_NO_RSA
			!ENGINE_set_RSA ( e, &zencod_rsa ) ||
#endif
#ifndef OPENSSL_NO_DSA
			!ENGINE_set_DSA ( e, &zencod_dsa ) ||
#endif
#ifndef OPENSSL_NO_DH
			!ENGINE_set_DH ( e, &zencod_dh ) ||
#endif
			!ENGINE_set_RAND ( e, &zencod_rand ) ||

			!ENGINE_set_destroy_function ( e, zencod_destroy ) ||
			!ENGINE_set_init_function ( e, zencod_init ) ||
			!ENGINE_set_finish_function ( e, zencod_finish ) ||
			!ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
			!ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
			!ENGINE_set_digests ( e, engine_digests ) ||
			!ENGINE_set_ciphers ( e, engine_ciphers ) ) {
		return 0 ;
	}

#ifndef OPENSSL_NO_RSA
	/* We know that the "PKCS1_SSLeay()" functions hook properly
	 * to the Zencod-specific mod_exp and mod_exp_crt so we use
	 * those functions. NB: We don't use ENGINE_openssl() or
	 * anything "more generic" because something like the RSAref
	 * code may not hook properly, and if you own one of these
	 * cards then you have the right to do RSA operations on it
	 * anyway!
	 */
	meth_rsa = RSA_PKCS1_SSLeay () ;

	zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
	zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
	zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
	zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
	/* meth_rsa->rsa_mod_exp */
	/* meth_rsa->bn_mod_exp */
	zencod_rsa.init = meth_rsa->init ;
	zencod_rsa.finish = meth_rsa->finish ;
#endif

#ifndef OPENSSL_NO_DSA
	/* We use OpenSSL meth to supply what we don't provide ;-*)
	 */
	meth_dsa = DSA_OpenSSL () ;

	/* meth_dsa->dsa_do_sign */
	zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
	/* meth_dsa->dsa_do_verify */
	zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
	/* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
	zencod_dsa.init = meth_dsa->init ;
	zencod_dsa.finish = meth_dsa->finish ;
#endif

#ifndef OPENSSL_NO_DH
	/* We use OpenSSL meth to supply what we don't provide ;-*)
	 */
	meth_dh = DH_OpenSSL () ;

	/* zencod_dh.generate_key = meth_dh->generate_key ; */
	/* zencod_dh.compute_key = meth_dh->compute_key ; */
	/* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
	zencod_dh.init = meth_dh->init ;
	zencod_dh.finish = meth_dh->finish ;

#endif

	/* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
	 */
	meth_rand = RAND_SSLeay () ;

	/* meth_rand->seed ; */
	/* zencod_rand.seed = meth_rand->seed ; */
	/* meth_rand->bytes ; */
	/* zencod_rand.bytes = meth_rand->bytes ; */
	zencod_rand.cleanup = meth_rand->cleanup ;
	zencod_rand.add = meth_rand->add ;
	/* meth_rand->pseudorand ; */
	/* zencod_rand.pseudorand = meth_rand->pseudorand ; */
	/* zencod_rand.status = meth_rand->status ; */
	/* meth_rand->status ; */

	/* Ensure the zencod error handling is set up */
	ERR_load_ZENCOD_strings () ;
	return 1 ;
}
Exemplo n.º 22
0
/* As this is only ever called once, there's no need for locking
 * (indeed - the lock will already be held by our caller!!!) */
static int bind_sureware(ENGINE *e)
{
#ifndef OPENSSL_NO_RSA
    const RSA_METHOD *meth1;
#endif
#ifndef OPENSSL_NO_DSA
    const DSA_METHOD *meth2;
#endif
#ifndef OPENSSL_NO_DH
    const DH_METHOD *meth3;
#endif

    if(!ENGINE_set_id(e, engine_sureware_id) ||
            !ENGINE_set_name(e, engine_sureware_name) ||
#ifndef OPENSSL_NO_RSA
            !ENGINE_set_RSA(e, &surewarehk_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
            !ENGINE_set_DSA(e, &surewarehk_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
            !ENGINE_set_DH(e, &surewarehk_dh) ||
#endif
            !ENGINE_set_RAND(e, &surewarehk_rand) ||
            !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
            !ENGINE_set_init_function(e, surewarehk_init) ||
            !ENGINE_set_finish_function(e, surewarehk_finish) ||
            !ENGINE_set_ctrl_function(e, (ENGINE_CTRL_FUNC_PTR)surewarehk_ctrl) ||
            !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
            !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
        return 0;

