Attached is a patch to move the definition of ecdsa_method
from src/crypto/ecdsa/ecs_locl.h to ecdsa.h
and move the definition if ecdh_method
from src/crypto/ecdh/ech_locl.h to ecdh.h
These mods expose the EC method definitions similar to how the
RSA method (rsa_meth_st) is defined in rsa.h.
This will assist in building dynamic engines that support EDCDA and ECDH
without having to compile against the OpenSSL source.
We have working an OpenSC engine_pkcs11 and libp11 to support ECDSA
that has been tested using libsofthsm.so and opensc-pkcs11.so PKCS#11 modules.
The opensc-pkcs11 is using smart cards that support ECC.
The libp11 has being built by including the ecs_locl.h.
(It was also tested using these patches.)
This bug is now 2.5 years old.
ECC is becoming more important, and engine support of ECC is required.
The patch is against OpenSSL-1.0.1e.
I do see in the commit 8a99cb29d1f0013243a532bccc1dc70ed678eebe modifed the
ecdsa_method structure, but commit 190c615d4398cc6c8b61eb7881d7409314529a75
reverted the changes.
190c615d... says:
"It also reverts the changes to (EC)DSA_METHOD structure."
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
--- openssl-1.0.1e/crypto/ecdh/,ech_locl.h Mon Feb 11 09:26:04 2013
+++ openssl-1.0.1e/crypto/ecdh/ech_locl.h Tue Sep 10 13:24:20 2013
@@ -62,19 +62,6 @@
extern "C" {
#endif
-struct ecdh_method
- {
- const char *name;
- int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-#if 0
- int (*init)(EC_KEY *eckey);
- int (*finish)(EC_KEY *eckey);
-#endif
- int flags;
- char *app_data;
- };
-
/* If this flag is set the ECDH method is FIPS compliant and can be used
* in FIPS mode. This is set in the validated module method. If an
* application sets this flag in its own methods it is its responsibility
--- openssl-1.0.1e/crypto/ecdh/,ecdh.h Mon Feb 11 09:26:04 2013
+++ openssl-1.0.1e/crypto/ecdh/ecdh.h Tue Sep 10 13:24:24 2013
@@ -85,6 +85,19 @@
extern "C" {
#endif
+struct ecdh_method
+ {
+ const char *name;
+ int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+ void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+#if 0
+ int (*init)(EC_KEY *eckey);
+ int (*finish)(EC_KEY *eckey);
+#endif
+ int flags;
+ char *app_data;
+ };
+
const ECDH_METHOD *ECDH_OpenSSL(void);
void ECDH_set_default_method(const ECDH_METHOD *);
--- openssl-1.0.1e/crypto/ecdsa/,ecdsa.h Mon Feb 11 09:26:04 2013
+++ openssl-1.0.1e/crypto/ecdsa/ecdsa.h Tue Sep 10 14:22:35 2013
@@ -81,6 +81,23 @@
BIGNUM *s;
} ECDSA_SIG;
+struct ecdsa_method
+ {
+ const char *name;
+ ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
+ int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
+ BIGNUM **r);
+ int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey);
+#if 0
+ int (*init)(EC_KEY *eckey);
+ int (*finish)(EC_KEY *eckey);
+#endif
+ int flags;
+ char *app_data;
+ };
+
/** Allocates and initialize a ECDSA_SIG structure
* \return pointer to a ECDSA_SIG structure or NULL if an error occurred
*/
--- openssl-1.0.1e/crypto/ecdsa/,ecs_locl.h Mon Feb 11 09:26:04 2013
+++ openssl-1.0.1e/crypto/ecdsa/ecs_locl.h Tue Sep 10 13:20:55 2013
@@ -65,23 +65,6 @@
extern "C" {
#endif
-struct ecdsa_method
- {
- const char *name;
- ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
- const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
- int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
- BIGNUM **r);
- int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey);
-#if 0
- int (*init)(EC_KEY *eckey);
- int (*finish)(EC_KEY *eckey);
-#endif
- int flags;
- char *app_data;
- };
-
/* If this flag is set the ECDSA method is FIPS compliant and can be used
* in FIPS mode. This is set in the validated module method. If an
* application sets this flag in its own methods it is its responsibility
