Add extern C functions for ENGINE to use hardware private keys

[TheEnbyperor]

Needed this functions to use PKCS#11 to access private keys using libp11, so am now suggesting they're merged into upstream.

More work would be needed to expose a safe interface for these, although given that loading an engine results in telling openssl to randomly open .so files I'm sure a safe interface is even possible / desirable.

Hope these are useful contributions.

[sfackler]

It looks like you'll need to add another header here to get systest compiling: https://github.com/sfackler/rust-openssl/blob/master/systest/build.rs#L47

[sfackler]

We should be able to just use a c_int here since it's not publicly exposed, which also avoids potential UB issues if new variants are added to UI_string_types on OpenSSL's end.

[TheEnbyperor]

It is documented on the openssl website (https://www.openssl.org/docs/man1.1.1/man3/UI_string_types.html) so I assumed this is something that should be public.

[sfackler]

But none of the fields in the structs you've defined are public.

[TheEnbyperor]

Ah yeah, my bad, will fix!

[artemist]

On my system UI_METHOD is an incomplete type. I have a quick fix in my repo at artemist@43af0af but I don't believe this is ready for upstream (I've only tested one OpenSSL version)

[taikulawo]

Same here, any progress? We need openssl engine do some intel QAT offload

[larrydewey]

Would there be any objections if I were to pick this up and finish the work here?

[IniterWorker]

It seems like the previous struct comment is missing:

/* .... */

/*
 * Duplicate the ui_data that often comes alongside a ui_method. This
 * allows some backends to save away UI information for later use.
 */
void *(*ui_duplicate_data)(UI *ui, void *ui_data);
void (*ui_destroy_data)(UI *ui, void *ui_data);

/* .... */

/*
 * UI_METHOD specific application data.
 */
CRYPTO_EX_DATA ex_data;

See OpenSSL.

I checked the rest, and I think with the current state of this crate, we have everything to test it. The remaining question is: do we need to provide a safe interface that will take care of allocating and deallocating the resources?

[IniterWorker]

It looks like you'll need to add another header to get systest compiling: build.rs#L51.

Specifically, it is missing openssl/engine.h.

Details

I am working a bit on this and hit a wall addressing the support of the UI_METHOD type.

EDIT: I think, we should create ui.rs handwritten types to sustain the implementation of engine.

EDIT2: I made some code starter on https://github.com/IniterWorker/rust-openssl/tree/feature/engine. If you have comments, I could maybe open a new PR.