These lines are for METHODS, i.e. RSA_METHOD and EC_KEY_METHOD. RSA keys can share an RSA_METHOD, and EC keys can share an EC_KEY_METHOD. A method can be copied, for example an OpenSSL engine for using PKCS11, would then provide the routines in the method to not use the default software version of RSA signature or decrypting operations, but use PKCS11 to have these operations done on the token or smart card. So for RSA keys on the token, all these keys would share a copied and modified RSA_METHOD PKCS11 method where the rsa_idx in these keys is used to point to key specific data such as PkCS11 slot and KeyIDs. On 2/12/2021 10:31 AM, Dmitry Belyavskiy wrote:
Hello, Do I correctly understand that there can't be more than one key of each type of PKCS#11? The lines https://github.com/openssh/openssh-portable/blame/1bb130ed34721d46452529d094d9bbf045607d79/ssh-pkcs11.c#L191-L196 seem to use the global variables for RSA/ECDSA pkcs11-related data structures. Many thanks!
-- Douglas E. Engert <DEEngert@xxxxxxxxx> _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
