On 26/05/07, Nils Larsch <[EMAIL PROTECTED]> wrote: > Andreas Jellinghaus wrote: > > On Thursday 24 May 2007 15:12:34 Robin Bryce wrote: > >> supposed to obtain the required size from the implementation. Current > >> code forces it to the result of PKCS11_get_key_size. I don't > >> understand how this could ever be the "right thing" to do - what am I > >> missing ? > > > > not sure either. if you want I can apply your patch so we can try to find > > out. > > I think the patch is correct
Thanks for taking the time to look at it. I've been down with flu for past few days. After posting the patch I think I discovered the reason. openssl s_server does not appear to use the "size discovery" idiom I mentioned in the OP. From memory, RSA_size/ RSA_sign don't do the right thing with the ENGINE api. I was looking at this from the perspective of producing a patch for apache2.2/mod_ssl that enabled openssl/engine support for a particular piece of hardware rather than openssl's apps suite. So I missed the significance of the comments in the original source. I'll open a ticket in libp11 for it when this flu lifts. Cheers, Robin On 26/05/07, Nils Larsch <[EMAIL PROTECTED]> wrote: > Andreas Jellinghaus wrote: > > On Thursday 24 May 2007 15:12:34 Robin Bryce wrote: > >> Was not sure whether this should be a ticket on the opensc trac or the > >> libp11 trac. > > > > this is libp11 code, so the libp11 trac is prefered. > > > >> Thought I'd raise it here instead. I believe the current > >> implementation of PKCS11_sign is broken. It should propogate the > >> callers "guess" of signature size to the underlying p11 > >> implementation. AIUI: Setting sigsize==0 is *how* applications are > >> supposed to obtain the required size from the implementation. Current > >> code forces it to the result of PKCS11_get_key_size. I don't > >> understand how this could ever be the "right thing" to do - what am I > >> missing ? > > > > not sure either. if you want I can apply your patch so we can try to find > > out. > > I think the patch is correct > > Cheers, > Nils > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
