Hello, right now I am continuing the development of my own PKCS#11 engine to OpenSSL. I had several problems in the past, I had to change
if (do_verify) r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey); else r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey); for if (do_verify) r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey); else r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey); in the dgst.c file from OpenSSL source code, because if I did not do this change I got the next error: Error setting context 3916:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented public key method:.\crypto\engine\tb_pkmeth.c:127: 3916:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm:.\crypto\evp\pmeth_lib.c:161: error in dgst when I tried to lunch: openssl dgst -sha1 -sign <id_of_private_key> -keyform engine -out <file> -engine <id-engine> <file-with-data> I have realized that in my bind_helper function I have the next: if (!ENGINE_set_id (e, "PKCS11") || !ENGINE_set_destroy_function (e, pkcs11_engine_destroy) || !ENGINE_set_init_function (e, pkcs11_init) || !ENGINE_set_finish_function (e, pkcs11_finish) || !ENGINE_set_ctrl_function (e, pkcs11_engine_ctrl) || !ENGINE_set_cmd_defns (e, pkcs11_cmd_defns) || !ENGINE_set_name (e, "Engine PKCS#11") || !ENGINE_set_RSA (e, &rsa_method) || !ENGINE_set_default (e, ENGINE_METHOD_RSA) || !ENGINE_set_load_privkey_function (e, pkcs11_load_private_key) || !ENGINE_set_load_pubkey_function (e, pkcs11_load_public_key) || !ENGINE_set_RAND(e, &aleatorios) || !ENGINE_set_ciphers (e, engine_ciphers) || !ENGINE_register_ciphers (e) || !ENGINE_set_digests (e, engine_digests)) { return 0; } But I do not have a call to ENGINE_set_pkey_meths, may it be the cause of my problem?. These function receives: (ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f) where f can be: static int gost_pkey_meths (ENGINE *e, EVP_PKEY_METHOD **pmeth, const int **nids, int nid) but it is undocumented and I do not know how to work with that. My aim is to carry out "sign" and "verify" with no changes in original OpenSSL source code. Thanks for your help. Kindest regard. El 30 de junio de 2010 10:34, Nacho Álvarez <nasin...@gmail.com> escribió: > I'm sorry very very much, I downloaded 1.0.0 instead of 1.0.0a. > > In last version I did the changes, compiled and ran OK. > > thank you very much for your help. > > 2010/6/29 Dr. Stephen Henson <st...@openssl.org> > >> On Tue, Jun 29, 2010, Nacho lvarez wrote: >> >> > Ok, with option disable-capieng (I didn't know it) OpenSSL compiles... >> but I >> > changed "e" for NULL in those calls (EVP_Digest... in dgst.c file) and >> the >> > same error occurs: >> > >> > Error setting context >> > 295228:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented >> > public key method:tb_pkmeth.c:127: >> > 295228:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported >> > algorithm:pmeth_lib.c:161: >> > error in dgst >> > >> > >> >> Hmm... that works for me. Check you aren't using the old version of >> openssl >> with: >> >> openssl version -a >> >> Steve. >> -- >> Dr Stephen N. Henson. OpenSSL project core developer. >> Commercial tech support now available see: http://www.openssl.org >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> > >