自学教程：C++ ENGINE_set_RSA函数代码示例

static int bind_helper (ENGINE *e) {	if (!ENGINE_set_id(e, FS_ENGINE_ID) ||		!ENGINE_set_name (e, FS_ENGINE_NAME) ||		!ENGINE_set_destroy_function (e, engine_fs_destroy) ||		!ENGINE_set_finish_function (e, engine_fs_finish) ||		!ENGINE_set_ctrl_function (e, engine_fs_ctrl) ||		!ENGINE_set_load_privkey_function (e, engine_fs_load_private_key) ||		!ENGINE_set_RSA (e, &engine_fs_rsa) /*||		!ENGINE_set_load_pubkey_function (e, engine_fs_load_public_key) ||		!ENGINE_set_init_function (e, engine_fs_init) ||		!ENGINE_set_DSA (e, engine_fs_dsa) ||		!ENGINE_set_ECDH (e, engine_fs_dh) ||		!ENGINE_set_ECDSA (e, engine_fs_dh) ||		!ENGINE_set_DH (e, engine_fs_dh) ||		!ENGINE_set_RAND (e, engine_fs_rand) ||		!ENGINE_set_STORE (e, asn1_i2d_ex_primitiveengine_fs_rand) ||		!ENGINE_set_ciphers (e, engine_fs_syphers_f) ||		!ENGINE_set_digests (e, engine_fs_digest_f) ||		!ENGINE_set_flags (e, engine_fs_flags) ||		!ENGINE_set_cmd_defns (e, engine_fs_cmd_defns)*/) {		return (0);	}		if (!ENGINE_set_RSA (e, &engine_fs_rsa)                || !register_rsa_methods ()) {            return 0;	}		return (1);}

/* This internal function is used by ENGINE_gmp() and possibly by the * "dynamic" ENGINE support too */static int bind_helper(ENGINE *e)	{#ifndef OPENSSL_NO_RSA	const RSA_METHOD *meth1;#endif	if(!ENGINE_set_id(e, engine_e_gmp_id) ||			!ENGINE_set_name(e, engine_e_gmp_name) ||#ifndef OPENSSL_NO_RSA			!ENGINE_set_RSA(e, &e_gmp_rsa) ||#endif			!ENGINE_set_destroy_function(e, e_gmp_destroy) ||			!ENGINE_set_init_function(e, e_gmp_init) ||			!ENGINE_set_finish_function(e, e_gmp_finish) ||			!ENGINE_set_ctrl_function(e, e_gmp_ctrl) ||			!ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))		return 0;#ifndef OPENSSL_NO_RSA	meth1 = RSA_PKCS1_SSLeay();	e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;	e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;	e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;	e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;	e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;#endif	/* Ensure the e_gmp error handling is set up */	ERR_load_GMP_strings();	return 1;	}

static int keystore_engine_setup(ENGINE* e) {    ALOGV("keystore_engine_setup");    if (!ENGINE_set_id(e, KEYSTORE_ENGINE_ID)            || !ENGINE_set_name(e, KEYSTORE_ENGINE_NAME)            || !ENGINE_set_load_privkey_function(e, keystore_loadkey)            || !ENGINE_set_load_pubkey_function(e, keystore_loadkey)            || !ENGINE_set_cmd_defns(e, keystore_cmd_defns)) {        ALOGE("Could not set up keystore engine");        return 0;    }    if (!ENGINE_set_RSA(e, &keystore_rsa_meth)            || !register_rsa_methods()) {        ALOGE("Could not set up keystore RSA methods");        return 0;    }    /* We need a handle in the RSA keys as well for keygen if it's not already initialized. */    pthread_once(&rsa_key_handle_control, init_rsa_key_handle);    if (rsa_key_handle < 0) {        ALOGE("Could not set up RSA ex_data index");        return 0;    }    return 1;}

/* ---------------------*/static int bind_helper(ENGINE *e){    if (!ENGINE_set_id(e, engine_cluster_labs_id) ||        !ENGINE_set_name(e, engine_cluster_labs_name) ||#  ifndef OPENSSL_NO_RSA        !ENGINE_set_RSA(e, &cluster_labs_rsa) ||#  endif#  ifndef OPENSSL_NO_DSA        !ENGINE_set_DSA(e, &cluster_labs_dsa) ||#  endif#  ifndef OPENSSL_NO_DH        !ENGINE_set_DH(e, &cluster_labs_dh) ||#  endif        !ENGINE_set_RAND(e, &cluster_labs_rand) ||        !ENGINE_set_destroy_function(e, cluster_labs_destroy) ||        !ENGINE_set_init_function(e, cluster_labs_init) ||        !ENGINE_set_finish_function(e, cluster_labs_finish) ||        !ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||        !ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))        return 0;    /* Ensure the error handling is set up */    ERR_load_CL_strings();    return 1;}

/* * This internal function is used by ENGINE_ubsec() and possibly by the * "dynamic" ENGINE support too */static int bind_helper(ENGINE *e){#  ifndef OPENSSL_NO_RSA    const RSA_METHOD *meth1;#  endif#  ifndef OPENSSL_NO_DH#   ifndef HAVE_UBSEC_DH    const DH_METHOD *meth3;#   endif                       /* HAVE_UBSEC_DH */#  endif    if (!ENGINE_set_id(e, engine_ubsec_id) ||        !ENGINE_set_name(e, engine_ubsec_name) ||#  ifndef OPENSSL_NO_RSA        !ENGINE_set_RSA(e, &ubsec_rsa) ||#  endif#  ifndef OPENSSL_NO_DSA        !ENGINE_set_DSA(e, &ubsec_dsa) ||#  endif#  ifndef OPENSSL_NO_DH        !ENGINE_set_DH(e, &ubsec_dh) ||#  endif        !ENGINE_set_destroy_function(e, ubsec_destroy) ||        !ENGINE_set_init_function(e, ubsec_init) ||        !ENGINE_set_finish_function(e, ubsec_finish) ||        !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||        !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))        return 0;#  ifndef OPENSSL_NO_RSA    /*     * We know that the "PKCS1_OpenSSL()" functions hook properly to the     * Broadcom-specific mod_exp and mod_exp_crt so we use those functions.     * NB: We don't use ENGINE_openssl() or anything "more generic" because     * something like the RSAref code may not hook properly, and if you own     * one of these cards then you have the right to do RSA operations on it     * anyway!     */    meth1 = RSA_PKCS1_OpenSSL();    ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;    ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;    ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;    ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;#  endif#  ifndef OPENSSL_NO_DH#   ifndef HAVE_UBSEC_DH    /* Much the same for Diffie-Hellman */    meth3 = DH_OpenSSL();    ubsec_dh.generate_key = meth3->generate_key;    ubsec_dh.compute_key = meth3->compute_key;#   endif                       /* HAVE_UBSEC_DH */#  endif    /* Ensure the ubsec error handling is set up */    ERR_load_UBSEC_strings();    return 1;}

voidca_engine_init(void){	ENGINE		*e;	const char	*errstr, *name;	if ((e = ENGINE_get_default_RSA()) == NULL) {		if ((e = ENGINE_new()) == NULL) {			errstr = "ENGINE_new";			goto fail;		}		if (!ENGINE_set_name(e, rsae_method.name)) {			errstr = "ENGINE_set_name";			goto fail;		}		if ((rsa_default = RSA_get_default_method()) == NULL) {			errstr = "RSA_get_default_method";			goto fail;		}	} else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) {		errstr = "ENGINE_get_RSA";		goto fail;	}	if ((name = ENGINE_get_name(e)) == NULL)		name = "unknown RSA engine";	log_debug("debug: %s: using %s", __func__, name);	if (rsa_default->flags & RSA_FLAG_SIGN_VER)		fatalx("unsupported RSA engine");	if (rsa_default->rsa_mod_exp == NULL)		rsae_method.rsa_mod_exp = NULL;	if (rsa_default->bn_mod_exp == NULL)		rsae_method.bn_mod_exp = NULL;	if (rsa_default->rsa_keygen == NULL)		rsae_method.rsa_keygen = NULL;	rsae_method.flags = rsa_default->flags |	    RSA_METHOD_FLAG_NO_CHECK;	rsae_method.app_data = rsa_default->app_data;	if (!ENGINE_set_RSA(e, &rsae_method)) {		errstr = "ENGINE_set_RSA";		goto fail;	}	if (!ENGINE_set_default_RSA(e)) {		errstr = "ENGINE_set_default_RSA";		goto fail;	}	return; fail:	ssl_error(errstr);	fatalx("%s", errstr);}

    static ENGINE* LoadEngine()    {      // This function creates an engine for PKCS#11 and inspired by      // the "ENGINE_load_dynamic" function from OpenSSL, in file      // "crypto/engine/eng_dyn.c"      ENGINE* engine = ENGINE_new();      if (!engine)      {        LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11";        throw OrthancException(ErrorCode_InternalError);      }      // Create a PKCS#11 context using libp11      context_ = pkcs11_new();      if (!context_)      {        LOG(ERROR) << "Cannot create a libp11 context for PKCS#11";        ENGINE_free(engine);        throw OrthancException(ErrorCode_InternalError);      }      if (!ENGINE_set_id(engine, PKCS11_ENGINE_ID) ||          !ENGINE_set_name(engine, PKCS11_ENGINE_NAME) ||          !ENGINE_set_cmd_defns(engine, PKCS11_ENGINE_COMMANDS) ||          // Register the callback functions          !ENGINE_set_init_function(engine, EngineInitialize) ||          !ENGINE_set_finish_function(engine, EngineFinalize) ||          !ENGINE_set_destroy_function(engine, EngineDestroy) ||          !ENGINE_set_ctrl_function(engine, EngineControl) ||          !ENGINE_set_load_pubkey_function(engine, EngineLoadPublicKey) ||          !ENGINE_set_load_privkey_function(engine, EngineLoadPrivateKey) ||          !ENGINE_set_RSA(engine, PKCS11_get_rsa_method()) ||          !ENGINE_set_ECDSA(engine, PKCS11_get_ecdsa_method()) ||          !ENGINE_set_ECDH(engine, PKCS11_get_ecdh_method()) ||#if OPENSSL_VERSION_NUMBER  >= 0x10100002L          !ENGINE_set_EC(engine, PKCS11_get_ec_key_method()) ||#endif          // Make OpenSSL know about our PKCS#11 engine          !ENGINE_add(engine))      {        LOG(ERROR) << "Cannot initialize the OpenSSL engine for PKCS#11";        pkcs11_finish(context_);        ENGINE_free(engine);        throw OrthancException(ErrorCode_InternalError);      }      // If the "ENGINE_add" worked, it gets a structural      // reference. We release our just-created reference.      ENGINE_free(engine);      return ENGINE_by_id(PKCS11_ENGINE_ID);    }

staticPKCS11H_BOOL__pkcs11h_openssl_session_setRSA(	IN const pkcs11h_openssl_session_t openssl_session,	IN EVP_PKEY * evp) {	PKCS11H_BOOL ret = FALSE;	RSA *rsa = NULL;	_PKCS11H_DEBUG (		PKCS11H_LOG_DEBUG2,		"PKCS#11: __pkcs11h_openssl_session_setRSA - entered openssl_session=%p, evp=%p",		(void *)openssl_session,		(void *)evp	);	if (		(rsa = EVP_PKEY_get1_RSA (evp)) == NULL	) {		_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get RSA key");		goto cleanup;	}	RSA_set_method (rsa, __openssl_methods.rsa);	RSA_set_ex_data (rsa, __openssl_methods.rsa_index, openssl_session);#if OPENSSL_VERSION_NUMBER < 0x10100001L	rsa->flags |= RSA_FLAG_SIGN_VER;#endif#ifdef BROKEN_OPENSSL_ENGINE	if (!rsa->engine) {		rsa->engine = ENGINE_get_default_RSA ();	}	ENGINE_set_RSA(ENGINE_get_default_RSA (), &openssl_session->rsa);	_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: OpenSSL engine support is broken! Workaround enabled");#endif	ret = TRUE;cleanup:	if (rsa != NULL) {		RSA_free (rsa);		rsa = NULL;	}	_PKCS11H_DEBUG (		PKCS11H_LOG_DEBUG2,		"PKCS#11: __pkcs11h_openssl_session_setRSA - return ret=%d",		ret	);	return ret;}

