Doug, could you please take a look at PR #548 (or is it #549)? It also addresses this KEY_FORM issue.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: deeng...@gmail.com via RT Sent: Friday, January 15, 2016 17:10 Reply To: r...@openssl.org Cc: openssl-dev@openssl.org Subject: [openssl-dev] [openssl.org #4246] OpenSSL-1.1-pre2 openssl req fails to use engine req.c (and many of the other apps) appear to have lost the ability to use an engine. The attached diff is against the github.com verison using Tag OpenSSL_1_1-pre2 In the req_options[] table: OPT_KEY is set to "S" so pre- checking of the parameters does not drop the string passed to the engine. OPT_KEY_FORM is set to "f" so pre-checking will allow engine The engine is saved: e = setup_engine(opt_arg(), 1); (I turned on debug, may want that off. ) to allow the theOPT_KEY_FORM to be an engine: if (!opt_format(opt_arg(), OPT_FMT_PEMDER|OPT_FMT_ENGINE, &keyform)) This was tested with a modified version of OpenSC using ECDSA key on card to generate a self signed certificate. openssl req -config /tmp/genreq.6156.openssl.conf -engine pkcs11 -keyform e -sha256 -new -key slot_1-id_2 -out /tmp/selfsigned.pem -x509 -text P.S. The EC_KEY_* functions appear to be working too (#4225) Have not tried the ECDH yet. -- Douglas E. Engert <deeng...@gmail.com>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
