[openssl-users] How to use the default ECDSA verify operation in my engine
Rémy Grünblatt
remy.grunblatt at ens-lyon.fr
Wed Jun 17 13:03:52 UTC 2015
> I want to create an engine for ECDSA, and implement my own signing
> operation in hardware.
> But I want to use the default verify operation to be used.
> Is there currently a way to do that?
Yosh.
I think you can declare a new ECDSA_METHOD structure and keep the
references to the openssl ecdsa_do_verify function while changing the
ecdsa_do_sign to your own function (it's what I do):
static ECDSA_METHOD my_own_openssl_ecdsa_meth = {
"OpenSSL ECDSA method",
my_own_ecdsa_do_sign_function,
ecdsa_sign_setup_no_digest,
ecdsa_do_verify,
ECDSA_FLAG_FIPS_METHOD, /* flags */
NULL /* app_data */
};
Then, in your engine, use something like ENGINE_set_ECDSA(e,
&my_own_openssl_ecdsa_meth).
Is that what you are searching for ?
You'll have to include some headers like ./crypto/ec/ec_lcl.h, I think.
--
Rémy Grünblatt
ENS Lyon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150617/051d65b7/attachment-0001.sig>
More information about the openssl-users
mailing list