#ifndef OPENSSL_NO_RSA
    /* We know that the "PKCS1_SSLeay()" functions hook properly
     * to the cswift-specific mod_exp and mod_exp_crt so we use
     * those functions. NB: We don't use ENGINE_openssl() or
     * anything "more generic" because something like the RSAref
     * code may not hook properly, and if you own one of these
     * cards then you have the right to do RSA operations on it
     * anyway! */
    meth1 = RSA_PKCS1_SSLeay();
    if (meth1)
    {
        surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
        surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
    }
#endif

#ifndef OPENSSL_NO_DSA
    /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
     * bits. */
    meth2 = DSA_OpenSSL();
    if (meth2)
    {
        surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
    }
#endif

#ifndef OPENSSL_NO_DH
    /* Much the same for Diffie-Hellman */
    meth3 = DH_OpenSSL();
    if (meth3)
    {
        surewarehk_dh.generate_key = meth3->generate_key;
        surewarehk_dh.compute_key = meth3->compute_key;
    }
#endif

    /* Ensure the sureware error handling is set up */
    ERR_load_SUREWARE_strings();
    return 1;
}
Exemplo n.º 23
0
/* This internal function is used by ENGINE_aep() and possibly by the
 * "dynamic" ENGINE support too */
static int bind_aep(ENGINE *e)
	{
#ifndef OPENSSL_NO_RSA
	const RSA_METHOD  *meth1;
#endif
#ifndef OPENSSL_NO_DSA
	const DSA_METHOD  *meth2;
#endif
#ifndef OPENSSL_NO_DH
	const DH_METHOD	  *meth3;
#endif

	if(!ENGINE_set_id(e, engine_aep_id) ||
		!ENGINE_set_name(e, engine_aep_name) ||
#ifndef OPENSSL_NO_RSA
		!ENGINE_set_RSA(e, &aep_rsa) ||
#endif
#ifndef OPENSSL_NO_DSA
		!ENGINE_set_DSA(e, &aep_dsa) ||
#endif
#ifndef OPENSSL_NO_DH
		!ENGINE_set_DH(e, &aep_dh) ||
#endif
#ifdef AEPRAND
		!ENGINE_set_RAND(e, &aep_random) ||
#endif
		!ENGINE_set_init_function(e, aep_init) ||
		!ENGINE_set_destroy_function(e, aep_destroy) ||
		!ENGINE_set_finish_function(e, aep_finish) ||
		!ENGINE_set_ctrl_function(e, aep_ctrl) ||
		!ENGINE_set_cmd_defns(e, aep_cmd_defns))
		return 0;

#ifndef OPENSSL_NO_RSA
	/* We know that the "PKCS1_SSLeay()" functions hook properly
	 * to the aep-specific mod_exp and mod_exp_crt so we use
	 * those functions. NB: We don't use ENGINE_openssl() or
	 * anything "more generic" because something like the RSAref
	 * code may not hook properly, and if you own one of these
	 * cards then you have the right to do RSA operations on it
	 * anyway! */
	meth1 = RSA_PKCS1_SSLeay();
	aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
	aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
	aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
	aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#endif


#ifndef OPENSSL_NO_DSA
	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
	 * bits. */
	meth2 = DSA_OpenSSL();
	aep_dsa.dsa_do_sign    = meth2->dsa_do_sign;
	aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
	aep_dsa.dsa_do_verify  = meth2->dsa_do_verify;

	aep_dsa = *DSA_get_default_method(); 
	aep_dsa.dsa_mod_exp = aep_dsa_mod_exp; 
	aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
#endif

#ifndef OPENSSL_NO_DH
	/* Much the same for Diffie-Hellman */
	meth3 = DH_OpenSSL();
	aep_dh.generate_key = meth3->generate_key;
	aep_dh.compute_key  = meth3->compute_key;
	aep_dh.bn_mod_exp   = meth3->bn_mod_exp;
#endif

	/* Ensure the aep error handling is set up */
	ERR_load_AEPHK_strings();

	return 1;
}
Exemplo n.º 24
0
/******************************************************************************
* function:
*         bind_qat(ENGINE *e,
*                  const char *id)
*
* @param e  [IN] - OpenSSL engine pointer
* @param id [IN] - engine id
*
* description:
*    Connect Qat engine to OpenSSL engine library
******************************************************************************/
static int bind_qat(ENGINE *e, const char *id)
{
    int ret = 0;

    WARN("QAT Warnings enabled.\n");
    DEBUG("QAT Debug enabled.\n");
    DEBUG("[%s] id=%s\n", __func__, id);

    if (id && (strcmp(id, engine_qat_id) != 0)) {
        WARN("ENGINE_id defined already!\n");
        goto end;
    }

    if (!ENGINE_set_id(e, engine_qat_id)) {
        WARN("ENGINE_set_id failed\n");
        goto end;
    }

    if (!ENGINE_set_name(e, engine_qat_name)) {
        WARN("ENGINE_set_name failed\n");
        goto end;
    }

    /* Ensure the QAT error handling is set up */
    ERR_load_QAT_strings();

    /*
     * Create static structures for ciphers now
     * as this function will be called by a single thread.
     */
    qat_create_ciphers();
#ifndef OPENSSL_ENABLE_QAT_SMALL_PACKET_CIPHER_OFFLOADS
    CRYPTO_THREAD_run_once(&qat_pkt_threshold_table_once,qat_pkt_threshold_table_make_key);
#endif
    DEBUG("%s: About to set mem functions\n", __func__);

    if (!ENGINE_set_RSA(e, qat_get_RSA_methods())) {
        WARN("ENGINE_set_RSA failed\n");
        goto end;
    }

    if (!ENGINE_set_DSA(e, qat_get_DSA_methods())) {
        WARN("ENGINE_set_DSA failed\n");
        goto end;
    }

    if (!ENGINE_set_DH(e, qat_get_DH_methods())) {
        WARN("ENGINE_set_DH failed\n");
        goto end;
    }

    if (!ENGINE_set_EC(e, qat_get_EC_methods())) {
        WARN("ENGINE_set_EC failed\n");
        goto end;
    }

    if (!ENGINE_set_ciphers(e, qat_ciphers)) {
        WARN("ENGINE_set_ciphers failed\n");
        goto end;
    }

    if (!ENGINE_set_pkey_meths(e, qat_PRF_pkey_methods)) {
        WARN("ENGINE_set_pkey_meths failed\n");
        goto end;
    }

    pthread_atfork(engine_fork_handler, NULL, NULL);

    if (!ENGINE_set_destroy_function(e, qat_engine_destroy)
        || !ENGINE_set_init_function(e, qat_engine_init)
        || !ENGINE_set_finish_function(e, qat_engine_finish)
        || !ENGINE_set_ctrl_function(e, qat_engine_ctrl)
        || !ENGINE_set_cmd_defns(e, qat_cmd_defns)) {
        WARN("[%s] failed reg destroy, init or finish\n", __func__);

        goto end;
    }

    ret = 1;

 end:
    return ret;

}
Exemplo n.º 25
0
static int bind_gost (ENGINE * e, const char *id)
{
    int ret = 0;

    if (id && strcmp (id, engine_gost_id))
        return 0;
    if (ameth_GostR3410_94)
    {
        printf ("GOST engine already loaded\n");
        goto end;
    }