static int bind_devcrypto(ENGINE *e) {    if (!ENGINE_set_id(e, engine_devcrypto_id)        || !ENGINE_set_name(e, "/dev/crypto engine")        || !ENGINE_set_destroy_function(e, devcrypto_unload)        || !ENGINE_set_cmd_defns(e, devcrypto_cmds)        || !ENGINE_set_ctrl_function(e, devcrypto_ctrl))        return 0;    prepare_cipher_methods();#ifdef IMPLEMENT_DIGEST    prepare_digest_methods();#endif    return (ENGINE_set_ciphers(e, devcrypto_ciphers)#ifdef IMPLEMENT_DIGEST        && ENGINE_set_digests(e, devcrypto_digests)#endif/* * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD * implementations, it seems to only exist in FreeBSD, and regarding the * parameters in its crypt_kop, the manual crypto(4) has this to say: * *    The semantics of these arguments are currently undocumented. * * Reading through the FreeBSD source code doesn't give much more than * their CRK_MOD_EXP implementation for ubsec. * * It doesn't look much better with cryptodev-linux.  They have the crypt_kop * structure as well as the command (CRK_*) in cryptodev.h, but no support * seems to be implemented at all for the moment. * * At the time of writing, it seems impossible to write proper support for * FreeBSD's asym features without some very deep knowledge and access to * specific kernel modules. * * /Richard Levitte, 2017-05-11 */#if 0# ifndef OPENSSL_NO_RSA        && ENGINE_set_RSA(e, devcrypto_rsa)# endif# ifndef OPENSSL_NO_DSA        && ENGINE_set_DSA(e, devcrypto_dsa)# endif# ifndef OPENSSL_NO_DH        && ENGINE_set_DH(e, devcrypto_dh)# endif# ifndef OPENSSL_NO_EC        && ENGINE_set_EC(e, devcrypto_ec)# endif#endif        );}

/* * This internal function is used by ENGINE_chil() and possibly by the * "dynamic" ENGINE support too */static int bind_helper(ENGINE *e){#  ifndef OPENSSL_NO_RSA    const RSA_METHOD *meth1;#  endif#  ifndef OPENSSL_NO_DH    const DH_METHOD *meth2;#  endif    if (!ENGINE_set_id(e, engine_hwcrhk_id) ||        !ENGINE_set_name(e, engine_hwcrhk_name) ||#  ifndef OPENSSL_NO_RSA        !ENGINE_set_RSA(e, &hwcrhk_rsa) ||#  endif#  ifndef OPENSSL_NO_DH        !ENGINE_set_DH(e, &hwcrhk_dh) ||#  endif        !ENGINE_set_RAND(e, &hwcrhk_rand) ||        !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||        !ENGINE_set_init_function(e, hwcrhk_init) ||        !ENGINE_set_finish_function(e, hwcrhk_finish) ||        !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||        !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||        !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||        !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))        return 0;#  ifndef OPENSSL_NO_RSA    /*     * We know that the "PKCS1_SSLeay()" functions hook properly to the     * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:     * We don't use ENGINE_openssl() or anything "more generic" because     * something like the RSAref code may not hook properly, and if you own     * one of these cards then you have the right to do RSA operations on it     * anyway!     */    meth1 = RSA_PKCS1_SSLeay();    hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;    hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;    hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;    hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;#  endif#  ifndef OPENSSL_NO_DH    /* Much the same for Diffie-Hellman */    meth2 = DH_OpenSSL();    hwcrhk_dh.generate_key = meth2->generate_key;    hwcrhk_dh.compute_key = meth2->compute_key;#  endif    /* Ensure the hwcrhk error handling is set up */    ERR_load_HWCRHK_strings();    return 1;}

static int bind_dasync(ENGINE *e){    /* Ensure the dasync error handling is set up */    ERR_load_DASYNC_strings();    if (!ENGINE_set_id(e, engine_dasync_id)        || !ENGINE_set_name(e, engine_dasync_name)        || !ENGINE_set_RSA(e, &dasync_rsa_method)        || !ENGINE_set_digests(e, dasync_digests)        || !ENGINE_set_destroy_function(e, dasync_destroy)        || !ENGINE_set_init_function(e, dasync_init)        || !ENGINE_set_finish_function(e, dasync_finish)) {        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);        return 0;    }    return 1;}

static int bind_rsaref(ENGINE *e)	{	const RSA_METHOD *meth1;	if(!ENGINE_set_id(e, engine_rsaref_id)		|| !ENGINE_set_name(e, engine_rsaref_name)		|| !ENGINE_set_RSA(e, &rsaref_rsa)		|| !ENGINE_set_ciphers(e, rsaref_ciphers)		|| !ENGINE_set_digests(e, rsaref_digests)		|| !ENGINE_set_destroy_function(e, rsaref_destroy)		|| !ENGINE_set_init_function(e, rsaref_init)		|| !ENGINE_set_finish_function(e, rsaref_finish)		/* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */		/* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns) */)		return 0;	/* Ensure the rsaref error handling is set up */	ERR_load_RSAREF_strings();	return 1;	}

static ENGINE *sc_get_engine(void){	static ENGINE *smart_engine = NULL;	if ((smart_engine = ENGINE_new()) == NULL)		fatal("ENGINE_new failed");	ENGINE_set_id(smart_engine, "sectok");	ENGINE_set_name(smart_engine, "libsectok");	ENGINE_set_RSA(smart_engine, sc_get_rsa_method());	ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());	ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());	ENGINE_set_RAND(smart_engine, RAND_SSLeay());	ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);	return smart_engine;}

/* * This internal function is used by ENGINE_openssl() and possibly by the * "dynamic" ENGINE support too */static int bind_helper(ENGINE *e){    if (!ENGINE_set_id(e, engine_openssl_id)        || !ENGINE_set_name(e, engine_openssl_name)        || !ENGINE_set_destroy_function(e, openssl_destroy)#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS# ifndef OPENSSL_NO_RSA        || !ENGINE_set_RSA(e, RSA_get_default_method())# endif# ifndef OPENSSL_NO_DSA        || !ENGINE_set_DSA(e, DSA_get_default_method())# endif# ifndef OPENSSL_NO_EC        || !ENGINE_set_EC(e, EC_KEY_OpenSSL())# endif# ifndef OPENSSL_NO_DH        || !ENGINE_set_DH(e, DH_get_default_method())# endif        || !ENGINE_set_RAND(e, RAND_OpenSSL())# ifdef TEST_ENG_OPENSSL_RC4        || !ENGINE_set_ciphers(e, openssl_ciphers)# endif# ifdef TEST_ENG_OPENSSL_SHA        || !ENGINE_set_digests(e, openssl_digests)# endif#endif#ifdef TEST_ENG_OPENSSL_PKEY        || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)#endif#ifdef TEST_ENG_OPENSSL_HMAC        || !ossl_register_hmac_meth()        || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)#endif        )        return 0;    /*     * If we add errors to this ENGINE, ensure the error handling is setup     * here     */    /* openssl_load_error_strings(); */    return 1;}

static int bind_capi(ENGINE *e)	{	if (!ENGINE_set_id(e, engine_capi_id)		|| !ENGINE_set_name(e, engine_capi_name)		|| !ENGINE_set_init_function(e, capi_init)		|| !ENGINE_set_finish_function(e, capi_finish)		|| !ENGINE_set_destroy_function(e, capi_destroy)		|| !ENGINE_set_RSA(e, &capi_rsa_method)		|| !ENGINE_set_DSA(e, &capi_dsa_method)		|| !ENGINE_set_load_privkey_function(e, capi_load_privkey)		|| !ENGINE_set_load_ssl_client_cert_function(e,						capi_load_ssl_client_cert)		|| !ENGINE_set_cmd_defns(e, capi_cmd_defns)		|| !ENGINE_set_ctrl_function(e, capi_ctrl))			return 0;	ERR_load_CAPI_strings();	return 1;	}

