From e7a819a27647cb4bcaf275cb626e8ced8984b479 Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Date: Mon, 18 Sep 2023 20:16:07 +0200
Subject: [PATCH] core_sign_update: use pkcs11 openssl engine

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
---
 core_sign_update | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core_sign_update b/core_sign_update
index e897d108f61..eae005ec5c3 100755
--- a/core_sign_update
+++ b/core_sign_update
@@ -136,7 +136,8 @@ i=1
 signature_sizes=""
 for key in "${private_keys[@]}"; do
 	if [[ "${key}" == pkcs11* ]]; then
-		openssl rsautl -engine pkcs11 -pkcs -sign -inkey ${key} -keyform engine -in update.pkcs11-padhash -out update.sig.${i}
+		# NOTE: When we will use OpenSSL 3: use the following URI: pkcs11:id=%${ID}?pin-source=file:/tmp/pin
+		openssl pkeyutl -engine pkcs11 -sign -keyform engine -inkey "${key}" -in update.pkcs11-padhash -out "update.sig.${i}"
 	elif [[ "${key}" == fero* ]]; then
 		fero-client \
 			--address $FLAGS_signing_server_address \