I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may choose to support the provider serialization API. Note, though that most token and engine based keys won't support serialization because it's simply not possible. The engine mechanism this patch adds is essentially the fledgling URI mechanism except that in current form, openssh checks for an openable file. However, the concept of passing the "file" argument of ssh-add straight to the engine is what becomes a URI in the provider interface. Once the transition to providers is complete, the engine code and the iteration over engines can be eliminated because the provider API will take care of doing all that internally. The only piece which will survive is the transmission of keys to the agent by URI. The way the patch is structured is to first make public an internal API to convert EVP_PKEY to sslkey. All openssl keys need this type of conversion so it's useful for engine keys as well and means we don't need a different sshkey type for engine keys (they key off the SSHKEY_FLAG_EXT instead). James --- James Bottomley (2): sshkey: expose openssl EVP_PKEY to sshkey conversion routine. Add support for openssl engine based keys Makefile.in | 2 +- authfd.c | 44 ++++++++++++++ authfd.h | 6 ++ ssh-add.c | 36 ++++++++++++ ssh-agent.c | 74 ++++++++++++++++++++++++ ssh-engine.c | 159 +++++++++++++++++++++++++++++++++++++++++++++++++++ ssh-engine.h | 9 +++ sshkey.c | 87 ++++++++++++++++------------ sshkey.h | 5 ++ 9 files changed, 384 insertions(+), 38 deletions(-) create mode 100644 ssh-engine.c create mode 100644 ssh-engine.h -- 2.26.2 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
