On 12/10/15, 16:56 , "openssl-dev on behalf of Dr. Stephen Henson" <openssl-dev-boun...@openssl.org on behalf of st...@openssl.org> wrote:
>>>Temporary fix is to set the second argument in EVP_PKEY_CTX_new to NULL >> >in pkeyutl.c >> >> With your proposed (temporary) fix, the signature both generated and >> verified successfully (see below). Could I ask to push this fix to the >> master, and maybe/hopefully to 1_0_2 branch? >> > >As I indicated the fix I suggested it temporary. Sometimes a user will >want >that behaviour so we'd need a new command line option indicating the >private >key engine only. Ideally engine_pkcs11 should do it automatically, but I see your point. Perhaps the code in pkeyutl.c could check if (a) engine is set, and (b) the engine is PKCS11? And if so - automatically do the right thing? Do you envision other engines with similar needs? My assumption was that the only engine that talks to smart cards is pkcs11... In the meanwhile, in your opinion should rsautl need a similar patch, or would it work out of box, like dgst did? Thank you!
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
