const RSA_METHOD * HSM_PKCS11_get_rsa_method ( void ) {
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
static RSA_METHOD ret;
ret = *RSA_get_default_method();
// Sets the name
ret.name = "LibPKI PKCS#11 RSA";
// Implemented Methods
ret.rsa_sign = HSM_PKCS11_rsa_sign;
// Not Implemented Methods
ret.rsa_priv_enc = NULL;
ret.rsa_priv_dec = NULL;
return &ret;
#else
static RSA_METHOD * r_pnt = NULL;
// Static Pointer to the new PKCS11 RSA Method
// If the pointer is empty, let's get a new method
if (!r_pnt) {
// Duplicate the default method
if ((r_pnt = RSA_meth_dup(RSA_get_default_method())) != NULL) {
// Sets the name
RSA_meth_set1_name(r_pnt, "LibPKI PKCS#11 RSA");
// Sets the sign to use the PKCS#11 version
RSA_meth_set_sign(r_pnt, HSM_PKCS11_rsa_sign);
// Sets not implemented calls
RSA_meth_set_priv_enc(r_pnt, NULL);
RSA_meth_set_priv_dec(r_pnt, NULL);
}
}
// All Done
return r_pnt;
#endif
}
static RSA_METHOD *get_pkcs11_rsa_method(void) {
static RSA_METHOD *pkcs11_rsa_method = NULL;
if(pkcs11_rsa_key_idx == -1) {
pkcs11_rsa_key_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
}
if(pkcs11_rsa_method == NULL) {
#if OPENSSL_VERSION_NUMBER < 0x10100005L
const RSA_METHOD *def = RSA_get_default_method();
pkcs11_rsa_method = calloc(1, sizeof(*pkcs11_rsa_method));
memcpy(pkcs11_rsa_method, def, sizeof(*pkcs11_rsa_method));
pkcs11_rsa_method->name = "pkcs11";
pkcs11_rsa_method->rsa_priv_enc = pkcs11_rsa_private_encrypt;
pkcs11_rsa_method->rsa_priv_dec = pkcs11_rsa_private_decrypt;
#else
pkcs11_rsa_method = RSA_meth_dup(RSA_get_default_method());
RSA_meth_set1_name(pkcs11_rsa_method, "pkcs11");
RSA_meth_set_priv_enc(pkcs11_rsa_method, pkcs11_rsa_private_encrypt);
RSA_meth_set_priv_dec(pkcs11_rsa_method, pkcs11_rsa_private_decrypt);
#endif
}
return pkcs11_rsa_method;
}
PKCS11H_BOOL
_pkcs11h_openssl_initialize (void) {
PKCS11H_BOOL ret = FALSE;
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_openssl_initialize - entered"
);
#ifndef OPENSSL_NO_RSA
if (__openssl_methods.rsa != NULL) {
RSA_meth_free (__openssl_methods.rsa);
}
if ((__openssl_methods.rsa = RSA_meth_dup (RSA_get_default_method ())) == NULL) {
goto cleanup;
}
RSA_meth_set1_name (__openssl_methods.rsa, "pkcs11h");
RSA_meth_set_priv_dec (__openssl_methods.rsa, __pkcs11h_openssl_rsa_dec);
RSA_meth_set_priv_enc (__openssl_methods.rsa, __pkcs11h_openssl_rsa_enc);
RSA_meth_set_flags (__openssl_methods.rsa, RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY);
__openssl_methods.rsa_index = RSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
#ifndef OPENSSL_NO_DSA
if (__openssl_methods.dsa != NULL) {
DSA_meth_free (__openssl_methods.dsa);
}
__openssl_methods.dsa = DSA_meth_dup (DSA_get_default_method ());
DSA_meth_set1_name (__openssl_methods.dsa, "pkcs11h");
DSA_meth_set_sign (__openssl_methods.dsa, __pkcs11h_openssl_dsa_do_sign);
__openssl_methods.dsa_index = DSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
#ifdef __ENABLE_EC
if (__openssl_methods.ecdsa != NULL) {
ECDSA_METHOD_free(__openssl_methods.ecdsa);
}
__openssl_methods.ecdsa = ECDSA_METHOD_new ((ECDSA_METHOD *)ECDSA_get_default_method ());
ECDSA_METHOD_set_name(__openssl_methods.ecdsa, "pkcs11h");
ECDSA_METHOD_set_sign(__openssl_methods.ecdsa, __pkcs11h_openssl_ecdsa_do_sign);
__openssl_methods.ecdsa_index = ECDSA_get_ex_new_index (
0,
"pkcs11h",
NULL,
__pkcs11h_openssl_ex_data_dup,
__pkcs11h_openssl_ex_data_free
);
#endif
ret = TRUE;
cleanup:
_PKCS11H_DEBUG (
PKCS11H_LOG_DEBUG2,
"PKCS#11: _pkcs11h_openssl_initialize - return %d",
ret
);
return ret;
}