const EC_KEY_METHOD * HSM_PKCS11_get_ecdsa_method ( void ) { static EC_KEY_METHOD * r_pnt = NULL; #ifdef ENABLE_ECDSA if (!r_pnt) { #if OPENSSL_VERSION_NUMBER < 0x1010000fL // ECDSA METHOD - it is required since OpenSSL is // actually missing the duplication of the METHOD /* static ECDSA_METHOD ret = { "PKCS#11 ECDSA method", // const char *name; HSM_PKCS11_ecdsa_sign, // ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, // const BIGNUM *rp, EC_KEY *eckey); HSM_PKCS11_ecdsa_sign_setup, // int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **r); NULL, // int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, // EC_KEY *eckey); 0, // int flags; NULL // char *app_data; }; */ if ((r_pnt = ECDSA_METHOD_new(ECDSA_get_default_method())) == NULL) return NULL; ECDSA_METHOD_set_name(r_pnt, "LibPKI PKCS#11 ECDSA"); ECDSA_METHOD_set_sign(r_pnt, HSM_PKCS11_ecdsa_sign); // ECDSA_METHOD_set_sign_setup(r_pnt, HSM_PKCS11_ecdsa_sign_setup); // ECDSA_METHOD_set_verify(&ret, NULL); #else if ((r_pnt = EC_KEY_METHOD_new(EC_KEY_get_default_method())) == NULL) return NULL; // Sets the sign method EC_KEY_METHOD_set_sign(r_pnt, HSM_PKCS11_ecdsa_sign, //int (*sign)(int type, const unsigned char *dgst, // int dlen, unsigned char *sig, // unsigned int *siglen, // const BIGNUM *kinv, const BIGNUM *r, // EC_KEY *eckey) NULL, //int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, // BIGNUM **kinvp, BIGNUM **rp) NULL //ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, // int dgst_len, // const BIGNUM *in_kinv, // const BIGNUM *in_r, // EC_KEY *eckey) ); #endif } #endif return r_pnt; }
EC_KEY *EC_KEY_new_method(ENGINE *engine) { EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE); return NULL; } if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) { OPENSSL_free(ret); return NULL; } ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data); OPENSSL_free(ret); return NULL; } ret->meth = EC_KEY_get_default_method(); #ifndef OPENSSL_NO_ENGINE if (engine != NULL) { if (!ENGINE_init(engine)) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data); CRYPTO_THREAD_lock_free(ret->lock); OPENSSL_free(ret); return NULL; } ret->engine = engine; } else ret->engine = ENGINE_get_default_EC(); if (ret->engine != NULL) { ret->meth = ENGINE_get_EC(ret->engine); if (ret->meth == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data); CRYPTO_THREAD_lock_free(ret->lock); OPENSSL_free(ret); return NULL; } } #endif ret->version = 1; ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; ret->references = 1; if (ret->meth->init != NULL && ret->meth->init(ret) == 0) { EC_KEY_free(ret); return NULL; } return ret; }
EC_KEY * EC_KEY_new_method(ENGINE *engine) { EC_KEY *ret; if ((ret = calloc(1, sizeof(EC_KEY))) == NULL) { ECerror(ERR_R_MALLOC_FAILURE); return NULL; } ret->meth = EC_KEY_get_default_method(); #ifndef OPENSSL_NO_ENGINE if (engine != NULL) { if (!ENGINE_init(engine)) { ECerror(ERR_R_ENGINE_LIB); goto err; } ret->engine = engine; } else ret->engine = ENGINE_get_default_EC(); if (ret->engine) { ret->meth = ENGINE_get_EC(ret->engine); if (ret->meth == NULL) { ECerror(ERR_R_ENGINE_LIB); goto err; } } #endif ret->version = 1; ret->flags = 0; ret->group = NULL; ret->pub_key = NULL; ret->priv_key = NULL; ret->enc_flag = 0; ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; ret->references = 1; ret->method_data = NULL; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) goto err; if (ret->meth->init != NULL && ret->meth->init(ret) == 0) goto err; return ret; err: EC_KEY_free(ret); return NULL; }