The problem is that the use oF engines should be totaly transparent to the higher API, but apparently it's not. I don't call RSA_check_key for a hardware key, I call it for my CA private key, and I don't know if it's a hardware or software key since it's transparent. I'm supposed to be able to call any RSA API with a hardware key, but I can't, so I don't know if it's bug or a conception problem on engines layer.
It wouldn't take much to make this function compatible, or the others that I haven't used and that have the same problem, maybe create a new flag for the RSA keys, I already use RSA_FLAG_EXT_PKEY, what about something like RSA_FLAG_ENGINE_PKEY, I imagine that it would force peoples to modify there code for their engines, to add this flag when they load a key. This problem will probably show up for DSA, DH, DES keys aswell. Frédéric Giudicelli ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]