[openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?
Stephan Mühlstrasser
stm at pdflib.com
Mon Feb 27 09:15:41 UTC 2017
Steve,
Am 25.02.17 um 05:53 schrieb Dr. Stephen Henson:
> On Fri, Feb 17, 2017, Stephan M?hlstrasser wrote:
> ...
>> Is it possible to override methods in an EVP_PKEY_METHOD structure,
>> or would it be necessary to implement a whole OpenSSL engine to do
>> what I want?
>>
>
> It should be possible yes, though AFAIK no one has yet tried to do this so
> there may be some pieces missing.
>
> In outline you'd retrieve the appropriate EVP_PKEY_METHOD for the algorithm of
> interest, make a copy of it and then set the operation you wish to override,
> you can also retrieve the original operation in case you sometimes wish to
> call that.
thanks for confirming that this should be possible in principle.
I guess my problem was that I thought one must retrieve the
EVP_PKEY_METHOD from the EVP_PKEY_CTX pointer. As you are saying it must
be retrieved for the algorithm, I think I understood now that it must be
fetched via EVP_PKEY_meth_find().
Is the following sketch roughly appropriate?
int my_sign_init_function(EVP_PKEY_CTX *ctx);
int my_sign_function(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t
*siglen, const unsigned char *tbs, size_t tbslen);
const EVP_PKEY_METHOD *rsa_meth = EVP_PKEY_meth_find(EVP_PKEY_RSA);
EVP_PKEY_METHOD *new_rsa_meth = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0);
EVP_PKEY_meth_copy(new_rsa_meth, rsa_meth);
EVP_PKEY_meth_set_sign(new_rsa_meth, my_sign_init_function,
my_sign_function);
EVP_PKEY_meth_add0(new_rsa_meth);
What is still unclear to me is how to retrieve the original function
pointers from the EVP_PKEY_METHOD. EVP_PKEY_METHOD is an opaque
structure, and I could not find a getter counterpart for
EVP_PKEY_meth_set_sign().
How is it supposed to be possible to retrieve the original operations
from an EVP_PKEY_METHOD pointer?
Thanks.
--
Stephan
More information about the openssl-users
mailing list