Branch: refs/heads/master
Home: https://github.com/OpenSC/libp11
Commit: 335cf75d1dbac1479bbff6d0aa2986962c5214a5
https://github.com/OpenSC/libp11/commit/335cf75d1dbac1479bbff6d0aa2986962c5214a5
Author: Michał Trojnara <Mic...@st...>
Date: 2022-08-13 (Sat, 13 Aug 2022)
Changed paths:
M tests/Makefile.am
R tests/ec-ecparam.softhsm
Log Message:
-----------
Revert "Add 'ec-ecparam.softhsm' test (#465)"
This test only works on OpenSSL 1.1.1, because while `openssl ecparam`
opens the engine specified in the `-engine` parameter, it never uses the
engine for actual key generation.
This bug in OpenSSL 1.1.1 can be easily confirmed with:
```sh
$ openssl version
OpenSSL 1.1.1n 15 Mar 2022
$ pkcs11-tool --list-token-slots
Available slots:
No slots.
$ openssl ecparam -engine pkcs11 -name prime256v1 -genkey -out ec_key.pem
engine "pkcs11" set.
$ cat ec_key.pem
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEILV/lcPsKV8J37hOf7nMmT9FBgync4fLx73HkH+STektoAoGCCqGSM49
AwEHoUQDQgAE5+qQeMjnQNZJrkB1RuwjDgvpTec2diaQR94K2xIy+aqawRFCUnCn
5HXHrIwCMtpb7LwRikA8tuQxtSKfPIILXw==
-----END EC PRIVATE KEY-----
```
Generating a key on an engine and saving the private key to a file is
*not* a functionality that we want to support. It's easier, faster and
more secure to generate the key pair in software instead.
This reverts commit 5c5e2b61b7619f48f378a8540ca85f967b13d7b9 (#465).
|
