On 3/31/2015 4:23 AM, Thomas Calderon wrote:
Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet to find a way to properly free the PKCS#11 resources.
OpenSC, engine_opensc and libp11 versions on github can use OpenSSL-1.0.2 with ECDSA. They have the similar problems with memory leaks and ECDSA. But they do work, if you can live with the memory leaks,for example to sign a certificate request with ECDSA.
Is this a contribution you might be interested in ?
Any OpenSSL code to call PKCS#11 directly and eliminate the need for the engine_opensc would welcome.
Cheers, Thomas Calderon _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
-- Douglas E. Engert <DEEngert@xxxxxxxxx> _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev