const EC_KEY_METHOD * HSM_PKCS11_get_ecdsa_method ( void ) { static EC_KEY_METHOD * r_pnt = NULL; #ifdef ENABLE_ECDSA if (!r_pnt) { #if OPENSSL_VERSION_NUMBER < 0x1010000fL // ECDSA METHOD - it is required since OpenSSL is // actually missing the duplication of the METHOD /* static ECDSA_METHOD ret = { "PKCS#11 ECDSA method", // const char *name; HSM_PKCS11_ecdsa_sign, // ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, // const BIGNUM *rp, EC_KEY *eckey); HSM_PKCS11_ecdsa_sign_setup, // int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **r); NULL, // int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, // EC_KEY *eckey); 0, // int flags; NULL // char *app_data; }; */ if ((r_pnt = ECDSA_METHOD_new(ECDSA_get_default_method())) == NULL) return NULL; ECDSA_METHOD_set_name(r_pnt, "LibPKI PKCS#11 ECDSA"); ECDSA_METHOD_set_sign(r_pnt, HSM_PKCS11_ecdsa_sign); // ECDSA_METHOD_set_sign_setup(r_pnt, HSM_PKCS11_ecdsa_sign_setup); // ECDSA_METHOD_set_verify(&ret, NULL); #else if ((r_pnt = EC_KEY_METHOD_new(EC_KEY_get_default_method())) == NULL) return NULL; // Sets the sign method EC_KEY_METHOD_set_sign(r_pnt, HSM_PKCS11_ecdsa_sign, //int (*sign)(int type, const unsigned char *dgst, // int dlen, unsigned char *sig, // unsigned int *siglen, // const BIGNUM *kinv, const BIGNUM *r, // EC_KEY *eckey) NULL, //int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, // BIGNUM **kinvp, BIGNUM **rp) NULL //ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, // int dgst_len, // const BIGNUM *in_kinv, // const BIGNUM *in_r, // EC_KEY *eckey) ); #endif } #endif return r_pnt; }
PKCS11H_BOOL _pkcs11h_openssl_initialize (void) { PKCS11H_BOOL ret = FALSE; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_openssl_initialize - entered" ); #ifndef OPENSSL_NO_RSA if (__openssl_methods.rsa != NULL) { RSA_meth_free (__openssl_methods.rsa); } if ((__openssl_methods.rsa = RSA_meth_dup (RSA_get_default_method ())) == NULL) { goto cleanup; } RSA_meth_set1_name (__openssl_methods.rsa, "pkcs11h"); RSA_meth_set_priv_dec (__openssl_methods.rsa, __pkcs11h_openssl_rsa_dec); RSA_meth_set_priv_enc (__openssl_methods.rsa, __pkcs11h_openssl_rsa_enc); RSA_meth_set_flags (__openssl_methods.rsa, RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY); __openssl_methods.rsa_index = RSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif #ifndef OPENSSL_NO_DSA if (__openssl_methods.dsa != NULL) { DSA_meth_free (__openssl_methods.dsa); } __openssl_methods.dsa = DSA_meth_dup (DSA_get_default_method ()); DSA_meth_set1_name (__openssl_methods.dsa, "pkcs11h"); DSA_meth_set_sign (__openssl_methods.dsa, __pkcs11h_openssl_dsa_do_sign); __openssl_methods.dsa_index = DSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif #ifdef __ENABLE_EC if (__openssl_methods.ecdsa != NULL) { ECDSA_METHOD_free(__openssl_methods.ecdsa); } __openssl_methods.ecdsa = ECDSA_METHOD_new ((ECDSA_METHOD *)ECDSA_get_default_method ()); ECDSA_METHOD_set_name(__openssl_methods.ecdsa, "pkcs11h"); ECDSA_METHOD_set_sign(__openssl_methods.ecdsa, __pkcs11h_openssl_ecdsa_do_sign); __openssl_methods.ecdsa_index = ECDSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif ret = TRUE; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_openssl_initialize - return %d", ret ); return ret; }