I need an advice on usind EVP_SignFinal function with two private key
objects stored on two different tokens. I can use two PKCS11 engine
instances to access these objects in low-level functions. But
EVP_SignFinal implementation uses EVP_PKEY_CTX_new(pkey, NULL) call
internally to create internal signing context with NULL engine. Then
int_ctx_new function finds an engine by NID:
e = ENGINE_get_pkey_meth_engine(id);
and users first found engine instance. As a result only first token can
be used for signing.
How can I specify right engine instance for signing context without
OpenSSL source code modifications?
Valery Blazhnov
LISSI ltd.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org