C++ OPENSSL_config函数代码示例

/**
 * xmlSecOpenSSLAppInit:
 * @config:             the path to certs.
 *
 * General crypto engine initialization. This function is used
 * by XMLSec command line utility and called before
 * @xmlSecInit function.
 *
 * Returns: 0 on success or a negative value otherwise.
 */
int
xmlSecOpenSSLAppInit(const char* config) {
    ERR_load_crypto_strings();

#ifndef XMLSEC_OPENSSL_110
    OPENSSL_config(NULL);
#endif

    OpenSSL_add_all_algorithms();

    if((RAND_status() != 1) && (xmlSecOpenSSLAppLoadRANDFile(NULL) != 1)) {
        xmlSecError(XMLSEC_ERRORS_HERE,
                    NULL,
                    "xmlSecOpenSSLAppLoadRANDFile",
                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
                    XMLSEC_ERRORS_NO_MESSAGE);
        return(-1);
    }

    if((config != NULL) && (xmlSecOpenSSLSetDefaultTrustedCertsFolder(BAD_CAST config) < 0)) {
        xmlSecError(XMLSEC_ERRORS_HERE,
                    NULL,
                    "xmlSecOpenSSLSetDefaultTrustedCertsFolder",
                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
                    XMLSEC_ERRORS_NO_MESSAGE);
        return(-1);
    }

    return(0);
}

/*
  Initializes SSL and allocate global
  context SSL_context

  SYNOPSIS
    my_ssl_start
      mysql        connection handle

  RETURN VALUES
    0  success
    1  error
*/
int my_ssl_start(MYSQL *mysql)
{
    int rc= 0;
    DBUG_ENTER("my_ssl_start");
    /* lock mutex to prevent multiple initialization */
    pthread_mutex_lock(&LOCK_ssl_config);
    if (!my_ssl_initialized)
    {
        if (ssl_crypto_init())
            goto end;
        SSL_library_init();

#if SSLEAY_VERSION_NUMBER >= 0x00907000L
        OPENSSL_config(NULL);
#endif
        /* load errors */
        SSL_load_error_strings();
        /* digests and ciphers */
        OpenSSL_add_all_algorithms();

        if (!(SSL_context= SSL_CTX_new(TLSv1_client_method())))
        {
            my_SSL_error(mysql);
            rc= 1;
            goto end;
        }
        my_ssl_initialized= TRUE;
    }
end:
    pthread_mutex_unlock(&LOCK_ssl_config);
    DBUG_RETURN(rc);
}

void OpenSSLInitializer::initialize()
{
	Poco::FastMutex::ScopedLock lock(_mutex);
	
	if (++_rc == 1)
	{
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
		OPENSSL_config(NULL);
#endif
		SSL_library_init();
		SSL_load_error_strings();
		OpenSSL_add_all_algorithms();
		
		char seed[SEEDSIZE];
		RandomInputStream rnd;
		rnd.read(seed, sizeof(seed));
		RAND_seed(seed, SEEDSIZE);
		
		int nMutexes = CRYPTO_num_locks();
		_mutexes = new Poco::FastMutex[nMutexes];
		CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
#ifndef POCO_OS_FAMILY_WINDOWS // SF# 1828231: random unhandled exceptions when linking with ssl
		CRYPTO_set_id_callback(&OpenSSLInitializer::id);
#endif
		CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate);
		CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock);
		CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy);
	}
}

gboolean signature_init(GError **error)
{
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
	OPENSSL_config(NULL);
	OpenSSL_add_all_algorithms();
	ERR_load_crypto_strings();
#else
	int ret;

	g_return_val_if_fail(error == FALSE || *error == NULL, FALSE);

	ret = OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
	if (!ret) {
		unsigned long err;
		const gchar *data;
		int flags;

		err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
		g_set_error(
				error,
				R_SIGNATURE_ERROR,
				R_SIGNATURE_ERROR_CRYPTOINIT_FAILED,
				"Failed to initalize OpenSSL crypto: %s",
				(flags & ERR_TXT_STRING) ? data : ERR_error_string(err, NULL));
		return FALSE;
	}
#endif

	return TRUE;
}

/*
  Initializes SSL and allocate global
  context SSL_context

  SYNOPSIS
    my_ssl_start
      mysql        connection handle

  RETURN VALUES
    0  success
    1  error
*/
int ma_ssl_start(char *errmsg, size_t errmsg_len)
{
  int rc= 1;
  /* lock mutex to prevent multiple initialization */
  pthread_mutex_init(&LOCK_openssl_config,MY_MUTEX_INIT_FAST);
  pthread_mutex_lock(&LOCK_openssl_config);
  if (!ma_ssl_initialized)
  {
    if (ssl_thread_init())
    {
      strncpy(errmsg, "Not enough memory", errmsg_len);
      goto end;
    }
    SSL_library_init();

