const RSA_METHOD * HSM_PKCS11_get_rsa_method ( void ) { #if OPENSSL_VERSION_NUMBER < 0x1010000fL static RSA_METHOD ret; ret = *RSA_get_default_method(); // Sets the name ret.name = "LibPKI PKCS#11 RSA"; // Implemented Methods ret.rsa_sign = HSM_PKCS11_rsa_sign; // Not Implemented Methods ret.rsa_priv_enc = NULL; ret.rsa_priv_dec = NULL; return &ret; #else static RSA_METHOD * r_pnt = NULL; // Static Pointer to the new PKCS11 RSA Method // If the pointer is empty, let's get a new method if (!r_pnt) { // Duplicate the default method if ((r_pnt = RSA_meth_dup(RSA_get_default_method())) != NULL) { // Sets the name RSA_meth_set1_name(r_pnt, "LibPKI PKCS#11 RSA"); // Sets the sign to use the PKCS#11 version RSA_meth_set_sign(r_pnt, HSM_PKCS11_rsa_sign); // Sets not implemented calls RSA_meth_set_priv_enc(r_pnt, NULL); RSA_meth_set_priv_dec(r_pnt, NULL); } } // All Done return r_pnt; #endif }
static RSA_METHOD *get_pkcs11_rsa_method(void) { static RSA_METHOD *pkcs11_rsa_method = NULL; if(pkcs11_rsa_key_idx == -1) { pkcs11_rsa_key_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0); } if(pkcs11_rsa_method == NULL) { #if OPENSSL_VERSION_NUMBER < 0x10100005L const RSA_METHOD *def = RSA_get_default_method(); pkcs11_rsa_method = calloc(1, sizeof(*pkcs11_rsa_method)); memcpy(pkcs11_rsa_method, def, sizeof(*pkcs11_rsa_method)); pkcs11_rsa_method->name = "pkcs11"; pkcs11_rsa_method->rsa_priv_enc = pkcs11_rsa_private_encrypt; pkcs11_rsa_method->rsa_priv_dec = pkcs11_rsa_private_decrypt; #else pkcs11_rsa_method = RSA_meth_dup(RSA_get_default_method()); RSA_meth_set1_name(pkcs11_rsa_method, "pkcs11"); RSA_meth_set_priv_enc(pkcs11_rsa_method, pkcs11_rsa_private_encrypt); RSA_meth_set_priv_dec(pkcs11_rsa_method, pkcs11_rsa_private_decrypt); #endif } return pkcs11_rsa_method; }
PKCS11H_BOOL _pkcs11h_openssl_initialize (void) { PKCS11H_BOOL ret = FALSE; _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_openssl_initialize - entered" ); #ifndef OPENSSL_NO_RSA if (__openssl_methods.rsa != NULL) { RSA_meth_free (__openssl_methods.rsa); } if ((__openssl_methods.rsa = RSA_meth_dup (RSA_get_default_method ())) == NULL) { goto cleanup; } RSA_meth_set1_name (__openssl_methods.rsa, "pkcs11h"); RSA_meth_set_priv_dec (__openssl_methods.rsa, __pkcs11h_openssl_rsa_dec); RSA_meth_set_priv_enc (__openssl_methods.rsa, __pkcs11h_openssl_rsa_enc); RSA_meth_set_flags (__openssl_methods.rsa, RSA_METHOD_FLAG_NO_CHECK | RSA_FLAG_EXT_PKEY); __openssl_methods.rsa_index = RSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif #ifndef OPENSSL_NO_DSA if (__openssl_methods.dsa != NULL) { DSA_meth_free (__openssl_methods.dsa); } __openssl_methods.dsa = DSA_meth_dup (DSA_get_default_method ()); DSA_meth_set1_name (__openssl_methods.dsa, "pkcs11h"); DSA_meth_set_sign (__openssl_methods.dsa, __pkcs11h_openssl_dsa_do_sign); __openssl_methods.dsa_index = DSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif #ifdef __ENABLE_EC if (__openssl_methods.ecdsa != NULL) { ECDSA_METHOD_free(__openssl_methods.ecdsa); } __openssl_methods.ecdsa = ECDSA_METHOD_new ((ECDSA_METHOD *)ECDSA_get_default_method ()); ECDSA_METHOD_set_name(__openssl_methods.ecdsa, "pkcs11h"); ECDSA_METHOD_set_sign(__openssl_methods.ecdsa, __pkcs11h_openssl_ecdsa_do_sign); __openssl_methods.ecdsa_index = ECDSA_get_ex_new_index ( 0, "pkcs11h", NULL, __pkcs11h_openssl_ex_data_dup, __pkcs11h_openssl_ex_data_free ); #endif ret = TRUE; cleanup: _PKCS11H_DEBUG ( PKCS11H_LOG_DEBUG2, "PKCS#11: _pkcs11h_openssl_initialize - return %d", ret ); return ret; }