void
openssl_print_errors()
{
ERR_load_ERR_strings();
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
}
void ERR_load_strings(int lib, ERR_STRING_DATA *str)
{
if (error_hash == NULL)
{
CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
error_hash=lh_new(err_hash,err_cmp);
if (error_hash == NULL)
{
CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
return;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
ERR_load_ERR_strings();
}
CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
while (str->error)
{
str->error|=ERR_PACK(lib,0,0);
lh_insert(error_hash,str);
str++;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
}
void ERR_load_crypto_strings(void)
{
#ifndef OPENSSL_NO_ERR
ERR_load_ERR_strings(); /* include error strings for SYSerr */
ERR_load_BN_strings();
# ifndef OPENSSL_NO_RSA
ERR_load_RSA_strings();
# endif
# ifndef OPENSSL_NO_DH
ERR_load_DH_strings();
# endif
ERR_load_EVP_strings();
ERR_load_BUF_strings();
ERR_load_OBJ_strings();
ERR_load_PEM_strings();
# ifndef OPENSSL_NO_DSA
ERR_load_DSA_strings();
# endif
ERR_load_X509_strings();
ERR_load_ASN1_strings();
ERR_load_CONF_strings();
ERR_load_CRYPTO_strings();
# ifndef OPENSSL_NO_COMP
ERR_load_COMP_strings();
# endif
# ifndef OPENSSL_NO_EC
ERR_load_EC_strings();
# endif
# ifndef OPENSSL_NO_ECDSA
ERR_load_ECDSA_strings();
# endif
# ifndef OPENSSL_NO_ECDH
ERR_load_ECDH_strings();
# endif
/* skip ERR_load_SSL_strings() because it is not in this library */
ERR_load_BIO_strings();
ERR_load_PKCS7_strings();
ERR_load_X509V3_strings();
ERR_load_PKCS12_strings();
ERR_load_RAND_strings();
ERR_load_DSO_strings();
// ERR_load_TS_strings();
# ifndef OPENSSL_NO_ENGINE
ERR_load_ENGINE_strings();
# endif
ERR_load_OCSP_strings();
ERR_load_UI_strings();
# ifdef OPENSSL_FIPS
ERR_load_FIPS_strings();
# endif
/*
# ifndef OPENSSL_NO_CMS
ERR_load_CMS_strings();
# endif
*/
# ifndef OPENSSL_NO_JPAKE
ERR_load_JPAKE_strings();
# endif
#endif
}
int ERR_load_strings(int lib, ERR_STRING_DATA *str)
{
if (ERR_load_ERR_strings() == 0)
return 0;
err_load_strings(lib, str);
return 1;
}
int ERR_load_strings_const(const ERR_STRING_DATA *str)
{
if (ERR_load_ERR_strings() == 0)
return 0;
err_load_strings(str);
return 1;
}
void err_load_crypto_strings_intern(void)
{
#ifdef OPENSSL_FIPS
FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
#endif
#ifndef OPENSSL_NO_ERR
ERR_load_ERR_strings(); /* include error strings for SYSerr */
ERR_load_BN_strings();
# ifndef OPENSSL_NO_RSA
ERR_load_RSA_strings();
# endif
# ifndef OPENSSL_NO_DH
ERR_load_DH_strings();
# endif
ERR_load_EVP_strings();
ERR_load_BUF_strings();
ERR_load_OBJ_strings();
ERR_load_PEM_strings();
# ifndef OPENSSL_NO_DSA
ERR_load_DSA_strings();
# endif
ERR_load_X509_strings();
ERR_load_ASN1_strings();
ERR_load_CONF_strings();
ERR_load_CRYPTO_strings();
# ifndef OPENSSL_NO_COMP
ERR_load_COMP_strings();
# endif
# ifndef OPENSSL_NO_EC
ERR_load_EC_strings();
# endif
/* skip ERR_load_SSL_strings() because it is not in this library */
ERR_load_BIO_strings();
ERR_load_PKCS7_strings();
ERR_load_X509V3_strings();
ERR_load_PKCS12_strings();
ERR_load_RAND_strings();
ERR_load_DSO_strings();
# ifndef OPENSSL_NO_TS
ERR_load_TS_strings();
# endif
# ifndef OPENSSL_NO_ENGINE
ERR_load_ENGINE_strings();
# endif
ERR_load_OCSP_strings();
ERR_load_UI_strings();
# ifdef OPENSSL_FIPS
ERR_load_FIPS_strings();
# endif
# ifndef OPENSSL_NO_CMS
ERR_load_CMS_strings();
# endif
# ifndef OPENSSL_NO_CT
ERR_load_CT_strings();
# endif
ERR_load_ASYNC_strings();
#endif
ERR_load_KDF_strings();
}
void ERR_load_crypto_strings(void)
{
static int done=0;
if (done) return;
done=1;
#ifndef OPENSSL_NO_ERR
ERR_load_ERR_strings(); /* include error strings for SYSerr */
ERR_load_BN_strings();
#ifndef OPENSSL_NO_RSA