    if (!ENGINE_set_id (e, engine_gost_id))
    {
        printf ("ENGINE_set_id failed\n");
        goto end;
    }
    if (!ENGINE_set_name (e, engine_gost_name))
    {
        printf ("ENGINE_set_name failed\n");
        goto end;
    }
    if (!ENGINE_set_digests (e, gost_digests))
    {
        printf ("ENGINE_set_digests failed\n");
        goto end;
    }
    if (!ENGINE_set_ciphers (e, gost_ciphers))
    {
        printf ("ENGINE_set_ciphers failed\n");
        goto end;
    }
    if (!ENGINE_set_pkey_meths (e, gost_pkey_meths))
    {
        printf ("ENGINE_set_pkey_meths failed\n");
        goto end;
    }
    if (!ENGINE_set_pkey_asn1_meths (e, gost_pkey_asn1_meths))
    {
        printf ("ENGINE_set_pkey_asn1_meths failed\n");
        goto end;
    }
    /* Control function and commands */
    if (!ENGINE_set_cmd_defns (e, gost_cmds))
    {
        fprintf (stderr, "ENGINE_set_cmd_defns failed\n");
        goto end;
    }
    if (!ENGINE_set_ctrl_function (e, gost_control_func))
    {
        fprintf (stderr, "ENGINE_set_ctrl_func failed\n");
        goto end;
    }
    if (!ENGINE_set_destroy_function (e, gost_engine_destroy)
            || !ENGINE_set_init_function (e, gost_engine_init) || !ENGINE_set_finish_function (e, gost_engine_finish))
    {
        goto end;
    }

    if (!register_ameth_gost (NID_id_GostR3410_94, &ameth_GostR3410_94, "GOST94", "GOST R 34.10-94"))
        goto end;
    if (!register_ameth_gost (NID_id_GostR3410_2001, &ameth_GostR3410_2001, "GOST2001", "GOST R 34.10-2001"))
        goto end;
    if (!register_ameth_gost (NID_id_Gost28147_89_MAC, &ameth_Gost28147_MAC, "GOST-MAC", "GOST 28147-89 MAC"))
        goto end;

    if (!register_pmeth_gost (NID_id_GostR3410_94, &pmeth_GostR3410_94, 0))
        goto end;
    if (!register_pmeth_gost (NID_id_GostR3410_2001, &pmeth_GostR3410_2001, 0))
        goto end;
    if (!register_pmeth_gost (NID_id_Gost28147_89_MAC, &pmeth_Gost28147_MAC, 0))
        goto end;
    if (!ENGINE_register_ciphers (e) || !ENGINE_register_digests (e) || !ENGINE_register_pkey_meths (e)
            /* These two actually should go in LIST_ADD command */
            || !EVP_add_cipher (&cipher_gost)
            || !EVP_add_cipher (&cipher_gost_cpacnt) || !EVP_add_digest (&digest_gost) || !EVP_add_digest (&imit_gost_cpa))
    {
        goto end;
    }

    ERR_load_GOST_strings ();
    ret = 1;
end:
    return ret;
}
Exemplo n.º 26
0
/*
 * This engine is always built into libcrypto, so it doesn't offer any
 * ability to be dynamically loadable.
 */
void engine_load_devcrypto_int()
{
    ENGINE *e = NULL;

    if (access("/dev/crypto", R_OK | W_OK) < 0) {
        fprintf(stderr,
                "/dev/crypto not present, not enabling devcrypto engine\n");
        return;
    }

    prepare_cipher_methods();
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
    prepare_digest_methods();
#endif

    if ((e = ENGINE_new()) == NULL)
        return;

    if (!ENGINE_set_id(e, "devcrypto")
        || !ENGINE_set_name(e, "/dev/crypto engine")
        || !ENGINE_set_destroy_function(e, devcrypto_unload)

/*
 * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD
 * implementations, it seems to only exist in FreeBSD, and regarding the
 * parameters in its crypt_kop, the manual crypto(4) has this to say:
 *
 *    The semantics of these arguments are currently undocumented.
 *
 * Reading through the FreeBSD source code doesn't give much more than
 * their CRK_MOD_EXP implementation for ubsec.
 *
 * It doesn't look much better with cryptodev-linux.  They have the crypt_kop
 * structure as well as the command (CRK_*) in cryptodev.h, but no support
 * seems to be implemented at all for the moment.
 *
 * At the time of writing, it seems impossible to write proper support for
 * FreeBSD's asym features without some very deep knowledge and access to
 * specific kernel modules.
 *
 * /Richard Levitte, 2017-05-11
 */
#if 0
# ifndef OPENSSL_NO_RSA
        || !ENGINE_set_RSA(e, devcrypto_rsa)
# endif
# ifndef OPENSSL_NO_DSA
        || !ENGINE_set_DSA(e, devcrypto_dsa)
# endif
# ifndef OPENSSL_NO_DH
        || !ENGINE_set_DH(e, devcrypto_dh)
# endif
# ifndef OPENSSL_NO_EC
        || !ENGINE_set_EC(e, devcrypto_ec)
# endif
#endif
        || !ENGINE_set_ciphers(e, devcrypto_ciphers)
#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
        || !ENGINE_set_digests(e, devcrypto_digests)
#endif
        ) {
        ENGINE_free(e);
        return;
    }

