Hi Uri, Let me know if you have any questions about these patches.
Thank you, Alex. On Wed, Jan 20, 2016 at 12:49 PM, Douglas E Engert <[email protected]> wrote: > When I started to write the ECDSA code for engine_pkcs11 in 2011 the code > to support the method hooks was not > in the code. So I used internal OpenSSL header files to copy the > ECDSA_METHOD and replace the function needed. > Look for "BUILD_WITH_ECS_LOCL_H" in libp11. Not until 1.0.2 did OpenSSL > support the needed calls to hook ECDSA. > They did not add the hooks for ECDH. > > If you can't wait then you have to do it your self. *YOU* could do the > same thing for ECDH. But your code would only > be good for 1.0.2 because the whole way of doing EC methods changes in > 1.1. > > I believe Alexander said he had changes to OpenSSL, which is another > approach. > He has said there were here: > https://github.com/AtmelCSO/cryptoauth-openssl-engine/tree/master/patches > > You could also hire someone who could do more then: "test it and offer > minor enhancements". > (And not me. I am taking the 1.1 approach to getting ECDH. working in > engine.) > > On 1/20/2016 2:19 PM, Blumenthal, Uri - 0553 - MITLL wrote: > > Very possible that I'm missing the point here. > > Still, since openssl-1_0_2 does ECDH, and it exposes ECDSA to external > engine(s), how difficult would it be to add ECDH exposure? I suspect - a > good deal easier than getting 1.1 replace 1.0.x as the de-facto deployment > standard. > > Plus, by this time there already are (and reasonably common) tokens that > support ECDH, other packages that do ECDH, and people (like myself :-) > willing to test it and offer minor enhancements. > > Another point I seem to be missing - if what's necessary to implement ECDH > in an external engine is missing from 1_0_2 - how could Alexander write a > (presumably) working ECDH engine for 1_0_2? If he could do it, why can't > engine_pkcs11 be extended to do the same? > > > Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. > *From: *Douglas E Engert > *Sent: *Wednesday, January 20, 2016 14:59 > *To: *[email protected] > *Reply To: *[email protected] > *Subject: *Re: [openssl-dev] ECDH engine > > You are missing the point. OpenSSL-1.0.2 only exposed ECDSA, not ECDH to > external engines. It took years to even get ECDSA exposed. > OpenSSL approach to support this is OpenSSL-1.1 that does a lot of other > things. But that was there approach. Its their package. > >From working package to distribution always takes several years... > > > >
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