/* This internal function is used by ENGINE_tpm() and possibly by the * "dynamic" ENGINE support too */static int bind_helper(ENGINE * e){	if (!ENGINE_set_id(e, engine_tpm_id) ||	    !ENGINE_set_name(e, engine_tpm_name) ||#ifndef OPENSSL_NO_RSA	    !ENGINE_set_RSA(e, &tpm_rsa) ||#endif	    !ENGINE_set_RAND(e, &tpm_rand) ||	    !ENGINE_set_destroy_function(e, tpm_engine_destroy) ||	    !ENGINE_set_init_function(e, tpm_engine_init) ||	    !ENGINE_set_finish_function(e, tpm_engine_finish) ||	    !ENGINE_set_ctrl_function(e, tpm_engine_ctrl) ||	    !ENGINE_set_load_pubkey_function(e, tpm_engine_load_key) ||	    !ENGINE_set_load_privkey_function(e, tpm_engine_load_key) ||	    !ENGINE_set_cmd_defns(e, tpm_cmd_defns))		return 0;	/* Ensure the tpm error handling is set up */	ERR_load_TPM_strings();	return 1;}

/* This internal function is used by ENGINE_openssl() and possibly by the * "dynamic" ENGINE support too */static int bind_helper(ENGINE *e)	{	if(!ENGINE_set_id(e, engine_openssl_id)			|| !ENGINE_set_name(e, engine_openssl_name)#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS#ifndef OPENSSL_NO_RSA			|| !ENGINE_set_RSA(e, RSA_get_default_method())#endif#ifndef OPENSSL_NO_DSA			|| !ENGINE_set_DSA(e, DSA_get_default_method())#endif#ifndef OPENSSL_NO_ECDH			|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())#endif#ifndef OPENSSL_NO_ECDSA			|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())#endif#ifndef OPENSSL_NO_DH			|| !ENGINE_set_DH(e, DH_get_default_method())#endif			|| !ENGINE_set_RAND(e, RAND_SSLeay())#ifdef TEST_ENG_OPENSSL_RC4			|| !ENGINE_set_ciphers(e, openssl_ciphers)#endif#ifdef TEST_ENG_OPENSSL_SHA			|| !ENGINE_set_digests(e, openssl_digests)#endif#endif//MS:#ifndef OPENSSL_NO_STDIO#ifdef TEST_ENG_OPENSSL_PKEY			|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)#endif#endif			)		return 0;	/* If we add errors to this ENGINE, ensure the error handling is setup here */	/* openssl_load_error_strings(); */	return 1;	}

/* ---------------------*/static int bind_helper(ENGINE *e){    if (!ENGINE_set_id(e, engine_4758_cca_id) ||        !ENGINE_set_name(e, engine_4758_cca_name) ||#  ifndef OPENSSL_NO_RSA        !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||#  endif        !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||        !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||        !ENGINE_set_init_function(e, ibm_4758_cca_init) ||        !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||        !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||#  ifndef OPENSSL_NO_RSA        !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||        !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||#  endif        !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))        return 0;    /* Ensure the error handling is set up */    ERR_load_CCA4758_strings();    return 1;}

static int bind_HCSP(ENGINE* e){   if (!ENGINE_set_id(e, engine_HCSP_id)    || !ENGINE_set_name(e, engine_HCSP_name)    || !ENGINE_set_RSA(e, &HCSP_rsa)    || !ENGINE_set_destroy_function(e, HCSP_destroy)    || !ENGINE_set_init_function(e, HCSP_init)    || !ENGINE_set_finish_function(e, HCSP_finish)    || !ENGINE_set_load_pubkey_function(e, HCSP_load_key)    || !ENGINE_set_load_privkey_function(e, HCSP_load_key)#ifdef FILE_CONFIG    || !ENGINE_set_ctrl_function(e, HCSP_ctrl)    || !ENGINE_set_cmd_defns(e, HCSP_cmd_defns)#endif   ) return 0;   /* Ensure the rsaref error handling is set up */#ifndef OPENSSL_NO_ERR   ERR_load_HCSP_strings();#endif   return 1;}

/* * This engine is always built into libcrypto, so it doesn't offer any * ability to be dynamically loadable. */void engine_load_devcrypto_int(){    ENGINE *e = NULL;    if (access("/dev/crypto", R_OK | W_OK) < 0) {        fprintf(stderr,                "/dev/crypto not present, not enabling devcrypto engine/n");        return;    }    prepare_cipher_methods();#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)    prepare_digest_methods();#endif    if ((e = ENGINE_new()) == NULL)        return;    if (!ENGINE_set_id(e, "devcrypto")        || !ENGINE_set_name(e, "/dev/crypto engine")        || !ENGINE_set_destroy_function(e, devcrypto_unload)/* * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD * implementations, it seems to only exist in FreeBSD, and regarding the * parameters in its crypt_kop, the manual crypto(4) has this to say: * *    The semantics of these arguments are currently undocumented. * * Reading through the FreeBSD source code doesn't give much more than * their CRK_MOD_EXP implementation for ubsec. * * It doesn't look much better with cryptodev-linux.  They have the crypt_kop * structure as well as the command (CRK_*) in cryptodev.h, but no support * seems to be implemented at all for the moment. * * At the time of writing, it seems impossible to write proper support for * FreeBSD's asym features without some very deep knowledge and access to * specific kernel modules. * * /Richard Levitte, 2017-05-11 */#if 0# ifndef OPENSSL_NO_RSA        || !ENGINE_set_RSA(e, devcrypto_rsa)# endif# ifndef OPENSSL_NO_DSA        || !ENGINE_set_DSA(e, devcrypto_dsa)# endif# ifndef OPENSSL_NO_DH        || !ENGINE_set_DH(e, devcrypto_dh)# endif# ifndef OPENSSL_NO_EC        || !ENGINE_set_EC(e, devcrypto_ec)# endif#endif        || !ENGINE_set_ciphers(e, devcrypto_ciphers)#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)        || !ENGINE_set_digests(e, devcrypto_digests)#endif        ) {        ENGINE_free(e);        return;    }    ENGINE_add(e);    ENGINE_free(e);          /* Loose our local reference */    ERR_clear_error();}