#if SSLEAY_VERSION_NUMBER >= 0x00907000L
    OPENSSL_config(NULL);
#endif
    /* load errors */
    SSL_load_error_strings();
    /* digests and ciphers */
    OpenSSL_add_all_algorithms();

    if (!(SSL_context= SSL_CTX_new(TLSv1_client_method())))
    {
      ma_ssl_get_error(errmsg, errmsg_len);
      goto end;
    }
    rc= 0;
    ma_ssl_initialized= TRUE;
  }
end:
  pthread_mutex_unlock(&LOCK_openssl_config);
  return rc;
}

void initialize()
{
    Mutex::ScopedLock lock(_mutex);
    
    if (++_refCount == 1)
    {
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
        OPENSSL_config(NULL);
#endif
        SSL_library_init();
        SSL_load_error_strings();
        OpenSSL_add_all_algorithms();
        
        char seed[SEEDSIZE];
        Random::getSeed(seed, sizeof(seed));
        RAND_seed(seed, SEEDSIZE);
        
        int nMutexes = CRYPTO_num_locks();
        _mutexes = new Mutex[nMutexes];
        CRYPTO_set_locking_callback(&internal::lock);
// #ifndef WIN32 // SF# 1828231: random unhandled exceptions when linking with ssl
//         CRYPTO_set_id_callback(&internal::id);
// #endif
        CRYPTO_set_dynlock_create_callback(&internal::dynlockCreate);
        CRYPTO_set_dynlock_lock_callback(&internal::dynlock);
        CRYPTO_set_dynlock_destroy_callback(&internal::dynlockDestroy);
    }
}

int aesdecrypt(unsigned char* ciphertext,int len,unsigned char* key,unsigned char* decryptedtext){
	
	int decryptedtext_len;
	//LOGD("LIB encrypttext:%s:len=%d\n",plaintext, strlen((char *)plaintext));
	//LOGD("LIB key:%s\n",key);
	
	unsigned char iv[32]={0};
	//memset(iv,0x00,sizeof(iv));
	//unsigned char *iv = (unsigned char*)"01234567890123456";
	
	/* Initialise the library */
  ERR_load_crypto_strings();
  OpenSSL_add_all_algorithms();
  OPENSSL_config(NULL);

  /* Decrypt the ciphertext */
  decryptedtext_len = decrypt(ciphertext, len, key, iv,
    decryptedtext);

  /* Add a NULL terminator. We are expecting printable text */
  decryptedtext[decryptedtext_len] = '\0';

  /* Show the decrypted text */
  //printf("Decrypted text is:\n");
  //printf("%s\n", decryptedtext);
  //LOGD("Decrypted text is:\n%s\n",decryptedtext);

  /* Clean up */
  EVP_cleanup();
  ERR_free_strings();
  
  return decryptedtext_len;
}

void uwsgi_ssl_init(void) {
        OPENSSL_config(NULL);
        SSL_library_init();
        SSL_load_error_strings();
        OpenSSL_add_all_algorithms();
        uwsgi.ssl_initialized = 1;
}

void crypto_init()
{
    /* Initialise the library */
    ERR_load_crypto_strings();
    OpenSSL_add_all_algorithms();
    OPENSSL_config(NULL);
}

int aesencrypt(unsigned char* plaintext,unsigned char* key,unsigned char* ciphertext){
	
	int ciphertext_len;
	
	//LOGD("LIB plaintext:%s:len=%d\n",plaintext, strlen((char *)plaintext));
	//LOGD("LIB key:%s[0x%x,0x%x,0x%x,0x%x]\n",key,key[0],key[1],key[2],key[3]);
	
	unsigned char iv[32]={0};
	//unsigned char *iv = (unsigned char*)"01234567890123456";
	
	/* Initialise the library */
  ERR_load_crypto_strings();
  OpenSSL_add_all_algorithms();
  OPENSSL_config(NULL);

  /* Encrypt the plaintext */
  ciphertext_len = encrypt(plaintext, strlen((char *)plaintext), key, iv,
    ciphertext);
   
	/* Do something useful with the ciphertext here */
  //printf("Ciphertext is:\n");  
  //BIO_dump_fp(stdout, (char *)ciphertext, ciphertext_len);
  //LOGD("#### %x%x%x%x",ciphertext[0],ciphertext[1],ciphertext[2],ciphertext[3]);

  /* Clean up */
  EVP_cleanup();
  ERR_free_strings();
  
  return ciphertext_len;
}

int main(int arc, char *argv[])
{ 
	DH *dh = DH_new();

	BN_GENCB *(*cb)(BN_GENCB *, int, int);	
	cb = &callback;

	char buf[400];
	char *bufPtr = &buf[0];

