int main(int argc, char *argv[]) { if(argc != 2) { printf("Usage: ./test_app <file_name>\n"); return -1; } ENGINE *e = load_engine(ENGINE_MODULE, "test_engine"); if(e == 0) { printf("Unable to load engine\n"); return -1; } ENGINE_ctrl_cmd_string(e, "username", "user", 0); ENGINE_ctrl_cmd_string(e, "password", "password", 0); ENGINE_init(e); HMAC_CTX ctx; HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, "test_key\0", 9, EVP_sha1(), e); FILE *f = fopen(argv[1], "r"); char buf[BUF_SIZE]; while(!feof(f)) { size_t ln = fread(buf, sizeof(char), BUF_SIZE, f); if(ln == 0) continue; HMAC_Update(&ctx, buf, ln); } fclose(f); unsigned int siglen; unsigned char md[20]; HMAC_Final(&ctx, md, &siglen); ENGINE_finish(e); printf("HMAC-SHA1: "); for(size_t i = 0; i < siglen; i++) printf("%02x", md[i]); printf("\n"); return 0; }
EVP_PKEY_CTX * EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) { EVP_PKEY_CTX *rctx; if (!pctx->pmeth || !pctx->pmeth->copy) return NULL; #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a pkey context using an ENGINE */ if (pctx->engine && !ENGINE_init(pctx->engine)) { EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_ENGINE_LIB); return 0; } #endif rctx = malloc(sizeof(EVP_PKEY_CTX)); if (!rctx) return NULL; rctx->pmeth = pctx->pmeth; #ifndef OPENSSL_NO_ENGINE rctx->engine = pctx->engine; #endif if (pctx->pkey) CRYPTO_add(&pctx->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); rctx->pkey = pctx->pkey; if (pctx->peerkey) CRYPTO_add(&pctx->peerkey->references, 1, CRYPTO_LOCK_EVP_PKEY); rctx->peerkey = pctx->peerkey; rctx->data = NULL; rctx->app_data = NULL; rctx->operation = pctx->operation; if (pctx->pmeth->copy(rctx, pctx) > 0) return rctx; EVP_PKEY_CTX_free(rctx); return NULL; }
int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; if(engine) { if(!ENGINE_init(engine)) return 0; tmp_meth = ENGINE_get_RAND(engine); if(!tmp_meth) { ENGINE_finish(engine); return 0; } } /* This function releases any prior ENGINE so call it first */ RAND_set_rand_method(tmp_meth); funct_ref = engine; return 1; }
/* * 'name' is the name the engine is known by to the dst library. * This may or may not match the name the engine is known by to * openssl. It is the name that is stored in the private key file. * * 'engine_id' is the openssl engine name. * * pre_cmds and post_cmds a sequence if command argument pairs * pre_num and post_num are a count of those pairs. * * "SO_PATH", PKCS11_SO_PATH ("/usr/local/lib/engines/engine_pkcs11.so") * "LOAD", NULL * "MODULE_PATH", PKCS11_MODULE_PATH ("/usr/lib/libpkcs11.so") */ static isc_result_t dst__openssl_load_engine(const char *name, const char *engine_id, const char **pre_cmds, int pre_num, const char **post_cmds, int post_num) { ENGINE *e; UNUSED(name); if (!strcasecmp(engine_id, "dynamic")) ENGINE_load_dynamic(); e = ENGINE_by_id(engine_id); if (e == NULL) return (ISC_R_NOTFOUND); while (pre_num--) { if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { ENGINE_free(e); return (ISC_R_FAILURE); } pre_cmds += 2; } if (!ENGINE_init(e)) { ENGINE_free(e); return (ISC_R_FAILURE); } /* * ENGINE_init() returned a functional reference, so free the * structural reference from ENGINE_by_id(). */ ENGINE_free(e); while (post_num--) { if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { ENGINE_free(e); return (ISC_R_FAILURE); } post_cmds += 2; } if (he != NULL) ENGINE_finish(he); he = e; return (ISC_R_SUCCESS); }
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) { unsigned char *tmp_buf; if ((in == NULL) || (in->digest == NULL)) { /*Begin: comment out , 17Aug2006, Chris */ #if 0 EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); #endif /*End: comment out , 17Aug2006, Chris */ return 0; } #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); return 0; } #endif if (out->digest == in->digest) { tmp_buf = out->md_data; EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); } else tmp_buf = NULL; EVP_MD_CTX_cleanup(out); memcpy(out,in,sizeof *out); if (out->digest->ctx_size) { if (tmp_buf) out->md_data = tmp_buf; else out->md_data=OPENSSL_malloc(out->digest->ctx_size); memcpy(out->md_data,in->md_data,out->digest->ctx_size); } if (out->digest->copy) return out->digest->copy(out,in); return 1; }
static VALUE ossl_engine_s_by_id(VALUE klass, VALUE id) { ENGINE *e; VALUE obj; StringValue(id); ossl_engine_s_load(1, &id, klass); if(!(e = ENGINE_by_id(RSTRING_PTR(id)))) ossl_raise(eEngineError, NULL); WrapEngine(klass, obj, e); if(rb_block_given_p()) rb_yield(obj); if(!ENGINE_init(e)) ossl_raise(eEngineError, NULL); ENGINE_ctrl(e, ENGINE_CTRL_SET_PASSWORD_CALLBACK, 0, NULL, (void(*)(void))ossl_pem_passwd_cb); ERR_clear_error(); return obj; }
STORE * STORE_new_engine(ENGINE *engine) { STORE *ret = NULL; ENGINE *e = engine; const STORE_METHOD *meth = 0; #ifdef OPENSSL_NO_ENGINE e = NULL; #else if (engine) { if (!ENGINE_init(engine)) { STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); return NULL; } e = engine; } else { STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if (e) { meth = ENGINE_get_STORE(e); if (!meth) { STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); ENGINE_finish(e); return NULL; } } #endif ret = STORE_new_method(meth); if (ret == NULL) { STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_STORE_LIB); return NULL; } ret->engine = e; return (ret); }