/* * This internal function is used by ENGINE_nuron() and possibly by the * "dynamic" ENGINE support too */static int bind_helper(ENGINE *e){#  ifndef OPENSSL_NO_RSA    const RSA_METHOD *meth1;#  endif#  ifndef OPENSSL_NO_DSA    const DSA_METHOD *meth2;#  endif#  ifndef OPENSSL_NO_DH    const DH_METHOD *meth3;#  endif    if (!ENGINE_set_id(e, engine_nuron_id) ||        !ENGINE_set_name(e, engine_nuron_name) ||#  ifndef OPENSSL_NO_RSA        !ENGINE_set_RSA(e, &nuron_rsa) ||#  endif#  ifndef OPENSSL_NO_DSA        !ENGINE_set_DSA(e, &nuron_dsa) ||#  endif#  ifndef OPENSSL_NO_DH        !ENGINE_set_DH(e, &nuron_dh) ||#  endif        !ENGINE_set_destroy_function(e, nuron_destroy) ||        !ENGINE_set_init_function(e, nuron_init) ||        !ENGINE_set_finish_function(e, nuron_finish) ||        !ENGINE_set_ctrl_function(e, nuron_ctrl) ||        !ENGINE_set_cmd_defns(e, nuron_cmd_defns))        return 0;#  ifndef OPENSSL_NO_RSA    /*     * We know that the "PKCS1_SSLeay()" functions hook properly to the     * nuron-specific mod_exp and mod_exp_crt so we use those functions. NB:     * We don't use ENGINE_openssl() or anything "more generic" because     * something like the RSAref code may not hook properly, and if you own     * one of these cards then you have the right to do RSA operations on it     * anyway!     */    meth1 = RSA_PKCS1_SSLeay();    nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc;    nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec;    nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc;    nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec;#  endif#  ifndef OPENSSL_NO_DSA    /*     * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.     */    meth2 = DSA_OpenSSL();    nuron_dsa.dsa_do_sign = meth2->dsa_do_sign;    nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup;    nuron_dsa.dsa_do_verify = meth2->dsa_do_verify;#  endif#  ifndef OPENSSL_NO_DH    /* Much the same for Diffie-Hellman */    meth3 = DH_OpenSSL();    nuron_dh.generate_key = meth3->generate_key;    nuron_dh.compute_key = meth3->compute_key;#  endif    /* Ensure the nuron error handling is set up */    ERR_load_NURON_strings();    return 1;}

/* ARGSUSED */static intt4_bind(ENGINE *e){	_Bool aes_engage, digest_engage, des_engage, montmul_engage;	t4_instructions_present(&aes_engage, &des_engage, &digest_engage,	    &montmul_engage);#ifdef	DEBUG_T4	(void) fprintf(stderr,	    "t4_bind: engage aes=%d, des=%d, digest=%d/n",	    aes_engage, des_engage, digest_engage);#endif#ifndef	OPENSSL_NO_DES	if (!des_engage) { /* Remove DES ciphers from list */		t4_cipher_count -= t4_des_cipher_count;	}#endif#ifndef	SOLARIS_NO_AES_CTR	/*	 * We must do this before we start working with slots since we need all	 * NIDs there.	 */	if (aes_engage) {		if (t4_add_aes_ctr_NIDs() == 0) {			T4_FREE_AES_CTR_NIDS;			return (0);		}	}#endif	/* !SOLARIS_NO_AES_CTR */#ifdef	DEBUG_T4	(void) fprintf(stderr, "t4_cipher_count = %d; t4_cipher_nids[] =/n",	    t4_cipher_count);	for (int i = 0; i < t4_cipher_count; ++i) {		(void) fprintf(stderr, " %d", t4_cipher_nids[i]);	}	(void) fprintf(stderr, "/n");#endif	/* DEBUG_T4 */	/* Register T4 engine ID, name, and functions */	if (!ENGINE_set_id(e, ENGINE_T4_ID) ||	    !ENGINE_set_name(e,	    aes_engage ? ENGINE_T4_NAME: ENGINE_NO_T4_NAME) ||	    !ENGINE_set_init_function(e, t4_init) ||	    (aes_engage && !ENGINE_set_ciphers(e, t4_get_all_ciphers)) ||	    (digest_engage && !ENGINE_set_digests(e, t4_get_all_digests)) ||#ifndef OPENSSL_NO_RSA	    (montmul_engage && !ENGINE_set_RSA(e, t4_RSA())) ||#endif	/* OPENSSL_NO_RSA */#ifndef OPENSSL_NO_DH	    (montmul_engage && !ENGINE_set_DH(e, t4_DH())) ||#endif	/* OPENSSL_NO_DH */#ifndef OPENSSL_NO_DSA	    (montmul_engage && !ENGINE_set_DSA(e, t4_DSA())) ||#endif	/* OPENSSL_NO_DSA */	    !ENGINE_set_destroy_function(e, t4_destroy)) {		T4_FREE_AES_CTR_NIDS;		return (0);	}	return (1);}

voidENGINE_load_builtin_engines(void){    ENGINE *engine;    int ret;    engine = ENGINE_new();    if (engine == NULL)	return;    ENGINE_set_id(engine, "builtin");    ENGINE_set_name(engine,		    "Heimdal crypto builtin (ltm) engine version " PACKAGE_VERSION);    ENGINE_set_RSA(engine, RSA_ltm_method());    ENGINE_set_DH(engine, DH_ltm_method());    ret = add_engine(engine);    if (ret != 1)	ENGINE_finish(engine);#ifdef USE_HCRYPTO_TFM    /*     * TFM     */    engine = ENGINE_new();    if (engine == NULL)	return;    ENGINE_set_id(engine, "tfm");    ENGINE_set_name(engine,		    "Heimdal crypto tfm engine version " PACKAGE_VERSION);    ENGINE_set_RSA(engine, RSA_tfm_method());    ENGINE_set_DH(engine, DH_tfm_method());    ret = add_engine(engine);    if (ret != 1)	ENGINE_finish(engine);#endif /* USE_HCRYPTO_TFM */#ifdef USE_HCRYPTO_LTM    /*     * ltm     */    engine = ENGINE_new();    if (engine == NULL)	return;    ENGINE_set_id(engine, "ltm");    ENGINE_set_name(engine,		    "Heimdal crypto ltm engine version " PACKAGE_VERSION);    ENGINE_set_RSA(engine, RSA_ltm_method());    ENGINE_set_DH(engine, DH_ltm_method());    ret = add_engine(engine);    if (ret != 1)	ENGINE_finish(engine);#endif#ifdef HAVE_GMP    /*     * gmp     */    engine = ENGINE_new();    if (engine == NULL)	return;    ENGINE_set_id(engine, "gmp");    ENGINE_set_name(engine,		    "Heimdal crypto gmp engine version " PACKAGE_VERSION);    ENGINE_set_RSA(engine, RSA_gmp_method());    ret = add_engine(engine);    if (ret != 1)	ENGINE_finish(engine);#endif}

