[openssl-dev] Access to ECDSA_METHOD do_verify function from engine
Douglas E Engert
deengert at gmail.com
Fri Jul 21 13:08:32 UTC 2017
On 7/21/2017 7:19 AM, Johannes Bauer wrote:
> On 21.07.2017 14:00, Douglas E Engert wrote:
>
>> It uses either:
>> ops = ECDSA_METHOD_new((ECDSA_METHOD *)ECDSA_OpenSSL());
>> or
>> ops = EC_KEY_METHOD_new((EC_KEY_METHOD *)EC_KEY_OpenSSL());
>>
>> which copy the default structure to the new opaque structure.
>> It then sets the routines it wants to change.
>
> Ah, I missed this. Works perfectly, thank you very much for the tip.
>
> I've also ported the engine to work on both OpenSSL 1.0 and 1.1 --
> however the cast to a (mutable) EC_KEY_METHOD* isn't necessary for 1.1
> (where the prototype accepts a const EC_KEY_METHOD*).
>
> However, when I want to set the sign function for v1.1, I want to
> override sig_sign, but use the OpenSSL default sign and sign_setup
> functions. For this, I use EC_KEY_METHOD_get_sign. Unfortunately, for no
> obvious reason, EC_KEY_METHOD_get_sign requires a EC_KEY_METHOD* instead
> of a const EC_KEY_METHOD*. Do you happen to know why this is? Looking at
> the code, there doesn't seem to be a reason for it. Gives an ugly
> compile-time warning.
I don't see your problem with OpenSSL-1.1.0f. I don't recall seeing it with
earlier version either. p11_ec.c does:
647 static EC_KEY_METHOD *ops = NULL;
648 int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
649 unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
653 ops = EC_KEY_METHOD_new((EC_KEY_METHOD *)EC_KEY_OpenSSL());
654 EC_KEY_METHOD_get_sign(ops, &orig_sign, NULL, NULL);
655 EC_KEY_METHOD_set_sign(ops, orig_sign, NULL, pkcs11_ecdsa_sign_sig);
>
> Cheers,
> Johannes
>
--
Douglas E. Engert <DEEngert at gmail.com>
More information about the openssl-dev
mailing list