Hello, right now I am continuing the development of my own PKCS#11 engine
to OpenSSL. I had several problems in the past, I had to change
if (do_verify)
r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
else
r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
for
if (do_verify)
r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
else
r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
in the dgst.c file from OpenSSL source code, because if I did not do this
change I got the next error:
Error setting context
3916:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented
public key method:.\crypto\engine\tb_pkmeth.c:127:
3916:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported
algorithm:.\crypto\evp\pmeth_lib.c:161:
error in dgst
when I tried to lunch:
openssl dgst -sha1 -sign <id_of_private_key> -keyform engine -out
<file> -engine <id-engine> <file-with-data>
I have realized that in my bind_helper function I have the next:
if (!ENGINE_set_id (e, "PKCS11") ||
!ENGINE_set_destroy_function (e, pkcs11_engine_destroy) ||
!ENGINE_set_init_function (e, pkcs11_init) ||
!ENGINE_set_finish_function (e, pkcs11_finish) ||
!ENGINE_set_ctrl_function (e, pkcs11_engine_ctrl) ||
!ENGINE_set_cmd_defns (e, pkcs11_cmd_defns) ||
!ENGINE_set_name (e, "Engine PKCS#11") ||
!ENGINE_set_RSA (e, &rsa_method) ||
!ENGINE_set_default (e, ENGINE_METHOD_RSA) ||
!ENGINE_set_load_privkey_function (e, pkcs11_load_private_key) ||
!ENGINE_set_load_pubkey_function (e, pkcs11_load_public_key) ||
!ENGINE_set_RAND(e, &aleatorios) ||
!ENGINE_set_ciphers (e, engine_ciphers) ||
!ENGINE_register_ciphers (e) ||
!ENGINE_set_digests (e, engine_digests)) {
return 0;
}
But I do not have a call to ENGINE_set_pkey_meths, may it be the cause of
my problem?. These function receives:
(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
where f can be:
static int gost_pkey_meths (ENGINE *e, EVP_PKEY_METHOD **pmeth, const int
**nids, int nid)
but it is undocumented and I do not know how to work with that. My aim is
to carry out "sign" and "verify" with no changes in original OpenSSL source
code.
Thanks for your help.
Kindest regard.
El 30 de junio de 2010 10:34, Nacho Álvarez <nasin...@gmail.com> escribió:
> I'm sorry very very much, I downloaded 1.0.0 instead of 1.0.0a.
>
> In last version I did the changes, compiled and ran OK.
>
> thank you very much for your help.
>
> 2010/6/29 Dr. Stephen Henson <st...@openssl.org>
>
>> On Tue, Jun 29, 2010, Nacho lvarez wrote:
>>
>> > Ok, with option disable-capieng (I didn't know it) OpenSSL compiles...
>> but I
>> > changed "e" for NULL in those calls (EVP_Digest... in dgst.c file) and
>> the
>> > same error occurs:
>> >
>> > Error setting context
>> > 295228:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented
>> > public key method:tb_pkmeth.c:127:
>> > 295228:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported
>> > algorithm:pmeth_lib.c:161:
>> > error in dgst
>> >
>> >
>>
>> Hmm... that works for me. Check you aren't using the old version of
>> openssl
>> with:
>>
>> openssl version -a
>>
>> Steve.
>> --
>> Dr Stephen N. Henson. OpenSSL project core developer.
>> Commercial tech support now available see: http://www.openssl.org
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-users@openssl.org
>> Automated List Manager majord...@openssl.org
>>
>
>
