The problem is that the use oF engines should be
totaly transparent to the higher API, but apparently
it's not.
I don't call RSA_check_key for a hardware key, I call
it for my CA private key, and I don't know if it's a
hardware or software key since it's transparent.
I'm supposed to be able to call any RSA API with a
hardware key, but I can't, so I don't know if it's bug
or a conception problem on engines layer.

It wouldn't take much to make this function
compatible, or the others that I haven't used and that
have the same problem, maybe create a new flag for the
RSA keys, I already use RSA_FLAG_EXT_PKEY, what about
something like RSA_FLAG_ENGINE_PKEY, I imagine that it
would force peoples to modify there code for their
engines, to add this flag when they load a key.

This problem will probably show up for DSA, DH, DES
keys aswell.

Frédéric Giudicelli

___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to