From dd10c493bb5e31dcddd382c08dcea88987d8bfd5 Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Date: Mon, 18 Sep 2023 20:16:07 +0200
Subject: [PATCH] core_sign_update: use pkcs11 openssl engine

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
---
 core_sign_update | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core_sign_update b/core_sign_update
index e897d108f6..065b64ad0a 100755
--- a/core_sign_update
+++ b/core_sign_update
@@ -136,7 +136,7 @@ i=1
 signature_sizes=""
 for key in "${private_keys[@]}"; do
 	if [[ "${key}" == pkcs11* ]]; then
-		openssl rsautl -engine pkcs11 -pkcs -sign -inkey ${key} -keyform engine -in update.pkcs11-padhash -out update.sig.${i}
+		OPENSSL_CONF=/etc/ssl/pkcs11.cnf openssl pkeyutl -engine pkcs11 -sign -keyform engine -inkey "${key}" -in update.pkcs11-padhash -out "update.sig.${i}"
 	elif [[ "${key}" == fero* ]]; then
 		fero-client \
 			--address $FLAGS_signing_server_address \