overload key signing function for opensc tokens...
Kevin Stefanik
kstef at mtppi.org
Tue Apr 8 03:25:12 EST 2003
My best guess... openssl immediately uses the engine if RSA_FLAG_SIGN_VER flag
is set - it doesn't check if there is an engine defined. In this case, in
my debugging, rsa.engine is 0x0 and the ENGINE_get_RSA() called from
RSA_sign call doesn't verify it before referencing an element of the
structure, so it segfaults.
Would a cleaner patch be to use the sc_get_engine() and assign an engine?
That doesn't seem to be happening in sc_read_pubkey at the moment. In fact,
I can't see that sc_get_engine is called anywhere. I'm currently using
0.9.7a, so shouldn't USE_ENGINE be undefined? What if there's no USE_ENGINE?
I'll also make my way over to openssl to see if the RSA_sign should check for
the engine or meth->rsa_sign instead of assuming the engine. Would that be
the only needed fix? It works here.
Thanks,
Kevin
On Sunday 06 April 2003 04:31 am, Markus Friedl wrote:
> On Fri, Apr 04, 2003 at 05:44:18PM -0500, Kevin Stefanik wrote:
> > I wasn't having much luck getting a key and certificate stored on a
> > hardware token to work until I made this fix. The ssh_rsa_sign key was
> > not using either overloading. I used the rsa.meth way, instead of the
> > engine.
>
> why does RSA_sign not use the overloaded methods?
>
> -m
More information about the openssh-unix-dev
mailing list