ERR_load_RSA_strings();
#endif
#ifndef OPENSSL_NO_DH
ERR_load_DH_strings();
#endif
ERR_load_EVP_strings();
ERR_load_BUF_strings();
ERR_load_OBJ_strings();
ERR_load_PEM_strings();
#ifndef OPENSSL_NO_DSA
ERR_load_DSA_strings();
#endif
ERR_load_X509_strings();
ERR_load_ASN1_strings();
ERR_load_CONF_strings();
ERR_load_CRYPTO_strings();
#ifndef OPENSSL_NO_EC
ERR_load_EC_strings();
#endif
#ifndef OPENSSL_NO_ECDSA
ERR_load_ECDSA_strings();
#endif
#ifndef OPENSSL_NO_ECDH
ERR_load_ECDH_strings();
#endif
/* skip ERR_load_SSL_strings() because it is not in this library */
ERR_load_BIO_strings();
ERR_load_PKCS7_strings();
ERR_load_X509V3_strings();
ERR_load_PKCS12_strings();
ERR_load_RAND_strings();
ERR_load_DSO_strings();
#ifndef OPENSSL_NO_ENGINE
ERR_load_ENGINE_strings();
#endif
ERR_load_OCSP_strings();
ERR_load_UI_strings();
#endif
}
//--------------------------------------------------
// initializes DigiDoc library
//--------------------------------------------------
EXP_OPTION void initDigiDocLib()
{
memset(g_szGUIVersion, 0, sizeof(g_szGUIVersion));
#if defined(__FreeBSD__) || defined(__APPLE__)
struct tm local_tm;
time_t t;
time(&t);
ddocLocalTime(&t, &local_tm, 1); // Extract timezone info from struct tm
_timezone = - local_tm.tm_gmtoff;
_daylight = local_tm.tm_isdst;
#endif
//ddocDebug(1, "initDigiDocLib", "init openssl & digidoc lib");
ERR_load_ERR_strings();
ERR_load_crypto_strings();
ERR_clear_error();
OpenSSL_add_all_algorithms();
#ifdef WIN32
InitializeCriticalSection(&cs_ddocErrors);
InitializeCriticalSection(&cs_ddocLocaltime);
#endif
}
UtlBoolean OsEncryption::openSslError(void)
{
#if defined(OSENCRYPTION)
unsigned long err = ERR_get_error();
if (err != 0)
{
ERR_load_crypto_strings();
ERR_load_ERR_strings();
char errbuff[256];
errbuff[0] = 0;
ERR_error_string_n(err, errbuff, sizeof(errbuff));
osPrintf("OpenSLL ERROR:\n\tlib:%s\n\tfunction:%s\n\treason:%s\n",
ERR_lib_error_string(err),
ERR_func_error_string(err),
ERR_reason_error_string(err));
ERR_free_strings();
return TRUE;
}
#endif
return FALSE;
}
init_minionlib(void)
{
PyObject *m, *d;
m = Py_InitModule("_minionlib", _mixcryptlib_functions);
d = PyModule_GetDict(m);
SSL_library_init();
SSL_load_error_strings();
/* crypt */
ERR_load_ERR_strings();
ERR_load_RSA_strings();
OpenSSL_add_all_algorithms();
if (exc(d, &mm_CryptoError, "mixminion._minionlib.CryptoError",
"CryptoError", mm_CryptoError__doc__))
return;
if (exc(d, &mm_TLSError, "mixminion._minionlib.TLSError",
"TLSError", mm_TLSError__doc__))
return;
if (exc(d, &mm_TLSWantRead, "mixminion._minionlib.TLSWantRead",
"TLSWantRead", mm_TLSWantRead__doc__))
return;
if (exc(d, &mm_TLSWantWrite, "mixminion._minionlib.TLSWantWrite",
"TLSWantWrite", mm_TLSWantWrite__doc__))
return;
if (exc(d, &mm_TLSClosed, "mixminion._minionlib.TLSClosed",
"TLSClosed", mm_TLSClosed__doc__))
return;
if (exc(d, &mm_FECError, "mixminion._minionlib.FECError",
"FECError", mm_FECError__doc__))
return;
/* We set ob_type here so that Cygwin and Win32 are happy. */
mm_RSA_Type.ob_type = mm_TLSContext_Type.ob_type =
mm_TLSSock_Type.ob_type = mm_FEC_Type.ob_type = &PyType_Type;
Py_INCREF(&mm_RSA_Type);
if (PyDict_SetItemString(d, "RSA", (PyObject*)&mm_RSA_Type) < 0)
return;
Py_INCREF(&mm_TLSContext_Type);
if (PyDict_SetItemString(d, "TLSContext",
(PyObject*)&mm_TLSContext_Type) < 0)
return;
Py_INCREF(&mm_TLSSock_Type);
if (PyDict_SetItemString(d, "TLSSock",
(PyObject*)&mm_TLSSock_Type) < 0)
return;
Py_INCREF(&mm_FEC_Type);
if (PyDict_SetItemString(d, "FEC",
(PyObject*)&mm_FEC_Type) < 0)
return;
/* For some reason, Python's socket module doesn't export
* IPTOS_*. IPTOS_THROUGHPUT should always be "0x08" on any
* sane sockets implementation, but life is always more complicated
* than that.
