[openssl-dev] ECDH engine

[Alexander Gostrer]

Hi Steve,

And here is the ENGINE implementation for Atmel ATECC508A with few small
patches to OpenSSL_1_0_2-stable:
https://github.com/AtmelCSO/cryptoauth-openssl-engine

Your comments are welcome.

Regards,
Alex.

On Sat, Dec 19, 2015 at 12:49 PM, Dr. Stephen Henson <steve at openssl.org>
wrote:

> On Fri, Dec 18, 2015, Alexander Gostrer wrote:
>
> > Hi Steve,
> >
> > John and I completed writing an ECDH engine based on the
> > OpenSSL_1_0_2-stable branch. We were planning to expand it to the master
> > but found some major changes made by you recently. What is the status of
> > this task? Is it stable enough to follow it? Are you planning another
> > changes? Is there a design document that we can use in our work?
> >
>
> The version in master shouldn't change much any more. Documentation will be
> available in the near future. The changes were meant to remove some of the
> weird "quirks" of ECC compared to other algortihms and to permit future
> expansion to a wider range of curves.
>
> In the meantime it shouldn't be too hard to follow how the new code works.
> Instead of separate ECDH/ECDSA methods with weird locking and ex_data and
> minimal ENGINE support everything is combined into a single EC_KEY_METHOD
> which can contain ECDSA, ECDH and key generation (something which was
> impossible with the old code) and be tied directly to an ENGINE.
>
> Most of the primary APIs such as ECDH_compute_key can be redirected
> directly
> through an engine supplied function in EC_KEY_METHOD.
>
> Having said that the code is very new and may have the odd bug that needs
> to
> be fixed. If you have any problems let me know and I'll look into them.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160120/86d7996d/attachment.html>