    ENGINE_add(e);
    ENGINE_free(e);          /* Loose our local reference */
    ERR_clear_error();
}
Exemplo n.º 27
0
/*
 * This internal function is used by ENGINE_nuron() and possibly by the
 * "dynamic" ENGINE support too
 */
static int bind_helper(ENGINE *e)
{
#  ifndef OPENSSL_NO_RSA
    const RSA_METHOD *meth1;
#  endif
#  ifndef OPENSSL_NO_DSA
    const DSA_METHOD *meth2;
#  endif
#  ifndef OPENSSL_NO_DH
    const DH_METHOD *meth3;
#  endif
    if (!ENGINE_set_id(e, engine_nuron_id) ||
        !ENGINE_set_name(e, engine_nuron_name) ||
#  ifndef OPENSSL_NO_RSA
        !ENGINE_set_RSA(e, &nuron_rsa) ||
#  endif
#  ifndef OPENSSL_NO_DSA
        !ENGINE_set_DSA(e, &nuron_dsa) ||
#  endif
#  ifndef OPENSSL_NO_DH
        !ENGINE_set_DH(e, &nuron_dh) ||
#  endif
        !ENGINE_set_destroy_function(e, nuron_destroy) ||
        !ENGINE_set_init_function(e, nuron_init) ||
        !ENGINE_set_finish_function(e, nuron_finish) ||
        !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
        !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
        return 0;

#  ifndef OPENSSL_NO_RSA
    /*
     * We know that the "PKCS1_SSLeay()" functions hook properly to the
     * nuron-specific mod_exp and mod_exp_crt so we use those functions. NB:
     * We don't use ENGINE_openssl() or anything "more generic" because
     * something like the RSAref code may not hook properly, and if you own
     * one of these cards then you have the right to do RSA operations on it
     * anyway!
     */
    meth1 = RSA_PKCS1_SSLeay();
    nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
    nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
    nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
    nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
#  endif

#  ifndef OPENSSL_NO_DSA
    /*
     * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
     */
    meth2 = DSA_OpenSSL();
    nuron_dsa.dsa_do_sign = meth2->dsa_do_sign;
    nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
    nuron_dsa.dsa_do_verify = meth2->dsa_do_verify;
#  endif

#  ifndef OPENSSL_NO_DH
    /* Much the same for Diffie-Hellman */
    meth3 = DH_OpenSSL();
    nuron_dh.generate_key = meth3->generate_key;
    nuron_dh.compute_key = meth3->compute_key;
#  endif

    /* Ensure the nuron error handling is set up */
    ERR_load_NURON_strings();
    return 1;
}
Exemplo n.º 28
0
static int bind_dasync(ENGINE *e)
{
    /* Setup RSA_METHOD */
    if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL
        || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
        || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
        || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
        || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0
        || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
        || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
        || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
        || RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) {
        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
        return 0;
    }

    /* Ensure the dasync error handling is set up */
    ERR_load_DASYNC_strings();

    if (!ENGINE_set_id(e, engine_dasync_id)
        || !ENGINE_set_name(e, engine_dasync_name)
        || !ENGINE_set_RSA(e, dasync_rsa_method)
        || !ENGINE_set_digests(e, dasync_digests)
        || !ENGINE_set_ciphers(e, dasync_ciphers)
        || !ENGINE_set_destroy_function(e, dasync_destroy)
        || !ENGINE_set_init_function(e, dasync_init)
        || !ENGINE_set_finish_function(e, dasync_finish)) {
        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
        return 0;
    }

    /*
     * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests
     * supplied by this engine
     */
    _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);
    if (_hidden_sha1_md == NULL
        || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)
        || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)
        || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,
                                         sizeof(EVP_MD *) + sizeof(SHA_CTX))
        || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)
        || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)
        || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)
        || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {
        EVP_MD_meth_free(_hidden_sha1_md);
        _hidden_sha1_md = NULL;
    }

