Brian Smith wrote: <snip>
> It didn't work. The engine works fine for SHA1 and MD5, but if I request > digest 672 (hard-coded value of NID_sha256, since NID_sha256 isn't in the > openssl headers), it fails. If I use the PKCS#11 interface, CKM_SHA256 works > just fine. Maybe this is because bug 6562155 > (http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6562155). Indeed. You can look at OpenSSL PKCS#11 engine (or _generically_ speaking any other OpenSSL engine) as a way how to provide alternative implementation to EVP class (or RSA/DSA/DH, but nothing else) functions. This means that for the engine to support SHA-2 OpenSSL itself must implement SHA-2 via EVP API. To conclude, for this to work in S10 update release (and we are kind of getting out of scope here since this is OpenSolaris list) OpenSSL in S10uX would have to support SHA-2 which it does not. Since OpenSSL 0.9.7 is not compatible with 0.9.8 this is not likely to happen [*]. Using SCF (Solaris Crypto Framework, libpkcs11.so) directly via PKCS#11 API seems to be the only option here. v. [*] http://blogs.sun.com/janp/entry/on_openssl_versions_in_solaris
