[openssl-dev] ECDH engine

[Alexander Gostrer]

Hi Steve,

I see. The 1.0.2 didn't work off-the-shelve but we found few fixes that made the engine working. Will it be acceptable to submit patches against the stable version? But I agree that the code was odd and probably our fixes will look odd as well. 

Thank you,
Alex

Sent from my iPhone

> On Dec 19, 2015, at 12:49 PM, Dr. Stephen Henson <steve at openssl.org> wrote:
> 
>> On Fri, Dec 18, 2015, Alexander Gostrer wrote:
>> 
>> Hi Steve,
>> 
>> John and I completed writing an ECDH engine based on the
>> OpenSSL_1_0_2-stable branch. We were planning to expand it to the master
>> but found some major changes made by you recently. What is the status of
>> this task? Is it stable enough to follow it? Are you planning another
>> changes? Is there a design document that we can use in our work?
> 
> The version in master shouldn't change much any more. Documentation will be
> available in the near future. The changes were meant to remove some of the
> weird "quirks" of ECC compared to other algortihms and to permit future
> expansion to a wider range of curves.
> 
> In the meantime it shouldn't be too hard to follow how the new code works.
> Instead of separate ECDH/ECDSA methods with weird locking and ex_data and
> minimal ENGINE support everything is combined into a single EC_KEY_METHOD
> which can contain ECDSA, ECDH and key generation (something which was
> impossible with the old code) and be tied directly to an ENGINE.
> 
> Most of the primary APIs such as ECDH_compute_key can be redirected directly
> through an engine supplied function in EC_KEY_METHOD.
> 
> Having said that the code is very new and may have the odd bug that needs to
> be fixed. If you have any problems let me know and I'll look into them.
> 
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org