On Fri, Sep 29, 2017, Blumenthal, Uri - 0553 - MITLL wrote: > Apologies in advance for cross-posting ??? but I???m not sure which of the > two mailing lists this belongs to. > > A key (say, private key) is loaded from the pkcs11 engine via privkey = > ENGINE_load_private_key(engine, <whatever else>); and this operation succeeds. > > However the resulting key handle has its engine == NULL. I looked for a > method or a macro to explicitly set that value to the pointer to the engine > that this key is bound to, but couldn???t find any. I define new methods such > as pkcs11_pkey_rsa_decrypt(), and try to make OpenSSL aware of them via: > > EVP_PKEY_METHOD *orig_pmeth = EVP_PKEY_meth_find(EVP_PKEY_RSA); > > EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_new(EVP_PKEY_RSA, > EVP_PKEY_FLAG_AUTOARGLEN); > > EVP_PKEY_meth_copy(pmeth, orig_pmeth); > > EVP_PKEY_meth_get_decrypt(orig_pmeth, &pdecr_init, &pdecr); > > EVP_PKEY_meth_set_decrypt(pmeth, pdecr_init, pkcs11_pkey_rsa_decrypt); >
There doesn't seem to be any easy way to do that for an existing method. If the ENGINE has its own ASN.1 method things become easier. A workaround might be to use a copy of an existing A workaround might be to create a copy of an existing ASN.1 method but I've not tried that. > > In ENGINE_set_pkey_meths(engine, pkey_meths) what should pkey_meths() > actually be? Is it documented? > > Not currently but it similar to the cipher/digest functions but handles EVP_PKEY_METHOD instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
