[openssl-dev] [openssl.org #4246] OpenSSL-1.1-pre2 openssl req fails to use engine

deengert@gmail.com via RT rt at openssl.org
Fri Jan 15 22:09:50 UTC 2016


req.c (and many of the other apps) appear to have lost the ability to use an engine.
The attached diff  is against the github.com verison using  Tag OpenSSL_1_1-pre2
In the req_options[] table:
OPT_KEY is set to "S" so pre- checking of the parameters does not drop the string passed to the engine.
OPT_KEY_FORM is set to "f" so pre-checking will allow engine

The engine is saved:
e = setup_engine(opt_arg(), 1);

(I turned on debug, may want that off. )

to allow the theOPT_KEY_FORM to be an engine:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER|OPT_FMT_ENGINE, &keyform))

This was tested with a modified version of OpenSC using ECDSA key on card to generate a self signed certificate.

openssl req -config /tmp/genreq.6156.openssl.conf -engine pkcs11 -keyform e -sha256 -new -key slot_1-id_2 -out  /tmp/selfsigned.pem -x509 -text


P.S. The EC_KEY_* functions appear to be working too (#4225) Have not tried the ECDH yet.

-- Douglas E. Engert <DEEngert at gmail.com>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: req.c.diff
Type: text/x-patch
Size: 1418 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160115/c0b86afe/attachment-0001.bin>


More information about the openssl-dev mailing list