On Mon, Aug 28, 2017, Brett R. Nicholas wrote: > > > One more follow up question: > > > > If possible you should set the public key components anyway: some operations > > > such as generating certificate requests require them to be present > > I'm confused what you mean here, since my engine doesn't "own" any instances > of an RSA struct, it just has a static instance of RSA_METHOD struct defined. > So therefore my engine never "sets" public or private key components. It just > uses the modexp functions to write the public/private data (contained in the > RSA struct passed as an argument from the higher level encrypt/decrypt > functions) out to the hardware accelerator, and then return the result. So I > could never "set the public key components anyway", as they would be set by > whichever program calls RSA_public/private_encrypt/decrypt(). > > > Is my implementing it in this way different than how you thought I was > implementing it? It made sense to me to do it this way, however please let me > know if you think I'm going about it wrong, or if there are issues with this > particular strategy. I want to make sure I'm using the engine API in the most > intuitive and efficient way! > >
Ah if you're performing crypto acceleration of already existing keys then that's fine. In some cases an ENGINE can load a private key (typically from an HSM) and returns the EVP_PKEY structure: in that case it would initialise the RSA structure for RSA keys. It's that case where (n, e) should be initialised if possible. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev