[openssl-dev] ECDH engine
Alexander Gostrer
agostrer at gmail.com
Sat Dec 19 21:39:14 UTC 2015
Hi Steve,
I see. The 1.0.2 didn't work off-the-shelve but we found few fixes that made the engine working. Will it be acceptable to submit patches against the stable version? But I agree that the code was odd and probably our fixes will look odd as well.
Thank you,
Alex
Sent from my iPhone
> On Dec 19, 2015, at 12:49 PM, Dr. Stephen Henson <steve at openssl.org> wrote:
>
>> On Fri, Dec 18, 2015, Alexander Gostrer wrote:
>>
>> Hi Steve,
>>
>> John and I completed writing an ECDH engine based on the
>> OpenSSL_1_0_2-stable branch. We were planning to expand it to the master
>> but found some major changes made by you recently. What is the status of
>> this task? Is it stable enough to follow it? Are you planning another
>> changes? Is there a design document that we can use in our work?
>
> The version in master shouldn't change much any more. Documentation will be
> available in the near future. The changes were meant to remove some of the
> weird "quirks" of ECC compared to other algortihms and to permit future
> expansion to a wider range of curves.
>
> In the meantime it shouldn't be too hard to follow how the new code works.
> Instead of separate ECDH/ECDSA methods with weird locking and ex_data and
> minimal ENGINE support everything is combined into a single EC_KEY_METHOD
> which can contain ECDSA, ECDH and key generation (something which was
> impossible with the old code) and be tied directly to an ENGINE.
>
> Most of the primary APIs such as ECDH_compute_key can be redirected directly
> through an engine supplied function in EC_KEY_METHOD.
>
> Having said that the code is very new and may have the odd bug that needs to
> be fixed. If you have any problems let me know and I'll look into them.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list