I have OpenSC, libp11, engine-pkcs11, working with OpenSSL-1.1-pre2
This includes ECDH support in libp11, engine-pkcs11. There is still a lot of cleanup to be done to get the ECDH code in shape.
I was able to use the OpenSSL cms -encrypt using the certificate for the recipient. Then used the cms -decrypt with the smart card of the
recipient to do a ECDH operation to get the AES key to decrypt the message.
OpenSSL is still not stable, but they have been fixing bugs.
One issue with OpenSC is that src/common/simclist.h does:
# define inline /* inline */
OpenSSL e_os2.h does:
# if !defined(inline) && !defined(__cplusplus)
So depending on the order of header files, things work fine, or you get pages of errors
because ossl_inline is not not changed.
The line above should have been:
# if !defined(ossl_inline) && !defined(__cplusplus)
See: https://rt.openssl.org/Ticket/Display.html?id=4245
I hope to have the libp11 and engine changes cleaned up in the next few days.
--
Douglas E. Engert <DEE...@gm...>
|