static int rand_openssl_init_rdrand(void) { ENGINE *e; #if 0 OPENSSL_cpuid_setup(); #endif ENGINE_load_rdrand(); e = ENGINE_by_id("rdrand"); if (!e) return 1; if (ENGINE_init(e) == 0) return 1; if (ENGINE_set_default(e, ENGINE_METHOD_RAND) == 0) return 1; return 0; }
TokenEngine::TokenEngine( const StringList & modulePaths ) { ENGINE * tok = ENGINE_by_id( "pkcs11" ); if ( ! tok ) throw Exception( "token: unable to get engine" ); m_pEngine = tok; const string modulePath( findFirstExisting( modulePaths ) ); if ( modulePath.empty() ) throw Exception( "token: unable to find module path" ); DEBUG( "token: ctor: module_path=" << QS( modulePath ) ); if ( 1 != ENGINE_ctrl_cmd_string( tok, "MODULE_PATH", modulePath.c_str(), CMD_MANDATORY ) ) throw Exception( "token: setting module_path <= " + QS( modulePath ) ); DEBUG( "token: ctor: initializing " << m_pEngine ); if ( 1 != ENGINE_init( tok ) ) throw Exception( "token: unable to initialize" ); DEBUG( "token: ctor: done" ); }
EC_KEY *EC_KEY_new_method(ENGINE *engine) { EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE); return (NULL); } ret->meth = EC_KEY_get_default_method(); #ifndef OPENSSL_NO_ENGINE if (engine != NULL) { if (!ENGINE_init(engine)) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); OPENSSL_free(ret); return NULL; } ret->engine = engine; } else ret->engine = ENGINE_get_default_EC(); if (ret->engine != NULL) { ret->meth = ENGINE_get_EC(ret->engine); if (ret->meth == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); OPENSSL_free(ret); return NULL; } } #endif ret->version = 1; ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; ret->references = 1; if (ret->meth->init != NULL && ret->meth->init(ret) == 0) { EC_KEY_free(ret); return NULL; } return ret; }
ERL_NIF_TERM engine_init_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (Engine) */ #ifdef HAS_ENGINE_SUPPORT struct engine_ctx *ctx; // Get Engine ASSERT(argc == 1); if (!enif_get_resource(env, argv[0], engine_ctx_rtype, (void**)&ctx)) goto bad_arg; if (!ENGINE_init(ctx->engine)) return ERROR_Atom(env, "engine_init_failed"); return atom_ok; bad_arg: return enif_make_badarg(env); #else return atom_notsup; #endif }
int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) return 0; if (engine) { if (!ENGINE_init(engine)) return 0; tmp_meth = ENGINE_get_RAND(engine); if (tmp_meth == NULL) { ENGINE_finish(engine); return 0; } } CRYPTO_THREAD_write_lock(rand_engine_lock); /* This function releases any prior ENGINE so call it first */ RAND_set_rand_method(tmp_meth); funct_ref = engine; CRYPTO_THREAD_unlock(rand_engine_lock); return 1; }
static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl) { if(impl) { if (!ENGINE_init(impl)) { EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); return 0; } } else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_cipher_engine((*pcipher)->nid); if(impl) { /* There's an ENGINE for this job ... (apparently) */ const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); if(!c) { /* One positive side-effect of US's export * control history, is that we should at least * be able to avoid using US mispellings of * "initialisation"? */ EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); return 0; } /* We'll use the ENGINE's private cipher definition */ *pcipher = c; /* Store the ENGINE functional reference so we know * 'cipher' came from an ENGINE and we need to release * it when done. */ ctx->engine = impl; } else ctx->engine = NULL; return 1; }
const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len) { int i; const EVP_PKEY_ASN1_METHOD *ameth; if (len == -1) len = TINYCLR_SSL_STRLEN(str); if (pe) { #ifndef OPENSSL_NO_ENGINE ENGINE *e; ameth = ENGINE_pkey_asn1_find_str(&e, str, len); if (ameth) { /* Convert structural into * functional reference */ if (!ENGINE_init(e)) ameth = NULL; ENGINE_free(e); *pe = e; return ameth; } #endif *pe = NULL; } for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { ameth = EVP_PKEY_asn1_get0(i); if (ameth->pkey_flags & ASN1_PKEY_ALIAS) continue; if (((int)TINYCLR_SSL_STRLEN(ameth->pem_str) == len) && !TINYCLR_SSL_STRNCASECMP(ameth->pem_str, str, len)) return ameth; } return NULL; }
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); #ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a * reinitialisation, when it may all be unecessary. */ if (ctx->engine && ctx->digest && (!type || (type && (type->type == ctx->digest->type)))) goto skip_to_init; if (type) { /* Ensure an ENGINE left lying around from last time is cleared * (the previous check attempted to avoid this if the same * ENGINE and EVP_MD could be used). */ if(ctx->engine) ENGINE_finish(ctx->engine); if(impl) { if (!ENGINE_init(impl)) { EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); return 0; } } else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_digest_engine(type->type); if(impl) { /* There's an ENGINE for this job ... (apparently) */ const EVP_MD *d = ENGINE_get_digest(impl, type->type); if(!d) { /* Same comment from evp_enc.c */ EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); ENGINE_finish(impl); return 0; } /* We'll use the ENGINE's private digest definition */ type = d; /* Store the ENGINE functional reference so we know * 'type' came from an ENGINE and we need to release * it when done. */ ctx->engine = impl; } else ctx->engine = NULL; } else if(!ctx->digest) { EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); return 0; } #endif if (ctx->digest != type) { if (ctx->digest && ctx->digest->ctx_size) OPENSSL_free(ctx->md_data); ctx->digest=type; if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ctx->update = type->update; ctx->md_data=OPENSSL_malloc(type->ctx_size); if (ctx->md_data == NULL) { EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } } } #ifndef OPENSSL_NO_ENGINE skip_to_init: #endif if (ctx->pctx) { int r; r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); if (r <= 0 && (r != -2)) return 0; } if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) return 1; return ctx->digest->init(ctx); }
