[openssl-users] How to override methods in EVP_PKEY_METHOD structure that is attached to a EVP_PKEY_CTX?

Stephan Mühlstrasser stm at pdflib.com
Mon Feb 27 09:15:41 UTC 2017


Am 25.02.17 um 05:53 schrieb Dr. Stephen Henson:
> On Fri, Feb 17, 2017, Stephan M?hlstrasser wrote:
> ...
>> Is it possible to override methods in an EVP_PKEY_METHOD structure,
>> or would it be necessary to implement a whole OpenSSL engine to do
>> what I want?
> It should be possible yes, though AFAIK no one has yet tried to do this so
> there may be some pieces missing.
> In outline you'd retrieve the appropriate EVP_PKEY_METHOD for the algorithm of
> interest, make a copy of it and then set the operation you wish to override,
> you can also retrieve the original operation in case you sometimes wish to
> call that.

thanks for confirming that this should be possible in principle.

I guess my problem was that I thought one must retrieve the 
EVP_PKEY_METHOD from the EVP_PKEY_CTX pointer. As you are saying it must 
be retrieved for the algorithm, I think I understood now that it must be 
fetched via EVP_PKEY_meth_find().

Is the following sketch roughly appropriate?

int my_sign_init_function(EVP_PKEY_CTX *ctx);
int my_sign_function(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t 
*siglen, const unsigned char *tbs, size_t tbslen);

const EVP_PKEY_METHOD *rsa_meth = EVP_PKEY_meth_find(EVP_PKEY_RSA);
EVP_PKEY_METHOD *new_rsa_meth = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0);
EVP_PKEY_meth_copy(new_rsa_meth, rsa_meth);
EVP_PKEY_meth_set_sign(new_rsa_meth, my_sign_init_function, 

What is still unclear to me is how to retrieve the original function 
pointers from the EVP_PKEY_METHOD. EVP_PKEY_METHOD is an opaque 
structure, and I could not find a getter counterpart for 

How is it supposed to be possible to retrieve the original operations 
from an EVP_PKEY_METHOD pointer?



More information about the openssl-users mailing list