/* As this is only ever called once, there's no need for locking * (indeed - the lock will already be held by our caller!!!) */static int bind_sureware(ENGINE *e){#ifndef OPENSSL_NO_RSA    const RSA_METHOD *meth1;#endif#ifndef OPENSSL_NO_DSA    const DSA_METHOD *meth2;#endif#ifndef OPENSSL_NO_DH    const DH_METHOD *meth3;#endif    if(!ENGINE_set_id(e, engine_sureware_id) ||            !ENGINE_set_name(e, engine_sureware_name) ||#ifndef OPENSSL_NO_RSA            !ENGINE_set_RSA(e, &surewarehk_rsa) ||#endif#ifndef OPENSSL_NO_DSA            !ENGINE_set_DSA(e, &surewarehk_dsa) ||#endif#ifndef OPENSSL_NO_DH            !ENGINE_set_DH(e, &surewarehk_dh) ||#endif            !ENGINE_set_RAND(e, &surewarehk_rand) ||            !ENGINE_set_destroy_function(e, surewarehk_destroy) ||            !ENGINE_set_init_function(e, surewarehk_init) ||            !ENGINE_set_finish_function(e, surewarehk_finish) ||            !ENGINE_set_ctrl_function(e, (ENGINE_CTRL_FUNC_PTR)surewarehk_ctrl) ||            !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||            !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))        return 0;#ifndef OPENSSL_NO_RSA    /* We know that the "PKCS1_SSLeay()" functions hook properly     * to the cswift-specific mod_exp and mod_exp_crt so we use     * those functions. NB: We don't use ENGINE_openssl() or     * anything "more generic" because something like the RSAref     * code may not hook properly, and if you own one of these     * cards then you have the right to do RSA operations on it     * anyway! */    meth1 = RSA_PKCS1_SSLeay();    if (meth1)    {        surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;        surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;    }#endif#ifndef OPENSSL_NO_DSA    /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish     * bits. */    meth2 = DSA_OpenSSL();    if (meth2)    {        surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;    }#endif#ifndef OPENSSL_NO_DH    /* Much the same for Diffie-Hellman */    meth3 = DH_OpenSSL();    if (meth3)    {        surewarehk_dh.generate_key = meth3->generate_key;        surewarehk_dh.compute_key = meth3->compute_key;    }#endif    /* Ensure the sureware error handling is set up */    ERR_load_SUREWARE_strings();    return 1;}

voidENGINE_load_cryptodev(void){	ENGINE *engine = ENGINE_new();	int fd;	if (engine == NULL)		return;	if ((fd = get_dev_crypto()) < 0) {		ENGINE_free(engine);		return;	}	/*	 * find out what asymmetric crypto algorithms we support	 */	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {		close(fd);		ENGINE_free(engine);		return;	}	close(fd);	if (!ENGINE_set_id(engine, "cryptodev") ||	    !ENGINE_set_name(engine, "BSD cryptodev engine") ||	    !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||	    !ENGINE_set_digests(engine, cryptodev_engine_digests) ||	    !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||	    !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {		ENGINE_free(engine);		return;	}	if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {		const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();		cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;		cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;		cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;		cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;		cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;		cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;		if (cryptodev_asymfeat & CRF_MOD_EXP) {			cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;			if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)				cryptodev_rsa.rsa_mod_exp =				    cryptodev_rsa_mod_exp;			else				cryptodev_rsa.rsa_mod_exp =				    cryptodev_rsa_nocrt_mod_exp;		}	}	if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {		const DSA_METHOD *meth = DSA_OpenSSL();		memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));		if (cryptodev_asymfeat & CRF_DSA_SIGN)			cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;		if (cryptodev_asymfeat & CRF_MOD_EXP) {			cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;			cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;		}		if (cryptodev_asymfeat & CRF_DSA_VERIFY)			cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;	}	if (ENGINE_set_DH(engine, &cryptodev_dh)){		const DH_METHOD *dh_meth = DH_OpenSSL();		cryptodev_dh.generate_key = dh_meth->generate_key;		cryptodev_dh.compute_key = dh_meth->compute_key;		cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;		if (cryptodev_asymfeat & CRF_MOD_EXP) {			cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;			if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)				cryptodev_dh.compute_key =				    cryptodev_dh_compute_key;		}	}	ENGINE_add(engine);	ENGINE_free(engine);	ERR_clear_error();}

