Add the possibility to load prvate and public keys from an engine and

implement it for nCipher hardware. The interface in itself should be clear enough, but the nCipher implementation is currently not the best when it comes to getting a passphrase from the user. However, getting it better is a little hard until a better user interaction method is create. Also, use the possibility in req, so we can start to create CSR's with keys from the nForce box. WARNING: I've made *no* tests yet, mostly because I didn't implement this on the machine where I have an nForce box to play with. All I know is that it compiles cleanly on Linux...
2000-07-06 18:40:10 +00:00
parent f3052a9eee
commit 64c4f5732d
17 changed files with 576 additions and 119 deletions
--- a/crypto/engine/engine_int.h
+++ b/crypto/engine/engine_int.h
@@ -64,6 +64,7 @@
 #include <openssl/dh.h>
 #include <openssl/rand.h>
 #include <openssl/bn.h>
+#include <openssl/evp.h>

 #ifdef  __cplusplus
 extern "C" {
@@ -110,6 +111,8 @@ typedef struct engine_st
 	int (*init)(void);
 	int (*finish)(void);
 	int (*ctrl)(int cmd, long i, void *p, void (*f)());
+	EVP_PKEY *(*load_privkey)(const char *key_id, const char *passphrase);
+	EVP_PKEY *(*load_pubkey)(const char *key_id, const char *passphrase);
 	int flags;
 	/* reference count on the structure itself */
 	int struct_ref;