const EC_KEY_METHOD * HSM_PKCS11_get_ecdsa_method ( void ) {
static EC_KEY_METHOD * r_pnt = NULL;
#ifdef ENABLE_ECDSA
if (!r_pnt) {
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
// ECDSA METHOD - it is required since OpenSSL is
// actually missing the duplication of the METHOD
/*
static ECDSA_METHOD ret = {
"PKCS#11 ECDSA method", // const char *name;
HSM_PKCS11_ecdsa_sign, // ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
// const BIGNUM *rp, EC_KEY *eckey);
HSM_PKCS11_ecdsa_sign_setup, // int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **r);
NULL, // int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig,
// EC_KEY *eckey);
0, // int flags;
NULL // char *app_data;
};
*/
if ((r_pnt = ECDSA_METHOD_new(ECDSA_get_default_method())) == NULL)
return NULL;
ECDSA_METHOD_set_name(r_pnt, "LibPKI PKCS#11 ECDSA");
ECDSA_METHOD_set_sign(r_pnt, HSM_PKCS11_ecdsa_sign);
// ECDSA_METHOD_set_sign_setup(r_pnt, HSM_PKCS11_ecdsa_sign_setup);
// ECDSA_METHOD_set_verify(&ret, NULL);
#else
if ((r_pnt = EC_KEY_METHOD_new(EC_KEY_get_default_method())) == NULL)
return NULL;
// Sets the sign method
EC_KEY_METHOD_set_sign(r_pnt,
HSM_PKCS11_ecdsa_sign, //int (*sign)(int type, const unsigned char *dgst,
// int dlen, unsigned char *sig,
// unsigned int *siglen,
// const BIGNUM *kinv, const BIGNUM *r,
// EC_KEY *eckey)
NULL, //int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
// BIGNUM **kinvp, BIGNUM **rp)
NULL //ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
// int dgst_len,
// const BIGNUM *in_kinv,
// const BIGNUM *in_r,
// EC_KEY *eckey)
);
#endif
}
#endif
return r_pnt;
}
EC_KEY *EC_KEY_new_method(ENGINE *engine)
{
EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
OPENSSL_free(ret);
return NULL;
}
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
OPENSSL_free(ret);
return NULL;
}
ret->meth = EC_KEY_get_default_method();
#ifndef OPENSSL_NO_ENGINE
if (engine != NULL) {
if (!ENGINE_init(engine)) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
CRYPTO_THREAD_lock_free(ret->lock);
OPENSSL_free(ret);
return NULL;
}
ret->engine = engine;
} else
ret->engine = ENGINE_get_default_EC();
if (ret->engine != NULL) {
ret->meth = ENGINE_get_EC(ret->engine);
if (ret->meth == NULL) {
ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
ENGINE_finish(ret->engine);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
CRYPTO_THREAD_lock_free(ret->lock);
OPENSSL_free(ret);
return NULL;
}
}
#endif
ret->version = 1;
ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
ret->references = 1;
if (ret->meth->init != NULL && ret->meth->init(ret) == 0) {
EC_KEY_free(ret);
return NULL;
}
return ret;
}
EC_KEY *
EC_KEY_new_method(ENGINE *engine)
{
EC_KEY *ret;
if ((ret = calloc(1, sizeof(EC_KEY))) == NULL) {
ECerror(ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->meth = EC_KEY_get_default_method();
#ifndef OPENSSL_NO_ENGINE
if (engine != NULL) {
if (!ENGINE_init(engine)) {
ECerror(ERR_R_ENGINE_LIB);
goto err;
}
ret->engine = engine;
} else
ret->engine = ENGINE_get_default_EC();
if (ret->engine) {
ret->meth = ENGINE_get_EC(ret->engine);
if (ret->meth == NULL) {
ECerror(ERR_R_ENGINE_LIB);
goto err;
}
}
#endif
ret->version = 1;
ret->flags = 0;
ret->group = NULL;
ret->pub_key = NULL;
ret->priv_key = NULL;
ret->enc_flag = 0;
ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
ret->references = 1;
ret->method_data = NULL;
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
goto err;
if (ret->meth->init != NULL && ret->meth->init(ret) == 0)
goto err;
return ret;
err:
EC_KEY_free(ret);
return NULL;
}