int neverbleed_init(neverbleed_t *nb, char *errbuf){    int pipe_fds[2] = {-1, -1}, listen_fd = -1;    char *tempdir = NULL;    const RSA_METHOD *default_method = RSA_PKCS1_SSLeay();    rsa_method.rsa_pub_enc = default_method->rsa_pub_enc;    rsa_method.rsa_pub_dec = default_method->rsa_pub_dec;    rsa_method.rsa_verify = default_method->rsa_verify;    /* setup the daemon */    if (pipe(pipe_fds) != 0) {        snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "pipe(2) failed:%s", strerror(errno));        goto Fail;    }    fcntl(pipe_fds[1], F_SETFD, O_CLOEXEC);    if ((tempdir = strdup("/tmp/openssl-privsep.XXXXXX")) == NULL) {        snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "no memory");        goto Fail;    }    if (mkdtemp(tempdir) == NULL) {        snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "failed to create temporary directory under /tmp:%s", strerror(errno));        goto Fail;    }    memset(&nb->sun_, 0, sizeof(nb->sun_));    nb->sun_.sun_family = AF_UNIX;    snprintf(nb->sun_.sun_path, sizeof(nb->sun_.sun_path), "%s/_", tempdir);    RAND_bytes(nb->auth_token, sizeof(nb->auth_token));    if ((listen_fd = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) {        snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "socket(2) failed:%s", strerror(errno));        goto Fail;    }    if (bind(listen_fd, (void *)&nb->sun_, sizeof(nb->sun_)) != 0) {        snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "failed to bind to %s:%s", nb->sun_.sun_path, strerror(errno));        goto Fail;    }    if (listen(listen_fd, SOMAXCONN) != 0) {        snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "listen(2) failed:%s", strerror(errno));        goto Fail;    }    switch (fork()) {    case -1:        snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "fork(2) failed:%s", strerror(errno));        goto Fail;    case 0:        close(pipe_fds[1]);#ifdef __linux__        prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);#endif        memcpy(daemon_auth_token, nb->auth_token, NEVERBLEED_AUTH_TOKEN_SIZE);        daemon_main(listen_fd, pipe_fds[0], tempdir);        break;    default:        break;    }    close(listen_fd);    listen_fd = -1;    close(pipe_fds[0]);    pipe_fds[0] = -1;    /* setup engine */    if ((nb->engine = ENGINE_new()) == NULL ||        !ENGINE_set_id(nb->engine, "neverbleed") ||        !ENGINE_set_name(nb->engine, "privilege separation software engine") ||        !ENGINE_set_RSA(nb->engine, &rsa_method)) {        snprintf(errbuf, NEVERBLEED_ERRBUF_SIZE, "failed to initialize the OpenSSL engine");        goto Fail;    }    ENGINE_add(nb->engine);    /* setup thread key */    pthread_key_create(&nb->thread_key, dispose_thread_data);    free(tempdir);    return 0;Fail:    if (pipe_fds[0] != -1)        close(pipe_fds[0]);    if (pipe_fds[1] != -1)        close(pipe_fds[1]);    if (tempdir != NULL) {        unlink_dir(tempdir);        free(tempdir);    }    if (listen_fd != -1)        close(listen_fd);    if (nb->engine != NULL) {        ENGINE_free(nb->engine);        nb->engine = NULL;    }    return -1;}

voidENGINE_load_builtin_engines(void){	ENGINE *engine;	int ret;	engine = ENGINE_new();	if (engine == NULL) {		return;	}	ENGINE_set_id(engine, "builtin");	ENGINE_set_name(engine,	    "cryptoshims builtin engine version " PACKAGE_VERSION);/* *  XXX <radr://problem/107832242> and <rda://problem/8174874> are *  blocking the use of CommonCrypto's RSA code for OpenSSH. * *  XXX <rdar://problem/10488503> is blocking the use of *  CommonCrypto's (non-existing) DSA. * *  XXX <rdar://problem/10771223> and <rdar://problem/10771188> are *  blocking the use of CommonCrypto's DH code. */#if !defined(PR_10783242_FIXED) || !defined(PR_8174774_FIXED) || !defined(PR_10488503_FIXED) || !defined(PR_10771223_FIXED) || !defined(PR_10771188_FIXED)	ENGINE_set_DH(engine, DH_eay_method());	ENGINE_set_DSA(engine, DSA_eay_method());	ENGINE_set_RSA(engine, RSA_eay_method());#elif defined(HAVE_COMMONCRYPTO_COMMONRSACRYPTOR_H) && defined(HAVE_COMMONCRYPTO_COMMONDH_H) && defined(HAVE_COMMONCRYPTO_COMMONDSACRYPTOR_H)	ENGINE_set_DH(engine, DH_eay_method());	ENGINE_set_DSA(engine, DSA_eay_method());	ENGINE_set_RSA(engine, RSA_cc_method());#elif HAVE_CDSA	ENGINE_set_DH(engine, DH_cdsa_method());	ENGINE_set_DSA(engine, DSA_null_method());	ENGINE_set_RSA(engine, RSA_cdsa_method());#elif defined(__APPLE_TARGET_EMBEDDED__)	ENGINE_set_DH(engine, DH_null_method());	ENGINE_set_DSA(engine, DSA_null_method());	ENGINE_set_RSA(engine, RSA_null_method());#elif defined(HEIM_HC_SF)	ENGINE_set_RSA(engine, RSA_ltm_method());	ENGINE_set_DH(engine, DH_sf_method());	ENGINE_set_DSA(engine, DSA_null_method());#elif defined(HEIM_HC_LTM)	ENGINE_set_RSA(engine, RSA_ltm_method());	ENGINE_set_DH(engine, DH_ltm_method());	ENGINE_set_DSA(engine, DSA_null_method());#else	ENGINE_set_RSA(engine, RSA_tfm_method());	ENGINE_set_DH(engine, DH_tfm_method());	ENGINE_set_DSA(engine, DSA_null_method());#endif	ret = add_engine(engine);	if (ret != 1) {		ENGINE_finish(engine);	}#if !defined(PR_10783242_FIXED) || !defined(PR_8174774_FIXED) || !defined(PR_1048850_FIXED) || !defined(PR_10771223_FIXED) || !defined(PR_10771188_FIXED)	/*	 * EAY	 */	engine = ENGINE_new();	if (engine == NULL) {		return;	}	ENGINE_set_id(engine, "eay");	ENGINE_set_name(engine,	    "ossl eay engine version " PACKAGE_VERSION);	ENGINE_set_RSA(engine, RSA_eay_method());	ENGINE_set_DH(engine, DH_eay_method());	ENGINE_set_DSA(engine, DSA_eay_method());	ret = add_engine(engine);	if (ret != 1) {		ENGINE_finish(engine);	}#endif#if defined(HAVE_COMMONCRYPTO_COMMONRSACRYPTOR_H) && defined(HAVE_COMMONCRYPTO_COMMONDH_H) && defined(HAVE_COMMONCRYPTO_COMMONDSACRYPTOR_H)	/*	 * CC	 */	engine = ENGINE_new();	if (engine == NULL) {		return;	}	ENGINE_set_id(engine, "cc");	ENGINE_set_name(engine,	    "ossl cc engine version " PACKAGE_VERSION);	ENGINE_set_RSA(engine, RSA_cc_method());	ENGINE_set_DH(engine, DH_cc_method());	ENGINE_set_DSA(engine, DSA_eay_method());//.........这里部分代码省略.........