*/
#ifdef IPTOS_THROUGHPUT
if (PyDict_SetItemString(d, "IPTOS_THROUGHPUT",
PyInt_FromLong(IPTOS_THROUGHPUT)))
return;
#endif
if (PyDict_SetItemString(d, "POLL_IS_EMULATED",
PyInt_FromLong(POLL_IS_EMULATED)))
return;
}
LUALIB_API int luaopen_openssl(lua_State*L)
{
//CRYPTO_thread_setup();
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
SSL_library_init();
ERR_load_ERR_strings();
ERR_load_EVP_strings();
ERR_load_crypto_strings();
ENGINE_load_dynamic();
ENGINE_load_openssl();
#ifdef LOAD_ENGINE_CUSTOM
LOAD_ENGINE_CUSTOM();
#endif
#ifdef OPENSSL_SYS_WINDOWS
RAND_screen();
#endif
lua_newtable(L);
luaL_setfuncs(L, eay_functions, 0);
openssl_register_lhash(L);
openssl_register_engine(L);
luaopen_bio(L);
lua_setfield(L, -2, "bio");
luaopen_asn1(L);
lua_setfield(L, -2, "asn1");
luaopen_digest(L);
lua_setfield(L, -2, "digest");
luaopen_cipher(L);
lua_setfield(L, -2, "cipher");
luaopen_hmac(L);
lua_setfield(L, -2, "hmac");
luaopen_pkey(L);
lua_setfield(L, -2, "pkey");
#ifdef EVP_PKEY_EC
luaopen_ec(L);
lua_setfield(L, -2, "ec");
#endif
luaopen_x509(L);
lua_setfield(L, -2, "x509");
luaopen_pkcs7(L);
lua_setfield(L, -2, "pkcs7");
luaopen_pkcs12(L);
lua_setfield(L, -2, "pkcs12");
luaopen_ocsp(L);
lua_setfield(L, -2, "ocsp");
#ifdef OPENSSL_HAVE_TS
/* timestamp handling */
luaopen_ts(L);
lua_setfield(L, -2, "ts");
#endif
luaopen_cms(L);
lua_setfield(L, -2, "cms");
luaopen_ssl(L);
lua_setfield(L, -2, "ssl");
/* third part */
luaopen_bn(L);
lua_setfield(L, -2, "bn");
luaopen_rsa(L);
luaopen_dsa(L);
luaopen_dh(L);
#ifdef ENABLE_OPENSSL_GLOBAL
lua_pushvalue(L, -1);
lua_setglobal(L, "openssl");
#endif
return 1;
}
int err_load_crypto_strings_int(void)
{
if (
#ifndef OPENSSL_NO_ERR
ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */
ERR_load_BN_strings() == 0 ||
# ifndef OPENSSL_NO_RSA
ERR_load_RSA_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_DH
ERR_load_DH_strings() == 0 ||
# endif
ERR_load_EVP_strings() == 0 ||
ERR_load_BUF_strings() == 0 ||
ERR_load_OBJ_strings() == 0 ||
ERR_load_PEM_strings() == 0 ||
# ifndef OPENSSL_NO_DSA
ERR_load_DSA_strings() == 0 ||
# endif
ERR_load_X509_strings() == 0 ||
ERR_load_ASN1_strings() == 0 ||
ERR_load_CONF_strings() == 0 ||
ERR_load_CRYPTO_strings() == 0 ||
# ifndef OPENSSL_NO_COMP
ERR_load_COMP_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_EC
ERR_load_EC_strings() == 0 ||
# endif
/* skip ERR_load_SSL_strings() because it is not in this library */
ERR_load_BIO_strings() == 0 ||
ERR_load_PKCS7_strings() == 0 ||
ERR_load_X509V3_strings() == 0 ||
ERR_load_PKCS12_strings() == 0 ||
ERR_load_RAND_strings() == 0 ||
ERR_load_DSO_strings() == 0 ||
# ifndef OPENSSL_NO_TS
ERR_load_TS_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_ENGINE
ERR_load_ENGINE_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_OCSP
ERR_load_OCSP_strings() == 0 ||
# endif
#ifndef OPENSSL_NO_UI
ERR_load_UI_strings() == 0 ||
#endif
# ifndef OPENSSL_NO_CMS
ERR_load_CMS_strings() == 0 ||