RSA *RSA_new_method(ENGINE *engine) { RSA *ret; ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); if (ret == NULL) { RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); return NULL; } ret->meth = RSA_get_default_method(); #ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) { RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); OPENSSL_free(ret); return NULL; } ret->engine = engine; } else ret->engine = ENGINE_get_default_RSA(); if(ret->engine) { ret->meth = ENGINE_get_RSA(ret->engine); if(!ret->meth) { RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); OPENSSL_free(ret); return NULL; } } #endif ret->pad=0; ret->version=0; ret->n=NULL; ret->e=NULL; ret->d=NULL; ret->p=NULL; ret->q=NULL; ret->dmp1=NULL; ret->dmq1=NULL; ret->iqmp=NULL; ret->references=1; ret->_method_mod_n=NULL; ret->_method_mod_p=NULL; ret->_method_mod_q=NULL; ret->blinding=NULL; ret->mt_blinding=NULL; ret->bignum_data=NULL; ret->flags=ret->meth->flags; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; } return(ret); }
ENGINE *scep_engine_init(ENGINE *e) { ENGINE_load_builtin_engines(); ENGINE_load_dynamic(); //if its not dynamic, try to load it directly. If OpenSSL has it already we are good to go! if(strcmp(g_char, "dynamic") != 0) { e = ENGINE_by_id(g_char); if ((e==NULL) && v_flag){ printf("%s: Engine %s could not be loaded. Trying to load dynamically...\n", pname, g_char); } } if(e == NULL) { ERR_clear_error(); e = scep_engine_load_dynamic(e); } if(scep_conf->engine->module_path) { if(ENGINE_ctrl_cmd_string(e, "MODULE_PATH", scep_conf->engine->module_path, 0) == 0) { fprintf(stderr, "%s: Adding MODULE PATH %s was not successful!\n", pname, scep_conf->engine->module_path); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } //define this engine as a default for all our crypto operations. This way OpenSSL automatically chooses the right functions if(ENGINE_set_default(e, ENGINE_METHOD_ALL) == 0) { fprintf(stderr, "%s: Error loading on setting defaults\n", pname); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } else if(v_flag) printf("%s: Engine %s made default for all operations\n", pname, g_char); //we need a functional reference and as such need to initialize if(ENGINE_init(e) == 0) { fprintf(stderr, "%s: Engine Init did not work\n", pname); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } else if(v_flag) printf("%s: Engine %s initialized\n", pname, g_char); //TODO: remove capi specific part! if(v_flag && strncmp(scep_conf->engine->engine_id, "capi", 4) == 0) { // set debug level if(!ENGINE_ctrl(e, (ENGINE_CMD_BASE + 2), 2, NULL, NULL)) { fprintf(stderr, "%s: Could not set debug level to %i\n", pname, 2); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } // set debug file (log) if(!ENGINE_ctrl(e, (ENGINE_CMD_BASE + 3), 0, "capi.log", NULL)) { fprintf(stderr, "%s: Could not set debug file to %s\n", pname, "capi.log"); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } //TODO: remove JKSEngine specific part! if(strncmp(scep_conf->engine->engine_id, "jksengine", 9) == 0) { if(scep_conf->engine->storepass) { if(!ENGINE_ctrl(e, 2, 0, scep_conf->engine->storepass, NULL)) { fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_KEYSTOREPASS); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } if(scep_conf->engine->jconnpath) { if(!ENGINE_ctrl(e, 3, 0, scep_conf->engine->jconnpath, 0)) { fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_JCONNPATH); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } if(scep_conf->engine->provider) { if(!ENGINE_ctrl(e, 4, 0, scep_conf->engine->provider, 0)) { fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_PROVIDER); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } if(scep_conf->engine->javapath) { if(!ENGINE_ctrl(e, 5, 0, scep_conf->engine->javapath, 0)) { fprintf(stderr, "%s: Could not set %s\n", pname, SCEP_CONFIGURATION_ENGINE_JKSENGINE_JAVAPATH); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } } //TODO: remove pkcs11 specific part! if(strncmp(scep_conf->engine->engine_id, "pkcs11", 6) == 0) { if(scep_conf->engine->pin) { if(!ENGINE_ctrl(e, (ENGINE_CMD_BASE + 2), 0, scep_conf->engine->pin, NULL)) { fprintf(stderr, "%s: Could not define PIN\n", pname); sscep_engine_report_error(); exit (SCEP_PKISTATUS_ERROR); } } } return e; }
EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) { if (dest == NULL || src == NULL) { ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if (src->meth != dest->meth) { if (dest->meth->finish != NULL) dest->meth->finish(dest); if (dest->group && dest->group->meth->keyfinish) dest->group->meth->keyfinish(dest); #ifndef OPENSSL_NO_ENGINE if (ENGINE_finish(dest->engine) == 0) return 0; dest->engine = NULL; #endif } /* copy the parameters */ if (src->group != NULL) { const EC_METHOD *meth = EC_GROUP_method_of(src->group); /* clear the old group */ EC_GROUP_free(dest->group); dest->group = EC_GROUP_new(meth); if (dest->group == NULL) return NULL; if (!EC_GROUP_copy(dest->group, src->group)) return NULL; /* copy the public key */ if (src->pub_key != NULL) { EC_POINT_free(dest->pub_key); dest->pub_key = EC_POINT_new(src->group); if (dest->pub_key == NULL) return NULL; if (!EC_POINT_copy(dest->pub_key, src->pub_key)) return NULL; } /* copy the private key */ if (src->priv_key != NULL) { if (dest->priv_key == NULL) { dest->priv_key = BN_new(); if (dest->priv_key == NULL) return NULL; } if (!BN_copy(dest->priv_key, src->priv_key)) return NULL; if (src->group->meth->keycopy && src->group->meth->keycopy(dest, src) == 0) return NULL; } } /* copy the rest */ dest->enc_flag = src->enc_flag; dest->conv_form = src->conv_form; dest->version = src->version; dest->flags = src->flags; if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, &dest->ex_data, &src->ex_data)) return NULL; if (src->meth != dest->meth) { #ifndef OPENSSL_NO_ENGINE if (src->engine != NULL && ENGINE_init(src->engine) == 0) return NULL; dest->engine = src->engine; #endif dest->meth = src->meth; } if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0) return NULL; return dest; }
static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) { EVP_PKEY_CTX *ret; const EVP_PKEY_METHOD *pmeth; if (id == -1) { if (!pkey || !pkey->ameth) return NULL; id = pkey->ameth->pkey_id; } #ifndef OPENSSL_NO_ENGINE if (pkey && pkey->engine) e = pkey->engine; /* Try to find an ENGINE which implements this method */ if (e) { if (!ENGINE_init(e)) { EVPerr(EVP_F_INT_CTX_NEW, ERR_R_ENGINE_LIB); return NULL; } } else e = ENGINE_get_pkey_meth_engine(id); /* * If an ENGINE handled this method look it up. Othewise use internal * tables. */ if (e) pmeth = ENGINE_get_pkey_meth(e, id); else #endif pmeth = EVP_PKEY_meth_find(id); if (pmeth == NULL) { EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM); return NULL; } ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); if (!ret) { #ifndef OPENSSL_NO_ENGINE if (e) ENGINE_finish(e); #endif EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } ret->engine = e; ret->pmeth = pmeth; ret->operation = EVP_PKEY_OP_UNDEFINED; ret->pkey = pkey; ret->peerkey = NULL; ret->pkey_gencb = 0; if (pkey) CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); ret->data = NULL; if (pmeth->init) { if (pmeth->init(ret) <= 0) { EVP_PKEY_CTX_free(ret); return NULL; } } return ret; }
int main(int argc, char *argv[]) { ENGINE *engine; EVP_PKEY *pkey; X509 *cert; FILE *cert_fp; const char *module, *efile, *certfile, *privkey; int ret = 0; if (argc < 4){ printf("Too few arguments\n"); usage(argv); return 1; } certfile = argv[1]; privkey = argv[2]; module = argv[3]; efile = argv[4]; cert_fp = fopen(certfile, "rb"); if (!cert_fp) { fprintf(stderr, "%s:%d Could not open file %s\n", __FILE__, __LINE__, certfile); ret = 1; goto end; } cert = PEM_read_X509(cert_fp, NULL, NULL, NULL); if (!cert) { fprintf(stderr, "%s:%d Could not read certificate file" "(must be PEM format)\n", __FILE__, __LINE__); } if (cert_fp) { fclose(cert_fp); } ret = CONF_modules_load_file(efile, "engines", 0); if (ret <= 0) { fprintf(stderr, "%s:%d cannot load %s\n", __FILE__, __LINE__, efile); display_openssl_errors(__LINE__); exit(1); } ENGINE_add_conf_module(); #if OPENSSL_VERSION_NUMBER>=0x10100000 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \ | OPENSSL_INIT_LOAD_CONFIG, NULL); #else OpenSSL_add_all_algorithms(); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); #endif ERR_clear_error(); ENGINE_load_builtin_engines(); engine = ENGINE_by_id("pkcs11"); if (engine == NULL) { printf("%s:%d Could not get engine\n", __FILE__, __LINE__); display_openssl_errors(__LINE__); ret = 1; goto end; } if (!ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0)) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", module, 0)) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_init(engine)) { printf("Could not initialize engine\n"); display_openssl_errors(__LINE__); ret = 1; goto end; } pkey = ENGINE_load_private_key(engine, privkey, 0, 0); if (pkey == NULL) { printf("%s:%d Could not load key\n", __FILE__, __LINE__); display_openssl_errors(__LINE__); ret = 1; goto end; } ret = X509_check_private_key(cert, pkey); if (!ret) { printf("%s:%d Could not check private key\n", __FILE__, __LINE__); display_openssl_errors(__LINE__); ret = 1; goto end; } printf("Key and certificate matched\n"); ret = 0; CONF_modules_unload(1); end: X509_free(cert); EVP_PKEY_free(pkey); ENGINE_finish(engine); return ret; }
