[Opensc-devel] Status of OpenSC, libp11, engine using OpenSSL-1.1-pre2

[Douglas E E. <dee...@gm...>]

I have OpenSC, libp11, engine-pkcs11, working with OpenSSL-1.1-pre2

This includes ECDH support in libp11, engine-pkcs11. There is still a lot of cleanup to be done to get the ECDH  code in shape.
I was able to use the OpenSSL cms -encrypt  using the certificate for the  recipient. Then used the cms -decrypt with the smart card of the
recipient to do a ECDH operation to get the AES key to decrypt the message.

OpenSSL is still not stable, but they have been fixing bugs.

One issue with OpenSC is that  src/common/simclist.h  does:
#   define inline           /* inline */

OpenSSL  e_os2.h does:
# if !defined(inline) && !defined(__cplusplus)

So depending on the order of header files, things work fine, or you get pages of errors
because  ossl_inline is not  not changed.

The line above should have been:
# if !defined(ossl_inline) && !defined(__cplusplus)
See: https://rt.openssl.org/Ticket/Display.html?id=4245

I hope to have the libp11 and engine changes cleaned up in the next few days.








-- 

  Douglas E. Engert  <DEE...@gm...>