[openssl-dev] Access to ECDSA_METHOD do_verify function from engine
Johannes Bauer
dfnsonfsduifb at gmx.de
Fri Jul 21 12:19:52 UTC 2017
On 21.07.2017 14:00, Douglas E Engert wrote:
> It uses either:
> ops = ECDSA_METHOD_new((ECDSA_METHOD *)ECDSA_OpenSSL());
> or
> ops = EC_KEY_METHOD_new((EC_KEY_METHOD *)EC_KEY_OpenSSL());
>
> which copy the default structure to the new opaque structure.
> It then sets the routines it wants to change.
Ah, I missed this. Works perfectly, thank you very much for the tip.
I've also ported the engine to work on both OpenSSL 1.0 and 1.1 --
however the cast to a (mutable) EC_KEY_METHOD* isn't necessary for 1.1
(where the prototype accepts a const EC_KEY_METHOD*).
However, when I want to set the sign function for v1.1, I want to
override sig_sign, but use the OpenSSL default sign and sign_setup
functions. For this, I use EC_KEY_METHOD_get_sign. Unfortunately, for no
obvious reason, EC_KEY_METHOD_get_sign requires a EC_KEY_METHOD* instead
of a const EC_KEY_METHOD*. Do you happen to know why this is? Looking at
the code, there doesn't seem to be a reason for it. Gives an ugly
compile-time warning.
Cheers,
Johannes
More information about the openssl-dev
mailing list