apache · wenwj0 · Jun 13, 2022 · Jun 9, 2022 · Jun 9, 2022 · Jun 9, 2022
diff --git a/src/main/java/org/apache/commons/crypto/cipher/CryptoCipherFactory.java b/src/main/java/org/apache/commons/crypto/cipher/CryptoCipherFactory.java
@@ -35,6 +35,10 @@ public class CryptoCipherFactory {
      */
     public static final String JCE_PROVIDER_KEY = Crypto.CONF_PREFIX
             + "cipher.jce.provider";
+
+    public static final String CIPHER_ENGINE_KEY = Crypto.CONF_PREFIX
+            + "cipher.engine";
+
     /**
      * The configuration key of the CryptoCipher implementation class.
      * <p>

diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSsl.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSsl.java
@@ -378,4 +378,7 @@ protected void finalize() throws Throwable {
         clean();
     }
 
+    public void engineSetDefaultCiphers(String engineId){
+        opensslBlockCipher.engineSetDefaultCiphers(engineId);
+    }
 }
diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSslCipher.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSslCipher.java
@@ -60,6 +60,11 @@ public OpenSslCipher(final Properties props, final String transformation) // NOP
         }
 
         openSslEngine = OpenSsl.getInstance(transformation);
+
+        String engineId = props.getProperty(CryptoCipherFactory.CIPHER_ENGINE_KEY);
+        if(engineId != null && !engineId.isEmpty()) {
+            openSslEngine.engineSetDefaultCiphers(engineId);
+        }
     }
 
     /**

diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSslCommonMode.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSslCommonMode.java
@@ -116,4 +116,9 @@ public void updateAAD(final byte[] aad) {
                 "The underlying Cipher implementation "
                         + "does not support this method");
     }
+
+    @Override
+    public void engineSetDefaultCiphers(String engineId) {
+        OpenSslNative.engineSetDefaultCiphers(engineId);
+    }
 }
diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSslFeedbackCipher.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSslFeedbackCipher.java
@@ -61,6 +61,8 @@ abstract int doFinal(ByteBuffer input, ByteBuffer output) throws ShortBufferExce
 
     abstract void updateAAD(byte[] aad);
 
+    abstract void engineSetDefaultCiphers(String engineId);
+
     public void clean() {
         if (context != 0) {
             OpenSslNative.clean(context);

diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSslGaloisCounterMode.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSslGaloisCounterMode.java
@@ -279,6 +279,11 @@ public void updateAAD(final byte[] aad) {
         }
     }
 
+    @Override
+    public void engineSetDefaultCiphers(String engineId) {
+        OpenSslNative.engineSetDefaultCiphers(engineId);
+    }
+
     private void processAAD() {
         if (aadBuffer != null && aadBuffer.size() > 0) {
             OpenSslNative.updateByteArray(context, aadBuffer.toByteArray(),

diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSslNative.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSslNative.java
@@ -159,4 +159,6 @@ public native static int doFinalByteArray(long context, byte[] output,
      * @param context The cipher context address
      */
     public native static void clean(long context);
+
+    public native static void engineSetDefaultCiphers(String engineId);
 }
diff --git a/src/main/native/org/apache/commons/crypto/cipher/OpenSslNative.c b/src/main/native/org/apache/commons/crypto/cipher/OpenSslNative.c
@@ -52,6 +52,11 @@ static EVP_CIPHER * (*dlsym_EVP_aes_128_cbc)(void);
 static EVP_CIPHER * (*dlsym_EVP_aes_256_gcm)(void);
 static EVP_CIPHER * (*dlsym_EVP_aes_192_gcm)(void);
 static EVP_CIPHER * (*dlsym_EVP_aes_128_gcm)(void);
+static ENGINE * (*dlsym_ENGINE_by_id) (const char *);
+static int (*dlsym_ENGINE_init) (ENGINE *);
+static int (*dlsym_ENGINE_finish) (ENGINE *);
+static int (*dlsym_ENGINE_free) (ENGINE *);
+static int (*dlsym_ENGINE_set_default_ciphers) (ENGINE *);
 #endif
 
 #ifdef WINDOWS
@@ -181,6 +186,11 @@ JNIEXPORT void JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_initI
   LOAD_DYNAMIC_SYMBOL(dlsym_EVP_CipherInit_ex, env, openssl, "EVP_CipherInit_ex");
   LOAD_DYNAMIC_SYMBOL(dlsym_EVP_CipherUpdate, env, openssl, "EVP_CipherUpdate");
   LOAD_DYNAMIC_SYMBOL(dlsym_EVP_CipherFinal_ex, env, openssl, "EVP_CipherFinal_ex");
+  LOAD_DYNAMIC_SYMBOL(dlsym_ENGINE_by_id, env, openssl, "ENGINE_by_id");
+  LOAD_DYNAMIC_SYMBOL(dlsym_ENGINE_init, env, openssl, "ENGINE_init");
+  LOAD_DYNAMIC_SYMBOL(dlsym_ENGINE_finish, env, openssl, "ENGINE_finish");
+  LOAD_DYNAMIC_SYMBOL(dlsym_ENGINE_free, env, openssl, "ENGINE_free");
+  LOAD_DYNAMIC_SYMBOL(dlsym_ENGINE_set_default_ciphers, env, openssl, "ENGINE_set_default_ciphers");
 #endif
 
 #ifdef WINDOWS
@@ -688,6 +698,35 @@ JNIEXPORT void JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_clean
   free_context_wrapper(wrapper);
 }
 
+JNIEXPORT void JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_engineSetDefaultCiphers
+  (JNIEnv *env, jclass clazz, jstring engineId)
+{
+  const char* eId = (*env)->GetStringUTFChars(env, engineId, 0);
+  ENGINE *e = dlsym_ENGINE_by_id(eId);
+
+  if (!e) {
+    char msg[64] = {0};
+    snprintf(msg, sizeof(msg), "Not found engine: %s", eId);
+    THROW(env, "java/lang/InternalError", msg);
+    return;
+  }
+  (*env)->ReleaseStringUTFChars(env, engineId, eId);
+
+  if (dlsym_ENGINE_init(e) != 1) {
+    dlsym_ENGINE_free(e);
+    THROW(env, "java/lang/InternalError", "Error in ENGINE_init.");
+    return;
+  }
+
+  if (dlsym_ENGINE_set_default_ciphers(e) != 1) {
+    THROW(env, "java/lang/InternalError", "Error in ENGINE_set_default_ciphers.");
+    return;
+  }
+  dlsym_ENGINE_finish(e);
+  dlsym_ENGINE_free(e);
+  return;
+}
+
 static int check_update_max_output_len(EVP_CTX_Wrapper *wrapper, int input_len, int max_output_len)
 {
   if (dlsym_EVP_CIPHER_CTX_test_flags(wrapper->ctx, EVP_CIPH_NO_PADDING) == EVP_CIPH_NO_PADDING) {