[openssl-users] Missing EVP_PKEY method to set engine?
Dr. Stephen Henson
steve at openssl.org
Sun Oct 1 22:54:26 UTC 2017
On Fri, Sep 29, 2017, Blumenthal, Uri - 0553 - MITLL wrote:
> Apologies in advance for cross-posting ??? but I???m not sure which of the two mailing lists this belongs to.
> A key (say, private key) is loaded from the pkcs11 engine via privkey = ENGINE_load_private_key(engine, <whatever else>); and this operation succeeds.
> However the resulting key handle has its engine == NULL. I looked for a method or a macro to explicitly set that value to the pointer to the engine that this key is bound to, but couldn???t find any. I define new methods such as pkcs11_pkey_rsa_decrypt(), and try to make OpenSSL aware of them via:
> EVP_PKEY_METHOD *orig_pmeth = EVP_PKEY_meth_find(EVP_PKEY_RSA);
> EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_new(EVP_PKEY_RSA, EVP_PKEY_FLAG_AUTOARGLEN);
> EVP_PKEY_meth_copy(pmeth, orig_pmeth);
> EVP_PKEY_meth_get_decrypt(orig_pmeth, &pdecr_init, &pdecr);
> EVP_PKEY_meth_set_decrypt(pmeth, pdecr_init, pkcs11_pkey_rsa_decrypt);
There doesn't seem to be any easy way to do that for an existing method. If
the ENGINE has its own ASN.1 method things become easier.
A workaround might be to use a copy of an existing A workaround might be to
create a copy of an existing ASN.1 method but I've not tried that.
> In ENGINE_set_pkey_meths(engine, pkey_meths) what should pkey_meths() actually be? Is it documented?
Not currently but it similar to the cipher/digest functions but handles
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users