Hi list,
I'm having the *exact* same issue that Jacques had 2 years ago:
https://mta.openssl.org/pipermail/openssl-users/2015-June/001584.html
I.e., I'm writing an OpenSSL 1.0.2 engine that does ECDSA signing. In my
signing function, I want to verify the signature before leaving the
callback.
On 7/21/2017 7:19 AM, Johannes Bauer wrote:
On 21.07.2017 14:00, Douglas E Engert wrote:
It uses either:
ops = ECDSA_METHOD_new((ECDSA_METHOD *)ECDSA_OpenSSL());
or
ops = EC_KEY_METHOD_new((EC_KEY_METHOD *)EC_KEY_OpenSSL());
which copy the default structure to the new opaque
On 21.07.2017 14:00, Douglas E Engert wrote:
> It uses either:
> ops = ECDSA_METHOD_new((ECDSA_METHOD *)ECDSA_OpenSSL());
> or
> ops = EC_KEY_METHOD_new((EC_KEY_METHOD *)EC_KEY_OpenSSL());
>
> which copy the default structure to the new opaque structure.
> It then sets the routines it
$ make distclean || true
$ ./config --prefix=$HOME/openssl-1.1 --openssldir=$HOME/openssl-1.1/etc
enable-aria enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5
enable-weak-ssl-ciphers enable-zlib-dynamic enable-tls1_3
enable-tls13downgrademake depend && make clean && make -j 4 all && make test
On Fri, 2017-07-21 at 15:56 +0200, Johannes Bauer wrote:
> I've changed my code now to also use the (mutable) new
> EC_KEY_METHOD*,
> which doesn't give a diagnostic. Regardless, I believe that the first
> parameter of EC_KEY_METHOD_get_sign should be const EC_KEY_METHOD*,
> not
> EC_KEY_METHOD*.
On 21.07.2017 15:08, Douglas E Engert wrote:
> I don't see your problem with OpenSSL-1.1.0f. I don't recall seeing it with
> earlier version either. p11_ec.c does:
>
>
> 647 static EC_KEY_METHOD *ops = NULL;
> 648 int (*orig_sign)(int, const unsigned char *, int, unsigned
> char
On 21.07.2017 16:10, Tomas Mraz wrote:
> On Fri, 2017-07-21 at 15:56 +0200, Johannes Bauer wrote:
>> I've changed my code now to also use the (mutable) new
>> EC_KEY_METHOD*,
>> which doesn't give a diagnostic. Regardless, I believe that the first
>> parameter of EC_KEY_METHOD_get_sign should be
First of all the ECDSA_METHOD and ECDH_METHOD in 1.0.2 are combined
into EC_KEY_METHOD on 1.1.
Both versions have a *_new and *_set_verify.
"static ECDSA_METHOD my_own_openssl_ecdsa_meth"
will not work anymore.
Have a look at:
https://github.com/OpenSC/libp11/blob/master/src/p11_ec.c
It