[openssl-users] Missing EVP_PKEY method to set engine?

Dr. Stephen Henson steve at openssl.org
Sun Oct 1 22:54:26 UTC 2017


On Fri, Sep 29, 2017, Blumenthal, Uri - 0553 - MITLL wrote:

> Apologies in advance for cross-posting ??? but I???m not sure which of the two mailing lists this belongs to.
> 
> A key (say, private key) is loaded from the pkcs11 engine via privkey = ENGINE_load_private_key(engine, <whatever else>); and this operation succeeds.
> 
> However the resulting key handle has its engine == NULL. I looked for a method or a macro to explicitly set that value to the pointer to the engine that this key is bound to, but couldn???t find any. I define new methods such as pkcs11_pkey_rsa_decrypt(), and  try to make OpenSSL aware of them via:
> 
>         EVP_PKEY_METHOD *orig_pmeth = EVP_PKEY_meth_find(EVP_PKEY_RSA);
> 
>    EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_new(EVP_PKEY_RSA, EVP_PKEY_FLAG_AUTOARGLEN);
> 
>    EVP_PKEY_meth_copy(pmeth, orig_pmeth);
> 
>    EVP_PKEY_meth_get_decrypt(orig_pmeth, &pdecr_init, &pdecr);
> 
>    EVP_PKEY_meth_set_decrypt(pmeth, pdecr_init, pkcs11_pkey_rsa_decrypt);
> 

There doesn't seem to be any easy way to do that for an existing method. If
the ENGINE has its own ASN.1 method things become easier.

A workaround might be to use a copy of an existing A workaround might be to
create a copy of an existing ASN.1 method but I've not tried that.

> 
> In ENGINE_set_pkey_meths(engine, pkey_meths) what should pkey_meths() actually be? Is it documented? 
> 
>  

Not currently but it similar to the cipher/digest functions but handles
EVP_PKEY_METHOD instead.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


More information about the openssl-users mailing list