Example #1
0
const EC_KEY_METHOD * HSM_PKCS11_get_ecdsa_method ( void ) {

	static EC_KEY_METHOD * r_pnt = NULL;
#ifdef ENABLE_ECDSA
	if (!r_pnt) {

#if OPENSSL_VERSION_NUMBER < 0x1010000fL

		// ECDSA METHOD - it is required since OpenSSL is
		// actually missing the duplication of the METHOD
		/*
		static ECDSA_METHOD ret = {
		    "PKCS#11 ECDSA method",      // const char *name;
		    HSM_PKCS11_ecdsa_sign,       // ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
		                                 //             const BIGNUM *rp, EC_KEY *eckey);
		    HSM_PKCS11_ecdsa_sign_setup, // int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **r);
		    NULL,                        // int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
		                                 //      EC_KEY *eckey);
		    0,                           // int flags;
		    NULL                         // char *app_data;
		};
		*/

	
		if ((r_pnt = ECDSA_METHOD_new(ECDSA_get_default_method())) == NULL)
			return NULL;

		ECDSA_METHOD_set_name(r_pnt, "LibPKI PKCS#11 ECDSA");
		ECDSA_METHOD_set_sign(r_pnt, HSM_PKCS11_ecdsa_sign);

		// ECDSA_METHOD_set_sign_setup(r_pnt, HSM_PKCS11_ecdsa_sign_setup);
		// ECDSA_METHOD_set_verify(&ret, NULL);

#else
		if ((r_pnt = EC_KEY_METHOD_new(EC_KEY_get_default_method())) == NULL)
			return NULL;

		// Sets the sign method
		EC_KEY_METHOD_set_sign(r_pnt, 
			                   HSM_PKCS11_ecdsa_sign, //int (*sign)(int type, const unsigned char *dgst,
                                                      //            int dlen, unsigned char *sig,
                                                      //            unsigned int *siglen,
                                                      //            const BIGNUM *kinv, const BIGNUM *r,
                                                      //            EC_KEY *eckey)
			                   NULL,                  //int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
                                                      //                  BIGNUM **kinvp, BIGNUM **rp)
			                   NULL                   //ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
                                                      //                       int dgst_len,
                                                      //                       const BIGNUM *in_kinv,
                                                      //                       const BIGNUM *in_r,
                                                      //                       EC_KEY *eckey)
			                   );
#endif
	}
#endif
	return r_pnt;

}
PKCS11H_BOOL
_pkcs11h_openssl_initialize (void) {

	PKCS11H_BOOL ret = FALSE;

	_PKCS11H_DEBUG (
		PKCS11H_LOG_DEBUG2,
		"PKCS#11: _pkcs11h_openssl_initialize - entered"
	);
#ifndef OPENSSL_NO_RSA
	if (__openssl_methods.rsa != NULL) {
		RSA_meth_free (__openssl_methods.rsa);
	}
	if ((__openssl_methods.rsa = RSA_meth_dup (RSA_get_default_method ())) == NULL) {
		goto cleanup;
	}
	RSA_meth_set1_name (__openssl_methods.rsa, "pkcs11h");
	RSA_meth_set_priv_dec (__openssl_methods.rsa, __pkcs11h_openssl_rsa_dec);
	RSA_meth_set_priv_enc (__openssl_methods.rsa, __pkcs11h_openssl_rsa_enc);
	RSA_meth_set_flags (__openssl_methods.rsa, RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY);
	__openssl_methods.rsa_index = RSA_get_ex_new_index (
		0,
		"pkcs11h",
		NULL,
		__pkcs11h_openssl_ex_data_dup,
		__pkcs11h_openssl_ex_data_free
	);
#endif
#ifndef OPENSSL_NO_DSA
	if (__openssl_methods.dsa != NULL) {
		DSA_meth_free (__openssl_methods.dsa);
	}
	__openssl_methods.dsa = DSA_meth_dup (DSA_get_default_method ());
	DSA_meth_set1_name (__openssl_methods.dsa, "pkcs11h");
	DSA_meth_set_sign (__openssl_methods.dsa, __pkcs11h_openssl_dsa_do_sign);
	__openssl_methods.dsa_index = DSA_get_ex_new_index (
		0,
		"pkcs11h",
		NULL,
		__pkcs11h_openssl_ex_data_dup,
		__pkcs11h_openssl_ex_data_free
	);
#endif
#ifdef __ENABLE_EC
	if (__openssl_methods.ecdsa != NULL) {
		ECDSA_METHOD_free(__openssl_methods.ecdsa);
	}
	__openssl_methods.ecdsa = ECDSA_METHOD_new ((ECDSA_METHOD *)ECDSA_get_default_method ());
	ECDSA_METHOD_set_name(__openssl_methods.ecdsa, "pkcs11h");
	ECDSA_METHOD_set_sign(__openssl_methods.ecdsa, __pkcs11h_openssl_ecdsa_do_sign);
	__openssl_methods.ecdsa_index = ECDSA_get_ex_new_index (
		0,
		"pkcs11h",
		NULL,
		__pkcs11h_openssl_ex_data_dup,
		__pkcs11h_openssl_ex_data_free
	);
#endif
	ret = TRUE;

cleanup:
	_PKCS11H_DEBUG (
		PKCS11H_LOG_DEBUG2,
		"PKCS#11: _pkcs11h_openssl_initialize - return %d",
		ret
	);
	return ret;
}