Moving to openssl-dev, because I think OpenSSL-1.0.2 needs a fix.
To be more specific, the following get methods are missing in 1.0.2:
- EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *, …)
- EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *, …)
- EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *, …)
Note that the corresponding set methods are (thankfully) already present:
- EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *, …)
- EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *, …)
- EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *, …)
Can I hope that these get methods would be added? Maybe even soon?
--
Regards,
Uri Blumenthal
From: Uri Blumenthal <u...@ll.mit.edu>
Date: Sunday, October 01, 2017 at 19:59
To: <openssl-us...@openssl.org>
Subject: Re: [openssl-users] Missing EVP_PKEY method to set engine?
Thank you!
I observe that in 1.1.x everything's fine - the structure evp_pkey_methods_st
is opaque, but both getters and setters are defined and available.
In 1.0.2 the structure is already opaque, the setters are present, but some
getters are absent. Which makes it quite hard to work with members of this
structure.
I think this is a bug, and two possible remedies INHO are: add getter functions
for the members, or add/move this structure from evp-int.h to evp.h (so it's no
longer opaque).
What is your opinion?
Thanks!
Regards,
Uri
Sent from my iPhone
On Oct 1, 2017, at 18:54, Dr. Stephen Henson <st...@openssl.org> wrote:
On Fri, Sep 29, 2017, Blumenthal, Uri - 0553 - MITLL wrote:
Apologies in advance for cross-posting ??? but I???m not sure which of the two
mailing lists this belongs to.
A key (say, private key) is loaded from the pkcs11 engine via privkey =
ENGINE_load_private_key(engine, <whatever else>); and this operation succeeds.
However the resulting key handle has its engine == NULL. I looked for a method
or a macro to explicitly set that value to the pointer to the engine that this
key is bound to, but couldn???t find any. I define new methods such as
pkcs11_pkey_rsa_decrypt(), and try to make OpenSSL aware of them via:
EVP_PKEY_METHOD *orig_pmeth = EVP_PKEY_meth_find(EVP_PKEY_RSA);
EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_new(EVP_PKEY_RSA,
EVP_PKEY_FLAG_AUTOARGLEN);
EVP_PKEY_meth_copy(pmeth, orig_pmeth);
EVP_PKEY_meth_get_decrypt(orig_pmeth, &pdecr_init, &pdecr);
EVP_PKEY_meth_set_decrypt(pmeth, pdecr_init, pkcs11_pkey_rsa_decrypt);
There doesn't seem to be any easy way to do that for an existing method. If
the ENGINE has its own ASN.1 method things become easier.
A workaround might be to use a copy of an existing A workaround might be to
create a copy of an existing ASN.1 method but I've not tried that.
In ENGINE_set_pkey_meths(engine, pkey_meths) what should pkey_meths() actually
be? Is it documented?
Not currently but it similar to the cipher/digest functions but handles
EVP_PKEY_METHOD instead.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