    _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,
                                              16 /* block size */,
                                              16 /* key len */);
    if (_hidden_aes_128_cbc == NULL
            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)
            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,
                                          EVP_CIPH_FLAG_DEFAULT_ASN1
                                          | EVP_CIPH_CBC_MODE
                                          | EVP_CIPH_FLAG_PIPELINE)
            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,
                                         dasync_aes128_init_key)
            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
                                              dasync_aes128_cbc_cipher)
            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,
                                            dasync_aes128_cbc_cleanup)
            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,
                                         dasync_aes128_cbc_ctrl)
            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
                                sizeof(struct dasync_pipeline_ctx))) {
        EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
        _hidden_aes_128_cbc = NULL;
    }

    _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(
                                                NID_aes_128_cbc_hmac_sha1,
                                                16 /* block size */,
                                                16 /* key len */);
    if (_hidden_aes_128_cbc_hmac_sha1 == NULL
            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)
            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,
                                            EVP_CIPH_CBC_MODE
                                          | EVP_CIPH_FLAG_DEFAULT_ASN1
                                          | EVP_CIPH_FLAG_AEAD_CIPHER
                                          | EVP_CIPH_FLAG_PIPELINE)
            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,
                                         dasync_aes128_cbc_hmac_sha1_init_key)
            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,
                                            dasync_aes128_cbc_hmac_sha1_cipher)
            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,
                                            dasync_aes128_cbc_hmac_sha1_cleanup)
            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,
                                         dasync_aes128_cbc_hmac_sha1_ctrl)
            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,
                                sizeof(struct dasync_pipeline_ctx))) {
        EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);
        _hidden_aes_128_cbc_hmac_sha1 = NULL;
    }

    return 1;
}
Exemplo n.º 29
0
/******************************************************************************
* function:
*         bind_qat(ENGINE *e,
*                  const char *id)
*
* @param e  [IN] - OpenSSL engine pointer
* @param id [IN] - engine id
*
* description:
*    Connect Qat engine to OpenSSL engine library
******************************************************************************/
static int bind_qat(ENGINE *e, const char *id)
{
    int ret = 0;
#ifndef OPENSSL_ENABLE_QAT_UPSTREAM_DRIVER
    int upstream_flags = 0;
    unsigned int devmasks[] = { 0, 0, 0, 0, 0 };
#endif

    QAT_DEBUG_LOG_INIT();

    WARN("QAT Warnings enabled.\n");
    DEBUG("QAT Debug enabled.\n");
    DEBUG("id=%s\n", id);

    if (access(QAT_DEV, F_OK) != 0) {
        WARN("Qat memory driver not present\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_MEM_DRV_NOT_PRESENT);
        goto end;
    }

#ifndef OPENSSL_ENABLE_QAT_UPSTREAM_DRIVER
    if (!getDevices(devmasks, &upstream_flags)) {
        WARN("Qat device not present\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_QAT_DEV_NOT_PRESENT);
        goto end;
    }
#endif

    if (id && (strcmp(id, engine_qat_id) != 0)) {
        WARN("ENGINE_id defined already!\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_ID_ALREADY_DEFINED);
        goto end;
    }

    if (!ENGINE_set_id(e, engine_qat_id)) {
        WARN("ENGINE_set_id failed\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_ID_FAILURE);
        goto end;
    }

    if (!ENGINE_set_name(e, engine_qat_name)) {
        WARN("ENGINE_set_name failed\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_NAME_FAILURE);
        goto end;
    }

    /* Ensure the QAT error handling is set up */
    ERR_load_QAT_strings();