	/* Load the human readable error strings for libcrypto */
	ERR_load_crypto_strings();
	/* Load all digest and cipher algorithms */
	OpenSSL_add_all_algorithms();
	/* Load config file, and other important initialisation */
	OPENSSL_config(NULL);

	/*
		use special PRNG if possible:
			* /dev/random
			* /dev/hwrng
			* ...
	*/

	/*
 		----------------------------	PARAMATER GEN	------------------------
	*/

	printf("start generation\n");
	DH_generate_parameters_ex(dh, 256, 2, NULL);
	printf("paramters DONE\n");

	if(dh->pub_key == NULL)
		printf("pubkey init to NULL\n");

	DH_generate_key(dh);
	printf("key DONE\n");
	bufPtr = BN_bn2hex(dh->p);
	printf ("prime    : %s\n", bufPtr);
	bufPtr = BN_bn2hex(dh->g);
	printf ("generator: %s\n", bufPtr);
	bufPtr = BN_bn2hex(dh->pub_key);
	printf ("pubkey   : %s\n", bufPtr);
	bufPtr = BN_bn2hex(dh->priv_key);
	printf ("privkey  : %s\n", bufPtr);

  /* Clean up */

  /* Removes all digests and ciphers */
  EVP_cleanup();

  /* if you omit the next, a small leak may be left when you make use of the BIO (low level API) for e.g. base64 transformations */
  CRYPTO_cleanup_all_ex_data();

  /* Remove error strings */
  ERR_free_strings();

  return 0;
}

		// init
		bool CryptographyEngine::init( void )
		{
			/* Initialise the library */
			ERR_load_CRYPTO_strings();
			OpenSSL_add_all_algorithms();
			OPENSSL_config( NULL );

			return true;
		}

/* INFO: Setting it up
   
         The code below sets up the program. In this example we are going to
         take a simple message("The quick brown fox jumps over the lazy dog"),
         and then encrypt it using a predefined key and IV. In this example the
         key and IV have been hard coded in - in a real situation you would
         never do this! Following encryption we will then decrypt the resulting
         ciphertext, and(hopefully!) end up with the message we first started
         with. This program expects two functions to be defined: "encrypt" and
         "decrypt". We will define those further down the page. */
int aes_main(void) {
	/* INFO: Set up the key and iv. Do I need to say to not hard code these
	         in a real application? :-) */

	/* INFO: A 256 bit key */
	unsigned char * key =
		(unsigned char *)"01234567890123456789012345678901";

	/* INFO: A 128 bit IV */
	unsigned char * iv =(unsigned char *)"01234567890123456";

	/* INFO: Message to be encrypted */
	unsigned char *plaintext =
		(unsigned char *)"The quick brown fox jumps over the lazy dog";

	/* INFO: Buffer for ciphertext. Ensure the buffer is long enough for
	         the ciphertext which may be longer than the plaintext,
	         dependant on the algorithm and mode */
	unsigned char ciphertext[128];

	/* INFO: Buffer for the decrypted text */
	unsigned char decryptedtext[128];

	int decryptedtext_len, ciphertext_len;

	/* INFO: Initialise the library */
	ERR_load_crypto_strings();
	OpenSSL_add_all_algorithms();
	/* TODO: deprecated. Ude OPENSSL_init_crypto instead of it. */
	OPENSSL_config(NULL);

	/* INFO: Encrypt the plaintext */
	ciphertext_len = encrypt(plaintext, strlen((char *)plaintext), key,
		iv, ciphertext);

	/* INFO: Do something useful with the ciphertext here */
	printf("Ciphertext is:\n");
	BIO_dump_fp(stdout,(const char *)ciphertext, ciphertext_len);

	/* INFO: Decrypt the ciphertext */
	decryptedtext_len = decrypt(ciphertext, ciphertext_len, key, iv,
		decryptedtext);

	/* INFO: Add a NULL terminator. We are expecting printable text */
	decryptedtext[decryptedtext_len] = '\0';

	/* INFO: Show the decrypted text */
	printf("Decrypted text is:\n");
	printf("%s\n", decryptedtext);

	/* INFO: Clean up */
	EVP_cleanup();
	ERR_free_strings();

	return 0;
}

static void openssl_init(void){
    static int init = 0;

    if(!init){
	OPENSSL_config(NULL);
        OpenSSL_add_all_algorithms();
        ERR_load_crypto_strings();
        init = 1;
    }
}

void
ssh_OpenSSL_add_all_algorithms(void)
{
	OpenSSL_add_all_algorithms();

	/* Enable use of crypto hardware */
	ENGINE_load_builtin_engines();
	ENGINE_register_all_complete();
	OPENSSL_config(NULL);
}