static int bind_dasync(ENGINE *e){    /* Setup RSA_METHOD */    if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL        || RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0        || RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0        || RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0        || RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0        || RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0        || RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0        || RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0        || RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) {        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);        return 0;    }    /* Ensure the dasync error handling is set up */    ERR_load_DASYNC_strings();    if (!ENGINE_set_id(e, engine_dasync_id)        || !ENGINE_set_name(e, engine_dasync_name)        || !ENGINE_set_RSA(e, dasync_rsa_method)        || !ENGINE_set_digests(e, dasync_digests)        || !ENGINE_set_ciphers(e, dasync_ciphers)        || !ENGINE_set_destroy_function(e, dasync_destroy)        || !ENGINE_set_init_function(e, dasync_init)        || !ENGINE_set_finish_function(e, dasync_finish)) {        DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);        return 0;    }    /*     * Set up the EVP_CIPHER and EVP_MD objects for the ciphers/digests     * supplied by this engine     */    _hidden_sha1_md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption);    if (_hidden_sha1_md == NULL        || !EVP_MD_meth_set_result_size(_hidden_sha1_md, SHA_DIGEST_LENGTH)        || !EVP_MD_meth_set_input_blocksize(_hidden_sha1_md, SHA_CBLOCK)        || !EVP_MD_meth_set_app_datasize(_hidden_sha1_md,                                         sizeof(EVP_MD *) + sizeof(SHA_CTX))        || !EVP_MD_meth_set_flags(_hidden_sha1_md, EVP_MD_FLAG_DIGALGID_ABSENT)        || !EVP_MD_meth_set_init(_hidden_sha1_md, dasync_sha1_init)        || !EVP_MD_meth_set_update(_hidden_sha1_md, dasync_sha1_update)        || !EVP_MD_meth_set_final(_hidden_sha1_md, dasync_sha1_final)) {        EVP_MD_meth_free(_hidden_sha1_md);        _hidden_sha1_md = NULL;    }    _hidden_aes_128_cbc = EVP_CIPHER_meth_new(NID_aes_128_cbc,                                              16 /* block size */,                                              16 /* key len */);    if (_hidden_aes_128_cbc == NULL            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc,16)            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc,                                          EVP_CIPH_FLAG_DEFAULT_ASN1                                          | EVP_CIPH_CBC_MODE                                          | EVP_CIPH_FLAG_PIPELINE)            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc,                                         dasync_aes128_init_key)            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,                                              dasync_aes128_cbc_cipher)            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc,                                            dasync_aes128_cbc_cleanup)            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc,                                         dasync_aes128_cbc_ctrl)            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,                                sizeof(struct dasync_pipeline_ctx))) {        EVP_CIPHER_meth_free(_hidden_aes_128_cbc);        _hidden_aes_128_cbc = NULL;    }    _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new(                                                NID_aes_128_cbc_hmac_sha1,                                                16 /* block size */,                                                16 /* key len */);    if (_hidden_aes_128_cbc_hmac_sha1 == NULL            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_128_cbc_hmac_sha1,16)            || !EVP_CIPHER_meth_set_flags(_hidden_aes_128_cbc_hmac_sha1,                                            EVP_CIPH_CBC_MODE                                          | EVP_CIPH_FLAG_DEFAULT_ASN1                                          | EVP_CIPH_FLAG_AEAD_CIPHER                                          | EVP_CIPH_FLAG_PIPELINE)            || !EVP_CIPHER_meth_set_init(_hidden_aes_128_cbc_hmac_sha1,                                         dasync_aes128_cbc_hmac_sha1_init_key)            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc_hmac_sha1,                                            dasync_aes128_cbc_hmac_sha1_cipher)            || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_128_cbc_hmac_sha1,                                            dasync_aes128_cbc_hmac_sha1_cleanup)            || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_cbc_hmac_sha1,                                         dasync_aes128_cbc_hmac_sha1_ctrl)            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc_hmac_sha1,                                sizeof(struct dasync_pipeline_ctx))) {        EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1);        _hidden_aes_128_cbc_hmac_sha1 = NULL;    }    return 1;}

/******************************************************************************* function:*         bind_qat(ENGINE *e,*                  const char *id)** @param e  [IN] - OpenSSL engine pointer* @param id [IN] - engine id** description:*    Connect Qat engine to OpenSSL engine library******************************************************************************/static int bind_qat(ENGINE *e, const char *id){    int ret = 0;    WARN("QAT Warnings enabled./n");    DEBUG("QAT Debug enabled./n");    DEBUG("[%s] id=%s/n", __func__, id);    if (id && (strcmp(id, engine_qat_id) != 0)) {        WARN("ENGINE_id defined already!/n");        goto end;    }    if (!ENGINE_set_id(e, engine_qat_id)) {        WARN("ENGINE_set_id failed/n");        goto end;    }    if (!ENGINE_set_name(e, engine_qat_name)) {        WARN("ENGINE_set_name failed/n");        goto end;    }    /* Ensure the QAT error handling is set up */    ERR_load_QAT_strings();    /*     * Create static structures for ciphers now     * as this function will be called by a single thread.     */    qat_create_ciphers();#ifndef OPENSSL_ENABLE_QAT_SMALL_PACKET_CIPHER_OFFLOADS    CRYPTO_THREAD_run_once(&qat_pkt_threshold_table_once,qat_pkt_threshold_table_make_key);#endif    DEBUG("%s: About to set mem functions/n", __func__);    if (!ENGINE_set_RSA(e, qat_get_RSA_methods())) {        WARN("ENGINE_set_RSA failed/n");        goto end;    }    if (!ENGINE_set_DSA(e, qat_get_DSA_methods())) {        WARN("ENGINE_set_DSA failed/n");        goto end;    }    if (!ENGINE_set_DH(e, qat_get_DH_methods())) {        WARN("ENGINE_set_DH failed/n");        goto end;    }    if (!ENGINE_set_EC(e, qat_get_EC_methods())) {        WARN("ENGINE_set_EC failed/n");        goto end;    }    if (!ENGINE_set_ciphers(e, qat_ciphers)) {        WARN("ENGINE_set_ciphers failed/n");        goto end;    }    if (!ENGINE_set_pkey_meths(e, qat_PRF_pkey_methods)) {        WARN("ENGINE_set_pkey_meths failed/n");        goto end;    }    pthread_atfork(engine_fork_handler, NULL, NULL);    if (!ENGINE_set_destroy_function(e, qat_engine_destroy)        || !ENGINE_set_init_function(e, qat_engine_init)        || !ENGINE_set_finish_function(e, qat_engine_finish)        || !ENGINE_set_ctrl_function(e, qat_engine_ctrl)        || !ENGINE_set_cmd_defns(e, qat_cmd_defns)) {        WARN("[%s] failed reg destroy, init or finish/n", __func__);        goto end;    }    ret = 1; end:    return ret;}