[openssl-dev] ECDH Engine
Alexander Gostrer
agostrer at gmail.com
Mon Oct 5 06:42:40 UTC 2015
Hi All,
We are writing an ECDH engine. All private keys are in the hardware
(including ephemeral keys). I found that the DH_METHOD has both
(*generate_key) and (*compute_key) methods while the ECDH_METHOD has just
the (*compute_key) method.
We would like (once the engine is completed) to use standard SSL_accept()
etc calls. But the compute_key() returns shared secret based on previously
generated public/private key pair and the public key is already sent to a
peer). Is there a hook to replace the public key before it is sent out?
Thank you,
Alex Gostrer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151004/f9654fbf/attachment.html>
More information about the openssl-dev
mailing list