Beispiel #1
0
const RSA_METHOD * HSM_PKCS11_get_rsa_method ( void ) {

#if OPENSSL_VERSION_NUMBER < 0x1010000fL

	static RSA_METHOD ret;

	ret = *RSA_get_default_method();

	// Sets the name
	ret.name = "LibPKI PKCS#11 RSA";

	// Implemented Methods
	ret.rsa_sign = HSM_PKCS11_rsa_sign;

	// Not Implemented Methods
	ret.rsa_priv_enc = NULL;
	ret.rsa_priv_dec = NULL;

	return &ret;

#else

	static RSA_METHOD * r_pnt = NULL;
		// Static Pointer to the new PKCS11 RSA Method

	// If the pointer is empty, let's get a new method
	if (!r_pnt) {

		// Duplicate the default method
		if ((r_pnt = RSA_meth_dup(RSA_get_default_method())) != NULL) {

			// Sets the name
			RSA_meth_set1_name(r_pnt, "LibPKI PKCS#11 RSA");

			// Sets the sign to use the PKCS#11 version
			RSA_meth_set_sign(r_pnt, HSM_PKCS11_rsa_sign);

			// Sets not implemented calls
			RSA_meth_set_priv_enc(r_pnt, NULL);
			RSA_meth_set_priv_dec(r_pnt, NULL);
		}
	}

	// All Done
	return r_pnt;

#endif

}
Beispiel #2
0
static RSA_METHOD *get_pkcs11_rsa_method(void) {
	static RSA_METHOD *pkcs11_rsa_method = NULL;
	if(pkcs11_rsa_key_idx == -1) {
		pkcs11_rsa_key_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
	}
	if(pkcs11_rsa_method == NULL) {
#if OPENSSL_VERSION_NUMBER < 0x10100005L        
		const RSA_METHOD *def = RSA_get_default_method();
		pkcs11_rsa_method = calloc(1, sizeof(*pkcs11_rsa_method));
		memcpy(pkcs11_rsa_method, def, sizeof(*pkcs11_rsa_method));
		pkcs11_rsa_method->name = "pkcs11";
		pkcs11_rsa_method->rsa_priv_enc = pkcs11_rsa_private_encrypt;
		pkcs11_rsa_method->rsa_priv_dec = pkcs11_rsa_private_decrypt;
#else
        pkcs11_rsa_method = RSA_meth_dup(RSA_get_default_method());
        RSA_meth_set1_name(pkcs11_rsa_method, "pkcs11");
        RSA_meth_set_priv_enc(pkcs11_rsa_method, pkcs11_rsa_private_encrypt);
        RSA_meth_set_priv_dec(pkcs11_rsa_method, pkcs11_rsa_private_decrypt);
#endif
	}
	return pkcs11_rsa_method;
}
PKCS11H_BOOL
_pkcs11h_openssl_initialize (void) {

	PKCS11H_BOOL ret = FALSE;

	_PKCS11H_DEBUG (
		PKCS11H_LOG_DEBUG2,
		"PKCS#11: _pkcs11h_openssl_initialize - entered"
	);
#ifndef OPENSSL_NO_RSA
	if (__openssl_methods.rsa != NULL) {
		RSA_meth_free (__openssl_methods.rsa);
	}
	if ((__openssl_methods.rsa = RSA_meth_dup (RSA_get_default_method ())) == NULL) {
		goto cleanup;
	}
	RSA_meth_set1_name (__openssl_methods.rsa, "pkcs11h");
	RSA_meth_set_priv_dec (__openssl_methods.rsa, __pkcs11h_openssl_rsa_dec);
	RSA_meth_set_priv_enc (__openssl_methods.rsa, __pkcs11h_openssl_rsa_enc);
	RSA_meth_set_flags (__openssl_methods.rsa, RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY);
	__openssl_methods.rsa_index = RSA_get_ex_new_index (
		0,
		"pkcs11h",
		NULL,
		__pkcs11h_openssl_ex_data_dup,
		__pkcs11h_openssl_ex_data_free
	);
#endif
#ifndef OPENSSL_NO_DSA
	if (__openssl_methods.dsa != NULL) {
		DSA_meth_free (__openssl_methods.dsa);
	}
	__openssl_methods.dsa = DSA_meth_dup (DSA_get_default_method ());
	DSA_meth_set1_name (__openssl_methods.dsa, "pkcs11h");
	DSA_meth_set_sign (__openssl_methods.dsa, __pkcs11h_openssl_dsa_do_sign);
	__openssl_methods.dsa_index = DSA_get_ex_new_index (
		0,
		"pkcs11h",
		NULL,
		__pkcs11h_openssl_ex_data_dup,
		__pkcs11h_openssl_ex_data_free
	);
#endif
#ifdef __ENABLE_EC
	if (__openssl_methods.ecdsa != NULL) {
		ECDSA_METHOD_free(__openssl_methods.ecdsa);
	}
	__openssl_methods.ecdsa = ECDSA_METHOD_new ((ECDSA_METHOD *)ECDSA_get_default_method ());
	ECDSA_METHOD_set_name(__openssl_methods.ecdsa, "pkcs11h");
	ECDSA_METHOD_set_sign(__openssl_methods.ecdsa, __pkcs11h_openssl_ecdsa_do_sign);
	__openssl_methods.ecdsa_index = ECDSA_get_ex_new_index (
		0,
		"pkcs11h",
		NULL,
		__pkcs11h_openssl_ex_data_dup,
		__pkcs11h_openssl_ex_data_free
	);
#endif
	ret = TRUE;

cleanup:
	_PKCS11H_DEBUG (
		PKCS11H_LOG_DEBUG2,
		"PKCS#11: _pkcs11h_openssl_initialize - return %d",
		ret
	);
	return ret;
}