int main(int argc, char **argv) { EVP_PKEY *private_key, *public_key; EVP_PKEY_CTX *pkey_ctx; EVP_MD_CTX *md_ctx; const EVP_MD *digest_algo; char *private_key_name, *public_key_name; unsigned char sig[4096]; size_t sig_len; unsigned char md[128]; size_t md_len; unsigned digest_len; char *key_pass = NULL; const char *module_path, *efile; ENGINE *e; int ret; if (argc < 5) { fprintf(stderr, "usage: %s [PIN] [CONF] [private key URL] [public key URL] [module]\n", argv[0]); fprintf(stderr, "\n"); exit(1); } key_pass = argv[1]; efile = argv[2]; private_key_name = argv[3]; public_key_name = argv[4]; module_path = argv[5]; ret = CONF_modules_load_file(efile, "engines", 0); if (ret <= 0) { fprintf(stderr, "cannot load %s\n", efile); display_openssl_errors(__LINE__); exit(1); } ENGINE_add_conf_module(); #if OPENSSL_VERSION_NUMBER>=0x10100000 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \ | OPENSSL_INIT_LOAD_CONFIG, NULL); #else OpenSSL_add_all_algorithms(); OpenSSL_add_all_digests(); ERR_load_crypto_strings(); #endif ERR_clear_error(); ENGINE_load_builtin_engines(); e = ENGINE_by_id("pkcs11"); if (e == NULL) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_ctrl_cmd_string(e, "VERBOSE", NULL, 0)) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_ctrl_cmd_string(e, "MODULE_PATH", module_path, 0)) { display_openssl_errors(__LINE__); exit(1); } if (!ENGINE_init(e)) { display_openssl_errors(__LINE__); exit(1); } if (key_pass && !ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0)) { display_openssl_errors(__LINE__); exit(1); } private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL); if (private_key == NULL) { fprintf(stderr, "cannot load: %s\n", private_key_name); display_openssl_errors(__LINE__); exit(1); } public_key = ENGINE_load_public_key(e, public_key_name, NULL, NULL); if (public_key == NULL) { fprintf(stderr, "cannot load: %s\n", public_key_name); display_openssl_errors(__LINE__); exit(1); } digest_algo = EVP_get_digestbyname("sha256"); #define TEST_DATA "test data" md_ctx = EVP_MD_CTX_create(); if (EVP_DigestInit(md_ctx, digest_algo) <= 0) { display_openssl_errors(__LINE__); exit(1); } if (EVP_DigestUpdate(md_ctx, TEST_DATA, sizeof(TEST_DATA)) <= 0) { display_openssl_errors(__LINE__); exit(1); } digest_len = sizeof(md); if (EVP_DigestFinal(md_ctx, md, &digest_len) <= 0) { display_openssl_errors(__LINE__); exit(1); } md_len = digest_len; EVP_MD_CTX_destroy(md_ctx); /* Sign the hash */ pkey_ctx = EVP_PKEY_CTX_new(private_key, e); if (pkey_ctx == NULL) { fprintf(stderr, "Could not create context\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_sign_init(pkey_ctx) <= 0) { fprintf(stderr, "Could not init signature\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) { fprintf(stderr, "Could not set padding\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, digest_algo) <= 0) { fprintf(stderr, "Could not set message digest algorithm\n"); display_openssl_errors(__LINE__); exit(1); } sig_len = sizeof(sig); if (EVP_PKEY_sign(pkey_ctx, sig, &sig_len, md, EVP_MD_size(digest_algo)) <= 0) { display_openssl_errors(__LINE__); exit(1); } EVP_PKEY_CTX_free(pkey_ctx); printf("Signature created\n"); #if OPENSSL_VERSION_NUMBER >= 0x1000000fL pkey_ctx = EVP_PKEY_CTX_new(public_key, e); if (pkey_ctx == NULL) { fprintf(stderr, "Could not create context\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_verify_init(pkey_ctx) <= 0) { fprintf(stderr, "Could not init verify\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) <= 0) { fprintf(stderr, "Could not set padding\n"); display_openssl_errors(__LINE__); exit(1); } if (EVP_PKEY_CTX_set_signature_md(pkey_ctx, digest_algo) <= 0) { fprintf(stderr, "Could not set message digest algorithm\n"); display_openssl_errors(__LINE__); exit(1); } ret = EVP_PKEY_verify(pkey_ctx, sig, sig_len, md, md_len); if (ret < 0) { display_openssl_errors(__LINE__); exit(1); } EVP_PKEY_CTX_free(pkey_ctx); if (ret == 1) { printf("Signature verified\n"); } else { printf("Verification failed\n"); display_openssl_errors(__LINE__); exit(1); } #else /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */ printf("Unable to verify signature with %s\n", OPENSSL_VERSION_TEXT); #endif /* OPENSSL_VERSION_NUMBER >= 0x1000000fL */ ENGINE_finish(e); CONF_modules_unload(1); return 0; }
/** * @brief Create a context for supporting encryption. Keys, certificates, * algorithms and other parameters will be set per context. More than * one context can be created at one time. A cleanup will be automatically * registered with the given pool to guarantee a graceful shutdown. * @param f - context pointer will be written here * @param provider - provider to use * @param params - array of key parameters * @param pool - process pool * @return APR_ENOENGINE when the engine specified does not exist. APR_EINITENGINE * if the engine cannot be initialised. */ static apr_status_t crypto_make(apr_crypto_t **ff, const apr_crypto_driver_t *provider, const char *params, apr_pool_t *pool) { apr_crypto_config_t *config = NULL; apr_crypto_t *f = apr_pcalloc(pool, sizeof(apr_crypto_t)); const char *engine = NULL; struct { const char *field; const char *value; int set; } fields[] = { { "engine", NULL, 0 }, { NULL, NULL, 0 } }; const char *ptr; size_t klen; char **elts = NULL; char *elt; int i = 0, j; apr_status_t status; if (params) { if (APR_SUCCESS != (status = apr_tokenize_to_argv(params, &elts, pool))) { return status; } while ((elt = elts[i])) { ptr = strchr(elt, '='); if (ptr) { for (klen = ptr - elt; klen && apr_isspace(elt[klen - 1]); --klen) ; ptr++; } else { for (klen = strlen(elt); klen && apr_isspace(elt[klen - 1]); --klen) ; } elt[klen] = 0; for (j = 0; fields[j].field != NULL; ++j) { if (!strcasecmp(fields[j].field, elt)) { fields[j].set = 1; if (ptr) { fields[j].value = ptr; } break; } } i++; } engine = fields[0].value; } if (!f) { return APR_ENOMEM; } *ff = f; f->pool = pool; f->provider = provider; config = f->config = apr_pcalloc(pool, sizeof(apr_crypto_config_t)); if (!config) { return APR_ENOMEM; } f->result = apr_pcalloc(pool, sizeof(apu_err_t)); if (!f->result) { return APR_ENOMEM; } f->keys = apr_array_make(pool, 10, sizeof(apr_crypto_key_t)); if (!f->keys) { return APR_ENOMEM; } f->types = apr_hash_make(pool); if (!f->types) { return APR_ENOMEM; } apr_hash_set(f->types, "3des192", APR_HASH_KEY_STRING, &(key_3des_192)); apr_hash_set(f->types, "aes128", APR_HASH_KEY_STRING, &(key_aes_128)); apr_hash_set(f->types, "aes192", APR_HASH_KEY_STRING, &(key_aes_192)); apr_hash_set(f->types, "aes256", APR_HASH_KEY_STRING, &(key_aes_256)); f->modes = apr_hash_make(pool); if (!f->modes) { return APR_ENOMEM; } apr_hash_set(f->modes, "ecb", APR_HASH_KEY_STRING, &(mode_ecb)); apr_hash_set(f->modes, "cbc", APR_HASH_KEY_STRING, &(mode_cbc)); apr_pool_cleanup_register(pool, f, crypto_cleanup_helper, apr_pool_cleanup_null); if (engine) { config->engine = ENGINE_by_id(engine); if (!config->engine) { return APR_ENOENGINE; } if (!ENGINE_init(config->engine)) { ENGINE_free(config->engine); config->engine = NULL; return APR_EINITENGINE; } } return APR_SUCCESS; }
int main(int argc, char *argv[]) { const EVP_MD *digest_algo = NULL; EVP_PKEY *pkey = NULL; EVP_MD_CTX *md_ctx = NULL; ENGINE *engine = NULL; unsigned char random[RANDOM_SIZE], signature[MAX_SIGSIZE]; unsigned int siglen = MAX_SIGSIZE; int ret, num_processes = 2; pid_t pid; int rv = 1; /* Check arguments */ if (argc < 2) { fprintf(stderr, "Missing required arguments\n"); usage(argv[0]); goto failed; } if (argc > 4) { fprintf(stderr, "Too many arguments\n"); usage(argv[0]); goto failed; } /* Check PKCS#11 URL */ if (strncmp(argv[1], "pkcs11:", 7)) { fprintf(stderr, "fatal: invalid PKCS#11 URL\n"); usage(argv[0]); goto failed; } pid = getpid(); printf("pid %d is the parent\n", pid); /* Load configuration file, if provided */ if (argc >= 3) { ret = CONF_modules_load_file(argv[2], "engines", 0); if (ret <= 0) { fprintf(stderr, "cannot load %s\n", argv[2]); error_queue("CONF_modules_load_file", pid); goto failed; } ENGINE_add_conf_module(); } ENGINE_add_conf_module(); #if OPENSSL_VERSION_NUMBER>=0x10100000 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ | OPENSSL_INIT_ADD_ALL_DIGESTS \ | OPENSSL_INIT_LOAD_CONFIG, NULL); #else OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); #endif ERR_clear_error(); ENGINE_load_builtin_engines(); /* Get structural reference */ engine = ENGINE_by_id("pkcs11"); if (engine == NULL) { fprintf(stderr, "fatal: engine \"pkcs11\" not available\n"); error_queue("ENGINE_by_id", pid); goto failed; } /* Set the used */ if (argc >= 4) { ENGINE_ctrl_cmd(engine, "MODULE_PATH", 0, argv[3], NULL, 1); } /* Initialize to get the engine functional reference */ if (ENGINE_init(engine)) { pkey = ENGINE_load_private_key(engine, argv[1], 0, 0); if (pkey == NULL) { error_queue("ENGINE_load_private_key", pid); goto failed; } ENGINE_free(engine); engine = NULL; } else { error_queue("ENGINE_init", pid); goto failed; } /* Spawn processes and check child return */ if (spawn_processes(num_processes)) { goto failed; } pid = getpid(); /* Generate random data */ if (!RAND_bytes(random, RANDOM_SIZE)){ error_queue("RAND_bytes", pid); goto failed; } /* Create context to sign the random data */ digest_algo = EVP_get_digestbyname("sha256"); md_ctx = EVP_MD_CTX_create(); if (EVP_DigestInit(md_ctx, digest_algo) <= 0) { error_queue("EVP_DigestInit", pid); goto failed; } EVP_SignInit(md_ctx, digest_algo); if (EVP_SignUpdate(md_ctx, random, RANDOM_SIZE) <= 0) { error_queue("EVP_SignUpdate", pid); goto failed; } if (EVP_SignFinal(md_ctx, signature, &siglen, pkey) <= 0) { error_queue("EVP_SignFinal", pid); goto failed; } EVP_MD_CTX_destroy(md_ctx); printf("pid %d: %u-byte signature created\n", pid, siglen); /* Now verify the result */ md_ctx = EVP_MD_CTX_create(); if (EVP_DigestInit(md_ctx, digest_algo) <= 0) { error_queue("EVP_DigestInit", pid); goto failed; } EVP_VerifyInit(md_ctx, digest_algo); if (EVP_VerifyUpdate(md_ctx, random, RANDOM_SIZE) <= 0) { error_queue("EVP_VerifyUpdate", pid); goto failed; } if (EVP_VerifyFinal(md_ctx, signature, siglen, pkey) <= 0) { error_queue("EVP_VerifyFinal", pid); goto failed; } printf("pid %d: Signature matched\n", pid); rv = 0; failed: if (md_ctx != NULL) EVP_MD_CTX_destroy(md_ctx); if (pkey != NULL) EVP_PKEY_free(pkey); if (engine != NULL) ENGINE_free(engine); return rv; }
EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) { EC_EXTRA_DATA *d; if (dest == NULL || src == NULL) { ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if (src->meth != dest->meth) { if (dest->meth->finish != NULL) dest->meth->finish(dest); #ifndef OPENSSL_NO_ENGINE if (dest->engine != NULL && ENGINE_finish(dest->engine) == 0) return 0; dest->engine = NULL; #endif } /* copy the parameters */ if (src->group != NULL) { const EC_METHOD *meth = EC_GROUP_method_of(src->group); /* clear the old group */ EC_GROUP_free(dest->group); dest->group = EC_GROUP_new(meth); if (dest->group == NULL) return NULL; if (!EC_GROUP_copy(dest->group, src->group)) return NULL; } /* copy the public key */ if (src->pub_key != NULL && src->group != NULL) { EC_POINT_free(dest->pub_key); dest->pub_key = EC_POINT_new(src->group); if (dest->pub_key == NULL) return