Apologies in advance for cross-posting – but I’m not sure which of the two mailing lists this belongs to. A key (say, private key) is loaded from the pkcs11 engine via privkey = ENGINE_load_private_key(engine, <whatever else>); and this operation succeeds. However the resulting key handle has its engine == NULL. I looked for a method or a macro to explicitly set that value to the pointer to the engine that this key is bound to, but couldn’t find any. I define new methods such as pkcs11_pkey_rsa_decrypt(), and try to make OpenSSL aware of them via: EVP_PKEY_METHOD *orig_pmeth = EVP_PKEY_meth_find(EVP_PKEY_RSA); EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_new(EVP_PKEY_RSA, EVP_PKEY_FLAG_AUTOARGLEN); EVP_PKEY_meth_copy(pmeth, orig_pmeth); EVP_PKEY_meth_get_decrypt(orig_pmeth, &pdecr_init, &pdecr); EVP_PKEY_meth_set_decrypt(pmeth, pdecr_init, pkcs11_pkey_rsa_decrypt); And then there’s a function PKCS11_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmethods, const int **nids, int nid) that assigns the above pmeth to *pmethods. Is the above correct/sufficient? Somehow it seems to never invoke pkcs11_pkey_rsa_decrypt() when it should be used. How can one set the EVP_PKEY->engine field in 1.1+? In ENGINE_set_pkey_meths(engine, pkey_meths) what should pkey_meths() actually be? Is it documented? When does libcrypto use ENGINE->pkey_meths methods instead of ENGINE->rsa_meth? Who/what entity is supposed to invoke ENGINE->pkey_meths to retrieve the RSA methods block? Is it normal if on a key (EVP_PKEY *) loaded by an engine, engine ptr is NULL? And if not – who/how should set those pointers to the correct value? -- Regards, Uri Blumenthal |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
