[openssl-users] How to use the default ECDSA verify operation in my engine

Rémy Grünblatt remy.grunblatt at ens-lyon.fr
Wed Jun 17 13:03:52 UTC 2015


>  I want to create an engine for ECDSA, and implement my own signing
> operation in hardware.
> But I want to use the default verify operation to be used.
> Is there currently a way to do that?

Yosh.
I think you can declare a new ECDSA_METHOD structure and keep the
references to the openssl ecdsa_do_verify function while changing the
ecdsa_do_sign to your own function (it's what I do):

  static ECDSA_METHOD my_own_openssl_ecdsa_meth = {
      "OpenSSL ECDSA method",
      my_own_ecdsa_do_sign_function,
      ecdsa_sign_setup_no_digest,
      ecdsa_do_verify,
      ECDSA_FLAG_FIPS_METHOD,     /* flags */
      NULL                        /* app_data */
  }; 

Then, in your engine, use something like ENGINE_set_ECDSA(e,
&my_own_openssl_ecdsa_meth).

Is that what you are searching for ?

You'll have to include some headers like ./crypto/ec/ec_lcl.h, I think.

-- 
Rémy Grünblatt
ENS Lyon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150617/051d65b7/attachment-0001.sig>


More information about the openssl-users mailing list