# endif
# ifndef OPENSSL_NO_CT
ERR_load_CT_strings() == 0 ||
# endif
ERR_load_ASYNC_strings() == 0 ||
#endif
ERR_load_KDF_strings() == 0 ||
ERR_load_OSSL_STORE_strings() == 0)
return 0;
return 1;
}
LUALIB_API int luaopen_openssl(lua_State*L)
{
if (atomic_fetch_add(&init, 1) == 0)
{
#if defined(OPENSSL_THREADS)
CRYPTO_thread_setup();
#endif
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
SSL_library_init();
ERR_load_ERR_strings();
ERR_load_EVP_strings();
ERR_load_crypto_strings();
ERR_load_SSL_strings();
ENGINE_load_dynamic();
ENGINE_load_openssl();
#ifdef LOAD_ENGINE_CUSTOM
LOAD_ENGINE_CUSTOM
#endif
#ifdef OPENSSL_SYS_WINDOWS
#if OPENSSL_VERSION_NUMBER < 0x10100000L
RAND_screen();
#endif
#endif
}
lua_newtable(L);
lua_newtable(L);
lua_pushcfunction(L, luaclose_openssl);
lua_setfield(L, -2, "__gc");
lua_setmetatable(L, -2);
luaL_setfuncs(L, eay_functions, 0);
openssl_register_lhash(L);
openssl_register_engine(L);
luaopen_bio(L);
lua_setfield(L, -2, "bio");
luaopen_asn1(L);
lua_setfield(L, -2, "asn1");
luaopen_digest(L);
lua_setfield(L, -2, "digest");
luaopen_cipher(L);
lua_setfield(L, -2, "cipher");
luaopen_hmac(L);
lua_setfield(L, -2, "hmac");
luaopen_pkey(L);
lua_setfield(L, -2, "pkey");
#ifdef EVP_PKEY_EC
luaopen_ec(L);
lua_setfield(L, -2, "ec");
#endif
luaopen_x509(L);
lua_setfield(L, -2, "x509");
luaopen_pkcs7(L);
lua_setfield(L, -2, "pkcs7");
luaopen_pkcs12(L);
lua_setfield(L, -2, "pkcs12");
luaopen_ocsp(L);
lua_setfield(L, -2, "ocsp");
#ifdef OPENSSL_HAVE_TS
/* timestamp handling */
luaopen_ts(L);
lua_setfield(L, -2, "ts");
#endif
luaopen_cms(L);
lua_setfield(L, -2, "cms");
luaopen_ssl(L);
lua_setfield(L, -2, "ssl");
/* third part */
luaopen_bn(L);
lua_setfield(L, -2, "bn");
luaopen_rsa(L);
lua_setfield(L, -2, "rsa");
luaopen_dsa(L);
lua_setfield(L, -2, "dsa");
luaopen_dh(L);
lua_setfield(L, -2, "dh");
#ifndef OPENSSL_NO_SRP
luaopen_srp(L);
lua_setfield(L, -2, "srp");
#endif
#ifdef ENABLE_OPENSSL_GLOBAL
lua_pushvalue(L, -1);
lua_setglobal(L, "openssl");
#endif
return 1;
}
void ERR_load_strings(int lib, ERR_STRING_DATA *str)
{
ERR_load_ERR_strings();
err_load_strings(lib, str);
}
LUA_API int luaopen_openssl(lua_State*L)
{
char * config_filename;
#ifdef ENABLE_CRYPTO_THREAD
CRYPTO_thread_setup();
CRYPTO_lock(CRYPTO_LOCK,CRYPTO_LOCK_ERR,__FILE__,__LINE__);
#endif
if(g_init==0)
{
g_init = 1;
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
SSL_library_init();
ERR_load_ERR_strings();
ERR_load_crypto_strings();
ERR_load_EVP_strings();
ERR_load_SSL_strings();
ENGINE_load_dynamic();
ENGINE_load_openssl();
}
#ifdef ENABLE_CRYPTO_THREAD
CRYPTO_lock(CRYPTO_UNLOCK,CRYPTO_LOCK_ERR,__FILE__,__LINE__);
#endif
/* Determine default SSL configuration file */
config_filename = getenv("OPENSSL_CONF");
if (config_filename == NULL) {
config_filename = getenv("SSLEAY_CONF");
}
/* default to 'openssl.cnf' if no environment variable is set */
if (config_filename == NULL) {
snprintf(default_ssl_conf_filename, sizeof(default_ssl_conf_filename), "%s/%s",