NULL; if (!EC_POINT_copy(dest->pub_key, src->pub_key)) return NULL; } /* copy the private key */ if (src->priv_key != NULL) { if (dest->priv_key == NULL) { dest->priv_key = BN_new(); if (dest->priv_key == NULL) return NULL; } if (!BN_copy(dest->priv_key, src->priv_key)) return NULL; } /* copy method/extra data */ EC_EX_DATA_free_all_data(&dest->method_data); for (d = src->method_data; d != NULL; d = d->next) { void *t = d->dup_func(d->data); if (t == NULL) return 0; if (!EC_EX_DATA_set_data (&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func)) return NULL; } /* copy the rest */ dest->enc_flag = src->enc_flag; dest->conv_form = src->conv_form; dest->version = src->version; dest->flags = src->flags; if (src->meth != dest->meth) { #ifndef OPENSSL_NO_ENGINE if (src->engine != NULL && ENGINE_init(src->engine) == 0) return NULL; dest->engine = src->engine; #endif dest->meth = src->meth; } if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0) return NULL; return dest; }
int MAIN(int argc, char **argv) { int ret=1,i; const char **pp; int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0; ENGINE *e; STACK *engines = sk_new_null(); STACK *pre_cmds = sk_new_null(); STACK *post_cmds = sk_new_null(); int badops=1; BIO *bio_out=NULL; const char *indent = " "; apps_startup(); SSL_load_error_strings(); if (bio_err == NULL) bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); if (!load_config(bio_err, NULL)) goto end; bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); bio_out = BIO_push(tmpbio, bio_out); } #endif argc--; argv++; while (argc >= 1) { if (strncmp(*argv,"-v",2) == 0) { if(strspn(*argv + 1, "v") < strlen(*argv + 1)) goto skip_arg_loop; if((verbose=strlen(*argv + 1)) > 4) goto skip_arg_loop; } else if (strcmp(*argv,"-c") == 0) list_cap=1; else if (strncmp(*argv,"-t",2) == 0) { test_avail=1; if(strspn(*argv + 1, "t") < strlen(*argv + 1)) goto skip_arg_loop; if((test_avail_noise = strlen(*argv + 1) - 1) > 1) goto skip_arg_loop; } else if (strcmp(*argv,"-pre") == 0) { argc--; argv++; if (argc == 0) goto skip_arg_loop; sk_push(pre_cmds,*argv); } else if (strcmp(*argv,"-post") == 0) { argc--; argv++; if (argc == 0) goto skip_arg_loop; sk_push(post_cmds,*argv); } else if ((strncmp(*argv,"-h",2) == 0) || (strcmp(*argv,"-?") == 0)) goto skip_arg_loop; else sk_push(engines,*argv); argc--; argv++; } /* Looks like everything went OK */ badops = 0; skip_arg_loop: if (badops) { for (pp=engine_usage; (*pp != NULL); pp++) BIO_printf(bio_err,"%s",*pp); goto end; } if (sk_num(engines) == 0) { for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) { sk_push(engines,(char *)ENGINE_get_id(e)); } } for (i=0; i<sk_num(engines); i++) { const char *id = sk_value(engines,i); if ((e = ENGINE_by_id(id)) != NULL) { const char *name = ENGINE_get_name(e); /* Do "id" first, then "name". Easier to auto-parse. */ BIO_printf(bio_out, "(%s) %s\n", id, name); util_do_cmds(e, pre_cmds, bio_out, indent); if (strcmp(ENGINE_get_id(e), id) != 0) { BIO_printf(bio_out, "Loaded: (%s) %s\n", ENGINE_get_id(e), ENGINE_get_name(e)); } if (list_cap) { int cap_size = 256; char *cap_buf = NULL; int k,n; const int *nids; ENGINE_CIPHERS_PTR fn_c; ENGINE_DIGESTS_PTR fn_d; if (ENGINE_get_RSA(e) != NULL && !append_buf(&cap_buf, "RSA", &cap_size, 256)) goto end; if (ENGINE_get_DSA(e) != NULL && !append_buf(&cap_buf, "DSA", &cap_size, 256)) goto end; if (ENGINE_get_DH(e) != NULL && !append_buf(&cap_buf, "DH", &cap_size, 256)) goto end; if (ENGINE_get_RAND(e) != NULL && !append_buf(&cap_buf, "RAND", &cap_size, 256)) goto end; fn_c = ENGINE_get_ciphers(e); if(!fn_c) goto skip_ciphers; n = fn_c(e, NULL, &nids, 0); for(k=0 ; k < n ; ++k) if(!append_buf(&cap_buf, OBJ_nid2sn(nids[k]), &cap_size, 256)) goto end; skip_ciphers: fn_d = ENGINE_get_digests(e); if(!fn_d) goto skip_digests; n = fn_d(e, NULL, &nids, 0); for(k=0 ; k < n ; ++k) if(!append_buf(&cap_buf, OBJ_nid2sn(nids[k]), &cap_size, 256)) goto end; skip_digests: if (cap_buf && (*cap_buf != '\0')) BIO_printf(bio_out, " [%s]\n", cap_buf); OPENSSL_free(cap_buf); } if(test_avail) { BIO_printf(bio_out, "%s", indent); if (ENGINE_init(e)) { BIO_printf(bio_out, "[ available ]\n"); util_do_cmds(e, post_cmds, bio_out, indent); ENGINE_finish(e); } else { BIO_printf(bio_out, "[ unavailable ]\n"); if(test_avail_noise) ERR_print_errors_fp(stdout); ERR_clear_error(); } } if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent)) goto end; ENGINE_free(e); } else ERR_print_errors(bio_err); } ret=0; end: ERR_print_errors(bio_err); sk_pop_free(engines, identity); sk_pop_free(pre_cmds, identity); sk_pop_free(post_cmds, identity); if (bio_out != NULL) BIO_free_all(bio_out); apps_shutdown(); OPENSSL_EXIT(ret); }
