Apologies in advance for cross-posting – but I’m not sure which of the two 
mailing lists this belongs to.

 

A key (say, private key) is loaded from the pkcs11 engine via privkey = 
ENGINE_load_private_key(engine, <whatever else>); and this operation succeeds.

 

However the resulting key handle has its engine == NULL. I looked for a method 
or a macro to explicitly set that value to the pointer to the engine that this 
key is bound to, but couldn’t find any. I define new methods such as 
pkcs11_pkey_rsa_decrypt(), and  try to make OpenSSL aware of them via:

   

        EVP_PKEY_METHOD *orig_pmeth = EVP_PKEY_meth_find(EVP_PKEY_RSA);

   EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_new(EVP_PKEY_RSA, 
EVP_PKEY_FLAG_AUTOARGLEN);

   EVP_PKEY_meth_copy(pmeth, orig_pmeth);

 

   EVP_PKEY_meth_get_decrypt(orig_pmeth, &pdecr_init, &pdecr);

   EVP_PKEY_meth_set_decrypt(pmeth, pdecr_init, pkcs11_pkey_rsa_decrypt);

  

And then there’s a function PKCS11_pkey_meths(ENGINE *e, EVP_PKEY_METHOD 
**pmethods, const int **nids, int nid) that assigns the above pmeth to 
*pmethods.  

 

Is the above correct/sufficient? Somehow it seems to never invoke 
pkcs11_pkey_rsa_decrypt()  when it should be used.

 

How can one set the EVP_PKEY->engine field in 1.1+?

 

In ENGINE_set_pkey_meths(engine, pkey_meths) what should pkey_meths() actually 
be? Is it documented? 

 

When does libcrypto use ENGINE->pkey_meths methods instead of  
ENGINE->rsa_meth?  

 

Who/what entity is supposed to invoke ENGINE->pkey_meths to retrieve the RSA 
methods block? 

 

Is it normal if on a key (EVP_PKEY *) loaded by an engine, engine ptr is NULL? 
And if not – who/how should set those pointers to the correct value?

--

Regards,

Uri Blumenthal

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to