On 2004.11.10 at 11:40:12 +0100, Nils Larsch wrote: > please have a look at ec_key_meth_st in ec.h and how it's used in > ecdsa_data_st (in ecdsa.h). The type specific key attributes (including > a method pointer) are stored in a kind of derived structure > (ecdsa_data_st). > If you need more information, feel free to ask ;-)
Thanks for the hint. But it doesn't contain engine pointer. I'm not sure that engine pointer is strictly neccessary, but it is required at least to properly initalize ECDSA and ECDH structure. > >Why? lhash tables are already used in OpenSSL to store various tables. > >Why invent something new instead of reusing existing infrastructure? > > a hash table is good if you want to have a mapping nid -> curve > (or, as it's done in crypto/objects, some more keys (nid, sn, > ln and oid) -> object) in case of ec curve parameters we got > quite a lot of parameters and I'm not so sure which of these > should be search keys + I don't think the number of groups There are EC_GROUP_new_by_nid function in ec_curve.c and it seems to be only accessor to the list of curves. Function EC_get_builtin_curves is used only for listing of supported curves in the ecparam command. Since there is simular command to list builtin ciphers and digests, lhash tables support enumeration of records. > >>what parameter do the GOST signatures curve have ? (I guess there's no > >>non-russian description of this alg) > > > >GOST doesn't specify set of parameters. > > what does GOST specify ? Doesn't is specifiy certain cryptographic algs > to be used for signature generation ? Algorithm is algorithm, and parameter set is quite different beast. For instance, for DSA OpenSSL supports even generation of set of parameters. DSS standard places some requirements on this parameter set, but group of people is free to generate its own parameters. Elliptic curve generation is not supported yet by OpenSSL (it is quite complicated), but it is possible to generate these curves. > >>8. Provide callbacks for packing and unpacking of a signature objects > > > >These callbacks already exist in the message digest structure. > > ops, I mean a function for the signatureAlgorithm field of a signature May be it would be desirable. We need to investigate a bit furher. If it turns out that several signature algorithms (distinguished by OID in secret key or certificate) can be used to sign/verify same digest type, and these algorithms should have different signature packing rules, may be we would need such an abstraction. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