int main(int argc, char **argv) { char *cert_src; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ERR_clear_error(); kbuild_verbose = atoi(getenv("KBUILD_VERBOSE")?:"0"); key_pass = getenv("KBUILD_SIGN_PIN"); if (argc != 3) format(); cert_src = argv[1]; cert_dst = argv[2]; if (!cert_src[0]) { /* Invoked with no input; create empty file */ FILE *f = fopen(cert_dst, "wb"); ERR(!f, "%s", cert_dst); fclose(f); exit(0); } else if (!strncmp(cert_src, "pkcs11:", 7)) { ENGINE *e; struct { const char *cert_id; X509 *cert; } parms; parms.cert_id = cert_src; parms.cert = NULL; ENGINE_load_builtin_engines(); drain_openssl_errors(); e = ENGINE_by_id("pkcs11"); ERR(!e, "Load PKCS#11 ENGINE"); if (ENGINE_init(e)) drain_openssl_errors(); else ERR(1, "ENGINE_init"); if (key_pass) ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN"); ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); ERR(!parms.cert, "Get X.509 from PKCS#11"); write_cert(parms.cert); } else { BIO *b; X509 *x509; b = BIO_new_file(cert_src, "rb"); ERR(!b, "%s", cert_src); while (1) { x509 = PEM_read_bio_X509(b, NULL, NULL, NULL); if (wb && !x509) { unsigned long err = ERR_peek_last_error(); if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { ERR_clear_error(); break; } } ERR(!x509, "%s", cert_src); write_cert(x509); } } BIO_free(wb); return 0; }
static int openssl_engine_init(lua_State*L){ ENGINE* eng = CHECK_OBJECT(1,ENGINE,"openssl.engine"); int ret = ENGINE_init(eng); lua_pushboolean(L, ret); return 1; }
EXPORT_C DSA *DSA_new_method(ENGINE *engine) { DSA *ret; ret=(DSA *)OPENSSL_malloc(sizeof(DSA)); if (ret == NULL) { DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); return(NULL); } ret->meth = DSA_get_default_method(); #ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); OPENSSL_free(ret); return NULL; } ret->engine = engine; } else ret->engine = ENGINE_get_default_DSA(); if(ret->engine) { ret->meth = ENGINE_get_DSA(ret->engine); if(!ret->meth) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); OPENSSL_free(ret); return NULL; } } #endif ret->pad=0; ret->version=0; ret->write_params=1; ret->p=NULL; ret->q=NULL; ret->g=NULL; ret->pub_key=NULL; ret->priv_key=NULL; ret->kinv=NULL; ret->r=NULL; ret->method_mont_p=NULL; ret->references=1; ret->flags=ret->meth->flags; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; } return(ret); }
int64_t s2n_public_random(int64_t max) { uint64_t r; gt_check(max, 0); while(1) { struct s2n_blob blob = { .data = (void *) &r, sizeof(r) }; GUARD(s2n_get_public_random_data(&blob)); /* Imagine an int was one byte and UINT_MAX was 256. If the * caller asked for s2n_random(129, ...) we'd end up in * trouble. Each number in the range 0...127 would be twice * as likely as 128. That's because r == 0 % 129 -> 0, and * r == 129 % 129 -> 0, but only r == 128 returns 128, * r == 257 is out of range. * * To de-bias the dice, we discard values of r that are higher * that the highest multiple of 'max' an int can support. If * max is a uint, then in the worst case we discard 50% - 1 r's. * But since 'max' is an int and INT_MAX is <= UINT_MAX / 2, * in the worst case we discard 25% - 1 r's. */ if (r < (UINT64_MAX - (UINT64_MAX % max))) { return r % max; } } return -1; } #ifndef OPENSSL_IS_BORINGSSL int s2n_openssl_compat_rand(unsigned char *buf, int num) { struct s2n_blob out = {.data = buf, .size = num}; if(s2n_get_private_random_data(&out) < 0) { return 0; } return 1; } int s2n_openssl_compat_status(void) { return 1; } int s2n_openssl_compat_init(ENGINE *unused) { return 1; } RAND_METHOD s2n_openssl_rand_method = { .seed = NULL, .bytes = s2n_openssl_compat_rand, .cleanup = NULL, .add = NULL, .pseudorand = s2n_openssl_compat_rand, .status = s2n_openssl_compat_status }; #endif int s2n_init(void) { GUARD(s2n_mem_init()); OPEN: entropy_fd = open(ENTROPY_SOURCE, O_RDONLY); if (entropy_fd == -1) { if (errno == EINTR) { goto OPEN; } S2N_ERROR(S2N_ERR_OPEN_RANDOM); } #if defined(MAP_INHERIT_ZERO) if ((zero_if_forked_ptr = mmap(NULL, sizeof(int), PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { S2N_ERROR(S2N_ERR_OPEN_RANDOM); } if (minherit(zero_if_forked_ptr, sizeof(int), MAP_INHERIT_ZERO) == -1) { S2N_ERROR(S2N_ERR_OPEN_RANDOM); } #else if (pthread_atfork(NULL, NULL, s2n_on_fork) != 0) { S2N_ERROR(S2N_ERR_OPEN_RANDOM); } #endif GUARD(s2n_check_fork()); #ifndef OPENSSL_IS_BORINGSSL /* Create an engine */ ENGINE *e = ENGINE_new(); if (e == NULL || ENGINE_set_id(e, "s2n") != 1 || ENGINE_set_name(e, "s2n entropy generator") != 1 || ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) != 1 || ENGINE_set_init_function(e, s2n_openssl_compat_init) != 1 || ENGINE_set_RAND(e, &s2n_openssl_rand_method) != 1 || ENGINE_add(e) != 1 || ENGINE_free(e) != 1) { S2N_ERROR(S2N_ERR_OPEN_RANDOM); } /* Use that engine for rand() */ e = ENGINE_by_id("s2n"); if (e == NULL || ENGINE_init(e) != 1 || ENGINE_set_default(e, ENGINE_METHOD_RAND) != 1) { S2N_ERROR(S2N_ERR_OPEN_RANDOM); } #endif return 0; }
DH *DH_new_method(ENGINE *engine) { DH *ret; ret=(DH *)OPENSSL_malloc(sizeof(DH)); if (ret == NULL) { DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE); return(NULL); } ret->meth = DH_get_default_method(); #ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) { DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); OPENSSL_free(ret); return NULL; } ret->engine = engine; } else ret->engine = ENGINE_get_default_DH(); if(ret->engine) { ret->meth = ENGINE_get_DH(ret->engine); if(!ret->meth) { DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); OPENSSL_free(ret); return NULL; } } #endif ret->pad=0; ret->version=0; ret->p=NULL; ret->g=NULL; ret->length=0; ret->pub_key=NULL; ret->priv_key=NULL; ret->q=NULL; ret->j=NULL; ret->seed = NULL; ret->seedlen = 0; ret->counter = NULL; ret->method_mont_p=NULL; ret->references = 1; ret->flags=ret->meth->flags; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { #ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; } return(ret); }