Status of OpenSC, libp11, engine using OpenSSL-1.1-pre2

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Status of OpenSC, libp11, engine using OpenSSL-1.1-pre2

Douglas E Engert
I have OpenSC, libp11, engine-pkcs11, working with OpenSSL-1.1-pre2

This includes ECDH support in libp11, engine-pkcs11. There is still a lot of cleanup to be done to get the ECDH  code in shape.
I was able to use the OpenSSL cms -encrypt  using the certificate for the  recipient. Then used the cms -decrypt with the smart card of the
recipient to do a ECDH operation to get the AES key to decrypt the message.

OpenSSL is still not stable, but they have been fixing bugs.

One issue with OpenSC is that  src/common/simclist.h  does:
#   define inline           /* inline */

OpenSSL  e_os2.h does:
# if !defined(inline) && !defined(__cplusplus)

So depending on the order of header files, things work fine, or you get pages of errors
because  ossl_inline is not  not changed.

The line above should have been:
# if !defined(ossl_inline) && !defined(__cplusplus)
See: https://rt.openssl.org/Ticket/Display.html?id=4245

I hope to have the libp11 and engine changes cleaned up in the next few days.








--

  Douglas E. Engert  <[hidden email]>
 


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel