Menu
▾
▴
[Opensc-commits] [OpenSC/pkcs11-helper] 7eea20: Support passing CK_MECHANISM parameters to private...
|
From: Selva N. <no...@gi...> - 2021-09-27 20:51:08
|
Branch: refs/heads/pss1 Home: https://github.com/OpenSC/pkcs11-helper Commit: 7eea20d7651dde1ba64348ae55795d967cf41304 https://github.com/OpenSC/pkcs11-helper/commit/7eea20d7651dde1ba64348ae55795d967cf41304 Author: Selva Nair <sel...@gm...> Date: 2021-05-02 (Sun, 02 May 2021) Changed paths: M include/pkcs11-helper-1.0/pkcs11.h M include/pkcs11-helper-1.0/pkcs11h-certificate.h M lib/pkcs11h-certificate.c M lib/pkcs11h-openssl.c Log Message: ----------- Support passing CK_MECHANISM parameters to private key ops Instead of mechanism_type, pass the mechanism struct to private key operations. This is needed to support paddings schemes such as PSS that require additional entries in the CK_MECHANISM structure. No change in functionality, but some externally visible methods change their function signature. Signed-off-by: Selva Nair <sel...@gm...> Commit: 704f1c8df7f77f37ec4e298b21936d3aeed1e7d9 https://github.com/OpenSC/pkcs11-helper/commit/704f1c8df7f77f37ec4e298b21936d3aeed1e7d9 Author: Selva Nair <sel...@gm...> Date: 2021-05-02 (Sun, 02 May 2021) Changed paths: M include/pkcs11-helper-1.0/pkcs11.h M lib/pkcs11h-openssl.c Log Message: ----------- Add EVP_PKEY methods for RSA keys In OpenSSL, hooking into EVP_PKEY methods is required for handling RSA-PSS padding that is required for TLS 1.3. As associating EVP_PKEY methods with specifc keys require the use of the engine API, the added methods are activated in the next patch where a private engine for internal use is added. Only pkey methods for RSA keys is implemented. Signed-off-by: Selva Nair <sel...@gm...> Commit: de3a0b146e4686b2c2c9b6fa9b74313388915c7d https://github.com/OpenSC/pkcs11-helper/commit/de3a0b146e4686b2c2c9b6fa9b74313388915c7d Author: Selva Nair <sel...@gm...> Date: 2021-05-02 (Sun, 02 May 2021) Changed paths: M lib/pkcs11h-openssl.c Log Message: ----------- Add an internal engine for attaching custom EVP_PKEY methods to keys Add a rudimentary engine framework strictly for internal the use in the library. This engine cannot be instantiated from applications and is not designed for such use. The engine set on private key handles that are returned to applications so that their private key operations can be intercepted. Signed-off-by: Selva Nair <sel...@gm...> Compare: https://github.com/OpenSC/pkcs11-helper/compare/7eea20d7651d%5E...de3a0b146e46 |