X509_get_default_cert_area(),
"openssl.cnf");
} else {
strncpy(default_ssl_conf_filename, config_filename, sizeof(default_ssl_conf_filename));
}
openssl_register_pkey(L);
openssl_register_x509(L);
openssl_register_csr(L);
openssl_register_digest(L);
openssl_register_cipher(L);
openssl_register_sk_x509(L);
openssl_register_bio(L);
openssl_register_crl(L);
#ifdef OPENSSL_HAVE_TS
openssl_register_ts(L);
#endif
openssl_register_conf(L);
openssl_register_pkcs7(L);
openssl_register_misc(L);
openssl_register_engine(L);
openssl_register_ssl(L);
openssl_register_ocsp(L);
#if LUA_VERSION_NUM==501
luaL_register(L,"openssl",eay_functions);
#elif LUA_VERSION_NUM==502
lua_newtable(L);
luaL_setfuncs(L, eay_functions, 0);
#endif
setNamedIntegers(L, consts);
/* third part */
luaopen_bn(L);
lua_setfield(L, -2, "bn");
return 1;
}
int
sc_pkcs15_prkey_attrs_from_cert(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *cert_object,
struct sc_pkcs15_object **out_key_object)
{
struct sc_context *ctx = p15card->card->ctx;
#ifdef ENABLE_OPENSSL
struct sc_pkcs15_object *key_object = NULL;
struct sc_pkcs15_prkey_info *key_info = NULL;
X509 *x = NULL;
BIO *mem = NULL;
unsigned char *buff = NULL, *ptr = NULL;
int rv;
LOG_FUNC_CALLED(ctx);
if (out_key_object)
*out_key_object = NULL;
rv = sc_pkcs15_find_prkey_by_id(p15card, &((struct sc_pkcs15_cert_info *)cert_object->data)->id, &key_object);
if (rv == SC_ERROR_OBJECT_NOT_FOUND)
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
LOG_TEST_RET(ctx, rv, "Find private key error");
key_info = (struct sc_pkcs15_prkey_info *) key_object->data;
ERR_load_ERR_strings();
ERR_load_crypto_strings();
sc_log(ctx, "CertValue(%i) %p", cert_object->content.len, cert_object->content.value);
mem = BIO_new_mem_buf(cert_object->content.value, cert_object->content.len);
if (!mem)
LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "MEM buffer allocation error");
x = d2i_X509_bio(mem, NULL);
if (!x)
LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "x509 parse error");
buff = OPENSSL_malloc(i2d_X509(x,NULL) + EVP_MAX_MD_SIZE);
if (!buff)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "OpenSSL allocation error");
ptr = buff;
rv = i2d_X509_NAME(X509_get_subject_name(x), &ptr);
if (rv <= 0)
LOG_TEST_RET(ctx, SC_ERROR_INTERNAL, "Get subject name error");
key_info->subject.value = malloc(rv);
if (!key_info->subject.value)
LOG_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Subject allocation error");
memcpy(key_info->subject.value, buff, rv);
key_info->subject.len = rv;
strlcpy(key_object->label, cert_object->label, sizeof(key_object->label));
rv = 0;
if (x)
X509_free(x);
if (mem)
BIO_free(mem);
if (buff)
OPENSSL_free(buff);
ERR_clear_error();
ERR_free_strings();
if (out_key_object)
*out_key_object = key_object;
sc_log(ctx, "Subject %s", sc_dump_hex(key_info->subject.value, key_info->subject.len));
LOG_FUNC_RETURN(ctx, rv);
#else
LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
#endif
}