    /*
     * Create static structures for ciphers now
     * as this function will be called by a single thread.
     */
    qat_create_ciphers();

    if (!ENGINE_set_RSA(e, qat_get_RSA_methods())) {
        WARN("ENGINE_set_RSA failed\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_RSA_FAILURE);
        goto end;
    }

    if (!ENGINE_set_DSA(e, qat_get_DSA_methods())) {
        WARN("ENGINE_set_DSA failed\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_DSA_FAILURE);
        goto end;
    }

    if (!ENGINE_set_DH(e, qat_get_DH_methods())) {
        WARN("ENGINE_set_DH failed\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_DH_FAILURE);
        goto end;
    }

    if (!ENGINE_set_EC(e, qat_get_EC_methods())) {
        WARN("ENGINE_set_EC failed\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_EC_FAILURE);
        goto end;
    }

    if (!ENGINE_set_ciphers(e, qat_ciphers)) {
        WARN("ENGINE_set_ciphers failed\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_CIPHER_FAILURE);
        goto end;
    }

    if (!ENGINE_set_pkey_meths(e, qat_PRF_pkey_methods)) {
        WARN("ENGINE_set_pkey_meths failed\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_SET_PKEY_FAILURE);
        goto end;
    }

    pthread_atfork(engine_finish_before_fork_handler, NULL,
                   engine_init_child_at_fork_handler);

    ret = 1;
    ret &= ENGINE_set_destroy_function(e, qat_engine_destroy);
    ret &= ENGINE_set_init_function(e, qat_engine_init);
    ret &= ENGINE_set_finish_function(e, qat_engine_finish);
    ret &= ENGINE_set_ctrl_function(e, qat_engine_ctrl);
    ret &= ENGINE_set_cmd_defns(e, qat_cmd_defns);
    if (ret == 0) {
        WARN("Engine failed to register init, finish or destroy functions\n");
        QATerr(QAT_F_BIND_QAT, QAT_R_ENGINE_REGISTER_FUNC_FAILURE);
    }

 end:
    return ret;

}
Exemplo n.º 30
0
/* ARGSUSED */
static int
t4_bind(ENGINE *e)
{
	_Bool aes_engage, digest_engage, des_engage, montmul_engage;

	t4_instructions_present(&aes_engage, &des_engage, &digest_engage,
	    &montmul_engage);
#ifdef	DEBUG_T4
	(void) fprintf(stderr,
	    "t4_bind: engage aes=%d, des=%d, digest=%d\n",
	    aes_engage, des_engage, digest_engage);
#endif
#ifndef	OPENSSL_NO_DES
	if (!des_engage) { /* Remove DES ciphers from list */
		t4_cipher_count -= t4_des_cipher_count;
	}
#endif

#ifndef	SOLARIS_NO_AES_CTR
	/*
	 * We must do this before we start working with slots since we need all
	 * NIDs there.
	 */
	if (aes_engage) {
		if (t4_add_aes_ctr_NIDs() == 0) {
			T4_FREE_AES_CTR_NIDS;
			return (0);
		}
	}
#endif	/* !SOLARIS_NO_AES_CTR */

#ifdef	DEBUG_T4
	(void) fprintf(stderr, "t4_cipher_count = %d; t4_cipher_nids[] =\n",
	    t4_cipher_count);
	for (int i = 0; i < t4_cipher_count; ++i) {
		(void) fprintf(stderr, " %d", t4_cipher_nids[i]);
	}
	(void) fprintf(stderr, "\n");
#endif	/* DEBUG_T4 */

	/* Register T4 engine ID, name, and functions */
	if (!ENGINE_set_id(e, ENGINE_T4_ID) ||
	    !ENGINE_set_name(e,
	    aes_engage ? ENGINE_T4_NAME: ENGINE_NO_T4_NAME) ||
	    !ENGINE_set_init_function(e, t4_init) ||
	    (aes_engage && !ENGINE_set_ciphers(e, t4_get_all_ciphers)) ||
	    (digest_engage && !ENGINE_set_digests(e, t4_get_all_digests)) ||
#ifndef OPENSSL_NO_RSA
	    (montmul_engage && !ENGINE_set_RSA(e, t4_RSA())) ||
#endif	/* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DH
	    (montmul_engage && !ENGINE_set_DH(e, t4_DH())) ||
#endif	/* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_DSA
	    (montmul_engage && !ENGINE_set_DSA(e, t4_DSA())) ||
#endif	/* OPENSSL_NO_DSA */
	    !ENGINE_set_destroy_function(e, t4_destroy)) {
		T4_FREE_AES_CTR_NIDS;
		return (0);
	}

	return (1);
}