[openssl-dev] [RFC 1/2] engine: add new flag based method for loading engine keys
David Woodhouse
dwmw2 at infradead.org
Tue Nov 15 00:24:17 UTC 2016
> The assumption in all the current engine code is that key_id can be
> passed as something like a file name. There are some new users that
> actually want to pass a BIO, so add a new load_key method for engines
> that takes a flag value. The first defined flag is
> ENGINE_LOAD_KEY_FLAG_BIO which means that the key_id is actually a bio
> pointer.
I like that this also fixes the UI callback horridness discussed at
http://git.infradead.org/users/dwmw2/openconnect.git/blob/b8d39711:/openssl.c#l423
I like it even more that I can completely remove all mention of the TPM
and the special case to load the engine, and just rely on OpenSSL to Do
The Right Thing when I feed it a PEM file containing -----BEGIN TSS KEY
BLOB-----, just like GnuTLS does.
--
dwmw2
More information about the openssl-dev
mailing list