[openssl-dev] openssl pkeyutl unable to use keys on a PKCS11 token?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Tue Jan 12 18:24:26 UTC 2016
On 12/10/15, 16:56 , "openssl-dev on behalf of Dr. Stephen Henson"
<openssl-dev-bounces at openssl.org on behalf of steve at openssl.org> wrote:
>On Thu, Dec 10, 2015, Blumenthal, Uri - 0553 - MITLL wrote:
>...
>
>> >Temporary fix is to set the second argument in EVP_PKEY_CTX_new to NULL
>> >in pkeyutl.c
>>
>> With your proposed (temporary) fix, the signature both generated and
>> verified successfully (see below). Could I ask to push this fix to the
>> master, and maybe/hopefully to 1_0_2 branch?
>>
>
>As I indicated the fix I suggested it temporary. Sometimes a user will
>want
>that behaviour so we'd need a new command line option indicating the
>private
>key engine only.
I’ve submitted a PR <https://github.com/openssl/openssl/pull/523> that
does what you suggested, and has been reviewed favorable (thanks, R$, :-).
When could it be merged? (So it has a chance to percolate down to the
actual distros, and I can return to running openssl from a standard build
that somebody else maintains, rather than my own github clone :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4308 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160112/3be9f7ae/attachment.bin>
More information about the openssl-dev
mailing list